将Java加密代码转换为NodeJS

时间:2016-11-13 18:40:27

标签: java node.js cryptography node-crypto

我正致力于在NodeJS中实现Walmart API。沃尔玛只提供JAVA示例。我正在解决问题。与使用它们提供的Java可执行文件相比,我的签名有点长,并且不被接受。

我很感激任何帮助。即使弄清楚沃尔玛提供的秘密格式也会有所帮助。

这是有效的Java代码:

import org.apache.commons.codec.binary.Base64;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;

public class SHA256WithRSAAlgo {
    private static String consumerId = "b68d2a72....";   // Trimmed for security reason
    private static String baseUrl = "https://marketplace.walmartapis.com/v2/feeds";
    private static String privateEncodedStr = "MIICeAIBADANBgkqhkiG9w0BAQEFAA......";       //Trimmed for security reasons
    public static void main(String[] args) {
        String httpMethod = "GET";
        String timestamp = String.valueOf(System.currentTimeMillis());
        String stringToSign = consumerId + "\n" +
                                baseUrl + "\n" +
                                httpMethod + "\n" +
                                timestamp + "\n";
        String signedString = SHA256WithRSAAlgo.signData(stringToSign, privateEncodedStr);
        System.out.println("Signed String: " + signedString);
    }
    public static String signData(String stringToBeSigned, String encodedPrivateKey) {
        String signatureString = null;
        try {
            byte[] encodedKeyBytes = Base64.decodeBase64(encodedPrivateKey);
            PKCS8EncodedKeySpec privSpec = new PKCS8EncodedKeySpec(encodedKeyBytes);
            KeyFactory kf = KeyFactory.getInstance("RSA");
            PrivateKey myPrivateKey = kf.generatePrivate(privSpec);
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(myPrivateKey);
            byte[] data = stringToBeSigned.getBytes("UTF-8");
            signature.update(data);
            byte[] signedBytes = signature.sign();
            signatureString = Base64.encodeBase64String(signedBytes);
        } catch (Exception e) {
            e.printStackTrace();
        }
        return signatureString;
    }
}

这是我的节点代码:

const PK_HEADER = '\n-----BEGIN PRIVATE KEY-----\n'
const PK_FOOTER = '\n-----END PRIVATE KEY-----\n'

const consumerId = 'b68d2a72....'  
const baseUrl = 'https://marketplace.walmartapis.com/v2/feeds'
const privateEncodedStr = 'MIICeAIBADANBgkqhkiG9w0BAQEFAA......'      

const privateKey = `${PK_HEADER}${config.walmart.secret}${PK_FOOTER}`

const privateEncodedKey = Buffer.from(privateKey, 'base64')
const timestamp = Date.now()

const stringToSign = consumerId + '\n' +
                     baseUrl + '\n' +
                     httpMethod + '\n' +
                     timestamp + '\n'

const sign = createSign('RSA-SHA256')
sign.update(stringToSign)
const signedString = sign.sign(privateKey, 'hex')

console.log(signedString)

一些笔记。我尝试按原样传递privateEncodedStr但是Crypto没有PEM标题,所以我不得不添加它们。

使用相同的时间戳,Java代码产生了类似的东西:

bhG0q4Es7iOJtBvepJ2Ao6zPRllf6nM+026dgEadPcaYDdIoCQBYxWWSXB16XcQXgCDcqZ1PW2xgAavHC57jchSXtsTYkuXcWBavQGTH+5YonxIJCzI0wimVKKbqtocKvz4sngXKvIDP7wKKUdXOT6zXVYOdjLfUTERTs7RVg=

我的JS代码:

219af9f3048ccef558d6ddeeb61d19ed8a968ade5125760d81717dbd62e8447dd831b123a52624d56bc35aef1b082c29585e6fece2aba0fb7853d6840f45e724489028415a9eab8a51e48037a5884f5a12a238ed61a16003e1c412f873d3cfd2f6336dec8c262b01c3ba2a234f0979b8073f096cd35c7d1425bbcfc4603ff05b

这是沃尔玛秘密看起来有点像:

MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMCCJeju5NFCHc/53N0AjZnmWq0UYZyrh3jRZH3UAISeZmLxcAgO65Cg8SfRact172Iy1uYnCB4NqKT5+x0BelWHA2fci5/7VqAdTJ3iZWB1g61lLUpf0IiesMWAycMBf7GwaVIsCGoPb+IC6l1P5IV2Mtb29WnivQyE3UM4dLvCvejdyPq8IoBIywTAgMBAAECgYEAnZ7yo1JXD+9usYcIC/wT9Nrji6uQcNMRTR9FhLE861k2w/Sjok0kzepZjanNojgwQS6OWIy3VEkRj2bTO7N4s6ApLa8yxoQt6ZrOSId9Ut7IenZQ39c6c/ig6e+awyjGvJlKdf7wtv2i4l4tiL8w23RnSECQQDy0wugM5hzV5wc/ejj+9cB8cqdEjfFG8yBZ200W1DAQwepIWFqSdiHbHW9xX5SiFa7JsDHyFWSdboYQToRDHuVAkEAyvQwDqAAz/FJn9oFKXznMjFfrtfoZ/BPrc/4BOUiyWjitxE6Ia5rNuTgCq3u1XxxP78t5spzMr5H5QdoUFHfBwJAbqpYZg6dsBOBhoUBmsWv26cyyOCEg4h9113oDh3MBPEXcQJAHd2JJN3OwMrU9rzyfYRv0ScK2YPUI1dtojo0WSQr2UafYTCCnEstN5vPvDoSvwXO1myk0COs1kAAbveHMIsf1jKVx7euXYP1J8Zwdfd9FjS2CQJAZ8L+jQyGlYIIdUQA7n0bbUblsGntsk1RKkTuZ31Q4w5gBnKO4dk3WMVhNdhmJnZRHRNflA41TITLNYh0EnrWheadVrhpBm2YBn7WFPQ==

知道这是什么格式?它似乎是private key,其页眉/页脚已被删除。

1 个答案:

答案 0 :(得分:1)

您的代码是正确的,您只需要以正确的格式signedString输出base64

只需改变:

const signedString = sign.sign(privateKey, 'hex');

要:

const signedString = sign.sign(privateKey, 'base64');

然后你去。