Home > Blockchain >  Authorization string is not same when generate with golang and JS
Authorization string is not same when generate with golang and JS

Time:05-26

I have problem with Golang to generate the correct the correct Authorization string for API access. I try with JS and the string is okay to use while the string from golang can not be used for authentication. Can you help me check what is the different and correct me? Here is my golang code:

func generateSalt(dataToSign string) string {
    token := hmac.New(sha256.New, []byte("secret"))
    token.Write([]byte(dataToSign))
    macSum := token.Sum(nil)
    return base64.StdEncoding.EncodeToString(macSum)
}

func main() {
    date = "Wed, 25 May 2022 09:16:45 GMT"
    uri := "groups"
    url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
    dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)
    log.Printf("dateToSign: %s", dataToSign)
    hmac := generateSalt(dataToSign)
    authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
    log.Printf("authorization: %s", authorization)
}

The result from golang is dZzRZfa0yVZsTWof qEz5VhsFyV83b6DDKXzG9pp/yk=

The code on JS

function generateAuthHeader(dataToSign){
    var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
    return hash.toString(CryptoJS.enc.Base64); 
}

var date = "Wed, 25 May 2022 09:16:45 GMT";

var dataToSign = "(request-target): get "   environment["gateway-url"]   "groups\n"  
        "host: "   environment["gateway-host"]   "\n"  
        "date: "   date;
        console.log("date", date)
        console.log({dataToSign})
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\""   environment["api-key"]   "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\""   hmac   "\"";
        console.log({authorisation})

The result is nx5uyMlq4kOxY1fD5OpoLE6UGI f5p3OUy l6G8 oxc=

CodePudding user response:

Both the snippets have different data to sign. The JS has some env vars that are used which might be different. I have taken those values from the Go code.

Go code: Go Playground example

// You can edit this code!
// Click here and start typing.
package main

import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/base64"
    "fmt"
    "log"
)

func generateSalt(dataToSign string) string {
    token := hmac.New(sha256.New, []byte("secret"))
    token.Write([]byte(dataToSign))
    macSum := token.Sum(nil)
    return base64.StdEncoding.EncodeToString(macSum)
}

func main() {
    date := "Wed, 25 May 2022 09:16:45 GMT"
    uri := "groups"
    url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
    host := "api-worldcheck.refinitiv.com"
    dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)
    log.Printf("dateToSign: %s", dataToSign)
    hmac := generateSalt(dataToSign)
    authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
    log.Printf("authorization: %s", authorization)
}

JS Code:

function generateAuthHeader(dataToSign){
    var hash = CryptoJS.HmacSHA256(dataToSign, "secret");
    return hash.toString(CryptoJS.enc.Base64); 
}

var date = "Wed, 25 May 2022 09:16:45 GMT";
var url = "https://api-worldcheck.refinitiv.com/v2/";
var host = "api-worldcheck.refinitiv.com";
var apiKey = "api-key";

var dataToSign = "(request-target): get "   url   "groups\n"  
        "host: "   host   "\n"  
        "date: "   date;
console.log("date", date)
console.log("dataToSign", dataToSign)
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\""   apiKey   "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\""   hmac   "\"";
console.log(authorisation);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>

Both have the signature as pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb

  • Related