附录1

签名验证

HTTP

Java

String responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm..."
String responseSignedMessage = response.header("Signature");
Signature vrfResSignature = Signature.getInstance("SHA512withECDSA");
vrfResSignature.initVerify(publicKeySigning);
Boolean result = vrfResSignature.verify(decodeBase64AsByteArray(decodeURL(responseSignedMessage)));

Node.js

const responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm...";
const responseSignedMessage = response.headers['Signature'];

const decodeURL = (str) => decodeURIComponent(str);

const decodeBase64AsByteArray = (str) => Buffer.from(str, 'base64');

const publicKeySigning = "MIGbMBAGByqGSM49AgEGBS...";
const vrfResSignature = crypto.createVerify('SHA512');
vrfResSignature.update(responseBody);

const result = vrfResSignature.verify(publicKeySigning, decodeBase64AsByteArray(decodeURL(responseSignedMessage)));

Python

response_body = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm..."
response_signed_message = "MIGIAkIAzHW%2FwRBp4JJmBPdOlKU4nPtzZ..." 

def decode_url(encoded_str):
    return urllib.parse.unquote(encoded_str)

def decode_base64_as_byte_array(base64_str):
    return base64.b64decode(base64_str)

public_key_signing = "MIGbMBAGByqGSM49AgEGBS..."
public_key = ec.load_pem_public_key(public_key_signing.encode(), backend=default_backend())

decoded_signed_message = decode_base64_as_byte_array(decode_url(response_signed_message))

verifier = public_key.verifier(
    decoded_signed_message,
    ec.ECDSA(hashes.SHA512())
)

verifier.update(response_body.encode())

try:
    verifier.verify()
    result = True
except Exception as e:
    result = False

.Net

string responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm...";
string responseSignedMessage = "MIGIAkIAzHW%2FwRBp4JJmBPdOlKU4nPtzZ..."

string base64SignedMessage = DecodeUrlBase64(responseSignedMessage);

using (var ecdsa = ECDsa.Create())
{
    ecdsa.ImportSubjectPublicKey(publicKeySigning); 

    byte[] signedMessageBytes = Convert.FromBase64String(base64SignedMessage);

    bool result = ecdsa.VerifyData(Encoding.UTF8.GetBytes(responseBody), signedMessageBytes, HashAlgorithmName.SHA512, DSASignatureFormat.Raw);
}

private static string DecodeUrlBase64(string input)
{
    string base64 = input.Replace('-', '+').Replace('_', '/');
    
    switch (base64.Length % 4)
    {
        case 2: base64 += "=="; break;
        case 3: base64 += "="; break;
    }
    
    return base64;
}

PHP

$responseBody = "001XeyJlcGsiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIm...";
$responseSignedMessage = "MIGIAkIAzHW%2FwRBp4JJmBPdOlKU4nPtzZ...";

$decodedResponseSignedMessage = urldecode($responseSignedMessage);

$signedMessageBytes = base64_decode($decodedResponseSignedMessage);

$publicKeySigning = "MIGbMBAGByqGSM49AgEGBS...";

$publicKey = openssl_pkey_get_public($publicKeySigning);

$verificationResult = openssl_verify($responseBody, $signedMessageBytes, $publicKey, OPENSSL_ALGO_SHA512);