Home Explore Help
Register Sign In
shenzhen
/
dify-plugin-daemon
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: eed91f2359
Branches Tags
dify-plugin-...
/
pkg
/
plugin_packager
/
signer
/
withkey
/
sign_with_key.go

sign_with_key.go 2.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. package withkey
    2. 

  2. 

  3. import (
    4. 

  4. 	"archive/zip"
    5. 

  5. 	"bytes"
    6. 

  6. 	"crypto/rsa"
    7. 

  7. 	"crypto/sha256"
    8. 

  8. 	"encoding/base64"
    9. 

  9. 	"io"
    10. 

  10. 	"path"
    11. 

  11. 	"strconv"
    12. 

  12. 	"time"
    13. 

  13. 

  14. 	"github.com/langgenius/dify-plugin-daemon/internal/utils/encryption"
    15. 

  15. 	"github.com/langgenius/dify-plugin-daemon/internal/utils/parser"
    16. 

  16. 	"github.com/langgenius/dify-plugin-daemon/pkg/plugin_packager/decoder"
    17. 

  17. )
    18. 

  18. 

  19. // SignPluginWithPrivateKey is a function that signs a plugin
    20. 

  20. // It takes a plugin as a stream of bytes and a private key to sign it with RSA-4096
    21. 

  21. func SignPluginWithPrivateKey(plugin []byte, privateKey *rsa.PrivateKey) ([]byte, error) {
    22. 

  22. 	decoder, err := decoder.NewZipPluginDecoder(plugin)
    23. 

  23. 	if err != nil {
    24. 

  24. 		return nil, err
    25. 

  25. 	}
    26. 

  26. 

  27. 	// create a new zip writer
    28. 

  28. 	zipBuffer := new(bytes.Buffer)
    29. 

  29. 	zipWriter := zip.NewWriter(zipBuffer)
    30. 

  30. 

  31. 	defer zipWriter.Close()
    32. 

  32. 	// store temporary hash
    33. 

  33. 	data := new(bytes.Buffer)
    34. 

  34. 	// read one by one
    35. 

  35. 	err = decoder.Walk(func(filename, dir string) error {
    36. 

  36. 		file, err := decoder.ReadFile(path.Join(dir, filename))
    37. 

  37. 		if err != nil {
    38. 

  38. 			return err
    39. 

  39. 		}
    40. 

  40. 

  41. 		// calculate sha256 hash of the file
    42. 

  42. 		hash := sha256.New()
    43. 

  43. 		hash.Write(file)
    44. 

  44. 		hashed := hash.Sum(nil)
    45. 

  45. 

  46. 		// write the hash into data
    47. 

  47. 		data.Write(hashed)
    48. 

  48. 

  49. 		// create a new file in the zip writer
    50. 

  50. 		fileWriter, err := zipWriter.Create(path.Join(dir, filename))
    51. 

  51. 		if err != nil {
    52. 

  52. 			return err
    53. 

  53. 		}
    54. 

  54. 

  55. 		_, err = io.Copy(fileWriter, bytes.NewReader(file))
    56. 

  56. 		if err != nil {
    57. 

  57. 			return err
    58. 

  58. 		}
    59. 

  59. 

  60. 		return nil
    61. 

  61. 	})
    62. 

  62. 

  63. 	if err != nil {
    64. 

  64. 		return nil, err
    65. 

  65. 	}
    66. 

  66. 

  67. 	// get current time
    68. 

  68. 	ct := time.Now().Unix()
    69. 

  69. 

  70. 	// convert time to bytes
    71. 

  71. 	timeString := strconv.FormatInt(ct, 10)
    72. 

  72. 

  73. 	// write the time into data
    74. 

  74. 	data.Write([]byte(timeString))
    75. 

  75. 

  76. 	// sign the data
    77. 

  77. 	signature, err := encryption.RSASign(privateKey, data.Bytes())
    78. 

  78. 	if err != nil {
    79. 

  79. 		return nil, err
    80. 

  80. 	}
    81. 

  81. 

  82. 	// write the signature into the comment field of the zip file
    83. 

  83. 	comments := parser.MarshalJson(map[string]any{
    84. 

  84. 		"signature": base64.StdEncoding.EncodeToString(signature),
    85. 

  85. 		"time":      ct,
    86. 

  86. 	})
    87. 

  87. 

  88. 	// write signature
    89. 

  89. 	err = zipWriter.SetComment(comments)
    90. 

  90. 	if err != nil {
    91. 

  91. 		return nil, err
    92. 

  92. 	}
    93. 

  93. 

  94. 	// close the zip writer
    95. 

  95. 	err = zipWriter.Close()
    96. 

  96. 	if err != nil {
    97. 

  97. 		return nil, err
    98. 

  98. 	}
    99. 

  99. 

  100. 	return zipBuffer.Bytes(), nil
    101. 

  101. }
    102. 

  102.