CN110890979B - Automatic deployment method, device, equipment and medium for fort machine - Google Patents

Automatic deployment method, device, equipment and medium for fort machine Download PDF

Info

Publication number
CN110890979B
CN110890979B CN201911110527.9A CN201911110527A CN110890979B CN 110890979 B CN110890979 B CN 110890979B CN 201911110527 A CN201911110527 A CN 201911110527A CN 110890979 B CN110890979 B CN 110890979B
Authority
CN
China
Prior art keywords
api
fort
digital signature
parameters
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201911110527.9A
Other languages
Chinese (zh)
Other versions
CN110890979A (en
Inventor
徐怀宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Hongsheng Intellectual Property Operation Co ltd
Original Assignee
Guangtong Tianxia Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangtong Tianxia Network Technology Co ltd filed Critical Guangtong Tianxia Network Technology Co ltd
Priority to CN201911110527.9A priority Critical patent/CN110890979B/en
Publication of CN110890979A publication Critical patent/CN110890979A/en
Application granted granted Critical
Publication of CN110890979B publication Critical patent/CN110890979B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/30Managing network names, e.g. use of aliases or nicknames
    • H04L61/3015Name registration, generation or assignment
    • H04L61/3025Domain name generation or assignment
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an automatic deployment method of a fort machine, which relates to the technical field of communication and is used for solving the problem of lower existing deployment efficiency, and the method comprises the following steps: receiving bastion machine order information and storing bastion machine configuration parameters in the order information; preprocessing the fort configuration parameters into API parameters, and generating a digital signature according to the API parameters; the digital signature and the API parameters are sent to a server; calling an API interface of the server, wherein the API interface creates an API interface of a fort service for the server; and generating the access domain name of the fort service. The invention also discloses an automatic deployment device of the fort machine, electronic equipment and a computer storage medium. The invention converts the configuration parameters into the API request parameters, thereby realizing automatic deployment of the fort machine.

Description

Automatic deployment method, device, equipment and medium for fort machine
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method, an apparatus, a device, and a medium for automatic deployment of a fort machine.
Background
With the rapid development of enterprises, the phenomenon of disorder of operation and maintenance inside the enterprises is more and more common, and taking account operation and maintenance safety management of the enterprises as an example, the phenomenon that a plurality of people share one account in the enterprises often occurs, and the problem that the account information is easy to leak and the unauthorized operation is easy to occur when the plurality of people share one account. Therefore, enterprises begin to use the fort machines as systems for operation and security audit thereof, so as to solve the problem of disordered operation and maintenance of the enterprises.
The purchase and deployment of the existing fort machines are independent and separated, namely, a user purchases fort machine products on a official network, customer service personnel deploys corresponding fort machines on a host management platform according to fort machine configuration selected by the user, and finally, the deployed fort machines are delivered to the user for use. The process of the fort service deployment is long, and the user cannot acquire the purchased fort product at the first time.
Disclosure of Invention
In order to overcome the defects of the prior art, one of the purposes of the invention is to provide an automatic deployment method of a fort machine, so as to solve the problem of long service time of deploying the fort machine.
One of the purposes of the invention is realized by adopting the following technical scheme:
an automatic deployment method of a fort machine comprises the following steps:
receiving bastion machine order information and storing bastion machine configuration parameters in the order information;
preprocessing the fort configuration parameters into API parameters, and generating a digital signature according to the API parameters;
the digital signature and the API parameters are sent to a server;
calling an API interface of the server, wherein the API interface creates an API interface of a fort service for the server;
and generating the access domain name of the fort service.
Further, receiving bastion machine order information, and storing bastion machine configuration parameters in the order information, wherein the bastion machine configuration parameters specifically comprise:
and storing the parameter name of the fort machine configuration parameter and the parameter Value of the fort machine parameter in a Key-Value form.
Further, the fort machine configuration parameters are formed into URL format character strings, and the URL format character strings are the API parameters;
using a key, the key comprising a private key and a public key;
and signing the API parameters through the private key to obtain the digital signature.
Further, preprocessing the fort configuration parameters into API parameters, and generating a digital signature according to the API parameters, comprising the following steps:
sequencing the fort configuration parameters according to a preset sequencing rule;
forming the ordered fort machine configuration parameters into URL format character strings; the URL format character string is the API parameter;
using a key, the key comprising a private key and a public key;
carrying out hash encryption on the API parameters to obtain a first digital signature;
encrypting the first digital signature by using the private key to obtain a second digital signature;
and encoding the second digital signature by using Base64 to obtain the digital signature.
Further, the digital signature and the API parameter are sent to a server, including the following steps:
receiving a verification result, wherein the verification result is a verification result of whether the API parameter is tampered;
when the verification result is that the verification passes, calling an API interface of the server;
and when the verification result is that the verification fails, returning error information.
Further, a key is used, the key comprising a private key and a public key, further comprising the steps of:
receiving a verification result, wherein the verification result is an IP verification result of the server;
when authentication passes, a key is used, which includes a private key and a public key.
Further, generating the access domain name of the fort service further comprises the following steps:
randomly generating an access domain name of the fort service and storing the access domain name in a domain name database;
and configuring the access domain name to an Nginx server.
The second objective of the present invention is to provide an automatic deployment device for a fort machine, which provides an automatic deployment method for a fort machine, so as to solve the problem of long service time for deploying the fort machine.
The second purpose of the invention is realized by adopting the following technical scheme:
an automatic fort deployment device, comprising:
the system comprises an order receiving module, a data processing module and a data processing module, wherein the order receiving module is used for receiving the information of an order of a bastion machine and storing bastion machine configuration parameters in the information of the order;
the signature generation module is used for preprocessing the fort configuration parameters into API parameters and generating a digital signature according to the API parameters;
the sending module is used for sending the digital signature and the API parameters to a server;
the API calling module is used for calling an API interface of the server, and the API interface creates an API interface of the fort machine service for the server;
and the domain name generation module is used for generating the access domain name of the fort service.
A third object of the present invention is to provide an electronic device for executing one of the objects, which includes a processor, a storage medium, and a computer program stored in the storage medium, wherein the computer program when executed by the processor implements the automatic deployment method of the bastion engine.
It is a fourth object of the present invention to provide a computer readable storage medium storing one of the objects of the present invention, having stored thereon a computer program which when executed by a processor implements the automatic fort deployment method described above.
Compared with the prior art, the invention has the beneficial effects that:
the invention preprocesses the configuration parameters of the fort machine into the API parameters, the server side can finish the dynamic configuration of the fort machine parameters according to the API parameters, and the automatic creation of fort machine service can be realized by calling the API interface provided by the server side; the user can access the service of the fort machine through the generated access domain name, so that the automatic deployment of the fort machine is realized, the deployment efficiency and the user experience of the fort machine are improved, the integrity of the transmission of the configuration parameters is ensured through digital signature, and the parameters are prevented from being tampered in the transmission process.
Drawings
FIG. 1 is a flow chart of a method for automatic deployment of a fort machine according to the first embodiment;
FIG. 2 is a flow chart of a method of generating a digital signature according to a second embodiment;
FIG. 3 is a flow chart of a method of generating a digital signature according to a third embodiment;
FIG. 4 is a flow chart of a method for generating access domain names according to the fourth embodiment;
FIG. 5 is a block diagram of an automatic deployment device for a fort machine according to a fifth embodiment;
fig. 6 is a block diagram of the electronic device of the sixth embodiment.
Detailed Description
The invention will now be described in more detail with reference to the accompanying drawings, to which it should be noted that the description is given below by way of illustration only and not by way of limitation. Various embodiments may be combined with one another to form further embodiments not shown in the following description.
Example 1
An embodiment I provides an automatic method of a fort machine, which aims at calling an API interface by dynamically configuring parameter information of a fort machine server so as to realize automatic deployment of the fort machine.
With the development of cloud technology, traditional hardware or a fort machine combined by software and hardware is gradually replaced by the cloud fort machine. The cloud fort machine has higher computing power and safety protection capability than the traditional fort machine, and has lower cost. The cloud bastion server can create corresponding bastion services according to the parameters, and a user can access the bastion services by accessing corresponding API interfaces.
It should be noted that, the server in this embodiment refers to a server with a service function of a fort machine, where the server may complete related operations such as fort machine creation, digital signature verification, etc., and is typically a server storing a fort machine management platform.
Referring to fig. 1, an automatic deployment method of a fort machine is characterized by comprising the following steps:
s110, receiving bastion machine order information and storing bastion machine configuration parameters in the order information;
the bastion order information generally contains more content, such as user information, IP addresses, configuration parameter information selected by the user, and the like. When the bastion service is created, the creation of the bastion service can be completed only by extracting the configuration parameter information in the order information, and the bastion automatic deployment method provided by the embodiment only relates to the related method for the creation of the bastion service, so that only the configuration parameters of the bastion in the order information are required to be stored.
When the configuration parameters of the fort are stored, the configuration parameters of the fort need to be ordered according to the identification sequence of the server so as to be convenient for the server to identify the configuration parameters.
According to the principle, the information of the bastion machine order is received, and the configuration parameters of the bastion machine in the order information are stored, specifically:
and storing the parameter name of the fort machine configuration parameter and the parameter Value of the fort machine parameter in a Key-Value form.
Taking a fort machine for creating a single-core CPU as an example in the Key-Value storage mode, wherein the parameter name of the required fort machine configuration parameter is 'CPU', the parameter Value is '1' of the number of cores, the CPU is taken as a Key Value, 1 is taken as a Value, and the fort machine configuration parameter is stored in the form of Key-Value Key Value pairs. The above-mentioned Key-Value pair storage method is applicable to various storage tools, and for different software programming languages, the applicable Key-Value pair storage tools are different, for example, the mapping container (map container) of STL of c++, hashMap of Java, dictionary type of Python, and the like are all Key-Value pair storage tools, so in this embodiment, the storage tools for storing the Key-Value pair are not limited, and in particular, the corresponding Key-Value pair storage tools are selected according to the programming language of the server.
S120, preprocessing the configuration parameters of the fort machine into API parameters, and generating a digital signature according to the API parameters;
because the server side provides the API interface to facilitate the creation of the fort service, the configuration parameters need to be converted into the API parameters, so that the server side creates the fort service correspondingly configured according to the API parameters, the preprocessing mode of the configuration parameters is determined according to the transmitting mode of the API parameters, and in general, the transmitting mode of the API parameters is two modes of URL (Request-URL) and Body (Request-Body), so that the fort configuration parameters can be preprocessed into the API parameters in URL format or the API parameters in Body format according to the specific API parameter transmitting mode.
In S120, the integrity of the API parameter during the delivery process may be ensured by generating a digital signature. Because the server receiving the bastion machine order information and the server where the cloud bastion machine is located are different servers, the API parameters can be tampered in the transmission process, and whether the configuration parameters are tampered can be verified through the generated digital signature.
The specific method of generating the digital signature is not limited in this embodiment, but it is required to satisfy that the server can verify the generated digital signature.
S130, the digital signature and the API parameters are sent to a server;
the method comprises the steps of sending the API parameter and the digital signature to a server side so as to be convenient for the server side to verify, specifically, sending the digital signature and the API parameter to the server side, and the method comprises the following steps:
receiving a verification result, wherein the verification result is a verification result of whether the API parameter is tampered;
when the verification result is that the verification passes, calling an API interface of the server;
and when the verification result is that the verification fails, returning error information.
The server verifies the digital signature to determine whether the configuration parameters are tampered.
S140, calling an API interface created by the server, wherein the API interface creates an API interface of a fort service for the server;
s150, generating the access domain name of the fort service.
The user can be connected to the fort service through the generated access domain name, so that the fort service is accessed.
Example two
Example two was performed on the basis of example one.
Referring to fig. 2, the fort configuration parameters are preprocessed into API parameters, and a digital signature is generated according to the API parameters, which specifically includes the following steps:
s210, forming the configuration parameters of the fort machine into URL format character strings, wherein the URL format character strings are the API parameters;
s220, using a secret key, wherein the secret key comprises a private key and a public key;
s230, signing the API parameters by using the private key to obtain the digital signature.
In the embodiment, the transmission of the API parameters is performed by adopting a URL (Request-URL) mode, so that the configuration parameters are used for sequentially forming character strings in URL format, the character strings in URL format are the API parameters, and the server can automatically create the fort service and provide corresponding API interfaces by identifying the API parameters; this process requires the special characters in the configuration parameters to be percentage escape coded, e.g., replacing the "{" symbol by "%7B" to get a string in URL format. And carrying out private key signature on the configuration parameter character string in the URL format to obtain the digital signature.
The server for receiving the order information stores a randomly generated key pair, a private key is stored in the server for receiving the order information, and the server can decrypt the digital signature and verify the integrity of the API parameters by using a public key corresponding to the private key; typically the server only needs to generate a key pair (public and private) once, and each time a new order is received, the same private key is used to digitally sign the order without generating a key pair for each order.
The present embodiment is not limited to a specific asymmetric encryption algorithm (i.e., a method of generating a public key and a private key), as long as digital signature decryption can be achieved.
Before using the key, the server side also verifies the validity of the key user, specifically, uses the key, where the key includes a private key and a public key, and further includes the following steps:
receiving a verification result, wherein the verification result is an IP verification result of the server;
when authentication passes, a key is used, which includes a private key and a public key.
The server side stores an IP white list library which stores legal IP addresses, and only the IP addresses in the white list library have the authority of using the secret key. The specific method for creating the whitelist library is not limited in this embodiment, and the whitelist library is created by a fort service provider (server side) or is an IP whitelist library shared by third-party network security companies. By setting the IP white list, illegal users such as hackers and the like can be prevented from maliciously accessing or purchasing the fort service.
Example III
Embodiment three is performed on the basis of embodiment one,
the third embodiment is different from the second embodiment in that the generation and verification of the digital signature are realized by using the private key and the public key in the second embodiment, and the digital signature is performed by means of hash encryption, the private key signature and Base64 coding, so that the reliability of the digital signature is higher.
Although the digital signature generated by the private key can be used to verify the identity of the sender of the information, there is a problem that the private key in the server is acquired by a person to further change the API parameter information, and at this time, the server side only needs to verify by the public key, so that it is difficult to determine that the API parameter has been changed, and therefore, it is necessary to further encrypt the API parameter to ensure that the configuration parameter has not been changed in the transfer process. Specifically, referring to fig. 3, a digital signature is generated according to the API parameters, and further includes the following steps:
s310, sorting the configuration parameters of the fort machine according to a preset sorting rule;
the preset ordering rule is usually ascending order or descending order according to the Key, taking ascending order as an example, when the parameter names stored by the Key are "tc", "ect", "edc", "act", respectively, the Key becomes "act", "ect", "edc", "tc" after being arranged according to the ordering rule of ascending order. The specific ordering rules can be set according to actual demands, and the ordering purpose is mainly to facilitate the server to hash and encrypt the API parameters according to the same sequence, so that different hash and encryption results caused by different sequences are avoided, and misjudgment during verification is prevented.
S320, forming the ordered fort configuration parameters into URL format character strings; the URL format character string is the API parameter;
in this embodiment, the transmission of the API parameters is also performed by using the URL transfer (Request-URL) method, and compared with the Body API transfer method, the Body parameter values and parameter names are separated, and the URL format string is easier to hash because the parameters are already combined into the string.
S330, using a secret key, wherein the secret key comprises a private key and a public key;
the key generation method in S330 is described in embodiment two.
S340, carrying out hash encryption on the API parameters to obtain a first digital signature;
the hash encryption method described in S340 may be an HMAC-SHA256 or HMAC-SHA1 signature method, and the embodiment does not limit a specific hash encryption algorithm, and the server stores the same hash encryption algorithm to facilitate verification of the signature.
S350, encrypting the first digital signature by using the private key to obtain a second digital signature;
s360, encoding the second digital signature by using Base64 to obtain the digital signature.
The Base64 is used for encoding the data after hash encryption to obtain a final signature, so that the data transmission speed can be increased, and because the encrypted data is generally longer, the Base64 can be used for shortening the length of the data and reducing the occupation of resources; in addition, the data after the Base64 coding has unreadability, and even if the digital signature is intercepted in the transmission process, the data before the Base64 coding is difficult to view.
Since the hash algorithm is an irreversible algorithm, other people cannot push out plaintext (API parameter) reversely, and even if the API parameter is changed in the transfer process, it is difficult to change the digital signature correspondingly. The double encryption method of the embodiment can achieve the technical effects of anti-counterfeit attack (namely whether the source of the request is legal), tamper attack prevention, replay attack prevention (namely that the request is attacked maliciously) and data information leakage prevention.
When the server verifies, the Base64 is used for decoding the digital signature, and the decoded digital signature is decrypted through the public key to obtain a first digital signature, namely the API parameter after hash encryption; the server side also needs to encrypt the received API parameters by adopting the same hash encryption method, and compares the encrypted result with the first digital signature to finish the verification of the API parameters.
Example IV
The fourth embodiment is based on the first embodiment, and mainly explains and describes a method for generating an access domain name.
Referring to fig. 4, the generation of the access domain name of the fort service further includes the following steps:
s410, randomly generating an access domain name of the fort service and storing the access domain name in a domain name database;
the randomly generated access domain name has uniqueness, and can prevent domain name repetition, thereby avoiding errors when accessing the bastion server. In the embodiment, the generation of the random domain name is realized by adopting an MD5 algorithm, and in other embodiments, the random domain name can be generated in other modes.
The domain name database in S410 may facilitate the user side to query the domain name.
S420, configuring the access domain name to an Nginx server.
Because the Nginx has the advantages of less occupied memory and strong concurrency, the function of connecting to the bastion server by using the access domain name can be realized through the Nginx, the user can access the intranet IP of the bastion server platform end through accessing the domain name, the intranet IP of the server of the bastion server platform end cannot be acquired by the user, and the server can be effectively prevented from being attacked maliciously.
It should be noted that, in addition to configuring the access domain name to the ngginx server, information such as the name of the purchasing user, the intranet IP address, etc. is also sent to the ngginx server, so that the ngginx server forwards the access domain name to the bastion service.
Example five
An embodiment five discloses a device corresponding to the automatic deployment method of the fort machine of the above embodiment, which is a virtual device structure of the above embodiment, please refer to fig. 5, and includes:
an order receiving module 510, configured to receive bastion machine order information, and store bastion machine configuration parameters in the order information;
the signature generation module 520 is configured to preprocess the fort configuration parameters into API parameters, and generate a digital signature according to the API parameters;
a sending module 530, configured to send the digital signature and the API parameter to a server;
an API calling module 540, configured to call an API interface of the server, where the API interface creates an API interface of a fort service for the server;
a domain name generating module 550, configured to generate an access domain name of the fort service.
Preferably, the bastion machine order information is received, and bastion machine configuration parameters in the order information are stored, which specifically comprises:
and storing the parameter name of the fort machine configuration parameter and the parameter Value of the fort machine parameter in a Key-Value form.
Preferably, preprocessing the fort configuration parameters into API parameters, and generating a digital signature according to the API parameters, including the steps of:
the fort machine configuration parameters are formed into URL format character strings, and the URL format character strings are the API parameters;
using a key, the key comprising a private key and a public key;
and signing the API parameters through the private key to obtain the digital signature.
Preferably, preprocessing the fort configuration parameters into API parameters, and generating a digital signature according to the API parameters, including the steps of:
sequencing the fort configuration parameters according to a preset sequencing rule;
forming the ordered fort machine configuration parameters into URL format character strings; the URL format character string is the API parameter;
using a key, the key comprising a private key and a public key;
carrying out hash encryption on the API parameters to obtain a first digital signature;
encrypting the first digital signature by using the private key to obtain a second digital signature;
and encoding the second digital signature by using Base64 to obtain the digital signature.
Preferably, the sending the digital signature and the API parameter to the server includes the following steps:
receiving a verification result, wherein the verification result is a verification result of whether the API parameter is tampered;
when the verification result is that the verification passes, calling an API interface of the server;
and when the verification result is that the verification fails, returning error information.
Preferably, a key is used, said key comprising a private key and a public key, further comprising the steps of:
receiving a verification result, wherein the verification result is an IP verification result of the server;
when authentication passes, a key is used, which includes a private key and a public key.
Preferably, generating the access domain name of the fort service further comprises the following steps:
randomly generating an access domain name of the fort service and storing the access domain name in a domain name database;
and configuring the access domain name to an Nginx server.
Example six
Fig. 6 is a schematic structural diagram of an electronic device according to a sixth embodiment of the present invention, as shown in fig. 6, the electronic device includes a processor 610, a memory 620, an input device 630, and an output device 640; the number of processors 610 in the computer device may be one or more, one processor 610 being taken as an example in fig. 6; the processor 610, memory 620, input device 630, and output device 640 in the electronic device may be connected by a bus or other means, for example in fig. 6.
The memory 620 is used as a computer readable storage medium, and may be used to store software programs, computer executable programs, and modules, such as program instructions/modules corresponding to the automatic fort deployment method in the embodiment of the present invention (e.g., the order receiving module 510, the signature generating module 520, the sending module 530, the API calling module 540, and the domain name generating module 550 in the automatic fort deployment method device). The processor 610 executes various functional applications and data processing of the electronic device by executing software programs, instructions and modules stored in the memory 620, that is, implements the automatic deployment method of the bastion machine of the first to fourth embodiments.
Memory 620 may include primarily a memory program area and a memory data area, wherein the memory program area may store an operating system, applications required for at least one function, such as tools and applications that generate digital signatures; the storage data area may store data created according to the use of the terminal, etc., such as order information and configuration parameters. In addition, memory 620 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other non-volatile solid-state storage device. In some examples, memory 620 may further include memory remotely located relative to processor 610, which may be connected to the electronic device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 630 may be used to receive input user identity information, order information, etc. The output device 640 may include a display device such as a display screen for displaying the user's purchase results, including a purchase failure prompt, a purchase success prompt, and a generated access domain name.
Example seven
A seventh embodiment of the present invention also provides a storage medium containing computer-executable instructions, the storage medium being usable by a computer to perform a fort machine automated method comprising:
receiving bastion machine order information and storing bastion machine configuration parameters in the order information;
preprocessing the fort configuration parameters into API parameters, and generating a digital signature according to the API parameters;
the digital signature and the API parameters are sent to a server;
calling an API interface of the server, wherein the API interface creates an API interface of a fort service for the server;
and generating an access domain name of the API interface.
Of course, the storage medium containing the computer executable instructions provided in the embodiments of the present invention is not limited to the above-described method operations, and may also perform the related operations in the automatic bastion-machine-based deployment method provided in any embodiment of the present invention.
From the above description of embodiments, it will be clear to a person skilled in the art that the present invention may be implemented by means of software and necessary general purpose hardware, but of course also by means of hardware, although in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product, which may be stored in a computer readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a random access Memory (Random Access Memory, RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, etc., and include several instructions for causing an electronic device (which may be a mobile phone, a personal computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present invention.
It should be noted that, in the embodiment of the automatic deployment method device based on the fort machine, each unit and module included are only divided according to the functional logic, but are not limited to the above-mentioned division, so long as the corresponding functions can be realized; in addition, the specific names of the functional units are also only for distinguishing from each other, and are not used to limit the protection scope of the present invention.
It will be apparent to those skilled in the art from this disclosure that various other changes and modifications can be made which are within the scope of the invention as defined in the appended claims.

Claims (8)

1. The automatic deployment method of the fort machine is characterized by comprising the following steps of:
receiving bastion machine order information and storing bastion machine configuration parameters in the order information;
preprocessing the fort configuration parameters into API parameters, and generating a digital signature according to the API parameters;
the digital signature and the API parameters are sent to a server, wherein the server is a cloud fort server;
calling an API interface of the server, wherein the API interface creates an API interface of a fort service for the server;
generating an access domain name of the fort service;
preprocessing the configuration parameters of the fort machine into API parameters, and generating a digital signature according to the API parameters, wherein the method comprises the following steps:
sequencing the fort configuration parameters according to a preset sequencing rule;
forming the ordered fort machine configuration parameters into URL format character strings; the URL format character string is the API parameter;
using a key, the key comprising a private key and a public key;
carrying out hash encryption on the API parameters to obtain a first digital signature;
encrypting the first digital signature by using the private key to obtain a second digital signature;
encoding the second digital signature by using Base64 to obtain the digital signature;
the digital signature and the API parameters are sent to a server, and the method comprises the following steps:
receiving a verification result, wherein the verification result is a verification result of whether the API parameter is tampered; when the verification result is that the verification passes, calling an API interface of the server; when the verification result is that the verification fails, returning error information;
when the server verifies, the Base64 is used for decoding the digital signature, and the public key is used for decrypting the decoded digital signature to obtain a first digital signature; and the server encrypts the received API parameters by adopting a hash encryption method corresponding to the generation of the digital signature, compares the encrypted result with the first digital signature obtained by decryption, and verifies the API parameters.
2. The automatic bastion deployment method of claim 1, wherein receiving bastion order information and storing bastion configuration parameters in the order information specifically comprises:
and storing the parameter name of the fort machine configuration parameter and the parameter Value of the fort machine parameter in a Key-Value form.
3. The automatic fort deployment method according to claim 2, wherein preprocessing said fort configuration parameters into API parameters and generating a digital signature from said API parameters, comprising the steps of:
the fort machine configuration parameters are formed into URL format character strings, and the URL format character strings are the API parameters;
using a key, the key comprising a private key and a public key;
and signing the API parameters through the private key to obtain the digital signature.
4. The automatic fort deployment method according to claim 3, wherein a key is used, said key comprising a private key and a public key, further comprising the steps of:
receiving a verification result, wherein the verification result is an IP verification result of the server;
when authentication passes, a key is used, which includes a private key and a public key.
5. The automatic fort deployment method of claim 1, wherein generating the access domain name for the fort service further comprises the steps of:
randomly generating an access domain name of the fort service and storing the access domain name in a domain name database;
and configuring the access domain name to an Nginx server.
6. An automatic deployment device for a fort machine, comprising:
the system comprises an order receiving module, a data processing module and a data processing module, wherein the order receiving module is used for receiving the information of an order of a bastion machine and storing bastion machine configuration parameters in the information of the order;
the signature generation module is used for preprocessing the fort configuration parameters into API parameters and generating a digital signature according to the API parameters;
the sending module is used for sending the digital signature and the API parameters to a server;
the API calling module is used for calling an API interface of the server, and the API interface creates an API interface of the fort machine service for the server;
the domain name generation module is used for generating an access domain name of the fort service;
wherein the signature generation module comprises:
the sequencing module is used for sequencing the configuration parameters of the fort machine according to a preset sequencing rule; forming the ordered fort machine configuration parameters into URL format character strings; the URL format character string is the API parameter;
the hash encryption module is used for using a secret key, wherein the secret key comprises a private key and a public key; carrying out hash encryption on the API parameters to obtain a first digital signature;
the private key encryption module is used for encrypting the first digital signature by using the private key to obtain a second digital signature;
the encoding module is used for encoding the second digital signature by using Base64 to obtain the digital signature;
the verification module is used for receiving a verification result, wherein the verification result is a verification result of whether the API parameter is tampered; when the verification result is that the verification passes, calling an API interface of the server; when the verification result is that the verification fails, returning error information;
during verification, decoding the digital signature by using Base64, and decrypting the decoded digital signature by using the public key to obtain a first digital signature; and the server encrypts the received API parameters by adopting a hash encryption method corresponding to the generation of the digital signature, compares the encrypted result with the first digital signature obtained by decryption, and verifies the API parameters.
7. An electronic device comprising a processor, a storage medium, and a computer program stored in the storage medium, wherein the computer program when executed by the processor implements the automatic fort deployment method of any one of claims 1 to 5.
8. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the automatic fort deployment method of any of claims 1 to 5.
CN201911110527.9A 2019-11-14 2019-11-14 Automatic deployment method, device, equipment and medium for fort machine Active CN110890979B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911110527.9A CN110890979B (en) 2019-11-14 2019-11-14 Automatic deployment method, device, equipment and medium for fort machine

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911110527.9A CN110890979B (en) 2019-11-14 2019-11-14 Automatic deployment method, device, equipment and medium for fort machine

Publications (2)

Publication Number Publication Date
CN110890979A CN110890979A (en) 2020-03-17
CN110890979B true CN110890979B (en) 2023-10-31

Family

ID=69747487

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911110527.9A Active CN110890979B (en) 2019-11-14 2019-11-14 Automatic deployment method, device, equipment and medium for fort machine

Country Status (1)

Country Link
CN (1) CN110890979B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112632590A (en) * 2021-01-04 2021-04-09 深圳市亿联无限科技有限公司 Automatic encryption and decryption method and device for database parameters of embedded terminal equipment
CN113992494B (en) * 2021-12-23 2022-03-11 武汉迈异信息科技有限公司 Method for creating fortress machine and automatically hosting cloud host by cloud platform

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8862753B2 (en) * 2011-11-16 2014-10-14 Google Inc. Distributing overlay network ingress information
CN107346259B (en) * 2017-05-10 2020-09-08 国家计算机网络与信息安全管理中心 Method for realizing dynamic deployment safety capability
CN107919984A (en) * 2017-11-06 2018-04-17 深圳狗尾草智能科技有限公司 Possess the O&M server and its management method of automatic upgrade function
CN109670297B (en) * 2018-12-14 2021-05-07 泰康保险集团股份有限公司 Method and device for opening service permission, storage medium and electronic equipment
CN109889381B (en) * 2019-02-18 2022-03-18 国家计算机网络与信息安全管理中心 Automatic configuration management method and device based on fort machine
CN110098952B (en) * 2019-03-25 2021-08-20 同盾控股有限公司 Server management method and device
CN109951337B (en) * 2019-03-26 2022-02-11 北京计算机技术及应用研究所 Virtual operation and maintenance fortress system
CN109995794B (en) * 2019-04-15 2021-09-17 深信服科技股份有限公司 Safety protection system, method, equipment and storage medium
CN110324338B (en) * 2019-06-28 2023-07-18 深圳前海微众银行股份有限公司 Data interaction method, device, fort machine and computer readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
配置堡垒机;阿里云;《阿里云帮助中心》;20190123;第2-3页 *

Also Published As

Publication number Publication date
CN110890979A (en) 2020-03-17

Similar Documents

Publication Publication Date Title
US10958436B2 (en) Methods contract generator and validation server for access control of contract data in a distributed system with distributed consensus
US20200313882A1 (en) Method for realizing network electronic identity identification information protection based on key dispersion calculation
CN107146120B (en) Electronic invoice generation method and generation device
CN112801663B (en) Blockchain certification method, device, system, equipment and medium
CN106060078B (en) User information encryption method, register method and verification method applied to cloud platform
CN106911684B (en) Authentication method and system
CN102891843A (en) Method for authorizing application program at android client side through local service unit
CN113055380B (en) Message processing method and device, electronic equipment and medium
CN112948851A (en) User authentication method, device, server and storage medium
CN114884697B (en) Data encryption and decryption method and related equipment based on cryptographic algorithm
CN110890979B (en) Automatic deployment method, device, equipment and medium for fort machine
CN108768975A (en) Support the data integrity verification method of key updating and third party's secret protection
CN108777673B (en) Bidirectional identity authentication method in block chain
CN104125230A (en) Short message authentication service system and authentication method
CN113822675A (en) Block chain based message processing method, device, equipment and storage medium
CN110677261B (en) Trusted two-dimensional code generation method and device, electronic equipment and storage medium
CN111241492A (en) Product multi-tenant secure credit granting method, system and electronic equipment
CN108900472B (en) Information transmission method and device
CN111327561A (en) Authentication method, system, authentication server, and computer-readable storage medium
CN117240625A (en) Tamper-resistant data processing method and device and electronic equipment
CN112862484A (en) Secure payment method and device based on multi-terminal interaction
CN109450643B (en) Signature verification method realized on Android platform based on native service
CN113722749A (en) Data processing method and device for block chain BAAS service based on encryption algorithm
CN116881936A (en) Trusted computing method and related equipment
CN110708155A (en) Copyright information protection method, copyright information protection system, copyright confirming method, copyright confirming device, copyright confirming equipment and copyright confirming medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240410

Address after: Room 1202-2, Building 1, No. 998 Wenyi West Road, Wuchang Street, Yuhang District, Hangzhou City, Zhejiang Province, 310012

Patentee after: Zhejiang Hongsheng Intellectual Property Operation Co.,Ltd.

Country or region after: China

Address before: 310051 room 402, Jinhua network economy center building, No. 398, Silian Road, Wucheng District, Jinhua City, Hangzhou City, Zhejiang Province

Patentee before: GUANGTONG TIANXIA NETWORK TECHNOLOGY Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right