CN113098824A - Method, device, system, equipment and medium for transmitting request message of CXF framework - Google Patents

Method, device, system, equipment and medium for transmitting request message of CXF framework Download PDF

Info

Publication number
CN113098824A
CN113098824A CN201911335767.9A CN201911335767A CN113098824A CN 113098824 A CN113098824 A CN 113098824A CN 201911335767 A CN201911335767 A CN 201911335767A CN 113098824 A CN113098824 A CN 113098824A
Authority
CN
China
Prior art keywords
request
data
http request
encryption
http
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911335767.9A
Other languages
Chinese (zh)
Inventor
赵江涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Group Shanxi Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Group Shanxi Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Group Shanxi Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201911335767.9A priority Critical patent/CN113098824A/en
Publication of CN113098824A publication Critical patent/CN113098824A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Abstract

The invention discloses a method, a device, a system, equipment and a medium for transmitting a request message based on a CXF framework. The method comprises the following steps: creating an HTTP request and generating an encryption and decryption key corresponding to the HTTP request; encrypting the request data of the HTTP request by using an encryption and decryption key to obtain request ciphertext data; calculating the abstract of the request data according to an abstract algorithm, and encrypting the abstract by using a first public key to obtain an abstract signature of the request data; encrypting the encryption and decryption key by adopting the first public key to obtain ciphertext data of the encryption and decryption key; generating a HTTP request message based on the creation time of the HTTP request, request ciphertext data, the digest signature of the request data and ciphertext data of an encryption and decryption key; and sending the request message to a CXF receiving end of the HTTP request. According to the scheme provided by the embodiment of the invention, the transmission safety of the request message can be improved.

Description

Method, device, system, equipment and medium for transmitting request message of CXF framework
Technical Field
The present invention relates to the field of communications, and in particular, to a method, an apparatus, a system, a device, and a medium for transmitting a request packet based on a CXF framework.
Background
With the development of the internet, a service-oriented architecture (CXF) has almost become the mainstream of an enterprise application architecture, and CXF has been applied to various software industries as a data interaction mode between systems, and has become an important function in the systems. The risk of secure transmission of data is involved when the system starts to transmit data.
Disclosure of Invention
Embodiments of the present invention provide a method, an apparatus, a system, a device, and a medium for transmitting a request packet based on a CXF framework, which can improve transmission security of the request packet.
In a first aspect, a CXF framework-based request packet transmission method is provided, where the method is applied to a CXF initiator of an HTTP request, and includes: creating a hypertext transfer protocol (HTTP) request and generating an encryption and decryption key corresponding to the HTTP request; encrypting the request data of the HTTP request by using an encryption and decryption key to obtain request ciphertext data; calculating the abstract of the request data according to an abstract algorithm, and encrypting the abstract by using a first public key to obtain an abstract signature of the request data; encrypting the encryption and decryption key by adopting the first public key to obtain ciphertext data of the encryption and decryption key; generating a HTTP request message based on the creation time of the HTTP request, request ciphertext data, the digest signature of the request data and ciphertext data of an encryption and decryption key; and sending the request message to a CXF receiving end of the HTTP request.
According to the CXF frame-based request message transmission method in the embodiment of the invention, in the HTTP request transmission process, the encryption and decryption key can be used for encrypting the request data, and the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the receiving end of the HTTP request through the HTTP request message, so that the transmission security of the request message can be improved.
In an optional implementation manner, encrypting the request data of the current HTTP request by using an encryption/decryption key to obtain request ciphertext data includes: converting the text format of the request data to obtain the request data in the character string format; and encrypting the request data in the character string format by using the encryption and decryption key to obtain request ciphertext data.
By the embodiment, the text format of the request data is converted into the character string format and then transmitted, so that the transmission rate of the data can be improved.
In an alternative embodiment, computing a digest of the requested data according to a digest algorithm includes: converting the text format of the request data to obtain the request data in the character string format; and calculating the request data in the character string format by using a summary algorithm to obtain the summary of the request data.
By the implementation mode, the text format of the request data is converted into the character string format and then the abstract is calculated, so that the transmission rate of the data can be improved.
In an optional implementation manner, generating the HTTP request packet based on the creation time of the HTTP request, the request ciphertext data, the digest signature of the request data, and the ciphertext data of the encryption/decryption key includes: writing the creating time of the HTTP request into a timestamp field of a message header of the HTTP request message; writing the abstract signature of the request data into an authentication field of a message header of the HTTP request message; writing the cipher text data of the encryption and decryption key into a security key field of a message header of the HTTP request message; and writing the request ciphertext data into the message body of the HTTP request message.
By the embodiment, the information is placed at the predefined position of the HTTP request message, so that the receiving party can accurately read the information such as the creation time of the HTTP request, the request ciphertext data, the digest signature of the request data, the ciphertext data of the encryption and decryption keys and the like from the HTTP request message.
In an alternative embodiment, the encryption and decryption keys are AES keys.
By the embodiment, the request data ciphertext is prevented from being illegally reversely decrypted
In a second aspect, a CXF framework-based request packet transmission method is provided, where the method is applied to a CXF receiving end of an HTTP request, and includes: receiving an HTTP request message sent by an initiating terminal of an HTTP request; verifying the authenticity of the HTTP request by using the creation time in the HTTP request message; if the verification result shows that the HTTP request has authenticity, decrypting the ciphertext data of the encryption and decryption key in the HTTP request message by using a first private key corresponding to the first public key to obtain the encryption and decryption key; decrypting the request ciphertext data in the HTTP request message by using the encryption and decryption key obtained by decryption to obtain the request data of the HTTP request; calculating an auxiliary verification abstract of the request data obtained by decryption by using an abstract algorithm, and decrypting an abstract signature of the request data in the HTTP request message by using a first private key to obtain an abstract of the request data; if the auxiliary verification abstract is consistent with the abstract of the request data, verifying that the request data of the HTTP request has integrity, responding to the request data of the HTTP request obtained by decryption, and generating response ciphertext data; and sending the response ciphertext data to the CXF initiating end of the HTTP request.
According to the CXF frame-based request message transmission method in the embodiment of the invention, in the HTTP request transmission process, the encryption and decryption key can be used for encrypting the request data, and the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the CXF receiving end of the HTTP request through the HTTP request message, so that the transmission security of the request message can be improved.
In an alternative embodiment, generating response ciphertext data in response to the request data of the decrypted HTTP request includes: responding to the request data of the HTTP request obtained by decryption to generate response data; and encrypting the response data by using the encryption and decryption key to obtain response ciphertext data.
In an optional implementation manner, verifying the authenticity of the HTTP request by using the creation time in the HTTP request message includes: acquiring the current moment; if the time difference between the creation time and the current time is less than or equal to the preset time, verifying that the HTTP request is authentic; and if the time difference between the creation time and the current time is greater than the preset time, verifying that the HTTP request does not have authenticity.
Through the embodiment, the request message received by the CXF receiving end can be guaranteed to have authenticity.
In a third aspect, a CXF framework-based request packet transmission apparatus is provided, including: the request creating module is used for creating a hypertext transfer protocol (HTTP) request, acquiring the creating time of the HTTP request and generating an encryption and decryption key corresponding to the HTTP request; the first encryption module is used for encrypting the request data of the HTTP request by using the encryption and decryption key to obtain request ciphertext data; the digest signature generation module is used for calculating the digest of the request data according to a digest algorithm and encrypting the digest by using a first public key to obtain a digest signature of the request data; the second encryption module is used for encrypting the encryption and decryption key by adopting the first public key to obtain ciphertext data of the encryption and decryption key; the message generation module is used for generating the HTTP request message based on the creation time of the request, the request ciphertext data, the digest signature of the request data and the ciphertext data of the encryption and decryption keys; and the sending module is used for sending the request message to a receiving end of the request.
In a fourth aspect, a CXF framework-based request packet transmission apparatus is provided, including: the receiving module is used for receiving an HTTP request message sent by an initiating end of an HTTP request; the verification module is used for verifying the authenticity of the HTTP request by utilizing the creation time in the HTTP request message; the first decryption module is used for decrypting the ciphertext data of the encryption and decryption key in the HTTP request message by using a first private key corresponding to the first public key to obtain the encryption and decryption key if the verification result shows that the HTTO request has authenticity; the second decryption module is used for decrypting the request ciphertext data in the HTTP request message by using the encryption and decryption key obtained by decryption to obtain the request data of the HTTP request; the third decryption module is used for calculating the auxiliary verification digest of the request data obtained by decryption by using a digest algorithm, and decrypting the digest signature of the request data in the HTTP request message by using the first private key to obtain the digest of the request data; the response module is used for verifying the integrity of the request data of the HTTP request if the auxiliary verification abstract is consistent with the abstract of the request data, responding to the request data of the HTTP request obtained by decryption, and generating response ciphertext data; and the sending module is used for sending the response ciphertext data to the CXF initiating end of the HTTP request.
In a fifth aspect, a CXF framework-based request packet transmission system is provided, which includes: a CXF initiator configured to implement the HTTP request of the request packet transmission method provided in the first aspect or any optional implementation manner of the first aspect, and a CXF receiver configured to implement the HTTP request of the request packet transmission method provided in the second aspect or any optional implementation manner of the second aspect.
In a sixth aspect, there is provided an apparatus comprising: a memory for storing a program; a processor, configured to run a program stored in a memory, to execute the method for transmitting a request packet based on a CXF framework according to the first aspect or any optional implementation manner of the first aspect, or to execute the method for transmitting a request packet based on a CXF framework according to the second aspect or any optional implementation manner of the second aspect.
A seventh aspect provides a computer storage medium, where computer program instructions are stored on the computer storage medium, and when executed by a processor, implement the method for transmitting a request packet based on a CXF framework provided in the first aspect or any optional implementation manner of the first aspect, or implement the method for transmitting a request packet based on a CXF framework provided in the second aspect or any optional implementation manner of the second aspect.
According to the CXF frame-based request message transmission method, device, system, equipment and medium in the embodiment of the invention, in the HTTP request transmission process, the encryption and decryption key can be used for encrypting the request data, and the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the receiving end of the HTTP request through the HTTP request message, so that the transmission security of the request message can be improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flow chart of a method for transmitting a request packet based on a CXF framework according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of another method for transmitting a request packet based on a CXF framework according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a request packet transmission apparatus based on a CXF framework according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of another CXF framework-based request packet transmission apparatus according to an embodiment of the present invention;
fig. 5 is a system architecture diagram of a CXF framework-based request packet transmission system according to an embodiment of the present invention;
fig. 6 is a structural diagram of an exemplary hardware architecture of a request packet transmission device based on a CXF framework according to an embodiment of the present invention.
Detailed Description
Features and exemplary embodiments of various aspects of the present invention will be described in detail below, and in order to make objects, technical solutions and advantages of the present invention more apparent, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It will be apparent to one skilled in the art that the present invention may be practiced without some of these specific details. The following description of the embodiments is merely intended to provide a better understanding of the present invention by illustrating examples of the present invention.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The embodiment of the invention provides a CXF (extensible markup language) framework-based request message transmission scheme, which can be applied to a specific scene of transmitting an HTTP (hyper text Transfer Protocol) request message between an initiating terminal and a receiving terminal of the HTTP request. According to the technical scheme provided by the embodiment of the invention, in the transmission process of the HTTP request, the encryption and decryption key can be used for encrypting the request data, and the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the receiving end of the HTTP request through the HTTP request message, so that the transmission safety of the request message can be improved.
For better understanding of the present invention, a method, an apparatus, a system, a device, and a medium for transmitting a request packet based on a CXF framework according to an embodiment of the present invention will be described in detail below with reference to the accompanying drawings.
Fig. 1 is a schematic flow chart of a method for transmitting a request packet based on a CXF framework according to an embodiment of the present invention. The execution subject of each step of the embodiment of the present invention may be a CXF initiator of an HTTP request. As shown in fig. 1, the method 100 for transmitting a request packet based on a CXF framework in this embodiment may include the following steps S110 to S160.
S110, creating an HTTP request and generating an encryption and decryption key corresponding to the HTTP request. Specifically, in the embodiment of the present invention, each time an HTTP request is created, an encryption/decryption key corresponding to the request is correspondingly generated. In one embodiment, the HTTP request of an embodiment of the present invention conforms to a Representational State Transfer (REST) mode.
In S110, each time an http request is created, an encryption/decryption key needs to be dynamically generated to encrypt the requested data using the encryption/decryption key. The generation of a new encryption and decryption key is required for each request mainly to prevent data leakage. If the same encryption and decryption keys are used fixedly, data is exposed to the risk of leakage if the encryption and decryption keys are leaked.
And S120, encrypting the request data of the HTTP request by using the encryption and decryption key to obtain request ciphertext data. In order to prevent the request data ciphertext from being illegally and reversely decrypted, the encryption and decryption key may be an Advanced Encryption Standard (AES) key.
In one embodiment, S120 includes a first step and a second step.
The method comprises the following steps of firstly, converting the text format of the request data to obtain the request data in the character string format. Illustratively, the text data of the request data may be converted into a JAVA description Object Notation (json) string format. Specifically, the GSON package (i.e., a Java library used to convert Java objects into JSON data) can be utilized to generate the requested data in JSON string format. The request data may also be converted into other character string formats other than the json format, such as ASCII format, according to the actual scene and the working requirement, which is not described herein again.
And a second step of encrypting the request data in the character string format by using the encryption and decryption key to obtain request ciphertext data.
Through the two steps of S120, the text format of the request data is converted into the string format and then transmitted, so that the data transmission rate can be increased.
It should be noted that, in the embodiment of the present invention, because the data size of the request data is large, a symmetric encryption algorithm is selected when the request data is encrypted, and the encryption speed can be ensured.
S130, calculating the abstract of the request data according to an abstract algorithm, and encrypting the abstract by using the first public key to obtain an abstract signature of the request data.
First, for the Digest Algorithm in S130, the embodiment of the present invention may adopt an MD5 Message Digest Algorithm (MD5 Message-Digest Algorithm, MD5), a Secure Hash Algorithm (Secure Hash Algorithm, sha1), a sha256 Algorithm (i.e., a Hash value Algorithm), an SM3 Algorithm (i.e., a cryptographic Hash function standard), and the like. The encryption algorithm of the digest is not limited, and may be a symmetric encryption algorithm or an asymmetric encryption algorithm, which is not limited. In one example, to prevent reverse cracking of requested data through its digest, the MD5 algorithm may be selected as the digest algorithm.
Secondly, for the first public key, the asymmetric encryption algorithm corresponding to the first public key may be an RSA algorithm (i.e. an asymmetric encryption algorithm), an Elliptic encryption algorithm (ECC), an Elgamal algorithm (i.e. an asymmetric encryption algorithm), a back-pack algorithm, etc., which is not limited herein. In one example, to increase security strength, the first public key may be an RSA public key generated based on an RSA algorithm.
It should be noted that, in the embodiment of the present invention, since the data volume of the digest of the requested data is small, an asymmetric encryption algorithm with a complicated encryption algorithm is selected when the digest is encrypted, and the security of the digest data can be ensured while the encryption speed is ensured.
In addition, different keys are adopted when calculating the digest signatures of the request ciphertext data and the request data, so that the safety of the data is ensured.
In one embodiment, since the request data may be first converted into the request data in the character string format when the request data is encrypted in S120, correspondingly, a digest of the request data in the character string format may also be generated in S130. Specifically, the embodiment of S130 may include the following first and second steps.
The first step is to convert the text format of the request data to obtain the request data in the character string format. For specific implementation of this step, reference may be made to the description of the first step in S120 in the foregoing embodiment of the present invention, and details are not described herein again.
And secondly, calculating the request data in the character string format by using a summary algorithm to obtain the summary of the request data. For the specific implementation of this step, reference may be made to the description of the summary algorithm in S120 in the above embodiment of the present invention, and details are not described herein again.
The text format of the requested data is converted into the character string format and then the abstract is calculated, so that the transmission rate of the data can be improved.
S140, the encryption and decryption key is encrypted by the first public key to obtain ciphertext data of the encryption and decryption key. The specific content of the first public key may refer to the related description of the first public key in S120, and is not described herein again.
Since the AES key may also need to be passed in order for the receiver to view the requested plaintext data when passing the requested ciphertext data. The first public key is adopted to encrypt the encryption and decryption key, so that the security of the AES key can be ensured.
S150, generating the HTTP request message based on the creating time of the HTTP request, the request ciphertext data, the digest signature of the request data and the ciphertext data of the encryption and decryption keys. In order to ensure the credibility of the creation time of the current HTTP request, the creation time of the current HTTP request may be a trusted timestamp acquired from the rights trusted timestamp service center.
In S150, in order to enable the receiving side to read information such as the creation time of the HTTP request, request ciphertext data, the digest signature of the request data, and ciphertext data of the encryption/decryption key from the HTTP request message, the information may be placed at a predefined position of the HTTP request message.
In one embodiment, a specific implementation of S150 includes the following first to fourth steps.
The method comprises the steps of firstly, writing the creation time of the HTTP request into a TimesTamp TimeTamp field of a message header of the HTTP request message.
And secondly, writing the abstract signature of the request data into an Authentication field of a message header of the HTTP request message.
And thirdly, writing the cipher text data of the encryption and decryption key into a security key SecurityKey field of a message header of the HTTP request message.
And fourthly, writing the request ciphertext data into a message body HTTP body of the HTTP request message.
It should be noted that, in the embodiment of the present invention, the execution sequence between the first step and the fourth step in S150 is not limited, and may be executed synchronously or asynchronously.
And S160, sending the request message to the CXF receiving end of the HTTP request.
According to the CXF frame-based request message transmission method, device, system, equipment and medium in the embodiment of the invention, in the HTTP request transmission process, the encryption and decryption key can be used for encrypting the request data, and the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the receiving end of the HTTP request through the HTTP request message, so that the transmission security of the request message can be improved.
After the CXF sending end sends the HTTP request message to the CXF receiving end, the CXF receiving end needs to perform security verification based on the HTTP request message, extract real request data after the verification is passed, and respond to the real request data to return the request message. Specifically, the following part of the embodiment of the present invention specifically describes the steps executed by the CXF receiving end.
Fig. 2 is a schematic flow chart of another method for transmitting a request packet based on a CXF framework according to an embodiment of the present invention. The execution main body of each step of the embodiment of the present invention may be a CXF receiving end of an HTTP request. As shown in fig. 2, the method 200 for transmitting a request packet based on a CXF framework in this embodiment may include the following steps S210 to S270.
S210, receiving an HTTP request message sent by a CXF initiating end of the HTTP request. The specific content of the HTTP request packet is described in detail in the related description of the CXF framework-based request packet transmission method 100 in the foregoing embodiment of the present invention, which is described in conjunction with fig. 1, and is not described herein again.
S220, verifying the authenticity of the HTTP request by using the creation time in the HTTP request message. Specifically, the creation time of the HTTP request packet may be extracted from the HTTP request packet, and the creation time may be compared with the current time for verification.
In an embodiment, since the CXF sending end writes the creation time in the HTTP request message into a predefined field of the HTTP request message, for example, a timestmamp field of a header of the HTTP request message. After obtaining the HTTP request message, the creation time needs to be extracted from the predefined field.
In one embodiment, after the creation time is extracted from the HTTP request message, S220 further includes the following first to third steps.
The method comprises the first step of obtaining the current time. In order to ensure the credibility of the current time, the current time may be a trusted time obtained from a trusted time source.
And secondly, if the time difference between the creation time and the current time is less than or equal to the preset time, verifying that the HTTP request is authentic. The preset time period may be set according to a specific work scene and a work requirement, and may be set to five minutes, for example. That is, if the time interval between the current time and the creation time is within five minutes, the HTTP request is considered authentic, and S230 may be continuously performed downward.
And step three, if the time difference between the creation time and the current time is greater than the preset time, verifying that the HTTP request does not have authenticity. Illustratively, if the time interval between the current time and the creation time exceeds five minutes, the HTTP request is considered not authentic, that is, the HTTP request message is illegal. In one example, after determining that the HTTP request is not authentic, the CXF receiver may not respond to the HTTP request message and discard the HTTP request message.
And S230, if the verification result shows that the HTTP request has authenticity, decrypting the ciphertext data of the encryption and decryption key in the HTTP request message by using the first private key corresponding to the first public key to obtain the encryption and decryption key. Wherein the first private key and the first public key may be generated using the same asymmetric encryption algorithm. For example, after the CXF receiving end generates the first public key and the first private key by using the asymmetric encryption algorithm, the CXF receiving end may store the first private key and send the first public key to the CXF sending end. The first public key may be an RSA public key, and the first private key may be an RSA private key.
In one embodiment, after obtaining the HTTP request message, ciphertext data of the encryption and decryption keys may need to be extracted from the predefined field. For example, the SecurityKey field of the header of the message may be requested from HTTP.
S240, the encrypted and decrypted key obtained by decryption is used for decrypting the request ciphertext data in the HTTP request message to obtain the request data of the HTTP request.
In one embodiment, if the CXF sending end first converts the request data into a predefined string format and then encrypts the converted request data to obtain the request ciphertext data. Correspondingly, after the CXF receiving end decrypts the request ciphertext data, the original request data of the HTTP request can be obtained only after the decrypted request plaintext data is decoded by using the decoding format corresponding to the character string format.
In one embodiment, after obtaining the HTTP request message, the request ciphertext data may need to be extracted from the predefined field. For example, the request ciphertext data may be extracted from the body HTTP body of the HTTP request message.
And S250, calculating the auxiliary verification digest of the request data obtained by decryption by using a digest algorithm, and decrypting the digest signature of the request data in the HTTP request message by using the first private key to obtain the digest of the request data. The digest algorithm in S250 needs to be the same as the digest algorithm used by the CXF sender of the HTTP request. For example, as in the md5 algorithm.
For example, if the digest algorithm md5 algorithm and the first secret key is the RSA private key, the implementation of S250 includes: first, the request data decrypted in S240 is digested by md5 to generate an auxiliary verification digest md5 Str. Secondly, the digest signature of the request data is obtained, and the RSA private key stored at the receiving end is used for decryption to obtain the digest rsaDecryptStr of the request data.
In some embodiments, after obtaining the HTTP request message, it is also necessary to extract the digest signature of the request data from the predefined field. For example, a digest signature of the request data may be extracted from the Authentication field of the header of the HTTP request message.
In one embodiment, if the CXF sender converts the request data into the string format first and then generates the request encrypted data, and the request data digest signature is generated by using the request data in the string format. Then in S250, a digest may be calculated for the request data in the string format decrypted in S240, and an auxiliary verification digest may be generated.
And S260, if the auxiliary verification abstract is consistent with the abstract of the request data, verifying that the request data of the HTTP request has integrity, responding to the request data of the HTTP request obtained by decryption, and generating response ciphertext data.
In one embodiment, S260 specifically includes: and responding to the request data of the HTTP request obtained by decryption to generate response data. And encrypting the response data by using the encryption and decryption key to obtain response ciphertext data. The response data may be a message indicating that the response to the HTTP request is successful, or may be a message indicating that the response to the HTTP request is failed.
In an embodiment, there is also a case that the auxiliary verification digest is not consistent with the digest of the requested data, and if it is determined that the auxiliary verification digest is not consistent with the digest of the requested data, it is proved that the requested data decrypted in S240 has no integrity and may be illegally tampered. To ensure data security, the requested data may be discarded and responses to the requested data denied.
And S270, sending the response ciphertext data to the CXF initiating end of the HTTP request.
According to the CXF frame-based request message transmission method in the embodiment of the invention, in the HTTP request transmission process, the request data can be encrypted by using the encryption and decryption key, the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the CXF receiving end of the HTTP request through the HTTP request message, and the CXF receiving end can verify the integrity of the request data by using the digest signature of the request data, for example, the authenticity of the HTTP request at the creation time of the HTTP request, so that the transmission security of the request message can be improved.
An apparatus according to an embodiment of the present invention will be described in detail below with reference to the accompanying drawings.
Based on the same inventive concept, the embodiment of the invention provides a device for transmitting a request message based on a CXF framework. Fig. 3 is a schematic structural diagram of a request packet transmission apparatus based on a CXF framework according to an embodiment of the present invention. As shown in fig. 3, the CXF framework-based request message transmission apparatus 300 includes a request creation module 310, a first encryption module 320, a digest signature generation module 330, a second encryption module 340, a message generation module 350, and a transmission module 360.
The request creating module 310 is configured to create a hypertext transfer protocol HTTP request, obtain a creation time of the current HTTP request, and generate an encryption and decryption key corresponding to the current HTTP request.
The first encryption module 320 is configured to encrypt the request data of the current HTTP request by using the encryption and decryption key to obtain request ciphertext data.
The digest signature generation module 330 is configured to calculate a digest of the requested data according to a digest algorithm, and encrypt the digest by using the first public key to obtain a digest signature of the requested data.
The second encryption module 340 is configured to encrypt the encryption and decryption key by using the first public key to obtain ciphertext data of the encryption and decryption key.
The message generating module 350 is configured to generate the HTTP request message based on the creation time of the request, the request ciphertext data, the digest signature of the request data, and the ciphertext data of the encryption/decryption key.
The sending module 360 is configured to send the request packet to the CXF receiving end of the request.
In some embodiments, the first encryption module 320 specifically includes a format conversion unit and an encryption unit.
The format conversion unit is used for converting the text format of the request data to obtain the request data in the character string format.
And the encryption unit is used for encrypting the request data in the character string format by using the encryption and decryption key to obtain the request ciphertext data.
In some embodiments, digest signature generation module 330 includes a format conversion unit and a digest calculation unit.
The format conversion unit is used for converting the text format of the request data to obtain the request data in the character string format.
And the abstract calculating unit is used for calculating the request data in the character string format by using an abstract algorithm to obtain the abstract of the request data.
In some embodiments, the message generation module 350 includes first to fourth generation units.
And the first generating unit is used for writing the creation time of the HTTP request into a timestamp field of a message header of the HTTP request message.
And the second generation unit is used for writing the abstract signature of the request data into the authentication field of the message header of the HTTP request message.
And the third generating unit is used for writing the cipher text data of the encryption and decryption key into the security key field of the message header of the HTTP request message.
And the fourth generating unit is used for writing the request ciphertext data into the message body of the HTTP request message.
In some embodiments, the encryption and decryption keys are Advanced Encryption Standard (AES) keys.
Other details of the CXF framework-based request packet transmission apparatus according to the embodiment of the present invention are similar to the CXF framework-based request packet transmission method according to the embodiment of the present invention described above with reference to fig. 1, and are not described herein again.
According to the CXF frame-based request message transmission device in the embodiment of the invention, in the HTTP request transmission process, the encryption and decryption key can be used for encrypting the request data, and the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the receiving end of the HTTP request through the HTTP request message, so that the transmission security of the request message can be improved.
Based on the same inventive concept, the embodiment of the invention provides a device for transmitting a request message based on a CXF framework. Fig. 4 is a schematic structural diagram of another CXF framework-based request packet transmission apparatus according to an embodiment of the present invention. As shown in fig. 4, the CXF framework-based request packet transmission apparatus 400 includes:
the receiving module 410 is configured to receive an HTTP request message sent by an originating end of an HTTP request.
And the verification module 420 is configured to verify the authenticity of the HTTP request by using the creation time in the HTTP request message.
And the first decryption module 430 is configured to, if the verification result indicates that the HTTO request has authenticity, decrypt the ciphertext data of the encryption and decryption key in the HTTP request message by using the first private key corresponding to the first public key to obtain the encryption and decryption key.
The second decryption module 440 is configured to decrypt the request ciphertext data in the HTTP request message by using the encryption and decryption key obtained by decryption, so as to obtain the request data of the HTTP request.
The third decryption module 450 is configured to calculate an auxiliary verification digest of the decrypted request data by using a digest algorithm, and decrypt a digest signature of the request data in the HTTP request message by using the first private key to obtain a digest of the request data.
The response module 460 is configured to verify that the requested data of the HTTP request has integrity if the auxiliary verification digest is consistent with the digest of the requested data, and generate response ciphertext data in response to the decrypted requested data of the HTTP request.
A sending module 470, configured to send the response ciphertext data to the CXF initiating end of the HTTP request.
In some embodiments, the response module 460 includes a data generation unit and an encryption unit.
The data generation unit is used for responding to the request data of the HTTP request obtained by decryption and generating response data.
And the encryption unit is used for encrypting the response data by using the encryption and decryption key to obtain response ciphertext data.
In some embodiments, the verification module 420 includes a time of day acquisition unit and a verification unit.
A time obtaining unit for obtaining the current time;
the verification unit is used for verifying the authenticity of the HTTP request if the time difference between the creation time and the current time is less than or equal to the preset time length; and if the time difference between the creation time and the current time is greater than the preset time, verifying that the HTTP request does not have authenticity.
According to the CXF frame-based request message transmission device in the embodiment of the invention, in the HTTP request transmission process, the encryption and decryption key can be used for encrypting the request data, and the ciphertext data of the encryption and decryption key, the digest signature of the request data and the creation time of the HTTP request are transmitted to the receiving end of the HTTP request through the HTTP request message, so that the transmission security of the request message can be improved.
Other details of the CXF framework-based request packet transmission apparatus according to the embodiment of the present invention are similar to the CXF framework-based request packet transmission method according to the embodiment of the present invention described above with reference to fig. 2, and are not described herein again.
Based on the same inventive concept, fig. 5 is a system architecture diagram of a CXF framework-based request message transmission system according to an embodiment of the present invention. As shown in fig. 5, the CXF framework-based request message transmission system 500 includes a CXF initiator 510 and a CXF receiver 520.
The CXF initiator 510 may implement the method 100 for transmitting a request packet based on the CXF framework described in connection with fig. 1. Specifically, the CXF initiator 510 may be implemented as the CXF framework-based request packet transmission apparatus 300 described in conjunction with fig. 3. Illustratively, the CXF initiator 510 may be a CXF client in a CXF framework.
The CXF receiving end 520 may implement the CXF framework-based request packet transmission method 200 described in conjunction with fig. 2. Specifically, the CXF initiator 520 may be implemented as the CXF framework-based request packet transmission apparatus 400 described in conjunction with fig. 4. Illustratively, the CXF receive end 520 may be a CXF service end in a CXF framework.
Fig. 6 is a structural diagram of an exemplary hardware architecture of a request packet transmission device based on a CXF framework according to an embodiment of the present invention.
As shown in fig. 6, the CXF framework-based request message transmission apparatus 600 includes an input device 601, an input interface 602, a central processor 603, a memory 604, an output interface 605, and an output device 606. The input interface 602, the central processing unit 603, the memory 604, and the output interface 605 are connected to each other through a bus 610, and the input device 601 and the output device 606 are connected to the bus 610 through the input interface 602 and the output interface 605, respectively, and further connected to other components of the CXF framework-based request packet transmission device 600.
Specifically, the input device 601 receives input information from the outside, and transmits the input information to the central processor 603 through the input interface 602; the central processor 603 processes input information based on computer-executable instructions stored in the memory 604 to generate output information, stores the output information temporarily or permanently in the memory 604, and then transmits the output information to the output device 606 through the output interface 605; the output device 606 outputs the output information to the outside of the CXF framework-based request message transmission device 600 for use by the user.
That is, the CXF framework-based request message transmission apparatus shown in fig. 6 may also be implemented to include: a memory storing computer-executable instructions; and a processor, which when executing computer executable instructions may implement the method 100 for transmitting a request packet based on a CXF framework described in the embodiment of the present invention with reference to fig. 1, or which when executing computer executable instructions may implement the method 200 for transmitting a request packet based on a CXF framework described in the embodiment of the present invention with reference to fig. 2.
An embodiment of the present invention further provides a computer storage medium, where computer program instructions are stored on the computer storage medium, and when being executed by a processor, the computer program instructions implement the method 100 for transmitting a request packet based on a CXF framework described in the embodiment of the present invention with reference to fig. 1, or when being executed by the processor, the computer program instructions implement the method 200 for transmitting a request packet based on a CXF framework described in the embodiment of the present invention with reference to fig. 2.
It is to be understood that the invention is not limited to the specific arrangements and instrumentality described above and shown in the drawings. A detailed description of known methods is omitted herein for the sake of brevity. In the above embodiments, several specific steps are described and shown as examples. However, the method processes of the present invention are not limited to the specific steps described and illustrated, and those skilled in the art can make various changes, modifications and additions or change the order between the steps after comprehending the spirit of the present invention.
The functional blocks shown in the above structural block diagrams may be implemented as hardware, software, firmware, or a combination thereof. When implemented in hardware, it may be, for example, an electronic circuit, an Application Specific Integrated Circuit (ASIC), suitable firmware, plug-in, function card, or the like. When implemented in software, the elements of the invention are the programs or code segments used to perform the required tasks. The program or code segments may be stored in a machine-readable medium or transmitted by a data signal carried in a carrier wave over a transmission medium or a communication link. A "machine-readable medium" may include any medium that can store or transfer information. Examples of a machine-readable medium include electronic circuits, semiconductor memory devices, ROM, flash memory, Erasable ROM (EROM), floppy disks, CD-ROMs, optical disks, hard disks, fiber optic media, Radio Frequency (RF) links, and so forth. The code segments may be downloaded via computer networks such as the internet, intranet, etc.
As will be apparent to those skilled in the art, for convenience and brevity of description, the specific working processes of the systems, modules and units described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

Claims (13)

1. A CXF framework-based request message transmission method is applied to a CXF initiating end of an HTTP request, and comprises the following steps:
creating a hypertext transfer protocol (HTTP) request and generating an encryption and decryption key corresponding to the HTTP request;
encrypting the request data of the HTTP request by using the encryption and decryption key to obtain request ciphertext data;
calculating the abstract of the request data according to an abstract algorithm, and encrypting the abstract by using a first public key to obtain an abstract signature of the request data;
encrypting the encryption and decryption key by using the first public key to obtain ciphertext data of the encryption and decryption key;
generating a current HTTP request message based on the creation time of the current HTTP request, the request ciphertext data, the summary signature of the request data and the ciphertext data of the encryption and decryption key;
and sending the request message to a CXF receiving end of the HTTP request.
2. The method according to claim 1, wherein the encrypting the request data of the current HTTP request by using the encryption/decryption key to obtain request ciphertext data comprises:
converting the text format of the request data to obtain the request data in a character string format;
and encrypting the request data in the character string format by using the encryption and decryption key to obtain request ciphertext data.
3. The method of claim 2, wherein said computing a digest of said requested data according to a digest algorithm comprises:
converting the text format of the request data to obtain the request data in the character string format;
and calculating the request data in the character string format by using the abstract algorithm to obtain the abstract of the request data.
4. The method according to claim 1, wherein the generating a current HTTP request packet based on the creation time of the current HTTP request, the request ciphertext data, the digest signature of the request data, and the ciphertext data of the encryption/decryption key includes:
writing the creating time of the HTTP request into a timestamp field of a message header of the HTTP request message; and the number of the first and second groups,
writing the abstract signature of the request data into an authentication field of a message header of the HTTP request message; and the number of the first and second groups,
writing the cipher text data of the encryption and decryption key into a security key field of a message header of the HTTP request message; and the number of the first and second groups,
and writing the request ciphertext data into the message body of the HTTP request message.
5. The method of claim 1, wherein the encryption/decryption key is an Advanced Encryption Standard (AES) key.
6. A CXF framework-based request message transmission method is applied to a CXF receiving end of an HTTP request, and comprises the following steps:
receiving an HTTP request message sent by an initiating terminal of the HTTP request;
verifying the authenticity of the HTTP request by using the creation time in the HTTP request message;
if the verification result shows that the HTTP request has authenticity, decrypting the ciphertext data of the encryption and decryption key in the HTTP request message by using a first private key corresponding to the first public key to obtain the encryption and decryption key;
decrypting request ciphertext data in the HTTP request message by using the encryption and decryption key obtained by decryption to obtain request data of the HTTP request;
calculating an auxiliary verification digest of the request data obtained by decryption by using a digest algorithm, and decrypting a digest signature of the request data in the HTTP request message by using the first private key to obtain a digest of the request data;
if the auxiliary verification abstract is consistent with the abstract of the request data, verifying that the request data of the HTTP request has integrity, responding to the request data of the HTTP request obtained by decryption, and generating response ciphertext data;
and sending the response ciphertext data to a CXF initiating end of the HTTP request.
7. The method according to claim 6, wherein the generating response ciphertext data in response to the request data of the HTTP request obtained by decryption comprises:
responding to the request data of the HTTP request obtained by decryption to generate response data;
and encrypting the response data by using the encryption and decryption key to obtain the response ciphertext data.
8. The method according to claim 6, wherein verifying the authenticity of the HTTP request using the creation time in the HTTP request message comprises:
acquiring the current moment;
if the time difference between the creation time and the current time is less than or equal to a preset time, verifying that the HTTP request is authentic;
and if the time difference between the creation time and the current time is greater than a preset time, verifying that the HTTP request does not have authenticity.
9. A CXF framework-based request message transmission apparatus, comprising:
the request creating module is used for creating a hypertext transfer protocol (HTTP) request, acquiring the creating time of the HTTP request and generating an encryption and decryption key corresponding to the HTTP request;
the first encryption module is used for encrypting the request data of the HTTP request by using the encryption and decryption key to obtain request ciphertext data;
the digest signature generation module is used for calculating the digest of the request data according to a digest algorithm and encrypting the digest by using a first public key to obtain a digest signature of the request data;
the second encryption module is used for encrypting the encryption and decryption key by adopting the first public key to obtain ciphertext data of the encryption and decryption key;
a message generation module, configured to generate the HTTP request message based on the creation time of the request, the request ciphertext data, the digest signature of the request data, and the ciphertext data of the encryption/decryption key;
and the sending module is used for sending the request message to a receiving end of the request.
10. A CXF framework-based request message transmission apparatus, comprising:
a receiving module, configured to receive an HTTP request packet sent by an initiator of the HTTP request;
the verification module is used for verifying the authenticity of the HTTP request by utilizing the creation time in the HTTP request message;
the first decryption module is used for decrypting the ciphertext data of the encryption and decryption key in the HTTP request message by using a first private key corresponding to the first public key to obtain the encryption and decryption key if the verification result shows that the HTTO request has authenticity;
the second decryption module is used for decrypting the request ciphertext data in the HTTP request message by using the encryption and decryption key obtained by decryption to obtain the request data of the HTTP request;
the third decryption module is used for calculating the auxiliary verification digest of the request data obtained by decryption by using a digest algorithm, and decrypting the digest signature of the request data in the HTTP request message by using the first private key to obtain the digest of the request data;
the response module is used for verifying that the request data of the HTTP request has integrity if the auxiliary verification digest is consistent with the digest of the request data, responding to the request data of the HTTP request obtained by decryption, and generating response ciphertext data;
and the sending module is used for sending the response ciphertext data to the CXF initiating end of the HTTP request.
11. A CXF framework-based request message transmission system, the system comprising:
a CXF initiator for implementing an HTTP request of the request message transmission method according to any one of claims 1 to 5, and a CXF receiver for implementing an HTTP request of the request message transmission method according to any one of claims 6 to 8.
12. A CXF framework-based request message transmission apparatus, characterized in that the apparatus comprises:
a memory for storing a program;
a processor for executing the program stored in the memory to execute the CXF framework-based request message transmission method according to any one of claims 1 to 8.
13. A computer storage medium having computer program instructions stored thereon that, when executed by a processor, implement the CXF framework-based request message transmission method of any one of claims 1 to 8.
CN201911335767.9A 2019-12-23 2019-12-23 Method, device, system, equipment and medium for transmitting request message of CXF framework Pending CN113098824A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911335767.9A CN113098824A (en) 2019-12-23 2019-12-23 Method, device, system, equipment and medium for transmitting request message of CXF framework

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911335767.9A CN113098824A (en) 2019-12-23 2019-12-23 Method, device, system, equipment and medium for transmitting request message of CXF framework

Publications (1)

Publication Number Publication Date
CN113098824A true CN113098824A (en) 2021-07-09

Family

ID=76664008

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911335767.9A Pending CN113098824A (en) 2019-12-23 2019-12-23 Method, device, system, equipment and medium for transmitting request message of CXF framework

Country Status (1)

Country Link
CN (1) CN113098824A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1654852A2 (en) * 2003-07-11 2006-05-10 International Business Machines Corporation System and method for authenticating clients in a client-server environment
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
CN105429753A (en) * 2015-12-30 2016-03-23 宇龙计算机通信科技(深圳)有限公司 Voice data method for improving security of VoLTE communication, system and mobile terminal
CN105553932A (en) * 2015-11-30 2016-05-04 青岛海尔智能家电科技有限公司 Method, device and system of remote control safety binding of intelligent home appliance
CN109802825A (en) * 2017-11-17 2019-05-24 深圳市金证科技股份有限公司 A kind of data encryption, the method for decryption, system and terminal device
CN110198295A (en) * 2018-04-18 2019-09-03 腾讯科技(深圳)有限公司 Safety certifying method and device and storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1654852A2 (en) * 2003-07-11 2006-05-10 International Business Machines Corporation System and method for authenticating clients in a client-server environment
CN102025505A (en) * 2010-12-16 2011-04-20 浪潮(北京)电子信息产业有限公司 Advanced encryption standard (AES) algorithm-based encryption/decryption method and device
CN105553932A (en) * 2015-11-30 2016-05-04 青岛海尔智能家电科技有限公司 Method, device and system of remote control safety binding of intelligent home appliance
CN105429753A (en) * 2015-12-30 2016-03-23 宇龙计算机通信科技(深圳)有限公司 Voice data method for improving security of VoLTE communication, system and mobile terminal
CN109802825A (en) * 2017-11-17 2019-05-24 深圳市金证科技股份有限公司 A kind of data encryption, the method for decryption, system and terminal device
CN110198295A (en) * 2018-04-18 2019-09-03 腾讯科技(深圳)有限公司 Safety certifying method and device and storage medium

Similar Documents

Publication Publication Date Title
US11323276B2 (en) Mutual authentication of confidential communication
EP3642997B1 (en) Secure communications providing forward secrecy
CN107483212B (en) Method for generating digital signature by cooperation of two parties
CN109743171B (en) Key series method for solving multi-party digital signature, timestamp and encryption
JP3858527B2 (en) Data generation apparatus, data verification apparatus and method
US9698984B2 (en) Re-encrypted data verification program, re-encryption apparatus and re-encryption system
CN111769938B (en) Key management system and data verification system of block chain sensor
US20120323981A1 (en) Proxy calculation system, proxy calculation method, proxy calculation requesting apparatus, and proxy calculation program and recording medium therefor
US20210367767A1 (en) Methods and systems for secure network communication
CN108632031B (en) Key generation device and method, encryption device and method
EP3673610B1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN110611670A (en) API request encryption method and device
Harini et al. A novel security mechanism using hybrid cryptography algorithms
CN114448641A (en) Privacy encryption method, electronic equipment, storage medium and chip
CN116830523A (en) threshold key exchange
CN107947939A (en) Support the PDF endorsement methods and system of SM3 cryptographic Hash algorithm and SM2 Digital Signature Algorithms
CN115442046A (en) Signature method, signature device, electronic equipment and storage medium
KR101793528B1 (en) Certificateless public key encryption system and receiving terminal
CN113098824A (en) Method, device, system, equipment and medium for transmitting request message of CXF framework
CN109905232B (en) Signature decryption method, system, equipment and computer readable storage medium
CN113810779B (en) Code stream signature verification method, device, electronic equipment and computer readable medium
CN114614994B (en) Communication method, device, client and storage medium of API (application program interface) data
CN114285581B (en) Application management method and related product
CN114764503A (en) Data distribution method, device, equipment and storage medium
KR101035394B1 (en) ECC Authentication method using Public Key Generation Time Coordinates

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210709