CN117176708A - Data processing method and related device - Google Patents
Data processing method and related device Download PDFInfo
- Publication number
- CN117176708A CN117176708A CN202210577928.0A CN202210577928A CN117176708A CN 117176708 A CN117176708 A CN 117176708A CN 202210577928 A CN202210577928 A CN 202210577928A CN 117176708 A CN117176708 A CN 117176708A
- Authority
- CN
- China
- Prior art keywords
- target
- class
- connection
- application program
- layer protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 17
- 238000000034 method Methods 0.000 claims abstract description 197
- 230000005540 biological transmission Effects 0.000 claims abstract description 70
- 238000004891 communication Methods 0.000 claims abstract description 65
- 238000012545 processing Methods 0.000 claims abstract description 19
- 238000004590 computer program Methods 0.000 claims description 22
- 238000003860 storage Methods 0.000 claims description 17
- 238000012546 transfer Methods 0.000 claims description 7
- 238000010276 construction Methods 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 abstract description 15
- 238000013473 artificial intelligence Methods 0.000 abstract description 3
- 238000004422 calculation algorithm Methods 0.000 description 24
- 238000010586 diagram Methods 0.000 description 16
- 238000011161 development Methods 0.000 description 11
- 230000006870 function Effects 0.000 description 8
- 230000004048 modification Effects 0.000 description 8
- 238000012986 modification Methods 0.000 description 8
- 230000002776 aggregation Effects 0.000 description 6
- 238000004220 aggregation Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 6
- 230000008901 benefit Effects 0.000 description 4
- 239000010432 diamond Substances 0.000 description 4
- 230000006399 behavior Effects 0.000 description 3
- 238000009434 installation Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000004075 alteration Effects 0.000 description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000004806 packaging method and process Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 239000007787 solid Substances 0.000 description 2
- 238000012384 transportation and delivery Methods 0.000 description 2
- UFHFLCQGNIYNRP-UHFFFAOYSA-N Hydrogen Chemical compound [H][H] UFHFLCQGNIYNRP-UHFFFAOYSA-N 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000012098 association analyses Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 229910052739 hydrogen Inorganic materials 0.000 description 1
- 239000001257 hydrogen Substances 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000010408 sweeping Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Landscapes
- Computer And Data Communications (AREA)
Abstract
The application relates to the technical field of computers, and provides a data processing method and a related device, which can be applied to various scenes such as cloud technology, artificial intelligence, intelligent traffic, auxiliary driving and the like, and are used for improving the processing efficiency of compatible support, wherein the method comprises the following steps: the method comprises the steps of obtaining a target plug-in comprising a target transmission class, inheriting the target transmission class and a designated mounting class from the same interface or parent class, loading the target plug-in a target component library comprising the mounting class, and then when a communication request for an application program is received, establishing a secure encryption channel between the application program and a server side by calling each target method contained in the target transmission class in the target component library, and enabling the application program to communicate with the server side based on the secure encryption channel.
Description
Technical Field
The application relates to the technical field of computers, and provides a data processing method and a related device.
Background
With the deep progress of informatization and the rapid development of the Internet, the information security problem is gradually raised, and the cryptographic algorithm is a core for guaranteeing the data transmission security, but most of software does not support the cryptographic algorithm at present.
To achieve compatible support for the cryptographic algorithm, in the related art, an application program is usually made to support the cryptographic algorithm by customizing an open secure socket layer protocol (Open Secure Sockets Layer, openSSL). However, if customized OpenSSL is adopted, further development of a corresponding application layer protocol is required, and the development engineering amount is large, which affects the processing efficiency of compatible support.
Disclosure of Invention
The embodiment of the application provides a data processing method and a related device, which are used for improving the processing efficiency of compatible support.
In a first aspect, an embodiment of the present application provides a data processing method, applied to a client, where the method includes:
obtaining a target plug-in comprising a target transmission class, wherein at least one target method with the same name and the same parameter exists between the target transmission class and a designated mounting class, and each target method contained in the target transmission class is used for realizing a target transmission layer protocol;
loading the target plug-in a target component library containing the mounting class;
when a communication request for an application program is received, a secure encryption channel between the application program and a server side is established in the target component library by calling each target method contained in the target transmission class, and the application program communicates with the server side based on the secure encryption channel.
In a second aspect, an embodiment of the present application provides a data processing apparatus, including:
the construction unit is used for acquiring a target plug-in comprising a target transmission class, wherein at least one target method with the same name and the same parameter exists between the target transmission class and a designated mounting class, and each target method contained in the target transmission class is used for realizing a target transmission layer protocol;
the loading unit is used for loading the target plug-in a target component library containing the mounting class;
and the establishing unit is used for establishing a secure encryption channel between the application program and the server side by calling each target method contained in the target transmission class in the target component library when receiving a communication request for the application program, and enabling the application program to communicate with the server side based on the secure encryption channel.
As a possible implementation manner, the target plugin further includes a wrapper layer, where the wrapper layer is used to obtain the data transfer from a native layer of the local framework layer;
when the target transport layer protocol implementation method is obtained from the native layer of the local framework layer, the building unit is specifically configured to:
When the wrapper layer receives a data query request from a Java layer, reading the stored target transport layer protocol realization method into a native layer;
and transmitting the target transmission layer protocol realization method to a java layer through the wrapper layer.
As a possible implementation manner, when the application program communicates with the server side based on the secure encrypted channel, the establishing unit is specifically configured to:
encrypting the communication request according to the negotiated shared key in the TLS connection to obtain an encrypted communication request;
and starting the HTTP service, and sending the encrypted communication request to the server side based on the started HTTP service.
As a possible implementation manner, the target component library includes a network component, and the network component is used for realizing data transmission with the server side;
the establishing unit is specifically configured to, when sending the encrypted communication request to the server based on the opened HTTP service:
and sending the encrypted communication request to the server side through a network component based on the opened HTTP service.
As a possible implementation, the establishing unit is specifically further configured to:
when determining to use a default transport layer protocol and receiving a new communication request for an application program, establishing a default encryption channel between the application program and a server side in the target component library by calling each target method contained in the mounting class; wherein, each target method included in the mounting class is used for realizing the default transport layer protocol;
and enabling the application program to communicate with the server side based on the default encryption channel.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor and a memory, where the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of the data processing method described above.
In a fourth aspect, an embodiment of the present application provides a computer readable storage medium comprising a computer program for causing an electronic device to perform the steps of the above-described data processing method when the computer program is run on the electronic device.
In a fifth aspect, embodiments of the present application provide a computer program product comprising a computer program stored in a computer readable storage medium, from which a processor of an electronic device reads and executes the computer program, causing the electronic device to perform the steps of the data processing method described above.
In the embodiment of the application, a target plug-in containing a target transmission class is obtained, the target transmission class reloads a self-specified mounting class, the target plug-in is loaded in a target component library containing the mounting class, then when a communication request for an application program is received, a safe encryption channel between the application program and a server side is established in the target component library by calling each target method contained in the target transmission class, and the application program is communicated with the server side based on the safe encryption channel. The target transmission class contained in the target plug-in is obtained based on the reloading of the mounting class in the target component library, so that the establishment of the safe encryption channel can be realized by calling the target transmission class after the target transmission class is loaded in the target component library, and the support of the target encryption algorithm such as national security and the like can be realized through the plug-in form on the basis of the existing component library, meanwhile, the original component library is not required to be modified, the modification cost is low, and the compatible support efficiency is greatly improved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application. The objectives and other advantages of the application will be realized and attained by the structure particularly pointed out in the written description and claims thereof as well as the appended drawings.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the application and do not constitute a limitation on the application. In the drawings:
FIG. 1A is a schematic diagram of a distributed system for use in a blockchain system according to embodiments of the present application;
FIG. 1B is a schematic diagram of a block structure according to an embodiment of the present application;
FIG. 2 is a flow chart of a data processing method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a class diagram provided in an embodiment of the present application;
FIG. 4 is a schematic diagram of a data processing procedure according to an embodiment of the present application;
FIG. 5 is a logic diagram of a select available instruction according to an embodiment of the present application;
FIG. 6A is a schematic diagram of an operating system that does not support the national security standard according to an embodiment of the present application;
FIG. 6B is a schematic diagram of an operating system supporting the national cryptographic standard according to an embodiment of the present application;
FIG. 7 is a schematic diagram of a data transfer process according to an embodiment of the present application;
FIG. 8 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;
Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the technical solutions of the present application, but not all embodiments. All other embodiments, based on the embodiments described in the present document, which can be obtained by a person skilled in the art without any creative effort, are within the scope of protection of the technical solutions of the present application.
In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is to be understood that "some embodiments" can be the same subset or different subsets of all possible embodiments and can be combined with one another without conflict.
Some of the concepts involved in the embodiments of the present application are described below.
National encryption algorithm: domestic cryptographic algorithms, including but not limited to SM1, SM2, SM3, SM4, etc. The key length and packet length are 128 bits.
National density standard: the standard is established for the secure encryption channel based on the national encryption algorithm.
Transport layer security (Transport Layer Security, TLS): a security protocol that provides security and data integrity for network communications.
Open secure sockets layer protocol (Open Secure Sockets Layer, openSSL): a software library package of open source code that an application can use for secure communications.
Class relationship: the class relationships comprise inheritance relationships, association relationships, aggregation relationships, combination relationships, dependency relationships, implementation relationships and the like, wherein the inheritance relationships, the association relationships, the aggregation relationships, the combination relationships, the dependency relationships and the implementation relationships are used for solving the problem that the class relationships are not related to the implementation relationships.
Association relation: class-to-class couplings make one class aware of the properties and methods of another class.
Aggregation relationship: the relationship is one of association relationship, and is the relationship between the whole and the individual, and the individual can exist separately from the whole. For example, the vehicle and tire are in whole and in part relationship, and the tire is still exiting the vehicle.
Combination relation: the relationship is one of the association relationship, and is the relationship between the whole and the individual, and the individual cannot leave the whole and exist alone. For example, a company and a division are a whole and partial relationship, and no division exists without a company.
Dependency relationship: is a class-to-class connection, meaning that one class depends on the definition of another class.
The realization relation is as follows: a relationship between a class and an interface, a representation class is an implementation of all features and behaviors of the interface.
Application program: computer programs that perform one or more tasks, typically with a visual display interface, can interact with a user, such as electronic maps and calendars, may be referred to as applications. Some applications require the user to install on the terminal device to be used, and some do not require application installation, for example, each applet, web page, etc. in some instant messaging applications. The applet can be used without downloading and installing, and the user can open the application by sweeping or searching.
A Client (Client), or Client, refers to a program that corresponds to a server and provides services to a Client, such as a financial transaction application. Except for some applications that only run locally, they are typically installed on a common client and need to run in conjunction with the server. And a specific communication connection needs to be established between the client and the server to ensure the normal operation of the application program.
Cloud technology (Cloud technology): the hosting technology is used for integrating hardware, software, network and other series resources in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
Cloud technology (Cloud technology): the cloud computing business model application-based network technology, information technology, integration technology, management platform technology, application technology and the like can be collectively called to form a resource pool, and the resource pool is flexible and convenient as required. Cloud computing technology will become an important support. Background services of technical networking systems require a large amount of computing, storage resources, such as video websites, picture-like websites, and more portals. Along with the high development and application of the internet industry, each article possibly has an own identification mark in the future, the identification mark needs to be transmitted to a background system for logic processing, data with different levels can be processed separately, and various industry data needs strong system rear shield support and can be realized only through cloud computing.
Cloud Security (Cloud Security): the cloud computing business model application-based security software, hardware, users, institutions and security cloud platform generic terms are referred to. Cloud security fuses emerging technologies and concepts such as parallel processing, grid computing, unknown virus behavior judgment and the like, acquires the latest information of Trojan horse and malicious programs in the Internet through abnormal monitoring of a large number of network clients on software behaviors, sends the latest information to a server for automatic analysis and processing, and distributes solutions of viruses and Trojan horse to each client.
The main research directions of cloud security include: 1. cloud computing security, namely, how to guarantee security of cloud and various applications on the cloud, including cloud computer system security, security storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. clouding of a safety infrastructure, mainly researching how to build and integrate safety infrastructure resources by adopting cloud computing, and optimizing a safety protection mechanism, wherein the cloud computing technology is used for constructing a super-large-scale safety event and an information acquisition and processing platform, realizing acquisition and association analysis of mass information, and improving the control capability and risk control capability of the whole-network safety event; 3. cloud security services, mainly research on various security services provided for users based on cloud computing platforms, such as anti-virus services and the like.
With the deep progress of informatization and the rapid development of the Internet, the information security problem is gradually raised, and the cryptographic algorithm is a core for guaranteeing the data transmission security, but most of software does not support the cryptographic algorithm at present.
In order to achieve compatible support for the cryptographic algorithm, in the related art, an application program is usually made to support the cryptographic algorithm by customizing OpenSSL. However, if customized OpenSSL is adopted, further development of a corresponding application layer protocol is required, and the development engineering amount is large, which affects the processing efficiency of compatible support.
In the embodiment of the application, a target plug-in for realizing a target transport class of a target transport layer protocol is obtained, the target transport class is reloaded according to a specified mounting class, then the target plug-in is loaded in a target component library containing the mounting class, and when a communication request for an application program is received, a secure encryption channel between the application program and a server side is established in the target component library by calling each target method contained in the target transport class. The target transmission class contained in the target plug-in is obtained based on the reloading of the mounting class in the target component library, so that the establishment of the safe encryption channel can be realized by calling the target transmission class after the target transmission class is loaded in the target component library, and the support of the target encryption algorithm such as national security and the like can be realized through the plug-in form on the basis of the existing component library, meanwhile, the original component library is not required to be modified, the modification cost is low, and the compatible support efficiency is greatly improved.
The preferred embodiments of the present application will be described below with reference to the accompanying drawings of the specification, it being understood that the preferred embodiments described herein are for illustration and explanation only, and not for limitation of the present application, and that the embodiments of the present application and the features of the embodiments may be combined with each other without conflict.
The system involved in the embodiment of the present application may be a distributed system formed by connecting a client and a plurality of nodes (any form of computing device in an access network, such as a server and a user terminal) through a network communication.
In the embodiment of the application, the user terminal can be an internet of things device, a mobile phone, a computer, an intelligent voice interaction device, an intelligent household appliance, a vehicle-mounted terminal, an aircraft and the like, but is not limited to the internet of things device, the mobile phone, the computer, the intelligent voice interaction device, the intelligent household appliance, the vehicle-mounted terminal, the aircraft and the like.
The server is a server corresponding to the user terminal, for example, when the user terminal is a physical server which can be independent, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server which provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), basic cloud computing services such as big data and artificial intelligence platforms, and the like. The terminal device and the server may be directly or indirectly connected through wired or wireless communication, which is not limited herein.
Taking a distributed system as an example of a blockchain system, referring To fig. 1A, fig. 1A is a schematic structural diagram of an alternative application of the distributed system provided in the embodiment of the present application To the blockchain system, which is formed by a plurality of nodes 200 (any form of computing devices in an access network, such as servers and user terminals) and clients 300, where a Peer-To-Peer (P2P) network is formed between the nodes, and the P2P protocol is an application layer protocol running on top of a transmission control protocol (Transmission Control Protocol, TCP) protocol. In distributed system 100, any machine, such as a server, terminal, may join to become a node, including a hardware layer, an intermediate layer, an operating system layer, and an application layer.
Referring to the functionality of each node in the blockchain system shown in fig. 1A, the functions involved include:
1) The routing, the node has basic functions for supporting communication between nodes.
Besides the routing function, the node can also have the following functions:
2) The application is used for being deployed in a block chain to realize specific service according to actual service requirements, recording data related to the realization function to form recorded data, carrying a digital signature in the recorded data to represent the source of task data, sending the recorded data to other nodes in the block chain system, and adding the recorded data into a temporary block when the source and the integrity of the recorded data are verified by the other nodes.
For example, the services implemented by the application include:
2.1 Wallet for providing electronic money transactions, including initiating a transaction (i.e., sending a transaction record of the current transaction to other nodes in the blockchain system, the other nodes, after verification, storing record data of the transaction in a temporary block of the blockchain in response to acknowledging that the transaction is valid; of course, the wallet also supports inquiry of remaining electronic money in the electronic money address;
2.2 The shared account book is used for providing the functions of storing, inquiring, modifying and the like of account data, sending record data of the operation on the account data to other nodes in the blockchain system, and after the other nodes verify to be effective, storing the record data into a temporary block as a response for acknowledging that the account data is effective, and also sending confirmation to the node initiating the operation.
2.3 A computerized agreement that can execute the terms of a contract, implemented by code deployed on a shared ledger for execution when certain conditions are met, for completing automated transactions based on actual business demand codes, such as querying the physical distribution status of the goods purchased by the buyer, transferring the electronic money of the buyer to the merchant's address after the buyer signs for the goods; of course, the smart contract is not limited to executing the contract for the transaction, and may execute a contract that processes the received information.
3) The blockchain comprises a series of blocks (blocks) which are connected with each other according to the generated sequence time, the new blocks are not removed once being added into the blockchain, and record data submitted by nodes in the blockchain system are recorded in the blocks.
Referring to fig. 1B, fig. 1B is an optional Block Structure, in which each Block includes a hash value of a transaction record stored in the Block (hash value of the Block) and a hash value of a previous Block, and the blocks are connected by the hash values to form a blockchain. In addition, the block may include information such as a time stamp at the time of block generation. The Blockchain (Blockchain), which is essentially a de-centralized database, is a string of data blocks that are generated in association using cryptographic methods, each of which contains associated information that is used to verify the validity (anti-counterfeiting) of its information and to generate the next block.
The embodiment of the application can be applied to various scenes, including but not limited to cloud technology, artificial intelligence, intelligent transportation, auxiliary driving and the like.
Referring to fig. 2, a flow chart of a data processing method provided in an embodiment of the application is shown, and the method is applied to a client, and the specific flow chart is as follows:
s201, obtaining a target plug-in comprising a target transmission class, wherein at least one target method with the same name and the same parameter exists between the target transmission class and a designated mounting class, and each target method contained in the target transmission class is used for realizing a target transmission layer protocol.
S202, loading a target plug-in a target component library containing the mounting class.
S203, when a communication request for the application program is received, a secure encryption channel between the application program and the server side is established in a target component library by calling each target method contained in the target transmission class, and the application program is enabled to communicate with the server side based on the secure encryption channel.
In the embodiment of the application, the target transmission class contained in the target plug-in is obtained based on the reloading of the mounting class in the target component library, so that after the target transmission class is loaded in the target component library, the establishment of the safe encryption channel can be realized by calling the target transmission class, thus, on the basis of the existing component library, the support of the target encryption algorithm such as national security and the like can be realized through the plug-in form, the original component library is not required to be modified, the modification cost is low, and the compatible support efficiency is greatly improved.
In S201, it should be noted that, in the embodiment of the present application, the target transport class and the specified mount class are inherited from the same interface or parent class.
The target component library comprises, but is not limited to okhttp, netty, libcurl and the like, and the okhttp network request component is a framework for processing network requests of the android system, and has the advantages of good hierarchical architecture design, high stability and the like.
The target transport layer protocol is a transport layer protocol not supported in the target component library, and may be a cryptographic algorithm including, but not limited to, GM/T0024-2014 SSL VPN technical specifications, transport Layer Cryptographic Protocol (TLCP), a cryptographic algorithm defined in RFC8998, and the like.
In the following, only the description will take the target component library as okhttp and the target transport layer protocol as the cryptographic algorithm as an example.
When executing S201, the specified mount class may use the reserved sslsocketfactor in Okhttp, and the mount class may also be referred to as a mount point. In the embodiment of the application, the sslSocketFactoy is taken as a mounting point, and the specific implementation of sslSocket class, tgmssSocketlmpl, is rewritten, thereby realizing the national cryptographic protocol. Herein, national secret ssl may also be referred to as tgmssl.
Referring to fig. 3, a class diagram in a target plugin according to an embodiment of the present application includes: OKHttpClient, builder, tgmsslSession, tgmsslContextlmpl, tgmsslSocketFactorylmpl, java. Net. Ssl. Sslsocket, absTgmSocket, tgmsslSocketlmpl, SSLOutputstream, SSLInputstream, nativeSSL.
In fig. 3, different types of arrows are used to represent different class relationships, the class relationships include inheritance relationships, association relationships, aggregation relationships, combination relationships, dependency relationships and implementation relationships, the arrows of the inheritance relationships point to solid lines with triangular arrows, the arrows point to parent classes, the arrows of the implementation relationships point to broken lines with triangular arrows, the arrows point to interfaces, the arrows of the combination relationships point to solid lines with solid diamonds, the diamonds point to integers, the arrows of the aggregation relationships point to solid lines with open diamonds, the diamonds point to integers, the arrows of the association relationships point to solid lines with ordinary arrows, the arrows point to owners, the arrows of the dependency relationships point to broken lines with ordinary arrows, and the arrows point to users.
The combination relationship between OKHttpClient and Builder, the aggregation relationship between TgmssSocketFactoyl mpl and Builder, the association relationship between TgmssSocketFactoyl mpl and TgmssContextmpl, the association relationship between TgmssSocketFactoyl mpl and TgmssSocketlmpl, the association relationship between SSLOutputstream, SSLInputstream, tgmsslSession and TgmssSocketlmpl, the inheritance relationship between AbsTgmSocket and TgmssSocketlmpl, and the association relationship between native SSL and SSLOutputstream, SSLInputstream.
The OKHttpClient is used to send the Http request and read the response of the Http request, and the execution (execution) method and enqueue (enqueue) method are included in the OKHttpClient, and the method included in the OKHttpClient and its description are shown in table 1.
TABLE 1 methods contained in OKHttpClient and descriptions thereof
| Method | Description of the invention |
| execute | Executing a communication request |
| enqueue | Scheduling communication requests |
OKHttpClient uses a Builder to configure parameters, the Builder contains connectitimeout method, readTimeout method, sslSocketFactory method, build method, the method contained in OKHttpClient and its description are shown in Table 2.
Table 2 methods contained in Builder and descriptions thereof
| Method | Description of the invention |
| connectTimeout | Setting timeout time for connection |
| readTimeout | Setting a default read time |
| sslSocketFactory | Creating sslsocketfactor object |
| Build | Creating OKHttpClient instances |
TgmssContextmpl is used for creating an SSL Context (Context) object, the TgmssContextmpl contains attributes protocal and sslParams, protocal represents a protocol, sslParams represents required SSL parameters, the TgmssContextmpl also contains an Init method and an EngineGetSocketFactory method, and the method contained in the TgmssContextmpl and a description thereof are shown in a table 3.
Methods contained in table 3 TgmsslContextlmpl and descriptions thereof
| Method | Description of the invention |
| Init | Initializing SSLContext objects |
| EngineGetSocketFactory | SocketFactory object returning this context |
TgmssSocketFactoylmpl is used to create SSLSocket, tgmsslSocketFactorylmpl containing attributes: tgmsslParam, tgmsslParam means a national security parameter, tgmsslSocketFactormmpl also comprises a creatSocket method, a getSupported HiphereSuits method, a getDefaultCipherSuits method, a method contained in TgmsslSocketFactormmpl and a description thereof are shown in Table 4.
Methods contained in table 4 TgmsslSocketFactorylmpl and descriptions thereof
| Method | Description of the invention |
| createSocket | Returning a socket that is connected to the designated host and port |
| getSupportedCipherSuits | Returning names of cipher suites that can be enabled over SSL connections |
| getDefaultCipherSuits | Returning a list of default enabled cipher suites |
TgmssSocketlmpl is used to provide sockets using SSL or TLS protocols, and contains attributes in TgmssSocketlmpl: nativeGmSSL, tgmsslParam and tgmsslSession, native GmSSL represents local native layer national security, tgmsslParam represents national security parameters, tgmsslSession represents national security SSL Session, tgmsslSocketFactorylmpl also comprises a startHandShake method and an Operation method, and methods contained in tgmsslSocketlmpl and descriptions thereof are shown in table 5.
Methods contained in table 5 TgmsslSocketlmpl and descriptions thereof
| Method | Description of the invention |
| startHandShake | Starting SSL handshake on this connection |
| Operation | Other possible operations |
TgmssSLSession is used for creating SSL Session (Session), wherein TgmssSLSession contains attribute protocols, protocols represent protocols, tgmssSLSession also contains getPeerCertificates method, getPeerHost method, getProtocols method and getCipherSuits method, and the methods contained in TgmssSLSession and descriptions thereof are shown in table 6.
Table 6 methods contained in TgmssSession and descriptions thereof
The AbsTgmSocket is used for creating a national secret socket, the AbsTgmSocket comprises an attribute socket, peerPort, the socket represents the socket, the PeerPort represents, the AbsTgmSocket further comprises a connect method, a Bind method, a getintersddress method, a getInputStream method, a getOutputStream method, and the methods contained in the AbsTgmSocket and descriptions thereof are shown in table 7.
Table 7 method contained in AbsTgmSocket and description thereof
| Method | Description of the invention |
| connect | Connecting the socket to a server |
| Bind | Binding the socket to a specified address |
| getInterAddress | Returning the address of the socket connection |
| getInputStream | Input stream returning to this socket |
| getOutputStream | Output stream returning to the socket |
The software package java, net, ssl is a class that provides for secure socket packages, the java, net, ssl, sslsocket contains the getenablecipheresu its method, startHandShake method, getSupportProtocals method, setsslparames method, the java, net, ssl, sslsocket contains the method and its description are shown in table 8.
Methods contained in table 8 javax.net.ssl.SSLSocket and descriptions thereof
Ssloutputtstream is used for output, and a write (write) method is included in ssloutputtstream.
Ssliputstream is used for input, and ssliputstream includes a read method and an available method, and the available method is used for closing an input stream.
Native ssl is used to include a doHandshake method, a write method, a read method, a getVersion method, a getCipherSuit method, a getpeercurative method, a shift method, and a method included in native ssl, and a description thereof are shown in table 9.
Table 9 NativSSL contains methods and descriptions thereof
| Method | Description of the application |
| doHandshake | Returning to start SSL handshake on this connection |
| write | Writing |
| read | Reading |
| getVersion | Return version number |
| getPeerCertificate | Returning identity of peer |
| Shutdown | The input and output streams are turned off and, |
when executing S202, in the embodiment of the present application, a software development kit (Software Development Kit, SDK) of the target plug-in may be packaged, codes may be packaged into a. Jar package, and the packaged. Jar package may be imported into a development tool, and then, when Okhttp is used in the development tool, a method in the target plug-in may be directly called.
Assuming that the SDK packages an Okhttp-tgmssl-plug in. Jar, after importing the packaged jar package into a development tool, creating a TgmssContext object through TgmssContextmpl, calling an init method of the TgmssContext object to initialize, then calling an EngineGetSocket factor method of the TgmssContext object, returning a Socket factor object of the TgmssContext object, taking the returned Socket factor object as a sslSocket factor object, and further creating OKHttpClient based on the sslSocket object, so that communication is performed based on the creation of OKHttpClient later.
In some embodiments, the target component library includes a connection component, where the connection component is configured to establish a connection with the server, and in executing S203, in the target component library, by calling each target method included in the target transport class, a secure encryption channel between the application program and the server is established, including:
when the connection component acquires a communication request, each target method contained in the target transmission class is called to carry out the secure transport layer protocol (TLS) connection; and when the TLS connection is successful, determining that the establishment of the secure encryption channel between the application program and the server side is completed.
In Okhttp, the connection component may employ a connection interceptor (connectiInterceptor).
Referring to fig. 4, a schematic structural diagram of an Okhttp provided in an embodiment of the present application includes an Okhttp protocol and a plurality of interceptors, where the Okhttp protocol includes a retry and redirect interceptor (retryAndFollowUpInterceptor), a packaging interceptor (BridgeInterceptor), a cache interceptor (cacheInterceptor), a connection interceptor, a network interceptor (networkInterceptor), and an I/O interceptor (callServerInterceptor), where the retry and redirect interceptor is used to handle the case of hydrogen failure retry and redirection, the packaging interceptor is used to package a request packet and parse a response packet, the cache interceptor is used to determine whether there is an available cache and cache response data, and the network interceptor is a custom interceptor used to make a request and a response for network data.
After the OKHttpClient receives the communication request, a call object can be created through a newCall method, the call method is synchronously executed, the call method is asynchronously executed, and then the getresponse withinternetworchain method comprising a plurality of interceptor call chains is used for executing the communication request. Specifically, the interceptors are adopted in sequence to process the data, and the data comprises a retry interceptor, a redirection interceptor, an encapsulation interceptor, a cache interceptor and a connection interceptor. When the connection interceptor acquires the communication request, each target method contained in the target transmission class is called to search for available connection, under the condition that no available connection exists, a RealConnector is created, TLS connection under the national encryption standard is established, and when the TLS connection is successful, the establishment of a secure encryption channel between the application program and the server side is determined to be completed. And then, the communication request is transmitted to a network interceptor and an I/O interceptor, so that the communication request is sent to a server side.
Through the implementation mode, the communication request aiming at the application program is sent to the server through the encryption security channel by utilizing the characteristics of the connection interceptor, so that the Okhttp component library is not required to be changed while the information security is ensured, the modification quantity of the client is smaller, and the compatibility efficiency is further improved.
In some embodiments, when each target method included in the target transport class is called to make a secure transport layer protocol TLS connection, the following manner may be adopted:
judging whether available connection exists in the connection pool; and if the available connection does not exist, calling each target method contained in the target transmission class to perform TLS connection when the adoption of the target transmission layer protocol is determined.
In the embodiment of the application, the available connection refers to a TCP connection with the same host number and port number as the communication request.
When the connection pool is available, the method can further judge whether the current connection is available before judging whether the connection pool is available or not, and if not, further judge whether the connection pool is available or not. Wherein determining whether the current connection is available includes, but is not limited to, determining that a new connection is no longer accepted, determining whether there is a hostname and port number that are the same as the hostname and port number contained in the current communication request.
From the following components
For example, referring to fig. 5, assume that the host number and the port number included in the communication request are 13 and 80, respectively, the connection pool includes candidate connection 1, candidate connection 2, candidate connection 3, and the like, the host number and the port number of candidate connection 1 are 13 and 80, respectively, the host number and the port number of candidate connection 2 are 14 and 13, respectively, the host number and the port number of candidate connection 1 are 15 and 21, respectively, the host number and the port number of candidate connection 1 are the same as the host number and the port number included in the communication request, and it is determined that there is an available connection in the connection pool, and the available connection candidate connection 1.
For another example, assuming that the host number and the port number included in the communication request are 13 and 80, respectively, if there is no candidate connection whose host number and port number are 13 and 80, respectively, in the connection pool, it is determined that there is no available connection in the connection pool.
By the implementation manner, the available connection can be directly multiplexed when the available connection exists, and the connection can be newly established when the available connection does not exist, so that the network connection efficiency is improved.
In some embodiments, each target method included in the target transport class includes: the method for creating the socket, the method for starting the protocol and the method for realizing the target transport layer protocol call each target method contained in the target transport class to perform TLS connection, comprising the following steps:
when a socket creation method is called, creating a socket, and creating a session based on the created socket;
when a protocol starting method is called, a target transport layer protocol realization method is obtained from a local framework layer native layer, and TLS connection is performed based on the target transport layer protocol realization method in the established session.
The development of upper-layer applications in an operating system (e.g., android system) is done on a Java basis, and is therefore referred to as the Java layer. However, since Java is platform-independent, it is not easy to implement some of the tasks of the bottom layer with Java, for example, when tasks in terms of local services, connection libraries, or hardware drivers are involved, a C program is usually required to be implemented, and the C program is implemented in the Java layer, so the bottom layer that needs to be implemented with the C program is called the active layer.
As a possible implementation, in the case where the application does not support national cryptographic ssl, referring to fig. 6A, the Java layer includes, from top to bottom, okhttp, context, socket, ssl parameters, input/output stream, the native layer may include Conscrypt, boringssl, conscrypt is a component that provides Java security using OpenSSL, and Boringssl is an encrypted ssl.
As another possible implementation, in the case where the application does not support national cryptographic ssl, referring to fig. 6B, the Java layer includes, from top to bottom, okhttp, context, national cryptographic sockets, ssl session, input/output stream, and the native layer may include a wrapper (wrapper) layer, national cryptographic ssl, and national cryptographic algorithm library. Compared with the operating system architecture in fig. 6A, in fig. 6B, only the national cryptographic socket, the ssl session and the native layer need to be adjusted, and the Okhttp, the context and the input/output stream do not need to be modified, so that the operation is simpler, and the efficiency of compatible support can be further improved.
For example, the socket creation method is the createSocket method in table 4, the protocol start method is the starthandswitch method in table 5, when the createSocket method is called, a national secret socket is created, and based on the created national secret socket, a ssl session is created, when the starthandswitch method is called, the national secret ssl is acquired from the active layer, and in the created session, TLS connection is performed based on the national secret ssl.
By the implementation mode, the target plug-in comprises national password ssl in the native layer, the java layer realizes the customized Socket class, and a factory method for producing the tgmsocket class is integrated into the okhttp through a constructor mode. Thus, only tgmSoketFactoy is added to enable the national cipher plug-in, so that the SSL channel is supported by the okhttp.
In some embodiments, referring to FIG. 6B, the target plugin further includes a wrapper layer for retrieving data transfers from the native layer. And in the process of acquiring the target transport layer protocol realization method from the native layer of the frame layer, when the wrapper layer of the client receives a data query request from the Java layer, reading the stored target transport layer protocol realization method into the native layer, and then transmitting the target transport layer protocol realization method to the Java layer through the wrapper layer.
It should be noted that, in the embodiment of the present application, the target transport layer protocol implementation method may be stored in a database.
For example, referring to fig. 7, when the wrapper layer receives a data query request from the Java layer, the stored national password is read into the native layer, and then the national password is transferred to the Java layer through the wrapper layer. Through the implementation mode, data transmission is performed through the wrapper layer, so that the data transmission efficiency is improved, and the implementation efficiency of compatible support is further improved.
In some embodiments, before the client and the server start to communicate, the encryption key and the password to be used when encrypting data need to be exchanged or agreed, specifically, the application program may use, but not limited to, the following ways in the process of communicating with the server based on the secure encryption channel:
encrypting the communication request according to the shared key negotiated in the TLS connection to obtain an encrypted communication request; then, a hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP) service is started, and the encrypted communication request is sent to the server side based on the started HTTP service.
It should be noted that, in the embodiment of the present application, the HTTP service includes, but is not limited to, HTTP1.0, HTTP2.0, and the like. The shared key may be set in the target transport layer protocol.
For example, assume that the shared key is a 16 byte (byte) symmetric key, encrypt the communication request according to the shared key negotiated in the TLS connection, obtain an encrypted communication request, then open the HTTP2.0 service, and send the encrypted communication request to the server based on the opened HTTP2.0 service.
By the implementation mode, before the client and the server start to communicate, the encryption key and the password to be used when encrypting the data are exchanged or agreed, so that the safety of the communication data is improved, and the confidentiality and reliability of the communication between the client and the server are ensured.
In some embodiments, if the target component library includes a network component, the network component is configured to implement data transmission with the server, and send the encrypted communication request to the server based on the opened HTTP service, where the sending includes: and sending the encrypted communication request to a server side through a network component based on the opened HTTP service.
In Okhttp, the network component may be a network interceptor.
For example, referring to fig. 4, assume that the opened HTTP service is an HTTP2.0 service, and based on the opened HTTP service, the opened HTTP service is sent to an I/O interceptor through a network interceptor, and the I/O interceptor sends the encrypted communication request to a server side.
In some embodiments, when determining to use the default transport layer protocol and receiving a new communication request for the application, the client may further establish a default encryption channel between the application and the server by calling each target method included in the installation class in the target component library, and cause the application to communicate with the server based on the default encryption channel.
It should be noted that, in the embodiment of the present application, each target method included in the mounting class is used to implement a default transport layer protocol.
For example, when it is determined that the default transport layer protocol is used and a new communication request for the application program is received, the client may also create a sslsocketfactor object and a sslSocket object in Okhttp, call each target method included in the sslsocketfactor object and the sslSocket object, and establish a default encryption channel between the application program and the server.
Through the implementation mode, if the international algorithm is wanted to be used, the national secret algorithm is disabled, and only the default parameters of the Okhttp are needed to be used in construction, so that the Okhttp can support the international algorithm and the national secret algorithm, the switching process of the international algorithm and the national secret algorithm is simpler, and the switching efficiency is higher.
Based on the same inventive concept, an embodiment of the present application provides a data processing apparatus. As shown in fig. 8, which is a schematic structural diagram of the data processing apparatus 800, may include:
a construction unit 801, configured to obtain a target plug-in including a target transport class, where at least one target method with the same name and the same parameter exists between the target transport class and a specified mounting class, where each target method included in the target transport class is used to implement a target transport layer protocol;
A loading unit 802, configured to load the target plugin in a target component library including the installation class;
and the establishing unit 803 is configured to, when receiving a communication request for an application program, establish, in the target component library, a secure encryption channel between the application program and a server side by calling each target method included in the target transport class, and cause the application program to communicate with the server side based on the secure encryption channel.
As a possible implementation manner, the target component library includes a connection component, where the connection component is used to establish connection with the server side;
the establishing unit 803 is specifically configured to, in the target component library, establish a secure encryption channel between the application program and the server by calling each target method included in the target transport class:
when the connection component acquires the communication request, each target method contained in the target transmission class is called to carry out the secure transport layer protocol (TLS) connection;
and when the TLS connection is successful, determining that the establishment of the secure encryption channel between the application program and the server side is completed.
As a possible implementation manner, when the calling each target method included in the target transport class and performing the secure transport layer protocol TLS connection, the establishing unit 803 is specifically configured to:
judging whether available connection exists in the connection pool;
and if the available connection does not exist, calling each target method contained in the target transmission class to perform TLS connection when the adoption of the target transmission layer protocol is determined.
As a possible implementation manner, each target method included in the target transmission class includes: a socket creation method, a protocol starting method and a target transport layer protocol realization method;
the establishing unit 803 is specifically configured to:
when the socket creation method is called, creating a socket, and creating a session based on the created socket;
when the protocol starting method is called, the target transport layer protocol realization method is obtained from a local framework layer native layer, and TLS connection is carried out based on the target transport layer protocol realization method in the established session.
As a possible implementation manner, the target plugin further includes a wrapper layer, where the wrapper layer is used to obtain the data transfer from a native layer of the local framework layer;
When the target transport layer protocol implementation method is obtained from the native layer of the local framework layer, the establishing unit 803 is specifically configured to:
when the wrapper layer receives a data query request from a Java layer, reading the stored target transport layer protocol realization method into a native layer;
and transmitting the target transmission layer protocol realization method to a java layer through the wrapper layer.
As a possible implementation manner, when the application program communicates with the server side based on the secure encrypted channel, the establishing unit 803 is specifically configured to:
encrypting the communication request according to the negotiated shared key in the TLS connection to obtain an encrypted communication request;
and starting the HTTP service, and sending the encrypted communication request to the server side based on the started HTTP service.
As a possible implementation manner, the target component library includes a network component, and the network component is used for realizing data transmission with the server side;
when the encrypted communication request is sent to the server based on the opened HTTP service, the establishing unit 803 is specifically configured to:
And sending the encrypted communication request to the server side through a network component based on the opened HTTP service.
As a possible implementation, the establishing unit 803 is specifically further configured to:
when determining to use a default transport layer protocol and receiving a new communication request for an application program, establishing a default encryption channel between the application program and a server side in the target component library by calling each target method contained in the mounting class; wherein, each target method included in the mounting class is used for realizing the default transport layer protocol;
and enabling the application program to communicate with the server side based on the default encryption channel.
For convenience of description, the above parts are described as being functionally divided into modules (or units) respectively. Of course, the functions of each module (or unit) may be implemented in the same piece or pieces of software or hardware when implementing the present application.
The specific manner in which the respective units execute the requests in the apparatus of the above embodiment has been described in detail in the embodiment concerning the method, and will not be described in detail here.
Those skilled in the art will appreciate that the various aspects of the application may be implemented as a system, method, or program product. Accordingly, aspects of the application may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
Based on the same inventive concept, the embodiment of the application also provides electronic equipment. In one embodiment, the electronic device may be a server or a terminal device. Referring to fig. 9, which is a schematic structural diagram of one possible electronic device provided in an embodiment of the present application, in fig. 9, an electronic device 900 includes: a processor 910 and a memory 920.
The memory 920 stores a computer program executable by the processor 910, and the processor 910 may perform the steps of the data processing method by executing instructions stored in the memory 920.
The memory 920 may be a volatile memory (RAM), such as a random-access memory (RAM); the Memory 920 may also be a nonvolatile Memory (non-volatile Memory), such as Read-Only Memory (ROM), flash Memory (flash Memory), hard disk (HDD) or Solid State Drive (SSD); or memory 920, is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 920 may also be a combination of the above.
The processor 910 may include one or more central processing units (central processing unit, CPU) or digital processing units, or the like. A processor 910 for implementing the above-described data processing method when executing the computer program stored in the memory 920.
In some embodiments, processor 910 and memory 920 may be implemented on the same chip, or they may be implemented separately on separate chips in some embodiments.
The specific connection medium between the processor 910 and the memory 920 is not limited in the embodiment of the present application. In the embodiment of the present application, the processor 910 and the memory 920 are connected by a bus, which is depicted in fig. 9 by a bold line, and the connection manner between other components is only schematically illustrated, and is not limited thereto. The buses may be divided into address buses, data buses, control buses, etc. For ease of description, only one thick line is depicted in fig. 9, but only one bus or one type of bus is not depicted.
Based on the same inventive concept, an embodiment of the present application provides a computer readable storage medium comprising a computer program for causing an electronic device to perform the steps of the above-mentioned data processing method when the computer program is run on the electronic device. In some possible embodiments, aspects of the data processing method provided by the application may also be implemented in the form of a program product comprising a computer program for causing an electronic device to perform the steps of the data processing method described above, when the program product is run on the electronic device, e.g. the electronic device may perform the steps as shown in fig. 2.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, a RAM, a ROM, an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (Compact Disk Read Only Memory, CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The program product of embodiments of the present application may take the form of a CD-ROM and comprise a computer program and may run on an electronic device. However, the program product of the present application is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a computer program for use by or in connection with a command execution system, apparatus, or device.
The readable signal medium may comprise a data signal propagated in baseband or as part of a carrier wave in which a readable computer program is embodied. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a computer program for use by or in connection with a command execution system, apparatus, or device.
While preferred embodiments of the present application have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the application.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present application without departing from the spirit or scope of the application. Thus, it is intended that the present application also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (15)
1. A data processing method, applied to a client, the method comprising:
obtaining a target plug-in comprising a target transmission class, wherein at least one target method with the same name and the same parameter exists between the target transmission class and a designated mounting class, and each target method contained in the target transmission class is used for realizing a target transmission layer protocol;
loading the target plug-in a target component library containing the mounting class;
when a communication request for an application program is received, a secure encryption channel between the application program and a server side is established in the target component library by calling each target method contained in the target transmission class, and the application program communicates with the server side based on the secure encryption channel.
2. The method of claim 1, wherein the target component library includes a connection component, and the connection component is configured to establish a connection with the server side;
and in the target component library, by calling each target method contained in the target transmission class, establishing a secure encryption channel between the application program and the server side, including:
when the connection component acquires the communication request, each target method contained in the target transmission class is called to carry out the secure transport layer protocol (TLS) connection;
and when the TLS connection is successful, determining that the establishment of the secure encryption channel between the application program and the server side is completed.
3. The method of claim 2, wherein invoking each target method included in the target transport class for a secure transport layer protocol TLS connection comprises:
judging whether available connection exists in the connection pool;
and if the available connection does not exist, calling each target method contained in the target transmission class to perform TLS connection when the adoption of the target transmission layer protocol is determined.
4. The method of claim 2, wherein each target method included in the target transport class comprises: a socket creation method, a protocol starting method and a target transport layer protocol realization method;
And calling each target method contained in the target transmission class to perform TLS connection, wherein the method comprises the following steps:
when the socket creation method is called, creating a socket, and creating a session based on the created socket;
when the protocol starting method is called, the target transport layer protocol realization method is obtained from a local framework layer native layer, and TLS connection is carried out based on the target transport layer protocol realization method in the established session.
5. The method of claim 4, wherein the target plugin further comprises a wrapper layer for retrieving the data transfer from a local framework layer native layer;
the method for obtaining the target transport layer protocol from the native layer of the local framework layer comprises the following steps:
when the wrapper layer receives a data query request from a Java layer, reading the stored target transport layer protocol realization method into a native layer;
and transmitting the target transmission layer protocol realization method to a java layer through the wrapper layer.
6. The method according to any one of claims 2-5, wherein the causing the application to communicate with the server side based on the secure encrypted channel comprises:
Encrypting the communication request according to the negotiated shared key in the TLS connection to obtain an encrypted communication request;
and starting the HTTP service, and sending the encrypted communication request to the server side based on the started HTTP service.
7. The method of claim 6, wherein the target component library includes a network component, and the network component is configured to implement data transmission with the server;
the sending the encrypted communication request to the server based on the opened HTTP service includes:
and sending the encrypted communication request to the server side through a network component based on the opened HTTP service.
8. The method of any one of claims 1-5, further comprising:
when determining to use a default transport layer protocol and receiving a new communication request for an application program, establishing a default encryption channel between the application program and a server side in the target component library by calling each target method contained in the mounting class; wherein, each target method included in the mounting class is used for realizing the default transport layer protocol;
And enabling the application program to communicate with the server side based on the default encryption channel.
9. A data processing apparatus, comprising:
the construction unit is used for acquiring a target plug-in comprising a target transmission class, wherein at least one target method with the same name and the same parameter exists between the target transmission class and a designated mounting class, and each target method contained in the target transmission class is used for realizing a target transmission layer protocol;
the loading unit is used for loading the target plug-in a target component library containing the mounting class;
and the establishing unit is used for establishing a secure encryption channel between the application program and the server side by calling each target method contained in the target transmission class in the target component library when receiving a communication request for the application program, and enabling the application program to communicate with the server side based on the secure encryption channel.
10. The apparatus of claim 9, wherein the target component library comprises a connection component, the connection component being configured to establish a connection with the server side;
the establishing unit is specifically configured to, in the target component library, establish a secure encryption channel between the application program and the server by calling each target method included in the target transport class:
When the connection component acquires the communication request, each target method contained in the target transmission class is called to carry out the secure transport layer protocol (TLS) connection;
and when the TLS connection is successful, determining that the establishment of the secure encryption channel between the application program and the server side is completed.
11. The apparatus of claim 10, wherein the establishing unit is specifically configured to, when invoking each target method included in the target transport class to perform a secure transport layer protocol TLS connection:
judging whether available connection exists in the connection pool;
and if the available connection does not exist, calling each target method contained in the target transmission class to perform TLS connection when the adoption of the target transmission layer protocol is determined.
12. The apparatus of claim 11, wherein each target method included in the target transport class comprises: a socket creation method, a protocol starting method and a target transport layer protocol realization method;
the establishing unit is specifically configured to:
when the socket creation method is called, creating a socket, and creating a session based on the created socket;
When the protocol starting method is called, the target transport layer protocol realization method is obtained from a local framework layer native layer, and TLS connection is carried out based on the target transport layer protocol realization method in the established session.
13. An electronic device comprising a processor and a memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the steps of the method of any of claims 1-8.
14. A computer readable storage medium, characterized in that it comprises a computer program for causing an electronic device to perform the steps of the method according to any one of claims 1-8 when said computer program is run on the electronic device.
15. A computer program product, characterized in that it comprises a computer program stored in a computer readable storage medium, from which computer readable storage medium a processor of an electronic device reads and executes the computer program, causing the electronic device to perform the steps of the method according to any one of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210577928.0A CN117176708A (en) | 2022-05-25 | 2022-05-25 | Data processing method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210577928.0A CN117176708A (en) | 2022-05-25 | 2022-05-25 | Data processing method and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117176708A true CN117176708A (en) | 2023-12-05 |
Family
ID=88934022
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210577928.0A Pending CN117176708A (en) | 2022-05-25 | 2022-05-25 | Data processing method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117176708A (en) |
-
2022
- 2022-05-25 CN CN202210577928.0A patent/CN117176708A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220329422A1 (en) | Data processing method, apparatus, computer program, and storage medium | |
| CN113438289A (en) | Block chain data processing method and device based on cloud computing | |
| CN112491972A (en) | Resource obtaining, distributing and downloading method, device, equipment and storage medium | |
| US7949788B2 (en) | Apparatus, systems and methods for transformation services | |
| US20130339949A1 (en) | Provisioning of a Virtual Machine by Using a Secured Zone of a Cloud Environment | |
| CN112235420B (en) | Data synchronization method, system and related equipment based on block chain | |
| CN113271311B (en) | Digital identity management method and system in cross-link network | |
| CN113422733B (en) | Service processing method and device of block chain, computer equipment and storage medium | |
| US10148621B2 (en) | Provisioning proxy for provisioning data on hardware resources | |
| CN112560072B (en) | Key management method, device, medium and equipment based on block chain | |
| CN114281573A (en) | Workflow data interaction method and device, electronic device and readable storage medium | |
| CN117501731A (en) | Secure sensor data distribution | |
| CN114049122A (en) | Service processing method and system | |
| WO2020257123A1 (en) | Systems and methods for blockchain-based authentication | |
| CN113014556B (en) | Bank-enterprise communication system, communication method and electronic terminal | |
| US10708129B1 (en) | Changing hardware capabilities of a device | |
| CN117176708A (en) | Data processing method and related device | |
| CN112231415B (en) | Data synchronization method and system of block chain network, electronic device and readable medium | |
| CN114372245A (en) | Block chain-based Internet of things terminal authentication method, system, device and medium | |
| CN117882416A (en) | Blockchain key generation | |
| CN113836573A (en) | User information processing method and device based on distributed storage | |
| CN113419878B (en) | Data operation method and device | |
| EP3182675B1 (en) | Transmission of data in a distributed data processing computer system | |
| CN117614934A (en) | Resource transfer method, device, electronic equipment and storage medium | |
| CN117014144A (en) | Network communication method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |