CN113221077B - Class file encryption method and equipment based on spring container - Google Patents
Class file encryption method and equipment based on spring container Download PDFInfo
- Publication number
- CN113221077B CN113221077B CN202110602045.6A CN202110602045A CN113221077B CN 113221077 B CN113221077 B CN 113221077B CN 202110602045 A CN202110602045 A CN 202110602045A CN 113221077 B CN113221077 B CN 113221077B
- Authority
- CN
- China
- Prior art keywords
- file
- class
- encrypted
- encryption
- spring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 55
- 238000012986 modification Methods 0.000 claims description 28
- 230000004048 modification Effects 0.000 claims description 28
- 238000012545 processing Methods 0.000 claims description 18
- 238000004590 computer program Methods 0.000 claims description 17
- 238000005516 engineering process Methods 0.000 description 8
- 238000010586 diagram Methods 0.000 description 7
- 238000012217 deletion Methods 0.000 description 4
- 230000037430 deletion Effects 0.000 description 4
- 230000006870 function Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 2
- 230000006378 damage Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008094 contradictory effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000006073 displacement reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/14—Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
Abstract
The embodiment of the invention discloses a class file encryption method and device based on a spring container, computer equipment and a storage medium. The method comprises the following steps: acquiring a spring container and a class file to be encrypted, wherein the spring container comprises a plurality of spring subfiles; then, encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file; then, a preset engineering deployment file is placed in any spring subfile of the spring subfiles to obtain a processed spring container, and the engineering deployment file comprises the generation logic of a custom class loader; and finally, generating a target encrypted file according to the encrypted class file and the processed spring container. The scheme can improve decompilation capability of Java codes.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a class file encryption method and apparatus based on a spring container, a computer device, and a storage medium.
Background
Java is a widely used programming language, playing an increasingly important role in the field of internet technology (Internet Technology, IT), and more internet applications are written using the Java programming language. However, due to the openness and platform independence of Java language, java code is not directly compiled into binary executable code, but is compiled into class files (called Java class files), which can be easily decompiled into source code, so that programs written in Java can be easily broken, application logic can be leaked or illegally used. However, due to the commercial demands, the intellectual property of the codes needs to be protected, which is contradictory with the open type of java codes, so that the technology of each decompilation is endless.
The existing Java source code decompilation technology has an isolation Java Class program technology, in the technology, because Java codes are compiled into Class files to be executed, a Java decompilation method is to prohibit a user from accessing the Java Class programs, so that the user cannot touch the Class files, and the purpose of protecting knowledge products is achieved. For example, a developer may place a critical Java Class on the server side, and a client obtains services by accessing the relevant interfaces of the server, rather than directly accessing the Class file. The disadvantage of this technique is that: there are many applications where this protection is not suitable, for example: the Java program can not be isolated in the environment of a client single machine (Class files are deployed in the terminal) or in the environment of a local area network of the client, the client can easily acquire Class files for decompilation, and the decompilation capability of Java codes is low.
Disclosure of Invention
The embodiment of the invention provides a class file encryption method, device, computer equipment and storage medium based on a spring container, which can improve decompilation capacity of Java codes.
In a first aspect, an embodiment of the present invention provides a class file encryption method based on a spring container, including:
Acquiring a spring container and a class file to be encrypted, wherein the spring container comprises a plurality of spring subfiles;
encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file;
placing a preset engineering deployment file in any one spring subfile of the plurality of spring subfiles to obtain a processed spring container, wherein the engineering deployment file comprises generation logic of a custom class loader, the custom class loader is named as an official class loader, and the custom class loader comprises decryption logic opposite to the encryption logic;
and generating a target encrypted file according to the encrypted class file and the processed spring container.
In a second aspect, an embodiment of the present invention further provides a class file encryption device based on a spring container, including:
the device comprises an acquisition unit, a storage unit and a storage unit, wherein the acquisition unit is used for acquiring a spring container and a class file to be encrypted, and the spring container comprises a plurality of spring subfiles;
the encryption unit is used for carrying out encryption processing on the class file to be encrypted according to preset encryption logic to obtain an encrypted class file;
The storage unit is used for storing a preset engineering deployment file in any one spring sub-file in the plurality of spring sub-files to obtain a processed spring container, wherein the engineering deployment file comprises generation logic of a custom class loader, and the custom class loader comprises decryption logic opposite to the encryption logic;
the first generation unit is used for generating a target encrypted file according to the encrypted class file and the processed spring container.
In a third aspect, an embodiment of the present invention further provides a computer device, which includes a memory and a processor, where the memory stores a computer program, and the processor implements the method when executing the computer program.
In a fourth aspect, embodiments of the present invention also provide a computer readable storage medium storing a computer program comprising program instructions which, when executed by a processor, implement the above-described method.
The embodiment of the invention provides a class file encryption method, device, computer equipment and storage medium based on a spring container. Wherein the method comprises the following steps: acquiring a spring container and a class file to be encrypted, wherein the spring container comprises a plurality of spring subfiles; then, encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file; then, a preset engineering deployment file is placed in any spring subfile of the spring subfiles to obtain a processed spring container, the engineering deployment file comprises generation logic of a custom class loader, the custom class loader comprises decryption logic opposite to the encryption logic, and the custom class loader is named as an official class loader; and finally, generating a target encrypted file according to the encrypted class file and the processed spring container. The target encryption file provided by the embodiment of the invention is in an encryption state, a custom class loader which is the same as an official name can be dynamically generated through the engineering deployment file in the target encryption file during operation to decrypt the encrypted class file, so that the operation of the class file is realized, the engineering deployment file is buried in any one of a plurality of spring sub-files to be hidden, the engineering deployment file is not easy to find, and the class file in the generated target encryption file is subjected to encryption processing, so that Java codes are difficult to decompile even if the target encryption file is deployed at a client or in an environment of local area network operation of a user, and decompile capability of the Java codes can be improved by the scheme.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic view of an application scenario of a class file encryption method based on a spring container provided by an embodiment of the present invention;
FIG. 2 is a schematic flow chart of a class file encryption method based on a spring container provided by an embodiment of the invention;
FIG. 3 is a schematic view of a sub-flowchart of a class file encryption method based on a spring container according to an embodiment of the present invention;
FIG. 4 is another schematic sub-flowchart of a class file encryption method based on a spring container according to an embodiment of the present invention;
FIG. 5 is a flowchart of a class file encryption method based on a spring container according to another embodiment of the present invention;
FIG. 6 is a schematic view of a sub-flowchart of a class file encryption method based on a spring container according to another embodiment of the present invention;
FIG. 7 is a schematic block diagram of a class file encryption device based on a spring container provided by an embodiment of the invention;
FIG. 8 is a schematic block diagram of a spring container-based class file encryption apparatus according to another embodiment of the present invention;
fig. 9 is a schematic block diagram of a computer device according to an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be understood that the terms "comprises" and "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
The embodiment of the invention provides a class file encryption method, device, computer equipment and storage medium based on a spring container.
The execution main body of the class file encryption method based on the spring container can be the class file encryption device based on the spring container provided by the embodiment of the invention or the computer equipment integrated with the class file encryption device based on the spring container, wherein the class file encryption device based on the spring container can be realized in a hardware or software mode, the computer equipment can be a terminal or a server, and the terminal can be a smart phone, a tablet personal computer, a palm personal computer, a notebook personal computer or the like.
Referring to fig. 1, fig. 1 is a schematic application scenario diagram of a class file encryption method based on a spring container according to an embodiment of the present invention. The class file encryption method based on the spring container is applied to the computer equipment in FIG. 1, the computer equipment can acquire the spring container and the class file to be encrypted, and the spring container comprises a plurality of spring subfiles; then, encrypting the class file to be encrypted according to encryption logic preset in the encryption plug-in to obtain an encrypted class file; then, a preset engineering deployment file is placed in any spring subfile of the spring subfiles to obtain a processed spring container, the engineering deployment file comprises generation logic of a custom class loader, the custom class loader is the same name as an official class loader, and the custom class loader comprises decryption logic opposite to the encryption logic; and finally, generating a target encrypted file according to the encrypted class file and the processed spring container.
Referring to fig. 2, fig. 2 is a flow chart of a class file encryption method based on a spring container according to an embodiment of the present invention. As shown in fig. 2, the method includes the following steps S110-150.
S110, acquiring a spring container and a class file to be encrypted.
The spring container comprises a plurality of spring subfiles, wherein the spring subfiles can be jar files or war files, in some embodiments, the spring container can be downloaded from a platform corresponding to the Internet to obtain the spring container, in other embodiments, the spring container can be downloaded and stored in a local database in advance, and the spring container can be obtained from the local database when in use.
In some embodiments, after a user edits a java code and compiles a class file to be encrypted, the class file to be encrypted is packaged into a jar file to be encrypted or a war file to be encrypted, and the computer device obtains the jar file to be encrypted or the war file to be encrypted.
S120, encrypting the class file to be encrypted according to a preset encryption logic to obtain the encrypted class file.
In some embodiments, referring to fig. 3, step S120 includes:
s121, determining a first class subfile in the class file to be encrypted.
The first class sub-file is a class file which needs encryption processing in the class files to be encrypted.
In this embodiment, the class file to be encrypted includes a complete java code file, where the main startup class subfile is a file that does not need to be encrypted, and in this embodiment, the user may further designate some class subfiles other than the main startup class subfile as files that do not need to be encrypted, and the computer device in this embodiment only needs to encrypt the class subfile that needs to be encrypted in the class file to be encrypted, where in this embodiment, the class subfile that needs to be encrypted is a first class subfile, and the class subfile that does not need to be encrypted is a second class subfile.
Specifically, the class file to be encrypted includes a plurality of class subfiles, the class subfiles to be encrypted carry an encryption identifier, in this embodiment, the class subfiles carrying the encryption identifier are determined as a first class subfile, and each class subfile carrying the encryption identifier is determined as a second class subfile.
S122, encrypting the first class subfile through encryption logic in the encryption plug-in, and obtaining the encrypted first class subfile.
In this embodiment, encryption logic is preset in the encryption plug-in, specifically, the computer device in this embodiment copies the first class subfile to the encryption plug-in, and then triggers the encryption plug-in to encrypt the first class subfile according to the encryption logic, so as to obtain an encrypted first class subfile.
S123, generating an encrypted class file according to the encrypted first class sub-file and the encrypted second class sub-file.
After the encrypted first class subfile is obtained, an encrypted class file is generated according to the encrypted first class subfile and the second class subfile, that is, the encrypted class file contains the encrypted first class subfile and the second class subfile (for example, the main startup class subfile) which does not need to be encrypted.
In other embodiments, step S120 may include: copying all the class subfiles in the class file to be encrypted into an encryption plug-in, and encrypting the class file to be encrypted according to the encryption identification in the class subfiles by the encryption plug-in, specifically, encrypting the class subfiles carrying the encryption identification, and not carrying the encryption identification to obtain the encrypted class file.
It should be noted that, the encryption plug-in includes, in addition to the encryption logic, the corresponding decryption logic, and in this embodiment, before executing step S130, the engineering deployment file needs to be generated according to the preset engineering deployment file generation rule and the decryption logic, where the expression form of the engineering deployment file obtained according to the engineering deployment file generation rule is in the form of a character string, and it is difficult for decompiler to obtain the decryption logic from the engineering deployment file.
In some embodiments, the computer device in this embodiment receives a user encryption logic modification instruction and a corresponding decryption logic modification instruction, and then modifies the encryption logic according to the encryption logic modification instruction; and modifying the decryption logic according to the decryption logic modification instruction.
Specifically, the encryption logic and the decryption logic in the encryption plug-in are modified according to the received encryption logic modification instruction and the corresponding decryption logic modification instruction, wherein if the original encryption logic is "byte code addition is performed at the position of n+1 according to the class name length N", the encryption logic in the encryption logic modification instruction is "encryption logic is added, byte code addition is performed at the position of n+5 according to the class name length N", and at this time, the encryption logic modified according to the encryption logic modification instruction is "byte code addition is performed at the position of n+1 according to the class name length N, and byte code addition is performed at the position of n+5 according to the class name length N".
At this time, the original decryption logic corresponding to the original encryption logic is "byte code deletion at the position of n+1 according to the class name length N", the decryption logic in the decryption logic modification instruction corresponding to the encryption logic modification instruction is "add decryption logic, byte code deletion at the position of n+5 according to the class name length N", and in this case, the decryption logic modified according to the decryption logic modification instruction is "byte code deletion at the position of n+1 according to the class name length N, and byte code deletion at the position of n+5 according to the class name length N".
In this embodiment, the encryption logic may add extra bytes according to a certain rule, or replace part of bytes according to a certain rule, so as to destroy the class file to be encrypted. Such as: the specific manner in which the corruption logic and recovery logic is destroyed is not limited herein, with the option of bytecode addition or reduction of corruption at n+1 (result 6) based on class name length N (hypothesis 5).
The encrypted class file does not accord with the analysis specification, cannot be decompiled and cannot pass through a byte code reading tool, so that the aim of protecting the safety of the source code is fulfilled.
In some embodiments, step S120 may further include: determining a user identifier corresponding to a class file to be encrypted; determining a target encryption logic according to the user identifier and a preset corresponding relation between the user identifier and the encryption logic; and carrying out encryption processing on the encrypted class file according to the target encryption logic to obtain the encrypted class file. The user identifier may reflect an encrypted user corresponding to the class file to be encrypted. The present embodiment can perform different encryption processes for different encryption users.
S130, placing a preset engineering deployment file in any one of the plurality of spring subfiles to obtain a processed spring container.
The engineering deployment file in this embodiment includes generation logic of a custom class loader, where the custom class loader is named as an official class loader, and the custom class loader includes decryption logic opposite to the encryption logic.
In this embodiment, the computer device embeds the engineering deployment file into any one of the plurality of spring subfiles, so that a good hiding effect can be obtained, the decompiler cannot know that the engineering deployment file is embedded into that spring subfile, the engineering part file is in a character string form, the decompiler cannot obtain decryption logic from the engineering deployment file, the decompilation capability of the target encrypted file is further improved, in addition, since the custom class loader is the same name as the official class loader, when the target encrypted file is subsequently operated, the decompiler cannot judge that the class loader is different from the official class loader through observing the class loader, the custom class loader is disguised well, the decompilation capability is improved, and the decryption logic is well protected because the custom class loader is dynamically generated according to the engineering deployment file and disappears after the project application stops operating.
And S140, generating a target encrypted file according to the encrypted class file and the processed spring container.
In some embodiments, referring to fig. 4, step S140 includes:
s141, copying the encrypted class file into a preset folder.
In some embodiments, the computer device prepares a folder (i.e. the preset folder) in advance, and after executing the method for encrypting the file based on the spring container in this embodiment, determines which of the files to be encrypted need to be encrypted, which of the files need not be encrypted, and copies the files that need not be encrypted (i.e. the second file) directly into the folder prepared in advance. When the encrypted class subfiles (i.e., the first class subfiles) are encrypted in the encryption plug-in, and the encrypted class subfiles are obtained, the encrypted class subfiles are copied into the prepared folders.
S142, copying the processed spring container to a preset folder to obtain the target encrypted file.
In this embodiment, after a preset engineering deployment file is placed in any one of the plurality of spring subfiles to obtain a processed spring container, the processed spring container is copied into the previously prepared folder, and finally a target encrypted file is generated, where the target encrypted file includes: an encrypted class file, a second class sub-file, a processed spring container, etc.
It should be noted that, in order to avoid that the class file to be encrypted is decompiled, the embodiment deletes the class file to be encrypted after obtaining the target encrypted file.
In summary, in this embodiment, a spring container and a class file to be encrypted are obtained, where the spring container includes a plurality of spring subfiles; then, encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file; then, a preset engineering deployment file is placed in any spring subfile of a plurality of spring subfiles to obtain a processed spring container, the engineering deployment file comprises generation logic of a custom class loader, the custom class loader comprises decryption logic opposite to encryption logic, and the custom class loader is named as an official class loader; and finally, generating a target encrypted file according to the encrypted class file and the processed spring container. The target encryption file provided by the embodiment of the invention is in an encryption state, a custom class loader which is the same as an official name can be dynamically generated through the engineering deployment file in the target encryption file during operation to decrypt the encrypted class file, so that the operation of the class file is realized, the engineering deployment file is buried in any one of a plurality of spring sub-files to be hidden, the engineering deployment file is not easy to find, and the class file in the generated target encryption file is subjected to encryption processing, so that Java codes are difficult to decompile even if the target encryption file is deployed at a client or in an environment of local area network operation of a user, and decompile capability of the Java codes can be improved by the scheme.
Fig. 5 is a flow chart of a class file encryption method based on a spring container according to another embodiment of the present invention, where the embodiment specifically relates to operation and use of a target encrypted file. As shown in FIG. 5, the spring container-based class file encryption method of the present embodiment includes steps S210-S280. Steps S210 to S240 are similar to steps S110 to S140 in the above embodiment, and are not described herein.
After the target encrypted file is obtained, the target encrypted file may be deployed on a local computer device or on another computer device, where the computer device is deployed, and steps S250-S280 are required to be executed during operation. Steps S250 to S280 added in this embodiment are described in detail below.
S250, receiving an operation instruction of the target encrypted file.
In this embodiment, a target encrypted file is deployed on a computer device, and when a class file in the target encrypted file needs to be executed, an execution instruction of the target encrypted file needs to be received first, specifically, the execution instruction of the target encrypted file is sent by a user, and may also be generated by the computer device when other applications are triggered by the user.
S260, generating a custom class loader through the engineering deployment file in the target encrypted file according to the operation instruction.
In this embodiment, the custom class loader and the official class loader are generated according to the engineering deployment file, so that decompiling personnel are difficult to decompil the file by observing the class loader.
In some embodiments, referring to fig. 6, step S260 includes:
s261, loading a main starting class file in the target encrypted file through an official class loader corresponding to the spring container according to the operation instruction so as to operate the main starting class file.
The main startup class file belongs to an unencrypted class sub-file, after receiving an operation instruction in this embodiment, the main startup class file starts to be read, and the spring container is initialized, that is, in the initial stage of startup, the application class loader is a class loader provided by a spring official, and the loader loads the main startup class.
In some embodiments, the class subfiles without encryption processing in the target encrypted file may be loaded by an official class loader, in other embodiments, the class subfiles without encryption processing in the target encrypted file may be loaded by a custom class loader, and decryption processing is not required during loading.
S262, after the main startup class file operates, a custom class loader is generated through the engineering deployment file in the target encryption file.
In this embodiment, the name of the custom class loader is the same as the name of the official class loader, and the two class loaders are the parent-child class loader relationship.
In the initial stage of running the spring container, the main starting class dynamically generates a custom class loader through engineering deployment files.
S270, decrypting the encrypted class file in the target encrypted file through the custom class loader to obtain the decrypted class file.
In this embodiment, after the custom class loader is generated, the official class loader is replaced by the custom class loader, and the subsequent custom class loader decrypts the encrypted class file in the target encrypted file to obtain the encrypted class file.
S280, loading the decrypted class file into jvm to run the target encrypted file.
In the embodiment, the decrypted class file is loaded into a java virtual machine (Java Virtual Machine, jvm) deployed locally, so that the operation of java codes in the target encrypted file is realized.
The beneficial effects of this embodiment are as follows:
1. The problem that an isolation server is required to be introduced in the traditional Java Class program isolation technology is solved, in the embodiment, only the target encrypted file containing the encrypted Class file is required to be given to a client, the client can deploy the target encrypted file at the client side or at the server side, and the file is not easy to decompile during stand-alone operation.
2. The problem that confusion is not thorough caused by the traditional code confusion technology is solved, and the encrypted class file in the target encrypted file cannot be read at all and cannot be decompiled through a decompiling tool.
3. The class file does not need to be encrypted by introducing a third party language.
4. The method is convenient to use, and can generate a safe jar or war deployment file through processing the target encryption file only by providing the target encryption file, and can operate only by corresponding java environment.
5. The expansion is convenient, and common destruction (encryption) rules such as displacement and OR operation of byte codes can be integrated in the encryption plug-in, and redundant byte codes can be added by specifying a certain row of the class file according to the class name length; the destruction (encryption) rules may also be custom defined according to the interface specification.
6. The method is flexible, files (class subfiles) under the specified class or package can be protected, or the whole engineering file can exclude codes which do not need encryption codes. The personalized encryption mode of different encryption rules for different users in the same engineering file can be realized.
FIG. 7 is a schematic block diagram of a class file encryption device based on a spring container provided by an embodiment of the invention. As shown in FIG. 7, the invention further provides a class file encryption device based on the spring container, which corresponds to the class file encryption method based on the spring container. The device for encrypting the class file based on the spring container comprises a unit for executing the class file encryption method based on the spring container, and the device can be configured in a server or a desktop computer, a tablet computer, a portable computer and other terminals. Specifically, referring to fig. 7, the device for encrypting a class file based on a spring container includes an acquisition unit 701, an encryption unit 702, a placement unit 703, and a first generation unit 704.
An obtaining unit 701, configured to obtain a spring container and a class file to be encrypted, where the spring container includes a plurality of spring subfiles;
an encryption unit 702, configured to encrypt the class file to be encrypted according to a preset encryption logic, so as to obtain an encrypted class file;
the placing unit 703 is configured to place a preset engineering deployment file in any one of the plurality of spring subfiles to obtain a processed spring container, where the engineering deployment file includes generation logic of a custom class loader, and the custom class loader includes decryption logic opposite to the encryption logic;
The first generating unit 704 is configured to generate a target encrypted file according to the encrypted class file and the processed spring container.
In some embodiments, the encryption unit 702 is specifically configured to:
determining a first class sub-file in the class file to be encrypted, wherein the first class sub-file is a class file which needs encryption processing in the class file to be encrypted;
encrypting the first class subfile through the encryption logic in the encryption plug-in to obtain an encrypted first class subfile;
and generating the encrypted class file according to the encrypted first class sub-file and a second class sub-file, wherein the second class sub-file is a file outside the first class sub-file in the class file to be encrypted.
In some embodiments, the first generating unit 704 is specifically configured to:
copying the encrypted class file into a preset folder; the method comprises the steps of,
copying the processed spring container to the preset folder to obtain the target encrypted file.
Referring to fig. 8, in some embodiments, the apparatus further comprises:
a first receiving unit 705, configured to receive an operation instruction of the target encrypted file;
A second generating unit 706, configured to generate, according to the operation instruction, a custom class loader through an engineering deployment file in the target encrypted file, where the custom class loader is named as an official class loader;
a decryption unit 707, configured to decrypt the encrypted class file in the target encrypted file by using the custom class loader, to obtain a decrypted class file;
a loading unit 708, configured to load the decrypted class file into jvm, so as to run the target encrypted file.
In some embodiments, the second generating unit 706 is specifically configured to:
according to the operation instruction, loading a main starting class file in the target encrypted file through an official class loader corresponding to the spring container so as to operate the main starting class file, wherein the main starting class file belongs to an unencrypted class sub-file;
and after the main starting class file operates, generating the custom class loader through the engineering deployment file in the target encrypted file.
In some embodiments, the apparatus further comprises:
a third generating unit 709, configured to generate the engineering deployment file according to a preset engineering deployment file generating rule and the decryption logic.
In some embodiments, the apparatus further comprises:
a second receiving unit 710, configured to receive the encryption logic modification instruction and the corresponding decryption logic modification instruction;
a modification unit 711 for modifying the encryption logic according to the encryption logic modification instruction; and modifying the decryption logic according to the decryption logic modification instruction.
It should be noted that, as those skilled in the art can clearly understand, the specific implementation process of the above-mentioned class file encryption device and each unit based on the spring container may refer to the corresponding description in the foregoing method embodiment, and for convenience and brevity of description, the description is omitted here.
The above-described class file encryption apparatus based on spring containers may be implemented in the form of a computer program which can be run on a computer device as shown in fig. 9.
Referring to fig. 9, fig. 9 is a schematic block diagram of a computer device according to an embodiment of the present application. The computer device 900 may be a terminal or a server, where the terminal may be an electronic device with a communication function, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a personal digital assistant, and a wearable device. The server may be an independent server or a server cluster formed by a plurality of servers.
With reference to fig. 9, the computer device 900 includes a processor 902, a memory, and a network interface 905, which are connected by a system bus 901, wherein the memory may include a non-volatile storage medium 903 and an internal memory 904.
The non-volatile storage medium 903 may store an operating system 9031 and a computer program 9032. The computer program 9032 includes program instructions that, when executed, cause the processor 902 to perform a spring container-based class file encryption method.
The processor 902 is operable to provide computing and control capabilities to support the operation of the overall computer device 900.
The internal memory 904 provides an environment for the execution of a computer program 9032 in the non-volatile storage medium 903, which computer program 9032, when executed by the processor 902, causes the processor 902 to perform a spring container based class file encryption method.
The network interface 905 is used for network communication with other devices. It will be appreciated by those skilled in the art that the architecture shown in fig. 9 is merely a block diagram of some of the architecture relevant to the present inventive arrangements and is not limiting of the computer device 900 to which the present inventive arrangements may be implemented, and that a particular computer device 900 may include more or less components than those shown, or may combine some components, or have a different arrangement of components.
Wherein the processor 902 is configured to execute a computer program 9032 stored in a memory, so as to implement the following steps:
acquiring a spring container and a class file to be encrypted, wherein the spring container comprises a plurality of spring subfiles;
encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file;
placing a preset engineering deployment file in any one spring subfile of the plurality of spring subfiles to obtain a processed spring container, wherein the engineering deployment file comprises generation logic of a custom class loader, the custom class loader is named as an official class loader, and the custom class loader comprises decryption logic opposite to the encryption logic;
and generating a target encrypted file according to the encrypted class file and the processed spring container.
In some embodiments, when implementing the step of encrypting the class file to be encrypted according to the preset encryption logic to obtain an encrypted class file, the processor 902 specifically implements the following steps:
determining a first class sub-file in the class file to be encrypted, wherein the first class sub-file is a class file which needs encryption processing in the class file to be encrypted;
Encrypting the first class subfile through the encryption logic in the encryption plug-in to obtain an encrypted first class subfile;
and generating the encrypted class file according to the encrypted first class sub-file and a second class sub-file, wherein the second class sub-file is a file outside the first class sub-file in the class file to be encrypted.
In some embodiments, when implementing the step of generating the target encrypted file according to the encrypted class file and the processed spring container, the processor 902 specifically implements the following steps:
copying the encrypted class file into a preset folder; the method comprises the steps of,
copying the processed spring container to the preset folder to obtain the target encrypted file.
In some embodiments, after implementing the step of generating the target encrypted file according to the encrypted class file and the processed spring container, the processor 902 further implements the following steps:
receiving an operation instruction of the target encrypted file;
generating a custom class loader through an engineering deployment file in the target encryption file according to the operation instruction, wherein the custom class loader is named as an official class loader;
Decrypting the encrypted class file in the target encrypted file through the custom class loader to obtain a decrypted class file;
and loading the decrypted class file into jvm to run the target encrypted file.
In some embodiments, when the step of generating the custom class loader according to the running instruction through the engineering deployment file in the target encrypted file is implemented by the processor 902, the following steps are specifically implemented:
according to the operation instruction, loading a main starting class file in the target encrypted file through an official class loader corresponding to the spring container so as to operate the main starting class file, wherein the main starting class file belongs to an unencrypted class sub-file;
and after the main starting class file operates, generating the custom class loader through the engineering deployment file in the target encrypted file.
In some embodiments, before implementing the step of placing the preset engineering deployment file in any one of the plurality of spring subfiles to obtain the processed spring container, the processor 902 further implements the following steps:
and generating the engineering deployment file according to a preset engineering deployment file generation rule and the decryption logic.
In some embodiments, the processor 902 further implements the steps of:
receiving an encryption logic modification instruction and a corresponding decryption logic modification instruction;
modifying the encryption logic according to the encryption logic modification instruction; the method comprises the steps of,
modifying the decryption logic according to the decryption logic modification instruction.
It should be appreciated that in an embodiment of the application, the processor 902 may be a central processing unit (Central Processing Unit, CPU), the processor 902 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf Programmable gate arrays (FPGAs) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. Wherein the general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
Those skilled in the art will appreciate that all or part of the flow in a method embodying the above described embodiments may be accomplished by computer programs instructing the relevant hardware. The computer program comprises program instructions, and the computer program can be stored in a storage medium, which is a computer readable storage medium. The program instructions are executed by at least one processor in the computer system to implement the flow steps of the embodiments of the method described above.
Accordingly, the present invention also provides a storage medium. The storage medium may be a computer readable storage medium. The storage medium stores a computer program, wherein the computer program includes program instructions. The program instructions, when executed by the processor, cause the processor to perform the steps of:
acquiring a spring container and a class file to be encrypted, wherein the spring container comprises a plurality of spring subfiles;
encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file;
placing a preset engineering deployment file in any one spring subfile of the plurality of spring subfiles to obtain a processed spring container, wherein the engineering deployment file comprises generation logic of a custom class loader, the custom class loader is named as an official class loader, and the custom class loader comprises decryption logic opposite to the encryption logic;
and generating a target encrypted file according to the encrypted class file and the processed spring container.
In some embodiments, when executing the program instruction to implement the step of encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file, the processor specifically implements the following steps:
Determining a first class sub-file in the class file to be encrypted, wherein the first class sub-file is a class file which needs encryption processing in the class file to be encrypted;
encrypting the first class subfile through the encryption logic in the encryption plug-in to obtain an encrypted first class subfile;
and generating the encrypted class file according to the encrypted first class sub-file and a second class sub-file, wherein the second class sub-file is a file outside the first class sub-file in the class file to be encrypted.
In some embodiments, when the processor executes the program instructions to implement the step of generating the target encrypted file according to the encrypted class file and the processed spring container, the method specifically includes the following steps:
copying the encrypted class file into a preset folder; the method comprises the steps of,
copying the processed spring container to the preset folder to obtain the target encrypted file.
In some embodiments, after executing the program instructions to implement the step of generating the target encrypted file from the encrypted class file and the processed spring container, the processor further implements the steps of:
Receiving an operation instruction of the target encrypted file;
generating a custom class loader through an engineering deployment file in the target encryption file according to the operation instruction, wherein the custom class loader is named as an official class loader;
decrypting the encrypted class file in the target encrypted file through the custom class loader to obtain a decrypted class file;
and loading the decrypted class file into jvm to run the target encrypted file.
In some embodiments, when the processor executes the program instructions to implement the step of generating, according to the running instructions, a custom class loader through an engineering deployment file in the target encrypted file, the steps of:
according to the operation instruction, loading a main starting class file in the target encrypted file through an official class loader corresponding to the spring container so as to operate the main starting class file, wherein the main starting class file belongs to an unencrypted class sub-file;
and after the main starting class file operates, generating the custom class loader through the engineering deployment file in the target encrypted file.
In some embodiments, before executing the program instruction to implement the step of placing the preset engineering deployment file in any one of the plurality of spring subfiles to obtain the processed spring container, the processor further implements the following steps:
and generating the engineering deployment file according to a preset engineering deployment file generation rule and the decryption logic.
In some embodiments, the processor further implements the steps of:
receiving an encryption logic modification instruction and a corresponding decryption logic modification instruction;
modifying the encryption logic according to the encryption logic modification instruction; the method comprises the steps of,
modifying the decryption logic according to the decryption logic modification instruction.
The storage medium may be a U-disk, a removable hard disk, a Read-Only Memory (ROM), a magnetic disk, or an optical disk, or other various computer-readable storage media that can store program codes.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps described in connection with the embodiments disclosed herein may be embodied in electronic hardware, in computer software, or in a combination of the two, and that the elements and steps of the examples have been generally described in terms of function in the foregoing description to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the several embodiments provided by the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the device embodiments described above are merely illustrative. For example, the division of each unit is only one logic function division, and there may be another division manner in actual implementation. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not performed.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs. The units in the device of the embodiment of the invention can be combined, divided and deleted according to actual needs. In addition, each functional unit in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit.
The integrated unit may be stored in a storage medium if implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present invention is essentially or a part contributing to the prior art, or all or part of the technical solution may be embodied in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a terminal, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention.
While the invention has been described with reference to certain preferred embodiments, it will be understood by those skilled in the art that various changes and substitutions of equivalents may be made and equivalents will be apparent to those skilled in the art without departing from the scope of the invention. Therefore, the protection scope of the invention is subject to the protection scope of the claims.
Claims (8)
1. A class file encryption method based on a spring container is characterized by comprising the following steps: acquiring a spring container and a class file to be encrypted, wherein the spring container comprises a plurality of spring subfiles;
encrypting the class file to be encrypted according to a preset encryption logic to obtain an encrypted class file; placing a preset engineering deployment file in any one spring sub-file in the plurality of spring sub-files to obtain a processed spring container, wherein the engineering deployment file comprises generation logic of a custom class loader, the custom class loader is named as an official class loader, and the custom class loader comprises decryption logic opposite to the encryption logic;
Generating a target encrypted file according to the encrypted class file and the processed spring container;
receiving an operation instruction of the target encrypted file;
generating a custom class loader through an engineering deployment file in the target encryption file according to the operation instruction, wherein the custom class loader is named as an official class loader;
decrypting the encrypted class file in the target encrypted file through the custom class loader to obtain a decrypted class file; loading the decrypted class file into jvm to run the target encrypted file;
the generating, according to the operation instruction, a custom class loader through an engineering deployment file in the target encrypted file includes: according to the operation instruction, loading a main starting class file in the target encrypted file through an official class loader corresponding to the spring container so as to operate the main starting class file, wherein the main starting class file belongs to an unencrypted class sub-file; and after the main starting class file operates, generating the custom class loader through the engineering deployment file in the target encrypted file.
2. The method of claim 1, wherein the encrypting the class file to be encrypted according to the preset encryption logic to obtain an encrypted class file comprises: determining a first class sub-file in the class file to be encrypted, wherein the first class sub-file is a class file which needs encryption processing in the class file to be encrypted;
encrypting the first class subfile through the encryption logic in the encryption plug-in to obtain an encrypted first class subfile;
and generating the encrypted class file according to the encrypted first class sub-file and a second class sub-file, wherein the second class sub-file is a file outside the first class sub-file in the class file to be encrypted.
3. The method of claim 1, wherein the generating the target encrypted file from the encrypted class file and the processed spring container comprises: copying the encrypted class file into a preset folder;
and copying the processed spring container to the preset folder to obtain the target encrypted file.
4. The method of claim 1, wherein the placing the preset project deployment file in any one of the plurality of spring subfiles, before obtaining the processed spring container, further comprises: and generating the engineering deployment file according to a preset engineering deployment file generation rule and the decryption logic.
5. The method according to any one of claims 1 to 4, further comprising: receiving an encryption logic modification instruction and a corresponding decryption logic modification instruction; modifying the encryption logic according to the encryption logic modification instruction; and modifying the decryption logic according to the decryption logic modification instruction.
6. A class file encryption device based on spring container, characterized by comprising: the device comprises an acquisition unit, a storage unit and a storage unit, wherein the acquisition unit is used for acquiring a spring container and a class file to be encrypted, and the spring container comprises a plurality of spring subfiles;
the encryption unit is used for carrying out encryption processing on the class file to be encrypted according to preset encryption logic to obtain an encrypted class file;
the storage unit is used for storing a preset engineering deployment file in any one spring sub-file in the plurality of spring sub-files to obtain a processed spring container, wherein the engineering deployment file comprises generation logic of a custom class loader, and the custom class loader comprises decryption logic opposite to the encryption logic; the first generation unit is used for generating a target encrypted file according to the encrypted class file and the processed spring container;
The first receiving unit is used for receiving the running instruction of the target encrypted file; the second generation unit is used for generating a self-defined class loader through an engineering deployment file in the target encrypted file according to the operation instruction, wherein the self-defined class loader is the same name as the official class loader; the decryption unit is used for decrypting the encrypted class file in the target encrypted file through the custom class loader to obtain a decrypted class file;
the loading unit is used for loading the decrypted class file into jvm so as to run the target encrypted file;
the second generating unit is specifically configured to: according to the operation instruction, loading a main starting class file in the target encrypted file through an official class loader corresponding to the spring container so as to operate the main starting class file, wherein the main starting class file belongs to an unencrypted class sub-file;
and after the main starting class file operates, generating the custom class loader through the engineering deployment file in the target encrypted file.
7. A computer device, characterized in that it comprises a memory and a processor, on which a computer program is stored, which processor implements the method according to any of claims 1-5 when executing the computer program.
8. A storage medium storing a computer program comprising program instructions which, when executed by a processor, implement the method of any one of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110602045.6A CN113221077B (en) | 2021-05-31 | 2021-05-31 | Class file encryption method and equipment based on spring container |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110602045.6A CN113221077B (en) | 2021-05-31 | 2021-05-31 | Class file encryption method and equipment based on spring container |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113221077A CN113221077A (en) | 2021-08-06 |
| CN113221077B true CN113221077B (en) | 2023-11-14 |
Family
ID=77081743
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110602045.6A Active CN113221077B (en) | 2021-05-31 | 2021-05-31 | Class file encryption method and equipment based on spring container |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113221077B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102346834A (en) * | 2011-11-25 | 2012-02-08 | 武汉钢铁(集团)公司 | Method for encrypting and protecting Java application software |
| CN103218549A (en) * | 2012-01-19 | 2013-07-24 | 阿里巴巴集团控股有限公司 | Method and device for encrypting and decrypting Java source code |
| CN107220528A (en) * | 2017-07-21 | 2017-09-29 | 北京深思数盾科技股份有限公司 | The protection of java applet and operation method, device and terminal |
| CN110069905A (en) * | 2019-04-26 | 2019-07-30 | 深圳智慧园区信息技术有限公司 | A kind of device and method of Springboot program encryption and decryption |
| CN110210188A (en) * | 2019-06-04 | 2019-09-06 | 武汉神算云信息科技有限责任公司 | Code encryption method, apparatus, equipment and storage medium under Spring frame |
| CN110532737A (en) * | 2019-08-29 | 2019-12-03 | 深圳前海环融联易信息科技服务有限公司 | Jar packet encryption management method, device, computer equipment and storage medium |
| CN111552931A (en) * | 2020-04-30 | 2020-08-18 | 平安科技(深圳)有限公司 | Method and system for adding shell of java code |
| CN112764827A (en) * | 2020-12-31 | 2021-05-07 | 重庆广播电视大学重庆工商职业学院 | Java class hot loading method with safety verification |
| CN112835865A (en) * | 2021-03-31 | 2021-05-25 | 中国工商银行股份有限公司 | Application hot deployment system, method and device |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102360412B (en) * | 2011-09-26 | 2014-07-02 | 飞天诚信科技股份有限公司 | Method and system for protecting Java source code |
| EP3746920A1 (en) * | 2018-01-31 | 2020-12-09 | Assa Abloy AB | Enabling an encrypted software module in a container file |
-
2021
- 2021-05-31 CN CN202110602045.6A patent/CN113221077B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102346834A (en) * | 2011-11-25 | 2012-02-08 | 武汉钢铁(集团)公司 | Method for encrypting and protecting Java application software |
| CN103218549A (en) * | 2012-01-19 | 2013-07-24 | 阿里巴巴集团控股有限公司 | Method and device for encrypting and decrypting Java source code |
| CN107220528A (en) * | 2017-07-21 | 2017-09-29 | 北京深思数盾科技股份有限公司 | The protection of java applet and operation method, device and terminal |
| CN110069905A (en) * | 2019-04-26 | 2019-07-30 | 深圳智慧园区信息技术有限公司 | A kind of device and method of Springboot program encryption and decryption |
| CN110210188A (en) * | 2019-06-04 | 2019-09-06 | 武汉神算云信息科技有限责任公司 | Code encryption method, apparatus, equipment and storage medium under Spring frame |
| CN110532737A (en) * | 2019-08-29 | 2019-12-03 | 深圳前海环融联易信息科技服务有限公司 | Jar packet encryption management method, device, computer equipment and storage medium |
| CN111552931A (en) * | 2020-04-30 | 2020-08-18 | 平安科技(深圳)有限公司 | Method and system for adding shell of java code |
| CN112764827A (en) * | 2020-12-31 | 2021-05-07 | 重庆广播电视大学重庆工商职业学院 | Java class hot loading method with safety verification |
| CN112835865A (en) * | 2021-03-31 | 2021-05-25 | 中国工商银行股份有限公司 | Application hot deployment system, method and device |
Non-Patent Citations (4)
| Title |
|---|
| Java软件保护方案的设计和实现;龚少麟;;计算机时代(05);第40-44页 * |
| Java软件保护机制的研究与实现;尹艳阳;任洪敏;;现代计算机(专业版)(19);第27-31页 * |
| 基于面向方面编程的J2EE源代码保护;李媛媛;;计算机工程(08);第153-155页 * |
| 改进的Java类文件保护方法;鲍福良;徐洁;方志刚;;计算机工程(01);第99-100页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113221077A (en) | 2021-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7620987B2 (en) | Obfuscating computer code to prevent an attack | |
| JP4702957B2 (en) | Tamper resistant virtual machine | |
| US7770021B2 (en) | Authenticating software using protected master key | |
| EP1325411B1 (en) | Methods of providing java tamperproofing | |
| US10255443B2 (en) | Method, apparatus, system and non-transitory computer readable medium for code protection | |
| EP3103048B1 (en) | Content item encryption on mobile devices | |
| CN103530535A (en) | Shell adding and removing method for Android platform application program protection | |
| CN102576391A (en) | Software license embedded in shell code | |
| US20150095653A1 (en) | Method and apparatus of creating application package, method and apparatus of executing application package, and recording medium storing application package | |
| JP2007148575A (en) | Program, method, and device for preparing protected execution program | |
| US7970133B2 (en) | System and method for secure and flexible key schedule generation | |
| JP2004502233A (en) | System and method for providing security to components using a shared name | |
| CN104408337A (en) | Reinforcement method for preventing reverse of APK (Android package) file | |
| CN107430650B (en) | Securing computer programs against reverse engineering | |
| WO2005098570A1 (en) | Execution device | |
| CN104318155A (en) | Dynamic loading method capable of guarding against reverse APK file | |
| CN104866739A (en) | Application program encryption method and application program encryption system in Android system | |
| CN106845167A (en) | The reinforcement means and device of a kind of APK, and dynamic loading method and device | |
| JP2004511031A (en) | Digital data protection configuration | |
| CN105930695A (en) | Protection method and device for software development kit | |
| CN111191195A (en) | Method and device for protecting APK | |
| US20220360442A1 (en) | On demand code decryption | |
| US9292708B2 (en) | Protection of interpreted source code in virtual appliances | |
| JP4664055B2 (en) | Program dividing device, program executing device, program dividing method, and program executing method | |
| CN113221077B (en) | Class file encryption method and equipment based on spring container |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |