CN114866262B - Storage access method, device, equipment and medium for data certificate file - Google Patents
Storage access method, device, equipment and medium for data certificate file Download PDFInfo
- Publication number
- CN114866262B CN114866262B CN202210791634.8A CN202210791634A CN114866262B CN 114866262 B CN114866262 B CN 114866262B CN 202210791634 A CN202210791634 A CN 202210791634A CN 114866262 B CN114866262 B CN 114866262B
- Authority
- CN
- China
- Prior art keywords
- certificate
- seq
- data
- compressed
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3265—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate chains, trees or paths; Hierarchical trust model
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/04—Protocols for data compression, e.g. ROHC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
Abstract
The invention provides a method, a device, equipment and a medium for storing and taking a data certificate file; the method comprises the steps of obtaining a data certificate to be compressed and an index tree, wherein the index tree is used for storing a certificate chain relation of the data certificate to be compressed; analyzing the data certificate to be compressed, and extracting a certificate chain of the data certificate to be compressed and a plurality of SEQ objects corresponding to certificates at all levels in the certificate chain; acquiring a fingerprint of a certificate chain; judging whether the fingerprint of the certificate chain of the data certificate to be compressed is stored in the index tree or not based on the fingerprint of the certificate chain; if so, acquiring a next to-be-compressed data certificate; if not, compressing the plurality of SEQ objects, and constructing pointers to the compressed data of each SEQ object respectively; obtaining fingerprints of a plurality of SEQ objects; storing fingerprints and pointers of a plurality of SEQ objects corresponding to certificates of each level in a certificate chain into an index tree based on the structure of the certificate chain; based on the index tree, the required digital certificates are taken. The method has the effect of saving the memory space.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, equipment and a medium for storing and taking a data certificate file.
Background
When using internet products, users purchase data certificates to realize https of products or tls verification on a third-party platform, storage of thousands of data certificates causes great pressure on a disk and a memory, and in order to relieve memory pressure possibly caused by storage of the data certificates, a method of compressing the data certificates is generally used to store the data certificates.
At present, the conventional data certificate compression in the market is based on the document public key and private key file for compression, but if a large amount of data certificates need to be compressed, a large amount of repeated content compression and compressed data redundancy exist after the conventional document compression mode is adopted for compression, so that the memory space occupied by the data certificates is still large.
Disclosure of Invention
The invention aims to provide a method, a device, equipment and a medium for storing and taking a data certificate file, and aims to reduce the memory space occupied by storing a data certificate.
The embodiment of the invention is realized by the following technical scheme:
first aspect of the invention
The embodiment of the application provides a method for storing and taking a data certificate file, which comprises the following steps:
acquiring a data certificate to be compressed and an index tree, wherein the index tree is used for storing a certificate chain relation of the data certificate to be compressed;
analyzing the to-be-compressed data certificate, and extracting a certificate chain of the to-be-compressed data certificate and a plurality of SEQ objects corresponding to certificates at all levels in the certificate chain;
acquiring a fingerprint of the certificate chain;
judging whether the fingerprint of the certificate chain of the data certificate to be compressed is stored in the index tree or not based on the fingerprint of the certificate chain;
if so, acquiring a next to-be-compressed data certificate;
if not, compressing the plurality of SEQ objects, and constructing pointers to the compressed data of each SEQ object respectively;
obtaining a fingerprint of a plurality of said SEQ objects;
storing fingerprints and pointers of a plurality of SEQ objects corresponding to certificates of each level in the certificate chain into the index tree based on the structure of the certificate chain;
based on the index tree, the required data certificate is taken.
Preferably, the determining, based on the fingerprint of the certificate chain, whether the fingerprint of the certificate chain of the to-be-compressed data certificate already exists in the index tree includes:
constructing a certificate chain fingerprint filter;
inputting the certificate chain fingerprint into the certificate chain fingerprint filter, and judging:
if the certificate chain object does not exist in the certificate chain fingerprint filter, the certificate chain relation of the data certificate to be compressed is not stored in the index tree.
Preferably, the storing, based on the structure of the certificate chain, the fingerprints and pointers of the plurality of SEQ objects corresponding to certificates at each level of the certificate chain into the index tree includes:
constructing a SEQ object fingerprint filter;
sequentially obtaining a plurality of SEQ objects;
each time an SEQ object is obtained, judging whether the fingerprint of the SEQ object exists in the index tree or not based on the SEQ object fingerprint filter;
if yes, acquiring a next SEQ object;
if not, acquiring a father node of the SEQ object in the index tree based on the structure of the certificate chain;
creating a new child node under a parent node of the SEQ object;
adding a fingerprint and a pointer of the SEQ object to the child node.
Preferably, the parsing the to-be-compressed data certificate, and extracting the certificate chain of the to-be-compressed data certificate and the plurality of SEQ objects corresponding to each level of certificate in the certificate chain includes:
acquiring an ASN1 structure of the data certificate to be compressed;
based on the ASN1 structure of the data certificate to be compressed, adopting OpenSSL to extract an encryption algorithm list, an encryption suite list and a signature algorithm of the data certificate to be compressed;
and synthesizing a plurality of SEQ objects corresponding to each level of certificate in the certificate chain based on the encryption algorithm list, the encryption suite list and the signature algorithm of the data certificate to be compressed.
Preferably, the taking a required data certificate based on the index tree includes:
acquiring a certificate chain of a required data certificate;
based on the index tree, searching a plurality of pointers of the SEQ objects corresponding to certificates at different levels in the certificate chain of the required data certificate;
and extracting corresponding compressed data according to the pointers to construct a required data certificate file.
Preferably, the extracting corresponding compressed data according to the pointers and constructing a required data certificate file includes:
extracting corresponding compressed data from the pointers and merging the compressed data into a certificate chain of the data certificate;
and constructing a required data certificate file by adopting OpenSSL based on the certificate chain of the required data certificate, and outputting by adopting DER encoding.
Preferably, the certificate chain fingerprint filter and the SEQ object fingerprint filter both employ bloom filters.
Second aspect of the invention
The embodiment of the application provides a storage and taking device of a data certificate file, which comprises an input module, an analysis module, a certificate chain fingerprint acquisition module, a judgment module, a SEQ object fingerprint acquisition module, a storage module and a taking module; wherein the content of the first and second substances,
the system comprises an input module, a compression module and a compression module, wherein the input module is used for acquiring a to-be-compressed data certificate and an index tree, and the index tree is used for storing a certificate chain relation of the to-be-compressed data certificate;
the analysis module is used for analyzing the to-be-compressed data certificate and extracting a certificate chain of the to-be-compressed data certificate and a plurality of SEQ objects corresponding to certificates at different levels in the certificate chain;
the certificate chain fingerprint acquisition module acquires the fingerprint of the certificate chain;
the judging module is used for judging whether the fingerprint of the certificate chain of the to-be-compressed data certificate exists in the index tree or not based on the fingerprint of the certificate chain;
if so, acquiring a next to-be-compressed data certificate;
if not, compressing the plurality of SEQ objects, and constructing pointers to the compressed data of each SEQ object respectively;
a SEQ object fingerprint acquisition module, configured to acquire fingerprints of a plurality of SEQ objects;
the storage module is used for storing the fingerprints and the pointers of the plurality of SEQ objects corresponding to the certificates at each level in the certificate chain into the index tree based on the structure of the certificate chain;
and the taking module is used for taking the required data certificate based on the index tree.
In a third aspect, an embodiment of the present application provides an electronic device, which includes a memory, a processor, and a computer program that is stored in the memory and is executable on the processor, where the processor executes the method for fetching and storing a data certificate file according to the first aspect of the present disclosure.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for storing and taking a data certificate file according to the first aspect of the present disclosure.
The technical scheme of the embodiment of the invention at least has the following advantages and beneficial effects: after the data certificate to be compressed is obtained, if a traditional compression mode is adopted for compression, the problem that the memory occupation is too large is easily caused; analyzing a data certificate to be compressed, and extracting a certificate chain of the data certificate to be compressed and SEQ objects corresponding to certificates of various levels; then eliminating the data certificate to be compressed which is stored in the index tree; compressing and storing SEQ objects corresponding to certificates of different levels in the to-be-compressed data certificate which is not stored in the index tree, and enabling compressed data to be available through a pointer pointing to the SEQ objects and the index tree when the to-be-compressed data certificate is used; therefore, repeated data certificates to be compressed and SEQ objects in the compression process are reduced, and the effect of saving the memory is achieved.
Drawings
Fig. 1 is a flowchart of a method for storing and taking a data certificate file according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a storage access apparatus for a data certificate file according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Example 1
The data certificate is a digital certificate which marks identity information of each communication party in internet communication and is used for identifying the identity of the other party on the internet. The data certificate is also called a digital identification.
For some companies providing internet service products, information and data and the like in computer network traffic of customers are in an encrypted or decrypted form so as to ensure the integrity and security of the information and data; therefore, when the products are applied, customers purchase SSL certificates to realize https or tls authentication of the products, but the complexity of internet products causes thousands of data certificates used by customers, and storage of thousands of data certificates causes great stress on disks and memories.
In daily use, in order to relieve the pressure of a disk, a data compression mode is adopted to compress a data certificate. However, the compression method of a single data certificate file can only relieve the memory pressure to a certain extent, and in thousands of data certificates, a part of certificates are duplicated, so in this embodiment, in consideration of data certificates that may be duplicated, the scheme of this embodiment is adopted to process a large number of data certificates, so as to reduce the situations that a large number of duplicated contents are compressed and data redundancy is compressed.
The embodiment provides a method for storing and taking a data certificate file, and with reference to fig. 1, the method includes:
s101, acquiring a data certificate to be compressed and an index tree, wherein the index tree is used for storing a certificate chain relation of the data certificate to be compressed;
in this embodiment, a to-be-compressed data certificate is first acquired, and when the to-be-compressed data certificate is acquired, the to-be-compressed data certificate is taken out from a data certificate database, where the data certificate database may be a database created by a user storing data certificates, or a database created by a data certificate provider, and is mainly used for storing data certificates to be used.
In this embodiment, to reduce the number of repeated parts in the data certificate compressed into thousands of data certificates, which may result in incomplete compressed data certificates, it is necessary to record the certificate chain relationship of the data certificate to be compressed by using the index tree, so as to recover the data certificate to be compressed to the uncompressed state by using the index tree when the data certificate is taken.
S102, analyzing the to-be-compressed data certificate, and extracting a certificate chain of the to-be-compressed data certificate and a plurality of SEQ objects corresponding to certificates at all levels in the certificate chain;
in this embodiment, the method provided in this embodiment is used to compress and take the X509 data certificate; the X509 certificate is ASN1 structure data encoded with DER, is of SEQUENCE type, and includes three elements.
The parsing process includes the following sub-steps:
s1021, acquiring an ASN1 structure of the to-be-compressed data certificate;
the data structure of the X509 certificate adopts an ASN1 structure, and when the X509 certificate is analyzed, the ASN1 structure is first acquired.
S1022, based on the ASN1 structure of the data certificate to be compressed, extracting an encryption algorithm list, an encryption suite list and a signature algorithm of the data certificate to be compressed by adopting OpenSSL;
the encryption algorithm list, the encryption suite list and the signature algorithm of the data certificate provided by different certificate service providers are inconsistent, so that the data certificate to be compressed can be represented by acquiring the encryption algorithm list, the encryption suite list and the signature algorithm.
S1023, based on the encryption algorithm list, the encryption suite list and the signature algorithm of the data certificate to be compressed, synthesizing a plurality of SEQ objects corresponding to certificates of all levels in the certificate chain.
By obtaining the encryption algorithm list, the encryption suite list and the signature algorithm of the data certificate to be compressed, a plurality of SEQ objects of each level of certificate in the data certificate to be compressed can be obtained, and the data certificate to be compressed can also be represented by the plurality of SEQ objects.
S103, acquiring the fingerprint of the certificate chain;
the SHA256 algorithm is adopted to obtain the fingerprint of the certificate chain, and the fingerprint of the certificate chain obtained through the hash operation is unique due to the difference of the certificate chains.
S104, judging whether the fingerprint of the certificate chain of the to-be-compressed data certificate exists in the index tree or not based on the fingerprint of the certificate chain;
when judging whether the certificate chain relation of the data certificate to be compressed is stored in the index tree, firstly, a certificate chain fingerprint filter needs to be constructed;
the certificate chain fingerprint filter adopts a bloom filter which is a very long binary vector and a series of random mapping functions; a bloom filter may be used to retrieve whether an element is in a collection; its advantages are high space efficiency and inquiry time, high error recognition rate and high deletion difficulty.
By adopting the bloom filter to construct the certificate chain fingerprint filter, when judging whether the data certificate to be compressed is stored in the index tree, the judgment result can be obtained in a relatively short time.
Inputting the certificate chain fingerprint into the certificate chain fingerprint filter, and judging:
since the method proposed in this embodiment is to reduce the repeated data existing in the compression process, it is necessary to first determine the certificate chain fingerprint and determine whether compression has been performed.
The judgment comprises the following substeps:
s1041, if yes, acquiring a next to-be-compressed data certificate;
and if the certificate chain object does not exist in the certificate chain fingerprint filter, the certificate chain relation of the to-be-compressed data certificate is not stored in the index tree. Therefore, the data certificate to be compressed does not need to be compressed again, and the next data certificate to be compressed in the data certificate database is directly judged.
S1042, if not, compressing the SEQ objects, and constructing pointers to the compressed data of the SEQ objects respectively;
through a certificate chain and a plurality of SEQ objects, a data certificate can be characterized; and the certificate chain represents the relationship among all levels of certificates in the data certificate, and the relationship is stored in the index tree, so that when the data certificate is compressed, only a plurality of SEQ objects need to be compressed.
In this embodiment, the compressed SEQ object adopts a Huffman compression algorithm, and after the compression is completed, the fingerprint of the SEQ object is used as a file name and stored in the hardware storage device.
S105, acquiring fingerprints of a plurality of SEQ objects;
s106, storing fingerprints and pointers of a plurality of SEQ objects corresponding to certificates of each level in the certificate chain into the index tree based on the structure of the certificate chain; the method comprises the following substeps:
s1061, constructing a SEQ object fingerprint filter;
the SEQ object fingerprint filter is also set up using a bloom filter.
S1062, sequentially obtaining a plurality of SEQ objects
S1063, judging whether the fingerprint of the SEQ object exists in the index tree or not based on the SEQ object fingerprint filter when one SEQ object is obtained;
when compressing a data certificate, all SEQ objects need to be input into the SEQ object fingerprint filter, so when compressing all data certificates in the same data certificate database by using the method provided by this embodiment, all SEQ objects in the data certificate database will enter the SEQ object fingerprint filter.
If yes, acquiring a next SEQ object;
if the fingerprint of the SEQ object exists in the SEQ object fingerprint filter, the SEQ object is repeated and does not need to be compressed; directly obtaining the next SEQ object for judgment.
If not, acquiring a father node of the SEQ object in the index tree based on the structure of the certificate chain;
when the SEQ object does not exist in the SEQ object fingerprint filter, it is indicated that the SEQ object is not compressed and needs to be compressed.
By setting the SEQ fingerprint object filter, the repetition of the SEQ object can be further reduced on the basis of reducing the repetition of the certificate chain, so that the memory occupied by data certificate compression is further saved.
S1064, creating a new child node under the parent node of the SEQ object;
s1065, adding the fingerprint and the pointer of the SEQ object to the child node.
In the index tree, by finding the parent node of the SEQ object, all nodes above the created new child node are repeated with the certificate chain node of the SEQ object, and then adding the SEQ object to the index tree, the indexing of a new SEQ object is completed, and the omission of the SEQ object is not generated.
After fingerprints and pointers of a plurality of SEQ objects are stored in the index tree, when the corresponding SEQ objects are needed, compressed data of the compressed SEQ objects can be found in hardware storage equipment by referring to the pointers corresponding to the SEQ objects, and the corresponding SEQ objects can be obtained by decompressing the compressed data referred by the pointers.
And S107, taking the required data certificate based on the index tree.
When a required data certificate is taken, all SEQ objects in the data certificate can be found based on the index tree, and all compressed data in the required data certificate can be referred to through pointers of a plurality of SEQ objects stored in the index tree, so that the required data certificate can be recovered.
The taking of the required data certificate based on the index tree comprises:
acquiring a certificate chain of a required data certificate;
based on the index tree, searching a plurality of pointers of the SEQ objects corresponding to certificates at different levels in the certificate chain of the required data certificate;
and extracting corresponding compressed data according to the pointers to construct a required data certificate file.
In the traditional data certificate compression and decompression scheme, the decompressed certificate files are all completely decompressed, the memory thermal cache of the decompressed contents of a root certificate chain and a superior certificate chain cannot be realized, complete decompression or compression is required each time, and cpu resources are wasted. In this embodiment, only different SEQ objects in each data certificate are extracted, and the required data certificate can be decompressed, which has the effect of saving cpu resources.
The method comprises the following steps:
extracting corresponding compressed data from the pointers and merging the compressed data into a certificate chain of the data certificate;
and constructing a required data certificate file by adopting OpenSSL based on the certificate chain of the required data certificate, and outputting by adopting DER encoding.
In this embodiment, after the data certificate to be compressed is obtained, if the data certificate is compressed in a conventional compression manner, the problem of excessive memory usage is easily caused; analyzing a data certificate to be compressed, and extracting a certificate chain of the data certificate to be compressed and SEQ objects corresponding to certificates of various levels; then eliminating the data certificate to be compressed which is stored in the index tree; compressing and storing SEQ objects corresponding to certificates of different levels in the to-be-compressed data certificate which is not stored in the index tree, and enabling compressed data to be available through a pointer pointing to the SEQ objects and the index tree when the to-be-compressed data certificate is used; therefore, repeated data certificates to be compressed and SEQ objects in the compression process are reduced, and the effect of saving the memory is achieved.
Through the reasonable unique ASN.1 structure according to the certificate, certificate compression is divided into a plurality of certificate chain deduplication compressions, and deduplication compressions of the same SEQUENCE object in a plurality of certificate chains, for a mass certificate, the content size after compression is greatly reduced, and a B + index tree and a bloom filter are combined, the operating efficiency of decompression and compression is improved, repeated redundant compression decompression is reasonably avoided, the compression is carried out aiming at a single certificate in contrast to the traditional method, in the mass certificate storage condition, the scheme is used for memory resources, CPU resources, disk resources are all more efficient and cheap, and the enterprise cost is effectively reduced.
Example 2
The embodiment of the application provides a storage and taking device of a data certificate file, and with reference to fig. 2, the device comprises an input module, an analysis module, a certificate chain fingerprint acquisition module, a judgment module, a SEQ object fingerprint acquisition module, a storage module and a taking module; wherein, the first and the second end of the pipe are connected with each other,
the system comprises an input module, a compression module and a compression module, wherein the input module is used for acquiring a to-be-compressed data certificate and an index tree, and the index tree is used for storing a certificate chain relation of the to-be-compressed data certificate;
the analysis module is used for analyzing the to-be-compressed data certificate and extracting a certificate chain of the to-be-compressed data certificate and a plurality of SEQ objects corresponding to certificates at different levels in the certificate chain;
the certificate chain fingerprint acquisition module acquires the fingerprint of the certificate chain;
the judging module is used for judging whether the fingerprint of the certificate chain of the data certificate to be compressed exists in the index tree or not based on the fingerprint of the certificate chain;
if so, acquiring a next to-be-compressed data certificate;
if not, compressing the plurality of SEQ objects, and constructing pointers to the compressed data of the SEQ objects respectively;
a SEQ object fingerprint acquisition module, configured to acquire fingerprints of a plurality of SEQ objects;
the storage module is used for storing the fingerprints and the pointers of the plurality of SEQ objects corresponding to the certificates at each level in the certificate chain into the index tree based on the structure of the certificate chain;
and the taking module is used for taking the required data certificate based on the index tree.
Example 3
An embodiment of the present application provides an electronic device, which includes a memory, a processor, and a computer program that is stored in the memory and is executable on the processor, where the processor executes the method for storing and retrieving a data certificate file described in embodiment 1.
Example 4
An embodiment of the present application provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a method for storing and taking a data certificate file as described in embodiment 1.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. A storage access method for a data certificate file, the method comprising:
acquiring a data certificate to be compressed and an index tree, wherein the index tree is used for storing a certificate chain relation of the data certificate to be compressed;
analyzing the data certificate to be compressed, and extracting a certificate chain of the data certificate to be compressed and a plurality of SEQ objects corresponding to certificates at all levels in the certificate chain;
acquiring a fingerprint of the certificate chain;
judging whether the fingerprint of the certificate chain of the data certificate to be compressed already exists in the index tree or not based on the fingerprint of the certificate chain;
if so, acquiring a next to-be-compressed data certificate;
if not, compressing the plurality of SEQ objects, and constructing pointers to the compressed data of each SEQ object respectively;
obtaining a fingerprint of a plurality of said SEQ objects;
storing fingerprints and pointers of a plurality of SEQ objects corresponding to certificates of each level in the certificate chain into the index tree based on the structure of the certificate chain;
the method comprises the following steps:
constructing a SEQ object fingerprint filter;
sequentially obtaining a plurality of SEQ objects;
each time an SEQ object is obtained, judging whether the fingerprint of the SEQ object exists in the index tree or not based on the SEQ object fingerprint filter;
if yes, acquiring a next SEQ object;
if not, acquiring a father node of the SEQ object in the index tree based on the structure of the certificate chain;
creating a new child node under the parent node of the SEQ object;
adding a fingerprint and a pointer of the SEQ object to the child node;
based on the index tree, the required data certificate is taken.
2. The method of claim 1, wherein the method comprises the following steps: the determining whether the fingerprint of the certificate chain of the to-be-compressed data certificate exists in the index tree based on the fingerprint of the certificate chain includes:
constructing a certificate chain fingerprint filter;
inputting the certificate chain fingerprint into the certificate chain fingerprint filter, and judging:
and if the certificate chain object does not exist in the certificate chain fingerprint filter, the certificate chain relation of the to-be-compressed data certificate is not stored in the index tree.
3. The method of claim 2, wherein the method comprises the following steps: the analyzing the to-be-compressed data certificate, and extracting the certificate chain of the to-be-compressed data certificate and a plurality of SEQ objects corresponding to certificates at different levels in the certificate chain, includes:
acquiring an ASN1 structure of the data certificate to be compressed;
extracting an encryption algorithm list, an encryption suite list and a signature algorithm of the data certificate to be compressed by adopting OpenSSL based on the ASN1 structure of the data certificate to be compressed;
and synthesizing a plurality of SEQ objects corresponding to each level of certificate in the certificate chain based on the encryption algorithm list, the encryption suite list and the signature algorithm of the data certificate to be compressed.
4. A method for taking a storage of a data certificate file as claimed in claim 3, characterized in that: the taking of the required data certificate based on the index tree comprises:
acquiring a certificate chain of a required data certificate;
based on the index tree, searching a plurality of pointers of the SEQ objects corresponding to certificates at different levels in the certificate chain of the required data certificate;
and extracting corresponding compressed data according to the pointers to construct a required data certificate file.
5. The storage access method of the data certificate file according to claim 4, characterized in that: extracting corresponding compressed data according to the pointers to construct a required data certificate file, wherein the required data certificate file comprises the following steps:
extracting corresponding compressed data from the pointers and merging the compressed data into a certificate chain of the data certificate;
and constructing a required data certificate file by adopting OpenSSL based on the certificate chain of the required data certificate, and outputting by adopting DER encoding.
6. The method of claim 2, wherein the method comprises the following steps: and the certificate chain fingerprint filter and the SEQ object fingerprint filter both adopt bloom filters.
7. A storage of data certificate file takes device which characterized in that: the device comprises an input module, an analysis module, a certificate chain fingerprint acquisition module, a judgment module, a SEQ object fingerprint acquisition module, a storage module and a taking module; wherein the content of the first and second substances,
the system comprises an input module, a compression module and a compression module, wherein the input module is used for acquiring a to-be-compressed data certificate and an index tree, and the index tree is used for storing a certificate chain relation of the to-be-compressed data certificate;
the analysis module is used for analyzing the to-be-compressed data certificate and extracting a certificate chain of the to-be-compressed data certificate and a plurality of SEQ objects corresponding to certificates at different levels in the certificate chain;
the certificate chain fingerprint acquisition module acquires the fingerprint of the certificate chain;
the judging module is used for judging whether the fingerprint of the certificate chain of the to-be-compressed data certificate exists in the index tree or not based on the fingerprint of the certificate chain;
if so, acquiring a next to-be-compressed data certificate;
if not, compressing the plurality of SEQ objects, and constructing pointers to the compressed data of the SEQ objects respectively;
an object fingerprint acquisition module, configured to acquire fingerprints of a plurality of SEQ objects;
a storage module, configured to store, in the index tree, fingerprints and pointers of multiple SEQ objects corresponding to certificates at each level in the certificate chain based on a structure of the certificate chain;
and the taking module is used for taking the required data certificate based on the index tree.
8. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements a method for storage access of a data certificate file as claimed in any one of claims 1 to 6 when executing the computer program.
9. A computer-readable storage medium, on which a computer program is stored, which computer program, when executed by a processor, implements a method for storage access of a data certificate file as claimed in any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210791634.8A CN114866262B (en) | 2022-07-07 | 2022-07-07 | Storage access method, device, equipment and medium for data certificate file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210791634.8A CN114866262B (en) | 2022-07-07 | 2022-07-07 | Storage access method, device, equipment and medium for data certificate file |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114866262A CN114866262A (en) | 2022-08-05 |
| CN114866262B true CN114866262B (en) | 2022-11-22 |
Family
ID=82626299
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210791634.8A Active CN114866262B (en) | 2022-07-07 | 2022-07-07 | Storage access method, device, equipment and medium for data certificate file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114866262B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299801A (en) * | 2011-08-31 | 2011-12-28 | 四川长虹电器股份有限公司 | Method for analyzing digital certificate based on linked list structure |
| CN103678550A (en) * | 2013-09-09 | 2014-03-26 | 南京邮电大学 | Mass data real-time query method based on dynamic index structure |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104850564B (en) * | 2014-02-18 | 2019-07-05 | 腾讯科技(深圳)有限公司 | The index lookup method and system of data file |
| CN104901931B (en) * | 2014-03-05 | 2018-10-12 | 财团法人工业技术研究院 | certificate management method and device |
| CN106815350B (en) * | 2017-01-19 | 2020-02-14 | 安徽大学 | Dynamic ciphertext multi-keyword fuzzy search method in cloud environment |
| CN106874516A (en) * | 2017-03-15 | 2017-06-20 | 电子科技大学 | Efficient cipher text retrieval method based on KCB trees and Bloom filter in a kind of cloud storage |
| WO2020035137A1 (en) * | 2018-08-14 | 2020-02-20 | Huawei Technologies Co., Ltd. | Lightweight certificate status checking system for large number of certificates |
| US11151123B2 (en) * | 2019-10-16 | 2021-10-19 | International Business Machines Corporation | Offline verification with document filter |
| CN110912707B (en) * | 2019-11-22 | 2021-09-10 | 腾讯科技(深圳)有限公司 | Block chain-based digital certificate processing method, device, equipment and storage medium |
-
2022
- 2022-07-07 CN CN202210791634.8A patent/CN114866262B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102299801A (en) * | 2011-08-31 | 2011-12-28 | 四川长虹电器股份有限公司 | Method for analyzing digital certificate based on linked list structure |
| CN103678550A (en) * | 2013-09-09 | 2014-03-26 | 南京邮电大学 | Mass data real-time query method based on dynamic index structure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114866262A (en) | 2022-08-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220004521A1 (en) | Log file management | |
| US20050210054A1 (en) | Information management system | |
| US8811611B2 (en) | Encryption/decryption of digital data using related, but independent keys | |
| US8751462B2 (en) | Delta compression after identity deduplication | |
| US7552130B2 (en) | Optimal data storage and access for clustered data in a relational database | |
| CN110855761B (en) | Data processing method and device based on block chain system | |
| US8407192B2 (en) | Detecting a file fragmentation point for reconstructing fragmented files using sequential hypothesis testing | |
| CN105027071B (en) | Manage the operation to data storage unit | |
| CN102804800B (en) | Section with encrypted section removes repetition system | |
| US20050219076A1 (en) | Information management system | |
| US20130179413A1 (en) | Compressed Distributed Storage Systems And Methods For Providing Same | |
| Aronson et al. | Towards an engineering approach to file carver construction | |
| CN113238912B (en) | Aggregation processing method for network security log data | |
| WO2022100498A1 (en) | Method and device for file transmission | |
| CN113901006A (en) | Large-scale gene sequencing data storage and query system | |
| US20110069833A1 (en) | Efficient near-duplicate data identification and ordering via attribute weighting and learning | |
| WO2022082891A1 (en) | Big data acquisition method and system, and computer device and storage medium thereof | |
| CN110851409A (en) | Log compression and decompression method, device and storage medium | |
| JP2022553199A (en) | Systems and methods for effective compression, representation, and decompression of diverse tabular data | |
| CN114866262B (en) | Storage access method, device, equipment and medium for data certificate file | |
| CN109360605A (en) | Gene order-checking data archiving method, server and computer readable storage medium | |
| Ravi et al. | A method for carving fragmented document and image files | |
| US10162832B1 (en) | Data aware deduplication | |
| US6714950B1 (en) | Methods for reproducing and recreating original data | |
| Rashid et al. | Proof of retrieval and ownership protocols for images through spiht compression |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |