CN117395008A - Certificate monitoring method, system, computer equipment and storage medium - Google Patents

Certificate monitoring method, system, computer equipment and storage medium Download PDF

Info

Publication number
CN117395008A
CN117395008A CN202311360746.9A CN202311360746A CN117395008A CN 117395008 A CN117395008 A CN 117395008A CN 202311360746 A CN202311360746 A CN 202311360746A CN 117395008 A CN117395008 A CN 117395008A
Authority
CN
China
Prior art keywords
certificate
file
ios
effective time
month
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311360746.9A
Other languages
Chinese (zh)
Inventor
刘晨迪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Property and Casualty Insurance Company of China Ltd
Original Assignee
Ping An Property and Casualty Insurance Company of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Property and Casualty Insurance Company of China Ltd filed Critical Ping An Property and Casualty Insurance Company of China Ltd
Priority to CN202311360746.9A priority Critical patent/CN117395008A/en
Publication of CN117395008A publication Critical patent/CN117395008A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/174Redundancy elimination performed by the file system
    • G06F16/1744Redundancy elimination performed by the file system using compression, e.g. sparse files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • HELECTRICITY
    • H03ELECTRONIC CIRCUITRY
    • H03MCODING; DECODING; CODE CONVERSION IN GENERAL
    • H03M7/00Conversion of a code where information is represented by a given sequence or number of digits to a code where the same, similar or subset of information is represented by a different sequence or number of digits
    • H03M7/30Compression; Expansion; Suppression of unnecessary data, e.g. redundancy reduction
    • H03M7/3084Compression; Expansion; Suppression of unnecessary data, e.g. redundancy reduction using adaptive string matching, e.g. the Lempel-Ziv method
    • H03M7/3086Compression; Expansion; Suppression of unnecessary data, e.g. redundancy reduction using adaptive string matching, e.g. the Lempel-Ziv method employing a sliding window, e.g. LZ77
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Technology Law (AREA)
  • Business, Economics & Management (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Library & Information Science (AREA)
  • Computer Hardware Design (AREA)
  • Multimedia (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Finance (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the application belongs to the field of information security and financial science and technology, and relates to a certificate monitoring method, which comprises the following steps: when an i OS compiling flow is detected, an i pa file corresponding to the i OS compiling flow is obtained; extracting corresponding certificate information according to the ipa file, wherein the certificate information comprises residual effective time; determining if the remaining effective time exceeds one month; if the time does not exceed one month, executing a preset alarm flow; and if the remaining effective time exceeds one month, recording the remaining effective time to a certificate monitoring log. The application also provides a certificate monitoring system, computer equipment and a storage medium. According to the method and the device, the aging of the i OS certificate is automatically monitored when the i OS compiling flow is detected, so that unified management of the valid period of the certificate is realized, monitoring by manpower is not needed, the probability of misoperation is reduced, and the efficiency of certificate monitoring is improved.

Description

Certificate monitoring method, system, computer equipment and storage medium
Technical Field
The application relates to the field of information security and financial science and technology, and is applied to a scene of monitoring iOS certificate timeliness of APP related to electronic financial business, in particular to a certificate monitoring method, a system, computer equipment and a storage medium.
Background
With the rapid development of financial technology, electronic financial services have also been developed, and in the internet environment, a large part of electronic financial services are transacted by people through application programs (APP) on mobile phones, so that the security of data transmission is important for related enterprises.
Therefore, when development testing is performed for APP related to electronic financial services in the iOS system, the iOS certificate needs to be packaged every time the iOS certificate is updated. However, since the iOS certificate has timeliness and needs to be regenerated manually every year, the validity period of the iOS certificate needs to be monitored, and the problem that the iOS certificate cannot be installed after the APP expires is avoided.
In general, each enterprise monitors the validity period of the iOS certificate manually, and is replaced manually at the end of the validity period, and also two to three months, so that the mode is low in efficiency and easy to operate by mistake, and once the expired iOS certificate is rolled back, all users who install the APP on the market are affected.
Disclosure of Invention
The embodiment of the application aims to provide a certificate monitoring method, a certificate monitoring system, computer equipment and a storage medium, so as to solve the technical problem of low efficiency in monitoring iOS certificate aging.
In order to solve the above technical problems, the embodiments of the present application provide a certificate monitoring method, which adopts the following technical schemes:
when an iOS compiling flow is detected, an ipa file corresponding to the iOS compiling flow is obtained;
extracting corresponding certificate information according to the ipa file, wherein the certificate information comprises residual effective time;
determining if the remaining effective time exceeds one month;
if the time does not exceed one month, executing a preset alarm flow;
and if the remaining effective time exceeds one month, recording the remaining effective time to a certificate monitoring log.
Further, the step of extracting the corresponding certificate information according to the ipa file specifically includes:
decompressing the ipa file to obtain a file path corresponding to the target certificate file;
and extracting the certificate information from the target certificate file according to the file path.
Further, the step of decompressing the ipa file to determine a file path corresponding to the target certificate file specifically includes:
changing the suffix of the ipa file into zip to obtain a compressed package file;
decompressing the compressed package file through shell command uzzip to generate the file path.
Further, the step of extracting the certificate information from the target certificate file according to the file path specifically includes:
extracting the target certificate file through a codesign tool according to the file path, and generating a codesign0 file;
and transcoding the codesign0 file through opensl to obtain the certificate information.
Further, if the month is not exceeded, executing a preset alarm process, which specifically includes:
if the remaining effective time does not exceed one month, generating alarm prompt information according to the remaining effective time;
and sending the alarm prompt information to a preset user side through an information output interface.
Further, before the step of acquiring the ipa file corresponding to the iOS compiling process when the iOS compiling process is detected, the method further includes:
in the Xcode tool, when an Xcode build command is received, an iOS compiling flow is executed according to the Xcode build command, and an ipa file corresponding to the iOS compiling flow is generated.
Further, after the step of executing the preset alarm flow if the month is not exceeded, the method further includes:
and when a renewal instruction is received, automatically updating the certificate information to enable the remaining effective time to exceed one month.
In order to solve the technical problems, the embodiment of the application also provides a certificate monitoring system, which adopts the following technical scheme:
a certificate monitoring system comprising:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring an ipa file corresponding to an iOS compiling flow when the iOS compiling flow is detected;
the extraction module is used for extracting corresponding certificate information according to the ipa file, wherein the certificate information comprises residual effective time;
a determining module for determining whether the remaining effective time exceeds one month;
the alarm module is used for executing a preset alarm process if the month is not exceeded;
and the recording module is used for recording the remaining effective time to a certificate monitoring log if the remaining effective time exceeds one month.
In order to solve the above technical problems, the embodiments of the present application further provide a computer device, which adopts the following technical schemes:
a computer device comprising a memory having stored therein computer readable instructions which when executed by a processor implement the steps of the certificate monitoring method as described above.
In order to solve the above technical problems, embodiments of the present application further provide a computer readable storage medium, which adopts the following technical solutions:
a computer readable storage medium having stored thereon computer readable instructions which when executed by a processor implement the steps of a certificate monitoring method as described above.
Compared with the prior art, the embodiment of the application has the following main beneficial effects:
according to the certificate monitoring method disclosed by the application, when the iOS compiling flow is detected, an ipa file corresponding to the iOS compiling flow is obtained; extracting corresponding certificate information according to the ipa file, wherein the certificate information comprises residual effective time; determining if the remaining effective time exceeds one month; if the time does not exceed one month, executing a preset alarm flow; and if the remaining effective time exceeds one month, recording the remaining effective time to a certificate monitoring log. According to the method and the device, the aging of the iOS certificate is automatically monitored when the iOS compiling flow is detected, so that unified management of the validity period of the certificate is realized, the monitoring by manpower is not needed, the probability of misoperation is reduced, and the efficiency of certificate monitoring is improved.
Drawings
For a clearer description of the solution in the present application, a brief description will be given below of the drawings that are needed in the description of the embodiments of the present application, it being obvious that the drawings in the following description are some embodiments of the present application, and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is an exemplary system architecture diagram in which the present application may be applied;
FIG. 2 is a flow chart of one embodiment of a credential monitoring method in accordance with the present application;
FIG. 3 is a schematic diagram of the architecture of one embodiment of a credential monitoring system in accordance with the present application;
FIG. 4 is a schematic diagram of an embodiment of the extraction module shown in FIG. 3;
FIG. 5 is a schematic structural diagram of one embodiment of a computer device according to the present application.
Detailed Description
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs; the terminology used in the description of the applications herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application; the terms "comprising" and "having" and any variations thereof in the description and claims of the present application and in the description of the figures above are intended to cover non-exclusive inclusions. The terms first, second and the like in the description and in the claims or in the above-described figures, are used for distinguishing between different objects and not necessarily for describing a sequential or chronological order.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the present application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the embodiments described herein may be combined with other embodiments.
In order to better understand the technical solutions of the present application, the following description will clearly and completely describe the technical solutions in the embodiments of the present application with reference to the accompanying drawings.
As shown in fig. 1, a system architecture 100 may include terminal devices 101, 102, 103, a network 104, and a server 105. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as a web browser application, a shopping class application, a search class application, an instant messaging tool, a mailbox client, social platform software, etc., may be installed on the terminal devices 101, 102, 103.
The terminal devices 101, 102, 103 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablet computers, electronic book readers, MP3 (Moving Picture Experts Group Audio Layer III, moving picture experts compression standard audio layer 3) players, MP4 (Moving Picture Experts Group Audio Layer IV, moving picture experts compression standard audio layer 4) players, laptop and desktop computers, and the like.
The server 105 may be a server providing various services, such as a background server providing support for pages displayed on the terminal devices 101, 102, 103.
It should be noted that, the certificate monitoring method provided in the embodiments of the present application is generally executed by a server, and accordingly, the certificate monitoring system is generally disposed in the server.
It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
With continued reference to fig. 2, a flow chart of one embodiment of a credential monitoring method in accordance with the present application is shown. The certificate monitoring method comprises the following steps:
step S201, when an iOS compiling process is detected, an ipa file corresponding to the iOS compiling process is obtained;
in this embodiment, the electronic device (e.g., the server shown in fig. 1) on which the certificate monitoring method operates may transmit or receive data through a wired connection or a wireless connection. It should be noted that the wireless connection may include, but is not limited to, 3G/4G/5G connection, wiFi connection, bluetooth connection, wiMAX connection, zigbee connection, UWB (ultra wideband) connection, and other now known or later developed wireless connection.
In this embodiment, when the certificate monitoring method detects the iOS compiling process during operation, the ipa file corresponding to the iOS compiling process needs to be acquired first. Specifically, the digital certificate is a string of digits marking identity information of each party of communication in internet communication, a mode of verifying identity of a communication entity on the internet is provided, the mode is similar to driver's license or an identity card in daily life, an APP related to electronic financial service in an iOS system is taken as an example, due to importance of data transmission safety, an iOS compiling process is needed whenever the APP is updated, an ipa file is generated through repacking, and the iOS certificate is also packed in the ipa file when packed each time, but due to a validity period of one year of the iOS certificate, when the iOS compiling process is detected, the remaining validity time of the certificate can be determined according to the ipa file by acquiring the ipa file corresponding to the iOS compiling process.
It should be noted that, the essence of the ipa file is a zip compression package, that is, an apple application file, abbreviated as ipa file, and the file can download the application onto the apple phone without the APP being put on the shelf after performing the iOS signature, so as to develop and test the APP, and the process of performing the iOS signature on the ipa file corresponds to the process of packaging and generating the ipa file.
Step S202, corresponding certificate information is extracted according to the ipa file, wherein the certificate information comprises residual effective time;
in this embodiment, after detecting the iOS compiling process and obtaining the corresponding ipa file, the corresponding credential information may be extracted according to the ipa file, where the credential information includes the remaining valid time, for example, since the ipa file is substantially a zip compression packet, after obtaining the ipa file, the ipa file may be decompressed, and a directory where the target credential file packaged into the ipa file is located, that is, a file path corresponding to the target credential file, may be determined, then, a codesign tool may be used to extract the target credential file, and generate a codesign0 file including the remaining valid time, and then the codesign0 file is converted into the credential information through an opensl command, where the credential information includes the remaining valid time.
Step S203, determining whether the remaining effective time exceeds one month;
in this embodiment, after the certificate information corresponding to the ipa file is extracted, it may be determined whether the remaining validity time included in the ipa file exceeds one month. Specifically, since the validity period of the iOS certificate is one year, the iOS certificate is replaced when the remaining validity time is monitored manually and is two to three months, the certificate monitoring method of the embodiment can automatically determine whether the remaining validity time exceeds one month, and subsequently alarms or records according to different results, so that the iOS certificate is not required to be monitored manually, and automatic management can be realized.
Step S204, if not more than one month, executing a preset alarm flow;
in this embodiment, when determining whether the remaining effective time exceeds one month, if the remaining effective time does not exceed one month, a preset alarm process may be executed, for example, alarm prompt information is generated according to the remaining effective time, and the alarm prompt information is sent to the user side of the dockee through an information outgoing interface in a manner of WeChat, mail, SMS, etc. so as to prompt the dockee that the iOS certificate is about to expire.
Optionally, when a renewal command sent by a person to whom one key is sent is received, the certificate information can be automatically updated, that is, the target certificate file is replaced, so that the aging of the iOS certificate is prolonged.
And step S205, if the time exceeds one month, recording the residual effective time to a certificate monitoring log.
In this embodiment, when determining whether the remaining valid time exceeds one month, if the remaining valid time exceeds one month, the remaining valid time may be recorded to the certificate monitoring log. Specifically, when the certificate monitoring method of the embodiment operates, a certificate monitoring log exists, and when the remaining valid time of the iOS certificate is monitored for more than one month, the remaining valid time can be recorded into the certificate monitoring log, so that the iOS certificate can be checked at any time, and the possibility of manual operation is reserved.
According to the method and the device, the aging of the iOS certificate is automatically monitored when the iOS compiling flow is detected, so that unified management of the validity period of the certificate is realized, the monitoring by manpower is not needed, the probability of misoperation is reduced, and the efficiency of certificate monitoring is improved.
In some optional implementations of this embodiment, the step of extracting the corresponding certificate information according to the ipa file specifically includes:
decompressing the ipa file to obtain a file path corresponding to the target certificate file;
and extracting the certificate information from the target certificate file according to the file path.
In this embodiment, after the ipa file corresponding to the iOS compiling process is obtained, the ipa file may be decompressed to obtain a file path corresponding to the target certificate file, and then, according to the file path, the certificate information corresponding to the ipa file is extracted from the target certificate file. Specifically, the suffix of the ipa file can be changed into zip, the zip is decompressed through shell command un-zip to obtain a file path corresponding to the target certificate file, then the target certificate file can be extracted through a codesign tool according to the file path, a codesign0 file containing the certificate information is generated, and then the codesign0 file is transcoded through an opensl command to finally obtain the certificate information, wherein the certificate information contains the residual effective time.
According to the method and the device, the residual effective time of the iOS certificate is automatically determined according to the ipa file, so that the monitoring of the certificate effective period is realized, the accuracy of the residual effective time of the subsequently determined iOS certificate is improved, and the efficiency of certificate monitoring is improved.
In some optional implementations of this embodiment, the step of decompressing the ipa file to determine a file path corresponding to the target certificate file specifically includes:
changing the suffix of the ipa file into zip to obtain a compressed package file;
decompressing the compressed package file through shell command uzzip to generate the file path.
In this embodiment, when the file path corresponding to the target certificate file needs to be decompressed to obtain the file path corresponding to the target certificate file, the suffix of the ipa file may be changed to zip to obtain the compressed package file, and then the compressed package file is decompressed by the shell command unizip, so as to generate the file path.
It should be noted that Shell is a command language and a programming language. Shell may refer to an application program that provides an interface through which a user accesses the services of the operating system kernel.
According to the method and the device, the file path of the target certificate file is determined through decompression of the ipa file, so that the iOS certificate file can be accurately extracted, the accuracy of the residual effective time of the subsequently determined iOS certificate is improved, and the efficiency of certificate monitoring is improved.
In some optional implementations of this embodiment, the step of extracting the certificate information from the target certificate file according to the file path specifically includes:
extracting the target certificate file through a codesign tool according to the file path, and generating a codesign0 file;
and transcoding the codesign0 file through opensl to obtain the certificate information.
In this embodiment, after the ipa file is decompressed and the file path corresponding to the target certificate file is determined, the target certificate file can be extracted by a codesign tool according to the file path, and a codesign0 file is generated, and then the codesign0 file is transcoded by an opensl to obtain the certificate information, for example, the file path corresponding to the target certificate file can be Payload/xxx.app, after the file path is determined, the codesign tool can be adopted, for example, three files of codesign0, codesign1 and codesign2 can be generated by an input command "$puls-2, and then the codesign0 file is transcoded to obtain the certificate information by an input command" $openslx 509-in codesign 0-nonon-one-dates ", and the rest of the certificate information contains the certificate information with the time being similar to" 4 16:08:00 2017GMT f "=can be obtained.
It should be noted that OpenSSL is an open source item, and its composition mainly includes three components: 1. openssl: a multi-purpose command line tool; 2. libcrypto: an encryption algorithm library; 3. libssl: the encryption module application library realizes ssl and tls. Wherein x509 comprised by opensl is a functionally rich certificate handling tool. As indicated by the above command, it may be used to display the contents of the certificate, converting the format of the certificate.
After the ipa file is decompressed and the file path of the target certificate file is determined, the certificate information can be accurately extracted according to the file path, and the accuracy of the remaining effective time is improved, so that the efficiency of certificate monitoring is improved.
In some optional implementations of this embodiment, if the foregoing period does not exceed one month, the step of executing the preset alert procedure specifically includes:
if the remaining effective time does not exceed one month, generating alarm prompt information according to the remaining effective time;
and sending the alarm prompt information to a preset user side through an information output interface.
In this embodiment, when determining whether the remaining effective time exceeds one month, if the remaining effective time does not exceed one month, the alarm prompt information may be generated according to the remaining effective time, and then the alarm prompt information is sent to the preset user terminal through the information output interface. The certificate monitoring system running the method for monitoring the books of the embodiment can be provided with an information issuing interface and a preset warning prompt message template, when the remaining effective time does not exceed one month, the remaining effective time can be filled into the preset warning prompt message template, so that warning prompt messages are generated, and then the warning prompt messages are sent to a preset user side in the form of WeChat, mail and short message through the information issuing interface, and the preset user side can be understood to be the user side of a butt joint person.
According to the method and the device, when the residual effective time of the iOS certificate is insufficient, the alarm prompt information is generated in time to alarm, so that unified management of the effective period of the certificate is realized, and therefore monitoring by a person is not needed, and the efficiency of monitoring the certificate is improved.
In some optional implementations of this embodiment, before the step of obtaining the ipa file corresponding to the iOS compilation flow when the iOS compilation flow is detected, the method further includes:
in the Xcode tool, when an Xcode build command is received, an iOS compiling flow is executed according to the Xcode build command, and an ipa file corresponding to the iOS compiling flow is generated.
In this embodiment, when the iOS compiling process is performed, in the Xcode tool, when the Xcode build command is received, the iOS compiling process may be performed according to the Xcode build command, and an ipa file corresponding to the iOS compiling process may be generated. Specifically, the Xcode tool is generally used for packaging an ipa file, when an Xcode build command input by a developer is received, a corresponding iOS compiling flow can be executed to package, an iOS certificate is added in the packaging process, and finally the ipa file is generated.
According to the method and the device, the ipa file is generated by packaging according to the xcodebuild command, so that the certificate information can be extracted according to the iOS certificate in the file, the remaining effective time is determined, and the efficiency of monitoring the certificate is improved.
In some optional implementations of this embodiment, after the step of executing the preset alert procedure if the foregoing period does not exceed one month, the method further includes:
and when a renewal instruction is received, automatically updating the certificate information to enable the remaining effective time to exceed one month.
In this embodiment, after determining that the remaining valid time of the iOS certificate is less than one month and executing the preset alarm procedure, if a renewal command is received, the certificate information may be automatically updated so that the remaining valid time exceeds one month. Specifically, the preset alarm flow may send alarm prompt information to the user side of the dockee, after receiving the alarm prompt information, the dockee may send a renewal command by one key, and after receiving the renewal command, the certificate information may be updated, for example, the target certificate file is automatically replaced and repackaged to generate the ipa file, so that the remaining effective time exceeds one month.
According to the method and the device, the iOS certificate can be automatically renewed according to the renewal instruction after the alarm, unified management of the validity period of the certificate is achieved, probability of misoperation is reduced, and efficiency of certificate monitoring is improved.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by computer readable instructions stored in a computer readable storage medium that, when executed, may comprise the steps of the embodiments of the methods described above. The storage medium may be a nonvolatile storage medium such as a magnetic disk, an optical disk, a Read-Only Memory (ROM), or a random access Memory (Random Access Memory, RAM).
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited in order and may be performed in other orders, unless explicitly stated herein. Moreover, at least some of the steps in the flowcharts of the figures may include a plurality of sub-steps or stages that are not necessarily performed at the same time, but may be performed at different times, the order of their execution not necessarily being sequential, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
With further reference to fig. 3, as an implementation of the method shown in fig. 2, the present application provides an embodiment of a certificate monitoring system, which corresponds to the method embodiment shown in fig. 2, and which is particularly applicable to various electronic devices.
As shown in fig. 3, the certificate monitoring system 300 according to the present embodiment includes: an acquisition module 301, an extraction module 302, a determination module 303, an alarm module 304, and a recording module 305. Wherein:
the acquiring module 301 is configured to acquire an ipa file corresponding to an iOS compiling process when detecting the iOS compiling process;
the extracting module 302 is configured to extract corresponding certificate information according to the ipa file, where the certificate information includes remaining valid time;
a determining module 303 for determining whether the remaining effective time exceeds a month;
the alarm module 304 is configured to execute a preset alarm procedure if the alarm time does not exceed one month;
a recording module 305, configured to record the remaining validity time to a certificate monitoring log if the remaining validity time exceeds one month.
According to the certificate monitoring system, the aging of the iOS certificate is automatically monitored when the iOS compiling flow is detected, so that unified management of the valid period of the certificate is realized, the certificate is not required to be monitored by manpower, the probability of misoperation is reduced, and the efficiency of certificate monitoring is improved.
In some optional implementations of this embodiment, the extraction module 302 further includes:
a decompression unit 3021, configured to decompress the ipa file to obtain a file path corresponding to the target certificate file;
an extracting unit 3022 for extracting the certificate information from the target certificate file according to the file path.
According to the certificate monitoring system, the residual effective time of the iOS certificate is automatically determined according to the ipa file, so that the monitoring of the effective time of the certificate is realized, the accuracy of the residual effective time of the iOS certificate which is determined later is improved, and the efficiency of certificate monitoring is improved.
In some optional implementations of the present embodiment, the decompression unit 3021 is further configured to:
changing the suffix of the ipa file into zip to obtain a compressed package file;
decompressing the compressed package file through shell command uzzip to generate the file path.
According to the certificate monitoring system, the file path of the target certificate file is determined through decompression of the ipa file, so that the iOS certificate file can be accurately extracted, the accuracy of the residual effective time of the subsequently determined iOS certificate is improved, and the certificate monitoring efficiency is improved.
In some optional implementations of the present embodiment, the extraction unit 3022 is further configured to:
extracting the target certificate file through a codesign tool according to the file path, and generating a codesign0 file;
and transcoding the codesign0 file through opensl to obtain the certificate information.
According to the certificate monitoring system, after the ipa file is decompressed and the file path of the target certificate file is determined, the certificate information can be accurately extracted according to the file path, the accuracy of the remaining effective time is improved, and therefore the certificate monitoring efficiency is improved.
In some alternative implementations of the present embodiment, the alert module 304 is further configured to:
if the remaining effective time does not exceed one month, generating alarm prompt information according to the remaining effective time;
and sending the alarm prompt information to a preset user side through an information output interface.
According to the certificate monitoring system, when the residual effective time of the iOS certificate is insufficient, the alarm prompt information is generated in time to give an alarm, so that unified management of the effective period of the certificate is realized, and therefore, monitoring by a person is not needed, and the efficiency of certificate monitoring is improved.
In some alternative implementations of the present embodiment, the certificate monitoring system 300 is further configured to:
in the Xcode tool, when an Xcode build command is received, an iOS compiling flow is executed according to the Xcode build command, and an ipa file corresponding to the iOS compiling flow is generated.
According to the certificate monitoring system, the ipa file is generated by packaging according to the xcodebuild command, so that the certificate information can be extracted according to the iOS certificate in the file, the remaining effective time is determined, and the certificate monitoring efficiency is improved.
In some alternative implementations of the present embodiment, the certificate monitoring system 300 is further configured to:
and when a renewal instruction is received, automatically updating the certificate information to enable the remaining effective time to exceed one month.
The certificate monitoring system provided by the application enables the iOS certificate to be automatically renewed according to the renewal instruction after the alarm, realizes unified management of the valid period of the certificate, reduces the occurrence probability of misoperation, and improves the efficiency of certificate monitoring.
In order to solve the technical problems, the embodiment of the application also provides computer equipment. Referring specifically to fig. 5, fig. 5 is a basic structural block diagram of a computer device according to the present embodiment.
The computer device 5 comprises a memory 51, a processor 52, a network interface 53 which are communicatively connected to each other via a system bus. It should be noted that only the computer device 5 with components 51-53 is shown in the figures, but it should be understood that not all of the illustrated components are required to be implemented and that more or fewer components may be implemented instead. It will be appreciated by those skilled in the art that the computer device herein is a device capable of automatically performing numerical calculations and/or information processing in accordance with predetermined or stored instructions, the hardware of which includes, but is not limited to, microprocessors, application specific integrated circuits (Application Specific Integrated Circuit, ASICs), programmable gate arrays (fields-Programmable Gate Array, FPGAs), digital processors (Digital Signal Processor, DSPs), embedded devices, etc.
The computer equipment can be a desktop computer, a notebook computer, a palm computer, a cloud server and other computing equipment. The computer equipment can perform man-machine interaction with a user through a keyboard, a mouse, a remote controller, a touch pad or voice control equipment and the like.
The memory 51 includes at least one type of readable storage medium including flash memory, hard disk, multimedia card, card memory (e.g., SD or DX memory, etc.), random Access Memory (RAM), static Random Access Memory (SRAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), programmable Read Only Memory (PROM), magnetic memory, magnetic disk, optical disk, etc. In some embodiments, the storage 51 may be an internal storage unit of the computer device 5, such as a hard disk or a memory of the computer device 5. In other embodiments, the memory 51 may also be an external storage device of the computer device 5, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like, which are provided on the computer device 5. Of course, the memory 51 may also comprise both an internal memory unit of the computer device 5 and an external memory device. In this embodiment, the memory 51 is typically used to store an operating system and various application software installed on the computer device 5, such as computer readable instructions of a certificate monitoring method. Further, the memory 51 may be used to temporarily store various types of data that have been output or are to be output.
The processor 52 may be a central processing unit (Central Processing Unit, CPU), controller, microcontroller, microprocessor, or other data processing chip in some embodiments. The processor 52 is typically used to control the overall operation of the computer device 5. In this embodiment, the processor 52 is configured to execute computer readable instructions stored in the memory 51 or process data, such as computer readable instructions for executing the certificate monitoring method.
The network interface 53 may comprise a wireless network interface or a wired network interface, which network interface 53 is typically used to establish communication connections between the computer device 5 and other electronic devices.
According to the computer equipment, the aging of the iOS certificate is automatically monitored when the iOS compiling flow is detected, so that unified management of the valid period of the certificate is realized, the monitoring is not needed by manpower any more, the probability of misoperation is reduced, and the efficiency of certificate monitoring is improved.
The present application also provides another embodiment, namely, a computer-readable storage medium storing computer-readable instructions executable by at least one processor to cause the at least one processor to perform the steps of the certificate monitoring method as described above.
According to the computer readable storage medium, the aging of the iOS certificate is automatically monitored when the iOS compiling flow is detected, so that unified management of the validity period of the certificate is realized, the monitoring is not needed by manpower, the probability of misoperation is reduced, and the efficiency of certificate monitoring is improved.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk), comprising several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) to perform the method described in the embodiments of the present application.
It is apparent that the embodiments described above are only some embodiments of the present application, but not all embodiments, the preferred embodiments of the present application are given in the drawings, but not limiting the patent scope of the present application. This application may be embodied in many different forms, but rather, embodiments are provided in order to provide a more thorough understanding of the present disclosure. Although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described in the foregoing, or equivalents may be substituted for elements thereof. All equivalent structures made by the specification and the drawings of the application are directly or indirectly applied to other related technical fields, and are also within the protection scope of the application.

Claims (10)

1. A method of certificate monitoring comprising the steps of:
when an iOS compiling flow is detected, an i pa file corresponding to the iOS compiling flow is obtained;
extracting corresponding certificate information according to the ipa file, wherein the certificate information comprises residual effective time;
determining if the remaining effective time exceeds one month;
if the time does not exceed one month, executing a preset alarm flow;
and if the remaining effective time exceeds one month, recording the remaining effective time to a certificate monitoring log.
2. The method for monitoring certificates according to claim 1, wherein the step of extracting the corresponding certificate information from the ipa file specifically includes:
decompressing the ipa file to obtain a file path corresponding to the target certificate file;
and extracting the certificate information from the target certificate file according to the file path.
3. The method for monitoring certificates according to claim 2, wherein the step of decompressing the ipa file to determine the file path corresponding to the target certificate file specifically includes:
changing the suffix of the ipa file into zip to obtain a compressed package file;
decompressing the compressed package file through shell command uzzip to generate the file path.
4. The method for monitoring certificate according to claim 2, wherein the step of extracting the certificate information from the target certificate file according to the file path specifically comprises:
extracting the target certificate file through a codesign tool according to the file path, and generating a codesign0 file;
and transcoding the codesign0 file through opensl to obtain the certificate information.
5. The method for monitoring certificates according to claim 1, wherein the step of executing a preset alert process if not more than one month specifically comprises:
if the remaining effective time does not exceed one month, generating alarm prompt information according to the remaining effective time;
and sending the alarm prompt information to a preset user side through an information output interface.
6. The certificate monitoring method according to claim 1, wherein, before the step of acquiring the ipa file corresponding to the iOS compilation flow when the iOS compilation flow is detected, further comprising:
in the Xcode tool, when an Xcode build command is received, an iOS compiling flow is executed according to the Xcode build command, and an ipa file corresponding to the iOS compiling flow is generated.
7. The certificate monitoring method as set forth in any one of claims 1 to 6, further comprising, after the step of executing a preset alert procedure if not more than one month:
and when a renewal instruction is received, automatically updating the certificate information to enable the remaining effective time to exceed one month.
8. A certificate monitoring system, comprising:
the system comprises an acquisition module, a storage module and a storage module, wherein the acquisition module is used for acquiring an ipa file corresponding to an iOS compiling flow when the iOS compiling flow is detected;
the extraction module is used for extracting corresponding certificate information according to the ipa file, wherein the certificate information comprises residual effective time;
a determining module for determining whether the remaining effective time exceeds one month;
the alarm module is used for executing a preset alarm process if the month is not exceeded;
and the recording module is used for recording the remaining effective time to a certificate monitoring log if the remaining effective time exceeds one month.
9. A computer device comprising a memory and a processor, the memory having stored therein computer readable instructions which when executed by the processor implement the steps of the certificate monitoring method of any one of claims 1 to 7.
10. A computer readable storage medium having stored thereon computer readable instructions which when executed by a processor implement the steps of the certificate monitoring method as claimed in any one of claims 1 to 7.
CN202311360746.9A 2023-10-19 2023-10-19 Certificate monitoring method, system, computer equipment and storage medium Pending CN117395008A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311360746.9A CN117395008A (en) 2023-10-19 2023-10-19 Certificate monitoring method, system, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311360746.9A CN117395008A (en) 2023-10-19 2023-10-19 Certificate monitoring method, system, computer equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117395008A true CN117395008A (en) 2024-01-12

Family

ID=89438614

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311360746.9A Pending CN117395008A (en) 2023-10-19 2023-10-19 Certificate monitoring method, system, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117395008A (en)

Similar Documents

Publication Publication Date Title
US10148675B1 (en) Block-level forensics for distributed computing systems
CN111414334A (en) File fragment uploading method, device, equipment and storage medium based on cloud technology
US10564987B1 (en) Efficient infrastructure updates for executable code development
CN112631924A (en) Automatic testing method and device, computer equipment and storage medium
WO2017097144A1 (en) Verification information processing method and device
WO2022142536A1 (en) Grayscale publishing method, system and apparatus, and device and storage medium
CN114615031A (en) File storage method and device, electronic equipment and storage medium
CN112860662B (en) Automatic production data blood relationship establishment method, device, computer equipment and storage medium
CN114449047A (en) File data processing method and device
CN111552663A (en) File consistency verification method and device, computer equipment and storage medium
US20120089849A1 (en) Cookie management system and method
WO2022116587A1 (en) Web end data signature method and apparatus, and computer device
CN116028917A (en) Authority detection method and device, storage medium and electronic equipment
CN112416875B (en) Log management method, device, computer equipment and storage medium
CN117395008A (en) Certificate monitoring method, system, computer equipment and storage medium
CN113360172B (en) Application deployment method, device, computer equipment and storage medium
CN114143308A (en) File uploading information processing method and device, computer equipment and storage medium
CN110262856B (en) Application program data acquisition method, device, terminal and storage medium
CN114615325A (en) Message pushing method and device, computer equipment and storage medium
CN109002710A (en) A kind of detection method, device and computer readable storage medium
CN110287087B (en) Method and device for detecting application
CN113099025A (en) Method and device for adding friends in social application
CN110659476A (en) Method and apparatus for resetting password
CN117278623A (en) Method and device for processing request data, computer equipment and storage medium
CN110781523B (en) Method and apparatus for processing information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination