This article considers the security issue of Open API calls without the use of secure transport protocols.
-
- Role definitions
- Processing flow
- Caller message Sending Process
- Publisher message Ingestion Process
- Call results return process
- Code Design
- Caller Code Design
- Publisher Code Design
Liu Hailong
Weibo: [http://weibo.com/liuhailong2008]
Blog: [HTTP://BLOG.CSDN.NET/STATIONXP]
Role definitions
- Publisher: publisher of the Open API.
- Caller: The caller of the Open API.
Processing process caller message sending process
- Generate a UUID, called
_seed
.
- To
_seed
use your own private key to sign, get _sign
, provide to the publisher authentication identity.
- The
_seed
public key of the publisher is encrypted and obtained _key
.
- Use
_seed
symmetric encryption of messages to _msg
get ciphertext _msgx
.
- will be
_sign``_key``_msgx
stitching, Base64 compression (optional), get _body
.
- Send
_body
, execute API call.
Publisher message Ingestion Process
- Get
_body
, split into,, _sign
_key
_msgx
.
- The caller's
uri
public key is found by calling into the registry _invkerpk
.
- Use
_invkerpk
decryption _sign
to get _seed1
.
- Use your own private key to uncover
_key
, get _seed2
.
- Match
_seed1
and _seed2
, if consistent, be confirmed _seed
; otherwise the process ends.
- Use
_seed
the to _msgx
decrypt to get the plaintext message.
Call results return process
- Returns the result as a pre-set message code.
- Transmitted in a secure manner, the public key of the caller is used for encryption.
Code Design Caller Code Design
interface Invoker{ void setEndPoint(InvokerEndPoint endPoint); /** * 通过调用EndPoint实现。 */ Response get(String api,Object…params); Response post(String api,Object…params); } interface InvokerEndPoint{ /** 装饰模式 */ interface SecurityInvokerEndPoint{ Response invoke(Request request); }
Publisher Code Design
interface OpenApiFilter{ void setEndPoint(ExportEndPoint endPoint); /** * 通过调用EndPoint实现。 */ HttpServletResponse process(HttpServletRequest request); } interface ExportEndPoint{ /** 装饰模式 */ interface SecurityExportEndPoint{ Response export(Request request); } interface ExportHandler{ Response handle(Object...args); }
Open API Security Protocol design under the condition of non-secure transport protocol