CN114338795B - Data communication method and device of blockchain client - Google Patents
Data communication method and device of blockchain client Download PDFInfo
- Publication number
- CN114338795B CN114338795B CN202111589913.8A CN202111589913A CN114338795B CN 114338795 B CN114338795 B CN 114338795B CN 202111589913 A CN202111589913 A CN 202111589913A CN 114338795 B CN114338795 B CN 114338795B
- Authority
- CN
- China
- Prior art keywords
- grpc
- request
- blockchain
- node
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 230000006854 communication Effects 0.000 title claims abstract description 96
- 238000004891 communication Methods 0.000 title claims abstract description 92
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012795 verification Methods 0.000 claims abstract description 26
- 238000004590 computer program Methods 0.000 claims description 27
- 238000010586 diagram Methods 0.000 description 6
- 230000004044 response Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000001514 detection method Methods 0.000 description 3
- 239000004744 fabric Substances 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 2
- 230000002427 irreversible effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the application is suitable for the technical field of block chains, and provides a data communication method and device of a block chain client, wherein the method comprises the following steps: receiving Grpc a request from a blockchain client; if the Grpc request includes a request header, acquiring a node identifier and an identity identifier of the Grpc request from the request header; acquiring a data signature requested by the Grpc from the request body requested by the Grpc; carrying out identity verification on the Grpc request according to the data signature and the identity mark; if the Grpc requests to pass the authentication, establishing communication connection between the blockchain client and the corresponding target blockchain link point according to the node mark; forwarding the Grpc request to the target blockchain node over the communication connection. By the method, the Grpc agent can be utilized to realize data communication between the blockchain client and the blockchain node.
Description
Technical Field
The application belongs to the technical field of blockchain, and particularly relates to a data communication method and device of a blockchain client.
Background
The blockchain client sends a request to the blockchain link point, and can realize data interaction with the blockchain. The blockchain client may implement data communication with the blockchain node through the Grpc agent.
However, when the current blockchain client performs data communication with the blockchain node through the Grpc proxy, only forwarding of a conventional Grpc request is supported, and for a Grpc request in a duplex flow mode, an identity verification function is difficult to support; or generally requires the blockchain client to implement forwarding by configuring an IP address, but in the blockchain scenario, the user is generally not concerned about the IP of the node, and the difficulty of use of the user is increased if the IP is still used.
Disclosure of Invention
In view of this, the embodiment of the application provides a data communication method and device of a blockchain client, which are used for realizing data communication between the blockchain client and a blockchain node by utilizing Grpc agents.
A first aspect of an embodiment of the present application provides a data communication method of a blockchain client, applied to Grpc proxy servers, the method including:
Receiving Grpc a request from a blockchain client;
if the Grpc request includes a request header, acquiring a node identifier and an identity identifier of the Grpc request from the request header;
Acquiring a data signature of the Grpc request from the Grpc request body, wherein the data signature is obtained by encrypting the request body by the blockchain client according to the identity mark;
Carrying out identity verification on the Grpc request according to the data signature and the identity mark;
if the Grpc requests to pass the authentication, establishing communication connection between the blockchain client and the corresponding target blockchain link point according to the node mark;
Forwarding the Grpc request to the target blockchain node over the communication connection.
A second aspect of an embodiment of the present application provides a data communication method of a blockchain client, which is applied to the blockchain client, and the method includes:
Determining a node flag and an identity flag of the Grpc request when a first Grpc request for data communication is sent to a target blockchain link, the node flag being used to characterize the target blockchain node;
Writing the node mark and the identity mark into a request head of the Grpc request;
Encrypting the request body of the Grpc request according to the identity mark to obtain a data signature of the Grpc request;
Writing the data signature into the request body;
The Grpc request is sent to a Grpc proxy server, which Grpc proxy server is configured to forward the Grpc request to the target blockchain node.
A third aspect of an embodiment of the present application provides a data communication apparatus of a blockchain client, applied to Grpc proxy servers, the apparatus including:
A receiving module for receiving Grpc requests from the blockchain client;
a first obtaining module, configured to obtain, if the Grpc request includes a request header, a node identifier and an identity identifier of the Grpc request from the request header;
The second obtaining module is configured to obtain a data signature requested by the Grpc from the request body requested by the Grpc, where the data signature is obtained by encrypting the request body by the blockchain client according to the identity mark;
the identity verification module is used for carrying out identity verification on the Grpc request according to the data signature and the identity mark;
The connection establishment module is used for establishing communication connection between the blockchain client and the corresponding target blockchain link point according to the node mark if the Grpc requests to pass the authentication;
And the forwarding module is used for forwarding the Grpc request to the target blockchain node through the communication connection.
A fourth aspect of an embodiment of the present application provides a data communication apparatus for a blockchain client, applied to the blockchain client, the apparatus including:
A determining module for determining, when a first Grpc request for data communication is sent to a target blockchain link, a node flag and an identity flag of the Grpc request, the node flag being used to characterize the target blockchain node;
A first writing module, configured to write the node identifier and the identity identifier into a request header of the Grpc request;
The encryption module is used for encrypting the request body requested by Grpc according to the identity mark to obtain the data signature requested by Grpc;
The second writing module is used for writing the data signature into the request body;
A sending module for sending the Grpc request to a Grpc proxy server, the Grpc proxy server for forwarding the Grpc request to the target blockchain node.
A fifth aspect of an embodiment of the present application provides a server comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method according to the first aspect as described above when executing the computer program.
A sixth aspect of an embodiment of the present application provides a terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the method according to the second aspect as described above when executing the computer program.
A seventh aspect of the embodiments of the present application provides a computer readable storage medium storing a computer program which, when executed by a processor, implements a method as described in the first aspect above.
An eighth aspect of embodiments of the present application provides another computer readable storage medium storing a computer program which, when executed by a processor, implements a method as described in the second aspect above.
A ninth aspect of an embodiment of the application provides a computer program product which, when run on a server, causes the server to perform the method of the first aspect described above.
A tenth aspect of an embodiment of the application provides a further computer program product which, when run on a server, causes the server to perform the method of the second aspect described above.
Compared with the prior art, the embodiment of the application has the following advantages:
In the embodiment of the application, the data communication between the blockchain client and the blockchain node can be performed through the Grpc proxy server. When Grpc proxy server receives Grpc request from blockchain client, it can first determine whether Grpc request has request header; if Grpc requests have a request header, the Grpc request is the first Grpc request sent by the blockchain client in the data communication process, and at this time, the identity flag and the node flag can be extracted from the request header; acquiring a data signature from a request body; then adopting the identity mark and the data signature to carry out identity verification on Grpc requests; if Grpc requests pass identity verification, a communication connection between the blockchain client and the target blockchain node may be established, forwarding Grpc requests to the corresponding target blockchain node using the communication connection. In the embodiment of the application, the identity mark and the node mark are added in the request head of the Grpc request, and the data signature is added in the request body, so that the data communication between the blockchain client and the blockchain node is realized by using the proxy service. In the data communication process, the blockchain client can send the request only by knowing the node mark, does not need to care about the IP of the blockchain, and reduces the use difficulty of users; meanwhile, the lightweight of the blockchain client is guaranteed, and the blockchain client is convenient to develop and use.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following will briefly introduce the drawings that are required to be used in the embodiments or the description of the prior art. It is evident that the drawings in the following description are only some embodiments of the present application and that other drawings may be obtained from these drawings without inventive effort for a person of ordinary skill in the art.
FIG. 1 is a flowchart illustrating a data communication method of a blockchain client according to an embodiment of the present application;
FIG. 2 is a flowchart illustrating a data communication method of another blockchain client according to an embodiment of the present application;
FIG. 3 is a flow chart of a method of data communication for a blockchain client in accordance with an embodiment of the present application;
FIG. 4 is a schematic diagram of a data communication device of a blockchain client according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a data communication apparatus of another blockchain client provided in accordance with an embodiment of the present application;
fig. 6 is a schematic diagram of a server according to an embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth such as the particular system architecture, techniques, etc., in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It should be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in the present specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in the present description and the appended claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Furthermore, the terms "first," "second," "third," and the like in the description of the present specification and in the appended claims, are used for distinguishing between descriptions and not necessarily for indicating or implying a relative importance.
Reference in the specification to "one embodiment" or "some embodiments" or the like means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," and the like in the specification are not necessarily all referring to the same embodiment, but mean "one or more but not all embodiments" unless expressly specified otherwise. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless expressly specified otherwise.
The technical scheme of the application is described below through specific examples.
Referring to fig. 1, a flowchart illustrating a step of a data communication method of a blockchain client according to an embodiment of the present application may specifically include the following steps:
S101, receiving Grpc requests from the blockchain client.
The execution body of the embodiment is a proxy server, and in the present application, the proxy server may be a Grpc proxy server. The method in the embodiment can be applied to the block chain service. The blockchain is a decentralised distributed shared ledger, and consists of a plurality of blockchain nodes. A user may interact with the blockchain by sending Grpc a request to a blockchain link through a blockchain client that integrates a corresponding blockchain software development kit (Software Development Kit, SDK). The data communication in this embodiment may refer to data interaction between the blockchain client and the blockchain node.
Grpc is a high performance, open source and generic remote procedure call (Remote Procedure Call, RPC) framework. In particular, for those blockchains that support Grpc (e.g., HYPERLEDGER FABRIC blockchains), the blockchain client needs to send Grpc requests to interact with the blockchain.
The Grpc proxy is a bridge between the client and the server, receives the Grpc request from the client, and forwards the request to the server. For blockchain services, the client of Grpc proxy is the blockchain client and the server is the blockchain node. By using Grpc agents, the block chain nodes can be protected more flexibly, and the possibility that the block chain nodes are attacked is reduced; resources can be allocated more effectively, response speed of requests is improved, and the like.
The blockchain client may generate Grpc a request according to user needs and then send Grpc the request to the corresponding blockchain node through the proxy server. In this process, the proxy server may receive Grpc the request sent by the blockchain client, process the Grpc request, and send it to the corresponding blockchain node.
S102, if the Grpc request comprises a request header, acquiring the node mark and the identity mark of the Grpc request from the request header.
Specifically, when using Grpc requests for communication, the first Grpc request has a request header and a request body, and the subsequent Grpc requests generally include only the request body. The request header includes an identity tag and a node tag, and the request body includes a data signature.
In the embodiment of the application, the software development kit of the blockchain client can be modified in advance, so that the request header of Grpc requests generated by the blockchain client can comprise a node mark and an identity mark, and the request body comprises a data signature. The node mark is the unique identification information of the target blockchain node; the identity mark refers to identity information of a user; the data signature can be obtained by encrypting the request body according to the identity mark.
And S103, acquiring the data signature requested by the Grpc from the request body requested by the Grpc, wherein the data signature is obtained by encrypting the request body by the blockchain client according to the identity mark.
Specifically, the request body of Grpc requests includes a preset information field, and the proxy server can obtain the data signature from the information field of the request body.
S104, according to the data signature and the identity mark, carrying out identity verification on the Grpc request.
In particular, grpc proxy server and blockchain client may agree on encryption algorithms in advance, such as MD5 algorithm. After Grpc proxy server obtains the data signature, the identity mark and the request body can be encrypted by adopting a pre-agreed encryption algorithm to obtain the signature to be verified; and then comparing the signature to be verified with the data signature extracted from the request header, and if the signature to be verified and the data signature are the same, determining Grpc that the request passes the authentication.
In this step, on the one hand, the Grpc requests for authentication, and on the other hand, the data in the request body can be ensured not to be tampered, so that the data security in the data communication process is ensured.
And S105, if the Grpc requests to pass the identity verification, establishing communication connection between the blockchain client and the corresponding target blockchain link point according to the node mark.
Specifically, based on the node flags, the proxy server may determine a corresponding target blockchain node; the proxy server may establish a communication connection between the blockchain client and the target blockchain node, the communication connection enabling data communication between the blockchain client and the target blockchain node.
S106, forwarding the Grpc request to the target blockchain node through the communication connection.
Specifically, the proxy server may forward Grpc the request to the target blockchain node over the communication connection.
For Grpc requests without a request header, the proxy server can determine the communication connection corresponding to the request, and then adopt the identity mark corresponding to the communication connection and the data signature in the request body to carry out identity verification; if Grpc requests pass authentication, the proxy server may send Grpc requests to the target blockchain node over the communication connection.
After receiving Grpc the request, the target block link point can return the result to the proxy server through the communication connection; the proxy server may return results to the blockchain client using the communication connection.
The communication connection may be released after the blockchain client acknowledges completion of the data communication.
In one possible implementation, the target blockchain node needs to use certificates when communicating data. After receiving Grpc the request, the proxy server can acquire the certificate information of the target blockchain node; and then loading a corresponding certificate according to the certificate information, and sending the certificate to the target blockchain node along with Grpc requests.
In this embodiment, when the blockchain client performs data communication with the blockchain node through the Grpc proxy, the blockchain client does not need to know the ip of the blockchain, does not need to know whether the blockchain node needs a certificate, and can send the Grpc request to the target blockchain node only by adding the identity mark and the node mark in the request header, thereby realizing the lightweight of the blockchain client.
Referring to fig. 2, a flowchart illustrating steps of another data communication method of a blockchain client according to an embodiment of the present application may specifically include the following steps:
S201, when a first Grpc request for data communication is sent to a target blockchain link, determining a node flag and an identity flag of the Grpc request, where the node flag is used to characterize the target blockchain node.
The execution subject of this embodiment is a blockchain client. The blockchain client includes a client software development kit therein.
Specifically, the first Grpc request refers to a first request data of a plurality of request data of a target blockchain node in a data communication process by a blockchain client, and the first Grpc request has a request header and a request body.
Specifically, the blockchain client may be installed on a terminal device through which a user may log into the blockchain client and then send Grpc a request to the blockchain. The node identifier may be unique identification information of the target blockchain node requested by Grpc; the identity tag may be identification information of the user. Illustratively, the node flag may be node1; the identity tag may be user1.
S202, the node mark and the identity mark are written into a request head of the Grpc request.
In this embodiment, the request header of the Grpc request may include an identity tag and a node tag, and the proxy server may determine, through the node tag, the target blockchain node to which the Grpc request needs to be sent; the blockchain client may be identified by an identity. For example, the Node flags field Node-id=nod1 and the identity flags field User-id=user1 may identify that User1 is to communicate with the block link point Node 1.
In order to implement the method in this embodiment, the source code of Grpc may be modified. Specifically, grpc byte streams may be modified, occupying the field of the nth string type of the request body as the information field. The information field is used to store a data signature. The information field consists of a label, a field length and a data signature. Wherein the tag has a value of (n < < 3) |2 (following Grpc tag specifications), and the field length is the byte size of the data signature.
And the client software development kit needs to be modified. In the portal approach of sending Grpc the request in the client software development kit, the node flags and identity flags that can be identified by the Grpc agent are passed and placed in the Grpc request header.
Based on the transformation, the blockchain client can comprise corresponding positions for storing the node mark and the identity mark when generating Grpc requests; and then writing the node mark and the identity mark into corresponding positions respectively. For example, the data in the request header may be in the form of key-value, i.e., the request header may include a node flag field and an identity flag field, and then the node flag and the identity flag are written into the request header as values of the corresponding fields.
And S203, encrypting the request body requested by Grpc according to the identity mark to obtain the data signature requested by Grpc.
In this embodiment, a data signature may be used to detect Grpc if the request is tampered with. Specifically, the request body can be encrypted according to a preset encryption mode in combination with the identity mark to obtain the data signature.
The preset encryption mode can be agreed in advance by the blockchain client and the proxy server. The proxy server obtains the signature to be verified by adopting the same encryption mode after receiving Grpc the request, and compares the preset data signature of the signature to be verified, thereby carrying out identity verification on Grpc the request.
Specifically, when the blockchain client sends Grpc a request for data communication to the target blockchain link, it may determine Grpc that the request corresponds to the identity; and encrypting the request body of the Grpc request according to the identity mark to obtain the data signature of the Grpc request.
In the embodiment of the application, both the blockchain client and the proxy server can encrypt the request body by adopting an irreversible algorithm to obtain the data signature. The irreversible algorithm may specifically include an MD5 algorithm, an SHS algorithm, or the like.
For example, the blockchain client may jointly encrypt the identity tag and the request body by MD5 to obtain a data signature; the proxy server jointly encrypts the same identity mark and the request body by MD5 to obtain a signature to be verified. Such a data signature and the signature to be verified are identical. If the proxy service obtains the signature to be verified, the identity mark adopted is different or the request body is different, and the obtained signature to be verified is different from the data signature.
S204, writing the data signature into the request body.
Since Grpc requests must have a requestor, not necessarily a request header, a data signature may be written into the requestor in order to verify each request. For example, the data signature may be written in a preset field of the requestor. In the embodiment of the present application, since the information field for storing the data signature is added to the request body, the preset field may be the information field.
S205, sending the Grpc request to a Grpc proxy server, where the Grpc proxy server is configured to forward the Grpc request to the target blockchain node.
Specifically, after the blockchain client generates Grpc a request, the Grpc request may be sent to the Grpc proxy server, and after the Grpc proxy server receives Grpc the communications connection between the blockchain client and the target blockchain link point may be established according to the first Grpc request. Over the communication connection, the blockchain client may continually send Grpc requests to the target blockchain link point. When the blockchain client ends this data communication, the communication connection may be broken, thereby releasing the communication connection between the blockchain client and the target blockchain link point.
In the embodiment, the identity mark and the node mark are added in the request head, so that the proxy server can determine the target blockchain node according to the node mark; identity verification of Grpc agents in block chain service can be achieved through the identity mark, and safety of data communication is guaranteed.
It should be noted that, the sequence number of each step in the above embodiment does not mean the sequence of execution sequence, and the execution sequence of each process should be determined by its function and internal logic, and should not limit the implementation process of the embodiment of the present application in any way.
Referring to fig. 3, a flow chart of a data communication method of a further blockchain client according to an embodiment of the present application is shown. As shown in fig. 3, including the client SDK in the blockchain client, the blockchain client may send Grpc a request to the Grpc agent; the Grpc agent may receive Grpc requests from blockchain clients and forward the Grpc requests to the corresponding blockchains. The blockchain may return results to the Grpc agent for Grpc requests, and the Grpc agent may receive the returned results from the blockchain and send the returned results to the corresponding blockchain client.
The method in this embodiment is described below by taking the example that the user1 sends Grpc a request to the blockchain node 1:
First, grpc source codes are modified: assuming that the user has an identity mark user1, a Grpc request body sent by the blockchain client is { "name": "a" }, and encrypting the request body and the identity mark by adopting an MD5 encryption algorithm to obtain a data signature 94F80D6FB486CC1FD846666219E07E49. The field of the 1 st string type in the request body is occupied as an information field. The tag value of the information field is (1 < < 3) |2=10, the field length is 128 bytes of the data signature, so the information field is finally:
10 128 94F80D6FB486CC1FD846666219E07E49
Then reform the client SDK: suppose a user needs to access blockchain node1, the node of which is labeled node1. Using the SDK in the Java language provided by HYPERLEDGER FABRIC, in the ingress methods hfclient, neweventhub, and hfclient, neworderer, which send Grpc requests, the pass Grpc agent can identify the Node flag Node1 and the identity flag User1 and put them in Grpc the request header, i.e. the request header contains Node-id=node 1, user-id=user 1.
The blockchain client may send the generated Grpc request to the proxy server.
The proxy server realizes the customized Grpc proxy service according to Grpc interfaces:
the Node identifier Node1 and the identity identifier User1 are obtained from Grpc request header Node-id=node 1 and User-id=user 1, so as to identify the target Node of the request as Node1.
The information field is intercepted from Grpc request body, the data signature 94F80D6FB486CC1FD846666219E07E49 is obtained, and the request body data { "name": "a" } is checked according to the identity mark user 1.
If Grpc requests that a certificate is required, the corresponding certificate is loaded. Assuming that the HYPERLEDGER FABRIC blockchain node1 uses a server certificate service.
The Grpc request is forwarded to the target node1 and the result is returned to the blockchain client.
Referring to fig. 4, a schematic diagram of a data communication apparatus of a blockchain client according to an embodiment of the present application may specifically include a receiving module 41, a first obtaining module 42, a second obtaining module 43, an identity verification module 44, a connection establishment module 45, and a forwarding module 46, where:
a receiving module 41, configured to receive Grpc requests from a blockchain client;
A first obtaining module 42, configured to obtain, if the Grpc request includes a request header, a node identifier and an identity identifier of the Grpc request from the request header;
a second obtaining module 43, configured to obtain, from the request body requested by Grpc, a data signature requested by Grpc, where the data signature is obtained by encrypting, by the blockchain client, the request body according to the identity;
An identity verification module 44, configured to perform identity verification on the Grpc requests according to the data signature and the identity tag;
A connection establishment module 45, configured to establish a communication connection between the blockchain client and a corresponding target blockchain link point according to the node flag if the Grpc requests authentication;
a forwarding module 46 for forwarding the Grpc request to the target blockchain node over the communication connection.
In one possible implementation, the identity verification module 44 includes:
the generation sub-module is used for encrypting the request body according to the identity mark to generate a signature to be verified requested by Grpc;
And the judging sub-module is used for determining Grpc to request passing of identity verification if the signature to be verified is the same as the data signature.
In one possible implementation manner, the apparatus further includes:
A communication connection determining module, configured to determine that the Grpc requests a corresponding communication connection if the Grpc requests do not include a request header;
And the identity mark determining module is used for determining the identity mark requested by Grpc according to the communication connection.
In one possible implementation manner, the apparatus further includes:
The return result receiving module is used for receiving a return result of the target block link point aiming at the Grpc request;
and the return result forwarding module is used for forwarding the return result to the blockchain client through the communication connection.
Referring to fig. 5, a schematic diagram of another data communication apparatus of a blockchain client according to an embodiment of the present application may specifically include a determining module 51, a first writing module 52, an encrypting module 53, a second writing module 54, and a sending module 55, where:
A determining module 51 for determining, when a first Grpc request for data communication is sent to a target blockchain link point, a node-flag and an identity-flag of the Grpc request, the node-flag being used to characterize the target blockchain node;
A first writing module 52, configured to write the node identifier and the identity identifier into a request header of the Grpc request;
the encryption module 53 is configured to encrypt the request body requested by Grpc according to the identity tag, so as to obtain a data signature requested by Grpc;
A second writing module 54, configured to write the data signature into the request body;
A sending module 55, configured to send the Grpc request to a Grpc proxy server, and the Grpc proxy server is configured to forward the Grpc request to the target blockchain node.
In one possible implementation manner, the apparatus further includes:
the identity mark determining module is used for determining an identity mark corresponding to the Grpc request when a non-first Grpc request of data communication is sent to the target block link point;
A non-first Grpc request encryption module, configured to encrypt, according to the identity, the request body requested by the Grpc request to obtain a data signature of the Grpc request;
and the third writing module is used for writing the data signature into a preset field of the request body, and the data signature is used for carrying out identity verification on the Grpc request.
In one possible implementation manner, the apparatus further includes:
the return result receiving module is used for receiving a return result from the Grpc proxy server;
And the connection releasing module is used for releasing the communication connection between the blockchain client and the target blockchain link point if the Grpc proxy server completes the data communication with the target blockchain node.
For the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference should be made to the description of the method embodiments.
Fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application. As shown in fig. 6, the server 6 of this embodiment includes: at least one processor 60 (only one shown in fig. 6), a memory 61 and a computer program 62 stored in the memory 61 and executable on the at least one processor 60, the processor 60 implementing the steps in any of the various method embodiments described above when executing the computer program 62.
The server 6 may be a computing device such as a cloud server. The server may include, but is not limited to, a processor 60, a memory 61. It will be appreciated by those skilled in the art that fig. 6 is merely an example of server 6 and is not limiting of server 6, and may include more or fewer components than shown, or may combine certain components, or different components, such as may also include input-output devices, network access devices, etc.
The Processor 60 may be a central processing unit (Central Processing Unit, CPU), the Processor 60 may also be other general purpose processors, digital signal processors (DIGITAL SIGNAL processors, DSP), application SPECIFIC INTEGRATED Circuit (ASIC), off-the-shelf Programmable gate array (Field-Programmable GATE ARRAY, FPGA) or other Programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 61 may in some embodiments be an internal storage unit of the server 6, such as a hard disk or a memory of the server 6. The memory 61 may also be an external storage device of the server 6 in other embodiments, such as a plug-in hard disk, a smart memory card (SMART MEDIA CARD, SMC), a Secure Digital (SD) card, a flash memory card (FLASH CARD) or the like, which are provided on the server 6. Further, the memory 61 may also include both an internal storage unit and an external storage device of the server 6. The memory 61 is used for storing an operating system, application programs, boot loader (BootLoader), data, other programs, etc., such as program codes of the computer program. The memory 61 may also be used for temporarily storing data that has been output or is to be output.
The embodiment of the application also provides a terminal device, which comprises: at least one processor, a memory, and a computer program stored in the memory and executable on the at least one processor, which when executed, performs the steps of the method embodiment described above for data communication for a blockchain client that is applied to a blockchain client.
Embodiments of the present application also provide a computer readable storage medium storing a computer program that when executed by a processor implements steps for implementing a data communication method of a blockchain client applied to a proxy server in the above method embodiments.
Embodiments of the present application also provide another computer readable storage medium storing a computer program that when executed by a processor implements steps for implementing a data communication method for a blockchain client applied to the blockchain client in the above method embodiments.
Embodiments of the present application provide a computer program product which, when executed on a terminal device, causes the terminal device to perform the steps of a method for data communication that may implement a proxy server for a blockchain client in the method embodiments described above.
The embodiments of the present application provide another computer program product which, when executed on a terminal device, causes the terminal device to perform the steps of a data communication method for a blockchain client that may be implemented as described in the various method embodiments above for the blockchain client.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present application may implement all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (RAM, random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other manners. For example, the apparatus/terminal device embodiments described above are merely illustrative, e.g., the division of the modules or units is merely a logical function division, and there may be additional divisions in actual implementation, e.g., multiple units or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or units, which may be in electrical, mechanical or other form.
The units described as separate units may or may not be physically separate, and units shown as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
The above embodiments are only for illustrating the technical solution of the present application, and are not limited thereto. Although the application has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present application, and are intended to be included in the scope of the present application.
Claims (9)
1. A method of data communication for a blockchain client, the method being applied to Grpc proxy servers, the method comprising:
Receiving Grpc a request from a blockchain client;
if the Grpc request includes a request header, acquiring a node identifier and an identity identifier of the Grpc request from the request header;
Acquiring a data signature of the Grpc request from the Grpc request body, wherein the data signature is obtained by encrypting the request body by the blockchain client according to the identity mark;
Carrying out identity verification on the Grpc request according to the data signature and the identity mark;
if the Grpc requests to pass the authentication, establishing communication connection between the blockchain client and the corresponding target blockchain link point according to the node mark;
forwarding the Grpc request to the target blockchain node over the communication connection;
Wherein, the authenticating the Grpc request according to the data signature and the identity tag includes:
encrypting the request body according to the identity mark to generate a signature to be verified requested by Grpc;
And if the signature to be verified is the same as the data signature, determining Grpc that the request passes the identity verification.
2. The method of claim 1, wherein prior to the obtaining the Grpc requested data signature from the Grpc requested requestor, the method further comprises:
If the Grpc request does not include a request header, determining that the Grpc request corresponds to a communication connection;
And determining the identity mark requested by Grpc according to the communication connection.
3. The method of claim 1 or 2, wherein the method further comprises:
receiving a return result of the target block link point for the Grpc request;
Forwarding the returned result to the blockchain client through the communication connection.
4. A data communication method for a blockchain client, the method comprising:
Determining a node flag and an identity flag of the Grpc request when a first Grpc request for data communication is sent to a target blockchain link, the node flag being used to characterize the target blockchain node;
Writing the node mark and the identity mark into a request head of the Grpc request;
Encrypting the request body of the Grpc request according to the identity mark to obtain a data signature of the Grpc request;
Writing the data signature into the request body;
Sending the Grpc request to a Grpc proxy server, the Grpc proxy server configured to forward the Grpc request to the target blockchain node;
Wherein, grpc proxy server is specifically used for:
encrypting the request body according to the identity mark to generate a signature to be verified requested by Grpc;
if the signature to be verified is the same as the data signature, determining that the Grpc requests to pass identity verification;
if the Grpc requests to pass the authentication, establishing communication connection between the blockchain client and the corresponding target blockchain link point according to the node mark;
Forwarding the Grpc request to the target blockchain node over the communication connection.
5. The method of claim 4, wherein the method further comprises:
when a non-first Grpc request for data communication is sent to a target block link, determining an identity corresponding to the Grpc request;
Encrypting the request body of the Grpc request according to the identity mark to obtain a data signature of the Grpc request;
writing the data signature into a preset field of the request body, wherein the data signature is used for carrying out identity verification on the Grpc request.
6. The method of claim 4, wherein the method further comprises:
receiving a return result from the Grpc proxy server;
and if the Grpc proxy server completes data communication with the target blockchain node, releasing the communication connection between the blockchain client and the target blockchain node.
7. A data communication apparatus for a blockchain client, the apparatus for use with a Grpc proxy server, the apparatus comprising:
A receiving module for receiving Grpc requests from the blockchain client;
a first obtaining module, configured to obtain, if the Grpc request includes a request header, a node identifier and an identity identifier of the Grpc request from the request header;
The second obtaining module is configured to obtain a data signature requested by the Grpc from the request body requested by the Grpc, where the data signature is obtained by encrypting the request body by the blockchain client according to the identity mark;
the identity verification module is used for carrying out identity verification on the Grpc request according to the data signature and the identity mark;
The connection establishment module is used for establishing communication connection between the blockchain client and the corresponding target blockchain link point according to the node mark if the Grpc requests to pass the authentication;
a forwarding module for forwarding the Grpc request to the target blockchain node over the communication connection;
the identity verification module is specifically configured to perform:
encrypting the request body according to the identity mark to generate a signature to be verified requested by Grpc;
And if the signature to be verified is the same as the data signature, determining Grpc that the request passes the identity verification.
8. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method of any of claims 1-3 or 4-6 when executing the computer program.
9. A computer readable storage medium storing a computer program, characterized in that the computer program when executed by a processor implements the method of any one of claims 1-3 or claims 4-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111589913.8A CN114338795B (en) | 2021-12-23 | 2021-12-23 | Data communication method and device of blockchain client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111589913.8A CN114338795B (en) | 2021-12-23 | 2021-12-23 | Data communication method and device of blockchain client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338795A CN114338795A (en) | 2022-04-12 |
| CN114338795B true CN114338795B (en) | 2024-06-14 |
Family
ID=81055063
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111589913.8A Active CN114338795B (en) | 2021-12-23 | 2021-12-23 | Data communication method and device of blockchain client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338795B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115243080B (en) * | 2022-09-21 | 2022-12-20 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2019204712B2 (en) * | 2019-03-29 | 2020-08-13 | Advanced New Technologies Co., Ltd. | Managing sensitive data elements in a blockchain network |
Family Cites Families (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106650344B (en) * | 2016-12-07 | 2019-05-31 | 清华大学 | A kind of date storage method for having Third Party Authentication based on block chain |
| CN108076063A (en) * | 2017-12-25 | 2018-05-25 | 天津理工大学 | Network O&M auditing method, server terminal and client based on block chain |
| CN109727032A (en) * | 2018-12-29 | 2019-05-07 | 杭州趣链科技有限公司 | A kind of alliance's block chain access control method of identity-based id password |
| KR102116235B1 (en) * | 2019-03-15 | 2020-05-28 | 주식회사 코인플러그 | Method and server for managing user identity using blockchain network, and method and terminal for verifying user using user identity based on blockchain network |
| CN112398798B (en) * | 2019-08-19 | 2022-10-14 | ***通信有限公司研究院 | Network telephone processing method, device and terminal |
| CN110661812A (en) * | 2019-10-10 | 2020-01-07 | 国网山东省电力公司信息通信公司 | Block chain-based cascade authentication system |
| CN110958229A (en) * | 2019-11-20 | 2020-04-03 | 南京理工大学 | Credible identity authentication method based on block chain |
| CN111277577B (en) * | 2020-01-14 | 2022-06-07 | 北京百度网讯科技有限公司 | Digital identity verification method, device, equipment and storage medium |
| CN111815321A (en) * | 2020-05-21 | 2020-10-23 | 北京金山云网络技术有限公司 | Transaction proposal processing method, device, system, storage medium and electronic device |
-
2021
- 2021-12-23 CN CN202111589913.8A patent/CN114338795B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2019204712B2 (en) * | 2019-03-29 | 2020-08-13 | Advanced New Technologies Co., Ltd. | Managing sensitive data elements in a blockchain network |
Non-Patent Citations (1)
| Title |
|---|
| 基于SSL的HTTP安全日志;曹岗, 李***, 黄庆怀;计算机工程与应用(第24期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338795A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110995759A (en) | Access method and device of Internet of things | |
| CN112948802B (en) | Single sign-on method, device, equipment and storage medium | |
| CN109981680B (en) | Access control implementation method and device, computer equipment and storage medium | |
| CN110096894B (en) | Data anonymous sharing system and method based on block chain | |
| CN114710351A (en) | Method and system for improving data security during communication | |
| CN108769743B (en) | Video playing control method, system, node and computer storage medium | |
| CN111880919A (en) | Data scheduling method, system and computer equipment | |
| CN114338795B (en) | Data communication method and device of blockchain client | |
| CN112632573A (en) | Intelligent contract execution method, device and system, storage medium and electronic equipment | |
| CN110620776B (en) | Data transfer information transmission method and device | |
| CN111901287A (en) | Method and device for providing encryption information for light application and intelligent equipment | |
| CN114125027A (en) | Communication establishing method and device, electronic equipment and storage medium | |
| US11227032B1 (en) | Dynamic posture assessment to mitigate reverse engineering | |
| CN110602051B (en) | Information processing method based on consensus protocol and related device | |
| CN115982247B (en) | Block chain-based account information query method and device, equipment and medium | |
| CN114616563A (en) | Secure environment for encryption key generation | |
| CN114338036A (en) | Data communication method and device for block chain client | |
| CN109995534B (en) | Method and device for carrying out security authentication on application program | |
| US20230351028A1 (en) | Secure element enforcing a security policy for device peripherals | |
| CN114172923B (en) | Data transmission method, communication system and communication device | |
| CN113098685B (en) | Security verification method and device based on cloud computing and electronic equipment | |
| CN115549984A (en) | Cross-chain transaction method, device, equipment and storage medium | |
| CN110995756B (en) | Method and device for calling service | |
| CN114168909A (en) | Program protection method, device, equipment and storage medium based on code signature | |
| CN114036478A (en) | Block chain cross-chain method and device, storage medium and electronic equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |