patents.google.com

CN105204829B - Plug-in unit socket resource control method and client based on middleware card cage - Google Patents

️Tue Aug 07 2018

Specific implementation mode

As shown in Figure 1, being the main body schematic diagram of middleware card cage design system of the present invention.In the present invention, described Middleware card cage design system 20 includes middleware unit 21 and bound cell 22.Wherein, the middleware unit 21 is wrapped Include plugin manager (Plugin Manager) 210, Web engines (i.e. Web Engine) 211 and API (Application Program Interface, application programming interfaces) module 213.For example, the middleware unit 21 can be among iPanel Part.

In the present embodiment, the Web engines 211 are WebCore engines, and the API module 213 includes multiple middlewares Basic function function, such as Timer (clock) correlation function, Socket (socket) processing function, thread process function, graphic diagram As processing function, file manipulation function, event handling function, privately owned java script object registration function, font handling function and Drawing (Graphics) correlation function etc..

The bound cell 22 includes a plugin library 220 and card cage (FrameWork) module 221.It is described Plugin library 220 includes one or more plug-in applications (plug-in unit App, hereinafter referred to as " plug-in unit "), the card cage mould Block 221 further comprises card i/f 2210 and framework interface 2212.

The framework interface 2212 is called by middleware (such as middleware unit 21) realization for the plug-in unit in plugin library 220, Reach one-way communication purpose of the bound cell 22 to middleware unit 21, bound cell 22 obtains all by this framework interface 2212 Such as：The system resource of the middleware units such as clock, thread, socket, graphics, file management 21, such as memory source, document Resource (such as text, picture, sound, video) and Socket resources etc..The card i/f 2210 is realized by plug-in unit for centre Part unit 21 calls, and reaches one-way communication purpose of the middleware unit 21 to bound cell 22, middleware unit 21 passes through plug-in unit Interface 2210 calls the function that plug-in unit is realized, such as reads plug-in unit and handle data.

In the present embodiment, the plugin manager 210 is connect with the card i/f 2210 of bound cell 22, for controlling The operations such as verification, installation (including download, load) and the unloading of plug-in unit.The frame of the Web engines 211 and bound cell 22 Interface 2212 connects, for after verification of the plug-in unit by plugin manager 210, starting the plug-in unit.The card i/f 2210 Including one or more api routine interfaces, the framework interface 2212 provides a plug-in unit basic framework, the plug-in unit basic framework Can be NP (Netscape, Netscape) card cage, including plug-in unit is from being loaded into the frame for destroying whole life cycle.

The example of one plug-in unit basic framework is as follows：

In the example of above-mentioned plug-in unit basic framework, defined function pointer substantially include a plug-in unit is all can Execute program should have interface.Based on above-mentioned plug-in unit basic framework, 2210 (such as API of one or more card i/fs can be constructed Routine interface).

Example according to a drawing application routine interface of above-mentioned plug-in unit basic framework construction is as follows：

// plug-in unit calls when creating, corresponding in newp above

PluginHandle plugin_create(void*npp,McSurface compat,int,int)；

// plug-in unit calls when destroying, corresponding in destroy above

void plugin_destroy(PluginHandle)；

// plug-in unit calls when bringing into operation, corresponding setwindow above

int plugin_run(PluginHandle)；

// plug-in unit occurs to call when event response, corresponding event above

int plugin_handle_event(PluginHandle,unsigned int,unsigned int,

unsigned int)；

// plug-in unit starts to call when drawing, and can start in setwindow

McSurface plugin_paint(PluginHandle me,int x,int y,int w,int h)；

The a certain attribute value of // setting page insertion object labels

// such as：<Object classid=" plugin:Image " width=" 400px " height=" 10px ">

// then function call below when, if key=" width ", value will return to 400px

void plugin_set_param(PluginHandle me,char*key,char*value)；

// it is the associated description field for obtaining plug-in unit, corresponding getvalue above below

char*ipanel_plugin_porting_get_description()；

char*ipanel_plugin_porting_get_name()；

char*ipanel_plugin_porting_get_description_string()

When the api routine interface in the card i/f 2210 is called by plug-in unit, plugin manager 210 is by calling Corresponding API basic function functions in api routine interface mappings to the API module 213 in middleware unit 21 call this corresponding API basic function functions, such as drawing correlation function, to complete corresponding pin function.Card cage module 221 and centre The incidence relation of API module 213 in part unit 21 is refering to shown in Fig. 4.When a plug-in unit needs the API in middleware unit 21 When the API basic function functions that module 213 provides, plugin manager 210 is by corresponding api routine interface in card i/f 2210 It is filled into the framework interface 2212.When the api routine interface in the card i/f 2210 is called by the plug-in unit, will call Api routine interface mappings to the API module 213 in middleware unit 21 in corresponding API basic function functions, call the phase The API basic function functions answered, to complete the function of the plug-in unit.

For example, when a plug-in unit needs to show picture, the figure that needs the API module 213 in middleware unit 21 to provide Piece handles function (such as picture decoding functions) and provides support, then plugin manager 210 is by the graphic program in card i/f 2210 Interface is filled into framework interface 2212, and graphic program interface mappings are handled function to the picture in API module 213, calls The picture handles function to show picture.

As shown in fig.2, the middleware card cage design system 20 is applied to client 2, the client 2 can be with It is the electronic devices such as top box of digital machine.One or more API journeys that third party developer can provide according to card i/f 2210 Sequence interface develops corresponding plug-in unit, and the plug-in unit developed is uploaded to server-side 1, this dozen by packaging ciphering tool 10 Packet Encryption Tool 10 can be provided by client 2.Plugin manager 210 is connected with the communication of server-side 1, can pass through HTTP (Hypertext Transfer Protocol, hypertext transfer protocol) or other network transmission protocols are downloaded from server-side 1 and are inserted The encryption data packet of part, and the plug-in unit of download is stored in the plugin library 220 of bound cell 22.

It should be noted that above-mentioned server-side 1 and client 2 further include other necessary hardware resources and software systems, Such as show screen, input equipment, memory, processor and operating system.The server-side 1 and client 2 can provide one A or multiple modules, one or more of modules are stored in the memory of the server-side 1 and client 2 and are configured It is executed at by the processor of server-side 1 and client 2, to complete the present invention.The so-called module of the present invention is to complete a specific work( The computer program code segments of energy, the implementation procedure than program more suitable for description software in server-side 1 and client 2.

When client 2 starts, the plugin manager 210 can detect the legitimacy of plug-in unit in plugin library 220, for example, It detects the plug-in version in plugin library 220 and whether the plug-in version in server-side 1 is consistent, detect the plug-in unit in plugin library 220 Whether plug-in content in content and server-side 1 is consistent etc..

The plugin manager 210 be additionally operable to control plug-in unit installation, update and unloading etc. operations, specifically describe refering to The explanation of Fig. 5 to Fig. 7.

(hereinafter referred to as " the middleware plug-in unit frame of middleware card cage design system 20 is further described below in conjunction with Fig. 3 Frame 20 ") operation workflow.

As shown in figure 3, being the main process figure of middleware card cage design method of the present invention.

The middleware card cage 20 in client 2, including middleware unit 21 and bound cell is arranged in step S101 22。

Step S102, when client 2 receives a plug-in request, the plugin manager of middleware unit 21 210 Corresponding plug-in unit is searched according to the plug-in unit identifier (being denoted as " classid ") in the plug-in request.In the present embodiment, the plug-in unit Identifier is a character string, and a plug-in unit corresponds to unique plug-in unit identifier.As shown in fig.2, a plug-in unit can pass through HTML (Hypertext Markup Language, the hypertext markup language) pages trigger a plug-in unit to client 2 and ask It asks (page triggering), which includes the unique identifier classid of the plug-in unit.Plugin manager 210 is according to the plug-in unit Identifier classid is managed collectively the plug-in unit.

Step S103, after finding corresponding plug-in unit, plugin manager 210 is by the card cage module of bound cell 22 Framework interface 2212 in 221 is registered to the Web engines 211 of middleware unit 21, to start the plug-in unit.In other embodiment In, which can also start from backstage automatically after the booting of client 2, and is triggered and managed by plugin manager 210.

Step S104, plugin manager 210 are randomly assigned a plug-in unit Provisioning Instance Identifier to the plug-in unit and (are denoted as " pluginid "), and establish being associated with for above-mentioned plug-in unit identifier classid and the plug-in unit Provisioning Instance Identifier pluginid.Plug-in unit Operation need to create a plug-in unit example, completing corresponding plug-in unit by the plug-in unit example operates, for example, if plug-in unit is Flash player, then plug-in unit example can be Flash player being played on, and more examples are exactly while opening multiple Flash Player is carried out at the same time broadcasting, each is a plug-in unit example in the Flash player of broadcasting.In the present embodiment, institute It can be a random integers to state plug-in unit Provisioning Instance Identifier, and a plug-in unit example corresponds to unique plug-in unit Provisioning Instance Identifier.

Step S105, during the plug-in component operation, the card cage module 221 in bound cell 22 is inserted according to above-mentioned Part Provisioning Instance Identifier controls the resource service condition of the plug-in unit.In the present embodiment, the control of resource service condition includes, but not It is limited to, memory source uses controlling mechanism using controlling mechanism, document resources using controlling mechanism, Socket resources, specifically retouches State the description to Figure 10 refering to Fig. 8.

Further, the middleware card cage design system 20 is provided with plug-in security mechanism, for encryption and school Test third party exploitation plug-in unit, entire encryption system include three aspect flow, safety issue flow, download checking process and Checking process is run, refering to fig. 11 to Figure 13 explanation is specifically described.

In the present embodiment, the middleware card cage design system 20 has following characteristic：

(1) reliability and safety

Middleware card cage design system 20 fully considers the security mechanism of plug-in unit：It is carried out in plug-in package manufacturing process Signature and encryption carry out multilayer verification, it is ensured that in the whole life cycle of plug-in unit in publication, download, operation three phases Software program it is safely controllable.

(2) with the lower coupling of middleware

Download, the load of plug-in unit are managed by plugin manager 210, and operation is controlled by card cage module 221, and the two All it is to be stripped out the module that can independently constitute from middleware, there is independent flow data behavior, the two and middleware Unique interaction channel be exactly the interface that is supplied to external module use of the framework interface 2212 in Web engines 211.Plug-in unit is made For individual function module, mutual independent operating is communicated by unified interface with middleware unit 21, without directly pass Connection.

(3) high efficiency that exploitation is realized

According to the general utility functions demand of plug-in unit, middleware card cage design system 20 incorporates middleware software knot Structure builds developing plug basic framework, one or more API that third party developer need to only provide according to card i/f 2210 Routine interface develops corresponding plug-in unit, you can realizes a legal plug-in unit that can be identified by middleware unit 21.

Each function module (such as temporary location 21, bound cell 22) can effectively shorten the development cycle with concurrent development.By It is refine to plug-in unit in specific function, 21 structure of entire middleware unit is apparent after separating function, and it is multiple to reduce system design Miscellaneous degree, while the risk that changes of function is brought is reduced, it realizes " plug and play " of middleware functional unit.

(4) plug-in component operation controllability

In view of middleware unit 21 client 2 leading role, in the present embodiment, the verification by plug-in unit and plug-in unit The behavior of the control of resource service condition, plug-in unit is suitably constrained, including forbids loading the plug-in unit of illegal unauthorized, monitoring legal The operation behavior of plug-in unit, rationally control plug-in unit application and the system resource etc. using middleware unit 21, prevent middleware unit 21 traffic overloads and be unable to operate normally.

Below in conjunction with Fig. 5 to Fig. 7 description specifically introduce the plugin manager 210 control plug-in unit installation, update and The operations such as unloading.

As shown in fig.5, being the main process figure of the board state control method the present invention is based on middleware card cage. This method is based on above-mentioned middleware card cage.

Step S201, when client 2 is switched on, the plugin manager 210 in middleware unit 21 obtains in client 2 The plug-in unit of installation generates the first plug-in unit list.In the present embodiment, the first plug-in unit list is XML (Extensible Markup Language, extensible markup language) formatted file.Acquired plug-in unit is stored in the first plug-in unit list The information such as plug-in unit identifier and version number.

As shown in fig.6, in the present embodiment, a plug-in unit needs to beat using what client 2 provided after the completion of exploitation Packing life is encrypted to plug-in applications (* .so files) and plug-in unit description information (* .json files) in packet Encryption Tool 10 It is uploaded to server-side 1 at encryption plug-in package (* .zip).The mark of plug-in unit is wherein contained in the plug-in unit description information of * .json formats Know the essential informations such as symbol (classid), version (Version), encryption parameter (key, MD5).In installation, this is inserted Terminal Middleware Before part, need to verify its legitimacy using above-mentioned plug-in unit description information.

The first plug-in unit list and state are obtained request and are sent to server-side together by step S202, plugin manager 210 1, and receive the second plug-in unit list corresponding with the first plug-in unit list of the return of server-side 1.In the present embodiment, described second Plug-in unit list is XML format file, and the plug-in unit mark of the plug-in unit verified by server-side 1 is stored in the second plug-in unit list It accords with and each passes through the status information of the plug-in unit of verification.The status information include, but are not limited to installation condition, more new state, And unloaded state.For example, if the plug-in version number in the first plug-in unit list and newest version number in server-side 1 are inconsistent, Then judge that plug-in unit needs to update (more new state).

In the present embodiment, the plugin manager 210 sends state to server-side 1 by HTTP POST modes and obtains Request.When server-side 1, which receives the state, obtains request, school first is carried out to the plug-in unit identifier stored in the first plug-in unit list It tests.For example, the verification includes：Verify whether the plug-in unit identifier stored in the first plug-in unit list is inserted with what server-side 1 stored Part identifier is consistent.

If the plug-in unit identifier stored in the first plug-in unit list is consistent with the plug-in unit identifier that server-side 1 stores, sentence Fixed verification passes through.If the plug-in unit identifier stored in the first plug-in unit list and the plug-in unit identifier that server-side 1 stores are inconsistent (being not present in server-side 1 in the plug-in unit identifier stored in such as the first plug-in unit list) then judges that verification does not pass through.

When the plug-in unit identifier stored in the first plug-in unit list passes through verification, server-side 1 obtains the plug-in unit by verifying Status information, and will by the plug-in unit identifier of the plug-in unit of verification and each pass through the status information of the plug-in unit of verification write-in the Two plug-in unit lists, the second plug-in unit list of returning response the first plug-in unit list is to client 1, i.e., the second plug-in unit list is according to One plug-in unit list generates.

For example, it is assumed that the first plug-in unit list of client 2 includes the content of following XML format：

The second plug-in unit list comprising board state information that then server-side 1 returns includes the content of following XML format：

<PLUGINS_RESPOND>

<ITEM>

<STATUS>install</STATUS>

</ITEM>

<ITEM>

<STATUS>uninstall</STATUS>

</ITEM>

<ITEM>

<STATUS>update</STATUS>

</ITEM>

</PLUGINS_RESPOND>

About each field in the first plug-in unit list in the example above and the second plug-in unit list explanation refering to Fig. 7 description. For example, " install " represents installation, " uninstall " represents unloading, and " update " represents update.Wherein,<ID>Field references Plug-in unit identifier in first plug-in unit list and the second plug-in unit list.In the present embodiment, described<ID>Field identifies for plug-in unit Classid is accorded with, it is in other embodiments, described<ID>Field may be plug-in unit Provisioning Instance Identifier pluginid.

Step S203, after client 1 receives the second plug-in unit list, the plugin manager 210 from second in client 1 It is successively read the status information of each plug-in unit by verification in plug-in unit list, and this is controlled according to plug-in unit identifier and passes through verification Plug-in unit state, detailed process includes step S204 to step S206.

Step S204, if should be the first preset characters (such as " install ") by the status information of the plug-in unit verified, Plugin manager 210 controls this according to plug-in unit identifier and is installed by the plug-in unit of verification.

Step S205, if should be the second preset characters (such as " update ") by the status information of the plug-in unit verified, Plugin manager 210 is controlled according to plug-in unit identifier and is updated by the plug-in unit verified.Specifically, plugin manager 210 Then the plug-in unit for first deleting the local legacy version of client 1 downloads the plug-in unit of new version, the plug-in unit verification of new version from server-side 1 By rear, it is local to be installed on client 1.

Step S206, if should be third preset characters (such as " uninstall ") by the status information of the plug-in unit verified, Then plugin manager 210 is controlled according to plug-in unit identifier and is unloaded by the plug-in unit verified.

In other embodiments, plugin manager 210 can also be every preset interval time (such as 24 hours), to server-side 1, which sends state, obtains request, the newest status information of plug-in unit is obtained, to achieve the purpose that real-time update board state.

221 basis of card cage module in the bound cell 22 is specifically introduced in description below in conjunction with Fig. 8 to Figure 10 Plug-in unit Provisioning Instance Identifier controls the resource service condition of plug-in unit operation, including internal memory operation, document function and Socket (sockets Word) operation etc..

As shown in fig.8, being the main body stream of the plug-in unit memory source control method the present invention is based on middleware card cage Cheng Tu.This method is based on above-mentioned middleware card cage.

Step S301, when a plug-in unit of client 2 starts, plugin manager 210 verifies the plug-in unit.Example Such as, whether the plug-in unit identifier classid for verifying the plug-in unit exists in plugin library 220, if it is present being verified, holds Row step S302.

Step S302, when the plug-in unit passes through verification, plugin manager 210 is randomly assigned a plug-in unit example to the plug-in unit Identifier pluginid, and establish the pass of the plug-in unit identifier classid and plug-in unit Provisioning Instance Identifier pluginid of the plug-in unit Connection.

In the present embodiment, the plug-in unit Provisioning Instance Identifier pluginid represents a specific plug-in unit example, the plug-in unit Example is started by Web engines 211 since bound cell 22.The calling of each API application programs during plug-in component operation is both needed to take It is mapped in the API module 213 of middleware unit 21 by plugin manager 210 with pluginid.

Step S303, during the plug-in component operation, the card cage module 221 in bound cell 22 is real by the plug-in unit Example identifier pluginid is registered in the card i/f 2210 of card cage module 221.

When the plug-in unit carries out internal memory operation (such as memory read-write), the application of resource will be registered by based on pluginid The pre-set internal memory operation condition of place plug-in unit example controls, and meets the card i/f of pre-set internal memory operation condition It can successfully apply for the system resource to middleware unit 21, otherwise resource bid will failure.It should be noted that plug-in unit is real Example identifier pluginid will be destroyed while plug-in unit is destroyed.

Step S304, when the plug-in unit carries out internal memory operation, card cage module 221 is according to pre-set internal memory operation The plug-in unit Provisioning Instance Identifier of condition and the plug-in unit, monitors the internal memory operation of the plug-in unit.

For example, it is assumed that the plug-in unit Provisioning Instance Identifier pluginid that step S302 is randomly assigned is 9527, then plug-in unit frame Whether the internal memory operation that frame module 221 monitors the plug-in unit example that pluginid is 9527 meets pre-set internal memory operation item Part.

Step S305, card cage module 221 judge whether the internal memory operation of the plug-in unit meets pre-set memory behaviour Make condition.If meeting pre-set internal memory operation condition, S306 is thened follow the steps；If not meeting pre-set memory Operating condition thens follow the steps S307.

For example, in the present embodiment, the pre-set internal memory operation condition includes：Memory application maxsize Value is the first preset value.Assuming that first preset value is 3M, if the memory application size of the plug-in unit is less than or equal to 3M, Card cage module 221 judges that the internal memory operation of the plug-in unit meets pre-set internal memory operation condition, the i.e. memory of the plug-in unit It is legal to operate.If the memory application size of the plug-in unit is more than 3M, card cage module 221 judges the internal memory operation of the plug-in unit Pre-set internal memory operation condition is not met, i.e. the internal memory operation of the plug-in unit is illegal.In other embodiments, the memory Operating condition can also include acquiescence additional conditions (such as：System operatio path), so that the operation of third side plug is limited In a controlled range, to ensure the trouble-free operation of middleware unit 21.

It should be noted that the pre-set internal memory operation condition can follow pluginid to register in step S303 Into the card i/f 2210 of card cage module 221, can also be built in the description information of plug-in unit (without registration), even Can a part of condition be built in the description information of plug-in unit (such as the changeless condition for not allowing user voluntarily to change), separately A part of condition is registered in the card i/f 2210 of card cage module 221 (such as the condition for allowing user voluntarily to change).

Step S306, card cage module 221 to plugin manager 210 return the successful information of internal memory operation, then after It is continuous to execute internal memory operation.

Step S307, card cage module 221 prevent the internal memory operation, then return to memory behaviour to plugin manager 210 Make the information to fail.

As shown in fig.9, being the main body stream of the plug-in unit document resources control method the present invention is based on middleware card cage Cheng Tu.This method is based on above-mentioned middleware card cage.

Step S311, when a plug-in unit of client 2 starts, plugin manager 210 verifies the plug-in unit.Example Such as, whether the plug-in unit identifier classid for verifying the plug-in unit exists in plugin library 220, if it is present being verified, holds Row step S312.

Step S312, when the plug-in unit passes through verification, plugin manager 210 is randomly assigned a plug-in unit example to the plug-in unit Identifier pluginid, and establish the pass of the plug-in unit identifier classid and plug-in unit Provisioning Instance Identifier pluginid of the plug-in unit Connection.

Step S313, during the plug-in component operation, the card cage module 221 in bound cell 22 is real by the plug-in unit Example identifier pluginid is registered in the card i/f 2210 of card cage module 221.

When the plug-in unit carries out document function (as opened document), the application of resource will be registered by based on pluginid The pre-set document function condition of place plug-in unit example controls, and meets the card i/f of pre-set document function condition It can successfully apply for the system resource to middleware unit 21, otherwise resource bid will failure.It should be noted that plug-in unit is real Example identifier pluginid will be destroyed while plug-in unit is destroyed.

Step S314, when the plug-in unit carries out document function, card cage module 221 is according to pre-set document function The plug-in unit Provisioning Instance Identifier of condition and the plug-in unit, monitors the document function of the plug-in unit.

For example, it is assumed that the plug-in unit Provisioning Instance Identifier pluginid that step S312 is randomly assigned is 12138, then plug-in unit frame Whether the document function that frame module 221 monitors the plug-in unit example that pluginid is 12138 meets pre-set document function item Part.

Step S315, card cage module 221 judge whether the document function of the plug-in unit meets pre-set document behaviour Make condition.If meeting pre-set document function condition, S316 is thened follow the steps；If not meeting pre-set document Operating condition thens follow the steps S317.

For example, in the present embodiment, the pre-set document function condition includes：(2.1) each plug-in unit Courses of action are preset path (such as/root/ipanel/FS_ROOT)；(2.2) each plug-in unit cannot operate middleware unit 21 System file；(2.3) while the number of documents upper limit value of unlatching is second preset value etc..

Assuming that second preset value is 5, if the number of documents that the document function of the plug-in unit is opened simultaneously is less than or waits In 5, and meet (2.1) condition and (2.2) condition, then card cage module 221 judges that the document function of the plug-in unit meets Pre-set document function condition, the i.e. document function of the plug-in unit are legal.If above three condition has one to be unsatisfactory for (such as 5) number of documents opened simultaneously is more than, then the document function of the judgement of card cage module 221 plug-in unit, which is not met, pre-sets Document function condition, i.e. the document function of the plug-in unit is illegal.

In the present embodiment, the number of documents that can be simultaneously opened by the quantitative determination of open file handle.For example, If the file handle quantity opened simultaneously is 5, the quantity of documents of judgement while unlatching is 5.

It should be noted that the pre-set document function condition can follow pluginid to register in step S313 Into the card i/f 2210 of card cage module 221, can also be built in the description information of plug-in unit (without registration), even Can a part of condition be built in the description information of plug-in unit, if do not allowed changeless condition that user voluntarily changes (such as Above-mentioned condition 2.1 and 2.2), another part condition is registered in the card i/f 2210 of card cage module 221, such as allows to use The condition (such as above-mentioned condition 2.3) that family is voluntarily changed.

Step S316, card cage module 221 return to document the successful information of operation to plugin manager 210, then after It is continuous to execute document function.

Step S317, card cage module 221 prevent the document from operating, and then return to document behaviour to plugin manager 210 Make the information to fail.

As shown in fig.10, being the main body of the plug-in unit Socket resource control methods the present invention is based on middleware card cage Flow chart.This method is based on above-mentioned middleware card cage.

Step S321, when a plug-in unit of client 2 starts, plugin manager 210 verifies the plug-in unit.Example Such as, whether the plug-in unit identifier classid for verifying the plug-in unit exists in plugin library 220, if it is present being verified, holds Row step S322.

Step S322, when the plug-in unit passes through verification, plugin manager 210 is randomly assigned a plug-in unit example to the plug-in unit Identifier pluginid, and establish the pass of the plug-in unit identifier classid and plug-in unit Provisioning Instance Identifier pluginid of the plug-in unit Connection.

Step S323, during the plug-in component operation, the card cage module 221 in bound cell 22 is real by the plug-in unit Example identifier pluginid is registered in the card i/f 2210 of card cage module 221.

When the plug-in unit carries out Socket operations (such as attended operation), the application of resource will be noted by based on pluginid The pre-set Socket operating conditions control of plug-in unit example where volume, meets inserting for pre-set Socket operating conditions Part interface can successfully apply for the system resource to middleware unit 21, and otherwise resource bid will failure.It should be noted that Plug-in unit Provisioning Instance Identifier pluginid will be destroyed while plug-in unit is destroyed.

Step S324, when the plug-in unit carries out Socket operations, card cage module 221 is according to pre-set Socket The plug-in unit Provisioning Instance Identifier of operating condition and the plug-in unit monitors the Socket operations of the plug-in unit.

For example, it is assumed that the plug-in unit Provisioning Instance Identifier pluginid that step S322 is randomly assigned is 1314, then plug-in unit frame Whether the Socket operations that frame module 221 monitors the plug-in unit example that pluginid is 1314 meet pre-set Socket operations Condition.

Step S325, it is pre-set that card cage module 221 judges whether the Socket operations of the plug-in unit meet Socket operating conditions.If meeting pre-set Socket operating conditions, S326 is thened follow the steps；If do not met in advance The Socket operating conditions of setting, then follow the steps S327.

For example, in the present embodiment, the pre-set Socket operating conditions include：(3.1) Socket connects The data that first time for connecing sends include the destination address of self-defined header information (3.2) Socket connections be specify it is a plurality of IP address (IP address of such as carrier server)；(3.3) while the Socket connection upper limit values of unlatching are third preset value etc..

Assuming that the third preset value is 3, if the Socket of the plug-in unit is operated while the Socket connections opened are less than Or it is equal to 3, and meet (3.1) condition and (3.2) condition, then card cage module 221 judges the Socket behaviour of the plug-in unit Work meets pre-set Socket operating conditions, i.e. the Socket operations of the plug-in unit are legal.If above three condition has one Item is unsatisfactory for (such as while the Socket connections of unlatching are more than 3), then card cage module 221 judges the Socket operations of the plug-in unit Pre-set Socket operating conditions are not met, i.e. the Socket operations of the plug-in unit are illegal.

It should be noted that the pre-set Socket operating conditions can follow pluginid to note in step S323 It in volume to the card i/f 2210 of card cage module 221, can also be built in the description information of plug-in unit (without registration), very Extremely can a part of condition be built in the description information of plug-in unit, such as the changeless condition for not allowing user voluntarily to change (such as above-mentioned condition 3.1), another part condition are registered in the card i/f 2210 of card cage module 221, such as allow user The condition (such as above-mentioned condition 3.2 and 3.3) voluntarily changed.

Step S326, card cage module 221 return to Socket to plugin manager 210 and operate successful information, then Continue to execute Socket operations.

Step S327, card cage module 221 prevent the Socket from operating, and are then returned to plugin manager 210 The information of Socket operation failures.

The description of figure 8 above to Figure 10 specifically describe the card cage module 221 in bound cell 22 according to plug-in unit reality The resource control method that example identifier control plug-in unit internal memory operation, document function and Socket are operated, it is to be understood that its He can also refer to above-mentioned resource control method at plug-in unit operation, and method is：Pre-set corresponding plug-in unit operating condition, and according to Pre-set plug-in unit operating condition, monitors the corresponding operating of plug-in unit.

The plug-in unit peace of the middleware card cage design system 20 is specifically introduced below in conjunction with the description of Figure 11 to Figure 13 Full mechanism, including：Safety publication flow downloads checking process and operation checking process.

It is that plug-in security is sent out in the plug-in security control method the present invention is based on middleware card cage refering to fig. 1 shown in 1 Cloth flow chart.This method is based on above-mentioned middleware card cage.

Step S401, server-side 1 generates a random key, and add-on file is encrypted using the random key, Obtain encrypted add-on file (such as * .so files).

For example, using 3DES (Triple Data Encryption Algorithm, triple data encryption algorithm) to inserting Part file is encrypted.In the present embodiment, an add-on file represents a plug-in unit.

Step S402, server-side 1 are encrypted to obtain the number of the add-on file to the initial clip Text of the add-on file Word is signed, and the digital signature is encrypted using the private key of server-side, obtains encrypted digital signature.

Specifically, server-side 1 calculates the add-on file first with preset summarization generation algorithm, such as utilize Hash algorithm carries out Hash operation to the add-on file, obtains initial clip Text (the i.e. local of server-side 1 of the add-on file Initial clip Text).Then, server-side 1 utilizes preset Encryption Algorithm, such as MD5 (Message Digest Algorithm 5, Message Digest 5 the 5th edition) Encryption Algorithm, which is encrypted to obtain the number label of the add-on file Name.

Step S403 is encrypted the configuration parameter of the add-on file using the private key of server-side 1, obtains encrypted Configure parameter.In the present embodiment, the configuration parameter includes, but are not limited to the boundaries such as plug-in unit identifier classid and version number Face input parameter or command line parameter.

Step S404 is encrypted above-mentioned random key using the private key of server-side 1, obtains encrypted with secret Key.

Step S405 makees encrypted random key, encrypted configuration parameter and above-mentioned encrypted digital signature It for plug-in unit description information (such as * .json files), is attached in encrypted add-on file (such as * .so files), generates a plug-in unit Compressed package (such as * .zip files).

It is plug-in download school in the plug-in security control method the present invention is based on middleware card cage refering to fig. 1 shown in 2 Test flow chart.This method is based on above-mentioned middleware card cage.

Step S411, when client 2 downloads a plug-in unit compressed package from server-side 1, the plugin manager in client 2 210 start the checking process to the plug-in unit compressed package.

As described above, the plug-in unit compressed package includes：Encrypted add-on file and plug-in unit description information, the plug-in unit description Information includes：Encrypted random key, encrypted configuration parameter, encrypted digital signature, the encrypted configuration Parameter includes：The information such as encrypted plug-in unit identifier classid, encrypted version number.

Step S412, the plugin manager 210 in client 2 is using the public key of client 2 to encrypted random key It is decrypted, the random key after being decrypted, i.e., the random key that server-side 1 generates.

Step S413, plugin manager 210 are decrypted the encrypted add-on file using the random key, obtain Add-on file after decryption.

Step S414, plugin manager 210 are (i.e. above-mentioned preset to pluck using summarization generation algorithm identical with server-side 1 Want generating algorithm) add-on file after the decryption is once calculated again, after using identical hash algorithm to the decryption Add-on file carry out a Hash operation again, obtain a new clip Text (i.e. the clip Text of client).

Step S415, plugin manager 210 are decrypted the encrypted digital signature using the public key of client 2, The clip Text of add-on file after being decrypted.

Step S416, plugin manager 210 judge whether new clip Text is consistent with the clip Text decrypted.

Step S417, if new clip Text is consistent with the clip Text decrypted, plugin manager 210 judges Verification passes through, and controls the add-on file and is installed.

Step S418, if new clip Text and the clip Text decrypted are inconsistent, plugin manager 210 judges Verification failure, prevents the installation of the add-on file.

In the present embodiment, the plug-in download verification is implemented in client 2, that is, executes and download verification for the first time.At it In his embodiment, the plug-in download verification can also be performed in server-side 1, that is, execute plug-in download verification twice, further Improve the safety of plug-in unit verification.If plug-in download verification is implemented in server-side 1, hereinafter referred to as second of download verification.

Second of download, which verifies, includes：The clip Text that client 2 decrypts is sent to service by plugin manager 210 End 1, server-side 1 with local initial clip Text verify using the clip Text decrypted and back-checking result extremely Client 2.If the clip Text decrypted is consistent with local initial clip Text, the judgement verification of server-side 1 passes through； If the clip Text decrypted and local initial clip Text are inconsistent, the judgement verification failure of server-side 1.If the The primary check results downloaded verification (client checking process) and download verification (server-side checking process) for the second time all pass through, Then follow the steps S417.If the check results failure downloaded verification for the first time or download verification second, thens follow the steps S418。

It is plug-in component operation school in the plug-in security control method the present invention is based on middleware card cage refering to fig. 1 shown in 3 Test flow chart.This method is based on above-mentioned middleware card cage.

Step S421, when a plug-in unit of client 2 starts, plugin manager 210 starts the verification stream to the plug-in unit Journey.In the present embodiment, an add-on file represents a plug-in unit.

Step S422, the local that plugin manager 210 obtains the plug-in unit from the card i/f 2210 of bound cell 22 are inserted Part identifier.

As previously mentioned, each plug-in unit uniquely distribution one plug-in unit identifier, be denoted as classid, respectively by：It is packed into slotting In the plug-in unit description information of part compressed package and in the api interface (card i/f 2210) of add-in developer realization.Developing plug Person needs correctly to quote the classid in plug-in unit correlation api interface, because will be based on the classid during plug-in component operation It is compared, to verify the legitimacy of plug-in unit.

Step S423, plugin manager 210 identify encrypted plug-in unit in plug-in unit compressed package using the public key of client 2 Symbol is decrypted, and obtains the plug-in unit identifier after plug-in unit decryption.

Whether step S424, the plug-in unit identifier after the judgement decryption of plugin manager 210 are consistent with local plug-in unit identifier.

Step S425, if the plug-in unit identifier after decryption is consistent with local plug-in unit identifier, plugin manager 210 is sentenced Fixed verification passes through, and controls the plug-in unit normal operation.

Step S426, if the plug-in unit identifier and local plug-in unit identifier after decryption are inconsistent, plugin manager 210 Judgement verification failure, prevents the operation of the plug-in unit.

In other embodiments, the plug-in component operation checking process can also be during plug-in component operation, every preset Interval time (such as 10 minutes) executes primary.

In conclusion the above is merely preferred embodiments of the present invention, being not intended to limit the scope of the present invention. All within the spirits and principles of the present invention, any modification, equivalent replacement, improvement and so on should be included in the present invention's Within protection domain.