diff options
| author | fengweihao <[email protected]> | 2020-10-30 19:37:24 +0800 |
|---|---|---|
| committer | fengweihao <[email protected]> | 2020-10-30 19:37:24 +0800 |
| commit | 9f2d64e865095ac064d5eb0dd5118cbe9132e23f (patch) | |
| tree | c0071c2efde5cf54e076b479b30653d8ec9c33be | |
| parent | 81eef836b6e0e5e0fe0cb7f750f8162d901b0d3d (diff) | |
适配界面PXY_PROFILE_KEYRING表结构变更v2.1.4-20201030
| -rw-r--r-- | program/include/cert_conf.h | 2 | ||||
| -rw-r--r-- | program/src/cert_session.cpp | 32 | ||||
| -rw-r--r-- | resource/conf/table_info.conf | 2 |
3 files changed, 26 insertions, 10 deletions
diff --git a/program/include/cert_conf.h b/program/include/cert_conf.h index 0e28062..0dda0d4 100644 --- a/program/include/cert_conf.h +++ b/program/include/cert_conf.h @@ -37,6 +37,8 @@ struct tfe_http_request{ struct pxy_obj_keyring{ int keyring_id; + int use_hsm; + int slot_id; uint64_t expire_time; EVP_PKEY *key; X509 *issuer; diff --git a/program/src/cert_session.cpp b/program/src/cert_session.cpp index 25c5540..4853cdd 100644 --- a/program/src/cert_session.cpp +++ b/program/src/cert_session.cpp @@ -1170,6 +1170,15 @@ static int x509_online_append(struct x509_object_ctx *def, struct tfe_http_reque goto modify; } } + + if(pxy_obj->use_hsm) + { + cacrt = (is_valid == 1) ? def->root : def->insec_root; + cakey = (is_valid == 1) ? def->key : def->insec_key; + expire_time = cfg_instanec()->expire_after; + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Warning: HSM is not supported, use local keypair, sign cert!!!"); + goto modify; + } if (!STRCMP(pxy_obj->keyring_type, "end-entity")) { mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The certificate(%d) type is an entity",keyring_id); @@ -2196,10 +2205,10 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__) memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring)); atomic64_set(&pxy_obj->ref_cnt, 1); - ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d", &pxy_obj->keyring_id, profile_name, + ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d\t%d\t%d", &pxy_obj->keyring_id, profile_name, pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_time, pxy_obj->public_algo, - pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->is_valid); - if(ret!=10) + pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->use_hsm, &pxy_obj->slot_id, &pxy_obj->is_valid); + if(ret!=12) { kfree(pxy_obj); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore parse config failed: %s", table_line); @@ -2213,12 +2222,17 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__) pxy_obj->keyring_id); goto finish; } - /*Load PRIVATEKEY**/ - if ((pxy_obj->key = cert_load_key(private_file)) == NULL){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "initialize the x509 privatekey failed, the keyring id is %d", - pxy_obj->keyring_id); - goto finish; - } + + if(pxy_obj->use_hsm == 0) + { + /*Load PRIVATEKEY**/ + if ((pxy_obj->key = cert_load_key(private_file)) == NULL){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "initialize the x509 privatekey failed, the keyring id is %d", + pxy_obj->keyring_id); + goto finish; + } + } + mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "initialize the x509 certificate, the keyring id is %d", pxy_obj->keyring_id); *ad = pxy_obj; diff --git a/resource/conf/table_info.conf b/resource/conf/table_info.conf index 21d4105..df14e30 100644 --- a/resource/conf/table_info.conf +++ b/resource/conf/table_info.conf @@ -17,4 +17,4 @@ #id name type src_charset dst_charset do_merge cross_cache quick_mode 1 COMPILE compile 2 GROUP group -3 PXY_PROFILE_KEYRING plugin {"key":1,"valid":10,"foreign":"4,5"} +3 PXY_PROFILE_KEYRING plugin {"key":1,"valid":12,"foreign":"4,5"} |