summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfengweihao <[email protected]>2018-09-10 10:01:27 +0800
committerfengweihao <[email protected]>2018-09-10 10:01:27 +0800
commite971346db2ec6790fe2c0aa2f70f63d264abe4e0 (patch)
tree4d9a83670b2050c7cbc34faf2b09f71aa2b3f5d6
parent2a844d3205382edf65592938643b155cdb63f43d (diff)
1.添加keyringid未注册情况下,读取本地默认证书mesalab-def-cert签发证书
2.添加valid为不可用,读取keyringid为256不信任证书mesalab-insec签发证书 3.添加证书类型为实体证书,本地签发流程(证书可用优先级 > 证书类型) 4.添加全量增量匹配链表头迁移
Diffstat
-rw-r--r--README.md10
-rw-r--r--ca/mesalab-def-cert.cer15
-rw-r--r--ca/mesalab-def-cert.key15
-rw-r--r--ca/mesalab-insec-cert.cer15
-rw-r--r--ca/mesalab-insec-cert.key15
-rw-r--r--conf/cert_store.ini6
-rw-r--r--conf/pxy_obj_keyring.json11
-rw-r--r--src/cert_conf.c42
-rw-r--r--src/cert_conf.h35
-rw-r--r--src/cert_session.c298
-rw-r--r--src/cert_session.h10
-rw-r--r--src/cert_store.c10
12 files changed, 291 insertions, 191 deletions
diff --git a/README.md b/README.md
index 7178d1d..746b4e7 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,15 @@ src/rt 公共函数
1. cd src && make
2. ./cert_store --normal<--normal|--daemon>
备注:
-发送请求命令:curl -X GET "x.x.x.x:9995/ca?host="www.qq.com"&flag=1&valid=1" -m 30 -v
+发送请求命令:
+keyring id存在(读取表指定的证书颁发)
+curl -X GET "192.168.11.100:9991/ca?kering_id=1&origin_cert="xxxxxxxx"" -m 30 -v
+keyring id不存在(读取本地默认证书颁发)
+curl -X GET "192.168.11.100:9991/ca?kering_id=12&origin_cert="xxxxxxx"" -m 30 -v
+keyring id存在,表中valid为不可用(读取keyring id = 256,不信任证书颁发)
+curl -X GET "192.168.11.100:9991/ca?kering_id=5&origin_cert="xxxxxxx"" -m 30 -v
+keyring id存在,证书类型为实体证书
+curl -X GET "192.168.11.100:9991/ca?kering_id=4&origin_cert="xxxxxxxx"" -m 30 -v
使用--daemon运行时,配置文件中使用绝对路径
[安装包使用]
diff --git a/ca/mesalab-def-cert.cer b/ca/mesalab-def-cert.cer
new file mode 100644
index 0000000..504b169
--- /dev/null
+++ b/ca/mesalab-def-cert.cer
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICVzCCAcACCQCJ9SZAOzkYozANBgkqhkiG9w0BAQsFADBwMQswCQYDVQQGEwJD
+TjETMBEGA1UECAwKbXlwcm92aW5jZTEPMA0GA1UEBwwGbXljaXR5MRcwFQYDVQQK
+DA5teW9yZ2FuaXphdGlvbjEQMA4GA1UECwwHbXlncm91cDEQMA4GA1UEAwwHZGVm
+YXVsdDAeFw0xODA5MDcwNzE3NDlaFw0xOTA5MDcwNzE3NDlaMHAxCzAJBgNVBAYT
+AkNOMRMwEQYDVQQIDApteXByb3ZpbmNlMQ8wDQYDVQQHDAZteWNpdHkxFzAVBgNV
+BAoMDm15b3JnYW5pemF0aW9uMRAwDgYDVQQLDAdteWdyb3VwMRAwDgYDVQQDDAdk
+ZWZhdWx0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+ciLpiYlxCSqPnIQH
+J0rcJpb0m3JYfAfTdkZ1JG/BLXjfsHQQfHgT3pDSCwnEcV37XGH34gUPjcZCGfTP
+kDyR8sitT/UQziVVbeY9OaFvinFhAdVSmsTW3F8uzsbXXvhEptRbrpo3IfNZK+Rc
+dYHzXg1eIvlsx3k4E0+TaLqR1QIDAQABMA0GCSqGSIb3DQEBCwUAA4GBAHtjn3yF
+84bNsot3XVexrwayhzVaG/HAWTuhA6QBKaU1SzOSBpeWcxosES7MdkrGzfvdsRBL
+OBxJMeTudJXtuQFU6VKfVgJWgMeMec+TgYTX5zGlrv0FTly3FjSoB9x7MFj6uweP
+p4L2k1gLRVZJ8eIb5FE17rjVXowVjMWXKa6M
+-----END CERTIFICATE-----
diff --git a/ca/mesalab-def-cert.key b/ca/mesalab-def-cert.key
new file mode 100644
index 0000000..e3bab53
--- /dev/null
+++ b/ca/mesalab-def-cert.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQC+ciLpiYlxCSqPnIQHJ0rcJpb0m3JYfAfTdkZ1JG/BLXjfsHQQ
+fHgT3pDSCwnEcV37XGH34gUPjcZCGfTPkDyR8sitT/UQziVVbeY9OaFvinFhAdVS
+msTW3F8uzsbXXvhEptRbrpo3IfNZK+RcdYHzXg1eIvlsx3k4E0+TaLqR1QIDAQAB
+AoGBAIMFwz8ogIZj6AQlii/huH79jZ171I9LxZaWKKMvDjO5NQ+wNimheHszBC99
+qJqd5CqqxDvmI9UvlNalROgIM6KFpVXcmqKJ6GCP3DaY4rLRPwNff1CVKARPNOPp
+Zy5/QiwVu42plw7EOqsd4xzyGny5o1NSQrRcsxecroBULa2BAkEA4RpLAnGOSRQ/
+ApPyt/9CIVH453LfCwa0U2EYVDq5f21bKged194c53Jp6R9VhGLGwpF/BuoTQkbA
+KM8fSyMQewJBANiWECsUrzCE8iAe1hsEZ56ep1bfLjjBcUGgl05VeWhxDDxwPhUH
+AHSXMful/NQZo65hFvKCgMS++wGKpSgM3e8CQDZcli7R463MYOcreZtr3rmTRUwH
+1suf496a/TgiMngOncyJqFngfxR58g/ljE57WErWvlmaH+qKkY+JbaJEpo8CQEmI
+GREnQpssZ6+0CGi/xBY8Mv/xYZXvRu5LAVOc/U0SJF9YlBs7d1IeCuAu6HlyAvov
+CEVpPSKO3FUXpx7Dz40CQGIDKpUn5iJcy56Sq235t5TS8McaBy0NUMo7VGSHmwcf
+J+GW2u8GK6l6iVyInnUwwhmXzVf8oij6rjoc12xvtzE=
+-----END RSA PRIVATE KEY-----
diff --git a/ca/mesalab-insec-cert.cer b/ca/mesalab-insec-cert.cer
new file mode 100644
index 0000000..d55f3fb
--- /dev/null
+++ b/ca/mesalab-insec-cert.cer
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUzCCAbwCCQC5LmMkSxbKczANBgkqhkiG9w0BAQsFADBuMQswCQYDVQQGEwJD
+TjETMBEGA1UECAwKbXlwcm92aW5jZTEPMA0GA1UEBwwGbXljaXR5MRcwFQYDVQQK
+DA5teW9yZ2FuaXphdGlvbjEQMA4GA1UECwwHbXlncm91cDEOMAwGA1UEAwwFaW5z
+ZWMwHhcNMTgwOTA3MDcxMjQwWhcNMTkwOTA3MDcxMjQwWjBuMQswCQYDVQQGEwJD
+TjETMBEGA1UECAwKbXlwcm92aW5jZTEPMA0GA1UEBwwGbXljaXR5MRcwFQYDVQQK
+DA5teW9yZ2FuaXphdGlvbjEQMA4GA1UECwwHbXlncm91cDEOMAwGA1UEAwwFaW5z
+ZWMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANbDfP8abLGN7MX7bsBkYX2l
+rNRIxejl2GcX9Dzq7QR0fMj73chwU79dPIH30fdgmhwVTg+v2bxNMnbX51vd6oKL
+2JvhGoNjZ1vNE4oBaW0G4hyidNKXclYlBCt/KcDAZIle0pZzMhzU1XdIujsYJXNI
+tQ/J1B++d8wtzEKfHZL/AgMBAAEwDQYJKoZIhvcNAQELBQADgYEAqI612hQY3tX8
+eCKaIbsSyofb/hkZG+rQ6zQ3Y8pUNm0xQrCCWPaP2+c/MGn02R8foryaSa9q0kKf
+b4LeaERq5bbvgCGIoQ7gKo/kKKTOiXbJJi/7tJARhdrUDvbnVew2/N66A4Xk62PP
+vFLj6H6oDlQo0DqA865N2ZDm0XRt+F0=
+-----END CERTIFICATE-----
diff --git a/ca/mesalab-insec-cert.key b/ca/mesalab-insec-cert.key
new file mode 100644
index 0000000..e3d6f37
--- /dev/null
+++ b/ca/mesalab-insec-cert.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDWw3z/GmyxjezF+27AZGF9pazUSMXo5dhnF/Q86u0EdHzI+93I
+cFO/XTyB99H3YJocFU4Pr9m8TTJ21+db3eqCi9ib4RqDY2dbzROKAWltBuIconTS
+l3JWJQQrfynAwGSJXtKWczIc1NV3SLo7GCVzSLUPydQfvnfMLcxCnx2S/wIDAQAB
+AoGBAKukTZAs9FXrkiKhUuCc2XXsJXb8OoBqwkuSz3aoY4m998VB1v1NGQHGaIeP
+ItZM9J4hQOQ0rRZbtEtbPuMjNzpr5yxhBjnp4ZDgutZxfgA8xVbOGcGMqf5vE6C1
++eZK3kg5a+DAPgniKx0Gy2Ov/3R0H/3tWcLFcJicG/vJFgDxAkEA7fRm3pG2vzQb
+RpJh/mhupBnq5gZ2S5zXk+ktBQ5Q4Dg4R2hl3c8TG8skCoaO4m1EhtSUk1ayR6zG
+cD/VhpJzfQJBAOcM3D3EvFYFgrsOjB3sHYuL1ctTWojfNJprukSu7B+IUIumZM0w
+ZIDMoPIXRhAl72qwzFHuH8QE+A1FdZ/ScSsCQQCeB2YaAiOfr/c9UxIJZ0mzahL6
+WOhPJwZ0kLL5XJyRjES0B70/JbrHBo4U/2/9KBwOfzd88mLL/w56lao1CSXxAkB9
+X6Ma+WhhHThlHG23xun5UPXAEQjtgIDg0lgO8QQ70BI01SOZnArNQTyMYUipdoxF
+zo3wX1BpY3DecrRy9xRlAkEAzTvYMw1R4YJ68eis4SZyjEE8dy+g92+SU4VEWnps
+f+f868w4jE6D94dgnRi0yYd/O2ctEF7+mbM/eh1mdFaxaA==
+-----END RSA PRIVATE KEY-----
diff --git a/conf/cert_store.ini b/conf/cert_store.ini
index fccbe77..65d0df8 100644
--- a/conf/cert_store.ini
+++ b/conf/cert_store.ini
@@ -3,14 +3,14 @@
DEBUG_SWITCH = 1
#10:DEBUG, 20:INFO, 30:FATAL
-RUN_LOG_LEVEL = 20
+RUN_LOG_LEVEL = 10
RUN_LOG_PATH = ./logs
[CONFIG]
thread-nu = 4
+expire_after = 30
+def-ca-path = ../ca
table_info = ../conf/table_info.conf
pxy_obj_keyring = ../conf/pxy_obj_keyring.json
-ca-path = ../ca
-valid-days = 30
[LIBEVENT]
port = 9991
[REDIS]
diff --git a/conf/pxy_obj_keyring.json b/conf/pxy_obj_keyring.json
index b81507e..04550a5 100644
--- a/conf/pxy_obj_keyring.json
+++ b/conf/pxy_obj_keyring.json
@@ -73,12 +73,13 @@
{
"table_name": "PXY_OBJ_KEYRING",
"table_content": [
- "1\t1\tname_01\troot\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1",
- "2\t1\tname_02\troot\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1",
+ "1\t1\tname_01\troot\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t15\trsa2048\tnull\t1",
+ "2\t1\tname_02\troot\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t90\trsa2048\tnull\t1",
"3\t1\tname_03\troot\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1",
- "4\t1\tname_04\tintermediate\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1",
- "5\t1\tname_05\tintermediate\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1",
- "6\t1\tname_06\tintermediate\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1"
+ "4\t1\tname_04\tend-entity\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1",
+ "5\t1\tname_05\tintermediate\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t0",
+ "6\t1\tname_06\tintermediate\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer\t30\trsa2048\tnull\t1",
+ "256\t1\tinsec\troot\t/home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.key\t/home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.cer\t30\trsa2048\tnull\t1"
]
}
]
diff --git a/src/cert_conf.c b/src/cert_conf.c
index fabe6cb..9eb3f4c 100644
--- a/src/cert_conf.c
+++ b/src/cert_conf.c
@@ -20,10 +20,11 @@
struct config_bucket_t certConfig = {
.thread_nu = 1,
- .days = 30,
- .e_port = 9995,
- .r_ip = "0.0.0.0",
- .r_port = 3366,
+ .expire_after = 30,
+ .info_path = "/home/test",
+ .pxy_path = "/home/test",
+ .def_path = "/home/test",
+ .addr_t = {9995, 3336, "0.0.0.0"},
};
struct config_bucket_t *cert_default_config()
@@ -42,23 +43,32 @@ static int load_system_config(char *config)
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed");
}
- xret = MESA_load_profile_string_nodef(config, "CONFIG", "table_info", rte->info_path, 128);
+ xret = MESA_load_profile_uint_nodef(config, "CONFIG", "expire_after", &(rte->expire_after));
if (xret < 0){
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the table_info path failed");
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of valid time failed");
}
- if(!rt_file_exsit(rte->info_path)) {
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "The table_info(%s) does not exist", rte->info_path);
+
+ xret = MESA_load_profile_string_nodef(config, "CONFIG", "def-ca-path", rte->def_path, 128);
+ if (xret < 0 && !rt_dir_exsit(rte->def_path)){
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the def path failed or the (%s) does not exist",
+ rte->def_path);
goto finish;
}
- xret = MESA_load_profile_string_nodef(config, "CONFIG", "pxy_obj_keyring", rte->pxy_path, 128);
- if (xret < 0){
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the pxy_obj_keyring path failed");
+ xret = MESA_load_profile_string_nodef(config, "CONFIG", "table_info", rte->info_path, 128);
+ if (xret < 0 && !rt_file_exsit(rte->info_path)){
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
+ rte->info_path);
+ goto finish;
}
- if(!rt_file_exsit(rte->pxy_path)) {
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "The pxy_obj_keyring(%s) does not exist", rte->pxy_path);
+
+ xret = MESA_load_profile_string_nodef(config, "CONFIG", "pxy_obj_keyring", rte->pxy_path, 128);
+ if (xret < 0 && !rt_file_exsit(rte->pxy_path)){
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the pxy obj keyring failed or the (%s) does not exist",
+ rte->pxy_path);
goto finish;
}
+
finish:
return xret;
}
@@ -69,19 +79,19 @@ static int load_module_config(char *config)
struct config_bucket_t *rte = cert_default_config();
- xret = MESA_load_profile_short_nodef(config, "LIBEVENT", "port", (short *)&(rte->e_port));
+ xret = MESA_load_profile_short_nodef(config, "LIBEVENT", "port", (short *)&(rte->addr_t.e_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Libevent Port invalid\n");
goto finish;
}
- xret = MESA_load_profile_string_nodef(config, "REDIS", "ip", rte->r_ip, 16);
+ xret = MESA_load_profile_string_nodef(config, "REDIS", "ip", rte->addr_t.r_ip, 16);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Ip invalid\n");
goto finish;
}
- xret = MESA_load_profile_short_nodef(config, "REDIS", "port", (short *)&(rte->r_port));
+ xret = MESA_load_profile_short_nodef(config, "REDIS", "port", (short *)&(rte->addr_t.r_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis Port invalid\n");
goto finish;
diff --git a/src/cert_conf.h b/src/cert_conf.h
index 36455b6..9161382 100644
--- a/src/cert_conf.h
+++ b/src/cert_conf.h
@@ -18,13 +18,12 @@
#include "MESA_htable.h"
struct request_t{
-#define DATALEN 64
- int t_id;
- int flag;
- X509 *origin;
- int kering_id;
- char host[DATALEN];
+#define DATALEN 128
+ int thread_id;
char *odata;
+ X509 *origin;
+ int keyring_id;
+ char rkey[DATALEN];
struct evhttp_request *evh_req;
};
@@ -43,25 +42,23 @@ struct pxy_obj_keyring{
struct key_ring_list
{
- uint64_t sum_cnt;
- MESA_htable_handle htable;
+ uint64_t sum_cnt;
+ MESA_htable_handle htable, oldhtable;
+};
+
+struct _initer_addr_t{
+ uint16_t e_port; /* libevent prot*/
+ uint16_t r_port; /* redis port*/
+ char r_ip[16]; /* redis ip */
};
struct config_bucket_t{
unsigned int thread_nu;
-
- unsigned int days;
-
+ unsigned int expire_after;
char info_path[128];
-
char pxy_path[128];
-
- uint16_t e_port; /* libevent prot*/
-
- char r_ip[16]; /* redis ip */
-
- uint16_t r_port; /* redis port*/
-
+ char def_path[128];
+ struct _initer_addr_t addr_t;
struct key_ring_list keyring;
};
diff --git a/src/cert_session.c b/src/cert_session.c
index 9c47c26..220b008 100644
--- a/src/cert_session.c
+++ b/src/cert_session.c
@@ -47,9 +47,10 @@
#define WAIT_FOR_EFFECTIVE_US 1000*1000
#define SG_DATA_SIZE 4096
+#define SG_INSEC_ID 256
-#define DEFAULT_PRIVATEKEY_NAME "mesalab-ca-cert.key"
-#define DEFAULT_CA_CERTIFICATE "mesalab-ca-cert.cer"
+#define DEFAULT_PRIVATEKEY_NAME "mesalab-def-cert.key"
+#define DEFAULT_CA_CERTIFICATE "mesalab-def-cert.cer"
static libevent_thread *threads;
@@ -88,33 +89,32 @@ MESA_internal_htable_set_opt(MESA_htable_handle table, enum MESA_htable_opt opt_
return ret;
}
-static int
-key_ring_list_create(struct key_ring_list *keyring)
+static MESA_htable_handle
+key_ring_list_create()
{
- int ret = 0;
+ int ret = 0;
+ MESA_htable_handle *htable = NULL;
- keyring->htable = MESA_htable_born();
- assert(keyring->htable != NULL);
- keyring->sum_cnt = 0;
+ htable = MESA_htable_born();
+ assert(htable != NULL);
- MESA_internal_htable_set_opt(keyring->htable, MHO_SCREEN_PRINT_CTRL, 0);
- MESA_internal_htable_set_opt(keyring->htable, MHO_THREAD_SAFE, 1);
+ MESA_internal_htable_set_opt(htable, MHO_SCREEN_PRINT_CTRL, 0);
+ MESA_internal_htable_set_opt(htable, MHO_THREAD_SAFE, 1);
- MESA_internal_htable_set_opt(keyring->htable, MHO_MUTEX_NUM, 16);
- MESA_internal_htable_set_opt(keyring->htable, MHO_HASH_SLOT_SIZE, 1024);
- MESA_internal_htable_set_opt(keyring->htable, MHO_HASH_MAX_ELEMENT_NUM, 2048);
- MESA_internal_htable_set_opt(keyring->htable, MHO_EXPIRE_TIME, 0);
+ MESA_internal_htable_set_opt(htable, MHO_MUTEX_NUM, 16);
+ MESA_internal_htable_set_opt(htable, MHO_HASH_SLOT_SIZE, 1024);
+ MESA_internal_htable_set_opt(htable, MHO_HASH_MAX_ELEMENT_NUM, 2048);
+ MESA_internal_htable_set_opt(htable, MHO_EXPIRE_TIME, 0);
- MESA_internal_htable_set_opt(keyring->htable, MHO_ELIMIMINATE_TYPE,
- HASH_ELIMINATE_ALGO_LRU);
- ret = MESA_htable_mature(keyring->htable);
+ MESA_internal_htable_set_opt(htable, MHO_ELIMIMINATE_TYPE,
+ HASH_ELIMINATE_ALGO_LRU);
+ ret = MESA_htable_mature(htable);
if(ret != 0){
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "MESA_htable_mature error!\n");
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "MESA htable mature running error!\n");
goto finish;
}
-
finish:
- return ret;
+ return htable;
}
void x509_get_private_key(EVP_PKEY *pkey, char *pubkey)
@@ -126,7 +126,6 @@ void x509_get_private_key(EVP_PKEY *pkey, char *pubkey)
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "unable to create BIO for output\n");
goto finish;
}
-
PEM_write_bio_PrivateKey(bp, pkey, NULL, NULL, 0, NULL, NULL);
len = BIO_read(bp, pubkey, SG_DATA_SIZE);
if(len <= 0) {
@@ -177,12 +176,11 @@ static void key_ring_free(void *data)
EVP_PKEY_free(pxy_obj->key);
}
-void key_ring_list_destroy(struct key_ring_list *keyring)
+void key_ring_list_destroy(MESA_htable_handle *htable)
{
- keyring->sum_cnt = 0;
- MESA_htable_destroy(keyring->htable, key_ring_free);
- keyring->htable = NULL;
- return;
+ MESA_htable_destroy(*htable, key_ring_free);
+ *htable = NULL;
+ return;
}
int
@@ -264,10 +262,11 @@ ssl_x509_v3ext_copy_by_nid(X509 *crt, X509 *origcrt, int nid)
return -1;
return 1;
}
-
-int x509_get_cn_name(X509 *origcrt, char *cn_name)
+#if 0
+static int
+x509_get_cn_name(X509 *origcrt, char *cn_name)
{
- int len = 0;
+ int len = 0, xret = -1;
X509_NAME *subject = NULL;
subject = X509_get_subject_name(origcrt);
@@ -276,11 +275,12 @@ int x509_get_cn_name(X509 *origcrt, char *cn_name)
}
len = X509_NAME_get_text_by_NID(subject, NID_commonName, cn_name, 256);
if (len > 0){
- printf("cn_name = %s\n", cn_name);
+ xret = 0;
}
finish:
- return 0;
+ return xret;
}
+#endif
X509 *
x509_modify_by_cert_bak(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey,
@@ -617,7 +617,7 @@ int redis_rsync_init(struct event_base *base, struct redisAsyncContext **cl_ctx)
int xret = -1;
struct config_bucket_t *redis = cert_default_config();
- *cl_ctx = redisAsyncConnect(redis->r_ip, redis->r_port);
+ *cl_ctx = redisAsyncConnect(redis->addr_t.r_ip, redis->addr_t.r_port);
if((*cl_ctx)->err ) {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis Connect error : %s", (*cl_ctx)->errstr);
goto finish;
@@ -784,45 +784,55 @@ err:
return NULL;
}
-static uint64_t
-x509_online_append(X509 *origin, int id, char *root, char *sign, char *pkey)
+static int
+x509_online_append(struct x509_object_ctx *def, X509 *origin, int id,
+ char *root, char *sign, char *pkey)
{
- void *res = NULL;
- uint64_t expire_after = 0;
+ void *odata = NULL;
+ int _expire = 0;
+ X509 *_root = NULL; EVP_PKEY *_key = NULL;
struct key_ring_list *keyring = &cert_default_config()->keyring;
- res = MESA_htable_search(keyring->htable, (const uchar *)&id, sizeof(int));
- if (!res){
- mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The table where keyringid = %d was not found", 1);
- goto finish;
+ odata = MESA_htable_search(keyring->htable, (const uchar *)&id, sizeof(int));
+ if ( !odata ){
+ _root = def->root;
+ _key = def->key;
+ _expire = cert_default_config()->expire_after;
+ mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Sing certificates using local default certificates");
+ } else {
+ struct pxy_obj_keyring *pxy_obj = (struct pxy_obj_keyring *)odata;
+ if (pxy_obj->is_valid != 1){
+ id = SG_INSEC_ID;
+ odata = MESA_htable_search(keyring->htable, (const uchar *)&id, sizeof(int));
+ if ( !odata){
+ mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Read insecure certificate failed");
+ goto finish;
+ }
+ pxy_obj = (struct pxy_obj_keyring *)odata;
+ }else{
+ if (!STRCMP(pxy_obj->type, "end-entity")){
+ x509_get_msg_from_ca(pxy_obj->root, sign);
+ x509_get_private_key(pxy_obj->key, pkey);
+ goto finish;
+ }
+ }
+ _root = pxy_obj->root;
+ _key = pxy_obj->key;
+ _expire = pxy_obj->expire_after;
}
- struct pxy_obj_keyring *pxy_obj = (struct pxy_obj_keyring *)res;
- if (pxy_obj->is_valid != 1){
- mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Table information is invalid");
+ X509* x509 = x509_modify_by_cert_bak(_root, _key, origin, pkey,
+ _expire, NULL, NULL);
+ if (!x509){
goto finish;
}
- if (STRCMP(pxy_obj->type, "root") == 0 ||
- STRCMP(pxy_obj->type, "intermediate") == 0){
- //X509* x509 = x509_modify_by_cert(pxy_obj->root, pxy_obj->key, host, pkey, pxy_obj->expire_after);
- X509* x509 = x509_modify_by_cert_bak(pxy_obj->root, pxy_obj->key, origin, pkey,
- pxy_obj->expire_after, NULL, NULL);
-
- if (!x509){
- goto finish;
- }
- expire_after = pxy_obj->expire_after;
- x509_get_msg_from_ca(x509, sign);
- x509_get_msg_from_ca(pxy_obj->root, root);
-
- X509_free(x509);
- }
- if (STRCMP(pxy_obj->type, "end-entity")){
- }
+ x509_get_msg_from_ca(x509, sign);
+ x509_get_msg_from_ca(_root, root);
+ X509_free(x509);
finish:
- return expire_after;
+ return _expire;
}
static char readBytes(char *str)
@@ -844,30 +854,30 @@ rediSyncCommand(redisAsyncContext *cl_ctx, struct request_t *request,
int xret = -1;
redisReply *reply;
- libevent_thread *thread = threads + request->t_id;
+ libevent_thread *thread = threads + request->thread_id;
struct evhttp_request *evh_req = request->evh_req;
- reply = (redisReply *)redisCommand(thread->sync, "set %s %s ex %d nx", request->host, odata,
+ reply = (redisReply *)redisCommand(thread->sync, "set %s %s ex %d nx", request->rkey, odata,
sizeof_seconds(expire_after));
if (NULL == reply)
goto free;
switch (readBytes(reply->str)) {
case '+' :
- mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Writing data(key = %s) to redis successfully", request->host);
+ mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Writing data(%s) to redis successfully\n", request->rkey);
FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[2], FS_OP_ADD, 1);
evhttp_socket_send(evh_req, request->odata);
goto free;
case '$' :
- mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Writing data(key = %s) to redis failed", request->host);
+ mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Writing data(%s) to redis failed\n", request->rkey);
FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[1], FS_OP_ADD, 1);
- redisAsyncCommand(cl_ctx, redis_reget_callback, request, "GET %s", request->host);
+ redisAsyncCommand(cl_ctx, redis_reget_callback, request, "GET %s", request->rkey);
freeReplyObject(reply);
goto finish;
default :
- mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Read redis data(key = %s) return code failed", request->host);
+ mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Read redis data(%s) return code failed\n", request->rkey);
evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0);
goto free;
}
@@ -946,26 +956,26 @@ static int
redis_clnt_pdu_send(struct request_t *request, redisAsyncContext *c)
{
int xret = -1;
- uint64_t expire_after;
+ int expire_after;
uint64_t startTime = 0, endTime = 0;
- libevent_thread *thread = threads + request->t_id;
- char sign[SG_DATA_SIZE] = {0}, pkey[SG_DATA_SIZE] = {0};
- char root[SG_DATA_SIZE] = {0};
+ libevent_thread *info = threads + request->thread_id;
+ char sign[SG_DATA_SIZE] = {0}, pkey[SG_DATA_SIZE] = {0};
+ char root[SG_DATA_SIZE] = {0};
startTime = rt_time_ns();
- expire_after = x509_online_append(request->origin, request->kering_id, root, sign, pkey);
+ expire_after = x509_online_append(&info->def, request->origin, request->keyring_id, root, sign, pkey);
if (sign[0] == '\0' && pkey[0] == '\0'){
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to issue certificate");
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to sign certificate\n");
evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0);
goto finish;
}
endTime = rt_time_ns();
- thread->diffTime += (endTime - startTime);
+ info->diffTime += (endTime - startTime);
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "%lu - %lu = %lu\n", startTime, endTime, endTime - startTime);
- FS_internal_operate(SGstats.handle, thread->column_ids, SGstats.line_ids[3], FS_OP_SET, thread->diffTime);
- FS_internal_operate(SGstats.handle, thread->field_ids, 0, FS_OP_ADD, 1);
+ FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[3], FS_OP_SET, info->diffTime);
+ FS_internal_operate(SGstats.handle, info->field_ids, 0, FS_OP_ADD, 1);
#if 0
char *chain[6] ={0};
@@ -978,7 +988,7 @@ redis_clnt_pdu_send(struct request_t *request, redisAsyncContext *c)
#endif
xret = rediSyncCommand(c, request, request->odata, expire_after);
if (xret < 0){
- mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to set information to redis server");
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to set information to redis server\n");
goto finish;
}
xret = 0;
@@ -992,7 +1002,7 @@ redis_clnt_send(struct request_t *request, redisReply *reply)
int xret = -1;
char odata[SG_DATA_SIZE * 2] = {0};
- libevent_thread *thread = threads + request->t_id;
+ libevent_thread *thread = threads + request->thread_id;
if (!reply && !reply->str){
evhttp_send_error(request->evh_req, HTTP_NOTFOUND, 0);
@@ -1021,13 +1031,13 @@ void redis_get_callback(redisAsyncContext *c, void *r, void *privdata)
switch(reply->type){
case REDIS_REPLY_STRING:
- mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Sends the certificate information to the requestor");
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Sends the certificate information to the requestor\n");
xret = redis_clnt_send(request, reply);
break;
case REDIS_REPLY_NIL:
- mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Generating certificate information");
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Generating certificate information\n");
xret = redis_clnt_pdu_send(request, c);
break;
@@ -1166,11 +1176,9 @@ finish:
}
static int
-thread_decode_uri(const char *uri, char *host,
- int *flag, X509 **origin, int *keyring_id)
+thread_decode_uri(const char *uri, X509 **origin, int *keyring_id)
{
- const char *fg = NULL, *cert = NULL;
- const char *ht = NULL, *id = NULL;
+ const char *cert = NULL, *id = NULL;
char *decoded_uri = NULL, *ecode_uri = NULL;
struct evkeyvalq params;
@@ -1179,13 +1187,6 @@ thread_decode_uri(const char *uri, char *host,
goto finish;
}
evhttp_parse_query(uri, &params);
-
- ht = evhttp_find_header(&params, "host");
- if (ht != NULL)
- memcpy(host, ht, strlen(ht));
- fg = evhttp_find_header(&params, "flag");
- if (fg)
- *flag = atoi(fg);
id = evhttp_find_header(&params, "kering_id");
if (id)
*keyring_id = atoi(id);
@@ -1205,7 +1206,7 @@ static void
evhttp_socket_close_cb(struct evhttp_connection *evcon,
void __attribute__((__unused__))*arg)
{
- mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Evhttp connection is broken");
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Evhttp connection is broken\n");
if (NULL == evcon){
goto finish;
}
@@ -1213,6 +1214,21 @@ finish:
return;
}
+static int
+x509_get_rkey(X509 *origin, int keyring_id, char *rkey)
+{
+ unsigned int len = 0, i = 0;
+ char hex[EVP_MAX_MD_SIZE] = {0};
+ unsigned char fdig[EVP_MAX_MD_SIZE] = {0};
+
+ X509_digest(origin, EVP_sha1(), fdig, &len);
+ for (i = 0; i < len ; ++i){
+ sprintf(hex + i * sizeof(unsigned char) * 2, "%02x", fdig[i]);
+ }
+ snprintf(rkey, DATALEN, "%d:%s", keyring_id, hex);
+ return 0;
+}
+
void
pthread_work_proc(struct evhttp_request *evh_req, void *arg)
{
@@ -1220,7 +1236,7 @@ pthread_work_proc(struct evhttp_request *evh_req, void *arg)
const char *cmdtype = NULL;
struct request_t *request = NULL;
struct evhttp_uri *decoded = NULL;
- libevent_thread *t = (libevent_thread *)arg;
+ libevent_thread *info = (libevent_thread *)arg;
/* we want to know if this connection closes on us */
evhttp_connection_set_closecb(evhttp_request_get_connection(evh_req), evhttp_socket_close_cb, NULL);
@@ -1235,30 +1251,33 @@ pthread_work_proc(struct evhttp_request *evh_req, void *arg)
request = (struct request_t *) kmalloc (sizeof(struct request_t), MPF_CLR, -1);
if (request != NULL){
- request->t_id = t->id;
+ request->thread_id = info->id;
request->evh_req = evh_req;
}
switch (evhttp_request_get_command(evh_req)) {
case EVHTTP_REQ_GET: cmdtype = "GET"; break;
default: cmdtype = "unknown"; break;
}
- FS_internal_operate(SGstats.handle, t->column_ids, SGstats.line_ids[0], FS_OP_ADD, 1);
+ FS_internal_operate(SGstats.handle, info->column_ids, SGstats.line_ids[0], FS_OP_ADD, 1);
- thread_decode_uri(uri, request->host, &request->flag, &request->origin, &request->kering_id);
- mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[Thread %d]Received a %s request for %s, host:%s, flag:%d, valid:%p\nHeaders:",
- request->t_id, cmdtype, uri, request->host,
- request->flag, request->origin);
+ thread_decode_uri(uri, &request->origin, &request->keyring_id);
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "[Thread %d]Received a %s request for uri, kering_id:%d, origin:%p\n",
+ request->thread_id, cmdtype, request->keyring_id, request->origin);
- if (request->host[0] == '\0' ||
- request->origin == NULL ||
- !request->evh_req){
+ if (request->origin == NULL || !request->evh_req){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to resolve the request url");
kfree(request);
evhttp_uri_free(decoded);
goto error;
}
- xret = redisAsyncCommand(t->cl_ctx, redis_get_callback, request, "GET %s", request->host);
+ x509_get_rkey(request->origin, request->keyring_id, request->rkey);
+ if (request->rkey[0] == '\0'){
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Get the redis key from the certificate failed\n");
+ goto error;
+ }
+ mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "Redis key is %s\n", request->rkey);
+ xret = redisAsyncCommand(info->cl_ctx, redis_get_callback, request, "GET %s", request->rkey);
if (xret < 0)
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to get information from redis server");
@@ -1278,7 +1297,7 @@ int redis_sync_init(struct redisContext **c)
struct timeval timeout = { 1, 500000 }; // 1.5 seconds
- *c = redisConnectWithTimeout(redis->r_ip, redis->r_port, timeout);
+ *c = redisConnectWithTimeout(redis->addr_t.r_ip, redis->addr_t.r_port, timeout);
if (*c == NULL || (*c)->err) {
if (*c) {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Sync connection error: %s\n", (*c)->errstr);
@@ -1295,23 +1314,33 @@ finish:
}
static int
-cert_task_private_init(struct event_base *base, libevent_thread *me)
+task_private_init(struct event_base *base, libevent_thread *info)
{
int xret = -1;
+ char key_path[256] = {0}, cert_path[256] = {0};
/* Initialize the redis connection*/
- xret = redis_rsync_init(base, &me->cl_ctx);
- if (xret < 0 || !me->cl_ctx){
+ xret = redis_rsync_init(base, &info->cl_ctx);
+ if (xret < 0 || !info->cl_ctx){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the redis connection is failure\n");
goto finish;
}
- xret = redis_sync_init(&me->sync);
- if (xret < 0 || !me->sync){
+ xret = redis_sync_init(&info->sync);
+ if (xret < 0 || !info->sync){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the sync redis connection is failure\n");
goto finish;
}
+ /* Initialize the X509 CA*/
+ snprintf(key_path, sizeof(key_path), "%s/%s", cert_default_config()->def_path, DEFAULT_PRIVATEKEY_NAME);
+ snprintf(cert_path, sizeof(cert_path), "%s/%s", cert_default_config()->def_path, DEFAULT_CA_CERTIFICATE);
+
+ xret = x509_privatekey_init(key_path, cert_path, &info->def.key, &info->def.root);
+ if (xret < 0 || !(info->def.key) || !(info->def.root)){
+ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the x509 certificate");
+ goto finish;
+ }
finish:
return xret;
}
@@ -1338,7 +1367,7 @@ static void *pthread_worker_libevent(void *arg)
}
/* Context initialization */
- xret = cert_task_private_init(base, thread);
+ xret = task_private_init(base, thread);
if (xret < 0){
goto error;
}
@@ -1347,7 +1376,7 @@ static void *pthread_worker_libevent(void *arg)
bound = evhttp_accept_socket_with_handle(http, thread->accept_fd);
if (bound != NULL) {
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Bound(%p) to port %d - Awaiting connections ... ", bound,
- cert_default_config()->e_port);
+ cert_default_config()->addr_t.e_port);
}
event_base_dispatch(base);
@@ -1425,7 +1454,7 @@ libevent_socket_init()
/* Create a new evhttp object to handle requests. */
memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET;
- sin.sin_port = htons(cert_default_config()->e_port);
+ sin.sin_port = htons(cert_default_config()->addr_t.e_port);
accept_fd = evhttp_listen_socket_byuser((struct sockaddr*)&sin, sizeof(struct sockaddr_in),
LEV_OPT_REUSEABLE_PORT|LEV_OPT_CLOSE_ON_FREE, -1);
if (accept_fd < 0) {
@@ -1496,6 +1525,7 @@ void sigproc(int __attribute__((__unused__))sig)
redisFree(thread->sync);
}
key_ring_list_destroy(rte->keyring.htable);
+ key_ring_list_destroy(rte->keyring.oldhtable);
}
kfree(threads);
@@ -1548,23 +1578,21 @@ static int mesa_fiel_stat_init()
void Maat_read_entry_start_cb(int update_type, void* u_para)
{
- int xret = 0;
-
+#define CM_UPDATE_TYPE_FULL 1
+#define CM_UPDATE_TYPE_INC 2
struct key_ring_list *keyring = (struct key_ring_list *)u_para;
- if (update_type != 1)
+ if (update_type != CM_UPDATE_TYPE_FULL)
goto finish;
- /** The current behavior is full, and the original keyring chain is deleted */
- if (keyring->htable){
- key_ring_list_destroy(keyring);
- }
+ if (keyring->oldhtable)
+ key_ring_list_destroy(keyring->oldhtable);
- xret = key_ring_list_create(keyring);
- if (xret == 0){
- mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The initial keyring list was successful, addr is %p\n",
- keyring->htable);
- }
+ /*Keyring list initialization **/
+ keyring->oldhtable = key_ring_list_create();
+ keyring->sum_cnt = 0;
+ mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The initial key ring list was successful, addr is %p\n",
+ keyring->htable);
finish:
return;
}
@@ -1588,6 +1616,7 @@ Maat_read_entry_cb(int __attribute__((__unused__))table_id, const char* table_li
sscanf(table_line, "%d\t%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d", &pxy_obj->id, &pxy_obj->service, pxy_obj->name,
pxy_obj->type, private_file, public_file, &pxy_obj->expire_after, pxy_obj->public_algo,
pxy_obj->ctl, &pxy_obj->is_valid);
+
xret = x509_privatekey_init(private_file, public_file, &pxy_obj->key, &pxy_obj->root);
if (xret < 0 || !pxy_obj->key || !pxy_obj->root){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the x509 certificate, the keyring id is %d",
@@ -1604,17 +1633,12 @@ finish:
void Maat_read_entry_finish_cb(void* u_para)
{
- long long version=0;
- Maat_feather_t feather = u_para;
- int ret = 0, is_last_updating_table = 0;
-
- ret = Maat_inter_read_state(feather,MAAT_STATE_VERSION, &version, sizeof(version));
- assert(ret==0);
-
- ret = Maat_inter_read_state(feather,MAAT_STATE_LAST_UPDATING_TABLE, &is_last_updating_table, sizeof(is_last_updating_table));
- assert(ret==0);
- //printf("Maat Version %lld at plugin finish callback, is_last_update=%d.\n",version,is_last_updating_table);
+ MESA_htable_handle tmphtable = NULL;
+ struct key_ring_list *keyring = (struct key_ring_list *)u_para;
+ tmphtable = keyring->htable;
+ keyring->htable = keyring->oldhtable;
+ keyring->oldhtable = tmphtable;
return;
}
@@ -1648,16 +1672,11 @@ int maat_feather_init()
feather = Maat_inter_feather(rte->thread_nu, rte->info_path, logging_sc_lid.run_log_handle);
Maat_inter_set_feather_opt(feather, MAAT_OPT_INSTANCE_NAME, "certstore", strlen("certstore") + 1);
-
-
Maat_inter_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, rte->pxy_path, strlen(rte->pxy_path)+1);
Maat_inter_set_feather_opt(feather, MAAT_OPT_SCANDIR_INTERVAL_MS,&scan_interval_ms, sizeof(scan_interval_ms));
Maat_inter_set_feather_opt(feather, MAAT_OPT_EFFECT_INVERVAL_MS,&effective_interval_ms, sizeof(effective_interval_ms));
Maat_inter_initiate_feather(feather);
- /*Keyring list initialization **/
- key_ring_list_create(&rte->keyring);
-
sample_plugin_table(feather, "PXY_OBJ_KEYRING",
Maat_read_entry_start_cb,
Maat_read_entry_cb,
@@ -1674,6 +1693,7 @@ int cert_session_init()
maat_feather_init();
libevent_socket_init();
+
return 0;
}
diff --git a/src/cert_session.h b/src/cert_session.h
index 6127e36..2a86128 100644
--- a/src/cert_session.h
+++ b/src/cert_session.h
@@ -12,6 +12,12 @@
#include "MESA_list_queue.h"
#include "rt_sync.h"
+struct x509_object_ctx
+{
+ X509 *root;
+ EVP_PKEY *key;
+};
+
typedef struct {
int id;
@@ -21,9 +27,7 @@ typedef struct {
rt_pthread_attr *attr;
- EVP_PKEY *key;
-
- X509 *root;
+ struct x509_object_ctx def;
struct redisAsyncContext *cl_ctx;
diff --git a/src/cert_store.c b/src/cert_store.c
index 3b525f2..9943770 100644
--- a/src/cert_store.c
+++ b/src/cert_store.c
@@ -81,13 +81,13 @@ void cert_preview ()
printf("\r\nBasic Configuration of CertStore \n");
printf("%30s:%45d\n", "The Threads", rte->thread_nu);
- printf("%30s:%45s\n", "Redis Ip", rte->r_ip);
- printf("%30s:%45d\n", "Redis Port", rte->r_port);
- printf("%30s:%45d\n", "Libevent Port", rte->e_port);
+ printf("%30s:%45s\n", "Redis Ip", rte->addr_t.r_ip);
+ printf("%30s:%45d\n", "Redis Port", rte->addr_t.r_port);
+ printf("%30s:%45d\n", "Libevent Port", rte->addr_t.e_port);
+ printf("%30s:%45s\n", "Def Cert Path", rte->def_path);
+ printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path);
printf("%30s:%45s\n", "Table Info", rte->info_path);
printf("%30s:%45s\n", "Pxy Obj Keyring", rte->pxy_path);
- printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path);
-
printf("\r\n");
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 14:07:21 +0000