在ssl policy中处理keyring。

1 files changed, 58 insertions, 17 deletions

diff --git a/platform/src/ssl_service_cache.cpp b/platform/src/ssl_service_cache.cpp
index 633361b..f2546a8 100644
--- a/platform/src/ssl_service_cache.cpp
+++ b/platform/src/ssl_service_cache.cpp
@@ -6,31 +6,64 @@
 
 #define	FAIL_AS_PINNING_COUNT	4
 #define	FAIL_AS_PINNING_TIME	30
-struct ssl_service_client_st
+struct ssl_svc_client_st
 {
 	time_t last_update_time;
 	unsigned int fail_count;
 	char is_mutual_auth;
+	struct ssl_service_cache* ref_svc_cache;
 };
-struct ssl_service_server_st
+struct ssl_svc_server_st
 {
 	char is_ev;
 	char is_ct;
 	long long ev_st_switched;
 	long long ct_st_switched;
+	struct ssl_service_cache* ref_svc_cache;
 };
 struct ssl_service_cache
 {
 	MESA_htable_handle cli_st_hash;
 	MESA_htable_handle srv_st_hash;
-	long long pinning_cli_cnt, mutual_auth_cli_cnt, ev_srv_cnt, ct_srv_cnt;
+	struct ssl_service_cache_statistics stat;
 };
 struct ssl_service_write_args
 {
 	struct ssl_service_cache* cache;
 	const struct ssl_service_status* status;
 };
-static size_t ssl_service_client_st_mk_key(const struct ssl_chello* chello, char* key_buff, size_t sz)
+static void ssl_svc_free_client_st(void * data)
+{
+	struct ssl_svc_client_st* p = (struct ssl_svc_client_st *) data;
+	struct ssl_service_cache* svc_cache=p->ref_svc_cache;
+	if(p->is_mutual_auth)
+	{
+		svc_cache->stat.mutual_auth_cli_cnt--;
+	}
+	if(p->fail_count>=FAIL_AS_PINNING_COUNT)
+	{
+		svc_cache->stat.pinning_cli_cnt--;
+	}
+	free(p);
+	return;
+}
+static void ssl_svc_free_server_st(void * data)
+{
+	struct ssl_svc_server_st* p = (struct ssl_svc_server_st *) data;
+	struct ssl_service_cache* svc_cache=p->ref_svc_cache;
+	if(p->is_ct)
+	{
+		svc_cache->stat.ct_srv_cnt--;
+	}
+	if(p->is_ev)
+	{
+		svc_cache->stat.ev_srv_cnt--;
+	}
+	free(p);
+	return;
+}
+
+static size_t ssl_svc_client_st_mk_key(const struct ssl_chello* chello, char* key_buff, size_t sz)
 {
 	size_t key_sz=0;
 	key_sz=snprintf(key_buff, sz, "%d.%d-%d.%d:%s:%s:%s:%s", chello->min_version.major, chello->min_version.minor,
@@ -40,7 +73,7 @@ static size_t ssl_service_client_st_mk_key(const struct ssl_chello* chello, char
 }
 static long cli_st_read_cb(void * data, const uchar * key, uint size, void * user_arg)
 {
-	struct ssl_service_client_st* cli_st=(struct ssl_service_client_st*)data;
+	struct ssl_svc_client_st* cli_st=(struct ssl_svc_client_st*)data;
 	struct ssl_service_status* result=(struct ssl_service_status*)user_arg;
 	
 	if (cli_st == NULL)
@@ -64,7 +97,7 @@ static long cli_st_read_cb(void * data, const uchar * key, uint size, void * use
 }
 static long cli_st_write_cb(void * data, const uchar * key, uint size, void * user_arg)
 {
-	struct ssl_service_client_st* cli_st=(struct ssl_service_client_st*)data;
+	struct ssl_svc_client_st* cli_st=(struct ssl_svc_client_st*)data;
 	struct ssl_service_write_args* args=(struct ssl_service_write_args*)user_arg;
 	const struct ssl_service_status* status=args->status;
 	struct ssl_service_cache* cache=args->cache;
@@ -72,7 +105,8 @@ static long cli_st_write_cb(void * data, const uchar * key, uint size, void * us
 	time_t now=time(NULL);
 	if(cli_st==NULL)
 	{
-		cli_st=ALLOC(struct ssl_service_client_st, 1);
+		cli_st=ALLOC(struct ssl_svc_client_st, 1);
+		cli_st->ref_svc_cache=cache;
 		ret = MESA_htable_add(cache->cli_st_hash, key, size, cli_st);
 		assert(ret >= 0);
 	}
@@ -93,7 +127,7 @@ static long cli_st_write_cb(void * data, const uchar * key, uint size, void * us
 		cli_st->last_update_time=now;
 		if(cli_st->fail_count==FAIL_AS_PINNING_COUNT)
 		{
-			cache->pinning_cli_cnt++;
+			cache->stat.pinning_cli_cnt++;
 		}
 	}
 	else if(status->pinning_status==PINNING_ST_PINNING)
@@ -104,7 +138,7 @@ static long cli_st_write_cb(void * data, const uchar * key, uint size, void * us
 
 	if(status->is_mutual_auth==1&&cli_st->is_mutual_auth==0)
 	{
-		cache->mutual_auth_cli_cnt++;	
+		cache->stat.mutual_auth_cli_cnt++;	
 		cli_st->is_mutual_auth=1;
 	}
 	return 1;
@@ -112,7 +146,7 @@ static long cli_st_write_cb(void * data, const uchar * key, uint size, void * us
 
 static long srv_st_read_cb(void * data, const uchar * key, uint size, void * user_arg)
 {
-	struct ssl_service_server_st* srv_st=(struct ssl_service_server_st*)data;
+	struct ssl_svc_server_st* srv_st=(struct ssl_svc_server_st*)data;
 	struct ssl_service_status* result=(struct ssl_service_status*)user_arg;
 	if (srv_st == NULL)
 	{
@@ -124,21 +158,22 @@ static long srv_st_read_cb(void * data, const uchar * key, uint size, void * use
 }
 static long srv_st_write_cb(void * data, const uchar * key, uint size, void * user_arg)
 {
-	struct ssl_service_server_st* srv_st=(struct ssl_service_server_st*)data;
+	struct ssl_svc_server_st* srv_st=(struct ssl_svc_server_st*)data;
 	struct ssl_service_write_args* args=(struct ssl_service_write_args*)user_arg;
 	const struct ssl_service_status* status=args->status;
 	struct ssl_service_cache* cache=args->cache;
 	UNUSED int ret = 0;
 	if(srv_st==NULL)
 	{
-		srv_st=ALLOC(struct ssl_service_server_st, 1);
+		srv_st=ALLOC(struct ssl_svc_server_st, 1);
+		srv_st->ref_svc_cache=cache;
 		ret = MESA_htable_add(cache->srv_st_hash, key, size, srv_st);
 		assert(ret >= 0);
 	}
 	if(status->is_ev==1&&srv_st->is_ev==0)
 	{
 		srv_st->is_ev=1;
-		cache->ev_srv_cnt++;
+		cache->stat.ev_srv_cnt++;
 	}
 	if(status->is_ev!=srv_st->is_ev)
 	{
@@ -147,7 +182,7 @@ static long srv_st_write_cb(void * data, const uchar * key, uint size, void * us
 	if(status->is_ct==1&&srv_st->is_ct==0)
 	{
 		srv_st->is_ct=1;
-		cache->ct_srv_cnt++;
+		cache->stat.ct_srv_cnt++;
 	}
 	if(status->is_ct!=srv_st->is_ct)
 	{
@@ -166,7 +201,7 @@ int ssl_service_cache_read(struct ssl_service_cache* svc_cache, const struct ssl
 	{
 		return 0;
 	}
-	cli_st_key_sz=ssl_service_client_st_mk_key(chello, cli_st_key, sizeof(cli_st_key));
+	cli_st_key_sz=ssl_svc_client_st_mk_key(chello, cli_st_key, sizeof(cli_st_key));
 	MESA_htable_search_cb(svc_cache->cli_st_hash, (unsigned char*) cli_st_key, (unsigned int) cli_st_key_sz, cli_st_read_cb, result, &cli_st_cb_ret);	
 	MESA_htable_search_cb(svc_cache->srv_st_hash, (unsigned char*) chello->sni, (unsigned int) strlen(chello->sni), srv_st_read_cb, result, &svr_st_cb_ret);
 	if(cli_st_cb_ret||svr_st_cb_ret)
@@ -191,7 +226,7 @@ void ssl_service_cache_write(struct ssl_service_cache* svc_cache, const struct s
 	struct ssl_service_write_args write_args={svc_cache, status};
 	if(status->is_mutual_auth||status->pinning_status!=PINNING_ST_NOT_PINNING)
 	{
-		cli_st_key_sz=ssl_service_client_st_mk_key(chello, cli_st_key, sizeof(cli_st_key));
+		cli_st_key_sz=ssl_svc_client_st_mk_key(chello, cli_st_key, sizeof(cli_st_key));
 		MESA_htable_search_cb(svc_cache->cli_st_hash, (unsigned char*)cli_st_key, (unsigned int) cli_st_key_sz, cli_st_write_cb, &write_args, &cli_st_cb_ret);	
 	}
 	if(status->is_ct||status->is_ev)
@@ -206,6 +241,7 @@ struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsig
 	UNUSED int ret = 0;
 	MESA_htable_handle htable=NULL, saved[2];
 	int i=0, opt_val=0;
+	void (*free_func[])(void *)={ssl_svc_free_client_st, ssl_svc_free_server_st};
 	for(i=0; i<2; i++)
 	{
 		htable = MESA_htable_born();
@@ -223,7 +259,7 @@ struct ssl_service_cache* ssl_service_cache_create(unsigned int slot_size, unsig
 		ret = MESA_htable_set_opt(htable, MHO_ELIMIMINATE_TYPE,
 			&opt_val, sizeof(int));
 		ret = MESA_htable_set_opt(htable, MHO_CBFUN_DATA_FREE,
-			(void *)free, sizeof(&free));
+			(void*)free_func[i], sizeof(free_func[i]));
 		
 		ret = MESA_htable_mature(htable);
 		assert(ret == 0);
@@ -243,5 +279,10 @@ void ssl_service_cache_destroy(struct ssl_service_cache* cache)
 	free(cache);
 	return;
 }
+void ssl_service_cache_stat(struct ssl_service_cache* svc_cache, struct ssl_service_cache_statistics* result)
+{
+	*result=svc_cache->stat;
+	return;
+}