diff options
| author | luwenpeng <[email protected]> | 2024-09-25 16:08:00 +0800 |
|---|---|---|
| committer | luwenpeng <[email protected]> | 2024-09-25 16:08:00 +0800 |
| commit | 3617db7201a816008d0bccc0f94a00ef6034be3e (patch) | |
| tree | 6de37886f43d7bd66cc6bc4c5272694769775582 /platform/src | |
| parent | 4ef367ac41c94536ea7c3810636a3ca90bcb74b7 (diff) | |
feature(adapt maat): PXY_PROFILE_DECRYPTION adapt uuid
Diffstat (limited to 'platform/src')
| -rw-r--r-- | platform/src/proxy.cpp | 2 | ||||
| -rw-r--r-- | platform/src/ssl_stream.cpp | 61 |
2 files changed, 35 insertions, 28 deletions
diff --git a/platform/src/proxy.cpp b/platform/src/proxy.cpp index 746ba29..bcbc47b 100644 --- a/platform/src/proxy.cpp +++ b/platform/src/proxy.cpp @@ -65,7 +65,7 @@ extern struct tcp_policy_enforcer *tcp_policy_enforcer_create(void *logger); extern struct chaining_policy_enforcer *chaining_policy_enforcer_create(void *logger); -extern struct ssl_policy_enforcer *ssl_policy_enforcer_create(void *logger); +extern struct ssl_policy_enforcer *ssl_policy_enforcer_create(); extern enum ssl_stream_action ssl_policy_enforce(struct ssl_stream *upstream, void *u_para); static int signals[] = {SIGHUP, SIGPIPE, SIGUSR1, SIGUSR2}; diff --git a/platform/src/ssl_stream.cpp b/platform/src/ssl_stream.cpp index 898c58a..282cf47 100644 --- a/platform/src/ssl_stream.cpp +++ b/platform/src/ssl_stream.cpp @@ -199,8 +199,8 @@ struct ssl_upstream_parts struct ssl_service_status svc_status; enum ssl_stream_action action; int apln_enabled; - int keyring_for_trusted; - int keyring_for_untrusted; + uuid_t keyring_for_trusted; + uuid_t keyring_for_untrusted; struct ssl_chello * client_hello; uint8_t is_server_cert_verify_passed; }; @@ -2162,12 +2162,6 @@ int ssl_stream_set_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT case SSL_STREAM_OPT_ENABLE_ALPN: upstream->up_parts.apln_enabled=opt_val; break; - case SSL_STREAM_OPT_KEYRING_FOR_TRUSTED: - upstream->up_parts.keyring_for_trusted=opt_val; - break; - case SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED: - upstream->up_parts.keyring_for_untrusted=opt_val; - break; default: assert(0); return 0; @@ -2206,52 +2200,65 @@ int ssl_stream_get_integer_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT } -uint64_t ssl_stream_get_policy_id(struct ssl_stream *upstream) +void ssl_stream_get_policy_id(struct ssl_stream *upstream, uuid_t *policy_id) { + uuid_clear(*policy_id); uint16_t out_size; - uint64_t policy_id = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream); - int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)&policy_id, sizeof(policy_id), &out_size); + int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_POLICY_ID, (unsigned char *)policy_id, sizeof(uuid_t), &out_size); assert(ret == 0); + assert(out_size == sizeof(uuid_t)); (void)ret; - - return policy_id; } -int ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream) +void ssl_stream_get_decrypted_profile_id(struct ssl_stream *upstream, uuid_t *profile_id) { + uuid_clear(*profile_id); uint16_t out_size; - int profile_id = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream); - int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)&profile_id, sizeof(profile_id), &out_size); + int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_DECRYPTION_PROFILE_ID, (unsigned char *)profile_id, sizeof(uuid_t), &out_size); assert(ret == 0); + assert(out_size == sizeof(uuid_t)); (void)ret; - - return profile_id; } -int ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream) +void ssl_stream_get_trusted_keyring_profile_id(struct ssl_stream *upstream, uuid_t *profile_id) { + uuid_clear(*profile_id); uint16_t out_size; - int keyring_id = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream); - int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size); + int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_TRUSTED_ID, (unsigned char *)profile_id, sizeof(uuid_t), &out_size); assert(ret == 0); + assert(out_size == sizeof(uuid_t)); (void)ret; - - return keyring_id; } -int ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream) +void ssl_stream_get_untrusted_keyring_profile_id(struct ssl_stream *upstream, uuid_t *profile_id) { + uuid_clear(*profile_id); uint16_t out_size; - int keyring_id = 0; struct tfe_cmsg *cmsg = tfe_stream_get0_cmsg(upstream->tcp_stream); - int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)&keyring_id, sizeof(keyring_id), &out_size); + int ret = tfe_cmsg_get_value(cmsg, TFE_CMSG_KEYRING_FOR_UNTRUSTED, (unsigned char *)profile_id, sizeof(profile_id), &out_size); assert(ret == 0); + assert(out_size == sizeof(uuid_t)); (void)ret; +} - return keyring_id; +int ssl_stream_set_uuid_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, uuid_t *uuid) +{ + switch (opt_type) + { + case SSL_STREAM_OPT_KEYRING_FOR_TRUSTED: + uuid_copy(upstream->up_parts.keyring_for_trusted, *uuid); + break; + case SSL_STREAM_OPT_KEYRING_FOR_UNTRUSTED: + uuid_copy(upstream->up_parts.keyring_for_untrusted, *uuid); + break; + default: + assert(0); + return 0; + } + return 1; } int ssl_stream_get_string_opt(struct ssl_stream *upstream, enum SSL_STREAM_OPT opt_type, char* in_buff, size_t sz) |