summaryrefslogtreecommitdiff
path: root/platform/src/ssl_fetch_cert.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'platform/src/ssl_fetch_cert.cpp')
-rw-r--r--platform/src/ssl_fetch_cert.cpp65
1 files changed, 28 insertions, 37 deletions
diff --git a/platform/src/ssl_fetch_cert.cpp b/platform/src/ssl_fetch_cert.cpp
index 98601ee..fe7d22c 100644
--- a/platform/src/ssl_fetch_cert.cpp
+++ b/platform/src/ssl_fetch_cert.cpp
@@ -7,6 +7,7 @@
#include <ssl_utils.h>
#include <tfe_kafka_logger.h>
+#include <tfe_resource.h>
#include <MESA/MESA_prof_load.h>
typedef struct x509_object_st
@@ -35,55 +36,45 @@ static char cert_type_desc[MAX_TYPE][64] = {
{"Root certificate"},
};
-static tfe_kafka_logger_t *g_kafka_logger = NULL;
-
-void ssl_mid_cert_kafka_logger_destory(void)
+struct ssl_mid_cert_ctx
{
- tfe_kafka_logger_destroy(g_kafka_logger);
-}
+ int enable;
+ tfe_kafka_logger_t *g_kafka_logger;
+};
+struct ssl_mid_cert_ctx mid_cert_ctx;
int ssl_mid_cert_kafka_logger_create(const char *profile, const char *section)
{
- int enable = 0, vsystem_id = 0;
- char nic_name[TFE_SYMBOL_MAX] = {0};
- char broker_list[TFE_SYMBOL_MAX] = {0};
char topic_name[TFE_SYMBOL_MAX] = {0};
- char sasl_username[TFE_STRING_MAX] = {0};
- char sasl_passwd[TFE_STRING_MAX] = {0};
-
- MESA_load_profile_int_def(profile, section, "mc_cache_enable", &enable, 0);
- MESA_load_profile_int_def(profile, section, "mc_vsystem_id", &vsystem_id, 1);
- MESA_load_profile_string_def(profile, section, "mc_cache_eth", nic_name, sizeof(nic_name), "eth0");
- MESA_load_profile_string_def(profile, section, "mc_cache_topic", topic_name, sizeof(topic_name), "PXY-EXCH-INTERMEDIA-CERT");
- MESA_load_profile_string_def(profile, section, "SASL_USERNAME", sasl_username, sizeof(sasl_username), "");
- MESA_load_profile_string_def(profile, section, "SASL_PASSWD", sasl_passwd, sizeof(sasl_passwd), "");
-
- if (!enable)
- goto skip;
- if (MESA_load_profile_string_def(profile, section, "mc_cache_broker_list", broker_list, sizeof(broker_list), NULL) < 0)
- {
- TFE_LOG_ERROR(g_default_logger, "Fail to get mc_cache_broker_list in profile %s section %s.", profile, section);
- return -1;
- }
-skip:
- g_kafka_logger = tfe_kafka_logger_create(enable, nic_name, broker_list, topic_name, sasl_username, sasl_passwd, g_default_logger);
- if (g_kafka_logger)
+
+ MESA_load_profile_int_def(profile, section, "mc_cache_enable", &mid_cert_ctx.enable, 0);
+ MESA_load_profile_string_def(profile, "tfe", "mc_cache_topic", topic_name, sizeof(topic_name), "PXY-EXCH-INTERMEDIA-CERT");
+
+ if(mid_cert_ctx.enable == 0)
{
- g_kafka_logger->t_vsys_id=vsystem_id;
return 0;
}
- else
+
+ mid_cert_ctx.g_kafka_logger = (tfe_kafka_logger_t *)tfe_bussiness_resouce_get(KAFKA_LOGGER);
+ if(!mid_cert_ctx.g_kafka_logger)
{
return -1;
}
+ int ret = tfe_kafka_logger_topic_new(mid_cert_ctx.g_kafka_logger, topic_name, TOPIC_MC_CACHE, g_default_logger);
+ if(ret < 0)
+ {
+ return -1;
+ }
+ return 0;
}
static void ssl_mid_cert_kafka_logger_send(const char *sni, const char *fingerprint, const char *cert)
{
- if (g_kafka_logger->enable == 0)
+ if (mid_cert_ctx.g_kafka_logger->enable == 0)
{
return;
}
+
cJSON *obj = NULL;
cJSON *dup = NULL;
char *msg = NULL;
@@ -91,13 +82,13 @@ static void ssl_mid_cert_kafka_logger_send(const char *sni, const char *fingerpr
obj = cJSON_CreateObject();
cJSON_AddStringToObject(obj, "sni", sni);
cJSON_AddStringToObject(obj, "fingerprint", fingerprint);
- cJSON_AddNumberToObject(obj, "vsys_id", g_kafka_logger->t_vsys_id);
+ cJSON_AddNumberToObject(obj, "vsys_id", mid_cert_ctx.g_kafka_logger->t_vsys_id);
cJSON_AddStringToObject(obj, "cert", cert);
- cJSON_AddStringToObject(obj, "tfe_ip", g_kafka_logger->local_ip_str);
+ cJSON_AddStringToObject(obj, "tfe_ip", mid_cert_ctx.g_kafka_logger->local_ip_str);
dup = cJSON_Duplicate(obj, 1);
msg = cJSON_PrintUnformatted(dup);
- TFE_LOG_DEBUG(g_default_logger, "log to [%s] msg:%s", g_kafka_logger->topic_name[TOPIC_LOGGER], msg);
- tfe_kafka_logger_send(g_kafka_logger, TOPIC_LOGGER, msg, strlen(msg));
+ TFE_LOG_DEBUG(g_default_logger, "log to [%s] msg:%s", mid_cert_ctx.g_kafka_logger->topic_name[TOPIC_MC_CACHE], msg);
+ tfe_kafka_logger_send(mid_cert_ctx.g_kafka_logger, TOPIC_MC_CACHE, msg, strlen(msg));
free(msg);
cJSON_Delete(dup);
@@ -145,7 +136,7 @@ void ssl_fetch_trusted_cert_from_chain(STACK_OF(X509) * cert_chain, X509_STORE *
char *fingerprint = NULL;
X509 *cert = NULL;
X509_OBJECT *obj = NULL;
- if (!g_kafka_logger || !g_kafka_logger->enable)
+ if (!mid_cert_ctx.g_kafka_logger || !mid_cert_ctx.enable)
{
return;
}
@@ -206,7 +197,7 @@ void ssl_fetch_trusted_cert_from_chain(STACK_OF(X509) * cert_chain, X509_STORE *
end:
TFE_LOG_DEBUG(g_default_logger, "[dep:%d/%d] is %s, in_trusted_store:%d, sin:%s; subject:(%s); issuer:(%s); fingerprint:%s; cert:%s",
i, deep, cert_type_desc[type], in_store, (hostname ? hostname : "NULL"), (subj ? subj : "NULL"), (issuer ? issuer : "NULL"), (fingerprint ? fingerprint : "NULL"),
- ((pem && g_kafka_logger->enable == 0x10) ? pem : " ..."));
+ ((pem && mid_cert_ctx.g_kafka_logger->enable == 0x10) ? pem : " ..."));
if (pem)
{
free(pem);
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-30 17:09:54 +0000