[Modified]

1.修改程序运行模式[--normal|--daemon]
2.添加初始化信息预览函数
3.修改生成证书接口并启动此接口
[Add]
1.在目录CA中添加证书文件

ca/ca.pem

@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUTCCAboCCQCKjZNW5UgPWDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJj
+bjENMAsGA1UECAwEdGVzdDENMAsGA1UEBwwEdGVzdDENMAsGA1UECgwEdGVzdDEN
+MAsGA1UECwwEdGVzdDENMAsGA1UEAwwEdGVzdDETMBEGCSqGSIb3DQEJARYEdGVz
+dDAeFw0xODA2MTkwOTEyMThaFw0xOTA2MTkwOTEyMThaMG0xCzAJBgNVBAYTAmNu
+MQ0wCwYDVQQIDAR0ZXN0MQ0wCwYDVQQHDAR0ZXN0MQ0wCwYDVQQKDAR0ZXN0MQ0w
+CwYDVQQLDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MRMwEQYJKoZIhvcNAQkBFgR0ZXN0
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfkR9nd7gGRDLZ1NlYlOSl/f6h
++6m8tR7V3VTRkII9HohANDitolL32yQkOn/t61QGnV1ujbhVkoFyo7DOkUujoyU4
+zzZkmtqWrQWpYjxHsckr9655tjOWs9Vl8kAC3pfns2VYSh85rLSmmyIbjgHFlHSv
+Cl7Aj0gJGOtZEGxLAwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBABrq19geIBZN80Gq
+CvkJ59sazXvgbcR6WoP01iLm4AbfBR3tXI/FxaqhARHGJIvrEkbaOji3lFZa4u3/
+wJ4E9Xy5zYIxptzhSb98QCEbV515CP6FkDrC+xXQOS4ucB2LUlbvGk6LuYJwkOr9
+INMTXelJCRG4WFpb9LhwaV5NlPtn
+-----END CERTIFICATE-----

ca/private.key

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXAIBAAKBgQDfkR9nd7gGRDLZ1NlYlOSl/f6h+6m8tR7V3VTRkII9HohANDit
+olL32yQkOn/t61QGnV1ujbhVkoFyo7DOkUujoyU4zzZkmtqWrQWpYjxHsckr9655
+tjOWs9Vl8kAC3pfns2VYSh85rLSmmyIbjgHFlHSvCl7Aj0gJGOtZEGxLAwIDAQAB
+AoGBAKqIAhJkaYSuJLOv/hHpkPdk5QQd+P0uktTDPV2VAyMn1PpUWx9nAC57g/f2
+f3q11KQvCQO5KnBrjj4pykXm4nAEPMYfZdVatXNs6ituDRoaaaRJA5u8smaqapvH
+ERop9ZVfQ79qB0JAvwi8OVR/Fz7B2W7Lmrof/ZT3LRsKrdchAkEA+kNYheSxQ9wJ
+4/wRTDnd5A89GpeU16/qzE9jhtc8+PcYc3pUog1/3un0mkl9IVmEc6NL4jMCFZMp
+v/0yLJpM2wJBAOSxHKRUiKNQX3ucEvgMeF7LxWkjxlDLXn2lF9O9kiYSims0lvV0
+aA/jKo5W+KecnsagHqm8OEKLW0W0oab3vvkCQGLz5/ehEjorsbl0fH5wTv0SzW1L
+TC3wP92i8k5popEqWn+mefpNbib8yJuMvS5Hj+iNQ77fvk47jwF7orAiHosCQEFx
+NWMJFbi2TTyQIxV8bA2kfi9iH2QLblTCI5liDCp878NR30kKMKUrOohU9v7v4Ley
+JlQoGmlge5Ps5r1i8/ECQHUtHjvS5x7SEbZs8Oc4KqKOfGKY6n01ov/OgeVoVjjt
+e0PPQcI8JZzQI8TbGyaa0484IeuScmnAetMfzSgbUJs=
+-----END RSA PRIVATE KEY-----

conf/cert_store.ini

@@ -6,9 +6,8 @@ DEBUG_SWITCH = 1
 RUN_LOG_LEVEL = 10
 RUN_LOG_PATH = ./logs/
 [CONFIG]
-thread-nu = 2
-#ca-path: /usr/local/etc
-ca-path = /home/fengweihao/openssl/test
+thread-nu = 3
+ca-path = ../ca
 [LIBEVENT]
 port = 9995
 [REDIS]

src/cert_init.c

@@ -51,11 +51,7 @@ static int load_system_config(char *config)
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "The signature certificate(%s) does not exist", rte->ca_path);
         goto finish;
     }
-
 finish:
-    printf("rte->thread_nu = %d\n", rte->thread_nu);
-    printf("ca path  (%s)\n", rte->ca_path);
-
     return xret;
 }
 
@@ -82,11 +78,6 @@ static int load_module_config(char *config)
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis Port invalid\n");
         goto finish;
     }
-
-    printf("libevent port (%d)\n", rte->e_port);
-    printf("redis ip   (%s)\n", rte->r_ip);
-    printf("redis port (%d)\n", rte->r_port);
-
 finish:
     return xret;
 }

src/cert_init.h

@@ -47,6 +47,7 @@ struct cert_trapper_t{
 
     EVP_PKEY *key;
 	X509 *root;
+
     char *cert;
 
     struct request_t *req;

src/cert_session.c

@@ -41,11 +41,9 @@
 
 #define	SG_DATA_SIZE    2048
 
-//#define DEFAULT_PRIVATEKEY_NAME  "private.key"
-//#define DEFAULT_CA_CERTIFICATE   "ca.cer"
-
-#define DEFAULT_PRIVATEKEY_NAME  "file.key"
-#define DEFAULT_CA_CERTIFICATE   "file.cer"
+#define DEFAULT_PRIVATEKEY_NAME  "private.key"
+#define DEFAULT_CA_CERTIFICATE   "ca.cer"
+#define DEFAULT_PEM_CERTIFICATE  "ca.pem"
 
 void connectCallback(const struct redisAsyncContext *c, int status) {
     if (status != REDIS_OK) {
@@ -375,38 +373,30 @@ errout:
 	return NULL;
 }
 
-X509 *X509_load_cert_by_file(char *cert)
+X509 *X509_load_cert_by_file( )
 {
 	BIO *bp = NULL;
-	char *data = NULL;
-    X509* sk = NULL;
+    X509* x = NULL;
+    char cert_path[128] = {0};
 
-	int len = strlen(cert);
+    struct config_bucket_t *rte = cert_default_config();
 
-    data = (char *)malloc(len + 1);
-    if (data == NULL){
+    snprintf(cert_path, sizeof(cert_path), "%s/%s", rte->ca_path, DEFAULT_PEM_CERTIFICATE);
+     /* Read in CA certificate */
+    bp = BIO_new_file(cert_path, "r");
+    if (!bp){
         goto finish;
     }
-	strncpy(data, cert, len + 1);
-
-    if ( (bp=BIO_new(BIO_s_mem())) == NULL){
-        mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "unable to create BIO for output\n");
-        free(data);
-        goto finish;
-	}
-	BIO_printf(bp, "%s", data);
-
 	/* This loads from a file, a stack of x509/crl/pkey sets */
-	sk = PEM_read_bio_X509(bp, NULL, NULL, NULL);
-    if (sk == NULL) {
+	x = PEM_read_bio_X509(bp, NULL, NULL, NULL);
+    if (x == NULL) {
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "error reading the file");
 		goto err;
 	}
 err:
     BIO_free(bp);
-	free(data);
 finish:
-	return sk;
+	return x;
 }
 
 char *openssl_x509_to_str(X509 *crt)
@@ -509,30 +499,26 @@ void redis_async_get_callback(redisAsyncContext *c, void *r, void *privdata)
 
     /* Obtain certificate judgment from redis **/
     if(reply->type == REDIS_REPLY_STRING){
-        mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The Key already exists and sends the certificate information to the requestor");
+        mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Sends the certificate information to the requestor");
         if (reply->str != NULL){
             certCtx->cert = reply->str;
         }
 	}
     if(reply->type == REDIS_REPLY_NIL){
         /* Certificate information modification  and Strategy to judge**/
-        mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Key does not exist, generating certificate information");
-#if 1
-        char *cert = malloc(17);
-        memcpy(cert, "Test Ca to Send\n", 17);
-        certCtx->cert = cert;
-#else
-        X509* ca = X509_load_cert_by_file(certCtx->cert);
+        mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Generating certificate information");
+
+        X509* ca = X509_load_cert_by_file();
         if (!ca){
             mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to load certificate");
             goto finish;
         }
         X509* now_ca = openssl_x509_modify_by_cert(certCtx->root, certCtx->key, ca,
-                                                   X509_get_pubkey(certCtx->root), NULL, NULL);
+                                                   X509_get_pubkey(certCtx->root), NULL, certCtx->req->host);
         if (now_ca){
             certCtx->cert = openssl_x509_to_str(now_ca);
         }
-#endif
+
         xret = redisAsyncCommand(c, redis_async_set_callback, certCtx->req->host, "SET %s %s", certCtx->req->host, certCtx->cert);
         if (xret < 0){
             mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to set information to redis server");
@@ -556,12 +542,10 @@ int x509_privatekey_init(struct cert_trapper_t *certCtx)
     snprintf(cert_path, sizeof(cert_path), "%s/%s", rte->ca_path, DEFAULT_CA_CERTIFICATE);
 
 	certCtx->key = EVP_PKEY_new();
-    printf("rte key = %p\n", certCtx->key);
     if (NULL == certCtx->key){
         goto finish;
     }
     rsa = RSA_new();
-    printf("rsa = %p\n", rsa);
     if (NULL == rsa){
         goto pkey_free;
     }
@@ -570,13 +554,11 @@ int x509_privatekey_init(struct cert_trapper_t *certCtx)
     fp = fopen(key_path, "r");
     if (NULL == fp){
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to open file(%s)", key_path);
-        goto finish;
+        goto rsa_free;
     }
-    printf("fp = %p, certCtx->key = %p, rsa = %p\n", fp, certCtx->key, rsa);
-
     if ( !PEM_read_RSAPrivateKey(fp, &rsa, NULL, NULL) || !EVP_PKEY_assign_RSA(certCtx->key,rsa))
 	{
-        printf("error\n");
+        mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Private key read failed");
         goto rsa_free;
 	}
     fclose(fp);
@@ -594,12 +576,14 @@ int x509_privatekey_init(struct cert_trapper_t *certCtx)
     if ( d2i_X509(&certCtx->root, (const unsigned char**)&p, len) == NULL )
     {
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Application for x509 failed");
-		goto finish;
+		goto rsa_free;
 	}
     xret = 0;
+    goto finish;
 
 rsa_free:
-    RSA_free(rsa);
+    if (rsa)
+        RSA_free(rsa);
 pkey_free:
     EVP_PKEY_free(certCtx->key);
 
@@ -765,18 +749,15 @@ cert_trapper_task_int(struct event_base *base, int id)
     if (xret < 0){
         __engine_fini_contex(certCtx);
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the redis connection is failure\n");
-        //goto finish;
+        goto finish;
     }
-#if 0
     /* Initialize the X509 CA*/
     xret = x509_privatekey_init(certCtx);
     if (xret < 0){
         __engine_fini_contex(certCtx);
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the x509 certificate");
-        //goto finish;
+        goto finish;
     }
-#endif
-
 finish:
     return certCtx;
 }
@@ -851,8 +832,9 @@ evhttp_listen_socket_byuser(const struct sockaddr *sa, int socklen,
 	}
 
 	if (flags & LEV_OPT_REUSEABLE_PORT) {
-		if (evutil_make_listen_socket_reuseable_port(fd) < 0)
+		if (evutil_make_listen_socket_reuseable_port(fd) < 0){
 			goto err;
+        }
 	}
 
 	if (sa) {

src/cert_store.c

@@ -20,6 +20,8 @@
 /* GIT Release */
 #define CERT_GIT_RELEASE "1.1.0"
 
+#define MODE_TYPE(x) run_mode & x
+
 /* Configure Path */
 #if 0
 #define CERT_BASIC_CFG "/usr/local/etc/cert_store.yaml"
@@ -35,16 +37,15 @@ enum syslog_display_format{
     FORMAT_SYSLOG
 };
 
+static int run_mode;
+
 static void help()
 {
-  printf("Welcome to cert server %s\n", cert_revision());
-  printf("cert_server <--debug|--release|--daemon>\n"
+  printf("Welcome to CertStor %s\n", cert_revision());
+  printf("cert_store <--normal|--daemon>\n"
          "Usage:\n"
-         "  --debug      | Run the program in debug mode and display\n"
-         "               | the print message on the interface\n"
-         "  --release    | Run the program in release mode, the interface\n"
-         "               | will not display print message\n"
-         "  --daemon     | Run in daemon mode\n");
+         "  --normal     | Run the program in normal mode\n"
+         "  --daemon     | Run the program in daemon mode\n");
 }
 
 static void
@@ -59,41 +60,50 @@ cert_argv_parser(int argc, char **argv)
 
     for (i = 0; argv[i] != NULL; i++){
 		/** run version parser */
-        if (!STRCMP (argv[i], "--release")){
-            run_mode = 0x00;
+        if (!STRCMP (argv[i], "--normal")){
             goto finish;
         }
-
-		/** decoder configuration parser */
-        if (!STRCMP(argv[i], "--debug")){
-            run_mode = 0x10;
-            goto finish;
-        }
-
         /** daemonize */
         if (!STRCMP(argv[i], "--daemon")){
             run_mode = 0x20;
             goto finish;
         }
     }
-
 finish:
 	return;
 }
 
+static
+void cert_preview ()
+{
+    struct config_bucket_t *rte = cert_default_config();
+
+    printf("\r\nBasic Configuration of CertStore \n");
+    printf("%30s:%45d\n", "The Threads", rte->thread_nu);
+    printf("%30s:%45s\n", "Redis Ip", rte->r_ip);
+    printf("%30s:%45d\n", "Redis Port", rte->r_port);
+    printf("%30s:%45d\n", "Libevent Port", rte->e_port);
+    printf("%30s:%45s\n", "Ca Directory", rte->ca_path);
+    printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path);
+
+    printf("\r\n");
+}
+
 int main(int argc, char **argv)
 {
     cert_argv_parser(argc, argv);
 
     cert_syslog_init(CERT_BASIC_CFG);
 
+    mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Cert server init success\n");
+
+    cert_init_config(CERT_BASIC_CFG);
+
     if (MODE_TYPE(0x20)){
         daemonize();
     }
 
-    mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Cert server init success\n");
-
-    cert_init_config(CERT_BASIC_CFG);
+    cert_preview();
 
     cert_session_init();
 

src/components/syslogd/logging.c

@@ -23,25 +23,23 @@
 
 void mesa_logging_print(int log_level, char *module, char *msg)
 {
-
     MESA_handle_runtime_log(logging_sc_lid.run_log_handle, log_level, module, msg);
-
     return;
 }
 
 int mesa_logging_mkfile(char *file, size_t size)
 {
-    char tm[64] = {0};
-    char pname[64]= {0};
+    char tm[24] = {0};
+    char pname[32]= {0};
 
     assert(file);
 
     if (size < 32)
         return -1;
 
-    rt_curr_tms2str(EVAL_TM_STYLE, tm, 63);
+    rt_curr_tms2str(EVAL_TM_STYLE, tm, 23);
     rt_get_pname_by_pid(getpid(), &pname[0]);
-    snprintf(file, 255, "%s-%s-%d-%d-%s.log", pname, getpwuid(getuid())->pw_name, getpwuid(getuid())->pw_uid, getpwuid(getuid())->pw_gid, tm);
+    snprintf(file, 63, "%s-%s-%d-%d-%s.log", pname, getpwuid(getuid())->pw_name, getpwuid(getuid())->pw_uid, getpwuid(getuid())->pw_gid, tm);
 
     return 0;
 }
@@ -55,8 +53,8 @@ void cert_syslog_init(char *config)
     MESA_load_profile_string_def(config, (const char *)"SYSTEM",(const char *)"RUN_LOG_PATH",
                                  logging_sc_lid.run_log_path, 128, NULL);
 
-    char file[32] = {0};
-    mesa_logging_mkfile(file, 32);
+    char file[64] = {0};
+    mesa_logging_mkfile(file, 63);
     STRCAT(logging_sc_lid.run_log_path, file);
 
     logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle(logging_sc_lid.run_log_path, logging_sc_lid.run_log_level);

src/rt/rt_common.h

@@ -21,9 +21,6 @@
 #define unlikely(expr) __builtin_expect(!!(expr), 0)
 #endif
 
-int run_mode;
-#define MODE_TYPE(x) run_mode & x
-
 #define	__rt_always_inline__	__attribute__((always_inline)) inline
 
 #endif