diff --git a/ca/ca.cer b/ca/ca.cer new file mode 100644 index 0000000..3696a19 Binary files /dev/null and b/ca/ca.cer differ diff --git a/ca/ca.pem b/ca/ca.pem new file mode 100644 index 0000000..a9858bc --- /dev/null +++ b/ca/ca.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUTCCAboCCQCKjZNW5UgPWDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQGEwJj +bjENMAsGA1UECAwEdGVzdDENMAsGA1UEBwwEdGVzdDENMAsGA1UECgwEdGVzdDEN +MAsGA1UECwwEdGVzdDENMAsGA1UEAwwEdGVzdDETMBEGCSqGSIb3DQEJARYEdGVz +dDAeFw0xODA2MTkwOTEyMThaFw0xOTA2MTkwOTEyMThaMG0xCzAJBgNVBAYTAmNu +MQ0wCwYDVQQIDAR0ZXN0MQ0wCwYDVQQHDAR0ZXN0MQ0wCwYDVQQKDAR0ZXN0MQ0w +CwYDVQQLDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MRMwEQYJKoZIhvcNAQkBFgR0ZXN0 +MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDfkR9nd7gGRDLZ1NlYlOSl/f6h ++6m8tR7V3VTRkII9HohANDitolL32yQkOn/t61QGnV1ujbhVkoFyo7DOkUujoyU4 +zzZkmtqWrQWpYjxHsckr9655tjOWs9Vl8kAC3pfns2VYSh85rLSmmyIbjgHFlHSv +Cl7Aj0gJGOtZEGxLAwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBABrq19geIBZN80Gq +CvkJ59sazXvgbcR6WoP01iLm4AbfBR3tXI/FxaqhARHGJIvrEkbaOji3lFZa4u3/ +wJ4E9Xy5zYIxptzhSb98QCEbV515CP6FkDrC+xXQOS4ucB2LUlbvGk6LuYJwkOr9 +INMTXelJCRG4WFpb9LhwaV5NlPtn +-----END CERTIFICATE----- diff --git a/ca/private.key b/ca/private.key new file mode 100644 index 0000000..6811ca0 --- /dev/null +++ b/ca/private.key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXAIBAAKBgQDfkR9nd7gGRDLZ1NlYlOSl/f6h+6m8tR7V3VTRkII9HohANDit +olL32yQkOn/t61QGnV1ujbhVkoFyo7DOkUujoyU4zzZkmtqWrQWpYjxHsckr9655 +tjOWs9Vl8kAC3pfns2VYSh85rLSmmyIbjgHFlHSvCl7Aj0gJGOtZEGxLAwIDAQAB +AoGBAKqIAhJkaYSuJLOv/hHpkPdk5QQd+P0uktTDPV2VAyMn1PpUWx9nAC57g/f2 +f3q11KQvCQO5KnBrjj4pykXm4nAEPMYfZdVatXNs6ituDRoaaaRJA5u8smaqapvH +ERop9ZVfQ79qB0JAvwi8OVR/Fz7B2W7Lmrof/ZT3LRsKrdchAkEA+kNYheSxQ9wJ +4/wRTDnd5A89GpeU16/qzE9jhtc8+PcYc3pUog1/3un0mkl9IVmEc6NL4jMCFZMp +v/0yLJpM2wJBAOSxHKRUiKNQX3ucEvgMeF7LxWkjxlDLXn2lF9O9kiYSims0lvV0 +aA/jKo5W+KecnsagHqm8OEKLW0W0oab3vvkCQGLz5/ehEjorsbl0fH5wTv0SzW1L +TC3wP92i8k5popEqWn+mefpNbib8yJuMvS5Hj+iNQ77fvk47jwF7orAiHosCQEFx +NWMJFbi2TTyQIxV8bA2kfi9iH2QLblTCI5liDCp878NR30kKMKUrOohU9v7v4Ley +JlQoGmlge5Ps5r1i8/ECQHUtHjvS5x7SEbZs8Oc4KqKOfGKY6n01ov/OgeVoVjjt +e0PPQcI8JZzQI8TbGyaa0484IeuScmnAetMfzSgbUJs= +-----END RSA PRIVATE KEY----- diff --git a/conf/cert_store.ini b/conf/cert_store.ini index 33ae179..4d1577a 100644 --- a/conf/cert_store.ini +++ b/conf/cert_store.ini @@ -6,9 +6,8 @@ DEBUG_SWITCH = 1 RUN_LOG_LEVEL = 10 RUN_LOG_PATH = ./logs/ [CONFIG] -thread-nu = 2 -#ca-path: /usr/local/etc -ca-path = /home/fengweihao/openssl/test +thread-nu = 3 +ca-path = ../ca [LIBEVENT] port = 9995 [REDIS] diff --git a/release/ReadMe b/release/ReadMe new file mode 100644 index 0000000..e69de29 diff --git a/src/cert_init.c b/src/cert_init.c index 8727f0a..fc2ba58 100644 --- a/src/cert_init.c +++ b/src/cert_init.c @@ -51,11 +51,7 @@ static int load_system_config(char *config) mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "The signature certificate(%s) does not exist", rte->ca_path); goto finish; } - finish: - printf("rte->thread_nu = %d\n", rte->thread_nu); - printf("ca path (%s)\n", rte->ca_path); - return xret; } @@ -82,11 +78,6 @@ static int load_module_config(char *config) mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis Port invalid\n"); goto finish; } - - printf("libevent port (%d)\n", rte->e_port); - printf("redis ip (%s)\n", rte->r_ip); - printf("redis port (%d)\n", rte->r_port); - finish: return xret; } diff --git a/src/cert_init.h b/src/cert_init.h index 1c9fd04..8342b7a 100644 --- a/src/cert_init.h +++ b/src/cert_init.h @@ -47,6 +47,7 @@ struct cert_trapper_t{ EVP_PKEY *key; X509 *root; + char *cert; struct request_t *req; diff --git a/src/cert_session.c b/src/cert_session.c index 5ecce16..9c2f936 100644 --- a/src/cert_session.c +++ b/src/cert_session.c @@ -41,11 +41,9 @@ #define SG_DATA_SIZE 2048 -//#define DEFAULT_PRIVATEKEY_NAME "private.key" -//#define DEFAULT_CA_CERTIFICATE "ca.cer" - -#define DEFAULT_PRIVATEKEY_NAME "file.key" -#define DEFAULT_CA_CERTIFICATE "file.cer" +#define DEFAULT_PRIVATEKEY_NAME "private.key" +#define DEFAULT_CA_CERTIFICATE "ca.cer" +#define DEFAULT_PEM_CERTIFICATE "ca.pem" void connectCallback(const struct redisAsyncContext *c, int status) { if (status != REDIS_OK) { @@ -375,38 +373,30 @@ errout: return NULL; } -X509 *X509_load_cert_by_file(char *cert) +X509 *X509_load_cert_by_file( ) { BIO *bp = NULL; - char *data = NULL; - X509* sk = NULL; + X509* x = NULL; + char cert_path[128] = {0}; - int len = strlen(cert); + struct config_bucket_t *rte = cert_default_config(); - data = (char *)malloc(len + 1); - if (data == NULL){ + snprintf(cert_path, sizeof(cert_path), "%s/%s", rte->ca_path, DEFAULT_PEM_CERTIFICATE); + /* Read in CA certificate */ + bp = BIO_new_file(cert_path, "r"); + if (!bp){ goto finish; } - strncpy(data, cert, len + 1); - - if ( (bp=BIO_new(BIO_s_mem())) == NULL){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "unable to create BIO for output\n"); - free(data); - goto finish; - } - BIO_printf(bp, "%s", data); - /* This loads from a file, a stack of x509/crl/pkey sets */ - sk = PEM_read_bio_X509(bp, NULL, NULL, NULL); - if (sk == NULL) { + x = PEM_read_bio_X509(bp, NULL, NULL, NULL); + if (x == NULL) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "error reading the file"); goto err; } err: BIO_free(bp); - free(data); finish: - return sk; + return x; } char *openssl_x509_to_str(X509 *crt) @@ -509,30 +499,26 @@ void redis_async_get_callback(redisAsyncContext *c, void *r, void *privdata) /* Obtain certificate judgment from redis **/ if(reply->type == REDIS_REPLY_STRING){ - mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The Key already exists and sends the certificate information to the requestor"); + mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Sends the certificate information to the requestor"); if (reply->str != NULL){ certCtx->cert = reply->str; } } if(reply->type == REDIS_REPLY_NIL){ /* Certificate information modification and Strategy to judge**/ - mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Key does not exist, generating certificate information"); -#if 1 - char *cert = malloc(17); - memcpy(cert, "Test Ca to Send\n", 17); - certCtx->cert = cert; -#else - X509* ca = X509_load_cert_by_file(certCtx->cert); + mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Generating certificate information"); + + X509* ca = X509_load_cert_by_file(); if (!ca){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to load certificate"); goto finish; } X509* now_ca = openssl_x509_modify_by_cert(certCtx->root, certCtx->key, ca, - X509_get_pubkey(certCtx->root), NULL, NULL); + X509_get_pubkey(certCtx->root), NULL, certCtx->req->host); if (now_ca){ certCtx->cert = openssl_x509_to_str(now_ca); } -#endif + xret = redisAsyncCommand(c, redis_async_set_callback, certCtx->req->host, "SET %s %s", certCtx->req->host, certCtx->cert); if (xret < 0){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to set information to redis server"); @@ -556,12 +542,10 @@ int x509_privatekey_init(struct cert_trapper_t *certCtx) snprintf(cert_path, sizeof(cert_path), "%s/%s", rte->ca_path, DEFAULT_CA_CERTIFICATE); certCtx->key = EVP_PKEY_new(); - printf("rte key = %p\n", certCtx->key); if (NULL == certCtx->key){ goto finish; } rsa = RSA_new(); - printf("rsa = %p\n", rsa); if (NULL == rsa){ goto pkey_free; } @@ -570,13 +554,11 @@ int x509_privatekey_init(struct cert_trapper_t *certCtx) fp = fopen(key_path, "r"); if (NULL == fp){ mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to open file(%s)", key_path); - goto finish; + goto rsa_free; } - printf("fp = %p, certCtx->key = %p, rsa = %p\n", fp, certCtx->key, rsa); - if ( !PEM_read_RSAPrivateKey(fp, &rsa, NULL, NULL) || !EVP_PKEY_assign_RSA(certCtx->key,rsa)) { - printf("error\n"); + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Private key read failed"); goto rsa_free; } fclose(fp); @@ -594,12 +576,14 @@ int x509_privatekey_init(struct cert_trapper_t *certCtx) if ( d2i_X509(&certCtx->root, (const unsigned char**)&p, len) == NULL ) { mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Application for x509 failed"); - goto finish; + goto rsa_free; } xret = 0; + goto finish; rsa_free: - RSA_free(rsa); + if (rsa) + RSA_free(rsa); pkey_free: EVP_PKEY_free(certCtx->key); @@ -765,18 +749,15 @@ cert_trapper_task_int(struct event_base *base, int id) if (xret < 0){ __engine_fini_contex(certCtx); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the redis connection is failure\n"); - //goto finish; + goto finish; } -#if 0 /* Initialize the X509 CA*/ xret = x509_privatekey_init(certCtx); if (xret < 0){ __engine_fini_contex(certCtx); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the x509 certificate"); - //goto finish; + goto finish; } -#endif - finish: return certCtx; } @@ -851,8 +832,9 @@ evhttp_listen_socket_byuser(const struct sockaddr *sa, int socklen, } if (flags & LEV_OPT_REUSEABLE_PORT) { - if (evutil_make_listen_socket_reuseable_port(fd) < 0) + if (evutil_make_listen_socket_reuseable_port(fd) < 0){ goto err; + } } if (sa) { diff --git a/src/cert_store.c b/src/cert_store.c index 9dca3c4..dcdeb25 100644 --- a/src/cert_store.c +++ b/src/cert_store.c @@ -20,6 +20,8 @@ /* GIT Release */ #define CERT_GIT_RELEASE "1.1.0" +#define MODE_TYPE(x) run_mode & x + /* Configure Path */ #if 0 #define CERT_BASIC_CFG "/usr/local/etc/cert_store.yaml" @@ -35,16 +37,15 @@ enum syslog_display_format{ FORMAT_SYSLOG }; +static int run_mode; + static void help() { - printf("Welcome to cert server %s\n", cert_revision()); - printf("cert_server <--debug|--release|--daemon>\n" + printf("Welcome to CertStor %s\n", cert_revision()); + printf("cert_store <--normal|--daemon>\n" "Usage:\n" - " --debug | Run the program in debug mode and display\n" - " | the print message on the interface\n" - " --release | Run the program in release mode, the interface\n" - " | will not display print message\n" - " --daemon | Run in daemon mode\n"); + " --normal | Run the program in normal mode\n" + " --daemon | Run the program in daemon mode\n"); } static void @@ -59,41 +60,50 @@ cert_argv_parser(int argc, char **argv) for (i = 0; argv[i] != NULL; i++){ /** run version parser */ - if (!STRCMP (argv[i], "--release")){ - run_mode = 0x00; + if (!STRCMP (argv[i], "--normal")){ goto finish; } - - /** decoder configuration parser */ - if (!STRCMP(argv[i], "--debug")){ - run_mode = 0x10; - goto finish; - } - /** daemonize */ if (!STRCMP(argv[i], "--daemon")){ run_mode = 0x20; goto finish; } } - finish: return; } +static +void cert_preview () +{ + struct config_bucket_t *rte = cert_default_config(); + + printf("\r\nBasic Configuration of CertStore \n"); + printf("%30s:%45d\n", "The Threads", rte->thread_nu); + printf("%30s:%45s\n", "Redis Ip", rte->r_ip); + printf("%30s:%45d\n", "Redis Port", rte->r_port); + printf("%30s:%45d\n", "Libevent Port", rte->e_port); + printf("%30s:%45s\n", "Ca Directory", rte->ca_path); + printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path); + + printf("\r\n"); +} + int main(int argc, char **argv) { cert_argv_parser(argc, argv); cert_syslog_init(CERT_BASIC_CFG); + mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Cert server init success\n"); + + cert_init_config(CERT_BASIC_CFG); + if (MODE_TYPE(0x20)){ daemonize(); } - mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Cert server init success\n"); - - cert_init_config(CERT_BASIC_CFG); + cert_preview(); cert_session_init(); diff --git a/src/components/syslogd/logging.c b/src/components/syslogd/logging.c index 40a679d..1200bc5 100644 --- a/src/components/syslogd/logging.c +++ b/src/components/syslogd/logging.c @@ -23,25 +23,23 @@ void mesa_logging_print(int log_level, char *module, char *msg) { - MESA_handle_runtime_log(logging_sc_lid.run_log_handle, log_level, module, msg); - return; } int mesa_logging_mkfile(char *file, size_t size) { - char tm[64] = {0}; - char pname[64]= {0}; + char tm[24] = {0}; + char pname[32]= {0}; assert(file); if (size < 32) return -1; - rt_curr_tms2str(EVAL_TM_STYLE, tm, 63); + rt_curr_tms2str(EVAL_TM_STYLE, tm, 23); rt_get_pname_by_pid(getpid(), &pname[0]); - snprintf(file, 255, "%s-%s-%d-%d-%s.log", pname, getpwuid(getuid())->pw_name, getpwuid(getuid())->pw_uid, getpwuid(getuid())->pw_gid, tm); + snprintf(file, 63, "%s-%s-%d-%d-%s.log", pname, getpwuid(getuid())->pw_name, getpwuid(getuid())->pw_uid, getpwuid(getuid())->pw_gid, tm); return 0; } @@ -55,8 +53,8 @@ void cert_syslog_init(char *config) MESA_load_profile_string_def(config, (const char *)"SYSTEM",(const char *)"RUN_LOG_PATH", logging_sc_lid.run_log_path, 128, NULL); - char file[32] = {0}; - mesa_logging_mkfile(file, 32); + char file[64] = {0}; + mesa_logging_mkfile(file, 63); STRCAT(logging_sc_lid.run_log_path, file); logging_sc_lid.run_log_handle = MESA_create_runtime_log_handle(logging_sc_lid.run_log_path, logging_sc_lid.run_log_level); diff --git a/src/rt/rt_common.h b/src/rt/rt_common.h index cada992..133e5e4 100644 --- a/src/rt/rt_common.h +++ b/src/rt/rt_common.h @@ -21,9 +21,6 @@ #define unlikely(expr) __builtin_expect(!!(expr), 0) #endif -int run_mode; -#define MODE_TYPE(x) run_mode & x - #define __rt_always_inline__ __attribute__((always_inline)) inline #endif