From 3662ddd8846ef0ea47a4d93e0c18e9c316066067 Mon Sep 17 00:00:00 2001 From: fengweihao Date: Thu, 21 Nov 2019 17:35:09 +0800 Subject: [PATCH] =?UTF-8?q?*=20=E4=BF=AE=E6=94=B9Redis=E5=AD=98=E5=82=A8ke?= =?UTF-8?q?y=E5=80=BC=EF=BC=8C=E5=88=A0=E9=99=A4=E7=AD=BE=E5=8F=91?= =?UTF-8?q?=E8=AF=81=E4=B9=A6=E6=8C=87=E7=BA=B9=EF=BC=8C=E5=A2=9E=E5=8A=A0?= =?UTF-8?q?=E7=95=8C=E9=9D=A2=E6=93=8D=E4=BD=9C=E6=97=B6=E9=97=B4=E7=B4=A2?= =?UTF-8?q?=E5=BC=95=20*=20=E4=BF=AE=E6=94=B9json=E9=85=8D=E7=BD=AE?= =?UTF-8?q?=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- program/include/cert_conf.h | 4 ++-- program/src/cert_session.cpp | 18 ++++-------------- resource/conf/pxy_obj_keyring.json | 22 +++++++++++----------- 3 files changed, 17 insertions(+), 27 deletions(-) diff --git a/program/include/cert_conf.h b/program/include/cert_conf.h index d56d77b..e419414 100644 --- a/program/include/cert_conf.h +++ b/program/include/cert_conf.h @@ -42,9 +42,9 @@ struct pxy_obj_keyring{ char keyring_type[CT_ARRARY_LEN]; char public_algo[CT_STRING_MAX]; char v3_ctl[CT_STRING_MAX]; - char finger[EVP_MAX_MD_SIZE]; int is_send; - int is_valid; + int is_valid; + uint64_t op_time; atomic64_t ref_cnt; STACK_OF(X509) *stack_ca; }; diff --git a/program/src/cert_session.cpp b/program/src/cert_session.cpp index 8183ebc..1b2809d 100644 --- a/program/src/cert_session.cpp +++ b/program/src/cert_session.cpp @@ -845,14 +845,6 @@ long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp) atomic64_dec(&pxy_obj->ref_cnt); if (atomic64_read(&pxy_obj->ref_cnt) == 0) { -#ifdef RT_REDIS_ADVANCED - int xret; char *command; - asprintf(&command, "redis-cli keys \"%d*\" | xargs redis-cli del", pxy_obj->keyring_id); - xret = system(command); - if ((-1 == xret) || (!WIFEXITED(xret)) || (0 != WEXITSTATUS(xret))){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "del keyringid %d failed", pxy_obj->keyring_id); - } -#endif if (pxy_obj->issuer) X509_free(pxy_obj->issuer); if (pxy_obj->key) @@ -1423,7 +1415,7 @@ x509_get_rkey(X509 *origin, int keyring_id, char *rkey, int is_valid) struct pxy_obj_keyring *pxy_obj = get_obj_for_id(keyring_id); if (pxy_obj != NULL) { - snprintf(rkey, DATALEN, "%d:%s:%s:%d", keyring_id, hex, pxy_obj->finger, is_valid); + snprintf(rkey, DATALEN, "%d:%lu:%s:%d", keyring_id, pxy_obj->op_time, hex, is_valid); goto finish; } snprintf(rkey, DATALEN, "%d:%s:%d", keyring_id, hex, is_valid); @@ -2002,10 +1994,10 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__) memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring)); atomic64_set(&pxy_obj->ref_cnt, 1); - ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d", &pxy_obj->keyring_id, profile_name, + ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d\t%lu", &pxy_obj->keyring_id, profile_name, pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_time, pxy_obj->public_algo, - pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->is_valid); - if(ret!=10) + pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->is_valid, &pxy_obj->op_time); + if(ret!=11) { kfree(pxy_obj); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore parse config failed: %s", table_line); @@ -2026,8 +2018,6 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__) } mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "initialize the x509 certificate, the keyring id is %d", pxy_obj->keyring_id); - x509_get_fingerprint(pxy_obj->issuer, pxy_obj->finger); - *ad = pxy_obj; finish: return; diff --git a/resource/conf/pxy_obj_keyring.json b/resource/conf/pxy_obj_keyring.json index 35c4af3..0350b8b 100644 --- a/resource/conf/pxy_obj_keyring.json +++ b/resource/conf/pxy_obj_keyring.json @@ -73,18 +73,18 @@ { "table_name": "PXY_PROFILE_KEYRING", "table_content": [ - "0\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-v3-untrust-ca.pem\t/home/fengweihao/tool/test_cert/root/tango-ca-v3-untrust-ca.pem\t0\trsa1024\tNULL\t1\t1\t", - "11\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-v3-trust-ca.pem\t//home/fengweihao/tool/test_cert/root/tango-ca-v3-trust-ca.pem\t0\trsa1024\tNULL\t0\t1\t", + "0\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-v3-untrust-ca.pem\t/home/fengweihao/tool/test_cert/root/tango-ca-v3-untrust-ca.pem\t0\trsa1024\tNULL\t1\t1\t2019112101\t", + "11\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-v3-trust-ca.pem\t//home/fengweihao/tool/test_cert/root/tango-ca-v3-trust-ca.pem\t0\trsa1024\tNULL\t0\t1\t2019112102\t", - "1\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-key.pem\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-cer.pem\t24\trsa2048\tNULL\t0\t1\t", - "3\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-key.pem\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-cer.pem\t30\trsa4096\tNULL\t1\t1\t", - "9\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-01-key.pem\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-01-cer.pem\t30\trsa1024\tNULL\t1\t1\t", - "8\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-01-key.pem\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-ca-l1-cert.pem\t30\trsa1024\tNULL\t1\t1\t", - "12\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2.key\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2-v2-v1-ca.cer\t30\trsa1024\tNULL\t0\t1\t", - "13\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2.key\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2-ca-v1-v2.cer\t30\trsa1024\tNULL\t0\t1\t", - "4\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2.key\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2-v1-ca-v2.cer\t30\trsa1024\tNULL\t0\t1\t", - "5\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/ca01-mle-key.pem\t/home/fengweihao/tool/test_cert/Intermediate/ca01-mle.pem\t30\trsa4096\tNULL\t1\t1\t", - "10\tname_01\tend-entity\t/home/fengweihao/tool/test_cert/end-entity/tang-ca-v3-www.bing.com-key.pem\t/home/fengweihao/tool/test_cert/end-entity/tang-ca-v3-www.bing.com-cer.pem\t30\trsa4096\tNULL\t0\t1\t" + "1\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-key.pem\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-cer.pem\t24\trsa2048\tNULL\t0\t1\t20191121990\t", + "3\tname_01\troot\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-key.pem\t/home/fengweihao/tool/test_cert/root/tango-ca-trust-ca-cer.pem\t30\trsa4096\tNULL\t1\t1\t2019112102\t", + "9\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-01-key.pem\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-01-cer.pem\t30\trsa1024\tNULL\t1\t1\t2019112104\t", + "8\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-01-key.pem\t/home/fengweihao/tool/test_cert/Intermediate/tang-ca-v3-intermediate-ca-l1-cert.pem\t30\trsa1024\tNULL\t1\t1\t2019112105\t", + "12\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2.key\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2-v2-v1-ca.cer\t30\trsa1024\tNULL\t0\t1\t20191106\t", + "13\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2.key\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2-ca-v1-v2.cer\t30\trsa1024\tNULL\t0\t1\t20191107\t", + "4\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2.key\t/home/fengweihao/tool/test_cert/Intermediate/Tang-Ca-IIS-v2-v1-ca-v2.cer\t30\trsa1024\tNULL\t0\t1\t20191108\t", + "5\tname_01\tintermediate\t/home/fengweihao/tool/test_cert/Intermediate/ca01-mle-key.pem\t/home/fengweihao/tool/test_cert/Intermediate/ca01-mle.pem\t30\trsa4096\tNULL\t1\t1\t20191108\t", + "10\tname_01\tend-entity\t/home/fengweihao/tool/test_cert/end-entity/tang-ca-v3-www.bing.com-key.pem\t/home/fengweihao/tool/test_cert/end-entity/tang-ca-v3-www.bing.com-cer.pem\t30\trsa4096\tNULL\t0\t1\t20191107\t" ] } ]