gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

* 修改编译方式为CMake

Browse Source 
* 删除C++适配代码
* 修改编译告警
This commit is contained in:
fengweihao
2019-11-05 11:38:40 +08:00
parent 8b089533e9
commit 7192f437e5
237 changed files with 2071 additions and 53674 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
program/CMakeLists.txt Normal file
View File

@@ -0,0 +1,22 @@
if(COMMAND cmake_policy)
cmake_policy(SET CMP0003 NEW)
endif(COMMAND cmake_policy)
add_executable(certstore src/cert_store.cpp src/cert_conf.cpp src/cert_session.cpp)
target_include_directories(certstore PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include)
target_include_directories(certstore PRIVATE ${SYSTEMD_INCLUDE_DIRS})
target_link_libraries(certstore dl common
maatframe
openssl-ssl-static
openssl-crypto-static
pthread
uuid
libevent-static
MESA_htable
MESA_prof_load
MESA_handle_logger
hiredis-static
MESA_field_stat
${SYSTEMD_LIBRARIES})

87
program/include/cert_conf.h Normal file
View File

@@ -0,0 +1,87 @@
/*************************************************************************
> File Name: cert_conf.h
> Author:
> Mail:
> Created Time: Fri 01 Jun 2018 12:06:26 AM PDT
************************************************************************/
#ifndef _CERT_INIT_H
#define _CERT_INIT_H
#include <stdio.h>
#include <string.h>
#include <stdint.h>
#include <event.h>
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <MESA/Maat_rule.h>
#include <MESA/MESA_htable.h>
#define CT_PATH_MAX 256
#define CT_ARRARY_LEN (CT_PATH_MAX/2)
#define CT_STRING_MAX 1024
struct request_t{
#define DATALEN 128
int thread_id;
int is_valid;
char *odata;
X509 *origin;
int keyring_id;
char *sni;
char rkey[DATALEN];
struct evhttp_request *evh_req;
};
struct pxy_obj_keyring{
int keyring_id;
uint64_t expire_time;
EVP_PKEY *key;
X509 *root;
char keyring_type[CT_ARRARY_LEN];
char public_algo[CT_STRING_MAX];
char v3_ctl[CT_STRING_MAX];
char finger[EVP_MAX_MD_SIZE];
int is_valid;
atomic64_t ref_cnt;
STACK_OF(X509) *stack_ca;
};
struct _initer_addr_t{
uint16_t e_port; /*libevent prot*/
uint16_t maat_port; /*maat redis port*/
char maat_ip[16]; /*maat redis ip */
int dbindex; /*maat redis dbindex*/
uint16_t store_port; /*store redis port */
char store_ip[16]; /*store redis ip*/
};
struct ntc_maat_t{
unsigned int maat_json_switch;
unsigned int effective_interval_s;
char info_path[128];
char pxy_path[128];
char inc_cfg_dir[128];
char full_cfg_dir[128];
};
struct config_bucket_t{
Maat_feather_t feather;
int table_id;
int mode;
unsigned int local_debug;
unsigned int thread_nu;
unsigned int expire_after;
char ca_path[128];
char uninsec_path[128];
struct ntc_maat_t maat_t;
struct _initer_addr_t addr_t;
};
extern struct config_bucket_t *cert_default_config();
void cert_init_config(const char *config);
#endif

13
program/include/cert_daemon.h Normal file
View File

@@ -0,0 +1,13 @@
/*************************************************************************
> File Name: cert_daemon.h
> Author:
> Mail:
> Created Time: Tue 29 May 2018 11:12:46 PM PDT
************************************************************************/
#ifndef _NDPI_DAEMON_H
#define _NDPI_DAEMON_H
extern void daemonize (void);
#endif

116
program/include/cert_session.h Normal file
View File

@@ -0,0 +1,116 @@
/*************************************************************************
> File Name: cert_session.h
> Author:
> Mail:
> Created Time: Fri 01 Jun 2018 02:01:08 AM PDT
************************************************************************/
#ifndef _CERT_SESSION_H
#define _CERT_SESSION_H
#include <event2/event_compat.h>
#include "MESA_list_queue.h"
#include "rt_sync.h"
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
/*
* SHA0 was removed in OpenSSL 1.1.0, including OPENSSL_NO_SHA0.
*/
#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && !defined(OPENSSL_NO_SHA0)
#define OPENSSL_NO_SHA0
#endif
#if OPENSSL_VERSION_NUMBER < 0x10100000L
#define ASN1_STRING_get0_data(value) ASN1_STRING_data(value)
#define SSL_is_server(ssl) (ssl->type != SSL_ST_CONNECT)
#define X509_get_signature_nid(x509) (OBJ_obj2nid(x509->sig_alg->algorithm))
int DH_set0_pqg(DH *, BIGNUM *, BIGNUM *, BIGNUM *);
#endif
/*
* The constructors returning a SSL_METHOD * were changed to return
* a const SSL_METHOD * between 0.9.8 and 1.0.0.
*/
#if (OPENSSL_VERSION_NUMBER < 0x1000000fL)
#define CONST_SSL_METHOD SSL_METHOD
#else /* >= OpenSSL 1.0.0 */
#define CONST_SSL_METHOD const SSL_METHOD
#endif /* >= OpensSL 1.0.0 */
/*
* SSL_OP_NO_* is used as an indication that OpenSSL is sufficiently recent
* to have the respective protocol implemented.
*
* OPENSSL_NO_SSL2 indicates the complete removal of SSL 2.0 support.
*
* OPENSSL_NO_SSL3 indicates that no SSL 3.0 connections will be made by
* default, but support is still present, unless OPENSSL_NO_SSL3_METHOD is
* also defined.
*/
#if defined(SSL_OP_NO_SSLv2) && !defined(OPENSSL_NO_SSL2) && \
defined(WITH_SSLV2)
#define HAVE_SSLV2
#endif /* SSL_OP_NO_SSLv2 && !OPENSSL_NO_SSL2 && WITH_SSLV2 */
#if defined(SSL_OP_NO_SSLv3) && !defined(OPENSSL_NO_SSL3_METHOD)
#define HAVE_SSLV3
#endif /* SSL_OP_NO_SSLv2 && !OPENSSL_NO_SSL3_METHOD */
#ifdef SSL_OP_NO_TLSv1
#define HAVE_TLSV10
#endif /* SSL_OP_NO_TLSv1 */
#ifdef SSL_OP_NO_TLSv1_1
#define HAVE_TLSV11
#endif /* SSL_OP_NO_TLSv1_1 */
#ifdef SSL_OP_NO_TLSv1_2
#define HAVE_TLSV12
#endif /* SSL_OP_NO_TLSv1_2 */
struct x509_object_ctx
{
X509 *root;
EVP_PKEY *key;
X509 *insec_root;
EVP_PKEY *insec_key;
};
typedef struct {
int id;
rt_pthread pid; /* unique ID of this thread */
evutil_socket_t accept_fd;
rt_pthread_attr *attr;
struct event_base *base;
struct x509_object_ctx def;
struct redisAsyncContext *cl_ctx;
struct redisContext *sync;
void * (*routine)(void *); /** Executive entry */
int field_ids; /* dispaly */
int column_ids;
uint64_t diffTime;
} x509_forge_thread;
int cert_session_init();
void sigproc(int __attribute__((__unused__))sig);
#endif

175
program/src/cert_conf.cpp Normal file
View File

@@ -0,0 +1,175 @@
/*************************************************************************
> File Name: cert_init.c
> Author: fengweihao
> Mail:
> Created Time: Fri 01 Jun 2018 12:06:01 AM PDT
************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "rt_string.h"
#include "rt_common.h"
#include "rt_file.h"
#include "cert_conf.h"
#include "logging.h"
#include "MESA_prof_load.h"
struct config_bucket_t certConfig;
struct config_bucket_t *cert_default_config()
{
return &certConfig;
}
static int load_system_config(const char *config)
{
int xret = -1;
struct config_bucket_t *rte = cert_default_config();
xret = MESA_load_profile_uint_nodef(config, "CONFIG", "thread-nu", &(rte->thread_nu));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed");
}
xret = MESA_load_profile_int_def(config, "CONFIG", "mode", &(rte->mode), 0);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of run mode failed");
}
xret = MESA_load_profile_uint_nodef(config, "CONFIG", "expire_after", &(rte->expire_after));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of valid time failed");
}
xret = MESA_load_profile_string_nodef(config, "CONFIG", "ca_path", rte->ca_path, 128);
if (xret <0 && rt_file_exsit(rte->ca_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the ca path failed or the (%s) does not exist",
rte->ca_path);
goto finish;
}
xret = MESA_load_profile_uint_nodef(config, "CONFIG", "local_debug", &(rte->local_debug));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of local_debug failed");
}
xret = MESA_load_profile_string_nodef(config, "CONFIG", "untrusted_ca_path", rte->uninsec_path, 128);
if (xret <0 && rt_file_exsit(rte->uninsec_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the untrusted ca path failed or the (%s) does not exist",
rte->ca_path);
goto finish;
}
finish:
return xret;
}
static int load_module_config(const char *config)
{
int xret = -1;
struct config_bucket_t *rte = cert_default_config();
xret = MESA_load_profile_short_nodef(config, "LIBEVENT", "port", (short *)&(rte->addr_t.e_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Libevent Port invalid");
goto finish;
}
xret = MESA_load_profile_string_nodef(config, "MAAT_REDIS", "ip", rte->addr_t.maat_ip, 16);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Maat redis ip invalid");
goto finish;
}
xret = MESA_load_profile_short_nodef(config, "MAAT_REDIS", "port", (short *)&(rte->addr_t.maat_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Maat redis port invalid");
goto finish;
}
xret = MESA_load_profile_short_nodef(config, "MAAT_REDIS", "dbindex", (short *)&(rte->addr_t.dbindex));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Maat redis dbindex invalid");
goto finish;
}
xret = MESA_load_profile_string_nodef(config, "CERTSTORE_REDIS", "ip", rte->addr_t.store_ip, 16);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis ip invalid");
goto finish;
}
xret = MESA_load_profile_short_nodef(config, "CERTSTORE_REDIS", "port", (short *)&(rte->addr_t.store_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis port invalid");
goto finish;
}
finish:
return xret;
}
static int load_maat_config(const char *config)
{
int xret = -1;
struct ntc_maat_t *maat_t = &cert_default_config()->maat_t;
xret = MESA_load_profile_uint_nodef(config, "NTC_MAAT", "maat_json_switch", &(maat_t->maat_json_switch));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed");
}
xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "table_info", maat_t->info_path, 128);
if (xret < 0 && !rt_file_exsit( maat_t->info_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
maat_t->info_path);
goto finish;
}
if (maat_t->maat_json_switch == 1){
xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "pxy_obj_keyring", maat_t->pxy_path, 128);
if (xret < 0 && !rt_file_exsit(maat_t->pxy_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the pxy obj keyring failed or the (%s) does not exist",
maat_t->pxy_path);
goto finish;
}
}
if (maat_t->maat_json_switch == 0){
xret = MESA_load_profile_uint_nodef(config, "NTC_MAAT", "effective_interval", &(maat_t->effective_interval_s));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the interval of scan failed");
}
xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "inc_cfg_dir", maat_t->inc_cfg_dir, 128);
if (xret < 0 && !rt_file_exsit( maat_t->inc_cfg_dir)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
maat_t->inc_cfg_dir);
goto finish;
}
xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "full_cfg_dir", maat_t->full_cfg_dir, 128);
if (xret < 0 && !rt_file_exsit( maat_t->full_cfg_dir)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
maat_t->full_cfg_dir);
goto finish;
}
}
finish:
return xret;
}
void cert_init_config(const char *config)
{
load_system_config(config);
load_maat_config(config);
load_module_config(config);
}

2145
program/src/cert_session.cpp Normal file
View File

File diff suppressed because it is too large Load Diff

100
program/src/cert_store.cpp Normal file
View File

@@ -0,0 +1,100 @@
/*************************************************************************
> File Name: cert_server.c
> Author: fengweihao
> Mail:
> Created Time: Tue 29 May 2018 06:45:23 PM PDT
************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <signal.h>
#include <unistd.h>
#include "rt_string.h"
#include "rt_common.h"
#include <cert_conf.h>
#include <cert_session.h>
#include "logging.h"
#include <MESA/MESA_prof_load.h>
#define CERT_BASIC_CFG "./conf/cert_store.ini"
/* VERSION STRING */
#ifdef TARGET_GIT_VERSION
static __attribute__((__used__)) const char * git_ver = TARGET_GIT_VERSION;
#else
static __attribute__((__used__)) const char * git_ver = "1.1";
#endif
const char * version()
{
return git_ver;
}
enum syslog_display_format{
FORMAT_CONSOLE,
FORMAT_FILE,
FORMAT_SYSLOG
};
static
void cert_preview ()
{
struct config_bucket_t *rte = cert_default_config();
printf("\r\nBasic Configuration of CertStore \n");
printf("%30s:%45s\n", "Run Mode", (rte->mode == 1)?"rsync":"sync");
printf("%30s:%45d\n", "The Threads", rte->thread_nu);
printf("%30s:%45s\n", "Store Redis Ip", rte->addr_t.store_ip);
printf("%30s:%45d\n", "Store Redis Port", rte->addr_t.store_port);
printf("%30s:%45s\n", "Maat Redis Ip", rte->addr_t.maat_ip);
printf("%30s:%45d\n", "Maat Redis Port", rte->addr_t.maat_port);
printf("%30s:%45d\n", "Maat Redis index", rte->addr_t.dbindex);
printf("%30s:%45d\n", "Libevent Port", rte->addr_t.e_port);
printf("%30s:%45s\n", "Cert Path", rte->ca_path);
printf("%30s:%45s\n", "Uninsec cert Path", rte->uninsec_path);
printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path);
printf("%30s:%45s\n", "Table Info", rte->maat_t.info_path);
if (rte->maat_t.maat_json_switch == 1){
printf("%30s:%45s\n", "Pxy Obj Keyring", rte->maat_t.pxy_path);
}
if (rte->maat_t.maat_json_switch == 0){
printf("%30s:%45d\n", "Scan Interval", rte->maat_t.effective_interval_s);
printf("%30s:%45s\n", "Full Cfg Path", rte->maat_t.full_cfg_dir);
printf("%30s:%45s\n", "Inc Cfg Path", rte->maat_t.inc_cfg_dir);
}
printf("\r\n");
}
int main(int argc, char **argv)
{
int opt = 0;
while ((opt = getopt(argc, argv, "v")) != -1)
{
switch (opt)
{
case 'v':
fprintf(stderr, "Welcome to certstore, Version: %s\n", version());
return 0;
default:
break;
}
}
cert_syslog_init(CERT_BASIC_CFG);
cert_init_config(CERT_BASIC_CFG);
cert_preview();
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Cert server init success");
cert_session_init();
signal(SIGINT, sigproc);
return 0;
}