1.修改配置文件，添加Maat读取全量增量目录路径

2.修改原Maat监控流程，增加对全量增量目录监控代码
3.根据安装文档修改打包程序

conf/cert_store.ini

@@ -1,19 +1,32 @@
 [SYSTEM]
 #1:print on screen, 0:don't
 DEBUG_SWITCH = 1
-
 #10:DEBUG, 20:INFO, 30:FATAL
 RUN_LOG_LEVEL = 10
 RUN_LOG_PATH = ./logs
 [CONFIG]
+#<23><><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD><DFB3><EFBFBD>
 thread-nu = 4
+#<23><><EFBFBD><EFBFBD>Ĭ<EFBFBD>ϸ<EFBFBD>֤<EFBFBD><D6A4>ǩ<EFBFBD><C7A9><EFBFBD><EFBFBD>Ч<EFBFBD>ڣ<EFBFBD>Ĭ<EFBFBD><C4AC>Ϊ30<33><30>
 expire_after = 30
+#<23><><EFBFBD><EFBFBD>Ĭ<EFBFBD>ϸ<EFBFBD>֤<EFBFBD><D6A4>·<EFBFBD><C2B7>
 def-ca-path = ../ca
-table_info = ../conf/table_info.conf
-pxy_obj_keyring = ../conf/pxy_obj_keyring.json
+[NTC_MAAT]
+#<23><><EFBFBD>ü<EFBFBD><C3BC><EFBFBD>ģʽ<C4A3><CABD>1Ϊʹ<CEAA>ñ<EFBFBD><C3B1><EFBFBD>json<6F><6E>0Ϊʹ<CEAA><CAB9><EFBFBD><EFBFBD><EFBFBD>÷ַ<C3B7><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD>ļ<EFBFBD>
+maat_json_switch=0
+#ָ<><D6B8><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><C3BF><EFBFBD><EFBFBD>ļ<EFBFBD>λ<EFBFBD><CEBB>
+table_info=../conf/table_info.conf
+#<23><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><C2B7>
+inc_cfg_dir=../rule/inc/index
+#ȫ<><C8AB><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><C2B7>
+full_cfg_dir=../rule/full/index
+#jsonģʽʱjson<6F>ļ<EFBFBD>·<EFBFBD><C2B7>
+pxy_obj_keyring=../conf/pxy_obj_keyring.json
 [LIBEVENT]
+#<23><><EFBFBD>ؼ<EFBFBD><D8BC>ض˿ںţ<DABA>Ĭ<EFBFBD><C4AC>Ϊ9991
 port = 9991
 [REDIS]
+#ָ<><D6B8>Redsi<73><69><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<49><50>ַ<EFBFBD>Ͷ˿ں<CBBF>
 ip = 127.0.0.1
 port = 6379
 

rule/full/COMPILE.local

@@ -0,0 +1,2 @@
+0000000001
+123	1	1	1	1	0	escaped\bdata:have\ba\bspace\band\ba\b\&\bsymbol.	1	

rule/full/GROUP.local

@@ -0,0 +1,3 @@
+0000000002
+0	123	1
+1	123	1

rule/full/PXY_OBJ_KEYRING.local

@@ -0,0 +1,8 @@
+0000000007
+1	1	name_01	root	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	15	rsa2048	null	1
+2	1	name_02	root	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	90	rsa2048	null	1
+3	1	name_03	root	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	1
+4	1	name_04	end-entity	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	1
+5	1	name_05	intermediate	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	0
+6	1	name_06	intermediate	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	1
+256	1	insec	root	/home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.cer	30	rsa2048	null	1

rule/full/index/full_config_index.0000000001

@@ -0,0 +1,3 @@
+COMPILE	1	../rule/full/COMPILE.local
+GROUP	2	../rule/full/GROUP.local
+PXY_OBJ_KEYRING	7	../rule/full/PXY_OBJ_KEYRING.local

rule/inc/COMPILE.local

@@ -0,0 +1,2 @@
+0000000001
+123	1	1	1	1	0	escaped\bdata:have\ba\bspace\band\ba\b\&\bsymbol.	1	

rule/inc/GROUP.local

@@ -0,0 +1,3 @@
+0000000002
+0	123	1
+1	123	1

rule/inc/PXY_OBJ_KEYRING.local

@@ -0,0 +1,8 @@
+0000000007
+1	1	name_01	root	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	15	rsa2048	null	1
+2	1	name_02	root	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	90	rsa2048	null	1
+3	1	name_03	root	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	1
+4	1	name_04	end-entity	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	1
+5	1	name_05	intermediate	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	0
+6	1	name_06	intermediate	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer	30	rsa2048	null	1
+256	1	insec	root	/home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.key	/home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.cer	30	rsa2048	null	1

rule/inc/index/full_config_index.0000000002

@@ -0,0 +1,3 @@
+COMPILE	1	../rule/inc/COMPILE.local
+GROUP	2	../rule/inc/GROUP.local
+PXY_OBJ_KEYRING	7	../rule/inc/PXY_OBJ_KEYRING.local

src/Makefile

@@ -73,16 +73,24 @@ $(OBJ_DIR)/%.o: $(d)/%.c
 include $(CERT_ROOT)/make/application.mk
 
 tarball: cert_store
-	if [ ! -d "package/bin" ]; then mkdir -p "package/bin"; fi
-	if [ ! -d "package/lib" ]; then mkdir -p "package/lib"; fi
-	if [ ! -d "package/etc" ]; then mkdir -p "package/etc"; fi
-	cp cert_store package/bin/certstore
-	cp lib/*.a 	 package/lib/
-	cp ../conf/cert_store.ini package/etc/
-	cd package && tar cpfz cert_store-$(BUILD_FINGERPRINT2).tar.gz bin etc lib Makefile 
+	if [ ! -d "package/certstroe_run/bin" ]; then mkdir -p "package/certstore_run/bin/"; fi
+	if [ ! -d "package/certstroe_run/conf" ]; then mkdir -p "package/certstore_run/conf"; fi
+	if [ ! -d "package/certstroe_run/cert" ]; then mkdir -p "package/certstore_run/cert"; fi
+	if [ ! -d "package/certstroe_run/rule" ]; then mkdir -p "package/certstore_run/rule"; fi
+	cp cert_store package/certstore_run/bin/certstore1.0
+	cp ../conf/cert_store.ini package/certstore_run/conf/
+	cp ../conf/pxy_obj_keyring.json package/certstore_run/conf
+	cp ../conf/table_info.conf package/certstore_run/conf
+#	cp ../ca/mesalab-def-cert.cer package/certstore_run/cert
+#	cp ../ca/mesalab-def-cert.key package/certstore_run/cert
+	cp ../ca/* package/certstore_run/cert
+	cp package/Makefile package/certstore_run/
+	cp ../rule/* -rf package/certstore_run/rule/
+	cp package/run.sh package/certstore_run/
+	cd package && tar cpfz certstore_run.tar.gz certstore_run 
 	cd ..
-	mv package/cert_store-$(BUILD_FINGERPRINT2).tar.gz ../release/
-
+	mv package/certstore_run.tar.gz ../release/
+	rm -rf package/certstore_run
 clean: 
 	rm -rf $(CLEAN_LIST)
 	rm -f $(TARGET)

src/cert_conf.c

@@ -21,8 +21,6 @@
 struct config_bucket_t certConfig = {
     .thread_nu = 1,
     .expire_after = 30,
-    .info_path = "/home/test",
-    .pxy_path  = "/home/test",
     .def_path  = "/home/test",
     .addr_t = {9995, 3336, "0.0.0.0"},
 };
@@ -54,21 +52,6 @@ static int load_system_config(char *config)
                          rte->def_path);
         goto finish;
     }
-
-    xret = MESA_load_profile_string_nodef(config, "CONFIG", "table_info", rte->info_path, 128);
-    if (xret < 0 && !rt_file_exsit(rte->info_path)){
-        mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
-                         rte->info_path);
-        goto finish;
-    }
-
-    xret = MESA_load_profile_string_nodef(config, "CONFIG", "pxy_obj_keyring", rte->pxy_path, 128);
-    if (xret < 0 && !rt_file_exsit(rte->pxy_path)){
-        mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the pxy obj keyring failed or the (%s) does not exist",
-                         rte->pxy_path);
-        goto finish;
-    }
-
 finish:
     return xret;
 }
@@ -100,10 +83,57 @@ finish:
     return xret;
 }
 
+static int load_maat_config(char *config)
+{
+    int xret = -1;
+
+    struct ntc_maat_t *maat_t = &cert_default_config()->maat_t;
+
+    xret = MESA_load_profile_uint_nodef(config, "NTC_MAAT", "maat_json_switch", &(maat_t->maat_json_switch));
+    if (xret < 0){
+        mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed");
+    }
+
+    xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "table_info", maat_t->info_path, 128);
+    if (xret < 0 && !rt_file_exsit( maat_t->info_path)){
+        mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
+                          maat_t->info_path);
+        goto finish;
+    }
+
+    if (maat_t->maat_json_switch == 1){
+        xret = MESA_load_profile_string_nodef(config, "CONFIG", "pxy_obj_keyring", maat_t->pxy_path, 128);
+         if (xret < 0 && !rt_file_exsit(maat_t->pxy_path)){
+             mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the pxy obj keyring failed or the (%s) does not exist",
+                              maat_t->pxy_path);
+             goto finish;
+         }
+    }
+
+    if (maat_t->maat_json_switch == 0){
+        xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "inc_cfg_dir", maat_t->inc_cfg_dir, 128);
+        if (xret < 0 && !rt_file_exsit( maat_t->inc_cfg_dir)){
+            mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
+                              maat_t->inc_cfg_dir);
+            goto finish;
+        }
+        xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "full_cfg_dir", maat_t->full_cfg_dir, 128);
+        if (xret < 0 && !rt_file_exsit( maat_t->full_cfg_dir)){
+            mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
+                              maat_t->full_cfg_dir);
+            goto finish;
+        }
+    }
+finish:
+    return xret;
+}
+
 void cert_init_config(char *config)
 {
     load_system_config(config);
 
+    load_maat_config(config);
+
     load_module_config(config);
 }
 

src/cert_conf.h

@@ -53,12 +53,19 @@ struct _initer_addr_t{
     char r_ip[16];      /* redis ip */
 };
 
+struct ntc_maat_t{
+    unsigned int  maat_json_switch;
+    char info_path[128];
+    char pxy_path[128];
+    char inc_cfg_dir[128];
+    char full_cfg_dir[128];
+};
+
 struct config_bucket_t{
     unsigned int thread_nu;
 	unsigned int expire_after;
-    char info_path[128];
-    char pxy_path[128];
     char def_path[128];
+    struct ntc_maat_t maat_t;
     struct _initer_addr_t addr_t;
     struct key_ring_list keyring;
 };

src/cert_session.c

@@ -285,7 +285,6 @@ x509_get_alt_name(X509 *x509, char *extraname)
 
     for (i = 0; i < cnt; i++) {
         GENERAL_NAME* generalName = sk_GENERAL_NAME_value(subjectAltNames, i);
-
         xret = x509_alt_name_cmp(ASN1_STRING_data(GENERAL_NAME_get0_value(generalName, NULL)), extraname);
         if (xret == 0)
             break;
@@ -1572,14 +1571,14 @@ MESA_internal_set_para(screen_stat_handle_t handle, enum FS_option type, unsigne
 
 static int mesa_fiel_stat_init()
 {
-	char stat_path[63] = {0};
+	char stat_path[128] = {0};
     char pname[32]= {0}, buff[128] = {0};
 
 	SGstats.handle = FS_internal_create_handle();
 
     rt_get_pname_by_pid(getpid(), &pname[0]);
 	FS_internal_set_para(SGstats.handle, APP_NAME, pname, strlen(pname)+1);
-    snprintf(stat_path, 63, "%s/fs2_%s.status", logging_sc_lid.run_log_path, pname);
+    snprintf(stat_path, 128, "%s/fs2_%s.status", logging_sc_lid.run_log_path, pname);
 	FS_internal_set_para(SGstats.handle, OUTPUT_DEVICE, stat_path, strlen(stat_path)+1);
 
 	MESA_internal_set_para(SGstats.handle, FLUSH_BY_DATE, 0);
@@ -1695,15 +1694,26 @@ int sample_plugin_table(Maat_feather_t feather,const char* table_name,
 
 int maat_feather_init()
 {
+	int wait_second = 0;
     Maat_feather_t feather = NULL;
 	int scan_interval_ms = 1, effective_interval_ms = 0;
 
     struct config_bucket_t *rte = cert_default_config();
+    struct ntc_maat_t *maat_t = &rte->maat_t;
 
-	feather = Maat_inter_feather(rte->thread_nu, rte->info_path, logging_sc_lid.run_log_handle);
+	feather = Maat_inter_feather(rte->thread_nu, maat_t->info_path, logging_sc_lid.run_log_handle);
 
 	Maat_inter_set_feather_opt(feather, MAAT_OPT_INSTANCE_NAME, "certstore", strlen("certstore") + 1);
-    Maat_inter_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, rte->pxy_path, strlen(rte->pxy_path)+1);
+
+    if (maat_t->maat_json_switch == 1){
+        Maat_inter_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, maat_t->pxy_path, strlen(maat_t->pxy_path)+1);
+    }
+    if (maat_t->maat_json_switch == 0){
+        Maat_inter_set_feather_opt(feather, MAAT_OPT_FULL_CFG_DIR, maat_t->full_cfg_dir, strlen(maat_t->full_cfg_dir)+1);
+        Maat_inter_set_feather_opt(feather, MAAT_OPT_INC_CFG_DIR, maat_t->inc_cfg_dir, strlen(maat_t->inc_cfg_dir)+1);
+        wait_second = 14;
+    }
+
     Maat_inter_set_feather_opt(feather, MAAT_OPT_SCANDIR_INTERVAL_MS,&scan_interval_ms, sizeof(scan_interval_ms));
 	Maat_inter_set_feather_opt(feather, MAAT_OPT_EFFECT_INVERVAL_MS,&effective_interval_ms, sizeof(effective_interval_ms));
 	Maat_inter_initiate_feather(feather);
@@ -1714,6 +1724,7 @@ int maat_feather_init()
 					    Maat_read_entry_finish_cb,
 					    &rte->keyring,
     				    NULL);
+	sleep(wait_second);
     return 0;
 }
 

src/cert_store.c

@@ -86,8 +86,15 @@ void cert_preview ()
     printf("%30s:%45d\n", "Libevent Port", rte->addr_t.e_port);
     printf("%30s:%45s\n", "Def Cert Path", rte->def_path);
     printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path);
-    printf("%30s:%45s\n", "Table Info", rte->info_path);
-    printf("%30s:%45s\n", "Pxy Obj Keyring", rte->pxy_path);
+    printf("%30s:%45s\n", "Table Info", rte->maat_t.info_path);
+    if (rte->maat_t.maat_json_switch == 1){
+        printf("%30s:%45s\n", "Pxy Obj Keyring", rte->maat_t.pxy_path);
+    }
+    if (rte->maat_t.maat_json_switch == 0){
+        printf("%30s:%45s\n", "Full Cfg Path", rte->maat_t.full_cfg_dir);
+        printf("%30s:%45s\n", "Inc  Cfg Path", rte->maat_t.inc_cfg_dir);
+
+    }
     printf("\r\n");
 }
 

src/package/Makefile

@@ -1,18 +1,18 @@
 
 install:
-	if [ ! -d "/usr/local/bin" ]; then mkdir -p "/usr/local/bin"; fi
-	if [ ! -d "/usr/local/lib" ]; then mkdir -p "/usr/local/lib"; fi
+#	if [ ! -d "/usr/local/bin" ]; then mkdir -p "/usr/local/bin"; fi
+#	if [ ! -d "/usr/local/lib" ]; then mkdir -p "/usr/local/lib"; fi
 #
-	cp -f etc/cert_store.ini 	  /usr/local/etc/
+#	cp -f etc/cert_store.ini 	  /usr/local/etc/
 #
-	cp -f bin/cert_store /usr/local/bin/
-	chmod +x /usr/local/bin/cert_store
+#	cp -f bin/cert_store /usr/local/bin/
+	chmod +x bin/certstore1.0
 #
-	cp -f lib/*  /usr/local/lib/
-	sudo ldconfig
+#	cp -f lib/*  /usr/local/lib/
+#	sudo ldconfig
 update:
-	cp -f bin/cert_server /usr/local/bin/
-	chmod +x /usr/local/bin/cert_store
+#	cp -f bin/cert_server /usr/local/bin/
+	chmod +x bin/certstore1.0
 
 uninstall:
 	rm -f  /usr/local/bin/cert_store

src/package/run.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+
+./bin/certstore1.0 --daemon