diff --git a/conf/cert_store.ini b/conf/cert_store.ini index 65d0df8..e129c61 100644 --- a/conf/cert_store.ini +++ b/conf/cert_store.ini @@ -1,19 +1,32 @@ [SYSTEM] #1:print on screen, 0:don't DEBUG_SWITCH = 1 - #10:DEBUG, 20:INFO, 30:FATAL RUN_LOG_LEVEL = 10 RUN_LOG_PATH = ./logs [CONFIG] +#运行线程数 thread-nu = 4 +#本地默认根证书签发有效期,默认为30天 expire_after = 30 +#本地默认根证书路径 def-ca-path = ../ca -table_info = ../conf/table_info.conf -pxy_obj_keyring = ../conf/pxy_obj_keyring.json +[NTC_MAAT] +#配置加载模式,1为使用本地json,0为使用配置分发网络下发的文件 +maat_json_switch=0 +#指定配置库表文件位置 +table_info=../conf/table_info.conf +#增量配置文件路径 +inc_cfg_dir=../rule/inc/index +#全量配置文件路径 +full_cfg_dir=../rule/full/index +#json模式时json文件路径 +pxy_obj_keyring=../conf/pxy_obj_keyring.json [LIBEVENT] +#本地监控端口号,默认为9991 port = 9991 [REDIS] +#指定Redsi服务器IP地址和端口号 ip = 127.0.0.1 port = 6379 diff --git a/rule/full/COMPILE.local b/rule/full/COMPILE.local new file mode 100644 index 0000000..d605788 --- /dev/null +++ b/rule/full/COMPILE.local @@ -0,0 +1,2 @@ +0000000001 +123 1 1 1 1 0 escaped\bdata:have\ba\bspace\band\ba\b\&\bsymbol. 1 diff --git a/rule/full/GROUP.local b/rule/full/GROUP.local new file mode 100644 index 0000000..f583103 --- /dev/null +++ b/rule/full/GROUP.local @@ -0,0 +1,3 @@ +0000000002 +0 123 1 +1 123 1 diff --git a/rule/full/PXY_OBJ_KEYRING.local b/rule/full/PXY_OBJ_KEYRING.local new file mode 100644 index 0000000..fba5fb5 --- /dev/null +++ b/rule/full/PXY_OBJ_KEYRING.local @@ -0,0 +1,8 @@ +0000000007 +1 1 name_01 root /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 15 rsa2048 null 1 +2 1 name_02 root /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 90 rsa2048 null 1 +3 1 name_03 root /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 1 +4 1 name_04 end-entity /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 1 +5 1 name_05 intermediate /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 0 +6 1 name_06 intermediate /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 1 +256 1 insec root /home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.cer 30 rsa2048 null 1 diff --git a/rule/full/index/full_config_index.0000000001 b/rule/full/index/full_config_index.0000000001 new file mode 100644 index 0000000..26ac6b2 --- /dev/null +++ b/rule/full/index/full_config_index.0000000001 @@ -0,0 +1,3 @@ +COMPILE 1 ../rule/full/COMPILE.local +GROUP 2 ../rule/full/GROUP.local +PXY_OBJ_KEYRING 7 ../rule/full/PXY_OBJ_KEYRING.local diff --git a/rule/inc/COMPILE.local b/rule/inc/COMPILE.local new file mode 100644 index 0000000..d605788 --- /dev/null +++ b/rule/inc/COMPILE.local @@ -0,0 +1,2 @@ +0000000001 +123 1 1 1 1 0 escaped\bdata:have\ba\bspace\band\ba\b\&\bsymbol. 1 diff --git a/rule/inc/GROUP.local b/rule/inc/GROUP.local new file mode 100644 index 0000000..f583103 --- /dev/null +++ b/rule/inc/GROUP.local @@ -0,0 +1,3 @@ +0000000002 +0 123 1 +1 123 1 diff --git a/rule/inc/PXY_OBJ_KEYRING.local b/rule/inc/PXY_OBJ_KEYRING.local new file mode 100644 index 0000000..fba5fb5 --- /dev/null +++ b/rule/inc/PXY_OBJ_KEYRING.local @@ -0,0 +1,8 @@ +0000000007 +1 1 name_01 root /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 15 rsa2048 null 1 +2 1 name_02 root /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 90 rsa2048 null 1 +3 1 name_03 root /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 1 +4 1 name_04 end-entity /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 1 +5 1 name_05 intermediate /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 0 +6 1 name_06 intermediate /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-ca-cert.cer 30 rsa2048 null 1 +256 1 insec root /home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.key /home/fengweihao/workspace/cert_store/ca/mesalab-insec-cert.cer 30 rsa2048 null 1 diff --git a/rule/inc/index/full_config_index.0000000002 b/rule/inc/index/full_config_index.0000000002 new file mode 100644 index 0000000..ecb7c3a --- /dev/null +++ b/rule/inc/index/full_config_index.0000000002 @@ -0,0 +1,3 @@ +COMPILE 1 ../rule/inc/COMPILE.local +GROUP 2 ../rule/inc/GROUP.local +PXY_OBJ_KEYRING 7 ../rule/inc/PXY_OBJ_KEYRING.local diff --git a/src/Makefile b/src/Makefile index 85c015b..6163a7b 100644 --- a/src/Makefile +++ b/src/Makefile @@ -73,16 +73,24 @@ $(OBJ_DIR)/%.o: $(d)/%.c include $(CERT_ROOT)/make/application.mk tarball: cert_store - if [ ! -d "package/bin" ]; then mkdir -p "package/bin"; fi - if [ ! -d "package/lib" ]; then mkdir -p "package/lib"; fi - if [ ! -d "package/etc" ]; then mkdir -p "package/etc"; fi - cp cert_store package/bin/certstore - cp lib/*.a package/lib/ - cp ../conf/cert_store.ini package/etc/ - cd package && tar cpfz cert_store-$(BUILD_FINGERPRINT2).tar.gz bin etc lib Makefile + if [ ! -d "package/certstroe_run/bin" ]; then mkdir -p "package/certstore_run/bin/"; fi + if [ ! -d "package/certstroe_run/conf" ]; then mkdir -p "package/certstore_run/conf"; fi + if [ ! -d "package/certstroe_run/cert" ]; then mkdir -p "package/certstore_run/cert"; fi + if [ ! -d "package/certstroe_run/rule" ]; then mkdir -p "package/certstore_run/rule"; fi + cp cert_store package/certstore_run/bin/certstore1.0 + cp ../conf/cert_store.ini package/certstore_run/conf/ + cp ../conf/pxy_obj_keyring.json package/certstore_run/conf + cp ../conf/table_info.conf package/certstore_run/conf +# cp ../ca/mesalab-def-cert.cer package/certstore_run/cert +# cp ../ca/mesalab-def-cert.key package/certstore_run/cert + cp ../ca/* package/certstore_run/cert + cp package/Makefile package/certstore_run/ + cp ../rule/* -rf package/certstore_run/rule/ + cp package/run.sh package/certstore_run/ + cd package && tar cpfz certstore_run.tar.gz certstore_run cd .. - mv package/cert_store-$(BUILD_FINGERPRINT2).tar.gz ../release/ - + mv package/certstore_run.tar.gz ../release/ + rm -rf package/certstore_run clean: rm -rf $(CLEAN_LIST) rm -f $(TARGET) diff --git a/src/cert_conf.c b/src/cert_conf.c index 9eb3f4c..19b6d3c 100644 --- a/src/cert_conf.c +++ b/src/cert_conf.c @@ -21,8 +21,6 @@ struct config_bucket_t certConfig = { .thread_nu = 1, .expire_after = 30, - .info_path = "/home/test", - .pxy_path = "/home/test", .def_path = "/home/test", .addr_t = {9995, 3336, "0.0.0.0"}, }; @@ -54,21 +52,6 @@ static int load_system_config(char *config) rte->def_path); goto finish; } - - xret = MESA_load_profile_string_nodef(config, "CONFIG", "table_info", rte->info_path, 128); - if (xret < 0 && !rt_file_exsit(rte->info_path)){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist", - rte->info_path); - goto finish; - } - - xret = MESA_load_profile_string_nodef(config, "CONFIG", "pxy_obj_keyring", rte->pxy_path, 128); - if (xret < 0 && !rt_file_exsit(rte->pxy_path)){ - mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the pxy obj keyring failed or the (%s) does not exist", - rte->pxy_path); - goto finish; - } - finish: return xret; } @@ -100,10 +83,57 @@ finish: return xret; } +static int load_maat_config(char *config) +{ + int xret = -1; + + struct ntc_maat_t *maat_t = &cert_default_config()->maat_t; + + xret = MESA_load_profile_uint_nodef(config, "NTC_MAAT", "maat_json_switch", &(maat_t->maat_json_switch)); + if (xret < 0){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed"); + } + + xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "table_info", maat_t->info_path, 128); + if (xret < 0 && !rt_file_exsit( maat_t->info_path)){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist", + maat_t->info_path); + goto finish; + } + + if (maat_t->maat_json_switch == 1){ + xret = MESA_load_profile_string_nodef(config, "CONFIG", "pxy_obj_keyring", maat_t->pxy_path, 128); + if (xret < 0 && !rt_file_exsit(maat_t->pxy_path)){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the pxy obj keyring failed or the (%s) does not exist", + maat_t->pxy_path); + goto finish; + } + } + + if (maat_t->maat_json_switch == 0){ + xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "inc_cfg_dir", maat_t->inc_cfg_dir, 128); + if (xret < 0 && !rt_file_exsit( maat_t->inc_cfg_dir)){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist", + maat_t->inc_cfg_dir); + goto finish; + } + xret = MESA_load_profile_string_nodef(config, "NTC_MAAT", "full_cfg_dir", maat_t->full_cfg_dir, 128); + if (xret < 0 && !rt_file_exsit( maat_t->full_cfg_dir)){ + mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist", + maat_t->full_cfg_dir); + goto finish; + } + } +finish: + return xret; +} + void cert_init_config(char *config) { load_system_config(config); + load_maat_config(config); + load_module_config(config); } diff --git a/src/cert_conf.h b/src/cert_conf.h index c739ad6..f043938 100644 --- a/src/cert_conf.h +++ b/src/cert_conf.h @@ -53,12 +53,19 @@ struct _initer_addr_t{ char r_ip[16]; /* redis ip */ }; +struct ntc_maat_t{ + unsigned int maat_json_switch; + char info_path[128]; + char pxy_path[128]; + char inc_cfg_dir[128]; + char full_cfg_dir[128]; +}; + struct config_bucket_t{ unsigned int thread_nu; unsigned int expire_after; - char info_path[128]; - char pxy_path[128]; char def_path[128]; + struct ntc_maat_t maat_t; struct _initer_addr_t addr_t; struct key_ring_list keyring; }; diff --git a/src/cert_session.c b/src/cert_session.c index 407656f..2faa4a4 100644 --- a/src/cert_session.c +++ b/src/cert_session.c @@ -285,7 +285,6 @@ x509_get_alt_name(X509 *x509, char *extraname) for (i = 0; i < cnt; i++) { GENERAL_NAME* generalName = sk_GENERAL_NAME_value(subjectAltNames, i); - xret = x509_alt_name_cmp(ASN1_STRING_data(GENERAL_NAME_get0_value(generalName, NULL)), extraname); if (xret == 0) break; @@ -1572,14 +1571,14 @@ MESA_internal_set_para(screen_stat_handle_t handle, enum FS_option type, unsigne static int mesa_fiel_stat_init() { - char stat_path[63] = {0}; + char stat_path[128] = {0}; char pname[32]= {0}, buff[128] = {0}; SGstats.handle = FS_internal_create_handle(); rt_get_pname_by_pid(getpid(), &pname[0]); FS_internal_set_para(SGstats.handle, APP_NAME, pname, strlen(pname)+1); - snprintf(stat_path, 63, "%s/fs2_%s.status", logging_sc_lid.run_log_path, pname); + snprintf(stat_path, 128, "%s/fs2_%s.status", logging_sc_lid.run_log_path, pname); FS_internal_set_para(SGstats.handle, OUTPUT_DEVICE, stat_path, strlen(stat_path)+1); MESA_internal_set_para(SGstats.handle, FLUSH_BY_DATE, 0); @@ -1695,15 +1694,26 @@ int sample_plugin_table(Maat_feather_t feather,const char* table_name, int maat_feather_init() { + int wait_second = 0; Maat_feather_t feather = NULL; int scan_interval_ms = 1, effective_interval_ms = 0; struct config_bucket_t *rte = cert_default_config(); + struct ntc_maat_t *maat_t = &rte->maat_t; - feather = Maat_inter_feather(rte->thread_nu, rte->info_path, logging_sc_lid.run_log_handle); + feather = Maat_inter_feather(rte->thread_nu, maat_t->info_path, logging_sc_lid.run_log_handle); Maat_inter_set_feather_opt(feather, MAAT_OPT_INSTANCE_NAME, "certstore", strlen("certstore") + 1); - Maat_inter_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, rte->pxy_path, strlen(rte->pxy_path)+1); + + if (maat_t->maat_json_switch == 1){ + Maat_inter_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, maat_t->pxy_path, strlen(maat_t->pxy_path)+1); + } + if (maat_t->maat_json_switch == 0){ + Maat_inter_set_feather_opt(feather, MAAT_OPT_FULL_CFG_DIR, maat_t->full_cfg_dir, strlen(maat_t->full_cfg_dir)+1); + Maat_inter_set_feather_opt(feather, MAAT_OPT_INC_CFG_DIR, maat_t->inc_cfg_dir, strlen(maat_t->inc_cfg_dir)+1); + wait_second = 14; + } + Maat_inter_set_feather_opt(feather, MAAT_OPT_SCANDIR_INTERVAL_MS,&scan_interval_ms, sizeof(scan_interval_ms)); Maat_inter_set_feather_opt(feather, MAAT_OPT_EFFECT_INVERVAL_MS,&effective_interval_ms, sizeof(effective_interval_ms)); Maat_inter_initiate_feather(feather); @@ -1714,6 +1724,7 @@ int maat_feather_init() Maat_read_entry_finish_cb, &rte->keyring, NULL); + sleep(wait_second); return 0; } diff --git a/src/cert_store.c b/src/cert_store.c index 9943770..eccc4c4 100644 --- a/src/cert_store.c +++ b/src/cert_store.c @@ -86,8 +86,15 @@ void cert_preview () printf("%30s:%45d\n", "Libevent Port", rte->addr_t.e_port); printf("%30s:%45s\n", "Def Cert Path", rte->def_path); printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path); - printf("%30s:%45s\n", "Table Info", rte->info_path); - printf("%30s:%45s\n", "Pxy Obj Keyring", rte->pxy_path); + printf("%30s:%45s\n", "Table Info", rte->maat_t.info_path); + if (rte->maat_t.maat_json_switch == 1){ + printf("%30s:%45s\n", "Pxy Obj Keyring", rte->maat_t.pxy_path); + } + if (rte->maat_t.maat_json_switch == 0){ + printf("%30s:%45s\n", "Full Cfg Path", rte->maat_t.full_cfg_dir); + printf("%30s:%45s\n", "Inc Cfg Path", rte->maat_t.inc_cfg_dir); + + } printf("\r\n"); } diff --git a/src/package/Makefile b/src/package/Makefile index b89c220..4a974db 100644 --- a/src/package/Makefile +++ b/src/package/Makefile @@ -1,18 +1,18 @@ install: - if [ ! -d "/usr/local/bin" ]; then mkdir -p "/usr/local/bin"; fi - if [ ! -d "/usr/local/lib" ]; then mkdir -p "/usr/local/lib"; fi +# if [ ! -d "/usr/local/bin" ]; then mkdir -p "/usr/local/bin"; fi +# if [ ! -d "/usr/local/lib" ]; then mkdir -p "/usr/local/lib"; fi # - cp -f etc/cert_store.ini /usr/local/etc/ +# cp -f etc/cert_store.ini /usr/local/etc/ # - cp -f bin/cert_store /usr/local/bin/ - chmod +x /usr/local/bin/cert_store +# cp -f bin/cert_store /usr/local/bin/ + chmod +x bin/certstore1.0 # - cp -f lib/* /usr/local/lib/ - sudo ldconfig +# cp -f lib/* /usr/local/lib/ +# sudo ldconfig update: - cp -f bin/cert_server /usr/local/bin/ - chmod +x /usr/local/bin/cert_store +# cp -f bin/cert_server /usr/local/bin/ + chmod +x bin/certstore1.0 uninstall: rm -f /usr/local/bin/cert_store diff --git a/src/package/run.sh b/src/package/run.sh new file mode 100644 index 0000000..c0a74ab --- /dev/null +++ b/src/package/run.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +./bin/certstore1.0 --daemon