gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

适配界面PXY_PROFILE_KEYRING表结构变更

Browse Source
This commit is contained in:
fengweihao
2020-10-30 19:37:24 +08:00
parent 81eef836b6
commit 9f2d64e865
3 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
program/include/cert_conf.h
View File

@@ -37,6 +37,8 @@ struct tfe_http_request{
struct pxy_obj_keyring{
int keyring_id;
int use_hsm;
int slot_id;
uint64_t expire_time;
EVP_PKEY *key;
X509 *issuer;

32
program/src/cert_session.cpp
View File

@@ -1170,6 +1170,15 @@ static int x509_online_append(struct x509_object_ctx *def, struct tfe_http_reque
goto modify;
}
}
if(pxy_obj->use_hsm)
{
cacrt = (is_valid == 1) ? def->root : def->insec_root;
cakey = (is_valid == 1) ? def->key : def->insec_key;
expire_time = cfg_instanec()->expire_after;
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Warning: HSM is not supported, use local keypair, sign cert!!!");
goto modify;
}
if (!STRCMP(pxy_obj->keyring_type, "end-entity"))
{
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The certificate(%d) type is an entity",keyring_id);
@@ -2196,10 +2205,10 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__)
memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring));
atomic64_set(&pxy_obj->ref_cnt, 1);
ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d", &pxy_obj->keyring_id, profile_name,
ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d\t%d\t%d", &pxy_obj->keyring_id, profile_name,
pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_time, pxy_obj->public_algo,
pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->is_valid);
if(ret!=10)
pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->use_hsm, &pxy_obj->slot_id, &pxy_obj->is_valid);
if(ret!=12)
{
kfree(pxy_obj);
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore parse config failed: %s", table_line);
@@ -2213,12 +2222,17 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__)
pxy_obj->keyring_id);
goto finish;
}
/*Load PRIVATEKEY**/
if ((pxy_obj->key = cert_load_key(private_file)) == NULL){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "initialize the x509 privatekey failed, the keyring id is %d",
pxy_obj->keyring_id);
goto finish;
}
if(pxy_obj->use_hsm == 0)
{
/*Load PRIVATEKEY**/
if ((pxy_obj->key = cert_load_key(private_file)) == NULL){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "initialize the x509 privatekey failed, the keyring id is %d",
pxy_obj->keyring_id);
goto finish;
}
}
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "initialize the x509 certificate, the keyring id is %d",
pxy_obj->keyring_id);
*ad = pxy_obj;