gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

适配界面PXY_PROFILE_KEYRING表结构变更

Browse Source
This commit is contained in:
fengweihao
2020-10-30 19:37:24 +08:00
parent 81eef836b6
commit 9f2d64e865
3 changed files with 26 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
program/include/cert_conf.h
View File

@@ -37,6 +37,8 @@ struct tfe_http_request{
struct pxy_obj_keyring{ struct pxy_obj_keyring{
int keyring_id; int keyring_id;
int use_hsm;
int slot_id;
uint64_t expire_time; uint64_t expire_time;
EVP_PKEY *key; EVP_PKEY *key;
X509 *issuer; X509 *issuer;

32
program/src/cert_session.cpp
View File

@@ -1170,6 +1170,15 @@ static int x509_online_append(struct x509_object_ctx *def, struct tfe_http_reque
goto modify; goto modify;
} }
} }
if(pxy_obj->use_hsm)
{
cacrt = (is_valid == 1) ? def->root : def->insec_root;
cakey = (is_valid == 1) ? def->key : def->insec_key;
expire_time = cfg_instanec()->expire_after;
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Warning: HSM is not supported, use local keypair, sign cert!!!");
goto modify;
}
if (!STRCMP(pxy_obj->keyring_type, "end-entity")) if (!STRCMP(pxy_obj->keyring_type, "end-entity"))
{ {
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The certificate(%d) type is an entity",keyring_id); mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "The certificate(%d) type is an entity",keyring_id);
@@ -2196,10 +2205,10 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__)
memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring)); memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring));
atomic64_set(&pxy_obj->ref_cnt, 1); atomic64_set(&pxy_obj->ref_cnt, 1);
ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d", &pxy_obj->keyring_id, profile_name, ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d\t%d\t%d", &pxy_obj->keyring_id, profile_name,
pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_time, pxy_obj->public_algo, pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_time, pxy_obj->public_algo,
pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->is_valid); pxy_obj->v3_ctl, &pxy_obj->is_send, &pxy_obj->use_hsm, &pxy_obj->slot_id, &pxy_obj->is_valid);
if(ret!=10) if(ret!=12)
{ {
kfree(pxy_obj); kfree(pxy_obj);
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore parse config failed: %s", table_line); mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore parse config failed: %s", table_line);
@@ -2213,12 +2222,17 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__)
pxy_obj->keyring_id); pxy_obj->keyring_id);
goto finish; goto finish;
} }
/*Load PRIVATEKEY**/
if ((pxy_obj->key = cert_load_key(private_file)) == NULL){ if(pxy_obj->use_hsm == 0)
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "initialize the x509 privatekey failed, the keyring id is %d", {
pxy_obj->keyring_id); /*Load PRIVATEKEY**/
goto finish; if ((pxy_obj->key = cert_load_key(private_file)) == NULL){
} mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "initialize the x509 privatekey failed, the keyring id is %d",
pxy_obj->keyring_id);
goto finish;
}
}
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "initialize the x509 certificate, the keyring id is %d", mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "initialize the x509 certificate, the keyring id is %d",
pxy_obj->keyring_id); pxy_obj->keyring_id);
*ad = pxy_obj; *ad = pxy_obj;

2
resource/conf/table_info.conf
View File

@@ -17,4 +17,4 @@
#id name type src_charset dst_charset do_merge cross_cache quick_mode #id name type src_charset dst_charset do_merge cross_cache quick_mode
1 COMPILE compile 1 COMPILE compile
2 GROUP group 2 GROUP group
3 PXY_PROFILE_KEYRING plugin {"key":1,"valid":10,"foreign":"4,5"} 3 PXY_PROFILE_KEYRING plugin {"key":1,"valid":12,"foreign":"4,5"}