gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1.添加自动生成中间证书及实体证书脚本文件signssl.sh

Browse Source 
2.添加证书文件检测工具x509
3.修改配置文件注释
This commit is contained in:
fengweihao
2018-11-13 17:03:20 +08:00
parent e125afd91d
commit b07c3182b4
7 changed files with 114 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
conf/cert_store.ini
View File

@@ -5,34 +5,37 @@ DEBUG_SWITCH = 1
RUN_LOG_LEVEL = 10
RUN_LOG_PATH = ./logs
[CONFIG]
#<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>߳<EFBFBD><EFBFBD><EFBFBD>
#Number of running threads
thread-nu = 4
#<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD>ϸ<EFBFBD>֤<EFBFBD><EFBFBD>ǩ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ч<EFBFBD>ڣ<EFBFBD>Ĭ<EFBFBD><EFBFBD>Ϊ30<EFBFBD><EFBFBD>
#Local default root certificate is valid for 30 days by default
expire_after = 30
#<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĭ<EFBFBD>ϸ<EFBFBD>֤<EFBFBD><EFBFBD>·<EFBFBD><EFBFBD>
#Local default root certificate path
def-ca-path = ../ca
[NTC_MAAT]
#<EFBFBD><EFBFBD><EFBFBD>ü<EFBFBD><EFBFBD><EFBFBD>ģʽ,0Ϊʹ<CEAA><CAB9><EFBFBD><EFBFBD><EFBFBD>÷ַ<C3B7><D6B7><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD><C2B7><EFBFBD><EFBFBD>ļ<EFBFBD>,1Ϊʹ<CEAA>ñ<EFBFBD><C3B1><EFBFBD>json,2Ϊʹ<CEAA><CAB9>Redis<69><73>ȡ<EFBFBD><C8A1><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
#Configure the load mode,
#0: using the configuration distribution network
#1: using local json
#2: using Redis reads
maat_json_switch=2
#<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ģʽΪ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>·<EFBFBD>ʱ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ɨ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>޸ļ<EFBFBD><EFBFBD><EFBFBD>(s)
#When the loading mode is sent to the network, set the scanning configuration modification interval (s).
effective_interval=1
#ָ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ÿ<EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>λ<EFBFBD><EFBFBD>
#Specify the location of the configuration library table file
table_info=../conf/table_info.conf
#<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><EFBFBD>
#Incremental profile path
inc_cfg_dir=../rule/inc/index
#ȫ<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>ļ<EFBFBD>·<EFBFBD><EFBFBD>
#Full profile path
full_cfg_dir=../rule/full/index
#jsonģʽʱjson<EFBFBD>ļ<EFBFBD>·<EFBFBD><EFBFBD>
#Json file path when json schema is used
pxy_obj_keyring=../conf/pxy_obj_keyring.json
[LIBEVENT]
#<EFBFBD><EFBFBD><EFBFBD>ؼ<EFBFBD><EFBFBD>ض˿ںţ<EFBFBD>Ĭ<EFBFBD><EFBFBD>Ϊ9991
#Local monitor port number, default is 9991
port = 9991
[CERTSTORE_REDIS]
#<EFBFBD><EFBFBD><EFBFBD>ش洢֤<EFBFBD><EFBFBD><EFBFBD><EFBFBD>Redis<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD>Ͷ˿ں<EFBFBD>
#The Redis server IP address and port number where the certificate is stored locally
ip = 127.0.0.1
port = 6379
[MAAT_REDIS]
#Maat<EFBFBD><EFBFBD><EFBFBD>ص<EFBFBD>Redsi<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>IP<EFBFBD><EFBFBD>ַ<EFBFBD>Ͷ˿ں<EFBFBD>
#Maat monitors the Redsi server IP address and port number
ip = 192.168.11.243
port = 6379
dbindex = 4

2
src/package/r3_certstore1.0
View File

@@ -11,7 +11,7 @@ while [ 1 ]; do
ulimit -c 0
fi
./certstore1.0 --normal 2>&1
./certstore1.0 --normal > /dev/null
echo program crashed, restart at `date +"%w %Y/%m/%d, %H:%M:%S"` >> RESTART.log
sleep 10
done

3
src/package/run.sh
View File

@@ -1,3 +0,0 @@
#!/bin/bash
./bin/certstore1.0 --daemon

2
src/rt/rt_tmr.h
View File

@@ -8,7 +8,7 @@
#ifndef _RT_TMR_H
#define _RT_TMR_H
//#define RT_TMR_ADVANCED
#define RT_TMR_ADVANCED
extern void tmr_start(uint32_t uid);
extern void tmr_stop(uint32_t uid);

94
src/script/signssl.sh Normal file
View File

@@ -0,0 +1,94 @@
#!/bin/bash
type_name=$1
name=$2
caform=$3
caname=$4
cakeyform=$5
cakey=$6
do_help()
{
echo "./signssl -type cert_name -cafrom ca_name -cakeyfrom key_name"
echo "usage: ./signssl args"
echo " -type cert_name - input type (-middle, -entity)"
echo " -cafrom ca_name - input ca_name (root certificate)"
echo " -cakeyfrom key_name - input key_name (the root keys)"
exit
}
do_mkdir()
{
if [ ! -d "./demoCA" ]; then
mkdir demoCA
mkdir ./demoCA/newcerts
touch ./demoCA/index.txt
touch ./demoCA/serial
echo 0001 >> ./demoCA/serial
fi
}
do_check()
{
if [ "$type_name" == "" ]||[ "$name" == "" ]; then
echo "certificate type is unkone!"
do_help
exit
fi
if [ "$caform" != "-cafrom" ] || [ "$caname" == "" ]; then
echo "root certificate name is unkone!"
do_help
exit
fi
if [ "$cakeyform" != "-cakeyfrom" ] || [ "$cakey" == "" ]; then
echo "root certificate keys is unkone!"
do_help
exit
fi
}
do_middle()
{
if [ ! -d "./middle" ]; then
mkdir middle
fi
openssl genrsa -out ${name}.key 1024
openssl req -new -key ${name}.key -out ${name}.csr
openssl ca -extensions v3_ca -in ${name}.csr -out ${name}.pem -cert ${caname} -keyfile ${cakey} -days 365 -policy policy_anything
openssl pkcs12 -export -in ${name}.pem -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
mv ${name}.* middle
}
do_entity()
{
if [ ! -d ".entity" ];then
mkdir entity
fi
openssl genrsa -out ${name}.pem 1024
openssl rsa -in ${name}.pem -out ${name}.key
openssl req -new -key ${name}.pem -out ${name}.csr
openssl x509 -req -days 365 -sha256 -extfile /etc/pki/tls/openssl.cnf -extensions v3_req -CA ${caname} -CAkey ${cakey} -CAserial ca.srl -CAcreateserial -in ${name}.csr -out ${name}.cer
openssl pkcs12 -export -in ${name}.cer -inkey ${name}.key -chain -CAfile ${caname} -out ${name}.p12
mv ${name}.* entity
}
do_signssl()
{
if [ "$type_name" == "-middle" ]; then
do_middle
exit
fi
if [ "$type_name" == "-entity" ]; then
do_entity
exit
fi
}
do_check
do_mkdir
do_signssl

3
src/script/tarball.sh
View File

@@ -12,6 +12,7 @@ do_mkdir(){
rm $X -rf
mkdir $X
mkdir $X/cert
mkdir $X/tool
}
do_copy(){
@@ -20,6 +21,8 @@ do_copy(){
cp ../rule/ $X -rf
cp ../src/cert_store $X/certstore1.0
cp ../src/package/* $X
cp ../src/script/signssl.sh $X/tool
cp ../src/script/x509 $X/tool
}
do_tarball(){

BIN
src/script/x509 Normal file
View File

Binary file not shown.