增加从配置文件中读取密钥强度配置

修改本地json配置

README.md

@@ -16,13 +16,11 @@ src/rt            公共函数
 备注：
 发送请求命令：
 keyring id存在（读取表指定的证书颁发）
-curl -X GET "192.168.11.100:9991/ca?kering_id=1&origin_cert="xxxxxxxx"" -m 30 -v
+curl -F "blob=@tango-ca-v3.cer;type=text/plain" "http://192.168.11.100:9991/ca?keyring_id=1&sni="www.google.com"&is_valid=1" -m 30 -v
 keyring id不存在（读取本地默认证书颁发）
-curl -X GET "192.168.11.100:9991/ca?kering_id=12&origin_cert="xxxxxxx"" -m 30 -v
+curl -F "blob=@tango-ca-v3.cer;type=text/plain" "http://192.168.11.100:9991/ca?keyring_id=5&sni="www.google.com"&is_valid=1" -m 30 -v
-keyring id存在，表中valid为不可用（读取keyring id = 256,不信任证书颁发）
+keyring id存在，表中valid为不可用（不信任证书颁发）
-curl -X GET "192.168.11.100:9991/ca?kering_id=5&origin_cert="xxxxxxx"" -m 30 -v
+curl -F "blob=@tango-ca-v3.cer;type=text/plain" "http://192.168.11.100:9991/ca?keyring_id=5&sni="www.google.com"&is_valid=0" -m 30 -v
-keyring id存在，证书类型为实体证书
-curl -X GET "192.168.11.100:9991/ca?kering_id=4&origin_cert="xxxxxxxx"" -m 30 -v
 使用--daemon运行时，配置文件中使用绝对路径
 
 [安装包使用]

conf/pxy_obj_keyring.json

@@ -73,10 +73,11 @@
         {
             "table_name": "PXY_PROFILE_KEYRING",
 			  "table_content": [
-                "0\tname_01\troot\t/home/fengweihao/workspace/cert_store/test_data/tango-ca-v3-untrust-ca.pem\t/home/fengweihao/workspace/cert_store/test_data/tango-ca-v3-untrust-ca.pem\t30\tNULL\tNULL\t1\t",
+                "0\tname_01\troot\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-v3-untrust-ca.pem\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-v3-untrust-ca.pem\t30\tNULL\tNULL\t1024\t1\t",
-				"1\tname_01\troot\t/home/fengweihao/workspace/cert_store/test_data/tango-ca-v3-trust-ca.pem\t/home/fengweihao/workspace/cert_store/test_data/tango-ca-v3-trust-ca.pem\t30\tNULL\tNULL\t1\t",
+				"1\tname_01\troot\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-v3-trust-ca.pem\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-v3-trust-ca.pem\t30\tNULL\tNULL\t1024\t1\t",
 				
-				"2\tname_01\tintermediate\t/home/fengweihao/workspace/cert_store/test_data/Tango-National-Proxy-L2.key\t/home/fengweihao/workspace/cert_store/test_data/Tango-National-Proxy-L2.pem\t30\tNULL\tNULL\t1\t"
+				"2\tname_01\troot\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-trust-ca-key.pem\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-trust-ca-cer.pem\t24\tNULL\tNULL\t2048\t1\t",
+				"3\tname_01\troot\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-trust-ca-key.pem\t/home/fengweihao/build/transfer/test_cert/root/tango-ca-trust-ca-cer.pem\t-1\tNULL\tNULL\t4096\t1\t"
             ]
         }
     ]

conf/table_info.conf

@@ -17,4 +17,4 @@
 #id	name	type	src_charset	dst_charset	do_merge cross_cache quick_mode
 1	COMPILE	compile
 2   GROUP group
-3   PXY_PROFILE_KEYRING plugin	 {"key":1,"valid":9,"foreign":"4,5"}
+3   PXY_PROFILE_KEYRING plugin	 {"key":1,"valid":10,"foreign":"4,5"}

src/cert_conf.h

@@ -36,15 +36,16 @@ struct request_t{
 
 struct pxy_obj_keyring{
 	int keyring_id;
-	atomic64_t ref_cnt;
+	int bits;
+	uint64_t expire_time;
+	EVP_PKEY *key;
+    X509 *root;
     char keyring_type[CT_ARRARY_LEN];
-	uint64_t expire_after;
 	char public_algo[CT_STRING_MAX];
 	char v3_ctl[CT_STRING_MAX];
     char finger[EVP_MAX_MD_SIZE];
-    EVP_PKEY *key;
-    X509 *root;
 	int is_valid;	
+	atomic64_t ref_cnt;
     STACK_OF(X509) *stack_ca;
 };
 

src/cert_session.c

@@ -488,14 +488,14 @@ static time_t ASN1_GetTimeT(ASN1_TIME* time)
 }
 
 X509 *
-x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int *expire_time, char *crlurl)
+x509_modify_by_cert(X509 *cacrt, EVP_PKEY *cakey, X509 *origcrt, char *pkey, int *expire_time, char *crlurl, int bits)
 {
 	int rv;
 	X509 *crt = NULL;
     EVP_PKEY* key = NULL;
 	X509_NAME *subject = NULL, *issuer = NULL;
 
-    if(!create_client_key(&key, pkey, 1024)){
+    if(!create_client_key(&key, pkey, bits)){
         goto err;
     }
 //subjectname,issuername
@@ -992,9 +992,8 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req
                               		STACK_OF(X509) **stack_ca)
 {
     X509* x509 = NULL;
-    int is_valid = request->is_valid;
+    int is_valid = request->is_valid; int keyring_id = request->keyring_id;
-    int keyring_id = request->keyring_id;
+    int expire_time = 0, bits = 0; char *crlurl = NULL;
-    int expire_time = 0; char *crlurl = NULL;
     char *serial = NULL;
     X509 *cacrt = NULL; EVP_PKEY *cakey = NULL;
 
@@ -1045,10 +1044,11 @@ static int x509_online_append(struct x509_object_ctx *def, struct request_t *req
     }
     cacrt = pxy_obj->root;
     cakey  = pxy_obj->key;
-    expire_time = pxy_obj->expire_after;
+    expire_time = pxy_obj->expire_time;
     crlurl    = pxy_obj->v3_ctl;
+	bits  = pxy_obj->bits;
 modify:
-    x509 = x509_modify_by_cert(cacrt, cakey, request->origin, pkey, &expire_time, crlurl);
+    x509 = x509_modify_by_cert(cacrt, cakey, request->origin, pkey, &expire_time, crlurl, bits);
     if (!x509){
         goto finish;
     }
@@ -1895,10 +1895,10 @@ const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__)
     memset(pxy_obj, 0, sizeof(struct pxy_obj_keyring));
 	atomic64_set(&pxy_obj->ref_cnt, 1);
 
-	ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d", &pxy_obj->keyring_id, profile_name,
+	ret=sscanf(table_line, "%d\t%s\t%s\t%s\t%s\t%lu\t%s\t%s\t%d\t%d", &pxy_obj->keyring_id, profile_name,
-		       pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_after, pxy_obj->public_algo,
+		       pxy_obj->keyring_type, private_file, public_file, &pxy_obj->expire_time, pxy_obj->public_algo,
-		       pxy_obj->v3_ctl, &pxy_obj->is_valid);
+		       pxy_obj->v3_ctl, &pxy_obj->bits, &pxy_obj->is_valid);
-	if(ret!=9)
+	if(ret!=10)
 	{
         kfree(&pxy_obj);
         mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore parse config failed: %s", table_line);