gfwleak/tango-certstore
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

TSG-14484 Pxoxy支持Maat4

Browse Source
This commit is contained in:
fengweihao
2023-03-29 17:34:26 +08:00
parent 2744f2460c
commit bf1d968eaf
16 changed files with 313 additions and 638 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
program/CMakeLists.txt
View File

@@ -2,7 +2,7 @@ if(COMMAND cmake_policy)
cmake_policy(SET CMP0003 NEW)
endif(COMMAND cmake_policy)
add_executable(certstore src/cert_store.cpp src/cert_conf.cpp src/cert_session.cpp)
add_executable(certstore src/cert_store.cpp src/cert_session.cpp)
target_include_directories(certstore PRIVATE ${CMAKE_CURRENT_LIST_DIR}/include)
target_include_directories(certstore PRIVATE ${SYSTEMD_INCLUDE_DIRS})

13
program/include/cert_daemon.h
View File

@@ -1,13 +0,0 @@
/*************************************************************************
> File Name: cert_daemon.h
> Author:
> Mail:
> Created Time: Tue 29 May 2018 11:12:46 PM PDT
************************************************************************/
#ifndef _NDPI_DAEMON_H
#define _NDPI_DAEMON_H
extern void daemonize (void);
#endif

4
program/include/cert_session.h
View File

@@ -9,11 +9,7 @@
#define _CERT_SESSION_H
#include <event2/event_compat.h>
#include <MESA/MESA_list_queue.h>
#include "rt_sync.h"
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#include <openssl/err.h>

51
program/include/cert_conf.h → program/include/cert_store.h
View File

@@ -15,14 +15,12 @@
#include <openssl/x509.h>
#include <openssl/evp.h>
#include <MESA/Maat_rule.h>
#include <MESA/MESA_htable.h>
#define CT_PATH_MAX 256
#define CT_ARRARY_LEN (CT_PATH_MAX/2)
#define CT_STRING_MAX 1024
struct tfe_http_request{
struct http_request
{
#define DATALEN 128
int thread_id;
int is_valid;
@@ -35,7 +33,8 @@ struct tfe_http_request{
struct evhttp_request *evh_req;
};
struct pxy_obj_keyring{
struct pxy_obj_keyring
{
int keyring_id;
int use_hsm;
int slot_id;
@@ -52,43 +51,21 @@ struct pxy_obj_keyring{
STACK_OF(X509) *stack_ca;
};
struct _initer_addr_t{
uint16_t e_port; /*libevent prot*/
uint16_t maat_port; /*maat redis port*/
char maat_ip[16]; /*maat redis ip */
int dbindex; /*maat redis dbindex*/
uint16_t store_port; /*store redis port */
char store_ip[16]; /*store redis ip*/
uint16_t statsd_port;
char statsd_server[16];
};
struct ntc_maat_t{
unsigned int maat_json_switch;
unsigned int effective_interval_s;
char info_path[128];
char pxy_path[128];
char inc_cfg_dir[128];
char full_cfg_dir[128];
};
struct config_bucket_t{
Maat_feather_t feather;
struct cert_store_rt
{
struct maat *instance;
int table_id;
int mode;
unsigned int local_debug;
unsigned int thread_nu;
unsigned int expire_after;
int local_debug;
int thread_nu;
int expire_after;
int listen_port;
int local_redis_port;
char local_redis_ip[32];
char ca_path[128];
char uninsec_path[128];
struct ntc_maat_t maat_t;
struct _initer_addr_t addr_t;
};
extern struct config_bucket_t *cfg_instanec();
void cert_store_init_config(const char *config);
extern struct cert_store_rt * g_cert_store;
#endif

187
program/src/cert_conf.cpp
View File

@@ -1,187 +0,0 @@
/*************************************************************************
> File Name: cert_init.c
> Author: fengweihao
> Mail:
> Created Time: Fri 01 Jun 2018 12:06:01 AM PDT
************************************************************************/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "rt_string.h"
#include "rt_common.h"
#include "rt_file.h"
#include "cert_conf.h"
#include "logging.h"
#include <MESA/MESA_prof_load.h>
struct config_bucket_t certConfig;
struct config_bucket_t *cfg_instanec()
{
return &certConfig;
}
static int load_system_config(const char *config)
{
int xret = -1;
struct config_bucket_t *rte = cfg_instanec();
xret = MESA_load_profile_uint_nodef(config, "CONFIG", "thread-nu", &(rte->thread_nu));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed");
}
xret = MESA_load_profile_int_def(config, "CONFIG", "mode", &(rte->mode), 0);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of run mode failed");
}
xret = MESA_load_profile_uint_nodef(config, "CONFIG", "expire_after", &(rte->expire_after));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of valid time failed");
}
xret = MESA_load_profile_string_nodef(config, "CONFIG", "ca_path", rte->ca_path, 128);
if (xret <0 && rt_file_exsit(rte->ca_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the ca path failed or the (%s) does not exist",
rte->ca_path);
goto finish;
}
xret = MESA_load_profile_uint_nodef(config, "CONFIG", "local_debug", &(rte->local_debug));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of local_debug failed");
}
xret = MESA_load_profile_string_nodef(config, "CONFIG", "untrusted_ca_path", rte->uninsec_path, 128);
if (xret <0 && rt_file_exsit(rte->uninsec_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the untrusted ca path failed or the (%s) does not exist",
rte->ca_path);
goto finish;
}
finish:
return xret;
}
static int load_module_config(const char *config)
{
int xret = -1;
struct config_bucket_t *rte = cfg_instanec();
xret = MESA_load_profile_short_nodef(config, "LIBEVENT", "port", (short *)&(rte->addr_t.e_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Libevent Port invalid");
goto finish;
}
xret = MESA_load_profile_string_nodef(config, "MAAT_REDIS", "ip", rte->addr_t.maat_ip, 16);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Maat redis ip invalid");
goto finish;
}
xret = MESA_load_profile_short_nodef(config, "MAAT_REDIS", "port", (short *)&(rte->addr_t.maat_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Maat redis port invalid");
goto finish;
}
xret = MESA_load_profile_short_nodef(config, "MAAT_REDIS", "dbindex", (short *)&(rte->addr_t.dbindex));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Maat redis dbindex invalid");
goto finish;
}
xret = MESA_load_profile_string_nodef(config, "CERTSTORE_REDIS", "ip", rte->addr_t.store_ip, 16);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis ip invalid");
goto finish;
}
xret = MESA_load_profile_short_nodef(config, "CERTSTORE_REDIS", "port", (short *)&(rte->addr_t.store_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis port invalid");
goto finish;
}
xret = MESA_load_profile_string_nodef(config, "stat", "statsd_server", rte->addr_t.statsd_server, 16);
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis ip invalid");
goto finish;
}
xret = MESA_load_profile_short_nodef(config, "stat", "statsd_port", (short *)&(rte->addr_t.statsd_port));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Certsotre redis port invalid");
goto finish;
}
finish:
return xret;
}
static int load_maat_config(const char *config)
{
int xret = -1;
struct ntc_maat_t *maat_t = &cfg_instanec()->maat_t;
xret = MESA_load_profile_uint_nodef(config, "MAAT", "maat_json_switch", &(maat_t->maat_json_switch));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the number of running threads failed");
}
xret = MESA_load_profile_string_nodef(config, "MAAT", "table_info", maat_t->info_path, 128);
if (xret < 0 && !rt_file_exsit( maat_t->info_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
maat_t->info_path);
goto finish;
}
if (maat_t->maat_json_switch == 1){
xret = MESA_load_profile_string_nodef(config, "MAAT", "pxy_obj_keyring", maat_t->pxy_path, 128);
if (xret < 0 && !rt_file_exsit(maat_t->pxy_path)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the pxy obj keyring failed or the (%s) does not exist",
maat_t->pxy_path);
goto finish;
}
}
if (maat_t->maat_json_switch == 0){
xret = MESA_load_profile_uint_nodef(config, "MAAT", "effective_interval", &(maat_t->effective_interval_s));
if (xret < 0){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Reading the interval of scan failed");
}
xret = MESA_load_profile_string_nodef(config, "MAAT", "inc_cfg_dir", maat_t->inc_cfg_dir, 128);
if (xret < 0 && !rt_file_exsit( maat_t->inc_cfg_dir)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
maat_t->inc_cfg_dir);
goto finish;
}
xret = MESA_load_profile_string_nodef(config, "MAAT", "full_cfg_dir", maat_t->full_cfg_dir, 128);
if (xret < 0 && !rt_file_exsit( maat_t->full_cfg_dir)){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the table info failed or the (%s) does not exist",
maat_t->full_cfg_dir);
goto finish;
}
}
finish:
return xret;
}
void cert_store_init_config(const char *config)
{
load_system_config(config);
load_maat_config(config);
load_module_config(config);
}

453
program/src/cert_session.cpp
View File

@@ -16,7 +16,6 @@
#include "rt_string.h"
#include "rt_common.h"
#include "rt_stdlib.h"
#include "rt_file.h"
#include "rt_time.h"
#include "rt_tmr.h"
#include "json.h"
@@ -38,12 +37,11 @@
#include <event2/buffer.h>
#include <async.h>
#include <MESA/Maat_rule.h>
#include <MESA/maat.h>
#include <MESA/field_stat2.h>
#include <MESA/MESA_prof_load.h>
#include <MESA/MESA_htable.h>
#include "cert_conf.h"
#include "cert_store.h"
#include "libevent.h"
#include "cert_session.h"
#include "logging.h"
@@ -506,22 +504,6 @@ finish:
return pkey;
}
static void key_ring_free(void *data)
{
struct pxy_obj_keyring *pxy_obj = NULL;
pxy_obj = (struct pxy_obj_keyring *)data;
X509_free(pxy_obj->issuer);
EVP_PKEY_free(pxy_obj->key);
}
void key_ring_list_destroy(MESA_htable_handle *htable)
{
MESA_htable_destroy(*htable, key_ring_free);
*htable = NULL;
return;
}
void uuid_squeeze(char *s,int c)
{
int i,j;
@@ -942,7 +924,7 @@ finish:
return x509;
}
void request_destroy(struct tfe_http_request *request)
void request_destroy(struct http_request *request)
{
if (request->odata)
{
@@ -958,25 +940,18 @@ void request_destroy(struct tfe_http_request *request)
request = NULL;
}
static
int redis_rsync_init(struct event_base *base, struct redisAsyncContext **cl_ctx)
static int redis_async_connect(struct event_base *base, struct redisAsyncContext **cl_ctx)
{
int xret = -1;
struct config_bucket_t *redis = cfg_instanec();
*cl_ctx = redisAsyncConnect(redis->addr_t.store_ip, redis->addr_t.store_port);
if((*cl_ctx)->err ) {
*cl_ctx = redisAsyncConnect(g_cert_store->local_redis_ip, g_cert_store->local_redis_port);
if((*cl_ctx)->err )
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Redis Connect error : %s", (*cl_ctx)->errstr);
goto finish;
return -1;
}
redisLibeventAttach((*cl_ctx), base);
redisAsyncSetConnectCallback((*cl_ctx), connectCallback);
redisAsyncSetDisconnectCallback((*cl_ctx), disconnectCallback);
xret = 0;
finish:
return xret;
return 0;
}
static int
@@ -1020,7 +995,7 @@ redis_reget_callback(redisAsyncContext __attribute__((__unused__))*cl_ctx,
{
redisReply *reply = (redisReply*)r;
struct tfe_http_request *request = (struct tfe_http_request *)privdata;
struct http_request *request = (struct http_request *)privdata;
struct evhttp_request *evh_req = request->evh_req;
evhttp_socket_send(evh_req, reply->str);
@@ -1028,14 +1003,12 @@ redis_reget_callback(redisAsyncContext __attribute__((__unused__))*cl_ctx,
return;
}
void keyring_table_free_cb(int __attribute__((__unused__))table_id, MAAT_PLUGIN_EX_DATA* ad,
long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp)
void keyring_table_free_cb(int table_id, void **ad, long argl, void *argp)
{
if (*ad == NULL)
{
return;
}
struct pxy_obj_keyring* pxy_obj=(struct pxy_obj_keyring*)(*ad);
atomic64_dec(&pxy_obj->ref_cnt);
if (atomic64_read(&pxy_obj->ref_cnt) == 0)
@@ -1128,18 +1101,13 @@ finish:
static struct pxy_obj_keyring* get_obj_for_id(int keyring_id)
{
struct pxy_obj_keyring *pxy_obj=NULL;
struct config_bucket_t *rte = cfg_instanec();
char cfg_id_str[16] = {0};
snprintf(cfg_id_str, sizeof(cfg_id_str), "%d", keyring_id);
int tables_id = rte->table_id;
pxy_obj = (struct pxy_obj_keyring*)Maat_plugin_get_EX_data(rte->feather, tables_id, (const char*)cfg_id_str);
pxy_obj = (struct pxy_obj_keyring*)maat_plugin_table_get_ex_data(g_cert_store->instance, g_cert_store->table_id, cfg_id_str);
return pxy_obj;
}
static int x509_online_append(struct x509_object_ctx *def, struct tfe_http_request *request, char **sign, char *pkey,
static int x509_online_append(struct x509_object_ctx *def, struct http_request *request, char **sign, char *pkey,
STACK_OF(X509) **stack_ca)
{
X509* x509 = NULL;
@@ -1148,12 +1116,10 @@ static int x509_online_append(struct x509_object_ctx *def, struct tfe_http_reque
X509 *cacrt = NULL; EVP_PKEY *cakey = NULL;
char *v3_ctl=NULL, *public_algo=NULL;
struct config_bucket_t *rte = cfg_instanec();
struct pxy_obj_keyring *pxy_obj = get_obj_for_id(keyring_id);
if (NULL == pxy_obj)
{
if (!rte->local_debug)
if (!g_cert_store->local_debug)
{
pxy_obj = get_obj_for_id(keyring_id);
if (pxy_obj == NULL)
@@ -1170,7 +1136,7 @@ static int x509_online_append(struct x509_object_ctx *def, struct tfe_http_reque
{
cacrt = (is_valid == 1) ? def->root : def->insec_root;
cakey = (is_valid == 1) ? def->key : def->insec_key;
expire_time = cfg_instanec()->expire_after;
expire_time = g_cert_store->expire_after;
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Warning: Use local keypair, sign cert!!!");
goto modify;
}
@@ -1180,7 +1146,7 @@ static int x509_online_append(struct x509_object_ctx *def, struct tfe_http_reque
{
cacrt = (is_valid == 1) ? def->root : def->insec_root;
cakey = (is_valid == 1) ? def->key : def->insec_key;
expire_time = cfg_instanec()->expire_after;
expire_time = g_cert_store->expire_after;
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Warning: HSM is not supported, use local keypair, sign cert!!!");
goto modify;
}
@@ -1236,7 +1202,7 @@ static char readBytes(char *str)
}
static void
redis_sync_reget_callback(struct tfe_http_request *request, struct redisContext *sync)
redis_sync_reget_callback(struct http_request *request, struct redisContext *sync)
{
struct evhttp_request *evh_req = request->evh_req;
@@ -1261,12 +1227,11 @@ free:
}
static int
rediSyncCommand(redisContext *sync, struct tfe_http_request *request, char *odata, int expire_after)
rediSyncCommand(redisContext *sync, struct http_request *request, char *odata, int expire_after)
{
int xret = -1;
redisReply *reply;
struct config_bucket_t *config = cfg_instanec();
x509_forge_thread *thread = threads + request->thread_id;
struct evhttp_request *evh_req = request->evh_req;
@@ -1283,7 +1248,7 @@ rediSyncCommand(redisContext *sync, struct tfe_http_request *request, char *odat
case '$' :
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Writing data(%s) to redis failed", request->rkey);
fp_stat_latency(request->create_time, KEYPAIR_ACTION_SQL);
if (config->mode){
if (g_cert_store->mode){
redisAsyncCommand(thread->cl_ctx, redis_reget_callback, request, "GET %s", request->rkey);
}else{
redis_sync_reget_callback(request, sync);
@@ -1369,7 +1334,7 @@ static int web_json_table_add(char *privatekey, char *sign, char **digital_certi
}
static int
redis_clnt_pdu_send(struct tfe_http_request *request)
redis_clnt_pdu_send(struct http_request *request)
{
#define MAX_CHAIN_LEN 6
int xret = -1, i = 0;
@@ -1418,7 +1383,7 @@ finish:
return xret;
}
static int redis_clnt_send(struct tfe_http_request *request, redisReply *reply)
static int redis_clnt_send(struct http_request *request, redisReply *reply)
{
int xret = -1;
@@ -1441,7 +1406,7 @@ void redis_get_callback(redisAsyncContext __attribute__((__unused__))*c, void *r
int __attribute__((__unused__))xret = -1;
redisReply *reply = (redisReply*)r;
struct tfe_http_request *request = (struct tfe_http_request *)privdata;
struct http_request *request = (struct http_request *)privdata;
switch(reply->type){
case REDIS_REPLY_STRING:
@@ -1559,7 +1524,7 @@ void _urldecode(char url[])
free(res);
}
static int http_decode_uri(struct evhttp_request *evh_req, struct tfe_http_request *request)
static int http_decode_uri(struct evhttp_request *evh_req, struct http_request *request)
{
int rv = 0;
struct evkeyvalq params;
@@ -1641,7 +1606,7 @@ finish:
}
static int
redis_sync_command(struct tfe_http_request *request, struct redisContext __attribute__((__unused__))*c)
redis_sync_command(struct http_request *request, struct redisContext __attribute__((__unused__))*c)
{
int xret = -1;
redisReply *reply;
@@ -1675,7 +1640,7 @@ finish:
return xret;
}
static int get_x509_msg(struct tfe_http_request *request, char *input, ssize_t inputlen)
static int get_x509_msg(struct http_request *request, char *input, ssize_t inputlen)
{
request->origin = x509_get_ca_from_msg(input, inputlen + 1);
if (request->origin == NULL){
@@ -1693,7 +1658,7 @@ static int get_x509_msg(struct tfe_http_request *request, char *input, ssize_t i
return 0;
}
static int get_keypair_cache(x509_forge_thread *info, struct tfe_http_request *request, int mode)
static int get_keypair_cache(x509_forge_thread *info, struct http_request *request, int mode)
{
int xret = 0;
@@ -1728,17 +1693,16 @@ static int get_keypair_cache(x509_forge_thread *info, struct tfe_http_request *r
void http_get_cb(struct evhttp_request *evh_req, void *arg)
{
int xret = -1;
struct tfe_http_request *request = NULL;
struct http_request *request = NULL;
struct evbuffer * evbuf_body = NULL;
char *input = NULL; ssize_t inputlen=0;
x509_forge_thread *info = (x509_forge_thread *)arg;
struct config_bucket_t *config = cfg_instanec();
if (evhttp_request_get_command(evh_req) != EVHTTP_REQ_POST) {
mesa_runtime_log(RLOG_LV_DEBUG, MODULE_NAME, "FAILED (post type)");
goto error;
}
request = (struct tfe_http_request *) kmalloc (sizeof(struct tfe_http_request), MPF_CLR, -1);
request = (struct http_request *) kmalloc (sizeof(struct http_request), MPF_CLR, -1);
request->keyring_id = 0;
request->thread_id = info->id;
request->evh_req = evh_req;
@@ -1774,7 +1738,7 @@ void http_get_cb(struct evhttp_request *evh_req, void *arg)
}
FS_operate(g_FP_instance.handle, g_FP_instance.line_ids[KEYPAIR_ACTION_REQ], 0, FS_OP_ADD, 1);
xret = get_keypair_cache(info, request, config->mode);
xret = get_keypair_cache(info, request, g_cert_store->mode);
if (xret >= 0)
{
goto finish;
@@ -1785,72 +1749,70 @@ finish:
return;
}
int redis_sync_init(struct redisContext **c)
int redis_sync_connect(struct redisContext **c)
{
int xret = -1;
struct config_bucket_t *redis = cfg_instanec();
struct timeval timeout = { 1, 500000 }; // 1.5 seconds
*c = redisConnectWithTimeout(redis->addr_t.store_ip, redis->addr_t.store_port, timeout);
if (*c == NULL || (*c)->err) {
struct timeval timeout = { 1, 500000 }; // 1.5 seconds
*c = redisConnectWithTimeout(g_cert_store->local_redis_ip, g_cert_store->local_redis_port, timeout);
if (*c == NULL || (*c)->err)
{
if (*c) {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Sync connection error: %s", (*c)->errstr);
redisFree(*c);
*c = NULL;
} else {
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Connection error: can't allocate redis context");
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Connection error: can't allocate g_cert_store context");
}
return -1;;
}
return 0;
}
int local_redis_connect(struct event_base *base, x509_forge_thread *thread)
{
int ret = -1;
ret = redis_sync_connect(&thread->sync);
if (ret < 0 || !thread->sync)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the sync redis connection is failure");
}
if(g_cert_store->mode==0)
{
return ret;
}
ret = redis_async_connect(base, &thread->cl_ctx);
if (ret < 0 || !thread->cl_ctx)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the redis connection is failure");
}
return ret;
}
int load_default_ca(x509_forge_thread *thread)
{
int ret=0;
if(g_cert_store->local_debug == 0)
{
return 0;
}
ret = x509_key_pair_init(g_cert_store->ca_path, &thread->def.key, &thread->def.root);
if (ret < 0 || !(thread->def.key) || !(thread->def.root))
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the x509 certificate");
goto finish;
}
xret = 0;
finish:
return xret;
}
static int
worker_private_init(struct event_base *base, x509_forge_thread *thread)
{
int xret = -1;
struct config_bucket_t *config = cfg_instanec();
/* Initialize the redis connection*/
if (config->mode)
ret = x509_key_pair_init(g_cert_store->uninsec_path, &thread->def.insec_key, &thread->def.insec_root);
if (ret < 0 || !(thread->def.key) || !(thread->def.root))
{
xret = redis_rsync_init(base, &thread->cl_ctx);
if (xret < 0 || !thread->cl_ctx){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the redis connection is failure");
}
}
xret = redis_sync_init(&thread->sync);
if (xret < 0 || !thread->sync)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Initialize the sync redis connection is failure");
}
if (config->local_debug)
{
/* Initialize the X509 CA*/
xret = x509_key_pair_init(config->ca_path, &thread->def.key, &thread->def.root);
if (xret < 0 || !(thread->def.key) || !(thread->def.root))
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the x509 certificate");
goto finish;
}
/* Initialize the insec CA*/
xret = x509_key_pair_init(config->uninsec_path, &thread->def.insec_key, &thread->def.insec_root);
if (xret < 0 || !(thread->def.key) || !(thread->def.root))
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the insec x509 certificate");
goto finish;
}
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Failed to initialize the insec x509 certificate");
goto finish;
}
finish:
return xret;
return ret;
}
static void *pthread_worker_libevent(void *arg)
static void *keyring_work_thread_run(void *arg)
{
int xret = -1;
struct evhttp_bound_socket *bound = NULL;
@@ -1867,9 +1829,9 @@ static void *pthread_worker_libevent(void *arg)
goto error;
}
thread_ctx->base = base;
local_redis_connect(base, thread_ctx);
/* Context initialization */
xret = worker_private_init(base, thread_ctx);
xret = load_default_ca(thread_ctx);
if (xret < 0)
{
goto error;
@@ -1878,8 +1840,7 @@ static void *pthread_worker_libevent(void *arg)
bound = evhttp_accept_socket_with_handle(http, thread_ctx->accept_fd);
if (bound != NULL) {
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Bound(%p) to port %d - Awaiting connections ... ", bound,
cfg_instanec()->addr_t.e_port);
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Bound(%p) to port %d - Awaiting connections ... ", bound, g_cert_store->listen_port);
}
mesa_runtime_log(RLOG_LV_INFO, MODULE_NAME, "Work thread %u is run...", thread_ctx->id);
@@ -2004,23 +1965,20 @@ err:
return fd;
}
static void
redis_link_detection(uint32_t __attribute__((__unused__)) uid,
int __attribute__((__unused__))argc,
char **argv)
void redis_link_detection(uint32_t uid, int argc, char **argv)
{
int tid = 0, xret = 0;
x509_forge_thread *info = NULL;
x509_forge_thread *threads = (x509_forge_thread *)argv;
unsigned int thread_nu = cfg_instanec()->thread_nu;
unsigned int thread_nu = g_cert_store->thread_nu;
for (tid = 0; tid < (int)thread_nu; tid++)
{
info = threads + tid;
if(info->sync == NULL && info->base != NULL)
{
redisFree(info->sync);
xret = redis_sync_init(&info->sync);
xret = redis_sync_connect(&info->sync);
if (xret < 0 || !info->sync)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect sync redis failed", tid);
@@ -2031,36 +1989,36 @@ redis_link_detection(uint32_t __attribute__((__unused__)) uid,
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect sync redis success", tid);
}
if(cfg_instanec()->mode)
if(g_cert_store->mode == 0)
{
xret = redis_rsync_init(info->base, &info->cl_ctx);
if (xret < 0 || !info->cl_ctx)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis failed", tid);
}
else
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis success", tid);
}
continue;
}
xret = redis_async_connect(info->base, &info->cl_ctx);
if (xret < 0 || !info->cl_ctx)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis failed", tid);
}
else
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "[%d]trying to connect rsync redis success", tid);
}
}
}
}
static int keyring_server_init()
static int keyring_server_init(const char *main_profile)
{
int xret = -1;
int xret=-1;
unsigned int tid = 0;
x509_forge_thread *thread = NULL;
uint32_t tm_link_detetion = 0;
unsigned int thread_nu = cfg_instanec()->thread_nu;
unsigned int thread_nu = g_cert_store->thread_nu;
/* Create a new evhttp object to handle requests. */
struct sockaddr_in sin;
memset(&sin, 0, sizeof(struct sockaddr_in));
sin.sin_family = AF_INET;
sin.sin_port = htons(cfg_instanec()->addr_t.e_port);
sin.sin_port = htons(g_cert_store->listen_port);
evutil_socket_t accept_fd = evhttp_listen_socket_byuser((struct sockaddr*)&sin, sizeof(struct sockaddr_in), LEV_OPT_REUSEABLE_PORT|LEV_OPT_CLOSE_ON_FREE, -1);
if (accept_fd < 0)
{
@@ -2079,10 +2037,9 @@ static int keyring_server_init()
for (tid = 0; tid < thread_nu; tid++)
{
thread = threads + tid;
thread->id = tid;
thread->accept_fd = accept_fd;
thread->routine = pthread_worker_libevent;
thread->routine = keyring_work_thread_run;
if (pthread_create(&thread->pid, thread->attr, thread->routine, &threads[tid])){
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "%s", strerror(errno));
@@ -2129,12 +2086,10 @@ rt_get_pname_by_pid(pid_t pid, char *task_name)
void sigproc(int __attribute__((__unused__))sig)
{
unsigned int tid = 0;
int tid = 0;
x509_forge_thread *thread = NULL;
struct config_bucket_t *rte = cfg_instanec();
for (tid = 0; tid < rte->thread_nu; tid++)
for (tid = 0; tid < g_cert_store->thread_nu; tid++)
{
thread = threads + tid;
if (thread->sync)
@@ -2146,22 +2101,30 @@ void sigproc(int __attribute__((__unused__))sig)
}
kfree(threads);
if(g_cert_store->instance)
{
maat_free(g_cert_store->instance);
}
kfree(g_cert_store);
exit(1);
}
static int mesa_fiel_stat_init(const char *main_profile)
static int kerying_fs_stat_init(const char *main_profile)
{
int value=0, i=0, prometheus_port =0;
char stat_path[128] ={0}, pname[32]={0};
char prometheus_url_path[1024] = {0};
char statsd_server[32]; int statsd_port;
struct _initer_addr_t *addr_t = &(cfg_instanec()->addr_t);
MESA_load_profile_int_def(main_profile, "stat", "statsd_port", &(statsd_port), 8126);
MESA_load_profile_string_def(main_profile, "stat", "statsd_server", statsd_server, sizeof(statsd_server), "");
MESA_load_profile_int_def(main_profile, "stat", "statsd_set_prometheus_port", &(prometheus_port), 9001);
MESA_load_profile_string_def(main_profile, "stat", "statsd_set_prometheus_url_path", prometheus_url_path, sizeof(prometheus_url_path), "/certstore_prometheus");
g_FP_instance.favorite=FS_CALC_CURRENT;
strcpy(g_FP_instance.histogram_bins, FP_HISTOGRAM_BINS);
MESA_load_profile_int_def(main_profile, "stat", "statsd_set_prometheus_port", &(prometheus_port), 9001);
MESA_load_profile_string_def(main_profile, "stat", "statsd_set_prometheus_url_path", prometheus_url_path, sizeof(prometheus_url_path), "/certstore_prometheus");
FS_library_set_prometheus_port(prometheus_port);
FS_library_set_prometheus_url_path(prometheus_url_path);
FS_library_init();
@@ -2182,10 +2145,10 @@ static int mesa_fiel_stat_init(const char *main_profile)
FS_set_para(fs, CREATE_THREAD, &value, sizeof(value));
value=2;
FS_set_para(fs, STAT_CYCLE, &value, sizeof(value));
if(strlen(addr_t->statsd_server)>0 && addr_t->statsd_port!=0)
if(strlen(statsd_server)>0 && statsd_port!=0)
{
FS_set_para(fs, STATS_SERVER_IP, addr_t->statsd_server, strlen(addr_t->statsd_server)+1);
FS_set_para(fs, STATS_SERVER_PORT, &(addr_t->statsd_port), sizeof(addr_t->statsd_port));
FS_set_para(fs, STATS_SERVER_IP, statsd_server, strlen(statsd_server)+1);
FS_set_para(fs, STATS_SERVER_PORT, &(statsd_port), sizeof(statsd_port));
}
FS_set_para(fs, HISTOGRAM_GLOBAL_BINS, g_FP_instance.histogram_bins, strlen(g_FP_instance.histogram_bins)+1);
@@ -2213,8 +2176,7 @@ static int mesa_fiel_stat_init(const char *main_profile)
return 0;
}
void keyring_table_new_cb(int __attribute__((__unused__))table_id, const char __attribute__((__unused__))*key,
const char* table_line, MAAT_PLUGIN_EX_DATA* ad, long __attribute__((__unused__))argl, void __attribute__((__unused__))* argp)
void keyring_table_new_cb(int table_id, const char *key, const char* table_line, void **ad, long argl, void * argp)
{
char profile_name[CT_ARRARY_LEN]={0};
char private_file[CT_STRING_MAX] = {0}, public_file[CT_STRING_MAX]={0};
@@ -2268,8 +2230,7 @@ finish:
return;
}
void keyring_table_dup_cb(int __attribute__((__unused__))table_id, MAAT_PLUGIN_EX_DATA *to, MAAT_PLUGIN_EX_DATA *from,
long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp)
void keyring_table_dup_cb(int table_id, void **to, void **from, long argl, void *argp)
{
struct pxy_obj_keyring* pxy_obj=(struct pxy_obj_keyring*)(*from);
if(pxy_obj==NULL)
@@ -2281,87 +2242,127 @@ long __attribute__((__unused__))argl, void __attribute__((__unused__))*argp)
*((struct pxy_obj_keyring**)to)=pxy_obj;
}
int maat_table_ex_init(const char* table_name,
Maat_plugin_EX_new_func_t* new_func,
Maat_plugin_EX_free_func_t* free_func,
Maat_plugin_EX_dup_func_t* dup_func)
#define MAAT_INPUT_JSON 1
#define MAAT_INPUT_REDIS 2
#define MAAT_INPUT_FILE 0
struct maat *create_maat_feather(const char * main_profile)
{
int table_id = 0;
struct maat *target=NULL;
int input_mode = 0;
int ret = 0, effect_interval = 60;
int redis_db_idx = 0, deferred_load_on = 0;
char table_info[128]={0}, inc_cfg_dir[128]={0}, ful_cfg_dir[128]={0};
char json_cfg_file[128] = {0};
char redis_server[128]={0},redis_port_range[128]={0};
int redis_port_begin=0, redis_port_end=0;
int redis_port_select=0;
struct config_bucket_t *rte = cfg_instanec();
MESA_load_profile_int_def(main_profile, "MAAT", "maat_json_switch", &(input_mode), 0);
MESA_load_profile_string_def(main_profile, "MAAT", "table_info", table_info, sizeof(table_info), "");
MESA_load_profile_int_def(main_profile, "MAAT", "effective_interval", &(effect_interval), 60);
MESA_load_profile_string_def(main_profile, "MAAT", "pxy_obj_keyring", json_cfg_file, sizeof(json_cfg_file), "");
MESA_load_profile_string_def(main_profile, "MAAT", "inc_cfg_dir", inc_cfg_dir, sizeof(inc_cfg_dir), "");
MESA_load_profile_string_def(main_profile, "MAAT", "full_cfg_dir", ful_cfg_dir, sizeof(ful_cfg_dir), "");
MESA_load_profile_int_def(main_profile, "MAAT", "deferred_load_on", &(deferred_load_on), 0);
table_id= rte->table_id = Maat_table_register(rte->feather, table_name);
MESA_load_profile_string_def(main_profile, "MAAT_REDIS", "ip", redis_server, sizeof(redis_server), "");
MESA_load_profile_string_def(main_profile, "MAAT_REDIS", "port", redis_port_range, sizeof(redis_server), "6379");
MESA_load_profile_int_def(main_profile, "MAAT_REDIS", "dbindex", &(redis_db_idx), 0);
ret=sscanf(redis_port_range,"%d-%d", &redis_port_begin, &redis_port_end);
if(ret==1)
{
redis_port_select=redis_port_begin;
}
else if(ret==2)
{
srand(time(NULL));
redis_port_select=redis_port_begin+rand()%(redis_port_end-redis_port_begin);
}
else
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Invalid redis port range %s, MAAT init failed.", redis_port_range);
}
effect_interval *= 1000;//convert s to ms
assert(strlen(inc_cfg_dir) != 0 || strlen(ful_cfg_dir) != 0 || strlen(redis_server)!=0 || strlen(json_cfg_file)!=0);
struct maat_options *opts = maat_options_new();
maat_options_set_instance_name(opts, "certstore");
maat_options_set_caller_thread_number(opts, g_cert_store->thread_nu);
maat_options_set_logger(opts, "logs/maat.log", LOG_LEVEL_TRACE);
switch (input_mode)
{
case MAAT_INPUT_FILE:
maat_options_set_iris(opts, ful_cfg_dir, inc_cfg_dir);
break;
case MAAT_INPUT_JSON:
maat_options_set_json_file(opts, json_cfg_file);
break;
case MAAT_INPUT_REDIS:
maat_options_set_redis(opts, redis_server, redis_port_select, redis_db_idx);
break;
default: mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Invalid MAAT Input Mode: %d.", input_mode);
goto error_out;
break;
}
if (deferred_load_on)
{
maat_options_set_deferred_load_on(opts);
}
maat_options_set_rule_effect_interval_ms(opts, effect_interval);
maat_options_set_foreign_cont_dir(opts, "./foreign_files/");
target = maat_new(opts, table_info);
if (!target)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "%s MAAT init failed.", __FUNCTION__);
goto error_out;
}
maat_options_free(opts);
return target;
error_out:
maat_options_free(opts);
return NULL;
}
int kerying_profile_init(const char * main_profile)
{
int table_id=0;
g_cert_store->instance = create_maat_feather(main_profile);
if(!g_cert_store->instance)
{
goto finish;
}
g_cert_store->table_id=maat_get_table_id(g_cert_store->instance, "PXY_PROFILE_KEYRING");
if(g_cert_store->table_id<0)
{
goto finish;
}
table_id=maat_plugin_table_ex_schema_register(g_cert_store->instance, g_cert_store->table_id, keyring_table_new_cb,keyring_table_free_cb,
keyring_table_dup_cb, 0, NULL);
if(table_id<0)
{
goto finish;
}
table_id=Maat_plugin_EX_register(rte->feather,
table_id,
new_func,free_func,
dup_func,NULL,0,NULL);
return 0;
finish:
return table_id;
}
int maat_feather_init()
{
int ret = -1;
Maat_feather_t feather = NULL;
int scan_interval_ms = 1000;
struct config_bucket_t *rte = cfg_instanec();
struct ntc_maat_t *maat_t = &rte->maat_t;
int effective_interval_ms = maat_t->effective_interval_s * 1000;
feather = Maat_feather(rte->thread_nu, maat_t->info_path, logging_sc_lid.run_log_handle);
Maat_set_feather_opt(feather, MAAT_OPT_INSTANCE_NAME, "certstore", strlen("certstore") + 1);
if (maat_t->maat_json_switch == 1){
Maat_set_feather_opt(feather, MAAT_OPT_JSON_FILE_PATH, maat_t->pxy_path, strlen(maat_t->pxy_path)+1);
}
if (maat_t->maat_json_switch == 0){
Maat_set_feather_opt(feather, MAAT_OPT_FULL_CFG_DIR, maat_t->full_cfg_dir, strlen(maat_t->full_cfg_dir)+1);
Maat_set_feather_opt(feather, MAAT_OPT_INC_CFG_DIR, maat_t->inc_cfg_dir, strlen(maat_t->inc_cfg_dir)+1);
}
if (maat_t->maat_json_switch == 2){
Maat_set_feather_opt(feather, MAAT_OPT_REDIS_IP, rte->addr_t.maat_ip, strlen(rte->addr_t.maat_ip)+1);
Maat_set_feather_opt(feather, MAAT_OPT_REDIS_PORT, &rte->addr_t.maat_port, sizeof(rte->addr_t.maat_port));
Maat_set_feather_opt(feather, MAAT_OPT_REDIS_INDEX, &rte->addr_t.dbindex, sizeof(rte->addr_t.dbindex));
}
Maat_set_feather_opt(feather, MAAT_OPT_SCANDIR_INTERVAL_MS,&scan_interval_ms, sizeof(scan_interval_ms));
Maat_set_feather_opt(feather, MAAT_OPT_EFFECT_INVERVAL_MS,&effective_interval_ms, sizeof(effective_interval_ms));
/***/
const char* foregin_dir="./foreign_files/";
Maat_set_feather_opt(feather, MAAT_OPT_FOREIGN_CONT_DIR,foregin_dir, strlen(foregin_dir)+1);
ret = Maat_initiate_feather(feather);
if (ret < 0)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "%s MAAT init failed.", __FUNCTION__);
}
rte->feather = feather;
int table_id = maat_table_ex_init("PXY_PROFILE_KEYRING",
keyring_table_new_cb,
keyring_table_free_cb,
keyring_table_dup_cb);
if(table_id<0)
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore register table PXY_PROFILE_KEYRING failed");
}
return 0;
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "certstore register table PXY_PROFILE_KEYRING failed");
exit(1);
return -1;
}
int cert_store_session_init(const char *main_profile)
{
mesa_fiel_stat_init(main_profile);
kerying_fs_stat_init(main_profile);
maat_feather_init();
kerying_profile_init(main_profile);
keyring_server_init();
keyring_server_init(main_profile);
return 0;
}

76
program/src/cert_store.cpp
View File

@@ -13,13 +13,13 @@
#include "rt_string.h"
#include "rt_common.h"
#include <cert_conf.h>
#include <cert_store.h>
#include <cert_session.h>
#include "logging.h"
#include <MESA/MESA_prof_load.h>
#define CERT_BASIC_CFG "./conf/cert_store.ini"
struct cert_store_rt * g_cert_store;
/* VERSION STRING */
#ifdef TARGET_GIT_VERSION
@@ -39,33 +39,17 @@ enum syslog_display_format{
FORMAT_SYSLOG
};
static
void cert_store_preview ()
static void cert_store_preview ()
{
struct config_bucket_t *rte = cfg_instanec();
printf("\r\nBasic Configuration of CertStore \n");
printf("%30s:%45s\n", "Run Mode", (rte->mode == 1)?"async":"sync");
printf("%30s:%45d\n", "The Threads", rte->thread_nu);
printf("%30s:%45s\n", "Store Redis Ip", rte->addr_t.store_ip);
printf("%30s:%45d\n", "Store Redis Port", rte->addr_t.store_port);
printf("%30s:%45s\n", "Maat Redis Ip", rte->addr_t.maat_ip);
printf("%30s:%45d\n", "Maat Redis Port", rte->addr_t.maat_port);
printf("%30s:%45d\n", "Maat Redis index", rte->addr_t.dbindex);
printf("%30s:%45d\n", "Libevent Port", rte->addr_t.e_port);
printf("%30s:%45s\n", "Cert Path", rte->ca_path);
printf("%30s:%45s\n", "Uninsec cert Path", rte->uninsec_path);
printf("%30s:%45s\n", "Run Mode", (g_cert_store->mode == 1)?"async":"sync");
printf("%30s:%45d\n", "The Threads", g_cert_store->thread_nu);
printf("%30s:%45s\n", "Store Redis Ip", g_cert_store->local_redis_ip);
printf("%30s:%45d\n", "Store Redis Port", g_cert_store->local_redis_port);
printf("%30s:%45d\n", "Libevent Port", g_cert_store->listen_port);
printf("%30s:%45s\n", "Cert Path", g_cert_store->ca_path);
printf("%30s:%45s\n", "Uninsec cert Path", g_cert_store->uninsec_path);
printf("%30s:%45s\n", "Log Directory", logging_sc_lid.run_log_path);
printf("%30s:%45s\n", "Table Info", rte->maat_t.info_path);
if (rte->maat_t.maat_json_switch == 1){
printf("%30s:%45s\n", "Pxy Obj Keyring", rte->maat_t.pxy_path);
}
if (rte->maat_t.maat_json_switch == 0){
printf("%30s:%45d\n", "Scan Interval", rte->maat_t.effective_interval_s);
printf("%30s:%45s\n", "Full Cfg Path", rte->maat_t.full_cfg_dir);
printf("%30s:%45s\n", "Inc Cfg Path", rte->maat_t.inc_cfg_dir);
}
printf("\r\n");
}
@@ -90,9 +74,39 @@ void __signal_handler_cb(int sig)
}
}
int rt_file_exsit(const char *realpath_file)
{
return (!access(realpath_file, F_OK));
}
void load_system_config(const char *main_profile)
{
MESA_load_profile_int_def(main_profile, "CONFIG", "thread-nu", &(g_cert_store->thread_nu), 1);
MESA_load_profile_int_def(main_profile, "CONFIG", "mode", &(g_cert_store->mode), 0);
MESA_load_profile_int_def(main_profile, "CONFIG","expire_after", &(g_cert_store->expire_after), 30);
MESA_load_profile_int_def(main_profile, "CONFIG","local_debug", &(g_cert_store->local_debug), 1);
MESA_load_profile_int_def(main_profile, "CERTSTORE_REDIS", "port", &(g_cert_store->local_redis_port), 6379);
MESA_load_profile_string_def(main_profile, "CERTSTORE_REDIS", "ip", g_cert_store->local_redis_ip, sizeof(g_cert_store->local_redis_ip), "127.0.0.1");
MESA_load_profile_int_def(main_profile, "LIBEVENT", "port", &(g_cert_store->listen_port), 9991);
MESA_load_profile_string_def(main_profile, "CONFIG", "ca_path", g_cert_store->ca_path, sizeof(g_cert_store->ca_path), "");
if (!rt_file_exsit(g_cert_store->ca_path))
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the ca path failed or the (%s) does not exist", g_cert_store->ca_path);
}
MESA_load_profile_string_def(main_profile, "CONFIG", "untrusted_ca_path", g_cert_store->uninsec_path, sizeof(g_cert_store->uninsec_path), "");
if (!rt_file_exsit(g_cert_store->uninsec_path))
{
mesa_runtime_log(RLOG_LV_FATAL, MODULE_NAME, "Read the untrusted ca path failed or the (%s) does not exist",g_cert_store->uninsec_path);
}
}
int main(int argc, char **argv)
{
int opt = 0;
const char * main_profile = "./conf/cert_store.ini";
while ((opt = getopt(argc, argv, "v")) != -1)
{
switch (opt)
@@ -104,9 +118,13 @@ int main(int argc, char **argv)
break;
}
}
cert_store_syslog_init(CERT_BASIC_CFG, version());
cert_store_init_config(CERT_BASIC_CFG);
g_cert_store = (struct cert_store_rt *)calloc(1, sizeof(struct cert_store_rt));
assert(g_cert_store);
load_log_module(main_profile, version());
load_system_config(main_profile);
cert_store_preview();
@@ -117,7 +135,7 @@ int main(int argc, char **argv)
signal(signals[i], __signal_handler_cb);
}
cert_store_session_init(CERT_BASIC_CFG);
cert_store_session_init(main_profile);
return 0;
}