2018-09-04 15:47:41 +08:00
|
|
|
#include "tfe_rpc.h"
|
|
|
|
|
#include "tfe_utils.h"
|
|
|
|
|
#include "MESA/MESA_prof_load.h"
|
|
|
|
|
#include "MESA/MESA_handle_logger.h"
|
|
|
|
|
#include "string.h"
|
2018-09-07 17:42:57 +08:00
|
|
|
#include "cjson/cJSON.h"
|
|
|
|
|
#include "ssl_utils.h"
|
|
|
|
|
#include "key_keeper.h"
|
2018-09-14 18:43:28 +08:00
|
|
|
#include <assert.h>
|
2018-09-07 17:42:57 +08:00
|
|
|
struct keyring_private
|
|
|
|
|
{
|
|
|
|
|
struct keyring head;
|
|
|
|
|
pthread_mutex_t mutex;
|
|
|
|
|
size_t references;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static struct keyring_private* keyring_new(void)
|
|
|
|
|
{
|
|
|
|
|
struct keyring_private *kyr;
|
|
|
|
|
if (!(kyr = (struct keyring_private *)ALLOC(struct keyring_private, 1)))
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if (pthread_mutex_init(&kyr->mutex, NULL)) {
|
|
|
|
|
free(kyr);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
kyr->references = 1;
|
|
|
|
|
return kyr;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Thread-safe setter functions; they copy the value (refcounts are inc'd).
|
|
|
|
|
*/
|
|
|
|
|
static void keyring_set_key(struct keyring_private* kyr, EVP_PKEY *key)
|
|
|
|
|
{
|
|
|
|
|
pthread_mutex_lock(&kyr->mutex);
|
|
|
|
|
if ((kyr->head).key)
|
|
|
|
|
{
|
|
|
|
|
EVP_PKEY_free((kyr->head).key);
|
|
|
|
|
}
|
|
|
|
|
(kyr->head).key = key;
|
|
|
|
|
if (key)
|
|
|
|
|
{
|
|
|
|
|
ssl_key_refcount_inc((kyr->head).key);
|
|
|
|
|
}
|
|
|
|
|
pthread_mutex_unlock(&kyr->mutex);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void keyring_set_cert(struct keyring_private* kry, X509 *cert)
|
|
|
|
|
{
|
|
|
|
|
pthread_mutex_lock(&kry->mutex);
|
2018-11-29 19:02:07 +08:00
|
|
|
if (kry->head.cert)
|
2018-09-07 17:42:57 +08:00
|
|
|
{
|
|
|
|
|
X509_free((kry->head).cert);
|
|
|
|
|
}
|
2018-11-29 19:02:07 +08:00
|
|
|
kry->head.cert = cert;
|
2018-09-07 17:42:57 +08:00
|
|
|
if (cert)
|
|
|
|
|
{
|
|
|
|
|
ssl_x509_refcount_inc((kry->head).cert);
|
|
|
|
|
}
|
|
|
|
|
pthread_mutex_unlock(&kry->mutex);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void keyring_set_chain(struct keyring_private* kyr, STACK_OF(X509) *chain)
|
|
|
|
|
{
|
2018-11-29 19:02:07 +08:00
|
|
|
pthread_mutex_lock(&(kyr->mutex));
|
|
|
|
|
if (kyr->head.chain)
|
2018-09-07 17:42:57 +08:00
|
|
|
{
|
2018-11-29 19:02:07 +08:00
|
|
|
sk_X509_pop_free(kyr->head.chain, X509_free);
|
2018-09-07 17:42:57 +08:00
|
|
|
}
|
|
|
|
|
if (chain)
|
|
|
|
|
{
|
2018-11-29 19:02:07 +08:00
|
|
|
kyr->head.chain = sk_X509_dup(chain);
|
2018-09-07 17:42:57 +08:00
|
|
|
int i = 0;
|
2018-11-29 19:02:07 +08:00
|
|
|
for (i = 0; i < sk_X509_num(kyr->head.chain); i++)
|
2018-09-07 17:42:57 +08:00
|
|
|
{
|
2018-11-29 19:02:07 +08:00
|
|
|
ssl_x509_refcount_inc(sk_X509_value(kyr->head.chain, i));
|
2018-09-07 17:42:57 +08:00
|
|
|
}
|
|
|
|
|
} else
|
|
|
|
|
{
|
2018-11-29 19:02:07 +08:00
|
|
|
kyr->head.chain = NULL;
|
2018-09-07 17:42:57 +08:00
|
|
|
}
|
2018-11-29 19:02:07 +08:00
|
|
|
pthread_mutex_unlock(&(kyr->mutex));
|
2018-09-07 17:42:57 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static X509* transform_cert_to_x509(const char* str)
|
|
|
|
|
{
|
|
|
|
|
BIO *bio;
|
|
|
|
|
X509 *cert;
|
|
|
|
|
bio = BIO_new(BIO_s_mem());
|
|
|
|
|
BIO_write(bio, (const void*)str, strnlen(str, TFE_STRING_MAX));
|
|
|
|
|
cert = PEM_read_bio_X509(bio, NULL, NULL, NULL);
|
|
|
|
|
return cert;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static EVP_PKEY* transform_key_to_EVP(const char* str)
|
|
|
|
|
{
|
|
|
|
|
BIO *mem;
|
|
|
|
|
mem = BIO_new_mem_buf(str, -1);
|
|
|
|
|
EVP_PKEY* key = PEM_read_bio_PrivateKey(mem, NULL, NULL, 0);
|
|
|
|
|
return key;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
static void err_out(X509* cert, EVP_PKEY* key, STACK_OF(X509)* chain)
|
|
|
|
|
{
|
|
|
|
|
if(cert)
|
|
|
|
|
{
|
|
|
|
|
X509_free(cert);
|
|
|
|
|
}
|
|
|
|
|
if(key)
|
|
|
|
|
{
|
|
|
|
|
EVP_PKEY_free(key);
|
|
|
|
|
}
|
|
|
|
|
if(chain)
|
|
|
|
|
{
|
|
|
|
|
sk_X509_pop_free(chain, X509_free);
|
|
|
|
|
}
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static struct keyring* get_keyring_from_response(const char* data)
|
|
|
|
|
{
|
|
|
|
|
X509* cert = NULL;
|
|
|
|
|
EVP_PKEY* key = NULL;
|
|
|
|
|
STACK_OF(X509)* chain = NULL;
|
|
|
|
|
if(data == NULL)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
cJSON* data_json = cJSON_Parse(data);
|
|
|
|
|
if(data_json == NULL)
|
|
|
|
|
{
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
cJSON* cert_json = NULL;
|
|
|
|
|
cJSON* key_json = NULL;
|
|
|
|
|
cJSON* chain_json = NULL;
|
|
|
|
|
cert_json = cJSON_GetObjectItemCaseSensitive(data_json, "CERTIFICATE");
|
|
|
|
|
key_json = cJSON_GetObjectItemCaseSensitive(data_json, "PRIVATE_KEY");
|
|
|
|
|
chain_json = cJSON_GetObjectItemCaseSensitive(data_json, "CERTIFICATE_CHAIN");
|
|
|
|
|
if (cert_json && cert_json->valuestring != NULL)
|
|
|
|
|
{
|
|
|
|
|
cert = transform_cert_to_x509(cert_json->valuestring);
|
|
|
|
|
}
|
|
|
|
|
if(cert == NULL)
|
|
|
|
|
{
|
|
|
|
|
err_out(cert, key, chain);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if (key_json && key_json->valuestring != NULL)
|
|
|
|
|
{
|
|
|
|
|
key = transform_key_to_EVP(key_json->valuestring);
|
|
|
|
|
}
|
|
|
|
|
if(key == NULL)
|
|
|
|
|
{
|
|
|
|
|
err_out(cert, key, chain);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if(chain_json == NULL)
|
|
|
|
|
{
|
|
|
|
|
err_out(cert, key, chain);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
cJSON* chain_cert_json = NULL;
|
|
|
|
|
chain = sk_X509_new_null();
|
|
|
|
|
cJSON_ArrayForEach(chain_cert_json, chain_json)
|
|
|
|
|
{
|
|
|
|
|
X509* chain_cert = NULL;
|
|
|
|
|
if (chain_cert_json && chain_cert_json->valuestring != NULL)
|
|
|
|
|
{
|
|
|
|
|
chain_cert = transform_cert_to_x509(chain_cert_json->valuestring);
|
|
|
|
|
}
|
|
|
|
|
if(chain_cert == NULL)
|
|
|
|
|
{
|
|
|
|
|
err_out(cert, key, chain);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
if(chain_cert)
|
|
|
|
|
printf("push to chain\n");
|
|
|
|
|
sk_X509_push(chain, chain_cert);
|
2018-09-14 21:23:08 +08:00
|
|
|
ssl_x509_refcount_inc(chain_cert);
|
2018-09-07 17:42:57 +08:00
|
|
|
}
|
|
|
|
|
struct keyring_private* _kyr= keyring_new();
|
|
|
|
|
printf("cert is %s", cert == NULL ? "null" : "not null\n");
|
|
|
|
|
printf("key is %s", key == NULL ? "null" : "not null\n");
|
|
|
|
|
printf("chain is %s", chain == NULL ? "null" : "not null\n");
|
|
|
|
|
keyring_set_cert(_kyr, cert);
|
|
|
|
|
keyring_set_key(_kyr, key);
|
|
|
|
|
keyring_set_chain(_kyr, chain);
|
|
|
|
|
X509_free(cert);
|
|
|
|
|
EVP_PKEY_free(key);
|
|
|
|
|
sk_X509_pop_free(chain, X509_free);
|
|
|
|
|
return &(_kyr->head);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void tfe_rpc_on_succ(void* result, void* user)
|
2018-09-04 15:47:41 +08:00
|
|
|
{
|
|
|
|
|
struct tfe_rpc_response_result* response = tfe_rpc_release(result);
|
|
|
|
|
int status_code = response->status_code;
|
|
|
|
|
const char* status_msg = response->status_msg;
|
|
|
|
|
char* data = (char*)response->data;
|
|
|
|
|
int len = response->len;
|
|
|
|
|
*(data+len) = '\0';
|
|
|
|
|
printf("status_code is %d\n", status_code);
|
|
|
|
|
printf("status_msg is %s\n", status_msg);
|
2018-09-07 17:42:57 +08:00
|
|
|
//printf("data is %s\n", data);
|
2018-09-04 15:47:41 +08:00
|
|
|
printf("len is %d\n", len);
|
2018-09-07 17:42:57 +08:00
|
|
|
struct keyring* kyr = get_keyring_from_response(data);
|
2018-09-14 18:43:28 +08:00
|
|
|
assert(kyr!=NULL);
|
2018-11-26 16:27:06 +08:00
|
|
|
(void)kyr;
|
2018-09-07 17:42:57 +08:00
|
|
|
//add to hash table
|
2018-09-04 15:47:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2018-09-07 17:42:57 +08:00
|
|
|
static void tfe_rpc_on_fail(enum e_future_error err, const char * what, void * user){
|
2018-09-04 15:47:41 +08:00
|
|
|
printf("err is %d\n", err);
|
|
|
|
|
printf("what is %s\n", what);
|
2018-09-07 17:42:57 +08:00
|
|
|
printf("user is %s\n", (char*)user);
|
2018-09-04 15:47:41 +08:00
|
|
|
}
|
|
|
|
|
|
2018-09-07 17:42:57 +08:00
|
|
|
|
|
|
|
|
|
2018-09-04 15:47:41 +08:00
|
|
|
int main()
|
|
|
|
|
{
|
|
|
|
|
char cert_store_host[TFE_STRING_MAX];
|
|
|
|
|
unsigned int cert_store_port;
|
2018-11-20 20:53:11 +08:00
|
|
|
future_promise_library_init(NULL);
|
2018-09-07 17:42:57 +08:00
|
|
|
//const char* file_path = "./log/test_tfe_rpc.log",*host="localhost";
|
2023-05-30 19:25:26 +08:00
|
|
|
//void * logger = (void *)MESA_create_runtime_log_handle(file_path, RLOG_LV_INFO);
|
2018-09-04 15:47:41 +08:00
|
|
|
const char* profile = "./conf/tfe.conf";
|
|
|
|
|
const char* section = "key_keeper";
|
|
|
|
|
int keyring_id = 0;
|
|
|
|
|
MESA_load_profile_string_def(profile, section, "cert_store_host", cert_store_host, sizeof(cert_store_host), "xxxxx");
|
|
|
|
|
MESA_load_profile_uint_def(profile, section, "cert_store_port", &cert_store_port, 80);
|
|
|
|
|
struct event_base* evbase = event_base_new();
|
2018-11-26 14:54:20 +08:00
|
|
|
struct evdns_base* dnsbase=evdns_base_new(evbase, EVDNS_BASE_INITIALIZE_NAMESERVERS);
|
2018-09-04 15:47:41 +08:00
|
|
|
struct future* f_tfe_rpc = future_create("tfe_rpc", tfe_rpc_on_succ, tfe_rpc_on_fail, NULL);
|
|
|
|
|
char url[TFE_STRING_MAX];
|
2018-09-07 17:42:57 +08:00
|
|
|
char sni[TFE_STRING_MAX] = "www.baidu.com";
|
|
|
|
|
snprintf(url, TFE_STRING_MAX, "http://%s:%d/ca?host=%s&flag=1&valid=1&kering_id=%d", cert_store_host, cert_store_port, sni, keyring_id);
|
2018-09-04 15:47:41 +08:00
|
|
|
printf("url is %s\n", url);
|
2018-11-26 14:54:20 +08:00
|
|
|
tfe_rpc_async_ask(f_tfe_rpc, url, GET, DONE_CB, NULL, 0, evbase, dnsbase);
|
2018-09-07 17:42:57 +08:00
|
|
|
event_base_dispatch(evbase);
|
2018-09-04 15:47:41 +08:00
|
|
|
}
|
2018-09-04 18:13:05 +08:00
|
|
|
|
