diff --git a/platform/src/key_keeper.cpp b/platform/src/key_keeper.cpp index 9905968..d8b8977 100644 --- a/platform/src/key_keeper.cpp +++ b/platform/src/key_keeper.cpp @@ -22,8 +22,8 @@ #define KEYRING_NOT_EXSITED -1 enum key_keeper_mode{ - KK_MODE_NORMAL = 0, - KK_MODE_DEBUG, + KK_MODE_CERT_STORE = 0, + KK_MODE_LOCAL }; struct key_keeper @@ -35,13 +35,14 @@ struct key_keeper unsigned int cert_store_port; unsigned int hash_slot_size; unsigned int hash_expire_seconds; - MESA_htable_handle htable; + MESA_htable_handle cert_cache; void* logger; X509* trusted_ca_cert; EVP_PKEY* trusted_ca_key; X509* untrusted_ca_cert; EVP_PKEY* untrusted_ca_key; + unsigned int no_cache; }; @@ -56,7 +57,7 @@ struct keyring_private struct key_keeper_promise_ctx { void* logger; - MESA_htable_handle htable; + struct key_keeper* ref_keeper; uchar* key; struct future* f_certstore_rpc; unsigned int key_len; @@ -403,7 +404,7 @@ static void certstore_rpc_on_succ(void* result, void* user) struct key_keeper_promise_ctx* ctx = (struct key_keeper_promise_ctx*)promise_get_ctx(p); // TFE_LOG_INFO(ctx->logger, "certstore rpc success"); future_destroy(ctx->f_certstore_rpc); - MESA_htable_handle htable= ctx->htable; + MESA_htable_handle htable= ctx->ref_keeper->cert_cache; const uchar* key = ctx->key; unsigned int key_len = ctx->key_len; struct tfe_rpc_response_result* response = tfe_rpc_release(result); @@ -420,11 +421,14 @@ static void certstore_rpc_on_succ(void* result, void* user) promise_failed(p, FUTURE_ERROR_EXCEPTION, "get_keyring_from_response failed"); return; } - keyring_ref_inc(kyr); - int ret = MESA_htable_add(htable, key, key_len, (void*)kyr); - if(ret<0) + if(!ctx->ref_keeper->no_cache) { - key_keeper_free_keyring((struct keyring*)kyr); + keyring_ref_inc(kyr); + int ret = MESA_htable_add(htable, key, key_len, (void*)kyr); + if(ret<0) + { + key_keeper_free_keyring((struct keyring*)kyr); + } } promise_success(p, (void*)kyr); key_keeper_free_keyring((struct keyring*)kyr); @@ -481,7 +485,7 @@ static MESA_htable_handle create_hash_table(unsigned int slot_size, unsigned int void key_keeper_destroy(struct key_keeper *keeper) { - MESA_htable_destroy(keeper->htable, NULL); + MESA_htable_destroy(keeper->cert_cache, NULL); X509_free(keeper->trusted_ca_cert); EVP_PKEY_free(keeper->trusted_ca_key); @@ -501,11 +505,11 @@ struct key_keeper* key_keeper_init(const char * profile, const char* section, vo MESA_load_profile_string_def(profile, section, "mode", tmp, sizeof(tmp), "debug"); if(strcasecmp(tmp, "debug") == 0) { - keeper->work_mode = KK_MODE_DEBUG; + keeper->work_mode = KK_MODE_LOCAL; } else { - keeper->work_mode = KK_MODE_NORMAL; + keeper->work_mode = KK_MODE_CERT_STORE; } MESA_load_profile_string_def(profile, section, "ca_path", keeper->trusted_ca_path, @@ -518,12 +522,14 @@ struct key_keeper* key_keeper_init(const char * profile, const char* section, vo MESA_load_profile_uint_def(profile, section, "cert_store_port", &(keeper->cert_store_port), 80); MESA_load_profile_uint_def(profile, section, "hash_slot_size", &(keeper->hash_slot_size), 1024*128); MESA_load_profile_uint_def(profile, section, "hash_expire_seconds", &(keeper->hash_expire_seconds), 5*60); - keeper->htable = create_hash_table(keeper->hash_slot_size, keeper->hash_expire_seconds); + MESA_load_profile_uint_def(profile, section, "no_local_cache", &(keeper->no_cache), 0); + + keeper->cert_cache = create_hash_table(keeper->hash_slot_size, keeper->hash_expire_seconds); if(0==strcmp(keeper->untrusted_ca_path, keeper->trusted_ca_path)) { TFE_LOG_ERROR(logger, "Warnning: Trusted and Untrusted Root CA share the same path %s .", keeper->trusted_ca_path); } - if(keeper->work_mode==KK_MODE_DEBUG) + if(keeper->work_mode==KK_MODE_LOCAL) { keeper->trusted_ca_cert=ssl_x509_load(keeper->trusted_ca_path); keeper->trusted_ca_key=ssl_key_load(keeper->trusted_ca_path); @@ -607,20 +613,23 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c } struct key_keeper_promise_ctx* ctx = ALLOC(struct key_keeper_promise_ctx, 1); ctx->logger = keeper->logger; - ctx->htable = keeper->htable; + ctx->ref_keeper = keeper; ctx->key = key; ctx->key_len = len; promise_set_ctx(p, (void*)ctx, key_keeper_promise_free_ctx); long int cb_rtn = 0; - MESA_htable_search_cb(ctx->htable, (const unsigned char*)(ctx->key), ctx->key_len, keyring_local_cache_query_cb, p, &cb_rtn); - if(cb_rtn == KEYRING_EXSITED) + if(!keeper->no_cache) { - //printf("KEYRING_EXSITED\n"); - return; + MESA_htable_search_cb(keeper->cert_cache, (const unsigned char*)(ctx->key), ctx->key_len, keyring_local_cache_query_cb, p, &cb_rtn); + if(cb_rtn == KEYRING_EXSITED) + { + //printf("KEYRING_EXSITED\n"); + return; + } } switch(keeper->work_mode) { - case KK_MODE_NORMAL: + case KK_MODE_CERT_STORE: { char* origin_cert_pem = transform_cert_to_pem(origin_cert); if(origin_cert_pem == NULL) @@ -656,7 +665,7 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c free(url); break; } - case KK_MODE_DEBUG: + case KK_MODE_LOCAL: { struct keyring_private* kyr=NULL; if(is_cert_valid == 1) @@ -669,11 +678,14 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c } if(kyr) { - keyring_ref_inc(kyr); - int ret = MESA_htable_add(ctx->htable, ctx->key, ctx->key_len, (void*)kyr); - if(ret < 0) + if(!keeper->no_cache) { - key_keeper_free_keyring((struct keyring*)kyr); + keyring_ref_inc(kyr); + int ret = MESA_htable_add(ctx->ref_keeper->cert_cache, ctx->key, ctx->key_len, (void*)kyr); + if(ret < 0) + { + key_keeper_free_keyring((struct keyring*)kyr); + } } promise_success(p, (void*)kyr); key_keeper_free_keyring((struct keyring*)kyr);