增加开关，控制是否使用本地证书哈希表。对certstore和debug模式都生效。

platform/src/key_keeper.cpp

@@ -22,8 +22,8 @@
 #define KEYRING_NOT_EXSITED -1
 
 enum key_keeper_mode{
-	KK_MODE_NORMAL = 0,
-	KK_MODE_DEBUG,
+	KK_MODE_CERT_STORE = 0,
+	KK_MODE_LOCAL
 };
 
 struct key_keeper
@@ -35,13 +35,14 @@ struct key_keeper
 	unsigned int cert_store_port;
 	unsigned int hash_slot_size;
 	unsigned int hash_expire_seconds;
-    MESA_htable_handle htable;
+    MESA_htable_handle cert_cache;
     void* logger;
 	X509* trusted_ca_cert;
 	EVP_PKEY* trusted_ca_key;
 	
 	X509* untrusted_ca_cert;
 	EVP_PKEY* untrusted_ca_key;
+	unsigned int no_cache;
 };
 
 
@@ -56,7 +57,7 @@ struct keyring_private
 struct key_keeper_promise_ctx
 {
 	void* logger;
-	MESA_htable_handle htable;
+	struct key_keeper* ref_keeper;
 	uchar* key;
 	struct future* f_certstore_rpc;
 	unsigned int key_len;
@@ -403,7 +404,7 @@ static void certstore_rpc_on_succ(void* result, void* user)
 	struct key_keeper_promise_ctx* ctx = (struct key_keeper_promise_ctx*)promise_get_ctx(p);
 //	TFE_LOG_INFO(ctx->logger, "certstore rpc success");
 	future_destroy(ctx->f_certstore_rpc);
-	MESA_htable_handle htable= ctx->htable;
+	MESA_htable_handle htable= ctx->ref_keeper->cert_cache;
 	const uchar* key = ctx->key;
 	unsigned int key_len = ctx->key_len;
 	struct tfe_rpc_response_result* response = tfe_rpc_release(result);
@@ -420,11 +421,14 @@ static void certstore_rpc_on_succ(void* result, void* user)
 			promise_failed(p, FUTURE_ERROR_EXCEPTION, "get_keyring_from_response failed");
 			return;
 		}
-		keyring_ref_inc(kyr);
-		int ret = MESA_htable_add(htable, key, key_len, (void*)kyr);
-		if(ret<0)
+		if(!ctx->ref_keeper->no_cache)
 		{
-			key_keeper_free_keyring((struct keyring*)kyr);
+			keyring_ref_inc(kyr);
+			int ret = MESA_htable_add(htable, key, key_len, (void*)kyr);
+			if(ret<0)
+			{
+				key_keeper_free_keyring((struct keyring*)kyr);
+			}
 		}
 		promise_success(p, (void*)kyr);
 		key_keeper_free_keyring((struct keyring*)kyr);
@@ -481,7 +485,7 @@ static MESA_htable_handle create_hash_table(unsigned int slot_size, unsigned int
 
 void key_keeper_destroy(struct key_keeper *keeper)
 {
-	MESA_htable_destroy(keeper->htable, NULL);
+	MESA_htable_destroy(keeper->cert_cache, NULL);
 	X509_free(keeper->trusted_ca_cert);
 	EVP_PKEY_free(keeper->trusted_ca_key);
 
@@ -501,11 +505,11 @@ struct key_keeper* key_keeper_init(const char * profile, const char* section, vo
 	MESA_load_profile_string_def(profile, section, "mode", tmp, sizeof(tmp), "debug");
 	if(strcasecmp(tmp, "debug") == 0)
 	{
-		keeper->work_mode = KK_MODE_DEBUG;
+		keeper->work_mode = KK_MODE_LOCAL;
 	}
 	else
 	{
-		keeper->work_mode = KK_MODE_NORMAL;
+		keeper->work_mode = KK_MODE_CERT_STORE;
 	}
 
 	MESA_load_profile_string_def(profile, section, "ca_path", keeper->trusted_ca_path,
@@ -518,12 +522,14 @@ struct key_keeper* key_keeper_init(const char * profile, const char* section, vo
 	MESA_load_profile_uint_def(profile, section, "cert_store_port", &(keeper->cert_store_port), 80);
 	MESA_load_profile_uint_def(profile, section, "hash_slot_size", &(keeper->hash_slot_size), 1024*128);
 	MESA_load_profile_uint_def(profile, section, "hash_expire_seconds", &(keeper->hash_expire_seconds), 5*60);
-	keeper->htable = create_hash_table(keeper->hash_slot_size, keeper->hash_expire_seconds);
+	MESA_load_profile_uint_def(profile, section, "no_local_cache", &(keeper->no_cache), 0);
+
+	keeper->cert_cache = create_hash_table(keeper->hash_slot_size, keeper->hash_expire_seconds);
 	if(0==strcmp(keeper->untrusted_ca_path, keeper->trusted_ca_path))
 	{
 		TFE_LOG_ERROR(logger, "Warnning: Trusted and Untrusted Root CA share the same path %s .", keeper->trusted_ca_path);
 	}
-	if(keeper->work_mode==KK_MODE_DEBUG)
+	if(keeper->work_mode==KK_MODE_LOCAL)
 	{
 		keeper->trusted_ca_cert=ssl_x509_load(keeper->trusted_ca_path);
 		keeper->trusted_ca_key=ssl_key_load(keeper->trusted_ca_path);
@@ -607,20 +613,23 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c
 	}
 	struct key_keeper_promise_ctx* ctx = ALLOC(struct key_keeper_promise_ctx, 1);
 	ctx->logger = keeper->logger;
-	ctx->htable = keeper->htable;
+	ctx->ref_keeper = keeper;
 	ctx->key = key;
 	ctx->key_len = len;
 	promise_set_ctx(p, (void*)ctx, key_keeper_promise_free_ctx);
 	long int cb_rtn = 0;
-	MESA_htable_search_cb(ctx->htable, (const unsigned char*)(ctx->key), ctx->key_len, keyring_local_cache_query_cb, p, &cb_rtn);
-	if(cb_rtn == KEYRING_EXSITED)
+	if(!keeper->no_cache)
 	{
-		//printf("KEYRING_EXSITED\n");
-		return;
+		MESA_htable_search_cb(keeper->cert_cache, (const unsigned char*)(ctx->key), ctx->key_len, keyring_local_cache_query_cb, p, &cb_rtn);
+		if(cb_rtn == KEYRING_EXSITED)
+		{
+			//printf("KEYRING_EXSITED\n");
+			return;
+		}
 	}
 	switch(keeper->work_mode)
 	{
-		case KK_MODE_NORMAL:
+		case KK_MODE_CERT_STORE:
         {
 			char* origin_cert_pem = transform_cert_to_pem(origin_cert);
 			if(origin_cert_pem == NULL)
@@ -656,7 +665,7 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c
 			free(url);
 			break;
         }
-		case KK_MODE_DEBUG:
+		case KK_MODE_LOCAL:
         {
 			struct keyring_private* kyr=NULL;
 			if(is_cert_valid == 1)
@@ -669,11 +678,14 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c
 			}
 			if(kyr)
 			{
-				keyring_ref_inc(kyr);
-				int ret = MESA_htable_add(ctx->htable, ctx->key, ctx->key_len, (void*)kyr);
-				if(ret < 0)
+				if(!keeper->no_cache)
 				{
-					key_keeper_free_keyring((struct keyring*)kyr);
+					keyring_ref_inc(kyr);
+					int ret = MESA_htable_add(ctx->ref_keeper->cert_cache, ctx->key, ctx->key_len, (void*)kyr);
+					if(ret < 0)
+					{
+						key_keeper_free_keyring((struct keyring*)kyr);
+					}
 				}
 				promise_success(p, (void*)kyr);
 				key_keeper_free_keyring((struct keyring*)kyr);