TSG-935 重构 kafka log 接口

2020-03-09 16:28:56 +08:00
parent 12e8003d29
commit 8079c4142f
5 changed files with 237 additions and 240 deletions
--- a/platform/src/ssl_fetch_cert.cpp
+++ b/platform/src/ssl_fetch_cert.cpp
@@ -2,157 +2,57 @@
 // Created by lwp on 2019/10/16.
 //

-#include "ssl_utils.h"
-#include "tfe_utils.h"
-
 #include <assert.h>
-#include <unistd.h>
-#include <net/if.h>
-#include <sys/ioctl.h>
-#include <arpa/inet.h>
-
 #include <cjson/cJSON.h>
-#include <librdkafka/rdkafka.h>
+
+#include <ssl_utils.h>
+#include <tfe_kafka_logger.h>
 #include <MESA/MESA_prof_load.h>

 typedef struct x509_object_st {
-    /* one of the above types */
-    X509_LOOKUP_TYPE type;
-    union {
-        char     *ptr;
-        X509     *x509;
-        X509_CRL *crl;
-        EVP_PKEY *pkey;
-    } data;
+	/* one of the above types */
+	X509_LOOKUP_TYPE type;
+	union {
+		char     *ptr;
+		X509     *x509;
+		X509_CRL *crl;
+		EVP_PKEY *pkey;
+	} data;
 } X509_OBJECT;

-typedef struct ssl_kafka_logger_s {
-	int               enable;
+static tfe_kafka_logger_t *g_kafka_logger = NULL;

-	char              tfe_ip[TFE_SYMBOL_MAX];
-	char              topic_name[TFE_STRING_MAX];
-	char              broker_list[TFE_STRING_MAX];
-
-	rd_kafka_t       *handle;
-	rd_kafka_topic_t *topic;
-} ssl_kafka_logger_t;
-
-static ssl_kafka_logger_t *g_kafka_logger = NULL;
-
-static unsigned int get_ip_by_eth(const char *eth) {
-	int          sockfd = -1;
-	unsigned int ip;
-	struct ifreq ifr;
-
-	sockfd = socket(AF_INET, SOCK_DGRAM, 0);
-	if (-1 == sockfd) {
-		goto error;
-	}
-
-	memset(&ifr, 0, sizeof(ifr));
-	strcpy(ifr.ifr_name, eth);
-	if (ioctl(sockfd, SIOCGIFADDR, &ifr) < 0) {
-		goto error;
-	}
-
-	ip = ((struct sockaddr_in *)&(ifr.ifr_addr))->sin_addr.s_addr;
-
-	close(sockfd);
-	return ip;
-
-error:
-	if (sockfd > 0)
-		close(sockfd);
-	return INADDR_NONE;
-}
-
-static rd_kafka_t *create_kafka_handle(const char *broker_list) {
-	char             errstr[1024];
-	rd_kafka_t      *handle = NULL;
-	rd_kafka_conf_t *conf = NULL;
-
-	conf = rd_kafka_conf_new();
-	rd_kafka_conf_set(conf, "queue.buffering.max.messages", "1000000", errstr, sizeof(errstr));
-	rd_kafka_conf_set(conf, "topic.metadata.refresh.interval.ms", "600000", errstr, sizeof(errstr));
-	rd_kafka_conf_set(conf, "security.protocol", "MG", errstr, sizeof(errstr));
-
-	// The conf object is freed by this function and must not be used or destroyed by the application sub-sequently.
-	handle = rd_kafka_new(RD_KAFKA_PRODUCER, conf, errstr, sizeof(errstr));
-	conf = NULL;
-	if (handle == NULL) {
-		return NULL;
-	}
-
-	if (rd_kafka_brokers_add(handle, broker_list) == 0) {
-		rd_kafka_destroy(handle);
-		return NULL;
-	}
-
-	return handle;
-}
-
-void ssl_mid_cert_kafka_logger_destory(void) {
-	if (g_kafka_logger) {
-		if (g_kafka_logger->handle) {
-			free(g_kafka_logger->handle);
-		}
-		if (g_kafka_logger->topic) {
-			free(g_kafka_logger->topic);
-		}
-		free(g_kafka_logger);
-	}
+void ssl_mid_cert_kafka_logger_destory(void)
+{
+	tfe_kafka_logger_destroy(g_kafka_logger);
 }

 int ssl_mid_cert_kafka_logger_create(const char *profile, const char *section)
 {
-	unsigned int ip;
-	char         eth[64] = {0};
-	const char  *errstr = "SSL mid cert cache occer error, ";
+	int enable = 0;
+	char nic_name[64] = {0};
+	char broker_list[TFE_SYMBOL_MAX] = {0};
+	char topic_name[TFE_SYMBOL_MAX] = {0};
+	const char *errstr = "SSL mid cert cache occer error, ";

-	g_kafka_logger = ALLOC(ssl_kafka_logger_t, 1);
-	assert(g_kafka_logger);
-
-	MESA_load_profile_int_def(profile, section, "mc_cache_enable", &(g_kafka_logger->enable), 0); 
-	if (!g_kafka_logger->enable) {
-		return 0;
-	}
-
-	MESA_load_profile_string_def(profile, section, "mc_cache_eth", eth, sizeof(eth), "eth0");
-	ip = get_ip_by_eth(eth);
-	if (ip == INADDR_NONE) {
-		TFE_LOG_ERROR(g_default_logger, "%s, Fail to get ip by %s.", errstr, eth);
-		goto error;
-	}
-	inet_ntop(AF_INET, &ip, g_kafka_logger->tfe_ip, sizeof(g_kafka_logger->tfe_ip));
-
-	if (MESA_load_profile_string_def(profile, section, "mc_cache_broker_list", g_kafka_logger->broker_list, sizeof(g_kafka_logger->broker_list), NULL) < 0) {
+	MESA_load_profile_int_def(profile, section, "mc_cache_enable", &enable, 0);
+	MESA_load_profile_string_def(profile, section, "mc_cache_eth", nic_name, sizeof(nic_name), "eth0");
+	MESA_load_profile_string_def(profile, section, "mc_cache_topic", topic_name, sizeof(topic_name), "PXY-EXCH-INTERMEDIA-CERT");
+	if (MESA_load_profile_string_def(profile, section, "mc_cache_broker_list", broker_list, sizeof(broker_list), NULL) < 0)
+	{
 		TFE_LOG_ERROR(g_default_logger, "%s, Fail to get mc_cache_broker_list in profile %s section %s.", errstr, profile, section);
-		goto error;
+		return -1;
 	}
-
-	g_kafka_logger->handle = create_kafka_handle(g_kafka_logger->broker_list);
-	if (g_kafka_logger->handle == NULL) {
-		TFE_LOG_ERROR(g_default_logger, "%s, Fail to create kafka handle with broker list: %s.", errstr, g_kafka_logger->broker_list);
-		goto error;
-	}
-
-	MESA_load_profile_string_def(profile, section, "mc_cache_topic", g_kafka_logger->topic_name, sizeof(g_kafka_logger->topic_name), "PXY-EXCH-INTERMEDIA-CERT");
-	g_kafka_logger->topic = rd_kafka_topic_new(g_kafka_logger->handle, g_kafka_logger->topic_name, NULL);
-	if (g_kafka_logger->topic == NULL) {
-		TFE_LOG_ERROR(g_default_logger, "%s, Fail to create kafka topic with broker list: %s.", errstr, g_kafka_logger->broker_list);
-		goto error;
-	}
-
-	return 0;
-
-error:
-	ssl_mid_cert_kafka_logger_destory();
-	return -1;
+	g_kafka_logger = tfe_kafka_logger_create(enable, nic_name, broker_list, topic_name, g_default_logger);
+	if (g_kafka_logger)
+		return 0;
+	else
+		return -1;
 }

-void ssl_mid_cert_kafka_logger_send(const char *sni, const char *fingerprint, const char *cert)
+static void ssl_mid_cert_kafka_logger_send(const char *sni, const char *fingerprint, const char *cert)
 {
-	if (g_kafka_logger == NULL || g_kafka_logger->enable == 0)
+	if (g_kafka_logger->enable == 0)
 	{
 		return;
 	}
@@ -164,11 +64,11 @@ void ssl_mid_cert_kafka_logger_send(const char *sni, const char *fingerprint, co
 	cJSON_AddStringToObject(obj, "sni", sni);
 	cJSON_AddStringToObject(obj, "fingerprint", fingerprint);
 	cJSON_AddStringToObject(obj, "cert", cert);
-	cJSON_AddStringToObject(obj, "tfe_ip", g_kafka_logger->tfe_ip);
+	cJSON_AddStringToObject(obj, "tfe_ip", g_kafka_logger->local_ip_str);
 	dup = cJSON_Duplicate(obj, 1);
 	msg = cJSON_PrintUnformatted(dup);
 	TFE_LOG_DEBUG(g_default_logger, "log to [%s] msg:%s", g_kafka_logger->topic_name, msg);
-	rd_kafka_produce(g_kafka_logger->topic, RD_KAFKA_PARTITION_UA, RD_KAFKA_MSG_F_COPY, msg, strlen(msg), NULL, 0, NULL);
+	tfe_kafka_logger_send(g_kafka_logger, msg, strlen(msg));

 	free(msg);
 	cJSON_Delete(dup);
@@ -201,7 +101,7 @@ void ssl_fetch_trusted_cert_from_chain(STACK_OF(X509) * cert_chain, X509_STORE *
 		obj->data.x509 = (X509 *)cert;

 		// not in trusted store
- 		if (X509_OBJECT_retrieve_match(X509_STORE_get0_objects(trusted_store), obj) == NULL)
+		if (X509_OBJECT_retrieve_match(X509_STORE_get0_objects(trusted_store), obj) == NULL)
 		{
 			ret = 0;
 		}
@@ -218,9 +118,9 @@ void ssl_fetch_trusted_cert_from_chain(STACK_OF(X509) * cert_chain, X509_STORE *
 		pem = ssl_x509_to_pem(cert);

 		TFE_LOG_DEBUG(g_default_logger, "[dep:%d/%d] in_trusted_store:%d, sin:%s; subject:(%s); issuer:(%s); fingerprint:%s; cert:%s",
-			i, deep, ret, (hostname ? hostname : "NULL"), (subj ? subj : "NULL"), (issuer ? issuer : "NULL"), (fingerprint ? fingerprint : "NULL"),
-			((pem &&  g_kafka_logger->enable == 0x10) ? pem : " ..."));
-		
+					  i, deep, ret, (hostname ? hostname : "NULL"), (subj ? subj : "NULL"), (issuer ? issuer : "NULL"), (fingerprint ? fingerprint : "NULL"),
+					  ((pem &&  g_kafka_logger->enable == 0x10) ? pem : " ..."));
+
 		if (!ret && fingerprint && pem) {
 			ssl_mid_cert_kafka_logger_send(hostname, fingerprint, pem);
 		}