gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature (adapt maat): keyring type changed from int to uuid_string when using RPC with cerstore

Browse Source
This commit is contained in:
luwenpeng
2024-09-25 17:55:12 +08:00
parent 0461a12216
commit a571c85b47
3 changed files with 15 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
platform/src/key_keeper.cpp
View File

@@ -678,7 +678,7 @@ struct keyring* key_keeper_release_keyring(future_result_t* result)
return &(kyr->head);
}
static uchar* get_key_by_cert(X509* cert, int keyring_id, unsigned int* len, int is_cert_valid)
static uchar* get_key_by_cert(X509* cert, const char *keyring_uuid_str, unsigned int* len, int is_cert_valid)
{
if(cert == NULL)
{
@@ -692,7 +692,7 @@ static uchar* get_key_by_cert(X509* cert, int keyring_id, unsigned int* len, int
}
char* key = ALLOC(char, HTABLE_MAX_KEY_LEN);
memset(key, 0, HTABLE_MAX_KEY_LEN);
snprintf(key, HTABLE_MAX_KEY_LEN, "%d:%d:", keyring_id, is_cert_valid);
snprintf(key, HTABLE_MAX_KEY_LEN, "%d:%d:", keyring_uuid_str, is_cert_valid);
strncat(key, cert_fingerprint, HTABLE_MAX_KEY_LEN);
*len = strnlen(key, HTABLE_MAX_KEY_LEN);
free(cert_fingerprint);
@@ -716,11 +716,13 @@ char* url_escape(char* url)
return _url;
}
void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const char* sni, int keyring_id, X509 * origin_cert, int is_cert_valid, struct event_base * evbase, struct evdns_base* dnsbase, struct evhttp_connection *evhttp)
void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const char* sni, uuid_t *keyring_uuid, X509 * origin_cert, int is_cert_valid, struct event_base * evbase, struct evdns_base* dnsbase, struct evhttp_connection *evhttp)
{
struct promise* p = future_to_promise(f);
unsigned int len = 0;
uchar* key = get_key_by_cert(origin_cert, keyring_id, &len, is_cert_valid);
char keyring_uuid_str[UUID_STRING_SIZE];
uuid_unparse(*keyring_uuid, keyring_uuid_str);
uchar* key = get_key_by_cert(origin_cert, keyring_uuid_str, &len, is_cert_valid);
if(key == NULL)
{
promise_failed(p, FUTURE_ERROR_EXCEPTION, "get hash key by_cert failed");
@@ -771,13 +773,13 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c
//keyring_id = 1;
if(sni == NULL || sni[0] == '\0')
{
asprintf(&url, "http://%s:%d/ca?keyring_id=%d&is_valid=%d",
keeper->cert_store_host, keeper->cert_store_port, keyring_id, is_cert_valid);
asprintf(&url, "http://%s:%d/ca?keyring_id=%s&is_valid=%d",
keeper->cert_store_host, keeper->cert_store_port, keyring_uuid_str, is_cert_valid);
}
else
{
asprintf(&url, "http://%s:%d/ca?keyring_id=%d&sni=%s&is_valid=%d",
keeper->cert_store_host, keeper->cert_store_port, keyring_id, sni, is_cert_valid);
asprintf(&url, "http://%s:%d/ca?keyring_id=%s&sni=%s&is_valid=%d",
keeper->cert_store_host, keeper->cert_store_port, keyring_uuid_str, sni, is_cert_valid);
}
TFE_LOG_DEBUG(keeper->logger, "CertStore query: %.100s", url);
tfe_rpc_async_ask(f_certstore_rpc, url, POST, DONE_CB, origin_cert_pem, strlen(origin_cert_pem), evbase, dnsbase, evhttp);