diff --git a/.gitignore b/.gitignore index 7dce598..baaaa35 100644 --- a/.gitignore +++ b/.gitignore @@ -38,4 +38,7 @@ cmake-build-*/ # Clion -.idea/ \ No newline at end of file +.idea/ + +# Vscode +.vscode/ diff --git a/.vscode/ftp-kr.json b/.vscode/ftp-kr.json new file mode 100644 index 0000000..efafbc2 --- /dev/null +++ b/.vscode/ftp-kr.json @@ -0,0 +1,16 @@ +{ + "host": "192.168.11.241", + "username": "cuiyiming", + "password": "070708", + "remotePath": "/home/cuiyiming/tfe3a", + "protocol": "sftp", + "port": 22, + "fileNameEncoding": "utf8", + "autoUpload": true, + "autoDelete": false, + "autoDownload": false, + "ignore": [ + ".git", + "/.vscode" + ] +} diff --git a/.vscode/ftp-kr.sync.cache.json b/.vscode/ftp-kr.sync.cache.json new file mode 100644 index 0000000..9a47dc9 --- /dev/null +++ b/.vscode/ftp-kr.sync.cache.json @@ -0,0 +1,568 @@ +{ + "sftp://192.168.11.241:22@cuiyiming": { + "home": { + "cuiyiming": { + "tfe3a": { + ".editorconfig": { + "type": "-", + "size": 189, + "lmtime": 1536117600714, + "modified": false + }, + ".gitattributes": { + "type": "-", + "size": 84, + "lmtime": 1536117600714, + "modified": false + }, + ".gitignore": { + "type": "-", + "size": 374, + "lmtime": 1536117600714, + "modified": false + }, + "CMakeLists.txt": { + "type": "-", + "size": 315, + "lmtime": 1536117600714, + "modified": false + }, + "cache": { + "CMakeLists.txt": { + "type": "-", + "size": 0, + "lmtime": 1536117600714, + "modified": false + }, + "include": { + "tango_cache_client.h": { + "type": "-", + "size": 1141, + "lmtime": 1536117600715, + "modified": false + } + } + }, + "common": { + "CMakeLists.txt": { + "type": "-", + "size": 316, + "lmtime": 1536825136570, + "modified": false + }, + "include": { + "tfe_future.h": { + "type": "-", + "size": 1294, + "lmtime": 1536313488202, + "modified": false + }, + "tfe_http.h": { + "type": "-", + "size": 10017, + "lmtime": 1536825156626, + "modified": false + }, + "tfe_plugin.h": { + "type": "-", + "size": 2045, + "lmtime": 1536825156627, + "modified": false + }, + "tfe_proxy.h": { + "type": "-", + "size": 117, + "lmtime": 1536117600715, + "modified": false + }, + "tfe_stat.h": { + "type": "-", + "size": 308, + "lmtime": 1536117600716, + "modified": false + }, + "tfe_stream.h": { + "type": "-", + "size": 2677, + "lmtime": 1536117600716, + "modified": false + }, + "tfe_types.h": { + "type": "-", + "size": 3152, + "lmtime": 1536905455105, + "modified": false + }, + "tfe_utils.h": { + "type": "-", + "size": 4218, + "lmtime": 1536927858885, + "modified": false + }, + "tfe_rpc.h": { + "type": "-", + "size": 521, + "lmtime": 1536915527236, + "modified": false + } + }, + "src": { + "tfe_future.cpp": { + "type": "-", + "size": 6032, + "lmtime": 1536825136572, + "modified": false + }, + "tfe_stat.cpp": { + "type": "-", + "size": 123, + "lmtime": 1536117600717, + "modified": false + }, + "tfe_utils.cpp": { + "type": "-", + "size": 534, + "lmtime": 1536117600717, + "modified": false + }, + "tfe_rpc.cpp": { + "type": "-", + "size": 7725, + "lmtime": 1536915527237, + "modified": false + }, + "tfe_http.cpp": { + "type": "-", + "size": 2266, + "lmtime": 1536825156627, + "modified": false + }, + "tfe_plugin.cpp": { + "type": "-", + "size": 610, + "lmtime": 1536313603978, + "modified": false + } + }, + ".CMakeLists.txt.swp": { + "type": "-", + "size": 4096, + "lmtime": 1536313660869, + "modified": false + } + }, + "platform": { + "CMakeLists.txt": { + "type": "-", + "size": 2574, + "lmtime": 1536915527238, + "modified": false + }, + "include": { + "internal": { + "key_keeper.h": { + "type": "-", + "size": 710, + "lmtime": 1536927858887, + "modified": false + }, + "kni_acceptor.h": { + "type": "-", + "size": 207, + "lmtime": 1536117600718, + "modified": false + }, + "platform.h": { + "type": "-", + "size": 1908, + "lmtime": 1536313603979, + "modified": false + }, + "proxy.h": { + "type": "-", + "size": 1178, + "lmtime": 1536117600718, + "modified": false + }, + "ssl_sess_cache.h": { + "type": "-", + "size": 785, + "lmtime": 1536117600719, + "modified": false + }, + "ssl_stream.h": { + "type": "-", + "size": 1371, + "lmtime": 1536313603980, + "modified": false + }, + "ssl_utils.h": { + "type": "-", + "size": 6476, + "lmtime": 1536927858887, + "modified": false + }, + "tcp_stream.h": { + "type": "-", + "size": 518, + "lmtime": 1536117600720, + "modified": false + } + } + }, + "src": { + "key_keeper.cpp": { + "type": "-", + "size": 14236, + "lmtime": 1536927858888, + "modified": false + }, + "kni_acceptor.cpp": { + "type": "-", + "size": 7906, + "lmtime": 1536117600721, + "modified": false + }, + "main.cpp": { + "type": "-", + "size": 324, + "lmtime": 1536117600721, + "modified": false + }, + "proxy.cpp": { + "type": "-", + "size": 7956, + "lmtime": 1536313603981, + "modified": false + }, + "ssl_sess_cache.cpp": { + "type": "-", + "size": 9206, + "lmtime": 1536313603982, + "modified": false + }, + "ssl_stream.cpp": { + "type": "-", + "size": 36309, + "lmtime": 1536927858889, + "modified": false + }, + "ssl_utils.cc": { + "type": "-", + "size": 57284, + "lmtime": 1536927858890, + "modified": false + }, + "tcp_stream.cpp": { + "type": "-", + "size": 20731, + "lmtime": 1536313603983, + "modified": false + }, + ".tfe_rpc.cpp.swp": { + "type": "-", + "size": 4096, + "lmtime": 1536290616868, + "modified": false + }, + ".key_keeper.cpp.swp": { + "type": "-", + "size": 4096, + "lmtime": 1536567592157, + "modified": false + }, + "tfe_rpc.cpp": { + "type": "-", + "size": 9080, + "lmtime": 1536825131154, + "modified": false + }, + ".ssl_utils.cc.swp": { + "type": "-", + "size": 4096, + "lmtime": 1536824844454, + "modified": false + }, + ".ssl_.swp": { + "type": "-", + "size": 4096, + "lmtime": 1536824458902, + "modified": false + } + }, + "test": { + "test_key_keeper.cpp": { + "type": "-", + "size": 1635, + "lmtime": 1536915434431, + "modified": false + }, + "test_tfe_rpc.cpp": { + "type": "-", + "size": 6042, + "lmtime": 1536927858892, + "modified": false + }, + "test_chello_parse.cpp": { + "type": "-", + "size": 7143, + "lmtime": 1536927858891, + "modified": false + }, + ".test_chello_parse.cpp.swp": { + "type": "-", + "size": 4096, + "lmtime": 1536928089520, + "modified": false + } + } + }, + "plugin": { + "CMakeLists.txt": { + "type": "-", + "size": 81, + "lmtime": 1536117600723, + "modified": false + }, + "business": { + "CMakeLists.txt": { + "type": "-", + "size": 64, + "lmtime": 1536927858893, + "modified": false + }, + "decrypt-mirroring": { + "CMakeLists.txt": { + "type": "-", + "size": 289, + "lmtime": 1536117600723, + "modified": false + }, + "include": { + "external": { + "decrypt_mirror_plugin.h": { + "type": "-", + "size": 626, + "lmtime": 1536117600724, + "modified": false + } + }, + "internal": { + "mirror_stream.h": { + "type": "-", + "size": 2067, + "lmtime": 1536117600724, + "modified": false + }, + "mirror_stream_inl.h": { + "type": "-", + "size": 2774, + "lmtime": 1536117600724, + "modified": false + }, + "sendpkt-inl.h": { + "type": "-", + "size": 4606, + "lmtime": 1536117600724, + "modified": false + } + } + }, + "src": { + "decrypt_mirror_plugin.cpp": { + "type": "-", + "size": 1494, + "lmtime": 1536825156629, + "modified": false + }, + "mirror_stream.cpp": { + "type": "-", + "size": 24104, + "lmtime": 1536927858894, + "modified": false + }, + "sendpkt.cpp": { + "type": "-", + "size": 11157, + "lmtime": 1536117600725, + "modified": false + } + }, + "test": { + "test_deliver.c": { + "type": "-", + "size": 2373, + "lmtime": 1536117600725, + "modified": false + }, + "test_deliver.h": { + "type": "-", + "size": 1, + "lmtime": 1536117600725, + "modified": false + } + } + }, + "pangu-http": { + "CMakeLists.txt": { + "type": "-", + "size": 159, + "lmtime": 1536927858895, + "modified": false + }, + "pangu_http.cpp": { + "type": "-", + "size": 25142, + "lmtime": 1536927858897, + "modified": false + }, + "pangu_logger.cpp": { + "type": "-", + "size": 4827, + "lmtime": 1536927858898, + "modified": false + }, + "pangu_logger.h": { + "type": "-", + "size": 2283, + "lmtime": 1536927858899, + "modified": false + } + } + }, + "platform": { + "CMakeLists.txt": { + "type": "-", + "size": 0, + "lmtime": 1536117600725, + "modified": false + } + }, + "protocol": { + "CMakeLists.txt": { + "type": "-", + "size": 23, + "lmtime": 1536117600725, + "modified": false + }, + "http": { + "CMakeLists.txt": { + "type": "-", + "size": 298, + "lmtime": 1536313603985, + "modified": false + }, + "src": { + "http.cpp": { + "type": "-", + "size": 1668, + "lmtime": 1536313512009, + "modified": false + }, + "http_entry.cpp": { + "type": "-", + "size": 6874, + "lmtime": 1536825156630, + "modified": false + }, + "http_half.cpp": { + "type": "-", + "size": 14144, + "lmtime": 1536825156630, + "modified": false + } + }, + "include": { + "internal": { + "http_common.h": { + "type": "-", + "size": 2767, + "lmtime": 1536825156629, + "modified": false + }, + "http_half.h": { + "type": "-", + "size": 612, + "lmtime": 1536313603986, + "modified": false + } + } + } + } + } + }, + "vendor": { + "CMakeLists.txt": { + "type": "-", + "size": 8808, + "lmtime": 1536927858900, + "modified": false + }, + "MESA_prof_load-3b2bfd.tar.gz": { + "type": "-", + "size": 8125, + "lmtime": 1536117600726, + "modified": false + }, + "check-0.12.0.tar.gz": { + "type": "-", + "size": 764043, + "lmtime": 1536117600730, + "modified": false + }, + "googletest-release-1.8.0.tar.gz": { + "type": "-", + "size": 1281617, + "lmtime": 1536117600736, + "modified": false + }, + "http-parser-2.8.1.tar.gz": { + "type": "-", + "size": 50731, + "lmtime": 1536117600737, + "modified": false + }, + "libevent-2.1.8-stable.tar.gz": { + "type": "-", + "size": 1026485, + "lmtime": 1536117600739, + "modified": false + }, + "nghttp2-1.32.0.tar.gz": { + "type": "-", + "size": 2216104, + "lmtime": 1536117600748, + "modified": false + }, + "openssl-1.1.0h.tar.gz": { + "type": "-", + "size": 5422717, + "lmtime": 1536117600768, + "modified": false + }, + "cJSON-1.7.7.tar.gz": { + "type": "-", + "size": 345681, + "lmtime": 1536825136581, + "modified": false + }, + "librdkafka-0.11.5.tar.gz": { + "type": "-", + "size": 1984510, + "lmtime": 1536927858916, + "modified": false + } + }, + "build": {}, + ".gitlab-ci.yml": { + "type": "-", + "size": 125, + "lmtime": 1536905455105, + "modified": false + } + } + } + } + }, + "$version": 1 +} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..b6aec46 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,31 @@ +{ + "files.associations": { + "iterator": "cpp", + "string": "cpp", + "string_view": "cpp", + "__locale": "cpp", + "ios": "cpp", + "__debug": "cpp", + "exception": "cpp", + "memory": "cpp", + "stdexcept": "cpp", + "typeinfo": "cpp", + "utility": "cpp", + "__bit_reference": "cpp", + "__functional_base": "cpp", + "algorithm": "cpp", + "atomic": "cpp", + "bitset": "cpp", + "chrono": "cpp", + "functional": "cpp", + "limits": "cpp", + "ratio": "cpp", + "system_error": "cpp", + "tuple": "cpp", + "type_traits": "cpp", + "initializer_list": "cpp", + "istream": "cpp", + "locale": "cpp", + "new": "cpp" + } +} \ No newline at end of file diff --git a/common/src/tfe_rpc.cpp b/common/src/tfe_rpc.cpp index e511ace..cb6e67b 100644 --- a/common/src/tfe_rpc.cpp +++ b/common/src/tfe_rpc.cpp @@ -54,10 +54,12 @@ static void _wrapped_promise_success(struct promise* p, void* result) { return; } + /* if(ctx->evbase) { event_base_loopexit(ctx->evbase, 0); } + */ //promise_dettach_ctx(p); //tfe_rpc_promise_free_ctx(ctx); promise_success(p, result); @@ -66,11 +68,13 @@ static void _wrapped_promise_success(struct promise* p, void* result) static void _wrapped_promise_failed(struct promise * p, enum e_future_error error, const char * what) { + /* struct tfe_rpc_ctx* ctx = (struct tfe_rpc_ctx*)promise_get_ctx(p); if(ctx->evbase) { event_base_loopexit(ctx->evbase, 0); } + */ promise_failed(p, error, what); //promise_dettach_ctx(p); //ctx_destroy_cb(ctx); @@ -151,6 +155,28 @@ void connection_close_cb(struct evhttp_connection* connection, void* arg) //printf("call connection_close_cb\n"); } +char* get_request_url(struct evhttp_uri* uri, int url_len) +{ + const char* path = evhttp_uri_get_path(uri); + const char* query = evhttp_uri_get_query(uri); + char *request_url = NULL; + request_url = (char*)malloc(url_len); + if(path == NULL || strnlen(path, url_len) == 0) + { + snprintf(request_url, url_len, "/"); + } + else + { + snprintf(request_url, url_len, "%s", path); + } + if(query && strnlen(query, url_len)) + { + strncat(request_url, "?", url_len); + strncat(request_url, query, url_len); + } + return request_url; +} + //data is for POST. if method is GET, data should be NULL void tfe_rpc_async_ask(struct future* f, const char* url, enum TFE_RPC_METHOD method, enum TFE_RPC_FLAG flag, const char* data, int data_len, struct event_base * evbase) { @@ -163,7 +189,7 @@ void tfe_rpc_async_ask(struct future* f, const char* url, enum TFE_RPC_METHOD me { _wrapped_promise_failed(p, FUTURE_ERROR_EXCEPTION, "event base is NULL"); return; - } + } struct evhttp_uri* uri = evhttp_uri_parse(url); if(NULL == uri) { @@ -181,22 +207,6 @@ void tfe_rpc_async_ask(struct future* f, const char* url, enum TFE_RPC_METHOD me { port = 80; } - const char* path = evhttp_uri_get_path(uri); - const char* query = evhttp_uri_get_query(uri); - char request_url[TFE_STRING_MAX] = ""; - if(path == NULL || strnlen(path, TFE_STRING_MAX) == 0) - { - snprintf(request_url, TFE_STRING_MAX, "/"); - } - else - { - snprintf(request_url, TFE_STRING_MAX, "%s", path); - } - if(query && strnlen(query, TFE_STRING_MAX)) - { - strncat(request_url, "?", TFE_STRING_MAX); - strncat(request_url, query, TFE_STRING_MAX); - } //printf("url:%s host:%s port:%d path:%s query:%s request_url:%s\n", url, host, port, path, query, request_url); struct evdns_base* dnsbase = evdns_base_new(evbase, EVDNS_BASE_INITIALIZE_NAMESERVERS); if (!dnsbase) @@ -219,6 +229,14 @@ void tfe_rpc_async_ask(struct future* f, const char* url, enum TFE_RPC_METHOD me } evhttp_request_set_error_cb(request, request_error_cb); evhttp_add_header(evhttp_request_get_output_headers(request), "Host", host); + int url_len = strlen(url); + char* request_url = get_request_url(uri, url_len); + //printf("request url is %s\n", request_url); + if(request_url == NULL) + { + _wrapped_promise_failed(p, FUTURE_ERROR_EXCEPTION, "get request url failed"); + return; + } switch(method) { case GET: @@ -232,6 +250,7 @@ void tfe_rpc_async_ask(struct future* f, const char* url, enum TFE_RPC_METHOD me _wrapped_promise_failed(p, FUTURE_ERROR_EXCEPTION, "method is invalid!"); return; } + free(request_url); } struct tfe_rpc_response_result* tfe_rpc_release(void* result) diff --git a/platform/CMakeLists.txt b/platform/CMakeLists.txt index 60d9e04..8bb50b2 100644 --- a/platform/CMakeLists.txt +++ b/platform/CMakeLists.txt @@ -13,6 +13,7 @@ target_link_libraries(tfe pthread dl MESA_handle_logger MESA_prof_load cjson + curl MESA_htable wiredcfg MESA_field_stat) @@ -38,6 +39,7 @@ target_link_libraries(test_key_keeper pthread dl MESA_handle_logger MESA_prof_load cjson + curl MESA_htable wiredcfg MESA_field_stat) @@ -59,6 +61,7 @@ target_link_libraries(test_tfe_rpc pthread dl MESA_prof_load MESA_htable wiredcfg cjson + curl MESA_field_stat) install(TARGETS test_tfe_rpc RUNTIME DESTINATION ./) diff --git a/platform/src/key_keeper.cpp b/platform/src/key_keeper.cpp index 76756a2..d2b0add 100644 --- a/platform/src/key_keeper.cpp +++ b/platform/src/key_keeper.cpp @@ -7,6 +7,8 @@ #include "tfe_rpc.h" #include #include +#include + #define HTABLE_MAX_KEY_LEN 256 #define KEYRING_EXSITED 0 #define KEYRING_NOT_EXSITED -1 @@ -69,9 +71,6 @@ static struct keyring_private* keyring_new(void) } /* - * Passed OpenSSL objects are owned by cert_t; refcount will not be - * incremented, stack will not be duplicated. - */ static struct keyring* keyring_new3(EVP_PKEY *key, X509 *cert, STACK_OF(X509) *chain) { struct keyring_private* kyr=NULL; @@ -98,6 +97,7 @@ static struct keyring* keyring_new3(EVP_PKEY *key, X509 *cert, STACK_OF(X509) *c } return &(kyr->head); } +*/ // Increment reference count. static void keyring_ref_inc(struct keyring_private* kyr) @@ -198,19 +198,60 @@ void key_keeper_free_keyring(struct keyring *kyr) static X509* transform_cert_to_x509(const char* str) { - BIO *bio; - X509 *cert; + //printf("cert: %s", str); + BIO *bio = NULL; + X509 *cert = NULL; bio = BIO_new(BIO_s_mem()); - BIO_write(bio, (const void*)str, strnlen(str, TFE_STRING_MAX)); + if(bio == NULL) + { + return NULL; + } + int len = BIO_write(bio, (const void*)str, strlen(str)); + if (len <= 0 ) + { + BIO_free_all(bio); + return NULL; + } cert = PEM_read_bio_X509(bio, NULL, NULL, NULL); BIO_free_all(bio); return cert; } +static char* transform_cert_to_pem(X509* cert) +{ + if (NULL == cert) + { + return NULL; + } + BIO* bio = NULL; + bio = BIO_new(BIO_s_mem()); + if (NULL == bio) + { + return NULL; + } + if (0 == PEM_write_bio_X509(bio, cert)) + { + BIO_free(bio); + return NULL; + } + char *p = NULL; + int len = BIO_get_mem_data(bio, &p); + char *pem = (char*)malloc(len + 1); + memset(pem, 0, len + 1); + BIO_read(bio, pem, len); + BIO_free(bio); + return pem; +} + static EVP_PKEY* transform_key_to_EVP(const char* str) { + //printf("private key: %s", str); BIO *mem; mem = BIO_new_mem_buf(str, -1); + if(mem == NULL) + { + return NULL; + } EVP_PKEY* key = PEM_read_bio_PrivateKey(mem, NULL, NULL, 0); BIO_free(mem); return key; @@ -345,9 +386,10 @@ static struct keyring_private* generate_x509_keyring(X509* origin_cert, int keyr static void certstore_rpc_on_succ(void* result, void* user) { - //printf("call certstore_rpc_on_succ\n"); struct promise * p = (struct promise *) user; struct key_keeper_promise_ctx* ctx = (struct key_keeper_promise_ctx*)promise_get_ctx(p); + TFE_LOG_INFO(ctx->logger, "certstore rpc success"); + future_destroy(ctx->f_certstore_rpc); MESA_htable_handle htable= ctx->htable; const uchar* key = ctx->key; unsigned int key_len = ctx->key_len; @@ -360,6 +402,11 @@ static void certstore_rpc_on_succ(void* result, void* user) { *(data+len) = '\0'; struct keyring_private* kyr= get_keyring_from_response(data); + if(kyr == NULL) + { + promise_failed(p, FUTURE_ERROR_EXCEPTION, "get_keyring_from_response failed"); + return; + } keyring_ref_inc(kyr); int ret = MESA_htable_add(htable, key, key_len, (void*)kyr); if(ret<0) @@ -373,7 +420,6 @@ static void certstore_rpc_on_succ(void* result, void* user) { promise_failed(p, FUTURE_ERROR_EXCEPTION, status_msg); } - future_destroy(ctx->f_certstore_rpc); //promise_dettach_ctx(p); //ctx_destroy_cb((void*)ctx); } @@ -381,9 +427,10 @@ static void certstore_rpc_on_succ(void* result, void* user) static void certstore_rpc_on_fail(enum e_future_error err, const char * what, void * user) { struct promise * p = (struct promise *) user; - promise_failed(p, err, what); struct key_keeper_promise_ctx* ctx= (struct key_keeper_promise_ctx*)promise_get_ctx(p); + TFE_LOG_ERROR(ctx->logger, "certstore rpc failed, what is %s", what); future_destroy(ctx->f_certstore_rpc); + promise_failed(p, err, what); //promise_dettach_ctx(p); //ctx_destroy_cb((void*)ctx); } @@ -433,6 +480,8 @@ struct key_keeper* key_keeper_init(const char * profile, const char* section, vo MESA_load_profile_uint_def(profile, section, "hash_slot_size", &(keeper->hash_slot_size), 16); MESA_load_profile_uint_def(profile, section, "hash_expire_seconds", &(keeper->hash_expire_seconds), 16); keeper->htable = create_hash_table(keeper->hash_slot_size, keeper->hash_expire_seconds); + TFE_LOG_INFO(logger, "MESA_load_profile, [%s]: mode:%s, ca_path:%s, untrusted_ca_path:%s, cert_store_host:%s, cert_store_port:%d, hash_slot_size:%d, hash_expire_seconds:%d", + section, keeper->mode, keeper->ca_path, keeper->untrusted_ca_path, keeper->cert_store_host, keeper->cert_store_port, keeper->hash_slot_size, keeper->hash_expire_seconds); return keeper; } @@ -451,17 +500,20 @@ struct keyring* key_keeper_release_keyring(future_result_t* result) return &(kyr->head); } - static uchar* get_key_by_cert(X509* cert, int keyring_id, unsigned int* len) { - char* cert_fgr = NULL; - cert_fgr = ssl_x509_fingerprint(cert, 0); - char* key = (char*)malloc(HTABLE_MAX_KEY_LEN); - *key = '\0'; if(cert == NULL) { return NULL; } + char* cert_fgr = NULL; + cert_fgr = ssl_x509_fingerprint(cert, 0); + if(cert_fgr == NULL) + { + return NULL; + } + char* key = (char*)malloc(HTABLE_MAX_KEY_LEN); + memset(key, 0, HTABLE_MAX_KEY_LEN); snprintf(key, HTABLE_MAX_KEY_LEN, "%d:", keyring_id); strncat(key, cert_fgr, HTABLE_MAX_KEY_LEN); *len = strnlen(key, HTABLE_MAX_KEY_LEN); @@ -470,12 +522,32 @@ static uchar* get_key_by_cert(X509* cert, int keyring_id, unsigned int* len) } +char* url_escape(char* url) +{ + if(url == NULL) + { + return NULL; + } + CURL *curl = curl_easy_init(); + char* _url = NULL; + if(curl) + { + _url = curl_easy_escape(curl, url, strlen(url)); + } + return _url; +} + void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const char* sni, int keyring_id, X509 * origin_cert, int is_cert_valid, struct event_base * evbase) { struct promise* p = future_to_promise(f); - struct key_keeper_promise_ctx* ctx = ALLOC(struct key_keeper_promise_ctx, 1); unsigned int len = 0; uchar* key = get_key_by_cert(origin_cert, keyring_id, &len); + if(key == NULL) + { + promise_failed(p, FUTURE_ERROR_EXCEPTION, "get hash key by_cert failed"); + return; + } + struct key_keeper_promise_ctx* ctx = ALLOC(struct key_keeper_promise_ctx, 1); ctx->logger = keeper->logger; ctx->htable = keeper->htable; ctx->key = key; @@ -485,7 +557,7 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c MESA_htable_search_cb(ctx->htable, (const unsigned char*)(ctx->key), ctx->key_len, keyring_local_cache_query_cb, p, &cb_rtn); if(cb_rtn == KEYRING_EXSITED) { - printf("KEYRING_EXSITED\n"); + //printf("KEYRING_EXSITED\n"); return; } int mode = 0; @@ -496,22 +568,41 @@ void key_keeper_async_ask(struct future * f, struct key_keeper * keeper, const c switch(mode){ case NORMAL: { + char* origin_cert_pem = transform_cert_to_pem(origin_cert); + if(origin_cert_pem == NULL) + { + promise_failed(p, FUTURE_ERROR_EXCEPTION, "transform origin_cert to pem failed"); + return; + } + char* escaped_origin_cert_pem = url_escape(origin_cert_pem); + free(origin_cert_pem); + if(escaped_origin_cert_pem == NULL) + { + promise_failed(p, FUTURE_ERROR_EXCEPTION, "url escape failed"); + break; + } struct future* f_certstore_rpc = future_create("tfe_rpc", certstore_rpc_on_succ, certstore_rpc_on_fail, p); ctx->f_certstore_rpc = f_certstore_rpc; - char url[TFE_STRING_MAX]; - char _sni[TFE_STRING_MAX] = "www.baidu.com"; - if(sni) + char *url = NULL; + url = (char*)malloc(strlen(escaped_origin_cert_pem) + TFE_STRING_MAX); + //keyring_id = 1; + if(sni == NULL || sni[0] == '\0') { - strncpy(_sni, sni, TFE_STRING_MAX); + sprintf(url, "http://%s:%d/ca?keyring_id=%d&is_valid=%d&origin_cert=%s", + keeper->cert_store_host, keeper->cert_store_port, keyring_id, is_cert_valid, escaped_origin_cert_pem); } - snprintf(url, TFE_STRING_MAX, "http://%s:%d/ca?host=%s&flag=1&valid=1&keyring_id=%d", keeper->cert_store_host, keeper->cert_store_port, _sni, keyring_id); - printf("url is %s\n", url); + else + { + sprintf(url, "http://%s:%d/ca?keyring_id=%d&sni=%s&is_valid=%d&origin_cert=%s", + keeper->cert_store_host, keeper->cert_store_port, keyring_id, sni, is_cert_valid, escaped_origin_cert_pem); + } + curl_free(escaped_origin_cert_pem); tfe_rpc_async_ask(f_certstore_rpc, url, GET, DONE_CB, NULL, 0, evbase); + free(url); break; } case DEBUG: { - //TOOD: generate X509 cert char* filename = NULL; if(is_cert_valid == 1) { diff --git a/platform/src/ssl_utils.cc b/platform/src/ssl_utils.cc index dd25a79..df6a09d 100644 --- a/platform/src/ssl_utils.cc +++ b/platform/src/ssl_utils.cc @@ -1895,6 +1895,7 @@ static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n, char* cipher_suites_str = (char* )malloc(TFE_STRING_MAX); cipher_suites_str[0] = '\0'; size_t pos = 0; + int flag = 0; while(pos < buff_len) { int i = 0; @@ -1903,18 +1904,27 @@ static char* parse_cipher_suites(struct cipher_suite* _cipher_suite_list, int n, int val = (buff[pos] << 8) + buff[pos + 1]; if(_cipher_suite_list[i].value == val) { + if(strnlen(_cipher_suite_list[i].name, TFE_STRING_MAX) + strnlen(cipher_suites_str, TFE_STRING_MAX) + 1 > TFE_STRING_MAX) + { + flag = 1; + break; + } strncat(cipher_suites_str, _cipher_suite_list[i].name, TFE_STRING_MAX); strncat(cipher_suites_str, ":", TFE_STRING_MAX); } } pos += 2; + if(flag == 1) + { + break; + } } int len = strnlen(cipher_suites_str, TFE_STRING_MAX); if(len > 0) { cipher_suites_str[len-1] = '\0'; } - if(pos != buff_len) + if(pos != buff_len && flag == 0) { *result = CHELLO_PARSE_INVALID_FORMAT; return NULL; diff --git a/platform/test/test_key_keeper.cpp b/platform/test/test_key_keeper.cpp index 214fcbe..4ba2055 100644 --- a/platform/test/test_key_keeper.cpp +++ b/platform/test/test_key_keeper.cpp @@ -20,19 +20,20 @@ int main() printf("-------------------------------\n"); int i = 0; printf("call key_keeper_async_ask, i = %d\n", i); - key_keeper_async_ask(f, keeper, NULL, 0, origin_cert, 0, evbase); + key_keeper_async_ask(f, keeper, "www.baidu.com", 1, origin_cert, 1, evbase); event_base_dispatch(evbase); - + /* struct event_base* evbase1 = event_base_new(); struct future* f1 = future_create("key_keeper", ask_key_keeper_on_succ, ask_key_keeper_on_fail, user); - key_keeper_async_ask(f1, keeper, NULL, 0, origin_cert, 0, evbase1); + key_keeper_async_ask(f1, keeper, "www.baidu.com", 0, origin_cert, 0, evbase1); event_base_dispatch(evbase1); + */ } void ask_key_keeper_on_succ(void* result, void* user) { - printf("call ask_key_keeper_on_succ\n"); + //printf("call ask_key_keeper_on_succ\n"); struct keyring* kyr = key_keeper_release_keyring(result); X509* cert = kyr->cert; EVP_PKEY* key = kyr->key; @@ -55,4 +56,5 @@ void ask_key_keeper_on_succ(void* result, void* user) void ask_key_keeper_on_fail(enum e_future_error error, const char * what, void * user) { printf("call ask_key_keeper_on_fail\n"); + printf("what is %s\n", what); }