排查部分网站打不开的原因，增加get_keyring_from_response的日志信息

2019-01-16 15:36:28 +06:00
parent 124b7f083f
commit dd5bc45edc
3 changed files with 114 additions and 86 deletions
--- a/platform/src/key_keeper.cpp
+++ b/platform/src/key_keeper.cpp
@@ -16,6 +16,7 @@
 #include <event2/http.h>
 #include <cjson/cJSON.h>
 #include <curl/curl.h>
+#include <MESA/cJSON.h>

 #define HTABLE_MAX_KEY_LEN 256
 #define KEYRING_EXSITED 0
@@ -230,56 +231,83 @@ static struct keyring_private* get_keyring_from_response(const char* data)
 	cJSON* key_json = NULL;
 	cJSON* chain_json = NULL;

-	if(data == NULL)
-	{
-		goto error_out;
-	}
+	assert(data != NULL);
+
 	data_json = cJSON_Parse(data);
-	if(data_json == NULL)
+	if(unlikely(data_json == NULL))
 	{
+		TFE_LOG_ERROR(g_default_logger, "Illegal JSON format: %s", data);
 		goto error_out;
 	}

 	cert_json = cJSON_GetObjectItemCaseSensitive(data_json, "CERTIFICATE");
 	key_json = cJSON_GetObjectItemCaseSensitive(data_json, "PRIVATE_KEY");
 	chain_json = cJSON_GetObjectItemCaseSensitive(data_json, "CERTIFICATE_CHAIN");
-	if (cert_json && cert_json->valuestring != NULL)
-	{
-		cert = transform_cert_to_x509(cert_json->valuestring);
-	}
-	if(cert == NULL)
+
+	if(unlikely(cert_json == NULL))
 	{
+		TFE_LOG_ERROR(g_default_logger, "Illegal JSON format, No CERTIFICATE section: %s", data);
 		goto error_out;
 	}
-	if (key_json && key_json->valuestring != NULL)
-	{
-		key = transform_key_to_EVP(key_json->valuestring);
-	}
-	if(key == NULL)
+
+	if(unlikely(key_json == NULL))
 	{
+		TFE_LOG_ERROR(g_default_logger, "Illegal JSON format, No PRIVATE_KEY section: %s", data);
 		goto error_out;
 	}
-	if(chain_json == NULL)
+
+    if(unlikely(chain_json == NULL))
+    {
+        TFE_LOG_ERROR(g_default_logger, "Illegal JSON format, No CERTIFICATE_CHAIN section: %s", data);
+        goto error_out;
+    }
+
+	if(unlikely(cert_json->valuestring == NULL))
 	{
+		TFE_LOG_ERROR(g_default_logger, "Illegal JSON format, No CERTIFICATE value: %s", data);
 		goto error_out;
 	}
-	chain = sk_X509_new_null();
+
+	if(unlikely(key_json->valuestring == NULL))
+	{
+		TFE_LOG_ERROR(g_default_logger, "Illegal JSON format, No PRIVATE_KEY value: %s", data);
+		goto error_out;
+	}
+
+	cert = transform_cert_to_x509(cert_json->valuestring);
+	if(unlikely(cert == NULL))
+	{
+		TFE_LOG_ERROR(g_default_logger, "Transform certificate to X509 failed: %s", cert_json->valuestring);
+		goto error_out;
+	}
+
+	key = transform_key_to_EVP(key_json->valuestring);
+	if(unlikely(key == NULL))
+	{
+		TFE_LOG_ERROR(g_default_logger, "Transform PRIVATE KEY to EVP failed: %s", key_json->valuestring);
+		goto error_out;
+	}
+
+    chain = sk_X509_new_null();
 	cJSON_ArrayForEach(chain_cert_json, chain_json)
 	{
-		chain_cert = NULL;
-		if (chain_cert_json && chain_cert_json->valuestring != NULL)
-		{
-			chain_cert = transform_cert_to_x509(chain_cert_json->valuestring);
-		}
-		if(chain_cert == NULL)
+		if(unlikely(chain_cert_json->valuestring == NULL))
 		{
+			TFE_LOG_ERROR(g_default_logger, "Illegal JSON format, empty CERTIFICATE_CHAIN value.");
 			goto error_out;
 		}
-		sk_X509_push(chain, chain_cert);
-//		ssl_x509_refcount_inc(chain_cert);
-	}
-	_kyr= keyring_new(cert, key, chain);

+		chain_cert = transform_cert_to_x509(chain_cert_json->valuestring);
+		if(unlikely(chain_cert == NULL))
+		{
+			TFE_LOG_ERROR(g_default_logger, "Transform certificate chain entry to X509 failed: %s",
+				chain_cert_json->valuestring); goto error_out;
+		}
+
+		sk_X509_push(chain, chain_cert);
+	}
+
+	_kyr= keyring_new(cert, key, chain);
 	cJSON_Delete(data_json);
 	return _kyr;

@@ -287,7 +315,7 @@ error_out:
 	if(data_json!=NULL) cJSON_Delete(data_json);
 	if(cert) X509_free(cert);
 	if(key) EVP_PKEY_free(key);
- 	if(chain) sk_X509_pop_free(chain, X509_free);
+	if(chain) sk_X509_pop_free(chain, X509_free);
 	return NULL;
 }