Merge branch 'feature-ssl-stream' into 'develop-tfe3a'

Feature ssl stream See merge request tango/tfe!6
2018-08-26 18:28:21 +08:00
parent 7c276b80eb 3abdee594b
commit f60b634ec6
5 changed files with 779 additions and 447 deletions
--- a/platform/include/internal/cert.h
+++ b/platform/include/internal/cert.h
@@ -1,19 +0,0 @@
-#ifndef CERT_H
-#define CERT_H
-
-#include <openssl/ssl.h>
-#include <pthread.h>
-
-struct cert
-{
-	EVP_PKEY *key;
-	X509 *crt;
-	STACK_OF(X509) * chain;
-};
-struct cert_mgr;
-struct cert_mgr * cert_mgr_init(const char * profile, const char* section);
-struct cert* cert_mgr_query_result_release_cert(future_result_t* result);
-void cert_mgr_free_cert(struct cert* cert);
-void cert_mgr_async_query(struct future * future,	struct cert_mgr * mgr, int keyring_id,
-	X509 * origin_cert, struct event_base * evbase);
-#endif /* !CERT_H */
--- a/platform/include/internal/key_keeper.h
+++ b/platform/include/internal/key_keeper.h
@@ -0,0 +1,21 @@
+#ifndef CERT_H
+#define CERT_H
+
+#include <openssl/ssl.h>
+#include <pthread.h>
+
+struct keyring
+{
+	EVP_PKEY *key;
+	X509 *cert;
+	STACK_OF(X509) * chain;
+};
+struct key_keeper;
+struct key_keeper * key_keeper_init(const char * profile, const char* section, void* logger);
+struct key_keeper * key_keeper_destroy(struct key_keeper *keeper);
+
+struct keyring* key_keeper_release_cert(future_result_t* result);
+void key_keeper_free_keyring(struct keyring* cert);
+void key_keeper_async_ask(struct future * f,	struct key_keeper * keeper, int keyring_id,
+	X509 * origin_cert,  int is_cert_valid, struct event_base * evbase);
+#endif /* !CERT_H */
--- a/platform/include/internal/ssl_stream.h
+++ b/platform/include/internal/ssl_stream.h
@@ -1,7 +1,6 @@
 #pragma once
 #include <event2/event.h>
 #include <tfe_future.h>
-#include <cert.h>
 #include <field_stat2.h>


@@ -17,7 +16,7 @@ void ssl_async_upstream_create(struct future* f, struct ssl_mgr* mgr, evutil_soc

 struct ssl_stream*  ssl_downstream_create_result_release_stream(future_result_t* result);
 struct bufferevent* ssl_downstream_create_result_release_bev(future_result_t* result);
-void ssl_async_downstream_create(struct future* f, struct ssl_mgr* mgr, struct ssl_stream* upstream, evutil_socket_t fd_downstream, struct event_base *evbase);
+void ssl_async_downstream_create(struct future* f, struct ssl_mgr* mgr, struct ssl_stream* upstream, evutil_socket_t fd_downstream, int keyring_id, struct event_base *evbase);

 void ssl_stream_free_and_close_fd(struct ssl_stream* stream,  struct event_base *evbase, evutil_socket_t fd);

--- a/platform/src/key_keeper.cpp
+++ b/platform/src/key_keeper.cpp
@@ -1,21 +1,21 @@
-#include <cert.h>
+#include <key_keeper.h>
 #include <string.h>
 #include <ssl.h>

-struct cert_mgr
+struct key_keeper
 {

 };
-struct tfe_cert_private
+struct key_keeper_private
 {
-	struct cert head;
+	struct keyring head;
 	pthread_mutex_t mutex;
 	size_t references;
 };

 #if 0
 /*
- * Certificate, including private key and cert chain.
+ * Certificate, including private key and keyring chain.
 */

 cert_t *
@@ -175,7 +175,7 @@ cert_set_chain(cert_t *c, STACK_OF(X509) *chain)
 }

 /*
- * Free cert including internal objects.
+ * Free keyring including internal objects.
 */
 void
 cert_free(cert_t *c)
@@ -200,22 +200,22 @@ cert_free(cert_t *c)
 	free(c);
 }

-struct cert_mgr* cert_mgr_init(const char* profile)
+struct key_keeper* key_keeper_init(const char* profile)
 {

 }

-void cert_mgr_async_get(struct future* future, struct cert_mgr* mgr, int keyring_id, X509* origin_cert, struct event_base* evbase)
+void cert_mgr_async_get(struct future* future, struct key_keeper* mgr, int keyring_id, X509* origin_cert, struct event_base* evbase)
 {
 	X509* orig_cert=SSL_get_peer_certificate(origssl);
 	//todo: need implement 
-	cert_t * cert = NULL;
+	cert_t * keyring = NULL;
 	if (opts->tgcrtdir)
 	{
 		if (ctx->sni)
 		{
-			cert = (cert_t *) cachemgr_tgcrt_get(ctx->sni);
-			if (!cert)
+			keyring = (cert_t *) cachemgr_tgcrt_get(ctx->sni);
+			if (!keyring)
 			{
 				char * wildcarded = ssl_wildcardify(ctx->sni);
 				if (!wildcarded)
@@ -223,12 +223,12 @@ void cert_mgr_async_get(struct future* future, struct cert_mgr* mgr, int keyring
 					ctx->enomem = 1;
 					return NULL;
 				}
-				cert = (cert_t *) cachemgr_tgcrt_get(wildcarded);
+				keyring = (cert_t *) cachemgr_tgcrt_get(wildcarded);
 				free(wildcarded);
 			}
-			if (cert && OPTS_DEBUG(ctx->opts))
+			if (keyring && OPTS_DEBUG(ctx->opts))
 			{
-				log_dbg_printf("Target cert by SNI\n");
+				log_dbg_printf("Target keyring by SNI\n");
 			}
 		}
 		else if (ctx->origcrt)
@@ -236,11 +236,11 @@ void cert_mgr_async_get(struct future* future, struct cert_mgr* mgr, int keyring
 			char ** names = ssl_x509_names(ctx->origcrt);
 			for (char ** p = names; *p; p++)
 			{
-				if (!cert)
+				if (!keyring)
 				{
-					cert = (cert_t *) cachemgr_tgcrt_get(*p);
+					keyring = (cert_t *) cachemgr_tgcrt_get(*p);
 				}
-				if (!cert)
+				if (!keyring)
 				{
 					char * wildcarded = ssl_wildcardify(*p);
 					if (!wildcarded)
@@ -249,7 +249,7 @@ void cert_mgr_async_get(struct future* future, struct cert_mgr* mgr, int keyring
 					}
 					else
 					{
-						cert = (cert_t *) (wildcarded);
+						keyring = (cert_t *) (wildcarded);
 						free(wildcarded);
 					}
 				}
@@ -260,41 +260,41 @@ void cert_mgr_async_get(struct future* future, struct cert_mgr* mgr, int keyring
 			{
 				return NULL;
 			}
-			if (cert && OPTS_DEBUG(ctx->opts))
+			if (keyring && OPTS_DEBUG(ctx->opts))
 			{
-				log_dbg_printf("Target cert by origcrt\n");
+				log_dbg_printf("Target keyring by origcrt\n");
 			}
 		}

-		if (cert)
+		if (keyring)
 		{
 			ctx->immutable_cert = 1;
 		}
 	}

-	if (!cert && ctx->origcrt && ctx->opts->key)
+	if (!keyring && ctx->origcrt && ctx->opts->key)
 	{
-		cert = cert_new();
-		cert->crt = (X509 *) cachemgr_fkcrt_get(ctx->origcrt);
+		keyring = cert_new();
+		keyring->cert = (X509 *) cachemgr_fkcrt_get(ctx->origcrt);

-		if (cert->crt)
+		if (keyring->cert)
 		{
 			if (OPTS_DEBUG(ctx->opts)) log_dbg_printf("Certificate cache: HIT\n");
 		}
 		else
 		{
 			if (OPTS_DEBUG(ctx->opts)) log_dbg_printf("Certificate cache: MISS\n");
-			cert->crt = ssl_x509_forge(ctx->opts->cacrt,
+			keyring->cert = ssl_x509_forge(ctx->opts->cacrt,
 				ctx->opts->cakey,
 				ctx->origcrt,
 				ctx->opts->key,
 				NULL,
 				ctx->opts->crlurl);
-			cachemgr_fkcrt_set(ctx->origcrt, cert->crt);
+			cachemgr_fkcrt_set(ctx->origcrt, keyring->cert);
 		}

-		cert_set_key(cert, ctx->opts->key);
-		cert_set_chain(cert, ctx->opts->chain);
+		cert_set_key(keyring, ctx->opts->key);
+		cert_set_chain(keyring, ctx->opts->chain);
 		ctx->generated_cert = 1;
 	}

@@ -306,18 +306,18 @@ void cert_mgr_async_get(struct future* future, struct cert_mgr* mgr, int keyring
 	}

 	if ((WANT_CONNECT_LOG(ctx) || ctx->opts->certgen_writeall) &&
-		cert && cert->crt)
+		keyring && keyring->cert)
 	{
-		ctx->usedcrtfpr = ssl_x509_fingerprint(cert->crt, 0);
+		ctx->usedcrtfpr = ssl_x509_fingerprint(keyring->cert, 0);
 		if (!ctx->usedcrtfpr)
 			ctx->enomem = 1;
 	}

-	return cert;
+	return keyring;
 }
-void cert_manager_free(cert_t * cert)
+void cert_manager_free(cert_t * keyring)
 {
-	cert_free(cert);
+	cert_free(keyring);
 	return;
 }
 #endif
--- a/platform/src/ssl_stream.cpp
+++ b/platform/src/ssl_stream.cpp