SUPPORT-8941. Добавлено получение названия и типа провайдера из конфигурационного файла (подпись)
This commit is contained in:
alashkova
parent
9f0a9efa11
commit
2517eb1a34
11 changed files with 49 additions and 12 deletions
|
|
@ -86,6 +86,8 @@ cmake -DCONFIG_NAME=/opt/ervu-sign-module.conf ..
|
|||
- В секции **\[main\]** задать общие настройки:
|
||||
worker_processes = 10 *\# количество воркеров (значение по умолчанию: 10)*
|
||||
cp_file = libcapi20.so *\# путь до файла библиотеки криптопровайдера*
|
||||
cp_name = Crypto-Pro GOST R 34.10-2012 KC2 CSP *\# название криптопровайдера*
|
||||
cp_type = 80 *\# тип криптопровайдера*
|
||||
|
||||
- В секции **\[fcgi\]** задать настройки fcgi-сервера:
|
||||
fcgi_listen_port = 9009 *\# значение по умолчанию: 9009, должно совпадать со значением в nginx.conf*
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
[main]
|
||||
#worker_processes = 10
|
||||
cp_file = /opt/cprocsp/lib/amd64/libcapi20.so
|
||||
#cp_name = Crypto-Pro GOST R 34.10-2012 KC2 CSP
|
||||
#cp_type = 80
|
||||
|
||||
[fcgi]
|
||||
fcgi_listen_port = 9009
|
||||
|
|
|
|||
|
|
@ -7,9 +7,14 @@
|
|||
#define MAIN_CONF_SECTION "main"
|
||||
#define MAIN_CONF_KEY_WORKER_PROCESSES "worker_processes"
|
||||
#define MAIN_CONF_KEY_CP_FILE "cp_file"
|
||||
#define MAIN_CONF_KEY_CP_NAME "cp_name"
|
||||
#define MAIN_CONF_KEY_CP_TYPE "cp_type"
|
||||
|
||||
/* default configuration values: */
|
||||
static const int FCGI_CONF_DEFAULT_WORKER_PROCESSES = 10;
|
||||
static const char* MAIN_CONF_DEFAULT_CP_NAME = "Crypto-Pro GOST R 34.10-2012 KC2 CSP";
|
||||
static const unsigned int MAIN_CONF_DEFAULT_CP_TYPE = 80;
|
||||
|
||||
|
||||
static char*
|
||||
copy_filename(const char *filename)
|
||||
|
|
@ -50,6 +55,22 @@ main_conf_load(main_conf_t* conf, const char *filename, const conf_file_context_
|
|||
CONF_FILE_VALUE_NONE,
|
||||
NULL
|
||||
},
|
||||
{
|
||||
MAIN_CONF_SECTION,
|
||||
MAIN_CONF_KEY_CP_NAME,
|
||||
&(conf->cp_name),
|
||||
CONF_FILE_VALUE_STRING,
|
||||
CONF_FILE_VALUE_NONE,
|
||||
&MAIN_CONF_DEFAULT_CP_NAME
|
||||
},
|
||||
{
|
||||
MAIN_CONF_SECTION,
|
||||
MAIN_CONF_KEY_CP_TYPE,
|
||||
&(conf->cp_type),
|
||||
CONF_FILE_VALUE_INTEGER,
|
||||
CONF_FILE_VALUE_NONE,
|
||||
&MAIN_CONF_DEFAULT_CP_TYPE
|
||||
},
|
||||
};
|
||||
|
||||
if (conf_file_load_values(conf_file, fields, sizeof(fields) / sizeof(conf_file_field_t))) {
|
||||
|
|
@ -82,6 +103,7 @@ main_conf_clear(main_conf_t* conf)
|
|||
}
|
||||
|
||||
free(conf->cp_file);
|
||||
free(conf->cp_name);
|
||||
free(conf->conf_file);
|
||||
memset(conf, 0, sizeof(main_conf_t));
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,8 @@
|
|||
typedef struct main_conf_s {
|
||||
int worker_processes;
|
||||
char *cp_file; /* файл криптопровайдера */
|
||||
char *cp_name; /* название криптопровайдера */
|
||||
unsigned int cp_type; /* тип криптопровайдера */
|
||||
char *conf_file;
|
||||
} main_conf_t;
|
||||
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ sign_conf_clear(sign_conf_t *conf)
|
|||
}
|
||||
|
||||
HSign
|
||||
sign_service_create(const sign_conf_t *conf)
|
||||
sign_service_create(const sign_conf_t *conf, const main_conf_t *main_conf)
|
||||
{
|
||||
LOG_TRACE("sign_service_create enter");
|
||||
|
||||
|
|
@ -138,6 +138,8 @@ sign_service_create(const sign_conf_t *conf)
|
|||
cryptopro_context_set(&hsign->cryptopro_ctx,
|
||||
&conf->sign_cert_thumbprint,
|
||||
&conf->sign_cert_password,
|
||||
main_conf->cp_name,
|
||||
main_conf->cp_type,
|
||||
&hsign->timer_ctx);
|
||||
|
||||
if (open_signer_cert(&hsign->cryptopro_ctx)) {
|
||||
|
|
@ -372,7 +374,7 @@ sign_content_with_state(const sign_service_t *hsign, fcgi_sign_request_t *req_in
|
|||
|
||||
LOG_TRACE("sign_content_with_state enter");
|
||||
|
||||
state = generate_uuid4();
|
||||
state = generate_uuid4(&hsign->cryptopro_ctx);
|
||||
if (state == NULL) {
|
||||
goto error;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,7 @@
|
|||
#ifndef SERVICE_SIGN_H_INCLUDED
|
||||
#define SERVICE_SIGN_H_INCLUDED
|
||||
|
||||
#include "main_conf.h"
|
||||
#include "fcgisrv/fcgi_server.h"
|
||||
|
||||
#include "utils/conf_file_context.h"
|
||||
|
|
@ -19,7 +20,7 @@ typedef struct sign_conf_s {
|
|||
int sign_conf_load(sign_conf_t *conf, const conf_file_context_t conf_file);
|
||||
void sign_conf_clear(sign_conf_t *conf);
|
||||
|
||||
HSign sign_service_create(const sign_conf_t *conf);
|
||||
HSign sign_service_create(const sign_conf_t *conf, const main_conf_t *main_conf);
|
||||
void sign_service_free(HSign hsign);
|
||||
|
||||
fcgi_handler_status_t fcgi_sign_handler(FCGX_Request* request, void* ctx);
|
||||
|
|
|
|||
|
|
@ -239,7 +239,7 @@ init_services(service_manager_t* services, const service_manager_conf_t* service
|
|||
}
|
||||
|
||||
/* sign service */
|
||||
services->hsign = sign_service_create(&services_cf->sign_cf);
|
||||
services->hsign = sign_service_create(&services_cf->sign_cf, &services_cf->main_cf);
|
||||
if (services->hsign == NULL) {
|
||||
goto error;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -809,15 +809,16 @@ exit:
|
|||
}
|
||||
|
||||
int
|
||||
cryptopro_gen_random(unsigned char* data, size_t len)
|
||||
cryptopro_gen_random(const cryptopro_context_t *ctx, unsigned char* data, size_t len)
|
||||
{
|
||||
HCRYPTPROV hCryptProv = 0;
|
||||
|
||||
LOG_TRACE("cryptopro_gen_random enter");
|
||||
|
||||
if (!cp_function_list.CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_GOST_2012_256,
|
||||
if (!cp_function_list.CryptAcquireContext(&hCryptProv, NULL, ctx->provider, ctx->prov_type,
|
||||
CRYPT_VERIFYCONTEXT)) {
|
||||
LOG_ERROR("CryptAcquireContext() failed");
|
||||
LOG_ERROR("CryptAcquireContext() failed. provider: '%s', prov_type: %u",
|
||||
ctx->provider, ctx->prov_type);
|
||||
goto error;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,8 @@
|
|||
typedef struct cryptopro_context_s {
|
||||
const str_t *cert_thumbprint;
|
||||
const str_t *password;
|
||||
const char *provider;
|
||||
unsigned int prov_type;
|
||||
timer_context_t *timer_ctx;
|
||||
|
||||
HCERTSTORE cert_store;
|
||||
|
|
@ -22,12 +24,15 @@ typedef struct cryptopro_context_s {
|
|||
|
||||
static inline void
|
||||
cryptopro_context_set(cryptopro_context_t *ctx, const str_t *cert_thumbprint,
|
||||
const str_t *password, timer_context_t *timer_ctx)
|
||||
const str_t *password, const char *provider, unsigned int prov_type,
|
||||
timer_context_t *timer_ctx)
|
||||
{
|
||||
assert(ctx != NULL);
|
||||
|
||||
ctx->cert_thumbprint = cert_thumbprint;
|
||||
ctx->password = password;
|
||||
ctx->provider = provider;
|
||||
ctx->prov_type = prov_type;
|
||||
ctx->timer_ctx = timer_ctx;
|
||||
}
|
||||
|
||||
|
|
@ -41,6 +46,6 @@ int cryptopro_sign(const cryptopro_context_t *ctx, const str_t *data, /*out*/ st
|
|||
int cryptopro_verify(const str_t* cert_thumbprint, const str_t* alg, const str_t *data,
|
||||
const str_t *sign, bool* is_verified, char** verify_error);
|
||||
|
||||
int cryptopro_gen_random(unsigned char* data, size_t len);
|
||||
int cryptopro_gen_random(const cryptopro_context_t *ctx, unsigned char* data, size_t len);
|
||||
|
||||
#endif // CRYPTOPRO_H_INCLUDED
|
||||
|
|
|
|||
|
|
@ -76,7 +76,7 @@ uuid_pack(const struct uuid *uu, uuid_t ptr)
|
|||
}
|
||||
|
||||
char*
|
||||
generate_uuid4()
|
||||
generate_uuid4(const void *crypt_ctx)
|
||||
{
|
||||
char *uuid;
|
||||
uuid_t buf;
|
||||
|
|
@ -91,7 +91,7 @@ generate_uuid4()
|
|||
goto error;
|
||||
}
|
||||
|
||||
if (cryptopro_gen_random(buf, sizeof(buf))) {
|
||||
if (cryptopro_gen_random(crypt_ctx, buf, sizeof(buf))) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,6 @@
|
|||
#define UUID_H_INCLUDED
|
||||
|
||||
// generates uuid version 4
|
||||
char* generate_uuid4();
|
||||
char* generate_uuid4(const void *crypt_ctx);
|
||||
|
||||
#endif // UUID_H_INCLUDED
|
||||
Loading…
Add table
Add a link
Reference in a new issue