SUPPORT-8941. Добавлено получение названия и типа провайдера из конфигурационного файла (подпись)

2025-02-24 15:43:55 +03:00 · 2025-02-24 15:43:55 +03:00 · 2517eb1a34
commit 2517eb1a34
parent 9f0a9efa11
11 changed files with 49 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -86,6 +86,8 @@ cmake -DCONFIG_NAME=/opt/ervu-sign-module.conf ..
 - В секции **\[main\]** задать общие настройки:  
 worker_processes = 10 *\# количество воркеров (значение по умолчанию: 10)*  
 cp_file = libcapi20.so *\# путь до файла библиотеки криптопровайдера*  
 cp_name = Crypto-Pro GOST R 34.10-2012 KC2 CSP *\# название криптопровайдера*  
 cp_type = 80 *\# тип криптопровайдера*    
 - В секции **\[fcgi\]** задать настройки fcgi-сервера:  
 fcgi_listen_port = 9009 *\# значение по умолчанию: 9009, должно совпадать со значением в nginx.conf*  
--- a/conf/ervu-sign-module.conf.example
+++ b/conf/ervu-sign-module.conf.example
@ -1,6 +1,8 @@
 [main]
 #worker_processes = 10
 cp_file = /opt/cprocsp/lib/amd64/libcapi20.so
 #cp_name = Crypto-Pro GOST R 34.10-2012 KC2 CSP
 #cp_type = 80
 [fcgi]
 fcgi_listen_port = 9009
--- a/src/main_conf.c
+++ b/src/main_conf.c
@ -7,9 +7,14 @@
 #define MAIN_CONF_SECTION               "main"
 #define MAIN_CONF_KEY_WORKER_PROCESSES  "worker_processes"
 #define MAIN_CONF_KEY_CP_FILE           "cp_file"
 #define MAIN_CONF_KEY_CP_NAME           "cp_name"
 #define MAIN_CONF_KEY_CP_TYPE           "cp_type"
 /* default configuration values: */
 static const int FCGI_CONF_DEFAULT_WORKER_PROCESSES = 10;
 static const char* MAIN_CONF_DEFAULT_CP_NAME = "Crypto-Pro GOST R 34.10-2012 KC2 CSP";
 static const unsigned int MAIN_CONF_DEFAULT_CP_TYPE = 80;
 static char*
 copy_filename(const char *filename)
@ -50,6 +55,22 @@ main_conf_load(main_conf_t* conf, const char *filename, const conf_file_context_
            CONF_FILE_VALUE_NONE,
            NULL
        },
        {
            MAIN_CONF_SECTION,
            MAIN_CONF_KEY_CP_NAME,
            &(conf->cp_name),
            CONF_FILE_VALUE_STRING,
            CONF_FILE_VALUE_NONE,
            &MAIN_CONF_DEFAULT_CP_NAME
        },
        {
            MAIN_CONF_SECTION,
            MAIN_CONF_KEY_CP_TYPE,
            &(conf->cp_type),
            CONF_FILE_VALUE_INTEGER,
            CONF_FILE_VALUE_NONE,
            &MAIN_CONF_DEFAULT_CP_TYPE
        },
    };
    if (conf_file_load_values(conf_file, fields, sizeof(fields) / sizeof(conf_file_field_t))) {
@ -82,6 +103,7 @@ main_conf_clear(main_conf_t* conf)
    }
    free(conf->cp_file);
    free(conf->cp_name);
    free(conf->conf_file);
    memset(conf, 0, sizeof(main_conf_t));
 }
--- a/src/main_conf.h
+++ b/src/main_conf.h
@ -6,6 +6,8 @@
 typedef struct main_conf_s {
    int                 worker_processes;
    char                *cp_file;                   /* файл криптопровайдера */
    char                *cp_name;                   /* название криптопровайдера */
    unsigned int        cp_type;                    /* тип криптопровайдера */
    char                *conf_file;
 } main_conf_t;
--- a/src/modules/service_sign.c
+++ b/src/modules/service_sign.c
@ -121,7 +121,7 @@ sign_conf_clear(sign_conf_t *conf)
 }
 HSign 
-sign_service_create(const sign_conf_t *conf)
+sign_service_create(const sign_conf_t *conf, const main_conf_t *main_conf)
 {
    LOG_TRACE("sign_service_create enter");
@ -138,6 +138,8 @@ sign_service_create(const sign_conf_t *conf)
    cryptopro_context_set(&hsign->cryptopro_ctx, 
                            &conf->sign_cert_thumbprint, 
                            &conf->sign_cert_password,
                            main_conf->cp_name,
                            main_conf->cp_type,
                            &hsign->timer_ctx);
    if (open_signer_cert(&hsign->cryptopro_ctx)) {
@ -372,7 +374,7 @@ sign_content_with_state(const sign_service_t *hsign, fcgi_sign_request_t *req_in
    LOG_TRACE("sign_content_with_state enter");
-    state = generate_uuid4();
+    state = generate_uuid4(&hsign->cryptopro_ctx);
    if (state == NULL) {
        goto error;
    }
--- a/src/modules/service_sign.h
+++ b/src/modules/service_sign.h
@ -1,6 +1,7 @@
 #ifndef SERVICE_SIGN_H_INCLUDED
 #define SERVICE_SIGN_H_INCLUDED
 #include "main_conf.h"
 #include "fcgisrv/fcgi_server.h"
 #include "utils/conf_file_context.h"
@ -19,7 +20,7 @@ typedef struct sign_conf_s {
 int sign_conf_load(sign_conf_t *conf, const conf_file_context_t conf_file);
 void sign_conf_clear(sign_conf_t *conf);
-HSign sign_service_create(const sign_conf_t *conf);
+HSign sign_service_create(const sign_conf_t *conf, const main_conf_t *main_conf);
 void sign_service_free(HSign hsign);
 fcgi_handler_status_t fcgi_sign_handler(FCGX_Request* request, void* ctx);
--- a/src/service_manager.c
+++ b/src/service_manager.c
@ -239,7 +239,7 @@ init_services(service_manager_t* services, const service_manager_conf_t* service
    }
    /* sign service */
-    services->hsign = sign_service_create(&services_cf->sign_cf);
+    services->hsign = sign_service_create(&services_cf->sign_cf, &services_cf->main_cf);
    if (services->hsign == NULL) {
        goto error;
    }
--- a/src/utils/cryptopro.c
+++ b/src/utils/cryptopro.c
@ -809,15 +809,16 @@ exit:
 }
 int 
-cryptopro_gen_random(unsigned char* data, size_t len)
+cryptopro_gen_random(const cryptopro_context_t *ctx, unsigned char* data, size_t len)
 {
    HCRYPTPROV hCryptProv = 0;
    LOG_TRACE("cryptopro_gen_random enter");
-    if (!cp_function_list.CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_GOST_2012_256, 
+    if (!cp_function_list.CryptAcquireContext(&hCryptProv, NULL, ctx->provider, ctx->prov_type, 
                                                CRYPT_VERIFYCONTEXT)) {
-        LOG_ERROR("CryptAcquireContext() failed");
+        LOG_ERROR("CryptAcquireContext() failed. provider: '%s', prov_type: %u", 
                        ctx->provider, ctx->prov_type);
        goto error;
    }
--- a/src/utils/cryptopro.h
+++ b/src/utils/cryptopro.h
@ -12,6 +12,8 @@
 typedef struct cryptopro_context_s {
    const str_t             *cert_thumbprint;
    const str_t             *password;
    const char              *provider;
    unsigned int            prov_type;
    timer_context_t         *timer_ctx;
    HCERTSTORE              cert_store;
@ -22,12 +24,15 @@ typedef struct cryptopro_context_s {
 static inline void
 cryptopro_context_set(cryptopro_context_t *ctx, const str_t *cert_thumbprint, 
-                        const str_t *password, timer_context_t *timer_ctx)
+                        const str_t *password, const char *provider, unsigned int prov_type, 
                        timer_context_t *timer_ctx)
 {
    assert(ctx != NULL);
    ctx->cert_thumbprint = cert_thumbprint;
    ctx->password = password;
    ctx->provider = provider;
    ctx->prov_type = prov_type;
    ctx->timer_ctx = timer_ctx;
 }
@ -41,6 +46,6 @@ int cryptopro_sign(const cryptopro_context_t *ctx, const str_t *data, /*out*/ st
 int cryptopro_verify(const str_t* cert_thumbprint, const str_t* alg, const str_t *data, 
                        const str_t *sign, bool* is_verified, char** verify_error);
-int cryptopro_gen_random(unsigned char* data, size_t len);
+int cryptopro_gen_random(const cryptopro_context_t *ctx, unsigned char* data, size_t len);
 #endif // CRYPTOPRO_H_INCLUDED
--- a/src/utils/uuid.c
+++ b/src/utils/uuid.c
@ -76,7 +76,7 @@ uuid_pack(const struct uuid *uu, uuid_t ptr)
 }
 char* 
-generate_uuid4()
+generate_uuid4(const void *crypt_ctx)
 {
    char *uuid;
    uuid_t buf;
@ -91,7 +91,7 @@ generate_uuid4()
        goto error;
    }
-    if (cryptopro_gen_random(buf, sizeof(buf))) {
+    if (cryptopro_gen_random(crypt_ctx, buf, sizeof(buf))) {
        goto error;
    }
--- a/src/utils/uuid.h
+++ b/src/utils/uuid.h
@ -2,6 +2,6 @@
 #define UUID_H_INCLUDED
 // generates uuid version 4
-char* generate_uuid4();
+char* generate_uuid4(const void *crypt_ctx);
 #endif // UUID_H_INCLUDED