Skip to content

P
plugin
Commit 12701bfb authored by libangzhu's avatar libangzhu
Browse files
Options

update serail func

parent 10c93e40
Hide whitespace changes
Inline Side-by-side
Showing with 12 additions and 17 deletions
plugin/p2p/gossip/listener.go
View file @ 12701bfb
......@@ -6,7 +6,6 @@ package gossip
import (
"fmt"
"math/big"
"math/rand"
"net"
"sync"
......@@ -93,8 +92,7 @@ Retry:
return nil, err
}
if serialNum, ok := latestSerials.Load(ip); ok {
bn, _ := big.NewInt(1).SetString(serialNum.(string), 10)
if isRevoke(bn) { //证书被吊销 拒绝接口请求
if isRevoke(serialNum.(string)) { //证书被吊销 拒绝接口请求
return nil, fmt.Errorf("interceptor: authentication interceptor faild Certificate SerialNumber %v revoked", serialNum.(string))
}
}
......@@ -124,8 +122,7 @@ Retry:
return err
}
if serialNum, ok := latestSerials.Load(ip); ok {
bn, _ := big.NewInt(1).SetString(serialNum.(string), 10)
if isRevoke(bn) { //证书被吊销 拒绝接口请求
if isRevoke(serialNum.(string)) { //证书被吊销 拒绝接口请求
return fmt.Errorf("interceptor: authentication Stream faild Certificate SerialNumber %v revoked", serialNum.(string))
}
}
......
plugin/p2p/gossip/tls.go
View file @ 12701bfb
......@@ -6,7 +6,6 @@ import (
"crypto/x509"
"errors"
"fmt"
"math/big"
"net"
"net/url"
"strings"
......@@ -35,10 +34,10 @@ var (
)
//serialNum -->ip
func addCertSerial(serial *big.Int, ip string) {
func addCertSerial(serial string, ip string) {
revokeLock.Lock()
defer revokeLock.Unlock()
serials[serial.String()] = &certInfo{false, ip, serial.String()}
serials[serial] = &certInfo{false, ip, serial}
}
func updateCertSerial(serial string, revoke bool) certInfo {
......@@ -50,23 +49,22 @@ func updateCertSerial(serial string, revoke bool) certInfo {
return *v
}
//serials[serial.String()] = v
return certInfo{}
}
func isRevoke(serial *big.Int) bool {
func isRevoke(serial string) bool {
revokeLock.Lock()
defer revokeLock.Unlock()
if r, ok := serials[serial.String()]; ok {
if r, ok := serials[serial]; ok {
return r.revoke
}
return false
}
func removeCertSerial(serial *big.Int) {
func removeCertSerial(serial string) {
revokeLock.Lock()
defer revokeLock.Unlock()
delete(serials, serial.String())
delete(serials, serial)
}
func getSerialNums() []string {
......@@ -146,13 +144,13 @@ func (c *Tls) ClientHandshake(ctx context.Context, authority string, rawConn net
log.Debug("ClientHandshake", "Certificate SerialNumber", peerSerialNum, "Certificate Number", certNum, "RemoteAddr", rawConn.RemoteAddr(), "tlsInfo", tlsInfo)
addrSplites := strings.Split(rawConn.RemoteAddr().String(), ":")
//检查证书是否被吊销
if isRevoke(peerSerialNum) {
if isRevoke(peerSerialNum.String()) {
conn.Close()
return nil, nil, errors.New(fmt.Sprintf("transport: authentication handshake failed: ClientHandshake Certificate SerialNumber %v revoked", peerSerialNum.String()))
}
if len(addrSplites) > 0 { //服务端证书的序列号,已经其IP地址
addCertSerial(peerSerialNum, addrSplites[0])
addCertSerial(peerSerialNum.String(), addrSplites[0])
latestSerials.Store(addrSplites[0], peerSerialNum.String()) //ip --->serialNum
}
}
......@@ -184,13 +182,13 @@ func (c *Tls) ServerHandshake(rawConn net.Conn) (net.Conn, credentials.AuthInfo,
peerSerialNum := peerCert[0].SerialNumber
log.Debug("ServerHandshake", "peerSerialNum", peerSerialNum, "Certificate Number", certNum, "RemoteAddr", rawConn.RemoteAddr(), "tlsinfo", tlsInfo, "remoteAddr", conn.RemoteAddr())
if isRevoke(peerSerialNum) {
if isRevoke(peerSerialNum.String()) {
rawConn.Close()
return nil, nil, errors.New(fmt.Sprintf("transport: authentication handshake failed: ServerHandshake %s revoked", peerSerialNum.String()))
}
addrSplites := strings.Split(rawConn.RemoteAddr().String(), ":")
if len(addrSplites) > 0 {
addCertSerial(peerSerialNum, addrSplites[0])
addCertSerial(peerSerialNum.String(), addrSplites[0])
latestSerials.Store(addrSplites[0], peerSerialNum.String()) //ip --->serialNum
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment