From b5b7ab99d39bb43605c1e7b4b50615e3adb4fdc2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E7=A5=A5=E8=B6=85?= Date: Fri, 18 Mar 2022 17:09:15 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8A=A8=E6=80=81=E6=9B=B4=E6=96=B0OCSP?= =?UTF-8?q?=EF=BC=8C=E9=98=B2=E6=AD=A2=E8=BF=87=E6=9C=9F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- internal/nodes/http_client_pool_test.go | 8 +-- internal/nodes/task_ocsp_update.go | 92 +++++++++++++++++++++++++ internal/nodes/task_ocsp_update_test.go | 16 +++++ internal/rpc/rpc_client.go | 4 ++ 4 files changed, 116 insertions(+), 4 deletions(-) create mode 100644 internal/nodes/task_ocsp_update.go create mode 100644 internal/nodes/task_ocsp_update_test.go diff --git a/internal/nodes/http_client_pool_test.go b/internal/nodes/http_client_pool_test.go index 556dd0b..7e19f7e 100644 --- a/internal/nodes/http_client_pool_test.go +++ b/internal/nodes/http_client_pool_test.go @@ -21,14 +21,14 @@ func TestHTTPClientPool_Client(t *testing.T) { t.Fatal(err) } { - client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil) + client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false) if err != nil { t.Fatal(err) } t.Log("client:", client) } for i := 0; i < 10; i++ { - client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil) + client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false) if err != nil { t.Fatal(err) } @@ -53,7 +53,7 @@ func TestHTTPClientPool_cleanClients(t *testing.T) { for i := 0; i < 10; i++ { t.Log("get", i) - _, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil) + _, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false) time.Sleep(1 * time.Second) } } @@ -73,6 +73,6 @@ func BenchmarkHTTPClientPool_Client(b *testing.B) { pool := NewHTTPClientPool() for i := 0; i < b.N; i++ { - _, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil) + _, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false) } } diff --git a/internal/nodes/task_ocsp_update.go b/internal/nodes/task_ocsp_update.go new file mode 100644 index 0000000..6545819 --- /dev/null +++ b/internal/nodes/task_ocsp_update.go @@ -0,0 +1,92 @@ +// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. + +package nodes + +import ( + "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" + "github.com/TeaOSLab/EdgeNode/internal/events" + "github.com/TeaOSLab/EdgeNode/internal/goman" + "github.com/TeaOSLab/EdgeNode/internal/remotelogs" + "github.com/TeaOSLab/EdgeNode/internal/rpc" + "github.com/iwind/TeaGo/Tea" + "time" +) + +var sharedOCSPTask = NewOCSPUpdateTask() + +func init() { + events.On(events.EventLoaded, func() { + sharedOCSPTask.version = sharedNodeConfig.OCSPVersion + + goman.New(func() { + sharedOCSPTask.Start() + }) + }) + events.On(events.EventQuit, func() { + sharedOCSPTask.Stop() + }) + +} + +// OCSPUpdateTask 更新OCSP任务 +type OCSPUpdateTask struct { + version int64 + + ticker *time.Ticker +} + +func NewOCSPUpdateTask() *OCSPUpdateTask { + var ticker = time.NewTicker(1 * time.Minute) + if Tea.IsTesting() { + ticker = time.NewTicker(10 * time.Second) + } + return &OCSPUpdateTask{ + ticker: ticker, + } +} + +func (this *OCSPUpdateTask) Start() { + for range this.ticker.C { + err := this.Loop() + if err != nil { + remotelogs.Warn("OCSPUpdateTask", "update ocsp failed: "+err.Error()) + } + } +} + +func (this *OCSPUpdateTask) Loop() error { + rpcClient, err := rpc.SharedRPC() + if err != nil { + return err + } + + resp, err := rpcClient.SSLCertService().ListUpdatedSSLCertOCSP(rpcClient.Context(), &pb.ListUpdatedSSLCertOCSPRequest{ + Version: this.version, + Size: 100, + }) + if err != nil { + return err + } + + for _, ocsp := range resp.SslCertOCSP { + // 更新OCSP + sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Ocsp) + + // 修改版本 + this.version = ocsp.Version + } + + return nil +} + +func (this *OCSPUpdateTask) Stop() { + this.ticker.Stop() +} + +func (this *OCSPUpdateTask) updateOCSP(certId int64, ocsp []byte) { + var config = sharedNodeConfig + if config == nil { + return + } + +} diff --git a/internal/nodes/task_ocsp_update_test.go b/internal/nodes/task_ocsp_update_test.go new file mode 100644 index 0000000..c2e23bd --- /dev/null +++ b/internal/nodes/task_ocsp_update_test.go @@ -0,0 +1,16 @@ +// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved. + +package nodes_test + +import ( + "github.com/TeaOSLab/EdgeNode/internal/nodes" + "testing" +) + +func TestOCSPUpdateTask_Loop(t *testing.T) { + var task = &nodes.OCSPUpdateTask{} + err := task.Loop() + if err != nil { + t.Fatal(err) + } +} diff --git a/internal/rpc/rpc_client.go b/internal/rpc/rpc_client.go index 39db210..7fb3529 100644 --- a/internal/rpc/rpc_client.go +++ b/internal/rpc/rpc_client.go @@ -137,6 +137,10 @@ func (this *RPCClient) FirewallService() pb.FirewallServiceClient { return pb.NewFirewallServiceClient(this.pickConn()) } +func (this *RPCClient) SSLCertService() pb.SSLCertServiceClient { + return pb.NewSSLCertServiceClient(this.pickConn()) +} + // Context 节点上下文信息 func (this *RPCClient) Context() context.Context { ctx := context.Background()