优化：abe密钥处理逻辑

IteratorGIT · IteratorGIT · commit ed3909ae3659 · 2023-12-22T17:48:32.000+08:00
diff --git a/devapi/abe/abe_crypto.cc b/devapi/abe/abe_crypto.cc
@@ -112,8 +112,6 @@ bool abe_crypto::save_user_key(std::string key_path, std::string key_str_b64){
     free(key_str);
 
     if(pt == ""){
-        //todo: 后续可以考虑增加一个参数决定每次启动是否更新abe_key
-        //或者提供一个函数让程序员自行决定是否更新
         return false;
     }
     //写入abe_user_key
diff --git a/devapi/abe_extern.cc b/devapi/abe_extern.cc
@@ -5,6 +5,12 @@
 #include "mysqlx/abe/abe_crypto.h"
 #include "mysqlx/xdevapi.h"
 
+#define SQL_CURRENT_USER_KEY_PRIFIX \
+    "select owner,encrypted_key,sig_db,sig_db_type,sig_kms,sig_kms_type \
+    from mysql.abe_user_key where owner = '"
+#define SQL_CURRENT_USER_KEY_SUFFIX "'"
+#define SQL_CURRENT_USER_ATT "select current_abe_attribute()"
+#define SQL_CURRENT_USER "select current_user()"
 
 namespace mysqlx{
 MYSQLX_ABI_BEGIN(2,0)
@@ -48,13 +54,14 @@ std::string abe_query::recover(const std::string &ct){
 
 
 std::string abe_env::get_current_user_key(){
-    std::string str = "select owner,encrypted_key,sig_db,sig_db_type,sig_kms,sig_kms_type from mysql.abe_user_key";
-    str += " where owner = '" + abe.user.user_id + "';";
+    std::string str = std::string(SQL_CURRENT_USER_KEY_PRIFIX);
+    str += abe.user.user_id;
+    str += std::string(SQL_CURRENT_USER_KEY_SUFFIX);
 
     RowResult res = sess->sql(str).execute();
 
-    int field_num = res.count();
-    int row_num = res.getColumnCount();
+    int row_num = res.count();
+    int field_num = res.getColumnCount();
     if(row_num != 1){
         ABE_LOG("It seems that you don't have the abe key, please contact the admininistrator");
     }
@@ -82,7 +89,7 @@ std::string abe_env::get_current_user_key(){
 
 std::string abe_env::get_current_user(){
 
-    RowResult res = sess->sql("select current_user()").execute();
+    RowResult res = sess->sql(SQL_CURRENT_USER).execute();
 
     int field_num = res.count();
     int row_num = res.getColumnCount();
@@ -96,7 +103,7 @@ std::string abe_env::get_current_user(){
 
 std::string abe_env::get_current_user_abe_attribute(){
 
-    RowResult res = sess->sql("select current_abe_attribute()").execute();
+    RowResult res = sess->sql(SQL_CURRENT_USER_ATT).execute();
 
     int field_num = res.count();
     int row_num = res.getColumnCount();
@@ -126,18 +133,20 @@ bool abe_env::abe_prepare_queries(const abe_parameters &params){
     }
 
     if(!check_abe_key()){
-        std::string abe_key = get_current_user_key();
-        if(abe_key == ""){
-            return false;
-        }else{
-            //todo:存储abe_key的逻辑
-            abe.save_user_key(params.abe_key_path, abe_key);
-        }
+        update_abe_key(params.abe_key_path);
     }
     return true;
 
 }
 
+bool abe_env::update_abe_key(std::string abe_key_path){
+    std::string abe_key = get_current_user_key();
+    if(abe_key == ""){
+        return false;
+    }
+    return abe.save_user_key(abe_key_path, abe_key);
+}
+
 bool abe_env::init(const abe_parameters &params){
     if(!abe.init(params.abe_pp_path, params.abe_key_path, 
                     params.kms_cert_path, params.db_cert_path,
diff --git a/include/mysqlx/abe_extern.h b/include/mysqlx/abe_extern.h
@@ -62,7 +62,12 @@ class PUBLIC_API abe_env{
         return abe.check_abe_key();
     }
 
-private:
+    /*
+    init时如果存在abe_key则不重复下载，使用update_abe_key可以强制更新abe_key
+    */
+    bool update_abe_key(std::string abe_key_path);
+
+
     Session * sess;
     abe::abe_crypto abe;
 

Original file line number	Diff line number	Diff line change
`@@ -112,8 +112,6 @@ bool abe_crypto::save_user_key(std::string key_path, std::string key_str_b64){`
`112`	`112`	`free(key_str);`
`113`	`113`
`114`	`114`	`if(pt == ""){`
`115`		`- //todo: 后续可以考虑增加一个参数决定每次启动是否更新abe_key`
`116`		`- //或者提供一个函数让程序员自行决定是否更新`
`117`	`115`	`return false;`
`118`	`116`	`}`
`119`	`117`	`//写入abe_user_key`