Skip to content

Commit ed3909a

Browse files
committed
优化:abe密钥处理逻辑
1 parent 8f17fb9 commit ed3909a

File tree

3 files changed

+28
-16
lines changed

3 files changed

+28
-16
lines changed

devapi/abe/abe_crypto.cc

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -112,8 +112,6 @@ bool abe_crypto::save_user_key(std::string key_path, std::string key_str_b64){
112112
free(key_str);
113113

114114
if(pt == ""){
115-
//todo: 后续可以考虑增加一个参数决定每次启动是否更新abe_key
116-
//或者提供一个函数让程序员自行决定是否更新
117115
return false;
118116
}
119117
//写入abe_user_key

devapi/abe_extern.cc

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,12 @@
55
#include "mysqlx/abe/abe_crypto.h"
66
#include "mysqlx/xdevapi.h"
77

8+
#define SQL_CURRENT_USER_KEY_PRIFIX \
9+
"select owner,encrypted_key,sig_db,sig_db_type,sig_kms,sig_kms_type \
10+
from mysql.abe_user_key where owner = '"
11+
#define SQL_CURRENT_USER_KEY_SUFFIX "'"
12+
#define SQL_CURRENT_USER_ATT "select current_abe_attribute()"
13+
#define SQL_CURRENT_USER "select current_user()"
814

915
namespace mysqlx{
1016
MYSQLX_ABI_BEGIN(2,0)
@@ -48,13 +54,14 @@ std::string abe_query::recover(const std::string &ct){
4854

4955

5056
std::string abe_env::get_current_user_key(){
51-
std::string str = "select owner,encrypted_key,sig_db,sig_db_type,sig_kms,sig_kms_type from mysql.abe_user_key";
52-
str += " where owner = '" + abe.user.user_id + "';";
57+
std::string str = std::string(SQL_CURRENT_USER_KEY_PRIFIX);
58+
str += abe.user.user_id;
59+
str += std::string(SQL_CURRENT_USER_KEY_SUFFIX);
5360

5461
RowResult res = sess->sql(str).execute();
5562

56-
int field_num = res.count();
57-
int row_num = res.getColumnCount();
63+
int row_num = res.count();
64+
int field_num = res.getColumnCount();
5865
if(row_num != 1){
5966
ABE_LOG("It seems that you don't have the abe key, please contact the admininistrator");
6067
}
@@ -82,7 +89,7 @@ std::string abe_env::get_current_user_key(){
8289

8390
std::string abe_env::get_current_user(){
8491

85-
RowResult res = sess->sql("select current_user()").execute();
92+
RowResult res = sess->sql(SQL_CURRENT_USER).execute();
8693

8794
int field_num = res.count();
8895
int row_num = res.getColumnCount();
@@ -96,7 +103,7 @@ std::string abe_env::get_current_user(){
96103

97104
std::string abe_env::get_current_user_abe_attribute(){
98105

99-
RowResult res = sess->sql("select current_abe_attribute()").execute();
106+
RowResult res = sess->sql(SQL_CURRENT_USER_ATT).execute();
100107

101108
int field_num = res.count();
102109
int row_num = res.getColumnCount();
@@ -126,18 +133,20 @@ bool abe_env::abe_prepare_queries(const abe_parameters &params){
126133
}
127134

128135
if(!check_abe_key()){
129-
std::string abe_key = get_current_user_key();
130-
if(abe_key == ""){
131-
return false;
132-
}else{
133-
//todo:存储abe_key的逻辑
134-
abe.save_user_key(params.abe_key_path, abe_key);
135-
}
136+
update_abe_key(params.abe_key_path);
136137
}
137138
return true;
138139

139140
}
140141

142+
bool abe_env::update_abe_key(std::string abe_key_path){
143+
std::string abe_key = get_current_user_key();
144+
if(abe_key == ""){
145+
return false;
146+
}
147+
return abe.save_user_key(abe_key_path, abe_key);
148+
}
149+
141150
bool abe_env::init(const abe_parameters &params){
142151
if(!abe.init(params.abe_pp_path, params.abe_key_path,
143152
params.kms_cert_path, params.db_cert_path,

include/mysqlx/abe_extern.h

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,12 @@ class PUBLIC_API abe_env{
6262
return abe.check_abe_key();
6363
}
6464

65-
private:
65+
/*
66+
init时如果存在abe_key则不重复下载,使用update_abe_key可以强制更新abe_key
67+
*/
68+
bool update_abe_key(std::string abe_key_path);
69+
70+
6671
Session * sess;
6772
abe::abe_crypto abe;
6873

0 commit comments

Comments
 (0)