merge

include/en_config.h

@@ -0,0 +1,28 @@
+#ifndef ENCRYPTSQL_CONFIG_H
+#define ENCRYPTSQL_CONFIG_H
+
+// 安装路径（由 -DENCRYPTSQL_INSTALL_DIR=... 指定）
+#define ENCRYPTSQL_INSTALL_DIR      "/usr/local/postgresql"
+#define ENCRYPTSQL_CONFIG_DIR       "/etc/encryptsql"
+#define DK_SERVER_HOST              "127.0.0.1"
+#define DK_SERVER_PORT              "9443"
+
+#define CREATEUDF_SQL_PATH          ENCRYPTSQL_INSTALL_DIR "/createudf.sql"
+#define MASK_FUNCS_SQL_PATH         ENCRYPTSQL_INSTALL_DIR "/mask_funcs.sql"
+
+#define MAP_JSON_PATH               ENCRYPTSQL_CONFIG_DIR "/map.json"
+#define MAP_JSON_BACKUP_PATH        ENCRYPTSQL_CONFIG_DIR "/map.json.backup"
+
+#define CMK_FILE_PATH               ENCRYPTSQL_CONFIG_DIR "/output.json"
+#define CMK_FILE_BACKUP_PATH        ENCRYPTSQL_CONFIG_DIR "/output.json.backup"
+
+#define CMK_KEY_PATH                ENCRYPTSQL_CONFIG_DIR "/domainkey"
+#define CMK_ROTATE_STATUS_PATH      ENCRYPTSQL_CONFIG_DIR "/CMK_auto_rotate_status.json"
+
+#define ROOT_KEY_GEN_PATH           ENCRYPTSQL_CONFIG_DIR "/kms_root"
+
+#define BACKUP_BIN_PATH             ENCRYPTSQL_INSTALL_DIR "/bin/backup"
+#define RESTORE_BIN_PATH            ENCRYPTSQL_INSTALL_DIR "/bin/restore"
+
+
+#endif /* ENCRYPTSQL_CONFIG_H */

include/kms/ikms_core.hpp

@@ -1,4 +1,4 @@
-#ifndef I_KMS_CORE_HPP
+#ifndef IKMS_CORE_HPP
 #define IKMS_CORE_HPP
 
 #include "kms_common.hpp"
@@ -11,7 +11,7 @@ public:
     virtual ~IKmsCore() = default;
 
     /**
-     * @brief 自定义初始化逻辑
+     * @brief 自定义初始化逻辑，不需要手动调用，会在单例第一次被创建时自动调用
      * local：解析json, 随后LoadCmkByUsername
      * tencent：或许可以是从配置文件中读取参数
      */

include/kms/kms_common.hpp

@@ -5,7 +5,7 @@
 #include <string>
 #include <queue>
 #include <unordered_map>
-
+#include <openssl/crypto.h>
 
 #define AES_BLOCK_SIZE 16
 
@@ -105,19 +105,45 @@ public:
     std::string getType() const override { return "local"; }
 };
 
-// Tencent KMS 配置
-class TencentKmsConfig : public IKmsConfig {
+// Huawei KMS 配置
+class HuaweiKmsConfig : public IKmsConfig {
 public:
-    std::string access_key;
-    std::string secret_key;
+    // 必需参数
+    std::string accessKey;
+    std::string secretKey;
+    std::string projectId;
     std::string region;
-    std::string endpoint;
-    // ... 自定义
     
-    TencentKmsConfig(const std::string& ak, const std::string& sk, const std::string& r)
-        : access_key(ak), secret_key(sk), region(r) {}
+    // 可选参数
+    std::string endpoint = "";
+    std::string keyAlias = "default-key";
     
-    std::string getType() const override { return "tencent"; }
+    // 实现 getType() 方法
+    std::string getType() const override {
+        return "huawei";
+    }
+    
+    // 有参构造函数
+    HuaweiKmsConfig(const std::string& ak, const std::string& sk,
+                   const std::string& pid, const std::string& reg,
+                   const std::string& ep = "", const std::string& alias = "")
+        : accessKey(ak), secretKey(sk), projectId(pid), 
+          region(reg), endpoint(ep), keyAlias(alias) {}
+
+    // 安全清除敏感信息
+    void ClearSensitiveData() {
+        OverwriteString(accessKey);
+        OverwriteString(secretKey);
+    }
+
+private:
+    void OverwriteString(std::string& str) {
+        if (!str.empty()) {
+            // 使用OpenSSL安全清除内存
+            OPENSSL_cleanse(&str[0], str.size());
+            str.clear();
+        }
+    }
 };
 
 #endif // KMS_COMMON_HPP

include/kms/kms_core_local.hpp

@@ -48,7 +48,6 @@ private:
     std::map<std::string, pid_t> cmk_auto_rotate_pids; // 自动轮转进程 ID
     std::map<std::string, bool> cmk_auto_rotate_status; // 自动轮转状态
 
-
     std::vector<unsigned char> readBinaryFile(const std::string& path);
     std::vector<unsigned char> xorBuffers(const std::vector<unsigned char>& a, const std::vector<unsigned char>& b);
     std::vector<unsigned char> hmac_sha256(const std::vector<unsigned char>& key, const std::vector<unsigned char>& message);