diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java b/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java index 898a8e69e..99d9cbe33 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java @@ -6,12 +6,16 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.UUID; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.util.FileCopyUtils; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.multipart.MultipartFile; @@ -69,19 +73,19 @@ public class FileHijackController extends CommonController{ File file = null; try{ if(cfgFile != null) { - String filename = cfgFile.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_" + prefix, suffix); - cfgFile.transferTo(file);// 复制文件 - String md5 = FileUtils.getFileMD5(file); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(cfgFile.getBytes(), file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); + srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false)); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false)); + srcMap.put("fileName", cfgFile.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 劫持文件 上传响应信息:" + JsonMapper.toJsonString(result)); String path = null; diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java index e662d7be6..0fcf5e6ae 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java @@ -6,12 +6,16 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.UUID; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.util.FileCopyUtils; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.multipart.MultipartFile; @@ -68,19 +72,19 @@ public class FileInsertScriptController extends CommonController{ File file = null; try{ if(cfgFile != null) { - String filename = cfgFile.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_"+ prefix, suffix); - cfgFile.transferTo(file);//复制文件 - String md5 = FileUtils.getFileMD5(file); - Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); - srcMap.put("datatype", "dbSystem");//源文件存入数据中心 - srcMap.put("createTime",new Date()); - srcMap.put("key",prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(cfgFile.getBytes(), file); + Map srcMap = Maps.newHashMap(); + srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false)); + srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 + srcMap.put("createTime", new Date()); + srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false)); + srcMap.put("fileName", cfgFile.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("注入脚本文件上传响应信息:"+JsonMapper.toJsonString(result)); String srcAccessUrl = null; diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java b/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java index 022facde2..565004ea7 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java @@ -11,14 +11,17 @@ package com.nis.web.controller.configuration.proxy; import java.io.File; import java.util.Date; import java.util.Map; +import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.util.FileCopyUtils; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.multipart.MultipartFile; @@ -94,19 +97,19 @@ public class FileResponsePageController extends CommonController { File file = null; try{ if(cfgFile != null) { - String filename = cfgFile.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_"+ prefix, suffix); - cfgFile.transferTo(file);//复制文件 - String md5 = FileUtils.getFileMD5(file); - Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); - srcMap.put("datatype", "dbSystem");//源文件存入数据中心 - srcMap.put("createTime",new Date()); - srcMap.put("key",prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(cfgFile.getBytes(), file); + Map srcMap = Maps.newHashMap(); + srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false)); + srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 + srcMap.put("createTime", new Date()); + srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false)); + srcMap.put("fileName", cfgFile.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("http 重定向阻断文件上传响应信息:"+JsonMapper.toJsonString(result)); String srcAccessUrl = null; @@ -115,7 +118,7 @@ public class FileResponsePageController extends CommonController { srcAccessUrl=data.getAccessUrl(); cfg.setUrl(srcAccessUrl);; } - cfg.setMd5(md5);//文件md5值 + cfg.setMd5(DigestUtils.md5Hex(cfgFile.getBytes()));//文件md5值 cfg.setContentLength(file.length());//文件长度 } proxyFileResponsePageService.saveOrUpdate(cfg); diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java index 0c4079e03..c7f67d697 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.BeanUtils; +import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.mock.web.MockMultipartFile; import org.springframework.stereotype.Controller; @@ -209,19 +210,19 @@ public class PxyObjKeyringController extends BaseController { try { if (validFlag) { if (publicKeyFileI != null) { - String filename = publicKeyFileI.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_" + prefix, suffix); - publicKeyFileI.transferTo(file);// 复制文件 - String md5 = FileUtils.getFileMD5(file); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(publicKeyFileI.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(publicKeyFileI.getBytes(), file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); + srcMap.put("filetype", FileUtils.getSuffix(publicKeyFileI.getOriginalFilename(), false)); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + srcMap.put("key", FileUtils.getPrefix(publicKeyFileI.getOriginalFilename(), false)); + srcMap.put("fileName", publicKeyFileI.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(publicKeyFileI.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 证书文件策略公钥 文件上传响应信息:" + JsonMapper.toJsonString(result)); String publicKeyFileAccessUrl = null; @@ -233,19 +234,19 @@ public class PxyObjKeyringController extends BaseController { } } if (privateKeyFileI != null) { - String filename = privateKeyFileI.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_" + prefix, suffix); - privateKeyFileI.transferTo(file);// 复制文件 - String md5 = FileUtils.getFileMD5(file); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(privateKeyFileI.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(privateKeyFileI.getBytes(), file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); + srcMap.put("filetype", FileUtils.getSuffix(privateKeyFileI.getOriginalFilename(), false)); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + srcMap.put("key", FileUtils.getPrefix(privateKeyFileI.getOriginalFilename(), false)); + srcMap.put("fileName", privateKeyFileI.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(privateKeyFileI.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 证书文件策略私钥 上传响应信息:" + JsonMapper.toJsonString(result)); String privateKeyFileAccessUrl = null; @@ -694,19 +695,19 @@ public class PxyObjKeyringController extends BaseController { try { if (validFlag) { if (certFileI != null) { - String filename = certFileI.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_" + prefix, suffix); - certFileI.transferTo(file);// 复制文件 - String md5 = FileUtils.getFileMD5(file); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(certFileI.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(certFileI.getBytes(), file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); + srcMap.put("filetype", FileUtils.getSuffix(certFileI.getOriginalFilename(), false)); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + srcMap.put("key", FileUtils.getPrefix(certFileI.getOriginalFilename(), false)); + srcMap.put("fileName", certFileI.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(certFileI.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 可信证书 文件上传响应信息:" + JsonMapper.toJsonString(result)); String certFileAccessUrl = null; @@ -815,19 +816,19 @@ public class PxyObjKeyringController extends BaseController { try { if (validFlag) { if (crlFileI != null) { - String filename = crlFileI.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_" + prefix, suffix); - crlFileI.transferTo(file);// 复制文件 - String md5 = FileUtils.getFileMD5(file); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(crlFileI.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(crlFileI.getBytes(), file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); + srcMap.put("filetype", FileUtils.getSuffix(crlFileI.getOriginalFilename(), false)); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + srcMap.put("key", FileUtils.getPrefix(crlFileI.getOriginalFilename(), false)); + srcMap.put("fileName", crlFileI.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(crlFileI.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result)); String crlFileAccessUrl = null; @@ -978,19 +979,19 @@ public class PxyObjKeyringController extends BaseController { PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert(); cfg.setBuiltIn(1); BeanUtils.copyProperties(cfg, cacertBuitIn); - filename = file.getName(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - newFile = File.createTempFile("file_" + prefix, suffix); - multipartFile.transferTo(newFile);// 复制文件 - String md5 = FileUtils.getFileMD5(file); + String sep = System.getProperty("file.separator"); + String digestFilePath = request.getRealPath("/") + "digestFile"; + FileUtils.createDirectory(digestFilePath); + String fileName = UUID.randomUUID() + FileUtils.getSuffix(multipartFile.getOriginalFilename(), true); + file = new File(digestFilePath + sep + fileName); + FileCopyUtils.copy(multipartFile.getBytes(), file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); + srcMap.put("filetype", FileUtils.getSuffix(multipartFile.getOriginalFilename(), false)); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); + srcMap.put("key", FileUtils.getPrefix(multipartFile.getOriginalFilename(), false)); + srcMap.put("fileName", multipartFile.getOriginalFilename()); + srcMap.put("checksum", DigestUtils.md5Hex(multipartFile.getBytes())); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("可信证书内置证书 文件上传响应信息:" + JsonMapper.toJsonString(result)); String crlFileAccessUrl = null;