可信证书内置证书功能添加

2019-06-08 16:51:28 +08:00
parent 5f8a9b43fc
commit 2bee7a7f68
12 changed files with 3914 additions and 162 deletions
--- a/src/main/java/com/nis/domain/configuration/PxyObjTrustedCaCert.java
+++ b/src/main/java/com/nis/domain/configuration/PxyObjTrustedCaCert.java
@@ -20,6 +20,8 @@ public class PxyObjTrustedCaCert extends BaseCfg<PxyObjTrustedCaCert> {
 	private String certFile; 
 	@ExcelField(title="crl_file",sort=4)
 	private String crlFile;
+	@ExcelField(title="built_in",sort=4)//是否内置证书
+	private Integer builtIn;
 	
 	public String getCrlFile() {
 		return crlFile;
@@ -47,6 +49,11 @@ public class PxyObjTrustedCaCert extends BaseCfg<PxyObjTrustedCaCert> {
 	public void setIndexTable(String indexTable) {
 		this.indexTable = indexTable;
 	}
-	
+	public Integer getBuiltIn() {
+		return builtIn;
+	}
+	public void setBuiltIn(Integer builtIn) {
+		this.builtIn = builtIn;
+	}
 	
 }
--- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -26,7 +26,7 @@ import javax.net.ssl.TrustManagerFactory;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

-import org.apache.commons.beanutils.BeanUtils;
+import org.springframework.beans.BeanUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.stereotype.Controller;
@@ -354,7 +354,8 @@ public class PxyObjKeyringController extends BaseController {
 			
 			// 临时文件删除
 			if(!delTempFile) {
-				resultMap.put("certFilePath", filePath);
+				this.certInfoMap.put("certFilePath", filePath);
+				logger.info("证书列表文件目录"+certInfoMap.get("certFilePath"));
 			}else {
 				logger.info("delete file" + filePath);
 				FileUtils.deleteFile(filePath);
@@ -599,6 +600,19 @@ public class PxyObjKeyringController extends BaseController {
 			@ModelAttribute("cfg") PxyObjTrustedCaCert entity, RedirectAttributes redirectAttributes) {
 		Page<PxyObjTrustedCaCert> page = pxyObjKeyringService
 				.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response, "r"), entity);
+		//判断是否存在内置证书，不存在则按钮开放。
+		PxyObjTrustedCaCert searchBuiltIn=new PxyObjTrustedCaCert();
+		searchBuiltIn.setBuiltIn(1);
+		searchBuiltIn.setIsValid(1);
+		searchBuiltIn.setIsAudit(1);
+		Page<PxyObjTrustedCaCert> builtInReslt = pxyObjKeyringService
+				.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response, "r"), searchBuiltIn);
+		if(builtInReslt != null && !StringUtil.isEmpty(builtInReslt.getList())) {
+			model.addAttribute("hasBuiltIn", true);
+		}else {
+			model.addAttribute("hasBuiltIn", false);
+		}
+
 		model.addAttribute("page", page);
 		initPageCondition(model, entity);
 		return "/cfg/intercept/strateagy/trustedCertList";
@@ -845,11 +859,13 @@ public class PxyObjKeyringController extends BaseController {
 	public String trustedCertBuiltIn(Model model, HttpServletRequest request, HttpServletResponse response,
 			@ModelAttribute("cfg") PxyObjTrustedCaCert cfg, MultipartFile crlFileI,
 			RedirectAttributes redirectAttributes) {
+		logger.info("证书列表开始校验");
 		boolean validFlag = true;
 		try {
 			if(crlFileI != null) {
 				//校验证书格式
 				boolean certFileflag = validCertFileContent(crlFileI,null, "-incacert");
+				logger.info("证书列表校验结果"+certFileflag);
 				if (!certFileflag) {
 					addMessage(redirectAttributes, "error", "save_failed");
 					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
@@ -871,6 +887,8 @@ public class PxyObjKeyringController extends BaseController {
 			}
 		}
 		
+		logger.info("证书列表开始解析");
+		
 		//2、调用脚本生成pem文件
 		//./cacert.sh tls-ca-bundle.pem  /home/ddm/cacert
 		String certFilePath="";
@@ -878,15 +896,17 @@ public class PxyObjKeyringController extends BaseController {
 		try {
 			if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("certFilePath"))) {
 				certFilePath=certInfoMap.get("certFilePath").toString();
+				logger.info("证书列表解析文件"+certFilePath);
 				String cacert = Thread.currentThread().getContextClassLoader()
 						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
 				this.execShell("", "chmod", "+x", cacert);
 				logger.info(Constants.CA_CERT_FILE+"脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + cacert);
 						
-				String resultDir = Thread.currentThread().getContextClassLoader()
-						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_DIR).getPath();
-				this.execShell(cacert, certFilePath,resultDir);
-				logger.info("内置证书文件生成："+cacert + " " + certFilePath+" "+resultDir);
+				resultDirPath = Thread.currentThread().getContextClassLoader()
+						.getResource(File.separator + Constants.CA_CERT_DIR).getPath();
+				logger.info("证书列表解析结果目录"+resultDirPath);
+				this.execShell(cacert, certFilePath,resultDirPath);
+				logger.info("内置证书文件生成："+cacert + " " + certFilePath+" "+resultDirPath);
 			}
 			//删除临时文件
 			if(!StringUtil.isEmpty(certFilePath)) {
@@ -900,10 +920,12 @@ public class PxyObjKeyringController extends BaseController {
 			LogUtils.saveLog(request, null, e, null);
 		}
 		
+		logger.info("所有证书开始校验");
 		//校验内置证书，并获取issuer信息
 		File fileDir=null;
 		Map<String,String> issuerMap=new HashMap<>();
 		if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
+			logger.info("证书列表文件解析结果目录："+resultDirPath);
 			fileDir=new File(resultDirPath);
 			try {
 				if(validFlag) {
@@ -912,9 +934,10 @@ public class PxyObjKeyringController extends BaseController {
 						MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
 						//校验证书格式
 						boolean validResult = validCertFileContent(multipartFile,null, "-incacert");
+						logger.info("证书校验结果"+validResult);
 						if (validResult && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("ca issuer"))) {
 							String issuer=certInfoMap.get("ca issuer").toString();
-							issuerMap.put(file.getName(), certInfoMap.get("ca issuer").toString());
+							issuerMap.put(file.getName(), issuer);
 						}else{
 							addMessage(redirectAttributes, "error", "save_failed");
 							logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
@@ -939,20 +962,18 @@ public class PxyObjKeyringController extends BaseController {
 		
 		}
 		
+		logger.info("所有证书开始上传minio");
 		List<PxyObjTrustedCaCert> caCertList=new ArrayList<PxyObjTrustedCaCert>();
-		if(validFlag) {
+		if(validFlag && fileDir != null && !StringUtil.isEmpty(fileDir.listFiles())) {
+			int index=1;
 			for (File file : fileDir.listFiles()) {
 				File newFile = null;
 				String filename ="";
 				try {
 					FileInputStream fileInputStream = new FileInputStream(file);
 					MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
-					Date date=new Date();
-					cfg.setCreateTime(date);
-					cfg.setCreatorId(UserUtils.getUser().getId());
-					cfg.setAuditTime(date);
-					cfg.setAuditorId(UserUtils.getUser().getId());
 					PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
+					cfg.setBuiltIn(1);
 					BeanUtils.copyProperties(cfg, cacertBuitIn);
 					filename = file.getName();
 					String prefix = FileUtils.getPrefix(filename, false);
@@ -973,10 +994,10 @@ public class PxyObjKeyringController extends BaseController {
 					if (!StringUtil.isEmpty(result)) {
 						ResponseData data = result.getData();
 						crlFileAccessUrl = data.getAccessUrl();
-						cacertBuitIn.setCrlFile(crlFileAccessUrl);
+						cacertBuitIn.setCertFile(crlFileAccessUrl);
 					}
 					cacertBuitIn.setIssuer(issuerMap.get(file.getName()));
-					cacertBuitIn.setCfgDesc(issuerMap.get(file.getName())+"_"+file.getName());
+					cacertBuitIn.setCfgDesc("built-in_cert"+index);
 					caCertList.add(cacertBuitIn);
 				} catch (Exception e) {
 					validFlag = false;
@@ -989,13 +1010,15 @@ public class PxyObjKeyringController extends BaseController {
 						LogUtils.saveLog(request, null, e, null);
 					}
 				}
+				index++;
 			}
+			
 		}	
-		
+		logger.info("所有证书信息开始入库并下发");
 		//入库并下发
 		if(validFlag){
 			try {
-				if(StringUtil.isEmpty(caCertList)){
+				if(!StringUtil.isEmpty(caCertList)){
 					pxyObjKeyringService.caCertSaveAndAudit(caCertList);
 				}
 			}catch (Exception e) {
@@ -1011,122 +1034,6 @@ public class PxyObjKeyringController extends BaseController {
 			}
 		}
 		
-		/*if (e instanceof MaatConvertException) {
-			addMessage(redirectAttributes, "error", "request_service_failed");
-			LogUtils.saveLog(request, null, e, null);
-		}else {
-			addMessage(redirectAttributes, "error", "save_failed");
-			LogUtils.saveLog(request, null, e, null);
-		}
-		*/
-		//3、返回文件成功个数。
-		
-		
-		/*File file = null;
-		boolean validFlag = true;
-		try {
-			if (crlFileI != null) {
-				boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
-				if (!certFileflag) {
-					addMessage(redirectAttributes, "error", "save_failed");
-					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
-					throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
-				}
-			}
-		} catch (Exception e) {
-			validFlag = false;
-			logger.error("证书文件校验失败", e);
-			if (e instanceof MaatConvertException) {
-				addMessage(redirectAttributes, "error", "request_service_failed");
-				LogUtils.saveLog(request, null, e, null);
-			} else if (e instanceof MultiPartNewException) {
-				addMessage(redirectAttributes, "error", e.getMessage());
-				LogUtils.saveLog(request, null, e, null);
-			} else {
-				addMessage(redirectAttributes, "error", "save_failed");
-				LogUtils.saveLog(request, null, e, null);
-			}
-		}
-
-		
-		try {
-			if (validFlag) {
-				validFlag = true;
-				if (crlFileI != null) {
-					// 获取issuer
-					if (certInfoMap != null && certInfoMap.size() > 0) {
-						String issuer = StringUtil.isEmpty(certInfoMap.get("crl issuer")) ? ""
-								: certInfoMap.get("crl issuer").toString();// 颁发者
-						if (cfg != null) {
-							if ((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))) {
-								logger.error("cert 和 crl的issuser不符合");
-								throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
-							} else {
-								cfg.setIssuer(issuer);
-							}
-
-						}
-					} else {
-						logger.error("crl的issuser为空");
-						throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_null"));
-					}
-				}
-			}
-		} catch (Exception e) {
-			validFlag = false;
-			logger.error("crl issuer比对失败", e);
-			if (e instanceof MultiPartNewException) {
-				addMessage(redirectAttributes, "error", e.getMessage());
-				LogUtils.saveLog(request, null, e, null);
-			} else {
-				addMessage(redirectAttributes, "error", "save_failed");
-				LogUtils.saveLog(request, null, e, null);
-			}
-		}
-		try {
-			if (validFlag) {
-				if (crlFileI != null) {
-					String filename = crlFileI.getOriginalFilename();
-					String prefix = FileUtils.getPrefix(filename, false);
-					String suffix = FileUtils.getSuffix(filename, false);
-					file = File.createTempFile("file_" + prefix, suffix);
-					crlFileI.transferTo(file);// 复制文件
-					String md5 = FileUtils.getFileMD5(file);
-					Map<String, Object> srcMap = Maps.newHashMap();
-					srcMap.put("filetype", suffix);
-					srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
-					srcMap.put("createTime", new Date());
-					srcMap.put("key", prefix);
-					srcMap.put("fileName", filename);
-					srcMap.put("checksum", md5);
-					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
-					logger.info("可信证书crl 文件上传响应信息：" + JsonMapper.toJsonString(result));
-					String crlFileAccessUrl = null;
-					if (!StringUtil.isEmpty(result)) {
-						ResponseData data = result.getData();
-						crlFileAccessUrl = data.getAccessUrl();
-						cfg.setCrlFile(crlFileAccessUrl);
-					}
-				}
-				pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
-
-				addMessage(redirectAttributes, "success", "save_success");
-			}
-
-		} catch (Exception e) {
-			logger.error("crl上传失败", e);
-			if (e instanceof MaatConvertException) {
-				addMessage(redirectAttributes, "error", "request_service_failed");
-				LogUtils.saveLog(request, null, e, null);
-			} else if (e instanceof MultiPartNewException) {
-				addMessage(redirectAttributes, "error", e.getMessage());
-				LogUtils.saveLog(request, null, e, null);
-			} else {
-				addMessage(redirectAttributes, "error", "save_failed");
-				LogUtils.saveLog(request, null, e, null);
-			}
-		}
-*/
 		return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
 	}

--- a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
@@ -66,6 +66,7 @@
 	    <result column="compile_id" property="compileId" jdbcType="INTEGER" />
 	    <result column="cancel_request_id" property="cancelRequestId" jdbcType="INTEGER" />
 	      <result column="do_log" property="doLog" jdbcType="INTEGER" />
+	      <result column="built_in" property="builtIn" jdbcType="INTEGER" />
 	  </resultMap>
 	  <resultMap id="PxyObjTrustedCaCrlMap" type="com.nis.domain.configuration.PxyObjTrustedCaCrl" >
 	    <id column="cfg_id" property="cfgId" jdbcType="BIGINT" />
@@ -102,7 +103,7 @@
 		,r.is_valid,r.is_audit,r.creator_id,r.create_time,r.editor_id
 		,r.edit_time,r.auditor_id,r.audit_time,r.service_id,r.request_id
 		,r.is_area_effective,r.classify,r.attribute,r.lable
-		,r.area_effective_ids,r.function_id,r.cfg_region_code,r.compile_id,r.cancel_request_id,r.do_log
+		,r.area_effective_ids,r.function_id,r.cfg_region_code,r.compile_id,r.cancel_request_id,r.do_log,r.built_in
 	</sql>
    <sql id="PxyObjTrustedCaCrlColumns">
 		 r.cfg_id,r.cfg_desc
@@ -270,10 +271,14 @@
 	    	<if test="action != null">
 	    		AND r.ACTION=#{action,jdbcType=INTEGER}
 	    	</if>
+	    	<if test="builtIn != null">
+	    		AND r.built_in=#{builtIn,jdbcType=INTEGER}
+	    	</if>
 	    	<choose>
 	    		<!-- 判断是否批量操作 -->
 				<when test="batchValidValue != null and batchValidValue != ''">
 					AND  r.IS_VALID in (${batchValidValue})
+					AND r.built_in !=1
 				</when>
 				<otherwise>
 					<if test="isValid != null">
@@ -525,13 +530,14 @@
 	cfg_type,
 	compile_Id,
    cfg_region_code,
+    built_in,
    do_log
    )values (
   		#{cfgId,jdbcType=VARCHAR},
   		#{cfgDesc,jdbcType=VARCHAR},
   		#{action,jdbcType=INTEGER}, 
-    	0,
-    	0,
+    	#{isValid,jdbcType=INTEGER}, 
+    	#{isAudit,jdbcType=INTEGER}, 
    	#{creatorId,jdbcType=INTEGER}, 
   		#{createTime,jdbcType=TIMESTAMP},
   		#{editorId,jdbcType=INTEGER},
@@ -551,6 +557,7 @@
    	#{cfgType,jdbcType=VARCHAR},
    	#{compileId,jdbcType=INTEGER},
    	#{cfgRegionCode,jdbcType=INTEGER},
+    	#{builtIn,jdbcType=INTEGER},
    	#{doLog,jdbcType=INTEGER}
    )
  </insert>
--- a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
+++ b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
@@ -171,6 +171,7 @@ public class PxyObjKeyringService extends BaseService{
 			if(compileIds != null && compileIds.size() >0  && compileIds.get(0) != 0){
 				entity.setCompileId(compileIds.get(0));
 			}
+			entity.setBuiltIn(0);
 			pxyObjKeyringDao.insertPxyObjTrustedCaCert(entity);
 			//修改
 		}else{
@@ -489,6 +490,7 @@ public class PxyObjKeyringService extends BaseService{
 	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
 	public void caCertSaveAndAudit(List<PxyObjTrustedCaCert>  cfgList){
 		
+		Date date=new Date();
 		//修改主表cert 配置状态
 		for (PxyObjTrustedCaCert cfg : cfgList) {
 			//调用服务接口获取compileId
@@ -503,6 +505,11 @@ public class PxyObjKeyringService extends BaseService{
 			if(compileIds != null && compileIds.size() >0  && compileIds.get(0) != 0){
 				cfg.setCompileId(compileIds.get(0));
 			}
+			cfg.setCreateTime(date);
+			cfg.setCreatorId(UserUtils.getUser().getId());
+			cfg.setAuditTime(date);
+			cfg.setAuditorId(UserUtils.getUser().getId());
+			logger.info("证书名称"+cfg.getCfgDesc());
 			pxyObjKeyringDao.insertPxyObjTrustedCaCert(cfg);
 		}