可信证书内置证书功能添加

2019-06-08 16:51:28 +08:00
parent 5f8a9b43fc
commit 2bee7a7f68
12 changed files with 3914 additions and 162 deletions
--- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -26,7 +26,7 @@ import javax.net.ssl.TrustManagerFactory;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

-import org.apache.commons.beanutils.BeanUtils;
+import org.springframework.beans.BeanUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.stereotype.Controller;
@@ -354,7 +354,8 @@ public class PxyObjKeyringController extends BaseController {
 			
 			// 临时文件删除
 			if(!delTempFile) {
-				resultMap.put("certFilePath", filePath);
+				this.certInfoMap.put("certFilePath", filePath);
+				logger.info("证书列表文件目录"+certInfoMap.get("certFilePath"));
 			}else {
 				logger.info("delete file" + filePath);
 				FileUtils.deleteFile(filePath);
@@ -599,6 +600,19 @@ public class PxyObjKeyringController extends BaseController {
 			@ModelAttribute("cfg") PxyObjTrustedCaCert entity, RedirectAttributes redirectAttributes) {
 		Page<PxyObjTrustedCaCert> page = pxyObjKeyringService
 				.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response, "r"), entity);
+		//判断是否存在内置证书，不存在则按钮开放。
+		PxyObjTrustedCaCert searchBuiltIn=new PxyObjTrustedCaCert();
+		searchBuiltIn.setBuiltIn(1);
+		searchBuiltIn.setIsValid(1);
+		searchBuiltIn.setIsAudit(1);
+		Page<PxyObjTrustedCaCert> builtInReslt = pxyObjKeyringService
+				.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response, "r"), searchBuiltIn);
+		if(builtInReslt != null && !StringUtil.isEmpty(builtInReslt.getList())) {
+			model.addAttribute("hasBuiltIn", true);
+		}else {
+			model.addAttribute("hasBuiltIn", false);
+		}
+
 		model.addAttribute("page", page);
 		initPageCondition(model, entity);
 		return "/cfg/intercept/strateagy/trustedCertList";
@@ -845,11 +859,13 @@ public class PxyObjKeyringController extends BaseController {
 	public String trustedCertBuiltIn(Model model, HttpServletRequest request, HttpServletResponse response,
 			@ModelAttribute("cfg") PxyObjTrustedCaCert cfg, MultipartFile crlFileI,
 			RedirectAttributes redirectAttributes) {
+		logger.info("证书列表开始校验");
 		boolean validFlag = true;
 		try {
 			if(crlFileI != null) {
 				//校验证书格式
 				boolean certFileflag = validCertFileContent(crlFileI,null, "-incacert");
+				logger.info("证书列表校验结果"+certFileflag);
 				if (!certFileflag) {
 					addMessage(redirectAttributes, "error", "save_failed");
 					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
@@ -871,6 +887,8 @@ public class PxyObjKeyringController extends BaseController {
 			}
 		}
 		
+		logger.info("证书列表开始解析");
+		
 		//2、调用脚本生成pem文件
 		//./cacert.sh tls-ca-bundle.pem  /home/ddm/cacert
 		String certFilePath="";
@@ -878,15 +896,17 @@ public class PxyObjKeyringController extends BaseController {
 		try {
 			if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("certFilePath"))) {
 				certFilePath=certInfoMap.get("certFilePath").toString();
+				logger.info("证书列表解析文件"+certFilePath);
 				String cacert = Thread.currentThread().getContextClassLoader()
 						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
 				this.execShell("", "chmod", "+x", cacert);
 				logger.info(Constants.CA_CERT_FILE+"脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + cacert);
 						
-				String resultDir = Thread.currentThread().getContextClassLoader()
-						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_DIR).getPath();
-				this.execShell(cacert, certFilePath,resultDir);
-				logger.info("内置证书文件生成："+cacert + " " + certFilePath+" "+resultDir);
+				resultDirPath = Thread.currentThread().getContextClassLoader()
+						.getResource(File.separator + Constants.CA_CERT_DIR).getPath();
+				logger.info("证书列表解析结果目录"+resultDirPath);
+				this.execShell(cacert, certFilePath,resultDirPath);
+				logger.info("内置证书文件生成："+cacert + " " + certFilePath+" "+resultDirPath);
 			}
 			//删除临时文件
 			if(!StringUtil.isEmpty(certFilePath)) {
@@ -900,10 +920,12 @@ public class PxyObjKeyringController extends BaseController {
 			LogUtils.saveLog(request, null, e, null);
 		}
 		
+		logger.info("所有证书开始校验");
 		//校验内置证书，并获取issuer信息
 		File fileDir=null;
 		Map<String,String> issuerMap=new HashMap<>();
 		if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
+			logger.info("证书列表文件解析结果目录："+resultDirPath);
 			fileDir=new File(resultDirPath);
 			try {
 				if(validFlag) {
@@ -912,9 +934,10 @@ public class PxyObjKeyringController extends BaseController {
 						MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
 						//校验证书格式
 						boolean validResult = validCertFileContent(multipartFile,null, "-incacert");
+						logger.info("证书校验结果"+validResult);
 						if (validResult && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("ca issuer"))) {
 							String issuer=certInfoMap.get("ca issuer").toString();
-							issuerMap.put(file.getName(), certInfoMap.get("ca issuer").toString());
+							issuerMap.put(file.getName(), issuer);
 						}else{
 							addMessage(redirectAttributes, "error", "save_failed");
 							logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
@@ -939,20 +962,18 @@ public class PxyObjKeyringController extends BaseController {
 		
 		}
 		
+		logger.info("所有证书开始上传minio");
 		List<PxyObjTrustedCaCert> caCertList=new ArrayList<PxyObjTrustedCaCert>();
-		if(validFlag) {
+		if(validFlag && fileDir != null && !StringUtil.isEmpty(fileDir.listFiles())) {
+			int index=1;
 			for (File file : fileDir.listFiles()) {
 				File newFile = null;
 				String filename ="";
 				try {
 					FileInputStream fileInputStream = new FileInputStream(file);
 					MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
-					Date date=new Date();
-					cfg.setCreateTime(date);
-					cfg.setCreatorId(UserUtils.getUser().getId());
-					cfg.setAuditTime(date);
-					cfg.setAuditorId(UserUtils.getUser().getId());
 					PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
+					cfg.setBuiltIn(1);
 					BeanUtils.copyProperties(cfg, cacertBuitIn);
 					filename = file.getName();
 					String prefix = FileUtils.getPrefix(filename, false);
@@ -973,10 +994,10 @@ public class PxyObjKeyringController extends BaseController {
 					if (!StringUtil.isEmpty(result)) {
 						ResponseData data = result.getData();
 						crlFileAccessUrl = data.getAccessUrl();
-						cacertBuitIn.setCrlFile(crlFileAccessUrl);
+						cacertBuitIn.setCertFile(crlFileAccessUrl);
 					}
 					cacertBuitIn.setIssuer(issuerMap.get(file.getName()));
-					cacertBuitIn.setCfgDesc(issuerMap.get(file.getName())+"_"+file.getName());
+					cacertBuitIn.setCfgDesc("built-in_cert"+index);
 					caCertList.add(cacertBuitIn);
 				} catch (Exception e) {
 					validFlag = false;
@@ -989,13 +1010,15 @@ public class PxyObjKeyringController extends BaseController {
 						LogUtils.saveLog(request, null, e, null);
 					}
 				}
+				index++;
 			}
+			
 		}	
-		
+		logger.info("所有证书信息开始入库并下发");
 		//入库并下发
 		if(validFlag){
 			try {
-				if(StringUtil.isEmpty(caCertList)){
+				if(!StringUtil.isEmpty(caCertList)){
 					pxyObjKeyringService.caCertSaveAndAudit(caCertList);
 				}
 			}catch (Exception e) {
@@ -1011,122 +1034,6 @@ public class PxyObjKeyringController extends BaseController {
 			}
 		}
 		
-		/*if (e instanceof MaatConvertException) {
-			addMessage(redirectAttributes, "error", "request_service_failed");
-			LogUtils.saveLog(request, null, e, null);
-		}else {
-			addMessage(redirectAttributes, "error", "save_failed");
-			LogUtils.saveLog(request, null, e, null);
-		}
-		*/
-		//3、返回文件成功个数。
-		
-		
-		/*File file = null;
-		boolean validFlag = true;
-		try {
-			if (crlFileI != null) {
-				boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
-				if (!certFileflag) {
-					addMessage(redirectAttributes, "error", "save_failed");
-					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
-					throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
-				}
-			}
-		} catch (Exception e) {
-			validFlag = false;
-			logger.error("证书文件校验失败", e);
-			if (e instanceof MaatConvertException) {
-				addMessage(redirectAttributes, "error", "request_service_failed");
-				LogUtils.saveLog(request, null, e, null);
-			} else if (e instanceof MultiPartNewException) {
-				addMessage(redirectAttributes, "error", e.getMessage());
-				LogUtils.saveLog(request, null, e, null);
-			} else {
-				addMessage(redirectAttributes, "error", "save_failed");
-				LogUtils.saveLog(request, null, e, null);
-			}
-		}
-
-		
-		try {
-			if (validFlag) {
-				validFlag = true;
-				if (crlFileI != null) {
-					// 获取issuer
-					if (certInfoMap != null && certInfoMap.size() > 0) {
-						String issuer = StringUtil.isEmpty(certInfoMap.get("crl issuer")) ? ""
-								: certInfoMap.get("crl issuer").toString();// 颁发者
-						if (cfg != null) {
-							if ((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))) {
-								logger.error("cert 和 crl的issuser不符合");
-								throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
-							} else {
-								cfg.setIssuer(issuer);
-							}
-
-						}
-					} else {
-						logger.error("crl的issuser为空");
-						throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_null"));
-					}
-				}
-			}
-		} catch (Exception e) {
-			validFlag = false;
-			logger.error("crl issuer比对失败", e);
-			if (e instanceof MultiPartNewException) {
-				addMessage(redirectAttributes, "error", e.getMessage());
-				LogUtils.saveLog(request, null, e, null);
-			} else {
-				addMessage(redirectAttributes, "error", "save_failed");
-				LogUtils.saveLog(request, null, e, null);
-			}
-		}
-		try {
-			if (validFlag) {
-				if (crlFileI != null) {
-					String filename = crlFileI.getOriginalFilename();
-					String prefix = FileUtils.getPrefix(filename, false);
-					String suffix = FileUtils.getSuffix(filename, false);
-					file = File.createTempFile("file_" + prefix, suffix);
-					crlFileI.transferTo(file);// 复制文件
-					String md5 = FileUtils.getFileMD5(file);
-					Map<String, Object> srcMap = Maps.newHashMap();
-					srcMap.put("filetype", suffix);
-					srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
-					srcMap.put("createTime", new Date());
-					srcMap.put("key", prefix);
-					srcMap.put("fileName", filename);
-					srcMap.put("checksum", md5);
-					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
-					logger.info("可信证书crl 文件上传响应信息：" + JsonMapper.toJsonString(result));
-					String crlFileAccessUrl = null;
-					if (!StringUtil.isEmpty(result)) {
-						ResponseData data = result.getData();
-						crlFileAccessUrl = data.getAccessUrl();
-						cfg.setCrlFile(crlFileAccessUrl);
-					}
-				}
-				pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
-
-				addMessage(redirectAttributes, "success", "save_success");
-			}
-
-		} catch (Exception e) {
-			logger.error("crl上传失败", e);
-			if (e instanceof MaatConvertException) {
-				addMessage(redirectAttributes, "error", "request_service_failed");
-				LogUtils.saveLog(request, null, e, null);
-			} else if (e instanceof MultiPartNewException) {
-				addMessage(redirectAttributes, "error", e.getMessage());
-				LogUtils.saveLog(request, null, e, null);
-			} else {
-				addMessage(redirectAttributes, "error", "save_failed");
-				LogUtils.saveLog(request, null, e, null);
-			}
-		}
-*/
 		return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
 	}