gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

可信证书内置证书功能添加

Browse Source
This commit is contained in:
段冬梅
2019-06-08 16:51:28 +08:00
parent 5f8a9b43fc
commit 2bee7a7f68
12 changed files with 3914 additions and 162 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/main/java/com/nis/domain/configuration/PxyObjTrustedCaCert.java
View File

@@ -20,6 +20,8 @@ public class PxyObjTrustedCaCert extends BaseCfg<PxyObjTrustedCaCert> {
private String certFile; private String certFile;
@ExcelField(title="crl_file",sort=4) @ExcelField(title="crl_file",sort=4)
private String crlFile; private String crlFile;
@ExcelField(title="built_in",sort=4)//是否内置证书
private Integer builtIn;
public String getCrlFile() { public String getCrlFile() {
return crlFile; return crlFile;
@@ -47,6 +49,11 @@ public class PxyObjTrustedCaCert extends BaseCfg<PxyObjTrustedCaCert> {
public void setIndexTable(String indexTable) { public void setIndexTable(String indexTable) {
this.indexTable = indexTable; this.indexTable = indexTable;
} }
public Integer getBuiltIn() {
return builtIn;
}
public void setBuiltIn(Integer builtIn) {
this.builtIn = builtIn;
}
} }

173
src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
View File

@@ -26,7 +26,7 @@ import javax.net.ssl.TrustManagerFactory;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.apache.commons.beanutils.BeanUtils; import org.springframework.beans.BeanUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions; import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.mock.web.MockMultipartFile; import org.springframework.mock.web.MockMultipartFile;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
@@ -354,7 +354,8 @@ public class PxyObjKeyringController extends BaseController {
// 临时文件删除 // 临时文件删除
if(!delTempFile) { if(!delTempFile) {
resultMap.put("certFilePath", filePath); this.certInfoMap.put("certFilePath", filePath);
logger.info("证书列表文件目录"+certInfoMap.get("certFilePath"));
}else { }else {
logger.info("delete file" + filePath); logger.info("delete file" + filePath);
FileUtils.deleteFile(filePath); FileUtils.deleteFile(filePath);
@@ -599,6 +600,19 @@ public class PxyObjKeyringController extends BaseController {
@ModelAttribute("cfg") PxyObjTrustedCaCert entity, RedirectAttributes redirectAttributes) { @ModelAttribute("cfg") PxyObjTrustedCaCert entity, RedirectAttributes redirectAttributes) {
Page<PxyObjTrustedCaCert> page = pxyObjKeyringService Page<PxyObjTrustedCaCert> page = pxyObjKeyringService
.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response, "r"), entity); .findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response, "r"), entity);
//判断是否存在内置证书,不存在则按钮开放。
PxyObjTrustedCaCert searchBuiltIn=new PxyObjTrustedCaCert();
searchBuiltIn.setBuiltIn(1);
searchBuiltIn.setIsValid(1);
searchBuiltIn.setIsAudit(1);
Page<PxyObjTrustedCaCert> builtInReslt = pxyObjKeyringService
.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response, "r"), searchBuiltIn);
if(builtInReslt != null && !StringUtil.isEmpty(builtInReslt.getList())) {
model.addAttribute("hasBuiltIn", true);
}else {
model.addAttribute("hasBuiltIn", false);
}
model.addAttribute("page", page); model.addAttribute("page", page);
initPageCondition(model, entity); initPageCondition(model, entity);
return "/cfg/intercept/strateagy/trustedCertList"; return "/cfg/intercept/strateagy/trustedCertList";
@@ -845,11 +859,13 @@ public class PxyObjKeyringController extends BaseController {
public String trustedCertBuiltIn(Model model, HttpServletRequest request, HttpServletResponse response, public String trustedCertBuiltIn(Model model, HttpServletRequest request, HttpServletResponse response,
@ModelAttribute("cfg") PxyObjTrustedCaCert cfg, MultipartFile crlFileI, @ModelAttribute("cfg") PxyObjTrustedCaCert cfg, MultipartFile crlFileI,
RedirectAttributes redirectAttributes) { RedirectAttributes redirectAttributes) {
logger.info("证书列表开始校验");
boolean validFlag = true; boolean validFlag = true;
try { try {
if(crlFileI != null) { if(crlFileI != null) {
//校验证书格式 //校验证书格式
boolean certFileflag = validCertFileContent(crlFileI,null, "-incacert"); boolean certFileflag = validCertFileContent(crlFileI,null, "-incacert");
logger.info("证书列表校验结果"+certFileflag);
if (!certFileflag) { if (!certFileflag) {
addMessage(redirectAttributes, "error", "save_failed"); addMessage(redirectAttributes, "error", "save_failed");
logger.error(crlFileI.getOriginalFilename() + " file non crl file format "); logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
@@ -871,6 +887,8 @@ public class PxyObjKeyringController extends BaseController {
} }
} }
logger.info("证书列表开始解析");
//2、调用脚本生成pem文件 //2、调用脚本生成pem文件
//./cacert.sh tls-ca-bundle.pem /home/ddm/cacert //./cacert.sh tls-ca-bundle.pem /home/ddm/cacert
String certFilePath=""; String certFilePath="";
@@ -878,15 +896,17 @@ public class PxyObjKeyringController extends BaseController {
try { try {
if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("certFilePath"))) { if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("certFilePath"))) {
certFilePath=certInfoMap.get("certFilePath").toString(); certFilePath=certInfoMap.get("certFilePath").toString();
logger.info("证书列表解析文件"+certFilePath);
String cacert = Thread.currentThread().getContextClassLoader() String cacert = Thread.currentThread().getContextClassLoader()
.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath(); .getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
this.execShell("", "chmod", "+x", cacert); this.execShell("", "chmod", "+x", cacert);
logger.info(Constants.CA_CERT_FILE+"脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + cacert); logger.info(Constants.CA_CERT_FILE+"脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + cacert);
String resultDir = Thread.currentThread().getContextClassLoader() resultDirPath = Thread.currentThread().getContextClassLoader()
.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_DIR).getPath(); .getResource(File.separator + Constants.CA_CERT_DIR).getPath();
this.execShell(cacert, certFilePath,resultDir); logger.info("证书列表解析结果目录"+resultDirPath);
logger.info("内置证书文件生成:"+cacert + " " + certFilePath+" "+resultDir); this.execShell(cacert, certFilePath,resultDirPath);
logger.info("内置证书文件生成:"+cacert + " " + certFilePath+" "+resultDirPath);
} }
//删除临时文件 //删除临时文件
if(!StringUtil.isEmpty(certFilePath)) { if(!StringUtil.isEmpty(certFilePath)) {
@@ -900,10 +920,12 @@ public class PxyObjKeyringController extends BaseController {
LogUtils.saveLog(request, null, e, null); LogUtils.saveLog(request, null, e, null);
} }
logger.info("所有证书开始校验");
//校验内置证书并获取issuer信息 //校验内置证书并获取issuer信息
File fileDir=null; File fileDir=null;
Map<String,String> issuerMap=new HashMap<>(); Map<String,String> issuerMap=new HashMap<>();
if(validFlag && !StringUtil.isEmpty(resultDirPath)) { if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
logger.info("证书列表文件解析结果目录:"+resultDirPath);
fileDir=new File(resultDirPath); fileDir=new File(resultDirPath);
try { try {
if(validFlag) { if(validFlag) {
@@ -912,9 +934,10 @@ public class PxyObjKeyringController extends BaseController {
MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream); MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
//校验证书格式 //校验证书格式
boolean validResult = validCertFileContent(multipartFile,null, "-incacert"); boolean validResult = validCertFileContent(multipartFile,null, "-incacert");
logger.info("证书校验结果"+validResult);
if (validResult && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("ca issuer"))) { if (validResult && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("ca issuer"))) {
String issuer=certInfoMap.get("ca issuer").toString(); String issuer=certInfoMap.get("ca issuer").toString();
issuerMap.put(file.getName(), certInfoMap.get("ca issuer").toString()); issuerMap.put(file.getName(), issuer);
}else{ }else{
addMessage(redirectAttributes, "error", "save_failed"); addMessage(redirectAttributes, "error", "save_failed");
logger.error(crlFileI.getOriginalFilename() + " file non crl file format "); logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
@@ -939,20 +962,18 @@ public class PxyObjKeyringController extends BaseController {
} }
logger.info("所有证书开始上传minio");
List<PxyObjTrustedCaCert> caCertList=new ArrayList<PxyObjTrustedCaCert>(); List<PxyObjTrustedCaCert> caCertList=new ArrayList<PxyObjTrustedCaCert>();
if(validFlag) { if(validFlag && fileDir != null && !StringUtil.isEmpty(fileDir.listFiles())) {
int index=1;
for (File file : fileDir.listFiles()) { for (File file : fileDir.listFiles()) {
File newFile = null; File newFile = null;
String filename =""; String filename ="";
try { try {
FileInputStream fileInputStream = new FileInputStream(file); FileInputStream fileInputStream = new FileInputStream(file);
MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream); MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
Date date=new Date();
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
cfg.setAuditorId(UserUtils.getUser().getId());
PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert(); PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
cfg.setBuiltIn(1);
BeanUtils.copyProperties(cfg, cacertBuitIn); BeanUtils.copyProperties(cfg, cacertBuitIn);
filename = file.getName(); filename = file.getName();
String prefix = FileUtils.getPrefix(filename, false); String prefix = FileUtils.getPrefix(filename, false);
@@ -973,10 +994,10 @@ public class PxyObjKeyringController extends BaseController {
if (!StringUtil.isEmpty(result)) { if (!StringUtil.isEmpty(result)) {
ResponseData data = result.getData(); ResponseData data = result.getData();
crlFileAccessUrl = data.getAccessUrl(); crlFileAccessUrl = data.getAccessUrl();
cacertBuitIn.setCrlFile(crlFileAccessUrl); cacertBuitIn.setCertFile(crlFileAccessUrl);
} }
cacertBuitIn.setIssuer(issuerMap.get(file.getName())); cacertBuitIn.setIssuer(issuerMap.get(file.getName()));
cacertBuitIn.setCfgDesc(issuerMap.get(file.getName())+"_"+file.getName()); cacertBuitIn.setCfgDesc("built-in_cert"+index);
caCertList.add(cacertBuitIn); caCertList.add(cacertBuitIn);
} catch (Exception e) { } catch (Exception e) {
validFlag = false; validFlag = false;
@@ -989,13 +1010,15 @@ public class PxyObjKeyringController extends BaseController {
LogUtils.saveLog(request, null, e, null); LogUtils.saveLog(request, null, e, null);
} }
} }
index++;
} }
}
}
logger.info("所有证书信息开始入库并下发");
//入库并下发 //入库并下发
if(validFlag){ if(validFlag){
try { try {
if(StringUtil.isEmpty(caCertList)){ if(!StringUtil.isEmpty(caCertList)){
pxyObjKeyringService.caCertSaveAndAudit(caCertList); pxyObjKeyringService.caCertSaveAndAudit(caCertList);
} }
}catch (Exception e) { }catch (Exception e) {
@@ -1011,122 +1034,6 @@ public class PxyObjKeyringController extends BaseController {
} }
} }
/*if (e instanceof MaatConvertException) {
addMessage(redirectAttributes, "error", "request_service_failed");
LogUtils.saveLog(request, null, e, null);
}else {
addMessage(redirectAttributes, "error", "save_failed");
LogUtils.saveLog(request, null, e, null);
}
*/
//3、返回文件成功个数。
/*File file = null;
boolean validFlag = true;
try {
if (crlFileI != null) {
boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
if (!certFileflag) {
addMessage(redirectAttributes, "error", "save_failed");
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
}
}
} catch (Exception e) {
validFlag = false;
logger.error("证书文件校验失败", e);
if (e instanceof MaatConvertException) {
addMessage(redirectAttributes, "error", "request_service_failed");
LogUtils.saveLog(request, null, e, null);
} else if (e instanceof MultiPartNewException) {
addMessage(redirectAttributes, "error", e.getMessage());
LogUtils.saveLog(request, null, e, null);
} else {
addMessage(redirectAttributes, "error", "save_failed");
LogUtils.saveLog(request, null, e, null);
}
}
try {
if (validFlag) {
validFlag = true;
if (crlFileI != null) {
// 获取issuer
if (certInfoMap != null && certInfoMap.size() > 0) {
String issuer = StringUtil.isEmpty(certInfoMap.get("crl issuer")) ? ""
: certInfoMap.get("crl issuer").toString();// 颁发者
if (cfg != null) {
if ((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))) {
logger.error("cert 和 crl的issuser不符合");
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
} else {
cfg.setIssuer(issuer);
}
}
} else {
logger.error("crl的issuser为空");
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_null"));
}
}
}
} catch (Exception e) {
validFlag = false;
logger.error("crl issuer比对失败", e);
if (e instanceof MultiPartNewException) {
addMessage(redirectAttributes, "error", e.getMessage());
LogUtils.saveLog(request, null, e, null);
} else {
addMessage(redirectAttributes, "error", "save_failed");
LogUtils.saveLog(request, null, e, null);
}
}
try {
if (validFlag) {
if (crlFileI != null) {
String filename = crlFileI.getOriginalFilename();
String prefix = FileUtils.getPrefix(filename, false);
String suffix = FileUtils.getSuffix(filename, false);
file = File.createTempFile("file_" + prefix, suffix);
crlFileI.transferTo(file);// 复制文件
String md5 = FileUtils.getFileMD5(file);
Map<String, Object> srcMap = Maps.newHashMap();
srcMap.put("filetype", suffix);
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
srcMap.put("createTime", new Date());
srcMap.put("key", prefix);
srcMap.put("fileName", filename);
srcMap.put("checksum", md5);
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result));
String crlFileAccessUrl = null;
if (!StringUtil.isEmpty(result)) {
ResponseData data = result.getData();
crlFileAccessUrl = data.getAccessUrl();
cfg.setCrlFile(crlFileAccessUrl);
}
}
pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
addMessage(redirectAttributes, "success", "save_success");
}
} catch (Exception e) {
logger.error("crl上传失败", e);
if (e instanceof MaatConvertException) {
addMessage(redirectAttributes, "error", "request_service_failed");
LogUtils.saveLog(request, null, e, null);
} else if (e instanceof MultiPartNewException) {
addMessage(redirectAttributes, "error", e.getMessage());
LogUtils.saveLog(request, null, e, null);
} else {
addMessage(redirectAttributes, "error", "save_failed");
LogUtils.saveLog(request, null, e, null);
}
}
*/
return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId(); return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
} }

13
src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
View File

@@ -66,6 +66,7 @@
<result column="compile_id" property="compileId" jdbcType="INTEGER" /> <result column="compile_id" property="compileId" jdbcType="INTEGER" />
<result column="cancel_request_id" property="cancelRequestId" jdbcType="INTEGER" /> <result column="cancel_request_id" property="cancelRequestId" jdbcType="INTEGER" />
<result column="do_log" property="doLog" jdbcType="INTEGER" /> <result column="do_log" property="doLog" jdbcType="INTEGER" />
<result column="built_in" property="builtIn" jdbcType="INTEGER" />
</resultMap> </resultMap>
<resultMap id="PxyObjTrustedCaCrlMap" type="com.nis.domain.configuration.PxyObjTrustedCaCrl" > <resultMap id="PxyObjTrustedCaCrlMap" type="com.nis.domain.configuration.PxyObjTrustedCaCrl" >
<id column="cfg_id" property="cfgId" jdbcType="BIGINT" /> <id column="cfg_id" property="cfgId" jdbcType="BIGINT" />
@@ -102,7 +103,7 @@
,r.is_valid,r.is_audit,r.creator_id,r.create_time,r.editor_id ,r.is_valid,r.is_audit,r.creator_id,r.create_time,r.editor_id
,r.edit_time,r.auditor_id,r.audit_time,r.service_id,r.request_id ,r.edit_time,r.auditor_id,r.audit_time,r.service_id,r.request_id
,r.is_area_effective,r.classify,r.attribute,r.lable ,r.is_area_effective,r.classify,r.attribute,r.lable
,r.area_effective_ids,r.function_id,r.cfg_region_code,r.compile_id,r.cancel_request_id,r.do_log ,r.area_effective_ids,r.function_id,r.cfg_region_code,r.compile_id,r.cancel_request_id,r.do_log,r.built_in
</sql> </sql>
<sql id="PxyObjTrustedCaCrlColumns"> <sql id="PxyObjTrustedCaCrlColumns">
r.cfg_id,r.cfg_desc r.cfg_id,r.cfg_desc
@@ -270,10 +271,14 @@
<if test="action != null"> <if test="action != null">
AND r.ACTION=#{action,jdbcType=INTEGER} AND r.ACTION=#{action,jdbcType=INTEGER}
</if> </if>
<if test="builtIn != null">
AND r.built_in=#{builtIn,jdbcType=INTEGER}
</if>
<choose> <choose>
<!-- 判断是否批量操作 --> <!-- 判断是否批量操作 -->
<when test="batchValidValue != null and batchValidValue != ''"> <when test="batchValidValue != null and batchValidValue != ''">
AND r.IS_VALID in (${batchValidValue}) AND r.IS_VALID in (${batchValidValue})
AND r.built_in !=1
</when> </when>
<otherwise> <otherwise>
<if test="isValid != null"> <if test="isValid != null">
@@ -525,13 +530,14 @@
cfg_type, cfg_type,
compile_Id, compile_Id,
cfg_region_code, cfg_region_code,
built_in,
do_log do_log
)values ( )values (
#{cfgId,jdbcType=VARCHAR}, #{cfgId,jdbcType=VARCHAR},
#{cfgDesc,jdbcType=VARCHAR}, #{cfgDesc,jdbcType=VARCHAR},
#{action,jdbcType=INTEGER}, #{action,jdbcType=INTEGER},
0, #{isValid,jdbcType=INTEGER},
0, #{isAudit,jdbcType=INTEGER},
#{creatorId,jdbcType=INTEGER}, #{creatorId,jdbcType=INTEGER},
#{createTime,jdbcType=TIMESTAMP}, #{createTime,jdbcType=TIMESTAMP},
#{editorId,jdbcType=INTEGER}, #{editorId,jdbcType=INTEGER},
@@ -551,6 +557,7 @@
#{cfgType,jdbcType=VARCHAR}, #{cfgType,jdbcType=VARCHAR},
#{compileId,jdbcType=INTEGER}, #{compileId,jdbcType=INTEGER},
#{cfgRegionCode,jdbcType=INTEGER}, #{cfgRegionCode,jdbcType=INTEGER},
#{builtIn,jdbcType=INTEGER},
#{doLog,jdbcType=INTEGER} #{doLog,jdbcType=INTEGER}
) )
</insert> </insert>

7
src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
View File

@@ -171,6 +171,7 @@ public class PxyObjKeyringService extends BaseService{
if(compileIds != null && compileIds.size() >0 && compileIds.get(0) != 0){ if(compileIds != null && compileIds.size() >0 && compileIds.get(0) != 0){
entity.setCompileId(compileIds.get(0)); entity.setCompileId(compileIds.get(0));
} }
entity.setBuiltIn(0);
pxyObjKeyringDao.insertPxyObjTrustedCaCert(entity); pxyObjKeyringDao.insertPxyObjTrustedCaCert(entity);
//修改 //修改
}else{ }else{
@@ -489,6 +490,7 @@ public class PxyObjKeyringService extends BaseService{
@Transactional(readOnly=false,rollbackFor=RuntimeException.class) @Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void caCertSaveAndAudit(List<PxyObjTrustedCaCert> cfgList){ public void caCertSaveAndAudit(List<PxyObjTrustedCaCert> cfgList){
Date date=new Date();
//修改主表cert 配置状态 //修改主表cert 配置状态
for (PxyObjTrustedCaCert cfg : cfgList) { for (PxyObjTrustedCaCert cfg : cfgList) {
//调用服务接口获取compileId //调用服务接口获取compileId
@@ -503,6 +505,11 @@ public class PxyObjKeyringService extends BaseService{
if(compileIds != null && compileIds.size() >0 && compileIds.get(0) != 0){ if(compileIds != null && compileIds.size() >0 && compileIds.get(0) != 0){
cfg.setCompileId(compileIds.get(0)); cfg.setCompileId(compileIds.get(0));
} }
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
cfg.setAuditorId(UserUtils.getUser().getId());
logger.info("证书名称"+cfg.getCfgDesc());
pxyObjKeyringDao.insertPxyObjTrustedCaCert(cfg); pxyObjKeyringDao.insertPxyObjTrustedCaCert(cfg);
} }

1
src/main/resources/messages/message_en.properties
View File

@@ -1626,3 +1626,4 @@ ssl_client_side_version=SSL Client Side Version
ssl_cert_verify=SSL Cert Verify ssl_cert_verify=SSL Cert Verify
stream_trace_id=Stream Trace ID stream_trace_id=Stream Trace ID
ssl_error=SSL Error ssl_error=SSL Error
import_built_cert_file=Import built-in certificate

1
src/main/resources/messages/message_ru.properties
View File

@@ -1628,3 +1628,4 @@ ssl_client_side_version=SSL Client Side Version
ssl_cert_verify=SSL Cert Verify ssl_cert_verify=SSL Cert Verify
stream_trace_id=Stream Trace ID stream_trace_id=Stream Trace ID
ssl_error=SSL Error ssl_error=SSL Error
import_built_cert_file=Import built-in certificate

1
src/main/resources/messages/message_zh_CN.properties
View File

@@ -1626,3 +1626,4 @@ ssl_client_side_version=\u5ba2\u6237\u7aef\u4fa7SSL\u7248\u672c
ssl_cert_verify=\u8bc1\u4e66\u6821\u9a8c\u7ed3\u679c ssl_cert_verify=\u8bc1\u4e66\u6821\u9a8c\u7ed3\u679c
stream_trace_id=\u6d41\u7684\u8ffd\u8e2aID stream_trace_id=\u6d41\u7684\u8ffd\u8e2aID
ssl_error=SSL\u9519\u8bef\u4fe1\u606f ssl_error=SSL\u9519\u8bef\u4fe1\u606f
import_built_cert_file=\u5BFC\u5165\u5185\u7F6E\u8BC1\u4E66

27
src/main/resources/shell/cacert.sh
View File

@@ -1,25 +1,26 @@
#!/bin/bash #!/bin/bash
if [[ $# != 1 ]];then #if [[ $# != 1 ]];then
echo "USAGE: cacert file absolute path is required" #echo "USAGE: cacert file absolute path is required"
fi #fi
CACERT_FILE=$1 CACERT_FILE=$1
CACERT_DIR=$2
#上传接口URL #上传接口URL
CACERT_URL='http://192.168.10.120:8082/v1/policy/profile/trustedcacertobj' #CACERT_URL='http://192.168.10.120:8082/v1/policy/profile/trustedcacertobj'
#TOKEN 获取接口URL #TOKEN 获取接口URL
TOKEN_URL='http://192.168.10.120:8082/v1/user/login?username=admin&password=admin' #TOKEN_URL='http://192.168.10.120:8082/v1/user/login?username=admin&password=admin'
#TOKEN=$(curl -s -X POST $TOKEN_URL|grep 'token'|awk -F':' '{print $2}'|awk -F'"' '{print $2}') #TOKEN=$(curl -s -X POST $TOKEN_URL|grep 'token'|awk -F':' '{print $2}'|awk -F'"' '{print $2}')
temp=$(dirname $0) temp=$(dirname $0)
CUR_DIR=$(pwd $temp) #CUR_DIR=$(pwd $temp)
#单个证书存放目录 #单个证书存放目录
CACERT_DIR=${CUR_DIR}"/cacert" #CACERT_DIR=${CUR_DIR}"/cacert"
#日志文件 #日志文件
LOG_FILE=${CUR_DIR}"/cacert.log" #LOG_FILE=${CUR_DIR}"/cacert.log"
if [ -e $LOG_FILE ];then #if [ -e $LOG_FILE ];then
rm -rf $LOG_FILE #rm -rf $LOG_FILE
fi #fi
rm -rf $CACERT_DIR rm -rf $CACERT_DIR
if [[ ! -e $CACERT_DIR ]];then if [[ ! -e $CACERT_DIR ]];then
mkdir -p $CACERT_DIR mkdir -p $CACERT_DIR
@@ -44,10 +45,10 @@ fi
#result=$(curl $CACERT_URL -s -X POST -F "file=@${path}" -H "Content-Type:multipart/form-data " -H "Authorization:${TOKEN}" -H "File-Desc:{'opAction':'add','certName':'${cacertName}','certId':null,'isValid':1}") #result=$(curl $CACERT_URL -s -X POST -F "file=@${path}" -H "Content-Type:multipart/form-data " -H "Authorization:${TOKEN}" -H "File-Desc:{'opAction':'add','certName':'${cacertName}','certId':null,'isValid':1}")
#newPath=${CACERT_DIR}"/"$cacertName".pem" #newPath=${CACERT_DIR}"/"$cacertName".pem"
#mv $path $newPath #mv $path $newPath
TIMESTEMP=$(date '+%Y-%m-%d %H:%M:%S') #TIMESTEMP=$(date '+%Y-%m-%d %H:%M:%S')
#echo "upload [ ${cacertName} ]" #echo "upload [ ${cacertName} ]"
#echo "[${TIMESTEMP}]upload [ ${cacertName} ] path:[ ${path} ] to [ ${CACERT_URL} ]" >> $LOG_FILE #echo "[${TIMESTEMP}]upload [ ${cacertName} ] path:[ ${path} ] to [ ${CACERT_URL} ]" >> $LOG_FILE
#echo "[${TIMESTEMP}]result:"${result} >> $LOG_FILE #echo "[${TIMESTEMP}]result:"${result} >> $LOG_FILE
echo "" >> $LOG_FILE #echo "" >> $LOG_FILE
done done

4
src/main/resources/sql/20190608/alter_trusted_column.sql Normal file
View File

@@ -0,0 +1,4 @@
#可信证书列表增加是否内置证书属性
alter table pxy_obj_trusted_ca_cert add built_in int(1) default 0 comment 'is built-in';
#修改已有证书为非内置证书
update pxy_obj_trusted_ca_cert set built_in=0;

3807
src/main/resources/sql/20190608/tls-ca-bundle.pem Normal file
View File

File diff suppressed because it is too large Load Diff

4
src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/certForm.jsp
View File

@@ -71,7 +71,7 @@ var submitCrlFrom=function(){
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title" id="exampleModalLabel"> <h5 class="modal-title" id="exampleModalLabel">
<spring:message code="add_cert_file" /> <spring:message code="import_built_cert_file" />
</h5> </h5>
<button type="button" class="close" data-dismiss="modal" <button type="button" class="close" data-dismiss="modal"
aria-label="Close"> aria-label="Close">
@@ -90,7 +90,7 @@ var submitCrlFrom=function(){
<input type="hidden" name="isValid" value="1"> <input type="hidden" name="isValid" value="1">
<input type="hidden" name="isAudit" value="1"> <input type="hidden" name="isAudit" value="1">
<input type="hidden" name="functionId" value="${cfg.functionId }"> <input type="hidden" name="functionId" value="${cfg.functionId }">
<input type="hidden" name="serviceId" value="571"> <input type="hidden" name="serviceId" value="640">
<input type="hidden" name="cfgType" value="PXY_PROFILE_TRUSTED_CA_CERT"> <input type="hidden" name="cfgType" value="PXY_PROFILE_TRUSTED_CA_CERT">
<input type="hidden" name="cfgRegionCode" value=""> <input type="hidden" name="cfgRegionCode" value="">
<input type="hidden" name="requestId" value="0"> <input type="hidden" name="requestId" value="0">

23
src/main/webapp/WEB-INF/views/cfg/intercept/strateagy/trustedCertList.jsp
View File

@@ -126,12 +126,14 @@
<spring:message code="add"></spring:message></button> <spring:message code="add"></spring:message></button>
</shiro:hasPermission> </shiro:hasPermission>
<shiro:hasPermission name="proxy:trustedCert:built-in">
<c:if test="${!hasBuiltIn}">
<button type="button" class="btn btn-primary" <button type="button" class="btn btn-primary"
onClick="addCrlFile(this)"> onClick="addCrlFile(this)">
<i class="fa fa-plus"></i> <i class="fa fa-plus"></i>
<spring:message code="import_crl"></spring:message></button> <spring:message code="import_built_cert_file"></spring:message></button>
</shiro:hasPermission> </c:if>
</div> </div>
<h3 class="page-title"> <h3 class="page-title">
@@ -374,7 +376,8 @@
<th column="cert_name" class="sort-column r.cfg_desc"><spring:message code="cert_name" /></th> <th column="cert_name" class="sort-column r.cfg_desc"><spring:message code="cert_name" /></th>
<th column="certificate_file" ><spring:message code="certificate" /> <spring:message code="file" /></th> <th column="certificate_file" ><spring:message code="certificate" /> <spring:message code="file" /></th>
<th column="issuer" ><spring:message code="issuer"/></th> <th column="issuer" ><spring:message code="issuer"/></th>
<th column="crl_file" ><spring:message code="crl"/> <spring:message code="file"/></th> <%--<th column="crl_file" ><spring:message code="crl"/> <spring:message code="file"/></th>--%>
<th column="built_in" ><spring:message code="built_in"/></th>
<th column="is_audit" ><spring:message code="is_audit"/></th> <th column="is_audit" ><spring:message code="is_audit"/></th>
<%-- <th column="whether_area_block" ><spring:message code="whether_area_block"/></th> --%> <%-- <th column="whether_area_block" ><spring:message code="whether_area_block"/></th> --%>
<th column="letter" ><spring:message code="letter"/></th> <th column="letter" ><spring:message code="letter"/></th>
@@ -394,7 +397,9 @@
<c:forEach items="${page.list }" var="cfg" varStatus="status" step="1"> <c:forEach items="${page.list }" var="cfg" varStatus="status" step="1">
<tr> <tr>
<td> <td>
<input type="checkbox" class="i-checks" serviceId="${cfg.serviceId}" id="${cfg.cfgId}" value="${cfg.isAudit}"> <c:if test="${cfg.builtIn==0}">
<input type="checkbox" class="i-checks" serviceId="${cfg.serviceId}" id="${cfg.cfgId}" value="${cfg.isAudit}">
</c:if>
</td> </td>
<td> <td>
<c:set var="crlFile" value="${fns:getTrustedCrlByCerId(cfg.compileId) }"></c:set> <c:set var="crlFile" value="${fns:getTrustedCrlByCerId(cfg.compileId) }"></c:set>
@@ -414,8 +419,8 @@
${fn:substring(cfg.issuer,0,20) } ${fn:substring(cfg.issuer,0,20) }
</a> </a>
</td> </td>
<td> <%-- <td>
<%-- <button class="btn revision popovers purple-stripe " data-content="${crlInfo}"><spring:message code="view"/></button> --%> <button class="btn revision popovers purple-stripe " data-content="${crlInfo}"><spring:message code="view"/></button>
<c:if test="${(cfg.isAudit eq '0') || (cfg.isAudit eq '1')}"> <c:if test="${(cfg.isAudit eq '0') || (cfg.isAudit eq '1')}">
<a class="fa fa-cloud-upload" href="javascript:void(0);" onclick="addCrlFile(this);" <a class="fa fa-cloud-upload" href="javascript:void(0);" onclick="addCrlFile(this);"
cfgDesc="${cfg.cfgDesc }" cfgDesc="${cfg.cfgDesc }"
@@ -439,6 +444,10 @@
class="tooltips" data-flag="false" data-html="true" data-placement="top"> class="tooltips" data-flag="false" data-html="true" data-placement="top">
${fn:substring(crlFile,0,20) } ${fn:substring(crlFile,0,20) }
</a> </a>
</td> --%>
<td>
<c:if test="${cfg.builtIn==0}"><spring:message code="no"/></c:if>
<c:if test="${cfg.builtIn==1}"><spring:message code="yes"/></c:if>
</td> </td>
<td> <td>
<c:choose> <c:choose>