diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java index d1c548be4..267139c20 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java @@ -102,8 +102,8 @@ public class PxyObjKeyringController extends BaseController { boolean validFlag = true; try { Properties msgProp = this.getMsgProp(); - boolean publicKeyFileflag = validCertFileContent(publicKeyFileI, "-incert"); - boolean privateKeyFileflag = validCertFileContent(privateKeyFileI, "-inkey"); + boolean publicKeyFileflag = validCertFileContent(publicKeyFileI,null, "-incert"); + boolean privateKeyFileflag = validCertFileContent(privateKeyFileI,null, "-inkey"); if (!publicKeyFileflag && !privateKeyFileflag) { addMessage(redirectAttributes, "error", "save_failed"); logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename() @@ -118,6 +118,16 @@ public class PxyObjKeyringController extends BaseController { logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format "); throw new MultiPartNewException(msgProp.getProperty("private_file_error")); } + + //证书对校验 + if(publicKeyFileflag && privateKeyFileflag){ + boolean keyRingFileflag = validCertFileContent(publicKeyFileI,privateKeyFileI, "-incheck"); + if (!keyRingFileflag) { + addMessage(redirectAttributes, "error", "save_failed"); + logger.error(" 公私钥不匹配 "); + throw new MultiPartNewException(msgProp.getProperty("public_private_file_error")); + } + } } catch (Exception e) { validFlag = false; logger.error("证书文件校验失败", e); @@ -281,7 +291,7 @@ public class PxyObjKeyringController extends BaseController { * @return * @throws Exception */ - public boolean validCertFileContent(MultipartFile file, String validateType) throws Exception { + public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception { String os = System.getProperty("os.name").toLowerCase(); if (!os.contains("windows") && file != null) { // 证书文件临时保存路径 @@ -289,8 +299,16 @@ public class PxyObjKeyringController extends BaseController { FileUtils.createDirectory(certFilePath); String filePath = certFilePath + File.separator + UUID.randomUUID() + FileUtils.getSuffix(file.getOriginalFilename(), true); + String privateFilePath=""; File uploadFile = new File(filePath); FileCopyUtils.copy(file.getBytes(), uploadFile); + + if(!StringUtil.isEmpty(privateFile)){ + privateFilePath=certFilePath + File.separator + UUID.randomUUID() + + FileUtils.getSuffix(privateFile.getOriginalFilename(), true); + File privateUploadFile = new File(privateFilePath); + FileCopyUtils.copy(privateFile.getBytes(), privateUploadFile); + } // 加载x509脚本 String x509Shell = Thread.currentThread().getContextClassLoader() .getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath(); @@ -299,8 +317,8 @@ public class PxyObjKeyringController extends BaseController { logger.info("x509 chmod +x :" + resultMap1.get("out").toString()); logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell); // 验证文件 - logger.info(x509Shell + " " + validateType + " " + filePath); - Map resultMap = this.execShell(x509Shell, validateType, filePath); + logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath); + Map resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath); if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) { // 临时文件删除 @@ -600,7 +618,7 @@ public class PxyObjKeyringController extends BaseController { File file = null; boolean validFlag = true; try { - boolean certFileflag = validCertFileContent(certFileI, "-incert"); + boolean certFileflag = validCertFileContent(certFileI,null, "-incert"); if (!certFileflag) { addMessage(redirectAttributes, "error", "save_failed"); logger.error(certFileI.getOriginalFilename() + " file non Certificate file format "); @@ -707,7 +725,7 @@ public class PxyObjKeyringController extends BaseController { boolean validFlag = true; try { if (crlFileI != null) { - boolean certFileflag = validCertFileContent(crlFileI, "-incrl"); + boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl"); if (!certFileflag) { addMessage(redirectAttributes, "error", "save_failed"); logger.error(crlFileI.getOriginalFilename() + " file non crl file format "); diff --git a/src/main/resources/messages/message_en.properties b/src/main/resources/messages/message_en.properties index b7f92a592..77a82bcc6 100644 --- a/src/main/resources/messages/message_en.properties +++ b/src/main/resources/messages/message_en.properties @@ -1516,4 +1516,5 @@ dest_ip_pattern=Server IP Pattern src_port_pattern=Client Port Pattern dest_port_pattern=Server Port Pattern range_cross=Found intersections between Server IP address and Client IP address -app_ip_correlation=APP IP Correlation \ No newline at end of file +app_ip_correlation=APP IP Correlation +public_private_file_error=Public-private key mismatch \ No newline at end of file diff --git a/src/main/resources/messages/message_ru.properties b/src/main/resources/messages/message_ru.properties index 583ea33e0..c39bffd87 100644 --- a/src/main/resources/messages/message_ru.properties +++ b/src/main/resources/messages/message_ru.properties @@ -1519,4 +1519,5 @@ dest_ip_pattern=Server IP Pattern src_port_pattern=Client Port Pattern dest_port_pattern=Server Port Pattern range_cross=Found intersections between Server IP address and Client IP address -app_ip_correlation=APP IP Correlation \ No newline at end of file +app_ip_correlation=APP IP Correlation +public_private_file_error=Public-private key mismatch \ No newline at end of file diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties index 38b4bb502..b146d699e 100644 --- a/src/main/resources/messages/message_zh_CN.properties +++ b/src/main/resources/messages/message_zh_CN.properties @@ -1515,4 +1515,5 @@ dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9 -app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E \ No newline at end of file +app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E +public_private_file_error=\u516C\u79C1\u94A5\u8BC1\u4E66\u4E0D\u5339\u914D \ No newline at end of file diff --git a/src/main/resources/shell/x509 b/src/main/resources/shell/x509 index f39b17b88..3533e30da 100644 Binary files a/src/main/resources/shell/x509 and b/src/main/resources/shell/x509 differ