证书验证公私钥不匹配

src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java

@@ -102,8 +102,8 @@ public class PxyObjKeyringController extends BaseController {
 		boolean validFlag = true;
 		try {
 			Properties msgProp = this.getMsgProp();
-			boolean publicKeyFileflag = validCertFileContent(publicKeyFileI, "-incert");
+			boolean publicKeyFileflag = validCertFileContent(publicKeyFileI,null, "-incert");
-			boolean privateKeyFileflag = validCertFileContent(privateKeyFileI, "-inkey");
+			boolean privateKeyFileflag = validCertFileContent(privateKeyFileI,null, "-inkey");
 			if (!publicKeyFileflag && !privateKeyFileflag) {
 				addMessage(redirectAttributes, "error", "save_failed");
 				logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename()
@@ -118,6 +118,16 @@ public class PxyObjKeyringController extends BaseController {
 				logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format ");
 				throw new MultiPartNewException(msgProp.getProperty("private_file_error"));
 			}
+			
+			//证书对校验
+			if(publicKeyFileflag && privateKeyFileflag){
+				boolean keyRingFileflag = validCertFileContent(publicKeyFileI,privateKeyFileI, "-incheck");
+				if (!keyRingFileflag) {
+					addMessage(redirectAttributes, "error", "save_failed");
+					logger.error(" 公私钥不匹配 ");
+					throw new MultiPartNewException(msgProp.getProperty("public_private_file_error"));
+				}
+			}
 		} catch (Exception e) {
 			validFlag = false;
 			logger.error("证书文件校验失败", e);
@@ -281,7 +291,7 @@ public class PxyObjKeyringController extends BaseController {
 	 * @return
 	 * @throws Exception
 	 */
-	public boolean validCertFileContent(MultipartFile file, String validateType) throws Exception {
+	public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
 		String os = System.getProperty("os.name").toLowerCase();
 		if (!os.contains("windows") && file != null) {
 			// 证书文件临时保存路径
@@ -289,8 +299,16 @@ public class PxyObjKeyringController extends BaseController {
 			FileUtils.createDirectory(certFilePath);
 			String filePath = certFilePath + File.separator + UUID.randomUUID()
 					+ FileUtils.getSuffix(file.getOriginalFilename(), true);
+			String privateFilePath="";
 			File uploadFile = new File(filePath);
 			FileCopyUtils.copy(file.getBytes(), uploadFile);
+			
+			if(!StringUtil.isEmpty(privateFile)){
+				privateFilePath=certFilePath + File.separator + UUID.randomUUID()
+				+ FileUtils.getSuffix(privateFile.getOriginalFilename(), true);
+				File privateUploadFile = new File(privateFilePath);
+				FileCopyUtils.copy(privateFile.getBytes(), privateUploadFile);
+			}
 			// 加载x509脚本
 			String x509Shell = Thread.currentThread().getContextClassLoader()
 					.getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath();
@@ -299,8 +317,8 @@ public class PxyObjKeyringController extends BaseController {
 			logger.info("x509 chmod +x :" + resultMap1.get("out").toString());
 			logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell);
 			// 验证文件
-			logger.info(x509Shell + " " + validateType + " " + filePath);
+			logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath);
-			Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath);
+			Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath);
 
 			if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
 				// 临时文件删除
@@ -600,7 +618,7 @@ public class PxyObjKeyringController extends BaseController {
 		File file = null;
 		boolean validFlag = true;
 		try {
-			boolean certFileflag = validCertFileContent(certFileI, "-incert");
+			boolean certFileflag = validCertFileContent(certFileI,null, "-incert");
 			if (!certFileflag) {
 				addMessage(redirectAttributes, "error", "save_failed");
 				logger.error(certFileI.getOriginalFilename() + " file non Certificate file format ");
@@ -707,7 +725,7 @@ public class PxyObjKeyringController extends BaseController {
 		boolean validFlag = true;
 		try {
 			if (crlFileI != null) {
-				boolean certFileflag = validCertFileContent(crlFileI, "-incrl");
+				boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
 				if (!certFileflag) {
 					addMessage(redirectAttributes, "error", "save_failed");
 					logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");

src/main/resources/messages/message_en.properties

@@ -1516,4 +1516,5 @@ dest_ip_pattern=Server IP Pattern
 src_port_pattern=Client Port Pattern
 dest_port_pattern=Server Port Pattern
 range_cross=Found intersections between Server IP address and Client IP address
-app_ip_correlation=APP IP Correlation
+app_ip_correlation=APP IP Correlation
+public_private_file_error=Public-private key mismatch

src/main/resources/messages/message_ru.properties

@@ -1519,4 +1519,5 @@ dest_ip_pattern=Server IP Pattern
 src_port_pattern=Client Port Pattern
 dest_port_pattern=Server Port Pattern
 range_cross=Found intersections between Server IP address and Client IP address
-app_ip_correlation=APP IP Correlation
+app_ip_correlation=APP IP Correlation
+public_private_file_error=Public-private key mismatch

src/main/resources/messages/message_zh_CN.properties

@@ -1515,4 +1515,5 @@ dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F
 src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F
 dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F
 range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9
-app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
+app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
+public_private_file_error=\u516C\u79C1\u94A5\u8BC1\u4E66\u4E0D\u5339\u914D