证书验证公私钥不匹配
This commit is contained in:
duandongmei
@@ -102,8 +102,8 @@ public class PxyObjKeyringController extends BaseController {
|
||||
boolean validFlag = true;
|
||||
try {
|
||||
Properties msgProp = this.getMsgProp();
|
||||
boolean publicKeyFileflag = validCertFileContent(publicKeyFileI, "-incert");
|
||||
boolean privateKeyFileflag = validCertFileContent(privateKeyFileI, "-inkey");
|
||||
boolean publicKeyFileflag = validCertFileContent(publicKeyFileI,null, "-incert");
|
||||
boolean privateKeyFileflag = validCertFileContent(privateKeyFileI,null, "-inkey");
|
||||
if (!publicKeyFileflag && !privateKeyFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename()
|
||||
@@ -118,6 +118,16 @@ public class PxyObjKeyringController extends BaseController {
|
||||
logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format ");
|
||||
throw new MultiPartNewException(msgProp.getProperty("private_file_error"));
|
||||
}
|
||||
|
||||
//证书对校验
|
||||
if(publicKeyFileflag && privateKeyFileflag){
|
||||
boolean keyRingFileflag = validCertFileContent(publicKeyFileI,privateKeyFileI, "-incheck");
|
||||
if (!keyRingFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(" 公私钥不匹配 ");
|
||||
throw new MultiPartNewException(msgProp.getProperty("public_private_file_error"));
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("证书文件校验失败", e);
|
||||
@@ -281,7 +291,7 @@ public class PxyObjKeyringController extends BaseController {
|
||||
* @return
|
||||
* @throws Exception
|
||||
*/
|
||||
public boolean validCertFileContent(MultipartFile file, String validateType) throws Exception {
|
||||
public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
|
||||
String os = System.getProperty("os.name").toLowerCase();
|
||||
if (!os.contains("windows") && file != null) {
|
||||
// 证书文件临时保存路径
|
||||
@@ -289,8 +299,16 @@ public class PxyObjKeyringController extends BaseController {
|
||||
FileUtils.createDirectory(certFilePath);
|
||||
String filePath = certFilePath + File.separator + UUID.randomUUID()
|
||||
+ FileUtils.getSuffix(file.getOriginalFilename(), true);
|
||||
String privateFilePath="";
|
||||
File uploadFile = new File(filePath);
|
||||
FileCopyUtils.copy(file.getBytes(), uploadFile);
|
||||
|
||||
if(!StringUtil.isEmpty(privateFile)){
|
||||
privateFilePath=certFilePath + File.separator + UUID.randomUUID()
|
||||
+ FileUtils.getSuffix(privateFile.getOriginalFilename(), true);
|
||||
File privateUploadFile = new File(privateFilePath);
|
||||
FileCopyUtils.copy(privateFile.getBytes(), privateUploadFile);
|
||||
}
|
||||
// 加载x509脚本
|
||||
String x509Shell = Thread.currentThread().getContextClassLoader()
|
||||
.getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath();
|
||||
@@ -299,8 +317,8 @@ public class PxyObjKeyringController extends BaseController {
|
||||
logger.info("x509 chmod +x :" + resultMap1.get("out").toString());
|
||||
logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell);
|
||||
// 验证文件
|
||||
logger.info(x509Shell + " " + validateType + " " + filePath);
|
||||
Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath);
|
||||
logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath);
|
||||
Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath);
|
||||
|
||||
if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
|
||||
// 临时文件删除
|
||||
@@ -600,7 +618,7 @@ public class PxyObjKeyringController extends BaseController {
|
||||
File file = null;
|
||||
boolean validFlag = true;
|
||||
try {
|
||||
boolean certFileflag = validCertFileContent(certFileI, "-incert");
|
||||
boolean certFileflag = validCertFileContent(certFileI,null, "-incert");
|
||||
if (!certFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(certFileI.getOriginalFilename() + " file non Certificate file format ");
|
||||
@@ -707,7 +725,7 @@ public class PxyObjKeyringController extends BaseController {
|
||||
boolean validFlag = true;
|
||||
try {
|
||||
if (crlFileI != null) {
|
||||
boolean certFileflag = validCertFileContent(crlFileI, "-incrl");
|
||||
boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
|
||||
if (!certFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
|
||||
|
||||
@@ -1516,4 +1516,5 @@ dest_ip_pattern=Server IP Pattern
|
||||
src_port_pattern=Client Port Pattern
|
||||
dest_port_pattern=Server Port Pattern
|
||||
range_cross=Found intersections between Server IP address and Client IP address
|
||||
app_ip_correlation=APP IP Correlation
|
||||
app_ip_correlation=APP IP Correlation
|
||||
public_private_file_error=Public-private key mismatch
|
||||
@@ -1519,4 +1519,5 @@ dest_ip_pattern=Server IP Pattern
|
||||
src_port_pattern=Client Port Pattern
|
||||
dest_port_pattern=Server Port Pattern
|
||||
range_cross=Found intersections between Server IP address and Client IP address
|
||||
app_ip_correlation=APP IP Correlation
|
||||
app_ip_correlation=APP IP Correlation
|
||||
public_private_file_error=Public-private key mismatch
|
||||
@@ -1515,4 +1515,5 @@ dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F
|
||||
src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F
|
||||
dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F
|
||||
range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9
|
||||
app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
|
||||
app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
|
||||
public_private_file_error=\u516C\u79C1\u94A5\u8BC1\u4E66\u4E0D\u5339\u914D
|
||||
Binary file not shown.
Reference in New Issue
Block a user