diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java index d1c548be4..267139c20 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java @@ -102,8 +102,8 @@ public class PxyObjKeyringController extends BaseController { boolean validFlag = true; try { Properties msgProp = this.getMsgProp(); - boolean publicKeyFileflag = validCertFileContent(publicKeyFileI, "-incert"); - boolean privateKeyFileflag = validCertFileContent(privateKeyFileI, "-inkey"); + boolean publicKeyFileflag = validCertFileContent(publicKeyFileI,null, "-incert"); + boolean privateKeyFileflag = validCertFileContent(privateKeyFileI,null, "-inkey"); if (!publicKeyFileflag && !privateKeyFileflag) { addMessage(redirectAttributes, "error", "save_failed"); logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename() @@ -118,6 +118,16 @@ public class PxyObjKeyringController extends BaseController { logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format "); throw new MultiPartNewException(msgProp.getProperty("private_file_error")); } + + //证书对校验 + if(publicKeyFileflag && privateKeyFileflag){ + boolean keyRingFileflag = validCertFileContent(publicKeyFileI,privateKeyFileI, "-incheck"); + if (!keyRingFileflag) { + addMessage(redirectAttributes, "error", "save_failed"); + logger.error(" 公私钥不匹配 "); + throw new MultiPartNewException(msgProp.getProperty("public_private_file_error")); + } + } } catch (Exception e) { validFlag = false; logger.error("证书文件校验失败", e); @@ -281,7 +291,7 @@ public class PxyObjKeyringController extends BaseController { * @return * @throws Exception */ - public boolean validCertFileContent(MultipartFile file, String validateType) throws Exception { + public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception { String os = System.getProperty("os.name").toLowerCase(); if (!os.contains("windows") && file != null) { // 证书文件临时保存路径 @@ -289,8 +299,16 @@ public class PxyObjKeyringController extends BaseController { FileUtils.createDirectory(certFilePath); String filePath = certFilePath + File.separator + UUID.randomUUID() + FileUtils.getSuffix(file.getOriginalFilename(), true); + String privateFilePath=""; File uploadFile = new File(filePath); FileCopyUtils.copy(file.getBytes(), uploadFile); + + if(!StringUtil.isEmpty(privateFile)){ + privateFilePath=certFilePath + File.separator + UUID.randomUUID() + + FileUtils.getSuffix(privateFile.getOriginalFilename(), true); + File privateUploadFile = new File(privateFilePath); + FileCopyUtils.copy(privateFile.getBytes(), privateUploadFile); + } // 加载x509脚本 String x509Shell = Thread.currentThread().getContextClassLoader() .getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath(); @@ -299,8 +317,8 @@ public class PxyObjKeyringController extends BaseController { logger.info("x509 chmod +x :" + resultMap1.get("out").toString()); logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell); // 验证文件 - logger.info(x509Shell + " " + validateType + " " + filePath); - Map resultMap = this.execShell(x509Shell, validateType, filePath); + logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath); + Map resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath); if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) { // 临时文件删除 @@ -600,7 +618,7 @@ public class PxyObjKeyringController extends BaseController { File file = null; boolean validFlag = true; try { - boolean certFileflag = validCertFileContent(certFileI, "-incert"); + boolean certFileflag = validCertFileContent(certFileI,null, "-incert"); if (!certFileflag) { addMessage(redirectAttributes, "error", "save_failed"); logger.error(certFileI.getOriginalFilename() + " file non Certificate file format "); @@ -707,7 +725,7 @@ public class PxyObjKeyringController extends BaseController { boolean validFlag = true; try { if (crlFileI != null) { - boolean certFileflag = validCertFileContent(crlFileI, "-incrl"); + boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl"); if (!certFileflag) { addMessage(redirectAttributes, "error", "save_failed"); logger.error(crlFileI.getOriginalFilename() + " file non crl file format "); diff --git a/src/main/resources/messages/message_en.properties b/src/main/resources/messages/message_en.properties index 48e208763..b695181bd 100644 --- a/src/main/resources/messages/message_en.properties +++ b/src/main/resources/messages/message_en.properties @@ -1515,6 +1515,7 @@ src_ip_pattern=Client IP Pattern dest_ip_pattern=Server IP Pattern src_port_pattern=Client Port Pattern dest_port_pattern=Server Port Pattern +<<<<<<< develop_20190508_branch url_group_configuration=URL Group Configuration dns_keyword_group_configuration=DNS Keyword Group Configuration app_ip_correlation=APP IP Correlation @@ -1525,3 +1526,5 @@ dns_keyword_group_manage=DNS Keyword Group Manage old_asn_group_manage=ASN Group url_group_manage=URL Group Manage range_cross=Found intersections between Server IP address and Client IP address +app_ip_correlation=APP IP Correlation +public_private_file_error=Public-private key mismatch diff --git a/src/main/resources/messages/message_ru.properties b/src/main/resources/messages/message_ru.properties index eb2c2c021..a06ec71c8 100644 --- a/src/main/resources/messages/message_ru.properties +++ b/src/main/resources/messages/message_ru.properties @@ -1512,4 +1512,12 @@ effective=Effective admin_user_warn=Admin User Warn interface_total=Interface Total service_total=Service Total -none_file_tip=Please Choose File! \ No newline at end of file +none_file_tip=Please Choose File! +the_same_ip_type=IP-\u0430\u0434\u0440\u0435\u0441 \u043A\u043B\u0438\u0435\u043D\u0442\u0430 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043E\u043B\u0436\u043D\u044B \u0438\u043C\u0435\u0442\u044C \u043E\u0434\u0438\u043D \u0438 \u0442\u043E\u0442 \u0436\u0435 \u0442\u0438\u043F. +src_ip_pattern=Client IP Pattern +dest_ip_pattern=Server IP Pattern +src_port_pattern=Client Port Pattern +dest_port_pattern=Server Port Pattern +range_cross=Found intersections between Server IP address and Client IP address +app_ip_correlation=APP IP Correlation +public_private_file_error=Public-private key mismatch diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties index 331c2081c..7bbd060ce 100644 --- a/src/main/resources/messages/message_zh_CN.properties +++ b/src/main/resources/messages/message_zh_CN.properties @@ -1514,4 +1514,6 @@ src_ip_pattern=\u6E90IP\u683C\u5F0F dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F -range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9 \ No newline at end of file +range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9 +app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E +public_private_file_error=\u516C\u79C1\u94A5\u8BC1\u4E66\u4E0D\u5339\u914D diff --git a/src/main/resources/shell/x509 b/src/main/resources/shell/x509 index f39b17b88..3533e30da 100644 Binary files a/src/main/resources/shell/x509 and b/src/main/resources/shell/x509 differ