证书验证公私钥不匹配
Conflicts: src/main/resources/messages/message_en.properties src/main/resources/messages/message_ru.properties src/main/resources/messages/message_zh_CN.properties
This commit is contained in:
duandongmei
@@ -102,8 +102,8 @@ public class PxyObjKeyringController extends BaseController {
|
|||||||
boolean validFlag = true;
|
boolean validFlag = true;
|
||||||
try {
|
try {
|
||||||
Properties msgProp = this.getMsgProp();
|
Properties msgProp = this.getMsgProp();
|
||||||
boolean publicKeyFileflag = validCertFileContent(publicKeyFileI, "-incert");
|
boolean publicKeyFileflag = validCertFileContent(publicKeyFileI,null, "-incert");
|
||||||
boolean privateKeyFileflag = validCertFileContent(privateKeyFileI, "-inkey");
|
boolean privateKeyFileflag = validCertFileContent(privateKeyFileI,null, "-inkey");
|
||||||
if (!publicKeyFileflag && !privateKeyFileflag) {
|
if (!publicKeyFileflag && !privateKeyFileflag) {
|
||||||
addMessage(redirectAttributes, "error", "save_failed");
|
addMessage(redirectAttributes, "error", "save_failed");
|
||||||
logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename()
|
logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename()
|
||||||
@@ -118,6 +118,16 @@ public class PxyObjKeyringController extends BaseController {
|
|||||||
logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format ");
|
logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format ");
|
||||||
throw new MultiPartNewException(msgProp.getProperty("private_file_error"));
|
throw new MultiPartNewException(msgProp.getProperty("private_file_error"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//证书对校验
|
||||||
|
if(publicKeyFileflag && privateKeyFileflag){
|
||||||
|
boolean keyRingFileflag = validCertFileContent(publicKeyFileI,privateKeyFileI, "-incheck");
|
||||||
|
if (!keyRingFileflag) {
|
||||||
|
addMessage(redirectAttributes, "error", "save_failed");
|
||||||
|
logger.error(" 公私钥不匹配 ");
|
||||||
|
throw new MultiPartNewException(msgProp.getProperty("public_private_file_error"));
|
||||||
|
}
|
||||||
|
}
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
validFlag = false;
|
validFlag = false;
|
||||||
logger.error("证书文件校验失败", e);
|
logger.error("证书文件校验失败", e);
|
||||||
@@ -281,7 +291,7 @@ public class PxyObjKeyringController extends BaseController {
|
|||||||
* @return
|
* @return
|
||||||
* @throws Exception
|
* @throws Exception
|
||||||
*/
|
*/
|
||||||
public boolean validCertFileContent(MultipartFile file, String validateType) throws Exception {
|
public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
|
||||||
String os = System.getProperty("os.name").toLowerCase();
|
String os = System.getProperty("os.name").toLowerCase();
|
||||||
if (!os.contains("windows") && file != null) {
|
if (!os.contains("windows") && file != null) {
|
||||||
// 证书文件临时保存路径
|
// 证书文件临时保存路径
|
||||||
@@ -289,8 +299,16 @@ public class PxyObjKeyringController extends BaseController {
|
|||||||
FileUtils.createDirectory(certFilePath);
|
FileUtils.createDirectory(certFilePath);
|
||||||
String filePath = certFilePath + File.separator + UUID.randomUUID()
|
String filePath = certFilePath + File.separator + UUID.randomUUID()
|
||||||
+ FileUtils.getSuffix(file.getOriginalFilename(), true);
|
+ FileUtils.getSuffix(file.getOriginalFilename(), true);
|
||||||
|
String privateFilePath="";
|
||||||
File uploadFile = new File(filePath);
|
File uploadFile = new File(filePath);
|
||||||
FileCopyUtils.copy(file.getBytes(), uploadFile);
|
FileCopyUtils.copy(file.getBytes(), uploadFile);
|
||||||
|
|
||||||
|
if(!StringUtil.isEmpty(privateFile)){
|
||||||
|
privateFilePath=certFilePath + File.separator + UUID.randomUUID()
|
||||||
|
+ FileUtils.getSuffix(privateFile.getOriginalFilename(), true);
|
||||||
|
File privateUploadFile = new File(privateFilePath);
|
||||||
|
FileCopyUtils.copy(privateFile.getBytes(), privateUploadFile);
|
||||||
|
}
|
||||||
// 加载x509脚本
|
// 加载x509脚本
|
||||||
String x509Shell = Thread.currentThread().getContextClassLoader()
|
String x509Shell = Thread.currentThread().getContextClassLoader()
|
||||||
.getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath();
|
.getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath();
|
||||||
@@ -299,8 +317,8 @@ public class PxyObjKeyringController extends BaseController {
|
|||||||
logger.info("x509 chmod +x :" + resultMap1.get("out").toString());
|
logger.info("x509 chmod +x :" + resultMap1.get("out").toString());
|
||||||
logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell);
|
logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell);
|
||||||
// 验证文件
|
// 验证文件
|
||||||
logger.info(x509Shell + " " + validateType + " " + filePath);
|
logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath);
|
||||||
Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath);
|
Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath);
|
||||||
|
|
||||||
if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
|
if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
|
||||||
// 临时文件删除
|
// 临时文件删除
|
||||||
@@ -600,7 +618,7 @@ public class PxyObjKeyringController extends BaseController {
|
|||||||
File file = null;
|
File file = null;
|
||||||
boolean validFlag = true;
|
boolean validFlag = true;
|
||||||
try {
|
try {
|
||||||
boolean certFileflag = validCertFileContent(certFileI, "-incert");
|
boolean certFileflag = validCertFileContent(certFileI,null, "-incert");
|
||||||
if (!certFileflag) {
|
if (!certFileflag) {
|
||||||
addMessage(redirectAttributes, "error", "save_failed");
|
addMessage(redirectAttributes, "error", "save_failed");
|
||||||
logger.error(certFileI.getOriginalFilename() + " file non Certificate file format ");
|
logger.error(certFileI.getOriginalFilename() + " file non Certificate file format ");
|
||||||
@@ -707,7 +725,7 @@ public class PxyObjKeyringController extends BaseController {
|
|||||||
boolean validFlag = true;
|
boolean validFlag = true;
|
||||||
try {
|
try {
|
||||||
if (crlFileI != null) {
|
if (crlFileI != null) {
|
||||||
boolean certFileflag = validCertFileContent(crlFileI, "-incrl");
|
boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
|
||||||
if (!certFileflag) {
|
if (!certFileflag) {
|
||||||
addMessage(redirectAttributes, "error", "save_failed");
|
addMessage(redirectAttributes, "error", "save_failed");
|
||||||
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
|
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
|
||||||
|
|||||||
@@ -1515,6 +1515,7 @@ src_ip_pattern=Client IP Pattern
|
|||||||
dest_ip_pattern=Server IP Pattern
|
dest_ip_pattern=Server IP Pattern
|
||||||
src_port_pattern=Client Port Pattern
|
src_port_pattern=Client Port Pattern
|
||||||
dest_port_pattern=Server Port Pattern
|
dest_port_pattern=Server Port Pattern
|
||||||
|
<<<<<<< develop_20190508_branch
|
||||||
url_group_configuration=URL Group Configuration
|
url_group_configuration=URL Group Configuration
|
||||||
dns_keyword_group_configuration=DNS Keyword Group Configuration
|
dns_keyword_group_configuration=DNS Keyword Group Configuration
|
||||||
app_ip_correlation=APP IP Correlation
|
app_ip_correlation=APP IP Correlation
|
||||||
@@ -1525,3 +1526,5 @@ dns_keyword_group_manage=DNS Keyword Group Manage
|
|||||||
old_asn_group_manage=ASN Group
|
old_asn_group_manage=ASN Group
|
||||||
url_group_manage=URL Group Manage
|
url_group_manage=URL Group Manage
|
||||||
range_cross=Found intersections between Server IP address and Client IP address
|
range_cross=Found intersections between Server IP address and Client IP address
|
||||||
|
app_ip_correlation=APP IP Correlation
|
||||||
|
public_private_file_error=Public-private key mismatch
|
||||||
|
|||||||
@@ -1512,4 +1512,12 @@ effective=Effective
|
|||||||
admin_user_warn=Admin User Warn
|
admin_user_warn=Admin User Warn
|
||||||
interface_total=Interface Total
|
interface_total=Interface Total
|
||||||
service_total=Service Total
|
service_total=Service Total
|
||||||
none_file_tip=Please Choose File!
|
none_file_tip=Please Choose File!
|
||||||
|
the_same_ip_type=IP-\u0430\u0434\u0440\u0435\u0441 \u043A\u043B\u0438\u0435\u043D\u0442\u0430 \u0438 \u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u0434\u043E\u043B\u0436\u043D\u044B \u0438\u043C\u0435\u0442\u044C \u043E\u0434\u0438\u043D \u0438 \u0442\u043E\u0442 \u0436\u0435 \u0442\u0438\u043F.
|
||||||
|
src_ip_pattern=Client IP Pattern
|
||||||
|
dest_ip_pattern=Server IP Pattern
|
||||||
|
src_port_pattern=Client Port Pattern
|
||||||
|
dest_port_pattern=Server Port Pattern
|
||||||
|
range_cross=Found intersections between Server IP address and Client IP address
|
||||||
|
app_ip_correlation=APP IP Correlation
|
||||||
|
public_private_file_error=Public-private key mismatch
|
||||||
|
|||||||
@@ -1514,4 +1514,6 @@ src_ip_pattern=\u6E90IP\u683C\u5F0F
|
|||||||
dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F
|
dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F
|
||||||
src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F
|
src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F
|
||||||
dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F
|
dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F
|
||||||
range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9
|
range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9
|
||||||
|
app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
|
||||||
|
public_private_file_error=\u516C\u79C1\u94A5\u8BC1\u4E66\u4E0D\u5339\u914D
|
||||||
|
|||||||
Binary file not shown.
Reference in New Issue
Block a user