内置可信证书上传minio，入库，并下发

2019-06-07 21:48:26 +08:00
parent 56f08a1bfa
commit 744a6eae55
2 changed files with 152 additions and 44 deletions
--- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;

 import org.apache.commons.beanutils.BeanUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.util.FileCopyUtils;
@@ -60,6 +61,7 @@ import com.nis.util.JsonMapper;
 import com.nis.util.LogUtils;
 import com.nis.util.StringUtil;
 import com.nis.web.controller.BaseController;
+import com.nis.web.security.UserUtils;

 /**
 * 拦截策略
@@ -294,8 +296,9 @@ public class PxyObjKeyringController extends BaseController {
 	public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
 		boolean delTempFile=true;
 		//内置可信证书列表不允许删除
-		if("-cacert".equals(validateType)) {
+		if("-incacert".equals(validateType)) {
 			delTempFile=false;
+			validateType="-incert";
 		}
 		
 		String os = System.getProperty("os.name").toLowerCase();
@@ -873,9 +876,8 @@ public class PxyObjKeyringController extends BaseController {
 		String certFilePath="";
 		String resultDirPath="";
 		try {
-			if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("cacert"))) {
-				certFilePath=certInfoMap.get("cacert").toString();
-				
+			if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("certFilePath"))) {
+				certFilePath=certInfoMap.get("certFilePath").toString();
 				String cacert = Thread.currentThread().getContextClassLoader()
 						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
 				this.execShell("", "chmod", "+x", cacert);
@@ -898,52 +900,115 @@ public class PxyObjKeyringController extends BaseController {
 			LogUtils.saveLog(request, null, e, null);
 		}
 		
-		//文件上传minio-入库-下发
-		//记录异常项信息
+		//校验内置证书，并获取issuer信息
+		File fileDir=null;
+		Map<String,String> issuerMap=new HashMap<>();
 		if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
-			File fileDir=new File(resultDirPath);
-			if(!StringUtil.isEmpty(fileDir.listFiles())) {
-				for (File file : fileDir.listFiles()) {
-					String filename ="";
-					try {
-						PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
-						BeanUtils.copyProperties(cfg, cacertBuitIn);
-						filename = crlFileI.getOriginalFilename();
-						String prefix = FileUtils.getPrefix(filename, false);
-						String suffix = FileUtils.getSuffix(filename, false);
-						file = File.createTempFile("file_" + prefix, suffix);
-						crlFileI.transferTo(file);// 复制文件
-						String md5 = FileUtils.getFileMD5(file);
-						Map<String, Object> srcMap = Maps.newHashMap();
-						srcMap.put("filetype", suffix);
-						srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
-						srcMap.put("createTime", new Date());
-						srcMap.put("key", prefix);
-						srcMap.put("fileName", filename);
-						srcMap.put("checksum", md5);
-						ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
-						logger.info("可信证书crl 文件上传响应信息：" + JsonMapper.toJsonString(result));
-						String crlFileAccessUrl = null;
-						if (!StringUtil.isEmpty(result)) {
-							ResponseData data = result.getData();
-							crlFileAccessUrl = data.getAccessUrl();
-							cacertBuitIn.setCrlFile(crlFileAccessUrl);
-						}
-						pxyObjKeyringService.trustedCertsaveOrUpdate(cacertBuitIn);
-					} catch (Exception e) {
-						validFlag = false;
-						logger.error("内置可信证书"+filename+"下发失败", e);
-						if (e instanceof MaatConvertException) {
-							addMessage(redirectAttributes, "error", "request_service_failed");
-							LogUtils.saveLog(request, null, e, null);
-						}else {
+			fileDir=new File(resultDirPath);
+			try {
+				if(validFlag) {
+					for (File file : fileDir.listFiles()) {
+						FileInputStream fileInputStream = new FileInputStream(file);
+						MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
+						//校验证书格式
+						boolean validResult = validCertFileContent(multipartFile,null, "-incacert");
+						if (validResult && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("ca issuer"))) {
+							String issuer=certInfoMap.get("ca issuer").toString();
+							issuerMap.put(file.getName(), certInfoMap.get("ca issuer").toString());
+						}else{
 							addMessage(redirectAttributes, "error", "save_failed");
-							LogUtils.saveLog(request, null, e, null);
+							logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
+							throw new MultiPartNewException(this.getMsgProp().getProperty("cert_file_error"));
 						}
 					}
 				}
+			} catch (Exception e) {
+				validFlag = false;
+				logger.error("证书文件校验失败", e);
+				if (e instanceof MaatConvertException) {
+					addMessage(redirectAttributes, "error", "request_service_failed");
+					LogUtils.saveLog(request, null, e, null);
+				} else if (e instanceof MultiPartNewException) {
+					addMessage(redirectAttributes, "error", e.getMessage());
+					LogUtils.saveLog(request, null, e, null);
+				} else {
+					addMessage(redirectAttributes, "error", "save_failed");
+					LogUtils.saveLog(request, null, e, null);
+				}
+			}
+		
+		}
+		
+		List<PxyObjTrustedCaCert> caCertList=new ArrayList<PxyObjTrustedCaCert>();
+		if(validFlag) {
+			for (File file : fileDir.listFiles()) {
+				File newFile = null;
+				String filename ="";
+				try {
+					FileInputStream fileInputStream = new FileInputStream(file);
+					MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
+					Date date=new Date();
+					cfg.setCreateTime(date);
+					cfg.setCreatorId(UserUtils.getUser().getId());
+					cfg.setAuditTime(date);
+					cfg.setAuditorId(UserUtils.getUser().getId());
+					PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
+					BeanUtils.copyProperties(cfg, cacertBuitIn);
+					filename = file.getName();
+					String prefix = FileUtils.getPrefix(filename, false);
+					String suffix = FileUtils.getSuffix(filename, false);
+					newFile = File.createTempFile("file_" + prefix, suffix);
+					multipartFile.transferTo(newFile);// 复制文件
+					String md5 = FileUtils.getFileMD5(file);
+					Map<String, Object> srcMap = Maps.newHashMap();
+					srcMap.put("filetype", suffix);
+					srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
+					srcMap.put("createTime", new Date());
+					srcMap.put("key", prefix);
+					srcMap.put("fileName", filename);
+					srcMap.put("checksum", md5);
+					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+					logger.info("可信证书内置证书 文件上传响应信息：" + JsonMapper.toJsonString(result));
+					String crlFileAccessUrl = null;
+					if (!StringUtil.isEmpty(result)) {
+						ResponseData data = result.getData();
+						crlFileAccessUrl = data.getAccessUrl();
+						cacertBuitIn.setCrlFile(crlFileAccessUrl);
+					}
+					cacertBuitIn.setIssuer(issuerMap.get(file.getName()));
+					cacertBuitIn.setCfgDesc(issuerMap.get(file.getName())+"_"+file.getName());
+					caCertList.add(cacertBuitIn);
+				} catch (Exception e) {
+					validFlag = false;
+					logger.error("内置可信证书"+filename+"上传minio失败", e);
+					if (e instanceof MaatConvertException) {
+						addMessage(redirectAttributes, "error", "request_service_failed");
+						LogUtils.saveLog(request, null, e, null);
+					}else {
+						addMessage(redirectAttributes, "error", "save_failed");
+						LogUtils.saveLog(request, null, e, null);
+					}
+				}
+			}
+		}	
+		
+		//入库并下发
+		if(validFlag){
+			try {
+				if(StringUtil.isEmpty(caCertList)){
+					pxyObjKeyringService.caCertSaveAndAudit(caCertList);
+				}
+			}catch (Exception e) {
+				validFlag = false;
+				logger.error("内置可信证书下发失败", e);
+				if (e instanceof MaatConvertException) {
+					addMessage(redirectAttributes, "error", "request_service_failed");
+					LogUtils.saveLog(request, null, e, null);
+				}else {
+					addMessage(redirectAttributes, "error", "save_failed");
+					LogUtils.saveLog(request, null, e, null);
+				}
 			}
-			
 		}
 		
 		/*if (e instanceof MaatConvertException) {
--- a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
+++ b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
@@ -483,6 +483,49 @@ public class PxyObjKeyringService extends BaseService{
 			}
 		}
 	}
+	
+	
+	
+	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
+	public void caCertSaveAndAudit(List<PxyObjTrustedCaCert>  cfgList){
+		
+		//修改主表cert 配置状态
+		for (PxyObjTrustedCaCert cfg : cfgList) {
+			//调用服务接口获取compileId
+			List<Integer> compileIds = new ArrayList<Integer>();
+			try {
+				compileIds = ConfigServiceUtil.getId(1,1);
+			} catch (Exception e) {
+				e.printStackTrace();
+				logger.info("获取编译ID出错");
+				throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
+			}
+			if(compileIds != null && compileIds.size() >0  && compileIds.get(0) != 0){
+				cfg.setCompileId(compileIds.get(0));
+			}
+			pxyObjKeyringDao.insertPxyObjTrustedCaCert(cfg);
+		}
+		
+		String json="";
+		List<ProxyObjTrustedCa> trustedCertList=new ArrayList<ProxyObjTrustedCa>();
+		//可信证书cert回调配置转换
+		for (PxyObjTrustedCaCert cfg : cfgList) {
+			trustedCertList.addAll(convertCallBackProxyObjTrustedCa(cfg,null));
+		}
+		//调用服务接口下发配置数据
+		json=gsonToJson(trustedCertList);
+		logger.info("可信证书（cert+crl）配置下发配置参数："+json);
+		//调用服务接口下发配置
+		try {
+			ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
+			if(result!=null){
+				logger.info("可信证书（内置）配置下发响应信息："+result.getMsg());
+			}
+		} catch (Exception e) {
+			logger.error("可信证书（内置）配置下发失败",e);
+			throw e;
+		}
+	}
 }