diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java index 98499391d..e225f3e1c 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java @@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; +import org.springframework.mock.web.MockMultipartFile; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.util.FileCopyUtils; @@ -60,6 +61,7 @@ import com.nis.util.JsonMapper; import com.nis.util.LogUtils; import com.nis.util.StringUtil; import com.nis.web.controller.BaseController; +import com.nis.web.security.UserUtils; /** * 拦截策略 @@ -294,8 +296,9 @@ public class PxyObjKeyringController extends BaseController { public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception { boolean delTempFile=true; //内置可信证书列表不允许删除 - if("-cacert".equals(validateType)) { + if("-incacert".equals(validateType)) { delTempFile=false; + validateType="-incert"; } String os = System.getProperty("os.name").toLowerCase(); @@ -873,9 +876,8 @@ public class PxyObjKeyringController extends BaseController { String certFilePath=""; String resultDirPath=""; try { - if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("cacert"))) { - certFilePath=certInfoMap.get("cacert").toString(); - + if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("certFilePath"))) { + certFilePath=certInfoMap.get("certFilePath").toString(); String cacert = Thread.currentThread().getContextClassLoader() .getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath(); this.execShell("", "chmod", "+x", cacert); @@ -898,52 +900,115 @@ public class PxyObjKeyringController extends BaseController { LogUtils.saveLog(request, null, e, null); } - //文件上传minio-入库-下发 - //记录异常项信息 + //校验内置证书,并获取issuer信息 + File fileDir=null; + Map issuerMap=new HashMap<>(); if(validFlag && !StringUtil.isEmpty(resultDirPath)) { - File fileDir=new File(resultDirPath); - if(!StringUtil.isEmpty(fileDir.listFiles())) { - for (File file : fileDir.listFiles()) { - String filename =""; - try { - PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert(); - BeanUtils.copyProperties(cfg, cacertBuitIn); - filename = crlFileI.getOriginalFilename(); - String prefix = FileUtils.getPrefix(filename, false); - String suffix = FileUtils.getSuffix(filename, false); - file = File.createTempFile("file_" + prefix, suffix); - crlFileI.transferTo(file);// 复制文件 - String md5 = FileUtils.getFileMD5(file); - Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", suffix); - srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 - srcMap.put("createTime", new Date()); - srcMap.put("key", prefix); - srcMap.put("fileName", filename); - srcMap.put("checksum", md5); - ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); - logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result)); - String crlFileAccessUrl = null; - if (!StringUtil.isEmpty(result)) { - ResponseData data = result.getData(); - crlFileAccessUrl = data.getAccessUrl(); - cacertBuitIn.setCrlFile(crlFileAccessUrl); - } - pxyObjKeyringService.trustedCertsaveOrUpdate(cacertBuitIn); - } catch (Exception e) { - validFlag = false; - logger.error("内置可信证书"+filename+"下发失败", e); - if (e instanceof MaatConvertException) { - addMessage(redirectAttributes, "error", "request_service_failed"); - LogUtils.saveLog(request, null, e, null); - }else { + fileDir=new File(resultDirPath); + try { + if(validFlag) { + for (File file : fileDir.listFiles()) { + FileInputStream fileInputStream = new FileInputStream(file); + MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream); + //校验证书格式 + boolean validResult = validCertFileContent(multipartFile,null, "-incacert"); + if (validResult && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("ca issuer"))) { + String issuer=certInfoMap.get("ca issuer").toString(); + issuerMap.put(file.getName(), certInfoMap.get("ca issuer").toString()); + }else{ addMessage(redirectAttributes, "error", "save_failed"); - LogUtils.saveLog(request, null, e, null); + logger.error(crlFileI.getOriginalFilename() + " file non crl file format "); + throw new MultiPartNewException(this.getMsgProp().getProperty("cert_file_error")); } } } + } catch (Exception e) { + validFlag = false; + logger.error("证书文件校验失败", e); + if (e instanceof MaatConvertException) { + addMessage(redirectAttributes, "error", "request_service_failed"); + LogUtils.saveLog(request, null, e, null); + } else if (e instanceof MultiPartNewException) { + addMessage(redirectAttributes, "error", e.getMessage()); + LogUtils.saveLog(request, null, e, null); + } else { + addMessage(redirectAttributes, "error", "save_failed"); + LogUtils.saveLog(request, null, e, null); + } + } + + } + + List caCertList=new ArrayList(); + if(validFlag) { + for (File file : fileDir.listFiles()) { + File newFile = null; + String filename =""; + try { + FileInputStream fileInputStream = new FileInputStream(file); + MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream); + Date date=new Date(); + cfg.setCreateTime(date); + cfg.setCreatorId(UserUtils.getUser().getId()); + cfg.setAuditTime(date); + cfg.setAuditorId(UserUtils.getUser().getId()); + PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert(); + BeanUtils.copyProperties(cfg, cacertBuitIn); + filename = file.getName(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + newFile = File.createTempFile("file_" + prefix, suffix); + multipartFile.transferTo(newFile);// 复制文件 + String md5 = FileUtils.getFileMD5(file); + Map srcMap = Maps.newHashMap(); + srcMap.put("filetype", suffix); + srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 + srcMap.put("createTime", new Date()); + srcMap.put("key", prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); + ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); + logger.info("可信证书内置证书 文件上传响应信息:" + JsonMapper.toJsonString(result)); + String crlFileAccessUrl = null; + if (!StringUtil.isEmpty(result)) { + ResponseData data = result.getData(); + crlFileAccessUrl = data.getAccessUrl(); + cacertBuitIn.setCrlFile(crlFileAccessUrl); + } + cacertBuitIn.setIssuer(issuerMap.get(file.getName())); + cacertBuitIn.setCfgDesc(issuerMap.get(file.getName())+"_"+file.getName()); + caCertList.add(cacertBuitIn); + } catch (Exception e) { + validFlag = false; + logger.error("内置可信证书"+filename+"上传minio失败", e); + if (e instanceof MaatConvertException) { + addMessage(redirectAttributes, "error", "request_service_failed"); + LogUtils.saveLog(request, null, e, null); + }else { + addMessage(redirectAttributes, "error", "save_failed"); + LogUtils.saveLog(request, null, e, null); + } + } + } + } + + //入库并下发 + if(validFlag){ + try { + if(StringUtil.isEmpty(caCertList)){ + pxyObjKeyringService.caCertSaveAndAudit(caCertList); + } + }catch (Exception e) { + validFlag = false; + logger.error("内置可信证书下发失败", e); + if (e instanceof MaatConvertException) { + addMessage(redirectAttributes, "error", "request_service_failed"); + LogUtils.saveLog(request, null, e, null); + }else { + addMessage(redirectAttributes, "error", "save_failed"); + LogUtils.saveLog(request, null, e, null); + } } - } /*if (e instanceof MaatConvertException) { diff --git a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java index bdfee2ec1..fb3052326 100644 --- a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java +++ b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java @@ -483,6 +483,49 @@ public class PxyObjKeyringService extends BaseService{ } } } + + + + @Transactional(readOnly=false,rollbackFor=RuntimeException.class) + public void caCertSaveAndAudit(List cfgList){ + + //修改主表cert 配置状态 + for (PxyObjTrustedCaCert cfg : cfgList) { + //调用服务接口获取compileId + List compileIds = new ArrayList(); + try { + compileIds = ConfigServiceUtil.getId(1,1); + } catch (Exception e) { + e.printStackTrace(); + logger.info("获取编译ID出错"); + throw new MaatConvertException(":"+e.getMessage()); + } + if(compileIds != null && compileIds.size() >0 && compileIds.get(0) != 0){ + cfg.setCompileId(compileIds.get(0)); + } + pxyObjKeyringDao.insertPxyObjTrustedCaCert(cfg); + } + + String json=""; + List trustedCertList=new ArrayList(); + //可信证书cert回调配置转换 + for (PxyObjTrustedCaCert cfg : cfgList) { + trustedCertList.addAll(convertCallBackProxyObjTrustedCa(cfg,null)); + } + //调用服务接口下发配置数据 + json=gsonToJson(trustedCertList); + logger.info("可信证书(cert+crl)配置下发配置参数:"+json); + //调用服务接口下发配置 + try { + ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json); + if(result!=null){ + logger.info("可信证书(内置)配置下发响应信息:"+result.getMsg()); + } + } catch (Exception e) { + logger.error("可信证书(内置)配置下发失败",e); + throw e; + } + } } \ No newline at end of file