内置可信证书上传minio，入库，并下发

2019-06-07 21:48:26 +08:00
parent 56f08a1bfa
commit 744a6eae55
2 changed files with 152 additions and 44 deletions
--- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java
@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.beanutils.BeanUtils;
 import org.apache.shiro.authz.annotation.RequiresPermissions;
 import org.springframework.mock.web.MockMultipartFile;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.util.FileCopyUtils;
@@ -60,6 +61,7 @@ import com.nis.util.JsonMapper;
 import com.nis.util.LogUtils;
 import com.nis.util.StringUtil;
 import com.nis.web.controller.BaseController;
 import com.nis.web.security.UserUtils;
 /**
 * 拦截策略
@@ -294,8 +296,9 @@ public class PxyObjKeyringController extends BaseController {
 	public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
 		boolean delTempFile=true;
 		//内置可信证书列表不允许删除
-		if("-cacert".equals(validateType)) {
+		if("-incacert".equals(validateType)) {
 			delTempFile=false;
 			validateType="-incert";
 		}
 		String os = System.getProperty("os.name").toLowerCase();
@@ -873,9 +876,8 @@ public class PxyObjKeyringController extends BaseController {
 		String certFilePath="";
 		String resultDirPath="";
 		try {
-			if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("cacert"))) {
+			if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("certFilePath"))) {
-				certFilePath=certInfoMap.get("cacert").toString();
+				certFilePath=certInfoMap.get("certFilePath").toString();
 				String cacert = Thread.currentThread().getContextClassLoader()
 						.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
 				this.execShell("", "chmod", "+x", cacert);
@@ -898,54 +900,117 @@ public class PxyObjKeyringController extends BaseController {
 			LogUtils.saveLog(request, null, e, null);
 		}
-		//文件上传minio-入库-下发
+		//校验内置证书，并获取issuer信息
-		//记录异常项信息
+		File fileDir=null;
 		Map<String,String> issuerMap=new HashMap<>();
 		if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
-			File fileDir=new File(resultDirPath);
+			fileDir=new File(resultDirPath);
-			if(!StringUtil.isEmpty(fileDir.listFiles())) {
+			try {
-				for (File file : fileDir.listFiles()) {
+				if(validFlag) {
-					String filename ="";
+					for (File file : fileDir.listFiles()) {
-					try {
+						FileInputStream fileInputStream = new FileInputStream(file);
-						PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
+						MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
-						BeanUtils.copyProperties(cfg, cacertBuitIn);
+						//校验证书格式
-						filename = crlFileI.getOriginalFilename();
+						boolean validResult = validCertFileContent(multipartFile,null, "-incacert");
-						String prefix = FileUtils.getPrefix(filename, false);
+						if (validResult && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("ca issuer"))) {
-						String suffix = FileUtils.getSuffix(filename, false);
+							String issuer=certInfoMap.get("ca issuer").toString();
-						file = File.createTempFile("file_" + prefix, suffix);
+							issuerMap.put(file.getName(), certInfoMap.get("ca issuer").toString());
-						crlFileI.transferTo(file);// 复制文件
+						}else{
 						String md5 = FileUtils.getFileMD5(file);
 						Map<String, Object> srcMap = Maps.newHashMap();
 						srcMap.put("filetype", suffix);
 						srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
 						srcMap.put("createTime", new Date());
 						srcMap.put("key", prefix);
 						srcMap.put("fileName", filename);
 						srcMap.put("checksum", md5);
 						ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
 						logger.info("可信证书crl 文件上传响应信息：" + JsonMapper.toJsonString(result));
 						String crlFileAccessUrl = null;
 						if (!StringUtil.isEmpty(result)) {
 							ResponseData data = result.getData();
 							crlFileAccessUrl = data.getAccessUrl();
 							cacertBuitIn.setCrlFile(crlFileAccessUrl);
 						}
 						pxyObjKeyringService.trustedCertsaveOrUpdate(cacertBuitIn);
 					} catch (Exception e) {
 						validFlag = false;
 						logger.error("内置可信证书"+filename+"下发失败", e);
 						if (e instanceof MaatConvertException) {
 							addMessage(redirectAttributes, "error", "request_service_failed");
 							LogUtils.saveLog(request, null, e, null);
 						}else {
 							addMessage(redirectAttributes, "error", "save_failed");
-							LogUtils.saveLog(request, null, e, null);
+							logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
 							throw new MultiPartNewException(this.getMsgProp().getProperty("cert_file_error"));
 						}
 					}
 				}
 			} catch (Exception e) {
 				validFlag = false;
 				logger.error("证书文件校验失败", e);
 				if (e instanceof MaatConvertException) {
 					addMessage(redirectAttributes, "error", "request_service_failed");
 					LogUtils.saveLog(request, null, e, null);
 				} else if (e instanceof MultiPartNewException) {
 					addMessage(redirectAttributes, "error", e.getMessage());
 					LogUtils.saveLog(request, null, e, null);
 				} else {
 					addMessage(redirectAttributes, "error", "save_failed");
 					LogUtils.saveLog(request, null, e, null);
 				}
 			}
 		}
 		List<PxyObjTrustedCaCert> caCertList=new ArrayList<PxyObjTrustedCaCert>();
 		if(validFlag) {
 			for (File file : fileDir.listFiles()) {
 				File newFile = null;
 				String filename ="";
 				try {
 					FileInputStream fileInputStream = new FileInputStream(file);
 					MultipartFile multipartFile = new MockMultipartFile(file.getName(),fileInputStream);
 					Date date=new Date();
 					cfg.setCreateTime(date);
 					cfg.setCreatorId(UserUtils.getUser().getId());
 					cfg.setAuditTime(date);
 					cfg.setAuditorId(UserUtils.getUser().getId());
 					PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert();
 					BeanUtils.copyProperties(cfg, cacertBuitIn);
 					filename = file.getName();
 					String prefix = FileUtils.getPrefix(filename, false);
 					String suffix = FileUtils.getSuffix(filename, false);
 					newFile = File.createTempFile("file_" + prefix, suffix);
 					multipartFile.transferTo(newFile);// 复制文件
 					String md5 = FileUtils.getFileMD5(file);
 					Map<String, Object> srcMap = Maps.newHashMap();
 					srcMap.put("filetype", suffix);
 					srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
 					srcMap.put("createTime", new Date());
 					srcMap.put("key", prefix);
 					srcMap.put("fileName", filename);
 					srcMap.put("checksum", md5);
 					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
 					logger.info("可信证书内置证书 文件上传响应信息：" + JsonMapper.toJsonString(result));
 					String crlFileAccessUrl = null;
 					if (!StringUtil.isEmpty(result)) {
 						ResponseData data = result.getData();
 						crlFileAccessUrl = data.getAccessUrl();
 						cacertBuitIn.setCrlFile(crlFileAccessUrl);
 					}
 					cacertBuitIn.setIssuer(issuerMap.get(file.getName()));
 					cacertBuitIn.setCfgDesc(issuerMap.get(file.getName())+"_"+file.getName());
 					caCertList.add(cacertBuitIn);
 				} catch (Exception e) {
 					validFlag = false;
 					logger.error("内置可信证书"+filename+"上传minio失败", e);
 					if (e instanceof MaatConvertException) {
 						addMessage(redirectAttributes, "error", "request_service_failed");
 						LogUtils.saveLog(request, null, e, null);
 					}else {
 						addMessage(redirectAttributes, "error", "save_failed");
 						LogUtils.saveLog(request, null, e, null);
 					}
 				}
 			}
 		}	
 		//入库并下发
 		if(validFlag){
 			try {
 				if(StringUtil.isEmpty(caCertList)){
 					pxyObjKeyringService.caCertSaveAndAudit(caCertList);
 				}
 			}catch (Exception e) {
 				validFlag = false;
 				logger.error("内置可信证书下发失败", e);
 				if (e instanceof MaatConvertException) {
 					addMessage(redirectAttributes, "error", "request_service_failed");
 					LogUtils.saveLog(request, null, e, null);
 				}else {
 					addMessage(redirectAttributes, "error", "save_failed");
 					LogUtils.saveLog(request, null, e, null);
 				}
 			}
 		}
 		/*if (e instanceof MaatConvertException) {
 			addMessage(redirectAttributes, "error", "request_service_failed");
 			LogUtils.saveLog(request, null, e, null);
--- a/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
+++ b/src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
@@ -483,6 +483,49 @@ public class PxyObjKeyringService extends BaseService{
 			}
 		}
 	}
 	@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
 	public void caCertSaveAndAudit(List<PxyObjTrustedCaCert>  cfgList){
 		//修改主表cert 配置状态
 		for (PxyObjTrustedCaCert cfg : cfgList) {
 			//调用服务接口获取compileId
 			List<Integer> compileIds = new ArrayList<Integer>();
 			try {
 				compileIds = ConfigServiceUtil.getId(1,1);
 			} catch (Exception e) {
 				e.printStackTrace();
 				logger.info("获取编译ID出错");
 				throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
 			}
 			if(compileIds != null && compileIds.size() >0  && compileIds.get(0) != 0){
 				cfg.setCompileId(compileIds.get(0));
 			}
 			pxyObjKeyringDao.insertPxyObjTrustedCaCert(cfg);
 		}
 		String json="";
 		List<ProxyObjTrustedCa> trustedCertList=new ArrayList<ProxyObjTrustedCa>();
 		//可信证书cert回调配置转换
 		for (PxyObjTrustedCaCert cfg : cfgList) {
 			trustedCertList.addAll(convertCallBackProxyObjTrustedCa(cfg,null));
 		}
 		//调用服务接口下发配置数据
 		json=gsonToJson(trustedCertList);
 		logger.info("可信证书（cert+crl）配置下发配置参数："+json);
 		//调用服务接口下发配置
 		try {
 			ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
 			if(result!=null){
 				logger.info("可信证书（内置）配置下发响应信息："+result.getMsg());
 			}
 		} catch (Exception e) {
 			logger.error("可信证书（内置）配置下发失败",e);
 			throw e;
 		}
 	}
 }