国际化增加:
certificate_file_error=Wrong format of certificate file PXY_OBJ_TRUSTED_CA_CERT=Trusted Certificate crl_file_error=Wrong format of CRL file crl_issuer_error=The issuer of the CRL file does not match the issuer of the certificate file. cert_name=Certificate Name add_crl_file=Add CRL File import_crl=Import built-in CRL 证书机构以及证书吊销列表功能
This commit is contained in:
duandongmei
@@ -41,6 +41,8 @@ import com.nis.domain.basics.PolicyGroupInfo;
|
||||
import com.nis.domain.configuration.DnsResStrategy;
|
||||
import com.nis.domain.configuration.IpPortCfg;
|
||||
import com.nis.domain.configuration.PxyObjKeyring;
|
||||
import com.nis.domain.configuration.PxyObjTrustedCaCert;
|
||||
import com.nis.domain.configuration.PxyObjTrustedCaCrl;
|
||||
import com.nis.domain.maat.ToMaatResult;
|
||||
import com.nis.domain.maat.ToMaatResult.ResponseData;
|
||||
import com.nis.exceptions.CallExternalProceduresException;
|
||||
@@ -101,17 +103,17 @@ public class PxyObjKeyringController extends BaseController {
|
||||
boolean publicKeyFileflag=validCertFileContent(publicKeyFileI,"-incert");
|
||||
boolean privateKeyFileflag=validCertFileContent(privateKeyFileI,"-inkey");
|
||||
if(!publicKeyFileflag && !privateKeyFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
logger.error(publicKeyFileI.getOriginalFilename()+" and "+privateKeyFileI.getOriginalFilename()+" file non certificate file format ");
|
||||
throw new MultiPartNewException(
|
||||
this.getMsgProp().getProperty("certificate_error")
|
||||
);
|
||||
}else if(!publicKeyFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
logger.error(publicKeyFileI.getOriginalFilename()+" file non public key file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("public_file_error"));
|
||||
}else if(!privateKeyFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
logger.error(privateKeyFileI.getOriginalFilename()+" file non private key file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("private_file_error"));
|
||||
}
|
||||
@@ -159,6 +161,7 @@ public class PxyObjKeyringController extends BaseController {
|
||||
}
|
||||
}
|
||||
}catch (Exception e) {
|
||||
validFlag=false;
|
||||
logger.error("证书信息获取失败",e);
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
}
|
||||
@@ -217,9 +220,9 @@ public class PxyObjKeyringController extends BaseController {
|
||||
}catch(Exception e){
|
||||
logger.error("证书上传失败",e);
|
||||
if(e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes,"error",e.getMessage());
|
||||
addMessage(redirectAttributes,"error","request_service_failed");
|
||||
}else {
|
||||
addMessage(redirectAttributes,"error",e.getMessage());
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -324,9 +327,11 @@ public class PxyObjKeyringController extends BaseController {
|
||||
try {
|
||||
pxyObjKeyringService.audit(isAudit,isValid,functionId,id,auditTime);
|
||||
} catch (MaatConvertException e) {
|
||||
logger.error(e);
|
||||
addMessage(redirectAttributes,"error", "request_service_failed");
|
||||
}catch (Exception e) {
|
||||
addMessage(redirectAttributes,"error", "audit_failed");
|
||||
logger.error(e);
|
||||
addMessage(redirectAttributes,"error", "audit_failed");
|
||||
}
|
||||
}
|
||||
|
||||
@@ -347,7 +352,7 @@ public class PxyObjKeyringController extends BaseController {
|
||||
|
||||
//pxyObjKeyring配置导出
|
||||
@RequestMapping(value = "exportPxy")
|
||||
public void exportDns(Model model,HttpServletRequest request,HttpServletResponse response,
|
||||
public void exportPxy(Model model,HttpServletRequest request,HttpServletResponse response,
|
||||
@ModelAttribute("cfg")PxyObjKeyring entity,String ids,RedirectAttributes redirectAttributes){
|
||||
try {
|
||||
//export data info
|
||||
@@ -367,13 +372,8 @@ public class PxyObjKeyringController extends BaseController {
|
||||
//条件导出数据大于最大导出数,只导出最大导出条数
|
||||
entity.setTableName(IpPortCfg.getTablename());
|
||||
Page<PxyObjKeyring> pageInfo=new Page<PxyObjKeyring>(request, response,"r");
|
||||
if(pageInfo.getCount()>Constants.MAX_EXPORT_SIZE){
|
||||
pageInfo.setPageNo(1);
|
||||
pageInfo.setPageSize(Constants.MAX_EXPORT_SIZE);
|
||||
}else{
|
||||
pageInfo.setPageNo(1);
|
||||
pageInfo.setPageSize(-1);
|
||||
}
|
||||
pageInfo.setPageNo(1);
|
||||
pageInfo.setPageSize(Constants.MAX_EXPORT_SIZE);
|
||||
Page<PxyObjKeyring> page = pxyObjKeyringService.findPage(pageInfo, entity);
|
||||
for (int i = 0; i <page.getList().size(); i++) {
|
||||
page.getList().get(i).setKeyringName(page.getList().get(i).getCfgDesc());
|
||||
@@ -381,18 +381,225 @@ public class PxyObjKeyringController extends BaseController {
|
||||
model.addAttribute("page", page);
|
||||
titleList.add(entity.getMenuNameCode());
|
||||
classMap.put(entity.getMenuNameCode(), PxyObjKeyring.class);
|
||||
String cfgIndexInfoNoExport=",config_describe,whether_area_block,action,valid_identifier,do_log,client_port,ir_type,group_name,userregion1,userregion2,userregion3,userregion4,userregion5,";
|
||||
String cfgIndexInfoNoExport=",config_describe,whether_area_block,block_type,valid_identifier,do_log,client_port,ir_type,group_name,userregion1,userregion2,userregion3,userregion4,userregion5,";
|
||||
noExportMap.put(entity.getMenuNameCode(),cfgIndexInfoNoExport);
|
||||
dataMap.put(entity.getMenuNameCode(), page.getList());
|
||||
/*}*/
|
||||
this._export(model, request, response, redirectAttributes,entity.getMenuNameCode(),titleList,classMap,dataMap,noExportMap);
|
||||
} catch (Exception e) {
|
||||
logger.error("pxyObjKeyring export failed",e);
|
||||
addMessage(redirectAttributes, "export_failed");
|
||||
addMessage(redirectAttributes, "error","export_failed");
|
||||
}
|
||||
//return "redirect:" + adminPath +"/ntc/iplist/list?functionId="+entity.getFunctionId();
|
||||
}
|
||||
|
||||
@RequestMapping(value = {"/trustedCertList"})
|
||||
public String trustedCertList(Model model,HttpServletRequest request,HttpServletResponse response
|
||||
,@ModelAttribute("cfg")PxyObjTrustedCaCert entity
|
||||
,RedirectAttributes redirectAttributes){
|
||||
Page<PxyObjTrustedCaCert> page = pxyObjKeyringService.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response,"r"), entity);
|
||||
model.addAttribute("page", page);
|
||||
initPageCondition(model,entity);
|
||||
return "/cfg/intercept/strateagy/trustedCertList";
|
||||
}
|
||||
|
||||
@RequestMapping(value = {"/trustedCertForm"})
|
||||
@RequiresPermissions(value={"proxy:trustedCert:config"})
|
||||
public String trustedCertFrom(Model model,
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
String ids,
|
||||
@ModelAttribute("cfg")PxyObjTrustedCaCert cfg
|
||||
,RedirectAttributes redirectAttributes){
|
||||
if(cfg == null){
|
||||
cfg=new PxyObjTrustedCaCert();
|
||||
}
|
||||
if(!StringUtil.isEmpty(ids)){
|
||||
cfg = pxyObjKeyringService.getPxyObjTrustedCaCert(Long.valueOf(ids));
|
||||
initFormCondition(model, cfg);
|
||||
model.addAttribute("isAdd", false);
|
||||
}else{
|
||||
initFormCondition(model, cfg);
|
||||
model.addAttribute("isAdd", true);
|
||||
}
|
||||
|
||||
model.addAttribute("_cfg", cfg);
|
||||
return "/cfg/intercept/strateagy/trustedCertForm";
|
||||
}
|
||||
|
||||
@RequestMapping(value = {"/trustedCertSaveOrUpdate"})
|
||||
@RequiresPermissions(value={"proxy:trustedCert:config"})
|
||||
public String trustedCertSaveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
|
||||
@ModelAttribute("cfg")PxyObjTrustedCaCert cfg,
|
||||
MultipartFile certFileI,
|
||||
RedirectAttributes redirectAttributes){
|
||||
File file = null;
|
||||
boolean validFlag=true;
|
||||
try {
|
||||
boolean certFileflag=validCertFileContent(certFileI,"-incert");
|
||||
if(!certFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
logger.error(certFileI.getOriginalFilename()+" file non Certificate file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("certificate_file_error"));
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag=false;
|
||||
logger.error("证书文件校验失败",e);
|
||||
addMessage(redirectAttributes,"error",e.getMessage());
|
||||
}
|
||||
|
||||
try{
|
||||
if(validFlag){
|
||||
validFlag=true;
|
||||
if(certFileI != null) {
|
||||
// 获取公钥信息
|
||||
if(certInfoMap != null && certInfoMap.size() >0){
|
||||
String issuer=certInfoMap.get("ca issuer").toString();//颁发者
|
||||
logger.info("issuer:"+issuer);
|
||||
cfg.setIssuer(issuer);
|
||||
}else{
|
||||
logger.info("无证书信息");
|
||||
}
|
||||
}
|
||||
}
|
||||
}catch (Exception e) {
|
||||
validFlag=false;
|
||||
logger.error("证书信息获取失败",e);
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
}
|
||||
try{
|
||||
if(validFlag){
|
||||
if(certFileI != null) {
|
||||
String filename = certFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_"+ prefix, suffix);
|
||||
certFileI.transferTo(file);//复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String,Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");//源文件存入数据中心
|
||||
srcMap.put("createTime",new Date());
|
||||
srcMap.put("key",prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("proxy 可信证书 文件上传响应信息:"+JsonMapper.toJsonString(result));
|
||||
String certFileAccessUrl = null;
|
||||
if(!StringUtil.isEmpty(result)){
|
||||
ResponseData data = result.getData();
|
||||
certFileAccessUrl=data.getAccessUrl();
|
||||
cfg.setCertFile(certFileAccessUrl);;
|
||||
}
|
||||
}
|
||||
pxyObjKeyringService.trustedCertsaveOrUpdate(cfg);
|
||||
addMessage(redirectAttributes,"success","save_success");
|
||||
}
|
||||
|
||||
}catch(Exception e){
|
||||
logger.error("证书上传失败",e);
|
||||
if(e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes,"error","request_service_failed");
|
||||
}else {
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
}
|
||||
}
|
||||
|
||||
return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+cfg.getFunctionId();
|
||||
}
|
||||
@RequestMapping(value = {"/addOrAuditCrl"})
|
||||
/*@RequiresPermissions(value={"proxy:trustedCert:config","proxy:trustedCert:confirm"})*/
|
||||
public String trustedCrlSaveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
|
||||
@ModelAttribute("cfg")PxyObjTrustedCaCrl cfg,
|
||||
MultipartFile crlFileI,
|
||||
RedirectAttributes redirectAttributes){
|
||||
File file = null;
|
||||
boolean validFlag=true;
|
||||
try {
|
||||
if( crlFileI != null){
|
||||
boolean certFileflag=validCertFileContent(crlFileI,"-incrl");
|
||||
if(!certFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
logger.error(crlFileI.getOriginalFilename()+" file non crl file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag=false;
|
||||
logger.error("crl文件校验失败",e);
|
||||
addMessage(redirectAttributes,"error",e.getMessage());
|
||||
}
|
||||
|
||||
try{
|
||||
if(validFlag){
|
||||
validFlag=true;
|
||||
if(crlFileI != null) {
|
||||
// 获取issuer
|
||||
if(certInfoMap != null && certInfoMap.size() >0){
|
||||
String issuer=certInfoMap.get("crl issuer").toString();//颁发者
|
||||
logger.info("-----------------------------issuer:"+issuer);
|
||||
if(cfg != null){
|
||||
if((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))){
|
||||
logger.error("cert 和 crl的issuser不符合");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
|
||||
}else{
|
||||
cfg.setIssuer(issuer);
|
||||
}
|
||||
|
||||
}
|
||||
}else{
|
||||
logger.error("cert 和 crl的issuser不符合");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
|
||||
}
|
||||
}
|
||||
}
|
||||
}catch (Exception e) {
|
||||
validFlag=false;
|
||||
logger.error("crl issuer比对失败",e);
|
||||
addMessage(redirectAttributes,"error",e.getMessage());
|
||||
}
|
||||
try{
|
||||
if(validFlag){
|
||||
if(crlFileI != null) {
|
||||
String filename = crlFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_"+ prefix, suffix);
|
||||
crlFileI.transferTo(file);//复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String,Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");//源文件存入数据中心
|
||||
srcMap.put("createTime",new Date());
|
||||
srcMap.put("key",prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("可信证书crl 文件上传响应信息:"+JsonMapper.toJsonString(result));
|
||||
String crlFileAccessUrl = null;
|
||||
if(!StringUtil.isEmpty(result)){
|
||||
ResponseData data = result.getData();
|
||||
crlFileAccessUrl=data.getAccessUrl();
|
||||
cfg.setCrlFile(crlFileAccessUrl);;
|
||||
}
|
||||
}
|
||||
pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
|
||||
|
||||
addMessage(redirectAttributes,"success","save_success");
|
||||
}
|
||||
|
||||
}catch(Exception e){
|
||||
logger.error("crl上传失败",e);
|
||||
if(e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes,"error","request_service_failed");
|
||||
}else {
|
||||
addMessage(redirectAttributes,"error","save_failed");
|
||||
}
|
||||
}
|
||||
|
||||
return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+cfg.getFunctionId();
|
||||
}
|
||||
|
||||
/**
|
||||
* 调用shell脚本 返回运行结果
|
||||
*
|
||||
@@ -433,9 +640,30 @@ public class PxyObjKeyringController extends BaseController {
|
||||
StringBuilder out = new StringBuilder();
|
||||
String key="";
|
||||
String value="";
|
||||
if(sb.toString().indexOf("incert") > -1) certInfoMap=new HashMap<>();
|
||||
certInfoMap=new HashMap<>();
|
||||
while ((s = br.readLine()) != null) {
|
||||
logger.info(s);
|
||||
//可信证书pem信息收集
|
||||
if(sb.toString().indexOf("inlist") > -1){
|
||||
if(s.indexOf(":") > -1){
|
||||
key=s.substring(0, s.indexOf(":", 0));
|
||||
key=StringUtil.isEmpty(key) ?"": key.toLowerCase().trim();
|
||||
value=s.substring(s.indexOf(":", 0)+1, s.length());
|
||||
value=StringUtil.isEmpty(value) ?"": value.trim();
|
||||
certInfoMap.put(key, value);
|
||||
|
||||
}
|
||||
}
|
||||
//crl信息收集
|
||||
if(sb.toString().indexOf("incrl") > -1){
|
||||
if(s.indexOf(":") > -1){
|
||||
key=s.substring(0, s.indexOf(":", 0));
|
||||
key=StringUtil.isEmpty(key) ?"": key.toLowerCase().trim();
|
||||
value=s.substring(s.indexOf(":", 0)+1, s.length());
|
||||
value=StringUtil.isEmpty(value) ?"": value.trim();
|
||||
certInfoMap.put(key, value);
|
||||
}
|
||||
}
|
||||
//证书信息收集
|
||||
if(sb.toString().indexOf("incert") > -1){
|
||||
if(s.indexOf(":") > -1){
|
||||
@@ -476,4 +704,41 @@ public class PxyObjKeyringController extends BaseController {
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
@RequestMapping(value = {"/trustedCertDelete"})
|
||||
@RequiresPermissions(value={"proxy:trustedCert:config"})
|
||||
public String trustedCertDelete(Integer isAudit,Integer isValid,String ids,Integer functionId
|
||||
,Model model,HttpServletRequest request
|
||||
,HttpServletResponse response
|
||||
,RedirectAttributes redirectAttributes){
|
||||
if(!StringUtil.isEmpty(ids)){
|
||||
pxyObjKeyringService.trustedCertDelete(isAudit,isValid,ids,functionId);
|
||||
}
|
||||
|
||||
return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+functionId;
|
||||
}
|
||||
|
||||
@RequestMapping(value = {"/trustedCertAudit"})
|
||||
@RequiresPermissions(value={"proxy:trustedCert:confirm"})
|
||||
public String trustedCertAudit(Integer isAudit,Integer isValid,String ids,Integer functionId,
|
||||
RedirectAttributes redirectAttributes) {
|
||||
if(!StringUtil.isEmpty(ids)){
|
||||
String[] idArray = ids.split(",");
|
||||
Date auditTime=new Date();
|
||||
for(String id :idArray){
|
||||
try {
|
||||
pxyObjKeyringService.trustedCertAudit(isAudit,isValid,functionId,id,auditTime);
|
||||
} catch (MaatConvertException e) {
|
||||
logger.error(e);
|
||||
addMessage(redirectAttributes,"error", "request_service_failed");
|
||||
}catch (Exception e) {
|
||||
logger.error(e);
|
||||
addMessage(redirectAttributes,"error", "audit_failed");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+functionId;
|
||||
}
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1328,4 +1328,22 @@ ip_behavior_data=IP statistics
|
||||
p2p_eMule_keywords=eMule Search Keywords
|
||||
p2p_hash_keywords=File Marking Keywords
|
||||
not_valid_domain=%s is not a valid domain
|
||||
cert_not_match_domain=Domain and certificate information do not match!
|
||||
cert_not_match_domain=Domain and certificate information do not match!
|
||||
certificate_file_error=Wrong format of certificate file
|
||||
PXY_OBJ_TRUSTED_CA_CERT=Trusted Certificate
|
||||
crl_file_error=Wrong format of CRL file
|
||||
crl_issuer_error=The issuer of the CRL file does not match the issuer of the certificate file.
|
||||
cert_name=Certificate Name
|
||||
add_crl_file=Add CRL File
|
||||
import_crl=Import built-in CRL
|
||||
collect_voip=VoIP Collect
|
||||
rtp_d_ip=RTP Server IP
|
||||
rtp_s_ip=RTP Client IP
|
||||
rtp_d_port=RTP Server Port
|
||||
rtp_s_port=RTP Client Port
|
||||
sip_d_ip=SIP Server IP
|
||||
sip_s_ip=SIP Client IP
|
||||
sip_d_port=SIP Server Port
|
||||
sip_s_port=SIP Client Port
|
||||
call_id=SIP Call ID
|
||||
request_uri=SIP Request URI
|
||||
@@ -1316,5 +1316,21 @@ user_behavior_data=Account statistics
|
||||
ip_behavior_data=IP statistics
|
||||
p2p_eMule_keywords=eMule Search Keywords
|
||||
p2p_hash_keywords=File Marking Keywords
|
||||
not_valid_domain=%s\u4E0D\u662F\u4E00\u4E2A\u5408\u6CD5\u57DF\u540D
|
||||
cert_not_match_domain=Domain and certificate information do not match!
|
||||
not_valid_domain=%s\u4e0d\u662f\u4e00\u4e2a\u5408\u6cd5\u57df\u540d
|
||||
cert_not_match_domain=Domain and certificate information do not match!
|
||||
crl_file_error=Wrong format of CRL file
|
||||
crl_issuer_error=The issuer of the CRL file does not match the issuer of the certificate file.
|
||||
cert_name=Certificate Name
|
||||
add_crl_file=Add CRL File
|
||||
import_crl=Import built-in CRL
|
||||
collect_voip=VoIP Collect
|
||||
rtp_d_ip=RTP Server IP
|
||||
rtp_s_ip=RTP Client IP
|
||||
rtp_d_port=RTP Server Port
|
||||
rtp_s_port=RTP Client Port
|
||||
sip_d_ip=SIP Server IP
|
||||
sip_s_ip=SIP Client IP
|
||||
sip_d_port=SIP Server Port
|
||||
sip_s_port=SIP Client Port
|
||||
call_id=SIP Call ID
|
||||
request_uri=SIP Request URI
|
||||
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user