国际化增加：

certificate_file_error=Wrong format of certificate file
PXY_OBJ_TRUSTED_CA_CERT=Trusted Certificate
crl_file_error=Wrong format of CRL file
crl_issuer_error=The issuer of the CRL file does not match the issuer of
the certificate file. 
cert_name=Certificate Name
add_crl_file=Add CRL File
import_crl=Import built-in CRL
证书机构以及证书吊销列表功能

src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java

@@ -41,6 +41,8 @@ import com.nis.domain.basics.PolicyGroupInfo;
 import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.IpPortCfg;
 import com.nis.domain.configuration.PxyObjKeyring;
+import com.nis.domain.configuration.PxyObjTrustedCaCert;
+import com.nis.domain.configuration.PxyObjTrustedCaCrl;
 import com.nis.domain.maat.ToMaatResult;
 import com.nis.domain.maat.ToMaatResult.ResponseData;
 import com.nis.exceptions.CallExternalProceduresException;
@@ -101,17 +103,17 @@ public class PxyObjKeyringController extends BaseController  {
  			boolean publicKeyFileflag=validCertFileContent(publicKeyFileI,"-incert");
  			boolean privateKeyFileflag=validCertFileContent(privateKeyFileI,"-inkey");
  			if(!publicKeyFileflag && !privateKeyFileflag){
- 				addMessage(redirectAttributes,"save_failed");
+ 				addMessage(redirectAttributes,"error","save_failed");
  				logger.error(publicKeyFileI.getOriginalFilename()+" and "+privateKeyFileI.getOriginalFilename()+" file non certificate file format ");
  				throw new MultiPartNewException(
  												this.getMsgProp().getProperty("certificate_error")
  												);
  			}else if(!publicKeyFileflag){
- 				addMessage(redirectAttributes,"save_failed");
+ 				addMessage(redirectAttributes,"error","save_failed");
  				logger.error(publicKeyFileI.getOriginalFilename()+" file non public key file format ");
  				throw new MultiPartNewException(this.getMsgProp().getProperty("public_file_error"));
  			}else if(!privateKeyFileflag){
- 				addMessage(redirectAttributes,"save_failed");
+ 				addMessage(redirectAttributes,"error","save_failed");
  				logger.error(privateKeyFileI.getOriginalFilename()+" file non private key file format ");
  				throw new MultiPartNewException(this.getMsgProp().getProperty("private_file_error"));
  			}
@@ -159,6 +161,7 @@ public class PxyObjKeyringController extends BaseController  {
 				}
 			}
  		}catch (Exception e) {
+ 			validFlag=false;
  			logger.error("证书信息获取失败",e);
  			addMessage(redirectAttributes,"error","save_failed");
  		}
@@ -217,9 +220,9 @@ public class PxyObjKeyringController extends BaseController  {
  		}catch(Exception e){
  			logger.error("证书上传失败",e);
  			if(e instanceof MaatConvertException) {
- 				addMessage(redirectAttributes,"error",e.getMessage());
+ 				addMessage(redirectAttributes,"error","request_service_failed");
  			}else {
- 				addMessage(redirectAttributes,"error",e.getMessage());
+ 				addMessage(redirectAttributes,"error","save_failed");
  			}
  		}
 		
@@ -324,8 +327,10 @@ public class PxyObjKeyringController extends BaseController  {
 				try {
 					pxyObjKeyringService.audit(isAudit,isValid,functionId,id,auditTime);
 				} catch (MaatConvertException e) {
+					logger.error(e);
 					addMessage(redirectAttributes,"error", "request_service_failed");
 				}catch (Exception e) {
+					logger.error(e);
 					addMessage(redirectAttributes,"error", "audit_failed");
 				}
 			}
@@ -347,7 +352,7 @@ public class PxyObjKeyringController extends BaseController  {
 	
 	//pxyObjKeyring配置导出
 		@RequestMapping(value = "exportPxy")
-		public void exportDns(Model model,HttpServletRequest  request,HttpServletResponse response,
+		public void exportPxy(Model model,HttpServletRequest  request,HttpServletResponse response,
 				@ModelAttribute("cfg")PxyObjKeyring entity,String ids,RedirectAttributes redirectAttributes){
 			try {
 				//export data info
@@ -367,13 +372,8 @@ public class PxyObjKeyringController extends BaseController  {
 					//条件导出数据大于最大导出数，只导出最大导出条数
 					entity.setTableName(IpPortCfg.getTablename());
 					Page<PxyObjKeyring> pageInfo=new Page<PxyObjKeyring>(request, response,"r");
-					if(pageInfo.getCount()>Constants.MAX_EXPORT_SIZE){
 					pageInfo.setPageNo(1);
 					pageInfo.setPageSize(Constants.MAX_EXPORT_SIZE);
-					}else{
-						pageInfo.setPageNo(1);
-						pageInfo.setPageSize(-1);
-					}
 					Page<PxyObjKeyring> page = pxyObjKeyringService.findPage(pageInfo, entity);
 					for (int i = 0; i <page.getList().size(); i++) {
 						page.getList().get(i).setKeyringName(page.getList().get(i).getCfgDesc());
@@ -381,18 +381,225 @@ public class PxyObjKeyringController extends BaseController  {
 					model.addAttribute("page", page);
 					titleList.add(entity.getMenuNameCode());
 					classMap.put(entity.getMenuNameCode(), PxyObjKeyring.class);
-					String cfgIndexInfoNoExport=",config_describe,whether_area_block,action,valid_identifier,do_log,client_port,ir_type,group_name,userregion1,userregion2,userregion3,userregion4,userregion5,";
+					String cfgIndexInfoNoExport=",config_describe,whether_area_block,block_type,valid_identifier,do_log,client_port,ir_type,group_name,userregion1,userregion2,userregion3,userregion4,userregion5,";
 					noExportMap.put(entity.getMenuNameCode(),cfgIndexInfoNoExport);
 					dataMap.put(entity.getMenuNameCode(), page.getList());
 				/*}*/
 				this._export(model, request, response, redirectAttributes,entity.getMenuNameCode(),titleList,classMap,dataMap,noExportMap);
 			} catch (Exception e) {
 				logger.error("pxyObjKeyring export failed",e);
-				addMessage(redirectAttributes,  "export_failed");
+				addMessage(redirectAttributes, "error","export_failed");
 			}
 			//return "redirect:" + adminPath +"/ntc/iplist/list?functionId="+entity.getFunctionId();
 		}
 		
+		@RequestMapping(value = {"/trustedCertList"})
+		public String trustedCertList(Model model,HttpServletRequest  request,HttpServletResponse response
+				,@ModelAttribute("cfg")PxyObjTrustedCaCert entity
+				,RedirectAttributes redirectAttributes){
+			Page<PxyObjTrustedCaCert> page = pxyObjKeyringService.findTrustedCertPage(new Page<PxyObjTrustedCaCert>(request, response,"r"), entity);
+			model.addAttribute("page", page);
+			initPageCondition(model,entity);
+			return "/cfg/intercept/strateagy/trustedCertList";
+		}
+		
+		@RequestMapping(value = {"/trustedCertForm"})
+		@RequiresPermissions(value={"proxy:trustedCert:config"})
+		public String trustedCertFrom(Model model,
+								HttpServletRequest request,
+								HttpServletResponse response,
+								String ids,
+								@ModelAttribute("cfg")PxyObjTrustedCaCert cfg
+								,RedirectAttributes redirectAttributes){
+			if(cfg == null){
+				cfg=new PxyObjTrustedCaCert();
+			}
+			if(!StringUtil.isEmpty(ids)){
+				cfg = pxyObjKeyringService.getPxyObjTrustedCaCert(Long.valueOf(ids));
+				initFormCondition(model, cfg);
+				model.addAttribute("isAdd", false);
+			}else{
+				initFormCondition(model, cfg);
+				model.addAttribute("isAdd", true);
+			}
+			
+			model.addAttribute("_cfg", cfg);
+			return "/cfg/intercept/strateagy/trustedCertForm";
+		}
+		
+		@RequestMapping(value = {"/trustedCertSaveOrUpdate"})
+		@RequiresPermissions(value={"proxy:trustedCert:config"})
+		public String trustedCertSaveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
+				@ModelAttribute("cfg")PxyObjTrustedCaCert cfg,
+				MultipartFile certFileI, 
+				RedirectAttributes redirectAttributes){
+	 		File file = null;
+	 		boolean validFlag=true;
+	 		try {
+	 			boolean certFileflag=validCertFileContent(certFileI,"-incert");
+	 			if(!certFileflag){
+	 				addMessage(redirectAttributes,"save_failed");
+	 				logger.error(certFileI.getOriginalFilename()+" file non Certificate file format ");
+	 				throw new MultiPartNewException(this.getMsgProp().getProperty("certificate_file_error"));
+	 			}
+			} catch (Exception e) {
+				validFlag=false;
+				logger.error("证书文件校验失败",e);
+				addMessage(redirectAttributes,"error",e.getMessage());
+			}
+	 		
+	 		try{
+	 			if(validFlag){
+	 				validFlag=true;
+					if(certFileI != null) {
+						// 获取公钥信息
+						if(certInfoMap != null && certInfoMap.size() >0){
+							String issuer=certInfoMap.get("ca issuer").toString();//颁发者
+							logger.info("issuer："+issuer);
+							cfg.setIssuer(issuer);
+						}else{
+							logger.info("无证书信息");
+						}
+					}
+				}
+	 		}catch (Exception e) {
+	 			validFlag=false;
+	 			logger.error("证书信息获取失败",e);
+	 			addMessage(redirectAttributes,"error","save_failed");
+	 		}
+	 		try{
+	 			if(validFlag){
+					if(certFileI != null) {
+						String filename = certFileI.getOriginalFilename();
+						String prefix = FileUtils.getPrefix(filename, false);
+						String suffix = FileUtils.getSuffix(filename, false);
+						file = File.createTempFile("file_"+ prefix, suffix);
+						certFileI.transferTo(file);//复制文件
+						String md5 = FileUtils.getFileMD5(file);
+						Map<String,Object> srcMap = Maps.newHashMap();
+						srcMap.put("filetype", suffix);
+						srcMap.put("datatype", "dbSystem");//源文件存入数据中心
+						srcMap.put("createTime",new Date());
+						srcMap.put("key",prefix);
+						srcMap.put("fileName", filename);
+						srcMap.put("checksum", md5);
+						ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+						logger.info("proxy 可信证书 文件上传响应信息："+JsonMapper.toJsonString(result));
+						String certFileAccessUrl = null;
+						if(!StringUtil.isEmpty(result)){
+							ResponseData data = result.getData();
+							certFileAccessUrl=data.getAccessUrl();
+							cfg.setCertFile(certFileAccessUrl);;
+						}
+		 			}
+					pxyObjKeyringService.trustedCertsaveOrUpdate(cfg);
+					addMessage(redirectAttributes,"success","save_success");
+	 			}
+	 			
+	 		}catch(Exception e){
+	 			logger.error("证书上传失败",e);
+	 			if(e instanceof MaatConvertException) {
+	 				addMessage(redirectAttributes,"error","request_service_failed");
+	 			}else {
+	 				addMessage(redirectAttributes,"error","save_failed");
+	 			}
+	 		}
+			
+			return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+cfg.getFunctionId();
+		}
+		@RequestMapping(value = {"/addOrAuditCrl"})
+		/*@RequiresPermissions(value={"proxy:trustedCert:config","proxy:trustedCert:confirm"})*/
+		public String trustedCrlSaveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
+				@ModelAttribute("cfg")PxyObjTrustedCaCrl cfg,
+				MultipartFile crlFileI, 
+				RedirectAttributes redirectAttributes){
+			File file = null;
+			boolean validFlag=true;
+			try {
+				if( crlFileI != null){
+					boolean certFileflag=validCertFileContent(crlFileI,"-incrl");
+					if(!certFileflag){
+						addMessage(redirectAttributes,"save_failed");
+						logger.error(crlFileI.getOriginalFilename()+" file non crl file format ");
+						throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
+					}
+				}
+			} catch (Exception e) {
+				validFlag=false;
+				logger.error("crl文件校验失败",e);
+				addMessage(redirectAttributes,"error",e.getMessage());
+			}
+			
+			try{
+				if(validFlag){
+					validFlag=true;
+					if(crlFileI != null) {
+						// 获取issuer
+						if(certInfoMap != null && certInfoMap.size() >0){
+							String issuer=certInfoMap.get("crl issuer").toString();//颁发者
+							logger.info("-----------------------------issuer："+issuer);
+							if(cfg != null){
+								if((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))){
+									logger.error("cert 和 crl的issuser不符合");
+									throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
+								}else{
+									cfg.setIssuer(issuer);
+								}
+								
+							}
+						}else{
+							logger.error("cert 和 crl的issuser不符合");
+							throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
+						}
+					}
+				}
+			}catch (Exception e) {
+				validFlag=false;
+				logger.error("crl issuer比对失败",e);
+				addMessage(redirectAttributes,"error",e.getMessage());
+			}
+			try{
+				if(validFlag){
+					if(crlFileI != null) {
+						String filename = crlFileI.getOriginalFilename();
+						String prefix = FileUtils.getPrefix(filename, false);
+						String suffix = FileUtils.getSuffix(filename, false);
+						file = File.createTempFile("file_"+ prefix, suffix);
+						crlFileI.transferTo(file);//复制文件
+						String md5 = FileUtils.getFileMD5(file);
+						Map<String,Object> srcMap = Maps.newHashMap();
+						srcMap.put("filetype", suffix);
+						srcMap.put("datatype", "dbSystem");//源文件存入数据中心
+						srcMap.put("createTime",new Date());
+						srcMap.put("key",prefix);
+						srcMap.put("fileName", filename);
+						srcMap.put("checksum", md5);
+						ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+						logger.info("可信证书crl 文件上传响应信息："+JsonMapper.toJsonString(result));
+						String crlFileAccessUrl = null;
+						if(!StringUtil.isEmpty(result)){
+							ResponseData data = result.getData();
+							crlFileAccessUrl=data.getAccessUrl();
+							cfg.setCrlFile(crlFileAccessUrl);;
+						}
+					}
+					pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
+					
+					addMessage(redirectAttributes,"success","save_success");
+				}
+				
+			}catch(Exception e){
+				logger.error("crl上传失败",e);
+				if(e instanceof MaatConvertException) {
+					addMessage(redirectAttributes,"error","request_service_failed");
+				}else {
+					addMessage(redirectAttributes,"error","save_failed");
+				}
+			}
+			
+			return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+cfg.getFunctionId();
+		}
+		
 		/**
 		 * 调用shell脚本 返回运行结果
 		 * 
@@ -433,9 +640,30 @@ public class PxyObjKeyringController extends BaseController  {
 				StringBuilder out = new StringBuilder();
 				String key="";
 				String value="";
-				if(sb.toString().indexOf("incert") > -1) certInfoMap=new HashMap<>();
+				certInfoMap=new HashMap<>();
 				while ((s = br.readLine()) != null) {
 					logger.info(s);
+					//可信证书pem信息收集
+					if(sb.toString().indexOf("inlist") > -1){
+						if(s.indexOf(":") > -1){
+							key=s.substring(0, s.indexOf(":", 0));
+							key=StringUtil.isEmpty(key) ?"": key.toLowerCase().trim();
+							value=s.substring(s.indexOf(":", 0)+1, s.length());
+							value=StringUtil.isEmpty(value) ?"": value.trim();
+							certInfoMap.put(key, value);	
+							
+						}
+					}
+					//crl信息收集
+					if(sb.toString().indexOf("incrl") > -1){
+						if(s.indexOf(":") > -1){
+							key=s.substring(0, s.indexOf(":", 0));
+							key=StringUtil.isEmpty(key) ?"": key.toLowerCase().trim();
+							value=s.substring(s.indexOf(":", 0)+1, s.length());
+							value=StringUtil.isEmpty(value) ?"": value.trim();
+							certInfoMap.put(key, value);	
+						}
+					}
 					//证书信息收集
 					if(sb.toString().indexOf("incert") > -1){
 						if(s.indexOf(":") > -1){
@@ -476,4 +704,41 @@ public class PxyObjKeyringController extends BaseController  {
 			}
 			return result;
 		}
+		
+
+		@RequestMapping(value = {"/trustedCertDelete"})
+		@RequiresPermissions(value={"proxy:trustedCert:config"})
+		public String trustedCertDelete(Integer isAudit,Integer isValid,String ids,Integer functionId
+				,Model model,HttpServletRequest request
+				,HttpServletResponse response
+				,RedirectAttributes redirectAttributes){
+			if(!StringUtil.isEmpty(ids)){
+				pxyObjKeyringService.trustedCertDelete(isAudit,isValid,ids,functionId);
+			}
+			
+			return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+functionId;
+		}
+		
+		@RequestMapping(value = {"/trustedCertAudit"})
+		@RequiresPermissions(value={"proxy:trustedCert:confirm"})
+		public String trustedCertAudit(Integer isAudit,Integer isValid,String ids,Integer functionId,
+				RedirectAttributes redirectAttributes) {
+			if(!StringUtil.isEmpty(ids)){
+				String[] idArray = ids.split(",");
+				Date auditTime=new Date();
+				for(String id :idArray){
+					try {
+						pxyObjKeyringService.trustedCertAudit(isAudit,isValid,functionId,id,auditTime);
+					} catch (MaatConvertException e) {
+						logger.error(e);
+						addMessage(redirectAttributes,"error", "request_service_failed");
+					}catch (Exception e) {
+						logger.error(e);
+						addMessage(redirectAttributes,"error", "audit_failed");
+					}
+				}
+				
+			}
+			return "redirect:" + adminPath +"/proxy/intercept/strateagy/trustedCertList?functionId="+functionId;
+		}
 }

src/main/resources/messages/message_en.properties

@@ -1329,3 +1329,21 @@ p2p_eMule_keywords=eMule Search Keywords
 p2p_hash_keywords=File Marking Keywords
 not_valid_domain=%s is not a valid domain
 cert_not_match_domain=Domain and certificate information do not match!
+certificate_file_error=Wrong format of certificate file
+PXY_OBJ_TRUSTED_CA_CERT=Trusted Certificate
+crl_file_error=Wrong format of CRL file
+crl_issuer_error=The issuer of the CRL file does not match the issuer of the certificate file. 
+cert_name=Certificate Name
+add_crl_file=Add CRL File
+import_crl=Import built-in CRL
+collect_voip=VoIP Collect
+rtp_d_ip=RTP Server IP
+rtp_s_ip=RTP Client IP
+rtp_d_port=RTP Server Port
+rtp_s_port=RTP Client Port
+sip_d_ip=SIP Server IP
+sip_s_ip=SIP Client IP
+sip_d_port=SIP Server Port
+sip_s_port=SIP Client Port
+call_id=SIP Call ID
+request_uri=SIP Request URI

src/main/resources/messages/message_ru.properties

@@ -1316,5 +1316,21 @@ user_behavior_data=Account statistics
 ip_behavior_data=IP statistics
 p2p_eMule_keywords=eMule Search Keywords
 p2p_hash_keywords=File Marking Keywords
-not_valid_domain=%s\u4E0D\u662F\u4E00\u4E2A\u5408\u6CD5\u57DF\u540D
+not_valid_domain=%s\u4e0d\u662f\u4e00\u4e2a\u5408\u6cd5\u57df\u540d
 cert_not_match_domain=Domain and certificate information do not match!
+crl_file_error=Wrong format of CRL file
+crl_issuer_error=The issuer of the CRL file does not match the issuer of the certificate file.
+cert_name=Certificate Name
+add_crl_file=Add CRL File
+import_crl=Import built-in CRL
+collect_voip=VoIP Collect
+rtp_d_ip=RTP Server IP
+rtp_s_ip=RTP Client IP
+rtp_d_port=RTP Server Port
+rtp_s_port=RTP Client Port
+sip_d_ip=SIP Server IP
+sip_s_ip=SIP Client IP
+sip_d_port=SIP Server Port
+sip_s_port=SIP Client Port
+call_id=SIP Call ID
+request_uri=SIP Request URI