增加可信证书内置证书快捷按钮
This commit is contained in:
段冬梅
@@ -292,6 +292,12 @@ public class PxyObjKeyringController extends BaseController {
|
||||
* @throws Exception
|
||||
*/
|
||||
public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
|
||||
boolean delTempFile=true;
|
||||
//内置可信证书列表不允许删除
|
||||
if("-cacert".equals(validateType)) {
|
||||
delTempFile=false;
|
||||
}
|
||||
|
||||
String os = System.getProperty("os.name").toLowerCase();
|
||||
if (!os.contains("windows") && file != null) {
|
||||
// 证书文件临时保存路径
|
||||
@@ -319,7 +325,7 @@ public class PxyObjKeyringController extends BaseController {
|
||||
// 验证文件
|
||||
logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath);
|
||||
Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath);
|
||||
|
||||
|
||||
if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
|
||||
// 临时文件删除
|
||||
logger.info("delete file" + filePath);
|
||||
@@ -342,9 +348,14 @@ public class PxyObjKeyringController extends BaseController {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// 临时文件删除
|
||||
logger.info("delete file" + filePath);
|
||||
FileUtils.deleteFile(filePath);
|
||||
if(!delTempFile) {
|
||||
resultMap.put("certFilePath", filePath);
|
||||
}else {
|
||||
logger.info("delete file" + filePath);
|
||||
FileUtils.deleteFile(filePath);
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
@@ -746,7 +757,222 @@ public class PxyObjKeyringController extends BaseController {
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
if (validFlag) {
|
||||
validFlag = true;
|
||||
if (crlFileI != null) {
|
||||
// 获取issuer
|
||||
if (certInfoMap != null && certInfoMap.size() > 0) {
|
||||
String issuer = StringUtil.isEmpty(certInfoMap.get("crl issuer")) ? ""
|
||||
: certInfoMap.get("crl issuer").toString();// 颁发者
|
||||
if (cfg != null) {
|
||||
if ((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))) {
|
||||
logger.error("cert 和 crl的issuser不符合");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
|
||||
} else {
|
||||
cfg.setIssuer(issuer);
|
||||
}
|
||||
|
||||
}
|
||||
} else {
|
||||
logger.error("crl的issuser为空");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_null"));
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("crl issuer比对失败", e);
|
||||
if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
try {
|
||||
if (validFlag) {
|
||||
if (crlFileI != null) {
|
||||
String filename = crlFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, suffix);
|
||||
crlFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String crlFileAccessUrl = null;
|
||||
if (!StringUtil.isEmpty(result)) {
|
||||
ResponseData data = result.getData();
|
||||
crlFileAccessUrl = data.getAccessUrl();
|
||||
cfg.setCrlFile(crlFileAccessUrl);
|
||||
}
|
||||
}
|
||||
pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
|
||||
|
||||
addMessage(redirectAttributes, "success", "save_success");
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
logger.error("crl上传失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
|
||||
return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
|
||||
}
|
||||
@RequestMapping(value = { "/addBuiltInCert" })
|
||||
public String trustedCertBuiltIn(Model model, HttpServletRequest request, HttpServletResponse response,
|
||||
@ModelAttribute("cfg") PxyObjTrustedCaCert cfg, MultipartFile crlFileI,
|
||||
RedirectAttributes redirectAttributes) {
|
||||
boolean validFlag = true;
|
||||
try {
|
||||
if(crlFileI != null) {
|
||||
//校验证书格式
|
||||
boolean certFileflag = validCertFileContent(crlFileI,null, "-incacert");
|
||||
if (!certFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("cert_file_error"));
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("证书文件校验失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
|
||||
//2、调用脚本生成pem文件
|
||||
//./cacert.sh tls-ca-bundle.pem /home/ddm/cacert
|
||||
String certFilePath="";
|
||||
String resultDirPath="";
|
||||
try {
|
||||
if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("cacert"))) {
|
||||
certFilePath=certInfoMap.get("cacert").toString();
|
||||
|
||||
String cacert = Thread.currentThread().getContextClassLoader()
|
||||
.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
|
||||
this.execShell("", "chmod", "+x", cacert);
|
||||
logger.info(Constants.CA_CERT_FILE+"脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + cacert);
|
||||
|
||||
String resultDir = Thread.currentThread().getContextClassLoader()
|
||||
.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_DIR).getPath();
|
||||
this.execShell(cacert, certFilePath,resultDir);
|
||||
logger.info("内置证书文件生成:"+cacert + " " + certFilePath+" "+resultDir);
|
||||
}
|
||||
//删除临时文件
|
||||
if(!StringUtil.isEmpty(certFilePath)) {
|
||||
logger.info("delete file" + certFilePath);
|
||||
FileUtils.deleteFile(certFilePath);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("可信证书列表解析失败", e);
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
|
||||
//文件上传minio-入库-下发
|
||||
if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
|
||||
File fileDir=new File(resultDirPath);
|
||||
if(!StringUtil.isEmpty(fileDir.listFiles())) {
|
||||
for (File file : fileDir.listFiles()) {
|
||||
try {
|
||||
String filename = crlFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, suffix);
|
||||
crlFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String crlFileAccessUrl = null;
|
||||
if (!StringUtil.isEmpty(result)) {
|
||||
ResponseData data = result.getData();
|
||||
crlFileAccessUrl = data.getAccessUrl();
|
||||
cfg.setCrlFile(crlFileAccessUrl);
|
||||
}
|
||||
/*pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);*/
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("证书文件校验失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
//3、返回文件成功个数。
|
||||
|
||||
|
||||
/*File file = null;
|
||||
boolean validFlag = true;
|
||||
try {
|
||||
if (crlFileI != null) {
|
||||
boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
|
||||
if (!certFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("证书文件校验失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
try {
|
||||
if (validFlag) {
|
||||
validFlag = true;
|
||||
@@ -824,7 +1050,7 @@ public class PxyObjKeyringController extends BaseController {
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
|
||||
*/
|
||||
return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user