增加可信证书内置证书快捷按钮
This commit is contained in:
段冬梅
@@ -697,6 +697,8 @@ public final class Constants {
|
||||
public static final String CERT_FILE_PATH=Configurations.getStringProperty("cert_file_path", "");
|
||||
//证书校验文件
|
||||
public static final String CERT_VALIDATE_FILE=Configurations.getStringProperty("cert_validate_file", "x509");
|
||||
public static final String CA_CERT_FILE=Configurations.getStringProperty("ca_cert_file", "cacert.sh");
|
||||
public static final String CA_CERT_DIR=Configurations.getStringProperty("ca_cert_dir", "cacert");
|
||||
//证书校验成功关键字
|
||||
public static final String CERT_VALIDATE_SUCCESS_INFO=Configurations.getStringProperty("cert_validate_success_info", "x509");
|
||||
/**
|
||||
|
||||
@@ -292,6 +292,12 @@ public class PxyObjKeyringController extends BaseController {
|
||||
* @throws Exception
|
||||
*/
|
||||
public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
|
||||
boolean delTempFile=true;
|
||||
//内置可信证书列表不允许删除
|
||||
if("-cacert".equals(validateType)) {
|
||||
delTempFile=false;
|
||||
}
|
||||
|
||||
String os = System.getProperty("os.name").toLowerCase();
|
||||
if (!os.contains("windows") && file != null) {
|
||||
// 证书文件临时保存路径
|
||||
@@ -342,10 +348,15 @@ public class PxyObjKeyringController extends BaseController {
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// 临时文件删除
|
||||
if(!delTempFile) {
|
||||
resultMap.put("certFilePath", filePath);
|
||||
}else {
|
||||
logger.info("delete file" + filePath);
|
||||
FileUtils.deleteFile(filePath);
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -827,6 +838,221 @@ public class PxyObjKeyringController extends BaseController {
|
||||
|
||||
return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
|
||||
}
|
||||
@RequestMapping(value = { "/addBuiltInCert" })
|
||||
public String trustedCertBuiltIn(Model model, HttpServletRequest request, HttpServletResponse response,
|
||||
@ModelAttribute("cfg") PxyObjTrustedCaCert cfg, MultipartFile crlFileI,
|
||||
RedirectAttributes redirectAttributes) {
|
||||
boolean validFlag = true;
|
||||
try {
|
||||
if(crlFileI != null) {
|
||||
//校验证书格式
|
||||
boolean certFileflag = validCertFileContent(crlFileI,null, "-incacert");
|
||||
if (!certFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("cert_file_error"));
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("证书文件校验失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
|
||||
//2、调用脚本生成pem文件
|
||||
//./cacert.sh tls-ca-bundle.pem /home/ddm/cacert
|
||||
String certFilePath="";
|
||||
String resultDirPath="";
|
||||
try {
|
||||
if(validFlag && !certInfoMap.isEmpty() && !StringUtil.isEmpty(certInfoMap.get("cacert"))) {
|
||||
certFilePath=certInfoMap.get("cacert").toString();
|
||||
|
||||
String cacert = Thread.currentThread().getContextClassLoader()
|
||||
.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_FILE).getPath();
|
||||
this.execShell("", "chmod", "+x", cacert);
|
||||
logger.info(Constants.CA_CERT_FILE+"脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + cacert);
|
||||
|
||||
String resultDir = Thread.currentThread().getContextClassLoader()
|
||||
.getResource(File.separator + "shell" + File.separator + Constants.CA_CERT_DIR).getPath();
|
||||
this.execShell(cacert, certFilePath,resultDir);
|
||||
logger.info("内置证书文件生成:"+cacert + " " + certFilePath+" "+resultDir);
|
||||
}
|
||||
//删除临时文件
|
||||
if(!StringUtil.isEmpty(certFilePath)) {
|
||||
logger.info("delete file" + certFilePath);
|
||||
FileUtils.deleteFile(certFilePath);
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("可信证书列表解析失败", e);
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
|
||||
//文件上传minio-入库-下发
|
||||
if(validFlag && !StringUtil.isEmpty(resultDirPath)) {
|
||||
File fileDir=new File(resultDirPath);
|
||||
if(!StringUtil.isEmpty(fileDir.listFiles())) {
|
||||
for (File file : fileDir.listFiles()) {
|
||||
try {
|
||||
String filename = crlFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, suffix);
|
||||
crlFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String crlFileAccessUrl = null;
|
||||
if (!StringUtil.isEmpty(result)) {
|
||||
ResponseData data = result.getData();
|
||||
crlFileAccessUrl = data.getAccessUrl();
|
||||
cfg.setCrlFile(crlFileAccessUrl);
|
||||
}
|
||||
/*pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);*/
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("证书文件校验失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
//3、返回文件成功个数。
|
||||
|
||||
|
||||
/*File file = null;
|
||||
boolean validFlag = true;
|
||||
try {
|
||||
if (crlFileI != null) {
|
||||
boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
|
||||
if (!certFileflag) {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_file_error"));
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("证书文件校验失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
try {
|
||||
if (validFlag) {
|
||||
validFlag = true;
|
||||
if (crlFileI != null) {
|
||||
// 获取issuer
|
||||
if (certInfoMap != null && certInfoMap.size() > 0) {
|
||||
String issuer = StringUtil.isEmpty(certInfoMap.get("crl issuer")) ? ""
|
||||
: certInfoMap.get("crl issuer").toString();// 颁发者
|
||||
if (cfg != null) {
|
||||
if ((cfg.getCertId() != null && cfg.getCertId() > 0) && (!cfg.getIssuer().equals(issuer))) {
|
||||
logger.error("cert 和 crl的issuser不符合");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_error"));
|
||||
} else {
|
||||
cfg.setIssuer(issuer);
|
||||
}
|
||||
|
||||
}
|
||||
} else {
|
||||
logger.error("crl的issuser为空");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("crl_issuer_null"));
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag = false;
|
||||
logger.error("crl issuer比对失败", e);
|
||||
if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
try {
|
||||
if (validFlag) {
|
||||
if (crlFileI != null) {
|
||||
String filename = crlFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
String suffix = FileUtils.getSuffix(filename, false);
|
||||
file = File.createTempFile("file_" + prefix, suffix);
|
||||
crlFileI.transferTo(file);// 复制文件
|
||||
String md5 = FileUtils.getFileMD5(file);
|
||||
Map<String, Object> srcMap = Maps.newHashMap();
|
||||
srcMap.put("filetype", suffix);
|
||||
srcMap.put("datatype", "dbSystem");// 源文件存入数据中心
|
||||
srcMap.put("createTime", new Date());
|
||||
srcMap.put("key", prefix);
|
||||
srcMap.put("fileName", filename);
|
||||
srcMap.put("checksum", md5);
|
||||
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
|
||||
logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result));
|
||||
String crlFileAccessUrl = null;
|
||||
if (!StringUtil.isEmpty(result)) {
|
||||
ResponseData data = result.getData();
|
||||
crlFileAccessUrl = data.getAccessUrl();
|
||||
cfg.setCrlFile(crlFileAccessUrl);
|
||||
}
|
||||
}
|
||||
pxyObjKeyringService.trustedCrlsaveOrUpdate(cfg);
|
||||
|
||||
addMessage(redirectAttributes, "success", "save_success");
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
logger.error("crl上传失败", e);
|
||||
if (e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes, "error", "request_service_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else if (e instanceof MultiPartNewException) {
|
||||
addMessage(redirectAttributes, "error", e.getMessage());
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
} else {
|
||||
addMessage(redirectAttributes, "error", "save_failed");
|
||||
LogUtils.saveLog(request, null, e, null);
|
||||
}
|
||||
}
|
||||
*/
|
||||
return "redirect:" + adminPath + "/proxy/intercept/strateagy/trustedCertList?functionId=" + cfg.getFunctionId();
|
||||
}
|
||||
|
||||
/**
|
||||
* 调用shell脚本 返回运行结果
|
||||
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
"version": "1.0",
|
||||
"tip": "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>id<69><64>Ҫ<EFBFBD><D2AA>ȡ",
|
||||
"operator": "ceiec",
|
||||
"opTime": "2019-06-04 15:09:04",
|
||||
"opAction": 1,
|
||||
|
||||
@@ -0,0 +1,144 @@
|
||||
<%@ page contentType="text/html;charset=UTF-8"%>
|
||||
<%@ include file="/WEB-INF/include/taglib.jsp"%>
|
||||
<<script type="text/javascript">
|
||||
$(function(){
|
||||
$("#crlFileInfo,#uploadCrlFile").on('click', function() {
|
||||
$("#crlFileI").trigger("click");
|
||||
});
|
||||
$("#crlFileI").on('change', function() {
|
||||
$("#crlFileInfo").val($("#crlFileI").val());
|
||||
/* crlFileValidate(); */
|
||||
});
|
||||
});
|
||||
|
||||
//增加对文件后缀名验证
|
||||
function crlFileValidate(){
|
||||
var flag=false; //状态,检测文件后缀用
|
||||
var arr=["crl"];
|
||||
var cFile=$("#crlFileI").val();//文件的值
|
||||
//取出上传文件的扩展名
|
||||
var index=cFile.lastIndexOf(".");
|
||||
var ext = cFile.substr(index+1).toLowerCase();
|
||||
//循环比较
|
||||
for(var i=0;i<arr.length;i++)
|
||||
{
|
||||
if(ext == arr[i])
|
||||
{
|
||||
flag = true; //一旦找到合适的,立即退出循环
|
||||
break;
|
||||
}
|
||||
}
|
||||
//条件判断
|
||||
$("div[for='crlFileInfo']").empty();
|
||||
$(".alert-error").addClass("hide");
|
||||
if(!flag){
|
||||
// ("文件名不合法");
|
||||
$("div[for='crlFileInfo']").empty();
|
||||
$(".alert-error").removeClass("hide");
|
||||
$("div[for='crlFileInfo']").append("<label id='level-error' class='error'><spring:message code='file_in_wrong_format'/></label>");
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
var submitCrlFrom=function(){
|
||||
var crlFile = $("#crlFileI").val();
|
||||
/* if(crlFile!=''){
|
||||
if(!crlFileValidate()){
|
||||
return false;
|
||||
}
|
||||
} */
|
||||
crlFile=$("#crlFileInfo").val();
|
||||
if((crlFile==null || crlFile=="")){
|
||||
$("div[for='crlFileInfo']").empty();
|
||||
$(".alert-error").removeClass("hide");
|
||||
$("div[for='crlFileInfo']").append("<label id='level-error' class='error' for='crlFileI'><spring:message code='required'/></label>");
|
||||
return false;
|
||||
}else{
|
||||
$("div[for='crlFileInfo']").empty();
|
||||
$(".alert-error").addClass("hide");
|
||||
loading('onloading...');
|
||||
$("#crlForm").submit();
|
||||
}
|
||||
}
|
||||
</script>
|
||||
<div class="modal fade" id="add_crl_modal" tabindex="-1" role="dialog" aria-labelledby="mo" aria-hidden="true">
|
||||
<form id="crlForm" action="${ctx}/proxy/intercept/strateagy/addBuiltInCert?importPath=${importPath}" method="post" enctype="multipart/form-data" class="form-horizontal"
|
||||
onsubmit="loading('<spring:message code='loading'/>');">
|
||||
<input type="hidden" id="crlTip" value="<spring:message code='crl_tip'/>">
|
||||
|
||||
<div class="modal-dialog" role="document" style="width:700px;">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<h5 class="modal-title" id="exampleModalLabel">
|
||||
<spring:message code="add_cert_file" />
|
||||
</h5>
|
||||
<button type="button" class="close" data-dismiss="modal"
|
||||
aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
<div class="alert alert-error hide">
|
||||
<!-- <button class="close" data-dismiss="alert"></button> -->
|
||||
<span><div for="crlFileInfo"></div></span>
|
||||
</div>
|
||||
<!-- 同主表cert配置信息 -->
|
||||
<input type="hidden" name="cfgDesc" value="">
|
||||
<input type="hidden" name="certId" value="">
|
||||
<input type="hidden" name="action" value="1">
|
||||
<input type="hidden" name="isValid" value="1">
|
||||
<input type="hidden" name="isAudit" value="1">
|
||||
<input type="hidden" name="functionId" value="${cfg.functionId }">
|
||||
<input type="hidden" name="serviceId" value="571">
|
||||
<input type="hidden" name="cfgType" value="PXY_PROFILE_TRUSTED_CA_CERT">
|
||||
<input type="hidden" name="cfgRegionCode" value="">
|
||||
<input type="hidden" name="requestId" value="0">
|
||||
<input type="hidden" name="isAreaEffective" value="0">
|
||||
<input type="hidden" name="areaEffectiveIds" value="0">
|
||||
<input type="hidden" name="classify" value="0"/>
|
||||
<input type="hidden" name="attribute" value="0"/>
|
||||
<input type="hidden" name="lable" value="0"/>
|
||||
<input type="hidden" name="issuer" value=""/>
|
||||
<input type="hidden" name="cancelRequestId" value=""/>
|
||||
<!-- $(this).attr("crlFile"); -->
|
||||
|
||||
</br>
|
||||
<div class="col-md-12">
|
||||
<div class="form-group">
|
||||
<label class="control-label col-md-3"><font
|
||||
color="red">*</font><spring:message code="CRL" /> <spring:message code="file" /></label>
|
||||
<div class="col-md-6">
|
||||
<input id="crlFileI" name="crlFileI" type="file"
|
||||
style="width: 330px; display: none" />
|
||||
<div class="input-group">
|
||||
<input id="crlFileInfo" name="crlFileInfo" readonly="readonly"
|
||||
data-msg-required=""
|
||||
placeholder="<spring:message code="select_file"/>"
|
||||
class="required form-control"
|
||||
style="background-color: transparent" aria-required="true"
|
||||
type="text" value="">
|
||||
|
||||
<div class="input-group-btn">
|
||||
<a id="uploadCrlFile" class="btn btn-default btn-search"
|
||||
href="javascript:" style=""><i class="fa fa-search"></i></a>
|
||||
</div>
|
||||
<input id="crlFile" name="crlFile" type="hidden" value=""/>
|
||||
</div>
|
||||
</div>
|
||||
<div id="certInfo"></div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="modal-footer" style="border-top:0px">
|
||||
<button type="button" class="btn red" onclick="submitCrlFrom()">
|
||||
<spring:message code="ok" />
|
||||
</button>
|
||||
<button type="button" class="btn" data-dismiss="modal">
|
||||
<spring:message code="close" />
|
||||
</button>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
@@ -532,6 +532,7 @@
|
||||
</div>
|
||||
<c:set var="trustedCertPath" value="/proxy/intercept/strateagy/trustedCertList?functionId=${cfg.functionId}"/>
|
||||
<!-- crl配置新增 -->
|
||||
<%@include file="/WEB-INF/views/cfg/intercept/strateagy/crlForm.jsp" %>
|
||||
<%@include file="/WEB-INF/views/cfg/intercept/strateagy/certForm.jsp" %>
|
||||
<%-- <%@include file="/WEB-INF/views/cfg/intercept/strateagy/crlForm.jsp" %> --%>
|
||||
</body>
|
||||
</html>
|
||||
Reference in New Issue
Block a user