所有日志scenefile和http的req相关内容修改为admin才可展示。

全量下发及批量下发增加可信证书业务处理
2018-12-08 17:54:59 +08:00
parent 178181478f
commit a30bd855dd
44 changed files with 157 additions and 102 deletions
--- a/src/main/java/com/nis/web/controller/BaseController.java
+++ b/src/main/java/com/nis/web/controller/BaseController.java
@@ -2636,9 +2636,18 @@ public class BaseController {
 					cfg.setIsValid(entity.getIsValid());
 					cfg.setAuditTime(entity.getAuditTime());
 					newList.addAll(BaseService.convertCallBackProxyObjTrustedCa(cfg,null));
-					//TODO 要保证cert下发成功crl必须也同时下发成功，需要单个查询
 					ids.add(cfg.getCompileId());
 				}
+				if(!StringUtil.isEmpty(ids)) {
+					list=new ArrayList<>();
+					list=commonPolicyService.getPxyObjTrustedCrlCfgListByCertId(ids);
+					for(int i=0;i<list.size();i++){
+						PxyObjTrustedCaCrl cfg = (PxyObjTrustedCaCrl) list.get(i);
+						cfg.setIsValid(entity.getIsValid());
+						cfg.setAuditTime(entity.getAuditTime());
+						newList.addAll(BaseService.convertCallBackProxyObjTrustedCa(null,cfg));
+					}
+				}
 			}/*//批量下发时不需要单独下发CRL
 				else if(className.equals("PxyObjTrustedCaCrl")){ 
 				list = pxyObjKeyringService;
--- a/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/CommonPolicyDao.xml
@@ -745,25 +745,32 @@
 	        ,cancel_request_id = #{requestId,jdbcType=INTEGER}
 	     </if>
 	     <where>
-		     <if test="tableName == 'app_ip_cfg'" >
-		        and user_region1 in 
-		        <foreach collection="compileIds" index="index" item="compileId" open="(" separator="," close=")">
-		               #{compileId}       
-		       	</foreach>
-		     </if>
-		     <if test="tableName == 'asn_ip_cfg'" >
-		        and asn_ip_group in 
-		        <foreach collection="compileIds" index="index" item="compileId" open="(" separator="," close=")">
-		               #{compileId}       
-		       	</foreach>
-		     </if>
-		     <if test="tableName != 'asn_ip_cfg' and tableName != 'app_ip_cfg'" >
-		        and compile_id in 	
-		    	<foreach collection="compileIds" index="index" item="compileId" open="(" separator="," close=")">
-		               #{compileId}       
-		       	</foreach>
-		     </if>
-	    	
+	     	 <choose>
+		         <when test="tableName == 'app_ip_cfg'">
+		         	and user_region1 in 
+			        <foreach collection="compileIds" index="index" item="compileId" open="(" separator="," close=")">
+			               #{compileId}       
+			       	</foreach>
+		         </when >
+		         <when test=" tableName == 'asn_ip_cfg'">
+		         	and asn_ip_group in 
+			        <foreach collection="compileIds" index="index" item="compileId" open="(" separator="," close=")">
+			               #{compileId}       
+			       	</foreach>
+		         </when >  
+		         <when test=" tableName == 'pxy_obj_trusted_ca_crl'">
+		         	and cert_id in 
+			        <foreach collection="compileIds" index="index" item="compileId" open="(" separator="," close=")">
+			               #{compileId}       
+			       	</foreach>
+		         </when >  
+		        <otherwise>
+			        and compile_id in 	
+			    	<foreach collection="compileIds" index="index" item="compileId" open="(" separator="," close=")">
+			               #{compileId}       
+			       	</foreach>
+		       </otherwise>
+		   </choose>
 	    </where>
  	</if>
  	<if test="tableName == 'config_group_info'" >
--- a/src/main/java/com/nis/web/dao/configuration/ConfigSynchronizationDao.java
+++ b/src/main/java/com/nis/web/dao/configuration/ConfigSynchronizationDao.java
@@ -83,6 +83,7 @@ public interface ConfigSynchronizationDao {
 	public List<PxyObjKeyring> getPxyObjKeyringCfgList(BaseCfg entity);
 	public List<PxyObjTrustedCaCert> getPxyObjTrustedCertCfgList(BaseCfg entity);
 	public List<PxyObjTrustedCaCrl> getPxyObjTrustedCrlCfgList(BaseCfg entity);
+	public List<PxyObjTrustedCaCrl> getPxyObjTrustedCrlCfgListByCertId(@Param("certIds")List certIds);
 	public List<DnsResStrategy> getDnsStrategyList(BaseCfg entity);
 	public List<DnsIpCfg> getDnsIpCfgList(BaseCfg entity);
 	public List<IpPortCfg> getIpPortListByService(BaseCfg entity);
--- a/src/main/java/com/nis/web/dao/configuration/ConfigSynchronizationDao.xml
+++ b/src/main/java/com/nis/web/dao/configuration/ConfigSynchronizationDao.xml
@@ -1165,9 +1165,21 @@
 	    	</if>
 	    	and a.is_valid=#{isValid} and a.is_audit=#{isAudit}
 	    	and a.is_valid!=-1
+	    	and (cert_id is null or cert_id == 0)
 	    </trim>
 		ORDER BY a.CFG_ID
  </select>
+  <select id="getPxyObjTrustedCrlCfgListByCertId"  resultMap="PxyObjTrustedCaCrlMap" >
+		SELECT 
+	   		<include refid="PxyObjTrustedCaCrlColumns"/>
+	    FROM pxy_obj_trusted_ca_crl a
+	    <where>
+		        and cert_id in 
+		        <foreach collection="certIds" index="index" item="certId" open="(" separator="," close=")">
+		               #{certId}       
+		       	</foreach>
+	    </where>
+  </select>
  <select id="getPxyObjKeyringCfgList"  resultMap="PxyObjKeyringMap" parameterType="com.nis.domain.configuration.BaseCfg" >
 		SELECT 
 	   		<include refid="PxyObjKeyringColumns"/>
--- a/src/main/java/com/nis/web/service/configuration/CommonPolicyService.java
+++ b/src/main/java/com/nis/web/service/configuration/CommonPolicyService.java
@@ -141,7 +141,9 @@ public class CommonPolicyService extends CrudService<WebsiteCfgDao, CfgIndexInfo
 	public List<IpPortCfg> getIpPortList(IpPortCfg entity){
 		return synchronizationDao.getIpPortListByService(entity);
 	}
-	
+	public List<PxyObjTrustedCaCrl> getPxyObjTrustedCrlCfgListByCertId(List certIds){
+		return synchronizationDao.getPxyObjTrustedCrlCfgListByCertId(certIds);
+	}
 	/**
 	 * 回调类配置下发
 	 * @param className
@@ -157,6 +159,9 @@ public class CommonPolicyService extends CrudService<WebsiteCfgDao, CfgIndexInfo
 		}
 		if(!StringUtil.isEmpty(ids) && !StringUtil.isEmpty(entity.getTableName())) {
 			commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,ids,null);
+			if(entity.getTableName().equals("pxy_obj_trusted_ca_cert")) {
+				commonPolicyDao.auditCfgBatch("pxy_obj_trusted_ca_crl", entity,ids,null);
+			}
 		}
 		
 		if(entity.getIsAudit()==1){
--- a/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
+++ b/src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
@@ -1649,6 +1649,7 @@ public class ConfigSynchronizationService  extends BaseService{
 		configCompileList = new ArrayList();
 		List list = new ArrayList();
 		List newList = new ArrayList();
+		List ids = new ArrayList();
 		if(entity.getServiceId().equals(3)){//ip drop回调类配置用了主表和子表关系
 			list = configSynchronizationDao.getCfgIndexList(entity);
 			if(!StringUtil.isEmpty(list)){
@@ -1678,19 +1679,31 @@ public class ConfigSynchronizationService  extends BaseService{
 					newList.add(convertCallBackProxyObjKeyring(cfg));
 				}
 			}else if(className.equals("PxyObjTrustedCaCert")){
-				//TODO 下发cert配置时，需绑定下发crl配置
+				//下发cert配置时，需绑定下发crl配置
 				list = configSynchronizationDao.getPxyObjTrustedCertCfgList(entity);
 				for(int i=0;i<list.size();i++){
 					PxyObjTrustedCaCert cfg = (PxyObjTrustedCaCert) list.get(i);
 					newList.addAll(convertCallBackProxyObjTrustedCa(cfg,null));
+					ids.add(cfg.getCompileId());
 				}
+				if(!StringUtil.isEmpty(ids)){
+					list=new ArrayList<>();
+					list=configSynchronizationDao.getPxyObjTrustedCrlCfgListByCertId(ids);
+					for(int i=0;i<list.size();i++){
+						PxyObjTrustedCaCrl cfg = (PxyObjTrustedCaCrl) list.get(i);
+						newList.addAll(convertCallBackProxyObjTrustedCa(null,cfg));
+					}
+				}
+				
 			}else if(className.equals("PxyObjTrustedCaCrl")){
-				//TODO 只允许单独下发certId为空或0的crl配置
+				ids=new ArrayList<>();
+				//只允许单独下发certId为空或0的crl配置
 				list = configSynchronizationDao.getPxyObjTrustedCrlCfgList(entity);
 				for(int i=0;i<list.size();i++){
 					PxyObjTrustedCaCrl cfg = (PxyObjTrustedCaCrl) list.get(i);
 					newList.addAll(convertCallBackProxyObjTrustedCa(null,cfg));
 				}
+				
 			}else if(className.equals("DnsResStrategy")){
 				list = configSynchronizationDao.getDnsStrategyList(entity);
 				for(int i=0;i<list.size();i++){