修改拦截策略的证书信息校验规则:
1. Keyring的下拉列表显示全部已生效的证书; 2. 如选择了实体证书,必须配置域名,或者IP与域名的组合配置; 3. 域名配置,如匹配方式为完全匹配,则域名必须与所选择的实体证书的CN和SAN相同。如匹配方式为后缀匹配,则域名须与所选择的实体证书的CN和SAN后缀相同; 4. 如选择了中间证书或者根证书,则可配置IP,或者域名,或者两者组合; Conflicts: src/main/resources/messages/message_en.properties src/main/resources/messages/message_ru.properties src/main/resources/messages/message_zh_CN.properties
This commit is contained in:
zhangwei
@@ -88,12 +88,12 @@ public class InterceptController extends CommonController {
|
||||
}
|
||||
// 获取证书信息
|
||||
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
|
||||
if (entity.getFunctionId().equals(200)) {
|
||||
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
|
||||
}
|
||||
if (entity.getFunctionId().equals(201)) {
|
||||
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
|
||||
}
|
||||
// if (entity.getFunctionId().equals(200)) {
|
||||
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, null);
|
||||
// }
|
||||
// if (entity.getFunctionId().equals(201)) {
|
||||
// certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
|
||||
// }
|
||||
model.addAttribute("certificateList", certificateList);
|
||||
|
||||
model.addAttribute("_cfg", entity);
|
||||
|
||||
@@ -1475,4 +1475,9 @@ block_drop=Block(Drop)
|
||||
mail_record=Mail Records
|
||||
ssl_record=SSL Records
|
||||
http_record=HTTP Records
|
||||
second_bps=bps
|
||||
second_bps=bps
|
||||
ip_existed=IP has existed!
|
||||
user_check=In use, Can not be deleted!
|
||||
deletedAsnTip=The asnId ASN configuration with ID cfgId is deleted;
|
||||
reedit=Please re-edit!
|
||||
intercep_domain_required_tip=Domain is required
|
||||
@@ -1479,4 +1479,10 @@ framework_log=\u0421\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0438\u0440\u043e
|
||||
block_drop=\u0411\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435(\u041f\u0430\u0434\u0435\u043d\u0438\u0435)
|
||||
mail_record=\u0417\u0430\u043f\u0438\u0441\u0438 \u041f\u043e\u0447\u0442\u044b
|
||||
ssl_record=SSL \u0417\u0430\u043f\u0438\u0441\u0438
|
||||
http_record=HTTP \u0417\u0430\u043f\u0438\u0441\u0438
|
||||
http_record=HTTP \u0417\u0430\u043f\u0438\u0441\u0438
|
||||
second_bps=bps
|
||||
ip_existed=IP \u0443\u0436\u0435 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442!
|
||||
user_check=\u0414\u0430\u043D\u043D\u044B\u0439 \u043E\u0431\u044A\u0435\u043A\u0442 \u0437\u0430\u043D\u044F\u0442, \u043D\u0435\u043B\u044C\u0437\u044F \u0443\u0434\u0430\u043B\u0438\u0442\u044C!
|
||||
deletedAsnTip=\u041A\u043E\u043D\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044F \u2116 cfgId \u0441 ASN asnId \u0431\u044B\u043B\u0430 \u0443\u0434\u0430\u043B\u0435\u043D\u0430;
|
||||
reedit=\u041F\u043E\u0436\u0430\u043B\u0443\u0439\u0441\u0442\u0430, \u0440\u0435\u0434\u0430\u043A\u0442\u0438\u0440\u0443\u0439\u0442\u0435 \u0437\u0430\u043D\u043E\u0432\u043E!
|
||||
intercep_domain_required_tip=Domain is required
|
||||
@@ -1475,4 +1475,9 @@ block_drop=\u5c01\u5835(\u4e22\u5f03)
|
||||
mail_record=\u90ae\u4ef6\u6cdb\u6536
|
||||
ssl_record=SSL\u6cdb\u6536
|
||||
http_record=HTTP\u6cdb\u6536
|
||||
second_bps=bps
|
||||
second_bps=bps
|
||||
ip_existed=IP\u5DF2\u5B58\u5728\uFF01
|
||||
user_check=\u6B63\u5728\u4F7F\u7528\uFF0C\u4E0D\u80FD\u5220\u9664\uFF01
|
||||
deletedAsnTip=\u914D\u7F6EID\u4E3AcfgId\u7684asnId ASN\u914D\u7F6E\u5DF2\u88AB\u5220\u9664;
|
||||
reedit=\u8BF7\u91CD\u65B0\u7F16\u8F91\uFF01
|
||||
intercep_domain_required_tip=\u57DF\u540D\u4FE1\u606F\u5FC5\u987B\u914D\u7F6E
|
||||
@@ -50,15 +50,25 @@
|
||||
var flag = true;
|
||||
var actionValue=$("input[name=action]:checked").val();
|
||||
|
||||
flag=validDomain(actionValue);
|
||||
if(!flag){
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
//代表所有业务都隐藏了,提示必须增加一种业务数据
|
||||
if($(".boxSolid").length ==$(".boxSolid.hidden").length){
|
||||
top.$.jBox.tip("<spring:message code='one_more'/>", "<spring:message code='info'/>");
|
||||
return;
|
||||
}else{
|
||||
$(".boxSolid").each(function(){
|
||||
if($(this).hasClass("intercept_domain_div")){
|
||||
var inputObj = $(this).find("input[name$='cfgRegionCode']");
|
||||
flag=validDomain(actionValue,inputObj);
|
||||
if(!flag){
|
||||
return;
|
||||
}
|
||||
}
|
||||
});
|
||||
if(!flag){
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
//代表所有区域都隐藏了,提示必须增加个区域信息
|
||||
@@ -188,20 +198,27 @@
|
||||
$("#certDomain").addClass("hidden");
|
||||
}
|
||||
}
|
||||
var validDomain=function(actionValue){
|
||||
var validDomain=function(actionValue,inputObj){
|
||||
var flag=false;
|
||||
if(actionValue == 1){
|
||||
var serviceType=$(inputObj).attr("serviceType");
|
||||
var prefixName=$(inputObj).attr("name").split("cfgRegionCode")[0];
|
||||
//var matchMethod=$("select[name='"+prefixName+"matchMethod']").val();
|
||||
var cert=$(".monitAction").find("select[name='userRegion1']").val();
|
||||
var keyringType=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("keyringType");
|
||||
|
||||
if(cert != '' && keyringType == 'end-entity'){
|
||||
var domainDiv = $(inputObj).parent(".intercept_domain_div").is(':hidden');
|
||||
if(domainDiv){
|
||||
top.$.jBox.tip("<spring:message code='intercep_domain_required_tip'/>", "<spring:message code='info'/>");
|
||||
return false;
|
||||
}
|
||||
var cn=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("cn");
|
||||
if(cn !='' && cn != null){
|
||||
var cnReg = new RegExp('^(?=^.{3,255}$)[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\\'+cn.replace("*","")+')+$');
|
||||
var san=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("san");
|
||||
if(san != null && san !=''){
|
||||
$("input[name$='cfgRegionCode'").each(function(){
|
||||
var serviceType=$(this).attr("serviceType");
|
||||
var prefixName=$(this).attr("name").split("cfgRegionCode")[0];
|
||||
//$(".intercept_domain_div").each(function(){
|
||||
if(serviceType == "intercept_domain"){
|
||||
var domain=$("input[name='"+prefixName+"cfgKeywords']").val();
|
||||
var domain=domain.trim();
|
||||
@@ -212,25 +229,26 @@
|
||||
break;
|
||||
}
|
||||
var sanStr=san.split(",")[i].trim();
|
||||
if(sanStr.indexOf("*") >-1){
|
||||
if(sanStr.indexOf("*") >-1){//如证书域名包含*,则用该域名与配置进行后缀匹配
|
||||
var sanReg= new RegExp('^(?=^.{3,255}$)[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\\'+sanStr.replace("*","")+')+$');
|
||||
if(sanReg.exec(domain) != null){
|
||||
flag=true;
|
||||
}
|
||||
}else{
|
||||
}else{//证书域名不包含*,则该域名与配置完全匹配
|
||||
if(sanStr == domain){ //完全匹配
|
||||
flag=true;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
if(!flag){
|
||||
if(cn.indexOf("*") > -1){
|
||||
if(cn.indexOf("*") > -1){//如证书域名包含*,则用该域名与配置进行后缀匹配
|
||||
if(cnReg.exec(domain) != null){
|
||||
flag=true;
|
||||
}
|
||||
}else{
|
||||
}else{//证书域名不包含*,则该域名与配置完全匹配
|
||||
if(cn == domain){ //完全匹配
|
||||
flag=true;
|
||||
}
|
||||
@@ -246,12 +264,10 @@
|
||||
}else{
|
||||
$("div[for='"+prefixName+"cfgKeywords']").html("");
|
||||
}
|
||||
});
|
||||
//});
|
||||
}else{
|
||||
flag=false;
|
||||
$("input[name$='cfgRegionCode'").each(function(){
|
||||
var serviceType=$(this).attr("serviceType");
|
||||
var prefixName=$(this).attr("name").split("cfgRegionCode")[0];
|
||||
//$("input[name$='cfgRegionCode'").each(function(){
|
||||
if(serviceType == "intercept_domain"){
|
||||
if(error ==null || error.trim() == ''){
|
||||
$("div[for='"+prefixName+"cfgKeywords']").html("");
|
||||
@@ -259,13 +275,11 @@
|
||||
}
|
||||
}
|
||||
|
||||
});
|
||||
//});
|
||||
}
|
||||
}else{
|
||||
flag=false;
|
||||
$("input[name$='cfgRegionCode'").each(function(){
|
||||
var serviceType=$(this).attr("serviceType");
|
||||
var prefixName=$(this).attr("name").split("cfgRegionCode")[0];
|
||||
//$("input[name$='cfgRegionCode'").each(function(){
|
||||
var error=$("div[for='"+prefixName+"cfgKeywords']").html();
|
||||
if(serviceType == "intercept_domain"){
|
||||
if(error ==null || error.trim() == ''){
|
||||
@@ -274,7 +288,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
});
|
||||
//});
|
||||
}
|
||||
}else{
|
||||
flag=true;
|
||||
|
||||
Reference in New Issue
Block a user