Merge branch 'develop' of http://192.168.10.125/k18_web/NFS.git into
develop Conflicts: src/main/resources/messages/message_en.properties src/main/resources/messages/message_ru.properties src/main/resources/messages/message_zh_CN.properties src/main/resources/nis.properties 修复单个appHTTP界面cfgType多余问题 x509校验证书 字符串模板导出问题修复
This commit is contained in:
duandongmei
@@ -9,6 +9,7 @@ import java.security.cert.X509Certificate;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.UUID;
|
||||
|
||||
import javax.net.ssl.KeyManagerFactory;
|
||||
import javax.net.ssl.SSLContext;
|
||||
@@ -19,6 +20,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.shiro.authz.annotation.RequiresPermissions;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.Model;
|
||||
import org.springframework.util.FileCopyUtils;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
@@ -31,8 +33,11 @@ import com.nis.domain.basics.PolicyGroupInfo;
|
||||
import com.nis.domain.configuration.PxyObjKeyring;
|
||||
import com.nis.domain.maat.ToMaatResult;
|
||||
import com.nis.domain.maat.ToMaatResult.ResponseData;
|
||||
import com.nis.exceptions.CallExternalProceduresException;
|
||||
import com.nis.exceptions.MaatConvertException;
|
||||
import com.nis.exceptions.MultiPartNewException;
|
||||
import com.nis.util.ConfigServiceUtil;
|
||||
import com.nis.util.Constants;
|
||||
import com.nis.util.FileUtils;
|
||||
import com.nis.util.JsonMapper;
|
||||
import com.nis.util.StringUtil;
|
||||
@@ -75,30 +80,58 @@ public class PxyObjKeyringController extends BaseController {
|
||||
@RequiresPermissions(value={"proxy:intercept:config"})
|
||||
public String saveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
|
||||
@ModelAttribute("cfg")PxyObjKeyring cfg,
|
||||
MultipartFile privateKeyFileI,
|
||||
MultipartFile privateKeyFileI,
|
||||
MultipartFile publicKeyFileI,
|
||||
RedirectAttributes redirectAttributes){
|
||||
File file = null;
|
||||
try{
|
||||
if(publicKeyFileI != null) {
|
||||
// 获取公钥信息
|
||||
X509Certificate cert=FileUtils.getCertificateInfo(publicKeyFileI.getInputStream());
|
||||
String issuer=cert.getIssuerDN().getName();//颁发者
|
||||
Date notBefore=cert.getNotBefore();//起始时间
|
||||
Date notAfter=cert.getNotAfter();//结束时间
|
||||
String subject=cert.getSubjectDN().getName();//颁发给
|
||||
cfg.setIssuer(StringUtil.isEmpty(issuer)?"":issuer.trim());
|
||||
cfg.setSubject(StringUtil.isEmpty(subject)?"":subject.trim());
|
||||
cfg.setNotBeforeTime(notBefore);
|
||||
cfg.setNotAfterTime(notAfter);
|
||||
}
|
||||
}catch (Exception e) {
|
||||
logger.error("证书信息获取失败",e);
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
boolean validFlag=true;
|
||||
try {
|
||||
boolean publicKeyFileflag=validCertFileContent(publicKeyFileI,"-incert");
|
||||
boolean privateKeyFileflag=validCertFileContent(privateKeyFileI,"-inkey");
|
||||
if(!publicKeyFileflag && !privateKeyFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
logger.error(publicKeyFileI.getOriginalFilename()+" and "+privateKeyFileI.getOriginalFilename()+" file non certificate file format ");
|
||||
throw new MultiPartNewException(
|
||||
this.getMsgProp().getProperty("certificate_error")
|
||||
);
|
||||
}else if(!publicKeyFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
logger.error(publicKeyFileI.getOriginalFilename()+" file non public key file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("public_file_error"));
|
||||
}else if(!privateKeyFileflag){
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
logger.error(privateKeyFileI.getOriginalFilename()+" file non private key file format ");
|
||||
throw new MultiPartNewException(this.getMsgProp().getProperty("private_file_error"));
|
||||
}
|
||||
} catch (Exception e) {
|
||||
validFlag=false;
|
||||
logger.error("证书文件校验失败",e);
|
||||
addMessage(redirectAttributes,e.getMessage());
|
||||
}
|
||||
|
||||
try{
|
||||
|
||||
|
||||
if(validFlag){
|
||||
validFlag=true;
|
||||
try{
|
||||
|
||||
if(publicKeyFileI != null) {
|
||||
// 获取公钥信息
|
||||
X509Certificate cert=FileUtils.getCertificateInfo(publicKeyFileI.getInputStream());
|
||||
String issuer=cert.getIssuerDN().getName();//颁发者
|
||||
Date notBefore=cert.getNotBefore();//起始时间
|
||||
Date notAfter=cert.getNotAfter();//结束时间
|
||||
String subject=cert.getSubjectDN().getName();//颁发给
|
||||
cfg.setIssuer(StringUtil.isEmpty(issuer)?"":issuer.trim());
|
||||
cfg.setSubject(StringUtil.isEmpty(subject)?"":subject.trim());
|
||||
cfg.setNotBeforeTime(notBefore);
|
||||
cfg.setNotAfterTime(notAfter);
|
||||
}
|
||||
}catch (Exception e) {
|
||||
logger.error("证书信息获取失败",e);
|
||||
addMessage(redirectAttributes,e.getMessage());
|
||||
}
|
||||
}
|
||||
if(validFlag){
|
||||
try{
|
||||
if(publicKeyFileI != null) {
|
||||
String filename = publicKeyFileI.getOriginalFilename();
|
||||
String prefix = FileUtils.getPrefix(filename, false);
|
||||
@@ -146,16 +179,63 @@ public class PxyObjKeyringController extends BaseController {
|
||||
}
|
||||
}
|
||||
pxyObjKeyringService.saveOrUpdate(cfg);
|
||||
|
||||
addMessage(redirectAttributes,"save_success");
|
||||
}catch(Exception e){
|
||||
e.printStackTrace();
|
||||
addMessage(redirectAttributes,"save_failed");
|
||||
|
||||
addMessage(redirectAttributes,"save_success");
|
||||
}catch(Exception e){
|
||||
logger.error("证书上传失败",e);
|
||||
if(e instanceof MaatConvertException) {
|
||||
addMessage(redirectAttributes,e.getMessage());
|
||||
}else {
|
||||
addMessage(redirectAttributes,e.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+cfg.getFunctionId();
|
||||
}
|
||||
|
||||
public boolean validCertFileContent(MultipartFile file,String validateType)throws Exception{
|
||||
String os = System.getProperty("os.name").toLowerCase();
|
||||
if(!os.contains("windows")){
|
||||
//证书文件临时保存路径
|
||||
String certFilePath = Constants.CERT_FILE_PATH;
|
||||
FileUtils.createDirectory(certFilePath);
|
||||
String filePath=certFilePath
|
||||
+File.separator
|
||||
+UUID.randomUUID()
|
||||
+FileUtils.getSuffix(file.getOriginalFilename(), true);
|
||||
File uploadFile = new File(filePath);
|
||||
FileCopyUtils.copy(file.getBytes(), uploadFile);
|
||||
//加载x509脚本
|
||||
String x509Shell=Thread.currentThread()
|
||||
.getContextClassLoader()
|
||||
.getResource(
|
||||
File.separator+"shell"
|
||||
+File.separator
|
||||
+Constants.CERT_VALIDATE_FILE).getPath();
|
||||
//x509脚本分配可执行权限
|
||||
Map<String, Object> resultMap1=avCfgService.execShell("","chmod","+x",filePath);
|
||||
//验证文件
|
||||
logger.info(x509Shell+" "+validateType+" "+filePath);
|
||||
Map<String, Object> resultMap=avCfgService.execShell(x509Shell,validateType,filePath);
|
||||
if(resultMap != null
|
||||
&& !StringUtil.isEmpty(resultMap.get("out"))
|
||||
&& (!(resultMap.get("out").toString().indexOf(Constants.CERT_VALIDATE_SUCCESS_INFO) > -1))
|
||||
){
|
||||
|
||||
logger.error("x509 Out Info:"+resultMap.get("out").toString());
|
||||
|
||||
//临时文件删除
|
||||
logger.info("delete file"+filePath);
|
||||
FileUtils.deleteFile(filePath);
|
||||
|
||||
return false;
|
||||
}
|
||||
//临时文件删除
|
||||
logger.info("delete file"+filePath);
|
||||
FileUtils.deleteFile(filePath);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
@RequestMapping(value = {"/list"})
|
||||
public String list(Model model,HttpServletRequest request,HttpServletResponse response
|
||||
,@ModelAttribute("cfg")PxyObjKeyring entity
|
||||
|
||||
Reference in New Issue
Block a user