diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java b/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java index 99d9cbe33..09bbb9602 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/FileHijackController.java @@ -6,16 +6,12 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.UUID; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; -import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; -import org.springframework.util.FileCopyUtils; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.multipart.MultipartFile; @@ -73,19 +69,19 @@ public class FileHijackController extends CommonController{ File file = null; try{ if(cfgFile != null) { - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(cfgFile.getBytes(), file); + String filename = cfgFile.getOriginalFilename(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true)); + cfgFile.transferTo(file);// 复制文件 + String md5 = FileUtils.getFileMD5(file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false)); + srcMap.put("filetype", suffix); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false)); - srcMap.put("fileName", cfgFile.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes())); + srcMap.put("key", prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 劫持文件 上传响应信息:" + JsonMapper.toJsonString(result)); String path = null; diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java index 0fcf5e6ae..3ade0d8f7 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/FileInsertScriptController.java @@ -6,16 +6,12 @@ import java.util.Date; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.UUID; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; -import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; -import org.springframework.util.FileCopyUtils; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.multipart.MultipartFile; @@ -72,19 +68,19 @@ public class FileInsertScriptController extends CommonController{ File file = null; try{ if(cfgFile != null) { - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(cfgFile.getBytes(), file); - Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false)); - srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 - srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false)); - srcMap.put("fileName", cfgFile.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes())); + String filename = cfgFile.getOriginalFilename(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + file = File.createTempFile("file_"+ prefix, FileUtils.getSuffix(filename, true)); + cfgFile.transferTo(file);//复制文件 + String md5 = FileUtils.getFileMD5(file); + Map srcMap = Maps.newHashMap(); + srcMap.put("filetype", suffix); + srcMap.put("datatype", "dbSystem");//源文件存入数据中心 + srcMap.put("createTime",new Date()); + srcMap.put("key",prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("注入脚本文件上传响应信息:"+JsonMapper.toJsonString(result)); String srcAccessUrl = null; diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java b/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java index 565004ea7..c1dd788d2 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/FileResponsePageController.java @@ -11,17 +11,14 @@ package com.nis.web.controller.configuration.proxy; import java.io.File; import java.util.Date; import java.util.Map; -import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; -import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; -import org.springframework.util.FileCopyUtils; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.multipart.MultipartFile; @@ -97,19 +94,19 @@ public class FileResponsePageController extends CommonController { File file = null; try{ if(cfgFile != null) { - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(cfgFile.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(cfgFile.getBytes(), file); - Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(cfgFile.getOriginalFilename(), false)); - srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 - srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(cfgFile.getOriginalFilename(), false)); - srcMap.put("fileName", cfgFile.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(cfgFile.getBytes())); + String filename = cfgFile.getOriginalFilename(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + file = File.createTempFile("file_"+ prefix, FileUtils.getSuffix(filename, true)); + cfgFile.transferTo(file);//复制文件 + String md5 = FileUtils.getFileMD5(file); + Map srcMap = Maps.newHashMap(); + srcMap.put("filetype", suffix); + srcMap.put("datatype", "dbSystem");//源文件存入数据中心 + srcMap.put("createTime",new Date()); + srcMap.put("key",prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("http 重定向阻断文件上传响应信息:"+JsonMapper.toJsonString(result)); String srcAccessUrl = null; @@ -118,7 +115,7 @@ public class FileResponsePageController extends CommonController { srcAccessUrl=data.getAccessUrl(); cfg.setUrl(srcAccessUrl);; } - cfg.setMd5(DigestUtils.md5Hex(cfgFile.getBytes()));//文件md5值 + cfg.setMd5(md5);//文件md5值 cfg.setContentLength(file.length());//文件长度 } proxyFileResponsePageService.saveOrUpdate(cfg); diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java index c7f67d697..f4373b6b8 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java @@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.BeanUtils; -import org.apache.commons.codec.digest.DigestUtils; import org.apache.shiro.authz.annotation.RequiresPermissions; import org.springframework.mock.web.MockMultipartFile; import org.springframework.stereotype.Controller; @@ -210,19 +209,19 @@ public class PxyObjKeyringController extends BaseController { try { if (validFlag) { if (publicKeyFileI != null) { - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(publicKeyFileI.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(publicKeyFileI.getBytes(), file); + String filename = publicKeyFileI.getOriginalFilename(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true)); + publicKeyFileI.transferTo(file);// 复制文件 + String md5 = FileUtils.getFileMD5(file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(publicKeyFileI.getOriginalFilename(), false)); + srcMap.put("filetype", suffix); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(publicKeyFileI.getOriginalFilename(), false)); - srcMap.put("fileName", publicKeyFileI.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(publicKeyFileI.getBytes())); + srcMap.put("key", prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 证书文件策略公钥 文件上传响应信息:" + JsonMapper.toJsonString(result)); String publicKeyFileAccessUrl = null; @@ -234,19 +233,19 @@ public class PxyObjKeyringController extends BaseController { } } if (privateKeyFileI != null) { - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(privateKeyFileI.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(privateKeyFileI.getBytes(), file); + String filename = privateKeyFileI.getOriginalFilename(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true)); + privateKeyFileI.transferTo(file);// 复制文件 + String md5 = FileUtils.getFileMD5(file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(privateKeyFileI.getOriginalFilename(), false)); + srcMap.put("filetype", suffix); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(privateKeyFileI.getOriginalFilename(), false)); - srcMap.put("fileName", privateKeyFileI.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(privateKeyFileI.getBytes())); + srcMap.put("key", prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 证书文件策略私钥 上传响应信息:" + JsonMapper.toJsonString(result)); String privateKeyFileAccessUrl = null; @@ -695,19 +694,19 @@ public class PxyObjKeyringController extends BaseController { try { if (validFlag) { if (certFileI != null) { - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(certFileI.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(certFileI.getBytes(), file); + String filename = certFileI.getOriginalFilename(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true)); + certFileI.transferTo(file);// 复制文件 + String md5 = FileUtils.getFileMD5(file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(certFileI.getOriginalFilename(), false)); + srcMap.put("filetype", suffix); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(certFileI.getOriginalFilename(), false)); - srcMap.put("fileName", certFileI.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(certFileI.getBytes())); + srcMap.put("key", prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("proxy 可信证书 文件上传响应信息:" + JsonMapper.toJsonString(result)); String certFileAccessUrl = null; @@ -816,19 +815,19 @@ public class PxyObjKeyringController extends BaseController { try { if (validFlag) { if (crlFileI != null) { - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(crlFileI.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(crlFileI.getBytes(), file); + String filename = crlFileI.getOriginalFilename(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + file = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true)); + crlFileI.transferTo(file);// 复制文件 + String md5 = FileUtils.getFileMD5(file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(crlFileI.getOriginalFilename(), false)); + srcMap.put("filetype", suffix); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(crlFileI.getOriginalFilename(), false)); - srcMap.put("fileName", crlFileI.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(crlFileI.getBytes())); + srcMap.put("key", prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("可信证书crl 文件上传响应信息:" + JsonMapper.toJsonString(result)); String crlFileAccessUrl = null; @@ -979,19 +978,19 @@ public class PxyObjKeyringController extends BaseController { PxyObjTrustedCaCert cacertBuitIn=new PxyObjTrustedCaCert(); cfg.setBuiltIn(1); BeanUtils.copyProperties(cfg, cacertBuitIn); - String sep = System.getProperty("file.separator"); - String digestFilePath = request.getRealPath("/") + "digestFile"; - FileUtils.createDirectory(digestFilePath); - String fileName = UUID.randomUUID() + FileUtils.getSuffix(multipartFile.getOriginalFilename(), true); - file = new File(digestFilePath + sep + fileName); - FileCopyUtils.copy(multipartFile.getBytes(), file); + filename = file.getName(); + String prefix = FileUtils.getPrefix(filename, false); + String suffix = FileUtils.getSuffix(filename, false); + newFile = File.createTempFile("file_" + prefix, FileUtils.getSuffix(filename, true)); + multipartFile.transferTo(newFile);// 复制文件 + String md5 = FileUtils.getFileMD5(file); Map srcMap = Maps.newHashMap(); - srcMap.put("filetype", FileUtils.getSuffix(multipartFile.getOriginalFilename(), false)); + srcMap.put("filetype", suffix); srcMap.put("datatype", "dbSystem");// 源文件存入数据中心 srcMap.put("createTime", new Date()); - srcMap.put("key", FileUtils.getPrefix(multipartFile.getOriginalFilename(), false)); - srcMap.put("fileName", multipartFile.getOriginalFilename()); - srcMap.put("checksum", DigestUtils.md5Hex(multipartFile.getBytes())); + srcMap.put("key", prefix); + srcMap.put("fileName", filename); + srcMap.put("checksum", md5); ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap)); logger.info("可信证书内置证书 文件上传响应信息:" + JsonMapper.toJsonString(result)); String crlFileAccessUrl = null;