gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

拦截文件策略功能更改

Browse Source
This commit is contained in:
duandongmei
2018-08-24 15:41:05 +08:00
parent b134786c70
commit d16db28a1e
21 changed files with 1869 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

156
src/main/java/com/nis/domain/callback/ProxyObjKeyring.java Normal file
View File

@@ -0,0 +1,156 @@
package com.nis.domain.callback;
import java.util.Date;
import com.google.gson.annotations.Expose;
public class ProxyObjKeyring {
@Expose
private Long id; //compileId
@Expose
private Integer cfgId; //compileId
@Expose
private Integer keyringId;
@Expose
private Integer action;
@Expose
private Integer service;
@Expose
private Integer isValid;
@Expose
private Date opTime;
@Expose
private String keyringName;
@Expose
private String keyringType;
@Expose
private String privateKeyFile;
@Expose
private String publicKeyFile;
@Expose
private Integer expireAfter;
@Expose
private String publicKeyAlgo;
@Expose
private String crl;
public Long getId() {
return id;
}
public void setId(Long id) {
this.id = id;
}
public void setCfgId(Integer cfgId) {
this.cfgId = cfgId;
}
public Integer getCfgId() {
return cfgId;
}
public void setKeyringId(Integer keyringId) {
this.keyringId = keyringId;
}
public Integer getKeyringId() {
return keyringId;
}
public String getKeyringName() {
return keyringName;
}
public void setKeyringName(String keyringName) {
this.keyringName = keyringName;
}
public String getKeyringType() {
return keyringType;
}
public void setKeyringType(String keyringType) {
this.keyringType = keyringType;
}
public String getPrivateKeyFile() {
return privateKeyFile;
}
public void setPrivateKeyFile(String privateKeyFile) {
this.privateKeyFile = privateKeyFile;
}
public String getPublicKeyFile() {
return publicKeyFile;
}
public void setPublicKeyFile(String publicKeyFile) {
this.publicKeyFile = publicKeyFile;
}
public Integer getExpireAfter() {
return expireAfter;
}
public void setExpireAfter(Integer expireAfter) {
this.expireAfter = expireAfter;
}
public String getPublicKeyAlgo() {
return publicKeyAlgo;
}
public void setPublicKeyAlgo(String publicKeyAlgo) {
this.publicKeyAlgo = publicKeyAlgo;
}
public String getCrl() {
return crl;
}
public void setCrl(String crl) {
this.crl = crl;
}
/**
* action
* @return action
*/
public Integer getAction() {
return action;
}
/**
* @param action the action to set
*/
public void setAction(Integer action) {
this.action = action;
}
/**
* isValid
* @return isValid
*/
public Integer getIsValid() {
return isValid;
}
/**
* @param isValid the isValid to set
*/
public void setIsValid(Integer isValid) {
this.isValid = isValid;
}
/**
* opTime
* @return opTime
*/
public Date getOpTime() {
return opTime;
}
/**
* @param opTime the opTime to set
*/
public void setOpTime(Date opTime) {
this.opTime = opTime;
}
/**
* service
* @return service
*/
public Integer getService() {
return service;
}
/**
* @param service the service to set
*/
public void setService(Integer service) {
this.service = service;
}
}

3
src/main/java/com/nis/domain/configuration/DnsResStrategy.java
View File

@@ -1,12 +1,13 @@
package com.nis.domain.configuration;
import javax.net.ssl.KeyManager;
/**
* dns响应策略配置
* @author dell
*
*/
public class DnsResStrategy extends BaseCfg<DnsResStrategy> {
/**
*
*/

89
src/main/java/com/nis/domain/configuration/PxyObjKeyring.java Normal file
View File

@@ -0,0 +1,89 @@
package com.nis.domain.configuration;
import java.util.Date;
/**
* 拦截证书策略
* @author dell
*
*/
public class PxyObjKeyring extends BaseCfg<PxyObjKeyring> {
/**
*
*/
private static final long serialVersionUID = -2720862431960415564L;
private String keyringType;
private String privateKeyFile;
private String publicKeyFile;
private Integer expireAfter;
private String publicKeyAlgo;
private String crl;
private String issuer;
private Date notBeforeTime;
private Date notAfterTime;
private String subject;
public String getKeyringType() {
return keyringType;
}
public void setKeyringType(String keyringType) {
this.keyringType = keyringType;
}
public String getPrivateKeyFile() {
return privateKeyFile;
}
public void setPrivateKeyFile(String privateKeyFile) {
this.privateKeyFile = privateKeyFile;
}
public String getPublicKeyFile() {
return publicKeyFile;
}
public void setPublicKeyFile(String publicKeyFile) {
this.publicKeyFile = publicKeyFile;
}
public Integer getExpireAfter() {
return expireAfter;
}
public void setExpireAfter(Integer expireAfter) {
this.expireAfter = expireAfter;
}
public String getPublicKeyAlgo() {
return publicKeyAlgo;
}
public void setPublicKeyAlgo(String publicKeyAlgo) {
this.publicKeyAlgo = publicKeyAlgo;
}
public String getCrl() {
return crl;
}
public void setCrl(String crl) {
this.crl = crl;
}
public String getIssuer() {
return issuer;
}
public void setIssuer(String issuer) {
this.issuer = issuer;
}
public Date getNotAfterTime() {
return notAfterTime;
}
public Date getNotBeforeTime() {
return notBeforeTime;
}
public void setNotAfterTime(Date notAfterTime) {
this.notAfterTime = notAfterTime;
}
public void setNotBeforeTime(Date notBeforeTime) {
this.notBeforeTime = notBeforeTime;
}
public String getSubject() {
return subject;
}
public void setSubject(String subject) {
this.subject = subject;
}
}

16
src/main/java/com/nis/util/FileUtils.java
View File

@@ -11,6 +11,8 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.servlet.ServletOutputStream;
@@ -747,6 +749,20 @@ public class FileUtils extends org.apache.commons.io.FileUtils {
}
}
}
/**
* 获取公钥证书
* @param inputStream
* @return
*/
public static X509Certificate getCertificateInfo(InputStream inputStream) throws Exception{
X509Certificate ca = null;
CertificateFactory certificateFactory = CertificateFactory
.getInstance("X.509");
ca= (X509Certificate) certificateFactory
.generateCertificate(inputStream);
return ca;
}
/**
* 计算文件MD5
* @param file

3
src/main/java/com/nis/web/controller/BaseController.java
View File

@@ -85,6 +85,7 @@ import com.nis.web.service.configuration.IpMultiplexPoolCfgService;
import com.nis.web.service.configuration.MailCfgService;
import com.nis.web.service.configuration.NumCfgService;
import com.nis.web.service.configuration.ProxyFileStrategyService;
import com.nis.web.service.configuration.PxyObjKeyringService;
import com.nis.web.service.configuration.RequestInfoService;
import com.nis.web.service.configuration.WebsiteCfgService;
import com.nis.web.service.configuration.XmppCfgService;
@@ -189,6 +190,8 @@ public class BaseController {
protected InterceptCfgService interceptCfgService;
@Autowired
protected ProxyFileStrategyService proxyFileStrategyService;//代理文件策略service
@Autowired
protected PxyObjKeyringService pxyObjKeyringService;//拦截策略service
/**
* 管理基础路径

24
src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
View File

@@ -27,6 +27,7 @@ import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.HttpUrlCfg;
import com.nis.domain.configuration.InterceptPktBin;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.template.IpAddrTemplate;
import com.nis.exceptions.MaatConvertException;
import com.nis.web.controller.configuration.CommonController;
@@ -46,6 +47,17 @@ public class InterceptController extends CommonController{
Page<CfgIndexInfo> page = websiteCfgService.getWebsiteList(searchPage, cfg);
model.addAttribute("page", page);
initPageCondition(model,cfg);
//获取证书信息
List<PxyObjKeyring> certificateList=new ArrayList<PxyObjKeyring>();
if(cfg.getFunctionId().equals(200)){
certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
}
if(cfg.getFunctionId().equals(201)){
certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
}
model.addAttribute("certificateList", certificateList);
return "/cfg/intercept/interceptList";
}
@RequestMapping(value = {"/interceptIpForm","interceptDomainForm"})
@@ -57,9 +69,15 @@ public class InterceptController extends CommonController{
}else{
initFormCondition(model,entity);
}
//TODO获取证书信息
//List<DnsResStrategy> resStrategys=dnsResStrategyService.findDnsResStrategys(null, 1,1);
//model.addAttribute("dnsResStrategys", resStrategys);
//获取证书信息
List<PxyObjKeyring> certificateList=new ArrayList<PxyObjKeyring>();
if(entity.getFunctionId().equals(200)){
certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
}
if(entity.getFunctionId().equals(201)){
certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
}
model.addAttribute("certificateList", certificateList);
model.addAttribute("_cfg", entity);
return "/cfg/intercept/interceptForm";

211
src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java Normal file
View File

@@ -0,0 +1,211 @@
package com.nis.web.controller.configuration.proxy;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import com.google.common.collect.Maps;
import com.nis.domain.Page;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.maat.ToMaatResult;
import com.nis.domain.maat.ToMaatResult.ResponseData;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.FileUtils;
import com.nis.util.JsonMapper;
import com.nis.util.StringUtil;
import com.nis.web.controller.BaseController;
/**
* 拦截策略
* @author ddm
*
*/
@Controller
@RequestMapping("${adminPath}/proxy/intercept/strateagy")
public class PxyObjKeyringController extends BaseController {
@RequestMapping(value = {"/form"})
@RequiresPermissions(value={"proxy:intercept:config"})
public String from(Model model,
HttpServletRequest request,
HttpServletResponse response,
String ids,
@ModelAttribute("cfg")PxyObjKeyring cfg
,RedirectAttributes redirectAttributes){
if(cfg == null){
cfg=new PxyObjKeyring();
}
if(!StringUtil.isEmpty(ids)){
cfg = pxyObjKeyringService.getPxyObjKeyring(Long.valueOf(ids),-1);
initFormCondition(model, cfg);
model.addAttribute("isAdd", false);
}else{
initFormCondition(model, cfg);
model.addAttribute("isAdd", true);
}
model.addAttribute("_cfg", cfg);
return "/cfg/intercept/strateagy/form";
}
@RequestMapping(value = {"/saveOrUpdate"})
@RequiresPermissions(value={"proxy:intercept:config"})
public String saveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
@ModelAttribute("cfg")PxyObjKeyring cfg,
MultipartFile privateKeyFileI,
MultipartFile publicKeyFileI,
RedirectAttributes redirectAttributes){
File file = null;
try{
if(publicKeyFileI != null) {
// 获取公钥信息
X509Certificate cert=FileUtils.getCertificateInfo(publicKeyFileI.getInputStream());
String issuer=cert.getIssuerDN().getName();//颁发者
Date notBefore=cert.getNotBefore();//起始时间
Date notAfter=cert.getNotAfter();//结束时间
String subject=cert.getSubjectDN().getName();//颁发给
cfg.setIssuer(StringUtil.isEmpty(issuer)?"":issuer.trim());
cfg.setSubject(StringUtil.isEmpty(subject)?"":subject.trim());
cfg.setNotBeforeTime(notBefore);
cfg.setNotAfterTime(notAfter);
}
}catch (Exception e) {
logger.error("证书信息获取失败",e);
addMessage(redirectAttributes,"save_failed");
}
try{
if(publicKeyFileI != null) {
String filename = publicKeyFileI.getOriginalFilename();
String prefix = FileUtils.getPrefix(filename, false);
String suffix = FileUtils.getSuffix(filename, false);
file = File.createTempFile("file_"+ prefix, suffix);
publicKeyFileI.transferTo(file);//复制文件
String md5 = FileUtils.getFileMD5(file);
Map<String,Object> srcMap = Maps.newHashMap();
srcMap.put("filetype", suffix);
srcMap.put("datatype", "dbSystem");//源文件存入数据中心
srcMap.put("createTime",new Date());
srcMap.put("key",prefix);
srcMap.put("fileName", filename);
srcMap.put("checksum", md5);
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
logger.info("proxy 证书文件策略公钥 文件上传响应信息:"+JsonMapper.toJsonString(result));
String publicKeyFileAccessUrl = null;
if(!StringUtil.isEmpty(result)){
ResponseData data = result.getData();
publicKeyFileAccessUrl=data.getAccessUrl();
cfg.setPublicKeyFile(publicKeyFileAccessUrl);;
}
}
if(privateKeyFileI != null) {
String filename = privateKeyFileI.getOriginalFilename();
String prefix = FileUtils.getPrefix(filename, false);
String suffix = FileUtils.getSuffix(filename, false);
file = File.createTempFile("file_"+ prefix, suffix);
privateKeyFileI.transferTo(file);//复制文件
String md5 = FileUtils.getFileMD5(file);
Map<String,Object> srcMap = Maps.newHashMap();
srcMap.put("filetype", suffix);
srcMap.put("datatype", "dbSystem");//源文件存入数据中心
srcMap.put("createTime",new Date());
srcMap.put("key",prefix);
srcMap.put("fileName", filename);
srcMap.put("checksum", md5);
ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
logger.info("proxy 证书文件策略私钥 上传响应信息:"+JsonMapper.toJsonString(result));
String privateKeyFileAccessUrl = null;
if(!StringUtil.isEmpty(result)){
ResponseData data = result.getData();
privateKeyFileAccessUrl=data.getAccessUrl();
cfg.setPrivateKeyFile(privateKeyFileAccessUrl);;
}
}
pxyObjKeyringService.saveOrUpdate(cfg);
addMessage(redirectAttributes,"save_success");
}catch(Exception e){
e.printStackTrace();
addMessage(redirectAttributes,"save_failed");
}
return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+cfg.getFunctionId();
}
@RequestMapping(value = {"/list"})
public String list(Model model,HttpServletRequest request,HttpServletResponse response
,@ModelAttribute("cfg")PxyObjKeyring entity
,RedirectAttributes redirectAttributes){
//查询时left join policyGroup
Page<PxyObjKeyring> page = pxyObjKeyringService.findPage(new Page<PxyObjKeyring>(request, response,"r"), entity);
model.addAttribute("page", page);
initPageCondition(model);
return "/cfg/intercept/strateagy/list";
}
@RequestMapping(value = {"/delete"})
@RequiresPermissions(value={"proxy:intercept:config"})
public String delete(Integer isAudit,Integer isValid,String ids,Integer functionId
,Model model,HttpServletRequest request
,HttpServletResponse response
,RedirectAttributes redirectAttributes){
if(!StringUtil.isEmpty(ids)){
pxyObjKeyringService.delete(isAudit,isValid,ids,functionId);
}
return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+functionId;
}
@RequestMapping(value = {"/audit"})
@RequiresPermissions(value={"proxy:intercept:confirm"})
public String audit(Integer isAudit,Integer isValid,String ids,Integer functionId,
RedirectAttributes redirectAttributes) {
if(!StringUtil.isEmpty(ids)){
String[] idArray = ids.split(",");
Date auditTime=new Date();
for(String id :idArray){
try {
pxyObjKeyringService.audit(isAudit,isValid,functionId,id,auditTime);
} catch (MaatConvertException e) {
addMessage(redirectAttributes, e.getMessage());
}
}
}
return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+functionId;
}
@ResponseBody
@RequestMapping(value = "/validCfgId")
public boolean validCfgId(Long cfgId) {
PxyObjKeyring dns=pxyObjKeyringService.getPxyObjKeyring(cfgId,null);
if(dns == null ){
return false;
}else{
return true;
}
}
}

19
src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java Normal file
View File

@@ -0,0 +1,19 @@
package com.nis.web.dao.configuration;
import java.util.List;
import org.apache.ibatis.annotations.Param;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.web.dao.CrudDao;
import com.nis.web.dao.MyBatisDao;
@MyBatisDao
public interface PxyObjKeyringDao extends CrudDao< PxyObjKeyring> {
List<PxyObjKeyring> findPage( PxyObjKeyring pxyObjKeyring);
List<PxyObjKeyring> findList(@Param("cfgId")Long cfgId
,@Param("isAudit")Integer isAudit
,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
}

326
src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml Normal file
View File

@@ -0,0 +1,326 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.nis.web.dao.configuration.PxyObjKeyringDao" >
<resultMap id="PxyObjKeyringMap" type="com.nis.domain.configuration.PxyObjKeyring" >
<id column="cfg_id" property="cfgId" jdbcType="BIGINT" />
<result column="cfg_desc" property="cfgDesc" jdbcType="VARCHAR" />
<result column="keyring_type" property="keyringType" jdbcType="VARCHAR" />
<result column="private_key_file" property="privateKeyFile" jdbcType="VARCHAR" />
<result column="public_key_file" property="publicKeyFile" jdbcType="VARCHAR" />
<result column="expire_after" property="expireAfter" jdbcType="INTEGER" />
<result column="public_key_algo" property="publicKeyAlgo" jdbcType="VARCHAR" />
<result column="crl" property="crl" jdbcType="VARCHAR" />
<result column="issuer" property="issuer" jdbcType="VARCHAR" />
<result column="subject" property="subject" jdbcType="VARCHAR" />
<result column="not_before_time" property="notBeforeTime" jdbcType="TIMESTAMP" />
<result column="not_after_time" property="notAfterTime" jdbcType="TIMESTAMP" />
<result column="action" property="action" jdbcType="INTEGER" />
<result column="is_valid" property="isValid" jdbcType="INTEGER" />
<result column="is_audit" property="isAudit" jdbcType="INTEGER" />
<result column="creator_id" property="creatorId" jdbcType="INTEGER" />
<result column="create_time" property="createTime" jdbcType="TIMESTAMP" />
<result column="editor_id" property="editorId" jdbcType="INTEGER" />
<result column="edit_time" property="editTime" jdbcType="TIMESTAMP" />
<result column="auditor_id" property="auditorId" jdbcType="INTEGER" />
<result column="audit_time" property="auditTime" jdbcType="TIMESTAMP" />
<result column="service_id" property="serviceId" jdbcType="INTEGER" />
<result column="request_id" property="requestId" jdbcType="INTEGER" />
<result column="is_area_effective" property="isAreaEffective" jdbcType="INTEGER" />
<result column="classify" property="classify" jdbcType="VARCHAR" />
<result column="attribute" property="attribute" jdbcType="VARCHAR" />
<result column="lable" property="lable" jdbcType="VARCHAR" />
<result column="area_effective_ids" property="areaEffectiveIds" jdbcType="VARCHAR" />
<result column="function_id" property="functionId" jdbcType="INTEGER" />
<result column="cfg_region_code" property="cfgRegionCode" jdbcType="INTEGER" />
<result column="cfg_type" property="cfgType" jdbcType="VARCHAR" />
<result column="compile_id" property="compileId" jdbcType="INTEGER" />
</resultMap>
<sql id="PxyObjKeyringColumns">
r.cfg_id,r.cfg_desc
, r.keyring_type
,r.private_key_file
,r.public_key_file
,r.expire_after
, r.public_key_algo
, r.crl
, r.issuer
,r.subject
,r.not_before_time
,r.not_after_time
,r.cfg_type,r.action
,r.is_valid,r.is_audit,r.creator_id,r.create_time,r.editor_id
,r.edit_time,r.auditor_id,r.audit_time,r.service_id,r.request_id
,r.is_area_effective,r.classify,r.attribute,r.lable
,r.area_effective_ids,r.function_id,r.cfg_region_code,r.compile_id
</sql>
<!-- 查出所有 有效数据-->
<select id="findPage" resultMap="PxyObjKeyringMap">
SELECT
<include refid="PxyObjKeyringColumns"/>
<trim prefix="," prefixOverrides=",">
,s.name as creator_name,e.name as editor_name,u.name as auditor_name
,ri.request_title as requestName
</trim>
FROM pxy_obj_keyring r
left join sys_user s on r.creator_id=s.id
left join sys_user e on r.editor_id=e.id
left join sys_user u on r.auditor_id=u.id
left join request_info ri on r.request_id=ri.id
<trim prefix="WHERE" prefixOverrides="AND |OR ">
<if test="page !=null and page.where != null and page.where != ''">
AND ${page.where}
</if>
<if test="cfgId != null">
AND r.CFG_ID=#{cfgId,jdbcType=BIGINT}
</if>
<if test="compileId != null">
AND r.compile_id=#{compileId,jdbcType=BIGINT}
</if>
<if test="cfgDesc != null and cfgDesc != ''">
AND r.CFG_DESC like concat(concat('%',#{cfgDesc,jdbcType=VARCHAR}),'%')
</if>
<if test="issuer != null and issuer != ''">
AND r.issuer like concat(concat('%',#{issuer,jdbcType=VARCHAR}),'%')
</if>
<if test="subject != null and subject != ''">
AND r.subject like concat(concat('%',#{subject,jdbcType=VARCHAR}),'%')
</if>
<if test="action != null">
AND r.ACTION=#{action,jdbcType=INTEGER}
</if>
<if test="isValid != null">
AND r.IS_VALID=#{isValid,jdbcType=INTEGER}
</if>
<if test="isValid == null">
AND r.IS_VALID != -1
</if>
<if test="isAudit != null">
AND r.IS_AUDIT=#{isAudit,jdbcType=INTEGER}
</if>
<if test="creatorName != null and creatorName != ''">
AND CREATOR_NAME like concat(concat('%',#{creatorName,jdbcType=VARCHAR}),'%')
</if>
<if test="editorName != null and editorName != ''">
AND r.EDITOR_NAME like concat(concat('%',#{editorName,jdbcType=VARCHAR}),'%')
</if>
<if test="auditorName != null and auditorName != ''">
AND AUDITOR_NAME like concat(concat('%',#{auditorName,jdbcType=VARCHAR}),'%')
</if>
<if test="serviceId != null">
AND r.SERVICE_ID=#{serviceId,jdbcType=INTEGER}
</if>
<if test="requestId != null">
AND r.REQUEST_ID=#{requestId,jdbcType=INTEGER}
</if>
<if test="isAreaEffective != null">
AND r.IS_AREA_EFFECTIVE=#{isAreaEffective,jdbcType=INTEGER}
</if>
<if test="classify != null and classify != ''">
AND r.classify like concat(concat('%',#{classify,jdbcType=VARCHAR}),'%')
</if>
<if test="attribute != null and attribute != ''">
AND r.attribute like concat(concat('%',#{attribute,jdbcType=VARCHAR}),'%')
</if>
<if test="lable != null and lable != ''">
AND r.lable like concat(concat('%',#{lable,jdbcType=VARCHAR}),'%')
</if>
<if test="functionId != null">
AND r.function_id=#{functionId,jdbcType=INTEGER}
</if>
<!-- 数据范围过滤 -->
${sqlMap.dsf}
</trim>
<choose>
<when test="page !=null and page.orderBy != null and page.orderBy != ''">
ORDER BY ${page.orderBy}
</when>
<otherwise>
ORDER BY r.CFG_ID desc
</otherwise>
</choose>
</select>
<!-- 查出所有 有效数据-->
<select id="findList" resultMap="PxyObjKeyringMap">
SELECT
<include refid="PxyObjKeyringColumns"/>
FROM pxy_obj_keyring r
<where>
<if test="isValid == -1">
AND r.is_valid !=-1
</if>
<if test="isValid == 1">
AND r.is_valid =1
</if>
<if test="isValid == 0">
AND r.is_valid =0
</if>
<if test="isAudit == 0">
AND r.is_audit =0
</if>
<if test="isAudit == 1">
AND r.is_audit =1
</if>
<if test="cfgType != null">
AND r.cfg_type =#{cfgType,jdbcType=VARCHAR}
</if>
<if test="cfgId != null">
AND r.CFG_ID=#{cfgId,jdbcType=BIGINT}
</if>
</where>
</select>
<insert id="insert" parameterType="com.nis.domain.configuration.PxyObjKeyring" >
insert into pxy_obj_keyring (
CFG_ID,
CFG_DESC,
ACTION,
IS_VALID,
IS_AUDIT,
CREATOR_ID,
CREATE_TIME,
EDITOR_ID,
EDIT_TIME,
AUDITOR_ID,
AUDIT_TIME,
SERVICE_ID,
REQUEST_ID,
IS_AREA_EFFECTIVE,
CLASSIFY,
ATTRIBUTE,
LABLE,
AREA_EFFECTIVE_IDS,
function_id,
keyring_type,
private_key_file,
public_key_file,
expire_after,
public_key_algo,
crl,
issuer,
subject,
not_before_time,
not_after_time,
cfg_type,
compile_Id,
cfg_region_code
)values (
#{cfgId,jdbcType=VARCHAR},
#{cfgDesc,jdbcType=VARCHAR},
#{action,jdbcType=INTEGER},
0,
0,
#{creatorId,jdbcType=INTEGER},
#{createTime,jdbcType=TIMESTAMP},
#{editorId,jdbcType=INTEGER},
#{editTime,jdbcType=TIMESTAMP},
#{auditorId,jdbcType=INTEGER},
#{auditTime,jdbcType=TIMESTAMP},
#{serviceId,jdbcType=INTEGER},
#{requestId,jdbcType=INTEGER},
#{isAreaEffective,jdbcType=INTEGER},
#{classify,jdbcType=VARCHAR},
#{attribute,jdbcType=VARCHAR},
#{lable,jdbcType=VARCHAR},
#{areaEffectiveIds,jdbcType=VARCHAR},
#{functionId,jdbcType=INTEGER},
#{keyringType, jdbcType=VARCHAR},
#{privateKeyFile, jdbcType=VARCHAR},
#{publicKeyFile, jdbcType=VARCHAR},
#{expireAfter, jdbcType=INTEGER},
#{publicKeyAlgo, jdbcType=VARCHAR},
#{crl, jdbcType=VARCHAR},
#{issuer, jdbcType=VARCHAR},
#{subject, jdbcType=VARCHAR},
#{notBeforeTime,jdbcType=TIMESTAMP},
#{notAfterTime,jdbcType=TIMESTAMP},
#{cfgType,jdbcType=VARCHAR},
#{compileId,jdbcType=INTEGER},
#{cfgRegionCode,jdbcType=INTEGER}
)
</insert>
<update id="update" parameterType="com.nis.domain.configuration.PxyObjKeyring" >
update pxy_obj_keyring
<set >
<trim suffixOverrides=",">
<if test="cfgDesc != null and cfgDesc != ''" >
cfg_desc = #{cfgDesc,jdbcType=VARCHAR},
</if>
<if test="compileId != null " >
compile_Id = #{compileId,jdbcType=VARCHAR},
</if>
<if test="action != null" >
action = #{action,jdbcType=INTEGER},
</if>
<if test="isValid != null" >
is_valid = #{isValid,jdbcType=INTEGER},
</if>
<if test="isAudit != null" >
is_audit = #{isAudit,jdbcType=INTEGER},
</if>
<if test="editorId != null" >
editor_id = #{editorId,jdbcType=INTEGER},
</if>
<if test="editTime != null and editTime != ''" >
edit_time = #{editTime,jdbcType=TIMESTAMP},
</if>
<if test="auditorId != null" >
AUDITOR_ID = #{auditorId,jdbcType=INTEGER},
</if>
<if test="auditTime != null and auditTime != ''" >
AUDIT_TIME = #{auditTime,jdbcType=TIMESTAMP},
</if>
<if test="requestId != null" >
request_id = #{requestId,jdbcType=INTEGER},
</if>
<if test="isAreaEffective != null" >
is_area_effective = #{isAreaEffective,jdbcType=INTEGER},
</if>
<if test="classify != null and classify != ''" >
classify = #{classify,jdbcType=VARCHAR},
</if>
<if test="attribute != null and attribute != ''" >
attribute = #{attribute,jdbcType=VARCHAR},
</if>
<if test="lable != null and lable != ''" >
lable = #{lable,jdbcType=VARCHAR},
</if>
<if test="areaEffectiveIds != null" >
area_effective_ids = #{areaEffectiveIds,jdbcType=VARCHAR},
</if>
<if test="functionId != null" >
function_id = #{functionId,jdbcType=INTEGER},
</if>
<if test="serviceId != null" >
service_id = #{serviceId,jdbcType=INTEGER},
</if>
<if test="keyringType != null" >
keyring_type = #{keyringType,jdbcType=VARCHAR},
</if>
<if test="privateKeyFile != null" >
private_key_file = #{privateKeyFile,jdbcType=VARCHAR},
</if>
<if test="publicKeyFile != null" >
public_key_file = #{publicKeyFile,jdbcType=VARCHAR},
</if>
<if test="expireAfter != null" >
expire_after = #{expireAfter,jdbcType=VARCHAR},
</if>
<if test="publicKeyAlgo != null" >
public_key_algo = #{publicKeyAlgo,jdbcType=VARCHAR},
</if>
<if test="crl != null" >
crl = #{crl,jdbcType=VARCHAR},
</if>
</trim>
</set>
<where>
and cfg_id = #{cfgId,jdbcType=INTEGER}
<if test="functionId != null" >
and function_id = #{functionId,jdbcType=INTEGER}
</if>
</where>
</update>
</mapper>

20
src/main/java/com/nis/web/service/BaseService.java
View File

@@ -30,11 +30,13 @@ import com.nis.domain.SysRole;
import com.nis.domain.SysUser;
import com.nis.domain.callback.InlineIp;
import com.nis.domain.callback.NtcDnsResStrategy;
import com.nis.domain.callback.ProxyObjKeyring;
import com.nis.domain.configuration.AreaBean;
import com.nis.domain.configuration.AreaIpCfg;
import com.nis.domain.configuration.BaseCfg;
import com.nis.domain.configuration.BaseIpCfg;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.maat.MaatCfg.GroupCfg;
import com.nis.domain.maat.MaatCfg.IpCfg;
import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
@@ -623,6 +625,24 @@ public abstract class BaseService {
}
return dstIp;
}
//拦截策略
public ProxyObjKeyring convertCallBackProxyObjKeyring(PxyObjKeyring cfg){
ProxyObjKeyring proxyObjKeyring=new ProxyObjKeyring();
proxyObjKeyring.setId(Long.valueOf(cfg.getCompileId()));
proxyObjKeyring.setCfgId(cfg.getCompileId());
proxyObjKeyring.setCrl(cfg.getCrl());
proxyObjKeyring.setExpireAfter(cfg.getExpireAfter());
proxyObjKeyring.setKeyringId(cfg.getCompileId());
proxyObjKeyring.setKeyringName(cfg.getCfgDesc());
proxyObjKeyring.setKeyringType(cfg.getKeyringType());
proxyObjKeyring.setPrivateKeyFile(cfg.getPrivateKeyFile());
proxyObjKeyring.setPublicKeyAlgo(cfg.getPublicKeyAlgo());
proxyObjKeyring.setPublicKeyFile(cfg.getPublicKeyFile());
proxyObjKeyring.setService(cfg.getServiceId());
proxyObjKeyring.setIsValid(cfg.getIsValid());
proxyObjKeyring.setOpTime(cfg.getAuditTime());
return proxyObjKeyring;
}
//ip转换为callback用ip
public NtcDnsResStrategy convertCallBackDnsResStrategy(DnsResStrategy cfg){
NtcDnsResStrategy resStrategy=new NtcDnsResStrategy();

1
src/main/java/com/nis/web/service/configuration/ProxyFileStrategyService.java
View File

@@ -44,6 +44,7 @@ public class ProxyFileStrategyService extends BaseService{
public ProxyFileStrategyCfg getCfgById(Long cfgId) {
return proxyFileDao.getCfgById(cfgId);
}
@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void saveOrUpdate(ProxyFileStrategyCfg entity){
Date createTime=new Date();

173
src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java Normal file
View File

@@ -0,0 +1,173 @@
package com.nis.web.service.configuration;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import com.nis.domain.Page;
import com.nis.domain.callback.ProxyObjKeyring;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.maat.ToMaatResult;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.StringUtil;
import com.nis.web.dao.configuration.PxyObjKeyringDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
/**
* 拦截证书管理
* @author dell
*
*/
@Service
public class PxyObjKeyringService extends BaseService{
@Autowired
protected PxyObjKeyringDao pxyObjKeyringDao;
/**
* 查询分页数据
* @param page 分页对象
* @param entity
* @return
*/
public Page<PxyObjKeyring> findPage(Page<PxyObjKeyring> page, PxyObjKeyring entity) {
entity.getSqlMap().put("dsf", configScopeFilter(entity.getCurrentUser(),"r"));
entity.setPage(page);
List<PxyObjKeyring> list=pxyObjKeyringDao.findPage(entity);
page.setList(list);
return page;
}
public List<PxyObjKeyring> findPxyObjKeyrings(Long cfgId,Integer isValid,Integer isAudit,String cfgType) {
List<PxyObjKeyring> list=pxyObjKeyringDao.findList(cfgId,isValid,isAudit,cfgType);
return list;
}
public PxyObjKeyring getPxyObjKeyring(Long id,Integer isValid) {
List<PxyObjKeyring> list=pxyObjKeyringDao.findList(id,isValid,null,null);
PxyObjKeyring dnsResStrategy=null;
if(list != null && list.size()>0){
dnsResStrategy=list.get(0);
}
return dnsResStrategy;
}
@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void saveOrUpdate(PxyObjKeyring entity){
Date createTime=new Date();
setAreaEffectiveIds(entity);
entity.setIsValid(0);
entity.setIsAudit(0);
//新增
if(StringUtil.isEmpty(entity.getCfgId())){
entity.initDefaultValue();
entity.setCreatorId(UserUtils.getUser().getId());
entity.setCreateTime(createTime);
//调用服务接口获取compileId
List<Integer> compileIds = new ArrayList<Integer>();
try {
compileIds = ConfigServiceUtil.getId(1,1);
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
if(compileIds != null && compileIds.size() >0 && compileIds.get(0) != 0){
entity.setCompileId(compileIds.get(0));
}
pxyObjKeyringDao.insert(entity);
//修改
}else{
Date editTime=new Date();
entity.setEditorId(UserUtils.getUser().getId());
entity.setEditTime(editTime);
pxyObjKeyringDao.update(entity);
}
}
/**
*
* @param isAudit
* @param isValid
* @param ids compileIds
*/
@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void delete(Integer isAudit,Integer isValid,String ids,Integer functionId){
PxyObjKeyring entity = new PxyObjKeyring();
String[] idArray = ids.split(",");
for(String id :idArray){
entity.setCfgId(Long.valueOf(id));
entity.setFunctionId(functionId);
entity.setIsAudit(isAudit);
entity.setIsValid(isValid);
entity.setEditorId(UserUtils.getUser().getId());
entity.setEditTime(new Date());
pxyObjKeyringDao.update(entity);
}
}
/**
*
* @param isAudit
* @param isValid
* @param ids cfgId
* @param functionId
*/
@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void audit(Integer isAudit,Integer isValid,Integer functionId,String id,Date auditTime){
PxyObjKeyring cfg=new PxyObjKeyring();
cfg.setCfgId(Long.valueOf(id));
cfg.setIsValid(isValid);
cfg.setIsAudit(isAudit);
cfg.setEditTime(auditTime);
cfg.setEditorId(UserUtils.getUser().getId());
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(auditTime);
pxyObjKeyringDao.update(cfg);
cfg=getPxyObjKeyring(cfg.getCfgId(), null);
String json="";
if(cfg.getIsAudit()==1){
List<ProxyObjKeyring> resStrategyList=new ArrayList<ProxyObjKeyring>();
ProxyObjKeyring resStrategy=convertCallBackProxyObjKeyring(cfg);
resStrategyList.add(resStrategy);
//调用服务接口下发配置数据
json=gsonToJson(resStrategyList);
logger.info("拦截策略配置下发配置参数:"+json);
//调用服务接口下发配置
try {
ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
if(result!=null){
logger.info("拦截策略配置下发响应信息:"+result.getMsg());
}
} catch (Exception e) {
logger.error("拦截策略配置配置下发失败",e);
throw e;
}
}else if(cfg.getIsAudit()==3){
List<ProxyObjKeyring> resStrategyList=new ArrayList<>();
ProxyObjKeyring ntcPxyObjKeyring=convertCallBackProxyObjKeyring(cfg);
resStrategyList.add(ntcPxyObjKeyring);
//调用服务接口取消配置
json=gsonToJson(resStrategyList);
logger.info("拦截策略配置配置参数:"+json);
//调用服务接口取消配置
try {
ToMaatResult result = ConfigServiceUtil.put(json, 2);
logger.info("拦截策略配置响应信息:"+result.getMsg());
} catch (Exception e) {
e.printStackTrace();
logger.info("拦截策略配置配置失败");
throw e;
}
}
}
}