拦截文件策略功能更改

src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java

@@ -27,6 +27,7 @@ import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.HttpUrlCfg;
 import com.nis.domain.configuration.InterceptPktBin;
 import com.nis.domain.configuration.IpPortCfg;
+import com.nis.domain.configuration.PxyObjKeyring;
 import com.nis.domain.configuration.template.IpAddrTemplate;
 import com.nis.exceptions.MaatConvertException;
 import com.nis.web.controller.configuration.CommonController;
@@ -46,6 +47,17 @@ public class InterceptController extends CommonController{
 		Page<CfgIndexInfo> page = websiteCfgService.getWebsiteList(searchPage, cfg);
 		model.addAttribute("page", page);
 		initPageCondition(model,cfg);
+		
+		//获取证书信息
+		List<PxyObjKeyring> certificateList=new ArrayList<PxyObjKeyring>();
+		if(cfg.getFunctionId().equals(200)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
+		}
+		if(cfg.getFunctionId().equals(201)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
+		}
+		model.addAttribute("certificateList", certificateList);
+		
 		return "/cfg/intercept/interceptList";
 	}
 	@RequestMapping(value = {"/interceptIpForm","interceptDomainForm"})
@@ -57,9 +69,15 @@ public class InterceptController extends CommonController{
 		}else{
 			initFormCondition(model,entity);
 		}
-		//TODO获取证书信息
-		//List<DnsResStrategy> resStrategys=dnsResStrategyService.findDnsResStrategys(null, 1,1);
-		//model.addAttribute("dnsResStrategys", resStrategys);
+		//获取证书信息
+		List<PxyObjKeyring> certificateList=new ArrayList<PxyObjKeyring>();
+		if(entity.getFunctionId().equals(200)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
+		}
+		if(entity.getFunctionId().equals(201)){
+			certificateList=pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
+		}
+		model.addAttribute("certificateList", certificateList);
 		
 		model.addAttribute("_cfg", entity);
 		return "/cfg/intercept/interceptForm";

src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java

@@ -0,0 +1,211 @@
+package com.nis.web.controller.configuration.proxy;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.Principal;
+import java.security.SecureRandom;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.shiro.authz.annotation.RequiresPermissions;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+import org.springframework.web.multipart.MultipartFile;
+import org.springframework.web.servlet.mvc.support.RedirectAttributes;
+
+import com.google.common.collect.Maps;
+import com.nis.domain.Page;
+import com.nis.domain.basics.PolicyGroupInfo;
+import com.nis.domain.configuration.PxyObjKeyring;
+import com.nis.domain.maat.ToMaatResult;
+import com.nis.domain.maat.ToMaatResult.ResponseData;
+import com.nis.exceptions.MaatConvertException;
+import com.nis.util.ConfigServiceUtil;
+import com.nis.util.FileUtils;
+import com.nis.util.JsonMapper;
+import com.nis.util.StringUtil;
+import com.nis.web.controller.BaseController;
+
+/**
+ * 拦截策略
+ * @author ddm
+ *
+ */
+@Controller
+@RequestMapping("${adminPath}/proxy/intercept/strateagy")
+public class PxyObjKeyringController extends BaseController  {
+	
+	@RequestMapping(value = {"/form"})
+	@RequiresPermissions(value={"proxy:intercept:config"})
+	public String from(Model model,
+							HttpServletRequest request,
+							HttpServletResponse response,
+							String ids,
+							@ModelAttribute("cfg")PxyObjKeyring cfg
+							,RedirectAttributes redirectAttributes){
+		if(cfg == null){
+			cfg=new PxyObjKeyring();
+		}
+		if(!StringUtil.isEmpty(ids)){
+			cfg = pxyObjKeyringService.getPxyObjKeyring(Long.valueOf(ids),-1);
+			initFormCondition(model, cfg);
+			model.addAttribute("isAdd", false);
+		}else{
+			initFormCondition(model, cfg);
+			model.addAttribute("isAdd", true);
+		}
+		
+		model.addAttribute("_cfg", cfg);
+		return "/cfg/intercept/strateagy/form";
+	}
+	
+	@RequestMapping(value = {"/saveOrUpdate"})
+	@RequiresPermissions(value={"proxy:intercept:config"})
+	public String saveOrUpdate(Model model,HttpServletRequest request,HttpServletResponse response,
+			@ModelAttribute("cfg")PxyObjKeyring cfg,
+			MultipartFile privateKeyFileI,
+			MultipartFile publicKeyFileI,
+			RedirectAttributes redirectAttributes){
+		File file = null;
+		try{
+			if(publicKeyFileI != null) {
+				// 获取公钥信息
+				X509Certificate cert=FileUtils.getCertificateInfo(publicKeyFileI.getInputStream());
+				String issuer=cert.getIssuerDN().getName();//颁发者
+				Date notBefore=cert.getNotBefore();//起始时间
+				Date notAfter=cert.getNotAfter();//结束时间
+				String subject=cert.getSubjectDN().getName();//颁发给
+				cfg.setIssuer(StringUtil.isEmpty(issuer)?"":issuer.trim());
+				cfg.setSubject(StringUtil.isEmpty(subject)?"":subject.trim());
+				cfg.setNotBeforeTime(notBefore);
+				cfg.setNotAfterTime(notAfter);
+			}
+		}catch (Exception e) {
+			logger.error("证书信息获取失败",e);
+			addMessage(redirectAttributes,"save_failed");
+		}
+	
+		try{
+			
+				if(publicKeyFileI != null) {
+					String filename = publicKeyFileI.getOriginalFilename();
+					String prefix = FileUtils.getPrefix(filename, false);
+					String suffix = FileUtils.getSuffix(filename, false);
+					file = File.createTempFile("file_"+ prefix, suffix);
+					publicKeyFileI.transferTo(file);//复制文件
+					String md5 = FileUtils.getFileMD5(file);
+					Map<String,Object> srcMap = Maps.newHashMap();
+					srcMap.put("filetype", suffix);
+					srcMap.put("datatype", "dbSystem");//源文件存入数据中心
+					srcMap.put("createTime",new Date());
+					srcMap.put("key",prefix);
+					srcMap.put("fileName", filename);
+					srcMap.put("checksum", md5);
+					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+					logger.info("proxy 证书文件策略公钥 文件上传响应信息："+JsonMapper.toJsonString(result));
+					String publicKeyFileAccessUrl = null;
+					if(!StringUtil.isEmpty(result)){
+						ResponseData data = result.getData();
+						publicKeyFileAccessUrl=data.getAccessUrl();
+						cfg.setPublicKeyFile(publicKeyFileAccessUrl);;
+					}
+	 			}
+				if(privateKeyFileI != null) {
+					String filename = privateKeyFileI.getOriginalFilename();
+					String prefix = FileUtils.getPrefix(filename, false);
+					String suffix = FileUtils.getSuffix(filename, false);
+					file = File.createTempFile("file_"+ prefix, suffix);
+					privateKeyFileI.transferTo(file);//复制文件
+					String md5 = FileUtils.getFileMD5(file);
+					Map<String,Object> srcMap = Maps.newHashMap();
+					srcMap.put("filetype", suffix);
+					srcMap.put("datatype", "dbSystem");//源文件存入数据中心
+					srcMap.put("createTime",new Date());
+					srcMap.put("key",prefix);
+					srcMap.put("fileName", filename);
+					srcMap.put("checksum", md5);
+					ToMaatResult result = ConfigServiceUtil.postFileCfg(null, file, JsonMapper.toJsonString(srcMap));
+					logger.info("proxy 证书文件策略私钥 上传响应信息："+JsonMapper.toJsonString(result));
+					String privateKeyFileAccessUrl = null;
+					if(!StringUtil.isEmpty(result)){
+						ResponseData data = result.getData();
+						privateKeyFileAccessUrl=data.getAccessUrl();
+						cfg.setPrivateKeyFile(privateKeyFileAccessUrl);;
+					}
+				}
+				pxyObjKeyringService.saveOrUpdate(cfg);
+			
+			addMessage(redirectAttributes,"save_success");
+		}catch(Exception e){
+			e.printStackTrace();
+			addMessage(redirectAttributes,"save_failed");
+		}
+		
+		return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+cfg.getFunctionId();
+	}
+	
+	@RequestMapping(value = {"/list"})
+	public String list(Model model,HttpServletRequest  request,HttpServletResponse response
+			,@ModelAttribute("cfg")PxyObjKeyring entity
+			,RedirectAttributes redirectAttributes){
+		//查询时left join policyGroup
+		Page<PxyObjKeyring> page = pxyObjKeyringService.findPage(new Page<PxyObjKeyring>(request, response,"r"), entity);
+		model.addAttribute("page", page);
+		initPageCondition(model);
+		return "/cfg/intercept/strateagy/list";
+	}
+	
+	@RequestMapping(value = {"/delete"})
+	@RequiresPermissions(value={"proxy:intercept:config"})
+	public String delete(Integer isAudit,Integer isValid,String ids,Integer functionId
+			,Model model,HttpServletRequest request
+			,HttpServletResponse response
+			,RedirectAttributes redirectAttributes){
+		if(!StringUtil.isEmpty(ids)){
+			pxyObjKeyringService.delete(isAudit,isValid,ids,functionId);
+		}
+		
+		return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+functionId;
+	}
+	
+	@RequestMapping(value = {"/audit"})
+	@RequiresPermissions(value={"proxy:intercept:confirm"})
+	public String audit(Integer isAudit,Integer isValid,String ids,Integer functionId,
+			RedirectAttributes redirectAttributes) {
+		if(!StringUtil.isEmpty(ids)){
+			String[] idArray = ids.split(",");
+			Date auditTime=new Date();
+			for(String id :idArray){
+				try {
+					pxyObjKeyringService.audit(isAudit,isValid,functionId,id,auditTime);
+				} catch (MaatConvertException e) {
+					addMessage(redirectAttributes, e.getMessage());
+				}
+			}
+			
+		}
+		return "redirect:" + adminPath +"/proxy/intercept/strateagy/list?functionId="+functionId;
+	}
+	@ResponseBody
+	@RequestMapping(value = "/validCfgId")
+	public boolean validCfgId(Long cfgId) {
+		PxyObjKeyring dns=pxyObjKeyringService.getPxyObjKeyring(cfgId,null);
+		if(dns == null ){
+			return false;
+		}else{
+			return true;
+		}
+	}
+}