diff options
| author | duandongmei <[email protected]> | 2019-04-27 19:00:12 +0800 |
|---|---|---|
| committer | duandongmei <[email protected]> | 2019-04-27 19:00:12 +0800 |
| commit | 36d1fee1415ebfa045bdf68e6a81622b88016fea (patch) | |
| tree | c5ede9b05f7a4ab7f6938e0369dba7a1a0823a24 | |
| parent | 999406cbd1a02052fd7467cf727b458dc9debf04 (diff) | |
证书验证公私钥不匹配
| -rw-r--r-- | src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java | 32 | ||||
| -rw-r--r-- | src/main/resources/messages/message_en.properties | 3 | ||||
| -rw-r--r-- | src/main/resources/messages/message_ru.properties | 3 | ||||
| -rw-r--r-- | src/main/resources/messages/message_zh_CN.properties | 3 | ||||
| -rw-r--r-- | src/main/resources/shell/x509 | bin | 2439248 -> 2440800 bytes |
5 files changed, 31 insertions, 10 deletions
diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java index d1c548be4..267139c20 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/PxyObjKeyringController.java @@ -102,8 +102,8 @@ public class PxyObjKeyringController extends BaseController { boolean validFlag = true;
try {
Properties msgProp = this.getMsgProp();
- boolean publicKeyFileflag = validCertFileContent(publicKeyFileI, "-incert");
- boolean privateKeyFileflag = validCertFileContent(privateKeyFileI, "-inkey");
+ boolean publicKeyFileflag = validCertFileContent(publicKeyFileI,null, "-incert");
+ boolean privateKeyFileflag = validCertFileContent(privateKeyFileI,null, "-inkey");
if (!publicKeyFileflag && !privateKeyFileflag) {
addMessage(redirectAttributes, "error", "save_failed");
logger.error(publicKeyFileI.getOriginalFilename() + " and " + privateKeyFileI.getOriginalFilename()
@@ -118,6 +118,16 @@ public class PxyObjKeyringController extends BaseController { logger.error(privateKeyFileI.getOriginalFilename() + " file non private key file format ");
throw new MultiPartNewException(msgProp.getProperty("private_file_error"));
}
+
+ //证书对校验
+ if(publicKeyFileflag && privateKeyFileflag){
+ boolean keyRingFileflag = validCertFileContent(publicKeyFileI,privateKeyFileI, "-incheck");
+ if (!keyRingFileflag) {
+ addMessage(redirectAttributes, "error", "save_failed");
+ logger.error(" 公私钥不匹配 ");
+ throw new MultiPartNewException(msgProp.getProperty("public_private_file_error"));
+ }
+ }
} catch (Exception e) {
validFlag = false;
logger.error("证书文件校验失败", e);
@@ -281,7 +291,7 @@ public class PxyObjKeyringController extends BaseController { * @return
* @throws Exception
*/
- public boolean validCertFileContent(MultipartFile file, String validateType) throws Exception {
+ public boolean validCertFileContent(MultipartFile file,MultipartFile privateFile, String validateType) throws Exception {
String os = System.getProperty("os.name").toLowerCase();
if (!os.contains("windows") && file != null) {
// 证书文件临时保存路径
@@ -289,8 +299,16 @@ public class PxyObjKeyringController extends BaseController { FileUtils.createDirectory(certFilePath);
String filePath = certFilePath + File.separator + UUID.randomUUID()
+ FileUtils.getSuffix(file.getOriginalFilename(), true);
+ String privateFilePath="";
File uploadFile = new File(filePath);
FileCopyUtils.copy(file.getBytes(), uploadFile);
+
+ if(!StringUtil.isEmpty(privateFile)){
+ privateFilePath=certFilePath + File.separator + UUID.randomUUID()
+ + FileUtils.getSuffix(privateFile.getOriginalFilename(), true);
+ File privateUploadFile = new File(privateFilePath);
+ FileCopyUtils.copy(privateFile.getBytes(), privateUploadFile);
+ }
// 加载x509脚本
String x509Shell = Thread.currentThread().getContextClassLoader()
.getResource(File.separator + "shell" + File.separator + Constants.CERT_VALIDATE_FILE).getPath();
@@ -299,8 +317,8 @@ public class PxyObjKeyringController extends BaseController { logger.info("x509 chmod +x :" + resultMap1.get("out").toString());
logger.info("x509脚本分配可执行权限:" + "chmod" + " " + "+x" + " " + x509Shell);
// 验证文件
- logger.info(x509Shell + " " + validateType + " " + filePath);
- Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath);
+ logger.info(x509Shell + " " + validateType + " " + filePath+ " " + privateFilePath);
+ Map<String, Object> resultMap = this.execShell(x509Shell, validateType, filePath, privateFilePath);
if (resultMap == null || StringUtil.isEmpty(resultMap.get("out"))) {
// 临时文件删除
@@ -600,7 +618,7 @@ public class PxyObjKeyringController extends BaseController { File file = null;
boolean validFlag = true;
try {
- boolean certFileflag = validCertFileContent(certFileI, "-incert");
+ boolean certFileflag = validCertFileContent(certFileI,null, "-incert");
if (!certFileflag) {
addMessage(redirectAttributes, "error", "save_failed");
logger.error(certFileI.getOriginalFilename() + " file non Certificate file format ");
@@ -707,7 +725,7 @@ public class PxyObjKeyringController extends BaseController { boolean validFlag = true;
try {
if (crlFileI != null) {
- boolean certFileflag = validCertFileContent(crlFileI, "-incrl");
+ boolean certFileflag = validCertFileContent(crlFileI,null, "-incrl");
if (!certFileflag) {
addMessage(redirectAttributes, "error", "save_failed");
logger.error(crlFileI.getOriginalFilename() + " file non crl file format ");
diff --git a/src/main/resources/messages/message_en.properties b/src/main/resources/messages/message_en.properties index b7f92a592..77a82bcc6 100644 --- a/src/main/resources/messages/message_en.properties +++ b/src/main/resources/messages/message_en.properties @@ -1516,4 +1516,5 @@ dest_ip_pattern=Server IP Pattern src_port_pattern=Client Port Pattern
dest_port_pattern=Server Port Pattern
range_cross=Found intersections between Server IP address and Client IP address
-app_ip_correlation=APP IP Correlation
\ No newline at end of file +app_ip_correlation=APP IP Correlation
+public_private_file_error=Public-private key mismatch
\ No newline at end of file diff --git a/src/main/resources/messages/message_ru.properties b/src/main/resources/messages/message_ru.properties index 583ea33e0..c39bffd87 100644 --- a/src/main/resources/messages/message_ru.properties +++ b/src/main/resources/messages/message_ru.properties @@ -1519,4 +1519,5 @@ dest_ip_pattern=Server IP Pattern src_port_pattern=Client Port Pattern
dest_port_pattern=Server Port Pattern
range_cross=Found intersections between Server IP address and Client IP address
-app_ip_correlation=APP IP Correlation
\ No newline at end of file +app_ip_correlation=APP IP Correlation
+public_private_file_error=Public-private key mismatch
\ No newline at end of file diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties index 38b4bb502..b146d699e 100644 --- a/src/main/resources/messages/message_zh_CN.properties +++ b/src/main/resources/messages/message_zh_CN.properties @@ -1515,4 +1515,5 @@ dest_ip_pattern=\u76EE\u7684IP\u683C\u5F0F src_port_pattern=\u6E90\u7AEF\u53E3\u683C\u5F0F
dest_port_pattern=\u76EE\u7684\u7AEF\u53E3\u683C\u5F0F
range_cross=\u6E90IP\u4E0E\u76EE\u7684IP\u8303\u56F4\u6709\u4EA4\u53C9
-app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
\ No newline at end of file +app_ip_correlation=APP\u5173\u8054\u7279\u5F81IP\u914D\u7F6E
+public_private_file_error=\u516C\u79C1\u94A5\u8BC1\u4E66\u4E0D\u5339\u914D
\ No newline at end of file diff --git a/src/main/resources/shell/x509 b/src/main/resources/shell/x509 Binary files differindex f39b17b88..3533e30da 100644 --- a/src/main/resources/shell/x509 +++ b/src/main/resources/shell/x509 |