Merge remote-tracking branch 'origin/dev_rc_jdk13_2.0.0' into dev_rc_jdk13_2.0.0

# Conflicts:
#	src/main/scala/rep/app/management/ManagementService.scala
This commit is contained in:
brightestboy 2022-06-06 19:40:00 +08:00
commit 36e8319468
3 changed files with 43 additions and 16 deletions

View File

@ -1,6 +1,8 @@
package rep.app.management
import java.io.StringWriter
import java.io.File
import scala.concurrent.ExecutionContext
@ -24,9 +26,6 @@ import javax.ws.rs.core.MediaType
import scala.util.{Failure, Success}
@Path("/management")
class ManagementService(handler: ActorRef,isCheckPeerCertificate:Boolean)(implicit executionContext: ExecutionContext)
extends Directives {
@ -58,12 +57,15 @@ class ManagementService(handler: ActorRef,isCheckPeerCertificate:Boolean)(implic
try{
val client_cert = sslSession.getPeerCertificates
val cert = client_cert(0).asInstanceOf[X509Certificate]
System.err.println(cert)
//todo verify cert
rejectEmptyResponse {
onSuccess((handler ? SystemStart(nodeName))) { response =>
complete(response.toString)
if(cert != null){
//System.err.println(cert)
rejectEmptyResponse {
onSuccess((handler ? SystemStart(nodeName))) { response =>
complete(response.toString)
}
}
}else{
complete("Failed to get client certificate")
}
}catch {
case e: SSLPeerUnverifiedException =>
@ -101,6 +103,7 @@ class ManagementService(handler: ActorRef,isCheckPeerCertificate:Boolean)(implic
val cert = client_cert(0).asInstanceOf[X509Certificate]
System.err.println(cert)
//todo verify cert
if(cert != null)
rejectEmptyResponse {
onSuccess((handler ? SystemStatusQuery(nodeName))) { response =>
complete(response.toString)
@ -276,9 +279,6 @@ class ManagementService(handler: ActorRef,isCheckPeerCertificate:Boolean)(implic
}
}
}
}
}
}

View File

@ -1,6 +1,10 @@
package rep.authority.check
import java.io.{StringWriter, Writer}
import java.security.cert.X509Certificate
import org.bouncycastle.openssl.jcajce.JcaPEMWriter
import rep.app.system.RepChainSystemContext
import rep.authority.cache.SignerCache.signerData
import rep.authority.cache.{AuthenticateBindToCertCache, AuthenticateCache, CertificateCache, CertificateHashCache, OperateCache, PermissionCacheManager, SignerCache}
@ -150,6 +154,10 @@ class PermissionVerify(ctx: RepChainSystemContext) {
}
}
def CheckPermissionOfX509Certificate(cert: X509Certificate, opName: String, dbInstance: BlockPreload): Boolean = {
CheckPermissionOfCertHash(this.ctx.getHashTool.hashstr(toPemString(cert)), opName, dbInstance)
}
def CheckPermissionOfDeployContract(doTrans: DoTransactionOfSandboxInSingle): Boolean = {
var r = true
val cid = doTrans.t.cid.get
@ -219,4 +227,19 @@ class PermissionVerify(ctx: RepChainSystemContext) {
}
r
}
private def toPemString(x509: X509Certificate): String = {
val writer = new StringWriter
val pemWriter = new JcaPEMWriter(writer)
try{
pemWriter.writeObject(x509)
writer.toString
}catch{
case e:Exception=>
""
}finally {
try{pemWriter.close()}catch {case e:Exception=>e.printStackTrace()}
try{writer.close()}catch {case e:Exception=>e.printStackTrace()}
}
}
}

View File

@ -2,6 +2,7 @@ package rep.network.cache
import akka.actor.Props
import rep.log.RepLogger
import rep.log.httplog.AlertInfo
import rep.network.autotransaction.Topic
import rep.network.base.ModuleBase
import rep.network.module.cfrd.CFRDActorType
@ -48,14 +49,17 @@ class TransactionChecker (moduleName: String) extends ModuleBase(moduleName){
result = true
}
} else {
resultMsg = s"The transaction(${t.id}) is not completed"
RepLogger.sendAlertToDB(pe.getRepChainContext.getHttpLogger(),
new AlertInfo("API", 5, s"txid=${t.id},msg=签名验证失败."))
//失败处理
resultMsg = s"${t.id} 交易签名验证失败"
}
} catch {
case e: RuntimeException => throw e
case e: RuntimeException =>
RepLogger.sendAlertToDB(pe.getRepChainContext.getHttpLogger(),
new AlertInfo("API", 5, s"txid=${t.id},msg=签名验证异常error=${e.getMessage}."))
throw e
}
/*}else{
result = true
}*/
TransactionChecker.CheckedTransactionResult(result, resultMsg)
}