2021-08-18 19:15:49 +08:00
|
|
|
|
package com.zdjizhi.etl;
|
|
|
|
|
|
|
|
|
|
|
|
import com.fasterxml.jackson.databind.JavaType;
|
|
|
|
|
|
import com.zdjizhi.common.CommonConfig;
|
|
|
|
|
|
import com.zdjizhi.common.DosDetectionThreshold;
|
2022-05-31 18:00:36 +08:00
|
|
|
|
import com.zdjizhi.common.DosVsysId;
|
2021-08-18 19:15:49 +08:00
|
|
|
|
import com.zdjizhi.utils.HttpClientUtils;
|
|
|
|
|
|
import com.zdjizhi.utils.JsonMapper;
|
2021-08-20 11:52:20 +08:00
|
|
|
|
import inet.ipaddr.IPAddress;
|
|
|
|
|
|
import inet.ipaddr.IPAddressString;
|
|
|
|
|
|
import org.apache.flink.shaded.guava18.com.google.common.collect.Range;
|
|
|
|
|
|
import org.apache.flink.shaded.guava18.com.google.common.collect.TreeRangeMap;
|
2021-08-18 19:15:49 +08:00
|
|
|
|
import org.apache.http.client.utils.URIBuilder;
|
|
|
|
|
|
import org.apache.http.message.BasicHeader;
|
|
|
|
|
|
import org.slf4j.Logger;
|
|
|
|
|
|
import org.slf4j.LoggerFactory;
|
|
|
|
|
|
|
|
|
|
|
|
import java.net.URISyntaxException;
|
|
|
|
|
|
import java.util.ArrayList;
|
|
|
|
|
|
import java.util.HashMap;
|
2021-08-20 11:52:20 +08:00
|
|
|
|
import java.util.Map;
|
2021-08-18 19:15:49 +08:00
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* @author wlh
|
|
|
|
|
|
*/
|
|
|
|
|
|
public class ParseStaticThreshold {
|
|
|
|
|
|
private static Logger logger = LoggerFactory.getLogger(ParseStaticThreshold.class);
|
|
|
|
|
|
private static String encryptpwd;
|
|
|
|
|
|
|
|
|
|
|
|
private static JsonMapper jsonMapperInstance = JsonMapper.getInstance();
|
|
|
|
|
|
private static JavaType hashmapJsonType = jsonMapperInstance.createCollectionType(HashMap.class, String.class, Object.class);
|
|
|
|
|
|
private static JavaType thresholdType = jsonMapperInstance.createCollectionType(ArrayList.class, DosDetectionThreshold.class);
|
2022-05-31 18:00:36 +08:00
|
|
|
|
private static JavaType vsysIDType = jsonMapperInstance.createCollectionType(ArrayList.class, DosVsysId.class);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
|
|
|
|
|
|
static {
|
|
|
|
|
|
//加载加密登录密码
|
|
|
|
|
|
encryptpwd = getEncryptpwd();
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* 获取加密密码
|
|
|
|
|
|
*/
|
2021-08-24 16:35:31 +08:00
|
|
|
|
private static String getEncryptpwd() {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
String psw = HttpClientUtils.ERROR_MESSAGE;
|
|
|
|
|
|
try {
|
|
|
|
|
|
URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
|
2021-09-14 18:46:23 +08:00
|
|
|
|
HashMap<String, Object> parms = new HashMap<>();
|
2021-09-15 10:08:17 +08:00
|
|
|
|
parms.put("password", "admin");
|
2021-08-24 16:35:31 +08:00
|
|
|
|
HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_ENCRYPTPWD_PATH, parms);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
String resposeJsonStr = HttpClientUtils.httpGet(uriBuilder.build());
|
2021-08-24 16:35:31 +08:00
|
|
|
|
if (!HttpClientUtils.ERROR_MESSAGE.equals(resposeJsonStr)) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
HashMap<String, Object> resposeMap = jsonMapperInstance.fromJson(resposeJsonStr, hashmapJsonType);
|
2021-08-24 16:35:31 +08:00
|
|
|
|
boolean success = (boolean) resposeMap.get("success");
|
|
|
|
|
|
String msg = resposeMap.get("msg").toString();
|
|
|
|
|
|
if (success) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
HashMap<String, Object> data = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(resposeMap.get("data")), hashmapJsonType);
|
|
|
|
|
|
psw = data.get("encryptpwd").toString();
|
2021-08-24 16:35:31 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
logger.error(msg);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-08-24 16:35:31 +08:00
|
|
|
|
} catch (URISyntaxException e) {
|
|
|
|
|
|
logger.error("构造URI异常", e);
|
|
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
|
logger.error("获取encryptpwd失败", e);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
return psw;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* 登录bifang服务,获取token
|
2021-08-24 16:35:31 +08:00
|
|
|
|
*
|
2021-08-18 19:15:49 +08:00
|
|
|
|
* @return token
|
|
|
|
|
|
*/
|
2021-08-24 16:35:31 +08:00
|
|
|
|
private static String loginBifangServer() {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
String token = HttpClientUtils.ERROR_MESSAGE;
|
|
|
|
|
|
try {
|
2021-08-24 16:35:31 +08:00
|
|
|
|
if (!HttpClientUtils.ERROR_MESSAGE.equals(encryptpwd)) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
|
2021-09-14 18:46:23 +08:00
|
|
|
|
HashMap<String, Object> parms = new HashMap<>();
|
2021-09-15 10:08:17 +08:00
|
|
|
|
parms.put("username", "admin");
|
2021-08-24 16:35:31 +08:00
|
|
|
|
parms.put("password", encryptpwd);
|
|
|
|
|
|
HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_LOGIN_PATH, parms);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
String resposeJsonStr = HttpClientUtils.httpPost(uriBuilder.build(), null);
|
2021-08-24 16:35:31 +08:00
|
|
|
|
if (!HttpClientUtils.ERROR_MESSAGE.equals(resposeJsonStr)) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
HashMap<String, Object> resposeMap = jsonMapperInstance.fromJson(resposeJsonStr, hashmapJsonType);
|
2021-08-24 16:35:31 +08:00
|
|
|
|
boolean success = (boolean) resposeMap.get("success");
|
|
|
|
|
|
String msg = resposeMap.get("msg").toString();
|
|
|
|
|
|
if (success) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
HashMap<String, Object> data = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(resposeMap.get("data")), hashmapJsonType);
|
|
|
|
|
|
token = data.get("token").toString();
|
2021-08-24 16:35:31 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
logger.error(msg);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-08-24 16:35:31 +08:00
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
|
logger.error("登录失败,未获取到token ", e);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
return token;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2022-05-31 18:00:36 +08:00
|
|
|
|
* 获取vsysId配置列表,只需要拿到id的集合,输出出去即可
|
2021-08-24 16:35:31 +08:00
|
|
|
|
*
|
2022-05-31 18:00:36 +08:00
|
|
|
|
* @return vsysIdList
|
2021-08-18 19:15:49 +08:00
|
|
|
|
*/
|
2022-05-31 18:00:36 +08:00
|
|
|
|
private static ArrayList<DosVsysId> getVsysId() {
|
|
|
|
|
|
ArrayList<DosVsysId> vsysIdList = null;
|
2021-08-18 19:15:49 +08:00
|
|
|
|
try {
|
|
|
|
|
|
URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
|
2021-09-14 18:46:23 +08:00
|
|
|
|
HashMap<String, Object> parms = new HashMap<>();
|
2021-10-19 18:39:13 +08:00
|
|
|
|
parms.put("pageSize", -1);
|
2022-05-31 18:00:36 +08:00
|
|
|
|
parms.put("orderBy", "vsysId desc");
|
|
|
|
|
|
HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_POLICY_VSYSID_PATH, parms);
|
2021-09-15 10:08:17 +08:00
|
|
|
|
String token = CommonConfig.BIFANG_SERVER_TOKEN;
|
2021-08-24 16:35:31 +08:00
|
|
|
|
if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
BasicHeader authorization = new BasicHeader("Authorization", token);
|
2021-09-23 18:36:27 +08:00
|
|
|
|
BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded");
|
2021-10-19 18:39:13 +08:00
|
|
|
|
String resposeJsonStr = HttpClientUtils.httpGet(uriBuilder.build(), authorization, authorization1);
|
2021-08-24 16:35:31 +08:00
|
|
|
|
if (!HttpClientUtils.ERROR_MESSAGE.equals(resposeJsonStr)) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
HashMap<String, Object> resposeMap = jsonMapperInstance.fromJson(resposeJsonStr, hashmapJsonType);
|
2021-08-24 16:35:31 +08:00
|
|
|
|
boolean success = (boolean) resposeMap.get("success");
|
|
|
|
|
|
String msg = resposeMap.get("msg").toString();
|
|
|
|
|
|
if (success) {
|
2021-08-18 19:15:49 +08:00
|
|
|
|
HashMap<String, Object> data = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(resposeMap.get("data")), hashmapJsonType);
|
2021-11-05 19:01:12 +08:00
|
|
|
|
Object list = data.get("list");
|
|
|
|
|
|
if (list != null) {
|
2022-05-31 18:00:36 +08:00
|
|
|
|
vsysIdList = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(list), vsysIDType);
|
|
|
|
|
|
logger.info("获取到vsysId{}条", vsysIdList.size());
|
2021-11-05 19:01:12 +08:00
|
|
|
|
} else {
|
2022-05-31 18:00:36 +08:00
|
|
|
|
logger.warn("vsysIdList为空");
|
2021-11-05 19:01:12 +08:00
|
|
|
|
}
|
2021-08-24 16:35:31 +08:00
|
|
|
|
} else {
|
|
|
|
|
|
logger.error(msg);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2022-05-31 18:00:36 +08:00
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
|
logger.error("获取vsysId失败,请检查bifang服务或登录配置信息 ", e);
|
|
|
|
|
|
}
|
|
|
|
|
|
return vsysIdList;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* 获取静态阈值配置列表,遍历id的集合,并将每个id放入请求体中
|
|
|
|
|
|
*
|
|
|
|
|
|
* @return thresholds
|
|
|
|
|
|
*/
|
|
|
|
|
|
private static ArrayList<DosDetectionThreshold> getDosDetectionThreshold() {
|
|
|
|
|
|
ArrayList<DosDetectionThreshold> thresholds = null;
|
|
|
|
|
|
ArrayList<DosVsysId> vsysId = getVsysId();
|
|
|
|
|
|
try {
|
|
|
|
|
|
if (vsysId != null){
|
|
|
|
|
|
for (DosVsysId dosVsysId : vsysId) {
|
|
|
|
|
|
URIBuilder uriBuilder = new URIBuilder(CommonConfig.BIFANG_SERVER_URI);
|
|
|
|
|
|
HashMap<String, Object> parms = new HashMap<>();
|
|
|
|
|
|
parms.put("pageSize", -1);
|
|
|
|
|
|
parms.put("orderBy", "profileId asc");
|
|
|
|
|
|
parms.put("isValid", 1);
|
|
|
|
|
|
parms.put("vsysId", dosVsysId.getVsysId());
|
|
|
|
|
|
HttpClientUtils.setUrlWithParams(uriBuilder, CommonConfig.BIFANG_SERVER_POLICY_THRESHOLD_PATH, parms);
|
|
|
|
|
|
String token = CommonConfig.BIFANG_SERVER_TOKEN;
|
|
|
|
|
|
if (!HttpClientUtils.ERROR_MESSAGE.equals(token)) {
|
|
|
|
|
|
BasicHeader authorization = new BasicHeader("Authorization", token);
|
|
|
|
|
|
BasicHeader authorization1 = new BasicHeader("Content-Type", "application/x-www-form-urlencoded");
|
|
|
|
|
|
String resposeJsonStr = HttpClientUtils.httpGet(uriBuilder.build(), authorization, authorization1);
|
|
|
|
|
|
if (!HttpClientUtils.ERROR_MESSAGE.equals(resposeJsonStr)) {
|
|
|
|
|
|
HashMap<String, Object> resposeMap = jsonMapperInstance.fromJson(resposeJsonStr, hashmapJsonType);
|
|
|
|
|
|
boolean success = (boolean) resposeMap.get("success");
|
|
|
|
|
|
String msg = resposeMap.get("msg").toString();
|
|
|
|
|
|
if (success) {
|
|
|
|
|
|
HashMap<String, Object> data = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(resposeMap.get("data")), hashmapJsonType);
|
|
|
|
|
|
Object list = data.get("list");
|
|
|
|
|
|
if (list != null) {
|
|
|
|
|
|
thresholds = jsonMapperInstance.fromJson(jsonMapperInstance.toJson(list), thresholdType);
|
|
|
|
|
|
logger.info("获取到静态阈值配置{}条", thresholds.size());
|
|
|
|
|
|
} else {
|
|
|
|
|
|
logger.warn("静态阈值配置为空");
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
logger.error(msg);
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-08-24 16:35:31 +08:00
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
|
logger.error("获取静态阈值配置失败,请检查bifang服务或登录配置信息 ", e);
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
2022-05-31 18:00:36 +08:00
|
|
|
|
|
2021-08-18 19:15:49 +08:00
|
|
|
|
return thresholds;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-08-20 11:52:20 +08:00
|
|
|
|
/**
|
|
|
|
|
|
* 基于静态阈值构建threshold RangeMap,k:IP段或具体IP,v:配置信息
|
2021-08-24 16:35:31 +08:00
|
|
|
|
*
|
2021-08-20 11:52:20 +08:00
|
|
|
|
* @return threshold RangeMap
|
|
|
|
|
|
*/
|
2021-10-20 18:23:12 +08:00
|
|
|
|
static HashMap<String, TreeRangeMap<IPAddress, DosDetectionThreshold>> createStaticThreshold() {
|
|
|
|
|
|
HashMap<String, TreeRangeMap<IPAddress, DosDetectionThreshold>> thresholdRangeMap = new HashMap<>(4);
|
2021-08-20 11:52:20 +08:00
|
|
|
|
try {
|
|
|
|
|
|
ArrayList<DosDetectionThreshold> dosDetectionThreshold = getDosDetectionThreshold();
|
2021-08-24 16:35:31 +08:00
|
|
|
|
if (dosDetectionThreshold != null && !dosDetectionThreshold.isEmpty()) {
|
|
|
|
|
|
for (DosDetectionThreshold threshold : dosDetectionThreshold) {
|
2021-10-20 18:23:12 +08:00
|
|
|
|
String attackType = threshold.getAttackType();
|
|
|
|
|
|
TreeRangeMap<IPAddress, DosDetectionThreshold> treeRangeMap = thresholdRangeMap.getOrDefault(attackType, TreeRangeMap.create());
|
2021-08-20 11:52:20 +08:00
|
|
|
|
ArrayList<String> serverIpList = threshold.getServerIpList();
|
2021-08-24 16:35:31 +08:00
|
|
|
|
for (String sip : serverIpList) {
|
2021-08-20 11:52:20 +08:00
|
|
|
|
IPAddressString ipAddressString = new IPAddressString(sip);
|
2021-08-24 16:35:31 +08:00
|
|
|
|
if (ipAddressString.isIPAddress()) {
|
2021-08-20 11:52:20 +08:00
|
|
|
|
IPAddress address = ipAddressString.getAddress();
|
2021-10-19 18:39:13 +08:00
|
|
|
|
if (address.isPrefixed()) {
|
2021-09-23 18:36:27 +08:00
|
|
|
|
IPAddress lower = address.getLower();
|
|
|
|
|
|
IPAddress upper = address.getUpper();
|
2021-10-19 18:39:13 +08:00
|
|
|
|
if (!address.isMultiple()) {
|
2021-09-23 18:36:27 +08:00
|
|
|
|
lower = address.adjustPrefixLength(address.getBitCount());
|
|
|
|
|
|
upper = address.toMaxHost().withoutPrefixLength();
|
|
|
|
|
|
}
|
2021-10-20 18:23:12 +08:00
|
|
|
|
Map.Entry<Range<IPAddress>, DosDetectionThreshold> lowerEntry = treeRangeMap.getEntry(lower);
|
|
|
|
|
|
Map.Entry<Range<IPAddress>, DosDetectionThreshold> upperEntry = treeRangeMap.getEntry(upper);
|
2021-10-19 18:39:13 +08:00
|
|
|
|
if (lowerEntry != null && upperEntry == null) {
|
2021-09-23 18:36:27 +08:00
|
|
|
|
Range<IPAddress> lowerEntryKey = lowerEntry.getKey();
|
2021-10-20 18:23:12 +08:00
|
|
|
|
DosDetectionThreshold lowerEntryValue = lowerEntry.getValue();
|
|
|
|
|
|
treeRangeMap.put(Range.closedOpen(lowerEntryKey.lowerEndpoint(), lower), lowerEntryValue);
|
|
|
|
|
|
treeRangeMap.put(Range.closed(lower, upper), threshold);
|
2021-10-19 18:39:13 +08:00
|
|
|
|
} else if (lowerEntry == null && upperEntry != null) {
|
2021-09-23 18:36:27 +08:00
|
|
|
|
Range<IPAddress> upperEntryKey = upperEntry.getKey();
|
2021-10-20 18:23:12 +08:00
|
|
|
|
DosDetectionThreshold upperEntryValue = upperEntry.getValue();
|
|
|
|
|
|
treeRangeMap.put(Range.openClosed(upper, upperEntryKey.upperEndpoint()), upperEntryValue);
|
|
|
|
|
|
treeRangeMap.put(Range.closed(lower, upper), threshold);
|
2021-10-19 18:39:13 +08:00
|
|
|
|
} else {
|
2021-10-20 18:23:12 +08:00
|
|
|
|
treeRangeMap.put(Range.closed(lower, upper), threshold);
|
2021-09-14 18:46:23 +08:00
|
|
|
|
}
|
2021-10-19 18:39:13 +08:00
|
|
|
|
} else {
|
2021-10-20 18:23:12 +08:00
|
|
|
|
treeRangeMap.put(Range.closed(address, address), threshold);
|
2021-09-14 18:46:23 +08:00
|
|
|
|
}
|
2021-08-20 11:52:20 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-11-05 19:01:12 +08:00
|
|
|
|
thresholdRangeMap.put(attackType, treeRangeMap);
|
2021-08-20 11:52:20 +08:00
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-08-24 16:35:31 +08:00
|
|
|
|
} catch (Exception e) {
|
|
|
|
|
|
logger.error("构建threshold RangeMap失败", e);
|
2021-08-20 11:52:20 +08:00
|
|
|
|
}
|
|
|
|
|
|
return thresholdRangeMap;
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-08-18 19:15:49 +08:00
|
|
|
|
public static void main(String[] args) {
|
2022-05-31 18:00:36 +08:00
|
|
|
|
// ArrayList<DosVsysId> vsysId = getVsysId();
|
|
|
|
|
|
// vsysId.forEach(System.out::println);
|
2021-09-14 18:46:23 +08:00
|
|
|
|
ArrayList<DosDetectionThreshold> dosDetectionThreshold = getDosDetectionThreshold();
|
|
|
|
|
|
dosDetectionThreshold.forEach(System.out::println);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
System.out.println("------------------------");
|
2021-10-20 18:23:12 +08:00
|
|
|
|
HashMap<String, TreeRangeMap<IPAddress, DosDetectionThreshold>> staticThreshold = createStaticThreshold();
|
2021-09-14 18:46:23 +08:00
|
|
|
|
|
2021-09-23 18:36:27 +08:00
|
|
|
|
System.out.println("------------------------");
|
2021-10-20 18:23:12 +08:00
|
|
|
|
|
|
|
|
|
|
for (String type : staticThreshold.keySet()) {
|
|
|
|
|
|
Map<Range<IPAddress>, DosDetectionThreshold> asMapOfRanges = staticThreshold.get(type).asMapOfRanges();
|
|
|
|
|
|
for (Range<IPAddress> range : asMapOfRanges.keySet()) {
|
|
|
|
|
|
DosDetectionThreshold threshold = asMapOfRanges.get(range);
|
|
|
|
|
|
System.out.println(type + "---" + range + "---" + threshold);
|
2021-08-20 18:34:40 +08:00
|
|
|
|
}
|
2021-10-20 18:23:12 +08:00
|
|
|
|
System.out.println("------------------------");
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
2022-05-31 18:00:36 +08:00
|
|
|
|
// String s = loginBifangServer();
|
|
|
|
|
|
// System.out.println(s);
|
2021-09-14 18:46:23 +08:00
|
|
|
|
|
2021-08-18 19:15:49 +08:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
