gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

代理拦截修改提交

Browse Source
This commit is contained in:
wangxin
2019-05-21 19:50:54 +08:00
parent ac52747686
commit 182a6a8ddc
34 changed files with 2489 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
src/main/java/com/nis/domain/configuration/BaseIpCfg.java
View File

@@ -9,6 +9,7 @@
package com.nis.domain.configuration;
import java.util.List;
import java.util.Map;
import com.google.gson.annotations.Expose;
import com.google.gson.annotations.SerializedName;
@@ -399,4 +400,110 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
public void setIndex(Integer index) {
this.index = index;
}
protected Integer keyring;
protected Integer evCert;
protected Integer certTransparency;
protected Integer clientCertReq;
protected Integer pinning;
protected Integer cn;
protected Integer issuer;
protected Integer selfSigned;
protected Integer expiration;
protected String failMethod;
protected String min;
protected String max;
protected Integer mirrorClient;
protected Integer enable;
protected Integer mirrorProfile;
public Integer getKeyring() {
return keyring;
}
public void setKeyring(Integer keyring) {
this.keyring = keyring;
}
public Integer getEvCert() {
return evCert;
}
public void setEvCert(Integer evCert) {
this.evCert = evCert;
}
public Integer getCertTransparency() {
return certTransparency;
}
public void setCertTransparency(Integer certTransparency) {
this.certTransparency = certTransparency;
}
public Integer getClientCertReq() {
return clientCertReq;
}
public void setClientCertReq(Integer clientCertReq) {
this.clientCertReq = clientCertReq;
}
public Integer getPinning() {
return pinning;
}
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
public Integer getCn() {
return cn;
}
public void setCn(Integer cn) {
this.cn = cn;
}
public Integer getIssuer() {
return issuer;
}
public void setIssuer(Integer issuer) {
this.issuer = issuer;
}
public Integer getSelfSigned() {
return selfSigned;
}
public void setSelfSigned(Integer selfSigned) {
this.selfSigned = selfSigned;
}
public Integer getExpiration() {
return expiration;
}
public void setExpiration(Integer expiration) {
this.expiration = expiration;
}
public String getFailMethod() {
return failMethod;
}
public void setFailMethod(String failMethod) {
this.failMethod = failMethod;
}
public String getMin() {
return min;
}
public void setMin(String min) {
this.min = min;
}
public String getMax() {
return max;
}
public void setMax(String max) {
this.max = max;
}
public Integer getMirrorClient() {
return mirrorClient;
}
public void setMirrorClient(Integer mirrorClient) {
this.mirrorClient = mirrorClient;
}
public Integer getEnable() {
return enable;
}
public void setEnable(Integer enable) {
this.enable = enable;
}
public Integer getMirrorProfile() {
return mirrorProfile;
}
public void setMirrorProfile(Integer mirrorProfile) {
this.mirrorProfile = mirrorProfile;
}
}

107
src/main/java/com/nis/domain/configuration/BaseStringCfg.java
View File

@@ -282,5 +282,110 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
public void setRegionId(Integer regionId) {
this.regionId = regionId;
}
protected Integer keyring;
protected Integer evCert;
protected Integer certTransparency;
protected Integer clientCertReq;
protected Integer pinning;
protected Integer cn;
protected Integer issuer;
protected Integer selfSigned;
protected Integer expiration;
protected String failMethod;
protected String min;
protected String max;
protected Integer mirrorClient;
protected Integer enable;
protected Integer mirrorProfile;
public Integer getKeyring() {
return keyring;
}
public void setKeyring(Integer keyring) {
this.keyring = keyring;
}
public Integer getEvCert() {
return evCert;
}
public void setEvCert(Integer evCert) {
this.evCert = evCert;
}
public Integer getCertTransparency() {
return certTransparency;
}
public void setCertTransparency(Integer certTransparency) {
this.certTransparency = certTransparency;
}
public Integer getClientCertReq() {
return clientCertReq;
}
public void setClientCertReq(Integer clientCertReq) {
this.clientCertReq = clientCertReq;
}
public Integer getPinning() {
return pinning;
}
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
public Integer getCn() {
return cn;
}
public void setCn(Integer cn) {
this.cn = cn;
}
public Integer getIssuer() {
return issuer;
}
public void setIssuer(Integer issuer) {
this.issuer = issuer;
}
public Integer getSelfSigned() {
return selfSigned;
}
public void setSelfSigned(Integer selfSigned) {
this.selfSigned = selfSigned;
}
public Integer getExpiration() {
return expiration;
}
public void setExpiration(Integer expiration) {
this.expiration = expiration;
}
public String getFailMethod() {
return failMethod;
}
public void setFailMethod(String failMethod) {
this.failMethod = failMethod;
}
public String getMin() {
return min;
}
public void setMin(String min) {
this.min = min;
}
public String getMax() {
return max;
}
public void setMax(String max) {
this.max = max;
}
public Integer getMirrorClient() {
return mirrorClient;
}
public void setMirrorClient(Integer mirrorClient) {
this.mirrorClient = mirrorClient;
}
public Integer getEnable() {
return enable;
}
public void setEnable(Integer enable) {
this.enable = enable;
}
public Integer getMirrorProfile() {
return mirrorProfile;
}
public void setMirrorProfile(Integer mirrorProfile) {
this.mirrorProfile = mirrorProfile;
}
}

137
src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java Normal file
View File

@@ -0,0 +1,137 @@
package com.nis.domain.configuration;
import com.nis.util.excel.ExcelField;
public class PxyInterceptCfg extends CfgIndexInfo {
/**
*
*/
private static final long serialVersionUID = 994229066993318362L;
@ExcelField(title="pxy_intercept_monit_keyring",sort=7)
private String keyring;
@ExcelField(title="exclusions_ev_cert",dictType="SYS_YES_NO",sort=8)
private String evCert;
@ExcelField(title="exclusions_cert_transparency",dictType="SYS_YES_NO",sort=9)
private String certTransparency;
@ExcelField(title="exclusions_client_cert_req",dictType="SYS_YES_NO",sort=10)
private String clientCertReq;
@ExcelField(title="exclusions_pinning",dictType="SYS_YES_NO",sort=11)
private String pinning;
@ExcelField(title="cert_verify_approach_cn",dictType="SYS_YES_NO",sort=12)
private String cn;
@ExcelField(title="cert_verify_approach_issuer",dictType="SYS_YES_NO",sort=13)
private String issuer;
@ExcelField(title="cert_verify_approach_self_signed",dictType="SYS_YES_NO",sort=14)
private String selfSigned;
@ExcelField(title="cert_verify_approach_expiration",dictType="SYS_YES_NO",sort=15)
private String expiration;
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",sort=16)
private String failMethod;
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",sort=17)
private String min;
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",sort=18)
private String max;
@ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=19)
private String mirrorClient;
@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=20)
private String enable;
@ExcelField(title="decrypt_mirror_mirror_profile",sort=21)
private String mirrorProfile;
private String userRegion1;
private String userRegion2;
private String userRegion3;
private String userRegion4;
private String userRegion5;
public String getKeyring() {
return keyring;
}
public void setKeyring(String keyring) {
this.keyring = keyring;
}
public String getEvCert() {
return evCert;
}
public void setEvCert(String evCert) {
this.evCert = evCert;
}
public String getCertTransparency() {
return certTransparency;
}
public void setCertTransparency(String certTransparency) {
this.certTransparency = certTransparency;
}
public String getClientCertReq() {
return clientCertReq;
}
public void setClientCertReq(String clientCertReq) {
this.clientCertReq = clientCertReq;
}
public String getPinning() {
return pinning;
}
public void setPinning(String pinning) {
this.pinning = pinning;
}
public String getCn() {
return cn;
}
public void setCn(String cn) {
this.cn = cn;
}
public String getIssuer() {
return issuer;
}
public void setIssuer(String issuer) {
this.issuer = issuer;
}
public String getSelfSigned() {
return selfSigned;
}
public void setSelfSigned(String selfSigned) {
this.selfSigned = selfSigned;
}
public String getExpiration() {
return expiration;
}
public void setExpiration(String expiration) {
this.expiration = expiration;
}
public String getFailMethod() {
return failMethod;
}
public void setFailMethod(String failMethod) {
this.failMethod = failMethod;
}
public String getMin() {
return min;
}
public void setMin(String min) {
this.min = min;
}
public String getMax() {
return max;
}
public void setMax(String max) {
this.max = max;
}
public String getMirrorClient() {
return mirrorClient;
}
public void setMirrorClient(String mirrorClient) {
this.mirrorClient = mirrorClient;
}
public String getEnable() {
return enable;
}
public void setEnable(String enable) {
this.enable = enable;
}
public String getMirrorProfile() {
return mirrorProfile;
}
public void setMirrorProfile(String mirrorProfile) {
this.mirrorProfile = mirrorProfile;
}
}

142
src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java Normal file
View File

@@ -0,0 +1,142 @@
package com.nis.domain.configuration.template;
import com.nis.util.excel.ExcelField;
public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
private Integer keyring;
private Integer evCert;
private Integer certTransparency;
private Integer clientCertReq;
private Integer pinning;
private Integer cn;
private Integer issuer;
private Integer selfSigned;
private Integer expiration;
private String failMethod;
private String min;
private String max;
private Integer mirrorClient;
private Integer enable;
private Integer mirrorProfile;
@ExcelField(title="pxy_intercept_monit_keyring",align=2,sort=17)
public Integer getKeyring() {
return keyring;
}
public void setKeyring(Integer keyring) {
this.keyring = keyring;
}
@ExcelField(title="exclusions_ev_cert",align=2,sort=18)
public Integer getEvCert() {
return evCert;
}
public void setEvCert(Integer evCert) {
this.evCert = evCert;
}
@ExcelField(title="exclusions_cert_transparency",align=2,sort=19)
public Integer getCertTransparency() {
return certTransparency;
}
public void setCertTransparency(Integer certTransparency) {
this.certTransparency = certTransparency;
}
@ExcelField(title="exclusions_client_cert_req",align=2,sort=20)
public Integer getClientCertReq() {
return clientCertReq;
}
public void setClientCertReq(Integer clientCertReq) {
this.clientCertReq = clientCertReq;
}
@ExcelField(title="exclusions_pinning",align=2,sort=21)
public Integer getPinning() {
return pinning;
}
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
public Integer getCn() {
return cn;
}
public void setCn(Integer cn) {
this.cn = cn;
}
@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
public Integer getIssuer() {
return issuer;
}
public void setIssuer(Integer issuer) {
this.issuer = issuer;
}
@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
public Integer getSelfSigned() {
return selfSigned;
}
public void setSelfSigned(Integer selfSigned) {
this.selfSigned = selfSigned;
}
@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
public Integer getExpiration() {
return expiration;
}
public void setExpiration(Integer expiration) {
this.expiration = expiration;
}
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
public String getFailMethod() {
return failMethod;
}
public void setFailMethod(String failMethod) {
this.failMethod = failMethod;
}
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
public String getMin() {
return min;
}
public void setMin(String min) {
this.min = min;
}
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
public String getMax() {
return max;
}
public void setMax(String max) {
this.max = max;
}
@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
public Integer getMirrorClient() {
return mirrorClient;
}
public void setMirrorClient(Integer mirrorClient) {
this.mirrorClient = mirrorClient;
}
@ExcelField(title="decrypt_mirror_enable",align=2,sort=30)
public Integer getEnable() {
return enable;
}
public void setEnable(Integer enable) {
this.enable = enable;
}
@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31)
public Integer getMirrorProfile() {
return mirrorProfile;
}
public void setMirrorProfile(Integer mirrorProfile) {
this.mirrorProfile = mirrorProfile;
}
}

143
src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java Normal file
View File

@@ -0,0 +1,143 @@
package com.nis.domain.configuration.template;
import com.nis.util.excel.ExcelField;
public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
private Integer keyring;
private Integer evCert;
private Integer certTransparency;
private Integer clientCertReq;
private Integer pinning;
private Integer cn;
private Integer issuer;
private Integer selfSigned;
private Integer expiration;
private String failMethod;
private String min;
private String max;
private Integer mirrorClient;
private Integer enable;
private Integer mirrorProfile;
@ExcelField(title="pxy_intercept_monit_keyring",align=2,sort=17)
public Integer getKeyring() {
return keyring;
}
public void setKeyring(Integer keyring) {
this.keyring = keyring;
}
@ExcelField(title="exclusions_ev_cert",align=2,sort=18)
public Integer getEvCert() {
return evCert;
}
public void setEvCert(Integer evCert) {
this.evCert = evCert;
}
@ExcelField(title="exclusions_cert_transparency",align=2,sort=19)
public Integer getCertTransparency() {
return certTransparency;
}
public void setCertTransparency(Integer certTransparency) {
this.certTransparency = certTransparency;
}
@ExcelField(title="exclusions_client_cert_req",align=2,sort=20)
public Integer getClientCertReq() {
return clientCertReq;
}
public void setClientCertReq(Integer clientCertReq) {
this.clientCertReq = clientCertReq;
}
@ExcelField(title="exclusions_pinning",align=2,sort=21)
public Integer getPinning() {
return pinning;
}
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
public Integer getCn() {
return cn;
}
public void setCn(Integer cn) {
this.cn = cn;
}
@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
public Integer getIssuer() {
return issuer;
}
public void setIssuer(Integer issuer) {
this.issuer = issuer;
}
@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
public Integer getSelfSigned() {
return selfSigned;
}
public void setSelfSigned(Integer selfSigned) {
this.selfSigned = selfSigned;
}
@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
public Integer getExpiration() {
return expiration;
}
public void setExpiration(Integer expiration) {
this.expiration = expiration;
}
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
public String getFailMethod() {
return failMethod;
}
public void setFailMethod(String failMethod) {
this.failMethod = failMethod;
}
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
public String getMin() {
return min;
}
public void setMin(String min) {
this.min = min;
}
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
public String getMax() {
return max;
}
public void setMax(String max) {
this.max = max;
}
@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
public Integer getMirrorClient() {
return mirrorClient;
}
public void setMirrorClient(Integer mirrorClient) {
this.mirrorClient = mirrorClient;
}
@ExcelField(title="decrypt_mirror_enable",align=2,sort=30)
public Integer getEnable() {
return enable;
}
public void setEnable(Integer enable) {
this.enable = enable;
}
@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31)
public Integer getMirrorProfile() {
return mirrorProfile;
}
public void setMirrorProfile(Integer mirrorProfile) {
this.mirrorProfile = mirrorProfile;
}
}

14
src/main/java/com/nis/domain/configuration/template/IpAllNotDoLogTemplate.java
View File

@@ -15,13 +15,13 @@ public class IpAllNotDoLogTemplate extends BasicTemplate{
private String cfgDesc;
private String srcIpAddress;
private String destIpAddress;
private String srcPort;
private String destPort;
private Integer protocol;
private Integer direction;
protected String cfgDesc;
protected String srcIpAddress;
protected String destIpAddress;
protected String srcPort;
protected String destPort;
protected Integer protocol;
protected Integer direction;
@ExcelField(title="config_describe",align=2,sort=1)
public String getCfgDesc() {

8
src/main/java/com/nis/util/SchedulerTaskUtil.java
View File

@@ -146,8 +146,8 @@ public class SchedulerTaskUtil {
}else if("2".equals(m.get("cfgType"))){
strList.addAll(configSynchronizationDao.getStrList(regionTable,compileIds));
//512/521/514/1026业务的用户自定义域取DOMAIN_STR取自Keyword
if(entity.getServiceId()==512
||entity.getServiceId()==521
if(/*entity.getServiceId()==512
||*/entity.getServiceId()==521
||entity.getServiceId()==514
||entity.getServiceId()==1026) {
keywordMap=configSynchronizationDao.getCompileIdWithKeyword(regionTable, compileIds);
@@ -208,9 +208,9 @@ public class SchedulerTaskUtil {
}
userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT;
}else{
if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
/*if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
value = "0";
}else if(regionKey.equals("DOMAIN_STR")) {
}else*/ if(regionKey.equals("DOMAIN_STR")) {
if(!StringUtil.isEmpty(keywordMap) && !StringUtil.isEmpty(keywordMap.get(cfg.getCompileId()))) {
value = keywordMap.get(cfg.getCompileId()).getCfgKeywords();
}

354
src/main/java/com/nis/util/excel/ExportExcel.java
View File

@@ -23,6 +23,7 @@ import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.poi.ss.usermodel.Cell;
import org.apache.poi.ss.usermodel.CellStyle;
@@ -49,7 +50,9 @@ import com.nis.domain.SysDataDictionaryItem;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.basics.ServiceDictInfo;
import com.nis.domain.basics.SysDictInfo;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.util.Encodes;
@@ -58,6 +61,8 @@ import com.nis.util.StringUtil;
import com.nis.web.dao.basics.PolicyGroupInfoDao;
import com.nis.web.dao.basics.SysDictInfoDao;
import com.nis.web.dao.configuration.DnsResStrategyDao;
import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
import com.nis.web.dao.configuration.PxyObjKeyringDao;
import com.nis.web.service.SpringContextHolder;
/**
@@ -72,6 +77,8 @@ public class ExportExcel {
private static DnsResStrategyDao dnsResStrategyDao = SpringContextHolder.getBean(DnsResStrategyDao.class);
private static PolicyGroupInfoDao policyGroupInfoDao = SpringContextHolder.getBean(PolicyGroupInfoDao.class);
private static SysDictInfoDao sysDictInfoDao = SpringContextHolder.getBean(SysDictInfoDao.class);
private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
/**
* 工作薄对象
@@ -587,7 +594,352 @@ public class ExportExcel {
commentStr=commentStr+""+msgProp.getProperty("ip_check")+"(IPv4)\n";
index++;
}
/**********************************************************************pxy intercept************************************************************************************************************/
//pxy intercept
if("pxy_intercept_monit_keyring".equals(headerStr)) {
commentStr="";
List<PxyObjKeyring> certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
if(CollectionUtils.isNotEmpty(certificateList)) {
for (PxyObjKeyring certificate : certificateList) {
commentStr=commentStr+certificate.getCompileId()+""+certificate.getCfgDesc()+"\n";
index++;
}
}
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
/*//2、默认值说明
commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
index++;*/
index++;
}
}
//ev_cert
if("exclusions_ev_cert".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":0\n";
index++;
index++;
}
}
//cert_transparency
if("exclusions_cert_transparency".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":0\n";
index++;
index++;
}
}
//client_cert_req
if("exclusions_client_cert_req".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//pinning
if("exclusions_pinning".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//cn
if("cert_verify_approach_cn".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//issuer
if("cert_verify_approach_issuer".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//self-signed
if("cert_verify_approach_self_signed".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//expiration
if("cert_verify_approach_expiration".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//fail_method
if("cert_verify_fail_method".equals(headerStr)) {
commentStr="";
defaultValue="pass-through";
List<SysDataDictionaryItem> failMethods=DictUtils.getDictList("FAIL_METHOD");
if(CollectionUtils.isNotEmpty(failMethods)){
for (SysDataDictionaryItem failMethod : failMethods) {
commentStr=commentStr+failMethod.getItemCode()+""+msgProp.getProperty(failMethod.getItemValue(),failMethod.getItemValue())+""+"\n";
index++;
}
if(StringUtil.isEmpty(commentStr)){
headerStr="";
commentStr="";
}
if(StringUtil.isEmpty(defaultValue)){
defaultValue = region.getConfigDirection().split(",")[0];
}
}
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
}
//fail_method
if("ssl_ver_mirror_client".equals(headerStr)) {
commentStr="";
defaultValue="0";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
commentStr=commentStr+""+msgProp.getProperty("ssl_ver_mirror_client_on","if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored")+"\n";
index++;
}
//min
if("ssl_ver_min".equals(headerStr)) {
commentStr="";
defaultValue="ssl3";
List<SysDataDictionaryItem> sslversions=DictUtils.getDictList("SSL_VERSION");
if(CollectionUtils.isNotEmpty(sslversions)){
for (SysDataDictionaryItem sslversion : sslversions) {
commentStr=commentStr+sslversion.getItemCode()+""+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+""+"\n";
index++;
}
if(StringUtil.isEmpty(commentStr)){
headerStr="";
commentStr="";
}
}
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
}
//max
if("ssl_ver_max".equals(headerStr)) {
commentStr="";
defaultValue="tls13";
List<SysDataDictionaryItem> sslversions=DictUtils.getDictList("SSL_VERSION");
if(CollectionUtils.isNotEmpty(sslversions)){
for (SysDataDictionaryItem sslversion : sslversions) {
commentStr=commentStr+sslversion.getItemCode()+""+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+""+"\n";
index++;
}
if(StringUtil.isEmpty(commentStr)){
headerStr="";
commentStr="";
}
}
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
}
if("decrypt_mirror_enable".equals(headerStr)) {
commentStr="";
defaultValue="0";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
commentStr=commentStr+""+msgProp.getProperty("decrypt_mirror_enable_on","if the enable option value is '1', the Mirror profile is needed")+"\n";
index++;
}
if("decrypt_mirror_mirror_profile".equals(headerStr)) {
commentStr="";
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=proxyFileDao.findMirrorList(null,1,1);
if(CollectionUtils.isNotEmpty(mirrorProfileList)) {
for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) {
commentStr=commentStr+mirrorProfile.getCompileId()+""+mirrorProfile.getCfgDesc()+"\n";
index++;
}
}
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
/*//2、默认值说明
commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
index++;*/
index++;
}
}
/**********************************************************************pxy intercept************************************************************************************************************/
if(region.getRegionType().equals(1)){//IP配置
//ip配置需要导入的信息srcIp srcPort destIp destPort Protocol Direction
//确定需要导入的srcIp srcPort destIp destPort信息

243
src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
View File

@@ -1,6 +1,7 @@
package com.nis.util.excel.thread;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
@@ -21,15 +22,21 @@ import com.nis.domain.FunctionServiceDict;
import com.nis.domain.SysDataDictionaryItem;
import com.nis.domain.basics.AsnGroupInfo;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.BaseIpCfg;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.template.IpRateLimitTemplate;
//import com.nis.util.AsnCacheUtils;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.util.IPUtil;
import com.nis.util.StringUtil;
import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
import com.nis.web.dao.configuration.PxyObjKeyringDao;
import com.nis.web.service.BaseService;
import com.nis.web.service.SpringContextHolder;
public class CheckIpFormatThread implements Callable<String>{
private Logger logger=Logger.getLogger(CheckIpFormatThread.class);
@@ -41,6 +48,8 @@ public class CheckIpFormatThread implements Callable<String>{
private FunctionRegionDict regionDict;
private List<Map<Long,AsnGroupInfo>> asnNoMaps;
private Map<Long,AsnGroupInfo> asnGroupInfos;
private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
// private DnsResStrategyDao dnsResStrategyDao;
public CheckIpFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue<? extends Object> srcQueue,BlockingQueue<BaseIpCfg> destQueue) {
this.serviceDict=serviceDict;
@@ -115,6 +124,16 @@ public class CheckIpFormatThread implements Callable<String>{
if(regionDict.getFunctionId().equals(200) && serviceDict.getAction().equals(1)){
protocol="6";
}
List<SysDataDictionaryItem> sslversions = new ArrayList<>();
List<SysDataDictionaryItem> failmethods = new ArrayList<>();
List<PxyObjKeyring> certificateList=new ArrayList<>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
sslversions=DictUtils.getDictList("SSL_VERSION");
failmethods=DictUtils.getDictList("FAIL_METHOD");
mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1);
}
for (int i = 0; i < list.size(); i++) {
StringBuffer errInfo = new StringBuffer();
IpPortCfg baseIpCfg = new IpPortCfg();
@@ -546,7 +565,229 @@ public class CheckIpFormatThread implements Callable<String>{
}
}
}
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
Integer kering=baseIpCfg.getKeyring();
Integer evCet=baseIpCfg.getEvCert();
Integer certTransparency=baseIpCfg.getCertTransparency();
Integer clientCertReq=baseIpCfg.getClientCertReq();
Integer pinning=baseIpCfg.getPinning();
Integer cn=baseIpCfg.getCn();
Integer issuer=baseIpCfg.getIssuer();
Integer selfSigned=baseIpCfg.getSelfSigned();
Integer expiration=baseIpCfg.getExpiration();
String failMethod=baseIpCfg.getFailMethod();
String min=baseIpCfg.getMin();
String max=baseIpCfg.getMax();
Integer mirrorClient=baseIpCfg.getMirrorClient();
Integer enable=baseIpCfg.getEnable();
Integer mirrorProfile=baseIpCfg.getMirrorProfile();
Map<String,Object> userRegionMap=new HashMap<>();
Map<String,Object> map=new HashMap<>();
if(kering!=null) {
boolean has=false;
for(PxyObjKeyring keyring:certificateList) {
if(keyring.getCompileId().toString().equals(kering.toString())) {
has=true;
break;
}
}
if(has) {
userRegionMap.put("keyring", kering);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";");
}
}else {
userRegionMap.put("keyring", 0);
}
if(evCet!=null) {
if(evCet!=0&&evCet!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";");
}else {
map.put("ev_cert", evCet);
}
}else {
map.put("ev_cert", 0);
}
if(certTransparency!=null) {
if(certTransparency!=0&&certTransparency!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";");
}else {
map.put("cert_transparency", certTransparency);
}
}else {
map.put("cert_transparency", 0);
}
if(clientCertReq!=null) {
if(clientCertReq!=0&&clientCertReq!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";");
}else {
map.put("client_cert_req", clientCertReq);
}
}else {
map.put("client_cert_req", 1);
}
if(pinning!=null) {
if(pinning!=0&&pinning!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";");
}else {
map.put("pinning", pinning);
}
}else {
map.put("pinning", 1);
}
userRegionMap.put("exclusions", map);
map=new HashMap<>();
Map<String,Object> map1=new HashMap<>();
if(cn!=null) {
if(cn!=0&&cn!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";");
}else {
map1.put("cn", cn);
}
}else {
map1.put("cn", 1);
}
if(issuer!=null) {
if(issuer!=0&&issuer!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";");
}else {
map1.put("issuer", issuer);
}
}else {
map1.put("issuer", 1);
}
if(selfSigned!=null) {
if(selfSigned!=0&&selfSigned!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";");
}else {
map1.put("self-signed", selfSigned);
}
}else {
map1.put("self-signed", 1);
}
if(expiration!=null) {
if(expiration!=0&&expiration!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";");
}else {
map1.put("expiration", expiration);
}
}else {
map1.put("expiration", 1);
}
map.put("approach", map1);
if(StringUtils.isBlank(failMethod)) {
map.put("fail_method", "pass-through");
}else {
boolean has=false;
for(SysDataDictionaryItem fail: failmethods) {
if(fail.getItemCode().equals(failMethod)) {
has=true;
break;
}
}
if(!has) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";");
}
map.put("fail_method", failMethod);
}
userRegionMap.put("cert_verify", map);
map=new HashMap<>();
if(mirrorClient==null) {
mirrorClient=0;
map.put("mirror_client", 0);
}else {
if(mirrorClient!=0&&mirrorClient!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";");
}else {
map.put("mirror_client", mirrorClient);
}
}
if(mirrorClient==0) {
int minSort=0,maxSort=0;
if(StringUtils.isBlank(min)) {
min="ssl3";
}
if(StringUtils.isBlank(max)) {
max="tls13";
}
for(SysDataDictionaryItem sslversion: sslversions) {
if(sslversion.getItemCode().equals(min)) {
minSort=sslversion.getItemSort();
}
if(sslversion.getItemCode().equals(max)) {
maxSort=sslversion.getItemSort();
}
}
if(minSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";");
}
if(maxSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";");
}
if(minSort>=maxSort) {
errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";");
}
map.put("min", min);
map.put("max", max);
}
userRegionMap.put("ssl_ver", map);
map=new HashMap<>();
if(enable==null) {
enable=0;
map.put("enable", 0);
}else {
if(enable!=0&&enable!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";");
}else {
map.put("enable", enable);
}
}
//enable==1的时候才设置mirror_profile
if(enable==1) {
if(mirrorProfile==null) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}else {
boolean has=false;
for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) {
if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) {
has=true;
break;
}
}
if(has) {
map.put("mirror_profile", mirrorProfile);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}
map.put("mirror_profile", mirrorProfile);
}
}
userRegionMap.put("decrypt_mirror", map);
baseIpCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap));
}
// IpSpoofing
if (regionDict.getFunctionId().equals(214)) {
List<SysDataDictionaryItem> dicts = DictUtils.getDictList("SPOOFING_IP_TYPE");

244
src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
View File

@@ -1,7 +1,9 @@
package com.nis.util.excel.thread;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.BlockingQueue;
@@ -19,10 +21,15 @@ import com.beust.jcommander.internal.Sets;
import com.nis.domain.FunctionRegionDict;
import com.nis.domain.FunctionServiceDict;
import com.nis.domain.SysDataDictionaryItem;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.BaseStringCfg;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
import com.nis.web.dao.configuration.PxyObjKeyringDao;
import com.nis.web.service.BaseService;
import com.nis.web.service.SpringContextHolder;
public class CheckStringFormatThread implements Callable<String>{
private Logger logger=Logger.getLogger(CheckStringFormatThread.class);
@@ -32,6 +39,8 @@ public class CheckStringFormatThread implements Callable<String>{
// private DnsResStrategyDao dnsResStrategyDao;
private FunctionServiceDict serviceDict;
private FunctionRegionDict regionDict;
private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
public CheckStringFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue<? extends Object> srcQueue,BlockingQueue<BaseStringCfg<?>> destQueue) {
this.serviceDict=serviceDict;
this.regionDict=regionDict;
@@ -91,6 +100,16 @@ public class CheckStringFormatThread implements Callable<String>{
StringBuffer errTip = new StringBuffer();
Pattern pattern = Pattern.compile("\t|\r|\n|\b|\f");
Pattern domainPattern = Pattern.compile("^[a-zA-Z0-9.-]*$");
List<SysDataDictionaryItem> sslversions = new ArrayList<>();
List<SysDataDictionaryItem> failmethods = new ArrayList<>();
List<PxyObjKeyring> certificateList=new ArrayList<>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
sslversions=DictUtils.getDictList("SSL_VERSION");
failmethods=DictUtils.getDictList("FAIL_METHOD");
mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1);
}
for (int i = 0; i < list.size(); i++) {
StringBuffer errInfo = new StringBuffer();
BaseStringCfg baseStringCfg = new BaseStringCfg();
@@ -494,6 +513,229 @@ public class CheckStringFormatThread implements Callable<String>{
}
}
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
Integer kering=baseStringCfg.getKeyring();
Integer evCet=baseStringCfg.getEvCert();
Integer certTransparency=baseStringCfg.getCertTransparency();
Integer clientCertReq=baseStringCfg.getClientCertReq();
Integer pinning=baseStringCfg.getPinning();
Integer cn=baseStringCfg.getCn();
Integer issuer=baseStringCfg.getIssuer();
Integer selfSigned=baseStringCfg.getSelfSigned();
Integer expiration=baseStringCfg.getExpiration();
String failMethod=baseStringCfg.getFailMethod();
String min=baseStringCfg.getMin();
String max=baseStringCfg.getMax();
Integer mirrorClient=baseStringCfg.getMirrorClient();
Integer enable=baseStringCfg.getEnable();
Integer mirrorProfile=baseStringCfg.getMirrorProfile();
Map<String,Object> userRegionMap=new HashMap<>();
Map<String,Object> map=new HashMap<>();
if(kering!=null) {
boolean has=false;
for(PxyObjKeyring keyring:certificateList) {
if(keyring.getCompileId().toString().equals(kering.toString())) {
has=true;
break;
}
}
if(has) {
userRegionMap.put("keyring", kering);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";");
}
}else {
userRegionMap.put("keyring", 0);
}
if(evCet!=null) {
if(evCet!=0&&evCet!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";");
}else {
map.put("ev_cert", evCet);
}
}else {
map.put("ev_cert", 0);
}
if(certTransparency!=null) {
if(certTransparency!=0&&certTransparency!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";");
}else {
map.put("cert_transparency", certTransparency);
}
}else {
map.put("cert_transparency", 0);
}
if(clientCertReq!=null) {
if(clientCertReq!=0&&clientCertReq!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";");
}else {
map.put("client_cert_req", clientCertReq);
}
}else {
map.put("client_cert_req", 1);
}
if(pinning!=null) {
if(pinning!=0&&pinning!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";");
}else {
map.put("pinning", pinning);
}
}else {
map.put("pinning", 1);
}
userRegionMap.put("exclusions", map);
map=new HashMap<>();
Map<String,Object> map1=new HashMap<>();
if(cn!=null) {
if(cn!=0&&cn!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";");
}else {
map1.put("cn", cn);
}
}else {
map1.put("cn", 1);
}
if(issuer!=null) {
if(issuer!=0&&issuer!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";");
}else {
map1.put("issuer", issuer);
}
}else {
map1.put("issuer", 1);
}
if(selfSigned!=null) {
if(selfSigned!=0&&selfSigned!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";");
}else {
map1.put("self-signed", selfSigned);
}
}else {
map1.put("self-signed", 1);
}
if(expiration!=null) {
if(expiration!=0&&expiration!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";");
}else {
map1.put("expiration", expiration);
}
}else {
map1.put("expiration", 1);
}
map.put("approach", map1);
if(StringUtils.isBlank(failMethod)) {
map.put("fail_method", "pass-through");
}else {
boolean has=false;
for(SysDataDictionaryItem fail: failmethods) {
if(fail.getItemCode().equals(failMethod)) {
has=true;
break;
}
}
if(!has) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";");
}
map.put("fail_method", failMethod);
}
userRegionMap.put("cert_verify", map);
map=new HashMap<>();
if(mirrorClient==null) {
mirrorClient=0;
map.put("mirror_client", 0);
}else {
if(mirrorClient!=0&&mirrorClient!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";");
}else {
map.put("mirror_client", mirrorClient);
}
}
if(mirrorClient==0) {
int minSort=0,maxSort=0;
if(StringUtils.isBlank(min)) {
min="ssl3";
}
if(StringUtils.isBlank(max)) {
max="tls13";
}
for(SysDataDictionaryItem sslversion: sslversions) {
if(sslversion.getItemCode().equals(min)) {
minSort=sslversion.getItemSort();
}
if(sslversion.getItemCode().equals(max)) {
maxSort=sslversion.getItemSort();
}
}
if(minSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";");
}
if(maxSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";");
}
if(minSort>=maxSort) {
errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";");
}
map.put("min", min);
map.put("max", max);
}
userRegionMap.put("ssl_ver", map);
map=new HashMap<>();
if(enable==null) {
enable=0;
map.put("enable", 0);
}else {
if(enable!=0&&enable!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";");
}else {
map.put("enable", enable);
}
}
//enable==1的时候才设置mirror_profile
if(enable==1) {
if(mirrorProfile==null) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}else {
boolean has=false;
for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) {
if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) {
has=true;
break;
}
}
if(has) {
map.put("mirror_profile", mirrorProfile);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}
map.put("mirror_profile", mirrorProfile);
}
}
userRegionMap.put("decrypt_mirror", map);
baseStringCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap));
}
if (errInfo.toString().length() > 0) {//
errTip.append(String.format(prop.getProperty("line"), baseStringCfg.getIndex()) + ",");
errTip.append(errInfo);

13
src/main/java/com/nis/web/controller/BaseController.java
View File

@@ -102,6 +102,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate;
import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate;
import com.nis.domain.configuration.template.HttpsReplaceIpTemplate;
import com.nis.domain.configuration.template.HttpsReplaceTemplate;
import com.nis.domain.configuration.template.InterceptDomainTemplate;
import com.nis.domain.configuration.template.InterceptIpTemplate;
import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
import com.nis.domain.configuration.template.IpAllTemplate;
import com.nis.domain.configuration.template.IpPayloadTemplate;
@@ -1483,7 +1485,10 @@ public class BaseController {
if(serviceDict.getAction().equals(64)) {
BlockingQueue<IpRateLimitTemplate> list = ei.getDataList(IpRateLimitTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}else {
}else if(serviceDict!=null&&serviceDict.getServiceId().equals(512)){
BlockingQueue<InterceptIpTemplate> list = ei.getDataList(InterceptIpTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}else{
BlockingQueue<IpAllNotDoLogTemplate> list = ei.getDataList(IpAllNotDoLogTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}
@@ -1516,7 +1521,7 @@ public class BaseController {
stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
}else if (regionDict.getFunctionId().equals(200)){// 拦截策略
if(serviceDict.getAction().equals(1)){// 监测
BlockingQueue<DomainInterceptMonitTemplate> list = ei.getDataList(DomainInterceptMonitTemplate.class);
BlockingQueue<InterceptDomainTemplate> list = ei.getDataList(InterceptDomainTemplate.class);
stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
}else if(serviceDict.getAction().equals(64)){// 限速
BlockingQueue<DomainInterceptRateLimitTemplate> list = ei.getDataList(DomainInterceptRateLimitTemplate.class);
@@ -2514,6 +2519,8 @@ public class BaseController {
} else if(regionDict.getFunctionId().equals(200)){// 拦截策略
if(serviceDict.getAction().intValue()==64) {
ei.loadInitParams(IpRateLimitTemplate.class, msgProp, regionDict, serviceDict);
}else if(serviceDict.getServiceId().equals(512)){
ei.loadInitParams(InterceptIpTemplate.class, msgProp, regionDict, serviceDict);
}else {
ei.loadInitParams(IpAllNotDoLogTemplate.class, msgProp, regionDict, serviceDict);
}
@@ -2537,7 +2544,7 @@ public class BaseController {
ei.loadInitParams(AppDomainTemplate.class, msgProp, regionDict, serviceDict);
} else if(regionDict.getFunctionId().equals(200)){// 拦截策略 domain
if(serviceDict.getAction().equals(1)){// 监测
ei.loadInitParams(DomainInterceptMonitTemplate.class, msgProp, regionDict, serviceDict);
ei.loadInitParams(InterceptDomainTemplate.class, msgProp, regionDict, serviceDict);
}else if(serviceDict.getAction().equals(64)){// 限速
ei.loadInitParams(DomainInterceptRateLimitTemplate.class, msgProp, regionDict, serviceDict);
}else{// 白名单

13
src/main/java/com/nis/web/controller/configuration/ntc/IpController.java
View File

@@ -53,6 +53,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate;
import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate;
import com.nis.domain.configuration.template.HttpsReplaceIpTemplate;
import com.nis.domain.configuration.template.HttpsReplaceTemplate;
import com.nis.domain.configuration.template.InterceptDomainTemplate;
import com.nis.domain.configuration.template.InterceptIpTemplate;
import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
import com.nis.domain.configuration.template.IpAllTemplate;
import com.nis.domain.configuration.template.IpPayloadTemplate;
@@ -479,7 +481,12 @@ public class IpController extends BaseController{
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpRateLimitTemplate.class, 2);
excel.setDataList(pro,classList,null).
write(request,response, fileName).dispose();
}else {
}else if(serviceDict.getServiceId().equals(512)){
List<InterceptIpTemplate> classList=new ArrayList<InterceptIpTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptIpTemplate.class, 2);
excel.setDataList(pro,classList,null).
write(request,response, fileName).dispose();
}else{
List<IpAllNotDoLogTemplate> classList=new ArrayList<IpAllNotDoLogTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpAllNotDoLogTemplate.class, 2);
excel.setDataList(pro,classList,null).
@@ -522,8 +529,8 @@ public class IpController extends BaseController{
write(request,response, fileName).dispose();
}else if(regionDict.getFunctionId().equals(200)){// 拦截策略(域名)
if(serviceDict.getAction().equals(1)){// 监测
List<DomainInterceptMonitTemplate> classList=new ArrayList<DomainInterceptMonitTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, DomainInterceptMonitTemplate.class, 2);
List<InterceptDomainTemplate> classList=new ArrayList<InterceptDomainTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptDomainTemplate.class, 2);
excel.setDataList(pro,classList,null).
write(request,response, fileName).dispose();
}else if(serviceDict.getAction().equals(64)){// 限速

255
src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
View File

@@ -18,15 +18,19 @@ import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import com.nis.domain.Page;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.BaseStringCfg;
import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.configuration.HttpUrlCfg;
import com.nis.domain.configuration.InterceptPktBin;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyInterceptCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
import com.nis.exceptions.MaatConvertException;
@@ -36,6 +40,7 @@ import com.nis.util.LogUtils;
import com.nis.util.StringUtil;
import com.nis.web.controller.configuration.CommonController;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
/**
* IP相关配置控制类
@@ -57,13 +62,17 @@ public class InterceptController extends CommonController {
// 获取证书信息
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
if (cfg.getFunctionId().equals(200)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
List<ProxyFileTrafficMirrorCfg> mirrorProfiles = new ArrayList<ProxyFileTrafficMirrorCfg>();
if (cfg.getFunctionId().equals(200)) {//改为ajax查询
//certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
//mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1);
}
if (cfg.getFunctionId().equals(201)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
}
model.addAttribute("certificateList", certificateList);
model.addAttribute("mirrorProfiles", mirrorProfiles);
/*if(cfg.getFunctionId().equals(214)){
// IP地址仿冒策略使用策略组
//List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
@@ -89,13 +98,16 @@ public class InterceptController extends CommonController {
}
// 获取证书信息
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
List<ProxyFileTrafficMirrorCfg> mirrorProfiles = new ArrayList<ProxyFileTrafficMirrorCfg>();
// if (entity.getFunctionId().equals(200)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, null);
mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1);
// }
// if (entity.getFunctionId().equals(201)) {
// certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
// }
model.addAttribute("certificateList", certificateList);
model.addAttribute("mirrorProfiles", mirrorProfiles);
model.addAttribute("_cfg", entity);
// IP地址仿冒策略使用策略组
@@ -110,6 +122,116 @@ public class InterceptController extends CommonController {
public String saveInterceptIpCfg(RedirectAttributes redirectAttributes, Model model, HttpServletRequest request,
HttpServletResponse response, String ids, CfgIndexInfo entity) {
try {
if(!entity.getAction().equals(1)||!entity.getServiceId().equals(512)) {
entity.setUserRegion(null);
}else {
if(entity.getUserRegion()==null) {
entity.setUserRegion(new HashMap<String,Object>());
}
//keyring
String keyring = request.getParameter("keyring");
if(StringUtils.isNotBlank(keyring)) {
entity.getUserRegion().put("keyring", Long.parseLong(keyring));
}else {
entity.getUserRegion().put("keyring", 0);
}
Map<String,Object> map = new HashMap();
//exclusions
String ev_cert = request.getParameter("ev_cert");
String cert_transparency = request.getParameter("cert_transparency");
String client_cert_req = request.getParameter("client_cert_req");
String pinning = request.getParameter("pinning");
if(StringUtils.isNotBlank(ev_cert)){
map.put("ev_cert", Integer.parseInt(ev_cert.trim()));
}else {
map.put("ev_cert", 0);
}
if(StringUtils.isNotBlank(cert_transparency)){
map.put("cert_transparency",Integer.parseInt(cert_transparency.trim()));
}else {
map.put("cert_transparency", 0);
}
if(StringUtils.isNotBlank(pinning)){
map.put("pinning", Integer.parseInt(pinning.trim()));
}else {
map.put("pinning", 0);
}
if(StringUtils.isNotBlank(client_cert_req)){
map.put("client_cert_req", Integer.parseInt(client_cert_req.trim()));
}else {
map.put("client_cert_req", 0);
}
entity.getUserRegion().put("exclusions", map);
//cert_verify
Map<String,Object> map1=new HashMap<>();
map=new HashMap<>();
String cn=request.getParameter("cn");
String issuer=request.getParameter("issuer");
String self_signed=request.getParameter("self-signed");
String expiration=request.getParameter("expiration");
if(StringUtils.isNotBlank(cn)){
map.put("cn",Integer.parseInt(cn.trim()));
}else {
map.put("cn",0);
}
if(StringUtils.isNotBlank(issuer)){
map.put("issuer",Integer.parseInt(issuer.trim()));
}else {
map.put("issuer",0);
}
if(StringUtils.isNotBlank(self_signed)){
map.put("self-signed",Integer.parseInt(self_signed.trim()));
}else {
map.put("self-signed",0);
}
if(StringUtils.isNotBlank(expiration)){
map.put("expiration",Integer.parseInt(expiration.trim()));
}else {
map.put("expiration",0);
}
map1.put("approach", map);
String fail_method=request.getParameter("fail_method");
if(StringUtils.isNotBlank(fail_method)){
map1.put("fail_method",fail_method.trim());
}
entity.getUserRegion().put("cert_verify", map1);
//ssl_ver
map=new HashMap<>();
String mirror_client=request.getParameter("mirror_client");
String min=request.getParameter("min");
String max=request.getParameter("max");
if(StringUtils.isNotBlank(mirror_client)){
map.put("mirror_client", Integer.parseInt(mirror_client.trim()));
}else {
mirror_client="0";
map.put("mirror_client", 0);
}
if("0".equals(mirror_client)) {
if(StringUtils.isNotBlank(min)){
map.put("min", min.trim());
}
if(StringUtils.isNotBlank(max)){
map.put("max", max.trim());
}
}
entity.getUserRegion().put("ssl_ver", map);
//decrypt_mirror
map=new HashMap<>();
String enable=request.getParameter("enable");
String mirror_profile=request.getParameter("mirror_profile");
if(StringUtils.isNotBlank(enable)){
map.put("enable", Integer.parseInt(enable.trim()));
}else {
enable="0";
map.put("enable", 0);
}
if("1".equals(enable)) {
if(StringUtils.isNotBlank(mirror_profile)){
map.put("mirror_profile", mirror_profile.trim());
}
}
entity.getUserRegion().put("decrypt_mirror", map);
}
interceptCfgService.saveInterceptCfg(entity);
//配置仅保存
if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
@@ -169,6 +291,33 @@ public class InterceptController extends CommonController {
model.addAttribute("tabList", tabList);
return "/cfg/intercept/interceptSubList";
}
//替换keyring,mirror_profiles
@RequestMapping(value = { "/ajaxGetValues" })
@ResponseBody
public Map<String,Object> ajaxGetValues(Model model, @RequestParam(required=false,value="keyrings")String keyrings, @RequestParam(required=false,value="mirrorProfiles")String mirrorProfiles) {
Map<String,Object> datas=new HashMap<>();
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList = new ArrayList<ProxyFileTrafficMirrorCfg>();
// if (entity.getFunctionId().equals(200)) {
Map<String,Object> _datas=new HashMap<>();
if(StringUtils.isNotBlank(keyrings)) {
certificateList = pxyObjKeyringService.findAllPxyObjKeyrings(keyrings, 1, 1, null);
for(PxyObjKeyring certificate:certificateList) {
_datas.put(certificate.getCompileId().toString(), certificate.getCfgDesc());
}
datas.put("keyrings", _datas);
}
if(StringUtils.isNotBlank(mirrorProfiles)) {
mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(mirrorProfiles,1,1);
_datas=new HashMap<>();
for(ProxyFileTrafficMirrorCfg mirrorProfile:mirrorProfileList) {
_datas.put(mirrorProfile.getCompileId().toString(), mirrorProfile.getCfgDesc());
}
datas.put("mirrorProfiles", _datas);
}
return datas;
}
@RequestMapping(value = { "auditInterceptIpCfg", "auditInterceptDomainCfg", "auditInterceptIpPayloadCfg" })
public String auditInterceptIpCfg(Model model, @ModelAttribute("cfg") CfgIndexInfo cfg, Integer isValid,
@@ -284,6 +433,7 @@ public class InterceptController extends CommonController {
Map<String, String> replaceExportMap = new HashMap<String, String>();
Properties prop = getMsgProp();
List<CfgIndexInfo> ipLists = new ArrayList<CfgIndexInfo>();
List<PxyInterceptCfg> pxyInterceptCfgs=new ArrayList<>();
// 导出选中记录
if (!StringUtil.isEmpty(ids)) {
ipLists = ipCfgService.getByIdsList(ids);
@@ -326,38 +476,103 @@ public class InterceptController extends CommonController {
}
// 获取证书信息
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
if (entity.getFunctionId().equals(200)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(null, 1, 1);
}
if (entity.getFunctionId().equals(201)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
}
for (CfgIndexInfo str : ipLists) {
PxyInterceptCfg pxyInterceptCfg=new PxyInterceptCfg();
BeanUtils.copyProperties(str, pxyInterceptCfg);
if (!StringUtil.isEmpty(str.getUserRegion5())) {
String cs = DictUtils.getDictLabel("INTERCEPT_DOMAIN_INTENSITY", str.getUserRegion5());
str.setUserRegion5(prop.getProperty(cs));
}
str.setUserRegion(new HashMap<String,Object>());
if (certificateList != null) {
if (entity.getFunctionId() == 200 || entity.getFunctionId() == 201) {
if (!StringUtil.isEmpty(str.getUserRegion1())) {
boolean flag = false;
for (PxyObjKeyring pxyObjKeyring : certificateList) {
if (str.getUserRegion1().equals(String.valueOf(pxyObjKeyring.getCompileId()))) {
str.setUserRegion1(pxyObjKeyring.getCfgDesc());
flag = true;
break;
if (entity.getFunctionId() == 200 ) {
if (!StringUtil.isEmpty(str.getUserRegion1())&&str.getUserRegion1().startsWith("{")) {
Map<String,Object> userregion=BaseService.gsonFromJson(str.getUserRegion1(), Map.class);
if(userregion.containsKey("keyring")) {
for (PxyObjKeyring pxyObjKeyring : certificateList) {
if (String.valueOf(pxyObjKeyring.getCompileId()).equals(userregion.get("keyring").toString())) {
pxyInterceptCfg.setKeyring(pxyObjKeyring.getCfgDesc());
break;
}
}
}
if (!flag) {
str.setUserRegion1(null);
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")){
pxyInterceptCfg.setEvCert(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("cert_transparency")){
pxyInterceptCfg.setCertTransparency(((Map<String,Object>)userregion.get("exclusions")).get("cert_transparency").toString());
}
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
pxyInterceptCfg.setClientCertReq(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
pxyInterceptCfg.setPinning(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("cn")) {
pxyInterceptCfg.setCn(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("cn").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("issuer")) {
pxyInterceptCfg.setIssuer(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("issuer").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("self-signed")) {
pxyInterceptCfg.setSelfSigned(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("self-signed").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) {
pxyInterceptCfg.setSelfSigned(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("expiration").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) {
pxyInterceptCfg.setExpiration(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("expiration").toString());
}
if(((Map<String,Object>)userregion.get("cert_verify")).containsKey("fail_method")) {
pxyInterceptCfg.setFailMethod(((Map<String,Object>)userregion.get("cert_verify")).get("fail_method").toString());
}
if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("min")) {
pxyInterceptCfg.setMin(((Map<String,Object>)userregion.get("ssl_ver")).get("min").toString());
}
if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("max")) {
pxyInterceptCfg.setMax(((Map<String,Object>)userregion.get("ssl_ver")).get("max").toString());
}
if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("mirror_client")) {
pxyInterceptCfg.setMirrorClient(((Map<String,Object>)userregion.get("ssl_ver")).get("mirror_client").toString());
}
if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("enable")) {
pxyInterceptCfg.setEnable(((Map<String,Object>)userregion.get("decrypt_mirror")).get("enable").toString());
}
if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) {
}
//pxyInterceptCfg.setMirrorProfile(((Map<String,Object>)userregion.get("decrypt_mirror")).get("mirror_profile").toString());
if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) {
for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) {
if (String.valueOf(mirrorProfile.getCompileId()).equals(((Map<String,Object>)userregion.get("decrypt_mirror")).get("mirror_profile").toString())) {
pxyInterceptCfg.setMirrorProfile(mirrorProfile.getCfgDesc());
break;
}
}
}
}
}
}
pxyInterceptCfgs.add(pxyInterceptCfg);
}
titleList.add(entity.getMenuNameCode());
classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class);
if(entity.getFunctionId().equals(200)) {
classMap.put(entity.getMenuNameCode(), PxyInterceptCfg.class);
}else {
classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class);
}
String cfgIndexInfoNoExport = "";
String ipPortInfoNoExport = ",do_log,action,config_describe,valid_identifier,is_audit,creator,creator"
+ ",config_time,editor,edit_time,auditor,audit_time"
@@ -375,10 +590,14 @@ public class InterceptController extends CommonController {
List<IpPortCfg> ipList = new ArrayList<IpPortCfg>();
List<BaseStringCfg> httpUrlList = new ArrayList<BaseStringCfg>();
List<BaseStringCfg> pktBinList = new ArrayList<BaseStringCfg>();
int index=0;
for (CfgIndexInfo cfg : ipLists) {
for (Map<String,Object> logTotal : logTotals) {
if(cfg.getCompileId().equals(Integer.parseInt((String) logTotal.get("compileId")))){
cfg.setTotalLogs((Long)logTotal.get("sum"));
if (entity.getFunctionId().equals(200)){
pxyInterceptCfgs.get(index).setTotalLogs((Long)logTotal.get("sum"));
}
break;
}
}
@@ -398,6 +617,7 @@ public class InterceptController extends CommonController {
cfg.setUserRegion5(msgProp.getProperty(DictUtils.getDictLabels("SERVICE_ACTION", cfg.getAction().toString(), cfg.getAction().toString())));
}
}
index++;
}
if (214==entity.getFunctionId()) {
@@ -410,7 +630,12 @@ public class InterceptController extends CommonController {
pktBinList = BaseStringCfg.replaceBaseKeyList(pktBinList);
httpUrlList = BaseStringCfg.baseHexList(httpUrlList);
dataMap.put(entity.getMenuNameCode(), ipLists);
if(entity.getFunctionId().equals(200)) {
dataMap.put(entity.getMenuNameCode(), pxyInterceptCfgs);
}else {
dataMap.put(entity.getMenuNameCode(), ipLists);
}
if (entity.getFunctionId() == 212) { // IP Payload
cfgIndexInfoNoExport = ",policy_name,group_name,userregion4,userregion5,&userregion1:replace_zone-userregion2:replaced_content-userregion3:replace_content-";
titleList.add("PXY_INTERCEPT_IP");

2
src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java
View File

@@ -16,4 +16,6 @@ public interface ProxyFileTrafficMirrorDao extends CrudDao<ProxyFileTrafficMirro
public ProxyFileTrafficMirrorCfg getCfgById(@Param("cfgId")Long cfgId);
List<ProxyFileTrafficMirrorCfg> findByList(@Param("ids")String ids);
List<ProxyFileTrafficMirrorCfg> findMirrorList(@Param("compileIds")String compileIds, @Param("isValid")Integer isValid, @Param("isAudit")Integer isAudit);
}

18
src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml
View File

@@ -305,5 +305,23 @@
left join request_info ri on a.request_id=ri.id
where a.CFG_ID in (${ids})
</select>
<select id="findMirrorList" resultMap="ProxyFileTrafficMirrorCfg">
SELECT
<include refid="ProxyFileTrafficMirrorCfgColumn"/>
FROM PXY_PROFILE_TRAFFIC_MIRROR a
<trim prefix="where" prefixOverrides="and">
<if test="compileIds!=null and compileIds!=''">
and a.COMPILE_ID in (${compileIds})
</if>
<if test="isValid!=null and isValid!=''">
and a.IS_VALID =#{isValid}
</if>
<if test="isAudit!=null and isAudit!=''">
and a.IS_AUDIT =#{isAudit}
</if>
</trim>
</select>
</mapper>

3
src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java
View File

@@ -21,6 +21,9 @@ public interface PxyObjKeyringDao extends CrudDao<PxyObjKeyring>{
List<PxyObjKeyring> findList(@Param("cfgId")Long cfgId
,@Param("isAudit")Integer isAudit
,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
List<PxyObjKeyring> findLists(@Param("compileIds")String cfgIds
,@Param("isAudit")Integer isAudit
,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
PxyObjTrustedCaCert getPxyObjTrustedCaCert(Long id);
PxyObjTrustedCaCrl getPxyObjTrustedCaCrl(PxyObjTrustedCaCrl entity);
void insertPxyObjTrustedCaCert(PxyObjTrustedCaCert PxyObjTrustedCaCert);

28
src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
View File

@@ -366,6 +366,34 @@
</if>
</where>
</select>
<select id="findLists" resultMap="PxyObjKeyringMap">
SELECT
<include refid="PxyObjKeyringColumns"/>
FROM pxy_obj_keyring r
<where>
<if test="isValid == -1">
AND r.is_valid !=-1
</if>
<if test="isValid == 1">
AND r.is_valid =1
</if>
<if test="isValid == 0">
AND r.is_valid =0
</if>
<if test="isAudit == 0">
AND r.is_audit =0
</if>
<if test="isAudit == 1">
AND r.is_audit =1
</if>
<if test="cfgType == 'ip' ">
<![CDATA[AND r.keyring_type <> 'end-entity']]>
</if>
<if test="compileIds != null">
AND r.COMPILE_ID in(#{compileIds})
</if>
</where>
</select>
<!-- 查出所有 有效数据-->
<select id="getPxyObjTrustedCaCert" resultType="com.nis.domain.configuration.PxyObjTrustedCaCert">
SELECT

22
src/main/java/com/nis/web/service/BaseService.java
View File

@@ -2508,10 +2508,13 @@ public abstract class BaseService {
if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+Constants.USER_REGION_PLACEHOLDER);
}*/
if(serviceDict!=null&&serviceDict.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
/*if(serviceDict!=null&&serviceDict.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
_cfg.setUserRegion1(StringUtil.isEmpty(_cfg.getUserRegion1()) ? "0":_cfg.getUserRegion1());
_cfg.setUserRegion5(StringUtil.isEmpty(_cfg.getUserRegion5()) ? "1":_cfg.getUserRegion5());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5());
}*/
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
maatCfg.setUserRegion(_cfg.getUserRegion1());
}
if(serviceDict!=null&&serviceDict.getAction().equals(64)) {
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2());
@@ -2673,13 +2676,18 @@ public abstract class BaseService {
}else if(regionDict.getDictId()==159) {
maatCfg.setUserRegion(Constants.P2P_HASH_TYPE_USER_REGION_KEY+"="+_cfg.getUserRegion1());
}else if(regionDict.getFunctionId()==200) {// Domain Intercept
String userRegion = Constants.USERREGION_DOMAIN_ID+"="+_cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+_cfg.getCfgKeywords();
if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5()+";" + userRegion;
}else if(_cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate
userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2()+";" + userRegion;
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
maatCfg.setUserRegion(_cfg.getUserRegion1());
}else {
String userRegion = Constants.USERREGION_DOMAIN_ID+"="+_cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+_cfg.getCfgKeywords();
/*if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5()+";" + userRegion;
}else*/ if(_cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate
userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2()+";" + userRegion;
}
maatCfg.setUserRegion(userRegion);
}
maatCfg.setUserRegion(userRegion);
}else if(regionDict.getFunctionId()==207 || regionDict.getFunctionId()==208 || regionDict.getFunctionId()==209) {// HTTP(s)阻断、重定向、替换
String userRegion = Constants.USER_REGION_PLACEHOLDER;
if(_cfg.getAction().equals(Constants.REJECT_ACTION)) {// 阻断

12
src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
View File

@@ -325,8 +325,8 @@ public class ConfigSynchronizationService extends BaseService{
List<BaseStringCfg> strDataList=configSynchronizationDao.getStrList(tableName,compileIds);
strList.addAll(strDataList);
//512/521/514/1026业务的用户自定义域取DOMAIN_STR取自Keyword
if(entity.getServiceId()==512
||entity.getServiceId()==521
if(/*entity.getServiceId()==512
||*/entity.getServiceId()==521
||entity.getServiceId()==514
||entity.getServiceId()==1026) {
keywordMap=configSynchronizationDao.getCompileIdWithKeyword(tableName, compileIds);
@@ -426,10 +426,14 @@ public class ConfigSynchronizationService extends BaseService{
}
userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT;
}else if(entity.getServiceId().equals(512)) {
if(!StringUtil.isEmpty(cfg.getUserRegion1())&&cfg.getUserRegion1().startsWith("{")) {
userRegion=cfg.getUserRegion1();
}
}else{
if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
/*if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
value = "0";
}else if(regionKey.equals("DOMAIN_STR")) {
}else */if(regionKey.equals("DOMAIN_STR")) {
if(!StringUtil.isEmpty(keywordMap) && !StringUtil.isEmpty(keywordMap.get(cfg.getCompileId()))) {
value = keywordMap.get(cfg.getCompileId()).getCfgKeywords();
}

118
src/main/java/com/nis/web/service/configuration/InterceptCfgService.java
View File

@@ -27,7 +27,6 @@ import com.nis.domain.maat.MaatCfg.DigestCfg;
import com.nis.domain.maat.MaatCfg.GroupCfg;
import com.nis.domain.maat.MaatCfg.IpCfg;
import com.nis.domain.maat.MaatCfg.StringCfg;
import com.nis.domain.specific.ConfigGroupInfo;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Constants;
@@ -58,6 +57,9 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){
CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId);
if(entity.getServiceId().equals(512)) {
entity.setUserRegion((Map<String,Object>)this.gsonFromJson(entity.getUserRegion1(),Map.class));
}
List<IpPortCfg> ipPortList = websiteCfgDao.getIpPortList(entity);
List<InterceptPktBin> pktBinList = interceptCfgDao.getInterceptPktBin(entity);
List<HttpUrlCfg> httpUrlList = websiteCfgDao.getHttpUrlList(entity);
@@ -108,7 +110,10 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
if(!StringUtil.isEmpty(entity.getIsValid()) && entity.getIsValid()==1) {
isValid=1;
}
//处理复杂用户自定义域
if(!StringUtil.isEmpty(entity.getUserRegion())){
entity.setUserRegion1(gsonToJson(entity.getUserRegion()));
}
entity.setIsValid(0);
entity.setIsAudit(0);
@@ -459,7 +464,9 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
boolean doaminFlag=false;
String domainUserRegion="";
if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
doaminFlag=true;
if(!entity.getServiceId().equals(512)) {
doaminFlag=true;
}
domainUserRegion=Constants.USERREGION_DOMAIN_ID+"="+entity.getCompileId();
String domainStr="";
if(entity != null && entity.getHttpUrlList() != null && entity.getHttpUrlList().size() > 0){
@@ -511,59 +518,66 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
maatCfg.setGroupNum(groupRelationList.size());
maatCfg.setAreaIpRegionList(areaIpRegionList);
maatCfg.setIsValid(entity.getIsValid());
//监测 需要发keyring_id
if(entity.getAction().equals(Constants.MONIT_ACTION)){
entity.setUserRegion1(StringUtil.isEmpty(entity.getUserRegion1()) ? "0":entity.getUserRegion1());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+entity.getUserRegion1());
//监测的域名需下发拦截强度
if(entity.getFunctionId().equals(200)){
if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
entity.setUserRegion5(StringUtil.isEmpty(entity.getUserRegion5()) ? "1":entity.getUserRegion5());
if(StringUtil.isEmpty(maatCfg.getUserRegion())) {
maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
}else {
maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
if(entity.getServiceId().equals(512)) {
maatCfg.setUserRegion(entity.getUserRegion1());
if(StringUtil.isEmpty(maatCfg.getUserRegion())){
maatCfg.setUserRegion(Constants.USER_REGION_PLACEHOLDER);
}
}else {
//监测 需要发keyring_id
if(entity.getAction().equals(Constants.MONIT_ACTION)){
entity.setUserRegion1(StringUtil.isEmpty(entity.getUserRegion1()) ? "0":entity.getUserRegion1());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+entity.getUserRegion1());
//监测的域名需下发拦截强度
if(entity.getFunctionId().equals(200)){
if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
entity.setUserRegion5(StringUtil.isEmpty(entity.getUserRegion5()) ? "1":entity.getUserRegion5());
if(StringUtil.isEmpty(maatCfg.getUserRegion())) {
maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
}else {
maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
}
}
}
}
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(entity.getAction().equals(Constants.RATELIMIT_ACTION)){
if(entity.getUserRegion1().equals("0")){//丢包率
entity.setUserRegion2(StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+entity.getUserRegion2());
}else if(entity.getUserRegion1().equals("1")){//带宽
entity.setUserRegion3(StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+entity.getUserRegion3());
}
}
String userRegion="";
//替换需要发zone
if(entity.getAction().equals(Constants.REPLACE_ACTION)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion=Constants.REPLACE_ZONE_KEY+"="+entity.getUserRegion1();
String substitute="";
String userRegion2=StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2();
substitute="/";
userRegion2 = BaseService.replaceContentEscape(userRegion2);
substitute=substitute+userRegion2;
String userRegion3=StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3();
userRegion3 = BaseService.replaceContentEscape(userRegion3);
substitute=substitute+"/"+userRegion3;
userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
maatCfg.setUserRegion(userRegion);
}
//ip仿冒自定义域信息
if(entity.getAction().equals(48)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion="nat_type="+entity.getUserRegion1();
userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
maatCfg.setUserRegion(userRegion);
}
}
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(entity.getAction().equals(Constants.RATELIMIT_ACTION)){
if(entity.getUserRegion1().equals("0")){//丢包率
entity.setUserRegion2(StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+entity.getUserRegion2());
}else if(entity.getUserRegion1().equals("1")){//带宽
entity.setUserRegion3(StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+entity.getUserRegion3());
}
}
String userRegion="";
//替换需要发zone
if(entity.getAction().equals(Constants.REPLACE_ACTION)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion=Constants.REPLACE_ZONE_KEY+"="+entity.getUserRegion1();
String substitute="";
String userRegion2=StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2();
substitute="/";
userRegion2 = BaseService.replaceContentEscape(userRegion2);
substitute=substitute+userRegion2;
String userRegion3=StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3();
userRegion3 = BaseService.replaceContentEscape(userRegion3);
substitute=substitute+"/"+userRegion3;
userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
maatCfg.setUserRegion(userRegion);
}
//ip仿冒自定义域信息
if(entity.getAction().equals(48)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion="nat_type="+entity.getUserRegion1();
userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
maatCfg.setUserRegion(userRegion);
}
//域名拦截需要增加域名id和域名字符串自定义配置
if(StringUtil.isEmpty(maatCfg.getUserRegion())

7
src/main/java/com/nis/web/service/configuration/ProxyFileTrafficMirrorService.java
View File

@@ -37,7 +37,12 @@ public class ProxyFileTrafficMirrorService extends BaseService{
page.setList(list);
return page;
}
/**
*/
public List<ProxyFileTrafficMirrorCfg> findMirrorList(String compileIds,Integer isValid,Integer isAudit) {
return proxyFileDao.findMirrorList(compileIds,isValid,isAudit);
}
public ProxyFileTrafficMirrorCfg getCfgById(Long cfgId) {
return proxyFileDao.getCfgById(cfgId);
}

4
src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
View File

@@ -85,6 +85,10 @@ public class PxyObjKeyringService extends BaseService{
List<PxyObjKeyring> list=pxyObjKeyringDao.findList(cfgId,isValid,isAudit,cfgType);
return list;
}
public List<PxyObjKeyring> findAllPxyObjKeyrings(String compileIds,Integer isValid,Integer isAudit,String cfgType) {
List<PxyObjKeyring> list=pxyObjKeyringDao.findLists(compileIds,isValid,isAudit,cfgType);
return list;
}
public PxyObjKeyring getPxyObjKeyring(Long id,Integer isValid) {
List<PxyObjKeyring> list=pxyObjKeyringDao.findList(id,isValid,null,null);

37
src/main/resources/messages/message_en.properties
View File

@@ -1542,4 +1542,39 @@ mirror_addr_type=Address Type
target_name=Target Name
traffic_mirror_address=Traffic Mirror Address
content_name=Content Name
none_profile_tip=Please Choose Profile Info!
none_profile_tip=Please Choose Profile Info!
#---------------------------pxy intercept------------------------------------
min_should_less_than_max=The min SSL version should less than the max SSL version
exclusions_ev_cert=Exclusion EV Cert
exclusions_cert_transparency=Exclusion Cert Transparency
exclusions_client_cert_req=Exclusion Client Cert Request
exclusions_pinning=Exclusion Pinning
cert_verify_approach_cn=Approach CN
cert_verify_approach_issuer=Approach Issuer
cert_verify_approach_self_signed=Approach Self Signed
cert_verify_approach_expiration=Approach Expiration
cert_verify_approach_fail_method=Fail Method
ssl_ver_min=Min SSL Version
ssl_ver_max=Max SSL Version
ssl_ver_mirror_client=Mirror Client
decrypt_mirror_enable=Mirror Enable
decrypt_mirror_mirror_profile=Mirror Profile
exclusions=Exclusions
ev_cert=EV Cert
cert_transparency=Cert Transparency
client_cert_req=Client Cert Request
pinning=Pinning
cn=CN
self_signed=Self Signed
expiration=Expiration
approach=Approach
cert_verify=Cert Verify
ssl_version=SSL Version
mirror_client=Mirror Client
min=Min
max=Max
decrypt_mirror=Decrypt Mirror
enable=Enable
forward=Forward
decrypt_mirror_enable_on=if the enable option value is '1', the Mirror profile is needed
ssl_ver_mirror_client_on=if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored

37
src/main/resources/messages/message_ru.properties
View File

@@ -1544,4 +1544,39 @@ mirror_addr_type=Address Type
target_name=Target Name
traffic_mirror_address=Traffic Mirror Address
content_name=Content Name
none_profile_tip=Please Choose Profile Info!
none_profile_tip=Please Choose Profile Info!
#---------------------------pxy intercept------------------------------------
min_should_less_than_max=The min SSL version should less than the max SSL version
exclusions_ev_cert=Exclusion EV Cert
exclusions_cert_transparency=Exclusion Cert Transparency
exclusions_client_cert_req=Exclusion Client Cert Request
exclusions_pinning=Exclusion Pinning
cert_verify_approach_cn=Approach CN
cert_verify_approach_issuer=Approach Issuer
cert_verify_approach_self_signed=Approach Self Signed
cert_verify_approach_expiration=Approach Expiration
cert_verify_approach_fail_method=Fail Method
ssl_ver_min=Min SSL Version
ssl_ver_max=Max SSL Version
ssl_ver_mirror_client=Mirror Client
decrypt_mirror_enable=Mirror Enable
decrypt_mirror_mirror_profile=Mirror Profile
exclusions=Exclusions
ev_cert=EV Cert
cert_transparency=Cert Transparency
client_cert_req=Client Cert Request
pinning=Pinning
cn=CN
self_signed=Self Signed
expiration=Expiration
approach=Approach
cert_verify=Cert Verify
ssl_version=SSL Version
mirror_client=Mirror Client
min=Min
max=Max
decrypt_mirror=Decrypt Mirror
enable=Enable
forward=Forward
decrypt_mirror_enable_on=if the enable option value is '1', the Mirror profile is needed
ssl_ver_mirror_client_on=if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored

37
src/main/resources/messages/message_zh_CN.properties
View File

@@ -1542,4 +1542,39 @@ mirror_addr_type=\u76EE\u6807\u6807\u8BC6\u7C7B\u578B
target_name=\u76EE\u6807\u540D\u79F0
traffic_mirror_address=\u6D41\u91CF\u8F6C\u53D1\u76EE\u7684\u5730\u5740
content_name=\u5185\u5BB9\u540D\u79F0
none_profile_tip=Please Choose Profile Info!
none_profile_tip=Please Choose Profile Info!
#---------------------------pxy intercept------------------------------------
min_should_less_than_max=\u6700\u5C0FSSL\u7248\u672C\u5E94\u5C0F\u4E8E\u6700\u5927SSL\u7248\u672C
exclusions_ev_cert=\u6392\u9664EV\u8BC1\u4E66
exclusions_cert_transparency=\u6392\u9664\u8BC1\u4E66\u900F\u660E
exclusions_client_cert_req=\u6392\u9664\u5BA2\u6237\u7AEF\u8BC1\u4E66\u8BF7\u6C42
exclusions_pinning=\u6392\u9664Pinning
cert_verify_approach_cn=\u63A5\u8FD1CN
cert_verify_approach_issuer=\u63A5\u8FD1\u53D1\u5E03\u8005
cert_verify_approach_self_signed=\u63A5\u8FD1\u81EA\u7B7E\u540D
cert_verify_approach_expiration=\u63A5\u8FD1\u8FC7\u671F
cert_verify_fail_method=\u5931\u8D25\u65B9\u6CD5
ssl_ver_min=\u6700\u5C0FSSL\u7248\u672C
ssl_ver_max=\u6700\u5927SSL\u7248\u672C
ssl_ver_mirror_client=\u955C\u50CF\u5BA2\u6237\u7AEF
decrypt_mirror_enable=\u542F\u7528\u955C\u50CF
decrypt_mirror_mirror_profile=\u955C\u50CF\u6982\u8981
exclusions=\u6392\u9664
ev_cert=EV\u8BC1\u4E66
cert_transparency=\u8BC1\u4E66\u900F\u660E
client_cert_req=\u5BA2\u6237\u7AEF\u8BC1\u4E66\u8BF7\u6C42
pinning=Pinning
cn=CN
self_signed=\u81EA\u7B7E\u540D
expiration=\u8FC7\u671F
approach=\u63A5\u8FD1
cert_verify=\u8BC1\u4E66\u9A8C\u8BC1
ssl_version=SSL\u7248\u672C
mirror_client=\u955C\u50CF\u5BA2\u6237\u7AEF
min=\u6700\u5C0F
max=\u6700\u5927
decrypt_mirror=\u89E3\u5BC6\u955C\u50CF
enable=\u542F\u7528
forward=Forward
decrypt_mirror_enable_on=\u5982\u679C\u542F\u52A8\u9009\u9879\u7684\u503C\u662F1\uFF0C\u5219\u955C\u50CF\u6587\u4EF6\u9009\u9879\u9700\u8981\u9009\u62E9
ssl_ver_mirror_client_on=\u5982\u679C\u955C\u50CF\u5BA2\u6237\u7AEF\u9009\u9879\u7684\u503C\u662F1\uFF0C\u5219\u6700\u5927\u6700\u5C0FSSL\u7248\u672C\u53F7\u4F1A\u88AB\u5FFD\u7565

5
src/main/resources/service/service_config.xml
View File

@@ -271,10 +271,11 @@
<service id="512" functionId="200" serviceType="1" tableName="cfg_index_info" className="CfgIndexInfo" desc="拦截监测">
<serviceCfg cfgType="1" tableName="ip_port_cfg" ></serviceCfg>
<serviceCfg cfgType="2" tableName=" http_url_cfg" ></serviceCfg>
<userRegion regionKey="keyring_id" regionColumn="userRegion1" userRegionPosition="0" ></userRegion>
<!-- <userRegion regionKey="keyring_id" regionColumn="userRegion1" userRegionPosition="0" ></userRegion>
<userRegion regionKey="DOMAIN_ID" regionColumn="compileId" userRegionPosition="0"></userRegion>
<userRegion regionKey="DOMAIN_STR" regionColumn="cfgKeywords" userRegionPosition="0"></userRegion>
<userRegion regionKey="DOMAIN_INTENSITY" regionColumn="userRegion5" userRegionPosition="0"></userRegion>
<userRegion regionKey="DOMAIN_INTENSITY" regionColumn="userRegion5" userRegionPosition="0"></userRegion> -->
<userRegion regionKey="" regionColumn="userRegion1" userRegionPosition="0" ></userRegion>
</service>
<!-- <service id="513" functionId="201" serviceType="1" tableName="cfg_index_info" className="CfgIndexInfo" desc="域名拦截监测">
<serviceCfg cfgType="2" tableName="http_url_cfg" ></serviceCfg>

14
src/main/resources/sql/20190521/intercept_policy.sql Normal file
View File

@@ -0,0 +1,14 @@
#fail method字典
INSERT INTO `sys_data_dictionary_name`(`id`, `module_name`, `mark`, `remark`, `revision`, `create_time`, `modify_time`, `status`) VALUES (154, 'fail_method', 'FAIL_METHOD', '用于代理拦截策略', NULL, '2019-05-09 11:01:16', '2019-05-09 11:01:21', 1);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4096, 'pass-through', 'Pass-Through', '默认', 1, 1, 1, 154);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4097, 'fail-close', 'Fail-Close', NULL, 2, 1, 1, 154);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4098, 'ignore', 'Ignore', NULL, 3, 1, 1, 154);
#SSL version字典
INSERT INTO `sys_data_dictionary_name`(`id`, `module_name`, `mark`, `remark`, `revision`, `create_time`, `modify_time`, `status`) VALUES (155, 'SSL_VERSION', 'SSL_VERSION', '用于代理拦截策略SSL版本', NULL, '2019-05-09 11:50:43', '2019-05-09 11:50:46', 1);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4099, 'ssl3', 'SSLv3', 'min default', 1, 1, 1, 155);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4100, 'tls10', 'TLSv1.0', NULL, 2, 1, 1, 155);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4101, 'tls11', 'TLSv1.1', NULL, 3, 1, 1, 155);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4102, 'tls12', 'TLSv1.2', NULL, 4, 1, 1, 155);
INSERT INTO `sys_data_dictionary_item`(`id`, `item_code`, `item_value`, `item_desc`, `item_sort`, `status`, `type`, `dictionary_id`) VALUES (4103, 'tls13', 'TLSv1.3', 'max default', 5, 1, 1, 155);

4
src/main/webapp/WEB-INF/views/cfg/complexCfgForm.jsp
View File

@@ -113,7 +113,7 @@
</div>
</div>
<!-- 域名拦截增加拦截强度 -->
<c:if test="${_cfg.functionId eq 200}">
<%-- <c:if test="${_cfg.functionId eq 200}">
<div class="col-md-6 hidden intensity">
<div class="form-group">
<label class="control-label col-md-3"><font color="red">*</font>
@@ -130,7 +130,7 @@
<div for="userRegion5"></div>
</div>
</div>
</c:if>
</c:if> --%>
</div>
<c:if test="${serviceId eq 1025}">
<div class="row L3_header hidden">

395
src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
View File

@@ -8,12 +8,54 @@
.boxSolid {
border: 1px solid #eeeeee
}
fieldset{padding:.35em .625em .75em;margin:0 2px;border:1px solid silver}
legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;color: #333333;background: #e7ecf1;margin: 12px 0px 14px 0px;font-weight: 300;padding:5px}
.switch{
border-collapse: collapse;
}
</style>
<script type="text/javascript">
$(document)
.ready(
function() {
$(".switch").bootstrapSwitch({
/* onText:"<spring:message code='ON'/>",
offText:"<spring:message code='OFF'/>", */
onColor:"info",
offColor:"default",
size:"small",
onInit: function() {
if($(this).val()==''){
$(this).val(0);
}
},
onSwitchChange:function(event,state){
if(state==true){
$(this).val("1");
if($(this).attr("id")=="approach"){
$(".approach").removeClass("hidden");
}
if($(this).attr("id")=="mirror_client"){
$(".ssl_version").addClass("hidden");
}
if($(this).attr("id")=="enable"){
$(".mirror_profile").removeClass("hidden");
}
}else{
$(this).val("0");
if($(this).attr("id")=="approach"){
$(".approach").addClass("hidden");
}
if($(this).attr("id")=="mirror_client"){
$(".ssl_version").removeClass("hidden");
}
if($(this).attr("id")=="enable"){
$(".mirror_profile").addClass("hidden");
}
}
}
});
$(".action").on("change", function() {
switchAction($("input[name=action]:checked").val());
//拦截根据action切换动作部分
@@ -30,7 +72,7 @@
$(".ratelimitAction").find("input[name='userRegion1']").on("change",function(){
switchRateLimitType();
});
$(".monitAction").find("select[name='userRegion1']").on("change",function(){
$(".monitAction").find("select[name='keyring']").on("change",function(){
selectCert(this);
});
selectCert();
@@ -49,7 +91,10 @@
submitHandler : function(form) {
var flag = true;
var actionValue=$("input[name=action]:checked").val();
//将拦截策略checkbox选中
/* $(".userregion:visible").find(":not(checked)").each(function(){
$(this).attr("checked",true);
}); */
//代表所有业务都隐藏了,提示必须增加一种业务数据
@@ -89,14 +134,14 @@
$(".disabled").each(function(){
$(this).remove();
});
$("input[name$='exprType']").attr("disabled",false);
var action=$("input[name='action']:checked").val();
if(action==1){ //监测
$("input[name$='exprType']").attr("disabled",false);
if(actionValue==1){ //监测
$(".ratelimitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".replaceAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".spoofingAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
}else if(action==64){//限速
}else if(actionValue==64){//限速
$(".monitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".replaceAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
@@ -108,12 +153,12 @@
if(rateLimitType == 1){//带宽
$(".droprate").find("select[name='userRegion2']").attr("disabled",true);
}
}else if(action==80){//替换
}else if(actionValue==80){//替换
$(".monitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".ratelimitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".spoofingAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
}else if(action==48){//IP仿冒业务
}else if(actionValue==48){//IP仿冒业务
$(".monitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".ratelimitAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".whiteListAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
@@ -124,6 +169,13 @@
$(".replaceAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
$(".spoofingAction").find("input[name^='userRegion'],select[name^='userRegion']").attr("disabled",true);
}
//处理action parameter
/* $(".userRegion").each(function(){
$(this).attr("name","userRegion['"+$(this).attr("id")+"']");
if($(this).is(":checkbox") && $(this).hasClass("switch")){
$(this).attr("checked","checked");
}
}); */
loading('onloading...');
form.submit();
}else{
@@ -137,7 +189,6 @@
/* $("span[title='add']").on("click", function() {
$(".ipPort0").removeClass("hidden");
}); */
});
//限流方式
@@ -183,11 +234,11 @@
}
//实体证书提示域名信息
var selectCert=function(){
var cert=$(".monitAction").find("select[name='userRegion1']").val();
var keyringType=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("keyringType");
var cert=$(".monitAction").find("select[name='keyring']").val();
var keyringType=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("keyringType");
if(cert != '' && keyringType == 'end-entity'){
var san=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("san");
var cn=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("cn");
var san=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("san");
var cn=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("cn");
if(san.indexOf(cn) > -1){
$("#certDomain").attr("title",san);
}else{
@@ -204,8 +255,8 @@
var serviceType=$(inputObj).attr("serviceType");
var prefixName=$(inputObj).attr("name").split("cfgRegionCode")[0];
//var matchMethod=$("select[name='"+prefixName+"matchMethod']").val();
var cert=$(".monitAction").find("select[name='userRegion1']").val();
var keyringType=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("keyringType");
var cert=$(".monitAction").find("select[name='keyring']").val();
var keyringType=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("keyringType");
if(cert != '' && keyringType == 'end-entity'){
var domainDiv = $(inputObj).parent(".intercept_domain_div").is(':hidden');
@@ -213,10 +264,10 @@
top.$.jBox.tip("<spring:message code='intercep_domain_required_tip'/>", "<spring:message code='info'/>");
return false;
}
var cn=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("cn");
var cn=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("cn");
if(cn !='' && cn != null){
var cnReg = new RegExp('^(?=^.{3,255}$)[a-zA-Z0-9][-a-zA-Z0-9]{0,62}(\\'+cn.replace("*","")+')+$');
var san=$(".monitAction").find("select[name='userRegion1']").find("option[value='"+cert+"']").attr("san");
var san=$(".monitAction").find("select[name='keyring']").find("option[value='"+cert+"']").attr("san");
if(san != null && san !=''){
//$(".intercept_domain_div").each(function(){
if(serviceType == "intercept_domain"){
@@ -500,9 +551,7 @@
<input type="hidden" name="isValid" value="${_cfg.isValid}">
<input type="hidden" name="isAudit" value="${_cfg.isAudit}">
<!-- <input type="hidden" id="doLog" name="doLog" value="2"> -->
<div class="form-body">
<div class="row">
<div class="col-md-6">
<div class="form-group">
@@ -531,7 +580,7 @@
<c:if test="${_cfg.action==service.action || (_cfg.action==null && satus.index==0)}">checked</c:if>>
<c:forEach items="${fns:getDictList('SERVICE_ACTION') }" var="dict">
<c:if test="${(dict.itemCode eq service.action) && (service.action eq 1) }">
<spring:message code="intercept"/>
<spring:message code="forward"/>
</c:if>
<c:if test="${(dict.itemCode eq service.action) && (service.action eq 128) }">
<spring:message code="bypass"/>
@@ -577,39 +626,287 @@
<!-- dolog end-->
<%-- action 为1 监测时 可以选择证书--%>
<div class="row monitAction hidden">
<h4 class="form-section">
<h4 class="form-section monitAction">
<spring:message code="action_region" />
<small></small>
</h4>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message
code="intercept_file_strategy" /></label>
<div class="col-md-6">
<select name="userRegion1" class="selectpicker show-tick form-control">
<option value="" <c:if test="${empty _cfg.userRegion1}">selected</c:if> ><spring:message code="selected"/></option>
<c:forEach items="${certificateList}" var="certificate">
<option value="${certificate.compileId}"
cn="${certificate.cn}"
san="${certificate.altName}"
keyringType="${certificate.keyringType}"
<c:if test="${_cfg.userRegion1 eq fn:trim(certificate.compileId)}">
selected
</c:if>
>
${certificate.cfgDesc}
</option>
</c:forEach>
</select>
</h4>
<fieldset class="monitAction hidden">
<legend><spring:message code="intercept_file_strategy" /></legend>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3"><spring:message
code="intercept_file_strategy" /></label>
<div class="col-md-6">
<select name="keyring" class="selectpicker show-tick form-control">
<option value="" <c:if test="${empty _cfg.userRegion.keyring}">selected</c:if> ><spring:message code="selected"/></option>
<c:forEach items="${certificateList}" var="certificate">
<option value="${certificate.compileId}"
cn="${certificate.cn}"
san="${certificate.altName}"
keyringType="${certificate.keyringType}"
<c:if test="${_cfg.userRegion.keyring eq fn:trim(certificate.compileId)}">
selected
</c:if>
>
${certificate.cfgDesc}
</option>
</c:forEach>
</select>
</div>
&nbsp;<span id="certDomain" title=""
class="hidden" data-icon="&#xe08b;" style="cursor:default"></span>
<div for="keyring"></div>
</div>
</div>
</div>
</fieldset>
<br>
<fieldset class="monitAction hidden">
<legend><spring:message code="exclusions" /></legend>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="ev_cert" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="ev_cert" name="ev_cert" class="switch userRegion"
value="${_cfg.cfgId eq null?0:_cfg.userRegion.exclusions.ev_cert }" <c:if test="${ _cfg.userRegion.exclusions.ev_cert eq 1}">checked</c:if>/>
</div>
</div>
<div for="ev_cert"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="cert_transparency" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="cert_transparency" name="cert_transparency" class="switch userRegion"
value="${_cfg.cfgId eq null?0:_cfg.userRegion.exclusions.cert_transparency }" <c:if test="${_cfg.userRegion.exclusions.cert_transparency eq 1}">checked</c:if>/>
</div>
</div>
<div for="cert_transparency"></div>
</div>
&nbsp;<span id="certDomain" title=""
class="hidden" data-icon="&#xe08b;" style="cursor:default"></span>
<div for="userRegion1"></div>
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="client_cert_req" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="client_cert_req" name="client_cert_req" class="switch userRegion"
value="${_cfg.cfgId eq null?1:_cfg.userRegion.exclusions.client_cert_req }" <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.exclusions.client_cert_req eq 1}">checked</c:if>/>
</div>
</div>
<div for="client_cert_req"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="pinning" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="pinning" name="pinning" class="switch userRegion"
value="${_cfg.cfgId eq null?1:_cfg.userRegion.exclusions.pinning }" <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.exclusions.pinning eq 1}">checked</c:if>/>
</div>
</div>
<div for="pinning"></div>
</div>
</div>
</div>
</fieldset>
<br/>
<fieldset class="monitAction hidden">
<legend><spring:message code="cert_verify" /></legend>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title">
<spring:message code="approach" />
</h3>
</div>
<div class="panel-body">
<div class="row approach">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="cn" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="ev_cert" name="cn" class="switch userRegion"
value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach.cn }" <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach.cn eq 1}">checked</c:if>/>
</div>
</div>
<div for="cn"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="issuer" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="issuer" name="issuer" class="switch userRegion"
value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach.issuer }" <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach.issuer eq 1}">checked</c:if>/>
</div>
</div>
<div for="issuer"></div>
</div>
</div>
</div>
<div class="row approach">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="self_signed" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="self-signed" name="self-signed" class="switch userRegion"
value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach['self-signed'] }" <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach['self-signed'] eq 1}">checked</c:if>/>
</div>
</div>
<div for="self-signed"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="expiration" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="expiration" name="expiration" class="switch userRegion"
value="${_cfg.cfgId eq null?1:_cfg.userRegion.cert_verify.approach.expiration }" <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.cert_verify.approach.expiration eq 1}">checked</c:if>/>
</div>
</div>
<div for="expiration"></div>
</div>
</div>
</div>
</div>
</div>
<%-- <fieldset>
<legend><spring:message code="approach" />
</legend> --%>
<!-- </fieldset><br/> -->
<div class="row">
<div class="col-md-6">
<div class="form-group ">
<label class="control-label col-md-3"><spring:message code="cert_verify_fail_method"/></label>
<div class="col-md-6">
<select id="fail_method" name="fail_method" data-live-search="true" class="selectpicker form-control required">
<c:forEach items="${fns:getDictList('FAIL_METHOD')}" var="dictC">
<option value="${dictC.itemCode}" <c:if test="${(_cfg.userRegion.cert_verify.fail_method eq null and dictC.itemCode eq 'pass-through') or (_cfg.userRegion.cert_verify.fail_method eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
</c:forEach>
</select>
</div>
<div for="fail_method"></div>
</div>
</div>
</div>
</fieldset>
<br>
<fieldset class="monitAction hidden">
<legend><spring:message code="ssl_version" /></legend>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="mirror_client" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="mirror_client" name="mirror_client" class="switch userRegion"
value="${_cfg.userRegion.ssl_ver.mirror_client }" <c:if test="${_cfg.userRegion.ssl_ver.mirror_client eq 1}">checked</c:if>/>
</div>
</div>
<div for="mirror_client"></div>
</div>
</div>
</div>
<div class="row ssl_version <c:if test="${_cfg.userRegion.ssl_ver.mirror_client eq 1}">hidden</c:if>">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="min" />
</label>
<div class="col-md-6">
<select id="min" name="min" class="selectpicker form-control sslVersionCheck">
<c:forEach items="${fns:getDictList('SSL_VERSION')}" var="dictC">
<option value="${dictC.itemCode}" data-sort="${dictC.itemSort}" <c:if test="${((_cfg.userRegion.ssl_ver.min eq null) and(dictC.itemCode eq 'ssl3'))or (_cfg.userRegion.ssl_ver.min eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
</c:forEach>
</select>
</div>
<div for="min"></div>
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="max" />
</label>
<div class="col-md-6">
<select id="max" name="max" class="selectpicker form-control sslVersionCheck">
<c:forEach items="${fns:getDictList('SSL_VERSION')}" var="dictC">
<option value="${dictC.itemCode}" data-sort="${dictC.itemSort}" <c:if test="${((_cfg.userRegion.ssl_ver.max eq null) and(dictC.itemCode eq 'tls13'))or (_cfg.userRegion.ssl_ver.max eq dictC.itemCode)}">selected</c:if>><spring:message code="${dictC.itemValue}"/></option>
</c:forEach>
</select>
</div>
<div for="max"></div>
</div>
</div>
</div>
</fieldset>
<br>
<fieldset class="monitAction hidden">
<legend><spring:message code="decrypt_mirror" /></legend>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label class="control-label col-md-3">
<spring:message code="enable" />
</label>
<div class="col-md-6">
<div class="bootstrap-switch">
<input type="checkbox" id="enable" name="enable" class="switch userRegion"
value="${_cfg.userRegion.decrypt_mirror.enable }" <c:if test="${_cfg.userRegion.decrypt_mirror.enable eq 1}">checked</c:if>/>
</div>
</div>
<div for="enable"></div>
</div>
</div>
<div class="col-md-6 mirror_profile <c:if test="${_cfg.userRegion.decrypt_mirror.enable ne 1}">hidden</c:if>">
<div class="form-group">
<label class="control-label col-md-3">
<font color="red">*</font><spring:message code="decrypt_mirror_mirror_profile" />
</label>
<div class="col-md-6">
<select id="mirror_profile" name="mirror_profile" data-live-search="true" class="selectpicker form-control required">
<option value="" ><spring:message code="selected"/></option>
<c:forEach items="${mirrorProfiles}" var="dictC">
<option value="${dictC.compileId}" <c:if test="${_cfg.userRegion.decrypt_mirror.mirror_profile eq dictC.compileId}">selected</c:if>><spring:message code="${dictC.cfgDesc}"/></option>
</c:forEach>
</select>
</div>
<div for="mirror_profile"></div>
</div>
</div>
</div>
</fieldset>
<%-- action 为64 限速时 --%>
<div class="row ratelimitAction hidden">
<h4 class="form-section">

119
src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
View File

@@ -90,6 +90,65 @@
$("#exportValue").val($("#intype").val());
}
}
var keyringArr=[],mirrorProfileArr=[];
$("td[userregion]").each(function(){
var userregion=$(this).attr("userregion")
if(userregion.length>0&&userregion.indexOf("{")==0){
var jsonObj=JSON.parse(userregion);
var obj=$(this);
$(obj).parent().find("td[data-column='keyring']").text(jsonObj.keyring==0?"":jsonObj.keyring);
if(jsonObj.keyring){
keyringArr.push(jsonObj.keyring);
}
$(obj).parent().find("td[data-column='ev_cert']").text(jsonObj.exclusions.ev_cert==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='cert_transparency']").text(jsonObj.exclusions.cert_transparency==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='client_cert_req']").text(jsonObj.exclusions.client_cert_req==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='pinning']").text(jsonObj.exclusions.pinning==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='cn']").text(jsonObj.cert_verify.approach.cn==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='issuer']").text(jsonObj.cert_verify.approach.issuer==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='self-signed']").text(jsonObj.cert_verify.approach['self-signed']==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='expiration']").text(jsonObj.cert_verify.approach.expiration==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$("input[name='failMethods']").each(function(){
if(jsonObj.cert_verify.fail_method==$(this).data("key")){
$(obj).parent().find("td[data-column='fail_method']").text($(this).val());
}
});
$("input[name='sslversions']").each(function(){
if(jsonObj.ssl_ver.min==$(this).data("key")){
$(obj).parent().find("td[data-column='min']").text($(this).val());
}
if(jsonObj.ssl_ver.max==$(this).data("key")){
$(obj).parent().find("td[data-column='max']").text($(this).val());
}
});
$(obj).parent().find("td[data-column='mirror_client']").text(jsonObj.ssl_ver.mirror_client==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='enable']").text(jsonObj.decrypt_mirror.enable==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
$(obj).parent().find("td[data-column='mirror_profile']").text(jsonObj.decrypt_mirror.mirror_profile);
if(jsonObj.decrypt_mirror.mirror_profile){
mirrorProfileArr.push(jsonObj.decrypt_mirror.mirror_profile);
}
}
});
if(keyringArr.length>0||mirrorProfileArr.length>0){
$.post("${ctx}/proxy/intercept/ajaxGetValues",{"keyrings":keyringArr.join(','),"mirrorProfiles":mirrorProfileArr.join(',')},function(data){
$("td[data-column='keyring']").each(function(){
for(var key in data.keyrings){
if($(this).text().trim()==key){
$(this).text(data.keyrings[key]);
}
}
});
$("td[data-column='mirror_profile']").each(function(){
for(var key in data.mirrorProfiles){
if($(this).text().trim()==key){
$(this).text(data.mirrorProfiles[key]);
}
}
});
})
}
});
</script>
@@ -100,6 +159,12 @@
</c:if>
<c:if test="${cfg.functionId eq 200}">
<c:set var="interceptType" value="Ip"/>
<c:forEach items="${fns:getDictList('FAIL_METHOD')}" var="dict">
<input type="hidden" name="failMethods" data-key="${dict.itemCode}" value="${dict.itemValue}">
</c:forEach>
<c:forEach items="${fns:getDictList('SSL_VERSION')}" var="dict">
<input type="hidden" name="sslversions" data-key="${dict.itemCode}" value="${dict.itemValue}">
</c:forEach>
</c:if>
<c:if test="${cfg.functionId eq 201}">
<c:set var="interceptType" value="Domain"/>
@@ -389,8 +454,22 @@
<c:if test="${cfg.functionId eq 200 }">
<th column="userregion2" ><spring:message code="ratelimit"/></th>
<%-- <th column="bandwith" ><spring:message code="bandwith"/></th> --%>
<th column="userregion1" ><spring:message code="intercept_file_strategy"/></th>
<th column="userregion5" ><spring:message code="intercept_intensity"/></th>
<%-- <th column="userregion5" ><spring:message code="intercept_intensity"/></th> --%>
<th column="pxy_intercept_monit_keyring" ><spring:message code="pxy_intercept_monit_keyring"/></th>
<th column="exclusions_ev_cert" ><spring:message code="exclusions_ev_cert"/></th>
<th column="exclusions_cert_transparency" ><spring:message code="exclusions_cert_transparency"/></th>
<th column="exclusions_client_cert_req" ><spring:message code="exclusions_client_cert_req"/></th>
<th column="exclusions_pinning" ><spring:message code="exclusions_pinning"/></th>
<th column="cert_verify_approach_cn" ><spring:message code="cert_verify_approach_cn"/></th>
<th column="cert_verify_approach_issuer" ><spring:message code="cert_verify_approach_issuer"/></th>
<th column="cert_verify_approach_self_signed" ><spring:message code="cert_verify_approach_self_signed"/></th>
<th column="cert_verify_approach_expiration" ><spring:message code="cert_verify_approach_expiration"/></th>
<th column="cert_verify_fail_method" ><spring:message code="cert_verify_fail_method"/></th>
<th column="ssl_ver_min" ><spring:message code="ssl_ver_min"/></th>
<th column="ssl_ver_max" ><spring:message code="ssl_ver_max"/></th>
<th column="ssl_ver_mirror_client" ><spring:message code="ssl_ver_mirror_client"/></th>
<th column="decrypt_mirror_enable" ><spring:message code="decrypt_mirror_enable"/></th>
<th column="decrypt_mirror_mirror_profile" ><spring:message code="decrypt_mirror_mirror_profile"/></th>
</c:if>
<%-- <c:if test="${cfg.functionId eq 200 }">
<th column="bandwith" ><spring:message code="bandwith"/></th>
@@ -471,22 +550,30 @@
${indexCfg.userRegion3 }
</c:if>
</td> --%>
<td>
<c:if test="${indexCfg.action eq 1}">
<c:forEach items="${certificateList}" var="certificate">
<c:if test="${indexCfg.userRegion1 eq certificate.compileId}">${certificate.cfgDesc}</c:if>
<%-- <td>
<c:if test="${indexCfg.action eq 1 }">
<c:forEach items="${fns:getDictList('INTERCEPT_DOMAIN_INTENSITY') }" var="intentsityC">
<c:if test="${intentsityC.itemCode eq indexCfg.userRegion5 }">
<spring:message code="${intentsityC.itemValue }"/>
</c:if>
</c:forEach>
</c:if>
</td>
<td>
<c:if test="${indexCfg.action eq 1 }">
<c:forEach items="${fns:getDictList('INTERCEPT_DOMAIN_INTENSITY') }" var="intentsityC">
<c:if test="${intentsityC.itemCode eq indexCfg.userRegion5 }">
<spring:message code="${intentsityC.itemValue }"/>
</c:if>
</c:forEach>
</c:if>
</td>
</td> --%>
<td userregion='${indexCfg.userRegion1}' data-column="keyring"></td>
<td data-column="ev_cert" ></td>
<td data-column="cert_transparency" ></td>
<td data-column="client_cert_req" ></td>
<td data-column="pinning" ></td>
<td data-column="cn" ></td>
<td data-column="issuer" ></td>
<td data-column="self-signed" ></td>
<td data-column="expiration" ></td>
<td data-column="fail_method" ></td>
<td data-column="min" ></td>
<td data-column="max" ></td>
<td data-column="mirror_client" ></td>
<td data-column="enable" ></td>
<td data-column="mirror_profile" ></td>
</c:if>
<%-- <c:if test="${cfg.functionId eq 200 }">
<td>

26
src/main/webapp/static/global/plugins/jquery-validation/1.11.0/jquery.validate.method.js
View File

@@ -878,16 +878,16 @@ jQuery.validator.addMethod("noStrategyCheck",function(value,element) {
return flag;
});
// 代理拦截策略ssl version min小于max校验
//jQuery.validator.addMethod("sslVersionCheck",function(value,element) {
// var min,max;
// if($(element).attr("id")=="min"){
// min=element,max=$("#max");
// }else{
// max=element,min=$("#min");
// }
// if($(min).find("option:selected").data("sort")>=$(max).find("option:selected").data("sort")){
// return false;
// }else{
// return true;
// }
//});
jQuery.validator.addMethod("sslVersionCheck",function(value,element) {
var min,max;
if($(element).attr("id")=="min"){
min=element,max=$("#max");
}else{
max=element,min=$("#min");
}
if($(min).find("option:selected").data("sort")>=$(max).find("option:selected").data("sort")){
return false;
}else{
return true;
}
});

3
src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_en.js
View File

@@ -98,6 +98,7 @@
rangeCross0:"The IP {0} must not between {1} and {2}",
rangeCross1:"The IP range {0} has intersections with {1}",
protectedCfgUnique:"Keyword already exists.",
addrList:"Please enter the legitimate targets identification list"
addrList:"Please enter the legitimate targets identification list",
sslVersionCheck:"Min SSL version should smaller than Max SSL version"
});
}(jQuery));

3
src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_ru.js
View File

@@ -98,6 +98,7 @@
rangeCross0:"IP {0} не должен находиться между {1} и {2}",
rangeCross1:"Диапазон IP {0} имеет пересечения с {1}",
protectedCfgUnique:"Ключевое слово уже существует.",
addrList:"Please enter the legitimate targets identification list"
addrList:"Please enter the legitimate targets identification list",
sslVersionCheck:"моя версия SSL должны меньше, чем версия SSL, макс"
});
}(jQuery));

3
src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_zh.js
View File

@@ -98,6 +98,7 @@
rangeCross0:"IP{0}不能介于{1}和{2}",
rangeCross1:"IP范围{0}和IP范围{1}有交集",
protectedCfgUnique:"关键字已存在",
addrList:"请输入合法的目标标识列表"
addrList:"请输入合法的目标标识列表",
sslVersionCheck:"最小SSL协议版本应小于最大SSL协议版本"
});
}(jQuery));