diff --git a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java index 43f0de7c6..f77938551 100644 --- a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java +++ b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java @@ -9,6 +9,7 @@ package com.nis.domain.configuration; import java.util.List; +import java.util.Map; import com.google.gson.annotations.Expose; import com.google.gson.annotations.SerializedName; @@ -399,4 +400,110 @@ public class BaseIpCfg extends BaseCfg { public void setIndex(Integer index) { this.index = index; } + protected Integer keyring; + protected Integer evCert; + protected Integer certTransparency; + protected Integer clientCertReq; + protected Integer pinning; + protected Integer cn; + protected Integer issuer; + protected Integer selfSigned; + protected Integer expiration; + protected String failMethod; + protected String min; + protected String max; + protected Integer mirrorClient; + protected Integer enable; + protected Integer mirrorProfile; + + public Integer getKeyring() { + return keyring; + } + public void setKeyring(Integer keyring) { + this.keyring = keyring; + } + public Integer getEvCert() { + return evCert; + } + public void setEvCert(Integer evCert) { + this.evCert = evCert; + } + public Integer getCertTransparency() { + return certTransparency; + } + public void setCertTransparency(Integer certTransparency) { + this.certTransparency = certTransparency; + } + public Integer getClientCertReq() { + return clientCertReq; + } + public void setClientCertReq(Integer clientCertReq) { + this.clientCertReq = clientCertReq; + } + public Integer getPinning() { + return pinning; + } + public void setPinning(Integer pinning) { + this.pinning = pinning; + } + public Integer getCn() { + return cn; + } + public void setCn(Integer cn) { + this.cn = cn; + } + public Integer getIssuer() { + return issuer; + } + public void setIssuer(Integer issuer) { + this.issuer = issuer; + } + public Integer getSelfSigned() { + return selfSigned; + } + public void setSelfSigned(Integer selfSigned) { + this.selfSigned = selfSigned; + } + public Integer getExpiration() { + return expiration; + } + public void setExpiration(Integer expiration) { + this.expiration = expiration; + } + public String getFailMethod() { + return failMethod; + } + public void setFailMethod(String failMethod) { + this.failMethod = failMethod; + } + public String getMin() { + return min; + } + public void setMin(String min) { + this.min = min; + } + public String getMax() { + return max; + } + public void setMax(String max) { + this.max = max; + } + public Integer getMirrorClient() { + return mirrorClient; + } + public void setMirrorClient(Integer mirrorClient) { + this.mirrorClient = mirrorClient; + } + public Integer getEnable() { + return enable; + } + public void setEnable(Integer enable) { + this.enable = enable; + } + public Integer getMirrorProfile() { + return mirrorProfile; + } + public void setMirrorProfile(Integer mirrorProfile) { + this.mirrorProfile = mirrorProfile; + } } diff --git a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java index 250147f3c..bd483e840 100644 --- a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java +++ b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java @@ -282,5 +282,110 @@ public class BaseStringCfg extends BaseCfg { public void setRegionId(Integer regionId) { this.regionId = regionId; } - + protected Integer keyring; + protected Integer evCert; + protected Integer certTransparency; + protected Integer clientCertReq; + protected Integer pinning; + protected Integer cn; + protected Integer issuer; + protected Integer selfSigned; + protected Integer expiration; + protected String failMethod; + protected String min; + protected String max; + protected Integer mirrorClient; + protected Integer enable; + protected Integer mirrorProfile; + + public Integer getKeyring() { + return keyring; + } + public void setKeyring(Integer keyring) { + this.keyring = keyring; + } + public Integer getEvCert() { + return evCert; + } + public void setEvCert(Integer evCert) { + this.evCert = evCert; + } + public Integer getCertTransparency() { + return certTransparency; + } + public void setCertTransparency(Integer certTransparency) { + this.certTransparency = certTransparency; + } + public Integer getClientCertReq() { + return clientCertReq; + } + public void setClientCertReq(Integer clientCertReq) { + this.clientCertReq = clientCertReq; + } + public Integer getPinning() { + return pinning; + } + public void setPinning(Integer pinning) { + this.pinning = pinning; + } + public Integer getCn() { + return cn; + } + public void setCn(Integer cn) { + this.cn = cn; + } + public Integer getIssuer() { + return issuer; + } + public void setIssuer(Integer issuer) { + this.issuer = issuer; + } + public Integer getSelfSigned() { + return selfSigned; + } + public void setSelfSigned(Integer selfSigned) { + this.selfSigned = selfSigned; + } + public Integer getExpiration() { + return expiration; + } + public void setExpiration(Integer expiration) { + this.expiration = expiration; + } + public String getFailMethod() { + return failMethod; + } + public void setFailMethod(String failMethod) { + this.failMethod = failMethod; + } + public String getMin() { + return min; + } + public void setMin(String min) { + this.min = min; + } + public String getMax() { + return max; + } + public void setMax(String max) { + this.max = max; + } + public Integer getMirrorClient() { + return mirrorClient; + } + public void setMirrorClient(Integer mirrorClient) { + this.mirrorClient = mirrorClient; + } + public Integer getEnable() { + return enable; + } + public void setEnable(Integer enable) { + this.enable = enable; + } + public Integer getMirrorProfile() { + return mirrorProfile; + } + public void setMirrorProfile(Integer mirrorProfile) { + this.mirrorProfile = mirrorProfile; + } } diff --git a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java new file mode 100644 index 000000000..20d8d4f40 --- /dev/null +++ b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java @@ -0,0 +1,137 @@ +package com.nis.domain.configuration; + +import com.nis.util.excel.ExcelField; + +public class PxyInterceptCfg extends CfgIndexInfo { + + /** + * + */ + private static final long serialVersionUID = 994229066993318362L; + @ExcelField(title="pxy_intercept_monit_keyring",sort=7) + private String keyring; + @ExcelField(title="exclusions_ev_cert",dictType="SYS_YES_NO",sort=8) + private String evCert; + @ExcelField(title="exclusions_cert_transparency",dictType="SYS_YES_NO",sort=9) + private String certTransparency; + @ExcelField(title="exclusions_client_cert_req",dictType="SYS_YES_NO",sort=10) + private String clientCertReq; + @ExcelField(title="exclusions_pinning",dictType="SYS_YES_NO",sort=11) + private String pinning; + @ExcelField(title="cert_verify_approach_cn",dictType="SYS_YES_NO",sort=12) + private String cn; + @ExcelField(title="cert_verify_approach_issuer",dictType="SYS_YES_NO",sort=13) + private String issuer; + @ExcelField(title="cert_verify_approach_self_signed",dictType="SYS_YES_NO",sort=14) + private String selfSigned; + @ExcelField(title="cert_verify_approach_expiration",dictType="SYS_YES_NO",sort=15) + private String expiration; + @ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",sort=16) + private String failMethod; + @ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",sort=17) + private String min; + @ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",sort=18) + private String max; + @ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=19) + private String mirrorClient; + @ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=20) + private String enable; + @ExcelField(title="decrypt_mirror_mirror_profile",sort=21) + private String mirrorProfile; + private String userRegion1; + private String userRegion2; + private String userRegion3; + private String userRegion4; + private String userRegion5; + public String getKeyring() { + return keyring; + } + public void setKeyring(String keyring) { + this.keyring = keyring; + } + public String getEvCert() { + return evCert; + } + public void setEvCert(String evCert) { + this.evCert = evCert; + } + public String getCertTransparency() { + return certTransparency; + } + public void setCertTransparency(String certTransparency) { + this.certTransparency = certTransparency; + } + public String getClientCertReq() { + return clientCertReq; + } + public void setClientCertReq(String clientCertReq) { + this.clientCertReq = clientCertReq; + } + public String getPinning() { + return pinning; + } + public void setPinning(String pinning) { + this.pinning = pinning; + } + public String getCn() { + return cn; + } + public void setCn(String cn) { + this.cn = cn; + } + public String getIssuer() { + return issuer; + } + public void setIssuer(String issuer) { + this.issuer = issuer; + } + public String getSelfSigned() { + return selfSigned; + } + public void setSelfSigned(String selfSigned) { + this.selfSigned = selfSigned; + } + public String getExpiration() { + return expiration; + } + public void setExpiration(String expiration) { + this.expiration = expiration; + } + public String getFailMethod() { + return failMethod; + } + public void setFailMethod(String failMethod) { + this.failMethod = failMethod; + } + public String getMin() { + return min; + } + public void setMin(String min) { + this.min = min; + } + public String getMax() { + return max; + } + public void setMax(String max) { + this.max = max; + } + public String getMirrorClient() { + return mirrorClient; + } + public void setMirrorClient(String mirrorClient) { + this.mirrorClient = mirrorClient; + } + public String getEnable() { + return enable; + } + public void setEnable(String enable) { + this.enable = enable; + } + public String getMirrorProfile() { + return mirrorProfile; + } + public void setMirrorProfile(String mirrorProfile) { + this.mirrorProfile = mirrorProfile; + } + +} diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java new file mode 100644 index 000000000..a8a14ba3d --- /dev/null +++ b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java @@ -0,0 +1,142 @@ +package com.nis.domain.configuration.template; + +import com.nis.util.excel.ExcelField; + +public class InterceptDomainTemplate extends StringAllNotDoLogTemplate { + private Integer keyring; + + private Integer evCert; + + private Integer certTransparency; + + private Integer clientCertReq; + + private Integer pinning; + + private Integer cn; + + private Integer issuer; + + private Integer selfSigned; + + private Integer expiration; + + private String failMethod; + + private String min; + + private String max; + + private Integer mirrorClient; + + private Integer enable; + + private Integer mirrorProfile; + + @ExcelField(title="pxy_intercept_monit_keyring",align=2,sort=17) + public Integer getKeyring() { + return keyring; + } + public void setKeyring(Integer keyring) { + this.keyring = keyring; + } + @ExcelField(title="exclusions_ev_cert",align=2,sort=18) + public Integer getEvCert() { + return evCert; + } + public void setEvCert(Integer evCert) { + this.evCert = evCert; + } + @ExcelField(title="exclusions_cert_transparency",align=2,sort=19) + public Integer getCertTransparency() { + return certTransparency; + } + public void setCertTransparency(Integer certTransparency) { + this.certTransparency = certTransparency; + } + @ExcelField(title="exclusions_client_cert_req",align=2,sort=20) + public Integer getClientCertReq() { + return clientCertReq; + } + public void setClientCertReq(Integer clientCertReq) { + this.clientCertReq = clientCertReq; + } + @ExcelField(title="exclusions_pinning",align=2,sort=21) + public Integer getPinning() { + return pinning; + } + public void setPinning(Integer pinning) { + this.pinning = pinning; + } + @ExcelField(title="cert_verify_approach_cn",align=2,sort=22) + public Integer getCn() { + return cn; + } + public void setCn(Integer cn) { + this.cn = cn; + } + @ExcelField(title="cert_verify_approach_issuer",align=2,sort=23) + public Integer getIssuer() { + return issuer; + } + public void setIssuer(Integer issuer) { + this.issuer = issuer; + } + @ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24) + public Integer getSelfSigned() { + return selfSigned; + } + public void setSelfSigned(Integer selfSigned) { + this.selfSigned = selfSigned; + } + @ExcelField(title="cert_verify_approach_expiration",align=2,sort=25) + public Integer getExpiration() { + return expiration; + } + public void setExpiration(Integer expiration) { + this.expiration = expiration; + } + @ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26) + public String getFailMethod() { + return failMethod; + } + public void setFailMethod(String failMethod) { + this.failMethod = failMethod; + } + @ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27) + public String getMin() { + return min; + } + public void setMin(String min) { + this.min = min; + } + @ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28) + public String getMax() { + return max; + } + public void setMax(String max) { + this.max = max; + } + @ExcelField(title="ssl_ver_mirror_client",align=2,sort=29) + public Integer getMirrorClient() { + return mirrorClient; + } + public void setMirrorClient(Integer mirrorClient) { + this.mirrorClient = mirrorClient; + } + @ExcelField(title="decrypt_mirror_enable",align=2,sort=30) + public Integer getEnable() { + return enable; + } + public void setEnable(Integer enable) { + this.enable = enable; + } + @ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31) + public Integer getMirrorProfile() { + return mirrorProfile; + } + public void setMirrorProfile(Integer mirrorProfile) { + this.mirrorProfile = mirrorProfile; + } + +} diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java new file mode 100644 index 000000000..a25ecf788 --- /dev/null +++ b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java @@ -0,0 +1,143 @@ +package com.nis.domain.configuration.template; + +import com.nis.util.excel.ExcelField; + +public class InterceptIpTemplate extends IpAllNotDoLogTemplate { + + private Integer keyring; + + private Integer evCert; + + private Integer certTransparency; + + private Integer clientCertReq; + + private Integer pinning; + + private Integer cn; + + private Integer issuer; + + private Integer selfSigned; + + private Integer expiration; + + private String failMethod; + + private String min; + + private String max; + + private Integer mirrorClient; + + private Integer enable; + + private Integer mirrorProfile; + + @ExcelField(title="pxy_intercept_monit_keyring",align=2,sort=17) + public Integer getKeyring() { + return keyring; + } + public void setKeyring(Integer keyring) { + this.keyring = keyring; + } + @ExcelField(title="exclusions_ev_cert",align=2,sort=18) + public Integer getEvCert() { + return evCert; + } + public void setEvCert(Integer evCert) { + this.evCert = evCert; + } + @ExcelField(title="exclusions_cert_transparency",align=2,sort=19) + public Integer getCertTransparency() { + return certTransparency; + } + public void setCertTransparency(Integer certTransparency) { + this.certTransparency = certTransparency; + } + @ExcelField(title="exclusions_client_cert_req",align=2,sort=20) + public Integer getClientCertReq() { + return clientCertReq; + } + public void setClientCertReq(Integer clientCertReq) { + this.clientCertReq = clientCertReq; + } + @ExcelField(title="exclusions_pinning",align=2,sort=21) + public Integer getPinning() { + return pinning; + } + public void setPinning(Integer pinning) { + this.pinning = pinning; + } + @ExcelField(title="cert_verify_approach_cn",align=2,sort=22) + public Integer getCn() { + return cn; + } + public void setCn(Integer cn) { + this.cn = cn; + } + @ExcelField(title="cert_verify_approach_issuer",align=2,sort=23) + public Integer getIssuer() { + return issuer; + } + public void setIssuer(Integer issuer) { + this.issuer = issuer; + } + @ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24) + public Integer getSelfSigned() { + return selfSigned; + } + public void setSelfSigned(Integer selfSigned) { + this.selfSigned = selfSigned; + } + @ExcelField(title="cert_verify_approach_expiration",align=2,sort=25) + public Integer getExpiration() { + return expiration; + } + public void setExpiration(Integer expiration) { + this.expiration = expiration; + } + @ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26) + public String getFailMethod() { + return failMethod; + } + public void setFailMethod(String failMethod) { + this.failMethod = failMethod; + } + @ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27) + public String getMin() { + return min; + } + public void setMin(String min) { + this.min = min; + } + @ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28) + public String getMax() { + return max; + } + public void setMax(String max) { + this.max = max; + } + @ExcelField(title="ssl_ver_mirror_client",align=2,sort=29) + public Integer getMirrorClient() { + return mirrorClient; + } + public void setMirrorClient(Integer mirrorClient) { + this.mirrorClient = mirrorClient; + } + @ExcelField(title="decrypt_mirror_enable",align=2,sort=30) + public Integer getEnable() { + return enable; + } + public void setEnable(Integer enable) { + this.enable = enable; + } + @ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31) + public Integer getMirrorProfile() { + return mirrorProfile; + } + public void setMirrorProfile(Integer mirrorProfile) { + this.mirrorProfile = mirrorProfile; + } + +} diff --git a/src/main/java/com/nis/domain/configuration/template/IpAllNotDoLogTemplate.java b/src/main/java/com/nis/domain/configuration/template/IpAllNotDoLogTemplate.java index 6075c8938..08ad44fff 100644 --- a/src/main/java/com/nis/domain/configuration/template/IpAllNotDoLogTemplate.java +++ b/src/main/java/com/nis/domain/configuration/template/IpAllNotDoLogTemplate.java @@ -15,13 +15,13 @@ public class IpAllNotDoLogTemplate extends BasicTemplate{ - private String cfgDesc; - private String srcIpAddress; - private String destIpAddress; - private String srcPort; - private String destPort; - private Integer protocol; - private Integer direction; + protected String cfgDesc; + protected String srcIpAddress; + protected String destIpAddress; + protected String srcPort; + protected String destPort; + protected Integer protocol; + protected Integer direction; @ExcelField(title="config_describe",align=2,sort=1) public String getCfgDesc() { diff --git a/src/main/java/com/nis/util/SchedulerTaskUtil.java b/src/main/java/com/nis/util/SchedulerTaskUtil.java index e1578cd6f..8b3ba986e 100644 --- a/src/main/java/com/nis/util/SchedulerTaskUtil.java +++ b/src/main/java/com/nis/util/SchedulerTaskUtil.java @@ -146,8 +146,8 @@ public class SchedulerTaskUtil { }else if("2".equals(m.get("cfgType"))){ strList.addAll(configSynchronizationDao.getStrList(regionTable,compileIds)); //512/521/514/1026业务的用户自定义域取DOMAIN_STR取自Keyword - if(entity.getServiceId()==512 - ||entity.getServiceId()==521 + if(/*entity.getServiceId()==512 + ||*/entity.getServiceId()==521 ||entity.getServiceId()==514 ||entity.getServiceId()==1026) { keywordMap=configSynchronizationDao.getCompileIdWithKeyword(regionTable, compileIds); @@ -208,9 +208,9 @@ public class SchedulerTaskUtil { } userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT; }else{ - if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){ + /*if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){ value = "0"; - }else if(regionKey.equals("DOMAIN_STR")) { + }else*/ if(regionKey.equals("DOMAIN_STR")) { if(!StringUtil.isEmpty(keywordMap) && !StringUtil.isEmpty(keywordMap.get(cfg.getCompileId()))) { value = keywordMap.get(cfg.getCompileId()).getCfgKeywords(); } diff --git a/src/main/java/com/nis/util/excel/ExportExcel.java b/src/main/java/com/nis/util/excel/ExportExcel.java index 29ca9b0ff..d166f7969 100644 --- a/src/main/java/com/nis/util/excel/ExportExcel.java +++ b/src/main/java/com/nis/util/excel/ExportExcel.java @@ -23,6 +23,7 @@ import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.collections.CollectionUtils; import org.apache.commons.lang3.StringUtils; import org.apache.poi.ss.usermodel.Cell; import org.apache.poi.ss.usermodel.CellStyle; @@ -49,7 +50,9 @@ import com.nis.domain.SysDataDictionaryItem; import com.nis.domain.basics.PolicyGroupInfo; import com.nis.domain.basics.ServiceDictInfo; import com.nis.domain.basics.SysDictInfo; +import com.nis.domain.callback.ProxyFileTrafficMirrorCfg; import com.nis.domain.configuration.DnsResStrategy; +import com.nis.domain.configuration.PxyObjKeyring; import com.nis.util.Constants; import com.nis.util.DictUtils; import com.nis.util.Encodes; @@ -58,6 +61,8 @@ import com.nis.util.StringUtil; import com.nis.web.dao.basics.PolicyGroupInfoDao; import com.nis.web.dao.basics.SysDictInfoDao; import com.nis.web.dao.configuration.DnsResStrategyDao; +import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao; +import com.nis.web.dao.configuration.PxyObjKeyringDao; import com.nis.web.service.SpringContextHolder; /** @@ -72,6 +77,8 @@ public class ExportExcel { private static DnsResStrategyDao dnsResStrategyDao = SpringContextHolder.getBean(DnsResStrategyDao.class); private static PolicyGroupInfoDao policyGroupInfoDao = SpringContextHolder.getBean(PolicyGroupInfoDao.class); private static SysDictInfoDao sysDictInfoDao = SpringContextHolder.getBean(SysDictInfoDao.class); + private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class); + private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class); /** * 工作薄对象 @@ -587,7 +594,352 @@ public class ExportExcel { commentStr=commentStr+"▶"+msgProp.getProperty("ip_check")+"(IPv4)\n"; index++; } - + /**********************************************************************pxy intercept************************************************************************************************************/ + //pxy intercept + if("pxy_intercept_monit_keyring".equals(headerStr)) { + commentStr=""; + List certificateList=pxyObjKeyringDao.findList(null,1,1,"ip"); + if(CollectionUtils.isNotEmpty(certificateList)) { + for (PxyObjKeyring certificate : certificateList) { + commentStr=commentStr+certificate.getCompileId()+"("+certificate.getCfgDesc()+")\n"; + index++; + } + } + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + /*//2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n"; + index++;*/ + index++; + } + } + //ev_cert + if("exclusions_ev_cert".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n"; + index++; + index++; + } + } + //cert_transparency + if("exclusions_cert_transparency".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n"; + index++; + index++; + } + } + //client_cert_req + if("exclusions_client_cert_req".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n"; + index++; + index++; + } + } + //pinning + if("exclusions_pinning".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n"; + index++; + index++; + } + } + //cn + if("cert_verify_approach_cn".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n"; + index++; + index++; + } + } + //issuer + if("cert_verify_approach_issuer".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n"; + index++; + index++; + } + } + //self-signed + if("cert_verify_approach_self_signed".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n"; + index++; + index++; + } + } + //expiration + if("cert_verify_approach_expiration".equals(headerStr)) { + commentStr=""; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":1\n"; + index++; + index++; + } + } + //fail_method + if("cert_verify_fail_method".equals(headerStr)) { + commentStr=""; + defaultValue="pass-through"; + List failMethods=DictUtils.getDictList("FAIL_METHOD"); + if(CollectionUtils.isNotEmpty(failMethods)){ + for (SysDataDictionaryItem failMethod : failMethods) { + commentStr=commentStr+failMethod.getItemCode()+"("+msgProp.getProperty(failMethod.getItemValue(),failMethod.getItemValue())+")"+"\n"; + index++; + } + if(StringUtil.isEmpty(commentStr)){ + headerStr=""; + commentStr=""; + } + if(StringUtil.isEmpty(defaultValue)){ + defaultValue = region.getConfigDirection().split(",")[0]; + } + + } + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //1、默认值说明 + if(!StringUtil.isEmpty(defaultValue)){ + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n"; + index++; + } + } + //fail_method + if("ssl_ver_mirror_client".equals(headerStr)) { + commentStr=""; + defaultValue="0"; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //1、默认值说明 + if(!StringUtil.isEmpty(defaultValue)){ + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n"; + index++; + } + commentStr=commentStr+"▶"+msgProp.getProperty("ssl_ver_mirror_client_on","if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored")+"\n"; + index++; + } + //min + if("ssl_ver_min".equals(headerStr)) { + commentStr=""; + defaultValue="ssl3"; + List sslversions=DictUtils.getDictList("SSL_VERSION"); + if(CollectionUtils.isNotEmpty(sslversions)){ + for (SysDataDictionaryItem sslversion : sslversions) { + commentStr=commentStr+sslversion.getItemCode()+"("+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+")"+"\n"; + index++; + } + if(StringUtil.isEmpty(commentStr)){ + headerStr=""; + commentStr=""; + } + } + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //1、默认值说明 + if(!StringUtil.isEmpty(defaultValue)){ + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n"; + index++; + } + } + //max + if("ssl_ver_max".equals(headerStr)) { + commentStr=""; + defaultValue="tls13"; + List sslversions=DictUtils.getDictList("SSL_VERSION"); + if(CollectionUtils.isNotEmpty(sslversions)){ + for (SysDataDictionaryItem sslversion : sslversions) { + commentStr=commentStr+sslversion.getItemCode()+"("+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+")"+"\n"; + index++; + } + if(StringUtil.isEmpty(commentStr)){ + headerStr=""; + commentStr=""; + } + + } + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //1、默认值说明 + if(!StringUtil.isEmpty(defaultValue)){ + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n"; + index++; + } + } + if("decrypt_mirror_enable".equals(headerStr)) { + commentStr=""; + defaultValue="0"; + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + commentStr+=1+"("+msgProp.getProperty("yes")+")\n"; + index++; + commentStr+=0+"("+msgProp.getProperty("no")+")\n"; + index++; + commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + //1、默认值说明 + if(!StringUtil.isEmpty(defaultValue)){ + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n"; + index++; + } + commentStr=commentStr+"▶"+msgProp.getProperty("decrypt_mirror_enable_on","if the enable option value is '1', the Mirror profile is needed")+"\n"; + index++; + } + if("decrypt_mirror_mirror_profile".equals(headerStr)) { + commentStr=""; + List mirrorProfileList=proxyFileDao.findMirrorList(null,1,1); + if(CollectionUtils.isNotEmpty(mirrorProfileList)) { + for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) { + commentStr=commentStr+mirrorProfile.getCompileId()+"("+mirrorProfile.getCfgDesc()+")\n"; + index++; + } + } + if(StringUtil.isEmpty(headerStr)){ + headerStr=""; + commentStr=""; + }else{ + commentStr=msgProp.getProperty("select")+":\n"+commentStr; + index++; + index++; + commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n"; + index++; + /*//2、默认值说明 + commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n"; + index++;*/ + index++; + } + } + /**********************************************************************pxy intercept************************************************************************************************************/ if(region.getRegionType().equals(1)){//IP配置 //ip配置需要导入的信息:srcIp srcPort destIp destPort Protocol Direction //确定需要导入的srcIp srcPort destIp destPort信息 diff --git a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java index 42b978925..47ae967ae 100644 --- a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java +++ b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java @@ -1,6 +1,7 @@ package com.nis.util.excel.thread; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; @@ -21,15 +22,21 @@ import com.nis.domain.FunctionServiceDict; import com.nis.domain.SysDataDictionaryItem; import com.nis.domain.basics.AsnGroupInfo; import com.nis.domain.basics.PolicyGroupInfo; +import com.nis.domain.callback.ProxyFileTrafficMirrorCfg; import com.nis.domain.configuration.BaseIpCfg; import com.nis.domain.configuration.DnsResStrategy; import com.nis.domain.configuration.IpPortCfg; +import com.nis.domain.configuration.PxyObjKeyring; import com.nis.domain.configuration.template.IpRateLimitTemplate; //import com.nis.util.AsnCacheUtils; import com.nis.util.Constants; import com.nis.util.DictUtils; import com.nis.util.IPUtil; import com.nis.util.StringUtil; +import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao; +import com.nis.web.dao.configuration.PxyObjKeyringDao; +import com.nis.web.service.BaseService; +import com.nis.web.service.SpringContextHolder; public class CheckIpFormatThread implements Callable{ private Logger logger=Logger.getLogger(CheckIpFormatThread.class); @@ -41,6 +48,8 @@ public class CheckIpFormatThread implements Callable{ private FunctionRegionDict regionDict; private List> asnNoMaps; private Map asnGroupInfos; + private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class); + private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class); // private DnsResStrategyDao dnsResStrategyDao; public CheckIpFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue srcQueue,BlockingQueue destQueue) { this.serviceDict=serviceDict; @@ -115,6 +124,16 @@ public class CheckIpFormatThread implements Callable{ if(regionDict.getFunctionId().equals(200) && serviceDict.getAction().equals(1)){ protocol="6"; } + List sslversions = new ArrayList<>(); + List failmethods = new ArrayList<>(); + List certificateList=new ArrayList<>(); + List mirrorProfileList=new ArrayList<>(); + if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) { + certificateList=pxyObjKeyringDao.findList(null,1,1,"ip"); + sslversions=DictUtils.getDictList("SSL_VERSION"); + failmethods=DictUtils.getDictList("FAIL_METHOD"); + mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1); + } for (int i = 0; i < list.size(); i++) { StringBuffer errInfo = new StringBuffer(); IpPortCfg baseIpCfg = new IpPortCfg(); @@ -546,7 +565,229 @@ public class CheckIpFormatThread implements Callable{ } } } - + if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) { + Integer kering=baseIpCfg.getKeyring(); + Integer evCet=baseIpCfg.getEvCert(); + Integer certTransparency=baseIpCfg.getCertTransparency(); + Integer clientCertReq=baseIpCfg.getClientCertReq(); + Integer pinning=baseIpCfg.getPinning(); + Integer cn=baseIpCfg.getCn(); + Integer issuer=baseIpCfg.getIssuer(); + Integer selfSigned=baseIpCfg.getSelfSigned(); + Integer expiration=baseIpCfg.getExpiration(); + String failMethod=baseIpCfg.getFailMethod(); + String min=baseIpCfg.getMin(); + String max=baseIpCfg.getMax(); + Integer mirrorClient=baseIpCfg.getMirrorClient(); + Integer enable=baseIpCfg.getEnable(); + Integer mirrorProfile=baseIpCfg.getMirrorProfile(); + Map userRegionMap=new HashMap<>(); + Map map=new HashMap<>(); + if(kering!=null) { + boolean has=false; + for(PxyObjKeyring keyring:certificateList) { + if(keyring.getCompileId().toString().equals(kering.toString())) { + has=true; + break; + } + } + if(has) { + userRegionMap.put("keyring", kering); + }else { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";"); + } + }else { + userRegionMap.put("keyring", 0); + } + if(evCet!=null) { + if(evCet!=0&&evCet!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";"); + }else { + map.put("ev_cert", evCet); + } + + }else { + map.put("ev_cert", 0); + } + if(certTransparency!=null) { + if(certTransparency!=0&&certTransparency!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";"); + }else { + map.put("cert_transparency", certTransparency); + } + + }else { + map.put("cert_transparency", 0); + } + if(clientCertReq!=null) { + if(clientCertReq!=0&&clientCertReq!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";"); + }else { + map.put("client_cert_req", clientCertReq); + } + + }else { + map.put("client_cert_req", 1); + } + + if(pinning!=null) { + if(pinning!=0&&pinning!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";"); + }else { + map.put("pinning", pinning); + } + }else { + map.put("pinning", 1); + } + userRegionMap.put("exclusions", map); + map=new HashMap<>(); + Map map1=new HashMap<>(); + if(cn!=null) { + if(cn!=0&&cn!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";"); + }else { + map1.put("cn", cn); + } + }else { + map1.put("cn", 1); + } + if(issuer!=null) { + if(issuer!=0&&issuer!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";"); + }else { + map1.put("issuer", issuer); + } + }else { + map1.put("issuer", 1); + } + if(selfSigned!=null) { + if(selfSigned!=0&&selfSigned!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";"); + }else { + map1.put("self-signed", selfSigned); + } + }else { + map1.put("self-signed", 1); + } + if(expiration!=null) { + if(expiration!=0&&expiration!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";"); + }else { + map1.put("expiration", expiration); + } + }else { + map1.put("expiration", 1); + } + map.put("approach", map1); + if(StringUtils.isBlank(failMethod)) { + map.put("fail_method", "pass-through"); + }else { + boolean has=false; + for(SysDataDictionaryItem fail: failmethods) { + if(fail.getItemCode().equals(failMethod)) { + has=true; + break; + } + } + if(!has) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";"); + } + map.put("fail_method", failMethod); + } + userRegionMap.put("cert_verify", map); + map=new HashMap<>(); + + if(mirrorClient==null) { + mirrorClient=0; + map.put("mirror_client", 0); + }else { + if(mirrorClient!=0&&mirrorClient!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";"); + }else { + map.put("mirror_client", mirrorClient); + } + } + if(mirrorClient==0) { + int minSort=0,maxSort=0; + if(StringUtils.isBlank(min)) { + min="ssl3"; + } + if(StringUtils.isBlank(max)) { + max="tls13"; + } + for(SysDataDictionaryItem sslversion: sslversions) { + if(sslversion.getItemCode().equals(min)) { + minSort=sslversion.getItemSort(); + } + if(sslversion.getItemCode().equals(max)) { + maxSort=sslversion.getItemSort(); + } + } + if(minSort==0) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";"); + + } + if(maxSort==0) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";"); + } + if(minSort>=maxSort) { + errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";"); + } + map.put("min", min); + map.put("max", max); + } + userRegionMap.put("ssl_ver", map); + map=new HashMap<>(); + if(enable==null) { + enable=0; + map.put("enable", 0); + }else { + if(enable!=0&&enable!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";"); + }else { + map.put("enable", enable); + } + + } + //enable==1的时候才设置mirror_profile + if(enable==1) { + if(mirrorProfile==null) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";"); + }else { + boolean has=false; + for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) { + if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) { + has=true; + break; + } + } + if(has) { + map.put("mirror_profile", mirrorProfile); + }else { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";"); + } + map.put("mirror_profile", mirrorProfile); + } + } + userRegionMap.put("decrypt_mirror", map); + baseIpCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap)); + } // IpSpoofing if (regionDict.getFunctionId().equals(214)) { List dicts = DictUtils.getDictList("SPOOFING_IP_TYPE"); diff --git a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java index b09cfb0e7..fdbcdc222 100644 --- a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java +++ b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java @@ -1,7 +1,9 @@ package com.nis.util.excel.thread; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Map; import java.util.Properties; import java.util.Set; import java.util.concurrent.BlockingQueue; @@ -19,10 +21,15 @@ import com.beust.jcommander.internal.Sets; import com.nis.domain.FunctionRegionDict; import com.nis.domain.FunctionServiceDict; import com.nis.domain.SysDataDictionaryItem; +import com.nis.domain.callback.ProxyFileTrafficMirrorCfg; import com.nis.domain.configuration.BaseStringCfg; -import com.nis.domain.configuration.IpPortCfg; +import com.nis.domain.configuration.PxyObjKeyring; import com.nis.util.Constants; import com.nis.util.DictUtils; +import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao; +import com.nis.web.dao.configuration.PxyObjKeyringDao; +import com.nis.web.service.BaseService; +import com.nis.web.service.SpringContextHolder; public class CheckStringFormatThread implements Callable{ private Logger logger=Logger.getLogger(CheckStringFormatThread.class); @@ -32,6 +39,8 @@ public class CheckStringFormatThread implements Callable{ // private DnsResStrategyDao dnsResStrategyDao; private FunctionServiceDict serviceDict; private FunctionRegionDict regionDict; + private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class); + private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class); public CheckStringFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue srcQueue,BlockingQueue> destQueue) { this.serviceDict=serviceDict; this.regionDict=regionDict; @@ -91,6 +100,16 @@ public class CheckStringFormatThread implements Callable{ StringBuffer errTip = new StringBuffer(); Pattern pattern = Pattern.compile("\t|\r|\n|\b|\f"); Pattern domainPattern = Pattern.compile("^[a-zA-Z0-9.-]*$"); + List sslversions = new ArrayList<>(); + List failmethods = new ArrayList<>(); + List certificateList=new ArrayList<>(); + List mirrorProfileList=new ArrayList<>(); + if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) { + certificateList=pxyObjKeyringDao.findList(null,1,1,"ip"); + sslversions=DictUtils.getDictList("SSL_VERSION"); + failmethods=DictUtils.getDictList("FAIL_METHOD"); + mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1); + } for (int i = 0; i < list.size(); i++) { StringBuffer errInfo = new StringBuffer(); BaseStringCfg baseStringCfg = new BaseStringCfg(); @@ -494,6 +513,229 @@ public class CheckStringFormatThread implements Callable{ } } + if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) { + Integer kering=baseStringCfg.getKeyring(); + Integer evCet=baseStringCfg.getEvCert(); + Integer certTransparency=baseStringCfg.getCertTransparency(); + Integer clientCertReq=baseStringCfg.getClientCertReq(); + Integer pinning=baseStringCfg.getPinning(); + Integer cn=baseStringCfg.getCn(); + Integer issuer=baseStringCfg.getIssuer(); + Integer selfSigned=baseStringCfg.getSelfSigned(); + Integer expiration=baseStringCfg.getExpiration(); + String failMethod=baseStringCfg.getFailMethod(); + String min=baseStringCfg.getMin(); + String max=baseStringCfg.getMax(); + Integer mirrorClient=baseStringCfg.getMirrorClient(); + Integer enable=baseStringCfg.getEnable(); + Integer mirrorProfile=baseStringCfg.getMirrorProfile(); + Map userRegionMap=new HashMap<>(); + Map map=new HashMap<>(); + if(kering!=null) { + boolean has=false; + for(PxyObjKeyring keyring:certificateList) { + if(keyring.getCompileId().toString().equals(kering.toString())) { + has=true; + break; + } + } + if(has) { + userRegionMap.put("keyring", kering); + }else { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";"); + } + }else { + userRegionMap.put("keyring", 0); + } + if(evCet!=null) { + if(evCet!=0&&evCet!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";"); + }else { + map.put("ev_cert", evCet); + } + + }else { + map.put("ev_cert", 0); + } + if(certTransparency!=null) { + if(certTransparency!=0&&certTransparency!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";"); + }else { + map.put("cert_transparency", certTransparency); + } + + }else { + map.put("cert_transparency", 0); + } + if(clientCertReq!=null) { + if(clientCertReq!=0&&clientCertReq!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";"); + }else { + map.put("client_cert_req", clientCertReq); + } + + }else { + map.put("client_cert_req", 1); + } + + if(pinning!=null) { + if(pinning!=0&&pinning!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";"); + }else { + map.put("pinning", pinning); + } + }else { + map.put("pinning", 1); + } + userRegionMap.put("exclusions", map); + map=new HashMap<>(); + Map map1=new HashMap<>(); + if(cn!=null) { + if(cn!=0&&cn!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";"); + }else { + map1.put("cn", cn); + } + }else { + map1.put("cn", 1); + } + if(issuer!=null) { + if(issuer!=0&&issuer!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";"); + }else { + map1.put("issuer", issuer); + } + }else { + map1.put("issuer", 1); + } + if(selfSigned!=null) { + if(selfSigned!=0&&selfSigned!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";"); + }else { + map1.put("self-signed", selfSigned); + } + }else { + map1.put("self-signed", 1); + } + if(expiration!=null) { + if(expiration!=0&&expiration!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";"); + }else { + map1.put("expiration", expiration); + } + }else { + map1.put("expiration", 1); + } + map.put("approach", map1); + if(StringUtils.isBlank(failMethod)) { + map.put("fail_method", "pass-through"); + }else { + boolean has=false; + for(SysDataDictionaryItem fail: failmethods) { + if(fail.getItemCode().equals(failMethod)) { + has=true; + break; + } + } + if(!has) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";"); + } + map.put("fail_method", failMethod); + } + userRegionMap.put("cert_verify", map); + map=new HashMap<>(); + + if(mirrorClient==null) { + mirrorClient=0; + map.put("mirror_client", 0); + }else { + if(mirrorClient!=0&&mirrorClient!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";"); + }else { + map.put("mirror_client", mirrorClient); + } + } + if(mirrorClient==0) { + int minSort=0,maxSort=0; + if(StringUtils.isBlank(min)) { + min="ssl3"; + } + if(StringUtils.isBlank(max)) { + max="tls13"; + } + for(SysDataDictionaryItem sslversion: sslversions) { + if(sslversion.getItemCode().equals(min)) { + minSort=sslversion.getItemSort(); + } + if(sslversion.getItemCode().equals(max)) { + maxSort=sslversion.getItemSort(); + } + } + if(minSort==0) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";"); + + } + if(maxSort==0) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";"); + } + if(minSort>=maxSort) { + errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";"); + } + map.put("min", min); + map.put("max", max); + } + userRegionMap.put("ssl_ver", map); + map=new HashMap<>(); + if(enable==null) { + enable=0; + map.put("enable", 0); + }else { + if(enable!=0&&enable!=1) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";"); + }else { + map.put("enable", enable); + } + + } + //enable==1的时候才设置mirror_profile + if(enable==1) { + if(mirrorProfile==null) { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";"); + }else { + boolean has=false; + for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) { + if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) { + has=true; + break; + } + } + if(has) { + map.put("mirror_profile", mirrorProfile); + }else { + errInfo.append(String.format(prop.getProperty("is_incorrect"), + prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";"); + } + map.put("mirror_profile", mirrorProfile); + } + } + userRegionMap.put("decrypt_mirror", map); + baseStringCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap)); + } if (errInfo.toString().length() > 0) {// errTip.append(String.format(prop.getProperty("line"), baseStringCfg.getIndex()) + ","); errTip.append(errInfo); diff --git a/src/main/java/com/nis/web/controller/BaseController.java b/src/main/java/com/nis/web/controller/BaseController.java index eb3eb8348..19c12206d 100644 --- a/src/main/java/com/nis/web/controller/BaseController.java +++ b/src/main/java/com/nis/web/controller/BaseController.java @@ -102,6 +102,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate; import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate; import com.nis.domain.configuration.template.HttpsReplaceIpTemplate; import com.nis.domain.configuration.template.HttpsReplaceTemplate; +import com.nis.domain.configuration.template.InterceptDomainTemplate; +import com.nis.domain.configuration.template.InterceptIpTemplate; import com.nis.domain.configuration.template.IpAllNotDoLogTemplate; import com.nis.domain.configuration.template.IpAllTemplate; import com.nis.domain.configuration.template.IpPayloadTemplate; @@ -1483,7 +1485,10 @@ public class BaseController { if(serviceDict.getAction().equals(64)) { BlockingQueue list = ei.getDataList(IpRateLimitTemplate.class ); ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list); - }else { + }else if(serviceDict!=null&&serviceDict.getServiceId().equals(512)){ + BlockingQueue list = ei.getDataList(InterceptIpTemplate.class ); + ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list); + }else{ BlockingQueue list = ei.getDataList(IpAllNotDoLogTemplate.class ); ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list); } @@ -1516,7 +1521,7 @@ public class BaseController { stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list); }else if (regionDict.getFunctionId().equals(200)){// 拦截策略 if(serviceDict.getAction().equals(1)){// 监测 - BlockingQueue list = ei.getDataList(DomainInterceptMonitTemplate.class); + BlockingQueue list = ei.getDataList(InterceptDomainTemplate.class); stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list); }else if(serviceDict.getAction().equals(64)){// 限速 BlockingQueue list = ei.getDataList(DomainInterceptRateLimitTemplate.class); @@ -2514,6 +2519,8 @@ public class BaseController { } else if(regionDict.getFunctionId().equals(200)){// 拦截策略 if(serviceDict.getAction().intValue()==64) { ei.loadInitParams(IpRateLimitTemplate.class, msgProp, regionDict, serviceDict); + }else if(serviceDict.getServiceId().equals(512)){ + ei.loadInitParams(InterceptIpTemplate.class, msgProp, regionDict, serviceDict); }else { ei.loadInitParams(IpAllNotDoLogTemplate.class, msgProp, regionDict, serviceDict); } @@ -2537,7 +2544,7 @@ public class BaseController { ei.loadInitParams(AppDomainTemplate.class, msgProp, regionDict, serviceDict); } else if(regionDict.getFunctionId().equals(200)){// 拦截策略 domain if(serviceDict.getAction().equals(1)){// 监测 - ei.loadInitParams(DomainInterceptMonitTemplate.class, msgProp, regionDict, serviceDict); + ei.loadInitParams(InterceptDomainTemplate.class, msgProp, regionDict, serviceDict); }else if(serviceDict.getAction().equals(64)){// 限速 ei.loadInitParams(DomainInterceptRateLimitTemplate.class, msgProp, regionDict, serviceDict); }else{// 白名单 diff --git a/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java b/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java index 58b7693c9..c3e365e15 100644 --- a/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java +++ b/src/main/java/com/nis/web/controller/configuration/ntc/IpController.java @@ -53,6 +53,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate; import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate; import com.nis.domain.configuration.template.HttpsReplaceIpTemplate; import com.nis.domain.configuration.template.HttpsReplaceTemplate; +import com.nis.domain.configuration.template.InterceptDomainTemplate; +import com.nis.domain.configuration.template.InterceptIpTemplate; import com.nis.domain.configuration.template.IpAllNotDoLogTemplate; import com.nis.domain.configuration.template.IpAllTemplate; import com.nis.domain.configuration.template.IpPayloadTemplate; @@ -479,7 +481,12 @@ public class IpController extends BaseController{ ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpRateLimitTemplate.class, 2); excel.setDataList(pro,classList,null). write(request,response, fileName).dispose(); - }else { + }else if(serviceDict.getServiceId().equals(512)){ + List classList=new ArrayList(); + ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptIpTemplate.class, 2); + excel.setDataList(pro,classList,null). + write(request,response, fileName).dispose(); + }else{ List classList=new ArrayList(); ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpAllNotDoLogTemplate.class, 2); excel.setDataList(pro,classList,null). @@ -522,8 +529,8 @@ public class IpController extends BaseController{ write(request,response, fileName).dispose(); }else if(regionDict.getFunctionId().equals(200)){// 拦截策略(域名) if(serviceDict.getAction().equals(1)){// 监测 - List classList=new ArrayList(); - ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, DomainInterceptMonitTemplate.class, 2); + List classList=new ArrayList(); + ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptDomainTemplate.class, 2); excel.setDataList(pro,classList,null). write(request,response, fileName).dispose(); }else if(serviceDict.getAction().equals(64)){// 限速 diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java index 337421a23..7e7bf221a 100644 --- a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java +++ b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java @@ -18,15 +18,19 @@ import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.servlet.mvc.support.RedirectAttributes; import com.nis.domain.Page; import com.nis.domain.basics.PolicyGroupInfo; +import com.nis.domain.callback.ProxyFileTrafficMirrorCfg; import com.nis.domain.configuration.BaseStringCfg; import com.nis.domain.configuration.CfgIndexInfo; import com.nis.domain.configuration.HttpUrlCfg; import com.nis.domain.configuration.InterceptPktBin; import com.nis.domain.configuration.IpPortCfg; +import com.nis.domain.configuration.PxyInterceptCfg; import com.nis.domain.configuration.PxyObjKeyring; import com.nis.domain.configuration.PxyObjSpoofingIpPool; import com.nis.exceptions.MaatConvertException; @@ -36,6 +40,7 @@ import com.nis.util.LogUtils; import com.nis.util.StringUtil; import com.nis.web.controller.configuration.CommonController; import com.nis.web.security.UserUtils; +import com.nis.web.service.BaseService; /** * IP相关配置控制类 @@ -57,13 +62,17 @@ public class InterceptController extends CommonController { // 获取证书信息 List certificateList = new ArrayList(); - if (cfg.getFunctionId().equals(200)) { - certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip"); + List mirrorProfiles = new ArrayList(); + if (cfg.getFunctionId().equals(200)) {//改为ajax查询 + //certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip"); + //mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1); + } if (cfg.getFunctionId().equals(201)) { certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain"); } model.addAttribute("certificateList", certificateList); + model.addAttribute("mirrorProfiles", mirrorProfiles); /*if(cfg.getFunctionId().equals(214)){ // IP地址仿冒策略使用策略组 //List policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6); @@ -89,13 +98,16 @@ public class InterceptController extends CommonController { } // 获取证书信息 List certificateList = new ArrayList(); + List mirrorProfiles = new ArrayList(); // if (entity.getFunctionId().equals(200)) { certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, null); + mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1); // } // if (entity.getFunctionId().equals(201)) { // certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain"); // } model.addAttribute("certificateList", certificateList); + model.addAttribute("mirrorProfiles", mirrorProfiles); model.addAttribute("_cfg", entity); // IP地址仿冒策略使用策略组 @@ -110,6 +122,116 @@ public class InterceptController extends CommonController { public String saveInterceptIpCfg(RedirectAttributes redirectAttributes, Model model, HttpServletRequest request, HttpServletResponse response, String ids, CfgIndexInfo entity) { try { + if(!entity.getAction().equals(1)||!entity.getServiceId().equals(512)) { + entity.setUserRegion(null); + }else { + if(entity.getUserRegion()==null) { + entity.setUserRegion(new HashMap()); + } + //keyring + String keyring = request.getParameter("keyring"); + if(StringUtils.isNotBlank(keyring)) { + entity.getUserRegion().put("keyring", Long.parseLong(keyring)); + }else { + entity.getUserRegion().put("keyring", 0); + } + Map map = new HashMap(); + //exclusions + String ev_cert = request.getParameter("ev_cert"); + String cert_transparency = request.getParameter("cert_transparency"); + String client_cert_req = request.getParameter("client_cert_req"); + String pinning = request.getParameter("pinning"); + if(StringUtils.isNotBlank(ev_cert)){ + map.put("ev_cert", Integer.parseInt(ev_cert.trim())); + }else { + map.put("ev_cert", 0); + } + if(StringUtils.isNotBlank(cert_transparency)){ + map.put("cert_transparency",Integer.parseInt(cert_transparency.trim())); + }else { + map.put("cert_transparency", 0); + } + if(StringUtils.isNotBlank(pinning)){ + map.put("pinning", Integer.parseInt(pinning.trim())); + }else { + map.put("pinning", 0); + } + if(StringUtils.isNotBlank(client_cert_req)){ + map.put("client_cert_req", Integer.parseInt(client_cert_req.trim())); + }else { + map.put("client_cert_req", 0); + } + entity.getUserRegion().put("exclusions", map); + //cert_verify + Map map1=new HashMap<>(); + map=new HashMap<>(); + String cn=request.getParameter("cn"); + String issuer=request.getParameter("issuer"); + String self_signed=request.getParameter("self-signed"); + String expiration=request.getParameter("expiration"); + if(StringUtils.isNotBlank(cn)){ + map.put("cn",Integer.parseInt(cn.trim())); + }else { + map.put("cn",0); + } + if(StringUtils.isNotBlank(issuer)){ + map.put("issuer",Integer.parseInt(issuer.trim())); + }else { + map.put("issuer",0); + } + if(StringUtils.isNotBlank(self_signed)){ + map.put("self-signed",Integer.parseInt(self_signed.trim())); + }else { + map.put("self-signed",0); + } + if(StringUtils.isNotBlank(expiration)){ + map.put("expiration",Integer.parseInt(expiration.trim())); + }else { + map.put("expiration",0); + } + map1.put("approach", map); + String fail_method=request.getParameter("fail_method"); + if(StringUtils.isNotBlank(fail_method)){ + map1.put("fail_method",fail_method.trim()); + } + entity.getUserRegion().put("cert_verify", map1); + //ssl_ver + map=new HashMap<>(); + String mirror_client=request.getParameter("mirror_client"); + String min=request.getParameter("min"); + String max=request.getParameter("max"); + if(StringUtils.isNotBlank(mirror_client)){ + map.put("mirror_client", Integer.parseInt(mirror_client.trim())); + }else { + mirror_client="0"; + map.put("mirror_client", 0); + } + if("0".equals(mirror_client)) { + if(StringUtils.isNotBlank(min)){ + map.put("min", min.trim()); + } + if(StringUtils.isNotBlank(max)){ + map.put("max", max.trim()); + } + } + entity.getUserRegion().put("ssl_ver", map); + //decrypt_mirror + map=new HashMap<>(); + String enable=request.getParameter("enable"); + String mirror_profile=request.getParameter("mirror_profile"); + if(StringUtils.isNotBlank(enable)){ + map.put("enable", Integer.parseInt(enable.trim())); + }else { + enable="0"; + map.put("enable", 0); + } + if("1".equals(enable)) { + if(StringUtils.isNotBlank(mirror_profile)){ + map.put("mirror_profile", mirror_profile.trim()); + } + } + entity.getUserRegion().put("decrypt_mirror", map); + } interceptCfgService.saveInterceptCfg(entity); //配置仅保存 if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) { @@ -169,6 +291,33 @@ public class InterceptController extends CommonController { model.addAttribute("tabList", tabList); return "/cfg/intercept/interceptSubList"; } + //替换keyring,mirror_profiles + @RequestMapping(value = { "/ajaxGetValues" }) + @ResponseBody + public Map ajaxGetValues(Model model, @RequestParam(required=false,value="keyrings")String keyrings, @RequestParam(required=false,value="mirrorProfiles")String mirrorProfiles) { + Map datas=new HashMap<>(); + List certificateList = new ArrayList(); + List mirrorProfileList = new ArrayList(); +// if (entity.getFunctionId().equals(200)) { + Map _datas=new HashMap<>(); + if(StringUtils.isNotBlank(keyrings)) { + certificateList = pxyObjKeyringService.findAllPxyObjKeyrings(keyrings, 1, 1, null); + + for(PxyObjKeyring certificate:certificateList) { + _datas.put(certificate.getCompileId().toString(), certificate.getCfgDesc()); + } + datas.put("keyrings", _datas); + } + if(StringUtils.isNotBlank(mirrorProfiles)) { + mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(mirrorProfiles,1,1); + _datas=new HashMap<>(); + for(ProxyFileTrafficMirrorCfg mirrorProfile:mirrorProfileList) { + _datas.put(mirrorProfile.getCompileId().toString(), mirrorProfile.getCfgDesc()); + } + datas.put("mirrorProfiles", _datas); + } + return datas; + } @RequestMapping(value = { "auditInterceptIpCfg", "auditInterceptDomainCfg", "auditInterceptIpPayloadCfg" }) public String auditInterceptIpCfg(Model model, @ModelAttribute("cfg") CfgIndexInfo cfg, Integer isValid, @@ -284,6 +433,7 @@ public class InterceptController extends CommonController { Map replaceExportMap = new HashMap(); Properties prop = getMsgProp(); List ipLists = new ArrayList(); + List pxyInterceptCfgs=new ArrayList<>(); // 导出选中记录 if (!StringUtil.isEmpty(ids)) { ipLists = ipCfgService.getByIdsList(ids); @@ -326,38 +476,103 @@ public class InterceptController extends CommonController { } // 获取证书信息 List certificateList = new ArrayList(); + List mirrorProfileList=new ArrayList<>(); if (entity.getFunctionId().equals(200)) { certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip"); + mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(null, 1, 1); } if (entity.getFunctionId().equals(201)) { certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain"); } + for (CfgIndexInfo str : ipLists) { + PxyInterceptCfg pxyInterceptCfg=new PxyInterceptCfg(); + BeanUtils.copyProperties(str, pxyInterceptCfg); if (!StringUtil.isEmpty(str.getUserRegion5())) { String cs = DictUtils.getDictLabel("INTERCEPT_DOMAIN_INTENSITY", str.getUserRegion5()); str.setUserRegion5(prop.getProperty(cs)); } + str.setUserRegion(new HashMap()); if (certificateList != null) { - if (entity.getFunctionId() == 200 || entity.getFunctionId() == 201) { - if (!StringUtil.isEmpty(str.getUserRegion1())) { - boolean flag = false; - for (PxyObjKeyring pxyObjKeyring : certificateList) { - if (str.getUserRegion1().equals(String.valueOf(pxyObjKeyring.getCompileId()))) { - str.setUserRegion1(pxyObjKeyring.getCfgDesc()); - flag = true; - break; + if (entity.getFunctionId() == 200 ) { + if (!StringUtil.isEmpty(str.getUserRegion1())&&str.getUserRegion1().startsWith("{")) { + + Map userregion=BaseService.gsonFromJson(str.getUserRegion1(), Map.class); + if(userregion.containsKey("keyring")) { + for (PxyObjKeyring pxyObjKeyring : certificateList) { + if (String.valueOf(pxyObjKeyring.getCompileId()).equals(userregion.get("keyring").toString())) { + pxyInterceptCfg.setKeyring(pxyObjKeyring.getCfgDesc()); + break; + } } } - if (!flag) { - str.setUserRegion1(null); + if(((Map)userregion.get("exclusions")).containsKey("ev_cert")){ + pxyInterceptCfg.setEvCert(((Map)userregion.get("exclusions")).get("ev_cert").toString()); + } + if(((Map)userregion.get("exclusions")).containsKey("cert_transparency")){ + pxyInterceptCfg.setCertTransparency(((Map)userregion.get("exclusions")).get("cert_transparency").toString()); + } + if(((Map)userregion.get("exclusions")).containsKey("ev_cert")) { + pxyInterceptCfg.setClientCertReq(((Map)userregion.get("exclusions")).get("ev_cert").toString()); + } + if(((Map)userregion.get("exclusions")).containsKey("ev_cert")) { + pxyInterceptCfg.setPinning(((Map)userregion.get("exclusions")).get("ev_cert").toString()); + } + if(((Map)((Map)userregion.get("cert_verify")).get("approach")).containsKey("cn")) { + pxyInterceptCfg.setCn(((Map)((Map)userregion.get("cert_verify")).get("approach")).get("cn").toString()); + } + if(((Map)((Map)userregion.get("cert_verify")).get("approach")).containsKey("issuer")) { + pxyInterceptCfg.setIssuer(((Map)((Map)userregion.get("cert_verify")).get("approach")).get("issuer").toString()); + } + if(((Map)((Map)userregion.get("cert_verify")).get("approach")).containsKey("self-signed")) { + pxyInterceptCfg.setSelfSigned(((Map)((Map)userregion.get("cert_verify")).get("approach")).get("self-signed").toString()); + } + if(((Map)((Map)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) { + pxyInterceptCfg.setSelfSigned(((Map)((Map)userregion.get("cert_verify")).get("approach")).get("expiration").toString()); + } + if(((Map)((Map)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) { + pxyInterceptCfg.setExpiration(((Map)((Map)userregion.get("cert_verify")).get("approach")).get("expiration").toString()); + } + if(((Map)userregion.get("cert_verify")).containsKey("fail_method")) { + pxyInterceptCfg.setFailMethod(((Map)userregion.get("cert_verify")).get("fail_method").toString()); + } + if(((Map)userregion.get("ssl_ver")).containsKey("min")) { + pxyInterceptCfg.setMin(((Map)userregion.get("ssl_ver")).get("min").toString()); + } + if(((Map)userregion.get("ssl_ver")).containsKey("max")) { + pxyInterceptCfg.setMax(((Map)userregion.get("ssl_ver")).get("max").toString()); + } + if(((Map)userregion.get("ssl_ver")).containsKey("mirror_client")) { + pxyInterceptCfg.setMirrorClient(((Map)userregion.get("ssl_ver")).get("mirror_client").toString()); + } + if(((Map)userregion.get("decrypt_mirror")).containsKey("enable")) { + pxyInterceptCfg.setEnable(((Map)userregion.get("decrypt_mirror")).get("enable").toString()); + } + if(((Map)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) { + + } + //pxyInterceptCfg.setMirrorProfile(((Map)userregion.get("decrypt_mirror")).get("mirror_profile").toString()); + if(((Map)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) { + for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) { + if (String.valueOf(mirrorProfile.getCompileId()).equals(((Map)userregion.get("decrypt_mirror")).get("mirror_profile").toString())) { + pxyInterceptCfg.setMirrorProfile(mirrorProfile.getCfgDesc()); + break; + } + } } } } - } + pxyInterceptCfgs.add(pxyInterceptCfg); } + titleList.add(entity.getMenuNameCode()); - classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class); + if(entity.getFunctionId().equals(200)) { + classMap.put(entity.getMenuNameCode(), PxyInterceptCfg.class); + }else { + classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class); + } + String cfgIndexInfoNoExport = ""; String ipPortInfoNoExport = ",do_log,action,config_describe,valid_identifier,is_audit,creator,creator" + ",config_time,editor,edit_time,auditor,audit_time" @@ -375,10 +590,14 @@ public class InterceptController extends CommonController { List ipList = new ArrayList(); List httpUrlList = new ArrayList(); List pktBinList = new ArrayList(); + int index=0; for (CfgIndexInfo cfg : ipLists) { for (Map logTotal : logTotals) { if(cfg.getCompileId().equals(Integer.parseInt((String) logTotal.get("compileId")))){ cfg.setTotalLogs((Long)logTotal.get("sum")); + if (entity.getFunctionId().equals(200)){ + pxyInterceptCfgs.get(index).setTotalLogs((Long)logTotal.get("sum")); + } break; } } @@ -398,6 +617,7 @@ public class InterceptController extends CommonController { cfg.setUserRegion5(msgProp.getProperty(DictUtils.getDictLabels("SERVICE_ACTION", cfg.getAction().toString(), cfg.getAction().toString()))); } } + index++; } if (214==entity.getFunctionId()) { @@ -410,7 +630,12 @@ public class InterceptController extends CommonController { pktBinList = BaseStringCfg.replaceBaseKeyList(pktBinList); httpUrlList = BaseStringCfg.baseHexList(httpUrlList); - dataMap.put(entity.getMenuNameCode(), ipLists); + if(entity.getFunctionId().equals(200)) { + dataMap.put(entity.getMenuNameCode(), pxyInterceptCfgs); + }else { + dataMap.put(entity.getMenuNameCode(), ipLists); + } + if (entity.getFunctionId() == 212) { // IP Payload cfgIndexInfoNoExport = ",policy_name,group_name,userregion4,userregion5,&userregion1:replace_zone-userregion2:replaced_content-userregion3:replace_content-"; titleList.add("PXY_INTERCEPT_IP"); diff --git a/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java b/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java index 274e7c59f..7d83963fd 100644 --- a/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java +++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java @@ -16,4 +16,6 @@ public interface ProxyFileTrafficMirrorDao extends CrudDao findByList(@Param("ids")String ids); + + List findMirrorList(@Param("compileIds")String compileIds, @Param("isValid")Integer isValid, @Param("isAudit")Integer isAudit); } diff --git a/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml b/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml index 097267bd0..0f27747cb 100644 --- a/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml +++ b/src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml @@ -305,5 +305,23 @@ left join request_info ri on a.request_id=ri.id where a.CFG_ID in (${ids}) + \ No newline at end of file diff --git a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java index 8736baaab..c00ed500e 100644 --- a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java +++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java @@ -21,6 +21,9 @@ public interface PxyObjKeyringDao extends CrudDao{ List findList(@Param("cfgId")Long cfgId ,@Param("isAudit")Integer isAudit ,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType); + List findLists(@Param("compileIds")String cfgIds + ,@Param("isAudit")Integer isAudit + ,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType); PxyObjTrustedCaCert getPxyObjTrustedCaCert(Long id); PxyObjTrustedCaCrl getPxyObjTrustedCaCrl(PxyObjTrustedCaCrl entity); void insertPxyObjTrustedCaCert(PxyObjTrustedCaCert PxyObjTrustedCaCert); diff --git a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml index 5675c1d4e..1190b2d78 100644 --- a/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml +++ b/src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml @@ -366,6 +366,34 @@ + + + + + @@ -389,8 +454,22 @@ <%-- --%> - - + <%-- --%> + + + + + + + + + + + + + + + <%-- @@ -471,22 +550,30 @@ ${indexCfg.userRegion3 } --%> - - - - ${certificate.cfgDesc} + <%-- + + + + + - - - - - - - - - - + --%> + + + + + + + + + + + + + + + <%-- diff --git a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/jquery.validate.method.js b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/jquery.validate.method.js index e159097f4..bf7e8a5e2 100644 --- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/jquery.validate.method.js +++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/jquery.validate.method.js @@ -878,16 +878,16 @@ jQuery.validator.addMethod("noStrategyCheck",function(value,element) { return flag; }); // 代理拦截策略ssl version min小于max校验 -//jQuery.validator.addMethod("sslVersionCheck",function(value,element) { -// var min,max; -// if($(element).attr("id")=="min"){ -// min=element,max=$("#max"); -// }else{ -// max=element,min=$("#min"); -// } -// if($(min).find("option:selected").data("sort")>=$(max).find("option:selected").data("sort")){ -// return false; -// }else{ -// return true; -// } -//}); \ No newline at end of file +jQuery.validator.addMethod("sslVersionCheck",function(value,element) { + var min,max; + if($(element).attr("id")=="min"){ + min=element,max=$("#max"); + }else{ + max=element,min=$("#min"); + } + if($(min).find("option:selected").data("sort")>=$(max).find("option:selected").data("sort")){ + return false; + }else{ + return true; + } +}); \ No newline at end of file diff --git a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_en.js b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_en.js index 583510610..7fddd2210 100644 --- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_en.js +++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_en.js @@ -98,6 +98,7 @@ rangeCross0:"The IP {0} must not between {1} and {2}", rangeCross1:"The IP range {0} has intersections with {1}", protectedCfgUnique:"Keyword already exists.", - addrList:"Please enter the legitimate targets identification list" + addrList:"Please enter the legitimate targets identification list", + sslVersionCheck:"Min SSL version should smaller than Max SSL version" }); }(jQuery)); diff --git a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_ru.js b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_ru.js index bdca13c3f..044a5e776 100644 --- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_ru.js +++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_ru.js @@ -98,6 +98,7 @@ rangeCross0:"IP {0} не должен находиться между {1} и {2}", rangeCross1:"Диапазон IP {0} имеет пересечения с {1}", protectedCfgUnique:"Ключевое слово уже существует.", - addrList:"Please enter the legitimate targets identification list" + addrList:"Please enter the legitimate targets identification list", + sslVersionCheck:"моя версия SSL должны меньше, чем версия SSL, макс" }); }(jQuery)); diff --git a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_zh.js b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_zh.js index 7a53b8a5a..363875ad3 100644 --- a/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_zh.js +++ b/src/main/webapp/static/global/plugins/jquery-validation/1.11.0/localization/messages_zh.js @@ -98,6 +98,7 @@ rangeCross0:"IP{0}不能介于{1}和{2}", rangeCross1:"IP范围{0}和IP范围{1}有交集", protectedCfgUnique:"关键字已存在", - addrList:"请输入合法的目标标识列表" + addrList:"请输入合法的目标标识列表", + sslVersionCheck:"最小SSL协议版本应小于最大SSL协议版本" }); }(jQuery));