gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

代理拦截修改提交

Browse Source
This commit is contained in:
wangxin
2019-05-21 19:50:54 +08:00
parent ac52747686
commit 182a6a8ddc
34 changed files with 2489 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/com/nis/util/SchedulerTaskUtil.java
View File

@@ -146,8 +146,8 @@ public class SchedulerTaskUtil {
}else if("2".equals(m.get("cfgType"))){
strList.addAll(configSynchronizationDao.getStrList(regionTable,compileIds));
//512/521/514/1026业务的用户自定义域取DOMAIN_STR取自Keyword
if(entity.getServiceId()==512
||entity.getServiceId()==521
if(/*entity.getServiceId()==512
||*/entity.getServiceId()==521
||entity.getServiceId()==514
||entity.getServiceId()==1026) {
keywordMap=configSynchronizationDao.getCompileIdWithKeyword(regionTable, compileIds);
@@ -208,9 +208,9 @@ public class SchedulerTaskUtil {
}
userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT;
}else{
if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
/*if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
value = "0";
}else if(regionKey.equals("DOMAIN_STR")) {
}else*/ if(regionKey.equals("DOMAIN_STR")) {
if(!StringUtil.isEmpty(keywordMap) && !StringUtil.isEmpty(keywordMap.get(cfg.getCompileId()))) {
value = keywordMap.get(cfg.getCompileId()).getCfgKeywords();
}

354
src/main/java/com/nis/util/excel/ExportExcel.java
View File

@@ -23,6 +23,7 @@ import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.poi.ss.usermodel.Cell;
import org.apache.poi.ss.usermodel.CellStyle;
@@ -49,7 +50,9 @@ import com.nis.domain.SysDataDictionaryItem;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.basics.ServiceDictInfo;
import com.nis.domain.basics.SysDictInfo;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.util.Encodes;
@@ -58,6 +61,8 @@ import com.nis.util.StringUtil;
import com.nis.web.dao.basics.PolicyGroupInfoDao;
import com.nis.web.dao.basics.SysDictInfoDao;
import com.nis.web.dao.configuration.DnsResStrategyDao;
import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
import com.nis.web.dao.configuration.PxyObjKeyringDao;
import com.nis.web.service.SpringContextHolder;
/**
@@ -72,6 +77,8 @@ public class ExportExcel {
private static DnsResStrategyDao dnsResStrategyDao = SpringContextHolder.getBean(DnsResStrategyDao.class);
private static PolicyGroupInfoDao policyGroupInfoDao = SpringContextHolder.getBean(PolicyGroupInfoDao.class);
private static SysDictInfoDao sysDictInfoDao = SpringContextHolder.getBean(SysDictInfoDao.class);
private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
/**
* 工作薄对象
@@ -587,7 +594,352 @@ public class ExportExcel {
commentStr=commentStr+""+msgProp.getProperty("ip_check")+"(IPv4)\n";
index++;
}
/**********************************************************************pxy intercept************************************************************************************************************/
//pxy intercept
if("pxy_intercept_monit_keyring".equals(headerStr)) {
commentStr="";
List<PxyObjKeyring> certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
if(CollectionUtils.isNotEmpty(certificateList)) {
for (PxyObjKeyring certificate : certificateList) {
commentStr=commentStr+certificate.getCompileId()+""+certificate.getCfgDesc()+"\n";
index++;
}
}
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
/*//2、默认值说明
commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
index++;*/
index++;
}
}
//ev_cert
if("exclusions_ev_cert".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":0\n";
index++;
index++;
}
}
//cert_transparency
if("exclusions_cert_transparency".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":0\n";
index++;
index++;
}
}
//client_cert_req
if("exclusions_client_cert_req".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//pinning
if("exclusions_pinning".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//cn
if("cert_verify_approach_cn".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//issuer
if("cert_verify_approach_issuer".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//self-signed
if("cert_verify_approach_self_signed".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//expiration
if("cert_verify_approach_expiration".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//fail_method
if("cert_verify_fail_method".equals(headerStr)) {
commentStr="";
defaultValue="pass-through";
List<SysDataDictionaryItem> failMethods=DictUtils.getDictList("FAIL_METHOD");
if(CollectionUtils.isNotEmpty(failMethods)){
for (SysDataDictionaryItem failMethod : failMethods) {
commentStr=commentStr+failMethod.getItemCode()+""+msgProp.getProperty(failMethod.getItemValue(),failMethod.getItemValue())+""+"\n";
index++;
}
if(StringUtil.isEmpty(commentStr)){
headerStr="";
commentStr="";
}
if(StringUtil.isEmpty(defaultValue)){
defaultValue = region.getConfigDirection().split(",")[0];
}
}
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
}
//fail_method
if("ssl_ver_mirror_client".equals(headerStr)) {
commentStr="";
defaultValue="0";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
commentStr=commentStr+""+msgProp.getProperty("ssl_ver_mirror_client_on","if the mirror client option value is '1', the min SSL version and the max SSL version will be ignored")+"\n";
index++;
}
//min
if("ssl_ver_min".equals(headerStr)) {
commentStr="";
defaultValue="ssl3";
List<SysDataDictionaryItem> sslversions=DictUtils.getDictList("SSL_VERSION");
if(CollectionUtils.isNotEmpty(sslversions)){
for (SysDataDictionaryItem sslversion : sslversions) {
commentStr=commentStr+sslversion.getItemCode()+""+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+""+"\n";
index++;
}
if(StringUtil.isEmpty(commentStr)){
headerStr="";
commentStr="";
}
}
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
}
//max
if("ssl_ver_max".equals(headerStr)) {
commentStr="";
defaultValue="tls13";
List<SysDataDictionaryItem> sslversions=DictUtils.getDictList("SSL_VERSION");
if(CollectionUtils.isNotEmpty(sslversions)){
for (SysDataDictionaryItem sslversion : sslversions) {
commentStr=commentStr+sslversion.getItemCode()+""+msgProp.getProperty(sslversion.getItemValue(),sslversion.getItemValue())+""+"\n";
index++;
}
if(StringUtil.isEmpty(commentStr)){
headerStr="";
commentStr="";
}
}
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
}
if("decrypt_mirror_enable".equals(headerStr)) {
commentStr="";
defaultValue="0";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//1、默认值说明
if(!StringUtil.isEmpty(defaultValue)){
commentStr=commentStr+""+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
index++;
}
commentStr=commentStr+""+msgProp.getProperty("decrypt_mirror_enable_on","if the enable option value is '1', the Mirror profile is needed")+"\n";
index++;
}
if("decrypt_mirror_mirror_profile".equals(headerStr)) {
commentStr="";
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=proxyFileDao.findMirrorList(null,1,1);
if(CollectionUtils.isNotEmpty(mirrorProfileList)) {
for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) {
commentStr=commentStr+mirrorProfile.getCompileId()+""+mirrorProfile.getCfgDesc()+"\n";
index++;
}
}
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
/*//2、默认值说明
commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":0\n";
index++;*/
index++;
}
}
/**********************************************************************pxy intercept************************************************************************************************************/
if(region.getRegionType().equals(1)){//IP配置
//ip配置需要导入的信息srcIp srcPort destIp destPort Protocol Direction
//确定需要导入的srcIp srcPort destIp destPort信息

243
src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
View File

@@ -1,6 +1,7 @@
package com.nis.util.excel.thread;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
@@ -21,15 +22,21 @@ import com.nis.domain.FunctionServiceDict;
import com.nis.domain.SysDataDictionaryItem;
import com.nis.domain.basics.AsnGroupInfo;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.BaseIpCfg;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.template.IpRateLimitTemplate;
//import com.nis.util.AsnCacheUtils;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.util.IPUtil;
import com.nis.util.StringUtil;
import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
import com.nis.web.dao.configuration.PxyObjKeyringDao;
import com.nis.web.service.BaseService;
import com.nis.web.service.SpringContextHolder;
public class CheckIpFormatThread implements Callable<String>{
private Logger logger=Logger.getLogger(CheckIpFormatThread.class);
@@ -41,6 +48,8 @@ public class CheckIpFormatThread implements Callable<String>{
private FunctionRegionDict regionDict;
private List<Map<Long,AsnGroupInfo>> asnNoMaps;
private Map<Long,AsnGroupInfo> asnGroupInfos;
private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
// private DnsResStrategyDao dnsResStrategyDao;
public CheckIpFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue<? extends Object> srcQueue,BlockingQueue<BaseIpCfg> destQueue) {
this.serviceDict=serviceDict;
@@ -115,6 +124,16 @@ public class CheckIpFormatThread implements Callable<String>{
if(regionDict.getFunctionId().equals(200) && serviceDict.getAction().equals(1)){
protocol="6";
}
List<SysDataDictionaryItem> sslversions = new ArrayList<>();
List<SysDataDictionaryItem> failmethods = new ArrayList<>();
List<PxyObjKeyring> certificateList=new ArrayList<>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
sslversions=DictUtils.getDictList("SSL_VERSION");
failmethods=DictUtils.getDictList("FAIL_METHOD");
mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1);
}
for (int i = 0; i < list.size(); i++) {
StringBuffer errInfo = new StringBuffer();
IpPortCfg baseIpCfg = new IpPortCfg();
@@ -546,7 +565,229 @@ public class CheckIpFormatThread implements Callable<String>{
}
}
}
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
Integer kering=baseIpCfg.getKeyring();
Integer evCet=baseIpCfg.getEvCert();
Integer certTransparency=baseIpCfg.getCertTransparency();
Integer clientCertReq=baseIpCfg.getClientCertReq();
Integer pinning=baseIpCfg.getPinning();
Integer cn=baseIpCfg.getCn();
Integer issuer=baseIpCfg.getIssuer();
Integer selfSigned=baseIpCfg.getSelfSigned();
Integer expiration=baseIpCfg.getExpiration();
String failMethod=baseIpCfg.getFailMethod();
String min=baseIpCfg.getMin();
String max=baseIpCfg.getMax();
Integer mirrorClient=baseIpCfg.getMirrorClient();
Integer enable=baseIpCfg.getEnable();
Integer mirrorProfile=baseIpCfg.getMirrorProfile();
Map<String,Object> userRegionMap=new HashMap<>();
Map<String,Object> map=new HashMap<>();
if(kering!=null) {
boolean has=false;
for(PxyObjKeyring keyring:certificateList) {
if(keyring.getCompileId().toString().equals(kering.toString())) {
has=true;
break;
}
}
if(has) {
userRegionMap.put("keyring", kering);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";");
}
}else {
userRegionMap.put("keyring", 0);
}
if(evCet!=null) {
if(evCet!=0&&evCet!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";");
}else {
map.put("ev_cert", evCet);
}
}else {
map.put("ev_cert", 0);
}
if(certTransparency!=null) {
if(certTransparency!=0&&certTransparency!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";");
}else {
map.put("cert_transparency", certTransparency);
}
}else {
map.put("cert_transparency", 0);
}
if(clientCertReq!=null) {
if(clientCertReq!=0&&clientCertReq!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";");
}else {
map.put("client_cert_req", clientCertReq);
}
}else {
map.put("client_cert_req", 1);
}
if(pinning!=null) {
if(pinning!=0&&pinning!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";");
}else {
map.put("pinning", pinning);
}
}else {
map.put("pinning", 1);
}
userRegionMap.put("exclusions", map);
map=new HashMap<>();
Map<String,Object> map1=new HashMap<>();
if(cn!=null) {
if(cn!=0&&cn!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";");
}else {
map1.put("cn", cn);
}
}else {
map1.put("cn", 1);
}
if(issuer!=null) {
if(issuer!=0&&issuer!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";");
}else {
map1.put("issuer", issuer);
}
}else {
map1.put("issuer", 1);
}
if(selfSigned!=null) {
if(selfSigned!=0&&selfSigned!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";");
}else {
map1.put("self-signed", selfSigned);
}
}else {
map1.put("self-signed", 1);
}
if(expiration!=null) {
if(expiration!=0&&expiration!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";");
}else {
map1.put("expiration", expiration);
}
}else {
map1.put("expiration", 1);
}
map.put("approach", map1);
if(StringUtils.isBlank(failMethod)) {
map.put("fail_method", "pass-through");
}else {
boolean has=false;
for(SysDataDictionaryItem fail: failmethods) {
if(fail.getItemCode().equals(failMethod)) {
has=true;
break;
}
}
if(!has) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";");
}
map.put("fail_method", failMethod);
}
userRegionMap.put("cert_verify", map);
map=new HashMap<>();
if(mirrorClient==null) {
mirrorClient=0;
map.put("mirror_client", 0);
}else {
if(mirrorClient!=0&&mirrorClient!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";");
}else {
map.put("mirror_client", mirrorClient);
}
}
if(mirrorClient==0) {
int minSort=0,maxSort=0;
if(StringUtils.isBlank(min)) {
min="ssl3";
}
if(StringUtils.isBlank(max)) {
max="tls13";
}
for(SysDataDictionaryItem sslversion: sslversions) {
if(sslversion.getItemCode().equals(min)) {
minSort=sslversion.getItemSort();
}
if(sslversion.getItemCode().equals(max)) {
maxSort=sslversion.getItemSort();
}
}
if(minSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";");
}
if(maxSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";");
}
if(minSort>=maxSort) {
errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";");
}
map.put("min", min);
map.put("max", max);
}
userRegionMap.put("ssl_ver", map);
map=new HashMap<>();
if(enable==null) {
enable=0;
map.put("enable", 0);
}else {
if(enable!=0&&enable!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";");
}else {
map.put("enable", enable);
}
}
//enable==1的时候才设置mirror_profile
if(enable==1) {
if(mirrorProfile==null) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}else {
boolean has=false;
for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) {
if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) {
has=true;
break;
}
}
if(has) {
map.put("mirror_profile", mirrorProfile);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}
map.put("mirror_profile", mirrorProfile);
}
}
userRegionMap.put("decrypt_mirror", map);
baseIpCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap));
}
// IpSpoofing
if (regionDict.getFunctionId().equals(214)) {
List<SysDataDictionaryItem> dicts = DictUtils.getDictList("SPOOFING_IP_TYPE");

244
src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
View File

@@ -1,7 +1,9 @@
package com.nis.util.excel.thread;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.BlockingQueue;
@@ -19,10 +21,15 @@ import com.beust.jcommander.internal.Sets;
import com.nis.domain.FunctionRegionDict;
import com.nis.domain.FunctionServiceDict;
import com.nis.domain.SysDataDictionaryItem;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.BaseStringCfg;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.util.Constants;
import com.nis.util.DictUtils;
import com.nis.web.dao.configuration.ProxyFileTrafficMirrorDao;
import com.nis.web.dao.configuration.PxyObjKeyringDao;
import com.nis.web.service.BaseService;
import com.nis.web.service.SpringContextHolder;
public class CheckStringFormatThread implements Callable<String>{
private Logger logger=Logger.getLogger(CheckStringFormatThread.class);
@@ -32,6 +39,8 @@ public class CheckStringFormatThread implements Callable<String>{
// private DnsResStrategyDao dnsResStrategyDao;
private FunctionServiceDict serviceDict;
private FunctionRegionDict regionDict;
private static PxyObjKeyringDao pxyObjKeyringDao = SpringContextHolder.getBean(PxyObjKeyringDao.class);
private static ProxyFileTrafficMirrorDao proxyFileDao = SpringContextHolder.getBean(ProxyFileTrafficMirrorDao.class);
public CheckStringFormatThread(FunctionServiceDict serviceDict,FunctionRegionDict regionDict,Properties prop,BlockingQueue<? extends Object> srcQueue,BlockingQueue<BaseStringCfg<?>> destQueue) {
this.serviceDict=serviceDict;
this.regionDict=regionDict;
@@ -91,6 +100,16 @@ public class CheckStringFormatThread implements Callable<String>{
StringBuffer errTip = new StringBuffer();
Pattern pattern = Pattern.compile("\t|\r|\n|\b|\f");
Pattern domainPattern = Pattern.compile("^[a-zA-Z0-9.-]*$");
List<SysDataDictionaryItem> sslversions = new ArrayList<>();
List<SysDataDictionaryItem> failmethods = new ArrayList<>();
List<PxyObjKeyring> certificateList=new ArrayList<>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
certificateList=pxyObjKeyringDao.findList(null,1,1,"ip");
sslversions=DictUtils.getDictList("SSL_VERSION");
failmethods=DictUtils.getDictList("FAIL_METHOD");
mirrorProfileList=proxyFileDao.findMirrorList(null, 1, 1);
}
for (int i = 0; i < list.size(); i++) {
StringBuffer errInfo = new StringBuffer();
BaseStringCfg baseStringCfg = new BaseStringCfg();
@@ -494,6 +513,229 @@ public class CheckStringFormatThread implements Callable<String>{
}
}
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
Integer kering=baseStringCfg.getKeyring();
Integer evCet=baseStringCfg.getEvCert();
Integer certTransparency=baseStringCfg.getCertTransparency();
Integer clientCertReq=baseStringCfg.getClientCertReq();
Integer pinning=baseStringCfg.getPinning();
Integer cn=baseStringCfg.getCn();
Integer issuer=baseStringCfg.getIssuer();
Integer selfSigned=baseStringCfg.getSelfSigned();
Integer expiration=baseStringCfg.getExpiration();
String failMethod=baseStringCfg.getFailMethod();
String min=baseStringCfg.getMin();
String max=baseStringCfg.getMax();
Integer mirrorClient=baseStringCfg.getMirrorClient();
Integer enable=baseStringCfg.getEnable();
Integer mirrorProfile=baseStringCfg.getMirrorProfile();
Map<String,Object> userRegionMap=new HashMap<>();
Map<String,Object> map=new HashMap<>();
if(kering!=null) {
boolean has=false;
for(PxyObjKeyring keyring:certificateList) {
if(keyring.getCompileId().toString().equals(kering.toString())) {
has=true;
break;
}
}
if(has) {
userRegionMap.put("keyring", kering);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("pxy_intercept_monit_keyring") + " ") + ";");
}
}else {
userRegionMap.put("keyring", 0);
}
if(evCet!=null) {
if(evCet!=0&&evCet!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_ev_cert","exclusions ev cert") + " ") + ";");
}else {
map.put("ev_cert", evCet);
}
}else {
map.put("ev_cert", 0);
}
if(certTransparency!=null) {
if(certTransparency!=0&&certTransparency!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_cert_transparency","exclusions cert transparency") + " ") + ";");
}else {
map.put("cert_transparency", certTransparency);
}
}else {
map.put("cert_transparency", 0);
}
if(clientCertReq!=null) {
if(clientCertReq!=0&&clientCertReq!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_client_cert_req","exclusions client cert req") + " ") + ";");
}else {
map.put("client_cert_req", clientCertReq);
}
}else {
map.put("client_cert_req", 1);
}
if(pinning!=null) {
if(pinning!=0&&pinning!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_pinning","exclusions pinning") + " ") + ";");
}else {
map.put("pinning", pinning);
}
}else {
map.put("pinning", 1);
}
userRegionMap.put("exclusions", map);
map=new HashMap<>();
Map<String,Object> map1=new HashMap<>();
if(cn!=null) {
if(cn!=0&&cn!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_cn","cert verify approach cn") + " ") + ";");
}else {
map1.put("cn", cn);
}
}else {
map1.put("cn", 1);
}
if(issuer!=null) {
if(issuer!=0&&issuer!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_issuer","cert verify approach issuer") + " ") + ";");
}else {
map1.put("issuer", issuer);
}
}else {
map1.put("issuer", 1);
}
if(selfSigned!=null) {
if(selfSigned!=0&&selfSigned!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_self_signed","cert verify approach self signed") + " ") + ";");
}else {
map1.put("self-signed", selfSigned);
}
}else {
map1.put("self-signed", 1);
}
if(expiration!=null) {
if(expiration!=0&&expiration!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_approach_expiration","cert verify approach expiration") + " ") + ";");
}else {
map1.put("expiration", expiration);
}
}else {
map1.put("expiration", 1);
}
map.put("approach", map1);
if(StringUtils.isBlank(failMethod)) {
map.put("fail_method", "pass-through");
}else {
boolean has=false;
for(SysDataDictionaryItem fail: failmethods) {
if(fail.getItemCode().equals(failMethod)) {
has=true;
break;
}
}
if(!has) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("cert_verify_fail_method","cert verify fail method") + " ") + ";");
}
map.put("fail_method", failMethod);
}
userRegionMap.put("cert_verify", map);
map=new HashMap<>();
if(mirrorClient==null) {
mirrorClient=0;
map.put("mirror_client", 0);
}else {
if(mirrorClient!=0&&mirrorClient!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_mirror_client","SSL version mirror client") + " ") + ";");
}else {
map.put("mirror_client", mirrorClient);
}
}
if(mirrorClient==0) {
int minSort=0,maxSort=0;
if(StringUtils.isBlank(min)) {
min="ssl3";
}
if(StringUtils.isBlank(max)) {
max="tls13";
}
for(SysDataDictionaryItem sslversion: sslversions) {
if(sslversion.getItemCode().equals(min)) {
minSort=sslversion.getItemSort();
}
if(sslversion.getItemCode().equals(max)) {
maxSort=sslversion.getItemSort();
}
}
if(minSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_min","min SSL version") + " ") + ";");
}
if(maxSort==0) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("ssl_ver_max","max SSL version") + " ") + ";");
}
if(minSort>=maxSort) {
errInfo.append(prop.getProperty("min_should_less_than_max","the min SSL version should less than the max SSL version") + ";");
}
map.put("min", min);
map.put("max", max);
}
userRegionMap.put("ssl_ver", map);
map=new HashMap<>();
if(enable==null) {
enable=0;
map.put("enable", 0);
}else {
if(enable!=0&&enable!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_enable","decrypt mirror enable") + " ") + ";");
}else {
map.put("enable", enable);
}
}
//enable==1的时候才设置mirror_profile
if(enable==1) {
if(mirrorProfile==null) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}else {
boolean has=false;
for(ProxyFileTrafficMirrorCfg _mirrorProfile:mirrorProfileList) {
if(_mirrorProfile.getCompileId().toString().equals(mirrorProfile.toString())) {
has=true;
break;
}
}
if(has) {
map.put("mirror_profile", mirrorProfile);
}else {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("decrypt_mirror_mirror_profile") + " ") + ";");
}
map.put("mirror_profile", mirrorProfile);
}
}
userRegionMap.put("decrypt_mirror", map);
baseStringCfg.setUserRegion1(BaseService.gsonToJson(userRegionMap));
}
if (errInfo.toString().length() > 0) {//
errTip.append(String.format(prop.getProperty("line"), baseStringCfg.getIndex()) + ",");
errTip.append(errInfo);