gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

代理拦截修改提交

Browse Source
This commit is contained in:
wangxin
2019-05-21 19:50:54 +08:00
parent ac52747686
commit 182a6a8ddc
34 changed files with 2489 additions and 188 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/main/java/com/nis/web/controller/BaseController.java
View File

@@ -102,6 +102,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate;
import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate;
import com.nis.domain.configuration.template.HttpsReplaceIpTemplate;
import com.nis.domain.configuration.template.HttpsReplaceTemplate;
import com.nis.domain.configuration.template.InterceptDomainTemplate;
import com.nis.domain.configuration.template.InterceptIpTemplate;
import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
import com.nis.domain.configuration.template.IpAllTemplate;
import com.nis.domain.configuration.template.IpPayloadTemplate;
@@ -1483,7 +1485,10 @@ public class BaseController {
if(serviceDict.getAction().equals(64)) {
BlockingQueue<IpRateLimitTemplate> list = ei.getDataList(IpRateLimitTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}else {
}else if(serviceDict!=null&&serviceDict.getServiceId().equals(512)){
BlockingQueue<InterceptIpTemplate> list = ei.getDataList(InterceptIpTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}else{
BlockingQueue<IpAllNotDoLogTemplate> list = ei.getDataList(IpAllNotDoLogTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}
@@ -1516,7 +1521,7 @@ public class BaseController {
stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
}else if (regionDict.getFunctionId().equals(200)){// 拦截策略
if(serviceDict.getAction().equals(1)){// 监测
BlockingQueue<DomainInterceptMonitTemplate> list = ei.getDataList(DomainInterceptMonitTemplate.class);
BlockingQueue<InterceptDomainTemplate> list = ei.getDataList(InterceptDomainTemplate.class);
stringCfgs=this.checkStringCfgMulity(errTip,serviceDict, regionDict, list);
}else if(serviceDict.getAction().equals(64)){// 限速
BlockingQueue<DomainInterceptRateLimitTemplate> list = ei.getDataList(DomainInterceptRateLimitTemplate.class);
@@ -2514,6 +2519,8 @@ public class BaseController {
} else if(regionDict.getFunctionId().equals(200)){// 拦截策略
if(serviceDict.getAction().intValue()==64) {
ei.loadInitParams(IpRateLimitTemplate.class, msgProp, regionDict, serviceDict);
}else if(serviceDict.getServiceId().equals(512)){
ei.loadInitParams(InterceptIpTemplate.class, msgProp, regionDict, serviceDict);
}else {
ei.loadInitParams(IpAllNotDoLogTemplate.class, msgProp, regionDict, serviceDict);
}
@@ -2537,7 +2544,7 @@ public class BaseController {
ei.loadInitParams(AppDomainTemplate.class, msgProp, regionDict, serviceDict);
} else if(regionDict.getFunctionId().equals(200)){// 拦截策略 domain
if(serviceDict.getAction().equals(1)){// 监测
ei.loadInitParams(DomainInterceptMonitTemplate.class, msgProp, regionDict, serviceDict);
ei.loadInitParams(InterceptDomainTemplate.class, msgProp, regionDict, serviceDict);
}else if(serviceDict.getAction().equals(64)){// 限速
ei.loadInitParams(DomainInterceptRateLimitTemplate.class, msgProp, regionDict, serviceDict);
}else{// 白名单

13
src/main/java/com/nis/web/controller/configuration/ntc/IpController.java
View File

@@ -53,6 +53,8 @@ import com.nis.domain.configuration.template.HttpsRejectTemplate;
import com.nis.domain.configuration.template.HttpsReplaceComplexTemplate;
import com.nis.domain.configuration.template.HttpsReplaceIpTemplate;
import com.nis.domain.configuration.template.HttpsReplaceTemplate;
import com.nis.domain.configuration.template.InterceptDomainTemplate;
import com.nis.domain.configuration.template.InterceptIpTemplate;
import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
import com.nis.domain.configuration.template.IpAllTemplate;
import com.nis.domain.configuration.template.IpPayloadTemplate;
@@ -479,7 +481,12 @@ public class IpController extends BaseController{
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpRateLimitTemplate.class, 2);
excel.setDataList(pro,classList,null).
write(request,response, fileName).dispose();
}else {
}else if(serviceDict.getServiceId().equals(512)){
List<InterceptIpTemplate> classList=new ArrayList<InterceptIpTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptIpTemplate.class, 2);
excel.setDataList(pro,classList,null).
write(request,response, fileName).dispose();
}else{
List<IpAllNotDoLogTemplate> classList=new ArrayList<IpAllNotDoLogTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpAllNotDoLogTemplate.class, 2);
excel.setDataList(pro,classList,null).
@@ -522,8 +529,8 @@ public class IpController extends BaseController{
write(request,response, fileName).dispose();
}else if(regionDict.getFunctionId().equals(200)){// 拦截策略(域名)
if(serviceDict.getAction().equals(1)){// 监测
List<DomainInterceptMonitTemplate> classList=new ArrayList<DomainInterceptMonitTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, DomainInterceptMonitTemplate.class, 2);
List<InterceptDomainTemplate> classList=new ArrayList<InterceptDomainTemplate>();
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, InterceptDomainTemplate.class, 2);
excel.setDataList(pro,classList,null).
write(request,response, fileName).dispose();
}else if(serviceDict.getAction().equals(64)){// 限速

255
src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
View File

@@ -18,15 +18,19 @@ import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.mvc.support.RedirectAttributes;
import com.nis.domain.Page;
import com.nis.domain.basics.PolicyGroupInfo;
import com.nis.domain.callback.ProxyFileTrafficMirrorCfg;
import com.nis.domain.configuration.BaseStringCfg;
import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.configuration.HttpUrlCfg;
import com.nis.domain.configuration.InterceptPktBin;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyInterceptCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
import com.nis.exceptions.MaatConvertException;
@@ -36,6 +40,7 @@ import com.nis.util.LogUtils;
import com.nis.util.StringUtil;
import com.nis.web.controller.configuration.CommonController;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
/**
* IP相关配置控制类
@@ -57,13 +62,17 @@ public class InterceptController extends CommonController {
// 获取证书信息
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
if (cfg.getFunctionId().equals(200)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
List<ProxyFileTrafficMirrorCfg> mirrorProfiles = new ArrayList<ProxyFileTrafficMirrorCfg>();
if (cfg.getFunctionId().equals(200)) {//改为ajax查询
//certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
//mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1);
}
if (cfg.getFunctionId().equals(201)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
}
model.addAttribute("certificateList", certificateList);
model.addAttribute("mirrorProfiles", mirrorProfiles);
/*if(cfg.getFunctionId().equals(214)){
// IP地址仿冒策略使用策略组
//List<PolicyGroupInfo> policyGroups = policyGroupInfoService.findPolicyGroupInfosByType(6);
@@ -89,13 +98,16 @@ public class InterceptController extends CommonController {
}
// 获取证书信息
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
List<ProxyFileTrafficMirrorCfg> mirrorProfiles = new ArrayList<ProxyFileTrafficMirrorCfg>();
// if (entity.getFunctionId().equals(200)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, null);
mirrorProfiles=proxyFileTrafficMirrorService.findMirrorList(null,1,1);
// }
// if (entity.getFunctionId().equals(201)) {
// certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
// }
model.addAttribute("certificateList", certificateList);
model.addAttribute("mirrorProfiles", mirrorProfiles);
model.addAttribute("_cfg", entity);
// IP地址仿冒策略使用策略组
@@ -110,6 +122,116 @@ public class InterceptController extends CommonController {
public String saveInterceptIpCfg(RedirectAttributes redirectAttributes, Model model, HttpServletRequest request,
HttpServletResponse response, String ids, CfgIndexInfo entity) {
try {
if(!entity.getAction().equals(1)||!entity.getServiceId().equals(512)) {
entity.setUserRegion(null);
}else {
if(entity.getUserRegion()==null) {
entity.setUserRegion(new HashMap<String,Object>());
}
//keyring
String keyring = request.getParameter("keyring");
if(StringUtils.isNotBlank(keyring)) {
entity.getUserRegion().put("keyring", Long.parseLong(keyring));
}else {
entity.getUserRegion().put("keyring", 0);
}
Map<String,Object> map = new HashMap();
//exclusions
String ev_cert = request.getParameter("ev_cert");
String cert_transparency = request.getParameter("cert_transparency");
String client_cert_req = request.getParameter("client_cert_req");
String pinning = request.getParameter("pinning");
if(StringUtils.isNotBlank(ev_cert)){
map.put("ev_cert", Integer.parseInt(ev_cert.trim()));
}else {
map.put("ev_cert", 0);
}
if(StringUtils.isNotBlank(cert_transparency)){
map.put("cert_transparency",Integer.parseInt(cert_transparency.trim()));
}else {
map.put("cert_transparency", 0);
}
if(StringUtils.isNotBlank(pinning)){
map.put("pinning", Integer.parseInt(pinning.trim()));
}else {
map.put("pinning", 0);
}
if(StringUtils.isNotBlank(client_cert_req)){
map.put("client_cert_req", Integer.parseInt(client_cert_req.trim()));
}else {
map.put("client_cert_req", 0);
}
entity.getUserRegion().put("exclusions", map);
//cert_verify
Map<String,Object> map1=new HashMap<>();
map=new HashMap<>();
String cn=request.getParameter("cn");
String issuer=request.getParameter("issuer");
String self_signed=request.getParameter("self-signed");
String expiration=request.getParameter("expiration");
if(StringUtils.isNotBlank(cn)){
map.put("cn",Integer.parseInt(cn.trim()));
}else {
map.put("cn",0);
}
if(StringUtils.isNotBlank(issuer)){
map.put("issuer",Integer.parseInt(issuer.trim()));
}else {
map.put("issuer",0);
}
if(StringUtils.isNotBlank(self_signed)){
map.put("self-signed",Integer.parseInt(self_signed.trim()));
}else {
map.put("self-signed",0);
}
if(StringUtils.isNotBlank(expiration)){
map.put("expiration",Integer.parseInt(expiration.trim()));
}else {
map.put("expiration",0);
}
map1.put("approach", map);
String fail_method=request.getParameter("fail_method");
if(StringUtils.isNotBlank(fail_method)){
map1.put("fail_method",fail_method.trim());
}
entity.getUserRegion().put("cert_verify", map1);
//ssl_ver
map=new HashMap<>();
String mirror_client=request.getParameter("mirror_client");
String min=request.getParameter("min");
String max=request.getParameter("max");
if(StringUtils.isNotBlank(mirror_client)){
map.put("mirror_client", Integer.parseInt(mirror_client.trim()));
}else {
mirror_client="0";
map.put("mirror_client", 0);
}
if("0".equals(mirror_client)) {
if(StringUtils.isNotBlank(min)){
map.put("min", min.trim());
}
if(StringUtils.isNotBlank(max)){
map.put("max", max.trim());
}
}
entity.getUserRegion().put("ssl_ver", map);
//decrypt_mirror
map=new HashMap<>();
String enable=request.getParameter("enable");
String mirror_profile=request.getParameter("mirror_profile");
if(StringUtils.isNotBlank(enable)){
map.put("enable", Integer.parseInt(enable.trim()));
}else {
enable="0";
map.put("enable", 0);
}
if("1".equals(enable)) {
if(StringUtils.isNotBlank(mirror_profile)){
map.put("mirror_profile", mirror_profile.trim());
}
}
entity.getUserRegion().put("decrypt_mirror", map);
}
interceptCfgService.saveInterceptCfg(entity);
//配置仅保存
if(StringUtil.isEmpty(entity.getIsValid()) || entity.getIsValid()!=1) {
@@ -169,6 +291,33 @@ public class InterceptController extends CommonController {
model.addAttribute("tabList", tabList);
return "/cfg/intercept/interceptSubList";
}
//替换keyring,mirror_profiles
@RequestMapping(value = { "/ajaxGetValues" })
@ResponseBody
public Map<String,Object> ajaxGetValues(Model model, @RequestParam(required=false,value="keyrings")String keyrings, @RequestParam(required=false,value="mirrorProfiles")String mirrorProfiles) {
Map<String,Object> datas=new HashMap<>();
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList = new ArrayList<ProxyFileTrafficMirrorCfg>();
// if (entity.getFunctionId().equals(200)) {
Map<String,Object> _datas=new HashMap<>();
if(StringUtils.isNotBlank(keyrings)) {
certificateList = pxyObjKeyringService.findAllPxyObjKeyrings(keyrings, 1, 1, null);
for(PxyObjKeyring certificate:certificateList) {
_datas.put(certificate.getCompileId().toString(), certificate.getCfgDesc());
}
datas.put("keyrings", _datas);
}
if(StringUtils.isNotBlank(mirrorProfiles)) {
mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(mirrorProfiles,1,1);
_datas=new HashMap<>();
for(ProxyFileTrafficMirrorCfg mirrorProfile:mirrorProfileList) {
_datas.put(mirrorProfile.getCompileId().toString(), mirrorProfile.getCfgDesc());
}
datas.put("mirrorProfiles", _datas);
}
return datas;
}
@RequestMapping(value = { "auditInterceptIpCfg", "auditInterceptDomainCfg", "auditInterceptIpPayloadCfg" })
public String auditInterceptIpCfg(Model model, @ModelAttribute("cfg") CfgIndexInfo cfg, Integer isValid,
@@ -284,6 +433,7 @@ public class InterceptController extends CommonController {
Map<String, String> replaceExportMap = new HashMap<String, String>();
Properties prop = getMsgProp();
List<CfgIndexInfo> ipLists = new ArrayList<CfgIndexInfo>();
List<PxyInterceptCfg> pxyInterceptCfgs=new ArrayList<>();
// 导出选中记录
if (!StringUtil.isEmpty(ids)) {
ipLists = ipCfgService.getByIdsList(ids);
@@ -326,38 +476,103 @@ public class InterceptController extends CommonController {
}
// 获取证书信息
List<PxyObjKeyring> certificateList = new ArrayList<PxyObjKeyring>();
List<ProxyFileTrafficMirrorCfg> mirrorProfileList=new ArrayList<>();
if (entity.getFunctionId().equals(200)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "ip");
mirrorProfileList=proxyFileTrafficMirrorService.findMirrorList(null, 1, 1);
}
if (entity.getFunctionId().equals(201)) {
certificateList = pxyObjKeyringService.findPxyObjKeyrings(null, 1, 1, "domain");
}
for (CfgIndexInfo str : ipLists) {
PxyInterceptCfg pxyInterceptCfg=new PxyInterceptCfg();
BeanUtils.copyProperties(str, pxyInterceptCfg);
if (!StringUtil.isEmpty(str.getUserRegion5())) {
String cs = DictUtils.getDictLabel("INTERCEPT_DOMAIN_INTENSITY", str.getUserRegion5());
str.setUserRegion5(prop.getProperty(cs));
}
str.setUserRegion(new HashMap<String,Object>());
if (certificateList != null) {
if (entity.getFunctionId() == 200 || entity.getFunctionId() == 201) {
if (!StringUtil.isEmpty(str.getUserRegion1())) {
boolean flag = false;
for (PxyObjKeyring pxyObjKeyring : certificateList) {
if (str.getUserRegion1().equals(String.valueOf(pxyObjKeyring.getCompileId()))) {
str.setUserRegion1(pxyObjKeyring.getCfgDesc());
flag = true;
break;
if (entity.getFunctionId() == 200 ) {
if (!StringUtil.isEmpty(str.getUserRegion1())&&str.getUserRegion1().startsWith("{")) {
Map<String,Object> userregion=BaseService.gsonFromJson(str.getUserRegion1(), Map.class);
if(userregion.containsKey("keyring")) {
for (PxyObjKeyring pxyObjKeyring : certificateList) {
if (String.valueOf(pxyObjKeyring.getCompileId()).equals(userregion.get("keyring").toString())) {
pxyInterceptCfg.setKeyring(pxyObjKeyring.getCfgDesc());
break;
}
}
}
if (!flag) {
str.setUserRegion1(null);
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")){
pxyInterceptCfg.setEvCert(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("cert_transparency")){
pxyInterceptCfg.setCertTransparency(((Map<String,Object>)userregion.get("exclusions")).get("cert_transparency").toString());
}
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
pxyInterceptCfg.setClientCertReq(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
pxyInterceptCfg.setPinning(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("cn")) {
pxyInterceptCfg.setCn(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("cn").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("issuer")) {
pxyInterceptCfg.setIssuer(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("issuer").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("self-signed")) {
pxyInterceptCfg.setSelfSigned(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("self-signed").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) {
pxyInterceptCfg.setSelfSigned(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("expiration").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("expiration")) {
pxyInterceptCfg.setExpiration(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("expiration").toString());
}
if(((Map<String,Object>)userregion.get("cert_verify")).containsKey("fail_method")) {
pxyInterceptCfg.setFailMethod(((Map<String,Object>)userregion.get("cert_verify")).get("fail_method").toString());
}
if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("min")) {
pxyInterceptCfg.setMin(((Map<String,Object>)userregion.get("ssl_ver")).get("min").toString());
}
if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("max")) {
pxyInterceptCfg.setMax(((Map<String,Object>)userregion.get("ssl_ver")).get("max").toString());
}
if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("mirror_client")) {
pxyInterceptCfg.setMirrorClient(((Map<String,Object>)userregion.get("ssl_ver")).get("mirror_client").toString());
}
if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("enable")) {
pxyInterceptCfg.setEnable(((Map<String,Object>)userregion.get("decrypt_mirror")).get("enable").toString());
}
if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) {
}
//pxyInterceptCfg.setMirrorProfile(((Map<String,Object>)userregion.get("decrypt_mirror")).get("mirror_profile").toString());
if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("mirror_profile")) {
for (ProxyFileTrafficMirrorCfg mirrorProfile : mirrorProfileList) {
if (String.valueOf(mirrorProfile.getCompileId()).equals(((Map<String,Object>)userregion.get("decrypt_mirror")).get("mirror_profile").toString())) {
pxyInterceptCfg.setMirrorProfile(mirrorProfile.getCfgDesc());
break;
}
}
}
}
}
}
pxyInterceptCfgs.add(pxyInterceptCfg);
}
titleList.add(entity.getMenuNameCode());
classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class);
if(entity.getFunctionId().equals(200)) {
classMap.put(entity.getMenuNameCode(), PxyInterceptCfg.class);
}else {
classMap.put(entity.getMenuNameCode(), CfgIndexInfo.class);
}
String cfgIndexInfoNoExport = "";
String ipPortInfoNoExport = ",do_log,action,config_describe,valid_identifier,is_audit,creator,creator"
+ ",config_time,editor,edit_time,auditor,audit_time"
@@ -375,10 +590,14 @@ public class InterceptController extends CommonController {
List<IpPortCfg> ipList = new ArrayList<IpPortCfg>();
List<BaseStringCfg> httpUrlList = new ArrayList<BaseStringCfg>();
List<BaseStringCfg> pktBinList = new ArrayList<BaseStringCfg>();
int index=0;
for (CfgIndexInfo cfg : ipLists) {
for (Map<String,Object> logTotal : logTotals) {
if(cfg.getCompileId().equals(Integer.parseInt((String) logTotal.get("compileId")))){
cfg.setTotalLogs((Long)logTotal.get("sum"));
if (entity.getFunctionId().equals(200)){
pxyInterceptCfgs.get(index).setTotalLogs((Long)logTotal.get("sum"));
}
break;
}
}
@@ -398,6 +617,7 @@ public class InterceptController extends CommonController {
cfg.setUserRegion5(msgProp.getProperty(DictUtils.getDictLabels("SERVICE_ACTION", cfg.getAction().toString(), cfg.getAction().toString())));
}
}
index++;
}
if (214==entity.getFunctionId()) {
@@ -410,7 +630,12 @@ public class InterceptController extends CommonController {
pktBinList = BaseStringCfg.replaceBaseKeyList(pktBinList);
httpUrlList = BaseStringCfg.baseHexList(httpUrlList);
dataMap.put(entity.getMenuNameCode(), ipLists);
if(entity.getFunctionId().equals(200)) {
dataMap.put(entity.getMenuNameCode(), pxyInterceptCfgs);
}else {
dataMap.put(entity.getMenuNameCode(), ipLists);
}
if (entity.getFunctionId() == 212) { // IP Payload
cfgIndexInfoNoExport = ",policy_name,group_name,userregion4,userregion5,&userregion1:replace_zone-userregion2:replaced_content-userregion3:replace_content-";
titleList.add("PXY_INTERCEPT_IP");

2
src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.java
View File

@@ -16,4 +16,6 @@ public interface ProxyFileTrafficMirrorDao extends CrudDao<ProxyFileTrafficMirro
public ProxyFileTrafficMirrorCfg getCfgById(@Param("cfgId")Long cfgId);
List<ProxyFileTrafficMirrorCfg> findByList(@Param("ids")String ids);
List<ProxyFileTrafficMirrorCfg> findMirrorList(@Param("compileIds")String compileIds, @Param("isValid")Integer isValid, @Param("isAudit")Integer isAudit);
}

18
src/main/java/com/nis/web/dao/configuration/ProxyFileTrafficMirrorDao.xml
View File

@@ -305,5 +305,23 @@
left join request_info ri on a.request_id=ri.id
where a.CFG_ID in (${ids})
</select>
<select id="findMirrorList" resultMap="ProxyFileTrafficMirrorCfg">
SELECT
<include refid="ProxyFileTrafficMirrorCfgColumn"/>
FROM PXY_PROFILE_TRAFFIC_MIRROR a
<trim prefix="where" prefixOverrides="and">
<if test="compileIds!=null and compileIds!=''">
and a.COMPILE_ID in (${compileIds})
</if>
<if test="isValid!=null and isValid!=''">
and a.IS_VALID =#{isValid}
</if>
<if test="isAudit!=null and isAudit!=''">
and a.IS_AUDIT =#{isAudit}
</if>
</trim>
</select>
</mapper>

3
src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.java
View File

@@ -21,6 +21,9 @@ public interface PxyObjKeyringDao extends CrudDao<PxyObjKeyring>{
List<PxyObjKeyring> findList(@Param("cfgId")Long cfgId
,@Param("isAudit")Integer isAudit
,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
List<PxyObjKeyring> findLists(@Param("compileIds")String cfgIds
,@Param("isAudit")Integer isAudit
,@Param("isValid")Integer isValid,@Param("cfgType")String cfgType);
PxyObjTrustedCaCert getPxyObjTrustedCaCert(Long id);
PxyObjTrustedCaCrl getPxyObjTrustedCaCrl(PxyObjTrustedCaCrl entity);
void insertPxyObjTrustedCaCert(PxyObjTrustedCaCert PxyObjTrustedCaCert);

28
src/main/java/com/nis/web/dao/configuration/PxyObjKeyringDao.xml
View File

@@ -366,6 +366,34 @@
</if>
</where>
</select>
<select id="findLists" resultMap="PxyObjKeyringMap">
SELECT
<include refid="PxyObjKeyringColumns"/>
FROM pxy_obj_keyring r
<where>
<if test="isValid == -1">
AND r.is_valid !=-1
</if>
<if test="isValid == 1">
AND r.is_valid =1
</if>
<if test="isValid == 0">
AND r.is_valid =0
</if>
<if test="isAudit == 0">
AND r.is_audit =0
</if>
<if test="isAudit == 1">
AND r.is_audit =1
</if>
<if test="cfgType == 'ip' ">
<![CDATA[AND r.keyring_type <> 'end-entity']]>
</if>
<if test="compileIds != null">
AND r.COMPILE_ID in(#{compileIds})
</if>
</where>
</select>
<!-- 查出所有 有效数据-->
<select id="getPxyObjTrustedCaCert" resultType="com.nis.domain.configuration.PxyObjTrustedCaCert">
SELECT

22
src/main/java/com/nis/web/service/BaseService.java
View File

@@ -2508,10 +2508,13 @@ public abstract class BaseService {
if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+Constants.USER_REGION_PLACEHOLDER);
}*/
if(serviceDict!=null&&serviceDict.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
/*if(serviceDict!=null&&serviceDict.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
_cfg.setUserRegion1(StringUtil.isEmpty(_cfg.getUserRegion1()) ? "0":_cfg.getUserRegion1());
_cfg.setUserRegion5(StringUtil.isEmpty(_cfg.getUserRegion5()) ? "1":_cfg.getUserRegion5());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5());
}*/
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
maatCfg.setUserRegion(_cfg.getUserRegion1());
}
if(serviceDict!=null&&serviceDict.getAction().equals(64)) {
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2());
@@ -2673,13 +2676,18 @@ public abstract class BaseService {
}else if(regionDict.getDictId()==159) {
maatCfg.setUserRegion(Constants.P2P_HASH_TYPE_USER_REGION_KEY+"="+_cfg.getUserRegion1());
}else if(regionDict.getFunctionId()==200) {// Domain Intercept
String userRegion = Constants.USERREGION_DOMAIN_ID+"="+_cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+_cfg.getCfgKeywords();
if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5()+";" + userRegion;
}else if(_cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate
userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2()+";" + userRegion;
if(serviceDict!=null&&serviceDict.getServiceId().equals(512)) {
maatCfg.setUserRegion(_cfg.getUserRegion1());
}else {
String userRegion = Constants.USERREGION_DOMAIN_ID+"="+_cfg.getCompileId()+";"+Constants.USERREGION_DOMAIN_STR+"="+_cfg.getCfgKeywords();
/*if(_cfg.getAction().equals(Constants.MONIT_ACTION)) {// 监测 需要发keyring_id、拦截强度
userRegion = Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"=0"+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+_cfg.getUserRegion5()+";" + userRegion;
}else*/ if(_cfg.getAction().equals(Constants.RATELIMIT_ACTION)) {// 限速 需要发Droprate
userRegion = Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2()+";" + userRegion;
}
maatCfg.setUserRegion(userRegion);
}
maatCfg.setUserRegion(userRegion);
}else if(regionDict.getFunctionId()==207 || regionDict.getFunctionId()==208 || regionDict.getFunctionId()==209) {// HTTP(s)阻断、重定向、替换
String userRegion = Constants.USER_REGION_PLACEHOLDER;
if(_cfg.getAction().equals(Constants.REJECT_ACTION)) {// 阻断

12
src/main/java/com/nis/web/service/configuration/ConfigSynchronizationService.java
View File

@@ -325,8 +325,8 @@ public class ConfigSynchronizationService extends BaseService{
List<BaseStringCfg> strDataList=configSynchronizationDao.getStrList(tableName,compileIds);
strList.addAll(strDataList);
//512/521/514/1026业务的用户自定义域取DOMAIN_STR取自Keyword
if(entity.getServiceId()==512
||entity.getServiceId()==521
if(/*entity.getServiceId()==512
||*/entity.getServiceId()==521
||entity.getServiceId()==514
||entity.getServiceId()==1026) {
keywordMap=configSynchronizationDao.getCompileIdWithKeyword(tableName, compileIds);
@@ -426,10 +426,14 @@ public class ConfigSynchronizationService extends BaseService{
}
userRegion += n.get("regionKey")+"="+value+Constants.USER_REGION_SPLIT;
}else if(entity.getServiceId().equals(512)) {
if(!StringUtil.isEmpty(cfg.getUserRegion1())&&cfg.getUserRegion1().startsWith("{")) {
userRegion=cfg.getUserRegion1();
}
}else{
if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
/*if(regionKey.equals("keyring_id") && StringUtil.isEmpty(value)){
value = "0";
}else if(regionKey.equals("DOMAIN_STR")) {
}else */if(regionKey.equals("DOMAIN_STR")) {
if(!StringUtil.isEmpty(keywordMap) && !StringUtil.isEmpty(keywordMap.get(cfg.getCompileId()))) {
value = keywordMap.get(cfg.getCompileId()).getCfgKeywords();
}

118
src/main/java/com/nis/web/service/configuration/InterceptCfgService.java
View File

@@ -27,7 +27,6 @@ import com.nis.domain.maat.MaatCfg.DigestCfg;
import com.nis.domain.maat.MaatCfg.GroupCfg;
import com.nis.domain.maat.MaatCfg.IpCfg;
import com.nis.domain.maat.MaatCfg.StringCfg;
import com.nis.domain.specific.ConfigGroupInfo;
import com.nis.exceptions.MaatConvertException;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Constants;
@@ -58,6 +57,9 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){
CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId);
if(entity.getServiceId().equals(512)) {
entity.setUserRegion((Map<String,Object>)this.gsonFromJson(entity.getUserRegion1(),Map.class));
}
List<IpPortCfg> ipPortList = websiteCfgDao.getIpPortList(entity);
List<InterceptPktBin> pktBinList = interceptCfgDao.getInterceptPktBin(entity);
List<HttpUrlCfg> httpUrlList = websiteCfgDao.getHttpUrlList(entity);
@@ -108,7 +110,10 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
if(!StringUtil.isEmpty(entity.getIsValid()) && entity.getIsValid()==1) {
isValid=1;
}
//处理复杂用户自定义域
if(!StringUtil.isEmpty(entity.getUserRegion())){
entity.setUserRegion1(gsonToJson(entity.getUserRegion()));
}
entity.setIsValid(0);
entity.setIsAudit(0);
@@ -459,7 +464,9 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
boolean doaminFlag=false;
String domainUserRegion="";
if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
doaminFlag=true;
if(!entity.getServiceId().equals(512)) {
doaminFlag=true;
}
domainUserRegion=Constants.USERREGION_DOMAIN_ID+"="+entity.getCompileId();
String domainStr="";
if(entity != null && entity.getHttpUrlList() != null && entity.getHttpUrlList().size() > 0){
@@ -511,59 +518,66 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
maatCfg.setGroupNum(groupRelationList.size());
maatCfg.setAreaIpRegionList(areaIpRegionList);
maatCfg.setIsValid(entity.getIsValid());
//监测 需要发keyring_id
if(entity.getAction().equals(Constants.MONIT_ACTION)){
entity.setUserRegion1(StringUtil.isEmpty(entity.getUserRegion1()) ? "0":entity.getUserRegion1());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+entity.getUserRegion1());
//监测的域名需下发拦截强度
if(entity.getFunctionId().equals(200)){
if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
entity.setUserRegion5(StringUtil.isEmpty(entity.getUserRegion5()) ? "1":entity.getUserRegion5());
if(StringUtil.isEmpty(maatCfg.getUserRegion())) {
maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
}else {
maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
if(entity.getServiceId().equals(512)) {
maatCfg.setUserRegion(entity.getUserRegion1());
if(StringUtil.isEmpty(maatCfg.getUserRegion())){
maatCfg.setUserRegion(Constants.USER_REGION_PLACEHOLDER);
}
}else {
//监测 需要发keyring_id
if(entity.getAction().equals(Constants.MONIT_ACTION)){
entity.setUserRegion1(StringUtil.isEmpty(entity.getUserRegion1()) ? "0":entity.getUserRegion1());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_MONIT_USER_REGION_KEY+"="+entity.getUserRegion1());
//监测的域名需下发拦截强度
if(entity.getFunctionId().equals(200)){
if(entity.getHttpUrlList()!=null && entity.getHttpUrlList().size()>0){
entity.setUserRegion5(StringUtil.isEmpty(entity.getUserRegion5()) ? "1":entity.getUserRegion5());
if(StringUtil.isEmpty(maatCfg.getUserRegion())) {
maatCfg.setUserRegion(Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
}else {
maatCfg.setUserRegion(maatCfg.getUserRegion()+";"+Constants.INTERCEPT_DOMAN_INTENSITY_USER_REGION_KEY+"="+entity.getUserRegion5());
}
}
}
}
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(entity.getAction().equals(Constants.RATELIMIT_ACTION)){
if(entity.getUserRegion1().equals("0")){//丢包率
entity.setUserRegion2(StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+entity.getUserRegion2());
}else if(entity.getUserRegion1().equals("1")){//带宽
entity.setUserRegion3(StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+entity.getUserRegion3());
}
}
String userRegion="";
//替换需要发zone
if(entity.getAction().equals(Constants.REPLACE_ACTION)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion=Constants.REPLACE_ZONE_KEY+"="+entity.getUserRegion1();
String substitute="";
String userRegion2=StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2();
substitute="/";
userRegion2 = BaseService.replaceContentEscape(userRegion2);
substitute=substitute+userRegion2;
String userRegion3=StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3();
userRegion3 = BaseService.replaceContentEscape(userRegion3);
substitute=substitute+"/"+userRegion3;
userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
maatCfg.setUserRegion(userRegion);
}
//ip仿冒自定义域信息
if(entity.getAction().equals(48)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion="nat_type="+entity.getUserRegion1();
userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
maatCfg.setUserRegion(userRegion);
}
}
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(entity.getAction().equals(Constants.RATELIMIT_ACTION)){
if(entity.getUserRegion1().equals("0")){//丢包率
entity.setUserRegion2(StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+entity.getUserRegion2());
}else if(entity.getUserRegion1().equals("1")){//带宽
entity.setUserRegion3(StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3());
maatCfg.setUserRegion(Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+entity.getUserRegion3());
}
}
String userRegion="";
//替换需要发zone
if(entity.getAction().equals(Constants.REPLACE_ACTION)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion=Constants.REPLACE_ZONE_KEY+"="+entity.getUserRegion1();
String substitute="";
String userRegion2=StringUtil.isEmpty(entity.getUserRegion2()) ? "":entity.getUserRegion2();
substitute="/";
userRegion2 = BaseService.replaceContentEscape(userRegion2);
substitute=substitute+userRegion2;
String userRegion3=StringUtil.isEmpty(entity.getUserRegion3()) ? "":entity.getUserRegion3();
userRegion3 = BaseService.replaceContentEscape(userRegion3);
substitute=substitute+"/"+userRegion3;
userRegion=userRegion+";"+Constants.REPLACE_SUBSTITUTE_KEY+"="+substitute;
maatCfg.setUserRegion(userRegion);
}
//ip仿冒自定义域信息
if(entity.getAction().equals(48)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion="nat_type="+entity.getUserRegion1();
userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
maatCfg.setUserRegion(userRegion);
}
//域名拦截需要增加域名id和域名字符串自定义配置
if(StringUtil.isEmpty(maatCfg.getUserRegion())

7
src/main/java/com/nis/web/service/configuration/ProxyFileTrafficMirrorService.java
View File

@@ -37,7 +37,12 @@ public class ProxyFileTrafficMirrorService extends BaseService{
page.setList(list);
return page;
}
/**
*/
public List<ProxyFileTrafficMirrorCfg> findMirrorList(String compileIds,Integer isValid,Integer isAudit) {
return proxyFileDao.findMirrorList(compileIds,isValid,isAudit);
}
public ProxyFileTrafficMirrorCfg getCfgById(Long cfgId) {
return proxyFileDao.getCfgById(cfgId);
}

4
src/main/java/com/nis/web/service/configuration/PxyObjKeyringService.java
View File

@@ -85,6 +85,10 @@ public class PxyObjKeyringService extends BaseService{
List<PxyObjKeyring> list=pxyObjKeyringDao.findList(cfgId,isValid,isAudit,cfgType);
return list;
}
public List<PxyObjKeyring> findAllPxyObjKeyrings(String compileIds,Integer isValid,Integer isAudit,String cfgType) {
List<PxyObjKeyring> list=pxyObjKeyringDao.findLists(compileIds,isValid,isAudit,cfgType);
return list;
}
public PxyObjKeyring getPxyObjKeyring(Long id,Integer isValid) {
List<PxyObjKeyring> list=pxyObjKeyringDao.findList(id,isValid,null,null);