gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改ip spoofing配置逻辑,删除spoofing ip pool配置菜单功能,在ip spoofing策略配置功能中,自动创建ip

Browse Source 
pool配置,ip spoofing策略审核下发与取消审核时,同时审核下发或取消ip pool配置
This commit is contained in:
zhangwei
2018-12-27 21:00:23 +06:00
parent c46f0f5f43
commit 6b189ec768
9 changed files with 173 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
src/main/java/com/nis/web/service/configuration/InterceptCfgService.java
View File

@@ -18,6 +18,7 @@ import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.configuration.HttpUrlCfg;
import com.nis.domain.configuration.InterceptPktBin;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
import com.nis.domain.maat.MaatCfg;
import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
import com.nis.domain.maat.ToMaatBean;
@@ -33,6 +34,7 @@ import com.nis.util.Constants;
import com.nis.util.StringUtil;
import com.nis.web.dao.configuration.AreaIpCfgDao;
import com.nis.web.dao.configuration.InterceptCfgDao;
import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
import com.nis.web.dao.configuration.WebsiteCfgDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
@@ -51,6 +53,8 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
protected InterceptCfgDao interceptCfgDao;
@Autowired
protected AreaIpCfgDao areaIpCfgDao;
@Autowired
protected PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao;
public CfgIndexInfo getInterceptCfg(Long cfgId,Integer compileId){
CfgIndexInfo entity = websiteCfgDao.getCfgIndexInfo(cfgId,compileId);
@@ -107,20 +111,57 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
setAreaEffectiveIds(entity);
if(entity.getCfgId()==null){
Integer compileId = 0;
Integer spoofingPoolId = 0 ;
try {
List<Integer> idList = ConfigServiceUtil.getId(1, 1);
if(idList!=null && idList.size()>0){
List<Integer> idList = new ArrayList();
if(entity.getServiceId().equals(518)){//ip仿冒策略
idList= ConfigServiceUtil.getId(1, 2);
compileId = idList.get(0);
}
spoofingPoolId = idList.get(1);
}else{
idList= ConfigServiceUtil.getId(1, 1);
compileId = idList.get(0);
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
if(entity.getServiceId().equals(518)){//ip仿冒策略
//保存IP仿冒池
PxyObjSpoofingIpPool spoofingPool = new PxyObjSpoofingIpPool();
spoofingPool.setIpType(4);//ipv4
spoofingPool.setIpAddress(entity.getUserRegion2());//仿冒IP
spoofingPool.setProtocol(0);
if("dnat".equals(entity.getUserRegion1().toLowerCase())){//spoofing server ip->dnat
spoofingPool.setDirection(1);
}else{
spoofingPool.setDirection(2);//spoofing client ip->snat
}
spoofingPool.setPort("0");
spoofingPool.setUserRegion("0");
spoofingPool.setLocation(0);
spoofingPool.setServiceId(642);
spoofingPool.setAreaEffectiveIds("0");
spoofingPool.setIsAreaEffective(0);
spoofingPool.setCreateTime(new Date());
spoofingPool.setCreatorId(UserUtils.getUser().getId());
spoofingPool.setCompileId(spoofingPoolId);
spoofingPool.setAction(1);
spoofingPool.setFunctionId(666);
spoofingPool.setRequestId(0);
pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置
entity.setUserRegion3(String.valueOf(spoofingPool.getCfgId()));//将仿冒IP池配置ID作为策略组ID
}
entity.setCompileId(compileId);
entity.setCreateTime(new Date());
entity.setCreatorId(entity.getCurrentUser().getId());
websiteCfgDao.saveCfgIndex(entity);
if(entity.getIpPortList()!=null){
for(IpPortCfg cfg:entity.getIpPortList()){
BeanUtils.copyProperties(entity, cfg,new String[]{"cfgRegionCode","cfgType"});
@@ -155,6 +196,30 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
}else{
if(entity.getServiceId().equals(518)){//ip仿冒策略
//保存IP仿冒池
Long cfgId = Long.parseLong(entity.getUserRegion3());
PxyObjSpoofingIpPool spoofingPool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(cfgId);
spoofingPool.setIpType(4);//ipv4
spoofingPool.setIpAddress(entity.getUserRegion2());//仿冒IP
spoofingPool.setProtocol(0);
if("dnat".equals(entity.getUserRegion1())){//spoofing server ip->dnat
spoofingPool.setDirection(1);
}else{
spoofingPool.setDirection(2);//spoofing client ip->snat
}
spoofingPool.setPort("0");
spoofingPool.setUserRegion("0");
spoofingPool.setLocation(0);
spoofingPool.setServiceId(642);
spoofingPool.setAreaEffectiveIds("0");
spoofingPool.setIsAreaEffective(0);
spoofingPool.setEditTime(new Date());
spoofingPool.setEditorId(UserUtils.getUser().getId());
pxyObjSpoofingIpPoolDao.update(spoofingPool);//保存仿冒IP池配置
}
entity.setEditTime(new Date());
entity.setEditorId(entity.getCurrentUser().getId());
@@ -220,6 +285,20 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
websiteCfgDao.updateCfgValid(entity);
//查询子配置
entity = this.getInterceptCfg(Long.parseLong(id),entity.getCompileId());
//IP仿冒策略下的仿冒IP池也失效
if(entity.getServiceId().equals(518)){
PxyObjSpoofingIpPool pool = new PxyObjSpoofingIpPool();
if(StringUtils.isNotEmpty(entity.getUserRegion3())){
pool.setCfgId(Long.parseLong(entity.getUserRegion3()));
pool.setIsValid(isValid);
pool.setIsAudit(entity.getIsAudit());
pool.setEditTime(new Date());
pool.setEditorId(UserUtils.getUser().getId());
pxyObjSpoofingIpPoolDao.update(pool);
}
}
if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){
IpPortCfg cfg = new IpPortCfg();
BeanUtils.copyProperties(entity, cfg, new String[]{"cfgId"});
@@ -274,6 +353,56 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
//查询子配置并修改审核状态
entity = this.getInterceptCfg(entity.getCfgId(),entity.getCompileId());
if(entity.getServiceId().equals(518)){//IP仿冒策略
//仿冒IP池配置匹配下发或者取消
PxyObjSpoofingIpPool pool=new PxyObjSpoofingIpPool();
pool.setCfgId(Long.valueOf(entity.getUserRegion3()));
pool.setIsValid(entity.getIsValid());
pool.setIsAudit(isAudit);
pool.setAuditorId(UserUtils.getUser().getId());
pool.setAuditTime(new Date());
pxyObjSpoofingIpPoolDao.update(pool);
pool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(pool.getCfgId());
List<PxyObjSpoofingIpPool> list = new ArrayList<PxyObjSpoofingIpPool>();
String json="";
String areaEffectiveIds="0";
if(entity.getIsAudit()==1){
pool.setAreaEffectiveIds(areaEffectiveIds);
pool.setGroupId(pool.getCfgId().intValue());//界面端的配置ID作为策略分组ID
list.add(pool);
//调用服务接口下发配置数据
json=gsonToJson(list);
logger.info("欺骗IP池配置下发配置参数"+json);
//调用服务接口下发配置
try {
ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
if(result!=null){
logger.info("欺骗IP池配置下发响应信息"+result.getMsg());
}
} catch (Exception e) {
logger.error("欺骗IP池配置配置下发失败",e);
throw e;
}
}else if(entity.getIsAudit()==3){
PxyObjSpoofingIpPool cfg = new PxyObjSpoofingIpPool();
cfg.setIsValid(0);
cfg.setCompileId(pool.getCompileId());
cfg.setServiceId(pool.getServiceId());
list.add(cfg);
//调用服务接口取消配置
json=gsonToJson(list);
logger.info("欺骗IP池配置配置参数"+json);
//调用服务接口取消配置
try {
ToMaatResult result = ConfigServiceUtil.put(json, 2);
logger.info("欺骗IP池配置响应信息"+result.getMsg());
} catch (Exception e) {
e.printStackTrace();
logger.info("欺骗IP池配置配置失败");
throw e;
}
}
}
if(entity.getIpPortList()!=null && entity.getIpPortList().size()>0){
IpPortCfg cfg = new IpPortCfg();
BeanUtils.copyProperties(entity, cfg, new String[]{"cfgId"});
@@ -398,7 +527,7 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
if(entity.getAction().equals(48)){
//HTTP replace replace type is not null ;find is not null;replace with is not null(userRegion is not null)
userRegion="nat_type="+entity.getUserRegion1();
userRegion+=";spoofing_ip_pool="+entity.getUserRegion2();
userRegion+=";spoofing_ip_pool="+entity.getUserRegion3();
maatCfg.setUserRegion(userRegion);
}