gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

InterceptPolicy:添加protocol errors参数、且修正默认参数

Browse Source
This commit is contained in:
wangwei
2019-06-20 17:59:50 +08:00
parent cf6d462feb
commit 8217770d6d
11 changed files with 155 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/com/nis/domain/configuration/BaseIpCfg.java
View File

@@ -405,6 +405,7 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
protected Integer certTransparency;
protected Integer clientCertReq;
protected Integer pinning;
protected Integer protocolErrors;
protected Integer cn;
protected Integer issuer;
protected Integer selfSigned;
@@ -446,6 +447,12 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
}
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
public Integer getProtocolErrors() {
return protocolErrors;
}
public void setProtocolErrors(Integer protocolErrors) {
this.protocolErrors = protocolErrors;
}
public Integer getCn() {
return cn;

7
src/main/java/com/nis/domain/configuration/BaseStringCfg.java
View File

@@ -294,6 +294,7 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
protected Integer certTransparency;
protected Integer clientCertReq;
protected Integer pinning;
protected Integer protocolErrors;
protected Integer cn;
protected Integer issuer;
protected Integer selfSigned;
@@ -335,6 +336,12 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
}
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
public Integer getProtocolErrors() {
return protocolErrors;
}
public void setProtocolErrors(Integer protocolErrors) {
this.protocolErrors = protocolErrors;
}
public Integer getCn() {
return cn;

30
src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
View File

@@ -18,27 +18,29 @@ public class PxyInterceptCfg extends CfgIndexInfo {
private String clientCertReq;
@ExcelField(title="exclusions_pinning",dictType="SYS_YES_NO",sort=12)
private String pinning;
@ExcelField(title="cert_verify_approach_cn",dictType="SYS_YES_NO",sort=13)
@ExcelField(title="exclusions_protocol_errors",dictType="SYS_YES_NO",sort=13)
private String protocolErrors;
@ExcelField(title="cert_verify_approach_cn",dictType="SYS_YES_NO",sort=14)
private String cn;
@ExcelField(title="cert_verify_approach_issuer",dictType="SYS_YES_NO",sort=14)
@ExcelField(title="cert_verify_approach_issuer",dictType="SYS_YES_NO",sort=15)
private String issuer;
@ExcelField(title="cert_verify_approach_self_signed",dictType="SYS_YES_NO",sort=15)
@ExcelField(title="cert_verify_approach_self_signed",dictType="SYS_YES_NO",sort=16)
private String selfSigned;
@ExcelField(title="cert_verify_approach_expiration",dictType="SYS_YES_NO",sort=16)
@ExcelField(title="cert_verify_approach_expiration",dictType="SYS_YES_NO",sort=17)
private String expiration;
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",sort=17)
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",sort=18)
private String failMethod;
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",sort=18)
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",sort=19)
private String min;
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",sort=19)
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",sort=20)
private String max;
@ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=20)
@ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=21)
private String mirrorClient;
@ExcelField(title="ssl_ver_allow_http2",dictType="SYS_YES_NO",sort=21)
@ExcelField(title="ssl_ver_allow_http2",dictType="SYS_YES_NO",sort=22)
private String allowHttp2;
@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=22)
@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=23)
private String enable;
@ExcelField(title="decrypt_mirror_mirror_profile",sort=23)
@ExcelField(title="decrypt_mirror_mirror_profile",sort=24)
private String mirrorProfile;
private String userRegion1;
private String userRegion2;
@@ -74,6 +76,12 @@ public class PxyInterceptCfg extends CfgIndexInfo {
}
public void setPinning(String pinning) {
this.pinning = pinning;
}
public String getProtocolErrors() {
return protocolErrors;
}
public void setProtocolErrors(String protocolErrors) {
this.protocolErrors = protocolErrors;
}
public String getCn() {
return cn;

31
src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
View File

@@ -13,6 +13,8 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
private Integer pinning;
private Integer protocolErrors;
private Integer cn;
private Integer issuer;
@@ -70,77 +72,84 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
@ExcelField(title="protocol_errors",align=2,sort=22)
public Integer getProtocolErrors() {
return protocolErrors;
}
public void setProtocolErrors(Integer protocolErrors) {
this.protocolErrors = protocolErrors;
}
@ExcelField(title="cert_verify_approach_cn",align=2,sort=23)
public Integer getCn() {
return cn;
}
public void setCn(Integer cn) {
this.cn = cn;
}
@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
@ExcelField(title="cert_verify_approach_issuer",align=2,sort=24)
public Integer getIssuer() {
return issuer;
}
public void setIssuer(Integer issuer) {
this.issuer = issuer;
}
@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=25)
public Integer getSelfSigned() {
return selfSigned;
}
public void setSelfSigned(Integer selfSigned) {
this.selfSigned = selfSigned;
}
@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
@ExcelField(title="cert_verify_approach_expiration",align=2,sort=26)
public Integer getExpiration() {
return expiration;
}
public void setExpiration(Integer expiration) {
this.expiration = expiration;
}
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=27)
public String getFailMethod() {
return failMethod;
}
public void setFailMethod(String failMethod) {
this.failMethod = failMethod;
}
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=28)
public String getMin() {
return min;
}
public void setMin(String min) {
this.min = min;
}
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=29)
public String getMax() {
return max;
}
public void setMax(String max) {
this.max = max;
}
@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
@ExcelField(title="ssl_ver_mirror_client",align=2,sort=30)
public Integer getMirrorClient() {
return mirrorClient;
}
public void setMirrorClient(Integer mirrorClient) {
this.mirrorClient = mirrorClient;
}
@ExcelField(title="ssl_ver_allow_http2",align=2,sort=30)
@ExcelField(title="ssl_ver_allow_http2",align=2,sort=31)
public Integer getAllowHttp2() {
return allowHttp2;
}
public void setAllowHttp2(Integer allowHttp2) {
this.allowHttp2 = allowHttp2;
}
@ExcelField(title="decrypt_mirror_enable",align=2,sort=31)
@ExcelField(title="decrypt_mirror_enable",align=2,sort=32)
public Integer getEnable() {
return enable;
}
public void setEnable(Integer enable) {
this.enable = enable;
}
@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32)
@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=33)
public Integer getMirrorProfile() {
return mirrorProfile;
}

31
src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
View File

@@ -14,6 +14,8 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
private Integer pinning;
private Integer protocolErrors;
private Integer cn;
private Integer issuer;
@@ -71,77 +73,84 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
public void setPinning(Integer pinning) {
this.pinning = pinning;
}
@ExcelField(title="cert_verify_approach_cn",align=2,sort=22)
@ExcelField(title="exclusions_protocol_errors",align=2,sort=22)
public Integer getProtocolErrors() {
return protocolErrors;
}
public void setProtocolErrors(Integer protocolErrors) {
this.protocolErrors = protocolErrors;
}
@ExcelField(title="cert_verify_approach_cn",align=2,sort=23)
public Integer getCn() {
return cn;
}
public void setCn(Integer cn) {
this.cn = cn;
}
@ExcelField(title="cert_verify_approach_issuer",align=2,sort=23)
@ExcelField(title="cert_verify_approach_issuer",align=2,sort=24)
public Integer getIssuer() {
return issuer;
}
public void setIssuer(Integer issuer) {
this.issuer = issuer;
}
@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=24)
@ExcelField(title="cert_verify_approach_self_signed",align=2,sort=25)
public Integer getSelfSigned() {
return selfSigned;
}
public void setSelfSigned(Integer selfSigned) {
this.selfSigned = selfSigned;
}
@ExcelField(title="cert_verify_approach_expiration",align=2,sort=25)
@ExcelField(title="cert_verify_approach_expiration",align=2,sort=26)
public Integer getExpiration() {
return expiration;
}
public void setExpiration(Integer expiration) {
this.expiration = expiration;
}
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=26)
@ExcelField(title="cert_verify_fail_method",dictType="FAIL_METHOD",align=2,sort=27)
public String getFailMethod() {
return failMethod;
}
public void setFailMethod(String failMethod) {
this.failMethod = failMethod;
}
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=27)
@ExcelField(title="ssl_ver_min",dictType="SSL_VERSION",align=2,sort=28)
public String getMin() {
return min;
}
public void setMin(String min) {
this.min = min;
}
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=28)
@ExcelField(title="ssl_ver_max",dictType="SSL_VERSION",align=2,sort=29)
public String getMax() {
return max;
}
public void setMax(String max) {
this.max = max;
}
@ExcelField(title="ssl_ver_mirror_client",align=2,sort=29)
@ExcelField(title="ssl_ver_mirror_client",align=2,sort=30)
public Integer getMirrorClient() {
return mirrorClient;
}
public void setMirrorClient(Integer mirrorClient) {
this.mirrorClient = mirrorClient;
}
@ExcelField(title="ssl_ver_allow_http2",align=2,sort=30)
@ExcelField(title="ssl_ver_allow_http2",align=2,sort=31)
public Integer getAllowHttp2() {
return allowHttp2;
}
public void setAllowHttp2(Integer allowHttp2) {
this.allowHttp2 = allowHttp2;
}
@ExcelField(title="decrypt_mirror_enable",align=2,sort=31)
@ExcelField(title="decrypt_mirror_enable",align=2,sort=32)
public Integer getEnable() {
return enable;
}
public void setEnable(Integer enable) {
this.enable = enable;
}
@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32)
@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=33)
public Integer getMirrorProfile() {
return mirrorProfile;
}

24
src/main/java/com/nis/util/excel/ExportExcel.java
View File

@@ -717,6 +717,28 @@ public class ExportExcel {
index++;
}
}
//pinning
if("exclusions_protocol_errors".equals(headerStr)) {
commentStr="";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";
index++;
commentStr+=0+""+msgProp.getProperty("no")+"\n";
index++;
if(StringUtil.isEmpty(headerStr)){
headerStr="";
commentStr="";
}else{
index++;
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
index++;
//2、默认值说明
commentStr=commentStr+""+msgProp.getProperty("default_value")+":1\n";
index++;
index++;
}
}
//cn
if("cert_verify_approach_cn".equals(headerStr)) {
commentStr="";
@@ -908,7 +930,7 @@ public class ExportExcel {
//allow_http2
if("ssl_ver_allow_http2".equals(headerStr)) {
commentStr="";
defaultValue="0";
defaultValue="1";
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
index++;
commentStr+=1+""+msgProp.getProperty("yes")+"\n";

13
src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
View File

@@ -575,6 +575,7 @@ public class CheckIpFormatThread implements Callable<String>{
Integer certTransparency=baseIpCfg.getCertTransparency();
Integer clientCertReq=baseIpCfg.getClientCertReq();
Integer pinning=baseIpCfg.getPinning();
Integer protocolErrors=baseIpCfg.getProtocolErrors();
Integer cn=baseIpCfg.getCn();
Integer issuer=baseIpCfg.getIssuer();
Integer selfSigned=baseIpCfg.getSelfSigned();
@@ -649,6 +650,16 @@ public class CheckIpFormatThread implements Callable<String>{
}else {
map.put("pinning", 1);
}
if(protocolErrors!=null) {
if(protocolErrors!=0&&protocolErrors!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_protocol_errors","exclusions protocol errors") + " ") + ";");
}else {
map.put("protocol_errors", protocolErrors);
}
}else {
map.put("protocol_errors", 1);
}
userRegionMap.put("exclusions", map);
map=new HashMap<>();
Map<String,Object> map1=new HashMap<>();
@@ -724,7 +735,7 @@ public class CheckIpFormatThread implements Callable<String>{
}
}
if(allowHttp2==null) {
allowHttp2=0;
allowHttp2=1;
map.put("allow_http2", allowHttp2);
}else {
if(allowHttp2!=0&&allowHttp2!=1) {

13
src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
View File

@@ -521,6 +521,7 @@ public class CheckStringFormatThread implements Callable<String>{
Integer certTransparency=baseStringCfg.getCertTransparency();
Integer clientCertReq=baseStringCfg.getClientCertReq();
Integer pinning=baseStringCfg.getPinning();
Integer protocolErrors=baseStringCfg.getProtocolErrors();
Integer cn=baseStringCfg.getCn();
Integer issuer=baseStringCfg.getIssuer();
Integer selfSigned=baseStringCfg.getSelfSigned();
@@ -595,6 +596,16 @@ public class CheckStringFormatThread implements Callable<String>{
}else {
map.put("pinning", 1);
}
if(protocolErrors!=null) {
if(protocolErrors!=0&&protocolErrors!=1) {
errInfo.append(String.format(prop.getProperty("is_incorrect"),
prop.getProperty("exclusions_protocol_errors","exclusions protocol errors") + " ") + ";");
}else {
map.put("protocol_errors", protocolErrors);
}
}else {
map.put("protocol_errors", 1);
}
userRegionMap.put("exclusions", map);
map=new HashMap<>();
Map<String,Object> map1=new HashMap<>();
@@ -670,7 +681,7 @@ public class CheckStringFormatThread implements Callable<String>{
}
}
if(allowHttp2==null) {
allowHttp2=0;
allowHttp2=1;
map.put("allow_http2", allowHttp2);
}else {
if(allowHttp2!=0&&allowHttp2!=1) {

9
src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
View File

@@ -141,6 +141,7 @@ public class InterceptController extends CommonController {
String cert_transparency = request.getParameter("cert_transparency");
String client_cert_req = request.getParameter("client_cert_req");
String pinning = request.getParameter("pinning");
String protocol_errors = request.getParameter("protocol_errors");
if(StringUtils.isNotBlank(ev_cert)){
map.put("ev_cert", Integer.parseInt(ev_cert.trim()));
}else {
@@ -156,6 +157,11 @@ public class InterceptController extends CommonController {
}else {
map.put("pinning", 0);
}
if(StringUtils.isNotBlank(protocol_errors)){
map.put("protocol_errors", Integer.parseInt(protocol_errors.trim()));
}else {
map.put("protocol_errors", 0);
}
if(StringUtils.isNotBlank(client_cert_req)){
map.put("client_cert_req", Integer.parseInt(client_cert_req.trim()));
}else {
@@ -526,6 +532,9 @@ public class InterceptController extends CommonController {
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
pxyInterceptCfg.setPinning(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)userregion.get("exclusions")).containsKey("ev_cert")) {
pxyInterceptCfg.setProtocolErrors(((Map<String,Object>)userregion.get("exclusions")).get("ev_cert").toString());
}
if(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).containsKey("cn")) {
pxyInterceptCfg.setCn(((Map<String,Object>)((Map<String,Object>)userregion.get("cert_verify")).get("approach")).get("cn").toString());
}