gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IP Spoofing增加配置导入功能.

Browse Source
This commit is contained in:
zhangwenqing
2019-01-15 14:12:33 +08:00
parent c78edb4d50
commit d70f53301e
10 changed files with 285 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

149
src/main/java/com/nis/web/controller/BaseController.java
View File

@@ -73,6 +73,7 @@ import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.FileDigestCfg;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
import com.nis.domain.configuration.PxyObjTrustedCaCert;
import com.nis.domain.configuration.PxyObjTrustedCaCrl;
import com.nis.domain.configuration.RequestInfo;
@@ -104,6 +105,7 @@ import com.nis.domain.configuration.template.IpAllTemplate;
import com.nis.domain.configuration.template.IpCfgTemplate;
import com.nis.domain.configuration.template.IpPayloadTemplate;
import com.nis.domain.configuration.template.IpRateLimitTemplate;
import com.nis.domain.configuration.template.IpSpoofingTemplate;
import com.nis.domain.configuration.template.IpWhitelistTemplate;
import com.nis.domain.configuration.template.P2pHashStringTemplate;
import com.nis.domain.configuration.template.P2pIpTemplate;
@@ -120,6 +122,7 @@ import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
import com.nis.domain.maat.MaatCfg.StringCfg;
import com.nis.domain.report.NtcPzReport;
import com.nis.domain.maat.ToMaatBean;
import com.nis.domain.maat.ToMaatResult;
import com.nis.domain.specific.ConfigGroupInfo;
import com.nis.domain.specific.SpecificServiceCfg;
import com.nis.exceptions.MaatConvertException;
@@ -142,6 +145,7 @@ import com.nis.util.excel.thread.CheckDnsResStrategyFormatThread;
import com.nis.util.excel.thread.CheckIpFormatThread;
import com.nis.util.excel.thread.CheckStringFormatThread;
import com.nis.util.excel.thread.CheckTopicWebsiteFormatThread;
import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.ArchiveServcie;
import com.nis.web.service.AreaService;
@@ -151,6 +155,7 @@ import com.nis.web.service.LogService;
import com.nis.web.service.MenuService;
import com.nis.web.service.OfficeService;
import com.nis.web.service.RoleService;
import com.nis.web.service.SpringContextHolder;
import com.nis.web.service.SystemService;
import com.nis.web.service.UserService;
import com.nis.web.service.basics.AsnGroupInfoService;
@@ -1435,6 +1440,9 @@ public class BaseController {
}else if(regionDict.getFunctionId().equals(3)) { // IP白名单
BlockingQueue<IpWhitelistTemplate> list = ei.getDataList(IpWhitelistTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}else if(regionDict.getFunctionId().equals(214)) { // IpSpoofing
BlockingQueue<IpSpoofingTemplate> list = ei.getDataList(IpSpoofingTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
}else {
BlockingQueue<IpAllTemplate> list = ei.getDataList(IpAllTemplate.class );
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict, null,asnGroupInfos, list);
@@ -1627,6 +1635,145 @@ public class BaseController {
_ipPortCfgs.clear();
asnIpCfgs.clear();
}
}else if(regionDict.getFunctionId().intValue()==214) { // IpSpoofing
List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
while(!ipPortCfgs.isEmpty()) {
ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
List<Integer> compileIds=Lists.newArrayList();
List<Integer> spoofingPoolIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
List<Integer> groupIds=Lists.newArrayList();
List<Integer> numRegionGroupIds=Lists.newArrayList();
List<Integer> numRegionRegionIds=Lists.newArrayList();
List<PxyObjSpoofingIpPool> spoofingPools = new ArrayList<PxyObjSpoofingIpPool>();
PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao = SpringContextHolder.getBean(PxyObjSpoofingIpPoolDao.class);
PxyObjSpoofingIpPoolService pxyObjSpoofingIpPoolService = SpringContextHolder.getBean(PxyObjSpoofingIpPoolService.class);
try {
compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
spoofingPoolIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
if(isSend.equals("1")) {
groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
//需要获取数值域的id
if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) {
numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
}
}
} catch (Exception e) {
e.printStackTrace();
logger.info("获取编译ID出错");
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
}
int ind=0;
for (BaseIpCfg cfg : _ipPortCfgs) {
cfg.setAction(serviceDict==null?null:serviceDict.getAction());
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
cfg.setCfgType(regionDict.getConfigRegionValue());
cfg.setCreateTime(date);
cfg.setCreatorId(UserUtils.getUser().getId());
cfg.setFunctionId(regionDict.getFunctionId());
if(isSend.equals("1")) {
cfg.setIsAudit(Constants.AUDIT_YES);
cfg.setIsValid(Constants.VALID_YES);
cfg.setAuditorId(UserUtils.getUser().getId());
cfg.setAuditTime(date);
if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
cfg.setGroupId(groupIds.get(ind));
}
if(regionIds!=null&&regionIds.size()==_ipPortCfgs.size()) {
cfg.setRegionId(regionIds.get(ind));
}
if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
}
if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
}
}
}else {
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
cfg.setIsValid(Constants.VALID_NO);
}
cfg.setIsAreaEffective(0);
cfg.setLable("0");
cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
cfg.setAttribute(attribute);
cfg.setClassify(classify);
cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId());
cfg.setTableName("ip_port_cfg");
if(compileIds.size()==_ipPortCfgs.size()) {
cfg.setCompileId(compileIds.get(ind));
}
// 保存IP仿冒池
PxyObjSpoofingIpPool spoofingPool = new PxyObjSpoofingIpPool();
spoofingPool.setIpType(4);//ipv4
spoofingPool.setIpAddress(cfg.getUserRegion2());//仿冒IP
spoofingPool.setProtocol(0);
if("dnat".equals(cfg.getUserRegion1().toLowerCase())){//spoofing server ip->dnat
spoofingPool.setDirection(1);
}else{
spoofingPool.setDirection(2);//spoofing client ip->snat
}
spoofingPool.setPort("0");
spoofingPool.setUserRegion("0");
spoofingPool.setLocation(0);
spoofingPool.setServiceId(642);
spoofingPool.setAreaEffectiveIds("0");
spoofingPool.setIsAreaEffective(0);
spoofingPool.setCreateTime(date);
spoofingPool.setCreatorId(UserUtils.getUser().getId());
if(spoofingPoolIds.size()==_ipPortCfgs.size()) {
spoofingPool.setCompileId(spoofingPoolIds.get(ind));
}
spoofingPool.setAction(1);
spoofingPool.setFunctionId(666);
spoofingPool.setRequestId(0);
if(isSend.equals("1")) {
spoofingPool.setIsAudit(Constants.AUDIT_YES);
spoofingPool.setIsValid(Constants.VALID_YES);
spoofingPool.setAuditorId(UserUtils.getUser().getId());
spoofingPool.setAuditTime(date);
}else {
spoofingPool.setIsValid(Constants.VALID_NO);
spoofingPool.setIsAudit(Constants.AUDIT_NOT_YET);
}
pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置
cfg.setUserRegion3(String.valueOf(spoofingPool.getCfgId()));//将仿冒IP池配置ID作为策略组ID
if(isSend.equals("1")) {
PxyObjSpoofingIpPool pool=new PxyObjSpoofingIpPool();
pool.setCfgId(Long.valueOf(cfg.getUserRegion3()));
pool.setIsValid(cfg.getIsValid());
pool.setIsAudit(cfg.getIsAudit());
pool.setAuditorId(UserUtils.getUser().getId());
pool.setAuditTime(date);
pxyObjSpoofingIpPoolDao.update(pool);
spoofingPool.setAreaEffectiveIds("0");
spoofingPool.setGroupId(spoofingPool.getCfgId().intValue());
spoofingPools.add(spoofingPool);
}
CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"});
cfgIndexInfos.add(cfgIndexInfo);
ind++;
}
if(isSend.equals("1") && spoofingPools.size()>0) {
pxyObjSpoofingIpPoolService.auditSpoofingPool(spoofingPools);
}
ipCfgService.saveAndSend(regionDict, serviceDict, specificServiceCfg, _ipPortCfgs, cfgIndexInfos, appPolicyCfgs,appFeatureIndexs,asnNoMaps,isSend.equals("1"));
cfgIndexInfos.clear();
appPolicyCfgs.clear();
_ipPortCfgs.clear();
}
}else {
List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
while(!ipPortCfgs.isEmpty()) {
@@ -2297,6 +2444,8 @@ public class BaseController {
}
} else if(regionDict.getFunctionId().equals(3)) { // IP白名单
ei.loadInitParams(IpWhitelistTemplate.class, msgProp, regionDict, serviceDict);
} else if(regionDict.getFunctionId().equals(214)) { // IpSpoofing
ei.loadInitParams(IpSpoofingTemplate.class, msgProp, regionDict, serviceDict);
} else {
ei.loadInitParams(IpAllTemplate.class, msgProp, regionDict, serviceDict);
}