IP Spoofing增加配置导入功能.

src/main/java/com/nis/domain/configuration/template/IpSpoofingTemplate.java

@@ -0,0 +1,31 @@
+package com.nis.domain.configuration.template;
+
+import com.nis.util.excel.ExcelField;
+
+/**
+ * EXCEL IpSpoofing 导入模板
+ * @author dell
+ *
+ */
+public class IpSpoofingTemplate extends IpAllTemplate{
+	
+	private String userRegion1;
+	private String userRegion2;
+	
+	@ExcelField(title="spoofing",dictType="SPOOFING_IP_TYPE",align=2,sort=3)
+	public String getUserRegion1() {
+		return userRegion1;
+	}
+	public void setUserRegion1(String userRegion1) {
+		this.userRegion1 = userRegion1;
+	}
+	
+	@ExcelField(title="With",align=2,sort=4)
+	public String getUserRegion2() {
+		return userRegion2;
+	}
+	public void setUserRegion2(String userRegion2) {
+		this.userRegion2 = userRegion2;
+	}
+	
+}

src/main/java/com/nis/util/excel/ExportExcel.java

@@ -522,7 +522,38 @@ public class ExportExcel {
 				index++;
 			}
 		}
-		
+
+		/** Ip Spoofing **/
+		if("spoofing".equals(headerStr) && (region.getFunctionId().equals(214))){
+			commentStr="";
+			List<SysDataDictionaryItem> dict=DictUtils.getDictList("SPOOFING_IP_TYPE");
+			if(dict !=null && dict.size()>0){
+				for (SysDataDictionaryItem sysDataDictionaryItem : dict) {
+					commentStr=commentStr+sysDataDictionaryItem.getItemCode()+"（"+msgProp.getProperty(sysDataDictionaryItem.getItemValue(),sysDataDictionaryItem.getItemValue())+"）\n";
+					index++;
+				}
+				defaultValue=dict.get(0).getItemCode();
+			}
+			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
+			index++;
+			index++;
+			commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
+			index++;
+			if(!StringUtil.isEmpty(defaultValue)){
+				//1、默认值说明
+				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
+				index++;
+				index++;
+			}
+		}
+		if(("With".equals(headerStr)) && (region.getFunctionId().equals(214))){
+			commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
+			index++;
+			//1、非空
+			commentStr=commentStr+"▶"+msgProp.getProperty("required")+"\n";
+			index++;
+		}
+			
 		if(region.getRegionType().equals(1)){//IP配置
 			//ip配置需要导入的信息：srcIp srcPort destIp destPort Protocol Direction
 			//确定需要导入的srcIp srcPort destIp destPort信息

src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java

@@ -521,6 +521,38 @@ public class CheckIpFormatThread implements Callable<String>{
 				}
 			}
 			
+			// IpSpoofing
+			if (regionDict.getFunctionId().equals(214)) {
+				List<SysDataDictionaryItem> dicts = DictUtils.getDictList("SPOOFING_IP_TYPE");
+				if(StringUtils.isBlank(baseIpCfg.getUserRegion1())) {
+					baseIpCfg.setUserRegion1(dicts.get(0).getItemCode());
+				}
+				String userRegion1 = baseIpCfg.getUserRegion1(); // SpooFing
+				String userRegion2 = baseIpCfg.getUserRegion2(); // With
+				if (StringUtils.isNotBlank(userRegion1)) {
+					boolean has = false;
+					for (SysDataDictionaryItem dict : dicts) {
+						if (dict.getItemCode().equals(userRegion1)) {
+							has = true;
+							break;
+						}
+					}
+					if (!has) {
+						errInfo.append(String.format(prop.getProperty("is_incorrect"),prop.getProperty("spoofing") + " ") + ";");
+					}
+				}
+				String errMsg = null == prop.getProperty("With")?"With ":prop.getProperty("With");
+				if(StringUtils.isBlank(userRegion2)) {
+					errInfo.append(
+							String.format(prop.getProperty("can_not_null"),errMsg + " ") + ";");
+				}else {
+					String regex = "^((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$";
+					if(!userRegion2.matches(regex)) {
+						errInfo.append(String.format(prop.getProperty("is_in_wrong_format"),errMsg +" ") + ";");
+					}
+				}
+			}
+			
 			if (regionDict.getRegionType().equals(1)) {
 				boolean srcIpEmpty = false;
 				boolean destIpEmpty = false;

src/main/java/com/nis/web/controller/BaseController.java

@@ -73,6 +73,7 @@ import com.nis.domain.configuration.DnsResStrategy;
 import com.nis.domain.configuration.FileDigestCfg;
 import com.nis.domain.configuration.IpPortCfg;
 import com.nis.domain.configuration.PxyObjKeyring;
+import com.nis.domain.configuration.PxyObjSpoofingIpPool;
 import com.nis.domain.configuration.PxyObjTrustedCaCert;
 import com.nis.domain.configuration.PxyObjTrustedCaCrl;
 import com.nis.domain.configuration.RequestInfo;
@@ -104,6 +105,7 @@ import com.nis.domain.configuration.template.IpAllTemplate;
 import com.nis.domain.configuration.template.IpCfgTemplate;
 import com.nis.domain.configuration.template.IpPayloadTemplate;
 import com.nis.domain.configuration.template.IpRateLimitTemplate;
+import com.nis.domain.configuration.template.IpSpoofingTemplate;
 import com.nis.domain.configuration.template.IpWhitelistTemplate;
 import com.nis.domain.configuration.template.P2pHashStringTemplate;
 import com.nis.domain.configuration.template.P2pIpTemplate;
@@ -120,6 +122,7 @@ import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
 import com.nis.domain.maat.MaatCfg.StringCfg;
 import com.nis.domain.report.NtcPzReport;
 import com.nis.domain.maat.ToMaatBean;
+import com.nis.domain.maat.ToMaatResult;
 import com.nis.domain.specific.ConfigGroupInfo;
 import com.nis.domain.specific.SpecificServiceCfg;
 import com.nis.exceptions.MaatConvertException;
@@ -142,6 +145,7 @@ import com.nis.util.excel.thread.CheckDnsResStrategyFormatThread;
 import com.nis.util.excel.thread.CheckIpFormatThread;
 import com.nis.util.excel.thread.CheckStringFormatThread;
 import com.nis.util.excel.thread.CheckTopicWebsiteFormatThread;
+import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
 import com.nis.web.security.UserUtils;
 import com.nis.web.service.ArchiveServcie;
 import com.nis.web.service.AreaService;
@@ -151,6 +155,7 @@ import com.nis.web.service.LogService;
 import com.nis.web.service.MenuService;
 import com.nis.web.service.OfficeService;
 import com.nis.web.service.RoleService;
+import com.nis.web.service.SpringContextHolder;
 import com.nis.web.service.SystemService;
 import com.nis.web.service.UserService;
 import com.nis.web.service.basics.AsnGroupInfoService;
@@ -1435,6 +1440,9 @@ public class BaseController {
 						}else if(regionDict.getFunctionId().equals(3)) { // IP白名单
 							BlockingQueue<IpWhitelistTemplate> list = ei.getDataList(IpWhitelistTemplate.class );
 							ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
+						}else if(regionDict.getFunctionId().equals(214)) { // IpSpoofing
+							BlockingQueue<IpSpoofingTemplate> list = ei.getDataList(IpSpoofingTemplate.class );
+							ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
 						}else {
 							BlockingQueue<IpAllTemplate> list = ei.getDataList(IpAllTemplate.class );
 							ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict, null,asnGroupInfos, list);
@@ -1627,6 +1635,145 @@ public class BaseController {
 								_ipPortCfgs.clear();
 								asnIpCfgs.clear();
 							}
+						}else if(regionDict.getFunctionId().intValue()==214) { // IpSpoofing
+							List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
+							while(!ipPortCfgs.isEmpty()) {
+								ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
+								List<Integer> compileIds=Lists.newArrayList();
+								List<Integer> spoofingPoolIds=Lists.newArrayList();
+								List<Integer> regionIds=Lists.newArrayList();
+								List<Integer> groupIds=Lists.newArrayList();
+								List<Integer> numRegionGroupIds=Lists.newArrayList();
+								List<Integer> numRegionRegionIds=Lists.newArrayList();
+								List<PxyObjSpoofingIpPool> spoofingPools = new ArrayList<PxyObjSpoofingIpPool>();
+								PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao = SpringContextHolder.getBean(PxyObjSpoofingIpPoolDao.class);
+								PxyObjSpoofingIpPoolService pxyObjSpoofingIpPoolService = SpringContextHolder.getBean(PxyObjSpoofingIpPoolService.class);
+								try {
+									 compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
+									 spoofingPoolIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
+									 if(isSend.equals("1")) {
+										 groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
+										 regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
+										 //需要获取数值域的id
+										 if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) {
+											 numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
+											 numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
+										 }
+									 }
+								} catch (Exception e) {
+									e.printStackTrace();
+									logger.info("获取编译ID出错");
+									throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
+								}
+								
+								int ind=0;
+								for (BaseIpCfg cfg : _ipPortCfgs) {
+									cfg.setAction(serviceDict==null?null:serviceDict.getAction());
+									cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
+									cfg.setCfgType(regionDict.getConfigRegionValue());
+									cfg.setCreateTime(date);
+									cfg.setCreatorId(UserUtils.getUser().getId());
+									cfg.setFunctionId(regionDict.getFunctionId());
+									if(isSend.equals("1")) {
+										cfg.setIsAudit(Constants.AUDIT_YES);
+										cfg.setIsValid(Constants.VALID_YES);
+										cfg.setAuditorId(UserUtils.getUser().getId());
+										cfg.setAuditTime(date);
+										if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
+											cfg.setGroupId(groupIds.get(ind));
+										}
+										if(regionIds!=null&&regionIds.size()==_ipPortCfgs.size()) {
+											cfg.setRegionId(regionIds.get(ind));
+										}
+										if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
+											if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
+												cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
+											}
+											if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
+												cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
+											}
+										}
+									}else {
+										cfg.setIsAudit(Constants.AUDIT_NOT_YET);
+										cfg.setIsValid(Constants.VALID_NO);
+									}
+									cfg.setIsAreaEffective(0);
+									cfg.setLable("0");
+									cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
+									cfg.setAttribute(attribute);
+									cfg.setClassify(classify);
+									cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId());
+									cfg.setTableName("ip_port_cfg");
+									if(compileIds.size()==_ipPortCfgs.size()) {
+										cfg.setCompileId(compileIds.get(ind));
+									}
+									
+									// 保存IP仿冒池
+									PxyObjSpoofingIpPool spoofingPool = new PxyObjSpoofingIpPool();
+									spoofingPool.setIpType(4);//ipv4
+									spoofingPool.setIpAddress(cfg.getUserRegion2());//仿冒IP
+									spoofingPool.setProtocol(0);
+									if("dnat".equals(cfg.getUserRegion1().toLowerCase())){//spoofing server ip->dnat
+										spoofingPool.setDirection(1);
+									}else{
+										spoofingPool.setDirection(2);//spoofing client ip->snat
+									}
+									spoofingPool.setPort("0");
+									spoofingPool.setUserRegion("0");
+									spoofingPool.setLocation(0);
+									spoofingPool.setServiceId(642);
+									spoofingPool.setAreaEffectiveIds("0");
+									spoofingPool.setIsAreaEffective(0);
+									spoofingPool.setCreateTime(date);
+									spoofingPool.setCreatorId(UserUtils.getUser().getId());
+									if(spoofingPoolIds.size()==_ipPortCfgs.size()) {
+										spoofingPool.setCompileId(spoofingPoolIds.get(ind));
+									}
+									spoofingPool.setAction(1);
+									spoofingPool.setFunctionId(666);
+									spoofingPool.setRequestId(0);
+									if(isSend.equals("1")) {
+										spoofingPool.setIsAudit(Constants.AUDIT_YES);
+										spoofingPool.setIsValid(Constants.VALID_YES);
+										spoofingPool.setAuditorId(UserUtils.getUser().getId());
+										spoofingPool.setAuditTime(date);
+										
+									}else {
+										spoofingPool.setIsValid(Constants.VALID_NO);
+										spoofingPool.setIsAudit(Constants.AUDIT_NOT_YET);
+										
+									}
+									pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置
+									cfg.setUserRegion3(String.valueOf(spoofingPool.getCfgId()));//将仿冒IP池配置ID作为策略组ID
+									
+									if(isSend.equals("1")) {
+										PxyObjSpoofingIpPool pool=new PxyObjSpoofingIpPool();
+										pool.setCfgId(Long.valueOf(cfg.getUserRegion3()));
+										pool.setIsValid(cfg.getIsValid());
+										pool.setIsAudit(cfg.getIsAudit());
+										pool.setAuditorId(UserUtils.getUser().getId());
+										pool.setAuditTime(date);
+										pxyObjSpoofingIpPoolDao.update(pool);
+										
+										spoofingPool.setAreaEffectiveIds("0");
+										spoofingPool.setGroupId(spoofingPool.getCfgId().intValue());
+										spoofingPools.add(spoofingPool);
+									}
+									
+									CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
+									BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"});
+									cfgIndexInfos.add(cfgIndexInfo);
+									
+									ind++;
+								}
+								if(isSend.equals("1") && spoofingPools.size()>0) {
+									pxyObjSpoofingIpPoolService.auditSpoofingPool(spoofingPools);
+								}
+								ipCfgService.saveAndSend(regionDict, serviceDict, specificServiceCfg, _ipPortCfgs, cfgIndexInfos, appPolicyCfgs,appFeatureIndexs,asnNoMaps,isSend.equals("1"));
+								cfgIndexInfos.clear();
+								appPolicyCfgs.clear();
+								_ipPortCfgs.clear();
+							}
 						}else {
 							List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
 							while(!ipPortCfgs.isEmpty()) {
@@ -2297,6 +2444,8 @@ public class BaseController {
 				}
 			} else if(regionDict.getFunctionId().equals(3)) { // IP白名单
 				ei.loadInitParams(IpWhitelistTemplate.class, msgProp, regionDict, serviceDict);
+			} else if(regionDict.getFunctionId().equals(214)) { // IpSpoofing
+				ei.loadInitParams(IpSpoofingTemplate.class, msgProp, regionDict, serviceDict);
 			} else {
 				ei.loadInitParams(IpAllTemplate.class, msgProp, regionDict, serviceDict);
 			}

src/main/java/com/nis/web/controller/configuration/ntc/IpController.java

@@ -58,6 +58,7 @@ import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
 import com.nis.domain.configuration.template.IpAllTemplate;
 import com.nis.domain.configuration.template.IpPayloadTemplate;
 import com.nis.domain.configuration.template.IpRateLimitTemplate;
+import com.nis.domain.configuration.template.IpSpoofingTemplate;
 import com.nis.domain.configuration.template.IpWhitelistTemplate;
 import com.nis.domain.configuration.template.P2pHashStringTemplate;
 import com.nis.domain.configuration.template.P2pIpTemplate;
@@ -417,6 +418,11 @@ public class IpController extends BaseController{
 					excel.setDataList(pro,classList,null).
 			    	write(request,response, fileName).dispose();
 				}
+			}else if(regionDict.getFunctionId().equals(214)){// IpSpoofing
+				List<IpSpoofingTemplate> classList=new ArrayList<IpSpoofingTemplate>();
+				ExportExcel excel=new ExportExcel(serviceDict,regionDict,this.getMsgProp(),null, IpSpoofingTemplate.class, 2);
+				excel.setDataList(pro,classList,null).
+		    	write(request,response, fileName).dispose();
 			}else{
 				List<IpAllTemplate> classList=new ArrayList<IpAllTemplate>();
 				ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpAllTemplate.class, 2);

src/main/java/com/nis/web/dao/configuration/PxyObjSpoofingIpPoolDao.xml

@@ -180,8 +180,8 @@
     )values (
    		#{cfgDesc,jdbcType=VARCHAR},
    		#{action,jdbcType=INTEGER}, 
-    	0,
+   		#{isValid,jdbcType=INTEGER},
-    	0,
+   		#{isAudit,jdbcType=INTEGER},
     	#{creatorId,jdbcType=INTEGER}, 
    		#{createTime,jdbcType=TIMESTAMP},
    		#{editorId,jdbcType=INTEGER},

src/main/java/com/nis/web/service/BaseService.java

@@ -2488,6 +2488,9 @@ public abstract class BaseService {
 									maatCfg.setUserRegion(userRegion);
 								}else if(regionDict.getFunctionId()==563 || regionDict.getFunctionId()==565 || regionDict.getFunctionId()==566) {// APP Payload、HTTP、SSL Admin
 									maatCfg.setUserRegion(Constants.APP_ID_REGION+"="+_cfg.getAppCode());
+								}else if(regionDict.getFunctionId()==214) {
+									String userRegion="nat_type="+_cfg.getUserRegion1()+";spoofing_ip_pool="+_cfg.getUserRegion3();
+									maatCfg.setUserRegion(userRegion);
 								}
 								
 			                	configCompileList.add(maatCfg);

src/main/java/com/nis/web/service/configuration/InterceptCfgService.java

@@ -149,6 +149,8 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
 				spoofingPool.setCreatorId(UserUtils.getUser().getId());
 				spoofingPool.setCompileId(spoofingPoolId);
 				spoofingPool.setAction(1);
+				spoofingPool.setIsValid(0);
+				spoofingPool.setIsAudit(0);
 				spoofingPool.setFunctionId(666);
 				spoofingPool.setRequestId(0);
 				pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置

src/main/java/com/nis/web/service/configuration/PxyObjSpoofingIpPoolService.java

@@ -269,6 +269,31 @@ public class PxyObjSpoofingIpPoolService extends BaseService{
 		return gsonToJson(rangeCfg);
 		
 	}
+	
+	/**
+	 * IP Spoofing配置导入时 下发仿冒IP池配置
+	 * @param spoofingPools
+	 */
+	public void auditSpoofingPool(List<PxyObjSpoofingIpPool> spoofingPools) {
+		//调用服务接口下发配置数据
+		String json=gsonToJson(spoofingPools);
+		if(spoofingPools.size()>10) {
+			logger.info("欺骗IP池配置下发配置条数：" + spoofingPools.size());
+		}else {
+			logger.info("欺骗IP池配置下发配置参数：" + json);
+		}
+		//调用服务接口下发配置
+		try {
+			ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
+			if(result!=null){
+				logger.info("欺骗IP池配置下发响应信息："+result.getMsg());
+			}
+		} catch (Exception e) {
+			logger.error("欺骗IP池配置配置下发失败",e);
+			throw e;
+		}
+		
+	}
 }
 	
 	

src/main/resources/sql/20190115/update_function_dicts.sql

@@ -0,0 +1,3 @@
+-- IP Spoofing Import
+UPDATE function_region_dict SET is_import = 1,config_protocol = '6,17' WHERE function_id = 214;
+UPDATE function_service_dict SET is_import = 1 WHERE function_id = 214;