IP Spoofing增加配置导入功能.
This commit is contained in:
zhangwenqing
@@ -0,0 +1,31 @@
|
||||
package com.nis.domain.configuration.template;
|
||||
|
||||
import com.nis.util.excel.ExcelField;
|
||||
|
||||
/**
|
||||
* EXCEL IpSpoofing 导入模板
|
||||
* @author dell
|
||||
*
|
||||
*/
|
||||
public class IpSpoofingTemplate extends IpAllTemplate{
|
||||
|
||||
private String userRegion1;
|
||||
private String userRegion2;
|
||||
|
||||
@ExcelField(title="spoofing",dictType="SPOOFING_IP_TYPE",align=2,sort=3)
|
||||
public String getUserRegion1() {
|
||||
return userRegion1;
|
||||
}
|
||||
public void setUserRegion1(String userRegion1) {
|
||||
this.userRegion1 = userRegion1;
|
||||
}
|
||||
|
||||
@ExcelField(title="With",align=2,sort=4)
|
||||
public String getUserRegion2() {
|
||||
return userRegion2;
|
||||
}
|
||||
public void setUserRegion2(String userRegion2) {
|
||||
this.userRegion2 = userRegion2;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -523,6 +523,37 @@ public class ExportExcel {
|
||||
}
|
||||
}
|
||||
|
||||
/** Ip Spoofing **/
|
||||
if("spoofing".equals(headerStr) && (region.getFunctionId().equals(214))){
|
||||
commentStr="";
|
||||
List<SysDataDictionaryItem> dict=DictUtils.getDictList("SPOOFING_IP_TYPE");
|
||||
if(dict !=null && dict.size()>0){
|
||||
for (SysDataDictionaryItem sysDataDictionaryItem : dict) {
|
||||
commentStr=commentStr+sysDataDictionaryItem.getItemCode()+"("+msgProp.getProperty(sysDataDictionaryItem.getItemValue(),sysDataDictionaryItem.getItemValue())+")\n";
|
||||
index++;
|
||||
}
|
||||
defaultValue=dict.get(0).getItemCode();
|
||||
}
|
||||
commentStr=msgProp.getProperty("select")+":\n"+commentStr;
|
||||
index++;
|
||||
index++;
|
||||
commentStr=commentStr+"\n"+msgProp.getProperty("rule_desc_tip")+":\n";
|
||||
index++;
|
||||
if(!StringUtil.isEmpty(defaultValue)){
|
||||
//1、默认值说明
|
||||
commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
|
||||
index++;
|
||||
index++;
|
||||
}
|
||||
}
|
||||
if(("With".equals(headerStr)) && (region.getFunctionId().equals(214))){
|
||||
commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
|
||||
index++;
|
||||
//1、非空
|
||||
commentStr=commentStr+"▶"+msgProp.getProperty("required")+"\n";
|
||||
index++;
|
||||
}
|
||||
|
||||
if(region.getRegionType().equals(1)){//IP配置
|
||||
//ip配置需要导入的信息:srcIp srcPort destIp destPort Protocol Direction
|
||||
//确定需要导入的srcIp srcPort destIp destPort信息
|
||||
|
||||
@@ -521,6 +521,38 @@ public class CheckIpFormatThread implements Callable<String>{
|
||||
}
|
||||
}
|
||||
|
||||
// IpSpoofing
|
||||
if (regionDict.getFunctionId().equals(214)) {
|
||||
List<SysDataDictionaryItem> dicts = DictUtils.getDictList("SPOOFING_IP_TYPE");
|
||||
if(StringUtils.isBlank(baseIpCfg.getUserRegion1())) {
|
||||
baseIpCfg.setUserRegion1(dicts.get(0).getItemCode());
|
||||
}
|
||||
String userRegion1 = baseIpCfg.getUserRegion1(); // SpooFing
|
||||
String userRegion2 = baseIpCfg.getUserRegion2(); // With
|
||||
if (StringUtils.isNotBlank(userRegion1)) {
|
||||
boolean has = false;
|
||||
for (SysDataDictionaryItem dict : dicts) {
|
||||
if (dict.getItemCode().equals(userRegion1)) {
|
||||
has = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!has) {
|
||||
errInfo.append(String.format(prop.getProperty("is_incorrect"),prop.getProperty("spoofing") + " ") + ";");
|
||||
}
|
||||
}
|
||||
String errMsg = null == prop.getProperty("With")?"With ":prop.getProperty("With");
|
||||
if(StringUtils.isBlank(userRegion2)) {
|
||||
errInfo.append(
|
||||
String.format(prop.getProperty("can_not_null"),errMsg + " ") + ";");
|
||||
}else {
|
||||
String regex = "^((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$";
|
||||
if(!userRegion2.matches(regex)) {
|
||||
errInfo.append(String.format(prop.getProperty("is_in_wrong_format"),errMsg +" ") + ";");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (regionDict.getRegionType().equals(1)) {
|
||||
boolean srcIpEmpty = false;
|
||||
boolean destIpEmpty = false;
|
||||
|
||||
@@ -73,6 +73,7 @@ import com.nis.domain.configuration.DnsResStrategy;
|
||||
import com.nis.domain.configuration.FileDigestCfg;
|
||||
import com.nis.domain.configuration.IpPortCfg;
|
||||
import com.nis.domain.configuration.PxyObjKeyring;
|
||||
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
|
||||
import com.nis.domain.configuration.PxyObjTrustedCaCert;
|
||||
import com.nis.domain.configuration.PxyObjTrustedCaCrl;
|
||||
import com.nis.domain.configuration.RequestInfo;
|
||||
@@ -104,6 +105,7 @@ import com.nis.domain.configuration.template.IpAllTemplate;
|
||||
import com.nis.domain.configuration.template.IpCfgTemplate;
|
||||
import com.nis.domain.configuration.template.IpPayloadTemplate;
|
||||
import com.nis.domain.configuration.template.IpRateLimitTemplate;
|
||||
import com.nis.domain.configuration.template.IpSpoofingTemplate;
|
||||
import com.nis.domain.configuration.template.IpWhitelistTemplate;
|
||||
import com.nis.domain.configuration.template.P2pHashStringTemplate;
|
||||
import com.nis.domain.configuration.template.P2pIpTemplate;
|
||||
@@ -120,6 +122,7 @@ import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
|
||||
import com.nis.domain.maat.MaatCfg.StringCfg;
|
||||
import com.nis.domain.report.NtcPzReport;
|
||||
import com.nis.domain.maat.ToMaatBean;
|
||||
import com.nis.domain.maat.ToMaatResult;
|
||||
import com.nis.domain.specific.ConfigGroupInfo;
|
||||
import com.nis.domain.specific.SpecificServiceCfg;
|
||||
import com.nis.exceptions.MaatConvertException;
|
||||
@@ -142,6 +145,7 @@ import com.nis.util.excel.thread.CheckDnsResStrategyFormatThread;
|
||||
import com.nis.util.excel.thread.CheckIpFormatThread;
|
||||
import com.nis.util.excel.thread.CheckStringFormatThread;
|
||||
import com.nis.util.excel.thread.CheckTopicWebsiteFormatThread;
|
||||
import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
|
||||
import com.nis.web.security.UserUtils;
|
||||
import com.nis.web.service.ArchiveServcie;
|
||||
import com.nis.web.service.AreaService;
|
||||
@@ -151,6 +155,7 @@ import com.nis.web.service.LogService;
|
||||
import com.nis.web.service.MenuService;
|
||||
import com.nis.web.service.OfficeService;
|
||||
import com.nis.web.service.RoleService;
|
||||
import com.nis.web.service.SpringContextHolder;
|
||||
import com.nis.web.service.SystemService;
|
||||
import com.nis.web.service.UserService;
|
||||
import com.nis.web.service.basics.AsnGroupInfoService;
|
||||
@@ -1435,6 +1440,9 @@ public class BaseController {
|
||||
}else if(regionDict.getFunctionId().equals(3)) { // IP白名单
|
||||
BlockingQueue<IpWhitelistTemplate> list = ei.getDataList(IpWhitelistTemplate.class );
|
||||
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
|
||||
}else if(regionDict.getFunctionId().equals(214)) { // IpSpoofing
|
||||
BlockingQueue<IpSpoofingTemplate> list = ei.getDataList(IpSpoofingTemplate.class );
|
||||
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict,null,asnGroupInfos, list);
|
||||
}else {
|
||||
BlockingQueue<IpAllTemplate> list = ei.getDataList(IpAllTemplate.class );
|
||||
ipPortCfgs=this.checkIpCfgMulity(errTip,serviceDict, regionDict, null,asnGroupInfos, list);
|
||||
@@ -1627,6 +1635,145 @@ public class BaseController {
|
||||
_ipPortCfgs.clear();
|
||||
asnIpCfgs.clear();
|
||||
}
|
||||
}else if(regionDict.getFunctionId().intValue()==214) { // IpSpoofing
|
||||
List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
|
||||
while(!ipPortCfgs.isEmpty()) {
|
||||
ipPortCfgs.drainTo(_ipPortCfgs, Constants.MAAT_JSON_SEND_SIZE);
|
||||
List<Integer> compileIds=Lists.newArrayList();
|
||||
List<Integer> spoofingPoolIds=Lists.newArrayList();
|
||||
List<Integer> regionIds=Lists.newArrayList();
|
||||
List<Integer> groupIds=Lists.newArrayList();
|
||||
List<Integer> numRegionGroupIds=Lists.newArrayList();
|
||||
List<Integer> numRegionRegionIds=Lists.newArrayList();
|
||||
List<PxyObjSpoofingIpPool> spoofingPools = new ArrayList<PxyObjSpoofingIpPool>();
|
||||
PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao = SpringContextHolder.getBean(PxyObjSpoofingIpPoolDao.class);
|
||||
PxyObjSpoofingIpPoolService pxyObjSpoofingIpPoolService = SpringContextHolder.getBean(PxyObjSpoofingIpPoolService.class);
|
||||
try {
|
||||
compileIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
|
||||
spoofingPoolIds = ConfigServiceUtil.getId(1,_ipPortCfgs.size());
|
||||
if(isSend.equals("1")) {
|
||||
groupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
|
||||
regionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
|
||||
//需要获取数值域的id
|
||||
if(serviceDict!=null&&serviceDict.getProtocolId()!=null&&serviceDict.getProtocolId()>0) {
|
||||
numRegionGroupIds = ConfigServiceUtil.getId(2,_ipPortCfgs.size());
|
||||
numRegionRegionIds = ConfigServiceUtil.getId(3,_ipPortCfgs.size());
|
||||
}
|
||||
}
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
logger.info("获取编译ID出错");
|
||||
throw new MaatConvertException("<spring:message code=\"request_service_failed\"/>:"+e.getMessage());
|
||||
}
|
||||
|
||||
int ind=0;
|
||||
for (BaseIpCfg cfg : _ipPortCfgs) {
|
||||
cfg.setAction(serviceDict==null?null:serviceDict.getAction());
|
||||
cfg.setCfgRegionCode(regionDict.getConfigRegionCode());
|
||||
cfg.setCfgType(regionDict.getConfigRegionValue());
|
||||
cfg.setCreateTime(date);
|
||||
cfg.setCreatorId(UserUtils.getUser().getId());
|
||||
cfg.setFunctionId(regionDict.getFunctionId());
|
||||
if(isSend.equals("1")) {
|
||||
cfg.setIsAudit(Constants.AUDIT_YES);
|
||||
cfg.setIsValid(Constants.VALID_YES);
|
||||
cfg.setAuditorId(UserUtils.getUser().getId());
|
||||
cfg.setAuditTime(date);
|
||||
if(groupIds!=null&&groupIds.size()==_ipPortCfgs.size()) {
|
||||
cfg.setGroupId(groupIds.get(ind));
|
||||
}
|
||||
if(regionIds!=null&®ionIds.size()==_ipPortCfgs.size()) {
|
||||
cfg.setRegionId(regionIds.get(ind));
|
||||
}
|
||||
if(serviceDict!=null&&serviceDict.getProtocolId()!=null) {
|
||||
if(numRegionGroupIds!=null&&numRegionGroupIds.size()==_ipPortCfgs.size()) {
|
||||
cfg.setNumberRegionGroupId(numRegionGroupIds.get(ind));
|
||||
}
|
||||
if(numRegionRegionIds!=null&&numRegionRegionIds.size()==_ipPortCfgs.size()) {
|
||||
cfg.setNumberRegionRegionId(numRegionRegionIds.get(ind));
|
||||
}
|
||||
}
|
||||
}else {
|
||||
cfg.setIsAudit(Constants.AUDIT_NOT_YET);
|
||||
cfg.setIsValid(Constants.VALID_NO);
|
||||
}
|
||||
cfg.setIsAreaEffective(0);
|
||||
cfg.setLable("0");
|
||||
cfg.setRequestId(StringUtil.isEmpty(requestId) ? 0 : requestId);
|
||||
cfg.setAttribute(attribute);
|
||||
cfg.setClassify(classify);
|
||||
cfg.setServiceId(serviceDict==null?null:serviceDict.getServiceId());
|
||||
cfg.setTableName("ip_port_cfg");
|
||||
if(compileIds.size()==_ipPortCfgs.size()) {
|
||||
cfg.setCompileId(compileIds.get(ind));
|
||||
}
|
||||
|
||||
// 保存IP仿冒池
|
||||
PxyObjSpoofingIpPool spoofingPool = new PxyObjSpoofingIpPool();
|
||||
spoofingPool.setIpType(4);//ipv4
|
||||
spoofingPool.setIpAddress(cfg.getUserRegion2());//仿冒IP
|
||||
spoofingPool.setProtocol(0);
|
||||
if("dnat".equals(cfg.getUserRegion1().toLowerCase())){//spoofing server ip->dnat
|
||||
spoofingPool.setDirection(1);
|
||||
}else{
|
||||
spoofingPool.setDirection(2);//spoofing client ip->snat
|
||||
}
|
||||
spoofingPool.setPort("0");
|
||||
spoofingPool.setUserRegion("0");
|
||||
spoofingPool.setLocation(0);
|
||||
spoofingPool.setServiceId(642);
|
||||
spoofingPool.setAreaEffectiveIds("0");
|
||||
spoofingPool.setIsAreaEffective(0);
|
||||
spoofingPool.setCreateTime(date);
|
||||
spoofingPool.setCreatorId(UserUtils.getUser().getId());
|
||||
if(spoofingPoolIds.size()==_ipPortCfgs.size()) {
|
||||
spoofingPool.setCompileId(spoofingPoolIds.get(ind));
|
||||
}
|
||||
spoofingPool.setAction(1);
|
||||
spoofingPool.setFunctionId(666);
|
||||
spoofingPool.setRequestId(0);
|
||||
if(isSend.equals("1")) {
|
||||
spoofingPool.setIsAudit(Constants.AUDIT_YES);
|
||||
spoofingPool.setIsValid(Constants.VALID_YES);
|
||||
spoofingPool.setAuditorId(UserUtils.getUser().getId());
|
||||
spoofingPool.setAuditTime(date);
|
||||
|
||||
}else {
|
||||
spoofingPool.setIsValid(Constants.VALID_NO);
|
||||
spoofingPool.setIsAudit(Constants.AUDIT_NOT_YET);
|
||||
|
||||
}
|
||||
pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置
|
||||
cfg.setUserRegion3(String.valueOf(spoofingPool.getCfgId()));//将仿冒IP池配置ID作为策略组ID
|
||||
|
||||
if(isSend.equals("1")) {
|
||||
PxyObjSpoofingIpPool pool=new PxyObjSpoofingIpPool();
|
||||
pool.setCfgId(Long.valueOf(cfg.getUserRegion3()));
|
||||
pool.setIsValid(cfg.getIsValid());
|
||||
pool.setIsAudit(cfg.getIsAudit());
|
||||
pool.setAuditorId(UserUtils.getUser().getId());
|
||||
pool.setAuditTime(date);
|
||||
pxyObjSpoofingIpPoolDao.update(pool);
|
||||
|
||||
spoofingPool.setAreaEffectiveIds("0");
|
||||
spoofingPool.setGroupId(spoofingPool.getCfgId().intValue());
|
||||
spoofingPools.add(spoofingPool);
|
||||
}
|
||||
|
||||
CfgIndexInfo cfgIndexInfo = new CfgIndexInfo();
|
||||
BeanUtils.copyProperties(cfg, cfgIndexInfo,new String[] {"cfgId"});
|
||||
cfgIndexInfos.add(cfgIndexInfo);
|
||||
|
||||
ind++;
|
||||
}
|
||||
if(isSend.equals("1") && spoofingPools.size()>0) {
|
||||
pxyObjSpoofingIpPoolService.auditSpoofingPool(spoofingPools);
|
||||
}
|
||||
ipCfgService.saveAndSend(regionDict, serviceDict, specificServiceCfg, _ipPortCfgs, cfgIndexInfos, appPolicyCfgs,appFeatureIndexs,asnNoMaps,isSend.equals("1"));
|
||||
cfgIndexInfos.clear();
|
||||
appPolicyCfgs.clear();
|
||||
_ipPortCfgs.clear();
|
||||
}
|
||||
}else {
|
||||
List<BaseIpCfg> _ipPortCfgs=Lists.newArrayList(Constants.MAAT_JSON_SEND_SIZE);
|
||||
while(!ipPortCfgs.isEmpty()) {
|
||||
@@ -2297,6 +2444,8 @@ public class BaseController {
|
||||
}
|
||||
} else if(regionDict.getFunctionId().equals(3)) { // IP白名单
|
||||
ei.loadInitParams(IpWhitelistTemplate.class, msgProp, regionDict, serviceDict);
|
||||
} else if(regionDict.getFunctionId().equals(214)) { // IpSpoofing
|
||||
ei.loadInitParams(IpSpoofingTemplate.class, msgProp, regionDict, serviceDict);
|
||||
} else {
|
||||
ei.loadInitParams(IpAllTemplate.class, msgProp, regionDict, serviceDict);
|
||||
}
|
||||
|
||||
@@ -58,6 +58,7 @@ import com.nis.domain.configuration.template.IpAllNotDoLogTemplate;
|
||||
import com.nis.domain.configuration.template.IpAllTemplate;
|
||||
import com.nis.domain.configuration.template.IpPayloadTemplate;
|
||||
import com.nis.domain.configuration.template.IpRateLimitTemplate;
|
||||
import com.nis.domain.configuration.template.IpSpoofingTemplate;
|
||||
import com.nis.domain.configuration.template.IpWhitelistTemplate;
|
||||
import com.nis.domain.configuration.template.P2pHashStringTemplate;
|
||||
import com.nis.domain.configuration.template.P2pIpTemplate;
|
||||
@@ -417,6 +418,11 @@ public class IpController extends BaseController{
|
||||
excel.setDataList(pro,classList,null).
|
||||
write(request,response, fileName).dispose();
|
||||
}
|
||||
}else if(regionDict.getFunctionId().equals(214)){// IpSpoofing
|
||||
List<IpSpoofingTemplate> classList=new ArrayList<IpSpoofingTemplate>();
|
||||
ExportExcel excel=new ExportExcel(serviceDict,regionDict,this.getMsgProp(),null, IpSpoofingTemplate.class, 2);
|
||||
excel.setDataList(pro,classList,null).
|
||||
write(request,response, fileName).dispose();
|
||||
}else{
|
||||
List<IpAllTemplate> classList=new ArrayList<IpAllTemplate>();
|
||||
ExportExcel excel=new ExportExcel(serviceDict,regionDict,pro,null, IpAllTemplate.class, 2);
|
||||
|
||||
@@ -180,8 +180,8 @@
|
||||
)values (
|
||||
#{cfgDesc,jdbcType=VARCHAR},
|
||||
#{action,jdbcType=INTEGER},
|
||||
0,
|
||||
0,
|
||||
#{isValid,jdbcType=INTEGER},
|
||||
#{isAudit,jdbcType=INTEGER},
|
||||
#{creatorId,jdbcType=INTEGER},
|
||||
#{createTime,jdbcType=TIMESTAMP},
|
||||
#{editorId,jdbcType=INTEGER},
|
||||
|
||||
@@ -2488,6 +2488,9 @@ public abstract class BaseService {
|
||||
maatCfg.setUserRegion(userRegion);
|
||||
}else if(regionDict.getFunctionId()==563 || regionDict.getFunctionId()==565 || regionDict.getFunctionId()==566) {// APP Payload、HTTP、SSL Admin
|
||||
maatCfg.setUserRegion(Constants.APP_ID_REGION+"="+_cfg.getAppCode());
|
||||
}else if(regionDict.getFunctionId()==214) {
|
||||
String userRegion="nat_type="+_cfg.getUserRegion1()+";spoofing_ip_pool="+_cfg.getUserRegion3();
|
||||
maatCfg.setUserRegion(userRegion);
|
||||
}
|
||||
|
||||
configCompileList.add(maatCfg);
|
||||
|
||||
@@ -149,6 +149,8 @@ public class InterceptCfgService extends CrudService<WebsiteCfgDao,CfgIndexInfo>
|
||||
spoofingPool.setCreatorId(UserUtils.getUser().getId());
|
||||
spoofingPool.setCompileId(spoofingPoolId);
|
||||
spoofingPool.setAction(1);
|
||||
spoofingPool.setIsValid(0);
|
||||
spoofingPool.setIsAudit(0);
|
||||
spoofingPool.setFunctionId(666);
|
||||
spoofingPool.setRequestId(0);
|
||||
pxyObjSpoofingIpPoolDao.insert(spoofingPool);//保存仿冒IP池配置
|
||||
|
||||
@@ -269,6 +269,31 @@ public class PxyObjSpoofingIpPoolService extends BaseService{
|
||||
return gsonToJson(rangeCfg);
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* IP Spoofing配置导入时 下发仿冒IP池配置
|
||||
* @param spoofingPools
|
||||
*/
|
||||
public void auditSpoofingPool(List<PxyObjSpoofingIpPool> spoofingPools) {
|
||||
//调用服务接口下发配置数据
|
||||
String json=gsonToJson(spoofingPools);
|
||||
if(spoofingPools.size()>10) {
|
||||
logger.info("欺骗IP池配置下发配置条数:" + spoofingPools.size());
|
||||
}else {
|
||||
logger.info("欺骗IP池配置下发配置参数:" + json);
|
||||
}
|
||||
//调用服务接口下发配置
|
||||
try {
|
||||
ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
|
||||
if(result!=null){
|
||||
logger.info("欺骗IP池配置下发响应信息:"+result.getMsg());
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error("欺骗IP池配置配置下发失败",e);
|
||||
throw e;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,3 @@
|
||||
-- IP Spoofing Import
|
||||
UPDATE function_region_dict SET is_import = 1,config_protocol = '6,17' WHERE function_id = 214;
|
||||
UPDATE function_service_dict SET is_import = 1 WHERE function_id = 214;
|
||||
Reference in New Issue
Block a user