From e9bb74d9fd1248a9d0d20372da90e630c2983809 Mon Sep 17 00:00:00 2001
From: wangwei <wangwei@nismail.iie.ac.cn>
Date: Tue, 28 May 2019 13:36:36 +0800
Subject: [PATCH] =?UTF-8?q?=E6=8B=A6=E6=88=AA=E7=AD=96=E7=95=A5=E6=96=B0?=
 =?UTF-8?q?=E5=A2=9Eallow=5Fhttp2?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../nis/domain/configuration/BaseIpCfg.java   |  8 ++++++++
 .../domain/configuration/BaseStringCfg.java   |  7 +++++++
 .../domain/configuration/PxyInterceptCfg.java | 12 ++++++++++--
 .../template/InterceptDomainTemplate.java     | 13 +++++++++++--
 .../template/InterceptIpTemplate.java         | 13 +++++++++++--
 .../java/com/nis/util/excel/ExportExcel.java  | 19 +++++++++++++++++++
 .../excel/thread/CheckIpFormatThread.java     | 12 ++++++++++++
 .../excel/thread/CheckStringFormatThread.java | 12 ++++++++++++
 .../proxy/InterceptController.java            | 10 ++++++++++
 .../resources/messages/message_en.properties  |  1 +
 .../resources/messages/message_ru.properties  |  1 +
 .../messages/message_zh_CN.properties         |  1 +
 .../views/cfg/intercept/interceptForm.jsp     | 14 ++++++++++++++
 .../views/cfg/intercept/interceptList.jsp     |  3 +++
 14 files changed, 120 insertions(+), 6 deletions(-)

diff --git a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
index f77938551..7a997f38c 100644
--- a/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
+++ b/src/main/java/com/nis/domain/configuration/BaseIpCfg.java
@@ -413,6 +413,7 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
 	protected String min;
 	protected String max;
 	protected Integer mirrorClient;
+	protected Integer allowHttp2;
 	protected Integer enable;
 	protected Integer mirrorProfile;
 
@@ -494,6 +495,13 @@ public class BaseIpCfg extends BaseCfg<BaseIpCfg> {
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
+	
+	public Integer getAllowHttp2() {
+		return allowHttp2;
+	}
+	public void setAllowHttp2(Integer allowHttp2) {
+		this.allowHttp2 = allowHttp2;
+	}
 	public Integer getEnable() {
 		return enable;
 	}
diff --git a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
index bd483e840..e574328d5 100644
--- a/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
+++ b/src/main/java/com/nis/domain/configuration/BaseStringCfg.java
@@ -295,6 +295,7 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
 	protected String min;
 	protected String max;
 	protected Integer mirrorClient;
+	protected Integer allowHttp2;
 	protected Integer enable;
 	protected Integer mirrorProfile;
 
@@ -375,6 +376,12 @@ public class BaseStringCfg<T> extends BaseCfg<T> {
 	}
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
+	}	
+	public Integer getAllowHttp2() {
+		return allowHttp2;
+	}
+	public void setAllowHttp2(Integer allowHttp2) {
+		this.allowHttp2 = allowHttp2;
 	}
 	public Integer getEnable() {
 		return enable;
diff --git a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
index 3ff381ad3..10bb84172 100644
--- a/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
+++ b/src/main/java/com/nis/domain/configuration/PxyInterceptCfg.java
@@ -34,9 +34,11 @@ public class PxyInterceptCfg extends CfgIndexInfo {
 	private String max;
 	@ExcelField(title="ssl_ver_mirror_client",dictType="SYS_YES_NO",sort=20)
 	private String mirrorClient;
-	@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=21)
+	@ExcelField(title="ssl_ver_allow_http2",dictType="SYS_YES_NO",sort=21)
+	private String allowHttp2;
+	@ExcelField(title="decrypt_mirror_enable",dictType="SYS_YES_NO",sort=22)
 	private String enable;
-	@ExcelField(title="decrypt_mirror_mirror_profile",sort=22)
+	@ExcelField(title="decrypt_mirror_mirror_profile",sort=23)
 	private String mirrorProfile;
 	private String userRegion1;
 	private String userRegion2;
@@ -120,6 +122,12 @@ public class PxyInterceptCfg extends CfgIndexInfo {
 	}
 	public void setMirrorClient(String mirrorClient) {
 		this.mirrorClient = mirrorClient;
+	}	
+	public String getAllowHttp2() {
+		return allowHttp2;
+	}
+	public void setAllowHttp2(String allowHttp2) {
+		this.allowHttp2 = allowHttp2;
 	}
 	public String getEnable() {
 		return enable;
diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
index a8a14ba3d..aee4be801 100644
--- a/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
+++ b/src/main/java/com/nis/domain/configuration/template/InterceptDomainTemplate.java
@@ -29,6 +29,8 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
 	
 	private Integer mirrorClient;
 	
+	private Integer allowHttp2;
+	
 	private Integer enable;
 	
 	private Integer mirrorProfile;
@@ -124,14 +126,21 @@ public class InterceptDomainTemplate extends StringAllNotDoLogTemplate {
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
-	@ExcelField(title="decrypt_mirror_enable",align=2,sort=30)
+	@ExcelField(title="ssl_ver_allow_http2",align=2,sort=30)
+	public Integer getAllowHttp2() {
+		return allowHttp2;
+	}
+	public void setAllowHttp2(Integer allowHttp2) {
+		this.allowHttp2 = allowHttp2;
+	}
+	@ExcelField(title="decrypt_mirror_enable",align=2,sort=31)
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
-	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31)
+	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32)
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
diff --git a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
index a25ecf788..f4ac838ae 100644
--- a/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
+++ b/src/main/java/com/nis/domain/configuration/template/InterceptIpTemplate.java
@@ -30,6 +30,8 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
 	
 	private Integer mirrorClient;
 	
+	private Integer allowHttp2;
+	
 	private Integer enable;
 	
 	private Integer mirrorProfile;
@@ -125,14 +127,21 @@ public class InterceptIpTemplate extends IpAllNotDoLogTemplate {
 	public void setMirrorClient(Integer mirrorClient) {
 		this.mirrorClient = mirrorClient;
 	}
-	@ExcelField(title="decrypt_mirror_enable",align=2,sort=30)
+	@ExcelField(title="ssl_ver_allow_http2",align=2,sort=30)
+	public Integer getAllowHttp2() {
+		return allowHttp2;
+	}
+	public void setAllowHttp2(Integer allowHttp2) {
+		this.allowHttp2 = allowHttp2;
+	}
+	@ExcelField(title="decrypt_mirror_enable",align=2,sort=31)
 	public Integer getEnable() {
 		return enable;
 	}
 	public void setEnable(Integer enable) {
 		this.enable = enable;
 	}
-	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=31)
+	@ExcelField(title="decrypt_mirror_mirror_profile",align=2,sort=32)
 	public Integer getMirrorProfile() {
 		return mirrorProfile;
 	}
diff --git a/src/main/java/com/nis/util/excel/ExportExcel.java b/src/main/java/com/nis/util/excel/ExportExcel.java
index e0d34d868..8a8cf7282 100644
--- a/src/main/java/com/nis/util/excel/ExportExcel.java
+++ b/src/main/java/com/nis/util/excel/ExportExcel.java
@@ -896,6 +896,25 @@ public class ExportExcel {
 				index++;
 			}
 		}
+		//allow_http2
+		if("ssl_ver_allow_http2".equals(headerStr)) {
+			commentStr="";
+			defaultValue="1";
+			commentStr=msgProp.getProperty("select")+":\n"+commentStr;
+			index++;
+			commentStr+=1+"（"+msgProp.getProperty("yes")+"）\n";
+			index++;
+			commentStr+=0+"（"+msgProp.getProperty("no")+"）\n";
+			index++;
+			commentStr=commentStr+msgProp.getProperty("rule_desc_tip")+":\n";
+			index++;
+			//1、默认值说明
+			if(!StringUtil.isEmpty(defaultValue)){
+				commentStr=commentStr+"▶"+msgProp.getProperty("default_value")+":"+defaultValue+"\n";
+				index++;
+			}	
+			index++;
+		}
 		if("decrypt_mirror_enable".equals(headerStr)) {
 			commentStr="";
 			defaultValue="0";
diff --git a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
index cc604a1d6..0abfc35e6 100644
--- a/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
+++ b/src/main/java/com/nis/util/excel/thread/CheckIpFormatThread.java
@@ -579,6 +579,7 @@ public class CheckIpFormatThread implements Callable<String>{
 				String min=baseIpCfg.getMin();
 				String max=baseIpCfg.getMax();
 				Integer mirrorClient=baseIpCfg.getMirrorClient();
+				Integer allowHttp2=baseIpCfg.getAllowHttp2();
 				Integer enable=baseIpCfg.getEnable();
 				Integer mirrorProfile=baseIpCfg.getMirrorProfile();
 				Map<String,Object> userRegionMap=new HashMap<>();
@@ -726,6 +727,17 @@ public class CheckIpFormatThread implements Callable<String>{
 					if(StringUtils.isBlank(max)) {
 						max="tls13";
 					}
+					if(allowHttp2==null) {
+						allowHttp2=1;
+						map.put("allow_http2", allowHttp2);
+					}else {
+						if(allowHttp2!=0&&allowHttp2!=1) {
+							errInfo.append(String.format(prop.getProperty("is_incorrect"),
+									prop.getProperty("ssl_ver_allow_http2","SSL version allow http2") + " ") + ";");
+						}else {
+							map.put("allow_http2", allowHttp2);
+						}
+					}
 					for(SysDataDictionaryItem sslversion: sslversions) {
 						if(sslversion.getItemCode().equals(min)) {
 							minSort=sslversion.getItemSort();
diff --git a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
index a9a93bb80..3d837b281 100644
--- a/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
+++ b/src/main/java/com/nis/util/excel/thread/CheckStringFormatThread.java
@@ -527,6 +527,7 @@ public class CheckStringFormatThread implements Callable<String>{
 				String min=baseStringCfg.getMin();
 				String max=baseStringCfg.getMax();
 				Integer mirrorClient=baseStringCfg.getMirrorClient();
+				Integer allowHttp2=baseStringCfg.getAllowHttp2();
 				Integer enable=baseStringCfg.getEnable();
 				Integer mirrorProfile=baseStringCfg.getMirrorProfile();
 				Map<String,Object> userRegionMap=new HashMap<>();
@@ -674,6 +675,17 @@ public class CheckStringFormatThread implements Callable<String>{
 					if(StringUtils.isBlank(max)) {
 						max="tls13";
 					}
+					if(allowHttp2==null) {
+						allowHttp2=1;
+						map.put("allow_http2", allowHttp2);
+					}else {
+						if(allowHttp2!=0&&allowHttp2!=1) {
+							errInfo.append(String.format(prop.getProperty("is_incorrect"),
+									prop.getProperty("ssl_ver_allow_http2","SSL version allow http2") + " ") + ";");
+						}else {
+							map.put("allow_http2", allowHttp2);
+						}
+					}
 					for(SysDataDictionaryItem sslversion: sslversions) {
 						if(sslversion.getItemCode().equals(min)) {
 							minSort=sslversion.getItemSort();
diff --git a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
index 14c7ee705..f2f651774 100644
--- a/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
+++ b/src/main/java/com/nis/web/controller/configuration/proxy/InterceptController.java
@@ -198,6 +198,7 @@ public class InterceptController extends CommonController {
 				//ssl_ver
 				map=new HashMap<>();
 				String mirror_client=request.getParameter("mirror_client");
+				String allow_http2 = request.getParameter("allow_http2");				
 				String min=request.getParameter("min");
 				String max=request.getParameter("max");
 				if(StringUtils.isNotBlank(mirror_client)){
@@ -206,6 +207,12 @@ public class InterceptController extends CommonController {
 					mirror_client="0";
 					map.put("mirror_client", 0);
 				}
+				if(StringUtils.isNotBlank(allow_http2)){
+					map.put("allow_http2", Integer.parseInt(allow_http2.trim()));
+				}else {
+					allow_http2="1";
+					map.put("allow_http2", 1);
+				}
 				if("0".equals(mirror_client)) {
 					if(StringUtils.isNotBlank(min)){
 						map.put("min", min.trim());
@@ -546,6 +553,9 @@ public class InterceptController extends CommonController {
 							if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("mirror_client")) {
 								pxyInterceptCfg.setMirrorClient(((Map<String,Object>)userregion.get("ssl_ver")).get("mirror_client").toString());
 							}
+							if(((Map<String,Object>)userregion.get("ssl_ver")).containsKey("allow_http2")) {
+								pxyInterceptCfg.setAllowHttp2(((Map<String,Object>)userregion.get("ssl_ver")).get("allow_http2").toString());
+							}
 							if(((Map<String,Object>)userregion.get("decrypt_mirror")).containsKey("enable")) {
 								pxyInterceptCfg.setEnable(((Map<String,Object>)userregion.get("decrypt_mirror")).get("enable").toString());
 							}
diff --git a/src/main/resources/messages/message_en.properties b/src/main/resources/messages/message_en.properties
index e4a5e69d5..ad3809a90 100644
--- a/src/main/resources/messages/message_en.properties
+++ b/src/main/resources/messages/message_en.properties
@@ -1571,6 +1571,7 @@ approach=Approach
 cert_verify=Cert Verify
 ssl_version=SSL Version
 mirror_client=Mirror Client
+allow_http2=Allow Http2
 min=Min
 max=Max
 decrypt_mirror=Decrypt Mirror
diff --git a/src/main/resources/messages/message_ru.properties b/src/main/resources/messages/message_ru.properties
index 2f3cb9659..f125fc181 100644
--- a/src/main/resources/messages/message_ru.properties
+++ b/src/main/resources/messages/message_ru.properties
@@ -1573,6 +1573,7 @@ approach=Approach
 cert_verify=Cert Verify
 ssl_version=SSL Version
 mirror_client=Mirror Client
+allow_http2=Allow Http2
 min=Min
 max=Max
 decrypt_mirror=Decrypt Mirror
diff --git a/src/main/resources/messages/message_zh_CN.properties b/src/main/resources/messages/message_zh_CN.properties
index 1781d3326..04a8bd964 100644
--- a/src/main/resources/messages/message_zh_CN.properties
+++ b/src/main/resources/messages/message_zh_CN.properties
@@ -1571,6 +1571,7 @@ approach=\u63A5\u8FD1
 cert_verify=\u8BC1\u4E66\u9A8C\u8BC1
 ssl_version=SSL\u7248\u672C
 mirror_client=\u955C\u50CF\u5BA2\u6237\u7AEF
+allow_http2=Allow Http2
 min=\u6700\u5C0F
 max=\u6700\u5927
 decrypt_mirror=\u89E3\u5BC6\u955C\u50CF
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
index f4cdb0b0b..232d68b5a 100644
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptForm.jsp
@@ -837,6 +837,20 @@ legend{padding:.5em;border:0;width:auto;font-family: "Open Sans", sans-serif;col
 												<div for="mirror_client"></div>
 											</div>
 										</div>
+										<div class="col-md-6 ssl_version <c:if test="${_cfg.userRegion.ssl_ver.mirror_client eq 1}">hidden</c:if>"">
+											<div class="form-group">
+												<label class="control-label col-md-3">
+														<spring:message code="allow_http2" />
+												</label>
+												<div class="col-md-6">
+													<div class="bootstrap-switch">
+									            		<input type="checkbox" id="allow_http2" name="allow_http2" class="switch form-control sslVersionCheck" 									            											            		
+									            		value="${_cfg.cfgId eq null?1:_cfg.userRegion.ssl_ver.allow_http2 }"  <c:if test="${_cfg.cfgId eq null or _cfg.userRegion.ssl_ver.allow_http2 eq 1}">checked</c:if>/>
+									            	</div>
+												</div>
+												<div for="allow_http2"></div>
+											</div>
+										</div>
 									</div>
 									<div class="row ssl_version <c:if test="${_cfg.userRegion.ssl_ver.mirror_client eq 1}">hidden</c:if>">
 										<div class="col-md-6">
diff --git a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
index 88a7d15b1..b26ae6022 100644
--- a/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
+++ b/src/main/webapp/WEB-INF/views/cfg/intercept/interceptList.jsp
@@ -123,6 +123,7 @@
 					}
 				});
 				$(obj).parent().find("td[data-column='mirror_client']").text(jsonObj.ssl_ver.mirror_client==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
+				$(obj).parent().find("td[data-column='allow_http2']").text(jsonObj.ssl_ver.allow_http2==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='enable']").text(jsonObj.decrypt_mirror.enable==1?"<spring:message code='yes'/>":"<spring:message code='no'/>");
 				$(obj).parent().find("td[data-column='mirror_profile']").text(jsonObj.decrypt_mirror.mirror_profile);
 				if(jsonObj.decrypt_mirror.mirror_profile){
@@ -468,6 +469,7 @@
 							    		<th column="ssl_ver_min" ><spring:message code="ssl_ver_min"/></th>
 							    		<th column="ssl_ver_max" ><spring:message code="ssl_ver_max"/></th>
 							    		<th column="ssl_ver_mirror_client" ><spring:message code="ssl_ver_mirror_client"/></th>
+							    		<th column="ssl_ver_allow_http2" ><spring:message code="ssl_ver_allow_http2"/></th>
 							    		<th column="decrypt_mirror_enable" ><spring:message code="decrypt_mirror_enable"/></th>
 							    		<th column="decrypt_mirror_mirror_profile" ><spring:message code="decrypt_mirror_mirror_profile"/></th>
 							    	</c:if>
@@ -572,6 +574,7 @@
 								    <td data-column="min" ></td>
 								    <td data-column="max" ></td>
 								    <td data-column="mirror_client" ></td>
+								    <td data-column="allow_http2" ></td>
 								    <td data-column="enable" ></td>
 								    <td data-column="mirror_profile" ></td>
 								    </c:if>