gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

IP range 审核下发时拆分成单个IP

Browse Source
This commit is contained in:
wangxin
2018-10-30 20:17:03 +08:00
parent ceb452a82a
commit ea6cbab3c8
2 changed files with 330 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

340
src/main/java/com/nis/web/service/BaseService.java
View File

@@ -7,10 +7,6 @@ import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.management.RuntimeErrorException;
import org.apache.commons.lang3.StringEscapeUtils;
import org.slf4j.Logger;
@@ -43,7 +39,6 @@ import com.nis.domain.maat.MaatCfg.GroupCfg;
import com.nis.domain.maat.MaatCfg.IpCfg;
import com.nis.domain.maat.MaatCfg.NumBoundaryCfg;
import com.nis.domain.maat.MaatCfg.StringCfg;
import com.nis.domain.specific.ConfigGroupInfo;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Configurations;
import com.nis.util.Constants;
@@ -302,11 +297,14 @@ public abstract class BaseService {
groupRelationList.add(group);
}
cfg.setGroupId(groupId);
cfg.setRegionId(ConfigServiceUtil.getId(3, 1).get(0));
cfg.setAuditTime(baseCfg.getAuditTime());
cfg.setIsValid(baseCfg.getIsValid());
cfg = ipConvert(cfg,baseIpCfg);
dstList.add(cfg);
List<IpCfg> cfgs = ipConvert(cfg,baseIpCfg);
List<Integer> ids=ConfigServiceUtil.getId(3, cfgs.size());
for(int i=0;i<cfgs.size();i++) {
cfgs.get(i).setRegionId(ids.get(i));
}
dstList.addAll(cfgs);
//如果protocolId非空非零需要构造数值型域配置
if(baseIpCfg.getProtocolId()!=null && baseIpCfg.getProtocolId()!=0){
@@ -397,7 +395,7 @@ public abstract class BaseService {
* @param srcIp
* @return
*/
public static IpCfg ipConvert(IpCfg dstIp,BaseIpCfg srcIp){
/*public static IpCfg ipConvert(IpCfg dstIp,BaseIpCfg srcIp){
if(srcIp.getSrcIpAddress()!=null){
if(srcIp.getSrcIpAddress().indexOf("/")!=-1){
if(srcIp.getIpType()==4 || srcIp.getIpType()==46){//46表示源ip为ipv4目的ip为ipv6
@@ -628,6 +626,320 @@ public abstract class BaseService {
dstIp.setDstPortMask("65535");
}
return dstIp;
}*/
/**
* 界面IP配置转换为MAAT类或者回调类IP配置
* @param dstIp
* @param srcIp
* @return
*/
public static List<IpCfg> ipConvert(IpCfg dstIp,BaseIpCfg srcIp){
List<IpCfg> ipConvertList=Lists.newArrayList();
boolean isRange=((srcIp.getIpPattern()!=null&&srcIp.getIpPattern()==2)
||(srcIp.getSrcIpAddress()!=null&&srcIp.getSrcIpAddress().indexOf("-")>-1)
||(srcIp.getDestIpAddress()!=null&&srcIp.getDestIpAddress().indexOf("-")>-1));
if(isRange) {
List<IpCfg> tempList=Lists.newArrayList();
List<IpCfg> tempList1=Lists.newArrayList();
if(srcIp.getIpType().intValue()==4) {
if(srcIp.getSrcIpAddress()!=null){
String startIpPart=srcIp.getSrcIpAddress().split("-")[0];
String endIpPart=srcIp.getSrcIpAddress().split("-")[1];
Integer startNum=Integer.parseInt(startIpPart.split("\\.")[3]);
Integer endNum=Integer.parseInt(endIpPart.split("\\.")[3]);
for(int i=startNum;i<=endNum;i++) {
IpCfg tempIp=new IpCfg();
BeanUtils.copyProperties(dstIp, tempIp);
tempIp.setSrcIp(startIpPart.substring(0, startIpPart.lastIndexOf(".")+1)+i);
tempIp.setSrcIpMask("255.255.255.255");
tempList.add(tempIp);
}
}else {
dstIp.setSrcIp("0.0.0.0");
dstIp.setSrcIpMask("255.255.255.255");
tempList.add(dstIp);
}
if(srcIp.getDestIpAddress()!=null){
String startIpPart=srcIp.getDestIpAddress().split("-")[0];
String endIpPart=srcIp.getDestIpAddress().split("-")[1];
Integer startNum=Integer.parseInt(startIpPart.split("\\.")[3]);
Integer endNum=Integer.parseInt(endIpPart.split("\\.")[3]);
for(IpCfg _cfg:tempList) {
for(int i=startNum;i<=endNum;i++) {
IpCfg tempIp=new IpCfg();
BeanUtils.copyProperties(_cfg, tempIp);
tempIp.setDstIp(startIpPart.substring(0, startIpPart.lastIndexOf(".")+1)+i);
tempIp.setDstIpMask("255.255.255.255");
//处理
convertPortValues(tempIp,srcIp);
if(!tempIp.getSrcIp().equals(tempIp.getDstIp())) {
tempList1.add(tempIp);
}
}
}
tempList.clear();
}else {
for(IpCfg _cfg:tempList) {
_cfg.setDstIp("0.0.0.0");
_cfg.setSrcIpMask("255.255.255.255");
convertPortValues(_cfg,srcIp);
}
}
if(tempList1.size()>0) {
ipConvertList.addAll(tempList1);
}else {
ipConvertList.addAll(tempList);
}
}else if(srcIp.getIpType().intValue()==6){
if(srcIp.getSrcIpAddress()!=null){
IPv6Address address1 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[0]);
IPv6Address address2 = IPv6Address.fromString(srcIp.getSrcIpAddress().split("-")[1]);
IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
dstIp.setSrcIp(address1.toString());
dstIp.setSrcIpMask(network.getNetmask().asAddress().toString());
}else {
dstIp.setSrcIp("::");
dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}
if(srcIp.getDestIpAddress()!=null) {
IPv6Address address1 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[0]);
IPv6Address address2 = IPv6Address.fromString(srcIp.getDestIpAddress().split("-")[1]);
IPv6Network network = IPv6Network.fromTwoAddresses(address1,address2);
dstIp.setDstIp(address1.toString());
dstIp.setDstIpMask(network.getNetmask().asAddress().toString());
}else {
dstIp.setDstIp("::");
dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}
ipConvertList.add(dstIp);
}else {
throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
}
}else {
if(srcIp.getSrcIpAddress()!=null){
if(srcIp.getSrcIpAddress().indexOf("/")!=-1){
if(srcIp.getIpType()==4 /*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4目的ip为ipv6
Integer srcMaskNum = Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]);
if(srcMaskNum==0){
dstIp.setSrcIpMask("0.0.0.0");
}else{
dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum));
}
dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6目的ip为ipv4
IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getSrcIpAddress());
dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString());
}/*else {
Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getSrcIpAddress());
Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getSrcIpAddress());
if(matchernV4Subnet.matches()) {
Integer srcMaskNum = Integer.parseInt(srcIp.getSrcIpAddress().split("/")[1]);
if(srcMaskNum==0){
dstIp.setSrcIpMask("0.0.0.0");
}else{
dstIp.setSrcIpMask(IpUtil.convertMask(srcMaskNum));
}
dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
}else if(matcherV6Subnet.matches()){
IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getSrcIpAddress());
dstIp.setSrcIp(srcIp.getSrcIpAddress().split("/")[0]);
dstIp.setSrcIpMask(strangeNetwork.getNetmask().asAddress().toString());
}else {
throw new RuntimeException("Invalid IP/subnet mask format");
}
}*/
else {
throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
}
}else{
if(srcIp.getIpType()==4/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4目的ip为ipv6
dstIp.setSrcIp(srcIp.getSrcIpAddress());
dstIp.setSrcIpMask("255.255.255.255");
}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6目的ip为ipv4
dstIp.setSrcIp(srcIp.getSrcIpAddress());
dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}/*else {//all
Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP);
Matcher matcherV4=patternV4.matcher(srcIp.getSrcIpAddress());
Matcher matcherV6=patternV6.matcher(srcIp.getSrcIpAddress());
if(matcherV4.matches()) {
dstIp.setSrcIp(srcIp.getSrcIpAddress());
dstIp.setSrcIpMask("255.255.255.255");
}else if(matcherV6.matches()) {
dstIp.setSrcIp(srcIp.getSrcIpAddress());
dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}else {
throw new RuntimeException("Invalid IP format");
}
}*/
else {
throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
}
}
}else{
if(srcIp.getIpType()==4/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4目的ip为ipv6
dstIp.setSrcIp(srcIp.getSrcIpAddress());
dstIp.setSrcIpMask("255.255.255.255");
}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6目的ip为ipv4
dstIp.setSrcIp(srcIp.getSrcIpAddress());
dstIp.setSrcIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}/*else {//all
dstIp.setSrcIp(srcIp.getSrcIpAddress());
dstIp.setSrcIpMask("255.255.255.255");
}*/
else {
throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
}
}
if(srcIp.getDestIpAddress()!=null){
if(srcIp.getDestIpAddress().indexOf("/")!=-1){
if(srcIp.getIpType()==4/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6目的ip为ipv4
Integer dstMaskNum = Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]);
if(dstMaskNum==0){
dstIp.setDstIpMask("0.0.0.0");
}else{
dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));;
}
dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4目的ip为ipv6
IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getDestIpAddress());
dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString());
}/*else {
Pattern patternV4Subnet=Pattern.compile(Constants.IPV4_IP_SUBNET_REGEXP);
Pattern patternV6Subnet=Pattern.compile(Constants.IPV6_IP_SUBNET_REGEXP);
Matcher matchernV4Subnet=patternV4Subnet.matcher(srcIp.getDestIpAddress());
Matcher matcherV6Subnet=patternV6Subnet.matcher(srcIp.getDestIpAddress());
if(matchernV4Subnet.matches()) {
Integer dstMaskNum = Integer.parseInt(srcIp.getDestIpAddress().split("/")[1]);
if(dstMaskNum==0){
dstIp.setDstIpMask("0.0.0.0");
}else{
dstIp.setDstIpMask(IpUtil.convertMask(dstMaskNum));;
}
dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
}else if(matcherV6Subnet.matches()){
IPv6Network strangeNetwork = IPv6Network.fromString(srcIp.getDestIpAddress());
dstIp.setDstIp(srcIp.getDestIpAddress().split("/")[0]);
dstIp.setDstIpMask(strangeNetwork.getNetmask().asAddress().toString());
}else {
throw new RuntimeException("Invalid IP/subnet mask format");
}
}*/
else {
throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
}
}else{
if(srcIp.getIpType()==4/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6目的ip为ipv4
dstIp.setDstIp(srcIp.getDestIpAddress());
dstIp.setDstIpMask("255.255.255.255");
}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4目的ip为ipv6
dstIp.setDstIp(srcIp.getDestIpAddress());
dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}/*else {//all
Pattern patternV4=Pattern.compile(Constants.IPV4_IP_REGEXP);
Pattern patternV6=Pattern.compile(Constants.IPV6_IP_REGEXP);
Matcher matcherV4=patternV4.matcher(srcIp.getDestIpAddress());
Matcher matcherV6=patternV6.matcher(srcIp.getDestIpAddress());
if(matcherV4.matches()) {
dstIp.setDstIp(srcIp.getDestIpAddress());
dstIp.setDstIpMask("255.255.255.255");
}else if(matcherV6.matches()) {
dstIp.setDstIp(srcIp.getDestIpAddress());
dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}else {
throw new RuntimeException("invalid ip format");
}
}*/
else {
throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
}
}
}else{
if(srcIp.getIpType()==4/*|| srcIp.getIpType()==64*/){//64表示源ip为ipv6目的ip为ipv4
dstIp.setDstIp(srcIp.getDestIpAddress());
dstIp.setDstIpMask("255.255.255.255");
}else if(srcIp.getIpType()==6/*|| srcIp.getIpType()==46*/){//46表示源ip为ipv4目的ip为ipv6
dstIp.setDstIp(srcIp.getDestIpAddress());
dstIp.setDstIpMask("FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF");
}/*else {//all
dstIp.setDstIp(srcIp.getDestIpAddress());
dstIp.setDstIpMask("255.255.255.255");
}*/
else {
throw new RuntimeException("Unsupported IP type "+srcIp.getIpType());
}
}
if(srcIp.getSrcPort()!=null){
if(srcIp.getSrcPort().indexOf("/")!=-1){
String srcMaskNum = srcIp.getSrcPort().split("/")[1];
dstIp.setSrcPortMask(srcMaskNum);
dstIp.setSrcPort(srcIp.getSrcPort().split("/")[0]);
}else{
dstIp.setSrcPort(srcIp.getSrcPort());
dstIp.setSrcPortMask("65535");
}
}else{
dstIp.setSrcPort("0");
dstIp.setSrcPortMask("65535");
}
if(srcIp.getDestPort()!=null){
if(srcIp.getDestPort().indexOf("/")!=-1){
String dstMaskNum = srcIp.getDestPort().split("/")[1];
dstIp.setDstPortMask(dstMaskNum);
dstIp.setDstPort(srcIp.getDestPort().split("/")[0]);
}else{
dstIp.setDstPort(srcIp.getDestPort());
dstIp.setDstPortMask("65535");
}
}else{
dstIp.setDstPort("0");
dstIp.setDstPortMask("65535");
}
ipConvertList.add(dstIp);
}
return ipConvertList;
}
/**
* 设置端口值
* @param dstIp
* @param srcIp
*/
public static void convertPortValues(IpCfg dstIp,BaseIpCfg srcIp) {
if(srcIp.getSrcPort()!=null){
if(srcIp.getSrcPort().indexOf("/")!=-1){
String srcMaskNum = srcIp.getSrcPort().split("/")[1];
dstIp.setSrcPortMask(srcMaskNum);
dstIp.setSrcPort(srcIp.getSrcPort().split("/")[0]);
}else{
dstIp.setSrcPort(srcIp.getSrcPort());
dstIp.setSrcPortMask("65535");
}
}else{
dstIp.setSrcPort("0");
dstIp.setSrcPortMask("65535");
}
if(srcIp.getDestPort()!=null){
if(srcIp.getDestPort().indexOf("/")!=-1){
String dstMaskNum = srcIp.getDestPort().split("/")[1];
dstIp.setDstPortMask(dstMaskNum);
dstIp.setDstPort(srcIp.getDestPort().split("/")[0]);
}else{
dstIp.setDstPort(srcIp.getDestPort());
dstIp.setDstPortMask("65535");
}
}else{
dstIp.setDstPort("0");
dstIp.setDstPortMask("65535");
}
}
//拦截策略
public ProxyObjKeyring convertCallBackProxyObjKeyring(PxyObjKeyring cfg){
@@ -667,7 +979,11 @@ public abstract class BaseService {
}
//ip转换为callback用ip
public InlineIp convertCallBackIp(BaseIpCfg cfg,Integer policyGroup){
IpCfg c=ipConvert(new IpCfg(),cfg);
List<IpCfg> cfgs = ipConvert(new IpCfg(),cfg);
if(cfgs.size()>0) {
throw new RuntimeException("CallBack IP did not support IP range!");
}
IpCfg c=cfgs.get(0);
InlineIp ip=new InlineIp();
ip.setId(cfg.getCompileId());
ip.setCfgId(cfg.getCompileId());
@@ -764,9 +1080,9 @@ public abstract class BaseService {
cfg.setUserRegion(userRegion);
}
cfg.setIsValid(isValid);
cfg = ipConvert(cfg,baseIpCfg);
cfg.setAuditTime(opTime);
maatIpList.add(cfg);
List<IpCfg> cfgs = ipConvert(cfg,baseIpCfg);
maatIpList.addAll(cfgs);
}
return maatIpList;
}