gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

基础协议,app policy,加密隧道行为导入并下发,增加APP_POLICY字符串域

Browse Source
This commit is contained in:
wangxin
2019-01-18 10:42:07 +08:00
parent 04b57afd2f
commit fa933de0d8
1 changed files with 178 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
src/main/java/com/nis/web/service/BaseService.java
View File

@@ -1639,6 +1639,30 @@ public abstract class BaseService {
maatCfg.setIsValid(_cfg.getIsValid());
return maatCfg;
}
/**
* MaatCfg 追加region
*/
public MaatCfg maatCfgAppendRegion(MaatCfg maatCfg,BaseCfg _cfg,Integer cfgType) {
if(maatCfg==null) return maatCfg;
Map<String,List> regions=cfgConvert(_cfg, cfgType);
if(regions.get("ipRegionList")!=null) {
maatCfg.getIpRegionList().addAll(regions.get("ipRegionList"));
}
if(regions.get("strRegionList")!=null) {
maatCfg.getStrRegionList().addAll(regions.get("strRegionList"));
}
if(regions.get("numRegionList")!=null) {
maatCfg.getNumRegionList().addAll(regions.get("numRegionList"));
}
if(regions.get("digestRegionList")!=null) {
maatCfg.getDigestRegionList().addAll(regions.get("digestRegionList"));
}
if(regions.get("groupRelationList")!=null) {
maatCfg.getGroupRelationList().addAll(regions.get("groupRelationList"));
maatCfg.setGroupNum(maatCfg.getGroupNum()+regions.get("groupRelationList").size());
}
return maatCfg;
}
/**
* 分割并保存
* @param regionDict
@@ -1682,7 +1706,7 @@ public abstract class BaseService {
this.saveCfgIndexOf(cfgIndexInfos);
}
if (appPolicyCfgs != null && appPolicyCfgs.size() > 0) {
this.savePolicyList(appPolicyCfgs);
this.savePolicyList(regionDict,serviceDict,appPolicyCfgs,list,send);
}
if (appFeatureCfgs != null && appFeatureCfgs.size() > 0) {
this.saveAppFeatureList(appFeatureCfgs);
@@ -1692,7 +1716,7 @@ public abstract class BaseService {
List<BaseIpCfg> listPage = (List<BaseIpCfg>) list;
if (specificServiceCfg!=null&&regionDict.getFunctionId().equals(405)) {
this.saveAppIpCfg((List<BaseIpCfg>)listPage,specificServiceCfg,send);
}else {
}else if(appPolicyCfgs==null||appPolicyCfgs.isEmpty()){
this.saveIpBatch(regionDict,serviceDict,(List<BaseIpCfg>)listPage,send);
}
}else if("AsnIpCfg".equals(type)) {
@@ -1766,7 +1790,7 @@ public abstract class BaseService {
this.saveStringCfgBatch(regionDict,serviceDict,listPage, "http_url_cfg",send);
}
//账号
else if("subscribe_id".equals(regionDict.getConfigServiceType())){
else if("subscribe_id".equals(regionDict.getConfigServiceType())&&(appPolicyCfgs==null||appPolicyCfgs.isEmpty())){
this.saveStringCfgBatch(regionDict,serviceDict,listPage, "ntc_subscribe_id_cfg",send);
}
// HTTP(s) URL
@@ -2352,17 +2376,167 @@ public abstract class BaseService {
/**
* 导入配置保存App策略
* @param appPolicyCfgs
* @throws CloneNotSupportedException
*/
@Transactional(readOnly=false,rollbackFor=RuntimeException.class)
public void savePolicyList(List<AppPolicyCfg> appPolicyCfgs){
public void savePolicyList(FunctionRegionDict regionDict,FunctionServiceDict serviceDict,List<AppPolicyCfg> appPolicyCfgs,List<? extends BaseCfg> list,boolean send){
SqlSessionFactory sqlSessionFactory=SpringContextHolder.getBean(SqlSessionFactory.class);
SqlSession batchSqlSession = null;
List<MaatCfg> configCompileList = new ArrayList();
try{
batchSqlSession = sqlSessionFactory.openSession(ExecutorType.BATCH, false);
for(int index = 0; index < appPolicyCfgs.size();index++){
AppPolicyCfg _cfg = appPolicyCfgs.get(index);
((AppCfgDao) batchSqlSession.getMapper(AppCfgDao.class)).insertAppPolicyCfgForBatch(_cfg);
}
if(send) {
StringBuffer cfgKeywords = new StringBuffer();
if (appPolicyCfgs.get(0).getBehavCode() != null) {
if (regionDict.getFunctionId().equals(63)) {
cfgKeywords.append(Constants.APP_ID_REGION + "=" + appPolicyCfgs.get(0).getAppCode());
} else if (regionDict.getFunctionId().equals(407)
|| regionDict.getFunctionId().equals(408)) {
cfgKeywords.append(Constants.PROTO_ID_REGION + "=" + appPolicyCfgs.get(0).getAppCode());
}
cfgKeywords.append(Constants.KEYWORD_EXPR);
cfgKeywords.append(Constants.BEHAV_ID_REGION + "=" + appPolicyCfgs.get(0).getBehavCode());
// appPolicyCfgs.get(0.setCfgKeywords(appPolicyCfgs.get(0.getAppCode()+Constants.KEYWORD_EXPR+appPolicyCfgs.get(0.getBehavCode());
} else {
if (regionDict.getFunctionId().equals(63)) {
cfgKeywords.append(Constants.APP_ID_REGION + "=" + appPolicyCfgs.get(0).getAppCode());
} else if (regionDict.getFunctionId().equals(407)
|| regionDict.getFunctionId().equals(408)) {
cfgKeywords.append(Constants.PROTO_ID_REGION + "=" + appPolicyCfgs.get(0).getAppCode());
}
// entity.setCfgKeywords(entity.getAppCode()+"");
}
appPolicyCfgs.get(0).setCfgKeywords(cfgKeywords.toString());
}
List<Integer> groupIds=Lists.newArrayList();
List<Integer> regionIds=Lists.newArrayList();
if(send) {
groupIds=ConfigServiceUtil.getId(2, list.size());
regionIds=ConfigServiceUtil.getId(3, list.size());
}
for(int index = 0; index < list.size();index++){
MaatCfg maatCfg=null;
if(send) {
if(regionDict.getIsMaat().intValue()==1) {
AppPolicyCfg cfg=(AppPolicyCfg) appPolicyCfgs.get(0);
cfg.setCompileId(list.get(index).getCompileId());
cfg.setRegionId(regionIds.get(index));
cfg.setGroupId(groupIds.get(index));
maatCfg=convertMaatCfg(cfg,2);
if(regionDict.getFunctionId()==407) {// Protocol Identify
//PROTOCOL IDENTITY USER_REGION PROTOCOL_ID=ProtocolId
maatCfg.setUserRegion(Constants.PROTO_ID_REGION + "=" + appPolicyCfgs.get(0).getAppCode());
// 限速业务需要设置 USER_REGION Droprate=userregion3
if (Constants.RATELIMIT_ACTION.equals(appPolicyCfgs.get(0).getAction())) {
appPolicyCfgs.get(0).setUserRegion1(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion1()) ? "0":appPolicyCfgs.get(0).getUserRegion1());
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(appPolicyCfgs.get(0).getUserRegion1().equals("0")){//丢包率
appPolicyCfgs.get(0).setUserRegion2(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion2()) ? "":appPolicyCfgs.get(0).getUserRegion2());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion2());
}else if(appPolicyCfgs.get(0).getUserRegion1().equals("1")){//带宽
appPolicyCfgs.get(0).setUserRegion3(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion3()) ? "":appPolicyCfgs.get(0).getUserRegion3());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion3());
}
}
//DKC=8 USER_REGION DKC=userregion4
if(!StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion4()) && Constants.REJECT_ACTION.equals(appPolicyCfgs.get(0).getAction())){
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.APP_VIGNORE_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion4());
}
// USER_REGION config_id=compileId
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT+"config_id="+maatCfg.getCompileId());
}else if(regionDict.getFunctionId()==63) {// APP Policy
//APP IDENTITY USER_REGION包含APP_ID=AppCode;BEHAV_ID=ProtocolId
maatCfg.setUserRegion(Constants.APP_ID_REGION + "=" + appPolicyCfgs.get(0).getAppCode()+Constants.USER_REGION_SPLIT+ Constants.BEHAV_ID_REGION + "=" + appPolicyCfgs.get(0).getBehavCode());
// 限速业务需要设置
if (Constants.RATELIMIT_ACTION.equals(appPolicyCfgs.get(0).getAction())) {
appPolicyCfgs.get(0).setUserRegion1(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion1()) ? "0":appPolicyCfgs.get(0).getUserRegion1());
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(appPolicyCfgs.get(0).getUserRegion1().equals("0")){//丢包率
appPolicyCfgs.get(0).setUserRegion2(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion2()) ? "":appPolicyCfgs.get(0).getUserRegion2());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion2());
}else if(appPolicyCfgs.get(0).getUserRegion1().equals("1")){//带宽
appPolicyCfgs.get(0).setUserRegion3(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion3()) ? "":appPolicyCfgs.get(0).getUserRegion3());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion3());
}
}
//DKC=8
if(!StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion4()) && Constants.REJECT_ACTION.equals(appPolicyCfgs.get(0).getAction())){
maatCfg.setUserRegion(Constants.USER_REGION_SPLIT +Constants.APP_VIGNORE_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion4());
}
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT+"config_id="+appPolicyCfgs.get(0).getCompileId());
}else if(regionDict.getFunctionId()==408) {// Behavior Identify
//BEHAVIOR IDENTITY USER_REGION包含APP_ID=AppCode;BEHAV_ID=ProtocolId
maatCfg.setUserRegion(Constants.PROTO_ID_REGION + "=" + appPolicyCfgs.get(0).getAppCode()+Constants.USER_REGION_SPLIT+ Constants.BEHAV_ID_REGION + "=" + appPolicyCfgs.get(0).getBehavCode());
// 限速业务需要设置
if (Constants.RATELIMIT_ACTION.equals(appPolicyCfgs.get(0).getAction())) {
appPolicyCfgs.get(0).setUserRegion1(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion1()) ? "0":appPolicyCfgs.get(0).getUserRegion1());
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(appPolicyCfgs.get(0).getUserRegion1().equals("0")){//丢包率
appPolicyCfgs.get(0).setUserRegion2(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion2()) ? "":appPolicyCfgs.get(0).getUserRegion2());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion2());
}else if(appPolicyCfgs.get(0).getUserRegion1().equals("1")){//带宽
appPolicyCfgs.get(0).setUserRegion3(StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion3()) ? "":appPolicyCfgs.get(0).getUserRegion3());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion3());
}
}
//DKC=8
if(!StringUtil.isEmpty(appPolicyCfgs.get(0).getUserRegion4()) && Constants.REJECT_ACTION.equals(appPolicyCfgs.get(0).getAction())){
maatCfg.setUserRegion(Constants.USER_REGION_SPLIT +Constants.APP_VIGNORE_USER_REGION_KEY+"="+appPolicyCfgs.get(0).getUserRegion4());
}
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT+"config_id="+appPolicyCfgs.get(0).getCompileId());
}
}
}
if(list.get(0) instanceof BaseIpCfg) {
BaseIpCfg _cfg=(BaseIpCfg)list.get(index);
batchSqlSession.getMapper(IpCfgDao.class).insertForBatch(_cfg);
if(send) {
maatCfg=maatCfgAppendRegion(maatCfg,_cfg,1);
//是否需要处理字符串域and表达式
configCompileList.add(maatCfg);
}
}else if(list.get(0) instanceof BaseStringCfg) {
BaseStringCfg _cfg=(BaseStringCfg)list.get(index);
if("subscribe_id".equals(regionDict.getConfigServiceType())) {
_cfg.setTableName("ntc_subscribe_id_cfg");
}
((StringCfgDao) batchSqlSession.getMapper(StringCfgDao.class)).saveStringCfgBatch(_cfg);
if(send) {
maatCfg=maatCfgAppendRegion(maatCfg,_cfg,2);
//是否需要处理字符串域and表达式
configCompileList.add(maatCfg);
}
}
}
if (send) {
if(configCompileList.size() > 0) {
ToMaatBean maatBean = new ToMaatBean();
maatBean.setConfigCompileList(configCompileList);
maatBean.setAuditTime(new Date());
maatBean.setCreatorName(UserUtils.getUser().getName());
maatBean.setVersion(Constants.MAAT_VERSION);
maatBean.setOpAction(Constants.INSERT_ACTION);
// 调用服务接口下发配置数据
String json = BaseService.gsonToJson(maatBean);
if(configCompileList.size()>10) {
logger.info("APP策略 配置下发配置条数:" + configCompileList.size());
}else {
logger.info("APP策略 配置下发配置参数:" + json);
}
// 调用服务接口下发配置
ToMaatResult result = ConfigServiceUtil.postMaatCfg(json);
logger.info("APP策略 配置下发响应信息:" + result.getMsg());
}
}
batchSqlSession.commit();
}finally {
if(batchSqlSession != null){
@@ -2453,68 +2627,6 @@ public abstract class BaseService {
// maatCfg.setUserRegion(Constants.USER_REGION_SPLIT+entity.getDnsStrategyId()+Constants.USER_REGION_SPLIT);
maatCfg.setUserRegion(Constants.DNS_STRATEGY_USER_REGION_KEY+"="+_cfg.getDnsStrategyId());
}
}else if(regionDict.getFunctionId()==407) {// Protocol Identify
//PROTOCOL IDENTITY USER_REGION PROTOCOL_ID=ProtocolId
maatCfg.setUserRegion(Constants.PROTO_ID_REGION + "=" + _cfg.getAppCode());
// 限速业务需要设置 USER_REGION Droprate=userregion3
if (Constants.RATELIMIT_ACTION.equals(_cfg.getAction())) {
_cfg.setUserRegion1(StringUtil.isEmpty(_cfg.getUserRegion1()) ? "0":_cfg.getUserRegion1());
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(_cfg.getUserRegion1().equals("0")){//丢包率
_cfg.setUserRegion2(StringUtil.isEmpty(_cfg.getUserRegion2()) ? "":_cfg.getUserRegion2());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2());
}else if(_cfg.getUserRegion1().equals("1")){//带宽
_cfg.setUserRegion3(StringUtil.isEmpty(_cfg.getUserRegion3()) ? "":_cfg.getUserRegion3());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+_cfg.getUserRegion3());
}
}
//DKC=8 USER_REGION DKC=userregion4
if(!StringUtil.isEmpty(_cfg.getUserRegion4()) && Constants.REJECT_ACTION.equals(_cfg.getAction())){
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.APP_VIGNORE_USER_REGION_KEY+"="+_cfg.getUserRegion4());
}
// USER_REGION config_id=compileId
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT+"config_id="+maatCfg.getCompileId());
}else if(regionDict.getFunctionId()==63) {// APP Policy
//APP IDENTITY USER_REGION包含APP_ID=AppCode;BEHAV_ID=ProtocolId
maatCfg.setUserRegion(Constants.APP_ID_REGION + "=" + _cfg.getAppCode()+Constants.USER_REGION_SPLIT+ Constants.BEHAV_ID_REGION + "=" + _cfg.getBehavCode());
// 限速业务需要设置
if (Constants.RATELIMIT_ACTION.equals(_cfg.getAction())) {
_cfg.setUserRegion1(StringUtil.isEmpty(_cfg.getUserRegion1()) ? "0":_cfg.getUserRegion1());
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(_cfg.getUserRegion1().equals("0")){//丢包率
_cfg.setUserRegion2(StringUtil.isEmpty(_cfg.getUserRegion2()) ? "":_cfg.getUserRegion2());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2());
}else if(_cfg.getUserRegion1().equals("1")){//带宽
_cfg.setUserRegion3(StringUtil.isEmpty(_cfg.getUserRegion3()) ? "":_cfg.getUserRegion3());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+_cfg.getUserRegion3());
}
}
//DKC=8
if(!StringUtil.isEmpty(_cfg.getUserRegion4()) && Constants.REJECT_ACTION.equals(_cfg.getAction())){
maatCfg.setUserRegion(Constants.USER_REGION_SPLIT +Constants.APP_VIGNORE_USER_REGION_KEY+"="+_cfg.getUserRegion4());
}
maatCfg.setUserRegion(Constants.USER_REGION_SPLIT+"config_id="+_cfg.getCompileId());
}else if(regionDict.getFunctionId()==408) {// Behavior Identify
//BEHAVIOR IDENTITY USER_REGION包含APP_ID=AppCode;BEHAV_ID=ProtocolId
maatCfg.setUserRegion(Constants.APP_ID_REGION + "=" + _cfg.getAppCode()+Constants.USER_REGION_SPLIT+ Constants.BEHAV_ID_REGION + "=" + _cfg.getBehavCode());
// 限速业务需要设置
if (Constants.RATELIMIT_ACTION.equals(_cfg.getAction())) {
_cfg.setUserRegion1(StringUtil.isEmpty(_cfg.getUserRegion1()) ? "0":_cfg.getUserRegion1());
//限速 需要发Droprate=0.001 暂不支持Bandwidth=200kbps
if(_cfg.getUserRegion1().equals("0")){//丢包率
_cfg.setUserRegion2(StringUtil.isEmpty(_cfg.getUserRegion2()) ? "":_cfg.getUserRegion2());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_DROPRATE_USER_REGION_KEY+"="+_cfg.getUserRegion2());
}else if(_cfg.getUserRegion1().equals("1")){//带宽
_cfg.setUserRegion3(StringUtil.isEmpty(_cfg.getUserRegion3()) ? "":_cfg.getUserRegion3());
maatCfg.setUserRegion(maatCfg.getUserRegion()+Constants.USER_REGION_SPLIT +Constants.INTERCEPT_IP_RATELIMIT_BANDWITH_USER_REGION_KEY+"="+_cfg.getUserRegion3());
}
}
//DKC=8
if(!StringUtil.isEmpty(_cfg.getUserRegion4()) && Constants.REJECT_ACTION.equals(_cfg.getAction())){
maatCfg.setUserRegion(Constants.USER_REGION_SPLIT +Constants.APP_VIGNORE_USER_REGION_KEY+"="+_cfg.getUserRegion4());
}
maatCfg.setUserRegion(Constants.USER_REGION_SPLIT+"config_id="+_cfg.getCompileId());
}else if(regionDict.getFunctionId()==301) {// Anti DDOS
Map umap= new HashMap();
umap.put("protocol", _cfg.getAntiddosProtocol());