package com.nis.web.service.configuration; import java.util.ArrayList; import java.util.Date; import java.util.List; import java.util.Map; import java.util.Map.Entry; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import com.google.common.collect.Lists; import com.nis.domain.Page; import com.nis.domain.callback.InlineIp; import com.nis.domain.callback.NtcDnsResStrategy; import com.nis.domain.callback.ProxyObjKeyring; import com.nis.domain.callback.ProxyObjTrustedCa; import com.nis.domain.configuration.BaseCfg; import com.nis.domain.configuration.CfgIndexInfo; import com.nis.domain.configuration.DnsIpCfg; import com.nis.domain.configuration.DnsResStrategy; import com.nis.domain.configuration.IpPortCfg; import com.nis.domain.configuration.PxyObjKeyring; import com.nis.domain.configuration.PxyObjSpoofingIpPool; import com.nis.domain.configuration.PxyObjTrustedCaCert; import com.nis.domain.configuration.PxyObjTrustedCaCrl; import com.nis.domain.maat.GroupReuseAddBean; import com.nis.domain.maat.GroupReuseCfg; import com.nis.domain.maat.MaatCfg; import com.nis.domain.maat.MaatCfg.IpCfg; import com.nis.domain.maat.ToMaatBean; import com.nis.domain.maat.ToMaatResult; import com.nis.util.ConfigServiceUtil; import com.nis.util.Constants; import com.nis.util.StringUtil; import com.nis.web.dao.configuration.CommonPolicyDao; import com.nis.web.dao.configuration.ConfigSynchronizationDao; import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao; import com.nis.web.dao.configuration.WebsiteCfgDao; import com.nis.web.security.UserUtils; import com.nis.web.service.BaseService; import com.nis.web.service.CrudService; @Service public class CommonPolicyService extends CrudService { @Autowired protected CommonPolicyDao commonPolicyDao; @Autowired protected ConfigSynchronizationDao synchronizationDao; @Autowired protected PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao; /** * maat配置批量失效 * @param cfgList * @param page * @param entity * @param list * @param hasData * @return * @throws NoSuchFieldException * @throws SecurityException * @throws IllegalArgumentException * @throws IllegalAccessException */ public boolean auditNtcMaatData(List> cfgList, Page page, BaseCfg entity, List list, boolean hasData)throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{ long start=System.currentTimeMillis(); long end=System.currentTimeMillis(); ToMaatBean maatBean; MaatCfg maatCfg; List configCompileList; maatBean = new ToMaatBean(); configCompileList = new ArrayList(); List compileIds = new ArrayList(); List spoofingPoolCfgIds = new ArrayList(); for(BaseCfg cfg:list){ compileIds.add(cfg.getCompileId()); if(entity.getServiceId().equals(518)){ // IP_Spoofing spoofingPoolCfgIds.add(cfg.getUserRegion3()); } } if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) { List auditHttpCompileIds= new ArrayList(); List deleteHttpCompileIds= new ArrayList(); //http关键字配置失效,获取与其匹配的http url配置 if(entity.getServiceId().equals(152) || entity.getServiceId().equals(40)) { List httpUrlCfgs=commonPolicyDao.getHttpUrlCfgBySourceCompileId(compileIds); if(!StringUtil.isEmpty(httpUrlCfgs)) { for (CfgIndexInfo httpUrlCfg: httpUrlCfgs) { //审核通过的 if(httpUrlCfg.getIsValid().equals(1) && httpUrlCfg.getIsAudit().equals(1)) { auditHttpCompileIds.add(httpUrlCfg.getCompileId()); maatCfg = new MaatCfg(); maatCfg.setCompileId(httpUrlCfg.getCompileId()); maatCfg.setServiceId(httpUrlCfg.getServiceId()); maatCfg.setIsValid(0);//无效 configCompileList.add(maatCfg); } //未审核或者审核未通过的 if(httpUrlCfg.getIsValid().equals(0) && (httpUrlCfg.getIsAudit().equals(0) || httpUrlCfg.getIsAudit().equals(2))) { deleteHttpCompileIds.add(httpUrlCfg.getCompileId()); } } } //更新各配置定时任务信息 handelScheduleCfg(httpUrlCfgs, entity.getTableName(),entity); } if(!StringUtil.isEmpty(auditHttpCompileIds)) { commonPolicyDao.auditCfgBatch("cfg_index_info", entity,auditHttpCompileIds,null); commonPolicyDao.auditCfgBatch("http_url_cfg", entity,auditHttpCompileIds,null); } if(!StringUtil.isEmpty(deleteHttpCompileIds)) { commonPolicyDao.deleteHttpUrlCfg("cfg_index_info", entity,deleteHttpCompileIds); commonPolicyDao.deleteHttpUrlCfg("http_url_cfg", entity,deleteHttpCompileIds); } commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,compileIds,null); //更新各配置定时任务信息 handelScheduleCfg(list, entity.getTableName(),entity); } if(cfgList!=null){ for(Map m:cfgList){ String tableName = m.get("tableName").toString(); if(tableName.equals("pxy_obj_spoofing_ip_pool")) { commonPolicyDao.auditCfgBatch( tableName, entity,spoofingPoolCfgIds,null); }else { commonPolicyDao.auditCfgBatch( tableName, entity,compileIds,null); } } } if(entity.getServiceId().equals(518)){// IP仿冒策略 List poolList = new ArrayList(); String json=""; for (String cfgId : spoofingPoolCfgIds) { PxyObjSpoofingIpPool pool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(Long.parseLong(cfgId)); PxyObjSpoofingIpPool cfg = new PxyObjSpoofingIpPool(); cfg.setIsValid(0); cfg.setCompileId(pool.getCompileId()); cfg.setServiceId(pool.getServiceId()); poolList.add(cfg); } // 调用服务接口取消配置 json=gsonToJson(poolList); // logger.info("欺骗IP池配置批量失效参数:"+json); // 调用服务接口取消配置 try { ToMaatResult result = ConfigServiceUtil.put(json, 2); logger.info("欺骗IP池配置批量失效响应信息:"+result.getMsg()); } catch (Exception e) { logger.info("欺骗IP池配置批量失效失败"); throw e; } } for(BaseCfg cfg:list){ maatCfg = new MaatCfg(); maatCfg.setCompileId(cfg.getCompileId()); maatCfg.setServiceId(cfg.getServiceId()); maatCfg.setIsValid(0);//无效 configCompileList.add(maatCfg); } page.setList(list); if(page.isLastPage()){ hasData = false; } if(!StringUtil.isEmpty(configCompileList.size())){ maatBean.setConfigCompileList(configCompileList); maatBean.setAuditTime(entity.getAuditTime()); maatBean.setCreatorName(entity.getCurrentUser().getName()); maatBean.setVersion(Constants.MAAT_VERSION); maatBean.setOpAction(Constants.UPDATE_ACTION); //调用服务接口取消配置 String json=gsonToJson(maatBean); if(!StringUtil.isEmpty(list)) { logger.warn("批量配置取消("+page.getPageNo()+"次)个数:"+list.size()); } //调用服务接口下发配置 logger.warn("Maat配置批量失效-下发:start()"); //logger.warn("Maat配置批量失效-下发:start()"+json); start=System.currentTimeMillis(); ToMaatResult result = ConfigServiceUtil.put(json,1); end=System.currentTimeMillis(); logger.warn("配置取消配置响应信息:"+result.getMsg()); logger.warn("Maat配置批量失效-下发:end("+(end-start)+")"); } return hasData; } public List getIpDropList(String tabName,List compileIds){ return synchronizationDao.getIpDropList(tabName, compileIds); } public List getIpPortList(IpPortCfg entity){ return synchronizationDao.getIpPortListByService(entity); } public List getPxyObjTrustedCrlCfgListByCertId(List certIds){ return synchronizationDao.getPxyObjTrustedCrlCfgListByCertId(certIds); } /** * IP复用配置取消 * @param cfgList * @param page * @param auditMap * @param hasData * @return */ public boolean auditReuseConfigData( Page page, BaseCfg entity, Map auditMap, boolean hasData){ long start=System.currentTimeMillis(); long end=System.currentTimeMillis(); long totolSize=0; if(page.isLastPage()){ hasData = false; } List regionIds = new ArrayList(); for(Entry e:auditMap.entrySet()) { List list=e.getValue(); for (BaseCfg baseCfg : list) { if("asn_ip_cfg".equals(entity.getTableName())) { regionIds.add(baseCfg.getRegionId()); }else { regionIds.add(Integer.parseInt(baseCfg.getUserRegion1())); } } totolSize=totolSize+list.size(); } start=System.currentTimeMillis(); logger.warn("APP IP配置批量失效-数据库状态变更:start()"); commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,regionIds,null); end=System.currentTimeMillis(); logger.warn("APP IP配置批量失效-数据库状态变更:end("+(end-start)+")"); //已经下发过的,调用分组复用配置删除接口 if(!auditMap.isEmpty()) { GroupReuseAddBean maatBean = new GroupReuseAddBean(); List groupReuseList=new ArrayList<>(); GroupReuseCfg groupReuseCfg=new GroupReuseCfg(); List ipRegionList=new ArrayList<>(); for (Integer groupId : auditMap.keySet()) { ipRegionList.addAll(groupReuseCfgAddRemoveConvert(auditMap.get(groupId),Constants.VALID_NO,groupId)); } groupReuseCfg.setIpRegionList(ipRegionList); groupReuseCfg.setStrRegionList(null); groupReuseCfg.setNumRegionList(null); groupReuseList.add(groupReuseCfg); maatBean.setGroupReuseCfgList(groupReuseList); maatBean.setAuditTime(new Date()); maatBean.setCreatorName(UserUtils.getUser().getName()); maatBean.setVersion(Constants.MAAT_VERSION); maatBean.setOpAction(Constants.UPDATE_ACTION); //调用服务接口下发配置数据 String json=gsonToJson(maatBean); logger.warn("app协议IP域配置批量取消("+page.getPageNo()+"次):"+ipRegionList.size()); //logger.info("app协议IP域配置批量取消:"+json); //调用服务接口下发配置 logger.warn("APP IP配置批量失效-下发:start()"); start=System.currentTimeMillis(); ToMaatResult result = ConfigServiceUtil.put(json,3); end=System.currentTimeMillis(); logger.warn("app协议IP域配置批量取消响应信息:"+result.getMsg()); logger.warn("APP IP配置批量失效-下发:end("+(end-start)+")"); } return hasData; } /** * 回调类配置下发 * @param className * @param page * @param entity * @param hasData * @param isUpdateCfg * @throws ClassNotFoundException */ public void auditCallBackData(List auditList,List notAuditList,List compileIds,List ids,BaseCfg entity){ long start=System.currentTimeMillis(); long end=System.currentTimeMillis(); if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) { commonPolicyDao.auditCfgBatch("cfg_index_info", entity,compileIds,null); commonPolicyDao.auditCfgBatch("ip_port_cfg", entity,compileIds,null); if(entity.getIsAudit()!=1) { //更新各配置定时任务信息 handelScheduleCfg(auditList, entity.getTableName(),entity); //更新各配置定时任务信息 handelScheduleCfg(notAuditList, entity.getTableName(),entity); } } if(!StringUtil.isEmpty(ids) && !StringUtil.isEmpty(entity.getTableName())) { commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,ids,null); if(entity.getIsAudit()!=1) { //更新各配置定时任务信息 handelScheduleCfg(auditList, entity.getTableName(),entity); //更新各配置定时任务信息 handelScheduleCfg(notAuditList, entity.getTableName(),entity); } if(entity.getTableName().equals("pxy_obj_trusted_ca_cert")) { commonPolicyDao.auditCfgBatch("pxy_obj_trusted_ca_crl", entity,ids,null); } } if(entity.getIsAudit()==1){ // 格式转换 --> if(entity.getServiceId().equals(3)){ // IP Address Drop List convertList = Lists.newArrayList(); for (Object object : notAuditList) { IpPortCfg cfg = (IpPortCfg)object; convertList.add(BaseService.convertCallBackIp(cfg,cfg.getGroupId())); } if(convertList.size() > 0) { notAuditList = convertList; } }else if(entity.getServiceId().equals(65)) { // DNS响应策略 List convertList = Lists.newArrayList(); for (Object object : notAuditList) { DnsResStrategy cfg = (DnsResStrategy)object; convertList.add(BaseService.convertCallBackDnsResStrategy(cfg)); } if(convertList.size() > 0) { notAuditList = convertList; } }else if(entity.getServiceId().equals(64)) { // DNS欺骗IP List convertList = Lists.newArrayList(); for (Object object : notAuditList) { DnsIpCfg cfg = (DnsIpCfg)object; convertList.add(BaseService.convertCallBackIp(cfg,cfg.getDnsStrategyId())); } if(convertList.size() > 0) { notAuditList = convertList; } }else if(entity.getServiceId().equals(520)) { // 证书管理 List convertList = Lists.newArrayList(); for (Object object : notAuditList) { PxyObjKeyring cfg = (PxyObjKeyring)object; convertList.add(BaseService.convertCallBackProxyObjKeyring(cfg)); } if(convertList.size() > 0) { notAuditList = convertList; } }else if(entity.getFunctionId().equals(571)) { // 可信证书颁发机构+证书吊销列表 List convertList = Lists.newArrayList(); for (Object object : notAuditList) { if(object instanceof PxyObjTrustedCaCert) { PxyObjTrustedCaCert cfg = (PxyObjTrustedCaCert)object; convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(cfg,null)); }else if(object instanceof PxyObjTrustedCaCrl) { PxyObjTrustedCaCrl cfg = (PxyObjTrustedCaCrl)object; convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(null,cfg)); } } if(convertList.size() > 0) { notAuditList = convertList; } } // 格式转换 --> //调用服务接口下发配置数据 String json=gsonToJson(notAuditList); //logger.warn("批量下发配置参数:"+json); //调用服务接口下发配置 ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json); logger.warn("批量下发响应信息:"+result.getMsg()); }else if(entity.getIsAudit()==3){ // 格式转换 --> if(entity.getServiceId().equals(3)){ // IP Address Drop List convertList = Lists.newArrayList(); for (Object object : auditList) { IpPortCfg cfg = (IpPortCfg)object; convertList.add(BaseService.convertCallBackIp(cfg,cfg.getGroupId())); } if(convertList.size() > 0) { auditList = convertList; } }else if(entity.getServiceId().equals(65)) { // DNS响应策略 List convertList = Lists.newArrayList(); for (Object object : auditList) { DnsResStrategy cfg = (DnsResStrategy)object; convertList.add(BaseService.convertCallBackDnsResStrategy(cfg)); } if(convertList.size() > 0) { auditList = convertList; } }else if(entity.getServiceId().equals(64)) { // DNS欺骗IP List convertList = Lists.newArrayList(); for (Object object : auditList) { DnsIpCfg cfg = (DnsIpCfg)object; convertList.add(BaseService.convertCallBackIp(cfg,cfg.getDnsStrategyId())); } if(convertList.size() > 0) { auditList = convertList; } }else if(entity.getServiceId().equals(520)) { // 证书管理 List convertList = Lists.newArrayList(); for (Object object : auditList) { PxyObjKeyring cfg = (PxyObjKeyring)object; convertList.add(BaseService.convertCallBackProxyObjKeyring(cfg)); } if(convertList.size() > 0) { auditList = convertList; } }else if(entity.getFunctionId().equals(571)) { // 可信证书颁发机构+证书吊销列表 List convertList = Lists.newArrayList(); for (Object object : auditList) { if(object instanceof PxyObjTrustedCaCert) { PxyObjTrustedCaCert cfg = (PxyObjTrustedCaCert)object; convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(cfg,null)); }else if(object instanceof PxyObjTrustedCaCrl) { PxyObjTrustedCaCrl cfg = (PxyObjTrustedCaCrl)object; convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(null,cfg)); } } if(convertList.size() > 0) { auditList = convertList; } } // 格式转换 --> //调用服务接口取消配置 String json=gsonToJson(auditList); //logger.warn("批量下发配置参数:"+json); if(!StringUtil.isEmpty(auditList)) { logger.warn("批量配置取消个数:"+auditList.size()); } logger.info("回调配置批量失效-下发:start()"); start=System.currentTimeMillis(); //调用服务接口下发配置 ToMaatResult result = ConfigServiceUtil.put(json,2); end=System.currentTimeMillis(); logger.warn("批量响应信息:"+result.getMsg()); logger.warn("回调配置批量失效-下发耗时:end("+(end-start)+")"); } } /** * 配置批量审核不通过 * @param cfgList // 存放域配置类型 及 对应表名 * @param page * @param entity // 保存要审核的状态类 * @param list // 主配置表数据(在调用前查出) * @param hasData // 标识是否还有数据 * @return */ public boolean batchUnApproveMaatData(List> cfgList, Page page, BaseCfg entity, List list, boolean hasData) { // 1.获取所有配置的编译ID List compileIds = new ArrayList(); List spoofingPoolCfgIds = new ArrayList(); for(BaseCfg cfg:list){ if(entity.getServiceId().equals(1028)) { compileIds.add(Integer.parseInt(cfg.getUserRegion1())); }else if(entity.getServiceId().equals(400)) { compileIds.add(cfg.getRegionId()); }else { compileIds.add(cfg.getCompileId()); } if(entity.getServiceId().equals(518)){ // IP_Spoofing spoofingPoolCfgIds.add(cfg.getUserRegion3()); } } // 2.更新配置审核状态(主表) if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) { commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,compileIds,null); // 批量审核并修改配置审核状态(主表) //更新各配置定时任务信息 handelScheduleCfg(list, entity.getTableName(),entity); } // 3.更新域配置审核状态(子表) if(cfgList!=null){ for(Map m:cfgList){ String tableName = m.get("tableName").toString(); if(tableName.equals("pxy_obj_spoofing_ip_pool")) { commonPolicyDao.auditCfgBatch( tableName, entity,spoofingPoolCfgIds,null); }else { commonPolicyDao.auditCfgBatch( tableName, entity,compileIds,null); } } } // 4.判断是否是当前检索条件下最后一页数据 并返回结果 page.setList(list); if(page.isLastPage()){ hasData = false; } return hasData; } public boolean batchDeleteMaatData(List> cfgList, Page page, BaseCfg entity, List list, boolean hasData) { // 1.获取所有配置的编译ID List compileIds = new ArrayList(); List spoofingPoolCfgIds = new ArrayList(); for(BaseCfg cfg:list){ if(entity.getServiceId().equals(1028)) { compileIds.add(Integer.parseInt(cfg.getUserRegion1())); }else if(entity.getServiceId().equals(400)) { compileIds.add(cfg.getRegionId()); }else { compileIds.add(cfg.getCompileId()); } if(entity.getServiceId().equals(518)){ // IP_Spoofing spoofingPoolCfgIds.add(cfg.getUserRegion3()); } cfg.setIsValid(-1); cfg.setIsAudit(0); } // 2.更新配置状态(主表) if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) { commonPolicyDao.deleteCfgBatch(entity.getTableName(), entity,compileIds); // 批量修改配置状态(主表) //更新各配置定时任务信息 handelScheduleCfg(list, entity.getTableName(),entity); } // 3.更新域配置状态(子表) if(cfgList != null){ for(Map m : cfgList){ String tableName = m.get("tableName").toString(); if(tableName.equals("pxy_obj_spoofing_ip_pool")) { commonPolicyDao.deleteCfgBatch(tableName, entity, spoofingPoolCfgIds); }else { commonPolicyDao.deleteCfgBatch(tableName, entity, compileIds); } } } // 4.判断是否是当前检索条件下最后一页数据 并返回结果 page.setList(list); if(page.isLastPage()){ hasData = false; } return hasData; } }