gfwleak/k18-ntcs-web-ntc
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
This repository has been archived on 2025-09-14. You can view files and clone it, but cannot push or open issues or pull requests.
Files
2c19901ef8b8eac5a2438111edb47f0849586313
k18-ntcs-web-ntc/src/main/java/com/nis/web/service/configuration/CommonPolicyService.java
zhangwenqing 2c19901ef8 修正回调类配置批量取消失败问题
2019-04-25 14:30:53 +08:00

550 lines
21 KiB
Java
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

package com.nis.web.service.configuration;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import com.google.common.collect.Lists;
import com.nis.domain.Page;
import com.nis.domain.callback.InlineIp;
import com.nis.domain.callback.NtcDnsResStrategy;
import com.nis.domain.callback.ProxyObjKeyring;
import com.nis.domain.callback.ProxyObjTrustedCa;
import com.nis.domain.configuration.BaseCfg;
import com.nis.domain.configuration.CfgIndexInfo;
import com.nis.domain.configuration.DnsIpCfg;
import com.nis.domain.configuration.DnsResStrategy;
import com.nis.domain.configuration.IpPortCfg;
import com.nis.domain.configuration.PxyObjKeyring;
import com.nis.domain.configuration.PxyObjSpoofingIpPool;
import com.nis.domain.configuration.PxyObjTrustedCaCert;
import com.nis.domain.configuration.PxyObjTrustedCaCrl;
import com.nis.domain.maat.GroupReuseAddBean;
import com.nis.domain.maat.GroupReuseCfg;
import com.nis.domain.maat.MaatCfg;
import com.nis.domain.maat.MaatCfg.IpCfg;
import com.nis.domain.maat.ToMaatBean;
import com.nis.domain.maat.ToMaatResult;
import com.nis.util.ConfigServiceUtil;
import com.nis.util.Constants;
import com.nis.util.StringUtil;
import com.nis.web.dao.configuration.CommonPolicyDao;
import com.nis.web.dao.configuration.ConfigSynchronizationDao;
import com.nis.web.dao.configuration.PxyObjSpoofingIpPoolDao;
import com.nis.web.dao.configuration.WebsiteCfgDao;
import com.nis.web.security.UserUtils;
import com.nis.web.service.BaseService;
import com.nis.web.service.CrudService;
@Service
public class CommonPolicyService extends CrudService<WebsiteCfgDao, CfgIndexInfo> {
@Autowired
protected CommonPolicyDao commonPolicyDao;
@Autowired
protected ConfigSynchronizationDao synchronizationDao;
@Autowired
protected PxyObjSpoofingIpPoolDao pxyObjSpoofingIpPoolDao;
/**
* maat配置批量失效
* @param cfgList
* @param page
* @param entity
* @param list
* @param hasData
* @return
* @throws NoSuchFieldException
* @throws SecurityException
* @throws IllegalArgumentException
* @throws IllegalAccessException
*/
public boolean auditNtcMaatData(List<Map<String,Object>> cfgList,
Page page,
BaseCfg entity,
List<BaseCfg> list,
boolean hasData)throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException{
long start=System.currentTimeMillis();
long end=System.currentTimeMillis();
ToMaatBean maatBean;
MaatCfg maatCfg;
List<MaatCfg> configCompileList;
maatBean = new ToMaatBean();
configCompileList = new ArrayList();
List<Integer> compileIds = new ArrayList();
List<String> spoofingPoolCfgIds = new ArrayList();
for(BaseCfg cfg:list){
compileIds.add(cfg.getCompileId());
if(entity.getServiceId().equals(518)){ // IP_Spoofing
spoofingPoolCfgIds.add(cfg.getUserRegion3());
}
}
if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) {
List auditHttpCompileIds= new ArrayList();
List deleteHttpCompileIds= new ArrayList();
//http关键字配置失效获取与其匹配的http url配置
if(entity.getServiceId().equals(152) || entity.getServiceId().equals(40)) {
List<CfgIndexInfo> httpUrlCfgs=commonPolicyDao.getHttpUrlCfgBySourceCompileId(compileIds);
if(!StringUtil.isEmpty(httpUrlCfgs)) {
for (CfgIndexInfo httpUrlCfg: httpUrlCfgs) {
//审核通过的
if(httpUrlCfg.getIsValid().equals(1) && httpUrlCfg.getIsAudit().equals(1)) {
auditHttpCompileIds.add(httpUrlCfg.getCompileId());
maatCfg = new MaatCfg();
maatCfg.setCompileId(httpUrlCfg.getCompileId());
maatCfg.setServiceId(httpUrlCfg.getServiceId());
maatCfg.setIsValid(0);//无效
configCompileList.add(maatCfg);
}
//未审核或者审核未通过的
if(httpUrlCfg.getIsValid().equals(0) && (httpUrlCfg.getIsAudit().equals(0) || httpUrlCfg.getIsAudit().equals(2))) {
deleteHttpCompileIds.add(httpUrlCfg.getCompileId());
}
}
}
//更新各配置定时任务信息
handelScheduleCfg(httpUrlCfgs, entity.getTableName(),entity);
}
if(!StringUtil.isEmpty(auditHttpCompileIds)) {
commonPolicyDao.auditCfgBatch("cfg_index_info", entity,auditHttpCompileIds,null);
commonPolicyDao.auditCfgBatch("http_url_cfg", entity,auditHttpCompileIds,null);
}
if(!StringUtil.isEmpty(deleteHttpCompileIds)) {
commonPolicyDao.deleteHttpUrlCfg("cfg_index_info", entity,deleteHttpCompileIds);
commonPolicyDao.deleteHttpUrlCfg("http_url_cfg", entity,deleteHttpCompileIds);
}
commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,compileIds,null);
//更新各配置定时任务信息
handelScheduleCfg(list, entity.getTableName(),entity);
}
if(cfgList!=null){
for(Map<String,Object> m:cfgList){
String tableName = m.get("tableName").toString();
if(tableName.equals("pxy_obj_spoofing_ip_pool")) {
commonPolicyDao.auditCfgBatch( tableName, entity,spoofingPoolCfgIds,null);
}else {
commonPolicyDao.auditCfgBatch( tableName, entity,compileIds,null);
}
}
}
if(entity.getServiceId().equals(518)){// IP仿冒策略
List<PxyObjSpoofingIpPool> poolList = new ArrayList<PxyObjSpoofingIpPool>();
String json="";
for (String cfgId : spoofingPoolCfgIds) {
PxyObjSpoofingIpPool pool = pxyObjSpoofingIpPoolDao.getPxyObjSpoofingIpPool(Long.parseLong(cfgId));
PxyObjSpoofingIpPool cfg = new PxyObjSpoofingIpPool();
cfg.setIsValid(0);
cfg.setCompileId(pool.getCompileId());
cfg.setServiceId(pool.getServiceId());
poolList.add(cfg);
}
// 调用服务接口取消配置
json=gsonToJson(poolList);
// logger.info("欺骗IP池配置批量失效参数"+json);
// 调用服务接口取消配置
try {
ToMaatResult result = ConfigServiceUtil.put(json, 2);
logger.info("欺骗IP池配置批量失效响应信息"+result.getMsg());
} catch (Exception e) {
logger.info("欺骗IP池配置批量失效失败");
throw e;
}
}
for(BaseCfg cfg:list){
maatCfg = new MaatCfg();
maatCfg.setCompileId(cfg.getCompileId());
maatCfg.setServiceId(cfg.getServiceId());
maatCfg.setIsValid(0);//无效
configCompileList.add(maatCfg);
}
page.setList(list);
if(page.isLastPage()){
hasData = false;
}
if(!StringUtil.isEmpty(configCompileList.size())){
maatBean.setConfigCompileList(configCompileList);
maatBean.setAuditTime(entity.getAuditTime());
maatBean.setCreatorName(entity.getCurrentUser().getName());
maatBean.setVersion(Constants.MAAT_VERSION);
maatBean.setOpAction(Constants.UPDATE_ACTION);
//调用服务接口取消配置
String json=gsonToJson(maatBean);
if(!StringUtil.isEmpty(list)) {
logger.warn("批量配置取消("+page.getPageNo()+"次)个数:"+list.size());
}
//调用服务接口下发配置
logger.warn("Maat配置批量失效-下发start()");
//logger.warn("Maat配置批量失效-下发start()"+json);
start=System.currentTimeMillis();
ToMaatResult result = ConfigServiceUtil.put(json,1);
end=System.currentTimeMillis();
logger.warn("配置取消配置响应信息:"+result.getMsg());
logger.warn("Maat配置批量失效-下发end("+(end-start)+")");
}
return hasData;
}
public List<IpPortCfg> getIpDropList(String tabName,List compileIds){
return synchronizationDao.getIpDropList(tabName, compileIds);
}
public List<IpPortCfg> getIpPortList(IpPortCfg entity){
return synchronizationDao.getIpPortListByService(entity);
}
public List<PxyObjTrustedCaCrl> getPxyObjTrustedCrlCfgListByCertId(List certIds){
return synchronizationDao.getPxyObjTrustedCrlCfgListByCertId(certIds);
}
/**
* IP复用配置取消
* @param cfgList
* @param page
* @param auditMap
* @param hasData
* @return
*/
public boolean auditReuseConfigData(
Page page,
BaseCfg entity,
Map<Integer, List> auditMap,
boolean hasData){
long start=System.currentTimeMillis();
long end=System.currentTimeMillis();
long totolSize=0;
if(page.isLastPage()){
hasData = false;
}
List<Integer> regionIds = new ArrayList();
for(Entry<Integer, List> e:auditMap.entrySet()) {
List<BaseCfg> list=e.getValue();
for (BaseCfg baseCfg : list) {
if("asn_ip_cfg".equals(entity.getTableName())) {
regionIds.add(baseCfg.getRegionId());
}else {
regionIds.add(Integer.parseInt(baseCfg.getUserRegion1()));
}
}
totolSize=totolSize+list.size();
}
start=System.currentTimeMillis();
logger.warn("APP IP配置批量失效-数据库状态变更start()");
commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,regionIds,null);
end=System.currentTimeMillis();
logger.warn("APP IP配置批量失效-数据库状态变更end("+(end-start)+")");
//已经下发过的,调用分组复用配置删除接口
if(!auditMap.isEmpty()) {
GroupReuseAddBean maatBean = new GroupReuseAddBean();
List<GroupReuseCfg> groupReuseList=new ArrayList<>();
GroupReuseCfg groupReuseCfg=new GroupReuseCfg();
List<IpCfg> ipRegionList=new ArrayList<>();
for (Integer groupId : auditMap.keySet()) {
ipRegionList.addAll(groupReuseCfgAddRemoveConvert(auditMap.get(groupId),Constants.VALID_NO,groupId));
}
groupReuseCfg.setIpRegionList(ipRegionList);
groupReuseCfg.setStrRegionList(null);
groupReuseCfg.setNumRegionList(null);
groupReuseList.add(groupReuseCfg);
maatBean.setGroupReuseCfgList(groupReuseList);
maatBean.setAuditTime(new Date());
maatBean.setCreatorName(UserUtils.getUser().getName());
maatBean.setVersion(Constants.MAAT_VERSION);
maatBean.setOpAction(Constants.UPDATE_ACTION);
//调用服务接口下发配置数据
String json=gsonToJson(maatBean);
logger.warn("app协议IP域配置批量取消"+page.getPageNo()+"次):"+ipRegionList.size());
//logger.info("app协议IP域配置批量取消"+json);
//调用服务接口下发配置
logger.warn("APP IP配置批量失效-下发start()");
start=System.currentTimeMillis();
ToMaatResult result = ConfigServiceUtil.put(json,3);
end=System.currentTimeMillis();
logger.warn("app协议IP域配置批量取消响应信息"+result.getMsg());
logger.warn("APP IP配置批量失效-下发end("+(end-start)+")");
}
return hasData;
}
/**
* 回调类配置下发
* @param className
* @param page
* @param entity
* @param hasData
* @param isUpdateCfg
* @throws ClassNotFoundException
*/
public void auditCallBackData(List auditList,List notAuditList,List compileIds,List ids,BaseCfg entity){
long start=System.currentTimeMillis();
long end=System.currentTimeMillis();
if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) {
commonPolicyDao.auditCfgBatch("cfg_index_info", entity,compileIds,null);
commonPolicyDao.auditCfgBatch("ip_port_cfg", entity,compileIds,null);
if(entity.getIsAudit()!=1) {
//更新各配置定时任务信息
handelScheduleCfg(auditList, entity.getTableName(),entity);
//更新各配置定时任务信息
handelScheduleCfg(notAuditList, entity.getTableName(),entity);
}
}
if(!StringUtil.isEmpty(ids) && !StringUtil.isEmpty(entity.getTableName())) {
commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,ids,null);
if(entity.getIsAudit()!=1) {
//更新各配置定时任务信息
handelScheduleCfg(auditList, entity.getTableName(),entity);
//更新各配置定时任务信息
handelScheduleCfg(notAuditList, entity.getTableName(),entity);
}
if(entity.getTableName().equals("pxy_obj_trusted_ca_cert")) {
commonPolicyDao.auditCfgBatch("pxy_obj_trusted_ca_crl", entity,ids,null);
}
}
if(entity.getIsAudit()==1){
// 格式转换 -->
if(entity.getServiceId().equals(3)){ // IP Address Drop
List<InlineIp> convertList = Lists.newArrayList();
for (Object object : notAuditList) {
IpPortCfg cfg = (IpPortCfg)object;
convertList.add(BaseService.convertCallBackIp(cfg,cfg.getGroupId()));
}
if(convertList.size() > 0) {
notAuditList = convertList;
}
}else if(entity.getServiceId().equals(65)) { // DNS响应策略
List<NtcDnsResStrategy> convertList = Lists.newArrayList();
for (Object object : notAuditList) {
DnsResStrategy cfg = (DnsResStrategy)object;
convertList.add(BaseService.convertCallBackDnsResStrategy(cfg));
}
if(convertList.size() > 0) {
notAuditList = convertList;
}
}else if(entity.getServiceId().equals(64)) { // DNS欺骗IP
List<InlineIp> convertList = Lists.newArrayList();
for (Object object : notAuditList) {
DnsIpCfg cfg = (DnsIpCfg)object;
convertList.add(BaseService.convertCallBackIp(cfg,cfg.getDnsStrategyId()));
}
if(convertList.size() > 0) {
notAuditList = convertList;
}
}else if(entity.getServiceId().equals(520)) { // 证书管理
List<ProxyObjKeyring> convertList = Lists.newArrayList();
for (Object object : notAuditList) {
PxyObjKeyring cfg = (PxyObjKeyring)object;
convertList.add(BaseService.convertCallBackProxyObjKeyring(cfg));
}
if(convertList.size() > 0) {
notAuditList = convertList;
}
}else if(entity.getFunctionId().equals(571)) { // 可信证书颁发机构+证书吊销列表
List<ProxyObjTrustedCa> convertList = Lists.newArrayList();
for (Object object : notAuditList) {
if(object instanceof PxyObjTrustedCaCert) {
PxyObjTrustedCaCert cfg = (PxyObjTrustedCaCert)object;
convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(cfg,null));
}else if(object instanceof PxyObjTrustedCaCrl) {
PxyObjTrustedCaCrl cfg = (PxyObjTrustedCaCrl)object;
convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(null,cfg));
}
}
if(convertList.size() > 0) {
notAuditList = convertList;
}
}
// 格式转换 -->
//调用服务接口下发配置数据
String json=gsonToJson(notAuditList);
//logger.warn("批量下发配置参数:"+json);
//调用服务接口下发配置
ToMaatResult result = ConfigServiceUtil.postCallbackCfg(json);
logger.warn("批量下发响应信息:"+result.getMsg());
}else if(entity.getIsAudit()==3){
// 格式转换 -->
if(entity.getServiceId().equals(3)){ // IP Address Drop
List<InlineIp> convertList = Lists.newArrayList();
for (Object object : auditList) {
IpPortCfg cfg = (IpPortCfg)object;
convertList.add(BaseService.convertCallBackIp(cfg,cfg.getGroupId()));
}
if(convertList.size() > 0) {
auditList = convertList;
}
}else if(entity.getServiceId().equals(65)) { // DNS响应策略
List<NtcDnsResStrategy> convertList = Lists.newArrayList();
for (Object object : auditList) {
DnsResStrategy cfg = (DnsResStrategy)object;
convertList.add(BaseService.convertCallBackDnsResStrategy(cfg));
}
if(convertList.size() > 0) {
auditList = convertList;
}
}else if(entity.getServiceId().equals(64)) { // DNS欺骗IP
List<InlineIp> convertList = Lists.newArrayList();
for (Object object : auditList) {
DnsIpCfg cfg = (DnsIpCfg)object;
convertList.add(BaseService.convertCallBackIp(cfg,cfg.getDnsStrategyId()));
}
if(convertList.size() > 0) {
auditList = convertList;
}
}else if(entity.getServiceId().equals(520)) { // 证书管理
List<ProxyObjKeyring> convertList = Lists.newArrayList();
for (Object object : auditList) {
PxyObjKeyring cfg = (PxyObjKeyring)object;
convertList.add(BaseService.convertCallBackProxyObjKeyring(cfg));
}
if(convertList.size() > 0) {
auditList = convertList;
}
}else if(entity.getFunctionId().equals(571)) { // 可信证书颁发机构+证书吊销列表
List<ProxyObjTrustedCa> convertList = Lists.newArrayList();
for (Object object : auditList) {
if(object instanceof PxyObjTrustedCaCert) {
PxyObjTrustedCaCert cfg = (PxyObjTrustedCaCert)object;
convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(cfg,null));
}else if(object instanceof PxyObjTrustedCaCrl) {
PxyObjTrustedCaCrl cfg = (PxyObjTrustedCaCrl)object;
convertList.addAll(BaseService.convertCallBackProxyObjTrustedCa(null,cfg));
}
}
if(convertList.size() > 0) {
auditList = convertList;
}
}
// 格式转换 -->
//调用服务接口取消配置
String json=gsonToJson(auditList);
//logger.warn("批量下发配置参数:"+json);
if(!StringUtil.isEmpty(auditList)) {
logger.warn("批量配置取消个数:"+auditList.size());
}
logger.info("回调配置批量失效-下发start()");
start=System.currentTimeMillis();
//调用服务接口下发配置
ToMaatResult result = ConfigServiceUtil.put(json,2);
end=System.currentTimeMillis();
logger.warn("批量响应信息:"+result.getMsg());
logger.warn("回调配置批量失效-下发耗时end("+(end-start)+")");
}
}
/**
* 配置批量审核不通过
* @param cfgList // 存放域配置类型 及 对应表名
* @param page
* @param entity // 保存要审核的状态类
* @param list // 主配置表数据(在调用前查出)
* @param hasData // 标识是否还有数据
* @return
*/
public boolean batchUnApproveMaatData(List<Map<String, Object>> cfgList, Page page, BaseCfg entity,
List<BaseCfg> list, boolean hasData) {
// 1.获取所有配置的编译ID
List<Integer> compileIds = new ArrayList();
List<String> spoofingPoolCfgIds = new ArrayList();
for(BaseCfg cfg:list){
if(entity.getServiceId().equals(1028)) {
compileIds.add(Integer.parseInt(cfg.getUserRegion1()));
}else if(entity.getServiceId().equals(400)) {
compileIds.add(cfg.getRegionId());
}else {
compileIds.add(cfg.getCompileId());
}
if(entity.getServiceId().equals(518)){ // IP_Spoofing
spoofingPoolCfgIds.add(cfg.getUserRegion3());
}
}
// 2.更新配置审核状态(主表)
if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) {
commonPolicyDao.auditCfgBatch( entity.getTableName(), entity,compileIds,null); // 批量审核并修改配置审核状态(主表)
//更新各配置定时任务信息
handelScheduleCfg(list, entity.getTableName(),entity);
}
// 3.更新域配置审核状态(子表)
if(cfgList!=null){
for(Map<String,Object> m:cfgList){
String tableName = m.get("tableName").toString();
if(tableName.equals("pxy_obj_spoofing_ip_pool")) {
commonPolicyDao.auditCfgBatch( tableName, entity,spoofingPoolCfgIds,null);
}else {
commonPolicyDao.auditCfgBatch( tableName, entity,compileIds,null);
}
}
}
// 4.判断是否是当前检索条件下最后一页数据 并返回结果
page.setList(list);
if(page.isLastPage()){
hasData = false;
}
return hasData;
}
public boolean batchDeleteMaatData(List<Map<String, Object>> cfgList, Page page, BaseCfg entity,
List<BaseCfg> list, boolean hasData) {
// 1.获取所有配置的编译ID
List<Integer> compileIds = new ArrayList();
List<String> spoofingPoolCfgIds = new ArrayList();
for(BaseCfg cfg:list){
if(entity.getServiceId().equals(1028)) {
compileIds.add(Integer.parseInt(cfg.getUserRegion1()));
}else if(entity.getServiceId().equals(400)) {
compileIds.add(cfg.getRegionId());
}else {
compileIds.add(cfg.getCompileId());
}
if(entity.getServiceId().equals(518)){ // IP_Spoofing
spoofingPoolCfgIds.add(cfg.getUserRegion3());
}
cfg.setIsValid(-1);
cfg.setIsAudit(0);
}
// 2.更新配置状态(主表)
if(!StringUtil.isEmpty(compileIds) && !StringUtil.isEmpty(entity.getTableName())) {
commonPolicyDao.deleteCfgBatch(entity.getTableName(), entity,compileIds); // 批量修改配置状态(主表)
//更新各配置定时任务信息
handelScheduleCfg(list, entity.getTableName(),entity);
}
// 3.更新域配置状态(子表)
if(cfgList != null){
for(Map<String,Object> m : cfgList){
String tableName = m.get("tableName").toString();
if(tableName.equals("pxy_obj_spoofing_ip_pool")) {
commonPolicyDao.deleteCfgBatch(tableName, entity, spoofingPoolCfgIds);
}else {
commonPolicyDao.deleteCfgBatch(tableName, entity, compileIds);
}
}
}
// 4.判断是否是当前检索条件下最后一页数据 并返回结果
page.setList(list);
if(page.isLastPage()){
hasData = false;
}
return hasData;
}
}
Reference in New Issue View Git Blame Copy Permalink