cmhi
/
dispose
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

OCT 

REM:
1. 修正启动、停止清洗任务只能控制一个流量方向问题
2. 删除DPTech设备接口访问异常的堆栈打印功能
This commit is contained in:
HuangXin 2020-05-07 10:26:08 +08:00
parent 7dac407c9c
commit 7253b90b5d
1 changed files with 66 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
src/main/java/com/dispose/dispose/impl/DPTechImpl.java
View File

@ -1,6 +1,5 @@
package com.dispose.dispose.impl;
import com.dispose.interceptor.SoapPasswordCallbackHandler;
import com.dispose.common.ConstValue;
import com.dispose.common.DeviceCapacity;
import com.dispose.common.DpTechAttackType;
@ -10,18 +9,11 @@ import com.dispose.common.IPAddrType;
import com.dispose.config.DisposeConfigure;
import com.dispose.dispose.DisposeEntryManager;
import com.dispose.dispose.po.DeviceInfo;
import com.dispose.interceptor.SoapPasswordCallbackHandler;
import com.dispose.pojo.po.DisposeDeviceCapacity;
import com.dptech.dispose.AbnormalFlowCleaningServicePortType;
import com.dptech.dispose.ArrayOfDetectionObjectDataForService;
import com.dptech.dispose.ArrayOfProtectionObjectDataForService;
import com.dptech.dispose.NtcRequestResultInfo;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import lombok.extern.slf4j.Slf4j;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
@ -32,6 +24,13 @@ import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import javax.annotation.Resource;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* The type Dp tech.
*/
@ -61,14 +60,18 @@ public class DPTechImpl implements DisposeEntryManager {
Map<String, Object> outProps = new HashMap<>();
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
// 配置用户名密码类型
outProps.put(WSHandlerConstants.USER, ConstValue.SOAPWrapperConst.USER_NAME);
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
// 注册密码处理回调函数
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, SoapPasswordCallbackHandler.class.getName());
// 添加WSSecure头部验证信息
jaxWsProxyFactoryBean.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
this.cleanTypePort = (AbnormalFlowCleaningServicePortType) jaxWsProxyFactoryBean.create();
// 配置连接访问超时时间
Client proxy = ClientProxy.getClient(this.cleanTypePort);
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
HTTPClientPolicy policy = new HTTPClientPolicy();
@ -104,17 +107,18 @@ public class DPTechImpl implements DisposeEntryManager {
*/
@Override
public DeviceInfo getDeviceInfo() {
// 当前设备接口不支持返回模拟数据
return DeviceInfo.builder()
.vendor("DPTech")
.model("UMC")
.firmware("Unknown")
.os("Windows Server")
.kernel("Windows")
.arch("x86_64")
.memory(-1)
.freeMemory(-1)
.cpuUsed(-1)
.build();
.vendor("DPTech")
.model("UMC")
.firmware("Unknown")
.os("Windows Server")
.kernel("Windows")
.arch("x86_64")
.memory(-1)
.freeMemory(-1)
.cpuUsed(-1)
.build();
}
/**
@ -127,43 +131,46 @@ public class DPTechImpl implements DisposeEntryManager {
List<DisposeDeviceCapacity> capList = new ArrayList<>();
try {
// 从设备中获取所有检测设备
String devs = cleanTypePort.getAllDetectDevices();
// 保存检测能力信息
if (devs != null && devs.length() > 0) {
capList.add(DisposeDeviceCapacity.builder()
.capacity(DeviceCapacity.DETECIVE.getCode())
.tolFlowCapacity(0)
.build());
.capacity(DeviceCapacity.DETECIVE.getCode())
.tolFlowCapacity(0)
.build());
}
// 从设备中获取清洗设备
devs = cleanTypePort.getAllProtectDevices();
if (devs != null && devs.length() > 0) {
List<String> proIPv4 = new ArrayList<>();
List<String> proIPv6 = new ArrayList<>();
// 读取清洗设备支持的清洗IP范围
ArrayOfProtectionObjectDataForService objs = cleanTypePort.getAllProtectionObjectFromUMC();
// 将DPTech设备的IP格式转换成IP访问列表支持IPv6IPv4
objs.getProtectionObjectDataForService().forEach(v -> {
String ipSeg = v.getIpSegment().getValue();
if (v.getIpType() == 0 && ipSeg.length() > 0) {
proIPv4.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "")
.split(",")));
proIPv4.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "").split(",")));
} else if (v.getIpType() == 1 && ipSeg.length() > 0) {
proIPv6.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "")
.split(",")));
proIPv6.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "").split(",")));
}
});
// 保存清洗能力信息
capList.add(DisposeDeviceCapacity.builder()
.capacity(DeviceCapacity.CLEANUP.getCode())
.tolFlowCapacity(0)
.protectIpV4(proIPv4.toArray(new String[0]))
.protectIpV6(proIPv6.toArray(new String[0]))
.build());
.capacity(DeviceCapacity.CLEANUP.getCode()) // 清洗能力
.tolFlowCapacity(0)
.protectIpV4(proIPv4.toArray(new String[0])) // IPv4范围
.protectIpV6(proIPv6.toArray(new String[0])) // IPv6范围
.build());
}
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
}
return capList;
@ -177,14 +184,14 @@ public class DPTechImpl implements DisposeEntryManager {
@Override
public boolean getDeviceLinkStatus() {
try {
List<ArrayOfProtectionObjectDataForService> objs = getAllProtectionObject();
return objs != null;
// 获取防护对象接口调用成功认为设备心跳正常
getAllProtectionObject();
return true;
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
return false;
}
return false;
}
/**
@ -196,32 +203,35 @@ public class DPTechImpl implements DisposeEntryManager {
*/
@Override
public ErrorCode runDispose(String ip, DeviceCapacity type) {
ErrorCode err = ErrorCode.ERR_OK;
// 当前系统接入设备仅仅支持流量清洗功能
if (type != DeviceCapacity.CLEANUP) {
return ErrorCode.ERR_UNSUPPORT;
}
try {
for (int d : new int[]{0, 1}) {
log.info("++++Begging DPTech Start Cleanup Task: {}", ip);
// DPTech流量清洗需要对入口出口方向各种攻击类型分别调用接口下发清洗任务
for (int d : new int[]{0, 1}) { // 遍历出口入口两个方向
// 遍历所有清洗类型
for (DpTechAttackType t : DpTechAttackType.values()) {
NtcRequestResultInfo ret = cleanTypePort.startAbnormalTaskForUMC(ip,
t.getCode(),
d);
NtcRequestResultInfo ret = cleanTypePort.startAbnormalTaskForUMC(ip, t.getCode(), d);
log.debug("Cleanup: {} --> {}:{}", d, t.getReadme(), t.getCode());
if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
log.error("Start {} cleanup task error: {}", ip, ret.getResultInfo());
return ErrorCode.ERR_CALLDEVICE;
}
}
return ErrorCode.ERR_OK;
}
log.info("----Finish DPTech Start Cleanup Task: {}", ip);
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
return ErrorCode.ERR_SYSTEMEXCEPTION;
log.error("----Error DPTech Start Cleanup Task: {}", ip);
err = ErrorCode.ERR_SYSTEMEXCEPTION;
}
return ErrorCode.ERR_INTERRUPT;
return err;
}
/**
@ -238,27 +248,27 @@ public class DPTechImpl implements DisposeEntryManager {
}
try {
log.info("++++Begging DPTech Start Cleanup Task: {}", ipAddr);
// 遍历入口出口两个方向
for (int d : new int[]{0, 1}) {
// 遍历所有攻击类型的清洗任务
for (DpTechAttackType t : DpTechAttackType.values()) {
NtcRequestResultInfo ret = cleanTypePort.stopAbnormalTaskForUMC(ipAddr,
t.getCode(),
d);
NtcRequestResultInfo ret = cleanTypePort.stopAbnormalTaskForUMC(ipAddr, t.getCode(), d);
if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
log.error("Start {} cleanup task error: {}", ipAddr, ret.getResultInfo());
return ErrorCode.ERR_CALLDEVICE;
}
}
return ErrorCode.ERR_OK;
}
log.info("----Finish DPTech Stop Cleanup Task: {}", ipAddr);
return ErrorCode.ERR_OK;
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
log.error("----Error DPTech Stop Cleanup Task: {}", ipAddr);
return ErrorCode.ERR_SYSTEMEXCEPTION;
}
return ErrorCode.ERR_INTERRUPT;
}
/**
@ -274,7 +284,6 @@ public class DPTechImpl implements DisposeEntryManager {
return (T) cleanTypePort.getAllDetectionObjectFromUMC().getDetectionObjectDataForService();
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
return null;
}
}
@ -290,27 +299,9 @@ public class DPTechImpl implements DisposeEntryManager {
public <T> T getAllProtectionObject() {
try {
return (T) cleanTypePort.getAllProtectionObjectFromUMC().getProtectionObjectDataForService();
} catch (Exception ex) {
//log.error(ex.getMessage());
//ex.printStackTrace();
return null;
}
}
/**
* Gets detection object device json.
*
* @return the detection object device json
*/
public String getDetectionObjectDeviceJson() {
try {
ArrayOfDetectionObjectDataForService typePort = cleanTypePort.getAllDetectionObjectFromUMC();
ObjectMapper mapper = new ObjectMapper();
return mapper.writerWithDefaultPrettyPrinter().writeValueAsString(typePort);
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
return "{}";
return null;
}
}
@ -325,7 +316,6 @@ public class DPTechImpl implements DisposeEntryManager {
return cleanTypePort.getAllProtectDevices();
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
return "";
}
}
@ -341,7 +331,6 @@ public class DPTechImpl implements DisposeEntryManager {
return cleanTypePort.getAllDetectDevices();
} catch (Exception ex) {
log.error(ex.getMessage());
ex.printStackTrace();
return "";
}
}