From 7253b90b5d4ea69dea7bfd6ecf6f9411b7dc7ad8 Mon Sep 17 00:00:00 2001
From: HuangXin <huangxin@cmhi.chinamobile.com>
Date: Thu, 7 May 2020 10:26:08 +0800
Subject: [PATCH] =?UTF-8?q?OCT=20REM:=201.=20=E4=BF=AE=E6=AD=A3=E5=90=AF?=
 =?UTF-8?q?=E5=8A=A8=E3=80=81=E5=81=9C=E6=AD=A2=E6=B8=85=E6=B4=97=E4=BB=BB?=
 =?UTF-8?q?=E5=8A=A1=E5=8F=AA=E8=83=BD=E6=8E=A7=E5=88=B6=E4=B8=80=E4=B8=AA?=
 =?UTF-8?q?=E6=B5=81=E9=87=8F=E6=96=B9=E5=90=91=E9=97=AE=E9=A2=98=202.=20?=
 =?UTF-8?q?=E5=88=A0=E9=99=A4DPTech=E8=AE=BE=E5=A4=87=E6=8E=A5=E5=8F=A3?=
 =?UTF-8?q?=E8=AE=BF=E9=97=AE=E5=BC=82=E5=B8=B8=E7=9A=84=E5=A0=86=E6=A0=88?=
 =?UTF-8?q?=E6=89=93=E5=8D=B0=E5=8A=9F=E8=83=BD?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../com/dispose/dispose/impl/DPTechImpl.java  | 143 ++++++++----------
 1 file changed, 66 insertions(+), 77 deletions(-)

diff --git a/src/main/java/com/dispose/dispose/impl/DPTechImpl.java b/src/main/java/com/dispose/dispose/impl/DPTechImpl.java
index 4e896c8e..07e00598 100644
--- a/src/main/java/com/dispose/dispose/impl/DPTechImpl.java
+++ b/src/main/java/com/dispose/dispose/impl/DPTechImpl.java
@@ -1,6 +1,5 @@
 package com.dispose.dispose.impl;
 
-import com.dispose.interceptor.SoapPasswordCallbackHandler;
 import com.dispose.common.ConstValue;
 import com.dispose.common.DeviceCapacity;
 import com.dispose.common.DpTechAttackType;
@@ -10,18 +9,11 @@ import com.dispose.common.IPAddrType;
 import com.dispose.config.DisposeConfigure;
 import com.dispose.dispose.DisposeEntryManager;
 import com.dispose.dispose.po.DeviceInfo;
+import com.dispose.interceptor.SoapPasswordCallbackHandler;
 import com.dispose.pojo.po.DisposeDeviceCapacity;
 import com.dptech.dispose.AbnormalFlowCleaningServicePortType;
-import com.dptech.dispose.ArrayOfDetectionObjectDataForService;
 import com.dptech.dispose.ArrayOfProtectionObjectDataForService;
 import com.dptech.dispose.NtcRequestResultInfo;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import javax.annotation.Resource;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.cxf.endpoint.Client;
 import org.apache.cxf.frontend.ClientProxy;
@@ -32,6 +24,13 @@ import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
 import org.apache.wss4j.dom.WSConstants;
 import org.apache.wss4j.dom.handler.WSHandlerConstants;
 
+import javax.annotation.Resource;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
 /**
  * The type Dp tech.
  */
@@ -61,14 +60,18 @@ public class DPTechImpl implements DisposeEntryManager {
         Map<String, Object> outProps = new HashMap<>();
         outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
 
+        // 配置用户名，密码类型
         outProps.put(WSHandlerConstants.USER, ConstValue.SOAPWrapperConst.USER_NAME);
         outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
+        // 注册密码处理回调函数
         outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, SoapPasswordCallbackHandler.class.getName());
 
+        // 添加WSSecure头部验证信息
         jaxWsProxyFactoryBean.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
 
         this.cleanTypePort = (AbnormalFlowCleaningServicePortType) jaxWsProxyFactoryBean.create();
 
+        // 配置连接，访问超时时间
         Client proxy = ClientProxy.getClient(this.cleanTypePort);
         HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
         HTTPClientPolicy policy = new HTTPClientPolicy();
@@ -104,17 +107,18 @@ public class DPTechImpl implements DisposeEntryManager {
      */
     @Override
     public DeviceInfo getDeviceInfo() {
+        // 当前设备接口不支持，返回模拟数据
         return DeviceInfo.builder()
-                    .vendor("DPTech")
-                    .model("UMC")
-                    .firmware("Unknown")
-                    .os("Windows Server")
-                    .kernel("Windows")
-                    .arch("x86_64")
-                    .memory(-1)
-                    .freeMemory(-1)
-                    .cpuUsed(-1)
-                    .build();
+                .vendor("DPTech")
+                .model("UMC")
+                .firmware("Unknown")
+                .os("Windows Server")
+                .kernel("Windows")
+                .arch("x86_64")
+                .memory(-1)
+                .freeMemory(-1)
+                .cpuUsed(-1)
+                .build();
     }
 
     /**
@@ -127,43 +131,46 @@ public class DPTechImpl implements DisposeEntryManager {
         List<DisposeDeviceCapacity> capList = new ArrayList<>();
 
         try {
+            // 从设备中获取所有检测设备
             String devs = cleanTypePort.getAllDetectDevices();
 
+            // 保存检测能力信息
             if (devs != null && devs.length() > 0) {
                 capList.add(DisposeDeviceCapacity.builder()
-                            .capacity(DeviceCapacity.DETECIVE.getCode())
-                            .tolFlowCapacity(0)
-                            .build());
+                        .capacity(DeviceCapacity.DETECIVE.getCode())
+                        .tolFlowCapacity(0)
+                        .build());
             }
 
+            // 从设备中获取清洗设备
             devs = cleanTypePort.getAllProtectDevices();
 
             if (devs != null && devs.length() > 0) {
                 List<String> proIPv4 = new ArrayList<>();
                 List<String> proIPv6 = new ArrayList<>();
 
+                // 读取清洗设备支持的清洗IP范围
                 ArrayOfProtectionObjectDataForService objs = cleanTypePort.getAllProtectionObjectFromUMC();
+                // 将DPTech设备的IP格式转换成IP访问列表，支持IPv6，IPv4
                 objs.getProtectionObjectDataForService().forEach(v -> {
                     String ipSeg = v.getIpSegment().getValue();
                     if (v.getIpType() == 0 && ipSeg.length() > 0) {
-                        proIPv4.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "")
-                                    .split(",")));
+                        proIPv4.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "").split(",")));
                     } else if (v.getIpType() == 1 && ipSeg.length() > 0) {
-                        proIPv6.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "")
-                                    .split(",")));
+                        proIPv6.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "").split(",")));
                     }
                 });
 
+                // 保存清洗能力信息
                 capList.add(DisposeDeviceCapacity.builder()
-                            .capacity(DeviceCapacity.CLEANUP.getCode())
-                            .tolFlowCapacity(0)
-                            .protectIpV4(proIPv4.toArray(new String[0]))
-                            .protectIpV6(proIPv6.toArray(new String[0]))
-                            .build());
+                        .capacity(DeviceCapacity.CLEANUP.getCode())     // 清洗能力
+                        .tolFlowCapacity(0)
+                        .protectIpV4(proIPv4.toArray(new String[0]))    // IPv4范围
+                        .protectIpV6(proIPv6.toArray(new String[0]))    // IPv6范围
+                        .build());
             }
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
         }
 
         return capList;
@@ -177,14 +184,14 @@ public class DPTechImpl implements DisposeEntryManager {
     @Override
     public boolean getDeviceLinkStatus() {
         try {
-            List<ArrayOfProtectionObjectDataForService> objs = getAllProtectionObject();
-
-            return objs != null;
+            // 获取防护对象接口调用成功认为设备心跳正常
+            getAllProtectionObject();
+            return true;
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
-            return false;
         }
+
+        return false;
     }
 
     /**
@@ -196,32 +203,35 @@ public class DPTechImpl implements DisposeEntryManager {
      */
     @Override
     public ErrorCode runDispose(String ip, DeviceCapacity type) {
+        ErrorCode err = ErrorCode.ERR_OK;
+        // 当前系统接入设备仅仅支持流量清洗功能
         if (type != DeviceCapacity.CLEANUP) {
             return ErrorCode.ERR_UNSUPPORT;
         }
 
         try {
-            for (int d : new int[]{0, 1}) {
+            log.info("++++Begging DPTech Start Cleanup Task: {}", ip);
+            // DPTech流量清洗需要对入口，出口方向，各种攻击类型分别调用接口下发清洗任务
+            for (int d : new int[]{0, 1}) { // 遍历出口，入口两个方向
+                // 遍历所有清洗类型
                 for (DpTechAttackType t : DpTechAttackType.values()) {
-                    NtcRequestResultInfo ret = cleanTypePort.startAbnormalTaskForUMC(ip,
-                                t.getCode(),
-                                d);
-
+                    NtcRequestResultInfo ret = cleanTypePort.startAbnormalTaskForUMC(ip, t.getCode(), d);
+                    log.debug("Cleanup: {} --> {}:{}", d, t.getReadme(), t.getCode());
                     if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
                         log.error("Start {} cleanup task error: {}", ip, ret.getResultInfo());
                         return ErrorCode.ERR_CALLDEVICE;
                     }
                 }
-
-                return ErrorCode.ERR_OK;
             }
+
+            log.info("----Finish DPTech Start Cleanup Task: {}", ip);
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
-            return ErrorCode.ERR_SYSTEMEXCEPTION;
+            log.error("----Error DPTech Start Cleanup Task: {}", ip);
+            err = ErrorCode.ERR_SYSTEMEXCEPTION;
         }
 
-        return ErrorCode.ERR_INTERRUPT;
+        return err;
     }
 
     /**
@@ -238,27 +248,27 @@ public class DPTechImpl implements DisposeEntryManager {
         }
 
         try {
+            log.info("++++Begging DPTech Start Cleanup Task: {}", ipAddr);
+            // 遍历入口，出口两个方向
             for (int d : new int[]{0, 1}) {
+                // 遍历所有攻击类型的清洗任务
                 for (DpTechAttackType t : DpTechAttackType.values()) {
-                    NtcRequestResultInfo ret = cleanTypePort.stopAbnormalTaskForUMC(ipAddr,
-                                t.getCode(),
-                                d);
+                    NtcRequestResultInfo ret = cleanTypePort.stopAbnormalTaskForUMC(ipAddr, t.getCode(), d);
 
                     if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
                         log.error("Start {} cleanup task error: {}", ipAddr, ret.getResultInfo());
                         return ErrorCode.ERR_CALLDEVICE;
                     }
                 }
-
-                return ErrorCode.ERR_OK;
             }
+
+            log.info("----Finish DPTech Stop Cleanup Task: {}", ipAddr);
+            return ErrorCode.ERR_OK;
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
+            log.error("----Error DPTech Stop Cleanup Task: {}", ipAddr);
             return ErrorCode.ERR_SYSTEMEXCEPTION;
         }
-
-        return ErrorCode.ERR_INTERRUPT;
     }
 
     /**
@@ -274,7 +284,6 @@ public class DPTechImpl implements DisposeEntryManager {
             return (T) cleanTypePort.getAllDetectionObjectFromUMC().getDetectionObjectDataForService();
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
             return null;
         }
     }
@@ -290,27 +299,9 @@ public class DPTechImpl implements DisposeEntryManager {
     public <T> T getAllProtectionObject() {
         try {
             return (T) cleanTypePort.getAllProtectionObjectFromUMC().getProtectionObjectDataForService();
-        } catch (Exception ex) {
-            //log.error(ex.getMessage());
-            //ex.printStackTrace();
-            return null;
-        }
-    }
-
-    /**
-     * Gets detection object device json.
-     *
-     * @return the detection object device json
-     */
-    public String getDetectionObjectDeviceJson() {
-        try {
-            ArrayOfDetectionObjectDataForService typePort = cleanTypePort.getAllDetectionObjectFromUMC();
-            ObjectMapper mapper = new ObjectMapper();
-            return mapper.writerWithDefaultPrettyPrinter().writeValueAsString(typePort);
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
-            return "{}";
+            return null;
         }
     }
 
@@ -325,7 +316,6 @@ public class DPTechImpl implements DisposeEntryManager {
             return cleanTypePort.getAllProtectDevices();
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
             return "";
         }
     }
@@ -341,7 +331,6 @@ public class DPTechImpl implements DisposeEntryManager {
             return cleanTypePort.getAllDetectDevices();
         } catch (Exception ex) {
             log.error(ex.getMessage());
-            ex.printStackTrace();
             return "";
         }
     }