OCT
REM: 1. 修正启动、停止清洗任务只能控制一个流量方向问题 2. 删除DPTech设备接口访问异常的堆栈打印功能
This commit is contained in:
HuangXin
parent
7dac407c9c
commit
7253b90b5d
|
|
@ -1,6 +1,5 @@
|
||||||
package com.dispose.dispose.impl;
|
package com.dispose.dispose.impl;
|
||||||
|
|
||||||
import com.dispose.interceptor.SoapPasswordCallbackHandler;
|
|
||||||
import com.dispose.common.ConstValue;
|
import com.dispose.common.ConstValue;
|
||||||
import com.dispose.common.DeviceCapacity;
|
import com.dispose.common.DeviceCapacity;
|
||||||
import com.dispose.common.DpTechAttackType;
|
import com.dispose.common.DpTechAttackType;
|
||||||
|
|
@ -10,18 +9,11 @@ import com.dispose.common.IPAddrType;
|
||||||
import com.dispose.config.DisposeConfigure;
|
import com.dispose.config.DisposeConfigure;
|
||||||
import com.dispose.dispose.DisposeEntryManager;
|
import com.dispose.dispose.DisposeEntryManager;
|
||||||
import com.dispose.dispose.po.DeviceInfo;
|
import com.dispose.dispose.po.DeviceInfo;
|
||||||
|
import com.dispose.interceptor.SoapPasswordCallbackHandler;
|
||||||
import com.dispose.pojo.po.DisposeDeviceCapacity;
|
import com.dispose.pojo.po.DisposeDeviceCapacity;
|
||||||
import com.dptech.dispose.AbnormalFlowCleaningServicePortType;
|
import com.dptech.dispose.AbnormalFlowCleaningServicePortType;
|
||||||
import com.dptech.dispose.ArrayOfDetectionObjectDataForService;
|
|
||||||
import com.dptech.dispose.ArrayOfProtectionObjectDataForService;
|
import com.dptech.dispose.ArrayOfProtectionObjectDataForService;
|
||||||
import com.dptech.dispose.NtcRequestResultInfo;
|
import com.dptech.dispose.NtcRequestResultInfo;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
|
||||||
import java.util.ArrayList;
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.HashMap;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Map;
|
|
||||||
import javax.annotation.Resource;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.apache.cxf.endpoint.Client;
|
import org.apache.cxf.endpoint.Client;
|
||||||
import org.apache.cxf.frontend.ClientProxy;
|
import org.apache.cxf.frontend.ClientProxy;
|
||||||
|
|
@ -32,6 +24,13 @@ import org.apache.cxf.ws.security.wss4j.WSS4JOutInterceptor;
|
||||||
import org.apache.wss4j.dom.WSConstants;
|
import org.apache.wss4j.dom.WSConstants;
|
||||||
import org.apache.wss4j.dom.handler.WSHandlerConstants;
|
import org.apache.wss4j.dom.handler.WSHandlerConstants;
|
||||||
|
|
||||||
|
import javax.annotation.Resource;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Arrays;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The type Dp tech.
|
* The type Dp tech.
|
||||||
*/
|
*/
|
||||||
|
|
@ -61,14 +60,18 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
Map<String, Object> outProps = new HashMap<>();
|
Map<String, Object> outProps = new HashMap<>();
|
||||||
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
|
outProps.put(WSHandlerConstants.ACTION, WSHandlerConstants.USERNAME_TOKEN);
|
||||||
|
|
||||||
|
// 配置用户名,密码类型
|
||||||
outProps.put(WSHandlerConstants.USER, ConstValue.SOAPWrapperConst.USER_NAME);
|
outProps.put(WSHandlerConstants.USER, ConstValue.SOAPWrapperConst.USER_NAME);
|
||||||
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
|
outProps.put(WSHandlerConstants.PASSWORD_TYPE, WSConstants.PW_TEXT);
|
||||||
|
// 注册密码处理回调函数
|
||||||
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, SoapPasswordCallbackHandler.class.getName());
|
outProps.put(WSHandlerConstants.PW_CALLBACK_CLASS, SoapPasswordCallbackHandler.class.getName());
|
||||||
|
|
||||||
|
// 添加WSSecure头部验证信息
|
||||||
jaxWsProxyFactoryBean.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
|
jaxWsProxyFactoryBean.getOutInterceptors().add(new WSS4JOutInterceptor(outProps));
|
||||||
|
|
||||||
this.cleanTypePort = (AbnormalFlowCleaningServicePortType) jaxWsProxyFactoryBean.create();
|
this.cleanTypePort = (AbnormalFlowCleaningServicePortType) jaxWsProxyFactoryBean.create();
|
||||||
|
|
||||||
|
// 配置连接,访问超时时间
|
||||||
Client proxy = ClientProxy.getClient(this.cleanTypePort);
|
Client proxy = ClientProxy.getClient(this.cleanTypePort);
|
||||||
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
|
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
|
||||||
HTTPClientPolicy policy = new HTTPClientPolicy();
|
HTTPClientPolicy policy = new HTTPClientPolicy();
|
||||||
|
|
@ -104,17 +107,18 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public DeviceInfo getDeviceInfo() {
|
public DeviceInfo getDeviceInfo() {
|
||||||
|
// 当前设备接口不支持,返回模拟数据
|
||||||
return DeviceInfo.builder()
|
return DeviceInfo.builder()
|
||||||
.vendor("DPTech")
|
.vendor("DPTech")
|
||||||
.model("UMC")
|
.model("UMC")
|
||||||
.firmware("Unknown")
|
.firmware("Unknown")
|
||||||
.os("Windows Server")
|
.os("Windows Server")
|
||||||
.kernel("Windows")
|
.kernel("Windows")
|
||||||
.arch("x86_64")
|
.arch("x86_64")
|
||||||
.memory(-1)
|
.memory(-1)
|
||||||
.freeMemory(-1)
|
.freeMemory(-1)
|
||||||
.cpuUsed(-1)
|
.cpuUsed(-1)
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -127,43 +131,46 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
List<DisposeDeviceCapacity> capList = new ArrayList<>();
|
List<DisposeDeviceCapacity> capList = new ArrayList<>();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
// 从设备中获取所有检测设备
|
||||||
String devs = cleanTypePort.getAllDetectDevices();
|
String devs = cleanTypePort.getAllDetectDevices();
|
||||||
|
|
||||||
|
// 保存检测能力信息
|
||||||
if (devs != null && devs.length() > 0) {
|
if (devs != null && devs.length() > 0) {
|
||||||
capList.add(DisposeDeviceCapacity.builder()
|
capList.add(DisposeDeviceCapacity.builder()
|
||||||
.capacity(DeviceCapacity.DETECIVE.getCode())
|
.capacity(DeviceCapacity.DETECIVE.getCode())
|
||||||
.tolFlowCapacity(0)
|
.tolFlowCapacity(0)
|
||||||
.build());
|
.build());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// 从设备中获取清洗设备
|
||||||
devs = cleanTypePort.getAllProtectDevices();
|
devs = cleanTypePort.getAllProtectDevices();
|
||||||
|
|
||||||
if (devs != null && devs.length() > 0) {
|
if (devs != null && devs.length() > 0) {
|
||||||
List<String> proIPv4 = new ArrayList<>();
|
List<String> proIPv4 = new ArrayList<>();
|
||||||
List<String> proIPv6 = new ArrayList<>();
|
List<String> proIPv6 = new ArrayList<>();
|
||||||
|
|
||||||
|
// 读取清洗设备支持的清洗IP范围
|
||||||
ArrayOfProtectionObjectDataForService objs = cleanTypePort.getAllProtectionObjectFromUMC();
|
ArrayOfProtectionObjectDataForService objs = cleanTypePort.getAllProtectionObjectFromUMC();
|
||||||
|
// 将DPTech设备的IP格式转换成IP访问列表,支持IPv6,IPv4
|
||||||
objs.getProtectionObjectDataForService().forEach(v -> {
|
objs.getProtectionObjectDataForService().forEach(v -> {
|
||||||
String ipSeg = v.getIpSegment().getValue();
|
String ipSeg = v.getIpSegment().getValue();
|
||||||
if (v.getIpType() == 0 && ipSeg.length() > 0) {
|
if (v.getIpType() == 0 && ipSeg.length() > 0) {
|
||||||
proIPv4.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "")
|
proIPv4.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "").split(",")));
|
||||||
.split(",")));
|
|
||||||
} else if (v.getIpType() == 1 && ipSeg.length() > 0) {
|
} else if (v.getIpType() == 1 && ipSeg.length() > 0) {
|
||||||
proIPv6.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "")
|
proIPv6.addAll(Arrays.asList(ipSeg.replaceAll("\\d+_", "").split(",")));
|
||||||
.split(",")));
|
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
|
||||||
|
// 保存清洗能力信息
|
||||||
capList.add(DisposeDeviceCapacity.builder()
|
capList.add(DisposeDeviceCapacity.builder()
|
||||||
.capacity(DeviceCapacity.CLEANUP.getCode())
|
.capacity(DeviceCapacity.CLEANUP.getCode()) // 清洗能力
|
||||||
.tolFlowCapacity(0)
|
.tolFlowCapacity(0)
|
||||||
.protectIpV4(proIPv4.toArray(new String[0]))
|
.protectIpV4(proIPv4.toArray(new String[0])) // IPv4范围
|
||||||
.protectIpV6(proIPv6.toArray(new String[0]))
|
.protectIpV6(proIPv6.toArray(new String[0])) // IPv6范围
|
||||||
.build());
|
.build());
|
||||||
}
|
}
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return capList;
|
return capList;
|
||||||
|
|
@ -177,14 +184,14 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
@Override
|
@Override
|
||||||
public boolean getDeviceLinkStatus() {
|
public boolean getDeviceLinkStatus() {
|
||||||
try {
|
try {
|
||||||
List<ArrayOfProtectionObjectDataForService> objs = getAllProtectionObject();
|
// 获取防护对象接口调用成功认为设备心跳正常
|
||||||
|
getAllProtectionObject();
|
||||||
return objs != null;
|
return true;
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -196,32 +203,35 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public ErrorCode runDispose(String ip, DeviceCapacity type) {
|
public ErrorCode runDispose(String ip, DeviceCapacity type) {
|
||||||
|
ErrorCode err = ErrorCode.ERR_OK;
|
||||||
|
// 当前系统接入设备仅仅支持流量清洗功能
|
||||||
if (type != DeviceCapacity.CLEANUP) {
|
if (type != DeviceCapacity.CLEANUP) {
|
||||||
return ErrorCode.ERR_UNSUPPORT;
|
return ErrorCode.ERR_UNSUPPORT;
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
for (int d : new int[]{0, 1}) {
|
log.info("++++Begging DPTech Start Cleanup Task: {}", ip);
|
||||||
|
// DPTech流量清洗需要对入口,出口方向,各种攻击类型分别调用接口下发清洗任务
|
||||||
|
for (int d : new int[]{0, 1}) { // 遍历出口,入口两个方向
|
||||||
|
// 遍历所有清洗类型
|
||||||
for (DpTechAttackType t : DpTechAttackType.values()) {
|
for (DpTechAttackType t : DpTechAttackType.values()) {
|
||||||
NtcRequestResultInfo ret = cleanTypePort.startAbnormalTaskForUMC(ip,
|
NtcRequestResultInfo ret = cleanTypePort.startAbnormalTaskForUMC(ip, t.getCode(), d);
|
||||||
t.getCode(),
|
log.debug("Cleanup: {} --> {}:{}", d, t.getReadme(), t.getCode());
|
||||||
d);
|
|
||||||
|
|
||||||
if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
|
if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
|
||||||
log.error("Start {} cleanup task error: {}", ip, ret.getResultInfo());
|
log.error("Start {} cleanup task error: {}", ip, ret.getResultInfo());
|
||||||
return ErrorCode.ERR_CALLDEVICE;
|
return ErrorCode.ERR_CALLDEVICE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return ErrorCode.ERR_OK;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.info("----Finish DPTech Start Cleanup Task: {}", ip);
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
log.error("----Error DPTech Start Cleanup Task: {}", ip);
|
||||||
return ErrorCode.ERR_SYSTEMEXCEPTION;
|
err = ErrorCode.ERR_SYSTEMEXCEPTION;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ErrorCode.ERR_INTERRUPT;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -238,27 +248,27 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
}
|
}
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
log.info("++++Begging DPTech Start Cleanup Task: {}", ipAddr);
|
||||||
|
// 遍历入口,出口两个方向
|
||||||
for (int d : new int[]{0, 1}) {
|
for (int d : new int[]{0, 1}) {
|
||||||
|
// 遍历所有攻击类型的清洗任务
|
||||||
for (DpTechAttackType t : DpTechAttackType.values()) {
|
for (DpTechAttackType t : DpTechAttackType.values()) {
|
||||||
NtcRequestResultInfo ret = cleanTypePort.stopAbnormalTaskForUMC(ipAddr,
|
NtcRequestResultInfo ret = cleanTypePort.stopAbnormalTaskForUMC(ipAddr, t.getCode(), d);
|
||||||
t.getCode(),
|
|
||||||
d);
|
|
||||||
|
|
||||||
if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
|
if (ret.getResultRetVal() != ErrorCode.ERR_OK.getCode()) {
|
||||||
log.error("Start {} cleanup task error: {}", ipAddr, ret.getResultInfo());
|
log.error("Start {} cleanup task error: {}", ipAddr, ret.getResultInfo());
|
||||||
return ErrorCode.ERR_CALLDEVICE;
|
return ErrorCode.ERR_CALLDEVICE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return ErrorCode.ERR_OK;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
log.info("----Finish DPTech Stop Cleanup Task: {}", ipAddr);
|
||||||
|
return ErrorCode.ERR_OK;
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
log.error("----Error DPTech Stop Cleanup Task: {}", ipAddr);
|
||||||
return ErrorCode.ERR_SYSTEMEXCEPTION;
|
return ErrorCode.ERR_SYSTEMEXCEPTION;
|
||||||
}
|
}
|
||||||
|
|
||||||
return ErrorCode.ERR_INTERRUPT;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -274,7 +284,6 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
return (T) cleanTypePort.getAllDetectionObjectFromUMC().getDetectionObjectDataForService();
|
return (T) cleanTypePort.getAllDetectionObjectFromUMC().getDetectionObjectDataForService();
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -290,27 +299,9 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
public <T> T getAllProtectionObject() {
|
public <T> T getAllProtectionObject() {
|
||||||
try {
|
try {
|
||||||
return (T) cleanTypePort.getAllProtectionObjectFromUMC().getProtectionObjectDataForService();
|
return (T) cleanTypePort.getAllProtectionObjectFromUMC().getProtectionObjectDataForService();
|
||||||
} catch (Exception ex) {
|
|
||||||
//log.error(ex.getMessage());
|
|
||||||
//ex.printStackTrace();
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Gets detection object device json.
|
|
||||||
*
|
|
||||||
* @return the detection object device json
|
|
||||||
*/
|
|
||||||
public String getDetectionObjectDeviceJson() {
|
|
||||||
try {
|
|
||||||
ArrayOfDetectionObjectDataForService typePort = cleanTypePort.getAllDetectionObjectFromUMC();
|
|
||||||
ObjectMapper mapper = new ObjectMapper();
|
|
||||||
return mapper.writerWithDefaultPrettyPrinter().writeValueAsString(typePort);
|
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
return null;
|
||||||
return "{}";
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -325,7 +316,6 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
return cleanTypePort.getAllProtectDevices();
|
return cleanTypePort.getAllProtectDevices();
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -341,7 +331,6 @@ public class DPTechImpl implements DisposeEntryManager {
|
||||||
return cleanTypePort.getAllDetectDevices();
|
return cleanTypePort.getAllDetectDevices();
|
||||||
} catch (Exception ex) {
|
} catch (Exception ex) {
|
||||||
log.error(ex.getMessage());
|
log.error(ex.getMessage());
|
||||||
ex.printStackTrace();
|
|
||||||
return "";
|
return "";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue