From 80c6c197a7526558b12eb76d8e79070053cac167 Mon Sep 17 00:00:00 2001 From: chenlinghy Date: Wed, 28 Apr 2021 17:18:32 +0800 Subject: [PATCH] =?UTF-8?q?OCT=20REM:=201.=20=E6=96=B0=E5=A2=9E=E8=AE=BE?= =?UTF-8?q?=E5=A4=87=E7=B1=BB=E5=9E=8B=202.=20=E6=96=B0=E5=A2=9E=E9=94=99?= =?UTF-8?q?=E8=AF=AF=E7=A0=81=203.=20=E4=BF=AE=E6=94=B9Restful=E5=85=AC?= =?UTF-8?q?=E5=85=B1=E6=8E=A5=E5=8F=A3=204.=20=E6=96=B0=E5=A2=9E=E5=8D=8E?= =?UTF-8?q?=E4=B8=BA=E9=98=B2=E7=81=AB=E5=A2=99=E5=88=9B=E5=BB=BA=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E7=AD=96=E7=95=A5=E3=80=81=E5=88=A0=E9=99=A4=E5=AE=89?= =?UTF-8?q?=E5=85=A8=E7=AD=96=E7=95=A5=E3=80=81=E6=9F=A5=E8=AF=A2=E6=89=80?= =?UTF-8?q?=E6=9C=89=E5=AE=89=E5=85=A8=E7=AD=96=E7=95=A5=E6=8E=A5=E5=8F=A3?= =?UTF-8?q?=205.=20=E6=96=B0=E5=A2=9E=E5=8D=8E=E4=B8=BA=E8=AE=BE=E5=A4=87?= =?UTF-8?q?=E8=83=BD=E5=8A=9B=E6=8E=A5=E5=8F=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 5 + .../impl/HuaWeiFireWallAbilityImpl.java | 400 ++++++++++++++++++ .../java/com/dispose/common/ConstValue.java | 110 ++--- .../com/dispose/common/DisposeDeviceType.java | 4 + .../java/com/dispose/common/ErrorCode.java | 4 + .../com/dispose/restful/RestfulInterface.java | 108 ++++- .../impl/DeviceTaskManagerServiceImpl.java | 8 + .../impl/DisposeAbilityRouterServiceImpl.java | 12 +- .../common/HuaWeiFireWallCreatePolicyReq.java | 28 ++ .../protocol/HuaWeiFireWallInterface.java | 135 ++++++ 10 files changed, 750 insertions(+), 64 deletions(-) create mode 100644 src/main/java/com/dispose/ability/impl/HuaWeiFireWallAbilityImpl.java create mode 100644 src/main/java/com/huaweifirewall/dispose/common/HuaWeiFireWallCreatePolicyReq.java create mode 100644 src/main/java/com/huaweifirewall/dispose/protocol/HuaWeiFireWallInterface.java diff --git a/pom.xml b/pom.xml index 0d1e13d1..dc4f69bb 100644 --- a/pom.xml +++ b/pom.xml @@ -216,6 +216,11 @@ hibernate-validator 6.1.5.Final + + dom4j + dom4j-core + 1.4-dev-8 + diff --git a/src/main/java/com/dispose/ability/impl/HuaWeiFireWallAbilityImpl.java b/src/main/java/com/dispose/ability/impl/HuaWeiFireWallAbilityImpl.java new file mode 100644 index 00000000..95e609cc --- /dev/null +++ b/src/main/java/com/dispose/ability/impl/HuaWeiFireWallAbilityImpl.java @@ -0,0 +1,400 @@ +package com.dispose.ability.impl; + +import cn.hutool.http.HttpResponse; +import com.dispose.ability.DisposeAbility; +import com.dispose.common.DisposeCapacityType; +import com.dispose.common.DisposeConfigValue; +import com.dispose.common.DisposeObjectType; +import com.dispose.common.ErrorCode; + +import com.dispose.common.NetflowDirection; +import com.dispose.pojo.entity.ServiceInfo; +import com.dispose.pojo.po.MulReturnType; +import com.dispose.pojo.vo.DeviceFirewareInfo; +import com.dispose.security.arithmetic.CryptoHelper; +import com.huaweifirewall.dispose.common.HuaWeiFireWallCreatePolicyReq; +import com.huaweifirewall.dispose.protocol.HuaWeiFireWallInterface; +import inet.ipaddr.IPAddress; +import inet.ipaddr.IPAddressString; +import lombok.Getter; +import lombok.Setter; +import lombok.extern.slf4j.Slf4j; +import org.jetbrains.annotations.Nullable; + +import javax.servlet.http.HttpServletResponse; +import java.nio.charset.StandardCharsets; +import java.util.List; + +/** + * @author Nicole + */ +@Slf4j +public class HuaWeiFireWallAbilityImpl implements DisposeAbility { + /** + * The Restful interface. + */ + private final HuaWeiFireWallInterface restfulInterface = new HuaWeiFireWallInterface(); + /** + * The policy name prefix. + */ + private static final String POLICY_NAME_PREFIX = "C_"; + /** + * The Timer cnt. + */ + private long timerCnt = 0; + /** + * The Device link status. + */ + private boolean deviceLinkStatus = false; + /** + * The Url root path. + */ + @Getter + @Setter + private String urlRootPath; + + /** + * The Username. + */ + @Getter + @Setter + private String username; + + /** + * The Password. + */ + @Getter + @Setter + private String password; + + /** + * The Token. + */ + private String token; + + + /** + * Init device env. + * + * @param urlPath the url path + * @param username the username + * @param password the password + */ + @Override + public void initDeviceEnv(String urlPath, String username, String password) { + this.urlRootPath = urlPath; + this.username = username; + this.password = password; + + upgradeToken(); + } + + /** + * Run dispose mul return type. + * + * @param disposeObject the dispose object + * @param objectType the object type + * @param capType the cap type + * @param nfDirection the nf direction + * @param attackType the attack type + * @param duration the duration + * @return the mul return type + */ + @Override + public MulReturnType runDispose(String disposeObject, DisposeObjectType objectType, DisposeCapacityType capType, + @Nullable NetflowDirection nfDirection, @Nullable Integer attackType, @Nullable Long duration) { + //调用创建安全策略规则的接口 + + String name = "/vsys=public/static-policy/rule=" + getPolicyName(disposeObject); + String url = urlRootPath + name; + String disposeObj = null; + + IPAddress addr = new IPAddressString(disposeObject).getAddress(); + if (addr.isIPv4()) { + disposeObj = disposeObject + "/32"; + } + + if (token == null || token.length() == 0) { + return new MulReturnType<>(ErrorCode.ERR_LOGOUT, ""); + } + + HuaWeiFireWallCreatePolicyReq policyReq = HuaWeiFireWallCreatePolicyReq.builder() + .sourceIp(disposeObj).action(false).build(); + + try { + log.info("++++Begging HuaWei FireWall Start Cleanup Task: {}", disposeObject); + + //华为防火墙目前只提供封堵功能 + if (capType != DisposeCapacityType.BLACKHOOL) { + log.error("----Error HuaWei FireWall don't support dispose capacity type: {}", capType); + return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null); + } + + ErrorCode resp = restfulInterface.createSecurityPolicy(url, token, policyReq); + + // 判断是否token过期 + if (resp == ErrorCode.ERR_TOKENNOTFOUND) { + // 重新登录获取 token + upgradeToken(); + resp = restfulInterface.createSecurityPolicy(url, token, policyReq); + } + + if (resp == null) { + log.error("----Error HuaWei FireWall start clean {} server return error", disposeObject); + return new MulReturnType<>(ErrorCode.ERR_HUAWEIFIREWALL_ERROR, null); + } + + if (resp != ErrorCode.ERR_OK) { + log.error("----Error HuaWei FireWall start clean {} return error: {}, {}", disposeObject, + resp.getCode(), resp.getMsg()); + return new MulReturnType<>(ErrorCode.ERR_HUAWEIFIREWALL_ERROR, null); + } + + log.info("----Finish HuaWei FireWall Start Cleanup Task: {}", disposeObject); + return new MulReturnType<>(ErrorCode.ERR_OK, null); + } catch (Exception ex) { + log.error("----Exception HuaWei FireWall Start Cleanup Task [{}]: {}, {}, {}, {}, {}", ex.getMessage(), + disposeObject, + nfDirection, + duration, url, token); + return new MulReturnType<>(ErrorCode.ERR_SYSTEMEXCEPTION, null); + } + } + + /** + * Stop dispose mul return type. + * + * @param disposeObject the dispose object + * @param capType the cap type + * @param nfDirection the nf direction + * @param attackType the attack type + * @param taskId the task id + * @return the mul return type + */ + @Override + public MulReturnType stopDispose(String disposeObject, DisposeCapacityType capType, + @Nullable NetflowDirection nfDirection, @Nullable Integer attackType, @Nullable String taskId) { + //调用删除安全策略规则的接口,规则名称通过前缀和IP地址进行拼接 + String name = "/vsys=public/static-policy/rule=" + getPolicyName(disposeObject); + String url = urlRootPath + name; + + if (token == null || token.length() == 0) { + return new MulReturnType<>(ErrorCode.ERR_LOGOUT, null); + } + + try { + log.info("++++Begging HuaWei FireWall Stop Cleanup Task: {}", taskId); + + //华为防火墙目前只提供封堵功能 + if (capType != DisposeCapacityType.BLACKHOOL) { + log.error("----Error HuaWei FireWall don't support dispose capacity type: {}", capType); + return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null); + } + + if (taskId == null) { + return new MulReturnType<>(ErrorCode.ERR_PARAMS, null); + } + + ErrorCode rspInfo = restfulInterface.deleteSecurityPolicy(url, token); + + // 判断是否token过期 + if (rspInfo == ErrorCode.ERR_TOKENNOTFOUND) { + // 重新登录获取 token + upgradeToken(); + rspInfo = restfulInterface.deleteSecurityPolicy(url, token); + } + + if (rspInfo == null) { + log.error("----Error HuaWei FireWall stop task{} server return error", taskId); + return new MulReturnType<>(ErrorCode.ERR_HUAWEIFIREWALL_ERROR, null); + } + + if (rspInfo != ErrorCode.ERR_OK) { + log.error("----Error HuaWei FireWall stop task{} server return error", taskId); + return new MulReturnType<>(ErrorCode.ERR_HUAWEIFIREWALL_ERROR, null); + } + + log.info("----Finish HuaWei FireWall Stop Cleanup Task: {}", taskId); + return new MulReturnType<>(ErrorCode.ERR_OK, null); + } catch (Exception ex) { + log.error("----Exception HuaWei FireWall Stop Cleanup Task [{}]: {}, {}, {}, {}", ex.getMessage(), + disposeObject, + nfDirection, url, token); + return new MulReturnType<>(ErrorCode.ERR_SYSTEMEXCEPTION, null); + } + } + + /** + * Task status mul return type. + * + * @param taskId the task id + * @return the mul return type + */ + @Override + public MulReturnType taskStatus(String taskId) { + return null; + } + + /** + * Gets ability device fireware. + * + * @return the ability device fireware. + */ + @Override + public MulReturnType getAbilityDeviceFireware() { + return new MulReturnType<>(ErrorCode.ERR_OK, + DeviceFirewareInfo.builder() + .vendor("HuaWeiFireWall") + .model("Unknown") + .firmware("Unknown") + .os("Linux Server") + .kernel("Linux") + .arch("x86_64") + .version("Unknown") + .memory(-1) + .freeMemory(-1) + .cpuUsed(-1) + .build()); + } + + /** + * To device attack type long. + * + * @param ddosAttackTypeMask the ddos attack type mask + * @return the long + */ + @Override + public Long toDeviceAttackType(Long ddosAttackTypeMask) { + return ddosAttackTypeMask; + } + + /** + * Gets device link status. + * + * @return the device link status + */ + @Override + public boolean getDeviceLinkStatus() { + return deviceLinkStatus; + } + + /** + * Dev get link status. + */ + private void devGetLinkStatus() { + try { + //调用华为防火墙查询所有安全策略规则接口,调用成功则认为设备心跳正常 + String url = urlRootPath; + + if (token == null || token.length() == 0) { + deviceLinkStatus = false; + return; + } + + HttpResponse response = restfulInterface.getAllSecurityPolicy(url, token); + + if (response.getStatus() == HttpServletResponse.SC_PRECONDITION_FAILED) { + // 重新登录获取 token + upgradeToken(); + response = restfulInterface.getAllSecurityPolicy(url, token); + } + + if (response.getStatus() == HttpServletResponse.SC_OK) { + deviceLinkStatus = true; + } + + return; + } catch (Exception ex) { + log.error(ex.getMessage()); + } + + deviceLinkStatus = false; + } + + /** + * Gets dispose device protect object. + */ + @Override + public void getDisposeDeviceProtectObject() { + } + + /** + * Is carry protect ip boolean. + * + * @param ipAddr the ip addr + * @return the boolean + */ + @Override + public boolean isCarryProtectIp(String ipAddr) { + return true; + } + + + /** + * Is carry attack type boolean. + * + * @param attackType the attack type + * @return the boolean + */ + @Override + public boolean isCarryAttackType(Long attackType) { + return true; + } + + /** + * Period task runtime. + */ + @Override + public void periodTaskRuntime() { + log.debug("++++HuaWei FireWall Period Task Running"); + + // 更新心跳状态 + if (timerCnt++ % DisposeConfigValue.HEART_PERIOD_OF_SECOND == 0) { + devGetLinkStatus(); + } + + log.debug("----HuaWei FireWall Period Task Running"); + } + + /** + * Device ready boolean. + * + * @return the boolean + */ + @Override + public boolean deviceReady() { + return true; + } + + /** + * Upgrade service group. + * + * @param svrList the svr list + */ + @Override + public void upgradeServiceGroup(List svrList) { + + } + + /** + * Upgrade token. + */ + private void upgradeToken() { + try { + //由用户名密码的base64计算得到,用户名密码格式:用户名:密码 + String plainText = username + ":" + password; + this.token = CryptoHelper.base64Encryption(plainText.getBytes(StandardCharsets.UTF_8)); + } catch (Exception ignored) { + } + } + + /** + * Gets policy name. + * + * @param sourceIp the source Ip + * @return the policy name + */ + private String getPolicyName(String sourceIp) { + return POLICY_NAME_PREFIX + sourceIp; + } +} diff --git a/src/main/java/com/dispose/common/ConstValue.java b/src/main/java/com/dispose/common/ConstValue.java index 6457e992..06eb1037 100644 --- a/src/main/java/com/dispose/common/ConstValue.java +++ b/src/main/java/com/dispose/common/ConstValue.java @@ -11,73 +11,77 @@ public class ConstValue { * The constant STRING_HTTP_AUTH_HEAD. */ public static final String STRING_HTTP_AUTH_HEAD = "Bearer "; + /** + * The constant HUAWEI_FIREWALL_HTTP_AUTH_HEAD. + */ + public static final String HUAWEI_FIREWALL_HTTP_AUTH_HEAD = "Basic "; /** * The constant IP_ADDR_REG. */ public static final String IP_ADDR_REG = "^((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + - "([\\da-fA-F]{1,4}:){6}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^::" + - "([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + - "([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^([\\da-fA-F]{1,4}:){2}:([\\da-fA-F]{1,4}:){0,2}(" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^([\\da-fA-F]{1,4}:){3}:" + - "([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + - "([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + - "([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4}$|^:((:[\\da-fA-F]{1,4}){1,6}|:)$|^[\\da-fA-F]{1,4}:((:[\\da-fA-F]{1," + - "4}){1,5}|:)$|^([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:)$|^([\\da-fA-F]{1,4}:){3}((:[\\da-fA-F]{1," + - "4}){1,3}|:)$|^([\\da-fA-F]{1,4}:){4}((:[\\da-fA-F]{1,4}){1,2}|:)$|^([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1,4})" + - "?$|^([\\da-fA-F]{1,4}:){6}:$"; + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + + "([\\da-fA-F]{1,4}:){6}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^::" + + "([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + + "([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^([\\da-fA-F]{1,4}:){2}:([\\da-fA-F]{1,4}:){0,2}(" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^([\\da-fA-F]{1,4}:){3}:" + + "([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + + "([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)$|^" + + "([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4}$|^:((:[\\da-fA-F]{1,4}){1,6}|:)$|^[\\da-fA-F]{1,4}:((:[\\da-fA-F]{1," + + "4}){1,5}|:)$|^([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:)$|^([\\da-fA-F]{1,4}:){3}((:[\\da-fA-F]{1," + + "4}){1,3}|:)$|^([\\da-fA-F]{1,4}:){4}((:[\\da-fA-F]{1,4}){1,2}|:)$|^([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1,4})" + + "?$|^([\\da-fA-F]{1,4}:){6}:$"; /** * The constant IP_ADDR_SEGMENT_REG. */ private static final String IP_ADDR_SEGMENT_REG = "^(((((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))-(((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))" + - ")|(((([\\da-fA-F]{1,4}:){6}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(::" + - "([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + - "([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){2}:([\\da-fA-F]{1,4}:){0,2}(" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){3}:" + - "([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + - "([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + - "([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4})|(:((:[\\da-fA-F]{1,4}){1,6}|:))|([\\da-fA-F]{1,4}:((:[\\da-fA-F]{1," + - "4}){1,5}|:))|(([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:))|(([\\da-fA-F]{1,4}:){3}((:[\\da-fA-F]{1," + - "4}){1,3}|:))|(([\\da-fA-F]{1,4}:){4}((:[\\da-fA-F]{1,4}){1,2}|:))|(([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1,4})" + - "?)|(([\\da-fA-F]{1,4}:){6}:))-((([\\da-fA-F]{1,4}:){6}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(::([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}(" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){2}:" + - "([\\da-fA-F]{1,4}:){0,2}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + - "([\\da-fA-F]{1,4}:){3}:([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4})|(:((:[\\da-fA-F]{1,4}){1,6}|:))|" + - "([\\da-fA-F]{1,4}:((:[\\da-fA-F]{1,4}){1,5}|:))|(([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:))|(" + - "([\\da-fA-F]{1,4}:){3}((:[\\da-fA-F]{1,4}){1,3}|:))|(([\\da-fA-F]{1,4}:){4}((:[\\da-fA-F]{1,4}){1,2}|:))|(" + - "([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1,4})?)|(([\\da-fA-F]{1,4}:){6}:)))|(((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\" + - ".){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/(\\d|[1-2]\\d|3[0-2]))?)|((([\\da-fA-F]{1,4}:){6}(" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))" + - "?)|(::([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/" + - "([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}(" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))" + - "?)|(([\\da-fA-F]{1,4}:){2}:([\\da-fA-F]{1,4}:){0,2}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){3}:" + - "([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/" + - "([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + - "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:)" + - "{7}[\\da-fA-F]{1,4}(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(:((:[\\da-fA-F]{1,4}){1,6}|:)(\\/([1-9]?\\d|(1" + - "([0-1]\\d|2[0-8]))))?)|([\\da-fA-F]{1,4}:((:[\\da-fA-F]{1,4}){1,5}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)" + - "|(([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1," + - "4}:){3}((:[\\da-fA-F]{1,4}){1,3}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){4}(" + - "(:[\\da-fA-F]{1,4}){1,2}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1," + - "4})?(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){6}:(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?))" + - ")$"; + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))-(((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))" + + ")|(((([\\da-fA-F]{1,4}:){6}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(::" + + "([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + + "([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){2}:([\\da-fA-F]{1,4}:){0,2}(" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){3}:" + + "([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + + "([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + + "([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4})|(:((:[\\da-fA-F]{1,4}){1,6}|:))|([\\da-fA-F]{1,4}:((:[\\da-fA-F]{1," + + "4}){1,5}|:))|(([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:))|(([\\da-fA-F]{1,4}:){3}((:[\\da-fA-F]{1," + + "4}){1,3}|:))|(([\\da-fA-F]{1,4}:){4}((:[\\da-fA-F]{1,4}){1,2}|:))|(([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1,4})" + + "?)|(([\\da-fA-F]{1,4}:){6}:))-((([\\da-fA-F]{1,4}:){6}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(::([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}(" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){2}:" + + "([\\da-fA-F]{1,4}:){0,2}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(" + + "([\\da-fA-F]{1,4}:){3}:([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?))|(([\\da-fA-F]{1,4}:){7}[\\da-fA-F]{1,4})|(:((:[\\da-fA-F]{1,4}){1,6}|:))|" + + "([\\da-fA-F]{1,4}:((:[\\da-fA-F]{1,4}){1,5}|:))|(([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:))|(" + + "([\\da-fA-F]{1,4}:){3}((:[\\da-fA-F]{1,4}){1,3}|:))|(([\\da-fA-F]{1,4}:){4}((:[\\da-fA-F]{1,4}){1,2}|:))|(" + + "([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1,4})?)|(([\\da-fA-F]{1,4}:){6}:)))|(((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\" + + ".){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/(\\d|[1-2]\\d|3[0-2]))?)|((([\\da-fA-F]{1,4}:){6}(" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))" + + "?)|(::([\\da-fA-F]{1,4}:){0,4}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/" + + "([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:):([\\da-fA-F]{1,4}:){0,3}(" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))" + + "?)|(([\\da-fA-F]{1,4}:){2}:([\\da-fA-F]{1,4}:){0,2}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){3}:" + + "([\\da-fA-F]{1,4}:){0,1}((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/" + + "([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){4}:((25[0-5]|2[0-4]\\d|[01]?\\d\\d?)\\.){3}" + + "(25[0-5]|2[0-4]\\d|[01]?\\d\\d?)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:)" + + "{7}[\\da-fA-F]{1,4}(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(:((:[\\da-fA-F]{1,4}){1,6}|:)(\\/([1-9]?\\d|(1" + + "([0-1]\\d|2[0-8]))))?)|([\\da-fA-F]{1,4}:((:[\\da-fA-F]{1,4}){1,5}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)" + + "|(([\\da-fA-F]{1,4}:){2}((:[\\da-fA-F]{1,4}){1,4}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1," + + "4}:){3}((:[\\da-fA-F]{1,4}){1,3}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){4}(" + + "(:[\\da-fA-F]{1,4}){1,2}|:)(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){5}:([\\da-fA-F]{1," + + "4})?(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?)|(([\\da-fA-F]{1,4}:){6}:(\\/([1-9]?\\d|(1([0-1]\\d|2[0-8]))))?))" + + ")$"; /** * The constant IP_PORT_REG. */ public static final String IP_PORT_REG = "^[1-9]$|(^[1-9][0-9]$)|(^[1-9][0-9][0-9]$)|(^[1-9][0-9][0-9][0-9]$)|" + - "(^[1-6][0-5][0-5][0-3][0-5]$)"; + "(^[1-6][0-5][0-5][0-3][0-5]$)"; /** * The constant BUSINESS_TYPE. @@ -92,7 +96,7 @@ public class ConstValue { /** * The constant IP_SEGMENT_SPILT. */ - public static final String[] IP_SEGMENT_SPILT = new String[] {"-", "/"}; + public static final String[] IP_SEGMENT_SPILT = new String[]{"-", "/"}; /** * The constant IPV6_ERR_SEGMENT_SPILT. diff --git a/src/main/java/com/dispose/common/DisposeDeviceType.java b/src/main/java/com/dispose/common/DisposeDeviceType.java index 7a93db61..a2b79ad8 100644 --- a/src/main/java/com/dispose/common/DisposeDeviceType.java +++ b/src/main/java/com/dispose/common/DisposeDeviceType.java @@ -26,6 +26,10 @@ public enum DisposeDeviceType implements BaseEnum { * Dptech bypass umc dispose device type. */ DPTECH_BYPASS_UMC(4, "迪普旁路牵引UMC管理平台"), + /** + * The Huawei FireWall platform. + */ + HUAWEI_FIREWALL_PLATFORM(5, "华为防火墙"), /** * The Virtual dispose. */ diff --git a/src/main/java/com/dispose/common/ErrorCode.java b/src/main/java/com/dispose/common/ErrorCode.java index 83c949a4..0cba359e 100644 --- a/src/main/java/com/dispose/common/ErrorCode.java +++ b/src/main/java/com/dispose/common/ErrorCode.java @@ -286,6 +286,10 @@ public enum ErrorCode { * Err not found device error code. */ ERR_NOTFOUNDDEVICE(304, "找不到设备先添加设备"), + /** + * The Err huawei firewall error. + */ + ERR_HUAWEIFIREWALL_ERROR(305, "华为防火墙返回错误"), ; /** diff --git a/src/main/java/com/dispose/restful/RestfulInterface.java b/src/main/java/com/dispose/restful/RestfulInterface.java index 7804c713..ef89344e 100644 --- a/src/main/java/com/dispose/restful/RestfulInterface.java +++ b/src/main/java/com/dispose/restful/RestfulInterface.java @@ -102,6 +102,43 @@ public class RestfulInterface { .execute(); } + /** + * Gets json. + * + * @param url the url + * @param header the header + * @return the http response + */ + private static HttpResponse huaweiFireWallGetJson(String url, Map header) { + HttpRequest.setGlobalTimeout(timeOutValue); + return HttpRequest.get(url).addHeaders(header).execute(); + } + + /** + * Post json. + * + * @param url the url + * @param header the header + * @param body the body + * @return the http response + */ + private static HttpResponse huaweiFireWallPostJson(String url, Map header, String body) { + HttpRequest.setGlobalTimeout(timeOutValue); + return HttpRequest.post(url).addHeaders(header).body(body).execute(); + } + + /** + * Deletes http response. + * + * @param url the url + * @param header the header + * @return the http response + */ + private static HttpResponse huaweiFireWallDeleteJson(String url, Map header, String body) { + HttpRequest.setGlobalTimeout(timeOutValue); + return HttpRequest.delete(url).addHeaders(header).body(body).execute(); + } + /** * Protocol run t. * @@ -187,12 +224,12 @@ public class RestfulInterface { log.debug("Restful response: {}, {}: {}", url, token, svrResp); return OBJECT_MAPPER.readValue(svrResp, - new TypeReference>() { - @Override - public Type getType() { - return createRespType(subClass); - } - }); + new TypeReference>() { + @Override + public Type getType() { + return createRespType(subClass); + } + }); } catch (JsonProcessingException e) { log.debug("System exception: ", e); return null; @@ -258,6 +295,63 @@ public class RestfulInterface { } } + /** + * huawei firewall pro run protocol resp dto. + * + * @param url the url + * @param token the token + * @param reqBody the obj + * @param reqType the req type + * @return the t + */ + public static HttpResponse huaWeiFireWallProRun(String url, String token, String reqBody, RequestMethod reqType) { + String body = ""; + HttpResponse svrResp = null; + + //HTTP请求头格式 + Map httpHeadMap = new HashMap<>(2); + httpHeadMap.put(String.valueOf(Header.CONNECTION), "keep-alive"); + httpHeadMap.put(String.valueOf(Header.ACCEPT), "application/yang.operation+xml"); + + if (token != null && token.length() > 0) { + httpHeadMap.put(String.valueOf(Header.AUTHORIZATION), ConstValue.HUAWEI_FIREWALL_HTTP_AUTH_HEAD + token); + } + + //实际数据长度,没有数据部分时,值为0。 + httpHeadMap.put(String.valueOf(Header.CONTENT_LENGTH), body.equals(reqBody) ? String.valueOf(0) : String.valueOf(reqBody.length())); + + //HTTP请求提交的内容类型,只有在POST方法提交时才需要设置此属性 && body内容为空时,该字段可不存在或取值为空 + if ((!body.equals(reqBody)) && RequestMethod.POST.equals(reqType)) { + httpHeadMap.put(String.valueOf(Header.CONTENT_TYPE), "application/yang.operation+xml"); + } + + log.debug("Restful request: {}, {}: {}", url, token, reqBody); + + switch (reqType) { + case GET: + svrResp = huaweiFireWallGetJson(url, httpHeadMap); + break; + case POST: + svrResp = huaweiFireWallPostJson(url, httpHeadMap, reqBody); + break; + case DELETE: + svrResp = huaweiFireWallDeleteJson(url, httpHeadMap, reqBody); + break; + default: + log.error("Unknown method: {}", reqType); + break; + } + + if (svrResp == null) { + log.debug("Server return null: {}", url); + return null; + } + + log.debug("Restful response: {}, {}: {}", url, token, svrResp.body()); + + return svrResp; + } + /** * Create resp type type. * @@ -269,6 +363,6 @@ public class RestfulInterface { Type[] types = new Type[1]; types[0] = c; return ParameterizedTypeImpl.make(ProtocolRespDTO.class, types, - ProtocolRespDTO.class.getDeclaringClass()); + ProtocolRespDTO.class.getDeclaringClass()); } } diff --git a/src/main/java/com/dispose/service/impl/DeviceTaskManagerServiceImpl.java b/src/main/java/com/dispose/service/impl/DeviceTaskManagerServiceImpl.java index 1ad74576..9d3338a3 100644 --- a/src/main/java/com/dispose/service/impl/DeviceTaskManagerServiceImpl.java +++ b/src/main/java/com/dispose/service/impl/DeviceTaskManagerServiceImpl.java @@ -584,6 +584,10 @@ public class DeviceTaskManagerServiceImpl implements DeviceTaskManagerService { restfulDeviceTaskRun(ai, v, task, DisposeDeviceType.HUAWEI_PLATFORM); break; + case HUAWEI_FIREWALL_PLATFORM: + restfulDeviceTaskRun(ai, v, task, DisposeDeviceType.HUAWEI_FIREWALL_PLATFORM); + break; + default: log.error("Unknown dispose device type: {}", ai.getDev()); break; @@ -661,6 +665,10 @@ public class DeviceTaskManagerServiceImpl implements DeviceTaskManagerService { restfulDeviceTaskStop(ai, v, task, DisposeDeviceType.HUAWEI_PLATFORM); break; + case HUAWEI_FIREWALL_PLATFORM: + restfulDeviceTaskStop(ai, v, task, DisposeDeviceType.HUAWEI_FIREWALL_PLATFORM); + break; + default: log.error("Unknown dispose device type: {}", ai.getDev()); break; diff --git a/src/main/java/com/dispose/service/impl/DisposeAbilityRouterServiceImpl.java b/src/main/java/com/dispose/service/impl/DisposeAbilityRouterServiceImpl.java index 8bf20632..de72ad6c 100644 --- a/src/main/java/com/dispose/service/impl/DisposeAbilityRouterServiceImpl.java +++ b/src/main/java/com/dispose/service/impl/DisposeAbilityRouterServiceImpl.java @@ -5,6 +5,7 @@ import com.dispose.ability.impl.DpTechAbilityImpl; import com.dispose.ability.impl.DpTechBypassAbilityImpl; import com.dispose.ability.impl.HaoHanAbilityImpl; import com.dispose.ability.impl.HuaWeiAbilityImpl; +import com.dispose.ability.impl.HuaWeiFireWallAbilityImpl; import com.dispose.ability.impl.PengXinAbilityImpl; import com.dispose.ability.impl.VirtualAbilityImpl; import com.dispose.common.DisposeCapacityType; @@ -89,7 +90,7 @@ public class DisposeAbilityRouterServiceImpl implements DisposeAbilityRouterServ if (dev != null) { return disposeAbilityMap.get(getAbilityDeviceHashKey(dev.getIpAddr(), dev.getIpPort(), - String.valueOf(dev.getDeviceType()))); + String.valueOf(dev.getDeviceType()))); } return null; @@ -119,7 +120,7 @@ public class DisposeAbilityRouterServiceImpl implements DisposeAbilityRouterServ @Override public void deleteDisposeDevice(DisposeDevice dev) { String hashKey = getAbilityDeviceHashKey(dev.getIpAddr(), dev.getIpPort(), - String.valueOf(dev.getDeviceType())); + String.valueOf(dev.getDeviceType())); disposeAbilityMap.remove(hashKey); } @@ -168,6 +169,9 @@ public class DisposeAbilityRouterServiceImpl implements DisposeAbilityRouterServ db = new DpTechBypassAbilityImpl(); db.upgradeServiceGroup(serviceGroupMapper.selectAll()); break; + case HUAWEI_FIREWALL_PLATFORM: + db = new HuaWeiFireWallAbilityImpl(); + break; default: log.error("Unknown dispose device type: {}", dev.getDeviceType()); return ErrorCode.ERR_PARAMS; @@ -178,7 +182,7 @@ public class DisposeAbilityRouterServiceImpl implements DisposeAbilityRouterServ db.getDisposeDeviceProtectObject(); String hashKey = getAbilityDeviceHashKey(dev.getIpAddr(), dev.getIpPort(), - String.valueOf(dev.getDeviceType())); + String.valueOf(dev.getDeviceType())); // 缓存处置设备到Hash表中 disposeAbilityMap.put(hashKey, AbilityInfo.builder() @@ -240,7 +244,7 @@ public class DisposeAbilityRouterServiceImpl implements DisposeAbilityRouterServ if (dev == null || !dev.getStatus().equals(ObjectStatus.NORMAL)) { String hashKey = getAbilityDeviceHashKey(v.getDev().getIpAddr(), v.getDev().getIpPort(), - String.valueOf(v.getDev().getDeviceType())); + String.valueOf(v.getDev().getDeviceType())); disposeAbilityMap.remove(hashKey); } else { diff --git a/src/main/java/com/huaweifirewall/dispose/common/HuaWeiFireWallCreatePolicyReq.java b/src/main/java/com/huaweifirewall/dispose/common/HuaWeiFireWallCreatePolicyReq.java new file mode 100644 index 00000000..c01639ae --- /dev/null +++ b/src/main/java/com/huaweifirewall/dispose/common/HuaWeiFireWallCreatePolicyReq.java @@ -0,0 +1,28 @@ +package com.huaweifirewall.dispose.common; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.annotation.JsonPropertyOrder; +import lombok.AllArgsConstructor; +import lombok.Builder; +import lombok.Data; +import lombok.NoArgsConstructor; + +/** + * @author Nicole + */ +@Data +@Builder +@NoArgsConstructor +@AllArgsConstructor +@JsonPropertyOrder({"sourceIp", "action"}) +@JsonInclude(JsonInclude.Include.NON_NULL) +public class HuaWeiFireWallCreatePolicyReq { + /** + * The source Ip. + */ + private String sourceIp; + /** + * The rule action. false:block true:unblock + */ + private Boolean action; +} diff --git a/src/main/java/com/huaweifirewall/dispose/protocol/HuaWeiFireWallInterface.java b/src/main/java/com/huaweifirewall/dispose/protocol/HuaWeiFireWallInterface.java new file mode 100644 index 00000000..a128463c --- /dev/null +++ b/src/main/java/com/huaweifirewall/dispose/protocol/HuaWeiFireWallInterface.java @@ -0,0 +1,135 @@ +package com.huaweifirewall.dispose.protocol; + +import cn.hutool.http.HttpResponse; +import com.dispose.common.ErrorCode; +import com.dispose.restful.RestfulInterface; +import com.huaweifirewall.dispose.common.HuaWeiFireWallCreatePolicyReq; +import lombok.extern.slf4j.Slf4j; +import org.dom4j.Document; +import org.dom4j.DocumentHelper; +import org.dom4j.Element; +import org.dom4j.io.OutputFormat; +import org.dom4j.io.XMLWriter; +import org.springframework.web.bind.annotation.RequestMethod; + +import javax.servlet.http.HttpServletResponse; +import java.io.File; +import java.io.FileOutputStream; + +/** + * The type Hua wei FireWall interface. + * + * @author Nicole + */ +@Slf4j +public class HuaWeiFireWallInterface { + + + /** + * Create security policy. + * + * @param baseUrlPath the base url path + * @param token the token + * @param policyReq the request dto + * @return the error code + */ + public ErrorCode createSecurityPolicy(String baseUrlPath, String token, HuaWeiFireWallCreatePolicyReq policyReq) { + //拼接HTTP body部分,xml格式。 + String bodyContent = createXml(policyReq.getSourceIp(), policyReq.getAction()); + + //获取HTTP RESPONSE消息 + HttpResponse response = RestfulInterface.huaWeiFireWallProRun(baseUrlPath, + token, + bodyContent, + RequestMethod.POST); + + //对响应内容进行处理 + if (response != null) { + if (response.getStatus() == HttpServletResponse.SC_CREATED) { + return ErrorCode.ERR_OK; + } + } + + log.error("----HuaWei response [{}]: {}", response == null ? -1 : response.getStatus(), response); + return ErrorCode.ERR_UNKNOWNCMD; + } + + /** + * delete security policy. + * + * @param baseUrlPath the base url path + * @param token the token + * @return the error code + */ + public ErrorCode deleteSecurityPolicy(String baseUrlPath, String token) { + HttpResponse response = RestfulInterface.huaWeiFireWallProRun(baseUrlPath, + token, + "", + RequestMethod.DELETE); + + //对响应内容进行处理 + if (response != null) { + if (response.getStatus() == HttpServletResponse.SC_CREATED) { + return ErrorCode.ERR_OK; + } + } + + log.error("----HuaWei response [{}]: {}", response == null ? -1 : response.getStatus(), response); + return ErrorCode.ERR_UNKNOWNCMD; + } + + + /** + * get all security policy. + * + * @param baseUrlPath the base url path + * @param token the token + * @return the error code + */ + public HttpResponse getAllSecurityPolicy(String baseUrlPath, String token) { + return RestfulInterface.huaWeiFireWallProRun(baseUrlPath, + token, + "", + RequestMethod.GET); + } + + /** + * 生成xml方法 + * + * @param sourceIp the source ip + * @param ruleAction the rule action + * @return the error code + */ + public static String createXml(String sourceIp, Boolean ruleAction) { + try { + // 创建document对象 + Document document = DocumentHelper.createDocument(); + // 创建根节点rule + Element rule = document.addElement("rule"); + // 生成子节点及子节点内容 + Element addressIpv4 = rule.addElement("address-ipv4"); + addressIpv4.setText(sourceIp); + Element action = rule.addElement("action"); + action.setText(String.valueOf(ruleAction)); + // 设置生成xml的格式 + OutputFormat format = OutputFormat.createPrettyPrint(); + // 设置编码格式 + format.setEncoding("UTF-8"); + // 生成xml文件 + File file = new File("policyRule.xml"); + XMLWriter writer = new XMLWriter(new FileOutputStream(file), format); + // 设置是否转义,默认使用转义字符 + writer.setEscapeText(false); + writer.write(document); + writer.close(); + System.out.println("生成policyRule.xml成功"); + return document.asXML(); + } catch (Exception e) { + e.printStackTrace(); + System.out.println("生成policyRule.xml失败"); + } + + return null; + } + +}