HuangXin
parent
3f6d8f1813
commit
9c908f1c10
|
|
@ -1,13 +1,22 @@
|
|||
package com.dispose.ability.impl;
|
||||
|
||||
import com.dispose.common.CommonEnumHandler;
|
||||
import com.dispose.common.ConstValue;
|
||||
import com.dispose.common.DisposeConfigValue;
|
||||
import com.dispose.common.DisposeCapacityType;
|
||||
import com.dispose.common.DisposeObjectType;
|
||||
import com.dispose.common.DpTechAttackType;
|
||||
import com.dispose.common.DpTechConfigValue;
|
||||
import com.dispose.common.ErrorCode;
|
||||
import com.dispose.common.Helper;
|
||||
import com.dispose.common.IpAddrType;
|
||||
import com.dispose.common.NetflowDirection;
|
||||
import com.dispose.pojo.dto.protocol.device.ability.DpBypassManager;
|
||||
import com.dispose.pojo.dto.protocol.device.ability.DpProtectObject;
|
||||
import com.dispose.pojo.dto.protocol.device.ability.DpProtectionStrategyInfo;
|
||||
import com.dispose.pojo.dto.protocol.device.ability.DpTractionStrategy;
|
||||
import com.dispose.pojo.entity.ServiceInfo;
|
||||
import com.dispose.pojo.po.MulReturnType;
|
||||
import com.dptech.dispose.ArrayOfBypassManualTractionStrategyForService;
|
||||
import com.dptech.dispose.ArrayOfProtectionObjectDataForService;
|
||||
import com.dptech.dispose.ArrayOfProtectionTargetWithStrategyForService;
|
||||
import com.dptech.dispose.NtcRequestResultInfo;
|
||||
|
|
@ -15,10 +24,9 @@ import lombok.extern.slf4j.Slf4j;
|
|||
import org.apache.commons.lang.StringUtils;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Hashtable;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
/**
|
||||
|
|
@ -29,6 +37,8 @@ import java.util.regex.Pattern;
|
|||
@Slf4j
|
||||
public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
||||
|
||||
private final Hashtable<String, String> disposeObjectCache = new Hashtable<>();
|
||||
|
||||
/**
|
||||
* The Dispose service group.
|
||||
*/
|
||||
|
|
@ -41,7 +51,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
|||
/**
|
||||
* The All cleanup devices.
|
||||
*/
|
||||
private final HashSet<String> allCleanupDevices = new HashSet<>();
|
||||
private String allCleanupDevices = "";
|
||||
|
||||
/**
|
||||
* The Dp bypass manager.
|
||||
|
|
@ -58,15 +68,64 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
|||
private void initCleanupDevices() {
|
||||
try {
|
||||
log.info("++++Begging DPTech Get All Protection Devices");
|
||||
String dev = getCleanTypePort().getAllProtectDevices();
|
||||
log.info("----Finish DPTech Get All Protection Devices: {}", dev);
|
||||
|
||||
Collections.addAll(allCleanupDevices, dev.split(DisposeConfigValue.SPLIT_CHAR));
|
||||
allCleanupDevices = getCleanTypePort().getAllProtectDevices();
|
||||
log.info("----Finish DPTech Get All Protection Devices: {}", allCleanupDevices);
|
||||
} catch (Exception ex) {
|
||||
log.error("----Exception DPTech Get All Protection Devices: {}", ex.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Upgrade traction strategy.
|
||||
*/
|
||||
private void upgradeTractionStrategy() {
|
||||
try {
|
||||
log.info("++++Begging DPTech Upgrade Traction Strategy");
|
||||
|
||||
ArrayOfBypassManualTractionStrategyForService ret =
|
||||
getCleanTypePort().getAllBypassManualTractionStrategyFromUMC();
|
||||
|
||||
if (ret != null && ret.getBypassManualTractionStrategyForService().size() > 0) {
|
||||
ret.getBypassManualTractionStrategyForService().forEach(k -> {
|
||||
String policyName = k.getPolicyName().getValue();
|
||||
// 非法名称的旁路牵引策略
|
||||
if (!policyName.startsWith(OBJ_PREFIX)) {
|
||||
NtcRequestResultInfo rsp =
|
||||
getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
|
||||
|
||||
if (rsp.getResultRetVal() == 0) {
|
||||
log.debug("Remove Traction Strategy {} Succeed", policyName);
|
||||
} else {
|
||||
log.error("!!!!Remove Traction Strategy {} Error: {}", policyName, rsp.getResultInfo()
|
||||
.getValue());
|
||||
}
|
||||
} else {
|
||||
DpTractionStrategy obj;
|
||||
|
||||
if (dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
|
||||
obj = dpBypassManager.getTractionStrategyName().get(policyName);
|
||||
obj.setProtectName(k.getProtectName().getValue());
|
||||
obj.setIpRange(k.getIpRange().getValue());
|
||||
obj.setRunning(Boolean.parseBoolean(k.getEnabled().getValue()));
|
||||
} else {
|
||||
obj = DpTractionStrategy.builder()
|
||||
.policyName(policyName)
|
||||
.protectName(k.getProtectName().getValue())
|
||||
.ipRange(k.getIpRange().getValue())
|
||||
.running(Boolean.parseBoolean(k.getEnabled().getValue()))
|
||||
.build();
|
||||
dpBypassManager.getTractionStrategyName().put(policyName, obj);
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
log.info("----Finish DPTech Upgrade Traction Strategy");
|
||||
} catch (Exception ex) {
|
||||
log.error("----Exception DPTech Upgrade Traction Strategy: {}", ex.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets protection strategy template.
|
||||
*/
|
||||
|
|
@ -104,7 +163,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
|||
} else {
|
||||
obj = dpBypassManager.getProtectStrategy().get(objName);
|
||||
|
||||
// 如果关联关系
|
||||
// 如果关联关系有变动
|
||||
if (!obj.getProtectStrategyName().equals(k.getProtectionStrategyName().getValue())) {
|
||||
obj.setProtectStrategyName(k.getProtectionStrategyName().getValue());
|
||||
}
|
||||
|
|
@ -113,15 +172,12 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
|||
});
|
||||
|
||||
log.info("----Finish Begging DPTech Get All Protection Strategy Association Relation");
|
||||
|
||||
|
||||
} catch (Exception ex) {
|
||||
log.error("----Exception Begging DPTech Get All Protection Strategy Association Relation: {}",
|
||||
ex.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Init device env.
|
||||
*
|
||||
|
|
@ -187,7 +243,7 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
|||
.cleanupDevices(k.getCleaningDevices().getValue())
|
||||
.protectName(objName)
|
||||
.detectionDevices(k.getDetectionDevices().getValue())
|
||||
.ipType(k.getIpType() == 4 ? IpAddrType.IPV4 : IpAddrType.IPV6)
|
||||
.ipType(k.getIpType() == 0 ? IpAddrType.IPV4 : IpAddrType.IPV6)
|
||||
.ipSegment(new Hashtable<>())
|
||||
.build();
|
||||
// 添加到缓存
|
||||
|
|
@ -234,6 +290,153 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public MulReturnType<ErrorCode, String> runDispose(String disposeObject, DisposeObjectType objectType,
|
||||
DisposeCapacityType capType,
|
||||
NetflowDirection nfDirection,
|
||||
Integer attackType,
|
||||
Long duration) {
|
||||
ErrorCode err = ErrorCode.ERR_OK;
|
||||
NtcRequestResultInfo ret;
|
||||
|
||||
try {
|
||||
AtomicReference<String> protectionObject = new AtomicReference<>("");
|
||||
log.debug("++++Begging DPTech Start Cleanup Task: {}", disposeObject);
|
||||
|
||||
if (capType != DisposeCapacityType.CLEANUP) {
|
||||
log.error("----Error DPTech don't support dispose capacity type: {}", capType);
|
||||
return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null);
|
||||
}
|
||||
|
||||
String policyName = OBJ_PREFIX + "_" + disposeObject;
|
||||
|
||||
// 判断缓存中当前处置IP的旁路牵引策略是否存在, 如果存在直接删除
|
||||
if (dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
|
||||
ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
|
||||
|
||||
if (ret.getResultRetVal() != 0) {
|
||||
log.error("----Error DPTech Delete Old Traction Strategy Error: {}, {}", policyName,
|
||||
ret.getResultInfo().getValue());
|
||||
return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null);
|
||||
}
|
||||
}
|
||||
|
||||
// 判断缓存中是否存在该处置IP对应的防护对象
|
||||
if (disposeObjectCache.containsKey(disposeObject)) {
|
||||
protectionObject.set(disposeObjectCache.get(disposeObject));
|
||||
} else {
|
||||
// 从设备防护对象缓存中查找当前处置IP对应的防护对象名称
|
||||
dpBypassManager.getProtectObject().values().forEach(k -> {
|
||||
for (String v : k.getIpSegment().values()) {
|
||||
if (Helper.ipInRange(v, disposeObject)) {
|
||||
protectionObject.set(k.getProtectName());
|
||||
// 将查找到的防护对象添加到缓存中
|
||||
disposeObjectCache.put(disposeObject, k.getProtectName());
|
||||
break;
|
||||
}
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// 校验当前处置对象对应的防护对象名称是否正确
|
||||
if (protectionObject.get().length() == 0) {
|
||||
log.error("----Error DPTech Task Not Found Protection Object: {}", disposeObject);
|
||||
log.debug("!!!!DpTech UMC Protection Objects: {}", dpBypassManager.getProtectObject().values());
|
||||
return new MulReturnType<>(ErrorCode.ERR_NOSUCHUMCPROTECTOBJECT, null);
|
||||
}
|
||||
|
||||
log.debug("++++Begging DPTech Create Traction Strategy: {}, {}, {}", policyName,
|
||||
protectionObject.get(), disposeObject);
|
||||
|
||||
// 创建旁路手动牵引策略
|
||||
ret = getCleanTypePort().addBypassManualTractionStrategyForUMC(policyName, protectionObject.get(),
|
||||
disposeObject);
|
||||
|
||||
if (ret.getResultRetVal() != 0) {
|
||||
log.error("----Error DPTech Create Traction Strategy Error: {}, {}, {}, {}", policyName,
|
||||
protectionObject.get(), disposeObject, ret.getResultInfo().getValue());
|
||||
return new MulReturnType<>(ErrorCode.ERR_CALLDEVICE, null);
|
||||
}
|
||||
|
||||
log.debug("----Finish DPTech Create Traction Strategy: {}, {}, {}", policyName,
|
||||
protectionObject.get(), disposeObject);
|
||||
|
||||
// 启动旁路手动牵引策略
|
||||
log.debug("DpTech startBypassManualTractionStrategyForUMC request: {}, {}", policyName, disposeObject);
|
||||
ret = getCleanTypePort().startBypassManualTractionStrategyForUMC(policyName, "");
|
||||
log.debug("DpTech startBypassManualTractionStrategyForUMC response: {}", ret);
|
||||
|
||||
if (ret.getResultRetVal() != 0) {
|
||||
err = ErrorCode.ERR_CALLDEVICE;
|
||||
log.error("----Error DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection,
|
||||
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType),
|
||||
ret.getResultInfo().getValue());
|
||||
} else {
|
||||
log.debug("----Finish DPTech Start Cleanup Task: {}, {}, {}, {}", disposeObject, nfDirection,
|
||||
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType),
|
||||
ret.getResultInfo().getValue());
|
||||
}
|
||||
} catch (Exception ex) {
|
||||
err = ErrorCode.ERR_SYSTEMEXCEPTION;
|
||||
log.error("----Exception DPTech Start Cleanup Task: {}, {}, {}", disposeObject, nfDirection,
|
||||
CommonEnumHandler.codeOf(DpTechAttackType.class, attackType));
|
||||
}
|
||||
|
||||
return new MulReturnType<>(err, null);
|
||||
}
|
||||
|
||||
@Override
|
||||
public MulReturnType<ErrorCode, Long> stopDispose(String disposeObject,
|
||||
DisposeCapacityType capType,
|
||||
NetflowDirection nfDirection,
|
||||
Integer attackType,
|
||||
String taskId) {
|
||||
ErrorCode err = ErrorCode.ERR_OK;
|
||||
|
||||
try {
|
||||
log.info("++++Begging DPTech Stop Cleanup Task: {}", disposeObject);
|
||||
|
||||
if (capType != DisposeCapacityType.CLEANUP) {
|
||||
log.error("----Error DPTech don't support dispose capacity type: {}", capType);
|
||||
return new MulReturnType<>(ErrorCode.ERR_UNSUPPORT, null);
|
||||
}
|
||||
|
||||
String policyName = OBJ_PREFIX + "_" + disposeObject;
|
||||
|
||||
if (!dpBypassManager.getTractionStrategyName().containsKey(policyName)) {
|
||||
log.error("----Error DPTech Stop Cleanup Task, No Such Task: {}, {}", disposeObject, policyName);
|
||||
return new MulReturnType<>(ErrorCode.ERR_TASKNOTRUNNING, null);
|
||||
}
|
||||
|
||||
log.debug("DpTech stopBypassManualTractionStrategyForUMC request: {}", disposeObject);
|
||||
NtcRequestResultInfo ret = getCleanTypePort().stopBypassManualTractionStrategyForUMC(policyName, "");
|
||||
log.debug("DpTech stopBypassManualTractionStrategyForUMC response: {}", ret);
|
||||
|
||||
if (ret.getResultRetVal() != 0) {
|
||||
err = ErrorCode.ERR_CALLDEVICE;
|
||||
log.error("----Error DPTech Stop Cleanup Task: {}, {}", disposeObject, ret.getResultInfo().getValue());
|
||||
return new MulReturnType<>(err, null);
|
||||
}
|
||||
|
||||
// 删除不再使用的手动旁路牵引策略
|
||||
log.debug("DpTech delBypassManualTractionStrategyForUMC request: {}", policyName);
|
||||
ret = getCleanTypePort().delBypassManualTractionStrategyForUMC(policyName);
|
||||
log.debug("DpTech delBypassManualTractionStrategyForUMC response: {}", ret);
|
||||
|
||||
if (ret.getResultRetVal() != 0) {
|
||||
log.error("----Error DPTech Remove Traction Strategy: {}, {}", policyName,
|
||||
ret.getResultInfo().getValue());
|
||||
}
|
||||
|
||||
log.info("----Finish DPTech Stop Cleanup Task Succeed: {}", disposeObject);
|
||||
} catch (Exception ex) {
|
||||
err = ErrorCode.ERR_SYSTEMEXCEPTION;
|
||||
log.error("----Exception DPTech Stop Cleanup Task: {}, {}", disposeObject, ex.getMessage());
|
||||
}
|
||||
|
||||
return new MulReturnType<>(err, null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Period task runtime.
|
||||
*/
|
||||
|
|
@ -246,6 +449,9 @@ public class DpTechBypassAbilityImpl extends DpTechAbilityImpl {
|
|||
// 更新防护对象与目标关联关系
|
||||
getProtectionStrategyTemplate();
|
||||
}
|
||||
|
||||
// 清理旁路手动牵引策略
|
||||
upgradeTractionStrategy();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ public enum ErrorCode {
|
|||
*/
|
||||
ERR_UNTRUSTTOKEN(38, "未经授权的Token"),
|
||||
/**
|
||||
* Err unknowninterface error code.
|
||||
* The Err unknowninterface.
|
||||
*/
|
||||
ERR_UNKNOWNINTERFACE(39, "未提供该接口"),
|
||||
/**
|
||||
|
|
@ -217,19 +217,19 @@ public enum ErrorCode {
|
|||
*/
|
||||
ERR_DECRYPT_AES256(111, "AES256解密失败"),
|
||||
/**
|
||||
* The Err no device by areaCode.
|
||||
* The Err nodevice areacode.
|
||||
*/
|
||||
ERR_NODEVICE_AREACODE(112, "区域无该设备"),
|
||||
/**
|
||||
* The Err specified IP already exists.
|
||||
* The Err specifiedip exists.
|
||||
*/
|
||||
ERR_SPECIFIEDIP_EXISTS(113, "指定的IP已经存在"),
|
||||
/**
|
||||
* The Err specified IP does not exists.
|
||||
* The Err specifiedip notexists.
|
||||
*/
|
||||
ERR_SPECIFIEDIP_NOTEXISTS(114, "指定的IP地址不存在"),
|
||||
/**
|
||||
* The Err server processing request.
|
||||
* The Err server processreq.
|
||||
*/
|
||||
ERR_SERVER_PROCESSREQ(115, "服务器处理请求错误"),
|
||||
/**
|
||||
|
|
@ -240,6 +240,11 @@ public enum ErrorCode {
|
|||
* The Err pengxin error.
|
||||
*/
|
||||
ERR_PENGXIN_ERROR(117, "鹏信设备返回错误"),
|
||||
|
||||
/**
|
||||
* The Err nosuchumcprotectobject.
|
||||
*/
|
||||
ERR_NOSUCHUMCPROTECTOBJECT(200, "没有找到UMC防护对象"),
|
||||
;
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue