2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.controller;
22 import java.io.PrintWriter;
23 import java.util.ArrayList;
24 import java.util.HashMap;
25 import java.util.HashSet;
26 import java.util.Iterator;
27 import java.util.LinkedHashMap;
28 import java.util.List;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
35 import org.hibernate.SessionFactory;
36 import org.json.JSONObject;
37 import org.onap.policy.common.logging.flexlogger.FlexLogger;
38 import org.onap.policy.common.logging.flexlogger.Logger;
39 import org.onap.policy.rest.adapter.AddressGroupJson;
40 import org.onap.policy.rest.adapter.AddressJson;
41 import org.onap.policy.rest.adapter.AddressMembers;
42 import org.onap.policy.rest.adapter.AddressMembersJson;
43 import org.onap.policy.rest.adapter.DeployNowJson;
44 import org.onap.policy.rest.adapter.IdMap;
45 import org.onap.policy.rest.adapter.PolicyRestAdapter;
46 import org.onap.policy.rest.adapter.PrefixIPList;
47 import org.onap.policy.rest.adapter.ServiceGroupJson;
48 import org.onap.policy.rest.adapter.ServiceListJson;
49 import org.onap.policy.rest.adapter.ServiceMembers;
50 import org.onap.policy.rest.adapter.ServicesJson;
51 import org.onap.policy.rest.adapter.TagDefines;
52 import org.onap.policy.rest.adapter.Tags;
53 import org.onap.policy.rest.adapter.Term;
54 import org.onap.policy.rest.adapter.TermCollector;
55 import org.onap.policy.rest.adapter.VendorSpecificData;
56 import org.onap.policy.rest.dao.CommonClassDao;
57 import org.onap.policy.rest.jpa.AddressGroup;
58 import org.onap.policy.rest.jpa.FWTagPicker;
59 import org.onap.policy.rest.jpa.GroupServiceList;
60 import org.onap.policy.rest.jpa.PolicyEntity;
61 import org.onap.policy.rest.jpa.PrefixList;
62 import org.onap.policy.rest.jpa.SecurityZone;
63 import org.onap.policy.rest.jpa.ServiceList;
64 import org.onap.policy.rest.jpa.TermList;
65 import org.onap.policy.xacml.api.XACMLErrorConstants;
66 import org.onap.portalsdk.core.controller.RestrictedBaseController;
67 import org.springframework.beans.factory.annotation.Autowired;
68 import org.springframework.stereotype.Controller;
69 import org.springframework.web.bind.annotation.RequestMapping;
70 import org.springframework.web.servlet.ModelAndView;
72 import com.fasterxml.jackson.core.JsonGenerationException;
73 import com.fasterxml.jackson.databind.DeserializationFeature;
74 import com.fasterxml.jackson.databind.JsonMappingException;
75 import com.fasterxml.jackson.databind.JsonNode;
76 import com.fasterxml.jackson.databind.ObjectMapper;
77 import com.fasterxml.jackson.databind.ObjectWriter;
79 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
80 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
81 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
82 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
83 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
84 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
85 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
89 public class CreateFirewallController extends RestrictedBaseController {
90 private static Logger policyLogger = FlexLogger.getLogger(CreateFirewallController.class);
91 private static final String ANY="ANY";
92 private static final String GROUP="Group_";
95 SessionFactory sessionFactory;
97 private static CommonClassDao commonClassDao;
99 public static CommonClassDao getCommonClassDao() {
100 return commonClassDao;
103 public static void setCommonClassDao(CommonClassDao commonClassDao) {
104 CreateFirewallController.commonClassDao = commonClassDao;
107 private List<String> tagCollectorList;
109 List<String> expandablePrefixIPList = new ArrayList<>();
110 List<String> expandableServicesList= new ArrayList<>();
112 private CreateFirewallController(CommonClassDao commonClassDao){
113 CreateFirewallController.commonClassDao = commonClassDao;
116 public CreateFirewallController(){}
117 private List<String> termCollectorList;
121 public PolicyRestAdapter setDataToPolicyRestAdapter(PolicyRestAdapter policyData){
123 termCollectorList = new ArrayList <>();
124 tagCollectorList = new ArrayList <>();
125 if(! policyData.getAttributes().isEmpty()){
126 for(Object attribute : policyData.getAttributes()){
127 if(attribute instanceof LinkedHashMap<?, ?>){
128 String key = ((LinkedHashMap<?, ?>) attribute).get("key").toString();
129 termCollectorList.add(key);
131 String tag = ((LinkedHashMap<?, ?>) attribute).get("value").toString();
132 tagCollectorList.add(tag);
136 jsonBody = constructJson(policyData);
137 if (jsonBody != null && !jsonBody.equalsIgnoreCase("")) {
138 policyData.setJsonBody(jsonBody);
140 policyData.setJsonBody("{}");
142 policyData.setJsonBody(jsonBody);
147 private List<String> mapping(String expandableList) {
150 List <String> valueDesc= new ArrayList<>();
151 List<Object> prefixListData = commonClassDao.getData(PrefixList.class);
152 for (int i = 0; i< prefixListData.size(); i++) {
153 PrefixList prefixList = (PrefixList) prefixListData.get(i);
154 if (prefixList.getPrefixListName().equals(expandableList)) {
155 value = prefixList.getPrefixListValue();
156 valueDesc.add(value);
157 desc= prefixList.getDescription();
165 private ServiceList mappingServiceList(String expandableList) {
166 ServiceList serviceList=null;
167 List<Object> serviceListData = commonClassDao.getData(ServiceList.class);
168 for (int i = 0; i< serviceListData.size(); i++) {
169 serviceList = (ServiceList) serviceListData.get(i);
170 if (serviceList.getServiceName().equals(expandableList)) {
177 private GroupServiceList mappingServiceGroup(String expandableList) {
179 GroupServiceList serviceGroup=null;
180 List<Object> serviceGroupData = commonClassDao.getData(GroupServiceList.class);
181 for (int i = 0; i< serviceGroupData.size(); i++) {
182 serviceGroup = (GroupServiceList) serviceGroupData.get(i);
183 if (serviceGroup.getGroupName().equals(expandableList)) {
190 private AddressGroup mappingAddressGroup(String expandableList) {
192 AddressGroup addressGroup=null;
193 List<Object> addressGroupData = commonClassDao.getData(AddressGroup.class);
194 for (int i = 0; i< addressGroupData.size(); i++) {
195 addressGroup = (AddressGroup) addressGroupData.get(i);
196 if (addressGroup.getGroupName().equals(expandableList)) {
203 public void prePopulateFWPolicyData(PolicyRestAdapter policyAdapter, PolicyEntity entity) {
204 ArrayList<Object> attributeList;
205 attributeList = new ArrayList<>();
206 if (policyAdapter.getPolicyData() instanceof PolicyType) {
207 Object policyData = policyAdapter.getPolicyData();
208 PolicyType policy = (PolicyType) policyData;
209 // policy name value is the policy name without any prefix and Extensions.
210 policyAdapter.setOldPolicyFileName(policyAdapter.getPolicyName());
211 String policyNameValue = policyAdapter.getPolicyName().substring(policyAdapter.getPolicyName().indexOf("FW_") +3);
212 if (policyLogger.isDebugEnabled()) {
213 policyLogger.debug("Prepopulating form data for Config Policy selected:"+ policyAdapter.getPolicyName());
215 policyAdapter.setPolicyName(policyNameValue);
216 String description = "";
218 description = policy.getDescription().substring(0, policy.getDescription().indexOf("@CreatedBy:"));
220 policyLogger.info("General error", e);
221 description = policy.getDescription();
223 policyAdapter.setPolicyDescription(description);
225 ObjectMapper mapper = new ObjectMapper();
227 TermCollector tc1=null;
231 SecurityZone jpaSecurityZone;
232 data = entity.getConfigurationData().getConfigBody();
233 tc1 = mapper.readValue(data, TermCollector.class);
234 List<Object> securityZoneData = commonClassDao.getData(SecurityZone.class);
235 for (int i = 0; i < securityZoneData.size() ; i++) {
236 jpaSecurityZone = (SecurityZone) securityZoneData.get(i);
237 if (jpaSecurityZone.getZoneValue().equals(tc1.getSecurityZoneId())){
238 policyAdapter.setSecurityZone(jpaSecurityZone.getZoneName());
244 policyLogger.error("Exception Caused while Retriving the JSON body data" +e);
247 Map<String, String> termTagMap=null;
249 for(int i=0;i<tc1.getFirewallRuleList().size();i++){
250 termTagMap = new HashMap <>();
251 String ruleName= tc1.getFirewallRuleList().get(i).getRuleName();
252 String tagPickerName=tc1.getRuleToTag().get(i).getTagPickerName();
253 termTagMap.put("key", ruleName);
254 termTagMap.put("value", tagPickerName);
255 attributeList.add(termTagMap);
258 policyAdapter.setAttributes(attributeList);
259 // Get the target data under policy.
260 TargetType target = policy.getTarget();
261 if (target != null) {
262 // Under target we have AnyOFType
263 List<AnyOfType> anyOfList = target.getAnyOf();
264 if (anyOfList != null) {
265 Iterator<AnyOfType> iterAnyOf = anyOfList.iterator();
266 while (iterAnyOf.hasNext()) {
267 AnyOfType anyOf = iterAnyOf.next();
268 // Under AnyOFType we have AllOFType
269 List<AllOfType> allOfList = anyOf.getAllOf();
270 if (allOfList != null) {
271 Iterator<AllOfType> iterAllOf = allOfList.iterator();
272 while (iterAllOf.hasNext()) {
273 AllOfType allOf = iterAllOf.next();
274 // Under AllOFType we have Match
275 List<MatchType> matchList = allOf.getMatch();
276 if (matchList != null) {
278 Iterator<MatchType> iterMatch = matchList.iterator();
279 while (iterMatch.hasNext()) {
280 MatchType match = iterMatch.next();
282 // Under the match we have attribute value and
283 // attributeDesignator. So,finally down to the actual attribute.
285 AttributeValueType attributeValue = match.getAttributeValue();
286 String value = (String) attributeValue.getContent().get(0);
287 AttributeDesignatorType designator = match.getAttributeDesignator();
288 String attributeId = designator.getAttributeId();
289 if (("ConfigName").equals(attributeId)) {
290 policyAdapter.setConfigName(value);
292 if (("RiskType").equals(attributeId)){
293 policyAdapter.setRiskType(value);
295 if (("RiskLevel").equals(attributeId)){
296 policyAdapter.setRiskLevel(value);
298 if (("guard").equals(attributeId)){
299 policyAdapter.setGuard(value);
301 if (attributeId.equals("TTLDate") && !value.contains("NA")){
302 PolicyController controller = new PolicyController();
303 String newDate = controller.convertDate(value);
304 policyAdapter.setTtlDate(newDate);
316 @RequestMapping(value={"/policyController/ViewFWPolicyRule.htm"}, method={org.springframework.web.bind.annotation.RequestMethod.POST})
317 public ModelAndView setFWViewRule(HttpServletRequest request, HttpServletResponse response){
319 termCollectorList = new ArrayList<>();
320 ObjectMapper mapper = new ObjectMapper();
321 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
322 JsonNode root = mapper.readTree(request.getReader());
323 PolicyRestAdapter policyData = mapper.readValue(root.get("policyData").toString(), PolicyRestAdapter.class);
324 if(! policyData.getAttributes().isEmpty()){
325 for(Object attribute : policyData.getAttributes()){
326 if(attribute instanceof LinkedHashMap<?, ?>){
327 String key = ((LinkedHashMap<?, ?>) attribute).get("key").toString();
328 termCollectorList.add(key);
332 TermList jpaTermList;
333 String ruleSrcList=null;
334 String ruleDestList=null;
335 String ruleSrcPort=null;
336 String ruleDestPort=null;
337 String ruleAction=null;
338 List <String> valueDesc= new ArrayList<>();
339 StringBuffer displayString = new StringBuffer();
340 for (String id : termCollectorList) {
341 List<Object> tmList = commonClassDao.getDataById(TermList.class, "termName", id);
342 jpaTermList = (TermList) tmList.get(0);
343 if (jpaTermList != null){
344 ruleSrcList= jpaTermList.getSrcIPList();
345 if ((ruleSrcList!= null) && (!ruleSrcList.isEmpty()) && !ruleSrcList.equals("null")){
346 displayString.append("Source IP List: " + jpaTermList.getSrcIPList());
347 displayString.append(" ; \t\n");
348 for(String srcList:ruleSrcList.split(",")){
349 if(srcList.startsWith(GROUP)){
351 ag= mappingAddressGroup(srcList);
352 displayString.append("\n\t"+"Group has :"+ag.getPrefixList()+"\n");
353 for(String groupItems:ag.getPrefixList().split(",")){
354 valueDesc=mapping(groupItems);
355 displayString.append("\n\t"+"Name: "+groupItems);
356 if(!valueDesc.isEmpty()){
357 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
358 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
360 displayString.append("\n");
363 if(!srcList.equals(ANY)){
364 valueDesc=mapping(srcList);
365 displayString.append("\n\t"+"Name: "+srcList);
366 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
367 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
368 displayString.append("\n");
372 displayString.append("\n");
374 ruleDestList= jpaTermList.getDestIPList();
375 if ( ruleDestList!= null && (!ruleDestList.isEmpty())&& !ruleDestList.equals("null")){
376 displayString.append("Destination IP List: " + jpaTermList.getDestIPList());
377 displayString.append(" ; \t\n");
378 for(String destList:ruleDestList.split(",")){
379 if(destList.startsWith(GROUP)){
381 ag= mappingAddressGroup(destList);
382 displayString.append("\n\t"+"Group has :"+ag.getPrefixList()+"\n");
383 for(String groupItems:ag.getPrefixList().split(",")){
384 valueDesc=mapping(groupItems);
385 displayString.append("\n\t"+"Name: "+groupItems);
386 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
387 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
388 displayString.append("\n\t");
391 if(!destList.equals(ANY)){
392 valueDesc=mapping(destList);
393 displayString.append("\n\t"+"Name: "+destList);
394 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
395 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
396 displayString.append("\n\t");
400 displayString.append("\n");
403 ruleSrcPort=jpaTermList.getSrcPortList();
404 if ( ruleSrcPort!= null && (!ruleSrcPort.isEmpty())&& !ruleSrcPort.equals("null")) {
405 displayString.append("\n"+"Source Port List:"
407 displayString.append(" ; \t\n");
410 ruleDestPort= jpaTermList.getDestPortList();
411 if (ruleDestPort != null && (!ruleDestPort.isEmpty())&& !ruleDestPort.equals("null")) {
412 displayString.append("\n"+"Destination Port List:"
414 displayString.append(" ; \t\n");
415 for(String destServices:ruleDestPort.split(",")){
416 if(destServices.startsWith(GROUP)){
418 sg= mappingServiceGroup(destServices);
419 displayString.append("\n\t"+"Service Group has :"+sg.getServiceList()+"\n");
420 for(String groupItems:sg.getServiceList().split(",")){
422 sl= mappingServiceList(groupItems);
423 displayString.append("\n\t"+"Name: "+
424 sl.getServiceName());
425 displayString.append("\n\t"+"Description: "+
426 sl.getServiceDescription());
427 displayString.append("\n\t"+"Transport-Protocol: "+
428 sl.getServiceTransProtocol());
429 displayString.append("\n\t"+"Ports: "+
430 sl.getServicePorts());
431 displayString.append("\n");
435 if(!destServices.equals(ANY)){
437 sl= mappingServiceList(destServices);
438 displayString.append("\n\t"+"Name: "+
439 sl.getServiceName());
440 displayString.append("\n\t"+"Description: "+
441 sl.getServiceDescription());
442 displayString.append("\n\t"+"Transport-Protocol: "+
443 sl.getServiceTransProtocol());
444 displayString.append("\n\t"+"Ports: "+
445 sl.getServicePorts());
446 displayString.append("\n");
450 displayString.append("\n");
453 ruleAction=(jpaTermList).getAction();
454 if ( ruleAction!= null && (!ruleAction.isEmpty())) {
455 displayString.append("\n"+"Action List:"
457 displayString.append(" ; \t\n");
461 response.setCharacterEncoding("UTF-8");
462 response.setContentType("application / json");
463 request.setCharacterEncoding("UTF-8");
465 PrintWriter out = response.getWriter();
466 String responseString = mapper.writeValueAsString(displayString);
467 JSONObject j = new JSONObject("{policyData: " + responseString + "}");
468 out.write(j.toString());
470 } catch (Exception e) {
471 policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e);
476 private String constructJson(PolicyRestAdapter policyData) {
478 //Maps to assosciate the values read from the TermList dictionary
479 Map<Integer, String> srcIP_map =null;
480 Map<Integer, String> destIP_map=null;
481 Map<Integer, String> srcPort_map =null;
482 Map<Integer, String> destPort_map =null;
483 Map<Integer, String> action_map=null;
484 Map<Integer, String> fromZone_map=null;
485 Map<Integer, String> toZone_map=null;
487 String ruleDesc=null;
488 String ruleFromZone=null;
489 String ruleToZone=null;
490 String ruleSrcPrefixList=null;
491 String ruleDestPrefixList=null;
492 String ruleSrcPort=null;
493 String ruleDestPort=null;
494 String ruleAction=null;
499 List<String> expandableList = new ArrayList<>();
500 TermList jpaTermList;
501 TermCollector tc = new TermCollector();
502 SecurityZone jpaSecurityZone;
503 List<Term> termList = new ArrayList<>();
506 List<Tags>tagsList= new ArrayList<>();
508 TagDefines tagDefine= new TagDefines();
509 List<TagDefines> tagList=null;
510 ServiceListJson targetSl=null;
511 AddressMembers addressMembersJson=null;
514 String networkRole="";
515 for(String tag:tagCollectorList){
517 List<Object> tagListData = commonClassDao.getData(FWTagPicker.class);
518 for(int tagCounter=0; tagCounter<tagListData.size(); tagCounter++){
519 FWTagPicker jpaTagPickerList=(FWTagPicker) tagListData.get(tagCounter);
520 if (jpaTagPickerList.getTagPickerName().equals(tag) ){
521 String tagValues=jpaTagPickerList.getTagValues();
522 tagList= new ArrayList<>();
523 for(String val:tagValues.split("#")) {
524 int index=val.indexOf(':');
525 String keyToStore=val.substring(0,index);
526 String valueToStore=val.substring(index+1,val.length());
528 tagDefine= new TagDefines();
529 tagDefine.setKey(keyToStore);
530 tagDefine.setValue(valueToStore);
531 //Add to the collection.
532 tagList.add(tagDefine);
535 networkRole=jpaTagPickerList.getNetworkRole();
539 tags.setTags(tagList);
540 tags.setTagPickerName(tag);
541 tags.setRuleName(termCollectorList.get(i));
542 tags.setNetworkRole(networkRole);
546 tc.setRuleToTag(tagsList);
548 for (int tl = 0 ; tl< termCollectorList.size(); tl++) {
549 expandableList.add(termCollectorList.get(tl));
550 Term targetTerm = new Term();
551 targetTerm.setRuleName(termCollectorList.get(tl));
552 List<Object> termListData = commonClassDao.getData(TermList.class);
553 for (int j =0; j < termListData.size(); j++) {
554 jpaTermList = (TermList) termListData.get(j);
555 if (jpaTermList.getTermName().equals(termCollectorList.get(tl))){
556 ruleDesc=jpaTermList.getTermDescription();
557 if ((ruleDesc!=null)&& (!ruleDesc.isEmpty())){
558 targetTerm.setDescription(ruleDesc);
560 ruleFromZone=jpaTermList.getFromZone();
562 if ((ruleFromZone != null) && (!ruleFromZone.isEmpty())){
563 fromZone_map = new HashMap<>();
564 fromZone_map.put(tl, ruleFromZone);
566 ruleToZone=jpaTermList.getToZone();
568 if ((ruleToZone != null) && (!ruleToZone.isEmpty())){
569 toZone_map = new HashMap<>();
570 toZone_map.put(tl, ruleToZone);
572 ruleSrcPrefixList=jpaTermList.getSrcIPList();
574 if ((ruleSrcPrefixList != null) && (!ruleSrcPrefixList.isEmpty())){
575 srcIP_map = new HashMap<>();
576 srcIP_map.put(tl, ruleSrcPrefixList);
579 ruleDestPrefixList= jpaTermList.getDestIPList();
580 if ((ruleDestPrefixList != null) && (!ruleDestPrefixList.isEmpty())){
581 destIP_map = new HashMap<>();
582 destIP_map.put(tl, ruleDestPrefixList);
585 ruleSrcPort=jpaTermList.getSrcPortList();
587 if (ruleSrcPort != null && (!ruleSrcPort.isEmpty())){
588 srcPort_map = new HashMap<>();
589 srcPort_map.put(tl, ruleSrcPort);
592 ruleDestPort= jpaTermList.getDestPortList();
594 if (ruleDestPort!= null && (!jpaTermList.getDestPortList().isEmpty())){
595 destPort_map = new HashMap<>();
596 destPort_map.put(tl, ruleDestPort);
599 ruleAction=jpaTermList.getAction();
601 if (( ruleAction!= null) && (!ruleAction.isEmpty())){
602 action_map = new HashMap<>();
603 action_map.put(tl, ruleAction);
607 targetTerm.setEnabled(true);
608 targetTerm.setLog(true);
609 targetTerm.setNegateSource(false);
610 targetTerm.setNegateDestination(false);
612 if(action_map!=null){
613 targetTerm.setAction(action_map.get(tl));
617 if(fromZone_map!=null){
618 List<String> fromZone= new ArrayList<>();
619 for(String fromZoneStr:fromZone_map.get(tl).split(",") ){
620 fromZone.add(fromZoneStr);
622 targetTerm.setFromZones(fromZone);
626 if(toZone_map!=null){
627 List<String> toZone= new ArrayList<>();
628 for(String toZoneStr:toZone_map.get(tl).split(",") ){
629 toZone.add(toZoneStr);
631 targetTerm.setToZones(toZone);
634 //Destination Services.
635 if(destPort_map!=null){
636 Set<ServicesJson> destServicesJsonList= new HashSet<>();
637 for(String destServices:destPort_map.get(tl).split(",") ){
638 ServicesJson destServicesJson= new ServicesJson();
639 destServicesJson.setType("REFERENCE");
640 if(destServices.equals(ANY)){
641 destServicesJson.setName("any");
642 destServicesJsonList.add(destServicesJson);
645 if(destServices.startsWith(GROUP)){
646 destServicesJson.setName(destServices.substring(6,destServices.length()));
648 destServicesJson.setName(destServices);
650 destServicesJsonList.add(destServicesJson);
653 targetTerm.setDestServices(destServicesJsonList);
655 //ExpandableServicesList
656 if((srcPort_map!=null) && (destPort_map!=null)){
657 String servicesCollateString = (srcPort_map.get(tl) + "," + destPort_map.get(tl));
658 expandableServicesList.add(servicesCollateString);
659 }else if (srcPort_map!=null){
660 expandableServicesList.add(srcPort_map.get(tl));
661 }else if (destPort_map!=null){
662 expandableServicesList.add(destPort_map.get(tl));
667 List<AddressJson> sourceListArrayJson= new ArrayList<>();
668 for(String srcList:srcIP_map.get(tl).split(",") ){
669 AddressJson srcListJson= new AddressJson();
670 if(srcList.equals(ANY)){
671 srcListJson.setType("any");
672 sourceListArrayJson.add(srcListJson);
675 srcListJson.setType("REFERENCE");
676 if(srcList.startsWith(GROUP)){
677 srcListJson.setName(srcList.substring(6,srcList.length()));
679 srcListJson.setName(srcList);
681 sourceListArrayJson.add(srcListJson);
684 targetTerm.setSourceList(sourceListArrayJson);
686 if(destIP_map!=null){
688 List<AddressJson> destListArrayJson= new ArrayList<>();
689 for(String destList:destIP_map.get(tl).split(",")){
690 AddressJson destListJson= new AddressJson();
691 if(destList.equals(ANY)){
692 destListJson.setType("any");
693 destListArrayJson.add(destListJson);
696 destListJson.setType("REFERENCE");
697 if(destList.startsWith(GROUP)){
698 destListJson.setName(destList.substring(6,destList.length()));
700 destListJson.setName(destList);
702 destListArrayJson.add(destListJson);
705 targetTerm.setDestinationList(destListArrayJson);
707 //ExpandablePrefixIPList
708 if ((srcIP_map!=null) && (destIP_map!=null))
710 String collateString = (srcIP_map.get(tl) + "," + destIP_map
712 expandablePrefixIPList.add(collateString);
714 else if(srcIP_map!=null){
715 expandablePrefixIPList.add(srcIP_map.get(tl));
717 else if(destIP_map!=null){
718 expandablePrefixIPList.add(destIP_map.get(tl));
720 termList.add(targetTerm);
721 targetTerm.setPosition(Integer.toString (ruleCount++));
724 List<Object> securityZoneData = commonClassDao.getData(SecurityZone.class);
725 for (int j =0 ; j< securityZoneData.size() ; j++){
726 jpaSecurityZone = (SecurityZone) securityZoneData.get(j);
727 if (jpaSecurityZone.getZoneName().equals(policyData.getSecurityZone())){
728 tc.setSecurityZoneId(jpaSecurityZone.getZoneValue());
729 IdMap idMapInstance= new IdMap();
730 idMapInstance.setAstraId(jpaSecurityZone.getZoneValue());
731 idMapInstance.setVendorId("deviceGroup:dev");
733 List<IdMap> idMap = new ArrayList <>();
734 idMap.add(idMapInstance);
736 VendorSpecificData vendorStructure= new VendorSpecificData();
737 vendorStructure.setIdMap(idMap);
738 tc.setVendorSpecificData(vendorStructure);
743 tc.setServiceTypeId("/v0/firewall/pan");
744 tc.setConfigName(policyData.getConfigName());
745 tc.setVendorServiceId("vipr");
747 DeployNowJson deployNow= new DeployNowJson();
748 deployNow.setDeployNow(false);
750 tc.setDeploymentOption(deployNow);
752 Set<ServiceListJson> servListArray = new HashSet<>();
753 Set<ServiceGroupJson> servGroupArray= new HashSet<>();
754 Set<AddressGroupJson> addrGroupArray= new HashSet<>();
755 Set<AddressMembers> addrArray= new HashSet<> ();
757 ServiceGroupJson targetSg= null;
758 AddressGroupJson addressSg=null;
759 ServiceListJson targetAny= null;
760 ServiceListJson targetAnyTcp=null;
761 ServiceListJson targetAnyUdp=null;
763 for(String serviceList:expandableServicesList){
764 for(String t: serviceList.split(",")){
765 if((!t.startsWith(GROUP))){
768 targetSl= new ServiceListJson();
769 sl= mappingServiceList(t);
770 targetSl.setName(sl.getServiceName());
771 targetSl.setDescription(sl.getServiceDescription());
772 targetSl.setTransportProtocol(sl.getServiceTransProtocol());
773 targetSl.setType(sl.getServiceType());
774 targetSl.setPorts(sl.getServicePorts());
775 servListArray.add(targetSl);
777 //Any for destinationServices.
778 //Add names any, any-tcp, any-udp to the serviceGroup object.
779 targetAny= new ServiceListJson();
780 targetAny.setName("any");
781 targetAny.setType("SERVICE");
782 targetAny.setTransportProtocol("any");
783 targetAny.setPorts("any");
785 servListArray.add(targetAny);
787 targetAnyTcp= new ServiceListJson();
788 targetAnyTcp.setName("any-tcp");
789 targetAnyTcp.setType("SERVICE");
790 targetAnyTcp.setTransportProtocol("tcp");
791 targetAnyTcp.setPorts("any");
793 servListArray.add(targetAnyTcp);
795 targetAnyUdp= new ServiceListJson();
796 targetAnyUdp.setName("any-udp");
797 targetAnyUdp.setType("SERVICE");
798 targetAnyUdp.setTransportProtocol("udp");
799 targetAnyUdp.setPorts("any");
801 servListArray.add(targetAnyUdp);
803 }else{//This is a group
805 targetSg= new ServiceGroupJson();
806 sg= mappingServiceGroup(t);
808 String name=sg.getGroupName();
809 //Removing the "Group_" prepending string before packing the JSON
810 targetSg.setName(name.substring(6,name.length()));
811 List<ServiceMembers> servMembersList= new ArrayList<>();
813 for(String groupString: sg.getServiceList().split(",")){
814 ServiceMembers serviceMembers= new ServiceMembers();
815 serviceMembers.setType("REFERENCE");
816 serviceMembers.setName(groupString);
817 servMembersList.add(serviceMembers);
818 //Expand the group Name
819 ServiceList expandGroupSl ;
820 targetSl= new ServiceListJson();
821 expandGroupSl= mappingServiceList(groupString);
823 targetSl.setName(expandGroupSl.getServiceName());
824 targetSl.setDescription(expandGroupSl.getServiceDescription());
825 targetSl.setTransportProtocol(expandGroupSl.getServiceTransProtocol());
826 targetSl.setType(expandGroupSl.getServiceType());
827 targetSl.setPorts(expandGroupSl.getServicePorts());
828 servListArray.add(targetSl);
831 targetSg.setMembers(servMembersList);
832 servGroupArray.add(targetSg);
838 Set<PrefixIPList> prefixIPList = new HashSet<>();
839 for(String prefixList:expandablePrefixIPList){
840 for(String prefixIP: prefixList.split(",")){
841 if((!prefixIP.startsWith(GROUP))){
842 if(!prefixIP.equals(ANY)){
843 List<AddressMembers> addMembersList= new ArrayList<>();
844 List<String> valueDesc;
845 PrefixIPList targetAddressList = new PrefixIPList();
846 AddressMembers addressMembers= new AddressMembers();
847 targetAddressList.setName(prefixIP);
848 policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList value:"+prefixIP);
849 valueDesc = mapping(prefixIP);
850 if(!valueDesc.isEmpty()){
851 policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList description:"+valueDesc.get(1));
852 targetAddressList.setDescription(valueDesc.get(1));
856 addressMembers.setType("SUBNET");
857 if(!valueDesc.isEmpty()) {
858 addressMembers.setValue(valueDesc.get(0));
861 addMembersList.add(addressMembers);
863 targetAddressList.setMembers(addMembersList);
864 prefixIPList.add(targetAddressList);
867 else{//This is a group
869 addressSg= new AddressGroupJson();
870 ag= mappingAddressGroup(prefixIP);
872 String name=ag.getGroupName();
873 //Removing the "Group_" prepending string before packing the JSON
874 addressSg.setName(name.substring(6,name.length()));
876 List<AddressMembersJson> addrMembersList= new ArrayList<>();
877 for(String groupString: ag.getPrefixList().split(",")){
878 List<String> valueDesc;
879 AddressMembersJson addressMembers= new AddressMembersJson();
880 addressMembers.setType("REFERENCES");
881 addressMembers.setName(groupString);
882 addrMembersList.add(addressMembers);
883 //Expand the group Name
884 addressMembersJson= new AddressMembers();
885 valueDesc= mapping (groupString);
887 addressMembersJson.setName(groupString);
888 addressMembersJson.setType("SUBNET");
889 addressMembersJson.setValue(valueDesc.get(0));
891 addrArray.add(addressMembersJson);
894 addressSg.setMembers(addrMembersList);
895 addrGroupArray.add(addressSg);
901 Set<Object> serviceGroup= new HashSet<>();
903 for(Object obj1:servGroupArray){
904 serviceGroup.add(obj1);
907 for(Object obj:servListArray){
908 serviceGroup.add(obj);
911 Set<Object> addressGroup= new HashSet<>();
913 for(Object addObj:prefixIPList){
914 addressGroup.add(addObj);
917 for(Object addObj1:addrGroupArray){
918 addressGroup.add(addObj1);
921 for(Object addObj2:addrArray){
922 addressGroup.add(addObj2);
926 tc.setServiceGroups(serviceGroup);
927 tc.setAddressGroups(addressGroup);
928 tc.setFirewallRuleList(termList);
930 ObjectWriter om = new ObjectMapper().writer();
932 json = om.writeValueAsString(tc);
933 } catch (JsonGenerationException e) {
934 policyLogger.error("JsonGenerationException Ocured",e);
935 } catch (JsonMappingException e) {
936 policyLogger.error("IOException Occured",e);
939 }catch (Exception e) {
940 policyLogger.error("Exception Occured"+e);