2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.controller;
22 import java.io.PrintWriter;
23 import java.util.ArrayList;
24 import java.util.HashMap;
25 import java.util.HashSet;
26 import java.util.Iterator;
27 import java.util.LinkedHashMap;
28 import java.util.List;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
35 import org.hibernate.SessionFactory;
36 import org.json.JSONObject;
37 import org.onap.policy.common.logging.flexlogger.FlexLogger;
38 import org.onap.policy.common.logging.flexlogger.Logger;
39 import org.onap.policy.rest.adapter.AddressGroupJson;
40 import org.onap.policy.rest.adapter.AddressJson;
41 import org.onap.policy.rest.adapter.AddressMembers;
42 import org.onap.policy.rest.adapter.AddressMembersJson;
43 import org.onap.policy.rest.adapter.DeployNowJson;
44 import org.onap.policy.rest.adapter.IdMap;
45 import org.onap.policy.rest.adapter.PolicyRestAdapter;
46 import org.onap.policy.rest.adapter.PrefixIPList;
47 import org.onap.policy.rest.adapter.ServiceGroupJson;
48 import org.onap.policy.rest.adapter.ServiceListJson;
49 import org.onap.policy.rest.adapter.ServiceMembers;
50 import org.onap.policy.rest.adapter.ServicesJson;
51 import org.onap.policy.rest.adapter.TagDefines;
52 import org.onap.policy.rest.adapter.Tags;
53 import org.onap.policy.rest.adapter.Term;
54 import org.onap.policy.rest.adapter.TermCollector;
55 import org.onap.policy.rest.adapter.VendorSpecificData;
56 import org.onap.policy.rest.dao.CommonClassDao;
57 import org.onap.policy.rest.jpa.AddressGroup;
58 import org.onap.policy.rest.jpa.FWTagPicker;
59 import org.onap.policy.rest.jpa.GroupServiceList;
60 import org.onap.policy.rest.jpa.PolicyEntity;
61 import org.onap.policy.rest.jpa.PrefixList;
62 import org.onap.policy.rest.jpa.SecurityZone;
63 import org.onap.policy.rest.jpa.ServiceList;
64 import org.onap.policy.rest.jpa.TermList;
65 import org.onap.policy.xacml.api.XACMLErrorConstants;
66 import org.onap.portalsdk.core.controller.RestrictedBaseController;
67 import org.springframework.beans.factory.annotation.Autowired;
68 import org.springframework.stereotype.Controller;
69 import org.springframework.web.bind.annotation.RequestMapping;
70 import org.springframework.web.servlet.ModelAndView;
72 import com.fasterxml.jackson.core.JsonGenerationException;
73 import com.fasterxml.jackson.databind.DeserializationFeature;
74 import com.fasterxml.jackson.databind.JsonMappingException;
75 import com.fasterxml.jackson.databind.JsonNode;
76 import com.fasterxml.jackson.databind.ObjectMapper;
77 import com.fasterxml.jackson.databind.ObjectWriter;
79 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
80 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
81 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType;
82 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
83 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
84 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
85 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
89 public class CreateFirewallController extends RestrictedBaseController {
90 private static Logger policyLogger = FlexLogger.getLogger(CreateFirewallController.class);
91 private static final String ANY="ANY";
92 private static final String GROUP="Group_";
95 SessionFactory sessionFactory;
97 private static CommonClassDao commonClassDao;
99 public static CommonClassDao getCommonClassDao() {
100 return commonClassDao;
103 public static void setCommonClassDao(CommonClassDao commonClassDao) {
104 CreateFirewallController.commonClassDao = commonClassDao;
107 private List<String> tagCollectorList;
109 List<String> expandablePrefixIPList = new ArrayList<>();
110 List<String> expandableServicesList= new ArrayList<>();
112 private CreateFirewallController(CommonClassDao commonClassDao){
113 CreateFirewallController.commonClassDao = commonClassDao;
116 public CreateFirewallController(){
119 private List<String> termCollectorList;
123 public PolicyRestAdapter setDataToPolicyRestAdapter(PolicyRestAdapter policyData){
125 termCollectorList = new ArrayList <>();
126 tagCollectorList = new ArrayList <>();
127 if(! policyData.getAttributes().isEmpty()){
128 for(Object attribute : policyData.getAttributes()){
129 if(attribute instanceof LinkedHashMap<?, ?>){
130 String key = ((LinkedHashMap<?, ?>) attribute).get("key").toString();
131 termCollectorList.add(key);
133 String tag = ((LinkedHashMap<?, ?>) attribute).get("value").toString();
134 tagCollectorList.add(tag);
138 jsonBody = constructJson(policyData);
139 if (jsonBody != null && ! "".equalsIgnoreCase(jsonBody)) {
140 policyData.setJsonBody(jsonBody);
142 policyData.setJsonBody("{}");
144 policyData.setJsonBody(jsonBody);
149 private List<String> mapping(String expandableList) {
152 List <String> valueDesc= new ArrayList<>();
153 List<Object> prefixListData = commonClassDao.getData(PrefixList.class);
154 for (int i = 0; i< prefixListData.size(); i++) {
155 PrefixList prefixList = (PrefixList) prefixListData.get(i);
156 if (prefixList.getPrefixListName().equals(expandableList)) {
157 value = prefixList.getPrefixListValue();
158 valueDesc.add(value);
159 desc= prefixList.getDescription();
167 private ServiceList mappingServiceList(String expandableList) {
168 ServiceList serviceList=null;
169 List<Object> serviceListData = commonClassDao.getData(ServiceList.class);
170 for (int i = 0; i< serviceListData.size(); i++) {
171 serviceList = (ServiceList) serviceListData.get(i);
172 if (serviceList.getServiceName().equals(expandableList)) {
179 private GroupServiceList mappingServiceGroup(String expandableList) {
181 GroupServiceList serviceGroup=null;
182 List<Object> serviceGroupData = commonClassDao.getData(GroupServiceList.class);
183 for (int i = 0; i< serviceGroupData.size(); i++) {
184 serviceGroup = (GroupServiceList) serviceGroupData.get(i);
185 if (serviceGroup.getGroupName().equals(expandableList)) {
192 private AddressGroup mappingAddressGroup(String expandableList) {
194 AddressGroup addressGroup=null;
195 List<Object> addressGroupData = commonClassDao.getData(AddressGroup.class);
196 for (int i = 0; i< addressGroupData.size(); i++) {
197 addressGroup = (AddressGroup) addressGroupData.get(i);
198 if (addressGroup.getGroupName().equals(expandableList)) {
205 public void prePopulateFWPolicyData(PolicyRestAdapter policyAdapter, PolicyEntity entity) {
206 ArrayList<Object> attributeList;
207 attributeList = new ArrayList<>();
208 if (policyAdapter.getPolicyData() instanceof PolicyType) {
209 Object policyData = policyAdapter.getPolicyData();
210 PolicyType policy = (PolicyType) policyData;
211 // policy name value is the policy name without any prefix and Extensions.
212 policyAdapter.setOldPolicyFileName(policyAdapter.getPolicyName());
213 String policyNameValue = policyAdapter.getPolicyName().substring(policyAdapter.getPolicyName().indexOf("FW_") +3);
214 if (policyLogger.isDebugEnabled()) {
215 policyLogger.debug("Prepopulating form data for Config Policy selected:"+ policyAdapter.getPolicyName());
217 policyAdapter.setPolicyName(policyNameValue);
218 String description = "";
220 description = policy.getDescription().substring(0, policy.getDescription().indexOf("@CreatedBy:"));
222 policyLogger.info("General error", e);
223 description = policy.getDescription();
225 policyAdapter.setPolicyDescription(description);
227 ObjectMapper mapper = new ObjectMapper();
229 TermCollector tc1=null;
233 SecurityZone jpaSecurityZone;
234 data = entity.getConfigurationData().getConfigBody();
235 tc1 = mapper.readValue(data, TermCollector.class);
236 List<Object> securityZoneData = commonClassDao.getData(SecurityZone.class);
237 for (int i = 0; i < securityZoneData.size() ; i++) {
238 jpaSecurityZone = (SecurityZone) securityZoneData.get(i);
239 if (jpaSecurityZone.getZoneValue().equals(tc1.getSecurityZoneId())){
240 policyAdapter.setSecurityZone(jpaSecurityZone.getZoneName());
246 policyLogger.error("Exception Caused while Retriving the JSON body data" +e);
249 Map<String, String> termTagMap;
251 for(int i=0;i<tc1.getFirewallRuleList().size();i++){
252 termTagMap = new HashMap <>();
253 String ruleName= tc1.getFirewallRuleList().get(i).getRuleName();
254 String tagPickerName=tc1.getRuleToTag().get(i).getTagPickerName();
255 termTagMap.put("key", ruleName);
256 termTagMap.put("value", tagPickerName);
257 attributeList.add(termTagMap);
260 policyAdapter.setAttributes(attributeList);
261 // Get the target data under policy.
262 TargetType target = policy.getTarget();
263 if (target != null) {
264 // Under target we have AnyOFType
265 List<AnyOfType> anyOfList = target.getAnyOf();
266 if (anyOfList != null) {
267 Iterator<AnyOfType> iterAnyOf = anyOfList.iterator();
268 while (iterAnyOf.hasNext()) {
269 AnyOfType anyOf = iterAnyOf.next();
270 // Under AnyOFType we have AllOFType
271 List<AllOfType> allOfList = anyOf.getAllOf();
272 if (allOfList != null) {
273 Iterator<AllOfType> iterAllOf = allOfList.iterator();
274 while (iterAllOf.hasNext()) {
275 AllOfType allOf = iterAllOf.next();
276 // Under AllOFType we have Match
277 List<MatchType> matchList = allOf.getMatch();
278 if (matchList != null) {
280 Iterator<MatchType> iterMatch = matchList.iterator();
281 while (iterMatch.hasNext()) {
282 MatchType match = iterMatch.next();
284 // Under the match we have attribute value and
285 // attributeDesignator. So,finally down to the actual attribute.
287 AttributeValueType attributeValue = match.getAttributeValue();
288 String value = (String) attributeValue.getContent().get(0);
289 AttributeDesignatorType designator = match.getAttributeDesignator();
290 String attributeId = designator.getAttributeId();
291 if (("ConfigName").equals(attributeId)) {
292 policyAdapter.setConfigName(value);
294 if (("RiskType").equals(attributeId)){
295 policyAdapter.setRiskType(value);
297 if (("RiskLevel").equals(attributeId)){
298 policyAdapter.setRiskLevel(value);
300 if (("guard").equals(attributeId)){
301 policyAdapter.setGuard(value);
303 if ("TTLDate".equals(attributeId) && !value.contains("NA")){
304 PolicyController controller = new PolicyController();
305 String newDate = controller.convertDate(value);
306 policyAdapter.setTtlDate(newDate);
318 @RequestMapping(value={"/policyController/ViewFWPolicyRule.htm"}, method={org.springframework.web.bind.annotation.RequestMethod.POST})
319 public ModelAndView setFWViewRule(HttpServletRequest request, HttpServletResponse response){
321 termCollectorList = new ArrayList<>();
322 ObjectMapper mapper = new ObjectMapper();
323 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
324 JsonNode root = mapper.readTree(request.getReader());
325 PolicyRestAdapter policyData = mapper.readValue(root.get("policyData").toString(), PolicyRestAdapter.class);
326 if(! policyData.getAttributes().isEmpty()){
327 for(Object attribute : policyData.getAttributes()){
328 if(attribute instanceof LinkedHashMap<?, ?>){
329 String key = ((LinkedHashMap<?, ?>) attribute).get("key").toString();
330 termCollectorList.add(key);
334 TermList jpaTermList;
340 List <String> valueDesc;
341 StringBuilder displayString = new StringBuilder();
342 for (String id : termCollectorList) {
343 List<Object> tmList = commonClassDao.getDataById(TermList.class, "termName", id);
344 jpaTermList = (TermList) tmList.get(0);
345 if (jpaTermList != null){
346 ruleSrcList= jpaTermList.getSrcIPList();
347 if ((ruleSrcList!= null) && (!ruleSrcList.isEmpty()) && !"null".equals(ruleSrcList)){
348 displayString.append("Source IP List: " + jpaTermList.getSrcIPList());
349 displayString.append(" ; \t\n");
350 for(String srcList:ruleSrcList.split(",")){
351 if(srcList.startsWith(GROUP)){
353 ag= mappingAddressGroup(srcList);
354 displayString.append("\n\t"+"Group has :"+(ag != null ? ag.getPrefixList() : "") +"\n");
356 for(String groupItems:ag.getPrefixList().split(",")){
357 valueDesc=mapping(groupItems);
358 displayString.append("\n\t"+"Name: "+groupItems);
359 if(!valueDesc.isEmpty()){
360 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
361 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
363 displayString.append("\n");
367 if(!srcList.equals(ANY)){
368 valueDesc=mapping(srcList);
369 displayString.append("\n\t"+"Name: "+srcList);
370 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
371 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
372 displayString.append("\n");
376 displayString.append("\n");
378 ruleDestList= jpaTermList.getDestIPList();
379 if ( ruleDestList!= null && (!ruleDestList.isEmpty())&& ! "null".equals(ruleDestList)){
380 displayString.append("Destination IP List: " + jpaTermList.getDestIPList());
381 displayString.append(" ; \t\n");
382 for(String destList:ruleDestList.split(",")){
383 if(destList.startsWith(GROUP)){
385 ag= mappingAddressGroup(destList);
386 displayString.append("\n\t"+"Group has :"+ (ag != null ? ag.getPrefixList() : "") +"\n");
388 for(String groupItems:ag.getPrefixList().split(",")){
389 valueDesc=mapping(groupItems);
390 displayString.append("\n\t"+"Name: "+groupItems);
391 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
392 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
393 displayString.append("\n\t");
397 if(!destList.equals(ANY)){
398 valueDesc=mapping(destList);
399 displayString.append("\n\t"+"Name: "+destList);
400 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
401 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
402 displayString.append("\n\t");
406 displayString.append("\n");
409 ruleSrcPort=jpaTermList.getSrcPortList();
410 if ( ruleSrcPort!= null && (!ruleSrcPort.isEmpty())&& !"null".equals(ruleSrcPort)) {
411 displayString.append("\n"+"Source Port List:"
413 displayString.append(" ; \t\n");
416 ruleDestPort= jpaTermList.getDestPortList();
417 if (ruleDestPort != null && (!ruleDestPort.isEmpty())&& !"null".equals(ruleDestPort)) {
418 displayString.append("\n"+"Destination Port List:"
420 displayString.append(" ; \t\n");
421 for(String destServices:ruleDestPort.split(",")){
422 if(destServices.startsWith(GROUP)){
424 sg= mappingServiceGroup(destServices);
425 displayString.append("\n\t"+"Service Group has :"+ (sg != null ? sg.getServiceList() : "") +"\n");
427 for(String groupItems:sg.getServiceList().split(",")){
429 sl= mappingServiceList(groupItems);
430 displayString.append("\n\t"+"Name: "+
431 sl.getServiceName());
432 displayString.append("\n\t"+"Description: "+
433 sl.getServiceDescription());
434 displayString.append("\n\t"+"Transport-Protocol: "+
435 sl.getServiceTransProtocol());
436 displayString.append("\n\t"+"Ports: "+
437 sl.getServicePorts());
438 displayString.append("\n");
443 if(!destServices.equals(ANY)){
445 sl= mappingServiceList(destServices);
446 displayString.append("\n\t"+"Name: "+
447 sl.getServiceName());
448 displayString.append("\n\t"+"Description: "+
449 sl.getServiceDescription());
450 displayString.append("\n\t"+"Transport-Protocol: "+
451 sl.getServiceTransProtocol());
452 displayString.append("\n\t"+"Ports: "+
453 sl.getServicePorts());
454 displayString.append("\n");
458 displayString.append("\n");
461 ruleAction=(jpaTermList).getAction();
462 if ( ruleAction!= null && (!ruleAction.isEmpty())) {
463 displayString.append("\n"+"Action List:"
465 displayString.append(" ; \t\n");
469 response.setCharacterEncoding("UTF-8");
470 response.setContentType("application / json");
471 request.setCharacterEncoding("UTF-8");
473 PrintWriter out = response.getWriter();
474 String responseString = mapper.writeValueAsString(displayString);
475 JSONObject j = new JSONObject("{policyData: " + responseString + "}");
476 out.write(j.toString());
478 } catch (Exception e) {
479 policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e);
484 private String constructJson(PolicyRestAdapter policyData) {
486 //Maps to assosciate the values read from the TermList dictionary
487 Map<Integer, String> srcIP_map =null;
488 Map<Integer, String> destIP_map=null;
489 Map<Integer, String> srcPort_map =null;
490 Map<Integer, String> destPort_map =null;
491 Map<Integer, String> action_map=null;
492 Map<Integer, String> fromZone_map=null;
493 Map<Integer, String> toZone_map=null;
495 String ruleDesc=null;
496 String ruleFromZone=null;
497 String ruleToZone=null;
498 String ruleSrcPrefixList=null;
499 String ruleDestPrefixList=null;
500 String ruleSrcPort=null;
501 String ruleDestPort=null;
502 String ruleAction=null;
507 List<String> expandableList = new ArrayList<>();
508 TermList jpaTermList;
509 TermCollector tc = new TermCollector();
510 SecurityZone jpaSecurityZone;
511 List<Term> termList = new ArrayList<>();
514 List<Tags>tagsList= new ArrayList<>();
516 TagDefines tagDefine= new TagDefines();
517 List<TagDefines> tagList=null;
518 ServiceListJson targetSl=null;
519 AddressMembers addressMembersJson=null;
522 String networkRole="";
523 for(String tag:tagCollectorList){
525 List<Object> tagListData = commonClassDao.getData(FWTagPicker.class);
526 for(int tagCounter=0; tagCounter<tagListData.size(); tagCounter++){
527 FWTagPicker jpaTagPickerList=(FWTagPicker) tagListData.get(tagCounter);
528 if (jpaTagPickerList.getTagPickerName().equals(tag) ){
529 String tagValues=jpaTagPickerList.getTagValues();
530 tagList= new ArrayList<>();
531 for(String val:tagValues.split("#")) {
532 int index=val.indexOf(':');
533 String keyToStore=val.substring(0,index);
534 String valueToStore=val.substring(index+1,val.length());
536 tagDefine= new TagDefines();
537 tagDefine.setKey(keyToStore);
538 tagDefine.setValue(valueToStore);
539 //Add to the collection.
540 tagList.add(tagDefine);
543 networkRole=jpaTagPickerList.getNetworkRole();
547 tags.setTags(tagList);
548 tags.setTagPickerName(tag);
549 tags.setRuleName(termCollectorList.get(i));
550 tags.setNetworkRole(networkRole);
554 tc.setRuleToTag(tagsList);
556 for (int tl = 0 ; tl< termCollectorList.size(); tl++) {
557 expandableList.add(termCollectorList.get(tl));
558 Term targetTerm = new Term();
559 targetTerm.setRuleName(termCollectorList.get(tl));
560 List<Object> termListData = commonClassDao.getData(TermList.class);
561 for (int j =0; j < termListData.size(); j++) {
562 jpaTermList = (TermList) termListData.get(j);
563 if (jpaTermList.getTermName().equals(termCollectorList.get(tl))){
564 ruleDesc=jpaTermList.getTermDescription();
565 if ((ruleDesc!=null)&& (!ruleDesc.isEmpty())){
566 targetTerm.setDescription(ruleDesc);
568 ruleFromZone=jpaTermList.getFromZone();
570 if ((ruleFromZone != null) && (!ruleFromZone.isEmpty())){
571 fromZone_map = new HashMap<>();
572 fromZone_map.put(tl, ruleFromZone);
574 ruleToZone=jpaTermList.getToZone();
576 if ((ruleToZone != null) && (!ruleToZone.isEmpty())){
577 toZone_map = new HashMap<>();
578 toZone_map.put(tl, ruleToZone);
580 ruleSrcPrefixList=jpaTermList.getSrcIPList();
582 if ((ruleSrcPrefixList != null) && (!ruleSrcPrefixList.isEmpty())){
583 srcIP_map = new HashMap<>();
584 srcIP_map.put(tl, ruleSrcPrefixList);
587 ruleDestPrefixList= jpaTermList.getDestIPList();
588 if ((ruleDestPrefixList != null) && (!ruleDestPrefixList.isEmpty())){
589 destIP_map = new HashMap<>();
590 destIP_map.put(tl, ruleDestPrefixList);
593 ruleSrcPort=jpaTermList.getSrcPortList();
595 if (ruleSrcPort != null && (!ruleSrcPort.isEmpty())){
596 srcPort_map = new HashMap<>();
597 srcPort_map.put(tl, ruleSrcPort);
600 ruleDestPort= jpaTermList.getDestPortList();
602 if (ruleDestPort!= null && (!jpaTermList.getDestPortList().isEmpty())){
603 destPort_map = new HashMap<>();
604 destPort_map.put(tl, ruleDestPort);
607 ruleAction=jpaTermList.getAction();
609 if (( ruleAction!= null) && (!ruleAction.isEmpty())){
610 action_map = new HashMap<>();
611 action_map.put(tl, ruleAction);
615 targetTerm.setEnabled(true);
616 targetTerm.setLog(true);
617 targetTerm.setNegateSource(false);
618 targetTerm.setNegateDestination(false);
620 if(action_map!=null){
621 targetTerm.setAction(action_map.get(tl));
625 if(fromZone_map!=null){
626 List<String> fromZone= new ArrayList<>();
627 for(String fromZoneStr:fromZone_map.get(tl).split(",") ){
628 fromZone.add(fromZoneStr);
630 targetTerm.setFromZones(fromZone);
634 if(toZone_map!=null){
635 List<String> toZone= new ArrayList<>();
636 for(String toZoneStr:toZone_map.get(tl).split(",") ){
637 toZone.add(toZoneStr);
639 targetTerm.setToZones(toZone);
642 //Destination Services.
643 if(destPort_map!=null){
644 Set<ServicesJson> destServicesJsonList= new HashSet<>();
645 for(String destServices:destPort_map.get(tl).split(",") ){
646 ServicesJson destServicesJson= new ServicesJson();
647 destServicesJson.setType("REFERENCE");
648 if(destServices.equals(ANY)){
649 destServicesJson.setName("any");
650 destServicesJsonList.add(destServicesJson);
653 if(destServices.startsWith(GROUP)){
654 destServicesJson.setName(destServices.substring(6,destServices.length()));
656 destServicesJson.setName(destServices);
658 destServicesJsonList.add(destServicesJson);
661 targetTerm.setDestServices(destServicesJsonList);
663 //ExpandableServicesList
664 if((srcPort_map!=null) && (destPort_map!=null)){
665 String servicesCollateString = srcPort_map.get(tl) + "," + destPort_map.get(tl);
666 expandableServicesList.add(servicesCollateString);
667 }else if (srcPort_map!=null){
668 expandableServicesList.add(srcPort_map.get(tl));
669 }else if (destPort_map!=null){
670 expandableServicesList.add(destPort_map.get(tl));
675 List<AddressJson> sourceListArrayJson= new ArrayList<>();
676 for(String srcList:srcIP_map.get(tl).split(",") ){
677 AddressJson srcListJson= new AddressJson();
678 if(srcList.equals(ANY)){
679 srcListJson.setType("any");
680 sourceListArrayJson.add(srcListJson);
683 srcListJson.setType("REFERENCE");
684 if(srcList.startsWith(GROUP)){
685 srcListJson.setName(srcList.substring(6,srcList.length()));
687 srcListJson.setName(srcList);
689 sourceListArrayJson.add(srcListJson);
692 targetTerm.setSourceList(sourceListArrayJson);
694 if(destIP_map!=null){
696 List<AddressJson> destListArrayJson= new ArrayList<>();
697 for(String destList:destIP_map.get(tl).split(",")){
698 AddressJson destListJson= new AddressJson();
699 if(destList.equals(ANY)){
700 destListJson.setType("any");
701 destListArrayJson.add(destListJson);
704 destListJson.setType("REFERENCE");
705 if(destList.startsWith(GROUP)){
706 destListJson.setName(destList.substring(6,destList.length()));
708 destListJson.setName(destList);
710 destListArrayJson.add(destListJson);
713 targetTerm.setDestinationList(destListArrayJson);
715 //ExpandablePrefixIPList
716 if ((srcIP_map!=null) && (destIP_map!=null))
718 String collateString = srcIP_map.get(tl) + "," + destIP_map
720 expandablePrefixIPList.add(collateString);
722 else if(srcIP_map!=null){
723 expandablePrefixIPList.add(srcIP_map.get(tl));
725 else if(destIP_map!=null){
726 expandablePrefixIPList.add(destIP_map.get(tl));
728 termList.add(targetTerm);
729 targetTerm.setPosition(Integer.toString (ruleCount++));
732 List<Object> securityZoneData = commonClassDao.getData(SecurityZone.class);
733 for (int j =0 ; j< securityZoneData.size() ; j++){
734 jpaSecurityZone = (SecurityZone) securityZoneData.get(j);
735 if (jpaSecurityZone.getZoneName().equals(policyData.getSecurityZone())){
736 tc.setSecurityZoneId(jpaSecurityZone.getZoneValue());
737 IdMap idMapInstance= new IdMap();
738 idMapInstance.setAstraId(jpaSecurityZone.getZoneValue());
739 idMapInstance.setVendorId("deviceGroup:dev");
741 List<IdMap> idMap = new ArrayList <>();
742 idMap.add(idMapInstance);
744 VendorSpecificData vendorStructure= new VendorSpecificData();
745 vendorStructure.setIdMap(idMap);
746 tc.setVendorSpecificData(vendorStructure);
751 tc.setServiceTypeId("/v0/firewall/pan");
752 tc.setConfigName(policyData.getConfigName());
753 tc.setVendorServiceId("vipr");
755 DeployNowJson deployNow= new DeployNowJson();
756 deployNow.setDeployNow(false);
758 tc.setDeploymentOption(deployNow);
760 Set<ServiceListJson> servListArray = new HashSet<>();
761 Set<ServiceGroupJson> servGroupArray= new HashSet<>();
762 Set<AddressGroupJson> addrGroupArray= new HashSet<>();
763 Set<AddressMembers> addrArray= new HashSet<> ();
765 ServiceGroupJson targetSg;
766 AddressGroupJson addressSg;
767 ServiceListJson targetAny;
768 ServiceListJson targetAnyTcp;
769 ServiceListJson targetAnyUdp;
771 for(String serviceList:expandableServicesList){
772 for(String t: serviceList.split(",")){
773 if(!t.startsWith(GROUP)){
776 targetSl= new ServiceListJson();
777 sl= mappingServiceList(t);
778 targetSl.setName(sl.getServiceName());
779 targetSl.setDescription(sl.getServiceDescription());
780 targetSl.setTransportProtocol(sl.getServiceTransProtocol());
781 targetSl.setType(sl.getServiceType());
782 targetSl.setPorts(sl.getServicePorts());
783 servListArray.add(targetSl);
785 //Any for destinationServices.
786 //Add names any, any-tcp, any-udp to the serviceGroup object.
787 targetAny= new ServiceListJson();
788 targetAny.setName("any");
789 targetAny.setType("SERVICE");
790 targetAny.setTransportProtocol("any");
791 targetAny.setPorts("any");
793 servListArray.add(targetAny);
795 targetAnyTcp= new ServiceListJson();
796 targetAnyTcp.setName("any-tcp");
797 targetAnyTcp.setType("SERVICE");
798 targetAnyTcp.setTransportProtocol("tcp");
799 targetAnyTcp.setPorts("any");
801 servListArray.add(targetAnyTcp);
803 targetAnyUdp= new ServiceListJson();
804 targetAnyUdp.setName("any-udp");
805 targetAnyUdp.setType("SERVICE");
806 targetAnyUdp.setTransportProtocol("udp");
807 targetAnyUdp.setPorts("any");
809 servListArray.add(targetAnyUdp);
811 }else{//This is a group
813 targetSg= new ServiceGroupJson();
814 sg= mappingServiceGroup(t);
816 String name=sg.getGroupName();
817 //Removing the "Group_" prepending string before packing the JSON
818 targetSg.setName(name.substring(6,name.length()));
819 List<ServiceMembers> servMembersList= new ArrayList<>();
821 for(String groupString: sg.getServiceList().split(",")){
822 ServiceMembers serviceMembers= new ServiceMembers();
823 serviceMembers.setType("REFERENCE");
824 serviceMembers.setName(groupString);
825 servMembersList.add(serviceMembers);
826 //Expand the group Name
827 ServiceList expandGroupSl ;
828 targetSl= new ServiceListJson();
829 expandGroupSl= mappingServiceList(groupString);
831 targetSl.setName(expandGroupSl.getServiceName());
832 targetSl.setDescription(expandGroupSl.getServiceDescription());
833 targetSl.setTransportProtocol(expandGroupSl.getServiceTransProtocol());
834 targetSl.setType(expandGroupSl.getServiceType());
835 targetSl.setPorts(expandGroupSl.getServicePorts());
836 servListArray.add(targetSl);
839 targetSg.setMembers(servMembersList);
840 servGroupArray.add(targetSg);
846 Set<PrefixIPList> prefixIPList = new HashSet<>();
847 for(String prefixList:expandablePrefixIPList){
848 for(String prefixIP: prefixList.split(",")){
849 if(!prefixIP.startsWith(GROUP)){
850 if(!prefixIP.equals(ANY)){
851 List<AddressMembers> addMembersList= new ArrayList<>();
852 List<String> valueDesc;
853 PrefixIPList targetAddressList = new PrefixIPList();
854 AddressMembers addressMembers= new AddressMembers();
855 targetAddressList.setName(prefixIP);
856 policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList value:"+prefixIP);
857 valueDesc = mapping(prefixIP);
858 if(!valueDesc.isEmpty()){
859 policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList description:"+valueDesc.get(1));
860 targetAddressList.setDescription(valueDesc.get(1));
864 addressMembers.setType("SUBNET");
865 if(!valueDesc.isEmpty()) {
866 addressMembers.setValue(valueDesc.get(0));
869 addMembersList.add(addressMembers);
871 targetAddressList.setMembers(addMembersList);
872 prefixIPList.add(targetAddressList);
875 else{//This is a group
877 addressSg= new AddressGroupJson();
878 ag= mappingAddressGroup(prefixIP);
880 String name=ag.getGroupName();
881 //Removing the "Group_" prepending string before packing the JSON
882 addressSg.setName(name.substring(6,name.length()));
884 List<AddressMembersJson> addrMembersList= new ArrayList<>();
885 for(String groupString: ag.getPrefixList().split(",")){
886 List<String> valueDesc;
887 AddressMembersJson addressMembers= new AddressMembersJson();
888 addressMembers.setType("REFERENCES");
889 addressMembers.setName(groupString);
890 addrMembersList.add(addressMembers);
891 //Expand the group Name
892 addressMembersJson= new AddressMembers();
893 valueDesc= mapping (groupString);
895 addressMembersJson.setName(groupString);
896 addressMembersJson.setType("SUBNET");
897 addressMembersJson.setValue(valueDesc.get(0));
899 addrArray.add(addressMembersJson);
902 addressSg.setMembers(addrMembersList);
903 addrGroupArray.add(addressSg);
909 Set<Object> serviceGroup= new HashSet<>();
911 for(Object obj1:servGroupArray){
912 serviceGroup.add(obj1);
915 for(Object obj:servListArray){
916 serviceGroup.add(obj);
919 Set<Object> addressGroup= new HashSet<>();
921 for(Object addObj:prefixIPList){
922 addressGroup.add(addObj);
925 for(Object addObj1:addrGroupArray){
926 addressGroup.add(addObj1);
929 for(Object addObj2:addrArray){
930 addressGroup.add(addObj2);
934 tc.setServiceGroups(serviceGroup);
935 tc.setAddressGroups(addressGroup);
936 tc.setFirewallRuleList(termList);
938 ObjectWriter om = new ObjectMapper().writer();
940 json = om.writeValueAsString(tc);
941 } catch (JsonGenerationException e) {
942 policyLogger.error("JsonGenerationException Ocured",e);
943 } catch (JsonMappingException e) {
944 policyLogger.error("IOException Occured",e);
947 }catch (Exception e) {
948 policyLogger.error("Exception Occured"+e);
Code Review / policy / engine.git / blob