2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.policy.controller;
22 import java.io.IOException;
23 import java.io.PrintWriter;
24 import java.util.ArrayList;
25 import java.util.HashMap;
26 import java.util.HashSet;
27 import java.util.Iterator;
28 import java.util.LinkedHashMap;
29 import java.util.List;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
36 import org.hibernate.SessionFactory;
37 import org.json.JSONObject;
38 import org.openecomp.policy.common.logging.flexlogger.FlexLogger;
39 import org.openecomp.policy.common.logging.flexlogger.Logger;
40 import org.openecomp.policy.rest.adapter.AddressGroupJson;
41 import org.openecomp.policy.rest.adapter.AddressJson;
42 import org.openecomp.policy.rest.adapter.AddressMembers;
43 import org.openecomp.policy.rest.adapter.DeployNowJson;
44 import org.openecomp.policy.rest.adapter.PolicyRestAdapter;
45 import org.openecomp.policy.rest.adapter.PrefixIPList;
46 import org.openecomp.policy.rest.adapter.ServiceGroupJson;
47 import org.openecomp.policy.rest.adapter.ServiceListJson;
48 import org.openecomp.policy.rest.adapter.ServiceMembers;
49 import org.openecomp.policy.rest.adapter.ServicesJson;
50 import org.openecomp.policy.rest.adapter.TagDefines;
51 import org.openecomp.policy.rest.adapter.Tags;
52 import org.openecomp.policy.rest.adapter.Term;
53 import org.openecomp.policy.rest.adapter.TermCollector;
54 import org.openecomp.policy.rest.dao.CommonClassDao;
55 import org.openecomp.policy.rest.jpa.AddressGroup;
56 import org.openecomp.policy.rest.jpa.FWTagPicker;
57 import org.openecomp.policy.rest.jpa.GroupServiceList;
58 import org.openecomp.policy.rest.jpa.PolicyEntity;
59 import org.openecomp.policy.rest.jpa.PrefixList;
60 import org.openecomp.policy.rest.jpa.SecurityZone;
61 import org.openecomp.policy.rest.jpa.ServiceList;
62 import org.openecomp.policy.rest.jpa.TermList;
63 import org.openecomp.policy.xacml.api.XACMLErrorConstants;
64 import org.openecomp.portalsdk.core.controller.RestrictedBaseController;
65 import org.springframework.beans.factory.annotation.Autowired;
66 import org.springframework.stereotype.Controller;
67 import org.springframework.web.bind.annotation.RequestMapping;
68 import org.springframework.web.servlet.ModelAndView;
70 import com.fasterxml.jackson.core.JsonGenerationException;
71 import com.fasterxml.jackson.databind.DeserializationFeature;
72 import com.fasterxml.jackson.databind.JsonMappingException;
73 import com.fasterxml.jackson.databind.JsonNode;
74 import com.fasterxml.jackson.databind.ObjectMapper;
75 import com.fasterxml.jackson.databind.ObjectWriter;
77 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType;
78 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType;
79 import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType;
80 import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType;
81 import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType;
82 import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType;
86 public class CreateFirewallController extends RestrictedBaseController {
87 private static Logger logger = FlexLogger.getLogger(CreateFirewallController.class);
90 SessionFactory sessionFactory;
92 private static CommonClassDao commonClassDao;
94 private List<String> tagCollectorList;
95 private String jsonBody;
96 List<String> expandablePrefixIPList = new ArrayList<String>();
97 List<String> expandableServicesList= new ArrayList<String>();
99 private CreateFirewallController(CommonClassDao commonClassDao){
100 CreateFirewallController.commonClassDao = commonClassDao;
103 public CreateFirewallController(){}
104 private List<String> termCollectorList;
105 private ArrayList<Object> attributeList;
108 public PolicyRestAdapter setDataToPolicyRestAdapter(PolicyRestAdapter policyData){
110 termCollectorList = new ArrayList<String>();
111 tagCollectorList = new ArrayList<String>();
112 if(policyData.getAttributes().size() > 0){
113 for(Object attribute : policyData.getAttributes()){
114 if(attribute instanceof LinkedHashMap<?, ?>){
115 String key = ((LinkedHashMap<?, ?>) attribute).get("key").toString();
116 termCollectorList.add(key);
118 String tag = ((LinkedHashMap<?, ?>) attribute).get("value").toString();
119 tagCollectorList.add(tag);
123 jsonBody = constructJson(policyData);
124 if (jsonBody != null || jsonBody.equalsIgnoreCase("")) {
125 policyData.setJsonBody(jsonBody);
128 policyData.setJsonBody("{}");
130 policyData.setJsonBody(jsonBody);
135 private List<String> mapping(String expandableList) {
136 String value = new String();
137 String desc = new String();
138 List <String> valueDesc= new ArrayList<String>();
139 List<Object> prefixListData = commonClassDao.getData(PrefixList.class);
140 for (int i = 0; i< prefixListData.size(); i++) {
141 PrefixList prefixList = (PrefixList) prefixListData.get(i);
142 if (prefixList.getPrefixListName().equals(expandableList)) {
143 value = prefixList.getPrefixListValue();
144 valueDesc.add(value);
145 desc= prefixList.getDescription();
153 private ServiceList mappingServiceList(String expandableList) {
154 ServiceList serviceList=null;
155 List<Object> serviceListData = commonClassDao.getData(ServiceList.class);
156 for (int i = 0; i< serviceListData.size(); i++) {
157 serviceList = (ServiceList) serviceListData.get(i);
158 if (serviceList.getServiceName().equals(expandableList)) {
165 private GroupServiceList mappingServiceGroup(String expandableList) {
167 GroupServiceList serviceGroup=null;
168 List<Object> serviceGroupData = commonClassDao.getData(GroupServiceList.class);
169 for (int i = 0; i< serviceGroupData.size(); i++) {
170 serviceGroup = (GroupServiceList) serviceGroupData.get(i);
171 if (serviceGroup.getGroupName().equals(expandableList)) {
178 private AddressGroup mappingAddressGroup(String expandableList) {
180 AddressGroup addressGroup=null;
181 List<Object> addressGroupData = commonClassDao.getData(AddressGroup.class);
182 for (int i = 0; i< addressGroupData.size(); i++) {
183 addressGroup = (AddressGroup) addressGroupData.get(i);
184 if (addressGroup.getGroupName().equals(expandableList)) {
191 public void prePopulateFWPolicyData(PolicyRestAdapter policyAdapter, PolicyEntity entity) {
192 attributeList = new ArrayList<Object>();
193 if (policyAdapter.getPolicyData() instanceof PolicyType) {
194 Object policyData = policyAdapter.getPolicyData();
195 PolicyType policy = (PolicyType) policyData;
196 // policy name value is the policy name without any prefix and Extensions.
197 policyAdapter.setOldPolicyFileName(policyAdapter.getPolicyName());
198 String policyNameValue = policyAdapter.getPolicyName().substring(policyAdapter.getPolicyName().indexOf("FW_") +3);
199 if (logger.isDebugEnabled()) {
200 logger.debug("Prepopulating form data for Config Policy selected:"+ policyAdapter.getPolicyName());
202 policyAdapter.setPolicyName(policyNameValue);
203 String description = "";
205 description = policy.getDescription().substring(0, policy.getDescription().indexOf("@CreatedBy:"));
207 description = policy.getDescription();
209 policyAdapter.setPolicyDescription(description);
211 ObjectMapper mapper = new ObjectMapper();
213 TermCollector tc1=null;
217 SecurityZone jpaSecurityZone;
218 data = entity.getConfigurationData().getConfigBody();
219 tc1 = (TermCollector)mapper.readValue(data, TermCollector.class);
220 List<Object> securityZoneData = commonClassDao.getData(SecurityZone.class);
221 for (int i = 0; i < securityZoneData.size() ; i++) {
222 jpaSecurityZone = (SecurityZone) securityZoneData.get(i);
223 if (jpaSecurityZone.getZoneValue().equals(tc1.getSecurityZoneId())){
224 policyAdapter.setSecurityZone(jpaSecurityZone.getZoneName());
230 logger.error("Exception Caused while Retriving the JSON body data" +e);
233 Map<String, String> termTagMap=null;
235 for(int i=0;i<tc1.getFirewallRuleList().size();i++){
236 termTagMap = new HashMap<String, String>();
237 String ruleName= tc1.getFirewallRuleList().get(i).getRuleName();
238 String tagPickerName=tc1.getRuleToTag().get(i).getTagPickerName();
239 termTagMap.put("key", ruleName);
240 termTagMap.put("value", tagPickerName);
241 attributeList.add(termTagMap);
243 policyAdapter.setAttributes(attributeList);
244 // Get the target data under policy.
245 TargetType target = policy.getTarget();
246 if (target != null) {
247 // Under target we have AnyOFType
248 List<AnyOfType> anyOfList = target.getAnyOf();
249 if (anyOfList != null) {
251 Iterator<AnyOfType> iterAnyOf = anyOfList.iterator();
252 while (iterAnyOf.hasNext()) {
253 AnyOfType anyOf = iterAnyOf.next();
254 // Under AnyOFType we have AllOFType
255 List<AllOfType> allOfList = anyOf.getAllOf();
256 if (allOfList != null) {
257 Iterator<AllOfType> iterAllOf = allOfList.iterator();
258 while (iterAllOf.hasNext()) {
259 AllOfType allOf = iterAllOf.next();
260 // Under AllOFType we have Match
261 List<MatchType> matchList = allOf.getMatch();
262 if (matchList != null) {
264 Iterator<MatchType> iterMatch = matchList.iterator();
265 while (iterMatch.hasNext()) {
266 MatchType match = iterMatch.next();
268 // Under the match we have attribute value and
269 // attributeDesignator. So,finally down to the actual attribute.
271 AttributeValueType attributeValue = match.getAttributeValue();
272 String value = (String) attributeValue.getContent().get(0);
274 policyAdapter.setConfigName(value);
277 policyAdapter.setRiskType(value);
281 policyAdapter.setRiskLevel(value);
285 policyAdapter.setGuard(value);
287 if (index == 5 && !value.contains("NA")){
288 String newDate = convertDate(value, true);
289 policyAdapter.setTtlDate(newDate);
302 private String convertDate(String dateTTL, boolean portalType) {
303 String formateDate = null;
308 parts = dateTTL.split("-");
309 formateDate = parts[2] + "-" + parts[1] + "-" + parts[0] + "T05:00:00.000Z";
311 date = dateTTL.split("T");
312 parts = date[0].split("-");
313 formateDate = parts[2] + "-" + parts[1] + "-" + parts[0];
318 @RequestMapping(value={"/policyController/ViewFWPolicyRule.htm"}, method={org.springframework.web.bind.annotation.RequestMethod.POST})
319 public ModelAndView setFWViewRule(HttpServletRequest request, HttpServletResponse response) throws Exception{
321 termCollectorList = new ArrayList<String>();
322 ObjectMapper mapper = new ObjectMapper();
323 mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
324 JsonNode root = mapper.readTree(request.getReader());
325 PolicyRestAdapter policyData = (PolicyRestAdapter)mapper.readValue(root.get("policyData").toString(), PolicyRestAdapter.class);
326 if(policyData.getAttributes().size() > 0){
327 for(Object attribute : policyData.getAttributes()){
328 if(attribute instanceof LinkedHashMap<?, ?>){
329 String key = ((LinkedHashMap<?, ?>) attribute).get("key").toString();
330 termCollectorList.add(key);
334 TermList jpaTermList;
335 String ruleSrcList=null;
336 String ruleDestList=null;
337 String ruleSrcPort=null;
338 String ruleDestPort=null;
339 String ruleAction=null;
340 List <String> valueDesc= new ArrayList<String>();
341 StringBuffer displayString = new StringBuffer();
342 for (String id : termCollectorList) {
343 List<Object> tmList = commonClassDao.getDataById(TermList.class, "termName", id);
344 jpaTermList = (TermList) tmList.get(0);
345 if (jpaTermList != null){
346 ruleSrcList= ((TermList) jpaTermList).getSrcIPList();
347 if ((ruleSrcList!= null) && (!ruleSrcList.isEmpty()) && !ruleSrcList.equals("null")){
348 displayString.append("Source IP List: " + ((TermList) jpaTermList).getSrcIPList());
349 displayString.append(" ; \t\n");
350 for(String srcList:ruleSrcList.split(",")){
351 if(srcList.startsWith("Group_")){
352 AddressGroup ag= new AddressGroup();
353 ag= mappingAddressGroup(srcList);
354 displayString.append("\n\t"+"Group has :"+ag.getPrefixList()+"\n");
355 for(String groupItems:ag.getPrefixList().split(",")){
356 valueDesc=mapping(groupItems);
357 displayString.append("\n\t"+"Name: "+groupItems);
358 if(!valueDesc.isEmpty()){
359 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
360 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
362 displayString.append("\n");
365 if(!srcList.equals("ANY")){
366 valueDesc=mapping(srcList);
367 displayString.append("\n\t"+"Name: "+srcList);
368 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
369 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
370 displayString.append("\n");
374 displayString.append("\n");
376 ruleDestList= ((TermList) jpaTermList).getDestIPList();
377 if ( ruleDestList!= null && (!ruleDestList.isEmpty())&& !ruleDestList.equals("null")){
378 displayString.append("Destination IP List: " + ((TermList) jpaTermList).getDestIPList());
379 displayString.append(" ; \t\n");
380 for(String destList:ruleDestList.split(",")){
381 if(destList.startsWith("Group_")){
382 AddressGroup ag= new AddressGroup();
383 ag= mappingAddressGroup(destList);
384 displayString.append("\n\t"+"Group has :"+ag.getPrefixList()+"\n");
385 for(String groupItems:ag.getPrefixList().split(",")){
386 valueDesc=mapping(groupItems);
387 displayString.append("\n\t"+"Name: "+groupItems);
388 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
389 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
390 displayString.append("\n\t");
393 if(!destList.equals("ANY")){
394 valueDesc=mapping(destList);
395 displayString.append("\n\t"+"Name: "+destList);
396 displayString.append("\n\t"+"Description: "+valueDesc.get(1));
397 displayString.append("\n\t"+"Value: "+valueDesc.get(0));
398 displayString.append("\n\t");
402 displayString.append("\n");
405 ruleSrcPort=((TermList) jpaTermList).getSrcPortList();
406 if ( ruleSrcPort!= null && (!ruleSrcPort.isEmpty())&& !ruleSrcPort.equals("null")) {
407 displayString.append("\n"+"Source Port List:"
409 displayString.append(" ; \t\n");
412 ruleDestPort= ((TermList) jpaTermList).getDestPortList();
413 if (ruleDestPort != null && (!ruleDestPort.isEmpty())&& !ruleDestPort.equals("null")) {
414 displayString.append("\n"+"Destination Port List:"
416 displayString.append(" ; \t\n");
417 for(String destServices:ruleDestPort.split(",")){
418 if(destServices.startsWith("Group_")){
419 GroupServiceList sg= new GroupServiceList();
420 sg= mappingServiceGroup(destServices);
421 displayString.append("\n\t"+"Service Group has :"+sg.getServiceList()+"\n");
422 for(String groupItems:sg.getServiceList().split(",")){
423 ServiceList sl= new ServiceList();
424 sl= mappingServiceList(groupItems);
425 displayString.append("\n\t"+"Name: "+
426 sl.getServiceName());
427 displayString.append("\n\t"+"Description: "+
428 sl.getServiceDescription());
429 displayString.append("\n\t"+"Transport-Protocol: "+
430 sl.getServiceTransProtocol());
431 displayString.append("\n\t"+"Ports: "+
432 sl.getServicePorts());
433 displayString.append("\n");
437 if(!destServices.equals("ANY")){
438 ServiceList sl= new ServiceList();
439 sl= mappingServiceList(destServices);
440 displayString.append("\n\t"+"Name: "+
441 sl.getServiceName());
442 displayString.append("\n\t"+"Description: "+
443 sl.getServiceDescription());
444 displayString.append("\n\t"+"Transport-Protocol: "+
445 sl.getServiceTransProtocol());
446 displayString.append("\n\t"+"Ports: "+
447 sl.getServicePorts());
448 displayString.append("\n");
452 displayString.append("\n");
455 ruleAction=(jpaTermList).getAction();
456 if ( ruleAction!= null && (!ruleAction.isEmpty())) {
457 displayString.append("\n"+"Action List:"
459 displayString.append(" ; \t\n");
463 response.setCharacterEncoding("UTF-8");
464 response.setContentType("application / json");
465 request.setCharacterEncoding("UTF-8");
467 PrintWriter out = response.getWriter();
468 String responseString = mapper.writeValueAsString(displayString);
469 JSONObject j = new JSONObject("{policyData: " + responseString + "}");
470 out.write(j.toString());
472 } catch (Exception e) {
473 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e);
478 private String constructJson(PolicyRestAdapter policyData) {
480 //Maps to assosciate the values read from the TermList dictionary
481 Map<Integer, String> srcIP_map =null;
482 Map<Integer, String> destIP_map=null;
483 Map<Integer, String> srcPort_map =null;
484 Map<Integer, String> destPort_map =null;
485 Map<Integer, String> action_map=null;
486 Map<Integer, String> fromZone_map=null;
487 Map<Integer, String> toZone_map=null;
489 String ruleDesc=null;
490 String ruleFromZone=null;
491 String ruleToZone=null;
492 String ruleSrcPrefixList=null;
493 String ruleDestPrefixList=null;
494 String ruleSrcPort=null;
495 String ruleDestPort=null;
496 String ruleAction=null;
501 List<String> expandableList = new ArrayList<String>();
502 TermList jpaTermList;
503 TermCollector tc = new TermCollector();
504 SecurityZone jpaSecurityZone;
505 List<Term> termList = new ArrayList<Term>();
508 List<Tags>tagsList= new ArrayList<Tags>();
510 TagDefines tagDefine= new TagDefines();
511 List<TagDefines> tagList=null;
512 ServiceListJson targetSl=null;
515 String networkRole="";
516 for(String tag:tagCollectorList){
518 List<Object> tagListData = commonClassDao.getData(FWTagPicker.class);
519 for(int tagCounter=0; tagCounter<tagListData.size(); tagCounter++){
520 FWTagPicker jpaTagPickerList=(FWTagPicker) tagListData.get(tagCounter);
521 if (jpaTagPickerList.getTagPickerName().equals(tag) ){
522 String tagValues=jpaTagPickerList.getTagValues();
523 tagList= new ArrayList<TagDefines>();
524 for(String val:tagValues.split("#")) {
525 int index=val.indexOf(":");
526 String keyToStore=val.substring(0,index);
527 String valueToStore=val.substring(index+1,val.length());
529 tagDefine= new TagDefines();
530 tagDefine.setKey(keyToStore);
531 tagDefine.setValue(valueToStore);
532 //Add to the collection.
533 tagList.add(tagDefine);
536 networkRole=jpaTagPickerList.getNetworkRole();
540 tags.setTags(tagList);
541 tags.setTagPickerName(tag);
542 tags.setRuleName(termCollectorList.get(i));
543 tags.setNetworkRole(networkRole);
547 tc.setRuleToTag(tagsList);
549 for (int tl = 0 ; tl< termCollectorList.size(); tl++) {
550 expandableList.add(termCollectorList.get(tl));
551 Term targetTerm = new Term();
552 //targetSl= new ServiceListJson();
553 targetTerm.setRuleName(termCollectorList.get(tl));
554 List<Object> termListData = commonClassDao.getData(TermList.class);
555 for (int j =0; j < termListData.size(); j++) {
556 jpaTermList = (TermList) termListData.get(j);
557 if (jpaTermList.getTermName().equals(termCollectorList.get(tl))){
558 ruleDesc=jpaTermList.getTermDescription();
559 if ((ruleDesc!=null)&& (!ruleDesc.isEmpty())){
560 targetTerm.setDescription(ruleDesc);
562 ruleFromZone=jpaTermList.getFromZone();
564 if ((ruleFromZone != null) && (!ruleFromZone.isEmpty())){
565 fromZone_map = new HashMap<Integer, String>();
566 fromZone_map.put(tl, ruleFromZone);
568 ruleToZone=jpaTermList.getToZone();
570 if ((ruleToZone != null) && (!ruleToZone.isEmpty())){
571 toZone_map = new HashMap<Integer, String>();
572 toZone_map.put(tl, ruleToZone);
574 ruleSrcPrefixList=jpaTermList.getSrcIPList();
576 if ((ruleSrcPrefixList != null) && (!ruleSrcPrefixList.isEmpty())){
577 srcIP_map = new HashMap<Integer, String>();
578 srcIP_map.put(tl, ruleSrcPrefixList);
581 ruleDestPrefixList= jpaTermList.getDestIPList();
582 if ((ruleDestPrefixList != null) && (!ruleDestPrefixList.isEmpty())){
583 destIP_map = new HashMap<Integer, String>();
584 destIP_map.put(tl, ruleDestPrefixList);
587 ruleSrcPort=jpaTermList.getSrcPortList();
589 if (ruleSrcPort != null && (!ruleSrcPort.isEmpty())){
590 srcPort_map = new HashMap<Integer, String>();
591 srcPort_map.put(tl, ruleSrcPort);
594 ruleDestPort= jpaTermList.getDestPortList();
596 if (ruleDestPort!= null && (!jpaTermList.getDestPortList().isEmpty())){
597 destPort_map = new HashMap<Integer, String>();
598 destPort_map.put(tl, ruleDestPort);
601 ruleAction=jpaTermList.getAction();
603 if (( ruleAction!= null) && (!ruleAction.isEmpty())){
604 action_map = new HashMap<Integer, String>();
605 action_map.put(tl, ruleAction);
609 targetTerm.setEnabled(true);
610 targetTerm.setLog(true);
611 targetTerm.setNegateSource(false);
612 targetTerm.setNegateDestination(false);
614 if(action_map!=null){
615 targetTerm.setAction(action_map.get(tl));
619 if(fromZone_map!=null){
620 List<String> fromZone= new ArrayList<String>();
621 for(String fromZoneStr:fromZone_map.get(tl).split(",") ){
622 fromZone.add(fromZoneStr);
624 targetTerm.setFromZones(fromZone);
628 if(toZone_map!=null){
629 List<String> toZone= new ArrayList<String>();
630 for(String toZoneStr:toZone_map.get(tl).split(",") ){
631 toZone.add(toZoneStr);
633 targetTerm.setToZones(toZone);
636 //Destination Services.
637 if(destPort_map!=null){
638 Set<ServicesJson> destServicesJsonList= new HashSet<ServicesJson>();
639 for(String destServices:destPort_map.get(tl).split(",") ){
640 ServicesJson destServicesJson= new ServicesJson();
641 destServicesJson.setType("REFERENCE");
642 if(destServices.equals("ANY")){
643 destServicesJson.setName("any");
644 destServicesJsonList.add(destServicesJson);
647 if(destServices.startsWith("Group_")){
648 destServicesJson.setName(destServices.substring(6,destServices.length()));
650 destServicesJson.setName(destServices);
652 destServicesJsonList.add(destServicesJson);
655 targetTerm.setDestServices(destServicesJsonList);
657 //ExpandableServicesList
658 if((srcPort_map!=null) && (destPort_map!=null)){
659 String servicesCollateString = (srcPort_map.get(tl) + "," + destPort_map.get(tl));
660 expandableServicesList.add(servicesCollateString);
661 }else if (srcPort_map!=null){
662 expandableServicesList.add(srcPort_map.get(tl));
663 }else if (destPort_map!=null){
664 expandableServicesList.add(destPort_map.get(tl));
669 List<AddressJson> sourceListArrayJson= new ArrayList<AddressJson>();
670 for(String srcList:srcIP_map.get(tl).split(",") ){
671 AddressJson srcListJson= new AddressJson();
672 if(srcList.equals("ANY")){
673 srcListJson.setType("any");
674 sourceListArrayJson.add(srcListJson);
677 srcListJson.setType("REFERENCE");
678 if(srcList.startsWith("Group_")){
679 srcListJson.setName(srcList.substring(6,srcList.length()));
681 srcListJson.setName(srcList);
683 sourceListArrayJson.add(srcListJson);
686 targetTerm.setSourceList(sourceListArrayJson);
688 if(destIP_map!=null){
690 List<AddressJson> destListArrayJson= new ArrayList<AddressJson>();
691 for(String destList:destIP_map.get(tl).split(",")){
692 AddressJson destListJson= new AddressJson();
693 if(destList.equals("ANY")){
694 destListJson.setType("any");
695 destListArrayJson.add(destListJson);
698 destListJson.setType("REFERENCE");
699 if(destList.startsWith("Group_")){
700 destListJson.setName(destList.substring(6,destList.length()));
702 destListJson.setName(destList);
704 destListArrayJson.add(destListJson);
707 targetTerm.setDestinationList(destListArrayJson);
709 //ExpandablePrefixIPList
710 if ((srcIP_map!=null) && (destIP_map!=null))
712 String collateString = (srcIP_map.get(tl) + "," + destIP_map
714 expandablePrefixIPList.add(collateString);
716 else if(srcIP_map!=null){
717 expandablePrefixIPList.add(srcIP_map.get(tl));
719 else if(destIP_map!=null){
720 expandablePrefixIPList.add(destIP_map.get(tl));
722 termList.add(targetTerm);
723 targetTerm.setPosition("" + (ruleCount++));
726 List<Object> securityZoneData = commonClassDao.getData(SecurityZone.class);
727 for (int j =0 ; j< securityZoneData.size() ; j++){
728 jpaSecurityZone = (SecurityZone) securityZoneData.get(j);
729 if (jpaSecurityZone.getZoneName().equals(policyData.getSecurityZone())){
730 tc.setSecurityZoneId(jpaSecurityZone.getZoneValue());
731 //setParentSecurityZone(jpaSecurityZone.getZoneValue());//For storing the securityZone IDs to the DB
736 tc.setServiceTypeId("/v0/firewall/pan");
737 tc.setConfigName(policyData.getConfigName());
739 //Astra is rejecting the packet when it sees a new JSON field, so removing it for now.
740 //tc.setTemplateVersion(XACMLProperties.getProperty(XACMLRestProperties.TemplateVersion_FW));
742 DeployNowJson deployNow= new DeployNowJson();
743 deployNow.setDeployNow(false);
745 tc.setDeploymentOption(deployNow);
747 Set<ServiceListJson> servListArray = new HashSet<ServiceListJson>();
748 Set<ServiceGroupJson> servGroupArray= new HashSet<ServiceGroupJson>();
749 Set<AddressGroupJson> addrGroupArray= new HashSet<AddressGroupJson>();
751 ServiceGroupJson targetSg= null;
752 AddressGroupJson addressSg=null;
753 ServiceListJson targetAny= null;
754 ServiceListJson targetAnyTcp=null;
755 ServiceListJson targetAnyUdp=null;
757 for(String serviceList:expandableServicesList){
758 for(String t: serviceList.split(",")){
759 if((!t.startsWith("Group_"))){
760 if(!t.equals("ANY")){
761 ServiceList sl = new ServiceList();
762 targetSl= new ServiceListJson();
763 sl= mappingServiceList(t);
764 targetSl.setName(sl.getServiceName());
765 targetSl.setDescription(sl.getServiceDescription());
766 targetSl.setTransportProtocol(sl.getServiceTransProtocol());
767 targetSl.setType(sl.getServiceType());
768 targetSl.setPorts(sl.getServicePorts());
769 servListArray.add(targetSl);
771 //Any for destinationServices.
772 //Add names any, any-tcp, any-udp to the serviceGroup object.
773 targetAny= new ServiceListJson();
774 targetAny.setName("any");
775 targetAny.setType("SERVICE");
776 targetAny.setTransportProtocol("any");
777 targetAny.setPorts("any");
779 servListArray.add(targetAny);
781 targetAnyTcp= new ServiceListJson();
782 targetAnyTcp.setName("any-tcp");
783 targetAnyTcp.setType("SERVICE");
784 targetAnyTcp.setTransportProtocol("tcp");
785 targetAnyTcp.setPorts("any");
787 servListArray.add(targetAnyTcp);
789 targetAnyUdp= new ServiceListJson();
790 targetAnyUdp.setName("any-udp");
791 targetAnyUdp.setType("SERVICE");
792 targetAnyUdp.setTransportProtocol("udp");
793 targetAnyUdp.setPorts("any");
795 servListArray.add(targetAnyUdp);
797 }else{//This is a group
798 GroupServiceList sg= new GroupServiceList();
799 targetSg= new ServiceGroupJson();
800 sg= mappingServiceGroup(t);
802 String name=sg.getGroupName();
803 //Removing the "Group_" prepending string before packing the JSON
804 targetSg.setName(name.substring(6,name.length()));
805 List<ServiceMembers> servMembersList= new ArrayList<ServiceMembers>();
807 for(String groupString: sg.getServiceList().split(",")){
808 ServiceMembers serviceMembers= new ServiceMembers();
809 serviceMembers.setType("REFERENCE");
810 serviceMembers.setName(groupString);
811 servMembersList.add(serviceMembers);
812 //Expand the group Name
813 ServiceList expandGroupSl = new ServiceList();
814 targetSl= new ServiceListJson();
815 expandGroupSl= mappingServiceList(groupString);
817 targetSl.setName(expandGroupSl.getServiceName());
818 targetSl.setDescription(expandGroupSl.getServiceDescription());
819 targetSl.setTransportProtocol(expandGroupSl.getServiceTransProtocol());
820 targetSl.setType(expandGroupSl.getServiceType());
821 targetSl.setPorts(expandGroupSl.getServicePorts());
822 servListArray.add(targetSl);
825 targetSg.setMembers(servMembersList);
826 servGroupArray.add(targetSg);
832 Set<PrefixIPList> prefixIPList = new HashSet<PrefixIPList>();
833 for(String prefixList:expandablePrefixIPList){
834 for(String prefixIP: prefixList.split(",")){
835 if((!prefixIP.startsWith("Group_"))){
836 if(!prefixIP.equals("ANY")){
837 List<AddressMembers> addMembersList= new ArrayList<AddressMembers>();
838 List<String> valueDesc= new ArrayList<String>();
839 PrefixIPList targetAddressList = new PrefixIPList();
840 AddressMembers addressMembers= new AddressMembers();
841 targetAddressList.setName(prefixIP);
842 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList value:"+prefixIP);
843 valueDesc = mapping(prefixIP);
844 if(!valueDesc.isEmpty()){
845 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList description:"+valueDesc.get(1));
846 targetAddressList.setDescription(valueDesc.get(1));
850 addressMembers.setType("SUBNET");
851 if(!valueDesc.isEmpty()) {
852 addressMembers.setValue(valueDesc.get(0));
855 addMembersList.add(addressMembers);
857 targetAddressList.setMembers(addMembersList);
858 prefixIPList.add(targetAddressList);
861 else{//This is a group
862 AddressGroup ag= new AddressGroup();
863 addressSg= new AddressGroupJson();
864 ag= mappingAddressGroup(prefixIP);
866 String name=ag.getGroupName();
867 //Removing the "Group_" prepending string before packing the JSON
868 addressSg.setName(name.substring(6,name.length()));
870 List<AddressMembers> addrMembersList= new ArrayList<AddressMembers>();
871 for(String groupString: ag.getPrefixList().split(",")){
872 List<String> valueDesc= new ArrayList<String>();
873 AddressMembers addressMembers= new AddressMembers();
874 valueDesc= mapping (groupString);
875 if(valueDesc.size() > 0){
876 addressMembers.setValue(valueDesc.get(0));
878 addressMembers.setType("SUBNET");
879 addrMembersList.add(addressMembers);
880 //Expand the group Name
882 addressSg.setMembers(addrMembersList);
883 addrGroupArray.add(addressSg);
890 Set<Object> serviceGroup= new HashSet<Object>();
892 for(Object obj1:servGroupArray){
893 serviceGroup.add(obj1);
896 for(Object obj:servListArray){
897 serviceGroup.add(obj);
900 Set<Object> addressGroup= new HashSet<Object>();
902 for(Object addObj:prefixIPList){
903 addressGroup.add(addObj);
906 for(Object addObj1:addrGroupArray){
907 addressGroup.add(addObj1);
910 tc.setServiceGroups(serviceGroup);
911 tc.setAddressGroups(addressGroup);
912 tc.setFirewallRuleList(termList);
914 ObjectWriter om = new ObjectMapper().writer();
916 json = om.writeValueAsString(tc);
917 } catch (JsonGenerationException e) {
919 } catch (JsonMappingException e) {
921 } catch (IOException e) {
925 }catch (Exception e) {
Code Review / policy / engine.git / blob