X-Git-Url: https://gerrit.onap.org/r/gitweb?p=policy%2Fengine.git;a=blobdiff_plain;f=POLICY-SDK-APP%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fcontroller%2FCreateFirewallController.java;h=8aad4216dbd933e4055b414e183d93a52bb8b9b8;hp=3e24dc7c4e66789bd0ffc88144cda864cdb27a5a;hb=dfd9c0a09c35e4b5b4b61be08b8424e4a3d0d500;hpb=ffd7241c7bfa8d8b68b504406fc6ed4cc299ffe6 diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/CreateFirewallController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/CreateFirewallController.java index 3e24dc7c4..8aad4216d 100644 --- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/CreateFirewallController.java +++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/CreateFirewallController.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP Policy Engine * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017, 2019 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,6 +19,14 @@ */ package org.onap.policy.controller; + +import com.fasterxml.jackson.core.JsonGenerationException; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.ObjectWriter; + import java.io.PrintWriter; import java.util.ArrayList; import java.util.HashMap; @@ -32,6 +40,14 @@ import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; +import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; + import org.hibernate.SessionFactory; import org.json.JSONObject; import org.onap.policy.common.logging.flexlogger.FlexLogger; @@ -69,886 +85,860 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.servlet.ModelAndView; -import com.fasterxml.jackson.core.JsonGenerationException; -import com.fasterxml.jackson.databind.DeserializationFeature; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.JsonNode; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.databind.ObjectWriter; - -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AllOfType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AnyOfType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeDesignatorType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.AttributeValueType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.MatchType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.PolicyType; -import oasis.names.tc.xacml._3_0.core.schema.wd_17.TargetType; - @Controller @RequestMapping("/") public class CreateFirewallController extends RestrictedBaseController { - private static Logger policyLogger = FlexLogger.getLogger(CreateFirewallController.class); - private static final String ANY="ANY"; - private static final String GROUP="Group_"; - - @Autowired - SessionFactory sessionFactory; - - private static CommonClassDao commonClassDao; - - public static CommonClassDao getCommonClassDao() { - return commonClassDao; - } - - public static void setCommonClassDao(CommonClassDao commonClassDao) { - CreateFirewallController.commonClassDao = commonClassDao; - } - - private List tagCollectorList; - - List expandablePrefixIPList = new ArrayList<>(); - List expandableServicesList= new ArrayList<>(); - @Autowired - private CreateFirewallController(CommonClassDao commonClassDao){ - CreateFirewallController.commonClassDao = commonClassDao; - } - - public CreateFirewallController(){ - // Empty constructor - } - private List termCollectorList; - - - - public PolicyRestAdapter setDataToPolicyRestAdapter(PolicyRestAdapter policyData){ - String jsonBody; - termCollectorList = new ArrayList <>(); - tagCollectorList = new ArrayList <>(); - if(! policyData.getAttributes().isEmpty()){ - for(Object attribute : policyData.getAttributes()){ - if(attribute instanceof LinkedHashMap){ - String key = ((LinkedHashMap) attribute).get("key").toString(); - termCollectorList.add(key); - - String tag = ((LinkedHashMap) attribute).get("value").toString(); - tagCollectorList.add(tag); - } - } - } - jsonBody = constructJson(policyData); - if (jsonBody != null && ! "".equalsIgnoreCase(jsonBody)) { - policyData.setJsonBody(jsonBody); - } else { - policyData.setJsonBody("{}"); - } - policyData.setJsonBody(jsonBody); - - return policyData; - } - - private List mapping(String expandableList) { - String value; - String desc; - List valueDesc= new ArrayList<>(); - List prefixListData = commonClassDao.getData(PrefixList.class); - for (int i = 0; i< prefixListData.size(); i++) { - PrefixList prefixList = (PrefixList) prefixListData.get(i); - if (prefixList.getPrefixListName().equals(expandableList)) { - value = prefixList.getPrefixListValue(); - valueDesc.add(value); - desc= prefixList.getDescription(); - valueDesc.add(desc); - break; - } - } - return valueDesc; - } - - private ServiceList mappingServiceList(String expandableList) { - ServiceList serviceList=null; - List serviceListData = commonClassDao.getData(ServiceList.class); - for (int i = 0; i< serviceListData.size(); i++) { - serviceList = (ServiceList) serviceListData.get(i); - if (serviceList.getServiceName().equals(expandableList)) { - break; - } - } - return serviceList; - } - - private GroupServiceList mappingServiceGroup(String expandableList) { - - GroupServiceList serviceGroup=null; - List serviceGroupData = commonClassDao.getData(GroupServiceList.class); - for (int i = 0; i< serviceGroupData.size(); i++) { - serviceGroup = (GroupServiceList) serviceGroupData.get(i); - if (serviceGroup.getGroupName().equals(expandableList)) { - break; - } - } - return serviceGroup; - } - - private AddressGroup mappingAddressGroup(String expandableList) { - - AddressGroup addressGroup=null; - List addressGroupData = commonClassDao.getData(AddressGroup.class); - for (int i = 0; i< addressGroupData.size(); i++) { - addressGroup = (AddressGroup) addressGroupData.get(i); - if (addressGroup.getGroupName().equals(expandableList)) { - break; - } - } - return addressGroup; - } - - public void prePopulateFWPolicyData(PolicyRestAdapter policyAdapter, PolicyEntity entity) { - ArrayList attributeList; - attributeList = new ArrayList<>(); - if (policyAdapter.getPolicyData() instanceof PolicyType) { - Object policyData = policyAdapter.getPolicyData(); - PolicyType policy = (PolicyType) policyData; - // policy name value is the policy name without any prefix and Extensions. - policyAdapter.setOldPolicyFileName(policyAdapter.getPolicyName()); - String policyNameValue = policyAdapter.getPolicyName().substring(policyAdapter.getPolicyName().indexOf("FW_") +3); - if (policyLogger.isDebugEnabled()) { - policyLogger.debug("Prepopulating form data for Config Policy selected:"+ policyAdapter.getPolicyName()); - } - policyAdapter.setPolicyName(policyNameValue); - String description = ""; - try{ - description = policy.getDescription().substring(0, policy.getDescription().indexOf("@CreatedBy:")); - }catch(Exception e){ - policyLogger.info("General error", e); - description = policy.getDescription(); - } - policyAdapter.setPolicyDescription(description); - - ObjectMapper mapper = new ObjectMapper(); - - TermCollector tc1=null; - try { - //Json conversion. - String data; - SecurityZone jpaSecurityZone; - data = entity.getConfigurationData().getConfigBody(); - tc1 = mapper.readValue(data, TermCollector.class); - List securityZoneData = commonClassDao.getData(SecurityZone.class); - for (int i = 0; i < securityZoneData.size() ; i++) { - jpaSecurityZone = (SecurityZone) securityZoneData.get(i); - if (jpaSecurityZone.getZoneValue().equals(tc1.getSecurityZoneId())){ - policyAdapter.setSecurityZone(jpaSecurityZone.getZoneName()); - break; - } - } - } - catch(Exception e) { - policyLogger.error("Exception Caused while Retriving the JSON body data" +e); - } - - Map termTagMap; - if(tc1 != null){ - for(int i=0;i(); - String ruleName= tc1.getFirewallRuleList().get(i).getRuleName(); - String tagPickerName=tc1.getRuleToTag().get(i).getTagPickerName(); - termTagMap.put("key", ruleName); - termTagMap.put("value", tagPickerName); - attributeList.add(termTagMap); - } - } - policyAdapter.setAttributes(attributeList); - // Get the target data under policy. - TargetType target = policy.getTarget(); - if (target != null) { - // Under target we have AnyOFType - List anyOfList = target.getAnyOf(); - if (anyOfList != null) { - Iterator iterAnyOf = anyOfList.iterator(); - while (iterAnyOf.hasNext()) { - AnyOfType anyOf = iterAnyOf.next(); - // Under AnyOFType we have AllOFType - List allOfList = anyOf.getAllOf(); - if (allOfList != null) { - Iterator iterAllOf = allOfList.iterator(); - while (iterAllOf.hasNext()) { - AllOfType allOf = iterAllOf.next(); - // Under AllOFType we have Match - List matchList = allOf.getMatch(); - if (matchList != null) { - - Iterator iterMatch = matchList.iterator(); - while (iterMatch.hasNext()) { - MatchType match = iterMatch.next(); - // - // Under the match we have attribute value and - // attributeDesignator. So,finally down to the actual attribute. - // - AttributeValueType attributeValue = match.getAttributeValue(); - String value = (String) attributeValue.getContent().get(0); - AttributeDesignatorType designator = match.getAttributeDesignator(); - String attributeId = designator.getAttributeId(); - if (("ConfigName").equals(attributeId)) { - policyAdapter.setConfigName(value); - } - if (("RiskType").equals(attributeId)){ - policyAdapter.setRiskType(value); - } - if (("RiskLevel").equals(attributeId)){ - policyAdapter.setRiskLevel(value); - } - if (("guard").equals(attributeId)){ - policyAdapter.setGuard(value); - } - if ("TTLDate".equals(attributeId) && !value.contains("NA")){ - PolicyController controller = new PolicyController(); - String newDate = controller.convertDate(value); - policyAdapter.setTtlDate(newDate); - } - } - } - } - } - } - } - } - } - } - - @RequestMapping(value={"/policyController/ViewFWPolicyRule.htm"}, method={org.springframework.web.bind.annotation.RequestMethod.POST}) - public ModelAndView setFWViewRule(HttpServletRequest request, HttpServletResponse response){ - try { - termCollectorList = new ArrayList<>(); - ObjectMapper mapper = new ObjectMapper(); - mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); - JsonNode root = mapper.readTree(request.getReader()); - PolicyRestAdapter policyData = mapper.readValue(root.get("policyData").toString(), PolicyRestAdapter.class); - if(! policyData.getAttributes().isEmpty()){ - for(Object attribute : policyData.getAttributes()){ - if(attribute instanceof LinkedHashMap){ - String key = ((LinkedHashMap) attribute).get("key").toString(); - termCollectorList.add(key); - } - } - } - TermList jpaTermList; - String ruleSrcList; - String ruleDestList; - String ruleSrcPort; - String ruleDestPort; - String ruleAction; - List valueDesc; - StringBuilder displayString = new StringBuilder(); - for (String id : termCollectorList) { - List tmList = commonClassDao.getDataById(TermList.class, "termName", id); - jpaTermList = (TermList) tmList.get(0); - if (jpaTermList != null){ - ruleSrcList= jpaTermList.getSrcIPList(); - if ((ruleSrcList!= null) && (!ruleSrcList.isEmpty()) && !"null".equals(ruleSrcList)){ - displayString.append("Source IP List: " + jpaTermList.getSrcIPList()); - displayString.append(" ; \t\n"); - for(String srcList:ruleSrcList.split(",")){ - if(srcList.startsWith(GROUP)){ - AddressGroup ag; - ag= mappingAddressGroup(srcList); - displayString.append("\n\t"+"Group has :"+(ag != null ? ag.getPrefixList() : "") +"\n"); - if (ag != null) { - for(String groupItems:ag.getPrefixList().split(",")){ - valueDesc=mapping(groupItems); - displayString.append("\n\t"+"Name: "+groupItems); - if(!valueDesc.isEmpty()){ - displayString.append("\n\t"+"Description: "+valueDesc.get(1)); - displayString.append("\n\t"+"Value: "+valueDesc.get(0)); - } - displayString.append("\n"); - } - } - }else{ - if(!srcList.equals(ANY)){ - valueDesc=mapping(srcList); - displayString.append("\n\t"+"Name: "+srcList); - displayString.append("\n\t"+"Description: "+valueDesc.get(1)); - displayString.append("\n\t"+"Value: "+valueDesc.get(0)); - displayString.append("\n"); - } - } - } - displayString.append("\n"); - } - ruleDestList= jpaTermList.getDestIPList(); - if ( ruleDestList!= null && (!ruleDestList.isEmpty())&& ! "null".equals(ruleDestList)){ - displayString.append("Destination IP List: " + jpaTermList.getDestIPList()); - displayString.append(" ; \t\n"); - for(String destList:ruleDestList.split(",")){ - if(destList.startsWith(GROUP)){ - AddressGroup ag; - ag= mappingAddressGroup(destList); - displayString.append("\n\t"+"Group has :"+ (ag != null ? ag.getPrefixList() : "") +"\n"); - if (ag != null) { - for(String groupItems:ag.getPrefixList().split(",")){ - valueDesc=mapping(groupItems); - displayString.append("\n\t"+"Name: "+groupItems); - displayString.append("\n\t"+"Description: "+valueDesc.get(1)); - displayString.append("\n\t"+"Value: "+valueDesc.get(0)); - displayString.append("\n\t"); - } - } - }else{ - if(!destList.equals(ANY)){ - valueDesc=mapping(destList); - displayString.append("\n\t"+"Name: "+destList); - displayString.append("\n\t"+"Description: "+valueDesc.get(1)); - displayString.append("\n\t"+"Value: "+valueDesc.get(0)); - displayString.append("\n\t"); - } - } - } - displayString.append("\n"); - } - - ruleSrcPort=jpaTermList.getSrcPortList(); - if ( ruleSrcPort!= null && (!ruleSrcPort.isEmpty())&& !"null".equals(ruleSrcPort)) { - displayString.append("\n"+"Source Port List:" - + ruleSrcPort); - displayString.append(" ; \t\n"); - } - - ruleDestPort= jpaTermList.getDestPortList(); - if (ruleDestPort != null && (!ruleDestPort.isEmpty())&& !"null".equals(ruleDestPort)) { - displayString.append("\n"+"Destination Port List:" - + ruleDestPort); - displayString.append(" ; \t\n"); - for(String destServices:ruleDestPort.split(",")){ - if(destServices.startsWith(GROUP)){ - GroupServiceList sg; - sg= mappingServiceGroup(destServices); - displayString.append("\n\t"+"Service Group has :"+ (sg != null ? sg.getServiceList() : "") +"\n"); - if (sg != null) { - for(String groupItems:sg.getServiceList().split(",")){ - ServiceList sl; - sl= mappingServiceList(groupItems); - displayString.append("\n\t"+"Name: "+ - sl.getServiceName()); - displayString.append("\n\t"+"Description: "+ - sl.getServiceDescription()); - displayString.append("\n\t"+"Transport-Protocol: "+ - sl.getServiceTransProtocol()); - displayString.append("\n\t"+"Ports: "+ - sl.getServicePorts()); - displayString.append("\n"); - } - } - } - else{ - if(!destServices.equals(ANY)){ - ServiceList sl; - sl= mappingServiceList(destServices); - displayString.append("\n\t"+"Name: "+ - sl.getServiceName()); - displayString.append("\n\t"+"Description: "+ - sl.getServiceDescription()); - displayString.append("\n\t"+"Transport-Protocol: "+ - sl.getServiceTransProtocol()); - displayString.append("\n\t"+"Ports: "+ - sl.getServicePorts()); - displayString.append("\n"); - } - } - } - displayString.append("\n"); - } - - ruleAction=(jpaTermList).getAction(); - if ( ruleAction!= null && (!ruleAction.isEmpty())) { - displayString.append("\n"+"Action List:" - + ruleAction); - displayString.append(" ; \t\n"); - } - } - } - response.setCharacterEncoding("UTF-8"); - response.setContentType("application / json"); - request.setCharacterEncoding("UTF-8"); - - PrintWriter out = response.getWriter(); - String responseString = mapper.writeValueAsString(displayString); - JSONObject j = new JSONObject("{policyData: " + responseString + "}"); - out.write(j.toString()); - return null; - } catch (Exception e) { - policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); - } - return null; - } - - private String constructJson(PolicyRestAdapter policyData) { - int ruleCount=1; - //Maps to assosciate the values read from the TermList dictionary - Map srcIP_map =null; - Map destIP_map=null; - Map srcPort_map =null; - Map destPort_map =null; - Map action_map=null; - Map fromZone_map=null; - Map toZone_map=null; - - String ruleDesc=null; - String ruleFromZone=null; - String ruleToZone=null; - String ruleSrcPrefixList=null; - String ruleDestPrefixList=null; - String ruleSrcPort=null; - String ruleDestPort=null; - String ruleAction=null; - - String json = null; - - - List expandableList = new ArrayList<>(); - TermList jpaTermList; - TermCollector tc = new TermCollector(); - SecurityZone jpaSecurityZone; - List termList = new ArrayList<>(); - - Tags tags=null; - ListtagsList= new ArrayList<>(); - - TagDefines tagDefine= new TagDefines(); - List tagList=null; - ServiceListJson targetSl=null; - AddressMembers addressMembersJson=null; - int i=0; - try{ - String networkRole=""; - for(String tag:tagCollectorList){ - tags= new Tags(); - List tagListData = commonClassDao.getData(FWTagPicker.class); - for(int tagCounter=0; tagCounter(); - for(String val:tagValues.split("#")) { - int index=val.indexOf(':'); - String keyToStore=val.substring(0,index); - String valueToStore=val.substring(index+1,val.length()); - - tagDefine= new TagDefines(); - tagDefine.setKey(keyToStore); - tagDefine.setValue(valueToStore); - //Add to the collection. - tagList.add(tagDefine); - - } - networkRole=jpaTagPickerList.getNetworkRole(); - break; - } - } - tags.setTags(tagList); - tags.setTagPickerName(tag); - tags.setRuleName(termCollectorList.get(i)); - tags.setNetworkRole(networkRole); - tagsList.add(tags); - i++; - } - tc.setRuleToTag(tagsList); - - for (int tl = 0 ; tl< termCollectorList.size(); tl++) { - expandableList.add(termCollectorList.get(tl)); - Term targetTerm = new Term(); - targetTerm.setRuleName(termCollectorList.get(tl)); - List termListData = commonClassDao.getData(TermList.class); - for (int j =0; j < termListData.size(); j++) { - jpaTermList = (TermList) termListData.get(j); - if (jpaTermList.getTermName().equals(termCollectorList.get(tl))){ - ruleDesc=jpaTermList.getTermDescription(); - if ((ruleDesc!=null)&& (!ruleDesc.isEmpty())){ - targetTerm.setDescription(ruleDesc); - } - ruleFromZone=jpaTermList.getFromZone(); - - if ((ruleFromZone != null) && (!ruleFromZone.isEmpty())){ - fromZone_map = new HashMap<>(); - fromZone_map.put(tl, ruleFromZone); - } - ruleToZone=jpaTermList.getToZone(); - - if ((ruleToZone != null) && (!ruleToZone.isEmpty())){ - toZone_map = new HashMap<>(); - toZone_map.put(tl, ruleToZone); - } - ruleSrcPrefixList=jpaTermList.getSrcIPList(); - - if ((ruleSrcPrefixList != null) && (!ruleSrcPrefixList.isEmpty())){ - srcIP_map = new HashMap<>(); - srcIP_map.put(tl, ruleSrcPrefixList); - } - - ruleDestPrefixList= jpaTermList.getDestIPList(); - if ((ruleDestPrefixList != null) && (!ruleDestPrefixList.isEmpty())){ - destIP_map = new HashMap<>(); - destIP_map.put(tl, ruleDestPrefixList); - } - - ruleSrcPort=jpaTermList.getSrcPortList(); - - if (ruleSrcPort != null && (!ruleSrcPort.isEmpty())){ - srcPort_map = new HashMap<>(); - srcPort_map.put(tl, ruleSrcPort); - } - - ruleDestPort= jpaTermList.getDestPortList(); - - if (ruleDestPort!= null && (!jpaTermList.getDestPortList().isEmpty())){ - destPort_map = new HashMap<>(); - destPort_map.put(tl, ruleDestPort); - } - - ruleAction=jpaTermList.getAction(); - - if (( ruleAction!= null) && (!ruleAction.isEmpty())){ - action_map = new HashMap<>(); - action_map.put(tl, ruleAction); - } - } - } - targetTerm.setEnabled(true); - targetTerm.setLog(true); - targetTerm.setNegateSource(false); - targetTerm.setNegateDestination(false); - - if(action_map!=null){ - targetTerm.setAction(action_map.get(tl)); - } - - //FromZone arrays - if(fromZone_map!=null){ - List fromZone= new ArrayList<>(); - for(String fromZoneStr:fromZone_map.get(tl).split(",") ){ - fromZone.add(fromZoneStr); - } - targetTerm.setFromZones(fromZone); - } - - //ToZone arrays - if(toZone_map!=null){ - List toZone= new ArrayList<>(); - for(String toZoneStr:toZone_map.get(tl).split(",") ){ - toZone.add(toZoneStr); - } - targetTerm.setToZones(toZone); - } - - //Destination Services. - if(destPort_map!=null){ - Set destServicesJsonList= new HashSet<>(); - for(String destServices:destPort_map.get(tl).split(",") ){ - ServicesJson destServicesJson= new ServicesJson(); - destServicesJson.setType("REFERENCE"); - if(destServices.equals(ANY)){ - destServicesJson.setName("any"); - destServicesJsonList.add(destServicesJson); - break; - }else{ - if(destServices.startsWith(GROUP)){ - destServicesJson.setName(destServices.substring(6,destServices.length())); - } else{ - destServicesJson.setName(destServices); - } - destServicesJsonList.add(destServicesJson); - } - } - targetTerm.setDestServices(destServicesJsonList); - } - //ExpandableServicesList - if((srcPort_map!=null) && (destPort_map!=null)){ - String servicesCollateString = srcPort_map.get(tl) + "," + destPort_map.get(tl); - expandableServicesList.add(servicesCollateString); - }else if (srcPort_map!=null){ - expandableServicesList.add(srcPort_map.get(tl)); - }else if (destPort_map!=null){ - expandableServicesList.add(destPort_map.get(tl)); - } - - if(srcIP_map!=null){ - //Source List - List sourceListArrayJson= new ArrayList<>(); - for(String srcList:srcIP_map.get(tl).split(",") ){ - AddressJson srcListJson= new AddressJson(); - if(srcList.equals(ANY)){ - srcListJson.setType("any"); - sourceListArrayJson.add(srcListJson); - break; - }else{ - srcListJson.setType("REFERENCE"); - if(srcList.startsWith(GROUP)){ - srcListJson.setName(srcList.substring(6,srcList.length())); - }else{ - srcListJson.setName(srcList); - } - sourceListArrayJson.add(srcListJson); - } - } - targetTerm.setSourceList(sourceListArrayJson); - } - if(destIP_map!=null){ - //Destination List - List destListArrayJson= new ArrayList<>(); - for(String destList:destIP_map.get(tl).split(",")){ - AddressJson destListJson= new AddressJson(); - if(destList.equals(ANY)){ - destListJson.setType("any"); - destListArrayJson.add(destListJson); - break; - }else{ - destListJson.setType("REFERENCE"); - if(destList.startsWith(GROUP)){ - destListJson.setName(destList.substring(6,destList.length())); - }else{ - destListJson.setName(destList); - } - destListArrayJson.add(destListJson); - } - } - targetTerm.setDestinationList(destListArrayJson); - } - //ExpandablePrefixIPList - if ((srcIP_map!=null) && (destIP_map!=null)) - { - String collateString = srcIP_map.get(tl) + "," + destIP_map - .get(tl); - expandablePrefixIPList.add(collateString); - } - else if(srcIP_map!=null){ - expandablePrefixIPList.add(srcIP_map.get(tl)); - } - else if(destIP_map!=null){ - expandablePrefixIPList.add(destIP_map.get(tl)); - } - termList.add(targetTerm); - targetTerm.setPosition(Integer.toString (ruleCount++)); - } - - List securityZoneData = commonClassDao.getData(SecurityZone.class); - for (int j =0 ; j< securityZoneData.size() ; j++){ - jpaSecurityZone = (SecurityZone) securityZoneData.get(j); - if (jpaSecurityZone.getZoneName().equals(policyData.getSecurityZone())){ - tc.setSecurityZoneId(jpaSecurityZone.getZoneValue()); - IdMap idMapInstance= new IdMap(); - idMapInstance.setAstraId(jpaSecurityZone.getZoneValue()); - idMapInstance.setVendorId("deviceGroup:dev"); - - List idMap = new ArrayList <>(); - idMap.add(idMapInstance); - - VendorSpecificData vendorStructure= new VendorSpecificData(); - vendorStructure.setIdMap(idMap); - tc.setVendorSpecificData(vendorStructure); - break; - } - } - - tc.setServiceTypeId("/v0/firewall/pan"); - tc.setConfigName(policyData.getConfigName()); - tc.setVendorServiceId("vipr"); - - DeployNowJson deployNow= new DeployNowJson(); - deployNow.setDeployNow(false); - - tc.setDeploymentOption(deployNow); - - Set servListArray = new HashSet<>(); - Set servGroupArray= new HashSet<>(); - Set addrGroupArray= new HashSet<>(); - Set addrArray= new HashSet<> (); - - ServiceGroupJson targetSg; - AddressGroupJson addressSg; - ServiceListJson targetAny; - ServiceListJson targetAnyTcp; - ServiceListJson targetAnyUdp; - - for(String serviceList:expandableServicesList){ - for(String t: serviceList.split(",")){ - if(!t.startsWith(GROUP)){ - if(!t.equals(ANY)){ - ServiceList sl; - targetSl= new ServiceListJson(); - sl= mappingServiceList(t); - targetSl.setName(sl.getServiceName()); - targetSl.setDescription(sl.getServiceDescription()); - targetSl.setTransportProtocol(sl.getServiceTransProtocol()); - targetSl.setType(sl.getServiceType()); - targetSl.setPorts(sl.getServicePorts()); - servListArray.add(targetSl); - }else{ - //Any for destinationServices. - //Add names any, any-tcp, any-udp to the serviceGroup object. - targetAny= new ServiceListJson(); - targetAny.setName("any"); - targetAny.setType("SERVICE"); - targetAny.setTransportProtocol("any"); - targetAny.setPorts("any"); - - servListArray.add(targetAny); - - targetAnyTcp= new ServiceListJson(); - targetAnyTcp.setName("any-tcp"); - targetAnyTcp.setType("SERVICE"); - targetAnyTcp.setTransportProtocol("tcp"); - targetAnyTcp.setPorts("any"); - - servListArray.add(targetAnyTcp); - - targetAnyUdp= new ServiceListJson(); - targetAnyUdp.setName("any-udp"); - targetAnyUdp.setType("SERVICE"); - targetAnyUdp.setTransportProtocol("udp"); - targetAnyUdp.setPorts("any"); - - servListArray.add(targetAnyUdp); - } - }else{//This is a group - GroupServiceList sg; - targetSg= new ServiceGroupJson(); - sg= mappingServiceGroup(t); - - String name=sg.getGroupName(); - //Removing the "Group_" prepending string before packing the JSON - targetSg.setName(name.substring(6,name.length())); - List servMembersList= new ArrayList<>(); - - for(String groupString: sg.getServiceList().split(",")){ - ServiceMembers serviceMembers= new ServiceMembers(); - serviceMembers.setType("REFERENCE"); - serviceMembers.setName(groupString); - servMembersList.add(serviceMembers); - //Expand the group Name - ServiceList expandGroupSl ; - targetSl= new ServiceListJson(); - expandGroupSl= mappingServiceList(groupString); - - targetSl.setName(expandGroupSl.getServiceName()); - targetSl.setDescription(expandGroupSl.getServiceDescription()); - targetSl.setTransportProtocol(expandGroupSl.getServiceTransProtocol()); - targetSl.setType(expandGroupSl.getServiceType()); - targetSl.setPorts(expandGroupSl.getServicePorts()); - servListArray.add(targetSl); - } - - targetSg.setMembers(servMembersList); - servGroupArray.add(targetSg); - - } - } - } - - Set prefixIPList = new HashSet<>(); - for(String prefixList:expandablePrefixIPList){ - for(String prefixIP: prefixList.split(",")){ - if(!prefixIP.startsWith(GROUP)){ - if(!prefixIP.equals(ANY)){ - List addMembersList= new ArrayList<>(); - List valueDesc; - PrefixIPList targetAddressList = new PrefixIPList(); - AddressMembers addressMembers= new AddressMembers(); - targetAddressList.setName(prefixIP); - policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList value:"+prefixIP); - valueDesc = mapping(prefixIP); - if(!valueDesc.isEmpty()){ - policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList description:"+valueDesc.get(1)); - targetAddressList.setDescription(valueDesc.get(1)); - } - - - addressMembers.setType("SUBNET"); - if(!valueDesc.isEmpty()) { - addressMembers.setValue(valueDesc.get(0)); - } - - addMembersList.add(addressMembers); - - targetAddressList.setMembers(addMembersList); - prefixIPList.add(targetAddressList); - } - } - else{//This is a group - AddressGroup ag; - addressSg= new AddressGroupJson(); - ag= mappingAddressGroup(prefixIP); - - String name=ag.getGroupName(); - //Removing the "Group_" prepending string before packing the JSON - addressSg.setName(name.substring(6,name.length())); - - List addrMembersList= new ArrayList<>(); - for(String groupString: ag.getPrefixList().split(",")){ - List valueDesc; - AddressMembersJson addressMembers= new AddressMembersJson(); - addressMembers.setType("REFERENCES"); - addressMembers.setName(groupString); - addrMembersList.add(addressMembers); - //Expand the group Name - addressMembersJson= new AddressMembers(); - valueDesc= mapping (groupString); - - addressMembersJson.setName(groupString); - addressMembersJson.setType("SUBNET"); - addressMembersJson.setValue(valueDesc.get(0)); - - addrArray.add(addressMembersJson); - - } - addressSg.setMembers(addrMembersList); - addrGroupArray.add(addressSg); - } - - } - } - - Set serviceGroup= new HashSet<>(); - - for(Object obj1:servGroupArray){ - serviceGroup.add(obj1); - } - - for(Object obj:servListArray){ - serviceGroup.add(obj); - } - - Set addressGroup= new HashSet<>(); - - for(Object addObj:prefixIPList){ - addressGroup.add(addObj); - } - - for(Object addObj1:addrGroupArray){ - addressGroup.add(addObj1); - } - - for(Object addObj2:addrArray){ - addressGroup.add(addObj2); - } - - - tc.setServiceGroups(serviceGroup); - tc.setAddressGroups(addressGroup); - tc.setFirewallRuleList(termList); - - ObjectWriter om = new ObjectMapper().writer(); - try { - json = om.writeValueAsString(tc); - } catch (JsonGenerationException e) { - policyLogger.error("JsonGenerationException Ocured",e); - } catch (JsonMappingException e) { - policyLogger.error("IOException Occured",e); - } - - }catch (Exception e) { - policyLogger.error("Exception Occured"+e); - } - - return json; - } + private static Logger policyLogger = FlexLogger.getLogger(CreateFirewallController.class); + private static final String ANY = "ANY"; + private static final String GROUP = "Group_"; + + @Autowired + SessionFactory sessionFactory; + + private static CommonClassDao commonClassDao; + + public static CommonClassDao getCommonClassDao() { + return commonClassDao; + } + + public static void setCommonClassDao(CommonClassDao commonClassDao) { + CreateFirewallController.commonClassDao = commonClassDao; + } + + private List tagCollectorList; + + List expandablePrefixIPList = new ArrayList<>(); + List expandableServicesList = new ArrayList<>(); + + @Autowired + private CreateFirewallController(CommonClassDao commonClassDao) { + CreateFirewallController.commonClassDao = commonClassDao; + } + + public CreateFirewallController() { + // Empty constructor + } + + private List termCollectorList; + + public PolicyRestAdapter setDataToPolicyRestAdapter(PolicyRestAdapter policyData) { + String jsonBody; + termCollectorList = new ArrayList<>(); + tagCollectorList = new ArrayList<>(); + if (!policyData.getAttributes().isEmpty()) { + for (Object attribute : policyData.getAttributes()) { + if (attribute instanceof LinkedHashMap) { + String key = ((LinkedHashMap) attribute).get("key").toString(); + termCollectorList.add(key); + + String tag = ((LinkedHashMap) attribute).get("value").toString(); + tagCollectorList.add(tag); + } + } + } + jsonBody = constructJson(policyData); + if (jsonBody != null && !"".equalsIgnoreCase(jsonBody)) { + policyData.setJsonBody(jsonBody); + } else { + policyData.setJsonBody("{}"); + } + policyData.setJsonBody(jsonBody); + + return policyData; + } + + private List mapping(String expandableList) { + String value; + String desc; + List valueDesc = new ArrayList<>(); + List prefixListData = commonClassDao.getData(PrefixList.class); + for (int i = 0; i < prefixListData.size(); i++) { + PrefixList prefixList = (PrefixList) prefixListData.get(i); + if (prefixList.getPrefixListName().equals(expandableList)) { + value = prefixList.getPrefixListValue(); + valueDesc.add(value); + desc = prefixList.getDescription(); + valueDesc.add(desc); + break; + } + } + return valueDesc; + } + + private ServiceList mappingServiceList(String expandableList) { + ServiceList serviceList = null; + List serviceListData = commonClassDao.getData(ServiceList.class); + for (int i = 0; i < serviceListData.size(); i++) { + serviceList = (ServiceList) serviceListData.get(i); + if (serviceList.getServiceName().equals(expandableList)) { + break; + } + } + return serviceList; + } + + private GroupServiceList mappingServiceGroup(String expandableList) { + + GroupServiceList serviceGroup = null; + List serviceGroupData = commonClassDao.getData(GroupServiceList.class); + for (int i = 0; i < serviceGroupData.size(); i++) { + serviceGroup = (GroupServiceList) serviceGroupData.get(i); + if (serviceGroup.getGroupName().equals(expandableList)) { + break; + } + } + return serviceGroup; + } + + private AddressGroup mappingAddressGroup(String expandableList) { + + AddressGroup addressGroup = null; + List addressGroupData = commonClassDao.getData(AddressGroup.class); + for (int i = 0; i < addressGroupData.size(); i++) { + addressGroup = (AddressGroup) addressGroupData.get(i); + if (addressGroup.getGroupName().equals(expandableList)) { + break; + } + } + return addressGroup; + } + + public void prePopulateFWPolicyData(PolicyRestAdapter policyAdapter, PolicyEntity entity) { + ArrayList attributeList; + attributeList = new ArrayList<>(); + if (policyAdapter.getPolicyData() instanceof PolicyType) { + Object policyData = policyAdapter.getPolicyData(); + PolicyType policy = (PolicyType) policyData; + // policy name value is the policy name without any prefix and Extensions. + policyAdapter.setOldPolicyFileName(policyAdapter.getPolicyName()); + String policyNameValue = + policyAdapter.getPolicyName().substring(policyAdapter.getPolicyName().indexOf("FW_") + 3); + if (policyLogger.isDebugEnabled()) { + policyLogger + .debug("Prepopulating form data for Config Policy selected:" + policyAdapter.getPolicyName()); + } + policyAdapter.setPolicyName(policyNameValue); + String description = ""; + try { + description = policy.getDescription().substring(0, policy.getDescription().indexOf("@CreatedBy:")); + } catch (Exception e) { + policyLogger.info("General error", e); + description = policy.getDescription(); + } + policyAdapter.setPolicyDescription(description); + + ObjectMapper mapper = new ObjectMapper(); + + TermCollector tc1 = null; + try { + // Json conversion. + String data; + SecurityZone jpaSecurityZone; + data = entity.getConfigurationData().getConfigBody(); + tc1 = mapper.readValue(data, TermCollector.class); + List securityZoneData = commonClassDao.getData(SecurityZone.class); + for (int i = 0; i < securityZoneData.size(); i++) { + jpaSecurityZone = (SecurityZone) securityZoneData.get(i); + if (jpaSecurityZone.getZoneValue().equals(tc1.getSecurityZoneId())) { + policyAdapter.setSecurityZone(jpaSecurityZone.getZoneName()); + break; + } + } + } catch (Exception e) { + policyLogger.error("Exception Caused while Retriving the JSON body data" + e); + } + + Map termTagMap; + if (tc1 != null) { + for (int i = 0; i < tc1.getFirewallRuleList().size(); i++) { + termTagMap = new HashMap<>(); + String ruleName = tc1.getFirewallRuleList().get(i).getRuleName(); + String tagPickerName = tc1.getRuleToTag().get(i).getTagPickerName(); + termTagMap.put("key", ruleName); + termTagMap.put("value", tagPickerName); + attributeList.add(termTagMap); + } + } + policyAdapter.setAttributes(attributeList); + // Get the target data under policy. + TargetType target = policy.getTarget(); + if (target != null) { + // Under target we have AnyOFType + List anyOfList = target.getAnyOf(); + if (anyOfList != null) { + Iterator iterAnyOf = anyOfList.iterator(); + while (iterAnyOf.hasNext()) { + AnyOfType anyOf = iterAnyOf.next(); + // Under AnyOFType we have AllOFType + List allOfList = anyOf.getAllOf(); + if (allOfList != null) { + Iterator iterAllOf = allOfList.iterator(); + while (iterAllOf.hasNext()) { + AllOfType allOf = iterAllOf.next(); + // Under AllOFType we have Match + List matchList = allOf.getMatch(); + if (matchList != null) { + + Iterator iterMatch = matchList.iterator(); + while (iterMatch.hasNext()) { + MatchType match = iterMatch.next(); + // + // Under the match we have attribute value and + // attributeDesignator. So,finally down to the actual attribute. + // + AttributeValueType attributeValue = match.getAttributeValue(); + String value = (String) attributeValue.getContent().get(0); + AttributeDesignatorType designator = match.getAttributeDesignator(); + String attributeId = designator.getAttributeId(); + if (("ConfigName").equals(attributeId)) { + policyAdapter.setConfigName(value); + } + if (("RiskType").equals(attributeId)) { + policyAdapter.setRiskType(value); + } + if (("RiskLevel").equals(attributeId)) { + policyAdapter.setRiskLevel(value); + } + if (("guard").equals(attributeId)) { + policyAdapter.setGuard(value); + } + if ("TTLDate".equals(attributeId) && !value.contains("NA")) { + PolicyController controller = new PolicyController(); + String newDate = controller.convertDate(value); + policyAdapter.setTtlDate(newDate); + } + } + } + } + } + } + } + } + } + } + + @RequestMapping( + value = {"/policyController/ViewFWPolicyRule.htm"}, + method = {org.springframework.web.bind.annotation.RequestMethod.POST}) + public ModelAndView setFWViewRule(HttpServletRequest request, HttpServletResponse response) { + try { + termCollectorList = new ArrayList<>(); + ObjectMapper mapper = new ObjectMapper(); + mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + JsonNode root = mapper.readTree(request.getReader()); + PolicyRestAdapter policyData = mapper.readValue(root.get("policyData").toString(), PolicyRestAdapter.class); + if (!policyData.getAttributes().isEmpty()) { + for (Object attribute : policyData.getAttributes()) { + if (attribute instanceof LinkedHashMap) { + String key = ((LinkedHashMap) attribute).get("key").toString(); + termCollectorList.add(key); + } + } + } + TermList jpaTermList; + String ruleSrcList; + String ruleDestList; + String ruleSrcPort; + String ruleDestPort; + String ruleAction; + List valueDesc; + StringBuilder displayString = new StringBuilder(); + for (String id : termCollectorList) { + List tmList = commonClassDao.getDataById(TermList.class, "termName", id); + jpaTermList = (TermList) tmList.get(0); + if (jpaTermList != null) { + ruleSrcList = jpaTermList.getSrcIPList(); + if ((ruleSrcList != null) && (!ruleSrcList.isEmpty()) && !"null".equals(ruleSrcList)) { + displayString.append("Source IP List: " + jpaTermList.getSrcIPList()); + displayString.append(" ; \t\n"); + for (String srcList : ruleSrcList.split(",")) { + if (srcList.startsWith(GROUP)) { + AddressGroup ag; + ag = mappingAddressGroup(srcList); + displayString.append( + "\n\t" + "Group has :" + (ag != null ? ag.getPrefixList() : "") + "\n"); + if (ag != null) { + for (String groupItems : ag.getPrefixList().split(",")) { + valueDesc = mapping(groupItems); + displayString.append("\n\t" + "Name: " + groupItems); + if (!valueDesc.isEmpty()) { + displayString.append("\n\t" + "Description: " + valueDesc.get(1)); + displayString.append("\n\t" + "Value: " + valueDesc.get(0)); + } + displayString.append("\n"); + } + } + } else { + if (!srcList.equals(ANY)) { + valueDesc = mapping(srcList); + displayString.append("\n\t" + "Name: " + srcList); + displayString.append("\n\t" + "Description: " + valueDesc.get(1)); + displayString.append("\n\t" + "Value: " + valueDesc.get(0)); + displayString.append("\n"); + } + } + } + displayString.append("\n"); + } + ruleDestList = jpaTermList.getDestIPList(); + if (ruleDestList != null && (!ruleDestList.isEmpty()) && !"null".equals(ruleDestList)) { + displayString.append("Destination IP List: " + jpaTermList.getDestIPList()); + displayString.append(" ; \t\n"); + for (String destList : ruleDestList.split(",")) { + if (destList.startsWith(GROUP)) { + AddressGroup ag; + ag = mappingAddressGroup(destList); + displayString.append( + "\n\t" + "Group has :" + (ag != null ? ag.getPrefixList() : "") + "\n"); + if (ag != null) { + for (String groupItems : ag.getPrefixList().split(",")) { + valueDesc = mapping(groupItems); + displayString.append("\n\t" + "Name: " + groupItems); + displayString.append("\n\t" + "Description: " + valueDesc.get(1)); + displayString.append("\n\t" + "Value: " + valueDesc.get(0)); + displayString.append("\n\t"); + } + } + } else { + if (!destList.equals(ANY)) { + valueDesc = mapping(destList); + displayString.append("\n\t" + "Name: " + destList); + displayString.append("\n\t" + "Description: " + valueDesc.get(1)); + displayString.append("\n\t" + "Value: " + valueDesc.get(0)); + displayString.append("\n\t"); + } + } + } + displayString.append("\n"); + } + + ruleSrcPort = jpaTermList.getSrcPortList(); + if (ruleSrcPort != null && (!ruleSrcPort.isEmpty()) && !"null".equals(ruleSrcPort)) { + displayString.append("\n" + "Source Port List:" + ruleSrcPort); + displayString.append(" ; \t\n"); + } + + ruleDestPort = jpaTermList.getDestPortList(); + if (ruleDestPort != null && (!ruleDestPort.isEmpty()) && !"null".equals(ruleDestPort)) { + displayString.append("\n" + "Destination Port List:" + ruleDestPort); + displayString.append(" ; \t\n"); + for (String destServices : ruleDestPort.split(",")) { + if (destServices.startsWith(GROUP)) { + GroupServiceList sg; + sg = mappingServiceGroup(destServices); + displayString.append("\n\t" + "Service Group has :" + + (sg != null ? sg.getServiceList() : "") + "\n"); + if (sg != null) { + for (String groupItems : sg.getServiceList().split(",")) { + ServiceList sl; + sl = mappingServiceList(groupItems); + displayString.append("\n\t" + "Name: " + sl.getServiceName()); + displayString.append("\n\t" + "Description: " + sl.getServiceDescription()); + displayString.append( + "\n\t" + "Transport-Protocol: " + sl.getServiceTransProtocol()); + displayString.append("\n\t" + "Ports: " + sl.getServicePorts()); + displayString.append("\n"); + } + } + } else { + if (!destServices.equals(ANY)) { + ServiceList sl; + sl = mappingServiceList(destServices); + displayString.append("\n\t" + "Name: " + sl.getServiceName()); + displayString.append("\n\t" + "Description: " + sl.getServiceDescription()); + displayString + .append("\n\t" + "Transport-Protocol: " + sl.getServiceTransProtocol()); + displayString.append("\n\t" + "Ports: " + sl.getServicePorts()); + displayString.append("\n"); + } + } + } + displayString.append("\n"); + } + + ruleAction = (jpaTermList).getAction(); + if (ruleAction != null && (!ruleAction.isEmpty())) { + displayString.append("\n" + "Action List:" + ruleAction); + displayString.append(" ; \t\n"); + } + } + } + response.setCharacterEncoding("UTF-8"); + response.setContentType("application / json"); + request.setCharacterEncoding("UTF-8"); + + PrintWriter out = response.getWriter(); + String responseString = mapper.writeValueAsString(displayString); + JSONObject j = new JSONObject("{policyData: " + responseString + "}"); + out.write(j.toString()); + return null; + } catch (Exception e) { + policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + e); + } + return null; + } + + private String constructJson(PolicyRestAdapter policyData) { + int ruleCount = 1; + // Maps to assosciate the values read from the TermList dictionary + Map srcIP_map = null; + Map destIP_map = null; + Map srcPort_map = null; + Map destPort_map = null; + Map action_map = null; + Map fromZone_map = null; + Map toZone_map = null; + + String ruleDesc = null; + String ruleFromZone = null; + String ruleToZone = null; + String ruleSrcPrefixList = null; + String ruleDestPrefixList = null; + String ruleSrcPort = null; + String ruleDestPort = null; + String ruleAction = null; + + String json = null; + + List expandableList = new ArrayList<>(); + TermList jpaTermList; + TermCollector tc = new TermCollector(); + SecurityZone jpaSecurityZone; + List termList = new ArrayList<>(); + + Tags tags = null; + List tagsList = new ArrayList<>(); + + TagDefines tagDefine = new TagDefines(); + List tagList = null; + ServiceListJson targetSl = null; + AddressMembers addressMembersJson = null; + int i = 0; + try { + String networkRole = ""; + for (String tag : tagCollectorList) { + tags = new Tags(); + List tagListData = commonClassDao.getData(FWTagPicker.class); + for (int tagCounter = 0; tagCounter < tagListData.size(); tagCounter++) { + FWTagPicker jpaTagPickerList = (FWTagPicker) tagListData.get(tagCounter); + if (jpaTagPickerList.getTagPickerName().equals(tag)) { + String tagValues = jpaTagPickerList.getTagValues(); + tagList = new ArrayList<>(); + for (String val : tagValues.split("#")) { + int index = val.indexOf(':'); + String keyToStore = val.substring(0, index); + String valueToStore = val.substring(index + 1, val.length()); + + tagDefine = new TagDefines(); + tagDefine.setKey(keyToStore); + tagDefine.setValue(valueToStore); + // Add to the collection. + tagList.add(tagDefine); + + } + networkRole = jpaTagPickerList.getNetworkRole(); + break; + } + } + tags.setTags(tagList); + tags.setTagPickerName(tag); + tags.setRuleName(termCollectorList.get(i)); + tags.setNetworkRole(networkRole); + tagsList.add(tags); + i++; + } + tc.setRuleToTag(tagsList); + + for (int tl = 0; tl < termCollectorList.size(); tl++) { + expandableList.add(termCollectorList.get(tl)); + Term targetTerm = new Term(); + targetTerm.setRuleName(termCollectorList.get(tl)); + List termListData = commonClassDao.getData(TermList.class); + for (int j = 0; j < termListData.size(); j++) { + jpaTermList = (TermList) termListData.get(j); + if (jpaTermList.getTermName().equals(termCollectorList.get(tl))) { + ruleDesc = jpaTermList.getTermDescription(); + if ((ruleDesc != null) && (!ruleDesc.isEmpty())) { + targetTerm.setDescription(ruleDesc); + } + ruleFromZone = jpaTermList.getFromZone(); + + if ((ruleFromZone != null) && (!ruleFromZone.isEmpty())) { + fromZone_map = new HashMap<>(); + fromZone_map.put(tl, ruleFromZone); + } + ruleToZone = jpaTermList.getToZone(); + + if ((ruleToZone != null) && (!ruleToZone.isEmpty())) { + toZone_map = new HashMap<>(); + toZone_map.put(tl, ruleToZone); + } + ruleSrcPrefixList = jpaTermList.getSrcIPList(); + + if ((ruleSrcPrefixList != null) && (!ruleSrcPrefixList.isEmpty())) { + srcIP_map = new HashMap<>(); + srcIP_map.put(tl, ruleSrcPrefixList); + } + + ruleDestPrefixList = jpaTermList.getDestIPList(); + if ((ruleDestPrefixList != null) && (!ruleDestPrefixList.isEmpty())) { + destIP_map = new HashMap<>(); + destIP_map.put(tl, ruleDestPrefixList); + } + + ruleSrcPort = jpaTermList.getSrcPortList(); + + if (ruleSrcPort != null && (!ruleSrcPort.isEmpty())) { + srcPort_map = new HashMap<>(); + srcPort_map.put(tl, ruleSrcPort); + } + + ruleDestPort = jpaTermList.getDestPortList(); + + if (ruleDestPort != null && (!jpaTermList.getDestPortList().isEmpty())) { + destPort_map = new HashMap<>(); + destPort_map.put(tl, ruleDestPort); + } + + ruleAction = jpaTermList.getAction(); + + if ((ruleAction != null) && (!ruleAction.isEmpty())) { + action_map = new HashMap<>(); + action_map.put(tl, ruleAction); + } + } + } + targetTerm.setEnabled(true); + targetTerm.setLog(true); + targetTerm.setNegateSource(false); + targetTerm.setNegateDestination(false); + + if (action_map != null) { + targetTerm.setAction(action_map.get(tl)); + } + + // FromZone arrays + if (fromZone_map != null) { + List fromZone = new ArrayList<>(); + for (String fromZoneStr : fromZone_map.get(tl).split(",")) { + fromZone.add(fromZoneStr); + } + targetTerm.setFromZones(fromZone); + } + + // ToZone arrays + if (toZone_map != null) { + List toZone = new ArrayList<>(); + for (String toZoneStr : toZone_map.get(tl).split(",")) { + toZone.add(toZoneStr); + } + targetTerm.setToZones(toZone); + } + + // Destination Services. + if (destPort_map != null) { + Set destServicesJsonList = new HashSet<>(); + for (String destServices : destPort_map.get(tl).split(",")) { + ServicesJson destServicesJson = new ServicesJson(); + destServicesJson.setType("REFERENCE"); + if (destServices.equals(ANY)) { + destServicesJson.setName("any"); + destServicesJsonList.add(destServicesJson); + break; + } else { + if (destServices.startsWith(GROUP)) { + destServicesJson.setName(destServices.substring(6, destServices.length())); + } else { + destServicesJson.setName(destServices); + } + destServicesJsonList.add(destServicesJson); + } + } + targetTerm.setDestServices(destServicesJsonList); + } + // ExpandableServicesList + if ((srcPort_map != null) && (destPort_map != null)) { + String servicesCollateString = srcPort_map.get(tl) + "," + destPort_map.get(tl); + expandableServicesList.add(servicesCollateString); + } else if (srcPort_map != null) { + expandableServicesList.add(srcPort_map.get(tl)); + } else if (destPort_map != null) { + expandableServicesList.add(destPort_map.get(tl)); + } + + if (srcIP_map != null) { + // Source List + List sourceListArrayJson = new ArrayList<>(); + for (String srcList : srcIP_map.get(tl).split(",")) { + AddressJson srcListJson = new AddressJson(); + if (srcList.equals(ANY)) { + srcListJson.setType("any"); + sourceListArrayJson.add(srcListJson); + break; + } else { + srcListJson.setType("REFERENCE"); + if (srcList.startsWith(GROUP)) { + srcListJson.setName(srcList.substring(6, srcList.length())); + } else { + srcListJson.setName(srcList); + } + sourceListArrayJson.add(srcListJson); + } + } + targetTerm.setSourceList(sourceListArrayJson); + } + if (destIP_map != null) { + // Destination List + List destListArrayJson = new ArrayList<>(); + for (String destList : destIP_map.get(tl).split(",")) { + AddressJson destListJson = new AddressJson(); + if (destList.equals(ANY)) { + destListJson.setType("any"); + destListArrayJson.add(destListJson); + break; + } else { + destListJson.setType("REFERENCE"); + if (destList.startsWith(GROUP)) { + destListJson.setName(destList.substring(6, destList.length())); + } else { + destListJson.setName(destList); + } + destListArrayJson.add(destListJson); + } + } + targetTerm.setDestinationList(destListArrayJson); + } + // ExpandablePrefixIPList + if ((srcIP_map != null) && (destIP_map != null)) { + String collateString = srcIP_map.get(tl) + "," + destIP_map.get(tl); + expandablePrefixIPList.add(collateString); + } else if (srcIP_map != null) { + expandablePrefixIPList.add(srcIP_map.get(tl)); + } else if (destIP_map != null) { + expandablePrefixIPList.add(destIP_map.get(tl)); + } + termList.add(targetTerm); + targetTerm.setPosition(Integer.toString(ruleCount++)); + } + + List securityZoneData = commonClassDao.getData(SecurityZone.class); + for (int j = 0; j < securityZoneData.size(); j++) { + jpaSecurityZone = (SecurityZone) securityZoneData.get(j); + if (jpaSecurityZone.getZoneName().equals(policyData.getSecurityZone())) { + tc.setSecurityZoneId(jpaSecurityZone.getZoneValue()); + IdMap idMapInstance = new IdMap(); + idMapInstance.setAstraId(jpaSecurityZone.getZoneValue()); + idMapInstance.setVendorId("deviceGroup:dev"); + + List idMap = new ArrayList<>(); + idMap.add(idMapInstance); + + VendorSpecificData vendorStructure = new VendorSpecificData(); + vendorStructure.setIdMap(idMap); + tc.setVendorSpecificData(vendorStructure); + break; + } + } + + tc.setServiceTypeId("/v0/firewall/pan"); + tc.setConfigName(policyData.getConfigName()); + tc.setVendorServiceId("vipr"); + + DeployNowJson deployNow = new DeployNowJson(); + deployNow.setDeployNow(false); + + tc.setDeploymentOption(deployNow); + + Set servListArray = new HashSet<>(); + Set servGroupArray = new HashSet<>(); + Set addrGroupArray = new HashSet<>(); + Set addrArray = new HashSet<>(); + + ServiceGroupJson targetSg; + AddressGroupJson addressSg; + ServiceListJson targetAny; + ServiceListJson targetAnyTcp; + ServiceListJson targetAnyUdp; + + for (String serviceList : expandableServicesList) { + for (String t : serviceList.split(",")) { + if (!t.startsWith(GROUP)) { + if (!t.equals(ANY)) { + ServiceList sl; + targetSl = new ServiceListJson(); + sl = mappingServiceList(t); + targetSl.setName(sl.getServiceName()); + targetSl.setDescription(sl.getServiceDescription()); + targetSl.setTransportProtocol(sl.getServiceTransProtocol()); + targetSl.setType(sl.getServiceType()); + targetSl.setPorts(sl.getServicePorts()); + servListArray.add(targetSl); + } else { + // Any for destinationServices. + // Add names any, any-tcp, any-udp to the serviceGroup object. + targetAny = new ServiceListJson(); + targetAny.setName("any"); + targetAny.setType("SERVICE"); + targetAny.setTransportProtocol("any"); + targetAny.setPorts("any"); + + servListArray.add(targetAny); + + targetAnyTcp = new ServiceListJson(); + targetAnyTcp.setName("any-tcp"); + targetAnyTcp.setType("SERVICE"); + targetAnyTcp.setTransportProtocol("tcp"); + targetAnyTcp.setPorts("any"); + + servListArray.add(targetAnyTcp); + + targetAnyUdp = new ServiceListJson(); + targetAnyUdp.setName("any-udp"); + targetAnyUdp.setType("SERVICE"); + targetAnyUdp.setTransportProtocol("udp"); + targetAnyUdp.setPorts("any"); + + servListArray.add(targetAnyUdp); + } + } else {// This is a group + GroupServiceList sg; + targetSg = new ServiceGroupJson(); + sg = mappingServiceGroup(t); + + String name = sg.getGroupName(); + // Removing the "Group_" prepending string before packing the JSON + targetSg.setName(name.substring(6, name.length())); + List servMembersList = new ArrayList<>(); + + for (String groupString : sg.getServiceList().split(",")) { + ServiceMembers serviceMembers = new ServiceMembers(); + serviceMembers.setType("REFERENCE"); + serviceMembers.setName(groupString); + servMembersList.add(serviceMembers); + // Expand the group Name + ServiceList expandGroupSl; + targetSl = new ServiceListJson(); + expandGroupSl = mappingServiceList(groupString); + + targetSl.setName(expandGroupSl.getServiceName()); + targetSl.setDescription(expandGroupSl.getServiceDescription()); + targetSl.setTransportProtocol(expandGroupSl.getServiceTransProtocol()); + targetSl.setType(expandGroupSl.getServiceType()); + targetSl.setPorts(expandGroupSl.getServicePorts()); + servListArray.add(targetSl); + } + + targetSg.setMembers(servMembersList); + servGroupArray.add(targetSg); + + } + } + } + + Set prefixIPList = new HashSet<>(); + for (String prefixList : expandablePrefixIPList) { + for (String prefixIP : prefixList.split(",")) { + if (!prefixIP.startsWith(GROUP)) { + if (!prefixIP.equals(ANY)) { + List addMembersList = new ArrayList<>(); + List valueDesc; + PrefixIPList targetAddressList = new PrefixIPList(); + AddressMembers addressMembers = new AddressMembers(); + targetAddressList.setName(prefixIP); + policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList value:" + prefixIP); + valueDesc = mapping(prefixIP); + if (!valueDesc.isEmpty()) { + policyLogger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PrefixList description:" + + valueDesc.get(1)); + targetAddressList.setDescription(valueDesc.get(1)); + } + + addressMembers.setType("SUBNET"); + if (!valueDesc.isEmpty()) { + addressMembers.setValue(valueDesc.get(0)); + } + + addMembersList.add(addressMembers); + + targetAddressList.setMembers(addMembersList); + prefixIPList.add(targetAddressList); + } + } else {// This is a group + AddressGroup ag; + addressSg = new AddressGroupJson(); + ag = mappingAddressGroup(prefixIP); + + String name = ag.getGroupName(); + // Removing the "Group_" prepending string before packing the JSON + addressSg.setName(name.substring(6, name.length())); + + List addrMembersList = new ArrayList<>(); + for (String groupString : ag.getPrefixList().split(",")) { + List valueDesc; + AddressMembersJson addressMembers = new AddressMembersJson(); + addressMembers.setType("REFERENCES"); + addressMembers.setName(groupString); + addrMembersList.add(addressMembers); + // Expand the group Name + addressMembersJson = new AddressMembers(); + valueDesc = mapping(groupString); + + addressMembersJson.setName(groupString); + addressMembersJson.setType("SUBNET"); + addressMembersJson.setValue(valueDesc.get(0)); + + addrArray.add(addressMembersJson); + + } + addressSg.setMembers(addrMembersList); + addrGroupArray.add(addressSg); + } + + } + } + + Set serviceGroup = new HashSet<>(); + + for (Object obj1 : servGroupArray) { + serviceGroup.add(obj1); + } + + for (Object obj : servListArray) { + serviceGroup.add(obj); + } + + Set addressGroup = new HashSet<>(); + + for (Object addObj : prefixIPList) { + addressGroup.add(addObj); + } + + for (Object addObj1 : addrGroupArray) { + addressGroup.add(addObj1); + } + + for (Object addObj2 : addrArray) { + addressGroup.add(addObj2); + } + + tc.setServiceGroups(serviceGroup); + tc.setAddressGroups(addressGroup); + tc.setFirewallRuleList(termList); + + ObjectWriter om = new ObjectMapper().writer(); + try { + json = om.writeValueAsString(tc); + } catch (JsonGenerationException e) { + policyLogger.error("JsonGenerationException Ocured", e); + } catch (JsonMappingException e) { + policyLogger.error("IOException Occured", e); + } + + } catch (Exception e) { + policyLogger.error("Exception Occured" + e); + } + + return json; + } }