Материал из BiTel WiKi
import java.util.*;
import java.util.regex.*;
import bitel.billing.common.module.ipn.*;
import bitel.billing.server.ipn.bean.*;
import bitel.billing.server.util.*;
import bitel.billing.server.util.ssh.*;
import bitel.billing.common.*;
import java.util.regex.Pattern;
import java.util.regex.Matcher;
protected void doSync()
{
host = gate.getHost();
port = gate.getPort();
gid = gate.getId();
gateSetup = new DefaultServerSetup( gate.getConfig(), "\r\n" );
login = gateSetup.getStringValue( "login");
pswd = gate.getKeyword();
acl = gateSetup.getStringValue( "acl_name");
result = new StringBuffer();
if( log.isDebugEnabled() )
{
log.debug( gate.getId() + " gate: " + host + ":" + port + " login: " + login + " pswd: " + pswd );
}
session = null;
try
{
session = new SSHSession( host, port, login, pswd );
session.connect();
result.append(session.command( "terminal length 0" ) );
result = new StringBuffer();
result.append( session.command( "configure terminal" ) );
result.append( session.command( "ip access-list standard " + acl ) );
buffer = getBuffer( session, result, acl );
doCommands( session, result, buffer );
result.append( session.command( "end" ) );
result.append( session.command( "exit", false ) );
if (log.isDebugEnabled())
{
log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );
log.debug( result.toString() );
log.debug( "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" );
}
// пауза пока считает команду exit
Thread.sleep( 100 );
}
catch ( Exception e )
{
throw new RuntimeException ( e );
}
finally
{
if( session != null )
{
session.disconnect();
}
}
}
void doCommands( session, result, buffer )
{
for( status : statusList )
{
log.info( "status.status=" + status.status );
isPermitted = isUserPermited ( status, buffer);
// если правило есть, а юзер заблокирован - удаляем правило
if ( isPermitted && status.status > 0 )
{
rules = getCloseRules( status );
}
else if ( !isPermitted && status.status == 0 )
// правила нет, а юзер открыт - добавляем правило
{
rules = getOpenRules( status );
}
else
{
continue;
}
for ( rule : rules )
{
result.append( session.command( rule ) );
}
}
}
private List getOpenRules( status )
{
log.info( "getting open rules" );
return getRules( status, "\\[OPEN\\]((.|\n)*)\\[/OPEN\\]" );
}
private List getCloseRules( status )
{
log.info( "getting close rules" );
return getRules( status, "\\[CLOSE\\]((.|\n)*)\\[/CLOSE\\]");
}
private List getRules( status, String template )
{
// пользовательское правило, без типа - то все оставляем как есть
rule = status.rule.getRuleText();
//типизированное правило
if( status.ruleType != null )
{
ruleText = ManadUtils.getRule( status.gateType, status.ruleType );
Map replacements = new HashMap ();
rule = ManadUtils.generateRule( ruleText, status.rule.getRuleText(), replacements, status.ruleType );
}
Pattern pattern = Pattern.compile( template );
Matcher m = pattern.matcher( rule );
if (m.find())
{
rule = m.group( 1 );
}
log.info("rule=" + rule);
rule.replaceAll( "\r", "" );
parts = rule.split( "\n" );
result = new ArrayList();
for ( part : parts )
{
if ( !Utils.isEmptyString( part ))
{
result.add( part );
}
}
return result;
}
private getBuffer( session, result, acl )
{
buffer = session.command( "do sh ip access-list " + acl );
result.append( buffer );
return buffer;
}
private isUserPermited ( status, buffer)
{
addreses = status.rule.getRuleText().split( "\\s*,\\s*" );
//
for ( i = 0; i < addreses.length; i++)
{
address = IPUtils.convertLongIpToString( Utils.parseLongString( addreses[i], 0 ) );
log.info( "ip=" + address);
address = address.replace( ".", "\\." );
Pattern pattern = Pattern.compile( ".*permit\\s" + address + "(\\s.*)?$", Pattern.DOTALL );
Matcher m = pattern.matcher( buffer );
//если хотя бы один адрес отстуствует, то считаем что клиент закрыт
if ( !m.find() )
{
log.info( "is not permitted" );
return false;
}
}
log.info( "is permitted" );
return true;
}
