diff options
author | PKI Team <PKI Team@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-03-18 22:36:57 +0000 |
---|---|---|
committer | PKI Team <PKI Team@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2008-03-18 22:36:57 +0000 |
commit | d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb (patch) | |
tree | 7e7473fae8af5ad7e6cda7eabbef787093fc59a7 /pki/base/util/src/netscape/security/acl/AclEntryImpl.java | |
parent | 273f8d85df5c31293a908185622b378c8f3cf7e8 (diff) | |
download | pki-d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb.tar.gz pki-d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb.tar.xz pki-d0f2e4efbd3eb0f1d7f5a28e7f97c1fb4ec027bb.zip |
Initial open source version based upon proprietary Red Hat Certificate System (RHCS) 7.3.
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/util/src/netscape/security/acl/AclEntryImpl.java')
-rw-r--r-- | pki/base/util/src/netscape/security/acl/AclEntryImpl.java | 176 |
1 files changed, 176 insertions, 0 deletions
diff --git a/pki/base/util/src/netscape/security/acl/AclEntryImpl.java b/pki/base/util/src/netscape/security/acl/AclEntryImpl.java new file mode 100644 index 000000000..c0f6ef30b --- /dev/null +++ b/pki/base/util/src/netscape/security/acl/AclEntryImpl.java @@ -0,0 +1,176 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package netscape.security.acl; + +import java.util.*; +import java.io.*; +import java.security.Principal; +import java.security.acl.*; + +/** + * This is a class that describes one entry that associates users + * or groups with permissions in the ACL. + * The entry may be used as a way of granting or denying permissions. + * @author Satish Dharmaraj + */ +public class AclEntryImpl implements AclEntry { + private Principal user = null; + private Vector permissionSet = new Vector(10, 10); + private boolean negative = false; + + /** + * Construct an ACL entry that associates a user with permissions + * in the ACL. + * @param user The user that is associated with this entry. + */ + public AclEntryImpl(Principal user) { + this.user = user; + } + + /** + * Construct a null ACL entry + */ + public AclEntryImpl() { + } + + /** + * Sets the principal in the entity. If a group or a + * principal had already been set, a false value is + * returned, otherwise a true value is returned. + * @param user The user that is associated with this entry. + * @return true if the principal is set, false if there is + * one already. + */ + public boolean setPrincipal(Principal user) { + if (this.user != null) + return false; + this.user = user; + return true; + } + + /** + * This method sets the ACL to have negative permissions. + * That is the user or group is denied the permission set + * specified in the entry. + */ + public void setNegativePermissions() { + negative = true; + } + + /** + * Returns true if this is a negative ACL. + */ + public boolean isNegative() { + return negative; + } + + /** + * A principal or a group can be associated with multiple + * permissions. This method adds a permission to the ACL entry. + * @param permission The permission to be associated with + * the principal or the group in the entry. + * @return true if the permission was added, false if the + * permission was already part of the permission set. + */ + public boolean addPermission(Permission permission) { + + if (permissionSet.contains(permission)) + return false; + + permissionSet.addElement(permission); + + return true; + } + + /** + * The method disassociates the permission from the Principal + * or the Group in this ACL entry. + * @param permission The permission to be disassociated with + * the principal or the group in the entry. + * @return true if the permission is removed, false if the + * permission is not part of the permission set. + */ + public boolean removePermission(Permission permission) { + return permissionSet.removeElement(permission); + } + + /** + * Checks if the passed permission is part of the allowed + * permission set in this entry. + * @param permission The permission that has to be part of + * the permission set in the entry. + * @return true if the permission passed is part of the + * permission set in the entry, false otherwise. + */ + public boolean checkPermission(Permission permission) { + return permissionSet.contains(permission); + } + + /** + * return an enumeration of the permissions in this ACL entry. + */ + public Enumeration permissions() { + return permissionSet.elements(); + } + + /** + * Return a string representation of the contents of the ACL entry. + */ + public String toString() { + StringBuffer s = new StringBuffer(); + if (negative) + s.append("-"); + else + s.append("+"); + if (user instanceof Group) + s.append("Group."); + else + s.append("User."); + s.append(user + "="); + Enumeration e = permissions(); + while(e.hasMoreElements()) { + Permission p = (Permission) e.nextElement(); + s.append(p); + if (e.hasMoreElements()) + s.append(","); + } + return new String(s); + } + + /** + * Clones an AclEntry. + */ + public synchronized Object clone() { + AclEntryImpl cloned; + cloned = new AclEntryImpl(user); + cloned.permissionSet = (Vector) permissionSet.clone(); + cloned.negative = negative; + return cloned; + } + + /** + * Return the Principal associated in this ACL entry. + * The method returns null if the entry uses a group + * instead of a principal. + */ + public Principal getPrincipal() { + return user; + } +} + + |