diff options
Diffstat (limited to 'pki/base/common/src/com/netscape/certsrv/acls')
6 files changed, 0 insertions, 734 deletions
diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java b/pki/base/common/src/com/netscape/certsrv/acls/ACL.java deleted file mode 100644 index 508793ddf..000000000 --- a/pki/base/common/src/com/netscape/certsrv/acls/ACL.java +++ /dev/null @@ -1,194 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.acls; - -import java.util.Enumeration; -import java.util.Vector; - -/** - * A class represents an access control list (ACL). An ACL - * is associated with an protected resources. The policy - * enforcer can verify the ACLs with the current - * context to see if the corresponding resource is accessible. - * <P> - * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code> - * , a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted - * <P> - * - * @version $Revision$, $Date$ - */ -public class ACL implements IACL, java.io.Serializable { - - /** - * - */ - private static final long serialVersionUID = -1867465948611161868L; - - protected Vector<ACLEntry> mEntries = new Vector<ACLEntry>(); // ACL entries - protected Vector<String> mRights = null; // possible rights entries - protected String mResourceACLs = null; // exact resourceACLs string on ldap server - protected String mName = null; // resource name - protected String mDescription = null; // resource description - - /** - * Class constructor. - */ - public ACL() { - } - - /** - * Class constructor. - * Constructs an access control list associated - * with a resource name - * - * @param name resource name - * @param rights applicable rights defined for this resource - * @param resourceACLs the entire ACL specification. For example: - * "certServer.log.configuration:read,modify: - * allow (read,modify) - * group=\"Administrators\": - * Allow administrators to read and modify log - * configuration" - */ - public ACL(String name, Vector<String> rights, String resourceACLs) { - setName(name); - if (rights != null) { - mRights = rights; - } else { - mRights = new Vector<String>(); - } - mResourceACLs = resourceACLs; - - } - - /** - * Sets the name of the resource governed by this - * access control. - * - * @param name name of the resource - */ - public void setName(String name) { - mName = name; - } - - /** - * Retrieves the name of the resource governed by - * this access control. - * - * @return name of the resource - */ - public String getName() { - return mName; - } - - /** - * Retrieves the exact string of the resourceACLs - * - * @return resource's acl - */ - public String getResourceACLs() { - return mResourceACLs; - } - - /** - * Sets the description of the resource governed by this - * access control. - * - * @param description Description of the protected resource - */ - public void setDescription(String description) { - mDescription = description; - } - - /** - * Retrieves the description of the resource governed by - * this access control. - * - * @return Description of the protected resource - */ - public String getDescription() { - return mDescription; - } - - /** - * Adds an ACL entry to this list. - * - * @param entry the <code>ACLEntry</code> to be added to this resource - */ - public void addEntry(ACLEntry entry) { - mEntries.addElement(entry); - } - - /** - * Returns ACL entries. - * - * @return enumeration for the <code>ACLEntry</code> vector - */ - public Enumeration<ACLEntry> entries() { - return mEntries.elements(); - } - - /** - * Returns the string reprsentation. - * - * @return the string representation of the ACL entries in the - * following format: - * <resource name>[<ACLEntry1>,<ACLEntry 2>,...<ACLEntry N>] - */ - public String toString() { - String entries = ""; - Enumeration<ACLEntry> e = entries(); - - for (; e.hasMoreElements();) { - ACLEntry entry = (ACLEntry) e.nextElement(); - - entries += entry.toString(); - if (e.hasMoreElements()) - entries += ","; - } - return getName() + "[" + entries + "]"; - } - - /** - * Adds an rights entry to this list. - * - * @param right The right to be added for this ACL - */ - public void addRight(String right) { - mRights.addElement(right); - } - - /** - * Tells if the permission is one of the defined "rights" - * - * @param permission permission to be checked - * @return true if it's one of the "rights"; false otherwise - */ - public boolean checkRight(String permission) { - return (mRights.contains((Object) permission)); - } - - /** - * Returns rights entries. - * - * @return enumeration of rights defined for this ACL - */ - public Enumeration<String> rights() { - return mRights.elements(); - } -} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java deleted file mode 100644 index 2c1b7c3ea..000000000 --- a/pki/base/common/src/com/netscape/certsrv/acls/ACLEntry.java +++ /dev/null @@ -1,245 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.acls; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.StringTokenizer; - -/** - * A class represents an ACI entry of an access control list. - * <P> - * - * @version $Revision$, $Date$ - */ -public class ACLEntry implements IACLEntry, java.io.Serializable { - /** - * - */ - private static final long serialVersionUID = 422656406529200393L; - - protected Hashtable<String, String> mPerms = new Hashtable<String, String>(); - protected String mExpressions = null; - protected boolean mNegative = false; - protected String mACLEntryString = null; - - /** - * Class Constructor - */ - public ACLEntry() { - } - - /** - * Checks if this ACL entry is set to negative. - * - * @return true if this ACL entry expression is for "deny"; - * false if this ACL entry expression is for "allow" - */ - public boolean isNegative() { - return mNegative; - } - - /** - * Sets this ACL entry negative. This ACL entry expression is for "deny". - */ - public void setNegative() { - mNegative = true; - } - - /** - * Sets the ACL entry string - * - * @param s string in the following format: - * - * <PRE> - * allow|deny (right[,right...]) attribute_expression - * </PRE> - */ - public void setACLEntryString(String s) { - mACLEntryString = s; - } - - /** - * Gets the ACL Entry String - * - * @return ACL Entry string in the following format: - * - * <PRE> - * allow|deny (right[,right...]) attribute_expression - * </PRE> - */ - public String getACLEntryString() { - return mACLEntryString; - } - - /** - * Adds permission to this entry. Permission must be one of the - * "rights" defined for each protected resource in its ACL - * - * @param acl the acl instance that this aclEntry is associated with - * @param permission one of the "rights" defined for each - * protected resource in its ACL - */ - public void addPermission(IACL acl, String permission) { - if (acl.checkRight(permission) == true) { - mPerms.put(permission, permission); - } else { - // not a valid right...log it later - } - } - - /** - * Returns a list of permissions associated with - * this entry. - * - * @return a list of permissions for this ACL entry - */ - public Enumeration<String> permissions() { - return mPerms.elements(); - } - - /** - * Sets the expression associated with this entry. - * - * @param expressions the evaluator expressions. For example, - * group="Administrators" - */ - public void setAttributeExpressions(String expressions) { - mExpressions = expressions; - } - - /** - * Retrieves the expression associated with this entry. - * - * @return the evaluator expressions. For example, - * group="Administrators" - */ - public String getAttributeExpressions() { - return mExpressions; - } - - /** - * Checks to see if this <code>ACLEntry</code> contains a - * particular permission - * - * @param permission one of the "rights" defined for each - * protected resource in its ACL - * @return true if permission contained in the permission list - * for this <code>ACLEntry</code>; false otherwise. - */ - public boolean containPermission(String permission) { - return (mPerms.get(permission) != null); - } - - /** - * Checks if this entry has the given permission. - * - * @param permission one of the "rights" defined for each - * protected resource in its ACL - * @return true if the permission is allowed; false if the - * permission is denied. If a permission is not - * recognized by this ACL, it is considered denied - */ - public boolean checkPermission(String permission) { - // default - if we dont know about the requested permission, - // don't grant permission - if (mPerms.get(permission) == null) - return false; - if (isNegative()) { - return false; - } else { - return true; - } - } - - /** - * Parse string in the following format: - * - * <PRE> - * allow|deny (right[,right...]) attribute_expression - * </PRE> - * - * into an instance of the <code>ACLEntry</code> class - * - * @param acl the acl instance associated with this aclentry - * @param aclEntryString aclEntryString in the specified format - * @return an instance of the <code>ACLEntry</code> class - */ - public static ACLEntry parseACLEntry(IACL acl, String aclEntryString) { - if (aclEntryString == null) { - return null; - } - - String te = aclEntryString.trim(); - - // locate first space - int i = te.indexOf(' '); - // prefix should be "allowed" or "deny" - String prefix = te.substring(0, i); - String suffix = te.substring(i + 1).trim(); - ACLEntry entry = new ACLEntry(); - - if (prefix.equals("allow")) { - // do nothing - } else if (prefix.equals("deny")) { - entry.setNegative(); - } else { - return null; - } - // locate the second space - i = suffix.indexOf(' '); - // this prefix should be rights list, delimited by "," - prefix = suffix.substring(1, i - 1); - // the suffix is the rest, which is the "expressions" - suffix = suffix.substring(i + 1).trim(); - - StringTokenizer st = new StringTokenizer(prefix, ","); - - for (; st.hasMoreTokens();) { - entry.addPermission(acl, st.nextToken()); - } - entry.setAttributeExpressions(suffix); - return entry; - } - - /** - * Returns the string representation of this ACLEntry - * - * @return string representation of this ACLEntry - */ - public String toString() { - String entry = ""; - - if (isNegative()) { - entry += "deny ("; - } else { - entry += "allow ("; - } - Enumeration<String> e = permissions(); - - for (; e.hasMoreElements();) { - String p = e.nextElement(); - - entry += p; - if (e.hasMoreElements()) - entry += ","; - } - entry += ") " + getAttributeExpressions(); - return entry; - } -} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java b/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java deleted file mode 100644 index bf3ea4a28..000000000 --- a/pki/base/common/src/com/netscape/certsrv/acls/ACLsResources.java +++ /dev/null @@ -1,45 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.acls; - -import java.util.ListResourceBundle; - -/** - * A class represents a resource bundle for the entire ACL component. - * system. - * <P> - * - * @deprecated - * @version $Revision$, $Date$ - */ -public class ACLsResources extends ListResourceBundle { - - /** - * Returns the content of this resource. - * - * @return the content of this resource. - */ - public Object[][] getContents() { - return contents; - } - - /** - * A set of constants for localized error messages. - */ - static final Object[][] contents = {}; -} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java b/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java deleted file mode 100644 index 8d204091e..000000000 --- a/pki/base/common/src/com/netscape/certsrv/acls/EACLsException.java +++ /dev/null @@ -1,148 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.acls; - -import java.util.Locale; - -import com.netscape.certsrv.base.EBaseException; -import com.netscape.certsrv.base.MessageFormatter; - -/** - * A class represents an acls exception. Note that this is - * an Runtime exception so that methods used AccessManager - * do not have to explicity declare this exception. This - * allows AccessManager to be easily integrated into any - * existing code. - * <P> - * - * @version $Revision$, $Date$ - */ -public class EACLsException extends EBaseException { - - /** - * - */ - private static final long serialVersionUID = 5471535135648315104L; - /** - * resource class name - */ - private static final String ACL_RESOURCES = ACLsResources.class.getName(); - - /** - * Constructs an acls exception. - * <P> - * - * @param msgFormat exception details - */ - public EACLsException(String msgFormat) { - super(msgFormat); - mParams = null; - } - - /** - * Constructs a base exception with a parameter. For example, - * - * <PRE> - * new EACLsException("failed to load {0}", fileName); - * </PRE> - * <P> - * - * @param msgFormat exception details in message string format - * @param param message string parameter - */ - public EACLsException(String msgFormat, String param) { - super(msgFormat); - mParams = new String[1]; - mParams[0] = param; - } - - /** - * Constructs a base exception. It can be used to carry - * a system exception that may contain information about - * the context. For example, - * - * <PRE> - * try { - * ... - * } catch (IOExeption e) { - * throw new EACLsException("Encountered System Error {0}", e); - * } - * </PRE> - * <P> - * - * @param msgFormat exception details in message string format - * @param param system exception - */ - public EACLsException(String msgFormat, Exception param) { - super(msgFormat); - mParams = new Exception[1]; - mParams[0] = param; - } - - /** - * Constructs a base exception with a list of parameters - * that will be substituted into the message format. - * <P> - * - * @param msgFormat exception details in message string format - * @param params list of message format parameters - */ - public EACLsException(String msgFormat, Object params[]) { - super(msgFormat); - mParams = params; - } - - /** - * Returns a list of parameters. - * <P> - * - * @return list of message format parameters - */ - public Object[] getParameters() { - return mParams; - } - - /** - * String representation for the corresponding exception. - * - * @return String representation for the corresponding exception. - */ - public String toString() { - return toString(Locale.getDefault()); - } - - /** - * Returns string representation for the corresponding exception. - * - * @param locale client specified locale for string representation. - * @return String representation for the corresponding exception. - */ - public String toString(Locale locale) { - return MessageFormatter.getLocalizedString(locale, getBundleName(), - super.getMessage(), mParams); - } - - /** - * Return the class name of the resource bundle. - * - * @return class name of the resource bundle. - */ - protected String getBundleName() { - return ACL_RESOURCES; - } -} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACL.java b/pki/base/common/src/com/netscape/certsrv/acls/IACL.java deleted file mode 100644 index aad733722..000000000 --- a/pki/base/common/src/com/netscape/certsrv/acls/IACL.java +++ /dev/null @@ -1,68 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.acls; - -import java.util.Enumeration; - -/** - * A class represents an access control list (ACL). An ACL - * is associated with a protected resource. The policy - * enforcer can verify the ACLs with the current - * context to see if the corresponding resource is accessible. - * <P> - * - * @version $Revision$, $Date$ - */ -public interface IACL { - - /** - * Returns the name of the current ACL. - * - * @return the name of the current ACL. - */ - public String getName(); - - /** - * Returns the description of the current ACL. - * - * @return the description of the current ACL. - */ - public String getDescription(); - - /** - * Returns a list of access rights of the current ACL. - * - * @return a list of access rights - */ - public Enumeration<String> rights(); - - /** - * Returns a list of entries of the current ACL. - * - * @return a list of entries - */ - public Enumeration<ACLEntry> entries(); - - /** - * Verifies if permission is granted. - * - * @param permission one of the applicable rights - * @return true if the given permission is one of the applicable rights; false otherwise. - */ - public boolean checkRight(String permission); -} diff --git a/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java b/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java deleted file mode 100644 index ff806f155..000000000 --- a/pki/base/common/src/com/netscape/certsrv/acls/IACLEntry.java +++ /dev/null @@ -1,34 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.certsrv.acls; - -/** - * A class represents an entry of access control list. - * <P> - * - * @version $Revision$, $Date$ - */ -public interface IACLEntry { - - /** - * Returns the ACL entry string of the entry. - * - * @return the ACL entry string of the entry. - */ - public String getACLEntryString(); -} |