summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/evaluators
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/evaluators')
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java56
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java47
4 files changed, 90 insertions, 71 deletions
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
index d026cdbaf..d945d7082 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
@@ -28,7 +27,6 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
-
/**
* A class represents a group acls evaluator.
* <P>
@@ -54,7 +52,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("GroupAccessEvaluator: init");
@@ -62,6 +60,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: "group" or "at_group"
*/
public String getType() {
@@ -70,6 +69,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -85,16 +85,16 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * evaluates uid in AuthToken to see if it has membership in
- * group value
+ * evaluates uid in AuthToken to see if it has membership in group value
+ *
* @param authToken authentication token
* @param type must be "at_group"
* @param op must be "="
* @param value the group name
- * @return true if AuthToken uid belongs to the group value,
- * false otherwise
+ * @return true if AuthToken uid belongs to the group value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
if (type.equals(mType)) {
// should define "uid" at a common place
@@ -104,17 +104,20 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
if (uid == null) {
uid = authToken.getInString("uid");
if (uid == null) {
- CMS.debug("GroupAccessEvaluator: evaluate: uid null");
- log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
- return false;
+ CMS.debug("GroupAccessEvaluator: evaluate: uid null");
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("EVALUTOR_UID_NULL"));
+ return false;
}
}
- CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value);
+ CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value="
+ + value);
String groupname = authToken.getInString("gid");
if (groupname != null) {
- CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname);
+ CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="
+ + groupname);
if (op.equals("=")) {
return groupname.equals(Utils.stripQuotes(value));
} else if (op.equals("!=")) {
@@ -123,12 +126,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
} else {
CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken");
IUser id = null;
- try {
- id = mUG.getUser(uid);
- } catch (EBaseException e) {
+ try {
+ id = mUG.getUser(uid);
+ } catch (EBaseException e) {
CMS.debug("GroupAccessEvaluator: " + e.toString());
return false;
- }
+ }
if (op.equals("=")) {
return mUG.isMemberOf(id, Utils.stripQuotes(value));
@@ -142,13 +145,14 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * evaluates uid in SessionContext to see if it has membership in
- * group value
+ * evaluates uid in SessionContext to see if it has membership in group
+ * value
+ *
* @param type must be "group"
* @param op must be "="
* @param value the group name
- * @return true if SessionContext uid belongs to the group value,
- * false otherwise
+ * @return true if SessionContext uid belongs to the group value, false
+ * otherwise
*/
public boolean evaluate(String type, String op, String value) {
@@ -161,12 +165,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
return false;
}
- if (op.equals("="))
+ if (op.equals("="))
return mUG.isMemberOf(id, Utils.stripQuotes(value));
else
return !(mUG.isMemberOf(id, Utils.stripQuotes(value)));
-
- }
+
+ }
return false;
}
@@ -174,8 +178,8 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "GroupAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "GroupAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
index a5c99eeb9..4de8f694f 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -25,7 +24,6 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
-
/**
* A class represents a IP address acls evaluator.
* <P>
@@ -44,13 +42,14 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
}
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: ipaddress
*/
public String getType() {
@@ -59,6 +58,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -75,24 +75,27 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
/**
* Gets the IP address from session context
+ *
* @param authToken authentication token
* @param type must be "ipaddress"
* @param op must be "=" or "!="
* @param value the ipaddress
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
return evaluate(type, op, value);
}
/**
- * evaluates uid in SessionContext to see if it has membership in
- * group value
+ * evaluates uid in SessionContext to see if it has membership in group
+ * value
+ *
* @param type must be "group"
* @param op must be "="
* @param value the group name
- * @return true if SessionContext uid belongs to the group value,
- * false otherwise
+ * @return true if SessionContext uid belongs to the group value, false
+ * otherwise
*/
public boolean evaluate(String type, String op, String value) {
@@ -103,16 +106,17 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
if (type.equals(mType)) {
if (ipaddress == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
return false;
}
- if (op.equals("=")) {
+ if (op.equals("=")) {
return ipaddress.matches(value);
} else {
return !(ipaddress.matches(value));
}
-
- }
+
+ }
return false;
}
@@ -120,7 +124,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "GroupAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "GroupAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
index 4b6b56772..862206a9a 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -26,7 +25,6 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
-
/**
* A class represents a user acls evaluator.
* <P>
@@ -48,7 +46,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("UserAccessEvaluator: init");
@@ -56,6 +54,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: "user" or "at_user"
*/
public String getType() {
@@ -64,6 +63,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -80,27 +80,30 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* Evaluates the user in AuthToken to see if it's equal to value
+ *
* @param authToken AuthToken from authentication
* @param type must be "at_user"
* @param op must be "="
* @param value the user id
* @return true if AuthToken uid is same as value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
if (type.equals(mType)) {
String s = Utils.stripQuotes(value);
if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
- return true;
-
- // should define "uid" at a common place
+ return true;
+
+ // should define "uid" at a common place
String uid = null;
uid = authToken.getInString("uid");
if (uid == null) {
- log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_IS_NULL"));
+ log(ILogger.LL_FAILURE,
+ CMS.getLogMessage("EVALUTOR_UID_IS_NULL"));
return false;
}
@@ -108,13 +111,14 @@ public class UserAccessEvaluator implements IAccessEvaluator {
return s.equalsIgnoreCase(uid);
else if (op.equals("!="))
return !(s.equalsIgnoreCase(uid));
- }
+ }
return false;
}
/**
* Evaluates the user in session context to see if it's equal to value
+ *
* @param type must be "user"
* @param op must be "="
* @param value the user id
@@ -144,8 +148,8 @@ public class UserAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "UserAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "UserAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
index 88358aa58..ffe4a4f8e 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
@@ -17,7 +17,6 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
-
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -26,12 +25,11 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
-
/**
- * A class represents a user-origreq uid mapping acls evaluator.
- * This is primarily used for renewal. During renewal, the orig_req
- * uid is placed in the SessionContext of the renewal session context
- * to be evaluated by this evaluator
+ * A class represents a user-origreq uid mapping acls evaluator. This is
+ * primarily used for renewal. During renewal, the orig_req uid is placed in the
+ * SessionContext of the renewal session context to be evaluated by this
+ * evaluator
* <P>
*
* @author Christina Fu
@@ -52,7 +50,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("UserOrigReqAccessEvaluator: init");
@@ -60,6 +58,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
+ *
* @return type for this acl evaluator: "user_origreq" or "at_user_origreq"
*/
public String getType() {
@@ -68,6 +67,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
+ *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -84,21 +84,23 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* Evaluates the user in AuthToken to see if it's equal to value
+ *
* @param authToken AuthToken from authentication
* @param type must be "at_userreq"
* @param op must be "="
* @param value the request param name
* @return true if AuthToken uid is same as value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op,
+ String value) {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() begins");
if (type.equals(mType)) {
String s = Utils.stripQuotes(value);
if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
- return true;
-
- // should define "uid" at a common place
+ return true;
+
+ // should define "uid" at a common place
String uid = null;
uid = authToken.getInString("uid");
@@ -107,30 +109,34 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null");
return false;
} else
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid);
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="
+ + uid);
// find value of param in request
SessionContext mSC = SessionContext.getContext();
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext");
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "
+ + "orig_req." + s + " in SessionContext");
// "orig_req.auth_token.uid"
- String orig_id = (String) mSC.get("orig_req."+s);
+ String orig_id = (String) mSC.get("orig_req." + s);
if (orig_id == null) {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null");
return false;
}
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id);
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="
+ + orig_id);
if (op.equals("="))
return uid.equalsIgnoreCase(orig_id);
else if (op.equals("!="))
return !(uid.equalsIgnoreCase(orig_id));
- }
+ }
return false;
}
/**
* Evaluates the user in session context to see if it's equal to value
+ *
* @param type must be "user_origreq"
* @param op must be "="
* @param value the user id
@@ -141,7 +147,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
SessionContext mSC = SessionContext.getContext();
if (type.equals(mType)) {
-// what do I do with s here?
+ // what do I do with s here?
String s = Utils.stripQuotes(value);
if (s.equals(ANYBODY) && op.equals("="))
@@ -149,7 +155,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
IUser id = (IUser) mSC.get(SessionContext.USER);
// "orig_req.auth_token.uid"
- String orig_id = (String) mSC.get("orig_req"+s);
+ String orig_id = (String) mSC.get("orig_req" + s);
if (op.equals("="))
return id.getName().equalsIgnoreCase(orig_id);
@@ -159,11 +165,12 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
return false;
}
+
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
- level, "UserOrigReqAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
+ "UserOrigReqAccessEvaluator: " + msg);
}
}
generated by cgit (git 2.34.1) at 2024-06-09 05:15:53 +0000