From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- base/common/src/com/netscape/certsrv/acls/ACL.java | 194 ++++++++++++++++ .../src/com/netscape/certsrv/acls/ACLEntry.java | 245 +++++++++++++++++++++ .../com/netscape/certsrv/acls/ACLsResources.java | 45 ++++ .../com/netscape/certsrv/acls/EACLsException.java | 148 +++++++++++++ .../common/src/com/netscape/certsrv/acls/IACL.java | 68 ++++++ .../src/com/netscape/certsrv/acls/IACLEntry.java | 34 +++ 6 files changed, 734 insertions(+) create mode 100644 base/common/src/com/netscape/certsrv/acls/ACL.java create mode 100644 base/common/src/com/netscape/certsrv/acls/ACLEntry.java create mode 100644 base/common/src/com/netscape/certsrv/acls/ACLsResources.java create mode 100644 base/common/src/com/netscape/certsrv/acls/EACLsException.java create mode 100644 base/common/src/com/netscape/certsrv/acls/IACL.java create mode 100644 base/common/src/com/netscape/certsrv/acls/IACLEntry.java (limited to 'base/common/src/com/netscape/certsrv/acls') diff --git a/base/common/src/com/netscape/certsrv/acls/ACL.java b/base/common/src/com/netscape/certsrv/acls/ACL.java new file mode 100644 index 000000000..508793ddf --- /dev/null +++ b/base/common/src/com/netscape/certsrv/acls/ACL.java @@ -0,0 +1,194 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + +import java.util.Enumeration; +import java.util.Vector; + +/** + * A class represents an access control list (ACL). An ACL + * is associated with an protected resources. The policy + * enforcer can verify the ACLs with the current + * context to see if the corresponding resource is accessible. + *

+ * An ACL may contain one or more ACLEntry. However, in case of multiple ACLEntry + * , a subject must pass ALL of the ACLEntry evaluation for permission to be granted + *

+ * + * @version $Revision$, $Date$ + */ +public class ACL implements IACL, java.io.Serializable { + + /** + * + */ + private static final long serialVersionUID = -1867465948611161868L; + + protected Vector mEntries = new Vector(); // ACL entries + protected Vector mRights = null; // possible rights entries + protected String mResourceACLs = null; // exact resourceACLs string on ldap server + protected String mName = null; // resource name + protected String mDescription = null; // resource description + + /** + * Class constructor. + */ + public ACL() { + } + + /** + * Class constructor. + * Constructs an access control list associated + * with a resource name + * + * @param name resource name + * @param rights applicable rights defined for this resource + * @param resourceACLs the entire ACL specification. For example: + * "certServer.log.configuration:read,modify: + * allow (read,modify) + * group=\"Administrators\": + * Allow administrators to read and modify log + * configuration" + */ + public ACL(String name, Vector rights, String resourceACLs) { + setName(name); + if (rights != null) { + mRights = rights; + } else { + mRights = new Vector(); + } + mResourceACLs = resourceACLs; + + } + + /** + * Sets the name of the resource governed by this + * access control. + * + * @param name name of the resource + */ + public void setName(String name) { + mName = name; + } + + /** + * Retrieves the name of the resource governed by + * this access control. + * + * @return name of the resource + */ + public String getName() { + return mName; + } + + /** + * Retrieves the exact string of the resourceACLs + * + * @return resource's acl + */ + public String getResourceACLs() { + return mResourceACLs; + } + + /** + * Sets the description of the resource governed by this + * access control. + * + * @param description Description of the protected resource + */ + public void setDescription(String description) { + mDescription = description; + } + + /** + * Retrieves the description of the resource governed by + * this access control. + * + * @return Description of the protected resource + */ + public String getDescription() { + return mDescription; + } + + /** + * Adds an ACL entry to this list. + * + * @param entry the ACLEntry to be added to this resource + */ + public void addEntry(ACLEntry entry) { + mEntries.addElement(entry); + } + + /** + * Returns ACL entries. + * + * @return enumeration for the ACLEntry vector + */ + public Enumeration entries() { + return mEntries.elements(); + } + + /** + * Returns the string reprsentation. + * + * @return the string representation of the ACL entries in the + * following format: + * [,,...] + */ + public String toString() { + String entries = ""; + Enumeration e = entries(); + + for (; e.hasMoreElements();) { + ACLEntry entry = (ACLEntry) e.nextElement(); + + entries += entry.toString(); + if (e.hasMoreElements()) + entries += ","; + } + return getName() + "[" + entries + "]"; + } + + /** + * Adds an rights entry to this list. + * + * @param right The right to be added for this ACL + */ + public void addRight(String right) { + mRights.addElement(right); + } + + /** + * Tells if the permission is one of the defined "rights" + * + * @param permission permission to be checked + * @return true if it's one of the "rights"; false otherwise + */ + public boolean checkRight(String permission) { + return (mRights.contains((Object) permission)); + } + + /** + * Returns rights entries. + * + * @return enumeration of rights defined for this ACL + */ + public Enumeration rights() { + return mRights.elements(); + } +} diff --git a/base/common/src/com/netscape/certsrv/acls/ACLEntry.java b/base/common/src/com/netscape/certsrv/acls/ACLEntry.java new file mode 100644 index 000000000..2c1b7c3ea --- /dev/null +++ b/base/common/src/com/netscape/certsrv/acls/ACLEntry.java @@ -0,0 +1,245 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + +import java.util.Enumeration; +import java.util.Hashtable; +import java.util.StringTokenizer; + +/** + * A class represents an ACI entry of an access control list. + *

+ * + * @version $Revision$, $Date$ + */ +public class ACLEntry implements IACLEntry, java.io.Serializable { + /** + * + */ + private static final long serialVersionUID = 422656406529200393L; + + protected Hashtable mPerms = new Hashtable(); + protected String mExpressions = null; + protected boolean mNegative = false; + protected String mACLEntryString = null; + + /** + * Class Constructor + */ + public ACLEntry() { + } + + /** + * Checks if this ACL entry is set to negative. + * + * @return true if this ACL entry expression is for "deny"; + * false if this ACL entry expression is for "allow" + */ + public boolean isNegative() { + return mNegative; + } + + /** + * Sets this ACL entry negative. This ACL entry expression is for "deny". + */ + public void setNegative() { + mNegative = true; + } + + /** + * Sets the ACL entry string + * + * @param s string in the following format: + * + * 

+     *   allow|deny (right[,right...]) attribute_expression
+     *
+ */ + public void setACLEntryString(String s) { + mACLEntryString = s; + } + + /** + * Gets the ACL Entry String + * + * @return ACL Entry string in the following format: + * + * 
+     *   allow|deny (right[,right...]) attribute_expression
+     *
+ */ + public String getACLEntryString() { + return mACLEntryString; + } + + /** + * Adds permission to this entry. Permission must be one of the + * "rights" defined for each protected resource in its ACL + * + * @param acl the acl instance that this aclEntry is associated with + * @param permission one of the "rights" defined for each + * protected resource in its ACL + */ + public void addPermission(IACL acl, String permission) { + if (acl.checkRight(permission) == true) { + mPerms.put(permission, permission); + } else { + // not a valid right...log it later + } + } + + /** + * Returns a list of permissions associated with + * this entry. + * + * @return a list of permissions for this ACL entry + */ + public Enumeration permissions() { + return mPerms.elements(); + } + + /** + * Sets the expression associated with this entry. + * + * @param expressions the evaluator expressions. For example, + * group="Administrators" + */ + public void setAttributeExpressions(String expressions) { + mExpressions = expressions; + } + + /** + * Retrieves the expression associated with this entry. + * + * @return the evaluator expressions. For example, + * group="Administrators" + */ + public String getAttributeExpressions() { + return mExpressions; + } + + /** + * Checks to see if this ACLEntry contains a + * particular permission + * + * @param permission one of the "rights" defined for each + * protected resource in its ACL + * @return true if permission contained in the permission list + * for this ACLEntry; false otherwise. + */ + public boolean containPermission(String permission) { + return (mPerms.get(permission) != null); + } + + /** + * Checks if this entry has the given permission. + * + * @param permission one of the "rights" defined for each + * protected resource in its ACL + * @return true if the permission is allowed; false if the + * permission is denied. If a permission is not + * recognized by this ACL, it is considered denied + */ + public boolean checkPermission(String permission) { + // default - if we dont know about the requested permission, + // don't grant permission + if (mPerms.get(permission) == null) + return false; + if (isNegative()) { + return false; + } else { + return true; + } + } + + /** + * Parse string in the following format: + * + * 
+     *   allow|deny (right[,right...]) attribute_expression
+     *
+ * + * into an instance of the ACLEntry class + * + * @param acl the acl instance associated with this aclentry + * @param aclEntryString aclEntryString in the specified format + * @return an instance of the ACLEntry class + */ + public static ACLEntry parseACLEntry(IACL acl, String aclEntryString) { + if (aclEntryString == null) { + return null; + } + + String te = aclEntryString.trim(); + + // locate first space + int i = te.indexOf(' '); + // prefix should be "allowed" or "deny" + String prefix = te.substring(0, i); + String suffix = te.substring(i + 1).trim(); + ACLEntry entry = new ACLEntry(); + + if (prefix.equals("allow")) { + // do nothing + } else if (prefix.equals("deny")) { + entry.setNegative(); + } else { + return null; + } + // locate the second space + i = suffix.indexOf(' '); + // this prefix should be rights list, delimited by "," + prefix = suffix.substring(1, i - 1); + // the suffix is the rest, which is the "expressions" + suffix = suffix.substring(i + 1).trim(); + + StringTokenizer st = new StringTokenizer(prefix, ","); + + for (; st.hasMoreTokens();) { + entry.addPermission(acl, st.nextToken()); + } + entry.setAttributeExpressions(suffix); + return entry; + } + + /** + * Returns the string representation of this ACLEntry + * + * @return string representation of this ACLEntry + */ + public String toString() { + String entry = ""; + + if (isNegative()) { + entry += "deny ("; + } else { + entry += "allow ("; + } + Enumeration e = permissions(); + + for (; e.hasMoreElements();) { + String p = e.nextElement(); + + entry += p; + if (e.hasMoreElements()) + entry += ","; + } + entry += ") " + getAttributeExpressions(); + return entry; + } +} diff --git a/base/common/src/com/netscape/certsrv/acls/ACLsResources.java b/base/common/src/com/netscape/certsrv/acls/ACLsResources.java new file mode 100644 index 000000000..bf3ea4a28 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/acls/ACLsResources.java @@ -0,0 +1,45 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + +import java.util.ListResourceBundle; + +/** + * A class represents a resource bundle for the entire ACL component. + * system. + *

+ * + * @deprecated + * @version $Revision$, $Date$ + */ +public class ACLsResources extends ListResourceBundle { + + /** + * Returns the content of this resource. + * + * @return the content of this resource. + */ + public Object[][] getContents() { + return contents; + } + + /** + * A set of constants for localized error messages. + */ + static final Object[][] contents = {}; +} diff --git a/base/common/src/com/netscape/certsrv/acls/EACLsException.java b/base/common/src/com/netscape/certsrv/acls/EACLsException.java new file mode 100644 index 000000000..8d204091e --- /dev/null +++ b/base/common/src/com/netscape/certsrv/acls/EACLsException.java @@ -0,0 +1,148 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + +import java.util.Locale; + +import com.netscape.certsrv.base.EBaseException; +import com.netscape.certsrv.base.MessageFormatter; + +/** + * A class represents an acls exception. Note that this is + * an Runtime exception so that methods used AccessManager + * do not have to explicity declare this exception. This + * allows AccessManager to be easily integrated into any + * existing code. + *

+ * + * @version $Revision$, $Date$ + */ +public class EACLsException extends EBaseException { + + /** + * + */ + private static final long serialVersionUID = 5471535135648315104L; + /** + * resource class name + */ + private static final String ACL_RESOURCES = ACLsResources.class.getName(); + + /** + * Constructs an acls exception. + *

+ * + * @param msgFormat exception details + */ + public EACLsException(String msgFormat) { + super(msgFormat); + mParams = null; + } + + /** + * Constructs a base exception with a parameter. For example, + * + * 

+     * new EACLsException("failed to load {0}", fileName);
+     *
+ *

+ * + * @param msgFormat exception details in message string format + * @param param message string parameter + */ + public EACLsException(String msgFormat, String param) { + super(msgFormat); + mParams = new String[1]; + mParams[0] = param; + } + + /** + * Constructs a base exception. It can be used to carry + * a system exception that may contain information about + * the context. For example, + * + * 

+     * 		try {
+     *  		...
+     * 		} catch (IOExeption e) {
+     * 		 	throw new EACLsException("Encountered System Error {0}", e);
+     *      }
+     *
+ *

+ * + * @param msgFormat exception details in message string format + * @param param system exception + */ + public EACLsException(String msgFormat, Exception param) { + super(msgFormat); + mParams = new Exception[1]; + mParams[0] = param; + } + + /** + * Constructs a base exception with a list of parameters + * that will be substituted into the message format. + *

+ * + * @param msgFormat exception details in message string format + * @param params list of message format parameters + */ + public EACLsException(String msgFormat, Object params[]) { + super(msgFormat); + mParams = params; + } + + /** + * Returns a list of parameters. + *

+ * + * @return list of message format parameters + */ + public Object[] getParameters() { + return mParams; + } + + /** + * String representation for the corresponding exception. + * + * @return String representation for the corresponding exception. + */ + public String toString() { + return toString(Locale.getDefault()); + } + + /** + * Returns string representation for the corresponding exception. + * + * @param locale client specified locale for string representation. + * @return String representation for the corresponding exception. + */ + public String toString(Locale locale) { + return MessageFormatter.getLocalizedString(locale, getBundleName(), + super.getMessage(), mParams); + } + + /** + * Return the class name of the resource bundle. + * + * @return class name of the resource bundle. + */ + protected String getBundleName() { + return ACL_RESOURCES; + } +} diff --git a/base/common/src/com/netscape/certsrv/acls/IACL.java b/base/common/src/com/netscape/certsrv/acls/IACL.java new file mode 100644 index 000000000..aad733722 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/acls/IACL.java @@ -0,0 +1,68 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + +import java.util.Enumeration; + +/** + * A class represents an access control list (ACL). An ACL + * is associated with a protected resource. The policy + * enforcer can verify the ACLs with the current + * context to see if the corresponding resource is accessible. + *

+ * + * @version $Revision$, $Date$ + */ +public interface IACL { + + /** + * Returns the name of the current ACL. + * + * @return the name of the current ACL. + */ + public String getName(); + + /** + * Returns the description of the current ACL. + * + * @return the description of the current ACL. + */ + public String getDescription(); + + /** + * Returns a list of access rights of the current ACL. + * + * @return a list of access rights + */ + public Enumeration rights(); + + /** + * Returns a list of entries of the current ACL. + * + * @return a list of entries + */ + public Enumeration entries(); + + /** + * Verifies if permission is granted. + * + * @param permission one of the applicable rights + * @return true if the given permission is one of the applicable rights; false otherwise. + */ + public boolean checkRight(String permission); +} diff --git a/base/common/src/com/netscape/certsrv/acls/IACLEntry.java b/base/common/src/com/netscape/certsrv/acls/IACLEntry.java new file mode 100644 index 000000000..ff806f155 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/acls/IACLEntry.java @@ -0,0 +1,34 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.certsrv.acls; + +/** + * A class represents an entry of access control list. + *

+ * + * @version $Revision$, $Date$ + */ +public interface IACLEntry { + + /** + * Returns the ACL entry string of the entry. + * + * @return the ACL entry string of the entry. + */ + public String getACLEntryString(); +} -- cgit