// --- BEGIN COPYRIGHT BLOCK --- // This program is free software; you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation; version 2 of the License. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License along // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. // // (C) 2007 Red Hat, Inc. // All rights reserved. // --- END COPYRIGHT BLOCK --- package com.netscape.certsrv.acls; import java.util.Enumeration; import java.util.Hashtable; import java.util.StringTokenizer; /** * A class represents an ACI entry of an access control list. *
* @version $Revision$, $Date$ */ public class ACLEntry implements IACLEntry, java.io.Serializable { /** * */ private static final long serialVersionUID = 422656406529200393L; protected Hashtable mPerms = new Hashtable(); protected String mExpressions = null; protected boolean mNegative = false; protected String mACLEntryString = null; /** * Class Constructor */ public ACLEntry() { } /** * Checks if this ACL entry is set to negative. * @return true if this ACL entry expression is for "deny"; * false if this ACL entry expression is for "allow" */ public boolean isNegative() { return mNegative; } /** * Sets this ACL entry negative. This ACL entry expression is for "deny". */ public void setNegative() { mNegative = true; } /** * Sets the ACL entry string * @param s string in the following format: *
* allow|deny (right[,right...]) attribute_expression **/ public void setACLEntryString(String s) { mACLEntryString = s; } /** * Gets the ACL Entry String * @return ACL Entry string in the following format: *
* allow|deny (right[,right...]) attribute_expression **/ public String getACLEntryString() { return mACLEntryString; } /** * Adds permission to this entry. Permission must be one of the * "rights" defined for each protected resource in its ACL * @param acl the acl instance that this aclEntry is associated with * @param permission one of the "rights" defined for each * protected resource in its ACL */ public void addPermission(IACL acl, String permission) { if (acl.checkRight(permission) == true) { mPerms.put(permission, permission); } else { // not a valid right...log it later } } /** * Returns a list of permissions associated with * this entry. * @return a list of permissions for this ACL entry */ public Enumeration permissions() { return mPerms.elements(); } /** * Sets the expression associated with this entry. * @param expressions the evaluator expressions. For example, * group="Administrators" */ public void setAttributeExpressions(String expressions) { mExpressions = expressions; } /** * Retrieves the expression associated with this entry. * @return the evaluator expressions. For example, * group="Administrators" */ public String getAttributeExpressions() { return mExpressions; } /** * Checks to see if this
ACLEntry
contains a
* particular permission
* @param permission one of the "rights" defined for each
* protected resource in its ACL
* @return true if permission contained in the permission list
* for this ACLEntry
; false otherwise.
*/
public boolean containPermission(String permission) {
return (mPerms.get(permission) != null);
}
/**
* Checks if this entry has the given permission.
* @param permission one of the "rights" defined for each
* protected resource in its ACL
* @return true if the permission is allowed; false if the
* permission is denied. If a permission is not
* recognized by this ACL, it is considered denied
*/
public boolean checkPermission(String permission) {
// default - if we dont know about the requested permission,
// don't grant permission
if (mPerms.get(permission) == null)
return false;
if (isNegative()) {
return false;
} else {
return true;
}
}
/**
* Parse string in the following format:
* * allow|deny (right[,right...]) attribute_expression ** into an instance of the
ACLEntry
class
* @param acl the acl instance associated with this aclentry
* @param aclEntryString aclEntryString in the specified format
* @return an instance of the ACLEntry
class
*/
public static ACLEntry parseACLEntry(IACL acl, String aclEntryString) {
if (aclEntryString == null) {
return null;
}
String te = aclEntryString.trim();
// locate first space
int i = te.indexOf(' ');
// prefix should be "allowed" or "deny"
String prefix = te.substring(0, i);
String suffix = te.substring(i + 1).trim();
ACLEntry entry = new ACLEntry();
if (prefix.equals("allow")) {
// do nothing
} else if (prefix.equals("deny")) {
entry.setNegative();
} else {
return null;
}
// locate the second space
i = suffix.indexOf(' ');
// this prefix should be rights list, delimited by ","
prefix = suffix.substring(1, i - 1);
// the suffix is the rest, which is the "expressions"
suffix = suffix.substring(i + 1).trim();
StringTokenizer st = new StringTokenizer(prefix, ",");
for (; st.hasMoreTokens();) {
entry.addPermission(acl, st.nextToken());
}
entry.setAttributeExpressions(suffix);
return entry;
}
/**
* Returns the string representation of this ACLEntry
* @return string representation of this ACLEntry
*/
public String toString() {
String entry = "";
if (isNegative()) {
entry += "deny (";
} else {
entry += "allow (";
}
Enumeration e = permissions();
for (; e.hasMoreElements();) {
String p = (String) e.nextElement();
entry += p;
if (e.hasMoreElements())
entry += ",";
}
entry += ") " + getAttributeExpressions();
return entry;
}
}