summaryrefslogtreecommitdiffstats
path: root/pki/base/common/src/com/netscape/cms/evaluators
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/common/src/com/netscape/cms/evaluators')
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java56
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java32
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java26
-rw-r--r--pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java47
4 files changed, 71 insertions, 90 deletions
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
index d945d708..d026cdba 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/GroupAccessEvaluator.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.EBaseException;
@@ -27,6 +28,7 @@ import com.netscape.certsrv.usrgrp.IUGSubsystem;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
+
/**
* A class represents a group acls evaluator.
* <P>
@@ -52,7 +54,7 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("GroupAccessEvaluator: init");
@@ -60,7 +62,6 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
- *
* @return type for this acl evaluator: "group" or "at_group"
*/
public String getType() {
@@ -69,7 +70,6 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
- *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -85,16 +85,16 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * evaluates uid in AuthToken to see if it has membership in group value
- *
+ * evaluates uid in AuthToken to see if it has membership in
+ * group value
* @param authToken authentication token
* @param type must be "at_group"
* @param op must be "="
* @param value the group name
- * @return true if AuthToken uid belongs to the group value, false otherwise
+ * @return true if AuthToken uid belongs to the group value,
+ * false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op,
- String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
if (type.equals(mType)) {
// should define "uid" at a common place
@@ -104,20 +104,17 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
if (uid == null) {
uid = authToken.getInString("uid");
if (uid == null) {
- CMS.debug("GroupAccessEvaluator: evaluate: uid null");
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("EVALUTOR_UID_NULL"));
- return false;
+ CMS.debug("GroupAccessEvaluator: evaluate: uid null");
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
+ return false;
}
}
- CMS.debug("GroupAccessEvaluator: evaluate: uid=" + uid + " value="
- + value);
+ CMS.debug("GroupAccessEvaluator: evaluate: uid="+uid +" value="+value);
String groupname = authToken.getInString("gid");
if (groupname != null) {
- CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="
- + groupname);
+ CMS.debug("GroupAccessEvaluator: evaluate: authToken gid="+groupname);
if (op.equals("=")) {
return groupname.equals(Utils.stripQuotes(value));
} else if (op.equals("!=")) {
@@ -126,12 +123,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
} else {
CMS.debug("GroupAccessEvaluator: evaluate: no gid in authToken");
IUser id = null;
- try {
- id = mUG.getUser(uid);
- } catch (EBaseException e) {
+ try {
+ id = mUG.getUser(uid);
+ } catch (EBaseException e) {
CMS.debug("GroupAccessEvaluator: " + e.toString());
return false;
- }
+ }
if (op.equals("=")) {
return mUG.isMemberOf(id, Utils.stripQuotes(value));
@@ -145,14 +142,13 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
}
/**
- * evaluates uid in SessionContext to see if it has membership in group
- * value
- *
+ * evaluates uid in SessionContext to see if it has membership in
+ * group value
* @param type must be "group"
* @param op must be "="
* @param value the group name
- * @return true if SessionContext uid belongs to the group value, false
- * otherwise
+ * @return true if SessionContext uid belongs to the group value,
+ * false otherwise
*/
public boolean evaluate(String type, String op, String value) {
@@ -165,12 +161,12 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_NULL"));
return false;
}
- if (op.equals("="))
+ if (op.equals("="))
return mUG.isMemberOf(id, Utils.stripQuotes(value));
else
return !(mUG.isMemberOf(id, Utils.stripQuotes(value)));
-
- }
+
+ }
return false;
}
@@ -178,8 +174,8 @@ public class GroupAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
- "GroupAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
+ level, "GroupAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
index 4de8f694..a5c99eeb 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/IPAddressAccessEvaluator.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -24,6 +25,7 @@ import com.netscape.certsrv.evaluators.IAccessEvaluator;
import com.netscape.certsrv.logging.ILogger;
import com.netscape.cmsutil.util.Utils;
+
/**
* A class represents a IP address acls evaluator.
* <P>
@@ -42,14 +44,13 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
}
/**
* gets the type name for this acl evaluator
- *
* @return type for this acl evaluator: ipaddress
*/
public String getType() {
@@ -58,7 +59,6 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
- *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -75,27 +75,24 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
/**
* Gets the IP address from session context
- *
* @param authToken authentication token
* @param type must be "ipaddress"
* @param op must be "=" or "!="
* @param value the ipaddress
*/
- public boolean evaluate(IAuthToken authToken, String type, String op,
- String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
return evaluate(type, op, value);
}
/**
- * evaluates uid in SessionContext to see if it has membership in group
- * value
- *
+ * evaluates uid in SessionContext to see if it has membership in
+ * group value
* @param type must be "group"
* @param op must be "="
* @param value the group name
- * @return true if SessionContext uid belongs to the group value, false
- * otherwise
+ * @return true if SessionContext uid belongs to the group value,
+ * false otherwise
*/
public boolean evaluate(String type, String op, String value) {
@@ -106,17 +103,16 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
if (type.equals(mType)) {
if (ipaddress == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUATOR_IPADDRESS_NULL"));
return false;
}
- if (op.equals("=")) {
+ if (op.equals("=")) {
return ipaddress.matches(value);
} else {
return !(ipaddress.matches(value));
}
-
- }
+
+ }
return false;
}
@@ -124,7 +120,7 @@ public class IPAddressAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
- "GroupAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
+ level, "GroupAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
index 862206a9..4b6b5677 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserAccessEvaluator.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -25,6 +26,7 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
+
/**
* A class represents a user acls evaluator.
* <P>
@@ -46,7 +48,7 @@ public class UserAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("UserAccessEvaluator: init");
@@ -54,7 +56,6 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
- *
* @return type for this acl evaluator: "user" or "at_user"
*/
public String getType() {
@@ -63,7 +64,6 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
- *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -80,30 +80,27 @@ public class UserAccessEvaluator implements IAccessEvaluator {
/**
* Evaluates the user in AuthToken to see if it's equal to value
- *
* @param authToken AuthToken from authentication
* @param type must be "at_user"
* @param op must be "="
* @param value the user id
* @return true if AuthToken uid is same as value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op,
- String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
if (type.equals(mType)) {
String s = Utils.stripQuotes(value);
if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
- return true;
-
- // should define "uid" at a common place
+ return true;
+
+ // should define "uid" at a common place
String uid = null;
uid = authToken.getInString("uid");
if (uid == null) {
- log(ILogger.LL_FAILURE,
- CMS.getLogMessage("EVALUTOR_UID_IS_NULL"));
+ log(ILogger.LL_FAILURE, CMS.getLogMessage("EVALUTOR_UID_IS_NULL"));
return false;
}
@@ -111,14 +108,13 @@ public class UserAccessEvaluator implements IAccessEvaluator {
return s.equalsIgnoreCase(uid);
else if (op.equals("!="))
return !(s.equalsIgnoreCase(uid));
- }
+ }
return false;
}
/**
* Evaluates the user in session context to see if it's equal to value
- *
* @param type must be "user"
* @param op must be "="
* @param value the user id
@@ -148,8 +144,8 @@ public class UserAccessEvaluator implements IAccessEvaluator {
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
- "UserAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
+ level, "UserAccessEvaluator: " + msg);
}
}
diff --git a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
index ffe4a4f8..88358aa5 100644
--- a/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
+++ b/pki/base/common/src/com/netscape/cms/evaluators/UserOrigReqAccessEvaluator.java
@@ -17,6 +17,7 @@
// --- END COPYRIGHT BLOCK ---
package com.netscape.cms.evaluators;
+
import com.netscape.certsrv.apps.CMS;
import com.netscape.certsrv.authentication.IAuthToken;
import com.netscape.certsrv.base.SessionContext;
@@ -25,11 +26,12 @@ import com.netscape.certsrv.logging.ILogger;
import com.netscape.certsrv.usrgrp.IUser;
import com.netscape.cmsutil.util.Utils;
+
/**
- * A class represents a user-origreq uid mapping acls evaluator. This is
- * primarily used for renewal. During renewal, the orig_req uid is placed in the
- * SessionContext of the renewal session context to be evaluated by this
- * evaluator
+ * A class represents a user-origreq uid mapping acls evaluator.
+ * This is primarily used for renewal. During renewal, the orig_req
+ * uid is placed in the SessionContext of the renewal session context
+ * to be evaluated by this evaluator
* <P>
*
* @author Christina Fu
@@ -50,7 +52,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
}
/**
- * initialization. nothing for now.
+ * initialization. nothing for now.
*/
public void init() {
CMS.debug("UserOrigReqAccessEvaluator: init");
@@ -58,7 +60,6 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* gets the type name for this acl evaluator
- *
* @return type for this acl evaluator: "user_origreq" or "at_user_origreq"
*/
public String getType() {
@@ -67,7 +68,6 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* gets the description for this acl evaluator
- *
* @return description for this acl evaluator
*/
public String getDescription() {
@@ -84,23 +84,21 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
/**
* Evaluates the user in AuthToken to see if it's equal to value
- *
* @param authToken AuthToken from authentication
* @param type must be "at_userreq"
* @param op must be "="
* @param value the request param name
* @return true if AuthToken uid is same as value, false otherwise
*/
- public boolean evaluate(IAuthToken authToken, String type, String op,
- String value) {
+ public boolean evaluate(IAuthToken authToken, String type, String op, String value) {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() begins");
if (type.equals(mType)) {
String s = Utils.stripQuotes(value);
if ((s.equals(ANYBODY) || s.equals(EVERYBODY)) && op.equals("="))
- return true;
-
- // should define "uid" at a common place
+ return true;
+
+ // should define "uid" at a common place
String uid = null;
uid = authToken.getInString("uid");
@@ -109,34 +107,30 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken null");
return false;
} else
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="
- + uid);
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() uid in authtoken ="+ uid);
// find value of param in request
SessionContext mSC = SessionContext.getContext();
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "
- + "orig_req." + s + " in SessionContext");
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() getting "+"orig_req."+s+ " in SessionContext");
// "orig_req.auth_token.uid"
- String orig_id = (String) mSC.get("orig_req." + s);
+ String orig_id = (String) mSC.get("orig_req."+s);
if (orig_id == null) {
CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id null");
return false;
}
- CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="
- + orig_id);
+ CMS.debug("UserOrigReqAccessEvaluator: evaluate() orig_id ="+ orig_id);
if (op.equals("="))
return uid.equalsIgnoreCase(orig_id);
else if (op.equals("!="))
return !(uid.equalsIgnoreCase(orig_id));
- }
+ }
return false;
}
/**
* Evaluates the user in session context to see if it's equal to value
- *
* @param type must be "user_origreq"
* @param op must be "="
* @param value the user id
@@ -147,7 +141,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
SessionContext mSC = SessionContext.getContext();
if (type.equals(mType)) {
- // what do I do with s here?
+// what do I do with s here?
String s = Utils.stripQuotes(value);
if (s.equals(ANYBODY) && op.equals("="))
@@ -155,7 +149,7 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
IUser id = (IUser) mSC.get(SessionContext.USER);
// "orig_req.auth_token.uid"
- String orig_id = (String) mSC.get("orig_req" + s);
+ String orig_id = (String) mSC.get("orig_req"+s);
if (op.equals("="))
return id.getName().equalsIgnoreCase(orig_id);
@@ -165,12 +159,11 @@ public class UserOrigReqAccessEvaluator implements IAccessEvaluator {
return false;
}
-
private void log(int level, String msg) {
if (mLogger == null)
return;
- mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS, level,
- "UserOrigReqAccessEvaluator: " + msg);
+ mLogger.log(ILogger.EV_SYSTEM, null, ILogger.S_ACLS,
+ level, "UserOrigReqAccessEvaluator: " + msg);
}
}
generated by cgit (git 2.34.1) at 2024-06-10 12:10:12 +0000