diff options
Diffstat (limited to 'pki/base/util/src/netscape/security/acl')
8 files changed, 485 insertions, 481 deletions
diff --git a/pki/base/util/src/netscape/security/acl/AclEntryImpl.java b/pki/base/util/src/netscape/security/acl/AclEntryImpl.java index 47186881..8609d52d 100644 --- a/pki/base/util/src/netscape/security/acl/AclEntryImpl.java +++ b/pki/base/util/src/netscape/security/acl/AclEntryImpl.java @@ -25,10 +25,11 @@ import java.util.Enumeration; import java.util.Vector; /** - * This is a class that describes one entry that associates users - * or groups with permissions in the ACL. - * The entry may be used as a way of granting or denying permissions. - * @author Satish Dharmaraj + * This is a class that describes one entry that associates users or groups with + * permissions in the ACL. The entry may be used as a way of granting or denying + * permissions. + * + * @author Satish Dharmaraj */ public class AclEntryImpl implements AclEntry { private Principal user = null; @@ -36,12 +37,13 @@ public class AclEntryImpl implements AclEntry { private boolean negative = false; /** - * Construct an ACL entry that associates a user with permissions - * in the ACL. + * Construct an ACL entry that associates a user with permissions in the + * ACL. + * * @param user The user that is associated with this entry. */ public AclEntryImpl(Principal user) { - this.user = user; + this.user = user; } /** @@ -51,128 +53,126 @@ public class AclEntryImpl implements AclEntry { } /** - * Sets the principal in the entity. If a group or a - * principal had already been set, a false value is - * returned, otherwise a true value is returned. + * Sets the principal in the entity. If a group or a principal had already + * been set, a false value is returned, otherwise a true value is returned. + * * @param user The user that is associated with this entry. - * @return true if the principal is set, false if there is - * one already. + * @return true if the principal is set, false if there is one already. */ public boolean setPrincipal(Principal user) { - if (this.user != null) - return false; - this.user = user; - return true; + if (this.user != null) + return false; + this.user = user; + return true; } /** - * This method sets the ACL to have negative permissions. - * That is the user or group is denied the permission set - * specified in the entry. + * This method sets the ACL to have negative permissions. That is the user + * or group is denied the permission set specified in the entry. */ public void setNegativePermissions() { - negative = true; + negative = true; } /** * Returns true if this is a negative ACL. */ public boolean isNegative() { - return negative; + return negative; } /** - * A principal or a group can be associated with multiple - * permissions. This method adds a permission to the ACL entry. - * @param permission The permission to be associated with - * the principal or the group in the entry. - * @return true if the permission was added, false if the - * permission was already part of the permission set. + * A principal or a group can be associated with multiple permissions. This + * method adds a permission to the ACL entry. + * + * @param permission The permission to be associated with the principal or + * the group in the entry. + * @return true if the permission was added, false if the permission was + * already part of the permission set. */ public boolean addPermission(Permission permission) { - if (permissionSet.contains(permission)) - return false; + if (permissionSet.contains(permission)) + return false; - permissionSet.addElement(permission); + permissionSet.addElement(permission); - return true; + return true; } /** - * The method disassociates the permission from the Principal - * or the Group in this ACL entry. - * @param permission The permission to be disassociated with - * the principal or the group in the entry. - * @return true if the permission is removed, false if the - * permission is not part of the permission set. + * The method disassociates the permission from the Principal or the Group + * in this ACL entry. + * + * @param permission The permission to be disassociated with the principal + * or the group in the entry. + * @return true if the permission is removed, false if the permission is not + * part of the permission set. */ public boolean removePermission(Permission permission) { - return permissionSet.removeElement(permission); + return permissionSet.removeElement(permission); } /** - * Checks if the passed permission is part of the allowed - * permission set in this entry. - * @param permission The permission that has to be part of - * the permission set in the entry. - * @return true if the permission passed is part of the - * permission set in the entry, false otherwise. + * Checks if the passed permission is part of the allowed permission set in + * this entry. + * + * @param permission The permission that has to be part of the permission + * set in the entry. + * @return true if the permission passed is part of the permission set in + * the entry, false otherwise. */ public boolean checkPermission(Permission permission) { - return permissionSet.contains(permission); + return permissionSet.contains(permission); } /** * return an enumeration of the permissions in this ACL entry. */ public Enumeration<Permission> permissions() { - return permissionSet.elements(); + return permissionSet.elements(); } /** - * Return a string representation of the contents of the ACL entry. + * Return a string representation of the contents of the ACL entry. */ public String toString() { - StringBuffer s = new StringBuffer(); - if (negative) - s.append("-"); - else - s.append("+"); - if (user instanceof Group) - s.append("Group."); - else - s.append("User."); - s.append(user + "="); - Enumeration<Permission> e = permissions(); - while(e.hasMoreElements()) { - Permission p = (Permission) e.nextElement(); - s.append(p); - if (e.hasMoreElements()) - s.append(","); - } - return new String(s); + StringBuffer s = new StringBuffer(); + if (negative) + s.append("-"); + else + s.append("+"); + if (user instanceof Group) + s.append("Group."); + else + s.append("User."); + s.append(user + "="); + Enumeration<Permission> e = permissions(); + while (e.hasMoreElements()) { + Permission p = (Permission) e.nextElement(); + s.append(p); + if (e.hasMoreElements()) + s.append(","); + } + return new String(s); } /** * Clones an AclEntry. */ public synchronized Object clone() { - AclEntryImpl cloned; - cloned = new AclEntryImpl(user); - cloned.permissionSet = new Vector<Permission>(permissionSet); - cloned.negative = negative; - return cloned; + AclEntryImpl cloned; + cloned = new AclEntryImpl(user); + cloned.permissionSet = new Vector<Permission>(permissionSet); + cloned.negative = negative; + return cloned; } /** - * Return the Principal associated in this ACL entry. - * The method returns null if the entry uses a group - * instead of a principal. + * Return the Principal associated in this ACL entry. The method returns + * null if the entry uses a group instead of a principal. */ public Principal getPrincipal() { - return user; + return user; } } - - diff --git a/pki/base/util/src/netscape/security/acl/AclImpl.java b/pki/base/util/src/netscape/security/acl/AclImpl.java index 6a5d4fd2..c70e3947 100644 --- a/pki/base/util/src/netscape/security/acl/AclImpl.java +++ b/pki/base/util/src/netscape/security/acl/AclImpl.java @@ -30,7 +30,8 @@ import java.util.Vector; /** * An Access Control List (ACL) is encapsulated by this class. - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class AclImpl extends OwnerImpl implements Acl { // @@ -43,313 +44,310 @@ public class AclImpl extends OwnerImpl implements Acl { private Hashtable<Principal, AclEntry> deniedUsersTable = new Hashtable<Principal, AclEntry>(23); private Hashtable<Principal, AclEntry> deniedGroupsTable = new Hashtable<Principal, AclEntry>(23); private String aclName = null; - private Vector<Permission> zeroSet = new Vector<Permission>(1,1); - + private Vector<Permission> zeroSet = new Vector<Permission>(1, 1); /** * Constructor for creating an empty ACL. */ public AclImpl(Principal owner, String name) { - super(owner); - try { - setName(owner, name); - } catch (Exception e) {} - } + super(owner); + try { + setName(owner, name); + } catch (Exception e) { + } + } /** * Sets the name of the ACL. - * @param caller the principal who is invoking this method. + * + * @param caller the principal who is invoking this method. * @param name the name of the ACL. - * @exception NotOwnerException if the caller principal is - * not on the owners list of the Acl. + * @exception NotOwnerException if the caller principal is not on the owners + * list of the Acl. */ public void setName(Principal caller, String name) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - aclName = name; + aclName = name; } /** - * Returns the name of the ACL. + * Returns the name of the ACL. + * * @return the name of the ACL. */ public String getName() { - return aclName; + return aclName; } /** - * Adds an ACL entry to this ACL. An entry associates a - * group or a principal with a set of permissions. Each - * user or group can have one positive ACL entry and one - * negative ACL entry. If there is one of the type (negative - * or positive) already in the table, a false value is returned. - * The caller principal must be a part of the owners list of - * the ACL in order to invoke this method. - * @param caller the principal who is invoking this method. - * @param entry the ACL entry that must be added to the ACL. + * Adds an ACL entry to this ACL. An entry associates a group or a principal + * with a set of permissions. Each user or group can have one positive ACL + * entry and one negative ACL entry. If there is one of the type (negative + * or positive) already in the table, a false value is returned. The caller + * principal must be a part of the owners list of the ACL in order to invoke + * this method. + * + * @param caller the principal who is invoking this method. + * @param entry the ACL entry that must be added to the ACL. * @return true on success, false if the entry is already present. - * @exception NotOwnerException if the caller principal - * is not on the owners list of the Acl. + * @exception NotOwnerException if the caller principal is not on the owners + * list of the Acl. */ - public synchronized boolean addEntry(Principal caller, AclEntry entry) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + public synchronized boolean addEntry(Principal caller, AclEntry entry) + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - Hashtable<Principal, AclEntry> aclTable = findTable(entry); - Principal key = entry.getPrincipal(); + Hashtable<Principal, AclEntry> aclTable = findTable(entry); + Principal key = entry.getPrincipal(); - if (aclTable.get(key) != null) - return false; + if (aclTable.get(key) != null) + return false; - aclTable.put(key, entry); - return true; + aclTable.put(key, entry); + return true; } /** - * Removes an ACL entry from this ACL. - * The caller principal must be a part of the owners list of the ACL - * in order to invoke this method. - * @param caller the principal who is invoking this method. + * Removes an ACL entry from this ACL. The caller principal must be a part + * of the owners list of the ACL in order to invoke this method. + * + * @param caller the principal who is invoking this method. * @param entry the ACL entry that must be removed from the ACL. * @return true on success, false if the entry is not part of the ACL. - * @exception NotOwnerException if the caller principal is not - * the owners list of the Acl. + * @exception NotOwnerException if the caller principal is not the owners + * list of the Acl. */ - public synchronized boolean removeEntry(Principal caller, AclEntry entry) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + public synchronized boolean removeEntry(Principal caller, AclEntry entry) + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - Hashtable<Principal, AclEntry> aclTable = findTable(entry); - Object key = entry.getPrincipal(); + Hashtable<Principal, AclEntry> aclTable = findTable(entry); + Object key = entry.getPrincipal(); - Object o = aclTable.remove(key); - return (o != null); + Object o = aclTable.remove(key); + return (o != null); } + /** - * This method returns the set of allowed permissions for the - * specified principal. This set of allowed permissions is calculated - * as follows: - * - * If there is no entry for a group or a principal an empty permission - * set is assumed. + * This method returns the set of allowed permissions for the specified + * principal. This set of allowed permissions is calculated as follows: + * + * If there is no entry for a group or a principal an empty permission set + * is assumed. + * + * The group positive permission set is the union of all the positive + * permissions of each group that the individual belongs to. The group + * negative permission set is the union of all the negative permissions of + * each group that the individual belongs to. If there is a specific + * permission that occurs in both the postive permission set and the + * negative permission set, it is removed from both. The group positive and + * negatoive permission sets are calculated. + * + * The individial positive permission set and the individual negative + * permission set is then calculated. Again abscence of an entry means the + * empty set. * - * The group positive permission set is the union of all - * the positive permissions of each group that the individual belongs to. - * The group negative permission set is the union of all - * the negative permissions of each group that the individual belongs to. - * If there is a specific permission that occurs in both - * the postive permission set and the negative permission set, - * it is removed from both. The group positive and negatoive permission - * sets are calculated. - * - * The individial positive permission set and the individual negative - * permission set is then calculated. Again abscence of an entry means - * the empty set. - * * The set of permissions granted to the principal is then calculated using - * the simple rule: Individual permissions always override the Group permissions. - * Specifically, individual negative permission set (specific - * denial of permissions) overrides the group positive permission set. - * And the individual positive permission set override the group negative - * permission set. - * + * the simple rule: Individual permissions always override the Group + * permissions. Specifically, individual negative permission set (specific + * denial of permissions) overrides the group positive permission set. And + * the individual positive permission set override the group negative + * permission set. + * * @param user the principal for which the ACL entry is returned. - * @return The resulting permission set that the principal is allowed. + * @return The resulting permission set that the principal is allowed. */ public synchronized Enumeration<Permission> getPermissions(Principal user) { - Enumeration<Permission> individualPositive; - Enumeration<Permission> individualNegative; - Enumeration<Permission> groupPositive; - Enumeration<Permission> groupNegative; - - // - // canonicalize the sets. That is remove common permissions from - // positive and negative sets. - // - groupPositive = subtract(getGroupPositive(user), getGroupNegative(user)); - groupNegative = subtract(getGroupNegative(user), getGroupPositive(user)); - individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); - individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); - - // - // net positive permissions is individual positive permissions - // plus (group positive - individual negative). - // - Enumeration<Permission> temp1 = subtract(groupPositive, individualNegative); - Enumeration<Permission> netPositive = union(individualPositive, temp1); - - // recalculate the enumeration since we lost it in performing the - // subtraction - // - individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); - individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); - - // - // net negative permissions is individual negative permissions - // plus (group negative - individual positive). - // - temp1 = subtract(groupNegative, individualPositive); - Enumeration<Permission> netNegative = union(individualNegative, temp1); - - return subtract(netPositive, netNegative); + Enumeration<Permission> individualPositive; + Enumeration<Permission> individualNegative; + Enumeration<Permission> groupPositive; + Enumeration<Permission> groupNegative; + + // + // canonicalize the sets. That is remove common permissions from + // positive and negative sets. + // + groupPositive = subtract(getGroupPositive(user), getGroupNegative(user)); + groupNegative = subtract(getGroupNegative(user), getGroupPositive(user)); + individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); + individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); + + // + // net positive permissions is individual positive permissions + // plus (group positive - individual negative). + // + Enumeration<Permission> temp1 = subtract(groupPositive, individualNegative); + Enumeration<Permission> netPositive = union(individualPositive, temp1); + + // recalculate the enumeration since we lost it in performing the + // subtraction + // + individualPositive = subtract(getIndividualPositive(user), getIndividualNegative(user)); + individualNegative = subtract(getIndividualNegative(user), getIndividualPositive(user)); + + // + // net negative permissions is individual negative permissions + // plus (group negative - individual positive). + // + temp1 = subtract(groupNegative, individualPositive); + Enumeration<Permission> netNegative = union(individualNegative, temp1); + + return subtract(netPositive, netNegative); } /** - * This method checks whether or not the specified principal - * has the required permission. If permission is denied - * permission false is returned, a true value is returned otherwise. - * This method does not authenticate the principal. It presumes that - * the principal is a valid authenticated principal. + * This method checks whether or not the specified principal has the + * required permission. If permission is denied permission false is + * returned, a true value is returned otherwise. This method does not + * authenticate the principal. It presumes that the principal is a valid + * authenticated principal. + * * @param principal the name of the authenticated principal * @param permission the permission that the principal must have. - * @return true of the principal has the permission desired, false - * otherwise. + * @return true of the principal has the permission desired, false + * otherwise. */ - public boolean checkPermission(Principal principal, Permission permission) - { - Enumeration<Permission> permSet = getPermissions(principal); - while (permSet.hasMoreElements()) { - Permission p = (Permission) permSet.nextElement(); - if (p.equals(permission)) - return true; - } - return false; + public boolean checkPermission(Principal principal, Permission permission) { + Enumeration<Permission> permSet = getPermissions(principal); + while (permSet.hasMoreElements()) { + Permission p = (Permission) permSet.nextElement(); + if (p.equals(permission)) + return true; + } + return false; } /** * returns an enumeration of the entries in this ACL. */ public synchronized Enumeration<AclEntry> entries() { - return new AclEnumerator(this, - allowedUsersTable, allowedGroupsTable, - deniedUsersTable, deniedGroupsTable); + return new AclEnumerator(this, + allowedUsersTable, allowedGroupsTable, + deniedUsersTable, deniedGroupsTable); } /** - * return a stringified version of the - * ACL. + * return a stringified version of the ACL. */ public String toString() { - StringBuffer sb = new StringBuffer(); - Enumeration<AclEntry> entries = entries(); - while (entries.hasMoreElements()) { - AclEntry entry = (AclEntry) entries.nextElement(); - sb.append(entry.toString().trim()); - sb.append("\n"); - } - - return sb.toString(); + StringBuffer sb = new StringBuffer(); + Enumeration<AclEntry> entries = entries(); + while (entries.hasMoreElements()) { + AclEntry entry = (AclEntry) entries.nextElement(); + sb.append(entry.toString().trim()); + sb.append("\n"); + } + + return sb.toString(); } // - // Find the table that this entry belongs to. There are 4 - // tables that are maintained. One each for postive and - // negative ACLs and one each for groups and users. - // This method figures out which + // Find the table that this entry belongs to. There are 4 + // tables that are maintained. One each for postive and + // negative ACLs and one each for groups and users. + // This method figures out which // table is the one that this AclEntry belongs to. // private Hashtable<Principal, AclEntry> findTable(AclEntry entry) { - Hashtable<Principal, AclEntry> aclTable = null; - - Principal p = entry.getPrincipal(); - if (p instanceof Group) { - if (entry.isNegative()) - aclTable = deniedGroupsTable; - else - aclTable = allowedGroupsTable; - } else { - if (entry.isNegative()) - aclTable = deniedUsersTable; - else - aclTable = allowedUsersTable; - } - return aclTable; + Hashtable<Principal, AclEntry> aclTable = null; + + Principal p = entry.getPrincipal(); + if (p instanceof Group) { + if (entry.isNegative()) + aclTable = deniedGroupsTable; + else + aclTable = allowedGroupsTable; + } else { + if (entry.isNegative()) + aclTable = deniedUsersTable; + else + aclTable = allowedUsersTable; + } + return aclTable; } // // returns the set e1 U e2. // - private <T> Enumeration<T> union(Enumeration<T> e1, Enumeration<T> e2) { - Vector<T> v = new Vector<T>(20, 20); - - while (e1.hasMoreElements()) - v.addElement(e1.nextElement()); - - while (e2.hasMoreElements()) { - T o = e2.nextElement(); - if (!v.contains(o)) - v.addElement(o); - } - - return v.elements(); + private <T> Enumeration<T> union(Enumeration<T> e1, Enumeration<T> e2) { + Vector<T> v = new Vector<T>(20, 20); + + while (e1.hasMoreElements()) + v.addElement(e1.nextElement()); + + while (e2.hasMoreElements()) { + T o = e2.nextElement(); + if (!v.contains(o)) + v.addElement(o); + } + + return v.elements(); } // // returns the set e1 - e2. // private <T> Enumeration<T> subtract(Enumeration<T> e1, Enumeration<T> e2) { - Vector<T> v = new Vector<T> (20, 20); - - while (e1.hasMoreElements()) - v.addElement(e1.nextElement()); - - while (e2.hasMoreElements()) { - T o = e2.nextElement(); - if (v.contains(o)) - v.removeElement(o); - } - - return v.elements(); + Vector<T> v = new Vector<T>(20, 20); + + while (e1.hasMoreElements()) + v.addElement(e1.nextElement()); + + while (e2.hasMoreElements()) { + T o = e2.nextElement(); + if (v.contains(o)) + v.removeElement(o); + } + + return v.elements(); } private Enumeration<Permission> getGroupPositive(Principal user) { - Enumeration<Permission> groupPositive = zeroSet.elements(); - Enumeration<Principal> e = allowedGroupsTable.keys(); - while (e.hasMoreElements()) { - Group g = (Group) e.nextElement(); - if (g.isMember(user)) { - AclEntry ae = (AclEntry) allowedGroupsTable.get(g); - groupPositive = union(ae.permissions(), groupPositive); - } - } - return groupPositive; + Enumeration<Permission> groupPositive = zeroSet.elements(); + Enumeration<Principal> e = allowedGroupsTable.keys(); + while (e.hasMoreElements()) { + Group g = (Group) e.nextElement(); + if (g.isMember(user)) { + AclEntry ae = (AclEntry) allowedGroupsTable.get(g); + groupPositive = union(ae.permissions(), groupPositive); + } + } + return groupPositive; } private Enumeration<Permission> getGroupNegative(Principal user) { - Enumeration<Permission> groupNegative = zeroSet.elements(); - Enumeration<Principal> e = deniedGroupsTable.keys(); - while (e.hasMoreElements()) { - Group g = (Group) e.nextElement(); - if (g.isMember(user)) { - AclEntry ae = (AclEntry) deniedGroupsTable.get(g); - groupNegative = union(ae.permissions(), groupNegative); - } - } - return groupNegative; + Enumeration<Permission> groupNegative = zeroSet.elements(); + Enumeration<Principal> e = deniedGroupsTable.keys(); + while (e.hasMoreElements()) { + Group g = (Group) e.nextElement(); + if (g.isMember(user)) { + AclEntry ae = (AclEntry) deniedGroupsTable.get(g); + groupNegative = union(ae.permissions(), groupNegative); + } + } + return groupNegative; } private Enumeration<Permission> getIndividualPositive(Principal user) { - Enumeration<Permission> individualPositive = zeroSet.elements(); - AclEntry ae = (AclEntry) allowedUsersTable.get(user); - if (ae != null) - individualPositive = ae.permissions(); - return individualPositive; + Enumeration<Permission> individualPositive = zeroSet.elements(); + AclEntry ae = (AclEntry) allowedUsersTable.get(user); + if (ae != null) + individualPositive = ae.permissions(); + return individualPositive; } private Enumeration<Permission> getIndividualNegative(Principal user) { - Enumeration<Permission> individualNegative = zeroSet.elements(); - AclEntry ae = (AclEntry) deniedUsersTable.get(user); - if (ae != null) - individualNegative = ae.permissions(); - return individualNegative; + Enumeration<Permission> individualNegative = zeroSet.elements(); + AclEntry ae = (AclEntry) deniedUsersTable.get(user); + if (ae != null) + individualNegative = ae.permissions(); + return individualNegative; } } @@ -358,33 +356,31 @@ final class AclEnumerator implements Enumeration<AclEntry> { Enumeration<AclEntry> u1, u2, g1, g2; AclEnumerator(Acl acl, Hashtable<Principal, AclEntry> u1, Hashtable<Principal, AclEntry> g1, - Hashtable<Principal, AclEntry> u2, Hashtable<Principal, AclEntry> g2) { - this.acl = acl; - this.u1 = u1.elements(); - this.u2 = u2.elements(); - this.g1 = g1.elements(); - this.g2 = g2.elements(); + Hashtable<Principal, AclEntry> u2, Hashtable<Principal, AclEntry> g2) { + this.acl = acl; + this.u1 = u1.elements(); + this.u2 = u2.elements(); + this.g1 = g1.elements(); + this.g2 = g2.elements(); } public boolean hasMoreElements() { - return (u1.hasMoreElements() || - u2.hasMoreElements() || - g1.hasMoreElements() || - g2.hasMoreElements()); + return (u1.hasMoreElements() || + u2.hasMoreElements() || + g1.hasMoreElements() || g2.hasMoreElements()); } - public AclEntry nextElement() - { - synchronized (acl) { - if (u1.hasMoreElements()) - return u1.nextElement(); - if (u2.hasMoreElements()) - return u2.nextElement(); - if (g1.hasMoreElements()) - return g1.nextElement(); - if (g2.hasMoreElements()) - return g2.nextElement(); - } - throw new NoSuchElementException("Acl Enumerator"); + public AclEntry nextElement() { + synchronized (acl) { + if (u1.hasMoreElements()) + return u1.nextElement(); + if (u2.hasMoreElements()) + return u2.nextElement(); + if (g1.hasMoreElements()) + return g1.nextElement(); + if (g2.hasMoreElements()) + return g2.nextElement(); + } + throw new NoSuchElementException("Acl Enumerator"); } } diff --git a/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java b/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java index 4f63712c..710bf4ec 100644 --- a/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java +++ b/pki/base/util/src/netscape/security/acl/AllPermissionsImpl.java @@ -21,21 +21,23 @@ import java.security.acl.Permission; /** * This class implements the principal interface for the set of all permissions. + * * @author Satish Dharmaraj */ public class AllPermissionsImpl extends PermissionImpl { public AllPermissionsImpl(String s) { - super(s); + super(s); } /** - * This function returns true if the permission passed matches the permission represented in - * this interface. + * This function returns true if the permission passed matches the + * permission represented in this interface. + * * @param another The Permission object to compare with. * @return true always */ public boolean equals(Permission another) { - return true; + return true; } } diff --git a/pki/base/util/src/netscape/security/acl/GroupImpl.java b/pki/base/util/src/netscape/security/acl/GroupImpl.java index 50c68bdb..f8184a42 100644 --- a/pki/base/util/src/netscape/security/acl/GroupImpl.java +++ b/pki/base/util/src/netscape/security/acl/GroupImpl.java @@ -24,7 +24,8 @@ import java.util.Vector; /** * This class implements a group of principals. - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class GroupImpl implements Group { private Vector groupMembers = new Vector(50, 100); @@ -32,136 +33,140 @@ public class GroupImpl implements Group { /** * Constructs a Group object with no members. + * * @param groupName the name of the group */ public GroupImpl(String groupName) { - this.group = groupName; + this.group = groupName; } /** * adds the specified member to the group. + * * @param user The principal to add to the group. - * @return true if the member was added - false if the - * member could not be added. + * @return true if the member was added - false if the member could not be + * added. */ public boolean addMember(Principal user) { - if (groupMembers.contains(user)) - return false; + if (groupMembers.contains(user)) + return false; - // do not allow groups to be added to itself. - if (group.equals(user.toString())) - throw new IllegalArgumentException(); + // do not allow groups to be added to itself. + if (group.equals(user.toString())) + throw new IllegalArgumentException(); - groupMembers.addElement(user); - return true; + groupMembers.addElement(user); + return true; } /** * removes the specified member from the group. + * * @param user The principal to remove from the group. - * @param true if the principal was removed false if - * the principal was not a member + * @param true if the principal was removed false if the principal was not a + * member */ public boolean removeMember(Principal user) { - return groupMembers.removeElement(user); + return groupMembers.removeElement(user); } /** * returns the enumeration of the members in the group. */ public Enumeration members() { - return groupMembers.elements(); + return groupMembers.elements(); } /** - * This function returns true if the group passed matches - * the group represented in this interface. + * This function returns true if the group passed matches the group + * represented in this interface. + * * @param another The group to compare this group to. */ public boolean equals(Group another) { - return group.equals(another.toString()); + return group.equals(another.toString()); } - + /** * Prints a stringified version of the group. */ public String toString() { - return group; + return group; } /** * return a hashcode for the principal. */ public int hashCode() { - return group.hashCode(); + return group.hashCode(); } /** * returns true if the passed principal is a member of the group. + * * @param member The principal whose membership must be checked for. - * @return true if the principal is a member of this group, - * false otherwise + * @return true if the principal is a member of this group, false otherwise */ public boolean isMember(Principal member) { - - // - // if the member is part of the group (common case), return true. - // if not, recursively search depth first in the group looking for the - // principal. - // - if (groupMembers.contains(member)) { - return true; - } else { - Vector alreadySeen = new Vector(10); - return isMemberRecurse(member, alreadySeen); - } + + // + // if the member is part of the group (common case), return true. + // if not, recursively search depth first in the group looking for the + // principal. + // + if (groupMembers.contains(member)) { + return true; + } else { + Vector alreadySeen = new Vector(10); + return isMemberRecurse(member, alreadySeen); + } } /** * return the name of the principal. */ public String getName() { - return group; + return group; } // // This function is the recursive search of groups for this // implementation of the Group. The search proceeds building up - // a vector of already seen groups. Only new groups are considered, + // a vector of already seen groups. Only new groups are considered, // thereby avoiding loops. // boolean isMemberRecurse(Principal member, Vector alreadySeen) { - Enumeration e = members(); - while (e.hasMoreElements()) { - boolean mem = false; - Principal p = (Principal) e.nextElement(); - - // if the member is in this collection, return true - if (p.equals(member)) { - return true; - } else if (p instanceof GroupImpl) { - // - // if not recurse if the group has not been checked already. - // Can call method in this package only if the object is an - // instance of this class. Otherwise call the method defined - // in the interface. (This can lead to a loop if a mixture of - // implementations form a loop, but we live with this improbable - // case rather than clutter the interface by forcing the - // implementation of this method.) - // - GroupImpl g = (GroupImpl) p; - alreadySeen.addElement(this); - if (!alreadySeen.contains(g)) - mem = g.isMemberRecurse(member, alreadySeen); - } else if (p instanceof Group) { - Group g = (Group) p; - if (!alreadySeen.contains(g)) - mem = g.isMember(member); - } - - if (mem) - return mem; - } - return false; + Enumeration e = members(); + while (e.hasMoreElements()) { + boolean mem = false; + Principal p = (Principal) e.nextElement(); + + // if the member is in this collection, return true + if (p.equals(member)) { + return true; + } else if (p instanceof GroupImpl) { + // + // if not recurse if the group has not been checked already. + // Can call method in this package only if the object is an + // instance of this class. Otherwise call the method defined + // in the interface. (This can lead to a loop if a mixture of + // implementations form a loop, but we live with this improbable + // case rather than clutter the interface by forcing the + // implementation of this method.) + // + GroupImpl g = (GroupImpl) p; + alreadySeen.addElement(this); + if (!alreadySeen.contains(g)) + mem = g.isMemberRecurse(member, alreadySeen); + } else if (p instanceof Group) { + Group g = (Group) p; + if (!alreadySeen.contains(g)) + mem = g.isMember(member); + } + + if (mem) + return mem; + } + return false; } } diff --git a/pki/base/util/src/netscape/security/acl/OwnerImpl.java b/pki/base/util/src/netscape/security/acl/OwnerImpl.java index 7296590e..003bfa75 100644 --- a/pki/base/util/src/netscape/security/acl/OwnerImpl.java +++ b/pki/base/util/src/netscape/security/acl/OwnerImpl.java @@ -25,79 +25,79 @@ import java.security.acl.Owner; import java.util.Enumeration; /** - * Class implementing the Owner interface. The - * initial owner principal is configured as - * part of the constructor. - * @author Satish Dharmaraj + * Class implementing the Owner interface. The initial owner principal is + * configured as part of the constructor. + * + * @author Satish Dharmaraj */ public class OwnerImpl implements Owner { private Group ownerGroup; public OwnerImpl(Principal owner) { - ownerGroup = new GroupImpl("AclOwners"); - ownerGroup.addMember(owner); + ownerGroup = new GroupImpl("AclOwners"); + ownerGroup.addMember(owner); } /** - * Adds an owner. Owners can modify ACL contents and can disassociate - * ACLs from the objects they protect in the AclConfig interface. - * The caller principal must be a part of the owners list of the ACL in - * order to invoke this method. The initial owner is configured - * at ACL construction time. - * @param caller the principal who is invoking this method. + * Adds an owner. Owners can modify ACL contents and can disassociate ACLs + * from the objects they protect in the AclConfig interface. The caller + * principal must be a part of the owners list of the ACL in order to invoke + * this method. The initial owner is configured at ACL construction time. + * + * @param caller the principal who is invoking this method. * @param owner The owner that should be added to the owners list. * @return true if success, false if already an owner. - * @exception NotOwnerException if the caller principal is not on - * the owners list of the Acl. + * @exception NotOwnerException if the caller principal is not on the owners + * list of the Acl. */ public synchronized boolean addOwner(Principal caller, Principal owner) - throws NotOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); + throws NotOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); - ownerGroup.addMember(owner); - return false; + ownerGroup.addMember(owner); + return false; } - /** - * Delete owner. If this is the last owner in the ACL, an exception is - * raised. - * The caller principal must be a part of the owners list of the ACL in - * order to invoke this method. - * @param caller the principal who is invoking this method. + /** + * Delete owner. If this is the last owner in the ACL, an exception is + * raised. The caller principal must be a part of the owners list of the ACL + * in order to invoke this method. + * + * @param caller the principal who is invoking this method. * @param owner The owner to be removed from the owners list. - * @return true if the owner is removed, false if the owner is not part - * of the owners list. - * @exception NotOwnerException if the caller principal is not on - * the owners list of the Acl. - * @exception LastOwnerException if there is only one owner left in the group, then - * deleteOwner would leave the ACL owner-less. This exception is raised in such a case. + * @return true if the owner is removed, false if the owner is not part of + * the owners list. + * @exception NotOwnerException if the caller principal is not on the owners + * list of the Acl. + * @exception LastOwnerException if there is only one owner left in the + * group, then deleteOwner would leave the ACL owner-less. + * This exception is raised in such a case. */ - public synchronized boolean deleteOwner(Principal caller, Principal owner) - throws NotOwnerException, LastOwnerException - { - if (!isOwner(caller)) - throw new NotOwnerException(); - - Enumeration<? extends Principal> e = ownerGroup.members(); - // - // check if there is atleast 2 members left. - // - Object o = e.nextElement(); - if (e.hasMoreElements()) - return ownerGroup.removeMember(owner); - else - throw new LastOwnerException(); - - } + public synchronized boolean deleteOwner(Principal caller, Principal owner) + throws NotOwnerException, LastOwnerException { + if (!isOwner(caller)) + throw new NotOwnerException(); + + Enumeration<? extends Principal> e = ownerGroup.members(); + // + // check if there is atleast 2 members left. + // + Object o = e.nextElement(); + if (e.hasMoreElements()) + return ownerGroup.removeMember(owner); + else + throw new LastOwnerException(); + + } /** * returns if the given principal belongs to the owner list. + * * @param owner The owner to check if part of the owners list * @return true if the passed principal is in the owner list, false if not. */ public synchronized boolean isOwner(Principal owner) { - return ownerGroup.isMember(owner); + return ownerGroup.isMember(owner); } } diff --git a/pki/base/util/src/netscape/security/acl/PermissionImpl.java b/pki/base/util/src/netscape/security/acl/PermissionImpl.java index bfd8861c..2b4d4f47 100644 --- a/pki/base/util/src/netscape/security/acl/PermissionImpl.java +++ b/pki/base/util/src/netscape/security/acl/PermissionImpl.java @@ -20,8 +20,9 @@ package netscape.security.acl; import java.security.acl.Permission; /** - * The PermissionImpl class implements the permission - * interface for permissions that are strings. + * The PermissionImpl class implements the permission interface for permissions + * that are strings. + * * @author Satish Dharmaraj */ public class PermissionImpl implements Permission { @@ -30,33 +31,35 @@ public class PermissionImpl implements Permission { /** * Construct a permission object using a string. + * * @param permission the stringified version of the permission. */ public PermissionImpl(String permission) { - this.permission = permission; + this.permission = permission; } /** - * This function returns true if the object passed matches the permission + * This function returns true if the object passed matches the permission * represented in this interface. + * * @param another The Permission object to compare with. * @return true if the Permission objects are equal, false otherwise */ public boolean equals(Object another) { - if (another instanceof Permission) { - Permission p = (Permission) another; - return permission.equals(p.toString()); - } else { - return false; - } + if (another instanceof Permission) { + Permission p = (Permission) another; + return permission.equals(p.toString()); + } else { + return false; + } } - + /** * Prints a stringified version of the permission. + * * @return the string representation of the Permission. */ public String toString() { - return permission; + return permission; } } - diff --git a/pki/base/util/src/netscape/security/acl/PrincipalImpl.java b/pki/base/util/src/netscape/security/acl/PrincipalImpl.java index c2779abe..58b53d90 100644 --- a/pki/base/util/src/netscape/security/acl/PrincipalImpl.java +++ b/pki/base/util/src/netscape/security/acl/PrincipalImpl.java @@ -21,8 +21,8 @@ import java.security.Principal; /** * This class implements the principal interface. - * - * @author Satish Dharmaraj + * + * @author Satish Dharmaraj */ public class PrincipalImpl implements Principal { @@ -30,53 +30,48 @@ public class PrincipalImpl implements Principal { /** * Construct a principal from a string user name. + * * @param user The string form of the principal name. */ public PrincipalImpl(String user) { - this.user = user; + this.user = user; } /** - * This function returns true if the object passed matches - * the principal represented in this implementation + * This function returns true if the object passed matches the principal + * represented in this implementation + * * @param another the Principal to compare with. - * @return true if the Principal passed is the same as that - * encapsulated in this object, false otherwise + * @return true if the Principal passed is the same as that encapsulated in + * this object, false otherwise */ public boolean equals(Object another) { - if (another instanceof PrincipalImpl) { - PrincipalImpl p = (PrincipalImpl) another; - return user.equals(p.toString()); - } else - return false; + if (another instanceof PrincipalImpl) { + PrincipalImpl p = (PrincipalImpl) another; + return user.equals(p.toString()); + } else + return false; } - + /** * Prints a stringified version of the principal. */ public String toString() { - return user; + return user; } /** * return a hashcode for the principal. */ public int hashCode() { - return user.hashCode(); + return user.hashCode(); } /** * return the name of the principal. */ public String getName() { - return user; + return user; } } - - - - - - - diff --git a/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java b/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java index fa9c75bd..d1361763 100644 --- a/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java +++ b/pki/base/util/src/netscape/security/acl/WorldGroupImpl.java @@ -21,20 +21,23 @@ import java.security.Principal; /** * This class implements a group of principals. + * * @author Satish Dharmaraj */ public class WorldGroupImpl extends GroupImpl { public WorldGroupImpl(String s) { - super(s); + super(s); } /** * returns true for all passed principals - * @param member The principal whose membership must be checked in this Group. + * + * @param member The principal whose membership must be checked in this + * Group. * @return true always since this is the "world" group. */ public boolean isMember(Principal member) { - return true; + return true; } } |