|
From: Seth P. <se...@us...> - 2005-12-16 22:42:47
|
Update of /cvsroot/sunxacml/sunxacml/com/sun/xacml/attr In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv19443/com/sun/xacml/attr Added Files: DNSNameAttribute.java IPAddressAttribute.java PortRange.java Log Message: added to support the new ipAddress and dnsName datatypes in XACML 2.0 --- NEW FILE: PortRange.java --- /* * @(#)PortRange.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr; /** * This class represents a port range as specified in the XACML 2.0 description * of <code>dnsName</code> and <code>ipAddress</code>. The range may have * upper and lower bounds, be specified by a single port number, or may be * unbound. * * @since 2.0 * @author Seth Proctor */ public class PortRange { /** * Constant used to specify that the range is unbound on one side. */ public static final int UNBOUND = -1; // the port bound values private int lowerBound; private int upperBound; /** * Default constructor used to represent an unbound range. This is * typically used when an address has no port information. */ public PortRange() { this(UNBOUND, UNBOUND); } /** * Creates a <code>PortRange</code> that represents a single port value * instead of a range of values. * * @param singlePort the single port number */ public PortRange(int singlePort) { this(singlePort, singlePort); } /** * Creates a <code>PortRange</code> with upper and lower bounds. Either * of the parameters may have the value <code>UNBOUND</code> meaning * that there is no bound at the respective end. * * @param lowerBound the lower-bound port number or <code>UNBOUND</code> * @param upperBound the upper-bound port number or <code>UNBOUND</code> */ public PortRange(int lowerBound, int upperBound) { this.lowerBound = lowerBound; this.upperBound = upperBound; } /** * Creates an instance of <code>PortRange</code> based on the given value. * * @param value a <code>String</code> representing the range * * @return a new <code>PortRange</code> * * @throws NumberFormatException if a port value isn't an integer */ public static PortRange getInstance(String value) { int lowerBound = UNBOUND; int upperBound = UNBOUND; // first off, make sure there's actually content here if ((value.length() == 0) || (value.equals("-"))) return new PortRange(); // there's content, so figure where the '-' is, if at all int dashPos = value.indexOf('-'); if (dashPos == -1) { // there's no dash, so it's just a single number lowerBound = upperBound = Integer.parseInt(value); } else if (dashPos == 0) { // it starts with a dash, so it's just upper-range bound upperBound = Integer.parseInt(value.substring(1)); } else { // it's a number followed by a dash, so get the lower-bound... lowerBound = Integer.parseInt(value.substring(0, dashPos)); int len = value.length(); // ... and see if there is a second port number if (dashPos != (len - 1)) { // the dash wasn't at the end, so there's an upper-bound upperBound = Integer.parseInt(value.substring(dashPos + 1, len)); } } return new PortRange(lowerBound, upperBound); } /** * Returns the lower-bound port value. If the range is not lower-bound, * then this returns <code>UNBOUND</code>. If the range is actually a * single port number, then this returns the same value as * <code>getUpperBound</code>. * * @return the upper-bound */ public int getLowerBound() { return lowerBound; } /** * Returns the upper-bound port value. If the range is not upper-bound, * then this returns <code>UNBOUND</code>. If the range is actually a * single port number, then this returns the same value as * <code>getLowerBound</code>. * * @return the upper-bound */ public int getUpperBound() { return upperBound; } /** * Returns whether the range is bounded by a lower port number. * * @return true if lower-bounded, false otherwise */ public boolean isLowerBounded() { return (lowerBound != -1); } /** * Returns whether the range is bounded by an upper port number. * * @return true if upper-bounded, false otherwise */ public boolean isUpperBounded() { return (upperBound != -1); } /** * Returns whether the range is actually a single port number. * * @return true if the range is a single port number, false otherwise */ public boolean isSinglePort() { return ((lowerBound == upperBound) && (lowerBound != UNBOUND)); } /** * Returns whether the range is unbound, which means that it specifies * no port number or range. This is typically used with addresses that * include no port information. * * @return true if the range is unbound, false otherwise */ public boolean isUnbound() { return ((lowerBound == UNBOUND) && (upperBound == UNBOUND)); } /** * Returns true if the input is an instance of this class and if its * value equals the value contained in this class. * * @param o the object to compare * * @return true if this object and the input represent the same value */ public boolean equals(Object o) { if (! (o instanceof IPAddressAttribute)) return false; PortRange other = (PortRange)o; if (lowerBound != other.lowerBound) return false; if (upperBound != other.upperBound) return false; return true; } /** * */ public String encode() { if (isUnbound()) return ""; if (isSinglePort()) return String.valueOf(lowerBound); if (! isLowerBounded()) return "-" + String.valueOf(upperBound); if (! isUpperBounded()) return String.valueOf(lowerBound) + "-"; return String.valueOf(lowerBound) + "-" + String.valueOf(upperBound); } } --- NEW FILE: IPAddressAttribute.java --- /* * @(#)IPAddressAttribute.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr; import com.sun.xacml.ParsingException; import java.net.InetAddress; import java.net.UnknownHostException; import java.net.URI; import org.w3c.dom.Node; /** * Represents the IPAddress datatype introduced in XACML 2.0. All objects of * this class are immutable and all methods of the class are thread-safe. * * @since 2.0 * @author Seth Proctor */ public class IPAddressAttribute extends AttributeValue { /** * Official name of this type */ public static final String identifier = "urn:oasis:names:tc:xacml:2.0:data-type:ipAddress"; /** * URI version of name for this type * <p> * This field is initialized by a static initializer so that * we can catch any exceptions thrown by URI(String) and * transform them into a RuntimeException, since this should * never happen but should be reported properly if it ever does. */ private static URI identifierURI; /** * RuntimeException that wraps an Exception thrown during the * creation of identifierURI, null if none. */ private static RuntimeException earlyException; /** * Static initializer that initializes the identifierURI * class field so that we can catch any exceptions thrown * by URI(String) and transform them into a RuntimeException. * Such exceptions should never happen but should be reported * properly if they ever do. */ static { try { identifierURI = new URI(identifier); } catch (Exception e) { earlyException = new IllegalArgumentException(); earlyException.initCause(e); } }; // the required address private InetAddress address; // the optional mask private InetAddress mask; // this is the optional port-range private PortRange range; /** * Creates the new <code>IPAddressAttribute</code> with just the required * address component. * * @param address a non-null <code>InetAddress</code> */ public IPAddressAttribute(InetAddress address) { this(address, null, new PortRange()); } /** * Creates the new <code>IPAddressAttribute</code> with the optional * address mask. * * @param address a non-null <code>InetAddress</code> * @param mask an <code>InetAddress</code> or null if there is no mask */ public IPAddressAttribute(InetAddress address, InetAddress mask) { this(address, mask, new PortRange()); } /** * Creates the new <code>IPAddressAttribute</code> with the optional * port range. * * @param address a non-null <code>InetAddress</code> * @param portRange a <code>PortRange</code> */ public IPAddressAttribute(InetAddress address, PortRange range) { this(address, null, range); } /** * Creates the new <code>IPAddressAttribute</code> with all the optional * components. * * @param address a non-null <code>InetAddress</code> * @param mask an <code>InetAddress</code> or null if there is no mask * @param portRange a <code>PortRange</code> */ public IPAddressAttribute(InetAddress address, InetAddress mask, PortRange range) { super(identifierURI); // shouldn't happen, but just in case... if (earlyException != null) throw earlyException; this.address = address; this.mask = mask; this.range = range; } /** * Returns a new <code>IPAddressAttribute</code> that represents * the name at a particular DOM node. * * @param root the <code>Node</code> that contains the desired value * * @return a new <code>IPAddressAttribute</code> representing the * appropriate value (null if there is a parsing error) * * @throws ParsingException if any of the address components is invalid */ public static IPAddressAttribute getInstance(Node root) throws ParsingException { return getInstance(root.getFirstChild().getNodeValue()); } /** * Returns a new <code>IPAddressAttribute</code> that represents * the name indicated by the <code>String</code> provided. * * @param value a string representing the address * * @return a new <code>IPAddressAttribute</code> * * @throws ParsingException if any of the address components is invalid */ public static IPAddressAttribute getInstance(String value) throws ParsingException { try { // an IPv6 address starts with a '[' if (value.indexOf('[') == 0) return getIPv6Address(value); else return getIPv4Address(value); } catch (UnknownHostException uhe) { throw new ParsingException("Failed to parse an IPAddress", uhe); } } /** * Handle parsing an IPv4 address */ private static IPAddressAttribute getIPv4Address(String value) throws UnknownHostException { InetAddress address = null; InetAddress mask = null; PortRange range = null; // start out by seeing where the delimiters are int maskPos = value.indexOf("/"); int rangePos = value.indexOf(":"); // now check to see which components we have if (maskPos == rangePos) { // the sting is just an address address = InetAddress.getByName(value); } else if (maskPos != -1) { // there is also a mask (and maybe a range) address = InetAddress.getByName(value.substring(0, maskPos)); if (rangePos != -1) { // there's a range too, so get it and the mask mask = InetAddress.getByName(value.substring(maskPos + 1, rangePos)); range = PortRange.getInstance(value.substring(rangePos + 1, value.length())); } else { // there's no range, so just get the mask mask = InetAddress.getByName(value.substring(maskPos + 1, value.length())); } } else { // there is a range, but no mask address = InetAddress.getByName(value.substring(0, rangePos)); range = PortRange.getInstance(value.substring(rangePos + 1, value.length())); } // if the range is null, then create it as unbound range = new PortRange(); return new IPAddressAttribute(address, mask, range); } /** * Handle parsing an IPv6 address */ private static IPAddressAttribute getIPv6Address(String value) throws UnknownHostException { InetAddress address = null; InetAddress mask = null; PortRange range = null; int len = value.length(); // get the required address component int endIndex = value.indexOf(']'); address = InetAddress.getByName(value.substring(1, endIndex)); // see if there's anything left in the string if (endIndex != (len - 1)) { // if there's a mask, it's also an IPv6 address if (value.charAt(endIndex + 1) == '/') { int startIndex = endIndex + 3; endIndex = value.indexOf(']', startIndex); mask = InetAddress.getByName(value.substring(startIndex, endIndex)); } // finally, see if there's a port range, if we're not finished if ((endIndex != (len - 1)) && (value.charAt(endIndex + 1) == ':')) range = PortRange.getInstance(value.substring(endIndex + 2, len)); } // if the range is null, then create it as unbound range = new PortRange(); return new IPAddressAttribute(address, mask, range); } /** * Returns the address represented by this object. * * @return the address */ public InetAddress getAddress() { return address; } /** * Returns the mask represented by this object, or null if there is no * mask. * * @return the mask or null */ public InetAddress getMask() { return mask; } /** * Returns the port range represented by this object which will be * unbound if no range was specified. * * @return the range */ public PortRange getRange() { return range; } /** * Returns true if the input is an instance of this class and if its * value equals the value contained in this class. * * @param o the object to compare * * @return true if this object and the input represent the same value */ public boolean equals(Object o) { if (! (o instanceof IPAddressAttribute)) return false; IPAddressAttribute other = (IPAddressAttribute)o; if (! address.equals(other.address)) return false; if (mask != null) { if (other.mask == null) return false; if (! mask.equals(other.mask)) return false; } else { if (other.mask != null) return false; } if (! range.equals(other.range)) return false; return true; } /** * Returns the hashcode value used to index and compare this object with * others of the same type. * * @return the object's hashcode value */ public int hashCode() { // FIXME: what should the hashcode be? return 0; } /** * Converts to a String representation. * * @return the String representation */ public String toString() { return "IPAddressAttribute: \"" + encode() + "\""; } /** * */ public String encode() { String str = "[" + address.getHostAddress() + "]"; if (mask != null) str += "/[" + mask.getHostAddress() + "]"; if (! range.isUnbound()) str += ":" + range.encode(); return str; } } --- NEW FILE: DNSNameAttribute.java --- /* * @(#)DNSNameAttribute.java * * Copyright 2005 Sun Microsystems, Inc. All Rights Reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * 1. Redistribution of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * * 2. Redistribution in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * Neither the name of Sun Microsystems, Inc. or the names of contributors may * be used to endorse or promote products derived from this software without * specific prior written permission. * * This software is provided "AS IS," without a warranty of any kind. ALL * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN") * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL, * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE, * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. * * You acknowledge that this software is not designed or intended for use in * the design, construction, operation or maintenance of any nuclear facility. */ package com.sun.xacml.attr; import com.sun.xacml.ParsingException; import java.net.URI; import org.w3c.dom.Node; /** * Represents the DNSName datatype introduced in XACML 2.0. All objects of * this class are immutable and all methods of the class are thread-safe. * * @since 2.0 * @author Seth Proctor */ public class DNSNameAttribute extends AttributeValue { /** * Official name of this type */ public static final String identifier = "urn:oasis:names:tc:xacml:2.0:data-type:dnsName"; /** * URI version of name for this type * <p> * This field is initialized by a static initializer so that * we can catch any exceptions thrown by URI(String) and * transform them into a RuntimeException, since this should * never happen but should be reported properly if it ever does. */ private static URI identifierURI; /** * RuntimeException that wraps an Exception thrown during the * creation of identifierURI, null if none. */ private static RuntimeException earlyException; /** * Static initializer that initializes the identifierURI * class field so that we can catch any exceptions thrown * by URI(String) and transform them into a RuntimeException. * Such exceptions should never happen but should be reported * properly if they ever do. */ static { try { identifierURI = new URI(identifier); } catch (Exception e) { earlyException = new IllegalArgumentException(); earlyException.initCause(e); } }; // the required hostname private String hostname; // the optional port range private PortRange range; // true if the hostname starts with a '*' private boolean isSubdomain = false; /** * Creates the new <code>DNSNameAttribute</code> with only the required * hostname component. * * @param hostname the host name component of the address * * @throws ParsingException if the hostname is invalid */ public DNSNameAttribute(String hostname) throws ParsingException { this(hostname, new PortRange()); } /** * Creates the new <code>DNSNameAttribute</code> with the optional * port range component. * * @param hostname the host name component of the address * @param range the port range * * @throws ParsingException if the hostname is invalid */ public DNSNameAttribute(String hostname, PortRange range) throws ParsingException { super(identifierURI); // shouldn't happen, but just in case... if (earlyException != null) throw earlyException; // verify that the hostname is valid before we store it if (! isValidHostName(hostname)) System.out.println("FIXME: throw error about bad hostname"); // see if it started with a '*' character if (hostname.charAt(0) == '*') this.isSubdomain = true; this.hostname = hostname; this.range = range; } /** * Private helper that tests whether the given string is valid. */ private boolean isValidHostName(String hostname) { /* hostname = *( domainlabel "." ) toplabel [ "." ] domainlabel = alphanum | alphanum *( alphanum | "-" ) alphanum toplabel = alpha | alpha *( alphanum | "-" ) alphanum */ String domainlabel = "\\w[[\\w|\\-]*\\w]?"; String toplabel = "[a-zA-Z][[\\w|\\-]*\\w]?"; String pattern = "[\\*\\.]?[" + domainlabel + "\\.]*" + toplabel + "\\.?"; return hostname.matches(pattern); } /** * Returns a new <code>DNSNameAttribute</code> that represents * the name at a particular DOM node. * * @param root the <code>Node</code> that contains the desired value * * @return a new <code>DNSNameAttribute</code> representing the * appropriate value (null if there is a parsing error) * * @throws ParsingException if the hostname is invalid */ public static DNSNameAttribute getInstance(Node root) throws ParsingException { return getInstance(root.getFirstChild().getNodeValue()); } /** * Returns a new <code>DNSNameAttribute</code> that represents * the name indicated by the <code>String</code> provided. * * @param value a string representing the name * * @return a new <code>DNSNameAttribute</code> * * @throws ParsingException if the hostname is invalid */ public static DNSNameAttribute getInstance(String value) throws ParsingException { int portSep = value.indexOf(':'); if (portSep == -1) { // there is no port range, so just use the name return new DNSNameAttribute(value); } else { // split the name and the port range String hostname = value.substring(0, portSep); PortRange range = PortRange.getInstance(value.substring(portSep + 1, value.length())); return new DNSNameAttribute(hostname, range); } } /** * Returns the host name represented by this object. * * @return the host name */ public String getHostName() { return hostname; } /** * Returns the port range represented by this object which will be * unbound if no range was specified. * * @return the port range */ public PortRange getPortRange() { return range; } /** * Returns true if the leading character in the hostname is a '*', and * therefore represents a matching subdomain, or false otherwise. * * @return true if the name represents a subdomain, false otherwise */ public boolean isSubdomain() { return isSubdomain; } /** * Returns true if the input is an instance of this class and if its * value equals the value contained in this class. * * @param o the object to compare * * @return true if this object and the input represent the same value */ public boolean equals(Object o) { if (! (o instanceof DNSNameAttribute)) return false; DNSNameAttribute other = (DNSNameAttribute)o; if (! hostname.toUpperCase().equals(other.hostname.toUpperCase())) return false; if (! range.equals(other.range)) return false; return true; } /** * Returns the hashcode value used to index and compare this object with * others of the same type. * * @return the object's hashcode value */ public int hashCode() { // FIXME: what should the hashcode be? return 0; } /** * Converts to a String representation. * * @return the String representation */ public String toString() { return "DNSNameAttribute: \"" + encode() + "\""; } /** * */ public String encode() { if (range.isUnbound()) return hostname; return hostname + ":" + range.encode(); } } |
