p62xrbca7/com/sun/jmx/snmp/IPAcl/AclImpl.java

/*
 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
 * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 *
 */


package com.sun.jmx.snmp.IPAcl;



import java.security.Principal;
import java.security.acl.Acl;
import java.security.acl.AclEntry;
import java.security.acl.NotOwnerException;

import java.io.Serializable;
import java.security.acl.Permission;
import java.util.Vector;
import java.util.Enumeration;


/**
 * Represent an Access Control List (ACL) which is used to guard access to http adaptor.
 * <P>
 * It is a data structure with multiple ACL entries. Each ACL entry, of interface type
 * AclEntry, contains a set of permissions and a set of communities associated with a
 * particular principal. (A principal represents an entity such as a host or a group of host).
 * Additionally, each ACL entry is specified as being either positive or negative.
 * If positive, the permissions are to be granted to the associated principal.
 * If negative, the permissions are to be denied.
 *
 * @see java.security.acl.Acl
 */

class AclImpl extends OwnerImpl implements Acl, Serializable {
  private static final long serialVersionUID = -2250957591085270029L;

  private Vector<AclEntry> entryList = null;
  private String aclName = null;

  /**
   * Constructs the ACL with a specified owner
   *
   * @param owner owner of the ACL.
   * @param name  name of this ACL.
   */
  public AclImpl (PrincipalImpl owner, String name) {
        super(owner);
        entryList = new Vector<>();
        aclName = name;
  }

  /**
   * Sets the name of this ACL.
   *
   * @param caller the principal invoking this method. It must be an owner
   *        of this ACL.
   * @param name the name to be given to this ACL.
   *
   * @exception NotOwnerException if the caller principal is not an owner
   *            of this ACL.
   * @see java.security.Principal
   */
  @Override
  public void setName(Principal caller, String name)
        throws NotOwnerException {
          if (!isOwner(caller))
                throw new NotOwnerException();
          aclName = name;
  }

  /**
   * Returns the name of this ACL.
   *
   * @return the name of this ACL.
   */
  @Override
  public String getName(){
        return aclName;
  }

  /**
   * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group)
   * with a set of permissions. Each principal can have at most one positive ACL entry
   * (specifying permissions to be granted to the principal) and one negative ACL entry
   * (specifying permissions to be denied). If there is already an ACL entry
   * of the same type (negative or positive) already in the ACL, false is returned.
   *
   * @param caller the principal invoking this method. It must be an owner
   *        of this ACL.
   * @param entry the ACL entry to be added to this ACL.
   * @return true on success, false if an entry of the same type (positive
   *       or negative) for the same principal is already present in this ACL.
   * @exception NotOwnerException if the caller principal is not an owner of
   *       this ACL.
   * @see java.security.Principal
   */
  @Override
  public boolean addEntry(Principal caller, AclEntry entry)
        throws NotOwnerException {
          if (!isOwner(caller))
                throw new NotOwnerException();

          if (entryList.contains(entry))
                return false;
          /*
                 for (Enumeration e = entryList.elements();e.hasMoreElements();){
                 AclEntry ent = (AclEntry) e.nextElement();
                 if (ent.getPrincipal().equals(entry.getPrincipal()))
                 return false;
                 }
                 */

          entryList.addElement(entry);
          return true;
  }

  /**
   * Removes an ACL entry from this ACL.
   *
   * @param caller the principal invoking this method. It must be an owner
   *        of this ACL.
   * @param entry the ACL entry to be removed from this ACL.
   * @return true on success, false if the entry is not part of this ACL.
   * @exception NotOwnerException if the caller principal is not an owner
   *   of this Acl.
   * @see java.security.Principal
   * @see java.security.acl.AclEntry
   */
  @Override
  public boolean removeEntry(Principal caller, AclEntry entry)
        throws NotOwnerException {
          if (!isOwner(caller))
                throw new NotOwnerException();

          return (entryList.removeElement(entry));
  }

  /**
   * Removes all ACL entries from this ACL.
   *
   * @param caller the principal invoking this method. It must be an owner
   *        of this ACL.
   * @exception NotOwnerException if the caller principal is not an owner of
   *        this Acl.
   * @see java.security.Principal
   */
  public void removeAll(Principal caller)
        throws NotOwnerException {
          if (!isOwner(caller))
                throw new NotOwnerException();
        entryList.removeAllElements();
  }

  /**
   * Returns an enumeration for the set of allowed permissions for
   * the specified principal
   * (representing an entity such as an individual or a group).
   * This set of allowed permissions is calculated as follows:
   * <UL>
   * <LI>If there is no entry in this Access Control List for the specified
   * principal, an empty permission set is returned.</LI>
   * <LI>Otherwise, the principal's group permission sets are determined.
   * (A principal can belong to one or more groups, where a group is a group
   * of principals, represented by the Group interface.)</LI>
   * </UL>
   * @param user the principal whose permission set is to be returned.
   * @return the permission set specifying the permissions the principal
   *     is allowed.
   * @see java.security.Principal
   */
  @Override
  public Enumeration<Permission> getPermissions(Principal user){
        Vector<Permission> empty = new Vector<>();
        for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
          AclEntry ent = e.nextElement();
          if (ent.getPrincipal().equals(user))
                return ent.permissions();
        }
        return empty.elements();
  }

  /**
   * Returns an enumeration of the entries in this ACL. Each element in the
   * enumeration is of type AclEntry.
   *
   * @return an enumeration of the entries in this ACL.
   */
  @Override
  public Enumeration<AclEntry> entries(){
        return entryList.elements();
  }

  /**
   * Checks whether or not the specified principal has the specified
   * permission.
   * If it does, true is returned, otherwise false is returned.
   * More specifically, this method checks whether the passed permission
   * is a member of the allowed permission set of the specified principal.
   * The allowed permission set is determined by the same algorithm as is
   * used by the getPermissions method.
   *
   * @param user the principal, assumed to be a valid authenticated Principal.
   * @param perm the permission to be checked for.
   * @return true if the principal has the specified permission,
   *         false otherwise.
   * @see java.security.Principal
   * @see java.security.Permission
   */
  @Override
  public boolean checkPermission(Principal user,
                                 java.security.acl.Permission perm) {
        for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
          AclEntry ent = e.nextElement();
          if (ent.getPrincipal().equals(user))
                if (ent.checkPermission(perm)) return true;
        }
        return false;
  }

  /**
   * Checks whether or not the specified principal has the specified
   * permission.
   * If it does, true is returned, otherwise false is returned.
   * More specifically, this method checks whether the passed permission
   * is a member of the allowed permission set of the specified principal.
   * The allowed permission set is determined by the same algorithm as is
   * used by the getPermissions method.
   *
   * @param user the principal, assumed to be a valid authenticated Principal.
   * @param community the community name associated with the principal.
   * @param perm the permission to be checked for.
   * @return true if the principal has the specified permission, false
   *        otherwise.
   * @see java.security.Principal
   * @see java.security.Permission
   */
  public boolean checkPermission(Principal user, String community,
                                 java.security.acl.Permission perm) {
        for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
          AclEntryImpl ent = (AclEntryImpl) e.nextElement();
          if (ent.getPrincipal().equals(user))
                if (ent.checkPermission(perm) && ent.checkCommunity(community)) return true;
        }
        return false;
  }

  /**
   * Checks whether or not the specified community string is defined.
   *
   * @param community the community name associated with the principal.
   *
   * @return true if the specified community string is defined, false
   *      otherwise.
   * @see java.security.Principal
   * @see java.security.Permission
   */
  public boolean checkCommunity(String community) {
        for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
          AclEntryImpl ent = (AclEntryImpl) e.nextElement();
          if (ent.checkCommunity(community)) return true;
        }
        return false;
  }

  /**
   * Returns a string representation of the ACL contents.
   *
   * @return a string representation of the ACL contents.
   */
  @Override
  public String toString(){
        return ("AclImpl: "+ getName());
  }
}