1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.cadi.aaf;
\r
26 import com.att.inno.env.util.Split;
\r
29 public class PermEval {
\r
30 public static final char START_REGEX_CHAR = '!';
\r
31 public static final char START_INST_KEY_CHAR=':';
\r
32 public static final char ALT_START_INST_KEY_CHAR='/';
\r
34 public static final char LIST_SEP = ',';
\r
35 public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();
\r
36 public static final String ASTERIX = "*";
\r
41 * Instance can be more complex. It can be a string, a Regular Expression, or a ":" separated Key
\r
42 * who's parts can also be a String, Regular Expression.
\r
44 * sInst = Server's Instance
\r
45 * In order to prevent false matches, keys must be the same length to count as equal
\r
46 * Changing this will break existing users, like Cassandra. 9-4-2015
\r
48 public static boolean evalInstance(String sInst, String pInst) {
\r
49 if(ASTERIX.equals(sInst)) return true; // If Server's String is "*", then it accepts every Instance
\r
50 char firstChar = pInst.charAt(0);
\r
51 char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;
\r
52 switch(pInst.charAt(0)) { // First char
\r
53 case START_REGEX_CHAR: // Evaluate as Regular Expression
\r
54 String pItem = pInst.substring(1);
\r
55 for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," definition in Action
\r
56 return sItem.matches(pItem);
\r
59 case START_INST_KEY_CHAR: // Evaluate a special Key field, i.e.:xyz:*:!df.*
\r
60 case ALT_START_INST_KEY_CHAR: // Also allow '/' as special Key Field, i.e. /xyz/*/!.*
\r
61 if(sInst.charAt(0)==startChar) { // To compare key-to-key, both strings must be keys
\r
62 String[] skeys=Split.split(startChar,sInst);
\r
63 String[] pkeys=Split.split(startChar,pInst);
\r
64 if(skeys.length!=pkeys.length) return false;
\r
66 boolean pass = true;
\r
67 for(int i=1;pass && i<skeys.length;++i) { // We start at 1, because the first one, being ":" is always ""
\r
68 if(ASTERIX.equals(skeys[i]))continue; // Server data accepts all for this key spot
\r
70 for(String sItem : Split.split(LIST_SEP,skeys[i])) { // allow for "," definition in Action
\r
71 if(pkeys[i].length()==0) {
\r
72 if(pass=sItem.length()==0) {
\r
73 break; // Both Empty, keep checking
\r
75 // } else if(pkeys[i].charAt(0)==START_REGEX_CHAR) {
\r
76 // if(pass=sItem.matches(pkeys[i].substring(1))) {
\r
77 // break; // Matches, keep checking
\r
79 } else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *
\r
80 if(pass=pkeys[i].matches(sItem.substring(1))) {
\r
81 break; // Matches, keep checking
\r
83 } else if(skeys[i].endsWith(ASTERIX)) {
\r
84 if(pass=endAsterixCompare(skeys[i],pkeys[i])) {
\r
88 if(pass=sItem.equals(pkeys[i]))
\r
89 break; // Equal, keep checking
\r
93 return pass; // return whether passed all key checks
\r
95 return false; // if first chars aren't the same, further String compare not necessary
\r
96 default: // Evaluate as String Compare
\r
97 for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," separator //TODO is this only for actions?
\r
98 if(sItem.endsWith(ASTERIX)) {
\r
99 if(endAsterixCompare(sInst, pInst));
\r
100 } else if(sItem.equals(pInst)) {
\r
108 private static boolean endAsterixCompare(String sInst, String pInst) {
\r
109 final int len = sInst.length()-1;
\r
110 if(pInst.length()<len) {
\r
113 for(int j=0;j<len;++j) {
\r
114 if(pInst.charAt(j)!=sInst.charAt(j)) {
\r
124 * sAction = Stored Action...
\r
125 * pAction = Present Action... the Permission to validate against.
\r
126 * Action is not quite as complex. But we write it in this function so it can be consistent
\r
128 public static boolean evalAction(String sAction,String pAction) {
\r
129 if(ASTERIX.equals(sAction))return true; // If Server's String is "*", then it accepts every Action
\r
130 for(String sItem : Split.split(LIST_SEP,sAction)) { // allow for "," definition in Action
\r
131 if (pAction.charAt(0)==START_REGEX_CHAR? // First char
\r
132 sItem.matches(pAction.substring(1)): // Evaluate as Regular Expression
\r
133 sItem.equals(pAction)) // Evaluate as String Compare
\r
140 * Split.split by Char
\r
142 * Note: I read the String Split.split and Pattern Split.split code, and we can do this more efficiently for a single Character
\r
Code Review / aaf / cadi.git / blob