+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package com.att.cadi.aaf;\r
-\r
-import com.att.inno.env.util.Split;\r
-\r
-\r
-public class PermEval {\r
- public static final char START_REGEX_CHAR = '!';\r
- public static final char START_INST_KEY_CHAR=':';\r
- public static final char ALT_START_INST_KEY_CHAR='/';\r
- \r
- public static final char LIST_SEP = ',';\r
- public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();\r
- public static final String ASTERIX = "*";\r
- \r
- /**\r
- * Evaluate Instance\r
- * \r
- * Instance can be more complex. It can be a string, a Regular Expression, or a ":" separated Key \r
- * who's parts can also be a String, Regular Expression.\r
- * \r
- * sInst = Server's Instance\r
- * In order to prevent false matches, keys must be the same length to count as equal\r
- * Changing this will break existing users, like Cassandra. 9-4-2015\r
- */\r
- public static boolean evalInstance(String sInst, String pInst) {\r
- if(ASTERIX.equals(sInst)) return true; // If Server's String is "*", then it accepts every Instance\r
- char firstChar = pInst.charAt(0);\r
- char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;\r
- switch(pInst.charAt(0)) { // First char\r
- case START_REGEX_CHAR: // Evaluate as Regular Expression\r
- String pItem = pInst.substring(1);\r
- for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," definition in Action\r
- return sItem.matches(pItem);\r
- }\r
- \r
- case START_INST_KEY_CHAR: // Evaluate a special Key field, i.e.:xyz:*:!df.*\r
- case ALT_START_INST_KEY_CHAR: // Also allow '/' as special Key Field, i.e. /xyz/*/!.*\r
- if(sInst.charAt(0)==startChar) { // To compare key-to-key, both strings must be keys\r
- String[] skeys=Split.split(startChar,sInst);\r
- String[] pkeys=Split.split(startChar,pInst);\r
- if(skeys.length!=pkeys.length) return false;\r
- \r
- boolean pass = true;\r
- for(int i=1;pass && i<skeys.length;++i) { // We start at 1, because the first one, being ":" is always ""\r
- if(ASTERIX.equals(skeys[i]))continue; // Server data accepts all for this key spot\r
- pass = false;\r
- for(String sItem : Split.split(LIST_SEP,skeys[i])) { // allow for "," definition in Action\r
- if(pkeys[i].length()==0) {\r
- if(pass=sItem.length()==0) {\r
- break; // Both Empty, keep checking\r
- }\r
-// } else if(pkeys[i].charAt(0)==START_REGEX_CHAR) { \r
-// if(pass=sItem.matches(pkeys[i].substring(1))) {\r
-// break; // Matches, keep checking\r
-// }\r
- } else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *\r
- if(pass=pkeys[i].matches(sItem.substring(1))) {\r
- break; // Matches, keep checking\r
- }\r
- } else if(skeys[i].endsWith(ASTERIX)) {\r
- if(pass=endAsterixCompare(skeys[i],pkeys[i])) {\r
- break;\r
- }\r
- } else {\r
- if(pass=sItem.equals(pkeys[i]))\r
- break; // Equal, keep checking\r
- }\r
- }\r
- }\r
- return pass; // return whether passed all key checks\r
- }\r
- return false; // if first chars aren't the same, further String compare not necessary\r
- default: // Evaluate as String Compare\r
- for(String sItem : Split.split(LIST_SEP,sInst)) { // allow for "," separator //TODO is this only for actions?\r
- if(sItem.endsWith(ASTERIX)) {\r
- if(endAsterixCompare(sInst, pInst));\r
- } else if(sItem.equals(pInst)) {\r
- return true;\r
- }\r
- }\r
- return false;\r
- }\r
- }\r
- \r
- private static boolean endAsterixCompare(String sInst, String pInst) {\r
- final int len = sInst.length()-1;\r
- if(pInst.length()<len) {\r
- return false;\r
- }\r
- for(int j=0;j<len;++j) {\r
- if(pInst.charAt(j)!=sInst.charAt(j)) {\r
- return false;\r
- }\r
- }\r
- return true;\r
- }\r
-\r
- /**\r
- * Evaluate Action\r
- * \r
- * sAction = Stored Action...\r
- * pAction = Present Action... the Permission to validate against.\r
- * Action is not quite as complex. But we write it in this function so it can be consistent\r
- */\r
- public static boolean evalAction(String sAction,String pAction) {\r
- if(ASTERIX.equals(sAction))return true; // If Server's String is "*", then it accepts every Action\r
- for(String sItem : Split.split(LIST_SEP,sAction)) { // allow for "," definition in Action\r
- if (pAction.charAt(0)==START_REGEX_CHAR? // First char\r
- sItem.matches(pAction.substring(1)): // Evaluate as Regular Expression\r
- sItem.equals(pAction)) // Evaluate as String Compare\r
- return true;\r
- } \r
- return false;\r
- }\r
- \r
- /**\r
- * Split.split by Char\r
- * \r
- * Note: I read the String Split.split and Pattern Split.split code, and we can do this more efficiently for a single Character\r
- */\r
-\r
-}\r