X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2FPermEval.java;h=3e8d6f97ec379f396831b8aae92fec263502fb11;hb=c353159903bf9c7f3f4426e66cad9af2c657fb1d;hp=f64eb276e2906e3fb7a45660d82da6c1598762e4;hpb=4b5a7d721d994a49057e9bfb403c7bff1b376660;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
index f64eb276..3e8d6f97 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
@@ -30,7 +30,6 @@ public class PermEval {
     public static final char ALT_START_INST_KEY_CHAR='/';
 
     public static final char LIST_SEP = ',';
-    public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();
     public static final String ASTERIX = "*";
 
     /**
@@ -44,13 +43,13 @@ public class PermEval {
      * Changing this will break existing users, like Cassandra.  Jonathan 9-4-2015
      */
     public static boolean evalInstance(String sInst, String pInst) {
-        if(sInst == null || pInst == null) {
+        if (sInst == null || pInst == null) {
             return false;
         }
-        if (sInst == "" || pInst == "") {
+        if (sInst.equals("") || pInst.equals("")) {
             return false;
         }
-        if(ASTERIX.equals(sInst)) {
+        if (ASTERIX.equals(sInst)) {
             return true;            // If Server's String is "*", then it accepts every Instance
         }
         char firstChar = pInst.charAt(0);
@@ -63,29 +62,40 @@ public class PermEval {
 
             case START_INST_KEY_CHAR:                        // Evaluate a special Key field, i.e.:xyz:*:!df.*
             case ALT_START_INST_KEY_CHAR:                    // Also allow '/' as special Key Field, i.e. /xyz/*/!.*
-                if(sInst.charAt(0)==startChar) {  // To compare key-to-key, both strings must be keys
+                if (sInst.charAt(0)==startChar) {  // To compare key-to-key, both strings must be keys
                     String[] skeys=Split.split(startChar,sInst);
                     String[] pkeys=Split.split(startChar,pInst);
-                    if(skeys.length!=pkeys.length) return false;
+                    if (pkeys.length<skeys.length) {
+                        return false;
+                    } else if(pkeys.length > skeys.length &&
+                             (skeys.length==0 || !ASTERIX.equals(skeys[skeys.length-1]))) {
+                           return false;
+                    }
 
                     boolean pass = true;
-                    for(int i=1;pass && i<skeys.length;++i) {                  // We start at 1, because the first one, being ":" is always ""
-                        if(ASTERIX.equals(skeys[i]))continue;               // Server data accepts all for this key spot
+                    for (int i=1;pass && i<skeys.length;++i) {                  // We start at 1, because the first one, being ":" is always ""
+                        if (ASTERIX.equals(skeys[i])) {
+                            if(i==skeys.length-1) {
+                                // accept all after
+                                return true;
+                            }
+                            continue;               // Server data accepts all for this key spot
+                        }
                         pass = false;
-                        for(String sItem : Split.split(LIST_SEP,skeys[i])) {        // allow for "," definition in Action
-                            if(pkeys[i].length()==0) {
-                                if(pass=sItem.length()==0) {
+                        for (String sItem : Split.split(LIST_SEP,skeys[i])) {        // allow for "," definition in Action
+                            if (pkeys[i].length()==0) {
+                                if (pass=sItem.length()==0) {
                                     break;                                  // Both Empty, keep checking
                                 }
-                            } else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *
-                                if(pass=pkeys[i].matches(sItem.substring(1))) {
+                            } else if (sItem.length()>0 && sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *
+                                if (pass=pkeys[i].matches(sItem.substring(1))) {
                                     break;                                  // Matches, keep checking
                                 }
-                            } else if(skeys[i].endsWith(ASTERIX)) {
-                                if(pass=endAsterixCompare(skeys[i],pkeys[i])) {
+                            } else if (skeys[i].endsWith(ASTERIX)) {
+                                if (pass=endAsterixCompare(skeys[i],pkeys[i])) {
                                     break;
                                 }
-                            } else if(pass=sItem.equals(pkeys[i])) {
+                            } else if (pass=sItem.equals(pkeys[i])) {
                                 break;                                   // Equal, keep checking
                             }
                         }
@@ -94,10 +104,10 @@ public class PermEval {
                 }
                 return false;                                 // if first chars aren't the same, further String compare not necessary
             default:                                        // Evaluate as String Compare
-                for(String sItem : Split.split(LIST_SEP,sInst)) {    // allow for "," separator //TODO is this only for actions?
-                    if((sItem.endsWith(ASTERIX)) && (endAsterixCompare(sInst, pInst))) {
+                for (String sItem : Split.split(LIST_SEP,sInst)) {    // allow for "," separator //TODO is this only for actions?
+                    if ((sItem.endsWith(ASTERIX)) && (endAsterixCompare(sInst, pInst))) {
                         return true;
-                    } else if(sItem.equals(pInst)) {
+                    } else if (sItem.equals(pInst)) {
                         return true;
                     }
                 }
@@ -107,11 +117,11 @@ public class PermEval {
 
      private static boolean endAsterixCompare(String sInst, String pInst) {
         final int len = sInst.length()-1;
-        if(pInst.length()<len) {
+        if (pInst.length()<len) {
             return false;
         }
-        for(int j=0;j<len;++j) {
-            if(pInst.charAt(j)!=sInst.charAt(j)) {
+        for (int j=0;j<len;++j) {
+            if (pInst.charAt(j)!=sInst.charAt(j)) {
                 return false;
             }
         }
@@ -126,9 +136,9 @@ public class PermEval {
      * Action is not quite as complex.  But we write it in this function so it can be consistent
      */
     public static boolean evalAction(String sAction,String pAction) {
-        if(ASTERIX.equals(sAction))return true;               // If Server's String is "*", then it accepts every Action
-        if(pAction == "") return false;
-        for(String sItem : Split.split(LIST_SEP,sAction)) {         // allow for "," definition in Action
+        if (ASTERIX.equals(sAction)) return true;               // If Server's String is "*", then it accepts every Action
+        if (pAction.equals("")) return false;
+        for (String sItem : Split.split(LIST_SEP,sAction)) {         // allow for "," definition in Action
             if (pAction.charAt(0)==START_REGEX_CHAR?       // First char
                     sItem.matches(pAction.substring(1)):   // Evaluate as Regular Expression
                     sItem.equals(pAction))                 // Evaluate as String Compare