X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Faaf%2FPermEval.java;h=498f1bf92addea71b5eab08699b92c0b92490788;hb=3d1706fcbe7f95830ff6fd23cf679ee55c6d0595;hp=75df4eab58af901d426bc9dfbef3deb25884bc24;hpb=ceda6e8bc270202bcb24340b86617110289c902e;p=aaf%2Fauthz.git

diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
index 75df4eab..498f1bf9 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/PermEval.java
@@ -25,116 +25,127 @@ import org.onap.aaf.misc.env.util.Split;
 
 
 public class PermEval {
-	public static final char START_REGEX_CHAR = '!';
-	public static final char START_INST_KEY_CHAR=':';
-	public static final char ALT_START_INST_KEY_CHAR='/';
+    public static final char START_REGEX_CHAR = '!';
+    public static final char START_INST_KEY_CHAR=':';
+    public static final char ALT_START_INST_KEY_CHAR='/';
 
-	public static final char LIST_SEP = ',';
-	public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();
-	public static final String ASTERIX = "*";
+    public static final char LIST_SEP = ',';
+    public static final String INST_KEY_REGEX = new StringBuilder().append(START_INST_KEY_CHAR).toString();
+    public static final String ASTERIX = "*";
 
-	/**
-	 * Evaluate Instance
-	 *
-	 * Instance can be more complex.  It can be a string, a Regular Expression, or a ":" separated Key
-	 * who's parts can also be a String, Regular Expression.
-	 *
-	 * sInst = Server's Instance
-	 * In order to prevent false matches, keys must be the same length to count as equal
-	 * Changing this will break existing users, like Cassandra.  Jonathan 9-4-2015
-	 */
-	public static boolean evalInstance(String sInst, String pInst) {
-		if(sInst == null || pInst == null) {
-			return false;
-		}
-		if (sInst == "" || pInst == "") {
-			return false;
-		}
-		if(ASTERIX.equals(sInst)) {
-			return true;			// If Server's String is "*", then it accepts every Instance
-		}
-		char firstChar = pInst.charAt(0);
-		char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;
-		switch(pInst.charAt(0)) {  						// First char
-			case START_REGEX_CHAR:							// Evaluate as Regular Expression
-				String pItem = pInst.substring(1);
-				String first = Split.split(LIST_SEP,sInst)[0]; 		// allow for "," definition in Action
-				return first.matches(pItem);
+    /**
+     * Evaluate Instance
+     *
+     * Instance can be more complex.  It can be a string, a Regular Expression, or a ":" separated Key
+     * who's parts can also be a String, Regular Expression.
+     *
+     * sInst = Server's Instance
+     * In order to prevent false matches, keys must be the same length to count as equal
+     * Changing this will break existing users, like Cassandra.  Jonathan 9-4-2015
+     */
+    public static boolean evalInstance(String sInst, String pInst) {
+        if (sInst == null || pInst == null) {
+            return false;
+        }
+        if (sInst == "" || pInst == "") {
+            return false;
+        }
+        if (ASTERIX.equals(sInst)) {
+            return true;            // If Server's String is "*", then it accepts every Instance
+        }
+        char firstChar = pInst.charAt(0);
+        char startChar = firstChar==ALT_START_INST_KEY_CHAR?ALT_START_INST_KEY_CHAR:START_INST_KEY_CHAR;
+        switch(pInst.charAt(0)) {                          // First char
+            case START_REGEX_CHAR:                            // Evaluate as Regular Expression
+                String pItem = pInst.substring(1);
+                String first = Split.split(LIST_SEP,sInst)[0];         // allow for "," definition in Action
+                return first.matches(pItem);
 
-			case START_INST_KEY_CHAR:						// Evaluate a special Key field, i.e.:xyz:*:!df.*
-			case ALT_START_INST_KEY_CHAR:					// Also allow '/' as special Key Field, i.e. /xyz/*/!.*
-				if(sInst.charAt(0)==startChar) {  // To compare key-to-key, both strings must be keys
-					String[] skeys=Split.split(startChar,sInst);
-					String[] pkeys=Split.split(startChar,pInst);
-					if(skeys.length!=pkeys.length) return false;
+            case START_INST_KEY_CHAR:                        // Evaluate a special Key field, i.e.:xyz:*:!df.*
+            case ALT_START_INST_KEY_CHAR:                    // Also allow '/' as special Key Field, i.e. /xyz/*/!.*
+                if (sInst.charAt(0)==startChar) {  // To compare key-to-key, both strings must be keys
+                    String[] skeys=Split.split(startChar,sInst);
+                    String[] pkeys=Split.split(startChar,pInst);
+                    if (pkeys.length<skeys.length) {
+                        return false;
+                    } else if(pkeys.length > skeys.length && 
+                             (skeys.length==0 || !ASTERIX.equals(skeys[skeys.length-1]))) {
+                           return false;
+                    }
 
-					boolean pass = true;
-					for(int i=1;pass && i<skeys.length;++i) {  				// We start at 1, because the first one, being ":" is always ""
-						if(ASTERIX.equals(skeys[i]))continue;   			// Server data accepts all for this key spot
-						pass = false;
-						for(String sItem : Split.split(LIST_SEP,skeys[i])) {		// allow for "," definition in Action
-							if(pkeys[i].length()==0) {
-								if(pass=sItem.length()==0) {
-									break;  								// Both Empty, keep checking
-								}
-							} else if(sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *
-								if(pass=pkeys[i].matches(sItem.substring(1))) {
-									break;  								// Matches, keep checking
-								}
-							} else if(skeys[i].endsWith(ASTERIX)) {
-								if(pass=endAsterixCompare(skeys[i],pkeys[i])) {
-									break;
-								}
-							} else if(pass=sItem.equals(pkeys[i])) {
-								break;   								// Equal, keep checking
-							}
-						}
-					}
-					return pass; 											// return whether passed all key checks
-				}
-				return false; 								// if first chars aren't the same, further String compare not necessary
-			default:										// Evaluate as String Compare
-				for(String sItem : Split.split(LIST_SEP,sInst)) {	// allow for "," separator //TODO is this only for actions?
-					if((sItem.endsWith(ASTERIX)) && (endAsterixCompare(sInst, pInst))) {
-						return true;
-					} else if(sItem.equals(pInst)) {
-						return true;
-					}
-				}
-				return false;
-		}
-	}
+                    boolean pass = true;
+                    for (int i=1;pass && i<skeys.length;++i) {                  // We start at 1, because the first one, being ":" is always ""
+                        if (ASTERIX.equals(skeys[i])) {
+                            if(i==skeys.length-1) {
+                                // accept all after
+                                return true;
+                            }
+                            continue;               // Server data accepts all for this key spot
+                        }
+                        pass = false;
+                        for (String sItem : Split.split(LIST_SEP,skeys[i])) {        // allow for "," definition in Action
+                            if (pkeys[i].length()==0) {
+                                if (pass=sItem.length()==0) {
+                                    break;                                  // Both Empty, keep checking
+                                }
+                            } else if (sItem.length()>0 && sItem.charAt(0)==START_REGEX_CHAR) { // Check Server side when wildcarding like *
+                                if (pass=pkeys[i].matches(sItem.substring(1))) {
+                                    break;                                  // Matches, keep checking
+                                }
+                            } else if (skeys[i].endsWith(ASTERIX)) {
+                                if (pass=endAsterixCompare(skeys[i],pkeys[i])) {
+                                    break;
+                                }
+                            } else if (pass=sItem.equals(pkeys[i])) {
+                                break;                                   // Equal, keep checking
+                            }
+                        }
+                    }
+                    return pass;                                             // return whether passed all key checks
+                }
+                return false;                                 // if first chars aren't the same, further String compare not necessary
+            default:                                        // Evaluate as String Compare
+                for (String sItem : Split.split(LIST_SEP,sInst)) {    // allow for "," separator //TODO is this only for actions?
+                    if ((sItem.endsWith(ASTERIX)) && (endAsterixCompare(sInst, pInst))) {
+                        return true;
+                    } else if (sItem.equals(pInst)) {
+                        return true;
+                    }
+                }
+                return false;
+        }
+    }
 
-	 private static boolean endAsterixCompare(String sInst, String pInst) {
-		final int len = sInst.length()-1;
-		if(pInst.length()<len) {
-			return false;
-		}
-		for(int j=0;j<len;++j) {
-			if(pInst.charAt(j)!=sInst.charAt(j)) {
-				return false;
-			}
-		}
-		return true;
-	}
+     private static boolean endAsterixCompare(String sInst, String pInst) {
+        final int len = sInst.length()-1;
+        if (pInst.length()<len) {
+            return false;
+        }
+        for (int j=0;j<len;++j) {
+            if (pInst.charAt(j)!=sInst.charAt(j)) {
+                return false;
+            }
+        }
+        return true;
+    }
 
-	/**
-	 * Evaluate Action
-	 *
-	 * sAction = Stored Action...
-	 * pAction = Present Action... the Permission to validate against.
-	 * Action is not quite as complex.  But we write it in this function so it can be consistent
-	 */
-	public static boolean evalAction(String sAction,String pAction) {
-		if(ASTERIX.equals(sAction))return true;  		     // If Server's String is "*", then it accepts every Action
-		if(pAction == "") return false;
-		for(String sItem : Split.split(LIST_SEP,sAction)) {		 // allow for "," definition in Action
-			if (pAction.charAt(0)==START_REGEX_CHAR?       // First char
-					sItem.matches(pAction.substring(1)):   // Evaluate as Regular Expression
-					sItem.equals(pAction))                 // Evaluate as String Compare
-				return true;
-		}
-		return false;
-	}
+    /**
+     * Evaluate Action
+     *
+     * sAction = Stored Action...
+     * pAction = Present Action... the Permission to validate against.
+     * Action is not quite as complex.  But we write it in this function so it can be consistent
+     */
+    public static boolean evalAction(String sAction,String pAction) {
+        if (ASTERIX.equals(sAction))return true;               // If Server's String is "*", then it accepts every Action
+        if (pAction == "") return false;
+        for (String sItem : Split.split(LIST_SEP,sAction)) {         // allow for "," definition in Action
+            if (pAction.charAt(0)==START_REGEX_CHAR?       // First char
+                    sItem.matches(pAction.substring(1)):   // Evaluate as Regular Expression
+                    sItem.equals(pAction))                 // Evaluate as String Compare
+                return true;
+        }
+        return false;
+    }
 
 }