* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
private Access access;
private final TafResp puntNotDenied;
private static File dosIP, dosID;
-
+
/**
- *
+ *
* @param hostname
* @param prod
* @throws CadiException
return respDenyIP(access,ip);
}
}
-
+
// Note: Can't process Principal, because this is the first TAF, and no Principal is created.
// Other TAFs use "isDenied()" on this Object to validate.
return puntNotDenied;
}
/*
- * for use in Other TAFs, before they attempt backend validation of
+ * for use in Other TAFs, before they attempt backend validation of
*/
public static Counter isDeniedID(String identity) {
if (deniedID!=null) {
}
return null;
}
-
+
/**
- *
+ *
*/
public static Counter isDeniedIP(String ipvX) {
if (deniedIP!=null) {
/**
* Return of "True" means IP has been added.
* Return of "False" means IP already added.
- *
+ *
* @param ip
* @return
*/
}
return rv;
}
-
+
private static void writeIP() {
if (dosIP!=null && deniedIP!=null) {
if (deniedIP.isEmpty()) {
}
}
}
-
+
private static void readIP() {
if (dosIP!=null && dosIP.exists()) {
BufferedReader br;
/**
* Return of "True" means IP has was removed.
* Return of "False" means IP wasn't being denied.
- *
+ *
* @param ip
* @return
*/
/**
* Return of "True" means ID has been added.
* Return of "False" means ID already added.
- *
+ *
* @param ip
* @return
*/
if (deniedID==null) {
deniedID=new HashMap<>();
}
-
+
String line;
while ((line=br.readLine())!=null) {
deniedID.put(line, new Counter(line));
/**
* Return of "True" means ID has was removed.
* Return of "False" means ID wasn't being denied.
- *
+ *
* @param ip
* @return
*/
public static synchronized boolean removeDenyID(String id) {
- if (deniedID!=null && deniedID.remove(id)!=null) {
+ if (deniedID!=null && deniedID.remove(id)!=null) {
writeID();
if (deniedID.isEmpty()) {
deniedID=null;
}
return false;
}
-
+
public List<String> report() {
int initSize = 0;
if (deniedIP!=null)initSize+=deniedIP.size();
}
return al;
}
-
+
public static class Counter {
- private final String name;
+ private final String name;
private int count = 0;
private Date first;
private long last; // note, we use "last" as long, to avoid popping useless dates on Heap.
-
+
public Counter(String name) {
this.name = name;
first = null;
last = 0L;
count = 0;
}
-
+
public String getName() {
return name;
}
-
+
public int getCount() {
return count;
}
public long getLast() {
return last;
}
-
+
/*
* Only allow Denial of ServiceTaf to increment
*/
first = new Date(last);
}
}
-
+
public String toString() {
- if (count==0)
- return name + " is on the denied list, but has not attempted Access";
- else
- return
+ if (count==0)
+ return name + " is on the denied list, but has not attempted Access";
+ else
+ return
name +
" has been denied " +
count +
public static TafResp respDenyID(Access access, String identity) {
return new DenialOfServiceTafResp(access, RESP.NO_FURTHER_PROCESSING, identity + " is on the Identity Denial list");
}
-
+
public static TafResp respDenyIP(Access access, String ip) {
return new DenialOfServiceTafResp(access, RESP.NO_FURTHER_PROCESSING, ip + " is on the IP Denial list");
}
Code Review / aaf / authz.git / blobdiff