AddressMask.java revision d70586b00b9530ab99ab4b8f003e9a54793e419f
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at legal-notices/CDDLv1_0.txt.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information:
* Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*
*
* Copyright 2006-2009 Sun Microsystems, Inc.
* Portions copyright 2011-2013 ForgeRock AS
*/
/**
* This class defines an address mask, which can be used to perform efficient
* comparisons against IP addresses to determine whether a particular IP address
* is in a given range.
*/
public final class AddressMask {
/**
* Types of rules we have. IPv4 - ipv4 rule IPv6 - ipv6 rule (begin with '['
* or contains an ':'). HOST - hostname match (foo.sun.com) HOSTPATTERN -
* host pattern match (begin with '.') ALLWILDCARD - *.*.*.* (first HOST is
* applied then ipv4)
*/
enum RuleType {
}
// IPv4 values for number of bytes and max CIDR prefix
private static final int IN4ADDRSZ = 4;
private static final int IPV4MAXPREFIX = 32;
// IPv6 values for number of bytes and max CIDR prefix
private static final int IN6ADDRSZ = 16;
private static final int IPV6MAXPREFIX = 128;
/**
* Decodes the provided string as an address mask.
*
* @param maskString
* The string to decode as an address mask.
* @return AddressMask The address mask decoded from the provided string.
* @throws ConfigException
* If the provided string cannot be decoded as an address mask.
*/
return new AddressMask(maskString);
}
/**
* Indicates whether provided address matches one of the address masks in
* the provided collection.
*
* @param address
* The address to check.
* @param masks
* A collection of address masks to check.
* @return <CODE>true</CODE> if the provided address matches one of the
* given address masks, or <CODE>false</CODE> if it does not.
*/
public static boolean maskListContains(final InetAddress address, final Collection<AddressMask> masks) {
return true;
}
}
}
return false;
}
// Array that holds each component of a hostname.
// Holds a hostname pattern (ie, rule that begins with '.');'
private String hostPattern;
// Holds binary representations of rule and mask respectively.
private byte[] ruleMask, prefixMask;
// Holds string passed into the constructor.
private final String ruleString;
// Type of rule determined
// Bit array that holds wildcard info for above binary arrays.
/**
* Address mask constructor.
*
* @param rule
* The rule string to process.
* @throws ConfigException
* If the rule string is not valid.
*/
switch (ruleType) {
case IPv6:
break;
case IPv4:
break;
case HOST:
break;
case HOSTPATTERN:
break;
case ALLWILDCARD:
}
ruleString = rule;
}
/**
* Retrieves a string representation of this address mask.
*
* @return A string representation of this address mask.
*/
return ruleString;
}
/**
* Try to determine what type of rule string this is. See RuleType above for
* valid types.
*
* @param ruleString
* The rule string to be examined.
* @throws ConfigException
* If the rule type cannot be determined from the rule string.
*/
// Rule ending with '.' is invalid'
throw new ConfigException(message);
} else {
int wildCount = 0;
/*
* Try to figure out how many wildcards and if the rule is hostname
* (can't begin with digit) or ipv4 address. Default to IPv4
* ruletype.
*/
wildCount++;
continue;
}
// Looks like an ipv4 address
break;
}
}
// All wildcards (*.*.*.*)
}
}
}
/**
* Main match function that determines which rule-type match function to
* use.
*
* @param address
* The address to check.
* @return <CODE>true</CODE>if one of the match functions found a match or
* <CODE>false</CODE>if not.
*/
boolean ret = false;
switch (ruleType) {
case IPv6:
case IPv4:
// this Address mask is an IPv4 rule
break;
case HOST:
// HOST rule use hostname
break;
case HOSTPATTERN:
// HOSTPATTERN rule
break;
case ALLWILDCARD:
// first try ipv4 addr match, then hostname
if (!ret) {
}
break;
}
return ret;
}
/**
* Try to match remote client address using prefix mask and rule mask.
*
* @param remoteMask
* The byte array with remote client address.
* @return <CODE>true</CODE> if remote client address matches or
* <CODE>false</CODE>if not.
*/
private boolean matchAddress(final byte[] remoteMask) {
return true;
}
if (prefixMask == null) {
return false;
}
return false;
}
return false;
}
}
}
return true;
}
/**
* Try to match remote client host name against rule host name.
*
* @param remoteHostName
* The remote host name string.
* @return <CODE>true</CODE>if the remote client host name matches
* <CODE>false</CODE> if it does not.
*/
return false;
}
return true;
}
for (int i = 0; i < s.length; i++) {
// skip if wildcard
if (!s[i].equalsIgnoreCase(hostName[i])) {
return false;
}
}
}
return true;
}
/**
* Try to match remote host name string against the pattern rule.
*
* @param remoteHostName
* The remote client host name.
* @return <CODE>true</CODE>if the remote host name matches or
* <CODE>false</CODE>if not.
*/
}
/**
* Build the prefix mask of prefix len bits set in the array.
*
* @param prefix
* The len of the prefix to use.
*/
private void prefixMask(int prefix) {
int i;
this.prefixMask[i] = (byte) 0xff;
prefix -= 8;
}
}
/**
* The rule string is all wildcards. Set both address wildcard bitmask and
* hostname wildcard array.
*
* @param rule
* The rule string containing all wildcards.
*/
for (int i = 0; i < IN4ADDRSZ; i++) {
}
}
}
/**
* Examine rule string and build a hostname string array of its parts.
*
* @param rule
* The rule string.
* @throws ConfigException
* If the rule string is not a valid host name.
*/
// Note that '*' is valid in host rule
if (s.length > 0) {
throw new ConfigException(message);
}
}
/**
* Examine the rule string of a host pattern and set the host pattern from
* the rule.
*
* @param rule
* The rule string to examine.
* @throws ConfigException
* If the rule string is not a valid host pattern rule.
*/
// quick check for invalid chars like " "
if (s.length > 0) {
throw new ConfigException(message);
}
hostPattern = rule;
}
/**
* The rule string is an IPv4 rule. Build both the prefix mask array and
* rule mask from the string.
*
* @param rule
* The rule string containing the IPv4 rule.
* @throws ConfigException
* If the rule string is not a valid IPv4 rule.
*/
this.prefixMask = new byte[IN4ADDRSZ];
}
/**
* Examine the subnet part of a rule string and build a byte array
* representation of it.
*
* @param subnet
* The subnet string part of the rule.
* @throws ConfigException
* If the subnet string is not a valid IPv4 subnet string.
*/
try {
// Make sure we have four parts
throw new ConfigException(message);
}
for (int i = 0; i < IN4ADDRSZ; i++) {
} else {
// must be between 0-255
throw new ConfigException(message);
}
}
}
} catch (final NumberFormatException nfex) {
throw new ConfigException(message);
}
}
/**
* The rule string is an IPv6 rule. Build both the prefix mask array and
* rule mask from the string.
*
* @param rule
* The rule string containing the IPv6 rule.
* @throws ConfigException
* If the rule string is not a valid IPv6 rule.
*/
try {
} catch (final UnknownHostException ex) {
throw new ConfigException(message);
}
if (addr instanceof Inet6Address) {
this.prefixMask = new byte[IN6ADDRSZ];
} else {
/*
* The address might be an IPv4-compat address. Throw an error if
* the rule has a prefix.
*/
if (s.length == 2) {
throw new ConfigException(message);
}
this.prefixMask = new byte[IN4ADDRSZ];
}
}
/**
* Examine rule string for correct prefix usage.
*
* @param s
* The string array with rule string add and prefix strings.
* @param maxPrefix
* The max value the prefix can be.
* @return The prefix integer value.
* @throws ConfigException
* If the string array and prefix are not valid.
*/
try {
// can only have one prefix value and a subnet string
throw new ConfigException(message);
} else if (s.length == 2) {
// can't have wildcard with a prefix
throw new ConfigException(message);
}
}
// must be between 0-maxprefix
throw new ConfigException(message);
}
} catch (final NumberFormatException nfex) {
throw new ConfigException(msg);
}
return prefix;
}
}