From c313c5fdcb815c7f1579f250814a498506fb5c07 Mon Sep 17 00:00:00 2001
From: Matthew Swift <matthew.swift@forgerock.com>
Date: Thu, 23 Jan 2014 18:32:14 +0000
Subject: [PATCH] OPENDJ-1235: Migrate configuration framework
---
opendj3-server-dev/resource/admin/property-types/ip-address-mask.xsl | 2
/dev/null | 364 ----------------------------------------------------
opendj3-server-dev/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java | 5
opendj3-server-dev/src/server/org/opends/server/admin/AdministrationConnector.java | 5
opendj3-server-dev/src/server/org/opends/server/admin/PropertyValueVisitor.java | 2
opendj3-server-dev/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java | 5
opendj3-server-dev/src/server/org/opends/server/admin/IPAddressMaskPropertyDefinition.java | 8
opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java | 6
opendj3-server-dev/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java | 6
opendj3-server-dev/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java | 5
10 files changed, 24 insertions(+), 384 deletions(-)
diff --git a/opendj3-server-dev/resource/admin/property-types/ip-address-mask.xsl b/opendj3-server-dev/resource/admin/property-types/ip-address-mask.xsl
index 6984e31..5dd3cdd 100644
--- a/opendj3-server-dev/resource/admin/property-types/ip-address-mask.xsl
+++ b/opendj3-server-dev/resource/admin/property-types/ip-address-mask.xsl
@@ -29,7 +29,7 @@
Templates for processing IP address mask properties.
-->
<xsl:template match="adm:ip-address-mask" mode="java-value-imports">
- <import>org.opends.server.types.AddressMask</import>
+ <import>org.forgerock.opendj.ldap.AddressMask</import>
</xsl:template>
<xsl:template match="adm:ip-address-mask" mode="java-value-type">
<xsl:value-of select="'AddressMask'" />
diff --git a/opendj3-server-dev/src/server/org/opends/server/admin/AdministrationConnector.java b/opendj3-server-dev/src/server/org/opends/server/admin/AdministrationConnector.java
index a67281a..ea9e3a4 100644
--- a/opendj3-server-dev/src/server/org/opends/server/admin/AdministrationConnector.java
+++ b/opendj3-server-dev/src/server/org/opends/server/admin/AdministrationConnector.java
@@ -29,6 +29,7 @@
import static org.opends.server.loggers.ErrorLogger.logError;
import static org.opends.server.loggers.debug.DebugLogger.*;
import static org.opends.messages.AdminMessages.*;
+
import java.io.File;
import java.io.FileWriter;
import java.io.PrintWriter;
@@ -37,7 +38,10 @@
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;
+
import javax.naming.ldap.Rdn;
+
+import org.forgerock.opendj.ldap.AddressMask;
import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.server.ServerManagementContext;
@@ -53,7 +57,6 @@
import org.opends.server.config.ConfigException;
import org.opends.server.core.SynchronousStrategy;
import org.opends.server.protocols.ldap.LDAPConnectionHandler;
-import org.opends.server.types.AddressMask;
import org.opends.server.types.ConfigChangeResult;
import org.opends.server.types.DN;
import org.opends.server.types.InitializationException;
diff --git a/opendj3-server-dev/src/server/org/opends/server/admin/IPAddressMaskPropertyDefinition.java b/opendj3-server-dev/src/server/org/opends/server/admin/IPAddressMaskPropertyDefinition.java
index 27cfcfa..f071d50 100644
--- a/opendj3-server-dev/src/server/org/opends/server/admin/IPAddressMaskPropertyDefinition.java
+++ b/opendj3-server-dev/src/server/org/opends/server/admin/IPAddressMaskPropertyDefinition.java
@@ -33,8 +33,8 @@
import java.util.EnumSet;
-import org.opends.server.config.ConfigException;
-import org.opends.server.types.AddressMask;
+import org.forgerock.i18n.LocalizedIllegalArgumentException;
+import org.forgerock.opendj.ldap.AddressMask;
@@ -127,8 +127,8 @@
ifNull(value);
try {
- return AddressMask.decode(value);
- } catch (ConfigException e) {
+ return AddressMask.valueOf(value);
+ } catch (LocalizedIllegalArgumentException e) {
// TODO: it would be nice to throw the cause.
throw PropertyException.illegalPropertyValueException(this, value);
}
diff --git a/opendj3-server-dev/src/server/org/opends/server/admin/PropertyValueVisitor.java b/opendj3-server-dev/src/server/org/opends/server/admin/PropertyValueVisitor.java
index b478cfc..eac199a 100644
--- a/opendj3-server-dev/src/server/org/opends/server/admin/PropertyValueVisitor.java
+++ b/opendj3-server-dev/src/server/org/opends/server/admin/PropertyValueVisitor.java
@@ -30,7 +30,7 @@
import java.net.InetAddress;
-import org.opends.server.types.AddressMask;
+import org.forgerock.opendj.ldap.AddressMask;
import org.opends.server.types.AttributeType;
import org.opends.server.types.DN;
import org.opends.server.authorization.dseecompat.Aci;
diff --git a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java
index 26a1239..ee2aedf 100644
--- a/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java
+++ b/opendj3-server-dev/src/server/org/opends/server/core/networkgroups/IPConnectionCriteria.java
@@ -31,8 +31,8 @@
import java.net.InetAddress;
import java.util.Collection;
+import org.forgerock.opendj.ldap.AddressMask;
import org.opends.server.api.ClientConnection;
-import org.opends.server.types.AddressMask;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.DN;
@@ -79,13 +79,13 @@
InetAddress ipAddr = connection.getRemoteAddress();
if (!deniedClients.isEmpty()
- && AddressMask.maskListContains(ipAddr, deniedClients))
+ && AddressMask.matchesAny(deniedClients, ipAddr))
{
return false;
}
if (!allowedClients.isEmpty()
- && !AddressMask.maskListContains(ipAddr, allowedClients))
+ && !AddressMask.matchesAny(allowedClients, ipAddr))
{
return false;
}
diff --git a/opendj3-server-dev/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java b/opendj3-server-dev/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java
index 8d9ec9d..df0b1b8 100644
--- a/opendj3-server-dev/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java
+++ b/opendj3-server-dev/src/server/org/opends/server/loggers/AbstractTextAccessLogPublisher.java
@@ -53,6 +53,7 @@
import org.opends.server.core.*;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.types.*;
+import org.forgerock.opendj.ldap.AddressMask;
import org.forgerock.opendj.ldap.ByteString;
/**
@@ -364,12 +365,12 @@
// Check client address.
final InetAddress ipAddr = connection.getRemoteAddress();
if (!clientAddressNotEqualTo.isEmpty()
- && AddressMask.maskListContains(ipAddr, clientAddressNotEqualTo))
+ && AddressMask.matchesAny(clientAddressNotEqualTo, ipAddr))
{
return false;
}
if (!clientAddressEqualTo.isEmpty()
- && !AddressMask.maskListContains(ipAddr, clientAddressEqualTo))
+ && !AddressMask.matchesAny(clientAddressEqualTo, ipAddr))
{
return false;
}
diff --git a/opendj3-server-dev/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java b/opendj3-server-dev/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
index 8bd6ce9..1e0ead7 100644
--- a/opendj3-server-dev/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
+++ b/opendj3-server-dev/src/server/org/opends/server/protocols/http/CollectClientConnectionsFilter.java
@@ -52,7 +52,6 @@
import org.opends.server.admin.std.server.ConnectionHandlerCfg;
import org.opends.server.loggers.debug.DebugTracer;
import org.opends.server.schema.SchemaConstants;
-import org.opends.server.types.AddressMask;
import org.opends.server.types.DebugLogLevel;
import org.opends.server.types.DisconnectReason;
import org.opends.server.util.Base64;
@@ -401,7 +400,7 @@
Collection<AddressMask> allowedClients = config.getAllowedClient();
Collection<AddressMask> deniedClients = config.getDeniedClient();
if (!deniedClients.isEmpty()
- && AddressMask.maskListContains(clientAddr, deniedClients))
+ && AddressMask.matchesAny(deniedClients, clientAddr))
{
clientConnection.disconnect(DisconnectReason.CONNECTION_REJECTED, false,
ERR_CONNHANDLER_DENIED_CLIENT.get(clientConnection
@@ -412,7 +411,7 @@
// there is whether the client is on that list. If
// not, then reject the connection.
if (!allowedClients.isEmpty()
- && !AddressMask.maskListContains(clientAddr, allowedClients))
+ && !AddressMask.matchesAny(allowedClients, clientAddr))
{
clientConnection.disconnect(DisconnectReason.CONNECTION_REJECTED, false,
ERR_CONNHANDLER_DISALLOWED_CLIENT.get(clientConnection
diff --git a/opendj3-server-dev/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java b/opendj3-server-dev/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
index 037de4a..43c0faf 100644
--- a/opendj3-server-dev/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
+++ b/opendj3-server-dev/src/server/org/opends/server/protocols/ldap/LDAPConnectionHandler.java
@@ -46,6 +46,7 @@
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import org.forgerock.opendj.ldap.AddressMask;
import org.opends.messages.Message;
import org.opends.server.admin.server.ConfigurationChangeListener;
import org.opends.server.admin.std.server.ConnectionHandlerCfg;
@@ -1235,7 +1236,7 @@
// Check to see if the client is on the denied list.
// If so, then reject it immediately.
if ((!deniedClients.isEmpty())
- && AddressMask.maskListContains(clientAddr, deniedClients))
+ && AddressMask.matchesAny(deniedClients, clientAddr))
{
clientConnection.disconnect(DisconnectReason.CONNECTION_REJECTED,
currentConfig.isSendRejectionNotice(), ERR_CONNHANDLER_DENIED_CLIENT
@@ -1247,7 +1248,7 @@
// there is whether the client is on that list. If
// not, then reject the connection.
if ((!allowedClients.isEmpty())
- && (!AddressMask.maskListContains(clientAddr, allowedClients)))
+ && (!AddressMask.matchesAny(allowedClients, clientAddr)))
{
clientConnection.disconnect(DisconnectReason.CONNECTION_REJECTED,
currentConfig.isSendRejectionNotice(),
diff --git a/opendj3-server-dev/src/server/org/opends/server/types/AddressMask.java b/opendj3-server-dev/src/server/org/opends/server/types/AddressMask.java
deleted file mode 100644
index 7548b52..0000000
--- a/opendj3-server-dev/src/server/org/opends/server/types/AddressMask.java
+++ /dev/null
@@ -1,636 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2006-2009 Sun Microsystems, Inc.
- * Portions Copyright 2011-2014 ForgeRock AS
- */
-package org.opends.server.types;
-
-import static org.opends.messages.ProtocolMessages.*;
-
-import java.net.Inet6Address;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.BitSet;
-import java.util.Collection;
-
-import org.opends.messages.Message;
-import org.opends.server.config.ConfigException;
-
-
-
-/**
- * This class defines an address mask, which can be used to perform efficient
- * comparisons against IP addresses to determine whether a particular IP address
- * is in a given range.
- */
-@org.opends.server.types.PublicAPI(
- stability = org.opends.server.types.StabilityLevel.VOLATILE,
- mayInstantiate = true, mayExtend = false, mayInvoke = true)
-public final class AddressMask
-{
- /**
- * Types of rules we have. IPv4 - ipv4 rule IPv6 - ipv6 rule (begin with '['
- * or contains an ':'). HOST - hostname match (foo.sun.com) HOSTPATTERN - host
- * pattern match (begin with '.') ALLWILDCARD - *.*.*.* (first HOST is applied
- * then ipv4)
- */
- enum RuleType
- {
- ALLWILDCARD, HOST, HOSTPATTERN, IPv4, IPv6
- }
-
-
-
- // IPv4 values for number of bytes and max CIDR prefix
- private static final int IN4ADDRSZ = 4;
- private static final int IPV4MAXPREFIX = 32;
-
- // IPv6 values for number of bytes and max CIDR prefix
- private static final int IN6ADDRSZ = 16;
- private static final int IPV6MAXPREFIX = 128;
-
-
-
- /**
- * Decodes the provided string as an address mask.
- *
- * @param maskString
- * The string to decode as an address mask.
- * @return AddressMask The address mask decoded from the provided string.
- * @throws ConfigException
- * If the provided string cannot be decoded as an address mask.
- */
-
- public static AddressMask decode(final String maskString)
- throws ConfigException
- {
- return new AddressMask(maskString);
- }
-
-
-
- /**
- * Indicates whether provided address matches one of the address masks in the
- * provided collection.
- *
- * @param address
- * The address to check.
- * @param masks
- * A collection of address masks to check.
- * @return <CODE>true</CODE> if the provided address matches one of the given
- * address masks, or <CODE>false</CODE> if it does not.
- */
- public static boolean maskListContains(final InetAddress address,
- final Collection<AddressMask> masks)
- {
- if (address != null) {
- for (final AddressMask mask : masks)
- {
- if (mask.match(address))
- {
- return true;
- }
- }
- }
- return false;
- }
-
-
-
- // Array that holds each component of a hostname.
- private String[] hostName;
-
- // Holds a hostname pattern (ie, rule that begins with '.');'
- private String hostPattern;
-
- // Holds binary representations of rule and mask respectively.
- private byte[] ruleMask, prefixMask;
-
- // Holds string passed into the constructor.
- private final String ruleString;
-
- // Type of rule determined
- private RuleType ruleType;
-
- // Bit array that holds wildcard info for above binary arrays.
- private final BitSet wildCard = new BitSet();
-
-
-
- /**
- * Address mask constructor.
- *
- * @param rule
- * The rule string to process.
- * @throws ConfigException
- * If the rule string is not valid.
- */
- private AddressMask(final String rule) throws ConfigException
- {
- determineRuleType(rule);
- switch (ruleType)
- {
- case IPv6:
- processIPv6(rule);
- break;
-
- case IPv4:
- processIpv4(rule);
- break;
-
- case HOST:
- processHost(rule);
- break;
-
- case HOSTPATTERN:
- processHostPattern(rule);
- break;
-
- case ALLWILDCARD:
- processAllWilds(rule);
- }
- ruleString = rule;
- }
-
-
-
- /**
- * Retrieves a string representation of this address mask.
- *
- * @return A string representation of this address mask.
- */
- @Override
- public String toString()
- {
- return ruleString;
- }
-
-
-
- /**
- * Try to determine what type of rule string this is. See RuleType above for
- * valid types.
- *
- * @param ruleString
- * The rule string to be examined.
- * @throws ConfigException
- * If the rule type cannot be determined from the rule string.
- */
- private void determineRuleType(final String ruleString)
- throws ConfigException
- {
-
- // Rule ending with '.' is invalid'
- if (ruleString.endsWith("."))
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- else if (ruleString.startsWith("."))
- {
- ruleType = RuleType.HOSTPATTERN;
- }
- else if (ruleString.startsWith("[") || (ruleString.indexOf(':') != -1))
- {
- ruleType = RuleType.IPv6;
- }
- else
- {
- int wildCount = 0;
- final String[] s = ruleString.split("\\.", -1);
- /*
- * Try to figure out how many wildcards and if the rule is hostname (can't
- * begin with digit) or ipv4 address. Default to IPv4 ruletype.
- */
- ruleType = RuleType.HOST;
- for (final String value : s)
- {
- if (value.equals("*"))
- {
- wildCount++;
- continue;
- }
- // Looks like an ipv4 address
- if (Character.isDigit(value.charAt(0)))
- {
- ruleType = RuleType.IPv4;
- break;
- }
- }
- // All wildcards (*.*.*.*)
- if (wildCount == s.length)
- {
- ruleType = RuleType.ALLWILDCARD;
- }
- }
- }
-
-
-
- /**
- * Main match function that determines which rule-type match function to use.
- *
- * @param address
- * The address to check.
- * @return <CODE>true</CODE>if one of the match functions found a match or
- * <CODE>false</CODE>if not.
- */
- private boolean match(final InetAddress address)
- {
- boolean ret = false;
-
- switch (ruleType)
- {
- case IPv6:
- case IPv4:
- // this Address mask is an IPv4 rule
- ret = matchAddress(address.getAddress());
- break;
-
- case HOST:
- // HOST rule use hostname
- ret = matchHostName(address.getHostName());
- break;
-
- case HOSTPATTERN:
- // HOSTPATTERN rule
- ret = matchPattern(address.getHostName());
- break;
-
- case ALLWILDCARD:
- // first try ipv4 addr match, then hostname
- ret = matchAddress(address.getAddress());
- if (!ret)
- {
- ret = matchHostName(address.getHostName());
- }
- break;
- }
- return ret;
- }
-
-
-
- /**
- * Try to match remote client address using prefix mask and rule mask.
- *
- * @param remoteMask
- * The byte array with remote client address.
- * @return <CODE>true</CODE> if remote client address matches or
- * <CODE>false</CODE>if not.
- */
- private boolean matchAddress(final byte[] remoteMask)
- {
- if (ruleType == RuleType.ALLWILDCARD)
- {
- return true;
- }
- if (prefixMask == null)
- {
- return false;
- }
- if (remoteMask.length != prefixMask.length)
- {
- return false;
- }
- for (int i = 0; i < prefixMask.length; i++)
- {
- if (!wildCard.get(i))
- {
- if ((ruleMask[i] & prefixMask[i]) != (remoteMask[i] & prefixMask[i]))
- {
- return false;
- }
- }
- }
- return true;
- }
-
-
-
- /**
- * Try to match remote client host name against rule host name.
- *
- * @param remoteHostName
- * The remote host name string.
- * @return <CODE>true</CODE>if the remote client host name matches
- * <CODE>false</CODE> if it does not.
- */
- private boolean matchHostName(final String remoteHostName)
- {
- final String[] s = remoteHostName.split("\\.", -1);
- if (s.length != hostName.length)
- {
- return false;
- }
- if (ruleType == RuleType.ALLWILDCARD)
- {
- return true;
- }
- for (int i = 0; i < s.length; i++)
- {
- if (!hostName[i].equals("*")) // skip if wildcard
- {
- if (!s[i].equalsIgnoreCase(hostName[i]))
- {
- return false;
- }
- }
- }
- return true;
- }
-
-
-
- /**
- * Try to match remote host name string against the pattern rule.
- *
- * @param remoteHostName
- * The remote client host name.
- * @return <CODE>true</CODE>if the remote host name matches or
- * <CODE>false</CODE>if not.
- */
- private boolean matchPattern(final String remoteHostName)
- {
- final int len = remoteHostName.length() - hostPattern.length();
- return len > 0
- && remoteHostName.regionMatches(true, len, hostPattern, 0,
- hostPattern.length());
- }
-
-
-
- /**
- * Build the prefix mask of prefix len bits set in the array.
- *
- * @param prefix
- * The len of the prefix to use.
- */
- private void prefixMask(int prefix)
- {
- int i;
- for (i = 0; prefix > 8; i++)
- {
- this.prefixMask[i] = (byte) 0xff;
- prefix -= 8;
- }
- this.prefixMask[i] = (byte) ((0xff) << (8 - prefix));
- }
-
-
-
- /**
- * The rule string is all wildcards. Set both address wildcard bitmask and
- * hostname wildcard array.
- *
- * @param rule
- * The rule string containing all wildcards.
- */
- private void processAllWilds(final String rule)
- {
- final String s[] = rule.split("\\.", -1);
- if (s.length == IN4ADDRSZ)
- {
- for (int i = 0; i < IN4ADDRSZ; i++)
- {
- wildCard.set(i);
- }
- }
- hostName = rule.split("\\.", -1);
- }
-
-
-
- /**
- * Examine rule string and build a hostname string array of its parts.
- *
- * @param rule
- * The rule string.
- * @throws ConfigException
- * If the rule string is not a valid host name.
- */
- private void processHost(final String rule) throws ConfigException
- {
- // Note that '*' is valid in host rule
- final String s[] = rule.split("^[0-9a-zA-z-.*]+");
- if (s.length > 0)
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- hostName = rule.split("\\.", -1);
- }
-
-
-
- /**
- * Examine the rule string of a host pattern and set the host pattern from the
- * rule.
- *
- * @param rule
- * The rule string to examine.
- * @throws ConfigException
- * If the rule string is not a valid host pattern rule.
- */
- private void processHostPattern(final String rule) throws ConfigException
- {
- // quick check for invalid chars like " "
- final String s[] = rule.split("^[0-9a-zA-z-.]+");
- if (s.length > 0)
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- hostPattern = rule;
- }
-
-
-
- /**
- * The rule string is an IPv4 rule. Build both the prefix mask array and rule
- * mask from the string.
- *
- * @param rule
- * The rule string containing the IPv4 rule.
- * @throws ConfigException
- * If the rule string is not a valid IPv4 rule.
- */
- private void processIpv4(final String rule) throws ConfigException
- {
- final String[] s = rule.split("/", -1);
- this.ruleMask = new byte[IN4ADDRSZ];
- this.prefixMask = new byte[IN4ADDRSZ];
- prefixMask(processPrefix(s, IPV4MAXPREFIX));
- processIPv4Subnet((s.length == 0) ? rule : s[0]);
- }
-
-
-
- /**
- * Examine the subnet part of a rule string and build a byte array
- * representation of it.
- *
- * @param subnet
- * The subnet string part of the rule.
- * @throws ConfigException
- * If the subnet string is not a valid IPv4 subnet string.
- */
- private void processIPv4Subnet(final String subnet) throws ConfigException
- {
- final String[] s = subnet.split("\\.", -1);
- try
- {
- // Make sure we have four parts
- if (s.length != IN4ADDRSZ)
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- for (int i = 0; i < IN4ADDRSZ; i++)
- {
- final String quad = s[i].trim();
- if (quad.equals("*"))
- {
- wildCard.set(i); // see wildcard mark bitset
- }
- else
- {
- final long val = Integer.parseInt(quad);
- // must be between 0-255
- if ((val < 0) || (val > 0xff))
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- ruleMask[i] = (byte) (val & 0xff);
- }
- }
- }
- catch (final NumberFormatException nfex)
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- }
-
-
-
- /**
- * The rule string is an IPv6 rule. Build both the prefix mask array and rule
- * mask from the string.
- *
- * @param rule
- * The rule string containing the IPv6 rule.
- * @throws ConfigException
- * If the rule string is not a valid IPv6 rule.
- */
- private void processIPv6(final String rule) throws ConfigException
- {
- final String[] s = rule.split("/", -1);
- InetAddress addr;
- try
- {
- addr = InetAddress.getByName(s[0]);
- }
- catch (final UnknownHostException ex)
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- if (addr instanceof Inet6Address)
- {
- this.ruleType = RuleType.IPv6;
- final Inet6Address addr6 = (Inet6Address) addr;
- this.ruleMask = addr6.getAddress();
- this.prefixMask = new byte[IN6ADDRSZ];
- prefixMask(processPrefix(s, IPV6MAXPREFIX));
- }
- else
- {
- /*
- * The address might be an IPv4-compat address. Throw an error if the rule
- * has a prefix.
- */
- if (s.length == 2)
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- this.ruleMask = addr.getAddress();
- this.ruleType = RuleType.IPv4;
- this.prefixMask = new byte[IN4ADDRSZ];
- prefixMask(processPrefix(s, IPV4MAXPREFIX));
- }
- }
-
-
-
- /**
- * Examine rule string for correct prefix usage.
- *
- * @param s
- * The string array with rule string add and prefix strings.
- * @param maxPrefix
- * The max value the prefix can be.
- * @return The prefix integer value.
- * @throws ConfigException
- * If the string array and prefix are not valid.
- */
- private int processPrefix(final String[] s, final int maxPrefix)
- throws ConfigException
- {
- int prefix = maxPrefix;
- try
- {
- // can only have one prefix value and a subnet string
- if ((s.length < 1) || (s.length > 2))
- {
- final Message message = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- else if (s.length == 2)
- {
- // can't have wildcard with a prefix
- if (s[0].indexOf('*') > -1)
- {
- final Message message = ERR_ADDRESSMASK_WILDCARD_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- prefix = Integer.parseInt(s[1]);
- }
- // must be between 0-maxprefix
- if ((prefix < 0) || (prefix > maxPrefix))
- {
- final Message message = ERR_ADDRESSMASK_PREFIX_DECODE_ERROR.get();
- throw new ConfigException(message);
- }
- }
- catch (final NumberFormatException nfex)
- {
- final Message msg = ERR_ADDRESSMASK_FORMAT_DECODE_ERROR.get();
- throw new ConfigException(msg);
- }
- return prefix;
- }
-}
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java
index 858ccd8..b23c834 100644
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java
+++ b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/core/networkgroups/IPConnectionCriteriaTest.java
@@ -31,11 +31,11 @@
import java.util.Collection;
import java.util.Collections;
+import org.forgerock.opendj.ldap.AddressMask;
import org.opends.server.DirectoryServerTestCase;
import org.opends.server.TestCaseUtils;
import org.opends.server.admin.std.meta.NetworkGroupCfgDefn.AllowedAuthMethod;
import org.opends.server.api.ClientConnection;
-import org.opends.server.types.AddressMask;
import org.opends.server.types.AuthenticationType;
import org.opends.server.types.DN;
import org.testng.Assert;
@@ -75,8 +75,8 @@
@DataProvider(name = "testData")
public Object[][] createTestData() throws Exception
{
- AddressMask matchAnything = AddressMask.decode("*.*.*.*");
- AddressMask matchNothing = AddressMask.decode("0.0.0.0");
+ AddressMask matchAnything = AddressMask.valueOf("*.*.*.*");
+ AddressMask matchNothing = AddressMask.valueOf("0.0.0.0");
ClientConnection client =
new MockClientConnection(12345, false, DN.rootDN(),
AllowedAuthMethod.ANONYMOUS);
diff --git a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java b/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java
deleted file mode 100644
index 21d376c..0000000
--- a/opendj3-server-dev/tests/unit-tests-testng/src/server/org/opends/server/types/TestAddressMask.java
+++ /dev/null
@@ -1,364 +0,0 @@
-/*
- * CDDL HEADER START
- *
- * The contents of this file are subject to the terms of the
- * Common Development and Distribution License, Version 1.0 only
- * (the "License"). You may not use this file except in compliance
- * with the License.
- *
- * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
- * or http://forgerock.org/license/CDDLv1.0.html.
- * See the License for the specific language governing permissions
- * and limitations under the License.
- *
- * When distributing Covered Code, include this CDDL HEADER in each
- * file and include the License file at legal-notices/CDDLv1_0.txt.
- * If applicable, add the following below this CDDL HEADER, with the
- * fields enclosed by brackets "[]" replaced with your own identifying
- * information:
- * Portions Copyright [yyyy] [name of copyright owner]
- *
- * CDDL HEADER END
- *
- *
- * Copyright 2006-2008 Sun Microsystems, Inc.
- * Portions copyright 2011-2013 ForgeRock AS
- */
-package org.opends.server.types;
-
-import org.opends.server.config.ConfigException;
-import org.testng.annotations.DataProvider;
-import org.testng.annotations.Test;
-import static org.testng.Assert.*;
-
-import java.net.InetAddress;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-
-public class TestAddressMask extends TypesTestCase {
-
- /* These are all valid rules -- should all pass. */
- @DataProvider(name = "validRules")
- public Object[][] validData() {
- return new Object[][] {
- { "129.34.55.67"},
- { "129.*.78.55"},
- {".central.sun.com"},
- {"foo.central.sun.com"},
- {"foo.*.sun.*"},
- {"128.*.*.*"},
- {"129.45.23.67/22"},
- {"128.33.23.21/32"},
- {"*.*.*.*"},
- {"129.45.67.34/0"},
- {"foo.com"},
- {"foo"}
- };
- }
-
- @DataProvider(name = "invalidRules")
- public Object[][] invalidData() {
- return new Object[][] {
- { "129.*.900.67" },
- { "129.67" },
- {" "},
- {"129.56.78.90/2000"},
- {"677.777.AG.BC"},
- {"/34"},
- {"234.12.12.*/31"},
- {"234.12.12.90/"},
- {"129.34.56.78/-100"},
- {"129"},
- {"129.34.-90.67"},
- {"129.**.56.67"},
- {"foo bar.com"},
- {"12foo.example.com"},
- {"123.45."},
- {".central.sun day.com"},
- {"129.34.45.45/4/3/"}
- };
- }
-
- @DataProvider(name = "toStringRule")
- public Object[][] toStringData() {
- return new Object[][] {
- {"129.35.45.66/12"}
- };
- }
-
-@Test(dataProvider = "validRules")
- public void testValidDecode(String mask)
- throws Exception {
- AddressMask.decode(mask);
- }
-
- @Test(expectedExceptions=ConfigException.class, dataProvider="invalidRules")
- public void testInvalidDecode(String mask)
- throws Exception {
- try {
- AddressMask.decode(mask);
- } catch (ConfigException e) {
- throw e;
- } catch (Exception e) {
- System.out.println(
- "Invalid mask <" + mask + "> threw wrong exception type.");
- throw e;
- }
- throw new RuntimeException(
- "Invalid mask <" + mask + "> did not throw an exception.");
- }
-
- @DataProvider(name = "matchRules")
- public Object[][] ruleMatchData() {
- return new Object[][] {
- {
- //Rules
- new String[] {
- "129.56.*.22", //1
- "*.domain.com", //2
- "foo.example.com", //3
- "126.67.89.90", //4
- "90.89.78.67/30", //5
- ".test.com", //6
- "128.153.147.32/21",//7
- "128.153.146.32/26",//8
- "90.89.78.67/26"}, //9
- //Addresses
- new String[] {
- "128.153.147.45", //rule 7
- "128.153.146.60", //rule 8
- "148.45.45.46", //host
- "129.56.78.22", //rule 1
- "148.45.45.47", //host
- "148.45.45.48", //host
- "90.89.78.65"}, //rule 5
- //Hostnames
- new String[] {
- "some.host.name", //addr
- "some.host.name", //addr
- "foo.example.com", //rule 3
- "some.host.name", //addr
- "foo.test.com", //rule 6
- "foo.domain.com", //rule 2
- "some.host.name" //addr
- }
- }
- };
- }
-
- @DataProvider(name = "noMatchRules")
- public Object[][] ruleNoMatchData() {
- return new Object[][] {
- {
- // Rule to not match
- new String[] {
- "129.56.*.22", //1
- "*.domain.com", //2
- "foo.example.com", //3
- "126.67.89.90", //4
- "90.89.78.67/30", //5
- ".test.com", //6
- "128.153.147.32/21",//7
- "128.153.146.32/26",//8
- "90.89.78.67/26"}, //9
- //Addresses
- new String[] {
- "128.153.140.45",
- "128.153.143.255",
- "148.45.45.46",
- "126.56.78.22",
- "148.45.45.47",
- "148.45.45.48",
- "90.89.78.128",
- "148.45.45.49"},
- //Hostnames
- new String[] {
- "some.host.name",
- "some.host.name",
- "foo.examplee.com",
- "some.host.name",
- "foo.ttest.com",
- "foo.domain.comm",
- "some.host.name",
- "f.e.c",
- "foo.domain.cm"}
- }
- };
- }
-
- @DataProvider(name = "matchWCRules")
- public Object[][] ruleMatchWCData() {
- return new Object[][] {
- {
- //Rules
- new String[] {
- "*.*.*",
- "*.*.*.*"},
- //Addresses
- new String[] {
- "129.34.45.12",
- "129.34.45.13"},
- //Hostnames
- new String[] {
- "some.host.name" ,
- "some.host.name"}
- }
- };
- }
-
- @Test(dataProvider = "matchRules")
- public void testMatch(String[] rules, String[] addrs, String[] hostNames)
- throws Exception
- {
- assertTrue(match(rules, addrs, hostNames));
- }
-
- @Test(dataProvider = "matchWCRules")
- public void testWildCardMatch(String[] rules, String[] addrs,
- String[] hostNames) throws Exception
- {
- assertTrue(match(rules, addrs, hostNames));
- }
-
- @Test(dataProvider = "noMatchRules")
- public void testNoMatch(String[] rules, String[] addrs, String[] hostNames)
- throws Exception
- {
- assertFalse(match(rules, addrs, hostNames));
- }
-
- @Test(dataProvider = "toStringRule")
- public void testToString(String rule) throws Exception
- {
- AddressMask m = AddressMask.decode(rule);
- assertEquals(rule, m.toString());
- }
-
- @Test
- public void testNullMatch() throws Exception {
- AddressMask m = AddressMask.decode("*.*.*.*");
- assertFalse(AddressMask.maskListContains(null, Arrays.asList(m)));
- }
-
- private boolean match(String[] rules, String[] addrs, String[] hostNames)
- throws Exception
- {
- int i=0;
-
- Collection<AddressMask> m = new ArrayList<AddressMask>(rules.length);
- try {
- for (i = 0; i < rules.length; i++) {
- m.add(AddressMask.decode(rules[i]));
- }
- } catch (ConfigException ce) {
- throw new RuntimeException(
- "Invalid mask <" + rules[i] +
- "> all data must be valid for this test");
- }
- for(int j = 0; j < addrs.length; j++) {
- InetAddress addr =
- InetAddress.getByAddress(hostNames[j], InetAddress
- .getByName(addrs[j]).getAddress());
- if (!AddressMask.maskListContains(addr, m))
- {
- return false;
- }
- }
- return true;
- }
-
- /*
- IPV6 data and tests.
- */
-
- //Invalid IPv6 expressions.
- @DataProvider(name = "invalid6Rules")
- public Object[][] inValid6Data() {
- return new Object[][] {
- {"2001:feca:ba23:cd1f:dcb1:1010:9234:4088///124"},
- {"2001:feca:ba23:cd1f:dcb1:1010:9234:4088?124"},
- {"2001:fecz:ba23:cd1f:dcb1:1010:9234:4088/124"},
- {"2001:fecd:ba23:cd1ff:dcb1:1010:9234:4088/46"},
- {"0:0:0:0:0:ffff:101..45.75.219"},
- {"0:0:0:0:0:0:101.45.75.700"},
- {"1080::8:800:200C:417A/500"},
- {"1080::8:800:*:417A/66"},
- {"2001:fecd:ba23:cd1ff:dcb1:1010:202.45.66.20"},
- };
- }
-
- //Valid IPv6 expressions.
- @DataProvider(name = "valid6Rules")
- public Object[][] valid6Data() {
- return new Object[][] {
- {"2001:fecd:ba23:cd1f:dcb1:1010:9234:4088/124"},
- {"2001:fecd:ba23:cd1f:dcb1:1010:9234:4088"},
- {"[2001:fecd:ba23:cd1f:dcb1:1010:9234:4088]/45"},
- {"::/128"},
- {"::1/128"},
- {"::"},
- {"0:0:0:0:0:ffff:101.45.75.219"},
- {"1080::8:800:200C:417A"},
- {"0:0:0:0:0:0:101.45.75.219"},
- {"::101.45.75.219"}
- };
- }
-
-
- @DataProvider(name = "match6Rules")
- public Object[][] ruleMatch6Data() {
- return new Object[][] {
- {
- //IPV6 Rules
- new String[] {
- "[12ab:0:0:cd30::]/60",
- "::ffff:72.56.78.9",
- "::",
- "42ab:0:0:dd30::"},
- //IPv6 Addresses
- new String[] {
- "12ab:0:0:cd3f:0000:0000:23DC:DC30",
- "72.56.78.9",
- "::",
- "42ab:0000:0000:dd30:0000:0000:0000:0000"},
- //ignored Hostnames
- new String[] {
- "ignored.host.name",
- "ignored.host.name",
- "ignored.host.name",
- "ignored.host.name"
- }
- }
- };
- }
-
- @Test(dataProvider = "valid6Rules")
- public void testValid6Decode(String mask)
- throws Exception {
- AddressMask.decode(mask);
- }
-
- @Test(expectedExceptions=ConfigException.class, dataProvider="invalid6Rules")
- public void testInvalid6Decode(String mask)
- throws Exception {
- try {
- AddressMask.decode(mask);
- } catch (ConfigException e) {
- throw e;
- } catch (Exception e) {
- System.out.println(
- "Invalid mask <" + mask + "> threw wrong exception type.");
- throw e;
- }
- throw new RuntimeException(
- "Invalid mask <" + mask + "> did not throw an exception.");
- }
-
- @Test(dataProvider = "match6Rules")
- public void testMatch6(String[] rules, String[] addrs, String[] hostNames)
- throws Exception
- {
- assertTrue(match(rules, addrs, hostNames));
- }
-}
--
Gitblit v1.10.0