1 files changed, 97 insertions, 15 deletions

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java
index bf46034d..c59f5b70 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java
@@ -1,23 +1,36 @@
 package at.gv.egiz.bku.accesscontroller;

 

+import java.net.InetAddress;

+import java.net.MalformedURLException;

+import java.net.URL;

+import java.net.UnknownHostException;

+import java.util.regex.Matcher;

+import java.util.regex.Pattern;

+

 import org.apache.commons.logging.Log;

 import org.apache.commons.logging.LogFactory;

 

+import at.gv.egiz.bku.slcommands.SLCommand;

 import at.gv.egiz.bku.slexceptions.SLRuntimeException;

 

 public class RuleChecker implements AccessChecker {

-	

+

 	private static Log log = LogFactory.getLog(RuleChecker.class);

-	

-	public static enum PEER_TYPE {HOST, IP, URL};

+

+	public static enum PEER_TYPE {

+		HOST, IP, URL

+	};

 

 	protected String id;

 	protected AuthenticationClass authenticationClass;

 	protected String commandName;

+	protected Pattern commandNamePattern;

 	protected String peerId;

+	protected Pattern peerIdPattern;

 	protected PEER_TYPE peerType;

 	protected Action action;

 	protected UserAction userAction;

+	protected String chainId;

 

 	public RuleChecker(String id) {

 		if (id == null) {

@@ -27,43 +40,112 @@ public class RuleChecker implements AccessChecker {
 	}

 

 	public void setAuthenticationClass(String ac) {

-		AuthenticationClass tmp = AuthenticationClass.fromString(ac); 

+		AuthenticationClass tmp = AuthenticationClass.fromString(ac);

 		if (tmp == null) {

-			throw new SLRuntimeException("Unknown authentication class "+ac);

+			throw new SLRuntimeException("Unknown authentication class " + ac);

 		}

 		authenticationClass = tmp;

 	}

-	

+

 	public void setAction(String ac) {

 		Action tmp = Action.fromString(ac);

 		if (tmp == null) {

-			throw new SLRuntimeException("Unknown action "+ac);

+			throw new SLRuntimeException("Unknown action " + ac);

 		}

 		action = tmp;

 	}

-	

+

 	public void setUserAction(String uac) {

-		 UserAction tmp = UserAction.fromString(uac);

+		UserAction tmp = UserAction.fromString(uac);

 		if (tmp == null) {

-			throw new SLRuntimeException("Unknown user action "+uac);

+			throw new SLRuntimeException("Unknown user action " + uac);

 		}

 		userAction = tmp;

 	}

-	

+

+	public void setChainId(String chainId) {

+		this.chainId = chainId;

+	}

+

 	public void setPeerId(String peerId, PEER_TYPE type) {

 		this.peerType = type;

 		this.peerId = peerId;

+		peerIdPattern = Pattern.compile(peerId);

 	}

-	

+

+	public void setCommandName(String commandName) {

+		this.commandName = commandName;

+		commandNamePattern = Pattern.compile(commandName);

+	}

+

 	public String getId() {

 		return id;

 	}

 

+	protected boolean matchAuthenticationClass(AuthenticationClass cls) {

+		if (this.authenticationClass == null) {

+			return true;

+		}

+		return this.authenticationClass.compareTo(cls) <= 0;

+	}

+

+	protected boolean matchCommandName(SLCommand cmd) {

+		if (commandName == null) {

+			return true;

+		}

+		Matcher matcher = commandNamePattern.matcher(cmd.getName());

+		return matcher.matches();

+	}

+

+	protected boolean matchPeerId(String peerUrl) {

+		if (peerId == null) {

+			return true;

+		}

+		if (peerType == PEER_TYPE.URL) {

+			Matcher matcher = peerIdPattern.matcher(peerUrl);

+			return matcher.matches();

+		} else {

+			try {

+				URL url = new URL(peerUrl);

+				if (peerType == PEER_TYPE.HOST) {

+					try {

+						String host = url.getHost();

+						String hostName = InetAddress.getByName(host).getCanonicalHostName();

+						Matcher matcher = peerIdPattern.matcher(hostName);

+						return matcher.matches();

+					} catch (UnknownHostException e) {

+						log.error("Cannot resolve hostname", e);

+						return false;

+					}

+				} else {

+					try {

+						String hostAddr = InetAddress.getByName(url.getHost())

+								.getHostAddress();

+						Matcher matcher = peerIdPattern.matcher(hostAddr);

+						return matcher.matches();

+					} catch (UnknownHostException e) {

+						log.error("Cannot resolve host address", e);

+						return false;

+					}

+				}

+			} catch (MalformedURLException e) {

+				log.error("Cannot parse url", e);

+				return false;

+			}

+		}

+	}

+

 	@Override

 	public RuleResult check(AccessCheckerContext checkCtx) {

-		log.debug("Processing rule: "+id);

-		// TODO Auto-generated method stub

-		return null;

+		log.debug("Processing rule: " + id);

+		if (matchAuthenticationClass(checkCtx.getAuthenticationClass())

+				&& matchCommandName(checkCtx.getCommand())

+				&& matchPeerId(checkCtx.getPeerUrl())) {

+			log.debug("Match found for rule: " + id);

+			return new RuleResult(action, userAction, true, chainId);

+		} 

+		log.debug("No match found for rule: " + id);

+		return new RuleResult(action, userAction, false, chainId);

 	}

 

 }