Source code: com/sun/xacml/cond/MatchFunction.java
1
2 /*
3 * @(#)MatchFunction.java
4 *
5 * Copyright 2003-2004 Sun Microsystems, Inc. All Rights Reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions are met:
9 *
10 * 1. Redistribution of source code must retain the above copyright notice,
11 * this list of conditions and the following disclaimer.
12 *
13 * 2. Redistribution in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * Neither the name of Sun Microsystems, Inc. or the names of contributors may
18 * be used to endorse or promote products derived from this software without
19 * specific prior written permission.
20 *
21 * This software is provided "AS IS," without a warranty of any kind. ALL
22 * EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING
23 * ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
24 * OR NON-INFRINGEMENT, ARE HEREBY EXCLUDED. SUN MICROSYSTEMS, INC. ("SUN")
25 * AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY DAMAGES SUFFERED BY LICENSEE
26 * AS A RESULT OF USING, MODIFYING OR DISTRIBUTING THIS SOFTWARE OR ITS
27 * DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
28 * REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT, SPECIAL, CONSEQUENTIAL,
29 * INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
30 * OF LIABILITY, ARISING OUT OF THE USE OF OR INABILITY TO USE THIS SOFTWARE,
31 * EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
32 *
33 * You acknowledge that this software is not designed or intended for use in
34 * the design, construction, operation or maintenance of any nuclear facility.
35 */
36
37 package com.sun.xacml.cond;
38
39 import com.sun.xacml.EvaluationCtx;
40
41 import com.sun.xacml.attr.AttributeValue;
42 import com.sun.xacml.attr.BooleanAttribute;
43 import com.sun.xacml.attr.RFC822NameAttribute;
44 import com.sun.xacml.attr.StringAttribute;
45 import com.sun.xacml.attr.X500NameAttribute;
46
47 import java.util.HashSet;
48 import java.util.List;
49 import java.util.Set;
50
51 import java.util.regex.Pattern;
52
53 import javax.security.auth.x500.X500Principal;
54
55
56 /**
57 * Implements the three standard matching functions.
58 *
59 * @since 1.0
60 * @author Seth Proctor
61 * @author Yassir Elley
62 */
63 public class MatchFunction extends FunctionBase
64 {
65
66 /**
67 * Standard identifier for the regexp-string-match function.
68 */
69 public static final String NAME_REGEXP_STRING_MATCH =
70 FUNCTION_NS + "regexp-string-match";
71
72 /**
73 * Standard identifier for the x500Name-match function.
74 */
75 public static final String NAME_X500NAME_MATCH =
76 FUNCTION_NS + "x500Name-match";
77
78 /**
79 * Standard identifier for the rfc822Name-match function.
80 */
81 public static final String NAME_RFC822NAME_MATCH =
82 FUNCTION_NS + "rfc822Name-match";
83
84 // private identifiers for the supported functions
85 private static final int ID_REGEXP_STRING_MATCH = 0;
86 private static final int ID_X500NAME_MATCH = 1;
87 private static final int ID_RFC822NAME_MATCH = 2;
88
89 // private mappings for the input arguments
90 private static final String regexpParams [] = {
91 StringAttribute.identifier,
92 StringAttribute.identifier };
93 private static final String x500Params [] = {
94 X500NameAttribute.identifier,
95 X500NameAttribute.identifier };
96 private static final String rfc822Params [] = {
97 StringAttribute.identifier,
98 RFC822NameAttribute.identifier};
99
100 // private mapping for bag input options
101 private static final boolean bagParams [] = { false, false };
102
103 /**
104 * Creates a new <code>MatchFunction</code> based on the given name.
105 *
106 * @param functionName the name of the standard match function, including
107 * the complete namespace
108 *
109 * @throws IllegalArgumentException if the function is unknown
110 */
111 public MatchFunction(String functionName) {
112 super(functionName, getId(functionName),
113 getArgumentTypes(functionName), bagParams,
114 BooleanAttribute.identifier, false);
115 }
116
117 /**
118 * Private helper that returns the internal identifier used for the
119 * given standard function.
120 */
121 private static int getId(String functionName) {
122 if (functionName.equals(NAME_REGEXP_STRING_MATCH))
123 return ID_REGEXP_STRING_MATCH;
124 else if (functionName.equals(NAME_X500NAME_MATCH))
125 return ID_X500NAME_MATCH;
126 else if (functionName.equals(NAME_RFC822NAME_MATCH))
127 return ID_RFC822NAME_MATCH;
128
129 throw new IllegalArgumentException("unknown match function: " +
130 functionName);
131 }
132
133 /**
134 * Private helper that returns the types used for the given standard
135 * function. Note that this doesn't check on the return value since the
136 * method always is called after getId, so we assume that the function
137 * is present.
138 */
139 private static String [] getArgumentTypes(String functionName) {
140 if (functionName.equals(NAME_REGEXP_STRING_MATCH))
141 return regexpParams;
142 else if (functionName.equals(NAME_X500NAME_MATCH))
143 return x500Params;
144 else
145 return rfc822Params;
146 }
147
148 /**
149 * Returns a <code>Set</code> containing all the function identifiers
150 * supported by this class.
151 *
152 * @return a <code>Set</code> of <code>String</code>s
153 */
154 public static Set getSupportedIdentifiers() {
155 Set set = new HashSet();
156
157 set.add(NAME_REGEXP_STRING_MATCH);
158 set.add(NAME_X500NAME_MATCH);
159 set.add(NAME_RFC822NAME_MATCH);
160
161 return set;
162 }
163
164 /**
165 * Evaluate the function, using the specified parameters.
166 *
167 * @param inputs a <code>List</code> of <code>Evaluatable</code>
168 * objects representing the arguments passed to the function
169 * @param context an <code>EvaluationCtx</code> so that the
170 * <code>Evaluatable</code> objects can be evaluated
171 * @return an <code>EvaluationResult</code> representing the
172 * function's result
173 */
174 public EvaluationResult evaluate(List inputs, EvaluationCtx context) {
175
176 // Evaluate the arguments
177 AttributeValue [] argValues = new AttributeValue[inputs.size()];
178 EvaluationResult result = evalArgs(inputs, context, argValues);
179
180 // make sure we didn't get an error in processing the args
181 if (result != null)
182 return result;
183
184 // now that we're setup, we can do the matching operations
185
186 boolean boolResult = false;
187
188 switch (getFunctionId()) {
189
190 case ID_REGEXP_STRING_MATCH: {
191 // arg0 is a regular expression; arg1 is a general string
192 String arg0 = ((StringAttribute)(argValues[0])).getValue();
193 String arg1 = ((StringAttribute)(argValues[1])).getValue();
194
195 // the regular expression syntax required by XACML differs
196 // from the syntax supported by java.util.regex.Pattern
197 // in several ways; the next several code blocks transform
198 // the XACML syntax into a semantically equivalent Pattern syntax
199
200 StringBuffer buf = new StringBuffer(arg0);
201
202 // in order to handle the requirement that the string is
203 // considered to match the pattern if any substring matches
204 // the pattern, we prepend ".*" and append ".*" to the reg exp,
205 // but only if there isn't an anchor (^ or $) in place
206
207 if (arg0.charAt(0) != '^')
208 buf = buf.insert(0, ".*");
209
210 if (arg0.charAt(arg0.length() - 1) != '$')
211 buf = buf.insert(buf.length(), ".*");
212
213 // in order to handle Unicode blocks, we replace all
214 // instances of "\p{Is" with "\p{In" in the reg exp
215
216 int idx = -1;
217 idx = buf.indexOf("\\p{Is", 0);
218 while (idx != -1){
219 buf = buf.replace(idx, idx+5, "\\p{In");
220 idx = buf.indexOf("\\p{Is", idx);
221 }
222
223 // in order to handle Unicode blocks, we replace all instances
224 // of "\P{Is" with "\P{In" in the reg exp
225
226 idx = -1;
227 idx = buf.indexOf("\\P{Is", 0);
228 while (idx != -1){
229 buf = buf.replace(idx, idx+5, "\\P{In");
230 idx = buf.indexOf("\\P{Is", idx);
231 }
232
233 // in order to handle character class subtraction, we
234 // replace all instances of "-[" with "&&[^" in the reg exp
235
236 idx = -1;
237 idx = buf.indexOf("-[", 0);
238 while (idx != -1){
239 buf = buf.replace(idx, idx+2, "&&[^");
240 idx = buf.indexOf("-[", idx);
241 }
242 arg0 = buf.toString();
243
244 boolResult = Pattern.matches(arg0, arg1);
245
246 break;
247 }
248
249 case ID_X500NAME_MATCH: {
250 X500Principal arg0 =
251 ((X500NameAttribute)(argValues[0])).getValue();
252 X500Principal arg1 =
253 ((X500NameAttribute)(argValues[1])).getValue();
254
255 boolResult = arg1.getName(X500Principal.CANONICAL).
256 endsWith(arg0.getName(X500Principal.CANONICAL));
257
258 break;
259 }
260
261 case ID_RFC822NAME_MATCH: {
262 String arg0 = ((StringAttribute)(argValues[0])).getValue();
263 String arg1 = ((RFC822NameAttribute)(argValues[1])).getValue();
264
265 if (arg0.indexOf('@') != -1) {
266 // this is case #1 : a whole address
267 String normalized = (new RFC822NameAttribute(arg0)).getValue();
268 boolResult = normalized.equals(arg1);
269 } else if (arg0.charAt(0) == '.') {
270 // this is case #3 : a sub-domain
271 boolResult = arg1.endsWith(arg0.toLowerCase());
272 } else {
273 // this is case #2 : any mailbox at a specific domain
274 String mailDomain = arg1.substring(arg1.indexOf('@') + 1);
275 boolResult = arg0.toLowerCase().equals(mailDomain);
276 }
277
278 break;
279 }
280
281 }
282
283 // Return the result as a BooleanAttribute.
284 return EvaluationResult.getInstance(boolResult);
285 }
286 }