--- old/src/jdk.snmp/share/classes/com/sun/jmx/snmp/IPAcl/SnmpAcl.java 2014-10-15 14:05:04.000000000 +0200
+++ /dev/null 2014-10-15 14:05:04.000000000 +0200
@@ -1,486 +0,0 @@
-/*
- * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
- * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
- *
- * This code is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License version 2 only, as
- * published by the Free Software Foundation. Oracle designates this
- * particular file as subject to the "Classpath" exception as provided
- * by Oracle in the LICENSE file that accompanied this code.
- *
- * This code is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- * version 2 for more details (a copy is included in the LICENSE file that
- * accompanied this code).
- *
- * You should have received a copy of the GNU General Public License version
- * 2 along with this work; if not, write to the Free Software Foundation,
- * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
- *
- * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
- * or visit www.oracle.com if you need additional information or have any
- * questions.
- */
-
-
-package com.sun.jmx.snmp.IPAcl;
-
-
-
-// java import
-//
-import java.io.Serializable;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.net.InetAddress;
-import java.net.UnknownHostException;
-import java.util.Hashtable;
-import java.util.logging.Level;
-import java.util.Vector;
-import java.util.Enumeration;
-import java.util.HashSet;
-import java.security.acl.AclEntry;
-import java.security.acl.NotOwnerException;
-
-// SNMP Runtime import
-//
-import static com.sun.jmx.defaults.JmxProperties.SNMP_LOGGER;
-import com.sun.jmx.snmp.InetAddressAcl;
-
-/**
- * Defines an implementation of the {@link com.sun.jmx.snmp.InetAddressAcl InetAddressAcl} interface.
- *
- * In this implementation the ACL information is stored on a flat file and
- * its default location is "$JRE/lib/snmp.acl" - See
- * {@link #getDefaultAclFileName()}
- *
- *
- *
- * This API is a Sun Microsystems internal API and is subject
- * to change without notice.
- */
-
-public class SnmpAcl implements InetAddressAcl, Serializable {
- private static final long serialVersionUID = -6702287103824397063L;
-
- static final PermissionImpl READ = new PermissionImpl("READ");
- static final PermissionImpl WRITE = new PermissionImpl("WRITE");
-
- /**
- * Constructs the Java Dynamic Management(TM) Access Control List
- * based on IP addresses. The ACL will take the given owner name.
- * The current IP address will be the owner of the ACL.
- *
- * @param Owner The name of the ACL Owner.
- *
- * @exception UnknownHostException If the local host is unknown.
- * @exception IllegalArgumentException If the ACL file doesn't exist.
- */
- public SnmpAcl(String Owner)
- throws UnknownHostException, IllegalArgumentException {
- this(Owner,null);
- }
-
- /**
- * Constructs the Java Dynamic Management(TM) Access Control List
- * based on IP addresses. The ACL will take the given owner name.
- * The current IP address will be the owner of the ACL.
- *
- * @param Owner The name of the ACL Owner.
- * @param aclFileName The name of the ACL File.
- *
- * @exception UnknownHostException If the local host is unknown.
- * @exception IllegalArgumentException If the ACL file doesn't exist.
- */
- public SnmpAcl(String Owner, String aclFileName)
- throws UnknownHostException, IllegalArgumentException {
- trapDestList= new Hashtable>();
- informDestList= new Hashtable>();
-
- // PrincipalImpl() take the current host as entry
- owner = new PrincipalImpl();
- try {
- acl = new AclImpl(owner,Owner);
- AclEntry ownEntry = new AclEntryImpl(owner);
- ownEntry.addPermission(READ);
- ownEntry.addPermission(WRITE);
- acl.addEntry(owner,ownEntry);
- } catch (NotOwnerException ex) {
- if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
- SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(),
- "SnmpAcl(String,String)",
- "Should never get NotOwnerException as the owner " +
- "is built in this constructor");
- }
- }
- if (aclFileName == null) setDefaultFileName();
- else setAuthorizedListFile(aclFileName);
- readAuthorizedListFile();
- }
-
- /**
- * Returns an enumeration of the entries in this ACL. Each element in the
- * enumeration is of type java.security.acl.AclEntry
.
- *
- * @return An enumeration of the entries in this ACL.
- */
- public Enumeration entries() {
- return acl.entries();
- }
-
- /**
- * Returns ann enumeration of community strings. Community strings are returned as String.
- * @return The enumeration of community strings.
- */
- public Enumeration communities() {
- HashSet set = new HashSet();
- Vector res = new Vector();
- for (Enumeration e = acl.entries() ; e.hasMoreElements() ;) {
- AclEntryImpl entry = (AclEntryImpl) e.nextElement();
- for (Enumeration cs = entry.communities();
- cs.hasMoreElements() ;) {
- set.add(cs.nextElement());
- }
- }
- String[] objs = set.toArray(new String[0]);
- for(int i = 0; i < objs.length; i++)
- res.addElement(objs[i]);
-
- return res.elements();
- }
-
- /**
- * Returns the name of the ACL.
- *
- * @return The name of the ACL.
- */
- public String getName() {
- return acl.getName();
- }
-
- /**
- * Returns the read permission instance used.
- *
- * @return The read permission instance.
- */
- static public PermissionImpl getREAD() {
- return READ;
- }
-
- /**
- * Returns the write permission instance used.
- *
- * @return The write permission instance.
- */
- static public PermissionImpl getWRITE() {
- return WRITE;
- }
-
- /**
- * Get the default name for the ACL file.
- * In this implementation this is "$JRE/lib/snmp.acl"
- * @return The default name for the ACL file.
- **/
- public static String getDefaultAclFileName() {
- final String fileSeparator =
- System.getProperty("file.separator");
- final StringBuilder defaultAclName =
- new StringBuilder(System.getProperty("java.home")).
- append(fileSeparator).append("lib").append(fileSeparator).
- append("snmp.acl");
- return defaultAclName.toString();
- }
-
- /**
- * Sets the full path of the file containing the ACL information.
- *
- * @param filename The full path of the file containing the ACL information.
- * @throws IllegalArgumentException If the passed ACL file doesn't exist.
- */
- public void setAuthorizedListFile(String filename)
- throws IllegalArgumentException {
- File file = new File(filename);
- if (!file.isFile() ) {
- if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
- SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(),
- "setAuthorizedListFile", "ACL file not found: " + filename);
- }
- throw new
- IllegalArgumentException("The specified file ["+file+"] "+
- "doesn't exist or is not a file, "+
- "no configuration loaded");
- }
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "setAuthorizedListFile", "Default file set to " + filename);
- }
- authorizedListFile = filename;
- }
-
- /**
- * Resets this ACL to the values contained in the configuration file.
- *
- * @exception NotOwnerException If the principal attempting the reset is not an owner of this ACL.
- * @exception UnknownHostException If IP addresses for hosts contained in the ACL file couldn't be found.
- */
- public void rereadTheFile() throws NotOwnerException, UnknownHostException {
- alwaysAuthorized = false;
- acl.removeAll(owner);
- trapDestList.clear();
- informDestList.clear();
- AclEntry ownEntry = new AclEntryImpl(owner);
- ownEntry.addPermission(READ);
- ownEntry.addPermission(WRITE);
- acl.addEntry(owner,ownEntry);
- readAuthorizedListFile();
- }
-
- /**
- * Returns the full path of the file used to get ACL information.
- *
- * @return The full path of the file used to get ACL information.
- */
- public String getAuthorizedListFile() {
- return authorizedListFile;
- }
-
- /**
- * Checks whether or not the specified host has READ
access.
- *
- * @param address The host address to check.
- *
- * @return true
if the host has read permission, false
otherwise.
- */
- public boolean checkReadPermission(InetAddress address) {
- if (alwaysAuthorized) return ( true );
- PrincipalImpl p = new PrincipalImpl(address);
- return acl.checkPermission(p, READ);
- }
-
- /**
- * Checks whether or not the specified host and community have READ
access.
- *
- * @param address The host address to check.
- * @param community The community associated with the host.
- *
- * @return true
if the pair (host, community) has read permission, false
otherwise.
- */
- public boolean checkReadPermission(InetAddress address, String community) {
- if (alwaysAuthorized) return ( true );
- PrincipalImpl p = new PrincipalImpl(address);
- return acl.checkPermission(p, community, READ);
- }
-
- /**
- * Checks whether or not a community string is defined.
- *
- * @param community The community to check.
- *
- * @return true
if the community is known, false
otherwise.
- */
- public boolean checkCommunity(String community) {
- return acl.checkCommunity(community);
- }
-
- /**
- * Checks whether or not the specified host has WRITE
access.
- *
- * @param address The host address to check.
- *
- * @return true
if the host has write permission, false
otherwise.
- */
- public boolean checkWritePermission(InetAddress address) {
- if (alwaysAuthorized) return ( true );
- PrincipalImpl p = new PrincipalImpl(address);
- return acl.checkPermission(p, WRITE);
- }
-
- /**
- * Checks whether or not the specified host and community have WRITE
access.
- *
- * @param address The host address to check.
- * @param community The community associated with the host.
- *
- * @return true
if the pair (host, community) has write permission, false
otherwise.
- */
- public boolean checkWritePermission(InetAddress address, String community) {
- if (alwaysAuthorized) return ( true );
- PrincipalImpl p = new PrincipalImpl(address);
- return acl.checkPermission(p, community, WRITE);
- }
-
- /**
- * Returns an enumeration of trap destinations.
- *
- * @return An enumeration of the trap destinations (enumeration of InetAddress
).
- */
- public Enumeration getTrapDestinations() {
- return trapDestList.keys();
- }
-
- /**
- * Returns an enumeration of trap communities for a given host.
- *
- * @param i The address of the host.
- *
- * @return An enumeration of trap communities for a given host (enumeration of String
).
- */
- public Enumeration getTrapCommunities(InetAddress i) {
- Vector list = null;
- if ((list = trapDestList.get(i)) != null ) {
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "getTrapCommunities", "["+i.toString()+"] is in list");
- }
- return list.elements();
- } else {
- list = new Vector<>();
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "getTrapCommunities", "["+i.toString()+"] is not in list");
- }
- return list.elements();
- }
- }
-
- /**
- * Returns an enumeration of inform destinations.
- *
- * @return An enumeration of the inform destinations (enumeration of InetAddress
).
- */
- public Enumeration getInformDestinations() {
- return informDestList.keys();
- }
-
- /**
- * Returns an enumeration of inform communities for a given host.
- *
- * @param i The address of the host.
- *
- * @return An enumeration of inform communities for a given host (enumeration of String
).
- */
- public Enumeration getInformCommunities(InetAddress i) {
- Vector list = null;
- if ((list = informDestList.get(i)) != null ) {
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "getInformCommunities", "["+i.toString()+"] is in list");
- }
- return list.elements();
- } else {
- list = new Vector<>();
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "getInformCommunities", "["+i.toString()+"] is not in list");
- }
- return list.elements();
- }
- }
-
- /**
- * Converts the input configuration file into ACL.
- */
- private void readAuthorizedListFile() {
-
- alwaysAuthorized = false;
-
- if (authorizedListFile == null) {
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "readAuthorizedListFile", "alwaysAuthorized set to true");
- }
- alwaysAuthorized = true ;
- } else {
- // Read the file content
- Parser parser = null;
- try {
- parser= new Parser(new FileInputStream(getAuthorizedListFile()));
- } catch (FileNotFoundException e) {
- if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
- SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(),
- "readAuthorizedListFile",
- "The specified file was not found, authorize everybody");
- }
- alwaysAuthorized = true ;
- return;
- }
-
- try {
- JDMSecurityDefs n = parser.SecurityDefs();
- n.buildAclEntries(owner, acl);
- n.buildTrapEntries(trapDestList);
- n.buildInformEntries(informDestList);
- } catch (ParseException e) {
- if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
- SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(),
- "readAuthorizedListFile", "Got parsing exception", e);
- }
- throw new IllegalArgumentException(e.getMessage());
- } catch (Error err) {
- if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
- SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(),
- "readAuthorizedListFile", "Got unexpected error", err);
- }
- throw new IllegalArgumentException(err.getMessage());
- }
-
- for(Enumeration e = acl.entries(); e.hasMoreElements();) {
- AclEntryImpl aa = (AclEntryImpl) e.nextElement();
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "readAuthorizedListFile",
- "===> " + aa.getPrincipal().toString());
- }
- for (Enumeration eee = aa.permissions();eee.hasMoreElements();) {
- java.security.acl.Permission perm = eee.nextElement();
- if (SNMP_LOGGER.isLoggable(Level.FINER)) {
- SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(),
- "readAuthorizedListFile", "perm = " + perm);
- }
- }
- }
- }
- }
-
- /**
- * Set the default full path for "snmp.acl" input file.
- * Do not complain if the file does not exists.
- */
- private void setDefaultFileName() {
- try {
- setAuthorizedListFile(getDefaultAclFileName());
- } catch (IllegalArgumentException x) {
- // OK...
- }
- }
-
-
- // PRIVATE VARIABLES
- //------------------
-
- /**
- * Represents the Access Control List.
- */
- private AclImpl acl = null;
- /**
- * Flag indicating whether the access is always authorized.
- *
This is the case if there is no flat file defined.
- */
- private boolean alwaysAuthorized = false;
- /**
- * Represents the Access Control List flat file.
- */
- private String authorizedListFile = null;
- /**
- * Contains the hosts list for trap destination.
- */
- private Hashtable> trapDestList = null;
- /**
- * Contains the hosts list for inform destination.
- */
- private Hashtable> informDestList = null;
-
- private PrincipalImpl owner = null;
-}