1 /*
   2  * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 package sun.security.acl;
  26 
  27 import java.util.*;
  28 import java.security.Principal;
  29 import java.security.acl.*;
  30 
  31 /**
  32  * This is a class that describes one entry that associates users
  33  * or groups with permissions in the ACL.
  34  * The entry may be used as a way of granting or denying permissions.
  35  * @author      Satish Dharmaraj
  36  */
  37 public class AclEntryImpl implements AclEntry {
  38     private Principal user = null;
  39     private Vector<Permission> permissionSet = new Vector<>(10, 10);
  40     private boolean negative = false;
  41 
  42     /**
  43      * Construct an ACL entry that associates a user with permissions
  44      * in the ACL.
  45      * @param user The user that is associated with this entry.
  46      */
  47     public AclEntryImpl(Principal user) {
  48         this.user = user;
  49     }
  50 
  51     /**
  52      * Construct a null ACL entry
  53      */
  54     public AclEntryImpl() {
  55     }
  56 
  57     /**
  58      * Sets the principal in the entity. If a group or a
  59      * principal had already been set, a false value is
  60      * returned, otherwise a true value is returned.
  61      * @param user The user that is associated with this entry.
  62      * @return true if the principal is set, false if there is
  63      * one already.
  64      */
  65     public boolean setPrincipal(Principal user) {
  66         if (this.user != null)
  67           return false;
  68         this.user = user;
  69         return true;
  70     }
  71 
  72     /**
  73      * This method sets the ACL to have negative permissions.
  74      * That is the user or group is denied the permission set
  75      * specified in the entry.
  76      */
  77     public void setNegativePermissions() {
  78         negative = true;
  79     }
  80 
  81     /**
  82      * Returns true if this is a negative ACL.
  83      */
  84     public boolean isNegative() {
  85         return negative;
  86     }
  87 
  88     /**
  89      * A principal or a group can be associated with multiple
  90      * permissions. This method adds a permission to the ACL entry.
  91      * @param permission The permission to be associated with
  92      * the principal or the group in the entry.
  93      * @return true if the permission was added, false if the
  94      * permission was already part of the permission set.
  95      */
  96     public boolean addPermission(Permission permission) {
  97 
  98         if (permissionSet.contains(permission))
  99           return false;
 100 
 101         permissionSet.addElement(permission);
 102 
 103         return true;
 104     }
 105 
 106     /**
 107      * The method disassociates the permission from the Principal
 108      * or the Group in this ACL entry.
 109      * @param permission The permission to be disassociated with
 110      * the principal or the group in the entry.
 111      * @return true if the permission is removed, false if the
 112      * permission is not part of the permission set.
 113      */
 114     public boolean removePermission(Permission permission) {
 115         return permissionSet.removeElement(permission);
 116     }
 117 
 118     /**
 119      * Checks if the passed permission is part of the allowed
 120      * permission set in this entry.
 121      * @param permission The permission that has to be part of
 122      * the permission set in the entry.
 123      * @return true if the permission passed is part of the
 124      * permission set in the entry, false otherwise.
 125      */
 126     public boolean checkPermission(Permission permission) {
 127         return permissionSet.contains(permission);
 128     }
 129 
 130     /**
 131      * return an enumeration of the permissions in this ACL entry.
 132      */
 133     public Enumeration<Permission> permissions() {
 134         return permissionSet.elements();
 135     }
 136 
 137     /**
 138      * Return a string representation of  the contents of the ACL entry.
 139      */
 140     public String toString() {
 141         StringBuffer sb = new StringBuffer();
 142         if (negative) {
 143             sb.append('-');
 144         } else {
 145             sb.append('+');
 146         }
 147         if (user instanceof Group) {
 148             sb.append("Group.");
 149         } else {
 150             sb.append("User.");
 151         }
 152         sb.append(user).append('=');
 153 
 154         Enumeration<Permission> e = permissions();
 155         while (e.hasMoreElements()) {
 156             Permission p = e.nextElement();
 157             sb.append(p);
 158             if (e.hasMoreElements()) {
 159                 sb.append(',');
 160             }
 161         }
 162         return sb.toString();
 163     }
 164 
 165     /**
 166      * Clones an AclEntry.
 167      */
 168     @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
 169     public synchronized Object clone() {
 170         AclEntryImpl cloned;
 171         cloned = new AclEntryImpl(user);
 172         cloned.permissionSet = (Vector<Permission>) permissionSet.clone();
 173         cloned.negative = negative;
 174         return cloned;
 175     }
 176 
 177     /**
 178      * Return the Principal associated in this ACL entry.
 179      * The method returns null if the entry uses a group
 180      * instead of a principal.
 181      */
 182     public Principal getPrincipal() {
 183         return user;
 184     }
 185 }