1 /*
   2  * Copyright (c) 1996, 2011, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 package sun.security.acl;
  26 
  27 import java.util.*;
  28 import java.security.Principal;
  29 import java.security.acl.*;
  30 
  31 /**
  32  * This is a class that describes one entry that associates users
  33  * or groups with permissions in the ACL.
  34  * The entry may be used as a way of granting or denying permissions.
  35  * @author      Satish Dharmaraj
  36  */
  37 public class AclEntryImpl implements AclEntry {
  38     private Principal user = null;
  39     private Vector<Permission> permissionSet = new Vector<>(10, 10);
  40     private boolean negative = false;
  41 
  42     /**
  43      * Construct an ACL entry that associates a user with permissions
  44      * in the ACL.
  45      * @param user The user that is associated with this entry.
  46      */
  47     public AclEntryImpl(Principal user) {
  48         this.user = user;
  49     }
  50 
  51     /**
  52      * Construct a null ACL entry
  53      */
  54     public AclEntryImpl() {
  55     }
  56 
  57     /**
  58      * Sets the principal in the entity. If a group or a
  59      * principal had already been set, a false value is
  60      * returned, otherwise a true value is returned.
  61      * @param user The user that is associated with this entry.
  62      * @return true if the principal is set, false if there is
  63      * one already.
  64      */
  65     public boolean setPrincipal(Principal user) {
  66         if (this.user != null)
  67           return false;
  68         this.user = user;
  69         return true;
  70     }
  71 
  72     /**
  73      * This method sets the ACL to have negative permissions.
  74      * That is the user or group is denied the permission set
  75      * specified in the entry.
  76      */
  77     public void setNegativePermissions() {
  78         negative = true;
  79     }
  80 
  81     /**
  82      * Returns true if this is a negative ACL.
  83      */
  84     public boolean isNegative() {
  85         return negative;
  86     }
  87 
  88     /**
  89      * A principal or a group can be associated with multiple
  90      * permissions. This method adds a permission to the ACL entry.
  91      * @param permission The permission to be associated with
  92      * the principal or the group in the entry.
  93      * @return true if the permission was added, false if the
  94      * permission was already part of the permission set.
  95      */
  96     public boolean addPermission(Permission permission) {
  97 
  98         if (permissionSet.contains(permission))
  99           return false;
 100 
 101         permissionSet.addElement(permission);
 102 
 103         return true;
 104     }
 105 
 106     /**
 107      * The method disassociates the permission from the Principal
 108      * or the Group in this ACL entry.
 109      * @param permission The permission to be disassociated with
 110      * the principal or the group in the entry.
 111      * @return true if the permission is removed, false if the
 112      * permission is not part of the permission set.
 113      */
 114     public boolean removePermission(Permission permission) {
 115         return permissionSet.removeElement(permission);
 116     }
 117 
 118     /**
 119      * Checks if the passed permission is part of the allowed
 120      * permission set in this entry.
 121      * @param permission The permission that has to be part of
 122      * the permission set in the entry.
 123      * @return true if the permission passed is part of the
 124      * permission set in the entry, false otherwise.
 125      */
 126     public boolean checkPermission(Permission permission) {
 127         return permissionSet.contains(permission);
 128     }
 129 
 130     /**
 131      * return an enumeration of the permissions in this ACL entry.
 132      */
 133     public Enumeration<Permission> permissions() {
 134         return permissionSet.elements();
 135     }
 136 
 137     /**
 138      * Return a string representation of  the contents of the ACL entry.
 139      */
 140     public String toString() {
 141         StringBuffer s = new StringBuffer();
 142         if (negative)
 143           s.append("-");
 144         else
 145           s.append("+");
 146         if (user instanceof Group)
 147             s.append("Group.");
 148         else
 149             s.append("User.");
 150         s.append(user + "=");
 151         Enumeration<Permission> e = permissions();
 152         while(e.hasMoreElements()) {
 153             Permission p = e.nextElement();
 154             s.append(p);
 155             if (e.hasMoreElements())
 156                 s.append(",");
 157         }
 158         return new String(s);
 159     }
 160 
 161     /**
 162      * Clones an AclEntry.
 163      */
 164     @SuppressWarnings("unchecked") // Safe casts assuming clone() works correctly
 165     public synchronized Object clone() {
 166         AclEntryImpl cloned;
 167         cloned = new AclEntryImpl(user);
 168         cloned.permissionSet = (Vector<Permission>) permissionSet.clone();
 169         cloned.negative = negative;
 170         return cloned;
 171     }
 172 
 173     /**
 174      * Return the Principal associated in this ACL entry.
 175      * The method returns null if the entry uses a group
 176      * instead of a principal.
 177      */
 178     public Principal getPrincipal() {
 179         return user;
 180     }
 181 }