001    /*
002     * CDDL HEADER START
003     *
004     * The contents of this file are subject to the terms of the
005     * Common Development and Distribution License, Version 1.0 only
006     * (the "License").  You may not use this file except in compliance
007     * with the License.
008     *
009     * You can obtain a copy of the license at
010     * trunk/opends/resource/legal-notices/OpenDS.LICENSE
011     * or https://OpenDS.dev.java.net/OpenDS.LICENSE.
012     * See the License for the specific language governing permissions
013     * and limitations under the License.
014     *
015     * When distributing Covered Code, include this CDDL HEADER in each
016     * file and include the License file at
017     * trunk/opends/resource/legal-notices/OpenDS.LICENSE.  If applicable,
018     * add the following below this CDDL HEADER, with the fields enclosed
019     * by brackets "[]" replaced with your own identifying information:
020     *      Portions Copyright [yyyy] [name of copyright owner]
021     *
022     * CDDL HEADER END
023     *
024     *
025     *      Copyright 2008 Sun Microsystems, Inc.
026     */
027    
028    package org.opends.server.authorization.dseecompat;
029    import org.opends.messages.Message;
030    
031    import static org.opends.messages.AccessControlMessages.*;
032    import org.opends.server.types.DirectoryException;
033    import org.opends.server.types.Entry;
034    import org.opends.server.types.SearchFilter;
035    
036    /**
037     * This class represents a targetfilter keyword of an aci.
038     *
039     */
040    public class TargetFilter {
041    
042        /*
043         * Enumeration representing the targetfilter operation.
044         */
045        private EnumTargetOperator op = EnumTargetOperator.EQUALITY;
046    
047        /*
048         * Filter parsed from the ACI used to match the resource entry.
049         */
050        private SearchFilter filter;
051    
052        /*
053         * Class representing a targetfilter keyword.
054         * @param op The operation of the targetfilter expression (=, !=)
055         * @param filter The filter itself.
056         */
057        private TargetFilter(EnumTargetOperator op, SearchFilter filter) {
058            this.op=op;
059            this.filter=filter;
060        }
061    
062        /**
063         * Decode a aci's targetfilter string.
064         * @param op The operation enumeration of the expression.
065         * @param expr A string representing the target filter.
066         * @return A TargetFilter class suitable for using in a match.
067         * @throws AciException If the expression string is invalid.
068         */
069        public static TargetFilter decode(EnumTargetOperator op, String expr)
070        throws AciException {
071            SearchFilter filter;
072            try {
073                filter = SearchFilter.createFilterFromString(expr);
074            } catch (DirectoryException ex) {
075                Message message =
076                    WARN_ACI_SYNTAX_INVALID_TARGETFILTERKEYWORD_EXPRESSION.
077                      get(expr);
078                throw new AciException(message);
079            }
080            return new TargetFilter(op, filter);
081        }
082    
083        /**
084         * Checks if a targetfilter matches an evaluation context.
085         * @param matchCtx The evaluation context to use in the matching.
086         * @return True if the target filter matched the context.
087         */
088        public boolean isApplicable(AciTargetMatchContext matchCtx) {
089            boolean ret;
090            ret=matchesFilter(matchCtx.getResourceEntry());
091            if(op.equals(EnumTargetOperator.NOT_EQUALITY))
092                ret = !ret;
093            return ret;
094        }
095    
096        /**
097         * Checks the filter against an entry taken from the match context.
098         * @param e The entry from the evaluation context above.
099         * @return True if the filter matches the entry.
100         */
101        private boolean matchesFilter(Entry e) {
102            boolean ret;
103            try {
104                ret=filter.matchesEntry(e);
105            } catch (DirectoryException ex) {
106                //TODO information message?
107                return false;
108            }
109            return ret;
110        }
111    }