Google Git
Sign in
apache / incubator-retired-openaz / 8eb5edb4824bfd42957f810ce4b9f8c3e82d3513 / . / openaz-xacml-pdp / src / main / java / org / apache / openaz / xacml / pdp / std / functions / FunctionDefinitionX500NameMatch.java
blob: e1ace036c003fcf2ef49b02df3731114be3651bd [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
/*
* AT&T - PROPRIETARY
* THIS FILE CONTAINS PROPRIETARY INFORMATION OF
* AT&T AND IS NOT TO BE DISCLOSED OR USED EXCEPT IN
* ACCORDANCE WITH APPLICABLE AGREEMENTS.
*
* Copyright (c) 2013 AT&T Knowledge Ventures
* Unpublished and Not for Publication
* All Rights Reserved
*/
package org.apache.openaz.xacml.pdp.std.functions;
import java.util.ArrayList;
import java.util.List;
import javax.security.auth.x500.X500Principal;
import org.apache.openaz.xacml.api.Identifier;
import org.apache.openaz.xacml.api.Status;
import org.apache.openaz.xacml.pdp.eval.EvaluationContext;
import org.apache.openaz.xacml.pdp.policy.ExpressionResult;
import org.apache.openaz.xacml.pdp.policy.FunctionArgument;
import org.apache.openaz.xacml.std.StdStatusCode;
import org.apache.openaz.xacml.std.datatypes.DataTypes;
/**
* FunctionDefinitionX500NameMatch extends
* {@link org.apache.openaz.xacml.pdp.std.functions.FunctionDefinitionHomogeneousSimple} to implement the
* XACML X500Name match predicate as functions taking two <code>X500Name</code> arguments and returning a
* single <code>Boolean</code> value. In the first implementation of XACML we had separate files for each
* XACML Function. This release combines multiple Functions in fewer files to minimize code duplication. This
* file supports the following XACML codes: x500Name-match
*/
public class FunctionDefinitionX500NameMatch extends
FunctionDefinitionHomogeneousSimple<Boolean, X500Principal> {
/**
* Constructor
*
* @param idIn
* @param dataTypeArgsIn
* @param op
*/
public FunctionDefinitionX500NameMatch(Identifier idIn) {
super(idIn, DataTypes.DT_BOOLEAN, DataTypes.DT_X500NAME, 2);
}
@Override
public ExpressionResult evaluate(EvaluationContext evaluationContext, List<FunctionArgument> arguments) {
List<X500Principal> convertedArguments = new ArrayList<X500Principal>();
Status status = this.validateArguments(arguments, convertedArguments);
/*
* If the function arguments are not correct, just return an error status immediately
*/
if (!status.getStatusCode().equals(StdStatusCode.STATUS_CODE_OK)) {
return ExpressionResult.newError(getFunctionStatus(status));
}
/*
* Now perform the match.
*/
/*
* The spec writer's comments at: https://lists.oasis-open.org/archives/xacml/200906/msg00019.html say
* that the first sequence must exactly match the END of the second sequence.
*/
String[] searchFor = convertedArguments.get(0).getName().split(",");
String[] searchIn = convertedArguments.get(1).getName().split(",");
// if first is bigger than 2nd there is no way we can match
if (searchFor.length > searchIn.length) {
return ER_FALSE;
}
// start from back-end of both lists - everything should match up to the length of the input
for (int i = 0; i < searchFor.length; i++) {
String searchForTerm = searchFor[searchFor.length - i - 1];
String searchInTerm = searchIn[searchIn.length - i - 1];
if (searchForTerm == null || searchInTerm == null
|| !searchForTerm.trim().equals(searchInTerm.trim())) {
return ER_FALSE;
}
}
return ER_TRUE;
}
}