001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 *      Portions Copyright 2014-2015 ForgeRock AS
026 */
027package org.opends.server.authorization.dseecompat;
028import org.forgerock.i18n.LocalizableMessage;
029
030import static org.opends.messages.AccessControlMessages.*;
031import org.opends.server.types.DirectoryException;
032import org.opends.server.types.Entry;
033import org.opends.server.types.SearchFilter;
034
035/**
036 * This class represents a targetfilter keyword of an aci.
037 */
038public class TargetFilter {
039
040    /** Enumeration representing the targetfilter operation. */
041    private EnumTargetOperator op = EnumTargetOperator.EQUALITY;
042
043    /** Filter parsed from the ACI used to match the resource entry. */
044    private SearchFilter filter;
045
046    /**
047     * Class representing a targetfilter keyword.
048     * @param op The operation of the targetfilter expression (=, !=)
049     * @param filter The filter itself.
050     */
051    private TargetFilter(EnumTargetOperator op, SearchFilter filter) {
052        this.op=op;
053        this.filter=filter;
054    }
055
056    /**
057     * Decode a aci's targetfilter string.
058     * @param op The operation enumeration of the expression.
059     * @param expr A string representing the target filter.
060     * @return A TargetFilter class suitable for using in a match.
061     * @throws AciException If the expression string is invalid.
062     */
063    public static TargetFilter decode(EnumTargetOperator op, String expr)
064    throws AciException {
065        SearchFilter filter;
066        try {
067            filter = SearchFilter.createFilterFromString(expr);
068        } catch (DirectoryException ex) {
069            LocalizableMessage message =
070                WARN_ACI_SYNTAX_INVALID_TARGETFILTERKEYWORD_EXPRESSION.
071                  get(expr);
072            throw new AciException(message);
073        }
074        return new TargetFilter(op, filter);
075    }
076
077    /**
078     * Checks if a targetfilter matches an evaluation context.
079     * @param matchCtx The evaluation context to use in the matching.
080     * @return True if the target filter matched the context.
081     */
082    public boolean isApplicable(AciTargetMatchContext matchCtx) {
083        boolean ret;
084        ret=matchesFilter(matchCtx.getResourceEntry());
085        if(op.equals(EnumTargetOperator.NOT_EQUALITY))
086        {
087          ret = !ret;
088        }
089        return ret;
090    }
091
092    /**
093     * Checks the filter against an entry taken from the match context.
094     * @param e The entry from the evaluation context above.
095     * @return True if the filter matches the entry.
096     */
097    private boolean matchesFilter(Entry e) {
098        boolean ret;
099        try {
100            ret=filter.matchesEntry(e);
101        } catch (DirectoryException ex) {
102            //TODO information message?
103            return false;
104        }
105        return ret;
106    }
107}