001/*
002 * CDDL HEADER START
003 *
004 * The contents of this file are subject to the terms of the
005 * Common Development and Distribution License, Version 1.0 only
006 * (the "License").  You may not use this file except in compliance
007 * with the License.
008 *
009 * You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
010 * or http://forgerock.org/license/CDDLv1.0.html.
011 * See the License for the specific language governing permissions
012 * and limitations under the License.
013 *
014 * When distributing Covered Code, include this CDDL HEADER in each
015 * file and include the License file at legal-notices/CDDLv1_0.txt.
016 * If applicable, add the following below this CDDL HEADER, with the
017 * fields enclosed by brackets "[]" replaced with your own identifying
018 * information:
019 *      Portions Copyright [yyyy] [name of copyright owner]
020 *
021 * CDDL HEADER END
022 *
023 *
024 *      Copyright 2008 Sun Microsystems, Inc.
025 *      Portions Copyright 2014-2015 ForgeRock AS
026 */
027package org.opends.server.authorization.dseecompat;
028
029import static org.opends.messages.AccessControlMessages.*;
030import static org.opends.server.util.CollectionUtils.*;
031
032import java.util.ArrayList;
033import java.util.Iterator;
034import java.util.List;
035import java.util.Set;
036import java.util.TreeMap;
037
038import org.forgerock.i18n.LocalizableMessage;
039import org.forgerock.i18n.slf4j.LocalizedLogger;
040import org.forgerock.opendj.ldap.ByteString;
041import org.forgerock.opendj.ldap.DecodeException;
042import org.forgerock.opendj.ldap.ResultCode;
043import org.forgerock.opendj.ldap.schema.MatchingRule;
044import org.opends.server.core.DirectoryServer;
045import org.opends.server.types.*;
046
047/**
048 * This class is used to match RDN patterns containing wildcards in either
049 * the attribute types or the attribute values.
050 * Substring matching on the attribute types is not supported.
051 */
052public class PatternRDN
053{
054
055  private static final LocalizedLogger logger = LocalizedLogger.getLoggerForThisClass();
056
057  /** Indicate whether the RDN contains a wildcard in any of its attribute types. */
058  private boolean hasTypeWildcard;
059  /** The set of attribute type patterns. */
060  private String[] typePatterns;
061  /**
062   * The set of attribute value patterns.
063   * The value pattern is split into a list according to the positions of any
064   * wildcards.  For example, the value "A*B*C" is represented as a
065   * list of three elements A, B and C.  The value "A" is represented as
066   * a list of one element A.  The value "*A*" is represented as a list
067   * of three elements "", A and "".
068   */
069  private ArrayList<ArrayList<ByteString>> valuePatterns;
070  /** The number of attribute-value pairs in this RDN pattern. */
071  private int numValues;
072
073
074  /**
075   * Create a new RDN pattern composed of a single attribute-value pair.
076   * @param type The attribute type pattern.
077   * @param valuePattern The attribute value pattern.
078   * @param dnString The DN pattern containing the attribute-value pair.
079   * @throws DirectoryException If the attribute-value pair is not valid.
080   */
081  public PatternRDN(String type, ArrayList<ByteString> valuePattern, String dnString)
082       throws DirectoryException
083  {
084    // Only Whole-Type wildcards permitted.
085    if (type.contains("*"))
086    {
087      if (!type.equals("*"))
088      {
089        LocalizableMessage message =
090            WARN_PATTERN_DN_TYPE_CONTAINS_SUBSTRINGS.get(dnString);
091        throw new DirectoryException(ResultCode.INVALID_DN_SYNTAX,
092                                     message);
093      }
094      hasTypeWildcard = true;
095    }
096
097    numValues = 1;
098    typePatterns = new String[] { type };
099    valuePatterns = newArrayList(valuePattern);
100  }
101
102
103  /**
104   * Add another attribute-value pair to the pattern.
105   * @param type The attribute type pattern.
106   * @param valuePattern The attribute value pattern.
107   * @param dnString The DN pattern containing the attribute-value pair.
108   * @throws DirectoryException If the attribute-value pair is not valid.
109   * @return  <CODE>true</CODE> if the type-value pair was added to
110   *          this RDN, or <CODE>false</CODE> if it was not (e.g., it
111   *          was already present).
112   */
113  public boolean addValue(String type, ArrayList<ByteString> valuePattern,
114                          String dnString)
115       throws DirectoryException
116  {
117    // No type wildcards permitted in multi-valued patterns.
118    if (hasTypeWildcard || type.contains("*"))
119    {
120      LocalizableMessage message =
121          WARN_PATTERN_DN_TYPE_WILDCARD_IN_MULTIVALUED_RDN.get(dnString);
122      throw new DirectoryException(ResultCode.INVALID_DN_SYNTAX, message);
123    }
124
125    numValues++;
126
127    String[] newTypes = new String[numValues];
128    System.arraycopy(typePatterns, 0, newTypes, 0,
129                     typePatterns.length);
130    newTypes[typePatterns.length] = type;
131    typePatterns = newTypes;
132
133    valuePatterns.add(valuePattern);
134
135    return true;
136  }
137
138
139  /**
140   * Retrieves the number of attribute-value pairs contained in this
141   * RDN pattern.
142   *
143   * @return  The number of attribute-value pairs contained in this
144   *          RDN pattern.
145   */
146  public int getNumValues()
147  {
148    return numValues;
149  }
150
151
152  /**
153   * Determine whether a given RDN matches the pattern.
154   * @param rdn The RDN to be matched.
155   * @return true if the RDN matches the pattern.
156   */
157  public boolean matchesRDN(RDN rdn)
158  {
159    if (getNumValues() == 1)
160    {
161      // Check for ",*," matching any RDN.
162      if (typePatterns[0].equals("*") && valuePatterns.get(0) == null)
163      {
164        return true;
165      }
166
167      if (rdn.getNumValues() != 1)
168      {
169        return false;
170      }
171
172      AttributeType thatType = rdn.getAttributeType(0);
173      if (!typePatterns[0].equals("*"))
174      {
175        AttributeType thisType =
176             DirectoryServer.getAttributeType(typePatterns[0].toLowerCase());
177        if (thisType == null || !thisType.equals(thatType))
178        {
179          return false;
180        }
181      }
182
183      return matchValuePattern(valuePatterns.get(0), thatType,
184                               rdn.getAttributeValue(0));
185    }
186
187    if (hasTypeWildcard)
188    {
189      return false;
190    }
191
192    if (numValues != rdn.getNumValues())
193    {
194      return false;
195    }
196
197    // Sort the attribute-value pairs by attribute type.
198    TreeMap<String,ArrayList<ByteString>> patternMap = new TreeMap<>();
199    TreeMap<String, ByteString> rdnMap = new TreeMap<>();
200
201    for (int i = 0; i < rdn.getNumValues(); i++)
202    {
203      rdnMap.put(rdn.getAttributeType(i).getNameOrOID(),
204                 rdn.getAttributeValue(i));
205    }
206
207    for (int i = 0; i < numValues; i++)
208    {
209      String lowerName = typePatterns[i].toLowerCase();
210      AttributeType type = DirectoryServer.getAttributeType(lowerName);
211      if (type == null)
212      {
213        return false;
214      }
215      patternMap.put(type.getNameOrOID(), valuePatterns.get(i));
216    }
217
218    Set<String> patternKeys = patternMap.keySet();
219    Set<String> rdnKeys = rdnMap.keySet();
220    Iterator<String> patternKeyIter = patternKeys.iterator();
221    for (String rdnKey : rdnKeys)
222    {
223      if (!rdnKey.equals(patternKeyIter.next()))
224      {
225        return false;
226      }
227
228      if (!matchValuePattern(patternMap.get(rdnKey),
229                             DirectoryServer.getAttributeType(rdnKey),
230                             rdnMap.get(rdnKey)))
231      {
232        return false;
233      }
234    }
235
236    return true;
237  }
238
239
240  /**
241   * Determine whether a value pattern matches a given attribute-value pair.
242   * @param pattern The value pattern where each element of the list is a
243   *                substring of the pattern appearing between wildcards.
244   * @param type The attribute type of the attribute-value pair.
245   * @param value The value of the attribute-value pair.
246   * @return true if the value pattern matches the attribute-value pair.
247   */
248  private boolean matchValuePattern(List<ByteString> pattern,
249                                    AttributeType type,
250                                    ByteString value)
251  {
252    if (pattern == null)
253    {
254      return true;
255    }
256
257    try
258    {
259      if (pattern.size() == 1)
260      {
261        // Handle this just like an equality filter.
262        MatchingRule rule = type.getEqualityMatchingRule();
263        ByteString thatNormValue = rule.normalizeAttributeValue(value);
264        return rule.getAssertion(pattern.get(0)).matches(thatNormValue).toBoolean();
265      }
266
267      // Handle this just like a substring filter.
268      ByteString subInitial = pattern.get(0);
269      if (subInitial.length() == 0)
270      {
271        subInitial = null;
272      }
273
274      ByteString subFinal = pattern.get(pattern.size() - 1);
275      if (subFinal.length() == 0)
276      {
277        subFinal = null;
278      }
279
280      List<ByteString> subAnyElements;
281      if (pattern.size() > 2)
282      {
283        subAnyElements = pattern.subList(1, pattern.size()-1);
284      }
285      else
286      {
287        subAnyElements = null;
288      }
289
290      Attribute attr = Attributes.create(type, value);
291      return attr.matchesSubstring(subInitial, subAnyElements, subFinal).toBoolean();
292    }
293    catch (DecodeException e)
294    {
295      logger.traceException(e);
296      return false;
297    }
298  }
299
300}