001/*
002 * The contents of this file are subject to the terms of the Common Development and
003 * Distribution License (the License). You may not use this file except in compliance with the
004 * License.
005 *
006 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
007 * specific language governing permission and limitations under the License.
008 *
009 * When distributing Covered Software, include this CDDL Header Notice in each file and include
010 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
011 * Header, with the fields enclosed by brackets [] replaced by your own identifying
012 * information: "Portions Copyright [year] [name of copyright owner]".
013 *
014 * Copyright 2008 Sun Microsystems, Inc.
015 * Portions Copyright 2014-2016 ForgeRock AS.
016 */
017package org.opends.server.authorization.dseecompat;
018
019import static org.opends.messages.AccessControlMessages.*;
020
021import org.forgerock.i18n.LocalizableMessage;
022import org.opends.server.types.DirectoryException;
023import org.opends.server.types.Entry;
024import org.opends.server.types.SearchFilter;
025
026/** This class represents a targetfilter keyword of an aci. */
027public class TargetFilter {
028
029    /** Enumeration representing the targetfilter operation. */
030    private final EnumTargetOperator op;
031    /** Filter parsed from the ACI used to match the resource entry. */
032    private final SearchFilter filter;
033
034    /**
035     * Class representing a targetfilter keyword.
036     * @param op The operation of the targetfilter expression (=, !=)
037     * @param filter The filter itself.
038     */
039    private TargetFilter(EnumTargetOperator op, SearchFilter filter) {
040        this.op=op;
041        this.filter=filter;
042    }
043
044    /**
045     * Decode a aci's targetfilter string.
046     * @param op The operation enumeration of the expression.
047     * @param expr A string representing the target filter.
048     * @return A TargetFilter class suitable for using in a match.
049     * @throws AciException If the expression string is invalid.
050     */
051    public static TargetFilter decode(EnumTargetOperator op, String expr)
052    throws AciException {
053        SearchFilter filter;
054        try {
055            filter = SearchFilter.createFilterFromString(expr);
056        } catch (DirectoryException ex) {
057            LocalizableMessage message =
058                WARN_ACI_SYNTAX_INVALID_TARGETFILTERKEYWORD_EXPRESSION.get(expr);
059            throw new AciException(message);
060        }
061        return new TargetFilter(op, filter);
062    }
063
064    /**
065     * Checks if a targetfilter matches an evaluation context.
066     * @param matchCtx The evaluation context to use in the matching.
067     * @return True if the target filter matched the context.
068     */
069    public boolean isApplicable(AciTargetMatchContext matchCtx) {
070        boolean ret = matchesFilter(matchCtx.getResourceEntry());
071        if(op.equals(EnumTargetOperator.NOT_EQUALITY))
072        {
073          return !ret;
074        }
075        return ret;
076    }
077
078    /**
079     * Checks the filter against an entry taken from the match context.
080     * @param e The entry from the evaluation context above.
081     * @return True if the filter matches the entry.
082     */
083    private boolean matchesFilter(Entry e) {
084        try {
085            return filter.matchesEntry(e);
086        } catch (DirectoryException ex) {
087            //TODO information message?
088            return false;
089        }
090    }
091}