/*
 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 * particular file as subject to the "Classpath" exception as provided
 * by Oracle in the LICENSE file that accompanied this code.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */


package com.sun.jmx.snmp.IPAcl;



// java import
//
import java.io.Serializable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Hashtable;
import java.util.logging.Level;
import java.util.Vector;
import java.util.Enumeration;
import java.util.HashSet;
import java.security.acl.AclEntry;
import java.security.acl.NotOwnerException;

// SNMP Runtime import
//
import static com.sun.jmx.defaults.JmxProperties.SNMP_LOGGER;
import com.sun.jmx.snmp.InetAddressAcl;

Defines an implementation of the InetAddressAcl interface.

In this implementation the ACL information is stored on a flat file and its default location is "$JRE/lib/snmp.acl" - See getDefaultAclFileName()

    This API is a Sun Microsystems internal API and is subject to change without notice.

/** * Defines an implementation of the {@link com.sun.jmx.snmp.InetAddressAcl InetAddressAcl} interface. * <p> * In this implementation the ACL information is stored on a flat file and * its default location is "$JRE/lib/snmp.acl" - See * {@link #getDefaultAclFileName()} * <p> * <OL> * * <p><b>This API is a Sun Microsystems internal API and is subject * to change without notice.</b></p> */
public class SnmpAcl implements InetAddressAcl, Serializable { private static final long serialVersionUID = -6702287103824397063L; static final PermissionImpl READ = new PermissionImpl("READ"); static final PermissionImpl WRITE = new PermissionImpl("WRITE");
Constructs the Java Dynamic Management(TM) Access Control List based on IP addresses. The ACL will take the given owner name. The current IP address will be the owner of the ACL.
Params:
  • Owner – The name of the ACL Owner.
Throws:
/** * Constructs the Java Dynamic Management(TM) Access Control List * based on IP addresses. The ACL will take the given owner name. * The current IP address will be the owner of the ACL. * * @param Owner The name of the ACL Owner. * * @exception UnknownHostException If the local host is unknown. * @exception IllegalArgumentException If the ACL file doesn't exist. */
public SnmpAcl(String Owner) throws UnknownHostException, IllegalArgumentException { this(Owner,null); }
Constructs the Java Dynamic Management(TM) Access Control List based on IP addresses. The ACL will take the given owner name. The current IP address will be the owner of the ACL.
Params:
  • Owner – The name of the ACL Owner.
  • aclFileName – The name of the ACL File.
Throws:
/** * Constructs the Java Dynamic Management(TM) Access Control List * based on IP addresses. The ACL will take the given owner name. * The current IP address will be the owner of the ACL. * * @param Owner The name of the ACL Owner. * @param aclFileName The name of the ACL File. * * @exception UnknownHostException If the local host is unknown. * @exception IllegalArgumentException If the ACL file doesn't exist. */
public SnmpAcl(String Owner, String aclFileName) throws UnknownHostException, IllegalArgumentException { trapDestList= new Hashtable<InetAddress, Vector<String>>(); informDestList= new Hashtable<InetAddress, Vector<String>>(); // PrincipalImpl() take the current host as entry owner = new PrincipalImpl(); try { acl = new AclImpl(owner,Owner); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); } catch (NotOwnerException ex) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "SnmpAcl(String,String)", "Should never get NotOwnerException as the owner " + "is built in this constructor"); } } if (aclFileName == null) setDefaultFileName(); else setAuthorizedListFile(aclFileName); readAuthorizedListFile(); }
Returns an enumeration of the entries in this ACL. Each element in the enumeration is of type java.security.acl.AclEntry.
Returns:An enumeration of the entries in this ACL.
/** * Returns an enumeration of the entries in this ACL. Each element in the * enumeration is of type <CODE>java.security.acl.AclEntry</CODE>. * * @return An enumeration of the entries in this ACL. */
public Enumeration<AclEntry> entries() { return acl.entries(); }
Returns ann enumeration of community strings. Community strings are returned as String.
Returns:The enumeration of community strings.
/** * Returns ann enumeration of community strings. Community strings are returned as String. * @return The enumeration of community strings. */
public Enumeration<String> communities() { HashSet<String> set = new HashSet<String>(); Vector<String> res = new Vector<String>(); for (Enumeration<AclEntry> e = acl.entries() ; e.hasMoreElements() ;) { AclEntryImpl entry = (AclEntryImpl) e.nextElement(); for (Enumeration<String> cs = entry.communities(); cs.hasMoreElements() ;) { set.add(cs.nextElement()); } } String[] objs = set.toArray(new String[0]); for(int i = 0; i < objs.length; i++) res.addElement(objs[i]); return res.elements(); }
Returns the name of the ACL.
Returns:The name of the ACL.
/** * Returns the name of the ACL. * * @return The name of the ACL. */
public String getName() { return acl.getName(); }
Returns the read permission instance used.
Returns:The read permission instance.
/** * Returns the read permission instance used. * * @return The read permission instance. */
static public PermissionImpl getREAD() { return READ; }
Returns the write permission instance used.
Returns: The write permission instance.
/** * Returns the write permission instance used. * * @return The write permission instance. */
static public PermissionImpl getWRITE() { return WRITE; }
Get the default name for the ACL file. In this implementation this is "$JRE/lib/snmp.acl"
Returns:The default name for the ACL file.
/** * Get the default name for the ACL file. * In this implementation this is "$JRE/lib/snmp.acl" * @return The default name for the ACL file. **/
public static String getDefaultAclFileName() { final String fileSeparator = System.getProperty("file.separator"); final StringBuffer defaultAclName = new StringBuffer(System.getProperty("java.home")). append(fileSeparator).append("lib").append(fileSeparator). append("snmp.acl"); return defaultAclName.toString(); }
Sets the full path of the file containing the ACL information.
Params:
  • filename – The full path of the file containing the ACL information.
Throws:
/** * Sets the full path of the file containing the ACL information. * * @param filename The full path of the file containing the ACL information. * @throws IllegalArgumentException If the passed ACL file doesn't exist. */
public void setAuthorizedListFile(String filename) throws IllegalArgumentException { File file = new File(filename); if (!file.isFile() ) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "setAuthorizedListFile", "ACL file not found: " + filename); } throw new IllegalArgumentException("The specified file ["+file+"] "+ "doesn't exist or is not a file, "+ "no configuration loaded"); } if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "setAuthorizedListFile", "Default file set to " + filename); } authorizedListFile = filename; }
Resets this ACL to the values contained in the configuration file.
Throws:
  • NotOwnerException – If the principal attempting the reset is not an owner of this ACL.
  • UnknownHostException – If IP addresses for hosts contained in the ACL file couldn't be found.
/** * Resets this ACL to the values contained in the configuration file. * * @exception NotOwnerException If the principal attempting the reset is not an owner of this ACL. * @exception UnknownHostException If IP addresses for hosts contained in the ACL file couldn't be found. */
public void rereadTheFile() throws NotOwnerException, UnknownHostException { alwaysAuthorized = false; acl.removeAll(owner); trapDestList.clear(); informDestList.clear(); AclEntry ownEntry = new AclEntryImpl(owner); ownEntry.addPermission(READ); ownEntry.addPermission(WRITE); acl.addEntry(owner,ownEntry); readAuthorizedListFile(); }
Returns the full path of the file used to get ACL information.
Returns:The full path of the file used to get ACL information.
/** * Returns the full path of the file used to get ACL information. * * @return The full path of the file used to get ACL information. */
public String getAuthorizedListFile() { return authorizedListFile; }
Checks whether or not the specified host has READ access.
Params:
  • address – The host address to check.
Returns:true if the host has read permission, false otherwise.
/** * Checks whether or not the specified host has <CODE>READ</CODE> access. * * @param address The host address to check. * * @return <CODE>true</CODE> if the host has read permission, <CODE>false</CODE> otherwise. */
public boolean checkReadPermission(InetAddress address) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, READ); }
Checks whether or not the specified host and community have READ access.
Params:
  • address – The host address to check.
  • community – The community associated with the host.
Returns:true if the pair (host, community) has read permission, false otherwise.
/** * Checks whether or not the specified host and community have <CODE>READ</CODE> access. * * @param address The host address to check. * @param community The community associated with the host. * * @return <CODE>true</CODE> if the pair (host, community) has read permission, <CODE>false</CODE> otherwise. */
public boolean checkReadPermission(InetAddress address, String community) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, community, READ); }
Checks whether or not a community string is defined.
Params:
  • community – The community to check.
Returns:true if the community is known, false otherwise.
/** * Checks whether or not a community string is defined. * * @param community The community to check. * * @return <CODE>true</CODE> if the community is known, <CODE>false</CODE> otherwise. */
public boolean checkCommunity(String community) { return acl.checkCommunity(community); }
Checks whether or not the specified host has WRITE access.
Params:
  • address – The host address to check.
Returns:true if the host has write permission, false otherwise.
/** * Checks whether or not the specified host has <CODE>WRITE</CODE> access. * * @param address The host address to check. * * @return <CODE>true</CODE> if the host has write permission, <CODE>false</CODE> otherwise. */
public boolean checkWritePermission(InetAddress address) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, WRITE); }
Checks whether or not the specified host and community have WRITE access.
Params:
  • address – The host address to check.
  • community – The community associated with the host.
Returns:true if the pair (host, community) has write permission, false otherwise.
/** * Checks whether or not the specified host and community have <CODE>WRITE</CODE> access. * * @param address The host address to check. * @param community The community associated with the host. * * @return <CODE>true</CODE> if the pair (host, community) has write permission, <CODE>false</CODE> otherwise. */
public boolean checkWritePermission(InetAddress address, String community) { if (alwaysAuthorized) return ( true ); PrincipalImpl p = new PrincipalImpl(address); return acl.checkPermission(p, community, WRITE); }
Returns an enumeration of trap destinations.
Returns:An enumeration of the trap destinations (enumeration of InetAddress).
/** * Returns an enumeration of trap destinations. * * @return An enumeration of the trap destinations (enumeration of <CODE>InetAddress</CODE>). */
public Enumeration<InetAddress> getTrapDestinations() { return trapDestList.keys(); }
Returns an enumeration of trap communities for a given host.
Params:
  • i – The address of the host.
Returns:An enumeration of trap communities for a given host (enumeration of String).
/** * Returns an enumeration of trap communities for a given host. * * @param i The address of the host. * * @return An enumeration of trap communities for a given host (enumeration of <CODE>String</CODE>). */
public Enumeration<String> getTrapCommunities(InetAddress i) { Vector<String> list = null; if ((list = trapDestList.get(i)) != null ) { if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getTrapCommunities", "["+i.toString()+"] is in list"); } return list.elements(); } else { list = new Vector<>(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getTrapCommunities", "["+i.toString()+"] is not in list"); } return list.elements(); } }
Returns an enumeration of inform destinations.
Returns:An enumeration of the inform destinations (enumeration of InetAddress).
/** * Returns an enumeration of inform destinations. * * @return An enumeration of the inform destinations (enumeration of <CODE>InetAddress</CODE>). */
public Enumeration<InetAddress> getInformDestinations() { return informDestList.keys(); }
Returns an enumeration of inform communities for a given host.
Params:
  • i – The address of the host.
Returns:An enumeration of inform communities for a given host (enumeration of String).
/** * Returns an enumeration of inform communities for a given host. * * @param i The address of the host. * * @return An enumeration of inform communities for a given host (enumeration of <CODE>String</CODE>). */
public Enumeration<String> getInformCommunities(InetAddress i) { Vector<String> list = null; if ((list = informDestList.get(i)) != null ) { if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getInformCommunities", "["+i.toString()+"] is in list"); } return list.elements(); } else { list = new Vector<>(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "getInformCommunities", "["+i.toString()+"] is not in list"); } return list.elements(); } }
Converts the input configuration file into ACL.
/** * Converts the input configuration file into ACL. */
private void readAuthorizedListFile() { alwaysAuthorized = false; if (authorizedListFile == null) { if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "readAuthorizedListFile", "alwaysAuthorized set to true"); } alwaysAuthorized = true ; } else { // Read the file content Parser parser = null; try { parser= new Parser(new FileInputStream(getAuthorizedListFile())); } catch (FileNotFoundException e) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "readAuthorizedListFile", "The specified file was not found, authorize everybody"); } alwaysAuthorized = true ; return; } try { JDMSecurityDefs n = parser.SecurityDefs(); n.buildAclEntries(owner, acl); n.buildTrapEntries(trapDestList); n.buildInformEntries(informDestList); } catch (ParseException e) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "readAuthorizedListFile", "Got parsing exception", e); } throw new IllegalArgumentException(e.getMessage()); } catch (Error err) { if (SNMP_LOGGER.isLoggable(Level.FINEST)) { SNMP_LOGGER.logp(Level.FINEST, SnmpAcl.class.getName(), "readAuthorizedListFile", "Got unexpected error", err); } throw new IllegalArgumentException(err.getMessage()); } for(Enumeration<AclEntry> e = acl.entries(); e.hasMoreElements();) { AclEntryImpl aa = (AclEntryImpl) e.nextElement(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "readAuthorizedListFile", "===> " + aa.getPrincipal().toString()); } for (Enumeration<java.security.acl.Permission> eee = aa.permissions();eee.hasMoreElements();) { java.security.acl.Permission perm = eee.nextElement(); if (SNMP_LOGGER.isLoggable(Level.FINER)) { SNMP_LOGGER.logp(Level.FINER, SnmpAcl.class.getName(), "readAuthorizedListFile", "perm = " + perm); } } } } }
Set the default full path for "snmp.acl" input file. Do not complain if the file does not exists.
/** * Set the default full path for "snmp.acl" input file. * Do not complain if the file does not exists. */
private void setDefaultFileName() { try { setAuthorizedListFile(getDefaultAclFileName()); } catch (IllegalArgumentException x) { // OK... } } // PRIVATE VARIABLES //------------------
Represents the Access Control List.
/** * Represents the Access Control List. */
private AclImpl acl = null;
Flag indicating whether the access is always authorized.
This is the case if there is no flat file defined.
/** * Flag indicating whether the access is always authorized. * <BR>This is the case if there is no flat file defined. */
private boolean alwaysAuthorized = false;
Represents the Access Control List flat file.
/** * Represents the Access Control List flat file. */
private String authorizedListFile = null;
Contains the hosts list for trap destination.
/** * Contains the hosts list for trap destination. */
private Hashtable<InetAddress, Vector<String>> trapDestList = null;
Contains the hosts list for inform destination.
/** * Contains the hosts list for inform destination. */
private Hashtable<InetAddress, Vector<String>> informDestList = null; private PrincipalImpl owner = null; }