use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.
the class ResourceEnvIPCondition method getAdviceStrForEnv.
/**
* Returns the advice string that satisfies or matches for the client
* environment parameter, including client's IP Address.
*/
private String getAdviceStrForEnv(Map env, SSOToken token) throws PolicyException, SSOException {
String adviceStr = null;
//Check if all the keys are valid
for (int i = 0; i < envList.size(); i++) {
String key = (String) envList.get(i);
if (key != null) {
if (key.contains("=")) {
StringTokenizer st = new StringTokenizer(key, "=");
int tokenCount = st.countTokens();
if (tokenCount != 2) {
String[] args = { key };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
}
String envParamName = st.nextToken().trim();
String envParamValue = envParamName;
if (tokenCount == 2) {
envParamValue = st.nextToken().trim();
}
Set envSet = (Set) env.get(envParamName);
String strEnv = null;
if ((envSet != null) && (!envSet.isEmpty())) {
Iterator names = envSet.iterator();
while (names.hasNext()) {
strEnv = (String) names.next();
if ((strEnv != null) && (strEnv.equalsIgnoreCase(envParamValue))) {
adviceStr = (String) adviceList.get(i);
break;
}
}
} else {
String strIP = null;
Object object = env.get(REQUEST_IP);
if (object instanceof Set) {
Set ipSet = (Set) object;
if (ipSet.isEmpty()) {
if (token != null) {
strIP = token.getIPAddress().getHostAddress();
} else {
throw new PolicyException(ResBundleUtils.rbName, "client_ip_null", null, null);
}
} else {
Iterator names = ipSet.iterator();
strIP = (String) names.next();
}
} else if (object instanceof String) {
strIP = (String) object;
if (StringUtils.isBlank(strIP)) {
if (token != null) {
strIP = token.getIPAddress().getHostAddress();
} else {
throw new PolicyException(ResBundleUtils.rbName, "client_ip_null", null, null);
}
}
}
long requestIpV4 = 0;
IPv6Address requestIpV6 = null;
if (ValidateIPaddress.isIPv4(strIP)) {
requestIpV4 = stringToIp(strIP);
} else if (ValidateIPaddress.isIPv6(strIP)) {
requestIpV6 = IPv6Address.fromString(strIP);
} else {
if (DEBUG.messageEnabled()) {
DEBUG.message("ResourceEnvIPCondition:getAdviceStrForEnv invalid strIP : " + strIP);
}
continue;
}
int bIndex = envParamValue.indexOf("[");
int lIndex = envParamValue.indexOf("]");
String ipVal = envParamValue.substring(bIndex + 1, lIndex);
if (ipVal.contains("-")) {
StringTokenizer stIP = new StringTokenizer(ipVal, "-");
int tokenCnt = stIP.countTokens();
if (tokenCnt > 2) {
String[] args = { ipVal };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
}
String startIp = stIP.nextToken();
String endIp = startIp;
if (tokenCnt == 2) {
endIp = stIP.nextToken();
}
if (ValidateIPaddress.isIPv4(strIP) && ValidateIPaddress.isIPv4(startIp) && ValidateIPaddress.isIPv4(endIp)) {
long lStartIP = stringToIp(startIp);
long lEndIP = stringToIp(endIp);
if ((requestIpV4 >= lStartIP) && (requestIpV4 <= lEndIP)) {
adviceStr = (String) adviceList.get(i);
break;
}
} else if (ValidateIPaddress.isIPv6(strIP) && ValidateIPaddress.isIPv6(startIp) && ValidateIPaddress.isIPv6(endIp)) {
IPv6AddressRange ipv6Range = IPv6AddressRange.fromFirstAndLast(IPv6Address.fromString(startIp), IPv6Address.fromString(endIp));
if (requestIpV6 != null && ipv6Range.contains(requestIpV6)) {
adviceStr = (String) adviceList.get(i);
break;
}
} else {
String[] args = { strIP };
throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
}
} else if (requestIpV4 != 0 && ValidateIPaddress.isIPv4(ipVal)) {
long longIp = stringToIp(ipVal);
if (requestIpV4 == longIp) {
adviceStr = (String) adviceList.get(i);
break;
}
} else if (requestIpV6 != null && ValidateIPaddress.isIPv6(ipVal)) {
// treat as single ip address
IPv6Address iPv6AddressIpVal = IPv6Address.fromString(ipVal);
if (iPv6AddressIpVal.compareTo(requestIpV6) == 0) {
adviceStr = (String) adviceList.get(i);
break;
}
} else if (ipVal.contains("*")) {
adviceStr = (String) adviceList.get(i);
break;
} else {
String[] args = { ipVal };
throw new PolicyException(ResBundleUtils.rbName, "resource_env_not_known", args, null);
}
}
} else {
String[] args = { key };
throw new PolicyException(ResBundleUtils.rbName, "resource_env_not_known", args, null);
}
}
}
return adviceStr;
}
use of com.googlecode.ipv6.IPv6AddressRange in project cloudstack by apache.
the class NetUtils method isIp6RangeOverlap.
public static boolean isIp6RangeOverlap(final String ipRange1, final String ipRange2) {
String[] ips = ipRange1.split("-");
final String startIp1 = ips[0];
String endIp1 = null;
if (ips.length > 1) {
endIp1 = ips[1];
}
final IPv6Address start1 = IPv6Address.fromString(startIp1);
final IPv6Address end1 = IPv6Address.fromString(endIp1);
final IPv6AddressRange range1 = IPv6AddressRange.fromFirstAndLast(start1, end1);
ips = ipRange2.split("-");
final String startIp2 = ips[0];
String endIp2 = null;
if (ips.length > 1) {
endIp2 = ips[1];
}
final IPv6Address start2 = IPv6Address.fromString(startIp2);
final IPv6Address end2 = IPv6Address.fromString(endIp2);
final IPv6AddressRange range2 = IPv6AddressRange.fromFirstAndLast(start2, end2);
return range1.overlaps(range2);
}
use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.
the class Adaptive method checkIPRange.
/**
* Check to see if the IP address is within the ranges specified
*
* Range can be in the form of:
* x.x.x.x/YY
* or
* x.x.x.x-y.y.y.y.
* or
* x:x:x:x:x:x:x:x/YY
* or
* x:x:x:x:x:x:x:x-y:y:y:y:y:y:y:y
*
* There can be multiple ranges passed in
*
* @return score achieved with this test
*/
protected int checkIPRange() {
int retVal = 0;
String ipVersion;
String ipType;
Map<String, String> holdDetails;
for (String nextIP : IPRangeRange) {
try {
holdDetails = checkIPVersion(nextIP);
} catch (IllegalArgumentException e) {
if (debug.warningEnabled()) {
debug.warning("{}.checkIPRange: IP type could not be validated. IP={}", ADAPTIVE, nextIP, e);
}
continue;
}
ipVersion = holdDetails.get(IP_Version);
ipType = holdDetails.get(IP_TYPE);
if (ipVersion.equalsIgnoreCase(IP_V6) && ValidateIPaddress.isIPv6(clientIP)) {
if (debug.messageEnabled()) {
debug.message("{}.checkIPRange: {} --> {}", ADAPTIVE, clientIP, nextIP);
debug.message("IP version is: {}", IP_V6);
debug.message("Client IP is: {}", IPv6Address.fromString(clientIP));
}
if (ipType.equalsIgnoreCase("Range")) {
// Do range IPv6
String first = holdDetails.get(IP_START);
String last = holdDetails.get(IP_END);
IPv6AddressRange iPv6AddressRange = IPv6AddressRange.fromFirstAndLast(IPv6Address.fromString(first), IPv6Address.fromString(last));
if (iPv6AddressRange.contains(IPv6Address.fromString(clientIP))) {
retVal = IPRangeScore;
}
} else if (ipType.equalsIgnoreCase("CIDR")) {
// Subnet mask ip
IPv6Network iPv6Network = IPv6Network.fromString(nextIP);
if (iPv6Network.contains(IPv6Address.fromString(clientIP))) {
retVal = IPRangeScore;
}
} else {
// treat as single ip address
IPv6Address iPv6AddressNextIP = IPv6Address.fromString(nextIP);
if (iPv6AddressNextIP.compareTo(IPv6Address.fromString(clientIP)) == 0) {
retVal = IPRangeScore;
}
}
} else if (ipVersion.equalsIgnoreCase(IP_V4) && ValidateIPaddress.isIPv4(clientIP)) {
// treat as IPv4
if (debug.messageEnabled()) {
debug.message("{}.checkIPRange: {} --> {}", ADAPTIVE, clientIP, nextIP);
debug.message("IP version is: {}", IP_V4);
debug.message("Client IP is: {}", clientIP);
}
IPRange theRange = new IPRange(nextIP);
if (theRange.inRange(clientIP)) {
retVal = IPRangeScore;
}
}
}
if (!IPRangeInvert) {
retVal = IPRangeScore - retVal;
}
return retVal;
}
use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.
the class IPv6Condition method isAllowedByIp.
/**
* Checks of the ip falls in the valid range between
* start and end IP addresses.
* @see #START_IP
* @see #END_IP
*/
private boolean isAllowedByIp(String ip) throws PolicyException {
boolean allowed = false;
IPv6AddressRange iPv6AddressRange = IPv6AddressRange.fromFirstAndLast(startIP, endIP);
IPv6Address requestIP = IPv6Address.fromString(ip);
if (iPv6AddressRange.contains(requestIP)) {
allowed = true;
}
return allowed;
}
use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.
the class ResourceEnvIPCondition method matchEnvironment.
/**
* Returns the environment condition that satisfies or matches for the client
* environment parameter, including client's IP Address.
*/
@SuppressWarnings("unchecked")
private EnvironmentCondition matchEnvironment(Map env, SSOToken token) throws EntitlementException, SSOException {
if (debug.messageEnabled()) {
localDebugName = debugName + ".matchEnvironment(): ";
}
EnvironmentCondition matchingCondition = null;
final List<EnvironmentCondition> conditions = parseConditions(resourceEnvIPConditionValue);
//Check if all the keys are valid
for (EnvironmentCondition condition : conditions) {
final String envParamName = condition.paramName;
final String envParamValue = condition.paramValue;
Set<String> envSet = (Set<String>) env.get(envParamName);
if (!Utils.isEmpty(envSet)) {
for (String strEnv : envSet) {
if ((strEnv != null) && (strEnv.equalsIgnoreCase(envParamValue))) {
matchingCondition = condition;
break;
}
}
} else {
String strIP = null;
Object object = env.get(REQUEST_IP);
if (object instanceof Set) {
Set ipSet = (Set) object;
if (ipSet.isEmpty()) {
if (token != null) {
strIP = token.getIPAddress().getHostAddress();
} else {
throw new EntitlementException(CLIENT_IP_EMPTY);
}
} else {
Iterator names = ipSet.iterator();
strIP = (String) names.next();
}
} else if (object instanceof String) {
strIP = (String) object;
if (StringUtils.isBlank(strIP)) {
if (token != null) {
strIP = token.getIPAddress().getHostAddress();
} else {
throw new EntitlementException(CLIENT_IP_EMPTY);
}
}
}
long requestIpV4 = 0;
IPv6Address requestIpV6 = null;
if (ValidateIPaddress.isIPv4(strIP)) {
requestIpV4 = stringToIp(strIP);
} else if (ValidateIPaddress.isIPv6(strIP)) {
requestIpV6 = IPv6Address.fromString(strIP);
} else {
if (debug.messageEnabled()) {
debug.message(localDebugName + "invalid strIP : " + strIP);
}
continue;
}
int bIndex = envParamValue.indexOf("[");
int lIndex = envParamValue.indexOf("]");
String ipVal = envParamValue.substring(bIndex + 1, lIndex);
if (ipVal.contains("-")) {
StringTokenizer stIP = new StringTokenizer(ipVal, "-");
int tokenCnt = stIP.countTokens();
if (tokenCnt > 2) {
throw new EntitlementException(INVALID_PROPERTY_VALUE, new String[] { ipVal });
}
String startIp = stIP.nextToken();
String endIp = startIp;
if (tokenCnt == 2) {
endIp = stIP.nextToken();
}
if (ValidateIPaddress.isIPv4(strIP) && ValidateIPaddress.isIPv4(startIp) && ValidateIPaddress.isIPv4(endIp)) {
long lStartIP = stringToIp(startIp);
long lEndIP = stringToIp(endIp);
if ((requestIpV4 >= lStartIP) && (requestIpV4 <= lEndIP)) {
matchingCondition = condition;
break;
}
} else if (ValidateIPaddress.isIPv6(strIP) && ValidateIPaddress.isIPv6(startIp) && ValidateIPaddress.isIPv6(endIp)) {
IPv6AddressRange ipv6Range = IPv6AddressRange.fromFirstAndLast(IPv6Address.fromString(startIp), IPv6Address.fromString(endIp));
if (requestIpV6 != null && ipv6Range.contains(requestIpV6)) {
matchingCondition = condition;
break;
}
} else {
if (debug.errorEnabled()) {
debug.error(debugName + ".matchEnvironment(): invalid property value, " + strIP);
}
throw new EntitlementException(INVALID_PROPERTY_VALUE, new String[] { strIP });
}
} else if (requestIpV4 != 0 && ValidateIPaddress.isIPv4(ipVal)) {
long longIp = stringToIp(ipVal);
if (requestIpV4 == longIp) {
matchingCondition = condition;
break;
}
} else if (requestIpV6 != null && ValidateIPaddress.isIPv6(ipVal)) {
// treat as single ip address
IPv6Address iPv6AddressIpVal = IPv6Address.fromString(ipVal);
if (iPv6AddressIpVal.compareTo(requestIpV6) == 0) {
matchingCondition = condition;
break;
}
} else if (ipVal.contains("*")) {
matchingCondition = condition;
break;
} else {
throw new EntitlementException(RESOURCE_ENV_NOT_KNOWN, new String[] { ipVal });
}
}
}
return matchingCondition;
}
Aggregations