Search in sources :

Example 1 with IPv6AddressRange

use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method getAdviceStrForEnv.

/**
     * Returns the advice string that satisfies or matches for the client
     * environment parameter, including client's IP Address.
     */
private String getAdviceStrForEnv(Map env, SSOToken token) throws PolicyException, SSOException {
    String adviceStr = null;
    //Check if all the keys are valid
    for (int i = 0; i < envList.size(); i++) {
        String key = (String) envList.get(i);
        if (key != null) {
            if (key.contains("=")) {
                StringTokenizer st = new StringTokenizer(key, "=");
                int tokenCount = st.countTokens();
                if (tokenCount != 2) {
                    String[] args = { key };
                    throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
                }
                String envParamName = st.nextToken().trim();
                String envParamValue = envParamName;
                if (tokenCount == 2) {
                    envParamValue = st.nextToken().trim();
                }
                Set envSet = (Set) env.get(envParamName);
                String strEnv = null;
                if ((envSet != null) && (!envSet.isEmpty())) {
                    Iterator names = envSet.iterator();
                    while (names.hasNext()) {
                        strEnv = (String) names.next();
                        if ((strEnv != null) && (strEnv.equalsIgnoreCase(envParamValue))) {
                            adviceStr = (String) adviceList.get(i);
                            break;
                        }
                    }
                } else {
                    String strIP = null;
                    Object object = env.get(REQUEST_IP);
                    if (object instanceof Set) {
                        Set ipSet = (Set) object;
                        if (ipSet.isEmpty()) {
                            if (token != null) {
                                strIP = token.getIPAddress().getHostAddress();
                            } else {
                                throw new PolicyException(ResBundleUtils.rbName, "client_ip_null", null, null);
                            }
                        } else {
                            Iterator names = ipSet.iterator();
                            strIP = (String) names.next();
                        }
                    } else if (object instanceof String) {
                        strIP = (String) object;
                        if (StringUtils.isBlank(strIP)) {
                            if (token != null) {
                                strIP = token.getIPAddress().getHostAddress();
                            } else {
                                throw new PolicyException(ResBundleUtils.rbName, "client_ip_null", null, null);
                            }
                        }
                    }
                    long requestIpV4 = 0;
                    IPv6Address requestIpV6 = null;
                    if (ValidateIPaddress.isIPv4(strIP)) {
                        requestIpV4 = stringToIp(strIP);
                    } else if (ValidateIPaddress.isIPv6(strIP)) {
                        requestIpV6 = IPv6Address.fromString(strIP);
                    } else {
                        if (DEBUG.messageEnabled()) {
                            DEBUG.message("ResourceEnvIPCondition:getAdviceStrForEnv invalid strIP : " + strIP);
                        }
                        continue;
                    }
                    int bIndex = envParamValue.indexOf("[");
                    int lIndex = envParamValue.indexOf("]");
                    String ipVal = envParamValue.substring(bIndex + 1, lIndex);
                    if (ipVal.contains("-")) {
                        StringTokenizer stIP = new StringTokenizer(ipVal, "-");
                        int tokenCnt = stIP.countTokens();
                        if (tokenCnt > 2) {
                            String[] args = { ipVal };
                            throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
                        }
                        String startIp = stIP.nextToken();
                        String endIp = startIp;
                        if (tokenCnt == 2) {
                            endIp = stIP.nextToken();
                        }
                        if (ValidateIPaddress.isIPv4(strIP) && ValidateIPaddress.isIPv4(startIp) && ValidateIPaddress.isIPv4(endIp)) {
                            long lStartIP = stringToIp(startIp);
                            long lEndIP = stringToIp(endIp);
                            if ((requestIpV4 >= lStartIP) && (requestIpV4 <= lEndIP)) {
                                adviceStr = (String) adviceList.get(i);
                                break;
                            }
                        } else if (ValidateIPaddress.isIPv6(strIP) && ValidateIPaddress.isIPv6(startIp) && ValidateIPaddress.isIPv6(endIp)) {
                            IPv6AddressRange ipv6Range = IPv6AddressRange.fromFirstAndLast(IPv6Address.fromString(startIp), IPv6Address.fromString(endIp));
                            if (requestIpV6 != null && ipv6Range.contains(requestIpV6)) {
                                adviceStr = (String) adviceList.get(i);
                                break;
                            }
                        } else {
                            String[] args = { strIP };
                            throw new PolicyException(ResBundleUtils.rbName, "invalid_property_value", args, null);
                        }
                    } else if (requestIpV4 != 0 && ValidateIPaddress.isIPv4(ipVal)) {
                        long longIp = stringToIp(ipVal);
                        if (requestIpV4 == longIp) {
                            adviceStr = (String) adviceList.get(i);
                            break;
                        }
                    } else if (requestIpV6 != null && ValidateIPaddress.isIPv6(ipVal)) {
                        // treat as single ip address
                        IPv6Address iPv6AddressIpVal = IPv6Address.fromString(ipVal);
                        if (iPv6AddressIpVal.compareTo(requestIpV6) == 0) {
                            adviceStr = (String) adviceList.get(i);
                            break;
                        }
                    } else if (ipVal.contains("*")) {
                        adviceStr = (String) adviceList.get(i);
                        break;
                    } else {
                        String[] args = { ipVal };
                        throw new PolicyException(ResBundleUtils.rbName, "resource_env_not_known", args, null);
                    }
                }
            } else {
                String[] args = { key };
                throw new PolicyException(ResBundleUtils.rbName, "resource_env_not_known", args, null);
            }
        }
    }
    return adviceStr;
}
Also used : StringTokenizer(java.util.StringTokenizer) HashSet(java.util.HashSet) Set(java.util.Set) IPv6AddressRange(com.googlecode.ipv6.IPv6AddressRange) PolicyException(com.sun.identity.policy.PolicyException) Iterator(java.util.Iterator) IPv6Address(com.googlecode.ipv6.IPv6Address)

Example 2 with IPv6AddressRange

use of com.googlecode.ipv6.IPv6AddressRange in project cloudstack by apache.

the class NetUtils method isIp6RangeOverlap.

public static boolean isIp6RangeOverlap(final String ipRange1, final String ipRange2) {
    String[] ips = ipRange1.split("-");
    final String startIp1 = ips[0];
    String endIp1 = null;
    if (ips.length > 1) {
        endIp1 = ips[1];
    }
    final IPv6Address start1 = IPv6Address.fromString(startIp1);
    final IPv6Address end1 = IPv6Address.fromString(endIp1);
    final IPv6AddressRange range1 = IPv6AddressRange.fromFirstAndLast(start1, end1);
    ips = ipRange2.split("-");
    final String startIp2 = ips[0];
    String endIp2 = null;
    if (ips.length > 1) {
        endIp2 = ips[1];
    }
    final IPv6Address start2 = IPv6Address.fromString(startIp2);
    final IPv6Address end2 = IPv6Address.fromString(endIp2);
    final IPv6AddressRange range2 = IPv6AddressRange.fromFirstAndLast(start2, end2);
    return range1.overlaps(range2);
}
Also used : IPv6AddressRange(com.googlecode.ipv6.IPv6AddressRange) IPv6Address(com.googlecode.ipv6.IPv6Address)

Example 3 with IPv6AddressRange

use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.

the class Adaptive method checkIPRange.

/**
     * Check to see if the IP address is within the ranges specified
     *
     * Range can be in the form of:
     * x.x.x.x/YY
     * or
     * x.x.x.x-y.y.y.y.
     * or
     * x:x:x:x:x:x:x:x/YY
     * or
     * x:x:x:x:x:x:x:x-y:y:y:y:y:y:y:y
     *
     * There can be multiple ranges passed in
     *
     * @return score achieved with this test
     */
protected int checkIPRange() {
    int retVal = 0;
    String ipVersion;
    String ipType;
    Map<String, String> holdDetails;
    for (String nextIP : IPRangeRange) {
        try {
            holdDetails = checkIPVersion(nextIP);
        } catch (IllegalArgumentException e) {
            if (debug.warningEnabled()) {
                debug.warning("{}.checkIPRange: IP type could not be validated. IP={}", ADAPTIVE, nextIP, e);
            }
            continue;
        }
        ipVersion = holdDetails.get(IP_Version);
        ipType = holdDetails.get(IP_TYPE);
        if (ipVersion.equalsIgnoreCase(IP_V6) && ValidateIPaddress.isIPv6(clientIP)) {
            if (debug.messageEnabled()) {
                debug.message("{}.checkIPRange: {} --> {}", ADAPTIVE, clientIP, nextIP);
                debug.message("IP version is: {}", IP_V6);
                debug.message("Client IP is: {}", IPv6Address.fromString(clientIP));
            }
            if (ipType.equalsIgnoreCase("Range")) {
                // Do range IPv6
                String first = holdDetails.get(IP_START);
                String last = holdDetails.get(IP_END);
                IPv6AddressRange iPv6AddressRange = IPv6AddressRange.fromFirstAndLast(IPv6Address.fromString(first), IPv6Address.fromString(last));
                if (iPv6AddressRange.contains(IPv6Address.fromString(clientIP))) {
                    retVal = IPRangeScore;
                }
            } else if (ipType.equalsIgnoreCase("CIDR")) {
                // Subnet mask ip
                IPv6Network iPv6Network = IPv6Network.fromString(nextIP);
                if (iPv6Network.contains(IPv6Address.fromString(clientIP))) {
                    retVal = IPRangeScore;
                }
            } else {
                // treat as single ip address
                IPv6Address iPv6AddressNextIP = IPv6Address.fromString(nextIP);
                if (iPv6AddressNextIP.compareTo(IPv6Address.fromString(clientIP)) == 0) {
                    retVal = IPRangeScore;
                }
            }
        } else if (ipVersion.equalsIgnoreCase(IP_V4) && ValidateIPaddress.isIPv4(clientIP)) {
            // treat as IPv4
            if (debug.messageEnabled()) {
                debug.message("{}.checkIPRange: {} --> {}", ADAPTIVE, clientIP, nextIP);
                debug.message("IP version is: {}", IP_V4);
                debug.message("Client IP is: {}", clientIP);
            }
            IPRange theRange = new IPRange(nextIP);
            if (theRange.inRange(clientIP)) {
                retVal = IPRangeScore;
            }
        }
    }
    if (!IPRangeInvert) {
        retVal = IPRangeScore - retVal;
    }
    return retVal;
}
Also used : IPv6AddressRange(com.googlecode.ipv6.IPv6AddressRange) IPv6Address(com.googlecode.ipv6.IPv6Address) IPv6Network(com.googlecode.ipv6.IPv6Network) IPRange(org.forgerock.openam.utils.IPRange)

Example 4 with IPv6AddressRange

use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.

the class IPv6Condition method isAllowedByIp.

/**
     *  Checks of the ip falls in the valid range between
     * start and end IP addresses.
     * @see #START_IP
     * @see #END_IP
     */
private boolean isAllowedByIp(String ip) throws PolicyException {
    boolean allowed = false;
    IPv6AddressRange iPv6AddressRange = IPv6AddressRange.fromFirstAndLast(startIP, endIP);
    IPv6Address requestIP = IPv6Address.fromString(ip);
    if (iPv6AddressRange.contains(requestIP)) {
        allowed = true;
    }
    return allowed;
}
Also used : IPv6AddressRange(com.googlecode.ipv6.IPv6AddressRange) IPv6Address(com.googlecode.ipv6.IPv6Address)

Example 5 with IPv6AddressRange

use of com.googlecode.ipv6.IPv6AddressRange in project OpenAM by OpenRock.

the class ResourceEnvIPCondition method matchEnvironment.

/**
     * Returns the environment condition that satisfies or matches for the client
     * environment parameter, including client's IP Address.
     */
@SuppressWarnings("unchecked")
private EnvironmentCondition matchEnvironment(Map env, SSOToken token) throws EntitlementException, SSOException {
    if (debug.messageEnabled()) {
        localDebugName = debugName + ".matchEnvironment(): ";
    }
    EnvironmentCondition matchingCondition = null;
    final List<EnvironmentCondition> conditions = parseConditions(resourceEnvIPConditionValue);
    //Check if all the keys are valid
    for (EnvironmentCondition condition : conditions) {
        final String envParamName = condition.paramName;
        final String envParamValue = condition.paramValue;
        Set<String> envSet = (Set<String>) env.get(envParamName);
        if (!Utils.isEmpty(envSet)) {
            for (String strEnv : envSet) {
                if ((strEnv != null) && (strEnv.equalsIgnoreCase(envParamValue))) {
                    matchingCondition = condition;
                    break;
                }
            }
        } else {
            String strIP = null;
            Object object = env.get(REQUEST_IP);
            if (object instanceof Set) {
                Set ipSet = (Set) object;
                if (ipSet.isEmpty()) {
                    if (token != null) {
                        strIP = token.getIPAddress().getHostAddress();
                    } else {
                        throw new EntitlementException(CLIENT_IP_EMPTY);
                    }
                } else {
                    Iterator names = ipSet.iterator();
                    strIP = (String) names.next();
                }
            } else if (object instanceof String) {
                strIP = (String) object;
                if (StringUtils.isBlank(strIP)) {
                    if (token != null) {
                        strIP = token.getIPAddress().getHostAddress();
                    } else {
                        throw new EntitlementException(CLIENT_IP_EMPTY);
                    }
                }
            }
            long requestIpV4 = 0;
            IPv6Address requestIpV6 = null;
            if (ValidateIPaddress.isIPv4(strIP)) {
                requestIpV4 = stringToIp(strIP);
            } else if (ValidateIPaddress.isIPv6(strIP)) {
                requestIpV6 = IPv6Address.fromString(strIP);
            } else {
                if (debug.messageEnabled()) {
                    debug.message(localDebugName + "invalid strIP : " + strIP);
                }
                continue;
            }
            int bIndex = envParamValue.indexOf("[");
            int lIndex = envParamValue.indexOf("]");
            String ipVal = envParamValue.substring(bIndex + 1, lIndex);
            if (ipVal.contains("-")) {
                StringTokenizer stIP = new StringTokenizer(ipVal, "-");
                int tokenCnt = stIP.countTokens();
                if (tokenCnt > 2) {
                    throw new EntitlementException(INVALID_PROPERTY_VALUE, new String[] { ipVal });
                }
                String startIp = stIP.nextToken();
                String endIp = startIp;
                if (tokenCnt == 2) {
                    endIp = stIP.nextToken();
                }
                if (ValidateIPaddress.isIPv4(strIP) && ValidateIPaddress.isIPv4(startIp) && ValidateIPaddress.isIPv4(endIp)) {
                    long lStartIP = stringToIp(startIp);
                    long lEndIP = stringToIp(endIp);
                    if ((requestIpV4 >= lStartIP) && (requestIpV4 <= lEndIP)) {
                        matchingCondition = condition;
                        break;
                    }
                } else if (ValidateIPaddress.isIPv6(strIP) && ValidateIPaddress.isIPv6(startIp) && ValidateIPaddress.isIPv6(endIp)) {
                    IPv6AddressRange ipv6Range = IPv6AddressRange.fromFirstAndLast(IPv6Address.fromString(startIp), IPv6Address.fromString(endIp));
                    if (requestIpV6 != null && ipv6Range.contains(requestIpV6)) {
                        matchingCondition = condition;
                        break;
                    }
                } else {
                    if (debug.errorEnabled()) {
                        debug.error(debugName + ".matchEnvironment(): invalid property value, " + strIP);
                    }
                    throw new EntitlementException(INVALID_PROPERTY_VALUE, new String[] { strIP });
                }
            } else if (requestIpV4 != 0 && ValidateIPaddress.isIPv4(ipVal)) {
                long longIp = stringToIp(ipVal);
                if (requestIpV4 == longIp) {
                    matchingCondition = condition;
                    break;
                }
            } else if (requestIpV6 != null && ValidateIPaddress.isIPv6(ipVal)) {
                // treat as single ip address
                IPv6Address iPv6AddressIpVal = IPv6Address.fromString(ipVal);
                if (iPv6AddressIpVal.compareTo(requestIpV6) == 0) {
                    matchingCondition = condition;
                    break;
                }
            } else if (ipVal.contains("*")) {
                matchingCondition = condition;
                break;
            } else {
                throw new EntitlementException(RESOURCE_ENV_NOT_KNOWN, new String[] { ipVal });
            }
        }
    }
    return matchingCondition;
}
Also used : Set(java.util.Set) HashSet(java.util.HashSet) IPv6AddressRange(com.googlecode.ipv6.IPv6AddressRange) IPv6Address(com.googlecode.ipv6.IPv6Address) EntitlementException(com.sun.identity.entitlement.EntitlementException) StringTokenizer(java.util.StringTokenizer) Iterator(java.util.Iterator) JSONObject(org.json.JSONObject)

Aggregations

IPv6Address (com.googlecode.ipv6.IPv6Address)5 IPv6AddressRange (com.googlecode.ipv6.IPv6AddressRange)5 HashSet (java.util.HashSet)2 Iterator (java.util.Iterator)2 Set (java.util.Set)2 StringTokenizer (java.util.StringTokenizer)2 IPv6Network (com.googlecode.ipv6.IPv6Network)1 EntitlementException (com.sun.identity.entitlement.EntitlementException)1 PolicyException (com.sun.identity.policy.PolicyException)1 IPRange (org.forgerock.openam.utils.IPRange)1 JSONObject (org.json.JSONObject)1