/**
* Utility method that allows interactive testing of individal ACL records, as well as the net
* effect of the ACL record list.
*
* <p>Run "java -cp path/to/hsqldb.jar org.hsqldb.server.ServerAcl --help" for Syntax help.
*/
public static void main(String[] sa) throws AclFormatException, IOException {
if (sa.length > 1) {
throw new RuntimeException(
"Try: java -cp path/to/hsqldb.jar " + ServerAcl.class.getName() + " --help");
}
if (sa.length > 0 && sa[0].equals("--help")) {
System.err.println(
"SYNTAX: java -cp path/to/hsqldb.jar " + ServerAcl.class.getName() + " [filepath.txt]");
System.err.println("ACL file path defaults to 'acl.txt' in the " + "current directory.");
System.exit(0);
}
ServerAcl serverAcl = new ServerAcl(new File((sa.length == 0) ? "acl.txt" : sa[0]));
serverAcl.setPrintWriter(new PrintWriter(System.out));
System.out.println(serverAcl.toString());
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
System.out.println("Enter hostnames or IP addresses to be tested " + "(one per line).");
String s;
while ((s = br.readLine()) != null) {
s = s.trim();
if (s.length() < 1) {
continue;
}
System.out.println(Boolean.toString(serverAcl.permitAccess(s)));
}
}
public String toString() {
StringBuffer sb = new StringBuffer("Addrs ");
sb.append(
(value.length == 16)
? ("[" + ServerAcl.colonNotation(value) + ']')
: ServerAcl.dottedNotation(value));
sb.append("/" + bitBlockSize + ' ' + (allow ? "ALLOW" : "DENY"));
return sb.toString();
}
/**
* @return true if access for the candidate address should be permitted, false if access should be
* denied.
* @throws RuntimeException if no rule covers the candidate address. This would be the case if
* this class is applied to some network protocol other than ipv4 or ipv6, without adding a
* default rule for it.
*/
public boolean permitAccess(byte[] addr) {
ensureAclsUptodate();
for (int i = 0; i < aclEntries.size(); i++) {
if (((AclEntry) aclEntries.get(i)).matches(addr)) {
AclEntry hit = (AclEntry) aclEntries.get(i);
println(
"Addr '" + ServerAcl.dottedNotation(addr) + "' matched rule #" + (i + 1) + ": " + hit);
return hit.allow;
}
}
throw new RuntimeException("No rule matches address '" + ServerAcl.dottedNotation(addr) + "'");
}
public void validateMask() throws AclFormatException {
if (BitMap.hasAnyBitSet(BitMap.and(value, BitMap.not(mask)))) {
throw new AclFormatException(
"The base address '"
+ ServerAcl.dottedNotation(value)
+ "' is too specific for block-size-spec /"
+ bitBlockSize);
}
}