/**
* @return true if access for the candidate address should be permitted, false if access should be
* denied.
* @throws RuntimeException if no rule covers the candidate address. This would be the case if
* this class is applied to some network protocol other than ipv4 or ipv6, without adding a
* default rule for it.
*/
public boolean permitAccess(byte[] addr) {
ensureAclsUptodate();
for (int i = 0; i < aclEntries.size(); i++) {
if (((AclEntry) aclEntries.get(i)).matches(addr)) {
AclEntry hit = (AclEntry) aclEntries.get(i);
println(
"Addr '" + ServerAcl.dottedNotation(addr) + "' matched rule #" + (i + 1) + ": " + hit);
return hit.allow;
}
}
throw new RuntimeException("No rule matches address '" + ServerAcl.dottedNotation(addr) + "'");
}
public void validateMask() throws AclFormatException {
if (BitMap.hasAnyBitSet(BitMap.and(value, BitMap.not(mask)))) {
throw new AclFormatException(
"The base address '"
+ ServerAcl.dottedNotation(value)
+ "' is too specific for block-size-spec /"
+ bitBlockSize);
}
}
public String toString() {
StringBuffer sb = new StringBuffer("Addrs ");
sb.append(
(value.length == 16)
? ("[" + ServerAcl.colonNotation(value) + ']')
: ServerAcl.dottedNotation(value));
sb.append("/" + bitBlockSize + ' ' + (allow ? "ALLOW" : "DENY"));
return sb.toString();
}
