/**
* Constructs the Java Dynamic Management(TM) Access Control List based on IP addresses. The ACL
* will take the given owner name. The current IP address will be the owner of the ACL.
*
* @param Owner The name of the ACL Owner.
* @param aclFileName The name of the ACL File.
* @exception UnknownHostException If the local host is unknown.
* @exception IllegalArgumentException If the ACL file doesn't exist.
*/
public SnmpAcl(String Owner, String aclFileName)
throws UnknownHostException, IllegalArgumentException {
trapDestList = new Hashtable<InetAddress, Vector<String>>();
informDestList = new Hashtable<InetAddress, Vector<String>>();
// PrincipalImpl() take the current host as entry
owner = new PrincipalImpl();
try {
acl = new AclImpl(owner, Owner);
AclEntry ownEntry = new AclEntryImpl(owner);
ownEntry.addPermission(READ);
ownEntry.addPermission(WRITE);
acl.addEntry(owner, ownEntry);
} catch (NotOwnerException ex) {
if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
SNMP_LOGGER.logp(
Level.FINEST,
SnmpAcl.class.getName(),
"SnmpAcl(String,String)",
"Should never get NotOwnerException as the owner " + "is built in this constructor");
}
}
if (aclFileName == null) setDefaultFileName();
else setAuthorizedListFile(aclFileName);
readAuthorizedListFile();
}
/**
* Sets the full path of the file containing the ACL information.
*
* @param filename The full path of the file containing the ACL information.
* @throws IllegalArgumentException If the passed ACL file doesn't exist.
*/
public void setAuthorizedListFile(String filename) throws IllegalArgumentException {
File file = new File(filename);
if (!file.isFile()) {
if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
SNMP_LOGGER.logp(
Level.FINEST,
SnmpAcl.class.getName(),
"setAuthorizedListFile",
"ACL file not found: " + filename);
}
throw new IllegalArgumentException(
"The specified file ["
+ file
+ "] "
+ "doesn't exist or is not a file, "
+ "no configuration loaded");
}
if (SNMP_LOGGER.isLoggable(Level.FINER)) {
SNMP_LOGGER.logp(
Level.FINER,
SnmpAcl.class.getName(),
"setAuthorizedListFile",
"Default file set to " + filename);
}
authorizedListFile = filename;
}
/**
* Returns an enumeration of inform communities for a given host.
*
* @param i The address of the host.
* @return An enumeration of inform communities for a given host (enumeration of <CODE>String
* </CODE>).
*/
public Enumeration<String> getInformCommunities(InetAddress i) {
Vector<String> list = null;
if ((list = informDestList.get(i)) != null) {
if (SNMP_LOGGER.isLoggable(Level.FINER)) {
SNMP_LOGGER.logp(
Level.FINER,
SnmpAcl.class.getName(),
"getInformCommunities",
"[" + i.toString() + "] is in list");
}
return list.elements();
} else {
list = new Vector<>();
if (SNMP_LOGGER.isLoggable(Level.FINER)) {
SNMP_LOGGER.logp(
Level.FINER,
SnmpAcl.class.getName(),
"getInformCommunities",
"[" + i.toString() + "] is not in list");
}
return list.elements();
}
}
/**
* Gets the PDU encoded in this message.
*
* <p>This method decodes the data field and returns the resulting PDU.
*
* @return The resulting PDU.
* @exception SnmpStatusException If the encoding is not valid.
* @since 1.5
*/
public SnmpPdu decodeSnmpPdu() throws SnmpStatusException {
//
// Decode the pdu
//
SnmpPduPacket pdu = null;
BerDecoder bdec = new BerDecoder(data);
try {
int type = bdec.getTag();
bdec.openSequence(type);
switch (type) {
case pduGetRequestPdu:
case pduGetNextRequestPdu:
case pduInformRequestPdu:
case pduGetResponsePdu:
case pduSetRequestPdu:
case pduV2TrapPdu:
case pduReportPdu:
SnmpPduRequest reqPdu = new SnmpPduRequest();
reqPdu.requestId = bdec.fetchInteger();
reqPdu.errorStatus = bdec.fetchInteger();
reqPdu.errorIndex = bdec.fetchInteger();
pdu = reqPdu;
break;
case pduGetBulkRequestPdu:
SnmpPduBulk bulkPdu = new SnmpPduBulk();
bulkPdu.requestId = bdec.fetchInteger();
bulkPdu.nonRepeaters = bdec.fetchInteger();
bulkPdu.maxRepetitions = bdec.fetchInteger();
pdu = bulkPdu;
break;
case pduV1TrapPdu:
SnmpPduTrap trapPdu = new SnmpPduTrap();
trapPdu.enterprise = new SnmpOid(bdec.fetchOid());
byte[] b = bdec.fetchOctetString(SnmpValue.IpAddressTag);
if (b.length != 0) trapPdu.agentAddr = new SnmpIpAddress(b);
else trapPdu.agentAddr = null;
trapPdu.genericTrap = bdec.fetchInteger();
trapPdu.specificTrap = bdec.fetchInteger();
trapPdu.timeStamp = bdec.fetchInteger(SnmpValue.TimeticksTag);
pdu = trapPdu;
break;
default:
throw new SnmpStatusException(snmpRspWrongEncoding);
}
pdu.type = type;
pdu.varBindList = decodeVarBindList(bdec);
bdec.closeSequence();
} catch (BerException e) {
if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
SNMP_LOGGER.logp(
Level.FINEST, SnmpMessage.class.getName(), "decodeSnmpPdu", "BerException", e);
}
throw new SnmpStatusException(snmpRspWrongEncoding);
} catch (IllegalArgumentException e) {
// bug id 4654066
if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
SNMP_LOGGER.logp(
Level.FINEST,
SnmpMessage.class.getName(),
"decodeSnmpPdu",
"IllegalArgumentException",
e);
}
throw new SnmpStatusException(snmpRspWrongEncoding);
}
//
// The easy work
//
pdu.version = version;
pdu.community = community;
pdu.address = address;
pdu.port = port;
return pdu;
}
/** Converts the input configuration file into ACL. */
private void readAuthorizedListFile() {
alwaysAuthorized = false;
if (authorizedListFile == null) {
if (SNMP_LOGGER.isLoggable(Level.FINER)) {
SNMP_LOGGER.logp(
Level.FINER,
SnmpAcl.class.getName(),
"readAuthorizedListFile",
"alwaysAuthorized set to true");
}
alwaysAuthorized = true;
} else {
// Read the file content
Parser parser = null;
try {
parser = new Parser(new FileInputStream(getAuthorizedListFile()));
} catch (FileNotFoundException e) {
if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
SNMP_LOGGER.logp(
Level.FINEST,
SnmpAcl.class.getName(),
"readAuthorizedListFile",
"The specified file was not found, authorize everybody");
}
alwaysAuthorized = true;
return;
}
try {
JDMSecurityDefs n = parser.SecurityDefs();
n.buildAclEntries(owner, acl);
n.buildTrapEntries(trapDestList);
n.buildInformEntries(informDestList);
} catch (ParseException e) {
if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
SNMP_LOGGER.logp(
Level.FINEST,
SnmpAcl.class.getName(),
"readAuthorizedListFile",
"Got parsing exception",
e);
}
throw new IllegalArgumentException(e.getMessage());
} catch (Error err) {
if (SNMP_LOGGER.isLoggable(Level.FINEST)) {
SNMP_LOGGER.logp(
Level.FINEST,
SnmpAcl.class.getName(),
"readAuthorizedListFile",
"Got unexpected error",
err);
}
throw new IllegalArgumentException(err.getMessage());
}
for (Enumeration<AclEntry> e = acl.entries(); e.hasMoreElements(); ) {
AclEntryImpl aa = (AclEntryImpl) e.nextElement();
if (SNMP_LOGGER.isLoggable(Level.FINER)) {
SNMP_LOGGER.logp(
Level.FINER,
SnmpAcl.class.getName(),
"readAuthorizedListFile",
"===> " + aa.getPrincipal().toString());
}
for (Enumeration<java.security.acl.Permission> eee = aa.permissions();
eee.hasMoreElements(); ) {
java.security.acl.Permission perm = eee.nextElement();
if (SNMP_LOGGER.isLoggable(Level.FINER)) {
SNMP_LOGGER.logp(
Level.FINER, SnmpAcl.class.getName(), "readAuthorizedListFile", "perm = " + perm);
}
}
}
}
}
