This is an automated email from the ASF dual-hosted git repository.
isapir pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 65551881bb Added NetMaskSet for future use in various filters
65551881bb is described below
commit 65551881bb64278d005930b7d376f1f6e69a85ef
Author: Igal Sapir <isa...@apache.org>
AuthorDate: Fri May 12 19:52:38 2023 -0700
Added NetMaskSet for future use in various filters
Logic extracted from RemoteCIDRValve and RemoteCIDRFilter which will
be refactored to use the new reusable object to reduce code duplication
and follow the DRY principle. Other filters will be able to utilize the new
reusable object as well.
---
java/org/apache/catalina/util/NetMask.java | 19 +++
java/org/apache/catalina/util/NetMaskSet.java | 147 ++++++++++++++++++++++
test/org/apache/catalina/util/TestNetMask.java | 10 ++
test/org/apache/catalina/util/TestNetMaskSet.java | 50 ++++++++
4 files changed, 226 insertions(+)
diff --git a/java/org/apache/catalina/util/NetMask.java
b/java/org/apache/catalina/util/NetMask.java
index bdad9f9de9..b97eee934f 100644
--- a/java/org/apache/catalina/util/NetMask.java
+++ b/java/org/apache/catalina/util/NetMask.java
@@ -18,6 +18,8 @@ package org.apache.catalina.util;
import java.net.InetAddress;
import java.net.UnknownHostException;
+import java.util.Arrays;
+import java.util.Objects;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
@@ -304,4 +306,21 @@ public final class NetMask {
public String toString() {
return expression;
}
+
+ @Override
+ public boolean equals(Object o) {
+ if (this == o) return true;
+ if (o == null || getClass() != o.getClass()) return false;
+ NetMask other = (NetMask) o;
+ return nrBytes == other.nrBytes &&
+ lastByteShift == other.lastByteShift &&
+ Arrays.equals(netaddr, other.netaddr);
+ }
+
+ @Override
+ public int hashCode() {
+ int result = 31 * Arrays.hashCode(netaddr) + lastByteShift;
+ return result;
+ }
+
}
diff --git a/java/org/apache/catalina/util/NetMaskSet.java
b/java/org/apache/catalina/util/NetMaskSet.java
new file mode 100644
index 0000000000..4e6b268b8e
--- /dev/null
+++ b/java/org/apache/catalina/util/NetMaskSet.java
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.util;
+
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+
+/**
+ * This class maintains a Set of NetMask objects and allows to check if
+ * a given IP address is matched by any of the NetMasks, making it easy
+ * to create Allow and Deny lists of CIDR networks and hosts.
+ */
+public class NetMaskSet {
+
+ private final Set<NetMask> netmasks = new HashSet<>();
+
+ /**
+ * returns true if the passed inetAddress is matched by any of the {@link
NetMask}s in the set
+ *
+ * @param inetAddress An InetAddress to check
+ * @return
+ */
+ public boolean contains(InetAddress inetAddress) {
+
+ for (NetMask nm : netmasks) {
+ if (nm.matches(inetAddress)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * returns true if the passed inetAddress is matched by any of the {@link
NetMask}s in the set
+ *
+ * @param ipAddress an IP address to check
+ * @return
+ *
+ * @throws UnknownHostException if the passed input is not a valid IP
address
+ */
+ public boolean contains(String ipAddress) throws UnknownHostException {
+
+ InetAddress inetAddress = InetAddress.getByName(ipAddress);
+ return this.contains(inetAddress);
+ }
+
+ /**
+ * adds a NetMask object to the set if the set does not contain it
+ *
+ * @param netmask
+ * @return true if the object was added
+ */
+ public boolean add(NetMask netmask) {
+ return netmasks.add(netmask);
+ }
+
+ /**
+ * creates a NetMask object from the input string and adds it to the set.
+ * throws UnknownHostException if the input is not a valid CIDR format.
+ *
+ * @param input
+ * @return true if the object was added
+ */
+ public boolean add(String input) {
+ NetMask netmask = new NetMask(input);
+ return netmasks.add(netmask);
+ }
+
+ /**
+ * removes all entries from the set
+ */
+ public void clear() {
+ netmasks.clear();
+ }
+
+ /**
+ * returns true if the set is empty
+ *
+ * @return
+ */
+ public boolean isEmpty() {
+ return netmasks.isEmpty();
+ }
+
+ /**
+ * Adds a {@link NetMask} list from a string input containing a
comma-separated list of (hopefully valid)
+ * {@link NetMask}s.
+ *
+ * @param input The input string
+ * @return a list of processing error messages (empty when no errors)
+ */
+ public List<String> addAll(String input) {
+
+ if (input == null || input.isEmpty()) {
+ return Collections.emptyList();
+ }
+
+ List<String> errMessages = new ArrayList<>();
+
+ for (String s : input.split("\\s*,\\s*")) {
+ try {
+ this.add(s);
+ } catch (IllegalArgumentException e) {
+ errMessages.add(s + ": " + e.getMessage());
+ }
+ }
+
+ return Collections.unmodifiableList(errMessages);
+ }
+
+ /**
+ * returns a comma separated list of the <code>NetMask</code>s in this set
+ *
+ * @return
+ */
+ @Override
+ public String toString() {
+
+ String result = netmasks.toString();
+
+ // remove the open and close brackets
+ return result.substring(1, result.length() -1);
+ }
+
+}
diff --git a/test/org/apache/catalina/util/TestNetMask.java
b/test/org/apache/catalina/util/TestNetMask.java
index b67ae545a6..423dae6a19 100644
--- a/test/org/apache/catalina/util/TestNetMask.java
+++ b/test/org/apache/catalina/util/TestNetMask.java
@@ -163,5 +163,15 @@ public final class TestNetMask {
}
Assert.assertEquals(mask, netMask.toString());
+
+ NetMask nm1, nm2, nm3;
+ nm1 = new NetMask("192.168.0.0/24");
+ nm2 = new NetMask("192.168.0.0/24");
+ nm3 = new NetMask("192.168.1.0/24");
+
+ Assert.assertEquals(nm1, nm2);
+ Assert.assertEquals(nm1.hashCode(), nm2.hashCode());
+
+ Assert.assertNotEquals(nm1, nm3);
}
}
diff --git a/test/org/apache/catalina/util/TestNetMaskSet.java
b/test/org/apache/catalina/util/TestNetMaskSet.java
new file mode 100644
index 0000000000..1c32f43458
--- /dev/null
+++ b/test/org/apache/catalina/util/TestNetMaskSet.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.util;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.net.UnknownHostException;
+
+public class TestNetMaskSet {
+
+ @Test
+ public void testNetMaskSet() throws UnknownHostException {
+
+ NetMaskSet nms = new NetMaskSet();
+ nms.addAll("192.168.0.0/24, 192.168.1.0/27, 192.168.2.2, 10.0.0.0/8");
+
+ Assert.assertTrue(nms.contains("192.168.0.5"));
+ Assert.assertTrue(nms.contains("192.168.0.255"));
+
+ Assert.assertTrue(nms.contains("192.168.1.0"));
+ Assert.assertTrue(nms.contains("192.168.1.1"));
+ Assert.assertTrue(nms.contains("192.168.1.31"));
+ Assert.assertFalse(nms.contains("192.168.1.32"));
+
+ Assert.assertTrue(nms.contains("192.168.2.2"));
+ Assert.assertFalse(nms.contains("192.168.2.1"));
+ Assert.assertFalse(nms.contains("192.168.2.3"));
+
+ Assert.assertTrue(nms.contains("10.10.10.10"));
+ Assert.assertTrue(nms.contains("10.20.30.40"));
+ Assert.assertFalse(nms.contains("9.10.10.10"));
+ Assert.assertFalse(nms.contains("11.10.10.10"));
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
