NetMaskSet.java
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina.util;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.tomcat.util.buf.StringUtils;
/**
* This class maintains a Set of NetMask objects and allows to check if a given IP address is matched by any of the
* NetMasks, making it easy to create Allow and Deny lists of CIDR networks and hosts.
*/
public class NetMaskSet {
private final Set<NetMask> netmasks = new HashSet<>();
/**
* Tests if the provided InetAddress matches any of the {@link NetMask}s in the set.
*
* @param inetAddress An InetAddress to check
*
* @return {@code true} if the passed inetAddress is matched by any of the {@link NetMask}s in the set
*/
public boolean contains(InetAddress inetAddress) {
for (NetMask nm : netmasks) {
if (nm.matches(inetAddress)) {
return true;
}
}
return false;
}
/**
* Tests if the provided IP address matches any of the {@link NetMask}s in the set.
*
* @param ipAddress an IP address to check
*
* @return {@code true} if the passed IP address is matched by any of the {@link NetMask}s in the set
*
* @throws UnknownHostException if the passed input is not a valid IP address
*/
public boolean contains(String ipAddress) throws UnknownHostException {
InetAddress inetAddress = InetAddress.getByName(ipAddress);
return this.contains(inetAddress);
}
/**
* Adds a NetMask object to the set if the set does not contain it
*
* @param netmask The NetMask to add
*
* @return true if the object was added
*/
public boolean add(NetMask netmask) {
return netmasks.add(netmask);
}
/**
* Creates a NetMask object from the input string and adds it to the set.
*
* @param input The string from which to construct the NetMask
*
* @return true if the object was added
*
* @throws IllegalArgumentException if the input is not a valid CIDR format.
*/
public boolean add(String input) {
NetMask netmask = new NetMask(input);
return netmasks.add(netmask);
}
/**
* removes all entries from the set
*/
public void clear() {
netmasks.clear();
}
/**
* Tests if the set is empty.
*
* @return {@code true} if the set is empty, otherwise {@code false}
*/
public boolean isEmpty() {
return netmasks.isEmpty();
}
/**
* Adds a {@link NetMask} list from a string input containing a comma-separated list of (hopefully valid)
* {@link NetMask}s.
*
* @param input The input string
*
* @return a list of processing error messages (empty when no errors)
*/
public List<String> addAll(String input) {
if (input == null || input.isEmpty()) {
return Collections.emptyList();
}
List<String> errMessages = new ArrayList<>();
for (String s : StringUtils.splitCommaSeparated(input)) {
try {
this.add(s);
} catch (IllegalArgumentException e) {
errMessages.add(s + ": " + e.getMessage());
}
}
return Collections.unmodifiableList(errMessages);
}
/**
* Provides a string representation of this NetMaskSet. The format of the String is not guaranteed to remain fixed.
*
* @return a comma separated list of the <code>NetMask</code>s in this set
*/
@Override
public String toString() {
String result = netmasks.toString();
// remove open and close brackets if exist
if (result.startsWith("[")) {
result = result.substring(1);
}
if (result.endsWith("]")) {
result = result.substring(0, result.length() - 1);
}
return result;
}
}