Attachment 27694 Details for Bug 51953 – Alternative netmask class, using byte arrays

Alternative netmask class, using byte arrays

NetMask2.java (text/x-java), 3.97 KB, created by Francis Galiegue on 2011-10-05 09:22:33 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Francis Galiegue

Created: 2011-10-05 09:22:33 UTC

Size: 3.97 KB

patch

obsolete

>package org.apache.catalina.util;
>
>import java.math.BigInteger;
>import java.net.InetAddress;
>import java.net.UnknownHostException;
>
>/**
> * A class representing a netmask, which is at the core of this valve.
> *
> * <p>The constructor takes a {@link String} representing a
> * CIDR netmask as an argument and extracts two informations from it: the
> * network address and the CIDR. It then turns the address into a {@link
> * java.math.BigInteger}, calculates the right shift and shifts that
> * BigInteger by it.</p>
> * <p>The process to verify whether an IP address falls within the mask
> * is to also convert it to a BigInteger, shifting it right and comparing
> * it to the stored BigInteger.
> * </p>
> */
>
>public final class NetMask2
>{
>    /**
>     * The argument to the constructor, used for .toString()
>     */
>    private final String expression;
>
>    private byte[] netaddr;
>    private int nrBytes;
>    private int shift;
>
>    /**
>     * Constructor.
>     *
>     * @param input the CIDR netmask
>     * @throws IllegalArgumentException if the netmask is not correct
>     * (invalid address specification, malformed CIDR prefix, etc)
>     */
>    public NetMask2(final String input) {
>
>        expression = input;
>        shift = 0;
>
>        final int idx = input.indexOf("/");
>
>        /*
>         * Handle the "IP only" case first
>         */
>        if (idx == -1) {
>            try {
>                netaddr = InetAddress.getByName(input).getAddress();
>            } catch (UnknownHostException e) {
>                throw new IllegalArgumentException("provided address ("
>                    + input + ") is invalid");
>            }
>            nrBytes = netaddr.length;
>            return;
>        }
>
>        final String addressPart = input.substring(0, idx),
>            cidrPart = input.substring(idx + 1);
>
>        try {
>            netaddr = InetAddress.getByName(addressPart).getAddress();
>        } catch (UnknownHostException e) {
>            throw new IllegalArgumentException("provided address ("
>                + input + ") is invalid");
>        }
>
>        final int addrlen = netaddr.length * 8;
>        final int cidr;
>
>        try {
>            cidr = Integer.parseInt(cidrPart);
>            if (cidr < 0)
>                throw new NumberFormatException("CIDR is negative");
>            if (cidr > addrlen)
>                throw new NumberFormatException("CIDR is greater than address "
>                    + "length");
>        } catch (NumberFormatException e) {
>            throw new IllegalArgumentException("provided CIDR mask ("
>                + cidrPart + ") is invalid");
>        }
>
>        nrBytes = cidr / 8;
>
>        if ((cidr % 8) != 0)
>            shift = 8 - (cidr % 8);
>    }
>
>    /**
>     * Test if a given address matches this netmask
>     *
>     * @param addr The {@link java.net.InetAddress} to test
>     * @return true on match, false otherwise
>     */
>    public boolean matches (final InetAddress addr) {
>        final byte[] provided = addr.getAddress();
>
>        /*
>         * If address is of different length (IPv4 vs IPv6), there is no match
>         */
>
>        if (provided.length != netaddr.length)
>            return false;
>
>        int i;
>
>        /*
>         * If any of the byte we have to compare is different than the recorded
>         * network address, there is no match
>         */
>        for (i = 0; i < nrBytes; i++)
>            if (netaddr[i] != provided[i])
>                return false;
>
>        /*
>         * If the CIDR mask is at a byte boundary, we have a match here
>         */
>        if (shift == 0)
>            return true;
>
>        /*
>         * Otherwise, xor the nrBytes bytes of the network address and of
>         * the provided address -- it is faster than a minus...
>         */
>        final int lastByte = netaddr[i] ^ provided[i];
>
>        /*
>         * Then shift the result right by the appropriate amount: the result
>         * must be 0.
>         */
>        return (lastByte >> shift == 0);
>    }
>
>    @Override
>    public String toString() {
>        return expression;
>    }
>}

Actions: View

Attachments on bug 51953: 27686 | 27687 | 27688 | 27689 | 27691 | 27694 | 27726 | 27782