diff --git a/src/helma/util/InetAddressFilter.java b/src/helma/util/InetAddressFilter.java index a6a31c1f..1cdad82a 100644 --- a/src/helma/util/InetAddressFilter.java +++ b/src/helma/util/InetAddressFilter.java @@ -24,7 +24,7 @@ import java.util.*; * A class for paranoid servers to filter IP addresses. */ public class InetAddressFilter { - Vector patterns; + private Vector patterns; /** * Creates a new InetAddressFilter object. @@ -34,28 +34,56 @@ public class InetAddressFilter { } /** + * Addes an address template to the address filter. * + * @param address The string representation of the IP address, either version 4 or 6. * - * @param address ... - * - * @throws IOException ... + * @throws IOException if the parameter does not represent a valid IP address */ public void addAddress(String address) throws IOException { - int[] pattern = new int[4]; - StringTokenizer st = new StringTokenizer(address, "."); + boolean v6 = false; + String separator = "."; + int length = 4; + int loop = 4; - if (st.countTokens() != 4) { + // check if this is a v4 or v6 IP address + if (address.indexOf(":") > -1) { + v6 = true; + separator = ":."; + length = 16; + loop = 8; + } + + int[] pattern = new int[length]; + + StringTokenizer st = new StringTokenizer(address, separator); + + if (st.countTokens() != loop) { throw new IOException("\"" + address + "\" does not represent a valid IP address"); } - for (int i = 0; i < 4; i++) { + for (int i = 0; i < loop; i++) { String next = st.nextToken(); - if ("*".equals(next)) { - pattern[i] = 256; + if (v6) { + if ("*".equals(next)) { + pattern[i*2] = pattern[i*2+1] = 256; + } else if (next.length() == 0) { + pattern[i*2] = pattern[i*2+1] = 0; + } else if (next.length() <= 2) { + pattern[i*2] = 0; + pattern[i*2+1] = (byte) Integer.parseInt(next, 16); + } else { + pattern[i*2] = (byte) Integer.parseInt(next.substring(0,2), 16); + pattern[i*2+1] = (byte) Integer.parseInt(next.substring(2), 16); + } } else { - pattern[i] = (byte) Integer.parseInt(next); + if ("*".equals(next)) { + pattern[i] = 256; + } else { + pattern[i] = (byte) Integer.parseInt(next); + } } } @@ -63,11 +91,11 @@ public class InetAddressFilter { } /** + * Check if the given address matches any of our patterns * + * @param address the ip address to match * - * @param address ... - * - * @return ... + * @return true if we find a match */ public boolean matches(InetAddress address) { if (address == null) { @@ -85,13 +113,17 @@ public class InetAddressFilter { for (int k = 0; k < l; k++) { int[] pattern = (int[]) patterns.elementAt(k); - for (int i = 0; i < 4; i++) { - if ((pattern[i] < 255) && (pattern[i] != add[i])) { // not wildcard and doesn't match + // is the address different version than pattern? + if (pattern.length != add.length) + continue; + for (int i = 0; i < add.length; i++) { + if ((pattern[i] < 255) && (pattern[i] != add[i])) { + // not wildcard and doesn't match break; } - if (i == 3) { + if (i == add.length-1) { return true; } }