firewall_objects/ip/

network.rs

//! Network entity definitions: hosts, CIDRs, ranges, and FQDNs.

use ipnet::IpNet;
use std::cmp::Ordering;
use std::collections::BTreeSet;
use std::fmt;
use std::hash::{Hash, Hasher};
use std::net::IpAddr;
use std::str::FromStr;

use crate::ip::fqdn::Fqdn;
use crate::ip::range::IpRange;

#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord, Hash)]
pub enum Network {
    Host(IpAddr),
    Network(IpNet),
    Range(IpRange),
    Fqdn(Fqdn),
}

impl FromStr for Network {
    type Err = String;

    /// Create a `Network` enum from a string.
    ///
    /// ```rust
    /// use std::str::FromStr;
    /// use firewall_objects::ip::network::Network;
    ///
    /// let network = Network::from_str("192.0.2.0/24").unwrap();
    /// assert!(matches!(network, Network::Network(_)));
    /// ```
    fn from_str(s: &str) -> Result<Self, Self::Err> {
        Network::new(s)
    }
}

impl fmt::Display for Network {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Network::Host(ip) => write!(f, "{}", ip),
            Network::Network(net) => write!(f, "{}", net),
            Network::Range(r) => write!(f, "{}", r),
            Network::Fqdn(d) => write!(f, "{}", d),
        }
    }
}

impl Network {
    /// Create a `Network` from a string.
    ///
    /// Detection order:
    /// 1) Host IP
    /// 2) CIDR network
    /// 3) IP range
    /// 4) FQDN
    ///
    /// # Examples
    ///
    /// Parse a host address:
    /// ```rust
    /// use firewall_objects::ip::network::Network;
    ///
    /// let n = Network::new("192.0.2.10").unwrap();
    /// assert!(matches!(n, Network::Host(_)));
    /// ```
    ///
    /// Parse a CIDR network:
    /// ```rust
    /// use firewall_objects::ip::network::Network;
    ///
    /// let n = Network::new("192.0.2.0/24").unwrap();
    /// assert!(matches!(n, Network::Network(_)));
    /// ```
    ///
    /// Parse an IP range:
    /// ```rust
    /// use firewall_objects::ip::network::Network;
    ///
    /// let n = Network::new("192.0.2.50 - 192.0.2.100").unwrap();
    /// assert!(matches!(n, Network::Range(_)));
    /// ```
    ///
    /// Parse an FQDN:
    /// ```rust
    /// use firewall_objects::ip::network::Network;
    ///
    /// let n = Network::new("www.example.com").unwrap();
    /// assert!(matches!(n, Network::Fqdn(_)));
    /// ```
    ///
    /// # Errors
    /// Return `Err` if the input cannot be parsed as a valid network value.
    pub fn new(input: &str) -> Result<Self, String> {
        let s = input.trim();

        if s.is_empty() {
            return Err("network value cannot be empty".into());
        }

        /* 1) Host IP */
        if let Ok(ip) = s.parse::<IpAddr>() {
            return Ok(Network::Host(ip));
        }

        /* 2) CIDR */
        if let Ok(net) = s.parse::<IpNet>() {
            return Ok(Network::Network(net));
        }

        /* 3) Range (start-end) */
        if s.contains('-')
            && let Ok(range) = IpRange::parse(s)
        {
            return Ok(Network::Range(range));
        }

        /* 4) FQDN */
        if let Ok(fqdn) = Fqdn::new(s) {
            return Ok(Network::Fqdn(fqdn));
        }

        Err(format!("invalid network value: {input}"))
    }
}

impl fmt::Display for NetworkObj {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "{}={}", self.name, self.value)
    }
}

/// Network entity with a name and its associated value.
///
/// # Attributes
///
/// * `name`:
///   A `String` representing the name of the network object. This name is used to identify the network entity.
///
/// * `value`:
///   A `Network` type representing the associated value or data for the network object. This field holds the core network-related data.
///
/// Equality, ordering, and hashing are implemented to consider **only** the `name`,
/// ensuring each object identifier remains unique inside a collection.
///
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[derive(Debug, Clone)]
pub struct NetworkObj {
    pub name: String,
    pub value: Network,
}

impl PartialEq for NetworkObj {
    fn eq(&self, other: &Self) -> bool {
        self.name.eq(&other.name)
    }
}

impl Eq for NetworkObj {}

impl PartialOrd for NetworkObj {
    fn partial_cmp(&self, other: &Self) -> Option<Ordering> {
        Some(self.cmp(other))
    }
}

impl Ord for NetworkObj {
    fn cmp(&self, other: &Self) -> Ordering {
        self.name.cmp(&other.name)
    }
}

impl Hash for NetworkObj {
    fn hash<H: Hasher>(&self, state: &mut H) {
        self.name.hash(state);
    }
}

impl fmt::Display for NetworkObjGroup {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        writeln!(f, "{}:", self.name)?;
        for m in &self.value {
            writeln!(f, "  {}", m)?;
        }
        Ok(())
    }
}

impl NetworkObj {
    pub fn new(name: String, value: Network) -> Self {
        Self { name, value }
    }
}

impl TryFrom<(&str, &str)> for NetworkObj {
    type Error = String;

    fn try_from(v: (&str, &str)) -> Result<Self, Self::Error> {
        let (name, value) = v;
        Ok(Self::new(name.to_string(), Network::new(value)?))
    }
}

#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
#[derive(Debug, Clone, PartialEq, Eq, PartialOrd, Ord)]
pub struct NetworkObjGroup {
    pub name: String,
    pub value: BTreeSet<NetworkObj>,
}

impl NetworkObjGroup {
    /// Create a new group with basic validation.
    pub fn new(name: &str, value: BTreeSet<NetworkObj>) -> Result<Self, String> {
        let name = name.trim();

        if name.is_empty() {
            return Err("group name cannot be empty".into());
        }

        Ok(Self {
            name: name.to_string(),
            value,
        })
    }

    /// Add a network object to the group.
    pub fn add(&mut self, obj: NetworkObj) -> Result<(), String> {
        if self.value.iter().any(|existing| existing.name == obj.name) {
            return Err(format!(
                "network object name '{}' already exists in group '{}'",
                obj.name, self.name
            ));
        }

        self.value.insert(obj);
        Ok(())
    }

    /// Remove a network object from the group.
    pub fn remove(&mut self, obj: &NetworkObj) -> bool {
        self.value.remove(obj)
    }

    /// Number of members in the group.
    pub fn len(&self) -> usize {
        self.value.len()
    }

    /// Returns true if the group has no members.
    pub fn is_empty(&self) -> bool {
        self.value.is_empty()
    }

    /// Iterate over members in deterministic order.
    pub fn iter(&self) -> impl Iterator<Item = &NetworkObj> {
        self.value.iter()
    }
}

#[cfg(test)]
mod tests {
    use super::*;
    use std::collections::BTreeSet;
    use std::str::FromStr;

    #[test]
    fn network_parses_range_before_fqdn() {
        let n = Network::new("192.0.2.10 - 192.0.2.20").unwrap();
        assert!(matches!(n, Network::Range(_)));
    }

    #[test]
    fn network_parses_fqdn_with_dash() {
        let n = Network::new("dash-host.example.com").unwrap();
        assert!(matches!(n, Network::Fqdn(_)));
    }

    #[test]
    fn group_rejects_duplicate_names() {
        let mut group = NetworkObjGroup::new("critical", BTreeSet::new()).unwrap();
        group
            .add(NetworkObj::new(
                "db1".into(),
                Network::from_str("192.0.2.10").unwrap(),
            ))
            .unwrap();

        let err = group
            .add(NetworkObj::new(
                "db1".into(),
                Network::from_str("192.0.2.11").unwrap(),
            ))
            .unwrap_err();

        assert!(err.contains("db1"));
    }
}