/**
* Performs RFC 2109 compliant {@link Cookie} validation
*
* @param host the host from which the {@link Cookie} was received
* @param port the port from which the {@link Cookie} was received
* @param path the path from which the {@link Cookie} was received
* @param secure <tt>true</tt> when the {@link Cookie} was received using a secure connection
* @param cookie The cookie to validate
* @throws MalformedCookieException if an exception occurs during validation
*/
public void validate(String host, int port, String path, boolean secure, final Cookie cookie)
throws MalformedCookieException {
LOG.trace("enter RFC2109Spec.validate(String, int, String, " + "boolean, Cookie)");
// Perform generic validation
super.validate(host, port, path, secure, cookie);
// Perform RFC 2109 specific validation
if (cookie.getName().indexOf(' ') != -1) {
throw new MalformedCookieException("Cookie name may not contain blanks");
}
if (cookie.getName().startsWith("$")) {
throw new MalformedCookieException("Cookie name may not start with $");
}
if (cookie.isDomainAttributeSpecified() && (!cookie.getDomain().equals(host))) {
// domain must start with dot
if (!cookie.getDomain().startsWith(".")) {
throw new MalformedCookieException(
"Domain attribute \""
+ cookie.getDomain()
+ "\" violates RFC 2109: domain must start with a dot");
}
// domain must have at least one embedded dot
int dotIndex = cookie.getDomain().indexOf('.', 1);
if (dotIndex < 0 || dotIndex == cookie.getDomain().length() - 1) {
throw new MalformedCookieException(
"Domain attribute \""
+ cookie.getDomain()
+ "\" violates RFC 2109: domain must contain an embedded dot");
}
host = host.toLowerCase();
if (!host.endsWith(cookie.getDomain())) {
throw new MalformedCookieException(
"Illegal domain attribute \""
+ cookie.getDomain()
+ "\". Domain of origin: \""
+ host
+ "\"");
}
// host minus domain may not contain any dots
String hostWithoutDomain = host.substring(0, host.length() - cookie.getDomain().length());
if (hostWithoutDomain.indexOf('.') != -1) {
throw new MalformedCookieException(
"Domain attribute \""
+ cookie.getDomain()
+ "\" violates RFC 2109: host minus domain may not contain any dots");
}
}
}
/**
* Parse RFC 2109 specific cookie attribute and update the corresponsing {@link Cookie}
* properties.
*
* @param attribute {@link NameValuePair} cookie attribute from the <tt>Set- Cookie</tt>
* @param cookie {@link Cookie} to be updated
* @throws MalformedCookieException if an exception occurs during parsing
*/
public void parseAttribute(final NameValuePair attribute, final Cookie cookie)
throws MalformedCookieException {
if (attribute == null) {
throw new IllegalArgumentException("Attribute may not be null.");
}
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null.");
}
final String paramName = attribute.getName().toLowerCase();
final String paramValue = attribute.getValue();
if (paramName.equals("path")) {
if (paramValue == null) {
throw new MalformedCookieException("Missing value for path attribute");
}
if (paramValue.trim().equals("")) {
throw new MalformedCookieException("Blank value for path attribute");
}
cookie.setPath(paramValue);
cookie.setPathAttributeSpecified(true);
} else if (paramName.equals("version")) {
if (paramValue == null) {
throw new MalformedCookieException("Missing value for version attribute");
}
try {
cookie.setVersion(Integer.parseInt(paramValue));
} catch (NumberFormatException e) {
throw new MalformedCookieException("Invalid version: " + e.getMessage());
}
} else {
super.parseAttribute(attribute, cookie);
}
}
