/** * Performs RFC 2109 compliant {@link Cookie} validation * * @param host the host from which the {@link Cookie} was received * @param port the port from which the {@link Cookie} was received * @param path the path from which the {@link Cookie} was received * @param secure <tt>true</tt> when the {@link Cookie} was received using a secure connection * @param cookie The cookie to validate * @throws MalformedCookieException if an exception occurs during validation */ public void validate(String host, int port, String path, boolean secure, final Cookie cookie) throws MalformedCookieException { LOG.trace("enter RFC2109Spec.validate(String, int, String, " + "boolean, Cookie)"); // Perform generic validation super.validate(host, port, path, secure, cookie); // Perform RFC 2109 specific validation if (cookie.getName().indexOf(' ') != -1) { throw new MalformedCookieException("Cookie name may not contain blanks"); } if (cookie.getName().startsWith("$")) { throw new MalformedCookieException("Cookie name may not start with $"); } if (cookie.isDomainAttributeSpecified() && (!cookie.getDomain().equals(host))) { // domain must start with dot if (!cookie.getDomain().startsWith(".")) { throw new MalformedCookieException( "Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: domain must start with a dot"); } // domain must have at least one embedded dot int dotIndex = cookie.getDomain().indexOf('.', 1); if (dotIndex < 0 || dotIndex == cookie.getDomain().length() - 1) { throw new MalformedCookieException( "Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: domain must contain an embedded dot"); } host = host.toLowerCase(); if (!host.endsWith(cookie.getDomain())) { throw new MalformedCookieException( "Illegal domain attribute \"" + cookie.getDomain() + "\". Domain of origin: \"" + host + "\""); } // host minus domain may not contain any dots String hostWithoutDomain = host.substring(0, host.length() - cookie.getDomain().length()); if (hostWithoutDomain.indexOf('.') != -1) { throw new MalformedCookieException( "Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: host minus domain may not contain any dots"); } } }
/** * Parse RFC 2109 specific cookie attribute and update the corresponsing {@link Cookie} * properties. * * @param attribute {@link NameValuePair} cookie attribute from the <tt>Set- Cookie</tt> * @param cookie {@link Cookie} to be updated * @throws MalformedCookieException if an exception occurs during parsing */ public void parseAttribute(final NameValuePair attribute, final Cookie cookie) throws MalformedCookieException { if (attribute == null) { throw new IllegalArgumentException("Attribute may not be null."); } if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null."); } final String paramName = attribute.getName().toLowerCase(); final String paramValue = attribute.getValue(); if (paramName.equals("path")) { if (paramValue == null) { throw new MalformedCookieException("Missing value for path attribute"); } if (paramValue.trim().equals("")) { throw new MalformedCookieException("Blank value for path attribute"); } cookie.setPath(paramValue); cookie.setPathAttributeSpecified(true); } else if (paramName.equals("version")) { if (paramValue == null) { throw new MalformedCookieException("Missing value for version attribute"); } try { cookie.setVersion(Integer.parseInt(paramValue)); } catch (NumberFormatException e) { throw new MalformedCookieException("Invalid version: " + e.getMessage()); } } else { super.parseAttribute(attribute, cookie); } }