protected Cookie toServletCookie(org.apache.commons.httpclient.Cookie commonsCookie) {
Cookie cookie = new Cookie(commonsCookie.getName(), commonsCookie.getValue());
String domain = commonsCookie.getDomain();
if (Validator.isNotNull(domain)) {
cookie.setDomain(domain);
}
Date expiryDate = commonsCookie.getExpiryDate();
if (expiryDate != null) {
int maxAge = (int) (expiryDate.getTime() - System.currentTimeMillis());
maxAge = maxAge / 1000;
if (maxAge > -1) {
cookie.setMaxAge(maxAge);
}
}
String path = commonsCookie.getPath();
if (Validator.isNotNull(path)) {
cookie.setPath(path);
}
cookie.setSecure(commonsCookie.getSecure());
cookie.setVersion(commonsCookie.getVersion());
return cookie;
}
/* ------------------------------------------------------------ */
protected void onResponseHeader(Buffer name, Buffer value) throws IOException {
super.onResponseHeader(name, value);
if (HttpHeaders.CACHE.getOrdinal(name) == HttpHeaders.SET_COOKIE_ORDINAL) {
String cname = null;
String cvalue = null;
QuotedStringTokenizer tok = new QuotedStringTokenizer(value.toString(), "=;", false, false);
tok.setSingle(false);
if (tok.hasMoreElements()) cname = tok.nextToken();
if (tok.hasMoreElements()) cvalue = tok.nextToken();
Cookie cookie = new Cookie(cname, cvalue);
while (tok.hasMoreTokens()) {
String token = tok.nextToken();
if ("Version".equalsIgnoreCase(token))
cookie.setVersion(Integer.parseInt(tok.nextToken()));
else if ("Comment".equalsIgnoreCase(token)) cookie.setComment(tok.nextToken());
else if ("Path".equalsIgnoreCase(token)) cookie.setPath(tok.nextToken());
else if ("Domain".equalsIgnoreCase(token)) cookie.setDomain(tok.nextToken());
else if ("Expires".equalsIgnoreCase(token)) {
tok.nextToken();
// TODO
} else if ("Max-Age".equalsIgnoreCase(token)) {
tok.nextToken();
// TODO
} else if ("Secure".equalsIgnoreCase(token)) cookie.setSecure(true);
}
BayeuxClient.this.setCookie(cookie);
}
}
public static void addCookie(
HttpServletRequest request, HttpServletResponse response, Cookie cookie, boolean secure) {
if (!_SESSION_ENABLE_PERSISTENT_COOKIES || _TCK_URL) {
return;
}
// LEP-5175
String name = cookie.getName();
String originalValue = cookie.getValue();
String encodedValue = originalValue;
if (isEncodedCookie(name)) {
encodedValue = UnicodeFormatter.bytesToHex(originalValue.getBytes());
if (_log.isDebugEnabled()) {
_log.debug("Add encoded cookie " + name);
_log.debug("Original value " + originalValue);
_log.debug("Hex encoded value " + encodedValue);
}
}
cookie.setSecure(secure);
cookie.setValue(encodedValue);
cookie.setVersion(0);
// Setting a cookie will cause the TCK to lose its ability to track
// sessions
response.addCookie(cookie);
}
/**
* Sets a cookie according to request parameters
*
* @param request
* @param response
*/
public void setCookie(HttpServletRequest request, HttpServletResponse response) {
// Set obligatory cookie data
final String cookieName = request.getParameter("name");
final String cookieValue = request.getParameter("value");
javax.servlet.http.Cookie cookie = new javax.servlet.http.Cookie(cookieName, cookieValue);
// Optional data is set only when given in request
final String comment = request.getParameter("comment");
if (comment != null) {
cookie.setComment(comment);
}
final String domain = request.getParameter("domain");
if (domain != null) {
cookie.setDomain(domain);
}
final String maxAge = request.getParameter("max-age");
if (maxAge != null) {
cookie.setMaxAge(Integer.parseInt(maxAge));
}
final String path = request.getParameter("path");
if (path != null) {
cookie.setPath(path);
}
final String secure = request.getParameter("secure");
if (secure != null) {
cookie.setSecure(Boolean.parseBoolean(secure));
}
final String version = request.getParameter("cookie-version");
if (version != null) {
cookie.setVersion(Integer.parseInt(version));
}
response.addCookie(cookie);
}
@Override
public Cookie deserialize(JsonParser jp, DeserializationContext ctxt)
throws IOException, JsonProcessingException {
ObjectMapper mapper = (ObjectMapper) jp.getCodec();
JsonNode jsonNode = mapper.readTree(jp);
Cookie cookie =
new Cookie(
readJsonNode(jsonNode, "name").asText(), readJsonNode(jsonNode, "value").asText());
cookie.setComment(readJsonNode(jsonNode, "comment").asText());
cookie.setDomain(readJsonNode(jsonNode, "domain").asText());
cookie.setMaxAge(readJsonNode(jsonNode, "maxAge").asInt(-1));
cookie.setSecure(readJsonNode(jsonNode, "secure").asBoolean());
cookie.setVersion(readJsonNode(jsonNode, "version").asInt());
cookie.setPath(readJsonNode(jsonNode, "path").asText());
cookie.setHttpOnly(readJsonNode(jsonNode, "httpOnly").asBoolean());
return cookie;
}
/**
* Adds an IdP session cookie to the outbound response.
*
* @param httpRequest current request
* @param httpResponse current response
* @param userSession user's session
*/
protected void addSessionCookie(
HttpServletRequest httpRequest, HttpServletResponse httpResponse, Session userSession) {
httpRequest.setAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE, userSession);
byte[] remoteAddress = httpRequest.getRemoteAddr().getBytes();
byte[] sessionId = userSession.getSessionID().getBytes();
String signature = null;
try {
MessageDigest digester = MessageDigest.getInstance("SHA");
digester.update(userSession.getSessionSecret());
digester.update(remoteAddress);
digester.update(sessionId);
signature = Base64.encodeBytes(digester.digest());
} catch (GeneralSecurityException e) {
LOG.error("Unable to compute signature over session cookie material", e);
}
LOG.debug("Adding IdP session cookie to HTTP response");
StringBuilder cookieValue = new StringBuilder();
cookieValue.append(Base64.encodeBytes(remoteAddress, Base64.DONT_BREAK_LINES)).append("|");
cookieValue.append(Base64.encodeBytes(sessionId, Base64.DONT_BREAK_LINES)).append("|");
cookieValue.append(signature);
String cookieDomain = HttpServletHelper.getCookieDomain(context);
Cookie sessionCookie =
new Cookie(IDP_SESSION_COOKIE_NAME, HTTPTransportUtils.urlEncode(cookieValue.toString()));
sessionCookie.setVersion(1);
if (cookieDomain != null) {
sessionCookie.setDomain(cookieDomain);
}
sessionCookie.setPath(
"".equals(httpRequest.getContextPath()) ? "/" : httpRequest.getContextPath());
sessionCookie.setSecure(httpRequest.isSecure());
httpResponse.addCookie(sessionCookie);
}
@Override
public void setVersion(final int version) {
cookie.setVersion(version);
}
public void addCookie(String cookieName, String cookieValue, int age) {
Cookie cookie = new Cookie(cookieName, cookieValue);
cookie.setVersion(1);
cookie.setMaxAge(age);
this.response.addCookie(cookie);
}
/**
* Sets the version of the cookie protocol this cookie complies with. Version 0 complies with the
* original Netscape cookie specification. Version 1 complies with RFC 2109.
*
* <p>Since RFC 2109 is still somewhat new, consider version 1 as experimental; do not use it yet
* on production sites.
*
* @param v 0 if the cookie should comply with the original Netscape specification; 1 if the
* cookie should comply with RFC 2109
* @see #getVersion
*/
@Override
public void setVersion(int v) {
wrappedCookie.setVersion(v);
}
public void setVersion(int version) {
cookie.setVersion(version);
}
