/**
* Validate cookie path attribute. The value for the Path attribute must be a prefix of the
* request-URI (case-sensitive matching).
*/
public void validate(final Cookie cookie, final CookieOrigin origin)
throws MalformedCookieException {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (origin == null) {
throw new IllegalArgumentException("Cookie origin may not be null");
}
String path = origin.getPath();
if (path == null) {
throw new IllegalArgumentException("Path of origin host may not be null.");
}
if (cookie.getPath() == null) {
throw new MalformedCookieException("Invalid cookie state: " + "path attribute is null.");
}
if (path.trim().equals("")) {
path = PATH_DELIM;
}
if (!pathMatch(path, cookie.getPath())) {
throw new MalformedCookieException(
"Illegal path attribute \""
+ cookie.getPath()
+ "\". Path of origin: \""
+ path
+ "\"");
}
}
/** Parse cookie path attribute. */
public void parse(final Cookie cookie, final String path) throws MalformedCookieException {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (path == null) {
throw new MalformedCookieException("Missing value for path attribute");
}
if (path.trim().equals("")) {
throw new MalformedCookieException("Blank value for path attribute");
}
cookie.setPath(path);
cookie.setPathAttributeSpecified(true);
}
public boolean match(final Cookie cookie, final CookieOrigin origin) {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (origin == null) {
throw new IllegalArgumentException("Cookie origin may not be null");
}
return cookie.getSecure() == origin.isSecure();
}
/**
* Match cookie path attribute. The value for the Path attribute must be a prefix of the
* request-URI (case-sensitive matching).
*/
public boolean match(final Cookie cookie, final CookieOrigin origin) {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (origin == null) {
throw new IllegalArgumentException("Cookie origin may not be null");
}
String path = origin.getPath();
if (cookie.getPath() == null) {
LOG.warn("Invalid cookie state: path attribute is null.");
return false;
}
if (path.trim().equals("")) {
path = PATH_DELIM;
}
if (!pathMatch(path, cookie.getPath())) {
return false;
}
return true;
}
/**
* Create a RFC 2965 compliant <tt>"Cookie"</tt> header value containing all {@link
* edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Cookie}s suitable for
* sending in a <tt>"Cookie"</tt> header
*
* @param cookies an array of {@link
* edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Cookie}s to be
* formatted
* @return a string suitable for sending in a Cookie header.
*/
public String formatCookies(final Cookie[] cookies) {
LOG.trace("enter RFC2965Spec.formatCookieHeader(Cookie[])");
if (cookies == null) {
throw new IllegalArgumentException("Cookies may not be null");
}
// check if cookies array contains a set-cookie (old style) cookie
boolean hasOldStyleCookie = false;
int version = -1;
for (int i = 0; i < cookies.length; i++) {
Cookie cookie = cookies[i];
if (!(cookie instanceof Cookie2)) {
hasOldStyleCookie = true;
break;
}
if (cookie.getVersion() > version) {
version = cookie.getVersion();
}
}
if (version < 0) {
version = 0;
}
if (hasOldStyleCookie || version < 1) {
// delegate old-style cookie formatting to rfc2109Spec
return this.rfc2109.formatCookies(cookies);
}
// Arrange cookies by path
Arrays.sort(cookies, PATH_COMPOARATOR);
final StringBuffer buffer = new StringBuffer();
// format cookie version
this.formatter.format(buffer, new NameValuePair("$Version", Integer.toString(version)));
for (int i = 0; i < cookies.length; i++) {
buffer.append("; ");
Cookie2 cookie = (Cookie2) cookies[i];
// format cookie attributes
doFormatCookie2(cookie, buffer);
}
return buffer.toString();
}
/** Parse cookie domain attribute. */
public void parse(final Cookie cookie, String domain) throws MalformedCookieException {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (domain == null) {
throw new MalformedCookieException("Missing value for domain attribute");
}
if (domain.trim().equals("")) {
throw new MalformedCookieException("Blank value for domain attribute");
}
domain = domain.toLowerCase();
if (!domain.startsWith(".")) {
// Per RFC 2965 section 3.2.2
// "... If an explicitly specified value does not start with
// a dot, the user agent supplies a leading dot ..."
// That effectively implies that the domain attribute
// MAY NOT be an IP address of a host name
domain = "." + domain;
}
cookie.setDomain(domain);
cookie.setDomainAttributeSpecified(true);
}
/**
* Performs RFC 2965 compliant {@link
* edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Cookie} validation
*
* @param host the host from which the {@link
* edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Cookie} was
* received
* @param port the port from which the {@link
* edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Cookie} was
* received
* @param path the path from which the {@link
* edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Cookie} was
* received
* @param secure <tt>true</tt> when the {@link
* edu.internet2.middleware.grouperClientExt.org.apache.commons.httpclient.Cookie} was
* received using a secure connection
* @param cookie The cookie to validate
* @throws MalformedCookieException if an exception occurs during validation
*/
public void validate(
final String host, int port, final String path, boolean secure, final Cookie cookie)
throws MalformedCookieException {
LOG.trace("enter RFC2965Spec.validate(String, int, String, " + "boolean, Cookie)");
if (cookie instanceof Cookie2) {
if (cookie.getName().indexOf(' ') != -1) {
throw new MalformedCookieException("Cookie name may not contain blanks");
}
if (cookie.getName().startsWith("$")) {
throw new MalformedCookieException("Cookie name may not start with $");
}
CookieOrigin origin = new CookieOrigin(getEffectiveHost(host), port, path, secure);
for (Iterator i = getAttribHandlerIterator(); i.hasNext(); ) {
CookieAttributeHandler handler = (CookieAttributeHandler) i.next();
handler.validate(cookie, origin);
}
} else {
// old-style cookies are validated according to the old rules
this.rfc2109.validate(host, port, path, secure, cookie);
}
}
/**
* Return <tt>true</tt> if the cookie should be submitted with a request with given attributes,
* <tt>false</tt> otherwise.
*
* @param host the host to which the request is being submitted
* @param port the port to which the request is being submitted (ignored)
* @param path the path to which the request is being submitted
* @param secure <tt>true</tt> if the request is using a secure connection
* @return true if the cookie matches the criterium
*/
public boolean match(String host, int port, String path, boolean secure, final Cookie cookie) {
LOG.trace("enter RFC2965.match(" + "String, int, String, boolean, Cookie");
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (cookie instanceof Cookie2) {
// check if cookie has expired
if (cookie.isPersistent() && cookie.isExpired()) {
return false;
}
CookieOrigin origin = new CookieOrigin(getEffectiveHost(host), port, path, secure);
for (Iterator i = getAttribHandlerIterator(); i.hasNext(); ) {
CookieAttributeHandler handler = (CookieAttributeHandler) i.next();
if (!handler.match(cookie, origin)) {
return false;
}
}
return true;
} else {
// old-style cookies are matched according to the old rules
return this.rfc2109.match(host, port, path, secure, cookie);
}
}
/** Parse cookie max-age attribute. */
public void parse(final Cookie cookie, final String value) throws MalformedCookieException {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (value == null) {
throw new MalformedCookieException("Missing value for max-age attribute");
}
int age = -1;
try {
age = Integer.parseInt(value);
} catch (NumberFormatException e) {
age = -1;
}
if (age < 0) {
throw new MalformedCookieException("Invalid max-age attribute.");
}
cookie.setExpiryDate(new Date(System.currentTimeMillis() + age * 1000L));
}
/** Match cookie domain attribute. */
public boolean match(final Cookie cookie, final CookieOrigin origin) {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (origin == null) {
throw new IllegalArgumentException("Cookie origin may not be null");
}
String host = origin.getHost().toLowerCase();
String cookieDomain = cookie.getDomain();
// The effective host name MUST domain-match the Domain
// attribute of the cookie.
if (!domainMatch(host, cookieDomain)) {
return false;
}
// effective host name minus domain must not contain any dots
String effectiveHostWithoutDomain = host.substring(0, host.length() - cookieDomain.length());
if (effectiveHostWithoutDomain.indexOf('.') != -1) {
return false;
}
return true;
}
public void parse(final Cookie cookie, final String comment) throws MalformedCookieException {
cookie.setComment(comment);
}
public void parse(final Cookie cookie, final String secure) throws MalformedCookieException {
cookie.setSecure(true);
}
/** Validate cookie domain attribute. */
public void validate(final Cookie cookie, final CookieOrigin origin)
throws MalformedCookieException {
if (cookie == null) {
throw new IllegalArgumentException("Cookie may not be null");
}
if (origin == null) {
throw new IllegalArgumentException("Cookie origin may not be null");
}
String host = origin.getHost().toLowerCase();
if (cookie.getDomain() == null) {
throw new MalformedCookieException("Invalid cookie state: " + "domain not specified");
}
String cookieDomain = cookie.getDomain().toLowerCase();
if (cookie.isDomainAttributeSpecified()) {
// Domain attribute must start with a dot
if (!cookieDomain.startsWith(".")) {
throw new MalformedCookieException(
"Domain attribute \""
+ cookie.getDomain()
+ "\" violates RFC 2109: domain must start with a dot");
}
// Domain attribute must contain atleast one embedded dot,
// or the value must be equal to .local.
int dotIndex = cookieDomain.indexOf('.', 1);
if (((dotIndex < 0) || (dotIndex == cookieDomain.length() - 1))
&& (!cookieDomain.equals(".local"))) {
throw new MalformedCookieException(
"Domain attribute \""
+ cookie.getDomain()
+ "\" violates RFC 2965: the value contains no embedded dots "
+ "and the value is not .local");
}
// The effective host name must domain-match domain attribute.
if (!domainMatch(host, cookieDomain)) {
throw new MalformedCookieException(
"Domain attribute \""
+ cookie.getDomain()
+ "\" violates RFC 2965: effective host name does not "
+ "domain-match domain attribute.");
}
// effective host name minus domain must not contain any dots
String effectiveHostWithoutDomain =
host.substring(0, host.length() - cookieDomain.length());
if (effectiveHostWithoutDomain.indexOf('.') != -1) {
throw new MalformedCookieException(
"Domain attribute \""
+ cookie.getDomain()
+ "\" violates RFC 2965: "
+ "effective host minus domain may not contain any dots");
}
} else {
// Domain was not specified in header. In this case, domain must
// string match request host (case-insensitive).
if (!cookie.getDomain().equals(host)) {
throw new MalformedCookieException(
"Illegal domain attribute: \""
+ cookie.getDomain()
+ "\"."
+ "Domain of origin: \""
+ host
+ "\"");
}
}
}