001: /*
002: * $Header$
003: * $Revision: 4672 $
004: * $Date: 2006-09-27 00:03:16 +0000 (Wed, 27 Sep 2006) $
005: *
006: * ====================================================================
007: *
008: * Copyright 2002-2004 The Apache Software Foundation
009: *
010: * Licensed under the Apache License, Version 2.0 (the "License");
011: * you may not use this file except in compliance with the License.
012: * You may obtain a copy of the License at
013: *
014: * http://www.apache.org/licenses/LICENSE-2.0
015: *
016: * Unless required by applicable law or agreed to in writing, software
017: * distributed under the License is distributed on an "AS IS" BASIS,
018: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
019: * See the License for the specific language governing permissions and
020: * limitations under the License.
021: * ====================================================================
022: *
023: * This software consists of voluntary contributions made by many
024: * individuals on behalf of the Apache Software Foundation. For more
025: * information on the Apache Software Foundation, please see
026: * <http://www.apache.org/>.
027: *
028: */
029:
030: package org.apache.commons.httpclient.cookie;
031:
032: import java.util.Collection;
033: import java.util.Date;
034: import java.util.Iterator;
035: import java.util.LinkedList;
036: import java.util.List;
037: import java.util.SortedMap;
038:
039: import org.apache.commons.httpclient.Cookie;
040: import org.apache.commons.httpclient.Header;
041: import org.apache.commons.httpclient.HeaderElement;
042: import org.apache.commons.httpclient.NameValuePair;
043: import org.apache.commons.httpclient.util.DateParseException;
044: import org.apache.commons.httpclient.util.DateUtil;
045: import org.apache.commons.logging.Log;
046: import org.apache.commons.logging.LogFactory;
047:
048: import com.sleepycat.collections.StoredIterator;
049:
050: /**
051: *
052: * Cookie management functions shared by all specification.
053: *
054: * @author B.C. Holmes
055: * @author <a href="mailto:jericho@thinkfree.com">Park, Sung-Gu</a>
056: * @author <a href="mailto:dsale@us.britannica.com">Doug Sale</a>
057: * @author Rod Waldhoff
058: * @author dIon Gillard
059: * @author Sean C. Sullivan
060: * @author <a href="mailto:JEvans@Cyveillance.com">John Evans</a>
061: * @author Marc A. Saegesser
062: * @author <a href="mailto:oleg@ural.ru">Oleg Kalnichevski</a>
063: * @author <a href="mailto:mbowler@GargoyleSoftware.com">Mike Bowler</a>
064: *
065: * @since 2.0
066: */
067: @SuppressWarnings("unchecked")
068: public class CookieSpecBase implements CookieSpec {
069:
070: /** Log object */
071: protected static final Log LOG = LogFactory
072: .getLog(CookieSpec.class);
073:
074: /** Valid date patterns */
075: private Collection datepatterns = null;
076:
077: /** Default constructor */
078: public CookieSpecBase() {
079: super ();
080: }
081:
082: /**
083: * Parses the Set-Cookie value into an array of <tt>Cookie</tt>s.
084: *
085: * <P>The syntax for the Set-Cookie response header is:
086: *
087: * <PRE>
088: * set-cookie = "Set-Cookie:" cookies
089: * cookies = 1#cookie
090: * cookie = NAME "=" VALUE * (";" cookie-av)
091: * NAME = attr
092: * VALUE = value
093: * cookie-av = "Comment" "=" value
094: * | "Domain" "=" value
095: * | "Max-Age" "=" value
096: * | "Path" "=" value
097: * | "Secure"
098: * | "Version" "=" 1*DIGIT
099: * </PRE>
100: *
101: * @param host the host from which the <tt>Set-Cookie</tt> value was
102: * received
103: * @param port the port from which the <tt>Set-Cookie</tt> value was
104: * received
105: * @param path the path from which the <tt>Set-Cookie</tt> value was
106: * received
107: * @param secure <tt>true</tt> when the <tt>Set-Cookie</tt> value was
108: * received over secure conection
109: * @param header the <tt>Set-Cookie</tt> received from the server
110: * @return an array of <tt>Cookie</tt>s parsed from the Set-Cookie value
111: * @throws MalformedCookieException if an exception occurs during parsing
112: */
113: public Cookie[] parse(String host, int port, String path,
114: boolean secure, final String header)
115: throws MalformedCookieException {
116:
117: LOG.trace("enter CookieSpecBase.parse("
118: + "String, port, path, boolean, Header)");
119:
120: if (host == null) {
121: throw new IllegalArgumentException(
122: "Host of origin may not be null");
123: }
124: if (host.trim().equals("")) {
125: throw new IllegalArgumentException(
126: "Host of origin may not be blank");
127: }
128: if (port < 0) {
129: throw new IllegalArgumentException("Invalid port: " + port);
130: }
131: if (path == null) {
132: throw new IllegalArgumentException(
133: "Path of origin may not be null.");
134: }
135: if (header == null) {
136: throw new IllegalArgumentException(
137: "Header may not be null.");
138: }
139:
140: if (path.trim().equals("")) {
141: path = PATH_DELIM;
142: }
143: host = host.toLowerCase();
144:
145: String defaultPath = path;
146: int lastSlashIndex = defaultPath.lastIndexOf(PATH_DELIM);
147: if (lastSlashIndex >= 0) {
148: if (lastSlashIndex == 0) {
149: //Do not remove the very first slash
150: lastSlashIndex = 1;
151: }
152: defaultPath = defaultPath.substring(0, lastSlashIndex);
153: }
154:
155: HeaderElement[] headerElements = null;
156:
157: boolean isNetscapeCookie = false;
158: int i1 = header.toLowerCase().indexOf("expires=");
159: if (i1 != -1) {
160: i1 += "expires=".length();
161: int i2 = header.indexOf(";", i1);
162: if (i2 == -1) {
163: i2 = header.length();
164: }
165: try {
166: DateUtil.parseDate(header.substring(i1, i2),
167: this .datepatterns);
168: isNetscapeCookie = true;
169: } catch (DateParseException e) {
170: // Does not look like a valid expiry date
171: }
172: }
173: if (isNetscapeCookie) {
174: headerElements = new HeaderElement[] { new HeaderElement(
175: header.toCharArray()) };
176: } else {
177: headerElements = HeaderElement.parseElements(header
178: .toCharArray());
179: }
180:
181: Cookie[] cookies = new Cookie[headerElements.length];
182:
183: for (int i = 0; i < headerElements.length; i++) {
184:
185: HeaderElement headerelement = headerElements[i];
186: Cookie cookie = null;
187: try {
188: cookie = new Cookie(host, headerelement.getName(),
189: headerelement.getValue(), defaultPath, null,
190: false);
191: } catch (IllegalArgumentException e) {
192: throw new MalformedCookieException(e.getMessage());
193: }
194: // cycle through the parameters
195: NameValuePair[] parameters = headerelement.getParameters();
196: // could be null. In case only a header element and no parameters.
197: if (parameters != null) {
198:
199: for (int j = 0; j < parameters.length; j++) {
200: parseAttribute(parameters[j], cookie);
201: }
202: }
203: cookies[i] = cookie;
204: }
205: return cookies;
206: }
207:
208: /**
209: * Parse the <tt>"Set-Cookie"</tt> {@link Header} into an array of {@link
210: * Cookie}s.
211: *
212: * <P>The syntax for the Set-Cookie response header is:
213: *
214: * <PRE>
215: * set-cookie = "Set-Cookie:" cookies
216: * cookies = 1#cookie
217: * cookie = NAME "=" VALUE * (";" cookie-av)
218: * NAME = attr
219: * VALUE = value
220: * cookie-av = "Comment" "=" value
221: * | "Domain" "=" value
222: * | "Max-Age" "=" value
223: * | "Path" "=" value
224: * | "Secure"
225: * | "Version" "=" 1*DIGIT
226: * </PRE>
227: *
228: * @param host the host from which the <tt>Set-Cookie</tt> header was
229: * received
230: * @param port the port from which the <tt>Set-Cookie</tt> header was
231: * received
232: * @param path the path from which the <tt>Set-Cookie</tt> header was
233: * received
234: * @param secure <tt>true</tt> when the <tt>Set-Cookie</tt> header was
235: * received over secure conection
236: * @param header the <tt>Set-Cookie</tt> received from the server
237: * @return an array of <tt>Cookie</tt>s parsed from the <tt>"Set-Cookie"
238: * </tt> header
239: * @throws MalformedCookieException if an exception occurs during parsing
240: */
241: public Cookie[] parse(String host, int port, String path,
242: boolean secure, final Header header)
243: throws MalformedCookieException {
244:
245: LOG.trace("enter CookieSpecBase.parse("
246: + "String, port, path, boolean, String)");
247: if (header == null) {
248: throw new IllegalArgumentException(
249: "Header may not be null.");
250: }
251: return parse(host, port, path, secure, header.getValue());
252: }
253:
254: /**
255: * Parse the cookie attribute and update the corresponsing {@link Cookie}
256: * properties.
257: *
258: * @param attribute {@link HeaderElement} cookie attribute from the
259: * <tt>Set- Cookie</tt>
260: * @param cookie {@link Cookie} to be updated
261: * @throws MalformedCookieException if an exception occurs during parsing
262: */
263:
264: public void parseAttribute(final NameValuePair attribute,
265: final Cookie cookie) throws MalformedCookieException {
266:
267: if (attribute == null) {
268: throw new IllegalArgumentException(
269: "Attribute may not be null.");
270: }
271: if (cookie == null) {
272: throw new IllegalArgumentException(
273: "Cookie may not be null.");
274: }
275: final String paramName = attribute.getName().toLowerCase();
276: String paramValue = attribute.getValue();
277:
278: if (paramName.equals("path")) {
279:
280: if ((paramValue == null) || (paramValue.trim().equals(""))) {
281: paramValue = "/";
282: }
283: cookie.setPath(paramValue);
284: cookie.setPathAttributeSpecified(true);
285:
286: } else if (paramName.equals("domain")) {
287:
288: if (paramValue == null) {
289: throw new MalformedCookieException(
290: "Missing value for domain attribute");
291: }
292: if (paramValue.trim().equals("")) {
293: throw new MalformedCookieException(
294: "Blank value for domain attribute");
295: }
296: cookie.setDomain(paramValue);
297: cookie.setDomainAttributeSpecified(true);
298:
299: } else if (paramName.equals("max-age")) {
300:
301: if (paramValue == null) {
302: throw new MalformedCookieException(
303: "Missing value for max-age attribute");
304: }
305: int age;
306: try {
307: age = Integer.parseInt(paramValue);
308: } catch (NumberFormatException e) {
309: throw new MalformedCookieException("Invalid max-age "
310: + "attribute: " + e.getMessage());
311: }
312: cookie.setExpiryDate(new Date(System.currentTimeMillis()
313: + age * 1000L));
314:
315: } else if (paramName.equals("secure")) {
316:
317: cookie.setSecure(true);
318:
319: } else if (paramName.equals("comment")) {
320:
321: cookie.setComment(paramValue);
322:
323: } else if (paramName.equals("expires")) {
324:
325: if (paramValue == null) {
326: throw new MalformedCookieException(
327: "Missing value for expires attribute");
328: }
329:
330: try {
331: cookie.setExpiryDate(DateUtil.parseDate(paramValue,
332: this .datepatterns));
333: } catch (DateParseException dpe) {
334: LOG.debug("Error parsing cookie date", dpe);
335: throw new MalformedCookieException(
336: "Unable to parse expiration date parameter: "
337: + paramValue);
338: }
339: } else {
340: if (LOG.isDebugEnabled()) {
341: LOG.debug("Unrecognized cookie attribute: "
342: + attribute.toString());
343: }
344: }
345: }
346:
347: public Collection getValidDateFormats() {
348: return this .datepatterns;
349: }
350:
351: public void setValidDateFormats(final Collection datepatterns) {
352: this .datepatterns = datepatterns;
353: }
354:
355: /**
356: * Performs most common {@link Cookie} validation
357: *
358: * @param host the host from which the {@link Cookie} was received
359: * @param port the port from which the {@link Cookie} was received
360: * @param path the path from which the {@link Cookie} was received
361: * @param secure <tt>true</tt> when the {@link Cookie} was received using a
362: * secure connection
363: * @param cookie The cookie to validate.
364: * @throws MalformedCookieException if an exception occurs during
365: * validation
366: */
367:
368: public void validate(String host, int port, String path,
369: boolean secure, final Cookie cookie)
370: throws MalformedCookieException {
371:
372: LOG.trace("enter CookieSpecBase.validate("
373: + "String, port, path, boolean, Cookie)");
374: if (host == null) {
375: throw new IllegalArgumentException(
376: "Host of origin may not be null");
377: }
378: if (host.trim().equals("")) {
379: throw new IllegalArgumentException(
380: "Host of origin may not be blank");
381: }
382: if (port < 0) {
383: throw new IllegalArgumentException("Invalid port: " + port);
384: }
385: if (path == null) {
386: throw new IllegalArgumentException(
387: "Path of origin may not be null.");
388: }
389: if (path.trim().equals("")) {
390: path = PATH_DELIM;
391: }
392: host = host.toLowerCase();
393: // check version
394: if (cookie.getVersion() < 0) {
395: throw new MalformedCookieException(
396: "Illegal version number " + cookie.getValue());
397: }
398:
399: // security check... we musn't allow the server to give us an
400: // invalid domain scope
401:
402: // Validate the cookies domain attribute. NOTE: Domains without
403: // any dots are allowed to support hosts on private LANs that don't
404: // have DNS names. Since they have no dots, to domain-match the
405: // request-host and domain must be identical for the cookie to sent
406: // back to the origin-server.
407: if (host.indexOf(".") >= 0) {
408: // Not required to have at least two dots. RFC 2965.
409: // A Set-Cookie2 with Domain=ajax.com will be accepted.
410:
411: // domain must match host
412: if (!host.endsWith(cookie.getDomain())) {
413: String s = cookie.getDomain();
414: if (s.startsWith(".")) {
415: s = s.substring(1, s.length());
416: }
417: if (!host.equals(s)) {
418: throw new MalformedCookieException(
419: "Illegal domain attribute \""
420: + cookie.getDomain()
421: + "\". Domain of origin: \"" + host
422: + "\"");
423: }
424: }
425: } else {
426: if (!host.equals(cookie.getDomain())) {
427: throw new MalformedCookieException(
428: "Illegal domain attribute \""
429: + cookie.getDomain()
430: + "\". Domain of origin: \"" + host
431: + "\"");
432: }
433: }
434:
435: // another security check... we musn't allow the server to give us a
436: // cookie that doesn't match this path
437:
438: if (!path.startsWith(cookie.getPath())) {
439: throw new MalformedCookieException(
440: "Illegal path attribute \"" + cookie.getPath()
441: + "\". Path of origin: \"" + path + "\"");
442: }
443: }
444:
445: /**
446: * Return <tt>true</tt> if the cookie should be submitted with a request
447: * with given attributes, <tt>false</tt> otherwise.
448: * @param host the host to which the request is being submitted
449: * @param port the port to which the request is being submitted (ignored)
450: * @param path the path to which the request is being submitted
451: * @param secure <tt>true</tt> if the request is using a secure connection
452: * @param cookie {@link Cookie} to be matched
453: * @return true if the cookie matches the criterium
454: */
455:
456: public boolean match(String host, int port, String path,
457: boolean secure, final Cookie cookie) {
458:
459: LOG.trace("enter CookieSpecBase.match("
460: + "String, int, String, boolean, Cookie");
461:
462: if (host == null) {
463: throw new IllegalArgumentException(
464: "Host of origin may not be null");
465: }
466: if (host.trim().equals("")) {
467: throw new IllegalArgumentException(
468: "Host of origin may not be blank");
469: }
470: if (port < 0) {
471: throw new IllegalArgumentException("Invalid port: " + port);
472: }
473: if (path == null) {
474: throw new IllegalArgumentException(
475: "Path of origin may not be null.");
476: }
477: if (cookie == null) {
478: throw new IllegalArgumentException("Cookie may not be null");
479: }
480: if (path.trim().equals("")) {
481: path = PATH_DELIM;
482: }
483: host = host.toLowerCase();
484: if (cookie.getDomain() == null) {
485: LOG.warn("Invalid cookie state: domain not specified");
486: return false;
487: }
488: if (cookie.getPath() == null) {
489: LOG.warn("Invalid cookie state: path not specified");
490: return false;
491: }
492:
493: return
494: // only add the cookie if it hasn't yet expired
495: (cookie.getExpiryDate() == null || cookie.getExpiryDate()
496: .after(new Date()))
497: // and the domain pattern matches
498: && (domainMatch(host, cookie.getDomain()))
499: // and the path is null or matching
500: && (pathMatch(path, cookie.getPath()))
501: // and if the secure flag is set, only if the request is
502: // actually secure
503: && (cookie.getSecure() ? secure : true);
504: }
505:
506: /**
507: * Performs domain-match as implemented in common browsers.
508: * @param host The target host.
509: * @param domain The cookie domain attribute.
510: * @return true if the specified host matches the given domain.
511: */
512: public boolean domainMatch(final String host, String domain) {
513: if (host.equals(domain)) {
514: return true;
515: }
516: if (!domain.startsWith(".")) {
517: domain = "." + domain;
518: }
519: return host.endsWith(domain)
520: || host.equals(domain.substring(1));
521: }
522:
523: /**
524: * Performs path-match as implemented in common browsers.
525: * @param path The target path.
526: * @param topmostPath The cookie path attribute.
527: * @return true if the paths match
528: */
529: public boolean pathMatch(final String path, final String topmostPath) {
530: boolean match = path.startsWith(topmostPath);
531: // if there is a match and these values are not exactly the same we have
532: // to make sure we're not matcing "/foobar" and "/foo"
533: if (match && path.length() != topmostPath.length()) {
534: if (!topmostPath.endsWith(PATH_DELIM)) {
535: match = (path.charAt(topmostPath.length()) == PATH_DELIM_CHAR);
536: }
537: }
538: return match;
539: }
540:
541: /**
542: * Return an array of {@link Cookie}s that should be submitted with a
543: * request with given attributes, <tt>false</tt> otherwise.
544: * @param host the host to which the request is being submitted
545: * @param port the port to which the request is being submitted (currently
546: * ignored)
547: * @param path the path to which the request is being submitted
548: * @param secure <tt>true</tt> if the request is using a secure protocol
549: * @param cookies an array of <tt>Cookie</tt>s to be matched
550: * @return an array of <tt>Cookie</tt>s matching the criterium
551: *
552: // BEGIN IA CHANGES
553: * @deprecated use match(String, int, String, boolean, SortedMap)
554: // END IA CHANGES
555: */
556:
557: public Cookie[] match(String host, int port, String path,
558: boolean secure, final Cookie cookies[]) {
559:
560: LOG.trace("enter CookieSpecBase.match("
561: + "String, int, String, boolean, Cookie[])");
562:
563: if (cookies == null) {
564: return null;
565: }
566: List matching = new LinkedList();
567: for (int i = 0; i < cookies.length; i++) {
568: if (match(host, port, path, secure, cookies[i])) {
569: addInPathOrder(matching, cookies[i]);
570: }
571: }
572: return (Cookie[]) matching.toArray(new Cookie[matching.size()]);
573: }
574:
575: // BEGIN IA CHANGES
576: /**
577: * Return an array of {@link Cookie}s that should be submitted with a
578: * request with given attributes, <tt>false</tt> otherwise.
579: *
580: * If the SortedMap comes from an HttpState and is not itself
581: * thread-safe, it may be necessary to synchronize on the HttpState
582: * instance to protect against concurrent modification.
583: *
584: * @param host the host to which the request is being submitted
585: * @param port the port to which the request is being submitted (currently
586: * ignored)
587: * @param path the path to which the request is being submitted
588: * @param secure <tt>true</tt> if the request is using a secure protocol
589: * @param cookies SortedMap of <tt>Cookie</tt>s to be matched
590: * @return an array of <tt>Cookie</tt>s matching the criterium
591: */
592:
593: public Cookie[] match(String host, int port, String path,
594: boolean secure, final SortedMap cookies) {
595:
596: LOG.trace("enter CookieSpecBase.match("
597: + "String, int, String, boolean, SortedMap)");
598:
599: // TODO: skip meaningless 'narrowing' when host is a numeric IP
600: // (harmless in the meantime)
601:
602: if (cookies == null) {
603: return null;
604: }
605: List matching = new LinkedList();
606: String narrowHost = host;
607: do {
608: Iterator iter = cookies.subMap(narrowHost,
609: narrowHost + Cookie.DOMAIN_OVERBOUNDS).values()
610: .iterator();
611: while (iter.hasNext()) {
612: Cookie cookie = (Cookie) (iter.next());
613: if (match(host, port, path, secure, cookie)) {
614: addInPathOrder(matching, cookie);
615: }
616: }
617: StoredIterator.close(iter);
618: int trimTo = narrowHost.indexOf('.', 1);
619: narrowHost = (trimTo < 0) ? null : narrowHost
620: .substring(trimTo + 1);
621: } while (narrowHost != null);
622:
623: return (Cookie[]) matching.toArray(new Cookie[matching.size()]);
624: }
625:
626: // END IA CHANGES
627:
628: /**
629: * Adds the given cookie into the given list in descending path order. That
630: * is, more specific path to least specific paths. This may not be the
631: * fastest algorythm, but it'll work OK for the small number of cookies
632: * we're generally dealing with.
633: *
634: * @param list - the list to add the cookie to
635: * @param addCookie - the Cookie to add to list
636: */
637: private static void addInPathOrder(List list, Cookie addCookie) {
638: int i = 0;
639:
640: for (i = 0; i < list.size(); i++) {
641: Cookie c = (Cookie) list.get(i);
642: if (addCookie.compare(addCookie, c) > 0) {
643: break;
644: }
645: }
646: list.add(i, addCookie);
647: }
648:
649: /**
650: * Return a string suitable for sending in a <tt>"Cookie"</tt> header
651: * @param cookie a {@link Cookie} to be formatted as string
652: * @return a string suitable for sending in a <tt>"Cookie"</tt> header.
653: */
654: public String formatCookie(Cookie cookie) {
655: LOG.trace("enter CookieSpecBase.formatCookie(Cookie)");
656: if (cookie == null) {
657: throw new IllegalArgumentException("Cookie may not be null");
658: }
659: StringBuffer buf = new StringBuffer();
660: buf.append(cookie.getName());
661: buf.append("=");
662: String s = cookie.getValue();
663: if (s != null) {
664: buf.append(s);
665: }
666: return buf.toString();
667: }
668:
669: /**
670: * Create a <tt>"Cookie"</tt> header value containing all {@link Cookie}s in
671: * <i>cookies</i> suitable for sending in a <tt>"Cookie"</tt> header
672: * @param cookies an array of {@link Cookie}s to be formatted
673: * @return a string suitable for sending in a Cookie header.
674: * @throws IllegalArgumentException if an input parameter is illegal
675: */
676:
677: public String formatCookies(Cookie[] cookies)
678: throws IllegalArgumentException {
679: LOG.trace("enter CookieSpecBase.formatCookies(Cookie[])");
680: if (cookies == null) {
681: throw new IllegalArgumentException(
682: "Cookie array may not be null");
683: }
684: if (cookies.length == 0) {
685: throw new IllegalArgumentException(
686: "Cookie array may not be empty");
687: }
688:
689: StringBuffer buffer = new StringBuffer();
690: for (int i = 0; i < cookies.length; i++) {
691: if (i > 0) {
692: buffer.append("; ");
693: }
694: buffer.append(formatCookie(cookies[i]));
695: }
696: return buffer.toString();
697: }
698:
699: /**
700: * Create a <tt>"Cookie"</tt> {@link Header} containing all {@link Cookie}s
701: * in <i>cookies</i>.
702: * @param cookies an array of {@link Cookie}s to be formatted as a <tt>"
703: * Cookie"</tt> header
704: * @return a <tt>"Cookie"</tt> {@link Header}.
705: */
706: public Header formatCookieHeader(Cookie[] cookies) {
707: LOG.trace("enter CookieSpecBase.formatCookieHeader(Cookie[])");
708: return new Header("Cookie", formatCookies(cookies));
709: }
710:
711: /**
712: * Create a <tt>"Cookie"</tt> {@link Header} containing the {@link Cookie}.
713: * @param cookie <tt>Cookie</tt>s to be formatted as a <tt>Cookie</tt>
714: * header
715: * @return a Cookie header.
716: */
717: public Header formatCookieHeader(Cookie cookie) {
718: LOG.trace("enter CookieSpecBase.formatCookieHeader(Cookie)");
719: return new Header("Cookie", formatCookie(cookie));
720: }
721:
722: }
|