1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27
28 package org.apache.http.impl.cookie;
29
30 import java.util.Locale;
31
32 import org.apache.http.annotation.Contract;
33 import org.apache.http.annotation.ThreadingBehavior;
34 import org.apache.http.cookie.ClientCookie;
35 import org.apache.http.cookie.CommonCookieAttributeHandler;
36 import org.apache.http.cookie.Cookie;
37 import org.apache.http.cookie.CookieOrigin;
38 import org.apache.http.cookie.CookieRestrictionViolationException;
39 import org.apache.http.cookie.MalformedCookieException;
40 import org.apache.http.cookie.SetCookie;
41 import org.apache.http.util.Args;
42
43 /**
44 * {@code "Domain"} cookie attribute handler for RFC 2965 cookie spec.
45 *
46 *
47 * @since 3.1
48 */
49 @Contract(threading = ThreadingBehavior.IMMUTABLE)
50 public class RFC2965DomainAttributeHandler implements CommonCookieAttributeHandler {
51
52 public RFC2965DomainAttributeHandler() {
53 super();
54 }
55
56 /**
57 * Parse cookie domain attribute.
58 */
59 @Override
60 public void parse(
61 final SetCookie cookie, final String domain) throws MalformedCookieException {
62 Args.notNull(cookie, "Cookie");
63 if (domain == null) {
64 throw new MalformedCookieException(
65 "Missing value for domain attribute");
66 }
67 if (domain.trim().isEmpty()) {
68 throw new MalformedCookieException(
69 "Blank value for domain attribute");
70 }
71 String s = domain;
72 s = s.toLowerCase(Locale.ROOT);
73 if (!domain.startsWith(".")) {
74 // Per RFC 2965 section 3.2.2
75 // "... If an explicitly specified value does not start with
76 // a dot, the user agent supplies a leading dot ..."
77 // That effectively implies that the domain attribute
78 // MAY NOT be an IP address of a host name
79 s = '.' + s;
80 }
81 cookie.setDomain(s);
82 }
83
84 /**
85 * Performs domain-match as defined by the RFC2965.
86 * <p>
87 * Host A's name domain-matches host B's if
88 * </p>
89 * <ol>
90 * <li>their host name strings string-compare equal; or</li>
91 * <li>A is a HDN string and has the form NB, where N is a non-empty
92 * name string, B has the form .B', and B' is a HDN string. (So,
93 * x.y.com domain-matches .Y.com but not Y.com.)</li>
94 * </ol>
95 *
96 * @param host host name where cookie is received from or being sent to.
97 * @param domain The cookie domain attribute.
98 * @return true if the specified host matches the given domain.
99 */
100 public boolean domainMatch(final String host, final String domain) {
101 final boolean match = host.equals(domain)
102 || (domain.startsWith(".") && host.endsWith(domain));
103
104 return match;
105 }
106
107 /**
108 * Validate cookie domain attribute.
109 */
110 @Override
111 public void validate(final Cookie cookie, final CookieOrigin origin)
112 throws MalformedCookieException {
113 Args.notNull(cookie, "Cookie");
114 Args.notNull(origin, "Cookie origin");
115 final String host = origin.getHost().toLowerCase(Locale.ROOT);
116 if (cookie.getDomain() == null) {
117 throw new CookieRestrictionViolationException("Invalid cookie state: " +
118 "domain not specified");
119 }
120 final String cookieDomain = cookie.getDomain().toLowerCase(Locale.ROOT);
121
122 if (cookie instanceof ClientCookie
123 && ((ClientCookie) cookie).containsAttribute(ClientCookie.DOMAIN_ATTR)) {
124 // Domain attribute must start with a dot
125 if (!cookieDomain.startsWith(".")) {
126 throw new CookieRestrictionViolationException("Domain attribute \"" +
127 cookie.getDomain() + "\" violates RFC 2109: domain must start with a dot");
128 }
129
130 // Domain attribute must contain at least one embedded dot,
131 // or the value must be equal to .local.
132 final int dotIndex = cookieDomain.indexOf('.', 1);
133 if (((dotIndex < 0) || (dotIndex == cookieDomain.length() - 1))
134 && (!cookieDomain.equals(".local"))) {
135 throw new CookieRestrictionViolationException(
136 "Domain attribute \"" + cookie.getDomain()
137 + "\" violates RFC 2965: the value contains no embedded dots "
138 + "and the value is not .local");
139 }
140
141 // The effective host name must domain-match domain attribute.
142 if (!domainMatch(host, cookieDomain)) {
143 throw new CookieRestrictionViolationException(
144 "Domain attribute \"" + cookie.getDomain()
145 + "\" violates RFC 2965: effective host name does not "
146 + "domain-match domain attribute.");
147 }
148
149 // effective host name minus domain must not contain any dots
150 final String effectiveHostWithoutDomain = host.substring(
151 0, host.length() - cookieDomain.length());
152 if (effectiveHostWithoutDomain.indexOf('.') != -1) {
153 throw new CookieRestrictionViolationException("Domain attribute \""
154 + cookie.getDomain() + "\" violates RFC 2965: "
155 + "effective host minus domain may not contain any dots");
156 }
157 } else {
158 // Domain was not specified in header. In this case, domain must
159 // string match request host (case-insensitive).
160 if (!cookie.getDomain().equals(host)) {
161 throw new CookieRestrictionViolationException("Illegal domain attribute: \""
162 + cookie.getDomain() + "\"."
163 + "Domain of origin: \""
164 + host + "\"");
165 }
166 }
167 }
168
169 /**
170 * Match cookie domain attribute.
171 */
172 @Override
173 public boolean match(final Cookie cookie, final CookieOrigin origin) {
174 Args.notNull(cookie, "Cookie");
175 Args.notNull(origin, "Cookie origin");
176 final String host = origin.getHost().toLowerCase(Locale.ROOT);
177 final String cookieDomain = cookie.getDomain();
178
179 // The effective host name MUST domain-match the Domain
180 // attribute of the cookie.
181 if (!domainMatch(host, cookieDomain)) {
182 return false;
183 }
184 // effective host name minus domain must not contain any dots
185 final String effectiveHostWithoutDomain = host.substring(
186 0, host.length() - cookieDomain.length());
187 return effectiveHostWithoutDomain.indexOf('.') == -1;
188 }
189
190 @Override
191 public String getAttributeName() {
192 return ClientCookie.DOMAIN_ATTR;
193 }
194
195 }
196