View Javadoc

1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  package org.apache.http.impl.cookie;
28  
29  import org.apache.http.annotation.Immutable;
30  import org.apache.http.cookie.Cookie;
31  import org.apache.http.cookie.CookieAttributeHandler;
32  import org.apache.http.cookie.CookieOrigin;
33  import org.apache.http.cookie.CookieRestrictionViolationException;
34  import org.apache.http.cookie.MalformedCookieException;
35  import org.apache.http.cookie.SetCookie;
36  import org.apache.http.util.Args;
37  
38  /**
39   *
40   * @since 4.0
41   */
42  @Immutable
43  public class BasicDomainHandler implements CookieAttributeHandler {
44  
45      public BasicDomainHandler() {
46          super();
47      }
48  
49      public void parse(final SetCookie cookie, final String value)
50              throws MalformedCookieException {
51          Args.notNull(cookie, "Cookie");
52          if (value == null) {
53              throw new MalformedCookieException("Missing value for domain attribute");
54          }
55          if (value.trim().length() == 0) {
56              throw new MalformedCookieException("Blank value for domain attribute");
57          }
58          cookie.setDomain(value);
59      }
60  
61      public void validate(final Cookie cookie, final CookieOrigin origin)
62              throws MalformedCookieException {
63          Args.notNull(cookie, "Cookie");
64          Args.notNull(origin, "Cookie origin");
65          // Validate the cookies domain attribute.  NOTE:  Domains without
66          // any dots are allowed to support hosts on private LANs that don't
67          // have DNS names.  Since they have no dots, to domain-match the
68          // request-host and domain must be identical for the cookie to sent
69          // back to the origin-server.
70          final String host = origin.getHost();
71          String domain = cookie.getDomain();
72          if (domain == null) {
73              throw new CookieRestrictionViolationException("Cookie domain may not be null");
74          }
75          if (host.contains(".")) {
76              // Not required to have at least two dots.  RFC 2965.
77              // A Set-Cookie2 with Domain=ajax.com will be accepted.
78  
79              // domain must match host
80              if (!host.endsWith(domain)) {
81                  if (domain.startsWith(".")) {
82                      domain = domain.substring(1, domain.length());
83                  }
84                  if (!host.equals(domain)) {
85                      throw new CookieRestrictionViolationException(
86                          "Illegal domain attribute \"" + domain
87                          + "\". Domain of origin: \"" + host + "\"");
88                  }
89              }
90          } else {
91              if (!host.equals(domain)) {
92                  throw new CookieRestrictionViolationException(
93                      "Illegal domain attribute \"" + domain
94                      + "\". Domain of origin: \"" + host + "\"");
95              }
96          }
97      }
98  
99      public boolean match(final Cookie cookie, final CookieOrigin origin) {
100         Args.notNull(cookie, "Cookie");
101         Args.notNull(origin, "Cookie origin");
102         final String host = origin.getHost();
103         String domain = cookie.getDomain();
104         if (domain == null) {
105             return false;
106         }
107         if (host.equals(domain)) {
108             return true;
109         }
110         if (!domain.startsWith(".")) {
111             domain = '.' + domain;
112         }
113         return host.endsWith(domain) || host.equals(domain.substring(1));
114     }
115 
116 }