View Javadoc

1   /*
2    * ====================================================================
3    * Licensed to the Apache Software Foundation (ASF) under one
4    * or more contributor license agreements.  See the NOTICE file
5    * distributed with this work for additional information
6    * regarding copyright ownership.  The ASF licenses this file
7    * to you under the Apache License, Version 2.0 (the
8    * "License"); you may not use this file except in compliance
9    * with the License.  You may obtain a copy of the License at
10   *
11   *   http://www.apache.org/licenses/LICENSE-2.0
12   *
13   * Unless required by applicable law or agreed to in writing,
14   * software distributed under the License is distributed on an
15   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16   * KIND, either express or implied.  See the License for the
17   * specific language governing permissions and limitations
18   * under the License.
19   * ====================================================================
20   *
21   * This software consists of voluntary contributions made by many
22   * individuals on behalf of the Apache Software Foundation.  For more
23   * information on the Apache Software Foundation, please see
24   * <http://www.apache.org/>.
25   *
26   */
27  package org.apache.http.impl.cookie;
28  
29  import org.apache.http.annotation.Immutable;
30  
31  import org.apache.http.cookie.Cookie;
32  import org.apache.http.cookie.CookieAttributeHandler;
33  import org.apache.http.cookie.CookieOrigin;
34  import org.apache.http.cookie.CookieRestrictionViolationException;
35  import org.apache.http.cookie.MalformedCookieException;
36  import org.apache.http.cookie.SetCookie;
37  
38  /**
39   *
40   * @since 4.0
41   */
42  @Immutable
43  public class BasicDomainHandler implements CookieAttributeHandler {
44  
45      public BasicDomainHandler() {
46          super();
47      }
48  
49      public void parse(final SetCookie cookie, final String value)
50              throws MalformedCookieException {
51          if (cookie == null) {
52              throw new IllegalArgumentException("Cookie may not be null");
53          }
54          if (value == null) {
55              throw new MalformedCookieException("Missing value for domain attribute");
56          }
57          if (value.trim().length() == 0) {
58              throw new MalformedCookieException("Blank value for domain attribute");
59          }
60          cookie.setDomain(value);
61      }
62  
63      public void validate(final Cookie cookie, final CookieOrigin origin)
64              throws MalformedCookieException {
65          if (cookie == null) {
66              throw new IllegalArgumentException("Cookie may not be null");
67          }
68          if (origin == null) {
69              throw new IllegalArgumentException("Cookie origin may not be null");
70          }
71          // Validate the cookies domain attribute.  NOTE:  Domains without
72          // any dots are allowed to support hosts on private LANs that don't
73          // have DNS names.  Since they have no dots, to domain-match the
74          // request-host and domain must be identical for the cookie to sent
75          // back to the origin-server.
76          String host = origin.getHost();
77          String domain = cookie.getDomain();
78          if (domain == null) {
79              throw new CookieRestrictionViolationException("Cookie domain may not be null");
80          }
81          if (host.contains(".")) {
82              // Not required to have at least two dots.  RFC 2965.
83              // A Set-Cookie2 with Domain=ajax.com will be accepted.
84  
85              // domain must match host
86              if (!host.endsWith(domain)) {
87                  if (domain.startsWith(".")) {
88                      domain = domain.substring(1, domain.length());
89                  }
90                  if (!host.equals(domain)) {
91                      throw new CookieRestrictionViolationException(
92                          "Illegal domain attribute \"" + domain
93                          + "\". Domain of origin: \"" + host + "\"");
94                  }
95              }
96          } else {
97              if (!host.equals(domain)) {
98                  throw new CookieRestrictionViolationException(
99                      "Illegal domain attribute \"" + domain
100                     + "\". Domain of origin: \"" + host + "\"");
101             }
102         }
103     }
104 
105     public boolean match(final Cookie cookie, final CookieOrigin origin) {
106         if (cookie == null) {
107             throw new IllegalArgumentException("Cookie may not be null");
108         }
109         if (origin == null) {
110             throw new IllegalArgumentException("Cookie origin may not be null");
111         }
112         String host = origin.getHost();
113         String domain = cookie.getDomain();
114         if (domain == null) {
115             return false;
116         }
117         if (host.equals(domain)) {
118             return true;
119         }
120         if (!domain.startsWith(".")) {
121             domain = '.' + domain;
122         }
123         return host.endsWith(domain) || host.equals(domain.substring(1));
124     }
125 
126 }