Source code

001/*
002 * ====================================================================
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements.  See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership.  The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License.  You may obtain a copy of the License at
010 *
011 *   http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing,
014 * software distributed under the License is distributed on an
015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
016 * KIND, either express or implied.  See the License for the
017 * specific language governing permissions and limitations
018 * under the License.
019 * ====================================================================
020 *
021 * This software consists of voluntary contributions made by many
022 * individuals on behalf of the Apache Software Foundation.  For more
023 * information on the Apache Software Foundation, please see
024 * <http://www.apache.org/>.
025 *
026 */
027package org.apache.http.impl.cookie;
028
029import java.util.Locale;
030
031import org.apache.http.annotation.Contract;
032import org.apache.http.annotation.ThreadingBehavior;
033import org.apache.http.cookie.ClientCookie;
034import org.apache.http.cookie.CommonCookieAttributeHandler;
035import org.apache.http.cookie.Cookie;
036import org.apache.http.cookie.CookieOrigin;
037import org.apache.http.cookie.CookieRestrictionViolationException;
038import org.apache.http.cookie.MalformedCookieException;
039import org.apache.http.cookie.SetCookie;
040import org.apache.http.util.Args;
041
042/**
043 *
044 * @since 4.0
045 */
046@Contract(threading = ThreadingBehavior.IMMUTABLE)
047public class RFC2109DomainHandler implements CommonCookieAttributeHandler {
048
049    public RFC2109DomainHandler() {
050        super();
051    }
052
053    @Override
054    public void parse(final SetCookie cookie, final String value)
055            throws MalformedCookieException {
056        Args.notNull(cookie, "Cookie");
057        if (value == null) {
058            throw new MalformedCookieException("Missing value for domain attribute");
059        }
060        if (value.trim().isEmpty()) {
061            throw new MalformedCookieException("Blank value for domain attribute");
062        }
063        cookie.setDomain(value);
064    }
065
066    @Override
067    public void validate(final Cookie cookie, final CookieOrigin origin)
068            throws MalformedCookieException {
069        Args.notNull(cookie, "Cookie");
070        Args.notNull(origin, "Cookie origin");
071        String host = origin.getHost();
072        final String domain = cookie.getDomain();
073        if (domain == null) {
074            throw new CookieRestrictionViolationException("Cookie domain may not be null");
075        }
076        if (!domain.equals(host)) {
077            int dotIndex = domain.indexOf('.');
078            if (dotIndex == -1) {
079                throw new CookieRestrictionViolationException("Domain attribute \""
080                        + domain
081                        + "\" does not match the host \""
082                        + host + "\"");
083            }
084            // domain must start with dot
085            if (!domain.startsWith(".")) {
086                throw new CookieRestrictionViolationException("Domain attribute \""
087                    + domain
088                    + "\" violates RFC 2109: domain must start with a dot");
089            }
090            // domain must have at least one embedded dot
091            dotIndex = domain.indexOf('.', 1);
092            if (dotIndex < 0 || dotIndex == domain.length() - 1) {
093                throw new CookieRestrictionViolationException("Domain attribute \""
094                    + domain
095                    + "\" violates RFC 2109: domain must contain an embedded dot");
096            }
097            host = host.toLowerCase(Locale.ROOT);
098            if (!host.endsWith(domain)) {
099                throw new CookieRestrictionViolationException(
100                    "Illegal domain attribute \"" + domain
101                    + "\". Domain of origin: \"" + host + "\"");
102            }
103            // host minus domain may not contain any dots
104            final String hostWithoutDomain = host.substring(0, host.length() - domain.length());
105            if (hostWithoutDomain.indexOf('.') != -1) {
106                throw new CookieRestrictionViolationException("Domain attribute \""
107                    + domain
108                    + "\" violates RFC 2109: host minus domain may not contain any dots");
109            }
110        }
111    }
112
113    @Override
114    public boolean match(final Cookie cookie, final CookieOrigin origin) {
115        Args.notNull(cookie, "Cookie");
116        Args.notNull(origin, "Cookie origin");
117        final String host = origin.getHost();
118        final String domain = cookie.getDomain();
119        if (domain == null) {
120            return false;
121        }
122        return host.equals(domain) || (domain.startsWith(".") && host.endsWith(domain));
123    }
124
125    @Override
126    public String getAttributeName() {
127        return ClientCookie.DOMAIN_ATTR;
128    }
129
130}