001/* 002 * ==================================================================== 003 * Licensed to the Apache Software Foundation (ASF) under one 004 * or more contributor license agreements. See the NOTICE file 005 * distributed with this work for additional information 006 * regarding copyright ownership. The ASF licenses this file 007 * to you under the Apache License, Version 2.0 (the 008 * "License"); you may not use this file except in compliance 009 * with the License. You may obtain a copy of the License at 010 * 011 * http://www.apache.org/licenses/LICENSE-2.0 012 * 013 * Unless required by applicable law or agreed to in writing, 014 * software distributed under the License is distributed on an 015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 016 * KIND, either express or implied. See the License for the 017 * specific language governing permissions and limitations 018 * under the License. 019 * ==================================================================== 020 * 021 * This software consists of voluntary contributions made by many 022 * individuals on behalf of the Apache Software Foundation. For more 023 * information on the Apache Software Foundation, please see 024 * <http://www.apache.org/>. 025 * 026 */ 027package org.apache.http.impl.cookie; 028 029import java.util.Locale; 030 031import org.apache.http.annotation.Contract; 032import org.apache.http.annotation.ThreadingBehavior; 033import org.apache.http.cookie.ClientCookie; 034import org.apache.http.cookie.CommonCookieAttributeHandler; 035import org.apache.http.cookie.Cookie; 036import org.apache.http.cookie.CookieOrigin; 037import org.apache.http.cookie.CookieRestrictionViolationException; 038import org.apache.http.cookie.MalformedCookieException; 039import org.apache.http.cookie.SetCookie; 040import org.apache.http.util.Args; 041 042/** 043 * 044 * @since 4.0 045 */ 046@Contract(threading = ThreadingBehavior.IMMUTABLE) 047public class RFC2109DomainHandler implements CommonCookieAttributeHandler { 048 049 public RFC2109DomainHandler() { 050 super(); 051 } 052 053 @Override 054 public void parse(final SetCookie cookie, final String value) 055 throws MalformedCookieException { 056 Args.notNull(cookie, "Cookie"); 057 if (value == null) { 058 throw new MalformedCookieException("Missing value for domain attribute"); 059 } 060 if (value.trim().isEmpty()) { 061 throw new MalformedCookieException("Blank value for domain attribute"); 062 } 063 cookie.setDomain(value); 064 } 065 066 @Override 067 public void validate(final Cookie cookie, final CookieOrigin origin) 068 throws MalformedCookieException { 069 Args.notNull(cookie, "Cookie"); 070 Args.notNull(origin, "Cookie origin"); 071 String host = origin.getHost(); 072 final String domain = cookie.getDomain(); 073 if (domain == null) { 074 throw new CookieRestrictionViolationException("Cookie domain may not be null"); 075 } 076 if (!domain.equals(host)) { 077 int dotIndex = domain.indexOf('.'); 078 if (dotIndex == -1) { 079 throw new CookieRestrictionViolationException("Domain attribute \"" 080 + domain 081 + "\" does not match the host \"" 082 + host + "\""); 083 } 084 // domain must start with dot 085 if (!domain.startsWith(".")) { 086 throw new CookieRestrictionViolationException("Domain attribute \"" 087 + domain 088 + "\" violates RFC 2109: domain must start with a dot"); 089 } 090 // domain must have at least one embedded dot 091 dotIndex = domain.indexOf('.', 1); 092 if (dotIndex < 0 || dotIndex == domain.length() - 1) { 093 throw new CookieRestrictionViolationException("Domain attribute \"" 094 + domain 095 + "\" violates RFC 2109: domain must contain an embedded dot"); 096 } 097 host = host.toLowerCase(Locale.ROOT); 098 if (!host.endsWith(domain)) { 099 throw new CookieRestrictionViolationException( 100 "Illegal domain attribute \"" + domain 101 + "\". Domain of origin: \"" + host + "\""); 102 } 103 // host minus domain may not contain any dots 104 final String hostWithoutDomain = host.substring(0, host.length() - domain.length()); 105 if (hostWithoutDomain.indexOf('.') != -1) { 106 throw new CookieRestrictionViolationException("Domain attribute \"" 107 + domain 108 + "\" violates RFC 2109: host minus domain may not contain any dots"); 109 } 110 } 111 } 112 113 @Override 114 public boolean match(final Cookie cookie, final CookieOrigin origin) { 115 Args.notNull(cookie, "Cookie"); 116 Args.notNull(origin, "Cookie origin"); 117 final String host = origin.getHost(); 118 final String domain = cookie.getDomain(); 119 if (domain == null) { 120 return false; 121 } 122 return host.equals(domain) || (domain.startsWith(".") && host.endsWith(domain)); 123 } 124 125 @Override 126 public String getAttributeName() { 127 return ClientCookie.DOMAIN_ATTR; 128 } 129 130}