1 /*
   2  * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package com.sun.webkit.network;
  27 
  28 import com.sun.javafx.logging.PlatformLogger;
  29 
  30 import java.net.URI;
  31 import java.text.ParseException;
  32 import java.util.regex.Matcher;
  33 import java.util.regex.Pattern;
  34 
  35 /**
  36  * An RFC 6265-compliant cookie.
  37  */
  38 final class Cookie {
  39 
  40     private static final PlatformLogger logger =
  41             PlatformLogger.getLogger(Cookie.class.getName());
  42     private static final Pattern IP_ADDRESS_PATTERN = Pattern.compile(
  43             "(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})\\.(\\d{1,3})");
  44 
  45 
  46     private final String name;
  47     private final String value;
  48     private final long expiryTime;
  49     private String domain;
  50     private String path;
  51     private ExtendedTime creationTime;
  52     private long lastAccessTime;
  53     private final boolean persistent;
  54     private boolean hostOnly;
  55     private final boolean secureOnly;
  56     private final boolean httpOnly;
  57 
  58 
  59     /**
  60      * Creates a new {@code Cookie}.
  61      */
  62     private Cookie(String name, String value, long expiryTime, String domain,
  63             String path, ExtendedTime creationTime, long lastAccessTime,
  64             boolean persistent, boolean hostOnly, boolean secureOnly,
  65             boolean httpOnly)
  66     {
  67         this.name = name;
  68         this.value = value;
  69         this.expiryTime = expiryTime;
  70         this.domain = domain;
  71         this.path = path;
  72         this.creationTime = creationTime;
  73         this.lastAccessTime = lastAccessTime;
  74         this.persistent = persistent;
  75         this.hostOnly = hostOnly;
  76         this.secureOnly = secureOnly;
  77         this.httpOnly = httpOnly;
  78     }
  79 
  80 
  81     /**
  82      * Parses a {@code Set-Cookie} header string into a {@code Cookie}
  83      * object.
  84      */
  85     static Cookie parse(String setCookieString, ExtendedTime currentTime) {
  86         logger.finest("setCookieString: [{0}]", setCookieString);
  87 
  88         String[] items = setCookieString.split(";", -1);
  89 
  90         String[] nameValuePair = items[0].split("=", 2);
  91         if (nameValuePair.length != 2) {
  92             logger.finest("Name-value pair string lacks '=', "
  93                     + "ignoring cookie");
  94             return null;
  95         }
  96         String name = nameValuePair[0].trim();
  97         String value = nameValuePair[1].trim();
  98         if (name.length() == 0) {
  99             logger.finest("Name string is empty, ignoring cookie");
 100             return null;
 101         }
 102 
 103         Long expires = null;
 104         Long maxAge = null;
 105         String domain = null;
 106         String path = null;
 107         boolean secure = false;
 108         boolean httpOnly = false;
 109 
 110         for (int i = 1; i < items.length; i++) {
 111             String[] terms = items[i].split("=", 2);
 112             String attrName = terms[0].trim();
 113             String attrValue = (terms.length > 1 ? terms[1] : "").trim();
 114 
 115             try {
 116                 if ("Expires".equalsIgnoreCase(attrName)) {
 117                     expires = parseExpires(attrValue);
 118                 } else if ("Max-Age".equalsIgnoreCase(attrName)) {
 119                     maxAge = parseMaxAge(attrValue, currentTime.baseTime());
 120                 } else if ("Domain".equalsIgnoreCase(attrName)) {
 121                     domain = parseDomain(attrValue);
 122                 } else if ("Path".equalsIgnoreCase(attrName)) {
 123                     path = parsePath(attrValue);
 124                 } else if ("Secure".equalsIgnoreCase(attrName)) {
 125                     secure = true;
 126                 } else if ("HttpOnly".equalsIgnoreCase(attrName)) {
 127                     httpOnly = true;
 128                 } else {
 129                     logger.finest("Unknown attribute: [{0}], "
 130                             + "ignoring", attrName);
 131                 }
 132             } catch (ParseException ex) {
 133                 logger.finest("{0}, ignoring", ex.getMessage());
 134             }
 135         }
 136 
 137         long expiryTime;
 138         boolean persistent;
 139         if (maxAge != null) {
 140             persistent = true;
 141             expiryTime = maxAge;
 142         } else if (expires != null) {
 143             persistent = true;
 144             expiryTime = expires;
 145         } else {
 146             persistent = false;
 147             expiryTime = Long.MAX_VALUE;
 148         }
 149 
 150         if (domain == null) {
 151             domain = "";
 152         }
 153 
 154         Cookie result = new Cookie(name, value, expiryTime, domain, path,
 155                 currentTime, currentTime.baseTime(), persistent, false,
 156                 secure, httpOnly);
 157         logger.finest("result: {0}", result);
 158         return result;
 159     }
 160 
 161     /**
 162      * Parses the value of the {@code Expires} attribute.
 163      */
 164     private static long parseExpires(String attributeValue)
 165         throws ParseException
 166     {
 167         try {
 168             return Math.max(DateParser.parse(attributeValue), 0);
 169         } catch (ParseException ex) {
 170             throw new ParseException("Error parsing Expires attribute", 0);
 171         }
 172     }
 173 
 174     /**
 175      * Parses the value of the {@code Max-Age} attribute.
 176      */
 177     private static long parseMaxAge(String attributeValue, long currentTime)
 178         throws ParseException
 179     {
 180         try {
 181             long maxAge = Long.parseLong(attributeValue);
 182             if (maxAge <= 0) {
 183                 return 0;
 184             } else {
 185                 return maxAge > (Long.MAX_VALUE - currentTime) / 1000
 186                         ? Long.MAX_VALUE : currentTime + maxAge * 1000;
 187             }
 188         } catch (NumberFormatException ex) {
 189             throw new ParseException("Error parsing Max-Age attribute", 0);
 190         }
 191     }
 192 
 193     /**
 194      * Parses the value of the {@code Domain} attribute.
 195      */
 196     private static String parseDomain(String attributeValue)
 197         throws ParseException
 198     {
 199         if (attributeValue.length() == 0) {
 200             throw new ParseException("Domain attribute is empty", 0);
 201         }
 202         if (attributeValue.startsWith(".")) {
 203             attributeValue = attributeValue.substring(1);
 204         }
 205         return attributeValue.toLowerCase();
 206     }
 207 
 208     /**
 209      * Parses the value of the {@code Path} attribute.
 210      */
 211     private static String parsePath(String attributeValue) {
 212         return attributeValue.startsWith("/") ? attributeValue : null;
 213     }
 214 
 215 
 216     /**
 217      * Returns the name of this cookie.
 218      */
 219     String getName() {
 220         return name;
 221     }
 222 
 223     /**
 224      * Returns the value of this cookie.
 225      */
 226     String getValue() {
 227         return value;
 228     }
 229 
 230     /**
 231      * Returns the expiry time of this cookie.
 232      */
 233     long getExpiryTime() {
 234         return expiryTime;
 235     }
 236 
 237     /**
 238      * Returns the domain of this cookie.
 239      */
 240     String getDomain() {
 241         return domain;
 242     }
 243 
 244     /**
 245      * Sets the domain of this cookie.
 246      */
 247     void setDomain(String domain) {
 248         this.domain = domain;
 249     }
 250 
 251     /**
 252      * Returns the path of this cookie.
 253      */
 254     String getPath() {
 255         return path;
 256     }
 257 
 258     /**
 259      * Sets the path of this cookie.
 260      */
 261     void setPath(String path) {
 262         this.path = path;
 263     }
 264 
 265     /**
 266      * Returns the creation time of this cookie.
 267      */
 268     ExtendedTime getCreationTime() {
 269         return creationTime;
 270     }
 271 
 272     /**
 273      * Sets the creation time of this cookie.
 274      */
 275     void setCreationTime(ExtendedTime creationTime) {
 276         this.creationTime = creationTime;
 277     }
 278 
 279     /**
 280      * Returns the last access time of this cookie.
 281      */
 282     long getLastAccessTime() {
 283         return lastAccessTime;
 284     }
 285 
 286     /**
 287      * Sets the last access time of this cookie.
 288      */
 289     void setLastAccessTime(long lastAccessTime) {
 290         this.lastAccessTime = lastAccessTime;
 291     }
 292 
 293     /**
 294      * Returns the persistent property of this cookie.
 295      */
 296     boolean getPersistent() {
 297         return persistent;
 298     }
 299 
 300     /**
 301      * Returns the host-only property of this cookie.
 302      */
 303     boolean getHostOnly() {
 304         return hostOnly;
 305     }
 306 
 307     /**
 308      * Sets the host-only property of this cookie.
 309      */
 310     void setHostOnly(boolean hostOnly) {
 311         this.hostOnly = hostOnly;
 312     }
 313 
 314     /**
 315      * Returns the secure-only property of this cookie.
 316      */
 317     boolean getSecureOnly() {
 318         return secureOnly;
 319     }
 320 
 321     /**
 322      * Returns the http-only property of this cookie.
 323      */
 324     boolean getHttpOnly() {
 325         return httpOnly;
 326     }
 327 
 328     /**
 329      * Determines if this cookie has expired.
 330      */
 331     boolean hasExpired() {
 332         return System.currentTimeMillis() > expiryTime;
 333     }
 334 
 335 
 336     /**
 337      * {@inheritDoc}
 338      */
 339     @Override
 340     public boolean equals(Object obj) {
 341         if (obj instanceof Cookie) {
 342             Cookie cookie = (Cookie) obj;
 343             return equal(name, cookie.name)
 344                     && equal(domain, cookie.domain)
 345                     && equal(path, cookie.path);
 346         } else {
 347             return false;
 348         }
 349     }
 350 
 351     /**
 352      * Determines, in null-safe manner, if two objects are equal.
 353      */
 354     private static boolean equal(Object obj1, Object obj2) {
 355         return (obj1 == null && obj2 == null)
 356                 || (obj1 != null && obj1.equals(obj2));
 357     }
 358 
 359     /**
 360      * {@inheritDoc}
 361      */
 362     @Override
 363     public int hashCode() {
 364         int hashCode = 7;
 365         hashCode = 53 * hashCode + hashCode(name);
 366         hashCode = 53 * hashCode + hashCode(domain);
 367         hashCode = 53 * hashCode + hashCode(path);
 368         return hashCode;
 369     }
 370 
 371     /**
 372      * Computes the hash code of an object in null safe-manner.
 373      */
 374     private static int hashCode(Object obj) {
 375         return obj != null ? obj.hashCode() : 0;
 376     }
 377 
 378     /**
 379      * {@inheritDoc}
 380      */
 381     @Override
 382     public String toString() {
 383         return "[name=" + name + ", value=" + value + ", "
 384                 + "expiryTime=" + expiryTime + ", domain=" + domain + ", "
 385                 + "path=" + path + ", creationTime=" + creationTime + ", "
 386                 + "lastAccessTime=" + lastAccessTime + ", "
 387                 + "persistent=" + persistent + ", hostOnly=" + hostOnly + ", "
 388                 + "secureOnly=" + secureOnly + ", httpOnly=" + httpOnly + "]";
 389     }
 390 
 391     /**
 392      * Determines if a domain matches another domain.
 393      */
 394     static boolean domainMatches(String domain, String cookieDomain) {
 395         return domain.endsWith(cookieDomain) && (
 396                 domain.length() == cookieDomain.length()
 397                 || domain.charAt(domain.length()
 398                         - cookieDomain.length() - 1) == '.'
 399                 && !isIpAddress(domain));
 400     }
 401 
 402     /**
 403      * Determines if a hostname is an IP address.
 404      */
 405     private static boolean isIpAddress(String hostname) {
 406         Matcher matcher = IP_ADDRESS_PATTERN.matcher(hostname);
 407         if (!matcher.matches()) {
 408             return false;
 409         }
 410         for (int i = 1; i <= matcher.groupCount(); i++) {
 411             if (Integer.parseInt(matcher.group(i)) > 255) {
 412                 return false;
 413             }
 414         }
 415         return true;
 416     }
 417 
 418     /**
 419      * Computes the default path for a given URI.
 420      */
 421     static String defaultPath(URI uri) {
 422         String path = uri.getPath();
 423         if (path == null || !path.startsWith("/")) {
 424             return "/";
 425         }
 426         path = path.substring(0, path.lastIndexOf("/"));
 427         if (path.length() == 0) {
 428             return "/";
 429         }
 430         return path;
 431     }
 432 
 433     /**
 434      * Determines if a path matches another path.
 435      */
 436     static boolean pathMatches(String path, String cookiePath) {
 437         return path != null && path.startsWith(cookiePath) && (
 438                 path.length() == cookiePath.length()
 439                 || cookiePath.endsWith("/")
 440                 || path.charAt(cookiePath.length()) == '/');
 441     }
 442 }