1 /*
   2  * Copyright (c) 2011, 2018, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package com.sun.webkit.network;
  27 
  28 import com.sun.javafx.logging.PlatformLogger;
  29 import com.sun.javafx.logging.PlatformLogger.Level;
  30 
  31 import java.net.CookieHandler;
  32 import java.net.URI;
  33 import java.util.Arrays;
  34 import java.util.Collections;
  35 import java.util.HashMap;
  36 import java.util.List;
  37 import java.util.ListIterator;
  38 import java.util.Map;
  39 
  40 /**
  41  * An RFC 6265-compliant cookie handler.
  42  */
  43 public final class CookieManager extends CookieHandler {
  44 
  45     private static final PlatformLogger logger =
  46             PlatformLogger.getLogger(CookieManager.class.getName());
  47 
  48 
  49     private final CookieStore store = new CookieStore();
  50 
  51 
  52     /**
  53      * Creates a new {@code CookieManager}.
  54      */
  55     public CookieManager() {
  56     }
  57 
  58 
  59     /**
  60      * {@inheritDoc}
  61      */
  62     @Override
  63     public Map<String,List<String>> get(URI uri,
  64             Map<String,List<String>> requestHeaders)
  65     {
  66         if (logger.isLoggable(Level.FINEST)) {
  67             logger.finest("uri: [{0}], requestHeaders: {1}",
  68                     new Object[] {uri, toLogString(requestHeaders)});
  69         }
  70 
  71         if (uri == null) {
  72             throw new IllegalArgumentException("uri is null");
  73         }
  74         if (requestHeaders == null) {
  75             throw new IllegalArgumentException("requestHeaders is null");
  76         }
  77 
  78         String cookieString = get(uri);
  79 
  80         Map<String,List<String>> result;
  81         if (cookieString != null) {
  82             result = new HashMap<String,List<String>>();
  83             result.put("Cookie", Arrays.asList(cookieString));
  84         } else {
  85             result = Collections.emptyMap();
  86         }
  87         if (logger.isLoggable(Level.FINEST)) {
  88             logger.finest("result: {0}", toLogString(result));
  89         }
  90         return result;
  91     }
  92 
  93     /**
  94      * Returns the cookie string for a given URI.
  95      */
  96     private String get(URI uri) {
  97         String host = uri.getHost();
  98         if (host == null || host.length() == 0) {
  99             logger.finest("Null or empty URI host, returning null");
 100             return null;
 101         }
 102         host = canonicalize(host);
 103 
 104         String scheme = uri.getScheme();
 105         boolean secureProtocol = "https".equalsIgnoreCase(scheme)
 106                 || "javascripts".equalsIgnoreCase(scheme);
 107         boolean httpApi = "http".equalsIgnoreCase(scheme)
 108                 || "https".equalsIgnoreCase(scheme);
 109 
 110         List<Cookie> cookieList;
 111         synchronized (store) {
 112             cookieList = store.get(host, uri.getPath(),
 113                     secureProtocol, httpApi);
 114         }
 115 
 116         StringBuilder sb = new StringBuilder();
 117         for (Cookie cookie : cookieList) {
 118             if (sb.length() > 0) {
 119                 sb.append("; ");
 120             }
 121             sb.append(cookie.getName());
 122             sb.append('=');
 123             sb.append(cookie.getValue());
 124         }
 125 
 126         return sb.length() > 0 ? sb.toString() : null;
 127     }
 128 
 129     /**
 130      * {@inheritDoc}
 131      */
 132     @Override
 133     public void put(URI uri, Map<String,List<String>> responseHeaders) {
 134         if (logger.isLoggable(Level.FINEST)) {
 135             logger.finest("uri: [{0}], responseHeaders: {1}",
 136                     new Object[] {uri, toLogString(responseHeaders)});
 137         }
 138 
 139         if (uri == null) {
 140             throw new IllegalArgumentException("uri is null");
 141         }
 142         if (responseHeaders == null) {
 143             throw new IllegalArgumentException("responseHeaders is null");
 144         }
 145 
 146         for (Map.Entry<String,List<String>> entry : responseHeaders.entrySet())
 147         {
 148             String key = entry.getKey();
 149             if (!"Set-Cookie".equalsIgnoreCase(key)) {
 150                 continue;
 151             }
 152             ExtendedTime currentTime = ExtendedTime.currentTime();
 153             // RT-15907: Process the list of headers in reverse order,
 154             // effectively restoring the order in which the headers were
 155             // received from the server. This is a temporary workaround for
 156             // http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7059532
 157             ListIterator<String> it =
 158                     entry.getValue().listIterator(entry.getValue().size());
 159             while (it.hasPrevious()) {
 160                 Cookie cookie = Cookie.parse(it.previous(), currentTime);
 161                 if (cookie != null) {
 162                     put(uri, cookie);
 163                     currentTime = currentTime.incrementSubtime();
 164                 }
 165             }
 166         }
 167     }
 168 
 169     /**
 170      * Puts an individual cookie.
 171      */
 172     private void put(URI uri, Cookie cookie) {
 173         logger.finest("cookie: {0}", cookie);
 174 
 175         String host = uri.getHost();
 176         if (host == null || host.length() == 0) {
 177             logger.finest("Null or empty URI host, ignoring cookie");
 178             return;
 179         }
 180         host = canonicalize(host);
 181 
 182         if (PublicSuffixes.isPublicSuffix(cookie.getDomain())) {
 183             if (cookie.getDomain().equals(host)) {
 184                 cookie.setDomain("");
 185             } else {
 186                 logger.finest("Domain is public suffix, "
 187                         + "ignoring cookie");
 188                 return;
 189             }
 190         }
 191 
 192         if (cookie.getDomain().length() > 0) {
 193             if (!Cookie.domainMatches(host, cookie.getDomain())) {
 194                 logger.finest("Hostname does not match domain, "
 195                         + "ignoring cookie");
 196                 return;
 197             } else {
 198                 cookie.setHostOnly(false);
 199             }
 200         } else {
 201             cookie.setHostOnly(true);
 202             cookie.setDomain(host);
 203         }
 204 
 205         if (cookie.getPath() == null) {
 206             cookie.setPath(Cookie.defaultPath(uri));
 207         }
 208 
 209         boolean httpApi = "http".equalsIgnoreCase(uri.getScheme())
 210                 || "https".equalsIgnoreCase(uri.getScheme());
 211         if (cookie.getHttpOnly() && !httpApi) {
 212             logger.finest("HttpOnly cookie received from non-HTTP "
 213                     + "API, ignoring cookie");
 214             return;
 215         }
 216 
 217         synchronized (store) {
 218             Cookie oldCookie = store.get(cookie);
 219             if (oldCookie != null) {
 220                 if (oldCookie.getHttpOnly() && !httpApi) {
 221                     logger.finest("Non-HTTP API attempts to "
 222                             + "overwrite HttpOnly cookie, blocked");
 223                     return;
 224                 }
 225                 cookie.setCreationTime(oldCookie.getCreationTime());
 226             }
 227 
 228             store.put(cookie);
 229         }
 230 
 231         logger.finest("Stored: {0}", cookie);
 232     }
 233 
 234     /**
 235      * Converts a map of HTTP headers to a string suitable for displaying
 236      * in the log.
 237      */
 238     private static String toLogString(Map<String,List<String>> headers) {
 239         if (headers == null) {
 240             return null;
 241         }
 242         if (headers.isEmpty()) {
 243             return "{}";
 244         }
 245         StringBuilder sb = new StringBuilder();
 246         for (Map.Entry<String,List<String>> entry : headers.entrySet()) {
 247             String key = entry.getKey();
 248             for (String value : entry.getValue()) {
 249                 sb.append(String.format("%n    "));
 250                 sb.append(key);
 251                 sb.append(": ");
 252                 sb.append(value);
 253             }
 254         }
 255         return sb.toString();
 256     }
 257 
 258     /**
 259      * Canonicalizes a hostname as required by RFC 6265.
 260      */
 261     private static String canonicalize(String hostname) {
 262         // The hostname is already all-ASCII at this point
 263         return hostname.toLowerCase();
 264     }
 265 }