001    /**
002     * Copyright (c) 2000-2012 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.util;
016    
017    import com.liferay.portal.CookieNotSupportedException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    import com.liferay.portal.kernel.util.CharPool;
021    import com.liferay.portal.kernel.util.StringPool;
022    import com.liferay.portal.kernel.util.Validator;
023    import com.liferay.util.CookieUtil;
024    
025    import javax.servlet.http.Cookie;
026    import javax.servlet.http.HttpServletRequest;
027    import javax.servlet.http.HttpServletResponse;
028    
029    import org.apache.commons.codec.binary.Hex;
030    
031    /**
032     * @author Brian Wing Shun Chan
033     * @author Minhchau Dang
034     */
035    public class CookieKeys implements com.liferay.portal.kernel.util.CookieKeys {
036    
037            public static final int MAX_AGE = 31536000;
038    
039            public static final int VERSION = 0;
040    
041            public static void addCookie(
042                    HttpServletRequest request, HttpServletResponse response,
043                    Cookie cookie) {
044    
045                    addCookie(request, response, cookie, request.isSecure());
046            }
047    
048            public static void addCookie(
049                    HttpServletRequest request, HttpServletResponse response, Cookie cookie,
050                    boolean secure) {
051    
052                    if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES ||
053                            PropsValues.TCK_URL) {
054    
055                            return;
056                    }
057    
058                    // LEP-5175
059    
060                    String name = cookie.getName();
061    
062                    String originalValue = cookie.getValue();
063                    String encodedValue = originalValue;
064    
065                    if (isEncodedCookie(name)) {
066                            encodedValue = new String(Hex.encodeHex(originalValue.getBytes()));
067    
068                            if (_log.isDebugEnabled()) {
069                                    _log.debug("Add encoded cookie " + name);
070                                    _log.debug("Original value " + originalValue);
071                                    _log.debug("Hex encoded value " + encodedValue);
072                            }
073                    }
074    
075                    cookie.setSecure(secure);
076                    cookie.setValue(encodedValue);
077                    cookie.setVersion(VERSION);
078    
079                    // Setting a cookie will cause the TCK to lose its ability to track
080                    // sessions
081    
082                    response.addCookie(cookie);
083            }
084    
085            public static void addSupportCookie(
086                    HttpServletRequest request, HttpServletResponse response) {
087    
088                    Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
089    
090                    cookieSupportCookie.setPath(StringPool.SLASH);
091                    cookieSupportCookie.setMaxAge(MAX_AGE);
092    
093                    addCookie(request, response, cookieSupportCookie);
094            }
095    
096            public static String getCookie(HttpServletRequest request, String name) {
097                    return getCookie(request, name, true);
098            }
099    
100            public static String getCookie(
101                    HttpServletRequest request, String name, boolean toUpperCase) {
102    
103                    String value = CookieUtil.get(request, name, toUpperCase);
104    
105                    if ((value != null) && isEncodedCookie(name)) {
106                            try {
107                                    String encodedValue = value;
108                                    String originalValue = new String(
109                                            Hex.decodeHex(encodedValue.toCharArray()));
110    
111                                    if (_log.isDebugEnabled()) {
112                                            _log.debug("Get encoded cookie " + name);
113                                            _log.debug("Hex encoded value " + encodedValue);
114                                            _log.debug("Original value " + originalValue);
115                                    }
116    
117                                    return originalValue;
118                            }
119                            catch (Exception e) {
120                                    if (_log.isWarnEnabled()) {
121                                            _log.warn(e.getMessage());
122                                    }
123    
124                                    return value;
125                            }
126                    }
127    
128                    return value;
129            }
130    
131            public static String getDomain(HttpServletRequest request) {
132    
133                    // See LEP-4602 and       LEP-4618.
134    
135                    if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
136                            return PropsValues.SESSION_COOKIE_DOMAIN;
137                    }
138    
139                    String host = request.getServerName();
140    
141                    return getDomain(host);
142            }
143    
144            public static String getDomain(String host) {
145    
146                    // See LEP-4602 and LEP-4645.
147    
148                    if (host == null) {
149                            return null;
150                    }
151    
152                    // See LEP-5595.
153    
154                    if (Validator.isIPAddress(host)) {
155                            return host;
156                    }
157    
158                    int x = host.lastIndexOf(CharPool.PERIOD);
159    
160                    if (x <= 0) {
161                            return null;
162                    }
163    
164                    int y = host.lastIndexOf(CharPool.PERIOD, x - 1);
165    
166                    if (y <= 0) {
167                            return StringPool.PERIOD + host;
168                    }
169    
170                    int z = host.lastIndexOf(CharPool.PERIOD, y - 1);
171    
172                    String domain = null;
173    
174                    if (z <= 0) {
175                            domain = host.substring(y);
176                    }
177                    else {
178                            domain = host.substring(z);
179                    }
180    
181                    return domain;
182            }
183    
184            public static boolean hasSessionId(HttpServletRequest request) {
185                    String jsessionid = getCookie(request, JSESSIONID, false);
186    
187                    if (jsessionid != null) {
188                            return true;
189                    }
190                    else {
191                            return false;
192                    }
193            }
194    
195            public static boolean isEncodedCookie(String name) {
196                    if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
197                            name.equals(SCREEN_NAME)) {
198    
199                            return true;
200                    }
201                    else {
202                            return false;
203                    }
204            }
205    
206            public static void validateSupportCookie(HttpServletRequest request)
207                    throws CookieNotSupportedException {
208    
209                    if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
210                            PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
211    
212                            String cookieSupport = getCookie(request, COOKIE_SUPPORT, false);
213    
214                            if (Validator.isNull(cookieSupport)) {
215                                    throw new CookieNotSupportedException();
216                            }
217                    }
218            }
219    
220            private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
221    
222    }