001    /**
002     * Copyright (c) 2000-2011 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.taglib.security;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.CharPool;
020    import com.liferay.portal.kernel.util.Http;
021    import com.liferay.portal.kernel.util.HttpUtil;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.StringUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Company;
027    import com.liferay.portal.util.PortalUtil;
028    import com.liferay.util.Encryptor;
029    import com.liferay.util.EncryptorException;
030    
031    import java.security.Key;
032    
033    import java.util.HashSet;
034    import java.util.Set;
035    import java.util.StringTokenizer;
036    
037    import javax.servlet.http.HttpServletRequest;
038    import javax.servlet.jsp.JspException;
039    import javax.servlet.jsp.JspWriter;
040    import javax.servlet.jsp.tagext.TagSupport;
041    
042    /**
043     * @author Brian Wing Shun Chan
044     */
045    public class EncryptTag extends TagSupport {
046    
047            @Override
048            public int doStartTag() throws JspException {
049                    try {
050                            StringBundler sb = new StringBundler();
051    
052                            // Open anchor
053    
054                            sb.append("<a ");
055    
056                            // Class
057    
058                            if (Validator.isNotNull(_className)) {
059                                    sb.append("class=\"");
060                                    sb.append(_className);
061                                    sb.append("\" ");
062                            }
063    
064                            // HREF
065    
066                            sb.append("href=\"");
067                            sb.append(_protocol);
068                            sb.append(Http.PROTOCOL_DELIMITER);
069    
070                            int pos = _url.indexOf(CharPool.QUESTION);
071    
072                            if (pos == -1) {
073                                    sb.append(_url);
074                            }
075                            else {
076                                    sb.append(_url.substring(0, pos));
077                                    sb.append(StringPool.QUESTION);
078    
079                                    Company company = PortalUtil.getCompany(
080                                            (HttpServletRequest)pageContext.getRequest());
081    
082                                    Key key = company.getKeyObj();
083    
084                                    StringTokenizer st = new StringTokenizer(
085                                            _url.substring(pos + 1, _url.length()),
086                                            StringPool.AMPERSAND);
087    
088                                    while (st.hasMoreTokens()) {
089                                            String paramAndValue = st.nextToken();
090    
091                                            int x = paramAndValue.indexOf(CharPool.EQUAL);
092    
093                                            String param = paramAndValue.substring(0, x);
094                                            String value = paramAndValue.substring(
095                                                    x + 1, paramAndValue.length());
096    
097                                            sb.append(param).append(StringPool.EQUAL);
098    
099                                            if (_unencryptedParamsSet.contains(param)) {
100                                                    sb.append(HttpUtil.encodeURL(value));
101                                            }
102                                            else {
103                                                    try {
104                                                            sb.append(HttpUtil.encodeURL(
105                                                                    Encryptor.encrypt(key, value)));
106                                                    }
107                                                    catch (EncryptorException ee) {
108                                                            _log.error(ee.getMessage());
109                                                    }
110    
111                                                    if (st.hasMoreTokens()) {
112                                                            sb.append(StringPool.AMPERSAND);
113                                                    }
114                                            }
115                                    }
116    
117                                    sb.append("&shuo=1");
118                            }
119    
120                            sb.append("\" ");
121    
122                            // Style
123    
124                            if (Validator.isNotNull(_style)) {
125                                    sb.append("style=\"");
126                                    sb.append(_style);
127                                    sb.append("\" ");
128                            }
129    
130                            // Target
131    
132                            if (Validator.isNotNull(_target)) {
133                                    sb.append("target=\"" + _target + "\"");
134                            }
135    
136                            // Close anchor
137    
138                            sb.append(">");
139    
140                            JspWriter jspWriter = pageContext.getOut();
141    
142                            jspWriter.write(sb.toString());
143    
144                            return EVAL_BODY_INCLUDE;
145                    }
146                    catch (Exception e) {
147                            throw new JspException(e);
148                    }
149            }
150    
151            @Override
152            public int doEndTag() throws JspException {
153                    try {
154                            JspWriter jspWriter = pageContext.getOut();
155    
156                            jspWriter.write("</a>");
157    
158                            return EVAL_PAGE;
159                    }
160                    catch (Exception e) {
161                            throw new JspException(e);
162                    }
163            }
164    
165            public void setClassName(String className) {
166                    _className = className;
167            }
168    
169            public void setStyle(String style) {
170                    _style = style;
171            }
172    
173            public void setProtocol(String protocol) {
174                    _protocol = protocol;
175            }
176    
177            public void setUnencryptedParams(String unencryptedParams) {
178                    _unencryptedParamsSet.clear();
179    
180                    String[] unencryptedParamsArray = StringUtil.split(unencryptedParams);
181    
182                    for (int i = 0; i < unencryptedParamsArray.length; i++) {
183                            _unencryptedParamsSet.add(unencryptedParamsArray[i]);
184                    }
185            }
186    
187            public void setUrl(String url) {
188                    _url = url;
189            }
190    
191            public void setTarget(String target) {
192                    _target = target;
193            }
194    
195            private static Log _log = LogFactoryUtil.getLog(EncryptTag.class);
196    
197            private String _className;
198            private String _style;
199            private String _protocol;
200            private Set<String> _unencryptedParamsSet = new HashSet<String>();
201            private String _url;
202            private String _target;
203    
204    }