001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.util;
016    
017    import com.liferay.portal.CookieNotSupportedException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    
021    import java.util.Collections;
022    import java.util.HashMap;
023    import java.util.Map;
024    
025    import javax.servlet.http.Cookie;
026    import javax.servlet.http.HttpServletRequest;
027    import javax.servlet.http.HttpServletResponse;
028    
029    /**
030     * @author Brian Wing Shun Chan
031     * @author Minhchau Dang
032     */
033    public class CookieKeys {
034    
035            public static final String COMPANY_ID = "COMPANY_ID";
036    
037            public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
038    
039            public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
040    
041            public static final String ID = "ID";
042    
043            public static final String JSESSIONID = "JSESSIONID";
044    
045            public static final String LOGIN = "LOGIN";
046    
047            public static final int MAX_AGE =(int)Time.YEAR;
048    
049            public static final String PASSWORD = "PASSWORD";
050    
051            public static final String REMEMBER_ME = "REMEMBER_ME";
052    
053            public static final String SCREEN_NAME = "SCREEN_NAME";
054    
055            public static final String USER_UUID = "USER_UUID";
056    
057            public static void addCookie(
058                    HttpServletRequest request, HttpServletResponse response,
059                    Cookie cookie) {
060    
061                    addCookie(request, response, cookie, request.isSecure());
062            }
063    
064            public static void addCookie(
065                    HttpServletRequest request, HttpServletResponse response, Cookie cookie,
066                    boolean secure) {
067    
068                    if (!_SESSION_ENABLE_PERSISTENT_COOKIES || _TCK_URL) {
069                            return;
070                    }
071    
072                    // LEP-5175
073    
074                    String name = cookie.getName();
075    
076                    String originalValue = cookie.getValue();
077                    String encodedValue = originalValue;
078    
079                    if (isEncodedCookie(name)) {
080                            encodedValue = UnicodeFormatter.bytesToHex(
081                                    originalValue.getBytes());
082    
083                            if (_log.isDebugEnabled()) {
084                                    _log.debug("Add encoded cookie " + name);
085                                    _log.debug("Original value " + originalValue);
086                                    _log.debug("Hex encoded value " + encodedValue);
087                            }
088                    }
089    
090                    cookie.setSecure(secure);
091                    cookie.setValue(encodedValue);
092                    cookie.setVersion(0);
093    
094                    // Setting a cookie will cause the TCK to lose its ability to track
095                    // sessions
096    
097                    response.addCookie(cookie);
098            }
099    
100            public static void addSupportCookie(
101                    HttpServletRequest request, HttpServletResponse response) {
102    
103                    Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
104    
105                    cookieSupportCookie.setPath(StringPool.SLASH);
106                    cookieSupportCookie.setMaxAge(MAX_AGE);
107    
108                    addCookie(request, response, cookieSupportCookie);
109            }
110    
111            public static String getCookie(HttpServletRequest request, String name) {
112                    return getCookie(request, name, true);
113            }
114    
115            public static String getCookie(
116                    HttpServletRequest request, String name, boolean toUpperCase) {
117    
118                    String value = _get(request, name, toUpperCase);
119    
120                    if ((value == null) || !isEncodedCookie(name)) {
121                            return value;
122                    }
123    
124                    try {
125                            String encodedValue = value;
126                            String originalValue = new String(
127                                    UnicodeFormatter.hexToBytes(encodedValue));
128    
129                            if (_log.isDebugEnabled()) {
130                                    _log.debug("Get encoded cookie " + name);
131                                    _log.debug("Hex encoded value " + encodedValue);
132                                    _log.debug("Original value " + originalValue);
133                            }
134    
135                            return originalValue;
136                    }
137                    catch (Exception e) {
138                            if (_log.isWarnEnabled()) {
139                                    _log.warn(e.getMessage());
140                            }
141    
142                            return value;
143                    }
144            }
145    
146            public static String getDomain(HttpServletRequest request) {
147    
148                    // See LEP-4602 and       LEP-4618.
149    
150                    if (Validator.isNotNull(_SESSION_COOKIE_DOMAIN)) {
151                            return _SESSION_COOKIE_DOMAIN;
152                    }
153    
154                    String host = request.getServerName();
155    
156                    if (_SESSION_COOKIE_USE_FULL_HOSTNAME) {
157                            return host;
158                    }
159    
160                    return getDomain(host);
161            }
162    
163            public static String getDomain(String host) {
164    
165                    // See LEP-4602 and LEP-4645.
166    
167                    if (host == null) {
168                            return null;
169                    }
170    
171                    // See LEP-5595.
172    
173                    if (Validator.isIPAddress(host)) {
174                            return host;
175                    }
176    
177                    int x = host.lastIndexOf(CharPool.PERIOD);
178    
179                    if (x <= 0) {
180                            return null;
181                    }
182    
183                    int y = host.lastIndexOf(CharPool.PERIOD, x - 1);
184    
185                    if (y <= 0) {
186                            return StringPool.PERIOD + host;
187                    }
188    
189                    int z = host.lastIndexOf(CharPool.PERIOD, y - 1);
190    
191                    String domain = null;
192    
193                    if (z <= 0) {
194                            domain = host.substring(y);
195                    }
196                    else {
197                            domain = host.substring(z);
198                    }
199    
200                    return domain;
201            }
202    
203            public static boolean hasSessionId(HttpServletRequest request) {
204                    String jsessionid = getCookie(request, JSESSIONID, false);
205    
206                    if (jsessionid != null) {
207                            return true;
208                    }
209                    else {
210                            return false;
211                    }
212            }
213    
214            public static boolean isEncodedCookie(String name) {
215                    if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
216                            name.equals(SCREEN_NAME)) {
217    
218                            return true;
219                    }
220                    else {
221                            return false;
222                    }
223            }
224    
225            public static void validateSupportCookie(HttpServletRequest request)
226                    throws CookieNotSupportedException {
227    
228                    if (_SESSION_ENABLE_PERSISTENT_COOKIES &&
229                            _SESSION_TEST_COOKIE_SUPPORT) {
230    
231                            String cookieSupport = getCookie(request, COOKIE_SUPPORT, false);
232    
233                            if (Validator.isNull(cookieSupport)) {
234                                    throw new CookieNotSupportedException();
235                            }
236                    }
237            }
238    
239            private static String _get(
240                    HttpServletRequest request, String name, boolean toUpperCase) {
241    
242                    Map<String, Cookie> cookieMap = _getCookieMap(request);
243    
244                    if (toUpperCase) {
245                            name = name.toUpperCase();
246                    }
247    
248                    Cookie cookie = cookieMap.get(name);
249    
250                    if (cookie == null) {
251                            return null;
252                    }
253                    else {
254                            return cookie.getValue();
255                    }
256            }
257    
258            private static Map<String, Cookie> _getCookieMap(
259                    HttpServletRequest request) {
260    
261                    Map<String, Cookie> cookieMap =
262                            (Map<String, Cookie>)request.getAttribute(
263                                    CookieKeys.class.getName());
264    
265                    if (cookieMap != null) {
266                            return cookieMap;
267                    }
268    
269                    Cookie[] cookies = request.getCookies();
270    
271                    if (cookies == null) {
272                            cookieMap = Collections.emptyMap();
273                    }
274                    else {
275                            cookieMap = new HashMap<String, Cookie>(cookies.length * 4 / 3);
276    
277                            for (Cookie cookie : cookies) {
278                                    String cookieName = GetterUtil.getString(cookie.getName());
279    
280                                    cookieName = cookieName.toUpperCase();
281    
282                                    cookieMap.put(cookieName, cookie);
283                            }
284                    }
285    
286                    request.setAttribute(CookieKeys.class.getName(), cookieMap);
287    
288                    return cookieMap;
289            }
290    
291            private static final String _SESSION_COOKIE_DOMAIN = PropsUtil.get(
292                    PropsKeys.SESSION_COOKIE_DOMAIN);
293    
294            private static final boolean _SESSION_COOKIE_USE_FULL_HOSTNAME =
295                    GetterUtil.getBoolean(
296                            PropsUtil.get(PropsKeys.SESSION_COOKIE_USE_FULL_HOSTNAME));
297    
298            private static final boolean _SESSION_ENABLE_PERSISTENT_COOKIES =
299                    GetterUtil.getBoolean(
300                            PropsUtil.get(PropsKeys.SESSION_ENABLE_PERSISTENT_COOKIES));
301    
302            private static final boolean _SESSION_TEST_COOKIE_SUPPORT =
303                    GetterUtil.getBoolean(
304                            PropsUtil.get(PropsKeys.SESSION_TEST_COOKIE_SUPPORT));
305    
306            private static final boolean _TCK_URL = GetterUtil.getBoolean(
307                    PropsUtil.get(PropsKeys.TCK_URL));
308    
309            private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
310    
311    }