001    /**
002     * Copyright (c) 2000-present Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.kernel.util;
016    
017    import com.liferay.portal.CookieNotSupportedException;
018    import com.liferay.portal.kernel.log.Log;
019    import com.liferay.portal.kernel.log.LogFactoryUtil;
020    
021    import java.util.Collections;
022    import java.util.HashMap;
023    import java.util.Map;
024    
025    import javax.servlet.http.Cookie;
026    import javax.servlet.http.HttpServletRequest;
027    import javax.servlet.http.HttpServletResponse;
028    
029    /**
030     * @author Brian Wing Shun Chan
031     * @author Minhchau Dang
032     */
033    public class CookieKeys {
034    
035            public static final String COMPANY_ID = "COMPANY_ID";
036    
037            public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
038    
039            public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
040    
041            public static final String ID = "ID";
042    
043            public static final String JSESSIONID = "JSESSIONID";
044    
045            public static final String LOGIN = "LOGIN";
046    
047            public static final int MAX_AGE = (int)Time.YEAR;
048    
049            public static final String PASSWORD = "PASSWORD";
050    
051            public static final String REMEMBER_ME = "REMEMBER_ME";
052    
053            public static final String REMOTE_PREFERENCE_PREFIX = "REMOTE_PREFERENCE_";
054    
055            public static final String SCREEN_NAME = "SCREEN_NAME";
056    
057            public static final String USER_UUID = "USER_UUID";
058    
059            public static void addCookie(
060                    HttpServletRequest request, HttpServletResponse response,
061                    Cookie cookie) {
062    
063                    addCookie(request, response, cookie, request.isSecure());
064            }
065    
066            public static void addCookie(
067                    HttpServletRequest request, HttpServletResponse response, Cookie cookie,
068                    boolean secure) {
069    
070                    if (!_SESSION_ENABLE_PERSISTENT_COOKIES || _TCK_URL) {
071                            return;
072                    }
073    
074                    // LEP-5175
075    
076                    String name = cookie.getName();
077    
078                    String originalValue = cookie.getValue();
079                    String encodedValue = originalValue;
080    
081                    if (isEncodedCookie(name)) {
082                            encodedValue = UnicodeFormatter.bytesToHex(
083                                    originalValue.getBytes());
084    
085                            if (_log.isDebugEnabled()) {
086                                    _log.debug("Add encoded cookie " + name);
087                                    _log.debug("Original value " + originalValue);
088                                    _log.debug("Hex encoded value " + encodedValue);
089                            }
090                    }
091    
092                    cookie.setSecure(secure);
093                    cookie.setValue(encodedValue);
094                    cookie.setVersion(0);
095    
096                    // Setting a cookie will cause the TCK to lose its ability to track
097                    // sessions
098    
099                    response.addCookie(cookie);
100            }
101    
102            public static void addSupportCookie(
103                    HttpServletRequest request, HttpServletResponse response) {
104    
105                    Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
106    
107                    cookieSupportCookie.setPath(StringPool.SLASH);
108                    cookieSupportCookie.setMaxAge(MAX_AGE);
109    
110                    addCookie(request, response, cookieSupportCookie);
111            }
112    
113            public static String getCookie(HttpServletRequest request, String name) {
114                    return getCookie(request, name, true);
115            }
116    
117            public static String getCookie(
118                    HttpServletRequest request, String name, boolean toUpperCase) {
119    
120                    String value = _get(request, name, toUpperCase);
121    
122                    if ((value == null) || !isEncodedCookie(name)) {
123                            return value;
124                    }
125    
126                    try {
127                            String encodedValue = value;
128                            String originalValue = new String(
129                                    UnicodeFormatter.hexToBytes(encodedValue));
130    
131                            if (_log.isDebugEnabled()) {
132                                    _log.debug("Get encoded cookie " + name);
133                                    _log.debug("Hex encoded value " + encodedValue);
134                                    _log.debug("Original value " + originalValue);
135                            }
136    
137                            return originalValue;
138                    }
139                    catch (Exception e) {
140                            if (_log.isWarnEnabled()) {
141                                    _log.warn(e.getMessage());
142                            }
143    
144                            return value;
145                    }
146            }
147    
148            public static String getDomain(HttpServletRequest request) {
149    
150                    // See LEP-4602 and       LEP-4618.
151    
152                    if (Validator.isNotNull(_SESSION_COOKIE_DOMAIN)) {
153                            return _SESSION_COOKIE_DOMAIN;
154                    }
155    
156                    String host = request.getServerName();
157    
158                    if (_SESSION_COOKIE_USE_FULL_HOSTNAME) {
159                            return StringPool.BLANK;
160                    }
161    
162                    return getDomain(host);
163            }
164    
165            public static String getDomain(String host) {
166    
167                    // See LEP-4602 and LEP-4645.
168    
169                    if (host == null) {
170                            return null;
171                    }
172    
173                    // See LEP-5595.
174    
175                    if (Validator.isIPAddress(host)) {
176                            return host;
177                    }
178    
179                    int x = host.lastIndexOf(CharPool.PERIOD);
180    
181                    if (x <= 0) {
182                            return null;
183                    }
184    
185                    int y = host.lastIndexOf(CharPool.PERIOD, x - 1);
186    
187                    if (y <= 0) {
188                            return StringPool.PERIOD + host;
189                    }
190    
191                    int z = host.lastIndexOf(CharPool.PERIOD, y - 1);
192    
193                    String domain = null;
194    
195                    if (z <= 0) {
196                            domain = host.substring(y);
197                    }
198                    else {
199                            domain = host.substring(z);
200                    }
201    
202                    return domain;
203            }
204    
205            public static boolean hasSessionId(HttpServletRequest request) {
206                    String jsessionid = getCookie(request, JSESSIONID, false);
207    
208                    if (jsessionid != null) {
209                            return true;
210                    }
211                    else {
212                            return false;
213                    }
214            }
215    
216            public static boolean isEncodedCookie(String name) {
217                    if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
218                            name.equals(SCREEN_NAME)) {
219    
220                            return true;
221                    }
222                    else {
223                            return false;
224                    }
225            }
226    
227            public static void validateSupportCookie(HttpServletRequest request)
228                    throws CookieNotSupportedException {
229    
230                    if (_SESSION_ENABLE_PERSISTENT_COOKIES &&
231                            _SESSION_TEST_COOKIE_SUPPORT) {
232    
233                            String cookieSupport = getCookie(request, COOKIE_SUPPORT, false);
234    
235                            if (Validator.isNull(cookieSupport)) {
236                                    throw new CookieNotSupportedException();
237                            }
238                    }
239            }
240    
241            private static String _get(
242                    HttpServletRequest request, String name, boolean toUpperCase) {
243    
244                    Map<String, Cookie> cookieMap = _getCookieMap(request);
245    
246                    if (toUpperCase) {
247                            name = StringUtil.toUpperCase(name);
248                    }
249    
250                    Cookie cookie = cookieMap.get(name);
251    
252                    if (cookie == null) {
253                            return null;
254                    }
255                    else {
256                            return cookie.getValue();
257                    }
258            }
259    
260            private static Map<String, Cookie> _getCookieMap(
261                    HttpServletRequest request) {
262    
263                    Map<String, Cookie> cookieMap =
264                            (Map<String, Cookie>)request.getAttribute(
265                                    CookieKeys.class.getName());
266    
267                    if (cookieMap != null) {
268                            return cookieMap;
269                    }
270    
271                    Cookie[] cookies = request.getCookies();
272    
273                    if (cookies == null) {
274                            cookieMap = Collections.emptyMap();
275                    }
276                    else {
277                            cookieMap = new HashMap<String, Cookie>(cookies.length * 4 / 3);
278    
279                            for (Cookie cookie : cookies) {
280                                    String cookieName = GetterUtil.getString(cookie.getName());
281    
282                                    cookieName = StringUtil.toUpperCase(cookieName);
283    
284                                    cookieMap.put(cookieName, cookie);
285                            }
286                    }
287    
288                    request.setAttribute(CookieKeys.class.getName(), cookieMap);
289    
290                    return cookieMap;
291            }
292    
293            private static final String _SESSION_COOKIE_DOMAIN = PropsUtil.get(
294                    PropsKeys.SESSION_COOKIE_DOMAIN);
295    
296            private static final boolean _SESSION_COOKIE_USE_FULL_HOSTNAME =
297                    GetterUtil.getBoolean(
298                            PropsUtil.get(PropsKeys.SESSION_COOKIE_USE_FULL_HOSTNAME));
299    
300            private static final boolean _SESSION_ENABLE_PERSISTENT_COOKIES =
301                    GetterUtil.getBoolean(
302                            PropsUtil.get(PropsKeys.SESSION_ENABLE_PERSISTENT_COOKIES));
303    
304            private static final boolean _SESSION_TEST_COOKIE_SUPPORT =
305                    GetterUtil.getBoolean(
306                            PropsUtil.get(PropsKeys.SESSION_TEST_COOKIE_SUPPORT));
307    
308            private static final boolean _TCK_URL = GetterUtil.getBoolean(
309                    PropsUtil.get(PropsKeys.TCK_URL));
310    
311            private static final Log _log = LogFactoryUtil.getLog(CookieKeys.class);
312    
313    }