1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.util;
21  
22  import com.liferay.portal.CookieNotSupportedException;
23  import com.liferay.portal.kernel.log.Log;
24  import com.liferay.portal.kernel.log.LogFactoryUtil;
25  import com.liferay.portal.kernel.util.StringPool;
26  import com.liferay.portal.kernel.util.Validator;
27  import com.liferay.util.CookieUtil;
28  
29  import javax.servlet.http.Cookie;
30  import javax.servlet.http.HttpServletRequest;
31  import javax.servlet.http.HttpServletResponse;
32  
33  import org.apache.commons.codec.binary.Hex;
34  
35  /**
36   * <a href="CookieKeys.java.html"><b><i>View Source</i></b></a>
37   *
38   * @author Brian Wing Shun Chan
39   * @author Minhchau Dang
40   *
41   */
42  public class CookieKeys {
43  
44      public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
45  
46      public static final String COMPANY_ID = "COMPANY_ID";
47  
48      public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
49  
50      public static final String ID = "ID";
51  
52      public static final String JSESSIONID = "jsessionid";
53  
54      public static final String LOGIN = "LOGIN";
55  
56      public static final String PASSWORD = "PASSWORD";
57  
58      public static final String REMEMBER_ME = "REMEMBER_ME";
59  
60      public static final String SCREEN_NAME = "SCREEN_NAME";
61  
62      public static final int MAX_AGE = 31536000;
63  
64      public static final int VERSION = 0;
65  
66      public static void addCookie(
67          HttpServletRequest request, HttpServletResponse response,
68          Cookie cookie) {
69  
70          addCookie(request, response, cookie, request.isSecure());
71      }
72  
73      public static void addCookie(
74          HttpServletRequest request, HttpServletResponse response,
75          Cookie cookie, boolean secure) {
76  
77          if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES ||
78              PropsValues.TCK_URL) {
79  
80              return;
81          }
82  
83          // LEP-5175
84  
85          String name = cookie.getName();
86  
87          String originalValue = cookie.getValue();
88          String encodedValue = originalValue;
89  
90          if (isEncodedCookie(name)) {
91              encodedValue = new String(Hex.encodeHex(originalValue.getBytes()));
92  
93              if (_log.isDebugEnabled()) {
94                  _log.debug("Add encoded cookie " + name);
95                  _log.debug("Original value " + originalValue);
96                  _log.debug("Hex encoded value " + encodedValue);
97              }
98          }
99  
100         cookie.setSecure(secure);
101         cookie.setValue(encodedValue);
102         cookie.setVersion(VERSION);
103 
104         // Setting a cookie will cause the TCK to lose its ability to track
105         // sessions
106 
107         response.addCookie(cookie);
108     }
109 
110     public static void addSupportCookie(
111         HttpServletRequest request, HttpServletResponse response) {
112 
113         Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
114 
115         cookieSupportCookie.setPath(StringPool.SLASH);
116         cookieSupportCookie.setMaxAge(MAX_AGE);
117 
118         addCookie(request, response, cookieSupportCookie);
119     }
120 
121     public static String getCookie(HttpServletRequest request, String name) {
122         String value = CookieUtil.get(request, name);
123 
124         if ((value != null) && isEncodedCookie(name)) {
125             try {
126                 String encodedValue = value;
127                 String originalValue = new String(
128                     Hex.decodeHex(encodedValue.toCharArray()));
129 
130                 if (_log.isDebugEnabled()) {
131                     _log.debug("Get encoded cookie " + name);
132                     _log.debug("Hex encoded value " + encodedValue);
133                     _log.debug("Original value " + originalValue);
134                 }
135 
136                 return originalValue;
137             }
138             catch (Exception e) {
139                 if (_log.isWarnEnabled()) {
140                     _log.warn(e.getMessage());
141                 }
142 
143                 return value;
144             }
145         }
146 
147         return value;
148     }
149 
150     public static String getDomain(HttpServletRequest request) {
151 
152         // See LEP-4602 and LEP-4618.
153 
154         if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
155             return PropsValues.SESSION_COOKIE_DOMAIN;
156         }
157 
158         String host = request.getServerName();
159 
160         return getDomain(host);
161     }
162 
163     public static String getDomain(String host) {
164 
165         // See LEP-4602 and LEP-4645.
166 
167         if (host == null) {
168             return null;
169         }
170 
171         // See LEP-5595.
172 
173         if (Validator.isIPAddress(host)) {
174             return host;
175         }
176 
177         int x = host.lastIndexOf(StringPool.PERIOD);
178 
179         if (x <= 0) {
180             return null;
181         }
182 
183         int y = host.lastIndexOf(StringPool.PERIOD, x - 1);
184 
185         if (y <= 0) {
186             return StringPool.PERIOD + host;
187         }
188 
189         int z = host.lastIndexOf(StringPool.PERIOD, y - 1);
190 
191         String domain = null;
192 
193         if (z <= 0) {
194             domain = host.substring(y);
195         }
196         else {
197             domain = host.substring(z);
198         }
199 
200         return domain;
201     }
202 
203     public static boolean hasSessionId(HttpServletRequest request) {
204         String jsessionid = getCookie(request, JSESSIONID);
205 
206         if (jsessionid != null) {
207             return true;
208         }
209         else {
210             return false;
211         }
212     }
213 
214     public static boolean isEncodedCookie(String name) {
215         if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
216             name.equals(SCREEN_NAME)) {
217 
218             return true;
219         }
220         else {
221             return false;
222         }
223     }
224 
225     public static void validateSupportCookie(HttpServletRequest request)
226         throws CookieNotSupportedException {
227 
228         if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
229             PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
230 
231             String cookieSupport = getCookie(request, COOKIE_SUPPORT);
232 
233             if (Validator.isNull(cookieSupport)) {
234                 throw new CookieNotSupportedException();
235             }
236         }
237     }
238 
239     private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
240 
241 }