1   /**
2    * Copyright (c) 2000-2009 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
12   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
13   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
14   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
15   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
16   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
17   * SOFTWARE.
18   */
19  
20  package com.liferay.portal.servlet.taglib.security;
21  
22  import com.liferay.portal.kernel.log.Log;
23  import com.liferay.portal.kernel.log.LogFactoryUtil;
24  import com.liferay.portal.kernel.util.HttpUtil;
25  import com.liferay.portal.kernel.util.Validator;
26  import com.liferay.portal.model.Company;
27  import com.liferay.portal.util.PortalUtil;
28  import com.liferay.util.Encryptor;
29  import com.liferay.util.EncryptorException;
30  
31  import java.security.Key;
32  
33  import java.util.Set;
34  import java.util.StringTokenizer;
35  
36  import javax.servlet.http.HttpServletRequest;
37  import javax.servlet.jsp.JspException;
38  import javax.servlet.jsp.PageContext;
39  
40  /**
41   * <a href="EncryptTagUtil.java.html"><b><i>View Source</i></b></a>
42   *
43   * @author Brian Wing Shun Chan
44   *
45   */
46  public class EncryptTagUtil {
47  
48      public static void doStartTag(
49              String className, String style, String protocol,
50              Set<String> unencryptedParamsSet, String url, String target,
51              PageContext pageContext)
52          throws JspException {
53  
54          try {
55              StringBuilder sb = new StringBuilder();
56  
57              // Open anchor
58  
59              sb.append("<a ");
60  
61              // Class
62  
63              if (Validator.isNotNull(className)) {
64                  sb.append("class=\"");
65                  sb.append(className);
66                  sb.append("\" ");
67              }
68  
69              // HREF
70  
71              sb.append("href=\"").append(protocol).append("://");
72  
73              int pos = url.indexOf("?");
74  
75              if (pos == -1) {
76                  sb.append(url);
77              }
78              else {
79                  sb.append(url.substring(0, pos)).append("?");
80  
81                  Company company = PortalUtil.getCompany(
82                      (HttpServletRequest)pageContext.getRequest());
83  
84                  Key key = company.getKeyObj();
85  
86                  StringTokenizer st = new StringTokenizer(
87                      url.substring(pos + 1, url.length()), "&");
88  
89                  while (st.hasMoreTokens()) {
90                      String paramAndValue = st.nextToken();
91  
92                      int x = paramAndValue.indexOf("=");
93  
94                      String param = paramAndValue.substring(0, x);
95                      String value = paramAndValue.substring(
96                          x + 1, paramAndValue.length());
97  
98                      sb.append(param).append("=");
99  
100                     if (unencryptedParamsSet.contains(param)) {
101                         sb.append(HttpUtil.encodeURL(value));
102                     }
103                     else {
104                         try {
105                             sb.append(HttpUtil.encodeURL(
106                                 Encryptor.encrypt(key, value)));
107                         }
108                         catch (EncryptorException ee) {
109                             _log.error(ee.getMessage());
110                         }
111 
112                         if (st.hasMoreTokens()) {
113                             sb.append("&");
114                         }
115                     }
116                 }
117 
118                 sb.append("&shuo=1");
119             }
120 
121             sb.append("\" ");
122 
123             // Style
124 
125             if (Validator.isNotNull(style)) {
126                 sb.append("style=\"");
127                 sb.append(style);
128                 sb.append("\" ");
129             }
130 
131             // Target
132 
133             if (Validator.isNotNull(target)) {
134                 sb.append("target=\"" + target + "\"");
135             }
136 
137             // Close anchor
138 
139             sb.append(">");
140 
141             pageContext.getOut().print(sb.toString());
142         }
143         catch (Exception e) {
144             throw new JspException(e);
145         }
146     }
147 
148     public static void doEndTag(PageContext pageContext) throws JspException {
149         try {
150             pageContext.getOut().print("</a>");
151         }
152         catch (Exception e) {
153             throw new JspException(e);
154         }
155     }
156 
157     private static Log _log = LogFactoryUtil.getLog(EncryptTagUtil.class);
158 
159 }