1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * The contents of this file are subject to the terms of the Liferay Enterprise
5    * Subscription License ("License"). You may not use this file except in
6    * compliance with the License. You can obtain a copy of the License by
7    * contacting Liferay, Inc. See the License for the specific language governing
8    * permissions and limitations under the License, including but not limited to
9    * distribution rights of the Software.
10   *
11   *
12   *
13   */
14  
15  package com.liferay.portal.util;
16  
17  import com.liferay.portal.CookieNotSupportedException;
18  import com.liferay.portal.kernel.log.Log;
19  import com.liferay.portal.kernel.log.LogFactoryUtil;
20  import com.liferay.portal.kernel.util.CharPool;
21  import com.liferay.portal.kernel.util.StringPool;
22  import com.liferay.portal.kernel.util.Validator;
23  import com.liferay.util.CookieUtil;
24  
25  import javax.servlet.http.Cookie;
26  import javax.servlet.http.HttpServletRequest;
27  import javax.servlet.http.HttpServletResponse;
28  
29  import org.apache.commons.codec.binary.Hex;
30  
31  /**
32   * <a href="CookieKeys.java.html"><b><i>View Source</i></b></a>
33   *
34   * @author Brian Wing Shun Chan
35   * @author Minhchau Dang
36   */
37  public class CookieKeys {
38  
39      public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
40  
41      public static final String COMPANY_ID = "COMPANY_ID";
42  
43      public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
44  
45      public static final String ID = "ID";
46  
47      public static final String JSESSIONID = "jsessionid";
48  
49      public static final String LOGIN = "LOGIN";
50  
51      public static final String PASSWORD = "PASSWORD";
52  
53      public static final String REMEMBER_ME = "REMEMBER_ME";
54  
55      public static final String SCREEN_NAME = "SCREEN_NAME";
56  
57      public static final int MAX_AGE = 31536000;
58  
59      public static final int VERSION = 0;
60  
61      public static void addCookie(
62          HttpServletRequest request, HttpServletResponse response,
63          Cookie cookie) {
64  
65          addCookie(request, response, cookie, request.isSecure());
66      }
67  
68      public static void addCookie(
69          HttpServletRequest request, HttpServletResponse response,
70          Cookie cookie, boolean secure) {
71  
72          if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES ||
73              PropsValues.TCK_URL) {
74  
75              return;
76          }
77  
78          // LEP-5175
79  
80          String name = cookie.getName();
81  
82          String originalValue = cookie.getValue();
83          String encodedValue = originalValue;
84  
85          if (isEncodedCookie(name)) {
86              encodedValue = new String(Hex.encodeHex(originalValue.getBytes()));
87  
88              if (_log.isDebugEnabled()) {
89                  _log.debug("Add encoded cookie " + name);
90                  _log.debug("Original value " + originalValue);
91                  _log.debug("Hex encoded value " + encodedValue);
92              }
93          }
94  
95          cookie.setSecure(secure);
96          cookie.setValue(encodedValue);
97          cookie.setVersion(VERSION);
98  
99          // Setting a cookie will cause the TCK to lose its ability to track
100         // sessions
101 
102         response.addCookie(cookie);
103     }
104 
105     public static void addSupportCookie(
106         HttpServletRequest request, HttpServletResponse response) {
107 
108         Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
109 
110         cookieSupportCookie.setPath(StringPool.SLASH);
111         cookieSupportCookie.setMaxAge(MAX_AGE);
112 
113         addCookie(request, response, cookieSupportCookie);
114     }
115 
116     public static String getCookie(HttpServletRequest request, String name) {
117         String value = CookieUtil.get(request, name);
118 
119         if ((value != null) && isEncodedCookie(name)) {
120             try {
121                 String encodedValue = value;
122                 String originalValue = new String(
123                     Hex.decodeHex(encodedValue.toCharArray()));
124 
125                 if (_log.isDebugEnabled()) {
126                     _log.debug("Get encoded cookie " + name);
127                     _log.debug("Hex encoded value " + encodedValue);
128                     _log.debug("Original value " + originalValue);
129                 }
130 
131                 return originalValue;
132             }
133             catch (Exception e) {
134                 if (_log.isWarnEnabled()) {
135                     _log.warn(e.getMessage());
136                 }
137 
138                 return value;
139             }
140         }
141 
142         return value;
143     }
144 
145     public static String getDomain(HttpServletRequest request) {
146 
147         // See LEP-4602 and LEP-4618.
148 
149         if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
150             return PropsValues.SESSION_COOKIE_DOMAIN;
151         }
152 
153         String host = request.getServerName();
154 
155         return getDomain(host);
156     }
157 
158     public static String getDomain(String host) {
159 
160         // See LEP-4602 and LEP-4645.
161 
162         if (host == null) {
163             return null;
164         }
165 
166         // See LEP-5595.
167 
168         if (Validator.isIPAddress(host)) {
169             return host;
170         }
171 
172         int x = host.lastIndexOf(CharPool.PERIOD);
173 
174         if (x <= 0) {
175             return null;
176         }
177 
178         int y = host.lastIndexOf(CharPool.PERIOD, x - 1);
179 
180         if (y <= 0) {
181             return StringPool.PERIOD + host;
182         }
183 
184         int z = host.lastIndexOf(CharPool.PERIOD, y - 1);
185 
186         String domain = null;
187 
188         if (z <= 0) {
189             domain = host.substring(y);
190         }
191         else {
192             domain = host.substring(z);
193         }
194 
195         return domain;
196     }
197 
198     public static boolean hasSessionId(HttpServletRequest request) {
199         String jsessionid = getCookie(request, JSESSIONID);
200 
201         if (jsessionid != null) {
202             return true;
203         }
204         else {
205             return false;
206         }
207     }
208 
209     public static boolean isEncodedCookie(String name) {
210         if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
211             name.equals(SCREEN_NAME)) {
212 
213             return true;
214         }
215         else {
216             return false;
217         }
218     }
219 
220     public static void validateSupportCookie(HttpServletRequest request)
221         throws CookieNotSupportedException {
222 
223         if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
224             PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
225 
226             String cookieSupport = getCookie(request, COOKIE_SUPPORT);
227 
228             if (Validator.isNull(cookieSupport)) {
229                 throw new CookieNotSupportedException();
230             }
231         }
232     }
233 
234     private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
235 
236 }