1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.util;
16  
17  import com.liferay.portal.CookieNotSupportedException;
18  import com.liferay.portal.kernel.log.Log;
19  import com.liferay.portal.kernel.log.LogFactoryUtil;
20  import com.liferay.portal.kernel.util.StringPool;
21  import com.liferay.portal.kernel.util.Validator;
22  import com.liferay.util.CookieUtil;
23  
24  import javax.servlet.http.Cookie;
25  import javax.servlet.http.HttpServletRequest;
26  import javax.servlet.http.HttpServletResponse;
27  
28  import org.apache.commons.codec.binary.Hex;
29  
30  /**
31   * <a href="CookieKeys.java.html"><b><i>View Source</i></b></a>
32   *
33   * @author Brian Wing Shun Chan
34   * @author Minhchau Dang
35   */
36  public class CookieKeys {
37  
38      public static final String COOKIE_SUPPORT = "COOKIE_SUPPORT";
39  
40      public static final String COMPANY_ID = "COMPANY_ID";
41  
42      public static final String GUEST_LANGUAGE_ID = "GUEST_LANGUAGE_ID";
43  
44      public static final String ID = "ID";
45  
46      public static final String JSESSIONID = "jsessionid";
47  
48      public static final String LOGIN = "LOGIN";
49  
50      public static final String PASSWORD = "PASSWORD";
51  
52      public static final String REMEMBER_ME = "REMEMBER_ME";
53  
54      public static final String SCREEN_NAME = "SCREEN_NAME";
55  
56      public static final int MAX_AGE = 31536000;
57  
58      public static final int VERSION = 0;
59  
60      public static void addCookie(
61          HttpServletRequest request, HttpServletResponse response,
62          Cookie cookie) {
63  
64          addCookie(request, response, cookie, request.isSecure());
65      }
66  
67      public static void addCookie(
68          HttpServletRequest request, HttpServletResponse response,
69          Cookie cookie, boolean secure) {
70  
71          if (!PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES ||
72              PropsValues.TCK_URL) {
73  
74              return;
75          }
76  
77          // LEP-5175
78  
79          String name = cookie.getName();
80  
81          String originalValue = cookie.getValue();
82          String encodedValue = originalValue;
83  
84          if (isEncodedCookie(name)) {
85              encodedValue = new String(Hex.encodeHex(originalValue.getBytes()));
86  
87              if (_log.isDebugEnabled()) {
88                  _log.debug("Add encoded cookie " + name);
89                  _log.debug("Original value " + originalValue);
90                  _log.debug("Hex encoded value " + encodedValue);
91              }
92          }
93  
94          cookie.setSecure(secure);
95          cookie.setValue(encodedValue);
96          cookie.setVersion(VERSION);
97  
98          // Setting a cookie will cause the TCK to lose its ability to track
99          // sessions
100 
101         response.addCookie(cookie);
102     }
103 
104     public static void addSupportCookie(
105         HttpServletRequest request, HttpServletResponse response) {
106 
107         Cookie cookieSupportCookie = new Cookie(COOKIE_SUPPORT, "true");
108 
109         cookieSupportCookie.setPath(StringPool.SLASH);
110         cookieSupportCookie.setMaxAge(MAX_AGE);
111 
112         addCookie(request, response, cookieSupportCookie);
113     }
114 
115     public static String getCookie(HttpServletRequest request, String name) {
116         String value = CookieUtil.get(request, name);
117 
118         if ((value != null) && isEncodedCookie(name)) {
119             try {
120                 String encodedValue = value;
121                 String originalValue = new String(
122                     Hex.decodeHex(encodedValue.toCharArray()));
123 
124                 if (_log.isDebugEnabled()) {
125                     _log.debug("Get encoded cookie " + name);
126                     _log.debug("Hex encoded value " + encodedValue);
127                     _log.debug("Original value " + originalValue);
128                 }
129 
130                 return originalValue;
131             }
132             catch (Exception e) {
133                 if (_log.isWarnEnabled()) {
134                     _log.warn(e.getMessage());
135                 }
136 
137                 return value;
138             }
139         }
140 
141         return value;
142     }
143 
144     public static String getDomain(HttpServletRequest request) {
145 
146         // See LEP-4602 and LEP-4618.
147 
148         if (Validator.isNotNull(PropsValues.SESSION_COOKIE_DOMAIN)) {
149             return PropsValues.SESSION_COOKIE_DOMAIN;
150         }
151 
152         String host = request.getServerName();
153 
154         return getDomain(host);
155     }
156 
157     public static String getDomain(String host) {
158 
159         // See LEP-4602 and LEP-4645.
160 
161         if (host == null) {
162             return null;
163         }
164 
165         // See LEP-5595.
166 
167         if (Validator.isIPAddress(host)) {
168             return host;
169         }
170 
171         int x = host.lastIndexOf(StringPool.PERIOD);
172 
173         if (x <= 0) {
174             return null;
175         }
176 
177         int y = host.lastIndexOf(StringPool.PERIOD, x - 1);
178 
179         if (y <= 0) {
180             return StringPool.PERIOD + host;
181         }
182 
183         int z = host.lastIndexOf(StringPool.PERIOD, y - 1);
184 
185         String domain = null;
186 
187         if (z <= 0) {
188             domain = host.substring(y);
189         }
190         else {
191             domain = host.substring(z);
192         }
193 
194         return domain;
195     }
196 
197     public static boolean hasSessionId(HttpServletRequest request) {
198         String jsessionid = getCookie(request, JSESSIONID);
199 
200         if (jsessionid != null) {
201             return true;
202         }
203         else {
204             return false;
205         }
206     }
207 
208     public static boolean isEncodedCookie(String name) {
209         if (name.equals(ID) || name.equals(LOGIN) || name.equals(PASSWORD) ||
210             name.equals(SCREEN_NAME)) {
211 
212             return true;
213         }
214         else {
215             return false;
216         }
217     }
218 
219     public static void validateSupportCookie(HttpServletRequest request)
220         throws CookieNotSupportedException {
221 
222         if (PropsValues.SESSION_ENABLE_PERSISTENT_COOKIES &&
223             PropsValues.SESSION_TEST_COOKIE_SUPPORT) {
224 
225             String cookieSupport = getCookie(request, COOKIE_SUPPORT);
226 
227             if (Validator.isNull(cookieSupport)) {
228                 throw new CookieNotSupportedException();
229             }
230         }
231     }
232 
233     private static Log _log = LogFactoryUtil.getLog(CookieKeys.class);
234 
235 }