View Javadoc

1   /*
2    * Copyright 2009-2010 Capgemini
3    * Licensed under the Apache License, Version 2.0 (the "License"); 
4    * you may not use this file except in compliance with the License. 
5    * You may obtain a copy of the License at 
6    * 
7    * http://www.apache.org/licenses/LICENSE-2.0 
8    * 
9    * Unless required by applicable law or agreed to in writing, software 
10   * distributed under the License is distributed on an "AS IS" BASIS, 
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
12   * See the License for the specific language governing permissions and 
13   * limitations under the License. 
14   * 
15   */
16  package net.sourceforge.statelessfilter.utils;
17  
18  import java.security.SignatureException;
19  
20  import javax.servlet.http.Cookie;
21  import javax.servlet.http.HttpServletRequest;
22  
23  import org.apache.commons.lang.StringUtils;
24  
25  /**
26   * Cookie utility methods.
27   * 
28   * @author Nicolas Richeton
29   * 
30   */
31  public class CookieUtils {
32  
33  	private CookieUtils() {
34  	}
35  
36  	/**
37  	 * Create a cookie.
38  	 * 
39  	 * @param name
40  	 * @param content
41  	 *            a valid cookie content string. Binary content should be Base64
42  	 *            encoded. Text must be escaped to prevent issues with cookie
43  	 *            attributes like path or maxage.
44  	 * @return
45  	 * @throws SignatureException
46  	 */
47  	public static Cookie createCookie(String name, String content)
48  			throws SignatureException {
49  		return createCookie(name, content, null, null, null, false, null);
50  	}
51  
52  	/**
53  	 * Create a cookie.
54  	 * 
55  	 * @param name
56  	 * @param content
57  	 *            a valid cookie content string. Binary content should be Base64
58  	 *            encoded. Text must be escaped to prevent issues with cookie
59  	 *            attributes like path or maxage.
60  	 * @param domain
61  	 * @param path
62  	 * @param maxAge
63  	 * @return
64  	 * @throws SignatureException
65  	 */
66  	public static Cookie createCookie(String name, String content,
67  			String domain, String path, Integer maxAge)
68  			throws SignatureException {
69  		return createCookie(name, content, domain, path, maxAge, false, null);
70  	}
71  
72  	/**
73  	 * Create and sign a cookie.
74  	 * 
75  	 * @param name
76  	 * @param content
77  	 *            a valid cookie content string. Binary content should be Base64
78  	 *            encoded. Text must be escaped to prevent issues with cookie
79  	 *            attributes like path or maxage.
80  	 * @param domain
81  	 * @param path
82  	 * @param maxAge
83  	 * @param sign
84  	 * @param key
85  	 * @return
86  	 * @throws SignatureException
87  	 */
88  	public static Cookie createCookie(String name, String content,
89  			String domain, String path, Integer maxAge, boolean sign, String key)
90  			throws SignatureException {
91  
92  		String cContent = content;
93  		if (sign && content != null) {
94  			cContent = HmacUtils.signRFC2104HMAC(cContent, key, "|");
95  		}
96  		Cookie c = new Cookie(name, cContent);
97  		if (domain != null) {
98  			c.setDomain(domain);
99  		}
100 
101 		if (path != null) {
102 			c.setPath(path);
103 		}
104 
105 		if (StringUtils.isEmpty(content)) {
106 			c.setMaxAge(0);
107 		} else if (maxAge != null) {
108 			c.setMaxAge(maxAge.intValue());
109 		}
110 
111 		return c;
112 	}
113 
114 	/**
115 	 * Get a cookie.
116 	 * 
117 	 * @param request
118 	 * @param name
119 	 * @return
120 	 * @throws SignatureException
121 	 */
122 	public static Cookie getCookie(HttpServletRequest request, String name)
123 			throws SignatureException {
124 		return getCookie(request, name, false, null);
125 	}
126 
127 	/**
128 	 * Get a cookie and perform validity checks.
129 	 * 
130 	 * @param request
131 	 * @param name
132 	 * @param sign
133 	 * @param key
134 	 * @return
135 	 * @throws SignatureException
136 	 */
137 	public static Cookie getCookie(HttpServletRequest request, String name,
138 			boolean sign, String key) throws SignatureException {
139 		Cookie[] cookies = request.getCookies();
140 		if (cookies != null) {
141 			for (int i = cookies.length - 1; i >= 0; i--) {
142 				if (name.equals(cookies[i].getName())) {
143 					if (sign && cookies[i].getValue() != null) {
144 						if (HmacUtils.verifyRFC2104HMAC(cookies[i].getValue(),
145 								key, "|") != null) {
146 							return cookies[i];
147 						}
148 					} else {
149 						return cookies[i];
150 					}
151 
152 				}
153 			}
154 		}
155 		return null;
156 	}
157 
158 	/**
159 	 * Remove signature from cookie content.
160 	 * 
161 	 * @param cookieValue
162 	 *            signed cookie value
163 	 * @return unsigned value.
164 	 */
165 	public static String removeCookieSignature(String cookieValue) {
166 		if (cookieValue != null && cookieValue.contains("|")) {
167 			return cookieValue.split("\\|")[0];
168 		}
169 
170 		return null;
171 	}
172 }