/** * validate cookie version attribute. Version attribute is REQUIRED. */ public void validate(final Cookie cookie, final CookieOrigin origin) throws MalformedCookieException { if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } if (cookie instanceof Cookie2) { Cookie2 cookie2 = (Cookie2) cookie; if (!cookie2.isVersionAttributeSpecified()) { throw new MalformedCookieException( "Violates RFC 2965. Version attribute is required."); } } }
LOG.warn("Invalid cookie header: \"" + header.getValue() + "\". " + e.getMessage()); if (LOG.isWarnEnabled()) { LOG.warn("Cookie rejected: \"" + parser.formatCookie(cookie) + "\". " + e.getMessage());
/** * Parses the given Port attribute value (e.g. "8000,8001,8002") * into an array of ports. * * @param portValue port attribute value * @return parsed array of ports * @throws MalformedCookieException if there is a problem in * parsing due to invalid portValue. */ private int[] parsePortAttribute(final String portValue) throws MalformedCookieException { StringTokenizer st = new StringTokenizer(portValue, ","); int[] ports = new int[st.countTokens()]; try { int i = 0; while(st.hasMoreTokens()) { ports[i] = Integer.parseInt(st.nextToken().trim()); if (ports[i] < 0) { throw new MalformedCookieException ("Invalid Port attribute."); } ++i; } } catch (NumberFormatException e) { throw new MalformedCookieException ("Invalid Port " + "attribute: " + e.getMessage()); } return ports; }
/** * Parses the cookies from the given connection and stores them in httpState. * Invalid cookies are ignored and logged. */ private void readCookies(IRtXMASessionClient session, URL url,HttpURLConnection conn) { String headerName=""; for(int i=1;headerName!=null;i++) { headerName = conn.getHeaderFieldKey(i); if(Statics.HTTP_SET_COOKIE.equals(headerName)) { try { Cookie[] cookies = cookieSpec.parse(url.getHost(),getPort(url),url.getPath(),"https".equals(url.getProtocol()),conn.getHeaderField(i)); if(cookies!=null) { for(int j=0;j<cookies.length;j++) { try { cookieSpec.validate(url.getHost(),getPort(url),url.getPath(),"https".equals(url.getProtocol()),cookies[j]); getHttpState(session).addCookie(cookies[j]); if(session!=null && "JSESSIONID".equals(cookies[j].getName())) { session.setId(cookies[j].getName()+"="+cookies[j].getValue()); } } catch (MalformedCookieException e) { log_.log(LogLevel.WARNING,"cookie rejected: \""+cookieSpec.formatCookie(cookies[j])+"\". "+e.getMessage()); } } } } catch (MalformedCookieException e) { log_.log(LogLevel.WARNING,"Invalid cookie header: \""+conn.getHeaderField(i)+"\". "+e.getMessage()); } } } }
/** * Parse cookie max-age attribute. */ public void parse(final Cookie cookie, final String value) throws MalformedCookieException { if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } if (value == null) { throw new MalformedCookieException( "Missing value for max-age attribute"); } int age = -1; try { age = Integer.parseInt(value); } catch (NumberFormatException e) { age = -1; } if (age < 0) { throw new MalformedCookieException ("Invalid max-age attribute."); } cookie.setExpiryDate(new Date(System.currentTimeMillis() + age * 1000L)); }
LOG.warn("Invalid cookie header: \"" + header.getValue() + "\". " + e.getMessage()); if (LOG.isWarnEnabled()) { LOG.warn("Cookie rejected: \"" + parser.formatCookie(cookie) + "\". " + e.getMessage());
/** * Parse cookie path attribute. */ public void parse(final Cookie cookie, final String path) throws MalformedCookieException { if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } if (path == null) { throw new MalformedCookieException( "Missing value for path attribute"); } if (path.trim().equals("")) { throw new MalformedCookieException( "Blank value for path attribute"); } cookie.setPath(path); cookie.setPathAttributeSpecified(true); }
/** * Parse cookie version attribute. */ public void parse(final Cookie cookie, final String value) throws MalformedCookieException { if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } if (cookie instanceof Cookie2) { Cookie2 cookie2 = (Cookie2) cookie; if (value == null) { throw new MalformedCookieException( "Missing value for version attribute"); } int version = -1; try { version = Integer.parseInt(value); } catch (NumberFormatException e) { version = -1; } if (version < 0) { throw new MalformedCookieException("Invalid cookie version."); } cookie2.setVersion(version); cookie2.setVersionAttributeSpecified(true); } }
/** * Parse cookie domain attribute. */ public void parse(final Cookie cookie, String domain) throws MalformedCookieException { if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } if (domain == null) { throw new MalformedCookieException( "Missing value for domain attribute"); } if (domain.trim().equals("")) { throw new MalformedCookieException( "Blank value for domain attribute"); } domain = domain.toLowerCase(); if (!domain.startsWith(".")) { // Per RFC 2965 section 3.2.2 // "... If an explicitly specified value does not start with // a dot, the user agent supplies a leading dot ..." // That effectively implies that the domain attribute // MAY NOT be an IP address of a host name domain = "." + domain; } cookie.setDomain(domain); cookie.setDomainAttributeSpecified(true); }
throw new MalformedCookieException( "Missing value for expires attribute"); cookie.setExpiryDate(date); } catch (ParseException e) { throw new MalformedCookieException("Invalid expires " + "attribute: " + e.getMessage());
throw new MalformedCookieException( "Missing value for path attribute"); throw new MalformedCookieException( "Blank value for path attribute"); throw new MalformedCookieException( "Missing value for version attribute"); cookie.setVersion(Integer.parseInt(paramValue)); } catch (NumberFormatException e) { throw new MalformedCookieException("Invalid version: " + e.getMessage());
/** * Validate cookie path attribute. The value for the Path attribute must be a * prefix of the request-URI (case-sensitive matching). */ public void validate(final Cookie cookie, final CookieOrigin origin) throws MalformedCookieException { if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } if (origin == null) { throw new IllegalArgumentException("Cookie origin may not be null"); } String path = origin.getPath(); if (path == null) { throw new IllegalArgumentException( "Path of origin host may not be null."); } if (cookie.getPath() == null) { throw new MalformedCookieException("Invalid cookie state: " + "path attribute is null."); } if (path.trim().equals("")) { path = PATH_DELIM; } if (!pathMatch(path, cookie.getPath())) { throw new MalformedCookieException( "Illegal path attribute \"" + cookie.getPath() + "\". Path of origin: \"" + path + "\""); } }
/** * Validate cookie port attribute. If the Port attribute was specified * in header, the request port must be in cookie's port list. */ public void validate(final Cookie cookie, final CookieOrigin origin) throws MalformedCookieException { if (cookie == null) { throw new IllegalArgumentException("Cookie may not be null"); } if (origin == null) { throw new IllegalArgumentException("Cookie origin may not be null"); } if (cookie instanceof Cookie2) { Cookie2 cookie2 = (Cookie2) cookie; int port = origin.getPort(); if (cookie2.isPortAttributeSpecified()) { if (!portMatch(port, cookie2.getPorts())) { throw new MalformedCookieException( "Port attribute violates RFC 2965: " + "Request port not found in cookie's port list."); } } } }
throw new MalformedCookieException("Invalid cookie state: " + "domain not specified"); throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: domain must start with a dot"); if (((dotIndex < 0) || (dotIndex == cookieDomain.length() - 1)) && (!cookieDomain.equals(".local"))) { throw new MalformedCookieException( "Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2965: the value contains no embedded dots " throw new MalformedCookieException( "Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2965: effective host name does not " 0, host.length() - cookieDomain.length()); if (effectiveHostWithoutDomain.indexOf('.') != -1) { throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2965: " + "effective host minus domain may not contain any dots"); throw new MalformedCookieException("Illegal domain attribute: \"" + cookie.getDomain() + "\"." + "Domain of origin: \""
throw new MalformedCookieException ("Illegal version number " + cookie.getValue()); throw new MalformedCookieException( "Illegal domain attribute \"" + cookie.getDomain() + "\". Domain of origin: \"" + host + "\""); throw new MalformedCookieException( "Illegal domain attribute \"" + cookie.getDomain() + "\". Domain of origin: \"" + host + "\""); throw new MalformedCookieException( "Illegal path attribute \"" + cookie.getPath() + "\". Path of origin: \"" + path + "\"");
throw new MalformedCookieException( "Missing value for domain attribute"); throw new MalformedCookieException( "Blank value for domain attribute"); throw new MalformedCookieException( "Missing value for max-age attribute"); age = Integer.parseInt(paramValue); } catch (NumberFormatException e) { throw new MalformedCookieException ("Invalid max-age " + "attribute: " + e.getMessage()); throw new MalformedCookieException( "Missing value for expires attribute"); } catch (DateParseException dpe) { LOG.debug("Error parsing cookie date", dpe); throw new MalformedCookieException( "Unable to parse expiration date parameter: " + paramValue);
throw new MalformedCookieException("Cookie name may not contain blanks"); throw new MalformedCookieException("Cookie name may not start with $"); throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: domain must start with a dot"); throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: domain must contain an embedded dot"); throw new MalformedCookieException( "Illegal domain attribute \"" + cookie.getDomain() + "\". Domain of origin: \"" + host + "\""); - cookie.getDomain().length()); if (hostWithoutDomain.indexOf('.') != -1) { throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates RFC 2109: host minus domain may not contain any dots");
new int[] {port}); } catch (IllegalArgumentException ex) { throw new MalformedCookieException(ex.getMessage());
throw new MalformedCookieException("Cookie name may not contain blanks"); throw new MalformedCookieException("Cookie name may not start with $");
throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates the Netscape cookie specification for " throw new MalformedCookieException("Domain attribute \"" + cookie.getDomain() + "\" violates the Netscape cookie specification");