1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
27 package org.apache.http.impl.cookie;
28
29 import java.util.Collection;
30
31 import org.apache.http.conn.util.PublicSuffixMatcher;
32 import org.apache.http.cookie.Cookie;
33 import org.apache.http.cookie.CookieAttributeHandler;
34 import org.apache.http.cookie.CookieOrigin;
35 import org.apache.http.cookie.MalformedCookieException;
36 import org.apache.http.cookie.SetCookie;
37
38 /**
39 * Wraps a CookieAttributeHandler and leverages its match method
40 * to never match a suffix from a black list. May be used to provide
41 * additional security for cross-site attack types by preventing
42 * cookies from apparent domains that are not publicly available.
43 * An uptodate list of suffixes can be obtained from
44 * <a href="http://publicsuffix.org/">publicsuffix.org</a>
45 *
46 * @deprecated (4.4) use {@link org.apache.http.impl.cookie.PublicSuffixDomainFilter}
47 *
48 * @since 4.0
49 */
50 @Deprecated
51 public class PublicSuffixFilter implements CookieAttributeHandler {
52 private final CookieAttributeHandler wrapped;
53 private Collection<String> exceptions;
54 private Collection<String> suffixes;
55 private PublicSuffixMatcher matcher;
56
57 public PublicSuffixFilter(final CookieAttributeHandler wrapped) {
58 this.wrapped = wrapped;
59 }
60
61 /**
62 * Sets the suffix blacklist patterns.
63 * A pattern can be "com", "*.jp"
64 * TODO add support for patterns like "lib.*.us"
65 * @param suffixes
66 */
67 public void setPublicSuffixes(final Collection<String> suffixes) {
68 this.suffixes = suffixes;
69 this.matcher = null;
70 }
71
72 /**
73 * Sets the exceptions from the blacklist. Exceptions can not be patterns.
74 * TODO add support for patterns
75 * @param exceptions
76 */
77 public void setExceptions(final Collection<String> exceptions) {
78 this.exceptions = exceptions;
79 this.matcher = null;
80 }
81
82 /**
83 * Never matches if the cookie's domain is from the blacklist.
84 */
85 @Override
86 public boolean match(final Cookie cookie, final CookieOrigin origin) {
87 if (isForPublicSuffix(cookie)) {
88 return false;
89 }
90 return wrapped.match(cookie, origin);
91 }
92
93 @Override
94 public void parse(final SetCookie cookie, final String value) throws MalformedCookieException {
95 wrapped.parse(cookie, value);
96 }
97
98 @Override
99 public void validate(final Cookie cookie, final CookieOrigin origin) throws MalformedCookieException {
100 wrapped.validate(cookie, origin);
101 }
102
103 private boolean isForPublicSuffix(final Cookie cookie) {
104 if (matcher == null) {
105 matcher = new PublicSuffixMatcher(this.suffixes, this.exceptions);
106 }
107 return matcher.matches(cookie.getDomain());
108 }
109 }