1 /* 2 * ==================================================================== 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * ==================================================================== 20 * 21 * This software consists of voluntary contributions made by many 22 * individuals on behalf of the Apache Software Foundation. For more 23 * information on the Apache Software Foundation, please see 24 * <http://www.apache.org/>. 25 * 26 */ 27 package org.apache.http.impl.cookie; 28 29 import java.util.Collection; 30 31 import org.apache.http.conn.util.PublicSuffixMatcher; 32 import org.apache.http.cookie.Cookie; 33 import org.apache.http.cookie.CookieAttributeHandler; 34 import org.apache.http.cookie.CookieOrigin; 35 import org.apache.http.cookie.MalformedCookieException; 36 import org.apache.http.cookie.SetCookie; 37 38 /** 39 * Wraps a CookieAttributeHandler and leverages its match method 40 * to never match a suffix from a black list. May be used to provide 41 * additional security for cross-site attack types by preventing 42 * cookies from apparent domains that are not publicly available. 43 * An uptodate list of suffixes can be obtained from 44 * <a href="http://publicsuffix.org/">publicsuffix.org</a> 45 * 46 * @deprecated (4.4) use {@link org.apache.http.impl.cookie.PublicSuffixDomainFilter} 47 * 48 * @since 4.0 49 */ 50 @Deprecated 51 public class PublicSuffixFilter implements CookieAttributeHandler { 52 private final CookieAttributeHandler wrapped; 53 private Collection<String> exceptions; 54 private Collection<String> suffixes; 55 private PublicSuffixMatcher matcher; 56 57 public PublicSuffixFilter(final CookieAttributeHandler wrapped) { 58 this.wrapped = wrapped; 59 } 60 61 /** 62 * Sets the suffix blacklist patterns. 63 * A pattern can be "com", "*.jp" 64 * TODO add support for patterns like "lib.*.us" 65 * @param suffixes 66 */ 67 public void setPublicSuffixes(final Collection<String> suffixes) { 68 this.suffixes = suffixes; 69 this.matcher = null; 70 } 71 72 /** 73 * Sets the exceptions from the blacklist. Exceptions can not be patterns. 74 * TODO add support for patterns 75 * @param exceptions 76 */ 77 public void setExceptions(final Collection<String> exceptions) { 78 this.exceptions = exceptions; 79 this.matcher = null; 80 } 81 82 /** 83 * Never matches if the cookie's domain is from the blacklist. 84 */ 85 @Override 86 public boolean match(final Cookie cookie, final CookieOrigin origin) { 87 if (isForPublicSuffix(cookie)) { 88 return false; 89 } 90 return wrapped.match(cookie, origin); 91 } 92 93 @Override 94 public void parse(final SetCookie cookie, final String value) throws MalformedCookieException { 95 wrapped.parse(cookie, value); 96 } 97 98 @Override 99 public void validate(final Cookie cookie, final CookieOrigin origin) throws MalformedCookieException { 100 wrapped.validate(cookie, origin); 101 } 102 103 private boolean isForPublicSuffix(final Cookie cookie) { 104 if (matcher == null) { 105 matcher = new PublicSuffixMatcher(this.suffixes, this.exceptions); 106 } 107 return matcher.matches(cookie.getDomain()); 108 } 109 }