View Javadoc
1   /*
2    * Copyright 2015 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.codec.http.cookie;
17  
18  import static io.netty.util.internal.ObjectUtil.checkNotNull;
19  
20  import java.util.Collections;
21  import java.util.Set;
22  import java.util.TreeSet;
23  
24  /**
25   * A <a href="http://tools.ietf.org/html/rfc6265">RFC6265</a> compliant cookie decoder to be used server side.
26   *
27   * Only name and value fields are expected, so old fields are not populated (path, domain, etc).
28   *
29   * Old <a href="http://tools.ietf.org/html/rfc2965">RFC2965</a> cookies are still supported,
30   * old fields will simply be ignored.
31   *
32   * @see ServerCookieEncoder
33   */
34  public final class ServerCookieDecoder extends CookieDecoder {
35  
36      private static final String RFC2965_VERSION = "$Version";
37  
38      private static final String RFC2965_PATH = "$" + CookieHeaderNames.PATH;
39  
40      private static final String RFC2965_DOMAIN = "$" + CookieHeaderNames.DOMAIN;
41  
42      private static final String RFC2965_PORT = "$Port";
43  
44      /**
45       * Strict encoder that validates that name and value chars are in the valid scope
46       * defined in RFC6265
47       */
48      public static final ServerCookieDecoder STRICT = new ServerCookieDecoder(true);
49  
50      /**
51       * Lax instance that doesn't validate name and value
52       */
53      public static final ServerCookieDecoder LAX = new ServerCookieDecoder(false);
54  
55      private ServerCookieDecoder(boolean strict) {
56          super(strict);
57      }
58  
59      /**
60       * Decodes the specified Set-Cookie HTTP header value into a {@link Cookie}.
61       *
62       * @return the decoded {@link Cookie}
63       */
64      public Set<Cookie> decode(String header) {
65          final int headerLen = checkNotNull(header, "header").length();
66  
67          if (headerLen == 0) {
68              return Collections.emptySet();
69          }
70  
71          Set<Cookie> cookies = new TreeSet<Cookie>();
72  
73          int i = 0;
74  
75          boolean rfc2965Style = false;
76          if (header.regionMatches(true, 0, RFC2965_VERSION, 0, RFC2965_VERSION.length())) {
77              // RFC 2965 style cookie, move to after version value
78              i = header.indexOf(';') + 1;
79              rfc2965Style = true;
80          }
81  
82          loop: for (;;) {
83  
84              // Skip spaces and separators.
85              for (;;) {
86                  if (i == headerLen) {
87                      break loop;
88                  }
89                  char c = header.charAt(i);
90                  if (c == '\t' || c == '\n' || c == 0x0b || c == '\f'
91                          || c == '\r' || c == ' ' || c == ',' || c == ';') {
92                      i++;
93                      continue;
94                  }
95                  break;
96              }
97  
98              int nameBegin = i;
99              int nameEnd = i;
100             int valueBegin = -1;
101             int valueEnd = -1;
102 
103             if (i != headerLen) {
104                 keyValLoop: for (;;) {
105 
106                     char curChar = header.charAt(i);
107                     if (curChar == ';') {
108                         // NAME; (no value till ';')
109                         nameEnd = i;
110                         valueBegin = valueEnd = -1;
111                         break keyValLoop;
112 
113                     } else if (curChar == '=') {
114                         // NAME=VALUE
115                         nameEnd = i;
116                         i++;
117                         if (i == headerLen) {
118                             // NAME= (empty value, i.e. nothing after '=')
119                             valueBegin = valueEnd = 0;
120                             break keyValLoop;
121                         }
122 
123                         valueBegin = i;
124                         // NAME=VALUE;
125                         int semiPos = header.indexOf(';', i);
126                         valueEnd = i = semiPos > 0 ? semiPos : headerLen;
127                         break keyValLoop;
128                     } else {
129                         i++;
130                     }
131 
132                     if (i == headerLen) {
133                         // NAME (no value till the end of string)
134                         nameEnd = headerLen;
135                         valueBegin = valueEnd = -1;
136                         break;
137                     }
138                 }
139             }
140 
141             if (rfc2965Style && (header.regionMatches(nameBegin, RFC2965_PATH, 0, RFC2965_PATH.length()) ||
142                     header.regionMatches(nameBegin, RFC2965_DOMAIN, 0, RFC2965_DOMAIN.length()) ||
143                     header.regionMatches(nameBegin, RFC2965_PORT, 0, RFC2965_PORT.length()))) {
144 
145                 // skip obsolete RFC2965 fields
146                 continue;
147             }
148 
149             DefaultCookie cookie = initCookie(header, nameBegin, nameEnd, valueBegin, valueEnd);
150             if (cookie != null) {
151                 cookies.add(cookie);
152             }
153         }
154 
155         return cookies;
156     }
157 }