View Javadoc
1   /*
2    * Copyright 2015 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.codec.http.cookie;
17  
18  import static io.netty.util.internal.ObjectUtil.checkNotNull;
19  
20  import java.util.Collections;
21  import java.util.Set;
22  import java.util.TreeSet;
23  
24  /**
25   * A <a href="http://tools.ietf.org/html/rfc6265">RFC6265</a> compliant cookie decoder to be used server side.
26   *
27   * Only name and value fields are expected, so old fields are not populated (path, domain, etc).
28   *
29   * Old <a href="http://tools.ietf.org/html/rfc2965">RFC2965</a> cookies are still supported,
30   * old fields will simply be ignored.
31   *
32   * @see ServerCookieEncoder
33   */
34  public final class ServerCookieDecoder extends CookieDecoder {
35  
36      private static final String RFC2965_VERSION = "$Version";
37  
38      private static final String RFC2965_PATH = "$" + CookieHeaderNames.PATH;
39  
40      private static final String RFC2965_DOMAIN = "$" + CookieHeaderNames.DOMAIN;
41  
42      private static final String RFC2965_PORT = "$Port";
43  
44      /**
45       * Strict encoder that validates that name and value chars are in the valid scope
46       * defined in RFC6265
47       */
48      public static final ServerCookieDecoder STRICT = new ServerCookieDecoder(true);
49  
50      /**
51       * Lax instance that doesn't validate name and value
52       */
53      public static final ServerCookieDecoder LAX = new ServerCookieDecoder(false);
54  
55      private ServerCookieDecoder(boolean strict) {
56          super(strict);
57      }
58  
59      /**
60       * Decodes the specified Set-Cookie HTTP header value into a {@link Cookie}.
61       *
62       * @return the decoded {@link Cookie}
63       */
64      public Set<Cookie> decode(String header) {
65          final int headerLen = checkNotNull(header, "header").length();
66  
67          if (headerLen == 0) {
68              return Collections.emptySet();
69          }
70  
71          Set<Cookie> cookies = new TreeSet<Cookie>();
72  
73          int i = 0;
74  
75          boolean rfc2965Style = false;
76          if (header.regionMatches(true, 0, RFC2965_VERSION, 0, RFC2965_VERSION.length())) {
77              // RFC 2965 style cookie, move to after version value
78              i = header.indexOf(';') + 1;
79              rfc2965Style = true;
80          }
81  
82          loop: for (;;) {
83  
84              // Skip spaces and separators.
85              for (;;) {
86                  if (i == headerLen) {
87                      break loop;
88                  }
89                  char c = header.charAt(i);
90                  if (c == '\t' || c == '\n' || c == 0x0b || c == '\f'
91                          || c == '\r' || c == ' ' || c == ',' || c == ';') {
92                      i++;
93                      continue;
94                  }
95                  break;
96              }
97  
98              int nameBegin = i;
99              int nameEnd;
100             int valueBegin;
101             int valueEnd;
102 
103             for (;;) {
104 
105                 char curChar = header.charAt(i);
106                 if (curChar == ';') {
107                     // NAME; (no value till ';')
108                     nameEnd = i;
109                     valueBegin = valueEnd = -1;
110                     break;
111 
112                 } else if (curChar == '=') {
113                     // NAME=VALUE
114                     nameEnd = i;
115                     i++;
116                     if (i == headerLen) {
117                         // NAME= (empty value, i.e. nothing after '=')
118                         valueBegin = valueEnd = 0;
119                         break;
120                     }
121 
122                     valueBegin = i;
123                     // NAME=VALUE;
124                     int semiPos = header.indexOf(';', i);
125                     valueEnd = i = semiPos > 0 ? semiPos : headerLen;
126                     break;
127                 } else {
128                     i++;
129                 }
130 
131                 if (i == headerLen) {
132                     // NAME (no value till the end of string)
133                     nameEnd = headerLen;
134                     valueBegin = valueEnd = -1;
135                     break;
136                 }
137             }
138 
139             if (rfc2965Style && (header.regionMatches(nameBegin, RFC2965_PATH, 0, RFC2965_PATH.length()) ||
140                     header.regionMatches(nameBegin, RFC2965_DOMAIN, 0, RFC2965_DOMAIN.length()) ||
141                     header.regionMatches(nameBegin, RFC2965_PORT, 0, RFC2965_PORT.length()))) {
142 
143                 // skip obsolete RFC2965 fields
144                 continue;
145             }
146 
147             DefaultCookie cookie = initCookie(header, nameBegin, nameEnd, valueBegin, valueEnd);
148             if (cookie != null) {
149                 cookies.add(cookie);
150             }
151         }
152 
153         return cookies;
154     }
155 }