All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.jooby.Cookie Maven / Gradle / Ivy

There is a newer version: 1.0.0
Show newest version
/**
 *                                  Apache License
 *                            Version 2.0, January 2004
 *                         http://www.apache.org/licenses/
 *
 *    TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 *
 *    1. Definitions.
 *
 *       "License" shall mean the terms and conditions for use, reproduction,
 *       and distribution as defined by Sections 1 through 9 of this document.
 *
 *       "Licensor" shall mean the copyright owner or entity authorized by
 *       the copyright owner that is granting the License.
 *
 *       "Legal Entity" shall mean the union of the acting entity and all
 *       other entities that control, are controlled by, or are under common
 *       control with that entity. For the purposes of this definition,
 *       "control" means (i) the power, direct or indirect, to cause the
 *       direction or management of such entity, whether by contract or
 *       otherwise, or (ii) ownership of fifty percent (50%) or more of the
 *       outstanding shares, or (iii) beneficial ownership of such entity.
 *
 *       "You" (or "Your") shall mean an individual or Legal Entity
 *       exercising permissions granted by this License.
 *
 *       "Source" form shall mean the preferred form for making modifications,
 *       including but not limited to software source code, documentation
 *       source, and configuration files.
 *
 *       "Object" form shall mean any form resulting from mechanical
 *       transformation or translation of a Source form, including but
 *       not limited to compiled object code, generated documentation,
 *       and conversions to other media types.
 *
 *       "Work" shall mean the work of authorship, whether in Source or
 *       Object form, made available under the License, as indicated by a
 *       copyright notice that is included in or attached to the work
 *       (an example is provided in the Appendix below).
 *
 *       "Derivative Works" shall mean any work, whether in Source or Object
 *       form, that is based on (or derived from) the Work and for which the
 *       editorial revisions, annotations, elaborations, or other modifications
 *       represent, as a whole, an original work of authorship. For the purposes
 *       of this License, Derivative Works shall not include works that remain
 *       separable from, or merely link (or bind by name) to the interfaces of,
 *       the Work and Derivative Works thereof.
 *
 *       "Contribution" shall mean any work of authorship, including
 *       the original version of the Work and any modifications or additions
 *       to that Work or Derivative Works thereof, that is intentionally
 *       submitted to Licensor for inclusion in the Work by the copyright owner
 *       or by an individual or Legal Entity authorized to submit on behalf of
 *       the copyright owner. For the purposes of this definition, "submitted"
 *       means any form of electronic, verbal, or written communication sent
 *       to the Licensor or its representatives, including but not limited to
 *       communication on electronic mailing lists, source code control systems,
 *       and issue tracking systems that are managed by, or on behalf of, the
 *       Licensor for the purpose of discussing and improving the Work, but
 *       excluding communication that is conspicuously marked or otherwise
 *       designated in writing by the copyright owner as "Not a Contribution."
 *
 *       "Contributor" shall mean Licensor and any individual or Legal Entity
 *       on behalf of whom a Contribution has been received by Licensor and
 *       subsequently incorporated within the Work.
 *
 *    2. Grant of Copyright License. Subject to the terms and conditions of
 *       this License, each Contributor hereby grants to You a perpetual,
 *       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 *       copyright license to reproduce, prepare Derivative Works of,
 *       publicly display, publicly perform, sublicense, and distribute the
 *       Work and such Derivative Works in Source or Object form.
 *
 *    3. Grant of Patent License. Subject to the terms and conditions of
 *       this License, each Contributor hereby grants to You a perpetual,
 *       worldwide, non-exclusive, no-charge, royalty-free, irrevocable
 *       (except as stated in this section) patent license to make, have made,
 *       use, offer to sell, sell, import, and otherwise transfer the Work,
 *       where such license applies only to those patent claims licensable
 *       by such Contributor that are necessarily infringed by their
 *       Contribution(s) alone or by combination of their Contribution(s)
 *       with the Work to which such Contribution(s) was submitted. If You
 *       institute patent litigation against any entity (including a
 *       cross-claim or counterclaim in a lawsuit) alleging that the Work
 *       or a Contribution incorporated within the Work constitutes direct
 *       or contributory patent infringement, then any patent licenses
 *       granted to You under this License for that Work shall terminate
 *       as of the date such litigation is filed.
 *
 *    4. Redistribution. You may reproduce and distribute copies of the
 *       Work or Derivative Works thereof in any medium, with or without
 *       modifications, and in Source or Object form, provided that You
 *       meet the following conditions:
 *
 *       (a) You must give any other recipients of the Work or
 *           Derivative Works a copy of this License; and
 *
 *       (b) You must cause any modified files to carry prominent notices
 *           stating that You changed the files; and
 *
 *       (c) You must retain, in the Source form of any Derivative Works
 *           that You distribute, all copyright, patent, trademark, and
 *           attribution notices from the Source form of the Work,
 *           excluding those notices that do not pertain to any part of
 *           the Derivative Works; and
 *
 *       (d) If the Work includes a "NOTICE" text file as part of its
 *           distribution, then any Derivative Works that You distribute must
 *           include a readable copy of the attribution notices contained
 *           within such NOTICE file, excluding those notices that do not
 *           pertain to any part of the Derivative Works, in at least one
 *           of the following places: within a NOTICE text file distributed
 *           as part of the Derivative Works; within the Source form or
 *           documentation, if provided along with the Derivative Works; or,
 *           within a display generated by the Derivative Works, if and
 *           wherever such third-party notices normally appear. The contents
 *           of the NOTICE file are for informational purposes only and
 *           do not modify the License. You may add Your own attribution
 *           notices within Derivative Works that You distribute, alongside
 *           or as an addendum to the NOTICE text from the Work, provided
 *           that such additional attribution notices cannot be construed
 *           as modifying the License.
 *
 *       You may add Your own copyright statement to Your modifications and
 *       may provide additional or different license terms and conditions
 *       for use, reproduction, or distribution of Your modifications, or
 *       for any such Derivative Works as a whole, provided Your use,
 *       reproduction, and distribution of the Work otherwise complies with
 *       the conditions stated in this License.
 *
 *    5. Submission of Contributions. Unless You explicitly state otherwise,
 *       any Contribution intentionally submitted for inclusion in the Work
 *       by You to the Licensor shall be under the terms and conditions of
 *       this License, without any additional terms or conditions.
 *       Notwithstanding the above, nothing herein shall supersede or modify
 *       the terms of any separate license agreement you may have executed
 *       with Licensor regarding such Contributions.
 *
 *    6. Trademarks. This License does not grant permission to use the trade
 *       names, trademarks, service marks, or product names of the Licensor,
 *       except as required for reasonable and customary use in describing the
 *       origin of the Work and reproducing the content of the NOTICE file.
 *
 *    7. Disclaimer of Warranty. Unless required by applicable law or
 *       agreed to in writing, Licensor provides the Work (and each
 *       Contributor provides its Contributions) on an "AS IS" BASIS,
 *       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 *       implied, including, without limitation, any warranties or conditions
 *       of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
 *       PARTICULAR PURPOSE. You are solely responsible for determining the
 *       appropriateness of using or redistributing the Work and assume any
 *       risks associated with Your exercise of permissions under this License.
 *
 *    8. Limitation of Liability. In no event and under no legal theory,
 *       whether in tort (including negligence), contract, or otherwise,
 *       unless required by applicable law (such as deliberate and grossly
 *       negligent acts) or agreed to in writing, shall any Contributor be
 *       liable to You for damages, including any direct, indirect, special,
 *       incidental, or consequential damages of any character arising as a
 *       result of this License or out of the use or inability to use the
 *       Work (including but not limited to damages for loss of goodwill,
 *       work stoppage, computer failure or malfunction, or any and all
 *       other commercial damages or losses), even if such Contributor
 *       has been advised of the possibility of such damages.
 *
 *    9. Accepting Warranty or Additional Liability. While redistributing
 *       the Work or Derivative Works thereof, You may choose to offer,
 *       and charge a fee for, acceptance of support, warranty, indemnity,
 *       or other liability obligations and/or rights consistent with this
 *       License. However, in accepting such obligations, You may act only
 *       on Your own behalf and on Your sole responsibility, not on behalf
 *       of any other Contributor, and only if You agree to indemnify,
 *       defend, and hold each Contributor harmless for any liability
 *       incurred by, or claims asserted against, such Contributor by reason
 *       of your accepting any such warranty or additional liability.
 *
 *    END OF TERMS AND CONDITIONS
 *
 *    APPENDIX: How to apply the Apache License to your work.
 *
 *       To apply the Apache License to your work, attach the following
 *       boilerplate notice, with the fields enclosed by brackets "{}"
 *       replaced with your own identifying information. (Don't include
 *       the brackets!)  The text should be enclosed in the appropriate
 *       comment syntax for the file format. We also recommend that a
 *       file or class name and description of purpose be included on the
 *       same "printed page" as the copyright notice for easier
 *       identification within third-party archives.
 *
 *    Copyright 2014 Edgar Espina
 *
 *    Licensed under the Apache License, Version 2.0 (the "License");
 *    you may not use this file except in compliance with the License.
 *    You may obtain a copy of the License at
 *
 *        http://www.apache.org/licenses/LICENSE-2.0
 *
 *    Unless required by applicable law or agreed to in writing, software
 *    distributed under the License is distributed on an "AS IS" BASIS,
 *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *    See the License for the specific language governing permissions and
 *    limitations under the License.
 */
package org.jooby;

import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.io.BaseEncoding;
import static java.util.Objects.requireNonNull;
import org.jooby.funzy.Throwing;
import org.jooby.internal.CookieImpl;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Function;
import java.util.regex.Pattern;
import java.util.stream.Collectors;

/**
 * Creates a cookie, a small amount of information sent by a server to
 * a Web browser, saved by the browser, and later sent back to the server.
 * A cookie's value can uniquely
 * identify a client, so cookies are commonly used for session management.
 *
 * 

* A cookie has a name, a single value, and optional attributes such as a comment, path and domain * qualifiers, a maximum age, and a version number. *

* *

* The server sends cookies to the browser by using the {@link Response#cookie(Cookie)} method, * which adds fields to HTTP response headers to send cookies to the browser, one at a time. The * browser is expected to support 20 cookies for each Web server, 300 cookies total, and may limit * cookie size to 4 KB each. *

* *

* The browser returns cookies to the server by adding fields to HTTP request headers. Cookies can * be retrieved from a request by using the {@link Request#cookie(String)} method. Several cookies * might have the same name but different path attributes. *

* *

* This class supports both the Version 0 (by Netscape) and Version 1 (by RFC 2109) cookie * specifications. By default, cookies are created using Version 0 to ensure the best * interoperability. *

* * @author edgar and various * @since 0.1.0 */ public interface Cookie { /** * Decode a cookie value using, like: k=v, multiple k=v pair are * separated by &. Also, k and v are decoded using * {@link URLDecoder}. */ Function> URL_DECODER = value -> { if (value == null) { return Collections.emptyMap(); } Throwing.Function decode = v -> URLDecoder .decode(v, StandardCharsets.UTF_8.name()); return Splitter.on('&') .trimResults() .omitEmptyStrings() .splitToList(value) .stream() .map(v -> { Iterator it = Splitter.on('=').trimResults().omitEmptyStrings() .split(v) .iterator(); return new String[]{ decode.apply(it.next()), it.hasNext() ? decode.apply(it.next()) : null }; }) .filter(it -> Objects.nonNull(it[1])) .collect(Collectors.toMap(it -> it[0], it -> it[1])); }; /** * Encode a hash into cookie value, like: k1=v1&...&kn=vn. Also, * key and value are encoded using {@link URLEncoder}. */ Function, String> URL_ENCODER = value -> { Throwing.Function encode = v -> URLEncoder .encode(v, StandardCharsets.UTF_8.name()); return value.entrySet().stream() .map(e -> new StringBuilder() .append(encode.apply(e.getKey())) .append('=') .append(encode.apply(e.getValue()))) .collect(Collectors.joining("&")) .toString(); }; /** * Build a {@link Cookie}. * * @author edgar * @since 0.1.0 */ class Definition { /** Cookie's name. */ private String name; /** Cookie's value. */ private String value; /** Cookie's domain. */ private String domain; /** Cookie's path. */ private String path; /** Cookie's comment. */ private String comment; /** HttpOnly flag. */ private Boolean httpOnly; /** True, ensure that the session cookie is only transmitted via HTTPS. */ private Boolean secure; /** * By default, -1 is returned, which indicates that the cookie will persist until * browser shutdown. */ private Integer maxAge; /** * Creates a new {@link Definition cookie's definition}. */ protected Definition() { } /** * Clone a new {@link Definition cookie's definition}. * * @param def A cookie's definition. */ public Definition(final Definition def) { this.comment = def.comment; this.domain = def.domain; this.httpOnly = def.httpOnly; this.maxAge = def.maxAge; this.name = def.name; this.path = def.path; this.secure = def.secure; this.value = def.value; } /** * Creates a new {@link Definition cookie's definition}. * * @param name Cookie's name. * @param value Cookie's value. */ public Definition(final String name, final String value) { name(name); value(value); } /** * Creates a new {@link Definition cookie's definition}. * * @param name Cookie's name. */ public Definition(final String name) { name(name); } /** * Produces a cookie from current definition. * * @return A new cookie. */ @Nonnull public Cookie toCookie() { return new CookieImpl(this); } @Override public String toString() { return toCookie().encode(); } /** * Set/Override the cookie's name. * * @param name A cookie's name. * @return This definition. */ @Nonnull public Definition name(final String name) { this.name = requireNonNull(name, "A cookie name is required."); return this; } /** * @return Cookie's name. */ @Nonnull public Optional name() { return Optional.ofNullable(name); } /** * Set the cookie's value. * * @param value A value. * @return This definition. */ @Nonnull public Definition value(final String value) { this.value = requireNonNull(value, "A cookie value is required."); return this; } /** * @return Cookie's value. */ @Nonnull public Optional value() { if (Strings.isNullOrEmpty(value)) { return Optional.empty(); } return Optional.of(value); } /** * Set the cookie's domain. * * @param domain Cookie's domain. * @return This definition. */ @Nonnull public Definition domain(final String domain) { this.domain = requireNonNull(domain, "A cookie domain is required."); return this; } /** * @return A cookie's domain. */ @Nonnull public Optional domain() { return Optional.ofNullable(domain); } /** * Set the cookie's path. * * @param path Cookie's path. * @return This definition. */ @Nonnull public Definition path(final String path) { this.path = requireNonNull(path, "A cookie path is required."); return this; } /** * @return Get cookie's path. */ @Nonnull public Optional path() { return Optional.ofNullable(path); } /** * Set cookie's comment. * * @param comment A cookie's comment. * @return This definition. */ @Nonnull public Definition comment(final String comment) { this.comment = requireNonNull(comment, "A cookie comment is required."); return this; } /** * @return Cookie's comment. */ @Nonnull public Optional comment() { return Optional.ofNullable(comment); } /** * Set HttpOnly flag. * * @param httpOnly True, for HTTP Only. * @return This definition. */ @Nonnull public Definition httpOnly(final boolean httpOnly) { this.httpOnly = httpOnly; return this; } /** * @return HTTP only flag. */ @Nonnull public Optional httpOnly() { return Optional.ofNullable(httpOnly); } /** * True, ensure that the session cookie is only transmitted via HTTPS. * * @param secure True, ensure that the session cookie is only transmitted via HTTPS. * @return This definition. */ @Nonnull public Definition secure(final boolean secure) { this.secure = secure; return this; } /** * @return True, ensure that the session cookie is only transmitted via HTTPS. */ @Nonnull public Optional secure() { return Optional.ofNullable(secure); } /** * Sets the maximum age in seconds for this Cookie. * *

* A positive value indicates that the cookie will expire after that many seconds have passed. * Note that the value is the maximum age when the cookie will expire, not the cookie's * current age. *

* *

* A negative value means that the cookie is not stored persistently and will be deleted when * the Web browser exits. A zero value causes the cookie to be deleted. *

* * @param maxAge an integer specifying the maximum age of the cookie in seconds; if negative, * means the cookie is not stored; if zero, deletes the cookie. * @return This definition. */ @Nonnull public Definition maxAge(final int maxAge) { this.maxAge = maxAge; return this; } /** * Gets the maximum age in seconds for this Cookie. * *

* A positive value indicates that the cookie will expire after that many seconds have passed. * Note that the value is the maximum age when the cookie will expire, not the cookie's * current age. *

* *

* A negative value means that the cookie is not stored persistently and will be deleted when * the Web browser exits. A zero value causes the cookie to be deleted. *

* * @return Cookie's max age in seconds. */ @Nonnull public Optional maxAge() { return Optional.ofNullable(maxAge); } } /** * Sign cookies using a HMAC algorithm plus SHA-256 hash. * Usage: * *
   *   String signed = Signature.sign("hello", "mysecretkey");
   *   ...
   *   // is it valid?
   *   assertEquals(signed, Signature.unsign(signed, "mysecretkey");
   * 
* * @author edgar * @since 0.1.0 */ public class Signature { /** Remove trailing '='. */ private static final Pattern EQ = Pattern.compile("=+$"); /** Algorithm name. */ public static final String HMAC_SHA256 = "HmacSHA256"; /** Signature separator. */ private static final String SEP = "|"; /** * Sign a value using a secret key. A value and secret key are required. Sign is done with * {@link #HMAC_SHA256}. * Signed value looks like: * *
     *   [signed value] '|' [raw value]
     * 
* * @param value A value to sign. * @param secret A secret key. * @return A signed value. */ @Nonnull public static String sign(final String value, final String secret) { requireNonNull(value, "A value is required."); requireNonNull(secret, "A secret is required."); try { Mac mac = Mac.getInstance(HMAC_SHA256); mac.init(new SecretKeySpec(secret.getBytes(), HMAC_SHA256)); byte[] bytes = mac.doFinal(value.getBytes()); return EQ.matcher(BaseEncoding.base64().encode(bytes)).replaceAll("") + SEP + value; } catch (Exception ex) { throw new IllegalArgumentException("Can't sing value", ex); } } /** * Un-sign a value, previously signed with {@link #sign(String, String)}. * Try {@link #valid(String, String)} to check for valid signed values. * * @param value A signed value. * @param secret A secret key. * @return A new signed value or null. */ @Nullable public static String unsign(final String value, final String secret) { requireNonNull(value, "A value is required."); requireNonNull(secret, "A secret is required."); int sep = value.indexOf(SEP); if (sep <= 0) { return null; } String str = value.substring(sep + 1); String mac = sign(str, secret); return mac.equals(value) ? str : null; } /** * True, if the given signed value is valid. * * @param value A signed value. * @param secret A secret key. * @return True, if the given signed value is valid. */ public static boolean valid(final String value, final String secret) { return unsign(value, secret) != null; } } /** * @return Cookie's name. */ @Nonnull String name(); /** * @return Cookie's value. */ @Nonnull Optional value(); /** * @return An optional comment. */ @Nonnull Optional comment(); /** * @return Cookie's domain. */ @Nonnull Optional domain(); /** * Gets the maximum age of this cookie (in seconds). * *

* By default, -1 is returned, which indicates that the cookie will persist until * browser shutdown. *

* * @return An integer specifying the maximum age of the cookie in seconds; if negative, means * the cookie persists until browser shutdown */ int maxAge(); /** * @return Cookie's path. */ @Nonnull Optional path(); /** * Returns true if the browser is sending cookies only over a secure protocol, or * false if the browser can send cookies using any protocol. * * @return true if the browser uses a secure protocol, false otherwise. */ boolean secure(); /** * @return True if HTTP Only. */ boolean httpOnly(); /** * @return Encode the cookie. */ @Nonnull String encode(); }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy