2007-06-10 07:55:43 +00:00
|
|
|
/* <!-- copyright */
|
|
|
|
|
/*
|
|
|
|
|
* aria2 - The high speed download utility
|
|
|
|
|
*
|
|
|
|
|
* Copyright (C) 2006 Tatsuhiro Tsujikawa
|
|
|
|
|
*
|
|
|
|
|
* This program is free software; you can redistribute it and/or modify
|
|
|
|
|
* it under the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
* GNU General Public License for more details.
|
|
|
|
|
*
|
|
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, write to the Free Software
|
2010-01-05 16:01:46 +00:00
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
|
2007-06-10 07:55:43 +00:00
|
|
|
*
|
|
|
|
|
* In addition, as a special exception, the copyright holders give
|
|
|
|
|
* permission to link the code of portions of this program with the
|
|
|
|
|
* OpenSSL library under certain conditions as described in each
|
|
|
|
|
* individual source file, and distribute linked combinations
|
|
|
|
|
* including the two.
|
|
|
|
|
* You must obey the GNU General Public License in all respects
|
|
|
|
|
* for all of the code used other than OpenSSL. If you modify
|
|
|
|
|
* file(s) with this exception, you may extend this exception to your
|
|
|
|
|
* version of the file(s), but you are not obligated to do so. If you
|
|
|
|
|
* do not wish to do so, delete this exception statement from your
|
|
|
|
|
* version. If you delete this exception statement from all source
|
|
|
|
|
* files in the program, then also delete it here.
|
|
|
|
|
*/
|
|
|
|
|
/* copyright --> */
|
|
|
|
|
#include "Cookie.h"
|
2008-10-26 14:22:58 +00:00
|
|
|
|
|
|
|
|
#include <algorithm>
|
2009-05-22 14:51:57 +00:00
|
|
|
#include <sstream>
|
2008-10-26 14:22:58 +00:00
|
|
|
|
2009-10-22 15:35:33 +00:00
|
|
|
#include "util.h"
|
2008-05-13 14:15:23 +00:00
|
|
|
#include "A2STR.h"
|
2008-08-27 16:04:36 +00:00
|
|
|
#include "TimeA2.h"
|
2009-06-06 12:33:07 +00:00
|
|
|
#include "a2functional.h"
|
2007-06-10 07:55:43 +00:00
|
|
|
|
2008-02-08 15:53:45 +00:00
|
|
|
namespace aria2 {
|
|
|
|
|
|
2008-12-15 15:48:48 +00:00
|
|
|
static std::string prependDotIfNotExists(const std::string& domain)
|
|
|
|
|
{
|
|
|
|
|
// From RFC2965:
|
|
|
|
|
// * Domain=value
|
|
|
|
|
// OPTIONAL. The value of the Domain attribute specifies the domain
|
|
|
|
|
// for which the cookie is valid. If an explicitly specified value
|
|
|
|
|
// does not start with a dot, the user agent supplies a leading dot.
|
2010-01-28 14:33:23 +00:00
|
|
|
return (!domain.empty() && domain[0] != '.') ? A2STR::DOT_C+domain : domain;
|
2008-12-15 15:48:48 +00:00
|
|
|
}
|
|
|
|
|
|
2010-01-28 14:01:50 +00:00
|
|
|
std::string Cookie::normalizeDomain(const std::string& domain)
|
2008-12-15 15:48:48 +00:00
|
|
|
{
|
2010-01-28 14:25:16 +00:00
|
|
|
if(domain.empty() || util::isNumericHost(domain)) {
|
2008-12-15 15:48:48 +00:00
|
|
|
return domain;
|
|
|
|
|
}
|
|
|
|
|
std::string md = prependDotIfNotExists(domain);
|
2009-10-22 15:09:00 +00:00
|
|
|
// TODO use util::split to strict verification
|
2010-01-28 14:33:23 +00:00
|
|
|
std::string::size_type p = md.find_last_of(A2STR::DOT_C);
|
2008-12-15 15:48:48 +00:00
|
|
|
if(p == 0 || p == std::string::npos) {
|
|
|
|
|
md += ".local";
|
|
|
|
|
}
|
2009-10-22 15:09:00 +00:00
|
|
|
return util::toLower(prependDotIfNotExists(md));
|
2008-12-15 15:48:48 +00:00
|
|
|
}
|
|
|
|
|
|
2008-02-08 15:53:45 +00:00
|
|
|
Cookie::Cookie(const std::string& name,
|
2010-01-05 16:01:46 +00:00
|
|
|
const std::string& value,
|
|
|
|
|
time_t expiry,
|
|
|
|
|
const std::string& path,
|
|
|
|
|
const std::string& domain,
|
|
|
|
|
bool secure):
|
2010-06-21 13:51:56 +00:00
|
|
|
name_(name),
|
|
|
|
|
value_(value),
|
|
|
|
|
expiry_(expiry),
|
|
|
|
|
path_(path),
|
|
|
|
|
domain_(normalizeDomain(domain)),
|
|
|
|
|
secure_(secure),
|
|
|
|
|
creationTime_(time(0)),
|
|
|
|
|
lastAccess_(creationTime_) {}
|
2008-02-08 15:53:45 +00:00
|
|
|
|
|
|
|
|
Cookie::Cookie(const std::string& name,
|
2010-01-05 16:01:46 +00:00
|
|
|
const std::string& value,
|
|
|
|
|
const std::string& path,
|
|
|
|
|
const std::string& domain,
|
|
|
|
|
bool secure):
|
2010-06-21 13:51:56 +00:00
|
|
|
name_(name),
|
|
|
|
|
value_(value),
|
|
|
|
|
expiry_(0),
|
|
|
|
|
path_(path),
|
|
|
|
|
domain_(normalizeDomain(domain)),
|
|
|
|
|
secure_(secure),
|
|
|
|
|
creationTime_(time(0)),
|
|
|
|
|
lastAccess_(creationTime_) {}
|
2008-02-08 15:53:45 +00:00
|
|
|
|
2010-06-21 13:51:56 +00:00
|
|
|
Cookie::Cookie():expiry_(0), secure_(false), lastAccess_(time(0)) {}
|
2008-02-08 15:53:45 +00:00
|
|
|
|
|
|
|
|
Cookie::~Cookie() {}
|
|
|
|
|
|
|
|
|
|
std::string Cookie::toString() const
|
|
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
return strconcat(name_, "=", value_);
|
2008-02-08 15:53:45 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool Cookie::good() const
|
|
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
return !name_.empty();
|
2008-02-08 15:53:45 +00:00
|
|
|
}
|
|
|
|
|
|
2008-08-27 16:04:36 +00:00
|
|
|
static bool pathInclude(const std::string& requestPath, const std::string& path)
|
2007-06-10 07:55:43 +00:00
|
|
|
{
|
2008-08-27 16:04:36 +00:00
|
|
|
if(requestPath == path) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
2009-10-22 15:09:00 +00:00
|
|
|
if(util::startsWith(requestPath, path)) {
|
2008-08-27 16:04:36 +00:00
|
|
|
if(*path.rbegin() != '/' && requestPath[path.size()] != '/') {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
} else if(*path.rbegin() != '/' || *requestPath.rbegin() == '/' ||
|
2010-01-05 16:01:46 +00:00
|
|
|
!util::startsWith(requestPath+"/", path)) {
|
2008-08-27 16:04:36 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2008-12-15 15:48:48 +00:00
|
|
|
static bool domainMatch(const std::string& normReqHost,
|
2010-01-05 16:01:46 +00:00
|
|
|
const std::string& domain)
|
2008-08-27 16:04:36 +00:00
|
|
|
{
|
2008-12-15 15:48:48 +00:00
|
|
|
// RFC2965 stated that:
|
|
|
|
|
//
|
|
|
|
|
// A Set-Cookie2 with Domain=ajax.com will be accepted, and the
|
|
|
|
|
// value for Domain will be taken to be .ajax.com, because a dot
|
|
|
|
|
// gets prepended to the value.
|
|
|
|
|
//
|
|
|
|
|
// Also original Netscape implementation behaves exactly the same.
|
|
|
|
|
|
2010-06-21 13:51:56 +00:00
|
|
|
// domain_ always starts ".". See Cookie::Cookie().
|
2009-10-22 15:09:00 +00:00
|
|
|
return util::endsWith(normReqHost, domain);
|
2008-08-27 16:04:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool Cookie::match(const std::string& requestHost,
|
2010-01-05 16:01:46 +00:00
|
|
|
const std::string& requestPath,
|
|
|
|
|
time_t date, bool secure) const
|
2008-08-27 16:04:36 +00:00
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
if((secure || (!secure_ && !secure)) &&
|
|
|
|
|
(requestHost == domain_ || // For default domain or IP address
|
|
|
|
|
domainMatch(normalizeDomain(requestHost), domain_)) &&
|
|
|
|
|
pathInclude(requestPath, path_) &&
|
|
|
|
|
(isSessionCookie() || (date < expiry_))) {
|
2007-06-10 07:55:43 +00:00
|
|
|
return true;
|
|
|
|
|
} else {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-02-08 15:53:45 +00:00
|
|
|
|
2008-08-27 16:04:36 +00:00
|
|
|
bool Cookie::validate(const std::string& requestHost,
|
2008-12-15 15:48:48 +00:00
|
|
|
const std::string& requestPath) const
|
2008-08-27 16:04:36 +00:00
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
// If domain_ doesn't start with "." or it is IP address, then it
|
2010-01-28 14:01:50 +00:00
|
|
|
// must equal to requestHost. Otherwise, do domain tail match.
|
2010-06-21 13:51:56 +00:00
|
|
|
if(requestHost != domain_) {
|
2010-01-28 14:01:50 +00:00
|
|
|
std::string normReqHost = normalizeDomain(requestHost);
|
2010-06-21 13:51:56 +00:00
|
|
|
if(normReqHost != domain_) {
|
2010-01-28 14:01:50 +00:00
|
|
|
// domain must start with '.'
|
2010-06-21 13:51:56 +00:00
|
|
|
if(*domain_.begin() != '.') {
|
2010-01-28 14:01:50 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// domain must not end with '.'
|
2010-06-21 13:51:56 +00:00
|
|
|
if(*domain_.rbegin() == '.') {
|
2010-01-28 14:01:50 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// domain must include at least one embeded '.'
|
2010-06-21 13:51:56 +00:00
|
|
|
if(domain_.size() < 4 ||
|
|
|
|
|
domain_.find(A2STR::DOT_C, 1) == std::string::npos) {
|
2010-01-28 14:01:50 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
2010-06-21 13:51:56 +00:00
|
|
|
if(!util::endsWith(normReqHost, domain_)) {
|
2010-01-28 14:01:50 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
// From RFC2965 3.3.2 Rejecting Cookies
|
|
|
|
|
// * The request-host is a HDN (not IP address) and has the form HD,
|
|
|
|
|
// where D is the value of the Domain attribute, and H is a string
|
|
|
|
|
// that contains one or more dots.
|
|
|
|
|
size_t dotCount = std::count(normReqHost.begin(),
|
|
|
|
|
normReqHost.begin()+
|
2010-06-21 13:51:56 +00:00
|
|
|
(normReqHost.size()-domain_.size()), '.');
|
2010-01-28 14:01:50 +00:00
|
|
|
if(dotCount > 1 || (dotCount == 1 && normReqHost[0] != '.')) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2008-08-27 16:04:36 +00:00
|
|
|
}
|
|
|
|
|
}
|
2010-06-21 13:51:56 +00:00
|
|
|
if(requestPath != path_) {
|
2008-12-15 15:48:48 +00:00
|
|
|
// From RFC2965 3.3.2 Rejecting Cookies
|
|
|
|
|
// * The value for the Path attribute is not a prefix of the request-URI.
|
2010-06-21 13:51:56 +00:00
|
|
|
if(!pathInclude(requestPath, path_)) {
|
2008-08-27 16:04:36 +00:00
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
2008-09-01 15:00:41 +00:00
|
|
|
return good();
|
2008-08-27 16:04:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool Cookie::operator==(const Cookie& cookie) const
|
|
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
return domain_ == cookie.domain_ && path_ == cookie.path_ &&
|
|
|
|
|
name_ == cookie.name_;
|
2008-08-27 16:04:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool Cookie::isExpired() const
|
|
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
return !expiry_ == 0 && Time().getTime() >= expiry_;
|
2008-09-01 15:00:41 +00:00
|
|
|
}
|
|
|
|
|
|
2009-05-22 14:51:57 +00:00
|
|
|
std::string Cookie::toNsCookieFormat() const
|
|
|
|
|
{
|
|
|
|
|
std::stringstream ss;
|
2010-06-21 13:51:56 +00:00
|
|
|
ss << domain_ << "\t";
|
|
|
|
|
if(util::startsWith(domain_, A2STR::DOT_C)) {
|
2009-05-22 14:51:57 +00:00
|
|
|
ss << "TRUE";
|
|
|
|
|
} else {
|
|
|
|
|
ss << "FALSE";
|
|
|
|
|
}
|
|
|
|
|
ss << "\t";
|
2010-06-21 13:51:56 +00:00
|
|
|
ss << path_ << "\t";
|
|
|
|
|
if(secure_) {
|
2009-05-22 14:51:57 +00:00
|
|
|
ss << "TRUE";
|
|
|
|
|
} else {
|
|
|
|
|
ss << "FALSE";
|
|
|
|
|
}
|
|
|
|
|
ss << "\t";
|
2010-06-21 13:51:56 +00:00
|
|
|
ss << expiry_ << "\t";
|
|
|
|
|
ss << name_ << "\t";
|
|
|
|
|
ss << value_;
|
2009-05-22 14:51:57 +00:00
|
|
|
return ss.str();
|
|
|
|
|
}
|
|
|
|
|
|
2010-01-28 14:01:50 +00:00
|
|
|
void Cookie::markOriginServerOnly()
|
|
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
if(util::startsWith(domain_, A2STR::DOT_C)) {
|
|
|
|
|
domain_.erase(domain_.begin(), domain_.begin()+1);
|
2010-01-28 14:01:50 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void Cookie::updateLastAccess()
|
|
|
|
|
{
|
2010-06-21 13:51:56 +00:00
|
|
|
lastAccess_ = time(0);
|
2010-01-28 14:01:50 +00:00
|
|
|
}
|
|
|
|
|
|
2008-02-08 15:53:45 +00:00
|
|
|
} // namespace aria2
|
