Exemplo n.º 1
0
        /// <summary>Set 'effective host name' as defined in RFC 2965.</summary>
        /// <remarks>
        /// Set 'effective host name' as defined in RFC 2965.
        /// <p>
        /// If a host name contains no dots, the effective host name is
        /// that name with the string .local appended to it.  Otherwise
        /// the effective host name is the same as the host name.  Note
        /// that all effective host names contain at least one dot.
        /// </remarks>
        /// <param name="origin">origin where cookie is received from or being sent to.</param>
        private static CookieOrigin AdjustEffectiveHost(CookieOrigin origin)
        {
            string host = origin.GetHost();
            // Test if the host name appears to be a fully qualified DNS name,
            // IPv4 address or IPv6 address
            bool isLocalHost = true;

            for (int i = 0; i < host.Length; i++)
            {
                char ch = host[i];
                if (ch == '.' || ch == ':')
                {
                    isLocalHost = false;
                    break;
                }
            }
            if (isLocalHost)
            {
                host += ".local";
                return(new CookieOrigin(host, origin.GetPort(), origin.GetPath(), origin.IsSecure
                                            ()));
            }
            else
            {
                return(origin);
            }
        }
Exemplo n.º 2
0
        /// <exception cref="Apache.Http.Cookie.MalformedCookieException"></exception>
        public override void Validate(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin
                                      )
        {
            base.Validate(cookie, origin);
            // Perform Netscape Cookie draft specific validation
            string host   = origin.GetHost();
            string domain = cookie.GetDomain();

            if (host.Contains("."))
            {
                int domainParts = new StringTokenizer(domain, ".").CountTokens();
                if (IsSpecialDomain(domain))
                {
                    if (domainParts < 2)
                    {
                        throw new CookieRestrictionViolationException("Domain attribute \"" + domain + "\" violates the Netscape cookie specification for "
                                                                      + "special domains");
                    }
                }
                else
                {
                    if (domainParts < 3)
                    {
                        throw new CookieRestrictionViolationException("Domain attribute \"" + domain + "\" violates the Netscape cookie specification"
                                                                      );
                    }
                }
            }
        }
Exemplo n.º 3
0
        public virtual bool Match(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin)
        {
            Args.NotNull(cookie, "Cookie");
            Args.NotNull(origin, "Cookie origin");
            string host   = origin.GetHost();
            string domain = cookie.GetDomain();

            if (domain == null)
            {
                return(false);
            }
            return(host.Equals(domain) || (domain.StartsWith(".") && host.EndsWith(domain)));
        }
Exemplo n.º 4
0
        public override bool Match(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin)
        {
            Args.NotNull(cookie, "Cookie");
            Args.NotNull(origin, "Cookie origin");
            string host   = origin.GetHost();
            string domain = cookie.GetDomain();

            if (domain == null)
            {
                return(false);
            }
            return(host.EndsWith(domain));
        }
Exemplo n.º 5
0
        /// <exception cref="Apache.Http.Cookie.MalformedCookieException"></exception>
        public virtual void Validate(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin
                                     )
        {
            Args.NotNull(cookie, "Cookie");
            Args.NotNull(origin, "Cookie origin");
            string host   = origin.GetHost();
            string domain = cookie.GetDomain();

            if (domain == null)
            {
                throw new CookieRestrictionViolationException("Cookie domain may not be null");
            }
            if (!domain.Equals(host))
            {
                int dotIndex = domain.IndexOf('.');
                if (dotIndex == -1)
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + domain + "\" does not match the host \""
                                                                  + host + "\"");
                }
                // domain must start with dot
                if (!domain.StartsWith("."))
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + domain + "\" violates RFC 2109: domain must start with a dot"
                                                                  );
                }
                // domain must have at least one embedded dot
                dotIndex = domain.IndexOf('.', 1);
                if (dotIndex < 0 || dotIndex == domain.Length - 1)
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + domain + "\" violates RFC 2109: domain must contain an embedded dot"
                                                                  );
                }
                host = host.ToLower(Sharpen.Extensions.GetEnglishCulture());
                if (!host.EndsWith(domain))
                {
                    throw new CookieRestrictionViolationException("Illegal domain attribute \"" + domain
                                                                  + "\". Domain of origin: \"" + host + "\"");
                }
                // host minus domain may not contain any dots
                string hostWithoutDomain = Sharpen.Runtime.Substring(host, 0, host.Length - domain
                                                                     .Length);
                if (hostWithoutDomain.IndexOf('.') != -1)
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + domain + "\" violates RFC 2109: host minus domain may not contain any dots"
                                                                  );
                }
            }
        }
        /// <exception cref="Apache.Http.Cookie.MalformedCookieException"></exception>
        public virtual void Validate(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin
                                     )
        {
            Args.NotNull(cookie, "Cookie");
            Args.NotNull(origin, "Cookie origin");
            // Validate the cookies domain attribute.  NOTE:  Domains without
            // any dots are allowed to support hosts on private LANs that don't
            // have DNS names.  Since they have no dots, to domain-match the
            // request-host and domain must be identical for the cookie to sent
            // back to the origin-server.
            string host   = origin.GetHost();
            string domain = cookie.GetDomain();

            if (domain == null)
            {
                throw new CookieRestrictionViolationException("Cookie domain may not be null");
            }
            if (host.Contains("."))
            {
                // Not required to have at least two dots.  RFC 2965.
                // A Set-Cookie2 with Domain=ajax.com will be accepted.
                // domain must match host
                if (!host.EndsWith(domain))
                {
                    if (domain.StartsWith("."))
                    {
                        domain = Sharpen.Runtime.Substring(domain, 1, domain.Length);
                    }
                    if (!host.Equals(domain))
                    {
                        throw new CookieRestrictionViolationException("Illegal domain attribute \"" + domain
                                                                      + "\". Domain of origin: \"" + host + "\"");
                    }
                }
            }
            else
            {
                if (!host.Equals(domain))
                {
                    throw new CookieRestrictionViolationException("Illegal domain attribute \"" + domain
                                                                  + "\". Domain of origin: \"" + host + "\"");
                }
            }
        }
Exemplo n.º 7
0
        /// <summary>Match cookie domain attribute.</summary>
        /// <remarks>Match cookie domain attribute.</remarks>
        public virtual bool Match(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin)
        {
            Args.NotNull(cookie, "Cookie");
            Args.NotNull(origin, "Cookie origin");
            string host         = origin.GetHost().ToLower(Sharpen.Extensions.GetEnglishCulture());
            string cookieDomain = cookie.GetDomain();

            // The effective host name MUST domain-match the Domain
            // attribute of the cookie.
            if (!DomainMatch(host, cookieDomain))
            {
                return(false);
            }
            // effective host name minus domain must not contain any dots
            string effectiveHostWithoutDomain = Sharpen.Runtime.Substring(host, 0, host.Length
                                                                          - cookieDomain.Length);

            return(effectiveHostWithoutDomain.IndexOf('.') == -1);
        }
        public virtual bool Match(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin)
        {
            Args.NotNull(cookie, "Cookie");
            Args.NotNull(origin, "Cookie origin");
            string host   = origin.GetHost();
            string domain = cookie.GetDomain();

            if (domain == null)
            {
                return(false);
            }
            if (host.Equals(domain))
            {
                return(true);
            }
            if (!domain.StartsWith("."))
            {
                domain = '.' + domain;
            }
            return(host.EndsWith(domain) || host.Equals(Sharpen.Runtime.Substring(domain, 1)));
        }
Exemplo n.º 9
0
 protected internal static string GetDefaultDomain(CookieOrigin origin)
 {
     return(origin.GetHost());
 }
Exemplo n.º 10
0
        /// <summary>Validate cookie domain attribute.</summary>
        /// <remarks>Validate cookie domain attribute.</remarks>
        /// <exception cref="Apache.Http.Cookie.MalformedCookieException"></exception>
        public virtual void Validate(Apache.Http.Cookie.Cookie cookie, CookieOrigin origin
                                     )
        {
            Args.NotNull(cookie, "Cookie");
            Args.NotNull(origin, "Cookie origin");
            string host = origin.GetHost().ToLower(Sharpen.Extensions.GetEnglishCulture());

            if (cookie.GetDomain() == null)
            {
                throw new CookieRestrictionViolationException("Invalid cookie state: " + "domain not specified"
                                                              );
            }
            string cookieDomain = cookie.GetDomain().ToLower(Sharpen.Extensions.GetEnglishCulture()
                                                             );

            if (cookie is ClientCookie && ((ClientCookie)cookie).ContainsAttribute(ClientCookie
                                                                                   .DomainAttr))
            {
                // Domain attribute must start with a dot
                if (!cookieDomain.StartsWith("."))
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + cookie.GetDomain
                                                                      () + "\" violates RFC 2109: domain must start with a dot");
                }
                // Domain attribute must contain at least one embedded dot,
                // or the value must be equal to .local.
                int dotIndex = cookieDomain.IndexOf('.', 1);
                if (((dotIndex < 0) || (dotIndex == cookieDomain.Length - 1)) && (!cookieDomain.Equals
                                                                                      (".local")))
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + cookie.GetDomain
                                                                      () + "\" violates RFC 2965: the value contains no embedded dots " + "and the value is not .local"
                                                                  );
                }
                // The effective host name must domain-match domain attribute.
                if (!DomainMatch(host, cookieDomain))
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + cookie.GetDomain
                                                                      () + "\" violates RFC 2965: effective host name does not " + "domain-match domain attribute."
                                                                  );
                }
                // effective host name minus domain must not contain any dots
                string effectiveHostWithoutDomain = Sharpen.Runtime.Substring(host, 0, host.Length
                                                                              - cookieDomain.Length);
                if (effectiveHostWithoutDomain.IndexOf('.') != -1)
                {
                    throw new CookieRestrictionViolationException("Domain attribute \"" + cookie.GetDomain
                                                                      () + "\" violates RFC 2965: " + "effective host minus domain may not contain any dots"
                                                                  );
                }
            }
            else
            {
                // Domain was not specified in header. In this case, domain must
                // string match request host (case-insensitive).
                if (!cookie.GetDomain().Equals(host))
                {
                    throw new CookieRestrictionViolationException("Illegal domain attribute: \"" + cookie
                                                                  .GetDomain() + "\"." + "Domain of origin: \"" + host + "\"");
                }
            }
        }