1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
|
/*
* Copyright (C) 2006 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.webkit;
import android.net.ParseException;
import android.net.WebAddress;
import android.net.http.AndroidHttpClient;
import android.os.AsyncTask;
import android.util.Log;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.SortedSet;
import java.util.TreeSet;
/**
* Manages the cookies used by an application's {@link WebView} instances.
* Cookies are manipulated according to RFC2109.
*/
public final class CookieManager {
private static CookieManager sRef;
private static final String LOGTAG = "webkit";
private static final String DOMAIN = "domain";
private static final String PATH = "path";
private static final String EXPIRES = "expires";
private static final String SECURE = "secure";
private static final String MAX_AGE = "max-age";
private static final String HTTP_ONLY = "httponly";
private static final String HTTPS = "https";
private static final char PERIOD = '.';
private static final char COMMA = ',';
private static final char SEMICOLON = ';';
private static final char EQUAL = '=';
private static final char PATH_DELIM = '/';
private static final char QUESTION_MARK = '?';
private static final char WHITE_SPACE = ' ';
private static final char QUOTATION = '\"';
private static final int SECURE_LENGTH = SECURE.length();
private static final int HTTP_ONLY_LENGTH = HTTP_ONLY.length();
// RFC2109 defines 4k as maximum size of a cookie
private static final int MAX_COOKIE_LENGTH = 4 * 1024;
// RFC2109 defines 20 as max cookie count per domain. As we track with base
// domain, we allow 50 per base domain
private static final int MAX_COOKIE_COUNT_PER_BASE_DOMAIN = 50;
// RFC2109 defines 300 as max count of domains. As we track with base
// domain, we set 200 as max base domain count
private static final int MAX_DOMAIN_COUNT = 200;
// max cookie count to limit RAM cookie takes less than 100k, it is based on
// average cookie entry size is less than 100 bytes
private static final int MAX_RAM_COOKIES_COUNT = 1000;
// max domain count to limit RAM cookie takes less than 100k,
private static final int MAX_RAM_DOMAIN_COUNT = 15;
private int mPendingCookieOperations = 0;
/**
* This contains a list of 2nd-level domains that aren't allowed to have
* wildcards when combined with country-codes. For example: [.co.uk].
*/
private final static String[] BAD_COUNTRY_2LDS =
{ "ac", "co", "com", "ed", "edu", "go", "gouv", "gov", "info",
"lg", "ne", "net", "or", "org" };
static {
Arrays.sort(BAD_COUNTRY_2LDS);
}
/**
* Package level class to be accessed by cookie sync manager
*/
static class Cookie {
static final byte MODE_NEW = 0;
static final byte MODE_NORMAL = 1;
static final byte MODE_DELETED = 2;
static final byte MODE_REPLACED = 3;
String domain;
String path;
String name;
String value;
long expires;
long lastAcessTime;
long lastUpdateTime;
boolean secure;
byte mode;
Cookie() {
}
Cookie(String defaultDomain, String defaultPath) {
domain = defaultDomain;
path = defaultPath;
expires = -1;
}
boolean exactMatch(Cookie in) {
// An exact match means that domain, path, and name are equal. If
// both values are null, the cookies match. If both values are
// non-null, the cookies match. If one value is null and the other
// is non-null, the cookies do not match (i.e. "foo=;" and "foo;")
boolean valuesMatch = !((value == null) ^ (in.value == null));
return domain.equals(in.domain) && path.equals(in.path) &&
name.equals(in.name) && valuesMatch;
}
boolean domainMatch(String urlHost) {
if (domain.startsWith(".")) {
if (urlHost.endsWith(domain.substring(1))) {
int len = domain.length();
int urlLen = urlHost.length();
if (urlLen > len - 1) {
// make sure bar.com doesn't match .ar.com
return urlHost.charAt(urlLen - len) == PERIOD;
}
return true;
}
return false;
} else {
// exact match if domain is not leading w/ dot
return urlHost.equals(domain);
}
}
boolean pathMatch(String urlPath) {
if (urlPath.startsWith(path)) {
int len = path.length();
if (len == 0) {
Log.w(LOGTAG, "Empty cookie path");
return false;
}
int urlLen = urlPath.length();
if (path.charAt(len-1) != PATH_DELIM && urlLen > len) {
// make sure /wee doesn't match /we
return urlPath.charAt(len) == PATH_DELIM;
}
return true;
}
return false;
}
public String toString() {
return "domain: " + domain + "; path: " + path + "; name: " + name
+ "; value: " + value;
}
}
private static final CookieComparator COMPARATOR = new CookieComparator();
private static final class CookieComparator implements Comparator<Cookie> {
public int compare(Cookie cookie1, Cookie cookie2) {
// According to RFC 2109, multiple cookies are ordered in a way such
// that those with more specific Path attributes precede those with
// less specific. Ordering with respect to other attributes (e.g.,
// Domain) is unspecified.
// As Set is not modified if the two objects are same, we do want to
// assign different value for each cookie.
int diff = cookie2.path.length() - cookie1.path.length();
if (diff != 0) return diff;
diff = cookie2.domain.length() - cookie1.domain.length();
if (diff != 0) return diff;
// If cookie2 has a null value, it should come later in
// the list.
if (cookie2.value == null) {
// If both cookies have null values, fall back to using the name
// difference.
if (cookie1.value != null) {
return -1;
}
} else if (cookie1.value == null) {
// Now we know that cookie2 does not have a null value, if
// cookie1 has a null value, place it later in the list.
return 1;
}
// Fallback to comparing the name to ensure consistent order.
return cookie1.name.compareTo(cookie2.name);
}
}
private CookieManager() {
}
protected Object clone() throws CloneNotSupportedException {
throw new CloneNotSupportedException("doesn't implement Cloneable");
}
/**
* Gets the singleton CookieManager instance. If this method is used
* before the application instantiates a {@link WebView} instance,
* {@link CookieSyncManager#createInstance(Context)} must be called
* first.
*
* @return The singleton CookieManager instance
*/
public static synchronized CookieManager getInstance() {
if (sRef == null) {
sRef = new CookieManager();
}
return sRef;
}
/**
* Sets whether the application's {@link WebView} instances should send and
* accept cookies.
* @param accept Whether {@link WebView} instances should send and accept
* cookies
*/
public synchronized void setAcceptCookie(boolean accept) {
nativeSetAcceptCookie(accept);
}
/**
* Gets whether the application's {@link WebView} instances send and accept
* cookies.
* @return True if {@link WebView} instances send and accept cookies
*/
public synchronized boolean acceptCookie() {
return nativeAcceptCookie();
}
/**
* Sets a cookie for the given URL. Any existing cookie with the same host,
* path and name will be replaced with the new cookie. The cookie being set
* must not have expired and must not be a session cookie, otherwise it
* will be ignored.
* @param url The URL for which the cookie is set
* @param value The cookie as a string, using the format of the
* 'Set-Cookie' HTTP response header
*/
public void setCookie(String url, String value) {
setCookie(url, value, false);
}
/**
* See {@link setCookie(String, String)}
* @param url The URL for which the cookie is set
* @param value The value of the cookie, as a string, using the format of
* the 'Set-Cookie' HTTP response header
* @param privateBrowsing Whether to use the private browsing cookie jar
*/
void setCookie(String url, String value, boolean privateBrowsing) {
WebAddress uri;
try {
uri = new WebAddress(url);
} catch (ParseException ex) {
Log.e(LOGTAG, "Bad address: " + url);
return;
}
nativeSetCookie(uri.toString(), value, privateBrowsing);
}
/**
* Gets the cookies for the given URL.
* @param url The URL for which the cookies are requested
* @return value The cookies as a string, using the format of the 'Cookie'
* HTTP request header
*/
public String getCookie(String url) {
return getCookie(url, false);
}
/**
* See {@link getCookie(String)}
* @param url The URL for which the cookies are requested
* @param privateBrowsing Whether to use the private browsing cookie jar
* @return value The cookies as a string, using the format of the 'Cookie'
* HTTP request header
* @hide Used by Browser, no intention to publish.
*/
public String getCookie(String url, boolean privateBrowsing) {
WebAddress uri;
try {
uri = new WebAddress(url);
} catch (ParseException ex) {
Log.e(LOGTAG, "Bad address: " + url);
return null;
}
return nativeGetCookie(uri.toString(), privateBrowsing);
}
/**
* Get cookie(s) for a given uri so that it can be set to "cookie:" in http
* request header.
* @param uri The WebAddress for which the cookies are requested
* @return value The cookies as a string, using the format of the 'Cookie'
* HTTP request header
* @hide Used by RequestHandle, no intention to publish.
*/
public synchronized String getCookie(WebAddress uri) {
return nativeGetCookie(uri.toString(), false);
}
/**
* Waits for pending operations to completed.
*/
void waitForCookieOperationsToComplete() {
// Note that this function is applicable for both the java
// and native http stacks, and works correctly with either.
synchronized (this) {
while (mPendingCookieOperations > 0) {
try {
wait();
} catch (InterruptedException e) { }
}
}
}
private synchronized void signalCookieOperationsComplete() {
mPendingCookieOperations--;
assert mPendingCookieOperations > -1;
notify();
}
private synchronized void signalCookieOperationsStart() {
mPendingCookieOperations++;
}
/**
* Removes all session cookies, which are cookies without an expiration
* date.
*/
public void removeSessionCookie() {
signalCookieOperationsStart();
new AsyncTask<Void, Void, Void>() {
protected Void doInBackground(Void... none) {
nativeRemoveSessionCookie();
signalCookieOperationsComplete();
return null;
}
}.execute();
}
/**
* Removes all cookies.
*/
public void removeAllCookie() {
nativeRemoveAllCookie();
}
/**
* Gets whether there are stored cookies.
* @return True if there are stored cookies.
*/
public synchronized boolean hasCookies() {
return hasCookies(false);
}
/**
* See {@link hasCookies()}.
* @param privateBrowsing Whether to use the private browsing cookie jar
* @hide Used by Browser, no intention to publish.
*/
public synchronized boolean hasCookies(boolean privateBrowsing) {
return nativeHasCookies(privateBrowsing);
}
/**
* Removes all expired cookies.
*/
public void removeExpiredCookie() {
nativeRemoveExpiredCookie();
}
/**
* Package level api, called from CookieSyncManager
*
* Flush all cookies managed by the Chrome HTTP stack to flash.
*/
void flushCookieStore() {
nativeFlushCookieStore();
}
/**
* Gets whether the application's {@link WebView} instances send and accept
* cookies for file scheme URLs.
* @return True if {@link WebView} instances send and accept cookies for
* file scheme URLs
*/
public static boolean allowFileSchemeCookies() {
return nativeAcceptFileSchemeCookies();
}
/**
* Sets whether the application's {@link WebView} instances should send and
* accept cookies for file scheme URLs.
* Use of cookies with file scheme URLs is potentially insecure. Do not use
* this feature unless you can be sure that no unintentional sharing of
* cookie data can take place.
* <p>
* Note that calls to this method will have no effect if made after a
* {@link WebView} or CookieManager instance has been created.
*/
public static void setAcceptFileSchemeCookies(boolean accept) {
nativeSetAcceptFileSchemeCookies(accept);
}
// Native functions
private static native boolean nativeAcceptCookie();
private static native String nativeGetCookie(String url, boolean privateBrowsing);
private static native boolean nativeHasCookies(boolean privateBrowsing);
private static native void nativeRemoveAllCookie();
private static native void nativeRemoveExpiredCookie();
private static native void nativeRemoveSessionCookie();
private static native void nativeSetAcceptCookie(boolean accept);
private static native void nativeSetCookie(String url, String value, boolean privateBrowsing);
private static native void nativeFlushCookieStore();
private static native boolean nativeAcceptFileSchemeCookies();
private static native void nativeSetAcceptFileSchemeCookies(boolean accept);
}
|
