hazendaz / httpunit / 755

Committed 14 Feb 2026 07:14PM UTC coverage: 80.526%. Remained the same

Build # 755

Build Type

push

github

Committed by

hazendaz

Commit Message

[ci] Fix badge

Run Details

3213 of 4105 branches covered (78.27%)

Branch coverage included in aggregate %.

8245 of 10124 relevant lines covered (81.44%)

0.81 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.49

/src/main/java/com/meterware/httpunit/cookies/CookieJar.java

/*
 * SPDX-License-Identifier: MIT
 * See LICENSE file for details.
 *
 * Copyright 2000-2026 Russell Gold
 * Copyright 2021-2000 hazendaz
 */
package com.meterware.httpunit.cookies;

import java.io.IOException;
import java.io.StreamTokenizer;
import java.io.StringReader;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;

/**
 * A collection of HTTP cookies, which can interact with cookie and set-cookie header values.
 **/
public class CookieJar {

    /** The Constant DEFAULT_HEADER_SIZE. */
    private static final int DEFAULT_HEADER_SIZE = 80;

    /** The cookies. */
    private ArrayList _cookies = new ArrayList<>();

    /** The global cookies. */
    private ArrayList _globalCookies = new ArrayList<>();

    /** The press. */
    private CookiePress _press;

    /**
     * Creates an empty cookie jar.
     */
    public CookieJar() {
        _press = new CookiePress(null);
    }

    /**
     * Creates a cookie jar which is initially populated with cookies parsed from the <code>Set-Cookie</code> and
     * <code>Set-Cookie2</code> header fields.
     * <p>
     * Note that the parsing does not strictly follow the specifications, but attempts to imitate the behavior of
     * popular browsers. Specifically, it allows cookie values to contain commas, which the Netscape standard does not
     * allow for, but which is required by some servers.
     * </p>
     *
     * @param source
     *            the source
     */
    public CookieJar(CookieSource source) {
        _press = new CookiePress(source.getURL());
        findCookies(source.getHeaderFields("Set-Cookie"), new RFC2109CookieRecipe());
        findCookies(source.getHeaderFields("Set-Cookie2"), new RFC2965CookieRecipe());
    }

    /**
     * find the cookies in the given Header String array.
     *
     * @param cookieHeader
     *            - the strings to look for cookies
     * @param recipe
     *            - the recipe to use
     */
    private void findCookies(String cookieHeader[], CookieRecipe recipe) {
        for (String element : cookieHeader) {
            recipe.findCookies(element);
        }
    }

    /**
     * Empties this cookie jar of all contents.
     */
    public void clear() {
        _cookies.clear();
        _globalCookies.clear();
    }

    /**
     * Defines a cookie to be sent to the server on every request. This bypasses the normal mechanism by which only
     * certain cookies are sent based on their host and path.
     *
     * @param name
     *            the name
     * @param value
     *            the value
     *
     * @deprecated as of 1.6, use #putCookie
     */
    @Deprecated
    public void addCookie(String name, String value) {
        _globalCookies.add(new Cookie(name, value));
    }

    /**
     * Defines a cookie to be sent to the server on every request. This bypasses the normal mechanism by which only
     * certain cookies are sent based on their host and path. Values of null will result in the cookie being removed.
     * Any other value will leave the cookie unchanged expect for the value.
     *
     * @param name
     *            the name
     * @param value
     *            the value
     */
    public void putCookie(String name, String value) {
        boolean foundCookie = false;
        for (Iterator iterator = _globalCookies.iterator(); iterator.hasNext();) {
            Cookie cookie = (Cookie) iterator.next();
            if (name.equals(cookie.getName())) {
                foundCookie = true;
                if (value != null) {
                    cookie.setValue(value);
                } else {
                    iterator.remove();
                }
            }
        }

        for (Iterator iterator = _cookies.iterator(); iterator.hasNext();) {
            Cookie cookie = (Cookie) iterator.next();
            if (name.equals(cookie.getName())) {
                foundCookie = true;
                if (value != null) {
                    cookie.setValue(value);
                } else {
                    iterator.remove();
                }
            }
        }

        // only add it if it does not already exist
        if (!foundCookie) {
            _globalCookies.add(new Cookie(name, value));
        }
    }

    /**
     * Define a non-global cookie. This cookie can be overwritten by subsequent cookie definitions in http headers. This
     * cookie definition requires a domain and path. If a global cookie is defined with the same name, this cookie is
     * not added.
     *
     * @param name
     *            the name
     * @param value
     *            the value
     * @param domain
     *            the domain
     * @param path
     *            the path
     */
    public void putSingleUseCookie(String name, String value, String domain, String path) {
        for (Iterator iterator = _globalCookies.iterator(); iterator.hasNext();) {
            Cookie cookie = (Cookie) iterator.next();
            if (name.equals(cookie.getName())) {
                return;
            }
        }

        for (Iterator iterator = _cookies.iterator(); iterator.hasNext();) {
            Cookie cookie = (Cookie) iterator.next();
            if (name.equals(cookie.getName())) {
                iterator.remove();
            }
        }

        _cookies.add(new Cookie(name, value, domain, path));
    }

    /**
     * Returns the name of all the active cookies in this cookie jar.
     *
     * @return the cookie names
     */
    public String[] getCookieNames() {
        final int numGlobalCookies = _globalCookies.size();
        String[] names = new String[_cookies.size() + numGlobalCookies];
        for (int i = 0; i < numGlobalCookies; i++) {
            names[i] = ((Cookie) _globalCookies.get(i)).getName();
        }
        for (int i = numGlobalCookies; i < names.length; i++) {
            names[i] = ((Cookie) _cookies.get(i - numGlobalCookies)).getName();
        }
        return names;
    }

    /**
     * Returns a collection containing all of the cookies in this jar.
     *
     * @return the cookies
     */
    public Collection getCookies() {
        final Collection collection = (Collection) _cookies.clone();
        collection.addAll(_globalCookies);
        return collection;
    }

    /**
     * Returns the value of the specified cookie.
     *
     * @param name
     *            - the name of the cookie to get the value for
     *
     * @return the value of the cookie
     **/
    public String getCookieValue(String name) {
        Cookie cookie = getCookie(name);
        return cookie == null ? null : cookie.getValue();
    }

    /**
     * Returns the value of the specified cookie.
     *
     * @param name
     *            the name
     *
     * @return the cookie
     */
    public Cookie getCookie(String name) {
        if (name == null) {
            throw new IllegalArgumentException("getCookieValue: no name specified");
        }
        for (Iterator iterator = _cookies.iterator(); iterator.hasNext();) {
            Cookie cookie = (Cookie) iterator.next();
            if (name.equals(cookie.getName())) {
                return cookie;
            }
        }
        for (Iterator iterator = _globalCookies.iterator(); iterator.hasNext();) {
            Cookie cookie = (Cookie) iterator.next();
            if (name.equals(cookie.getName())) {
                return cookie;
            }
        }
        return null;
    }

    /**
     * Returns the value of the cookie header to be sent to the specified URL. Will return null if no compatible cookie
     * is defined.
     *
     * @param targetURL
     *            the target URL
     *
     * @return the cookie header field
     */
    public String getCookieHeaderField(URL targetURL) {
        if (_cookies.isEmpty() && _globalCookies.isEmpty()) {
            return null;
        }
        StringBuilder sb = new StringBuilder(DEFAULT_HEADER_SIZE);
        HashSet restrictedCookies = new HashSet<>();
        for (Iterator i = _cookies.iterator(); i.hasNext();) {
            Cookie cookie = (Cookie) i.next();
            if (!cookie.mayBeSentTo(targetURL)) {
                continue;
            }
            restrictedCookies.add(cookie.getName());
            if (sb.length() != 0) {
                sb.append("; ");
            }
            sb.append(cookie.getName()).append('=').append(cookie.getValue());
        }
        for (Iterator i = _globalCookies.iterator(); i.hasNext();) {
            Cookie cookie = (Cookie) i.next();
            if (restrictedCookies.contains(cookie.getName())) {
                continue;
            }
            if (sb.length() != 0) {
                sb.append("; ");
            }
            sb.append(cookie.getName()).append('=').append(cookie.getValue());
        }
        return sb.length() == 0 ? null : sb.toString();
    }

    /**
     * Updates the cookies maintained in this cookie jar with those in another cookie jar. Any duplicate cookies in the
     * new jar will replace those in this jar.
     *
     * @param newJar
     *            the new jar
     */
    public void updateCookies(CookieJar newJar) {
        for (Iterator i = newJar._cookies.iterator(); i.hasNext();) {
            addUniqueCookie((Cookie) i.next());
        }
    }

    /**
     * Add the cookie to this jar, replacing any previous matching cookie.
     *
     * @param cookie
     *            the cookie
     */
    void addUniqueCookie(Cookie cookie) {
        _cookies.remove(cookie);
        for (Iterator i = _cookies.iterator(); i.hasNext();) {
            Cookie c = (Cookie) i.next();
            if (c.getName().equals(cookie.getName()) && compareDomain(c.getDomain(), cookie.getDomain())) {
                if (c.getPath() != null && cookie.getPath() != null && c.getPath().equals(cookie.getPath())) {
                    i.remove();
                }
            }
        }
        _cookies.add(cookie);
    }

    /**
     * compare the two domains given for "cookie-equality".
     *
     * @param domain
     *            the domain
     * @param newDomain
     *            the new domain
     *
     * @return true, if successful
     */
    private boolean compareDomain(String domain, String newDomain) {
        if (domain.charAt(0) == '.' && newDomain.endsWith(domain)
                || newDomain.charAt(0) == '.' && domain.endsWith(newDomain)) {
            return true;
        }

        return domain.equals(newDomain);
    }

    /**
     * base class for the cookie recipies - there are two different implementations of this.
     */
    abstract class CookieRecipe {

        /**
         * Extracts cookies from a cookie header. Works in conjunction with a cookie press class, which actually creates
         * the cookies and adds them to the jar as appropriate. 1. Parse the header into tokens, separated by ',' and
         * ';' (respecting single and double quotes) 2. Process tokens from the end: a. if the token contains an '=' we
         * have a name/value pair. Add them to the cookie press, which will decide if it is a cookie name or an
         * attribute name. b. if the token is a reserved word, flush the cookie press and continue. c. otherwise, add
         * the token to the cookie press, passing along the last character of the previous token.
         *
         * @param cookieHeader
         *            the cookie header
         */
        void findCookies(String cookieHeader) {
            List tokens = getCookieTokens(cookieHeader);

            for (int i = tokens.size() - 1; i >= 0; i--) {
                String token = (String) tokens.get(i);

                int equalsIndex = getEqualsIndex(token);
                if (equalsIndex != -1) {
                    _press.addTokenWithEqualsSign(this, token, equalsIndex);
                } else if (isCookieReservedWord(token)) {
                    _press.clear();
                } else {
                    _press.addToken(token, lastCharOf(i == 0 ? "" : (String) tokens.get(i - 1)));
                }
            }
        }

        /**
         * Last char of.
         *
         * @param string
         *            the string
         *
         * @return the char
         */
        private char lastCharOf(String string) {
            return string.isEmpty() ? ' ' : string.charAt(string.length() - 1);
        }

        /**
         * Returns the index (if any) of the equals sign separating a cookie name from the its value. Equals signs at
         * the end of the token are ignored in this calculation, since they may be part of a Base64-encoded value.
         *
         * @param token
         *            the token
         *
         * @return the equals index
         */
        private int getEqualsIndex(String token) {
            if (!token.endsWith("==")) {
                return token.indexOf('=');
            }
            return getEqualsIndex(token.substring(0, token.length() - 2));
        }

        /**
         * Tokenizes a cookie header and returns the tokens in a <code>List</code>. handles the broken syntax for
         * expires= fields ...
         *
         * @param cookieHeader
         *            - the header to read
         *
         * @return a List of cookieTokens as name=value pairs
         **/
        private List getCookieTokens(String cookieHeader) {
            StringReader sr = new StringReader(cookieHeader);
            StreamTokenizer st = new StreamTokenizer(sr);
            List tokens = new ArrayList<>();

            // clear syntax tables of the StreamTokenizer
            st.resetSyntax();

            // set all characters as word characters
            st.wordChars(0, Character.MAX_VALUE);

            // set up characters for quoting
            st.quoteChar('"'); // double quotes
            st.quoteChar('\''); // single quotes

            // set up characters to separate tokens
            st.whitespaceChars(59, 59); // semicolon
            // and here we run into trouble ...
            // see http://www.mnot.net/blog/2006/10/27/cookie_fun
            // ... Notice something about the above? It uses a comma inside of
            // the date,
            // without quoting the value. This makes it difficult for generic
            // processors to handle the Set-Cookie header.
            st.whitespaceChars(44, 44); // comma

            try {
                while (st.nextToken() != StreamTokenizer.TT_EOF) {
                    String tokenContent = st.sval;
                    // fix expires comma delimiter token problem
                    if (tokenContent.toLowerCase(Locale.ENGLISH).startsWith("expires=")
                            && st.nextToken() != StreamTokenizer.TT_EOF) {
                        tokenContent += "," + st.sval;
                    } // if // if
                    tokenContent = tokenContent.trim();
                    tokens.add(tokenContent);
                }
            } catch (IOException ioe) {
                // this will never happen with a StringReader
            }
            sr.close();
            return tokens;
        }

        /**
         * Checks if is cookie attribute.
         *
         * @param stringLowercase
         *            the string lowercase
         *
         * @return true, if is cookie attribute
         */
        abstract protected boolean isCookieAttribute(String stringLowercase);

        /**
         * Checks if is cookie reserved word.
         *
         * @param token
         *            the token
         *
         * @return true, if is cookie reserved word
         */
        abstract protected boolean isCookieReservedWord(String token);

    }

    /**
     * cookie Factory - creates cookies for URL s.
     */
    class CookiePress {

        /** The value. */
        // the current value
        private StringBuilder _value = new StringBuilder();

        /** The attributes. */
        private HashMap _attributes = new HashMap<>();

        /** The source URL. */
        private URL _sourceURL;

        /**
         * create a cookie press for the given URL.
         *
         * @param sourceURL
         *            the source URL
         */
        public CookiePress(URL sourceURL) {
            _sourceURL = sourceURL;
        }

        /**
         * clear the attributes and the cookie value.
         */
        void clear() {
            _value.setLength(0);
            _attributes.clear();
        }

        /**
         * add the token content.
         *
         * @param token
         *            the token
         * @param lastChar
         *            the last char
         */
        void addToken(String token, char lastChar) {
            _value.insert(0, token);
            if (lastChar != '=') {
                _value.insert(0, ',');
            }
        }

        /**
         * add from a token.
         *
         * @param recipe
         *            - the recipe to use
         * @param token
         *            - the token to use
         * @param equalsIndex
         *            - the position of the equal sign
         */
        void addTokenWithEqualsSign(CookieRecipe recipe, String token, int equalsIndex) {
            final String name = token.substring(0, equalsIndex).trim();
            final String value = token.substring(equalsIndex + 1).trim();
            _value.insert(0, value);
            final String fvalue = _value.toString();
            if (recipe.isCookieAttribute(name.toLowerCase(Locale.ENGLISH))) {
                _attributes.put(name.toLowerCase(Locale.ENGLISH), value);
            } else {
                addCookieIfValid(new Cookie(name, fvalue, _attributes));
                _attributes.clear();
            }
            _value.setLength(0);
        }

        /**
         * add the given cookie if it is valid.
         *
         * @param cookie
         *            the cookie
         */
        private void addCookieIfValid(Cookie cookie) {
            if (acceptCookie(cookie)) {
                addUniqueCookie(cookie);
            }
        }

        /**
         * accept the given cookie.
         *
         * @param cookie
         *            the cookie
         *
         * @return true, if successful
         */
        private boolean acceptCookie(Cookie cookie) {
            if (cookie.getPath() == null) {
                cookie.setPath(getParentPath(_sourceURL.getPath()));
            } else {
                int status = getPathAttributeStatus(cookie.getPath(), _sourceURL.getPath());
                if (status != CookieListener.ACCEPTED) {
                    reportCookieRejected(status, cookie.getPath(), cookie.getName());
                    return false;
                }
            }

            if (cookie.getDomain() == null || !CookieProperties.isDomainMatchingStrict()
                    && cookie.getDomain().equalsIgnoreCase(_sourceURL.getHost())) {
                cookie.setDomain(_sourceURL.getHost());
            } else {
                int status = getDomainAttributeStatus(cookie, _sourceURL.getHost());
                if (status != CookieListener.ACCEPTED) {
                    reportCookieRejected(status, cookie.getDomain(), cookie.getName());
                    return false;
                }
            }

            return true;
        }

        /**
         * Gets the parent path.
         *
         * @param path
         *            the path
         *
         * @return the parent path
         */
        private String getParentPath(String path) {
            int rightmostSlashIndex = path.lastIndexOf('/');
            return rightmostSlashIndex < 0 ? "/" : path.substring(0, rightmostSlashIndex);
        }

        /**
         * Gets the path attribute status.
         *
         * @param pathAttribute
         *            the path attribute
         * @param sourcePath
         *            the source path
         *
         * @return the path attribute status
         */
        private int getPathAttributeStatus(String pathAttribute, String sourcePath) {
            if (!CookieProperties.isPathMatchingStrict() || sourcePath.isEmpty()
                    || sourcePath.startsWith(pathAttribute)) {
                return CookieListener.ACCEPTED;
            }
            return CookieListener.PATH_NOT_PREFIX;
        }

        /**
         * get the domainAttribute Status for the given cookie with the given sourceHost.
         *
         * @param cookie
         *            - the cookie to use
         * @param sourceHost
         *            the source host
         *
         * @return the domain attribute status
         *
         * @see http://wp.netscape.com/newsref/std/cookie_spec.html
         */
        private int getDomainAttributeStatus(Cookie cookie, String sourceHost) {
            String domainAttribute = cookie.getDomain();
            // patch according to [ 1476380 ] Cookies incorrectly rejected
            // despite valid domain
            if (domainAttribute.equals(sourceHost)) {
                return CookieListener.ACCEPTED;
            }
            if (!domainAttribute.startsWith(".")) {
                domainAttribute = '.' + domainAttribute;
            }

            if (domainAttribute.lastIndexOf('.') == 0) {
                return CookieListener.DOMAIN_ONE_DOT;
            }
            if (!sourceHost.endsWith(domainAttribute)) {
                return CookieListener.DOMAIN_NOT_SOURCE_SUFFIX;
            }
            if (CookieProperties.isDomainMatchingStrict()
                    && sourceHost.lastIndexOf(domainAttribute) > sourceHost.indexOf('.')) {
                return CookieListener.DOMAIN_TOO_MANY_LEVELS;
            }
            // modified for Bugreport 2825872 Cookie domains not stored correctly - ID: 2825872
            // http://sourceforge.net/tracker/?func=detail&aid=2825872&group_id=6550&atid=106550
            cookie.setDomain(domainAttribute);
            return CookieListener.ACCEPTED;
        }

        /**
         * Report cookie rejected.
         *
         * @param reason
         *            the reason
         * @param attribute
         *            the attribute
         * @param source
         *            the source
         *
         * @return true, if successful
         */
        private boolean reportCookieRejected(int reason, String attribute, String source) {
            CookieProperties.reportCookieRejected(reason, attribute, source);
            return false;
        }

    }

    /**
     * Parses cookies according to <a href="http://www.ietf.org/rfc/rfc2109.txt">RFC 2109</a> <br />
     * These cookies come from the <code>Set-Cookie:</code> header
     **/
    class RFC2109CookieRecipe extends CookieRecipe {

        /**
         * check whether the given lower case String is a cookie attribute
         *
         * @param stringLowercase
         *            - the string to check
         *
         * @return true - if the string is the name of a valid cookie attribute
         */
        @Override
        protected boolean isCookieAttribute(String stringLowercase) {
            return stringLowercase.equals("path") || stringLowercase.equals("domain")
                    || stringLowercase.equals("expires") || stringLowercase.equals("comment")
                    || stringLowercase.equals("max-age") || stringLowercase.equals("version");
        }

        @Override
        protected boolean isCookieReservedWord(String token) {
            return token.equalsIgnoreCase("secure");
        }
    }

    /**
     * Parses cookies according to <a href="http://www.ietf.org/rfc/rfc2965.txt">RFC 2965</a> <br />
     * These cookies come from the <code>Set-Cookie2:</code> header
     **/
    class RFC2965CookieRecipe extends CookieRecipe {

        @Override
        protected boolean isCookieAttribute(String stringLowercase) {
            return stringLowercase.equals("path") || stringLowercase.equals("domain")
                    || stringLowercase.equals("comment") || stringLowercase.equals("commenturl")
                    || stringLowercase.equals("max-age") || stringLowercase.equals("version")
                    || stringLowercase.equals("$version") || stringLowercase.equals("port");
        }

        @Override
        protected boolean isCookieReservedWord(String token) {
            return token.equalsIgnoreCase("discard") || token.equalsIgnoreCase("secure");
        }
    }

}

hazendaz / httpunit / 755

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous