View Javadoc
1   /*
2    * Copyright (c) 2002-2014, Mairie de Paris
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions
7    * are met:
8    *
9    *  1. Redistributions of source code must retain the above copyright notice
10   *     and the following disclaimer.
11   *
12   *  2. Redistributions in binary form must reproduce the above copyright notice
13   *     and the following disclaimer in the documentation and/or other materials
14   *     provided with the distribution.
15   *
16   *  3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
17   *     contributors may be used to endorse or promote products derived from
18   *     this software without specific prior written permission.
19   *
20   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21   * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22   * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23   * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
24   * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30   * POSSIBILITY OF SUCH DAMAGE.
31   *
32   * License 1.0
33   */
34  package fr.paris.lutece.plugins.verifybackurl.utils;
35  
36  import fr.paris.lutece.portal.service.util.AppPropertiesService;
37  
38  import java.nio.charset.StandardCharsets;
39  import java.util.Base64;
40  import java.util.regex.Matcher;
41  import java.util.regex.Pattern;
42  import javax.servlet.http.HttpServletRequest;
43  import javax.servlet.http.HttpSession;
44  import org.apache.commons.lang3.StringUtils;
45  import org.springframework.util.AntPathMatcher;
46  import org.springframework.util.PathMatcher;
47  
48  
49  
50  public class VerifiyBackUrlUtils
51  {
52      
53      public final static PathMatcher PATH_MATCHER = new AntPathMatcher( );
54      
55      /**
56       * Test if the BacUrl is a valid url
57       * 
58       * @param strBackUrl
59       *            the back url to test
60       * @return Test if the BackUrl is a valid url
61       */
62      public static boolean isValidBackUrl( String strBackUrl )
63      {
64          boolean isValid = true;
65          String strAuthorizedDomains = AppPropertiesService.getProperty( VerifyBackUrlConstants.PROPERTY_AUTHORIZED_DOMAINS_BACK_URL );
66     
67          // test on domains url
68          if ( !StringUtils.isEmpty( strAuthorizedDomains ) )
69          {
70              isValid = false;
71  
72              String [ ] tabAuthorizedDomains = strAuthorizedDomains.split( VerifyBackUrlConstants.COMMA );
73  
74              for ( int i = 0; i < tabAuthorizedDomains.length; i++ )
75              {
76                  if ( PATH_MATCHER.match( tabAuthorizedDomains [i], strBackUrl ) )
77                  {
78                      isValid = true;
79  
80                      break;
81                  }
82              }
83          }
84  
85          return isValid;
86      }
87      
88      /**
89       * Test if the BacUrl is a valid url
90       * 
91       * @param strBackUrl
92       *            the back url to test
93       * @return Test if the BackUrl is a valid url
94       */
95      public static boolean containsNoUnauthorizedHTML( String strBackUrl )
96      {
97          boolean isValid = true;
98          String strPatterUnAuthorizedHTML = AppPropertiesService.getProperty( VerifyBackUrlConstants.PROPERTY_AUTHORIZED_HTML );
99          isValid = !strBackUrl.matches( strPatterUnAuthorizedHTML );
100 
101         return isValid;
102     }
103 
104     /**
105      * Test if the BackUrl is a valid url
106      * 
107      * @param strBackUrl
108      *            the back url to test
109      * @return Test if the BackUrl is a valid url
110      */
111     public static boolean containsUnauthorizedCharactersDomain( String strBackUrl )
112     { 
113         String strPatterUnAuthorizedCharactersDomain = AppPropertiesService.getProperty( VerifyBackUrlConstants.PROPERTY_UNAUTHORIZED_CHARACTERS_DOMAIN );
114 
115         return strBackUrl.matches( strPatterUnAuthorizedCharactersDomain );
116     }
117     
118     
119     /**
120      * Compare to base url
121      * @param url1 
122      * @param url2
123      * @return a boolean if base url of the two input Strings are the same an no empty.
124      */
125     public static boolean compareBaseUrl( String url1, String url2 )
126     {
127         String strBaseUrl1 = getBaseUrl( url1 );
128         String strBaseUrl2 = getBaseUrl( url2 );
129         if ( !StringUtils.isEmpty( strBaseUrl1 ) && strBaseUrl1.equals( strBaseUrl2 ) )
130         {
131             return true;
132         }
133         return false;
134     }
135     
136     /**
137      * Get base url for input Url : http://site.paris.mdp/webapp/jsp ==> site.paris.mdp/webapp
138      * @param strUrl
139      * @return the base Url
140      */
141     public static String getBaseUrl ( String strUrl )
142     {
143         String strRegexpBaseUrl = AppPropertiesService.getProperty( VerifyBackUrlConstants.PROPERTY_REGEXP_BASE_URL );
144         Pattern regex = Pattern.compile( strRegexpBaseUrl );
145         Matcher regexMatcher = regex.matcher( strUrl );
146         if (regexMatcher.find( ) ) {
147             return regexMatcher.group( 2 );
148         }
149         return "";
150     }
151     
152     /**
153      * Store service in session
154      * @param request the HttpServletRequest
155      * @param strBackUrl the backUrl to store in session
156      * @param strSessionAttributeName the strSessionAttributeName who must store the backurl
157      * 
158      */
159     public static void storeBackUrlInSession ( HttpServletRequest request, String strBackUrl,String strSessionAttributeName )
160     {
161         HttpSession session = request.getSession( true ); 
162         session.setAttribute( strSessionAttributeName , strBackUrl );
163     }
164     
165     /**
166      * Drop Service in session
167      * @param request the HttpServletrequest 
168      * @param strSessionAttributeName the strSessionAttributeName who must store the backurl
169      */
170     
171     public static void dropBackUrlInSession ( HttpServletRequest request,String strSessionAttributeName )
172     {
173         HttpSession session = request.getSession( true );
174         session.removeAttribute( strSessionAttributeName );
175         
176     }
177     
178     
179     /**
180      * Return the back url in session
181      * @param strSessionAttributeName the strSessionAttributeName who must store the backurl
182      * @param request the HttpServletRequest
183      */
184     public static String getBackUrlInSession ( HttpServletRequest request,String strSessionAttributeName)
185     {
186         HttpSession session = request.getSession( true ); 
187         return (String) session.getAttribute( strSessionAttributeName);
188     }
189     
190     /**
191      * encode url in base64
192      * @param strUrl the url to encode
193      * @return an url encode in base64
194      */
195     public  static String  encodeUrl(String strUrl)
196     {
197     	return !StringUtils.isEmpty(strUrl) ?  new String(Base64.getUrlEncoder().encode(strUrl.getBytes( StandardCharsets.UTF_8 ))):"";
198     	
199     }
200     
201     
202     
203 }