rwaldhoff 01/08/17 12:28:05 Modified: httpclient/src/java/org/apache/commons/httpclient Tag: rlwrefactoring Cookie.java HeaderElement.java httpclient/src/test/org/apache/commons/httpclient Tag: rlwrefactoring TestCookie.java Log: * make HeaderElement (and Cookie) a little more friendly to empty and null values in parse * make HeaderElement distinguish between empty (name=) and null (name) values * fix isToBeDiscarded (Cookie) * add security checks for path and secure when parsing cookies (Cookie) * fix path-setting bug in parse--previously defaulted to "/" when cookie had the form "name=value", but defaulted to null when any other parameter (e.g., host), was supplied (Cookie) * make default path the actual request path (Cookie) * add several cookie tests (TestCookie) Revision Changes Path No revision No revision 1.4.2.2 +149 -89 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java Index: Cookie.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v retrieving revision 1.4.2.1 retrieving revision 1.4.2.2 diff -u -r1.4.2.1 -r1.4.2.2 --- Cookie.java 2001/08/14 18:00:37 1.4.2.1 +++ Cookie.java 2001/08/17 19:28:05 1.4.2.2 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v 1.4.2.1 2001/08/14 18:00:37 rwaldhoff Exp $ - * $Revision: 1.4.2.1 $ - * $Date: 2001/08/14 18:00:37 $ + * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/Cookie.java,v 1.4.2.2 2001/08/17 19:28:05 rwaldhoff Exp $ + * $Revision: 1.4.2.2 $ + * $Date: 2001/08/17 19:28:05 $ * * ==================================================================== * @@ -78,6 +78,7 @@ * @author B.C. Holmes * @author <a href="mailto:[EMAIL PROTECTED]">Park, Sung-Gu</a> * @author <a href="mailto:[EMAIL PROTECTED]">Doug Sale</a> + * @author Rod Waldhoff */ public class Cookie extends NameValuePair implements Serializable { @@ -124,9 +125,7 @@ */ public Cookie(String domain, String name, String value, String path, Date expires, boolean secure) { super(name, value); - if (name == null) throw new NullPointerException("missing name"); - if (value == null) throw new NullPointerException("missing value"); - if (domain == null) throw new NullPointerException("missing domain"); + this.setPath(path); this.setDomain(domain); this.setExpiryDate(expires); this.setSecure(secure); @@ -204,7 +203,7 @@ * "session"; false otherwise */ public boolean isToBeDiscarded() { - return (m_expiryDate != null); + return (null == m_expiryDate); } @@ -337,6 +336,47 @@ return string; } + public String toCookieHeaderValue() { + StringBuffer buf = new StringBuffer(); + buf.append(getName()).append("=").append(getValue()); + if (m_path != null) { + buf.append("; $Path="); + buf.append(m_path); + } + if (m_domain != null) { + buf.append("; Domain="); + buf.append(m_domain); + } + return buf.toString(); + } + + public String toSetCookieHeaderValue() { + StringBuffer buf = new StringBuffer(); + buf.append(getName()).append("=").append(getValue()); + if (m_comment != null) { + buf.append(";Comment="); + buf.append(m_comment); + } + if (m_domain != null) { + buf.append(";Domain="); + buf.append(m_domain); + } + if (m_expiryDate != null) { + buf.append(";Max-Age="); + buf.append((m_expiryDate.getTime()/1000L)-System.currentTimeMillis()); + } + if (m_path != null) { + buf.append(";Path="); + buf.append(m_path); + } + if (m_secure) { + buf.append(";Secure"); + } + buf.append(";Version="); + buf.append(m_version); + return buf.toString(); + } + /** * Create a <tt>Cookie</tt> header containing * all non-expired cookies in <i>cookies</i>, @@ -402,6 +442,10 @@ return toExternalForm(); } + public static Cookie[] parse(String domain, String path, Header setCookie) throws HttpException { + return Cookie.parse(domain,path,false,setCookie); + } + /** * Parses the Set-Cookie header into an array of Cookies. * @@ -426,7 +470,7 @@ * @return an array of Cookies as parsed from the Set-Cookie header * @exception HttpException if an error occurs during parsing */ - public static Cookie[] parse(String domain, Header setCookie) + public static Cookie[] parse(String domain, String path, boolean secure, Header setCookie) throws HttpException { HeaderElement[] headerElements = @@ -436,12 +480,6 @@ int index = 0; for (int i = 0; i < headerElements.length; i++) { - if (headerElements[i].getValue() == null) - throw new HttpException( - "Bad Set-Cookie header: " + setCookie.getValue() + - "\nMissing value " + "for cookie '" + - headerElements[i].getName() + "'"); - Cookie cookie = new Cookie(domain, headerElements[i].getName(), headerElements[i].getValue()); @@ -449,80 +487,78 @@ // cycle through the parameters NameValuePair[] parameters = headerElements[i].getParameters(); // could be null. In case only a header element and no parameters. - if (parameters == null) { - cookies[index++] = cookie; - // fix me, should be directory of the request, not root dir - cookie.setPath("/"); - // go to the next header element. - continue; - } - boolean discard_set = false, secure_set = false; - for (int j = 0; j < parameters.length; j++) { - String name = parameters[j].getName().toLowerCase(); - - // check for required value parts - if ( (name.equals("version") || name.equals("max-age") || - name.equals("domain") || name.equals("path") || - name.equals("comment") || name.equals("expires")) && - parameters[j].getValue() == null) { - throw new HttpException( - "Bad Set-Cookie header: " + setCookie.getValue() + - "\nMissing value for " + - parameters[j].getName() + - " attribute in cookie '" + - headerElements[i].getName() + "'"); - } - - if (name.equals("version")) { - try { - cookie.setVersion( - Integer.parseInt(parameters[j].getValue())); - } catch (NumberFormatException nfe) { + if (parameters != null) { + boolean discard_set = false, secure_set = false; + for (int j = 0; j < parameters.length; j++) { + String name = parameters[j].getName().toLowerCase(); + + // check for required value parts + if ( (name.equals("version") || name.equals("max-age") || + name.equals("domain") || name.equals("path") || + name.equals("comment") || name.equals("expires")) && + parameters[j].getValue() == null) { throw new HttpException( - "Bad Set-Cookie header: " + - setCookie.getValue() + "\nVersion '" + - parameters[j].getValue() + "' not a number"); + "Bad Set-Cookie header: " + setCookie.getValue() + + "\nMissing value for " + + parameters[j].getName() + + " attribute in cookie '" + + headerElements[i].getName() + "'"); } - } else if (name.equals("path")) { - cookie.setPath(parameters[j].getValue()); - } else if (name.equals("domain")) { - String d = parameters[j].getValue().toLowerCase(); - // add leading dot if not present and if domain is - // not the full host name - if (d.charAt(0) != '.' && !d.equals(domain)) - cookie.setDomain("." + d); - else - cookie.setDomain(d); - } else if (name.equals("max-age")) { - int age; - try { - age = Integer.parseInt(parameters[j].getValue()); - } catch (NumberFormatException e) { - throw new HttpException( - "Bad Set-Cookie header: " + - setCookie.getValue() + "\nMax-Age '" + - parameters[j].getValue() + "' not a number"); - } - cookie.setExpiryDate(new Date(System.currentTimeMillis() + - age * 1000L)); - } else if (name.equals("secure")) { - cookie.setSecure(true); - } else if (name.equals("comment")) { - cookie.setComment(parameters[j].getValue()); - } else if (name.equals("expires")) { - /* - * In the RFC 2109 for the cookies, - * the Expires date format is "Wdy, DD-Mon-YY HH:MM:SS GMT". - * There might be one more? Wdy, DD-Mon-YYYY HH:MM:SS GMT - */ - try { - // RFC 1123, 822, Date and time specification is English. - DateFormat formatter = new SimpleDateFormat - ("EEE, dd-MMM-yyyy HH:mm:ss z", Locale.US); - String expiryDate = parameters[j].getValue(); - Date date = formatter.parse(expiryDate); - cookie.setExpiryDate(date); - } catch (ParseException e) { + + if (name.equals("version")) { + try { + cookie.setVersion( + Integer.parseInt(parameters[j].getValue())); + } catch (NumberFormatException nfe) { + throw new HttpException( + "Bad Set-Cookie header: " + + setCookie.getValue() + "\nVersion '" + + parameters[j].getValue() + "' not a number"); + } + } else if (name.equals("path")) { + cookie.setPath(parameters[j].getValue()); + } else if (name.equals("domain")) { + String d = parameters[j].getValue().toLowerCase(); + // add leading dot if not present and if domain is + // not the full host name + // XXX is this the right thing to do? + // some (most?) browsers don't see to handle + // cookies this way XXX + if (d.charAt(0) != '.' && !d.equals(domain)) + cookie.setDomain("." + d); + else + cookie.setDomain(d); + } else if (name.equals("max-age")) { + int age; + try { + age = Integer.parseInt(parameters[j].getValue()); + } catch (NumberFormatException e) { + throw new HttpException( + "Bad Set-Cookie header: " + + setCookie.getValue() + " Max-Age '" + + parameters[j].getValue() + "' not a number"); + } + cookie.setExpiryDate(new Date(System.currentTimeMillis() + + age * 1000L)); + } else if (name.equals("secure")) { + cookie.setSecure(true); + } else if (name.equals("comment")) { + cookie.setComment(parameters[j].getValue()); + } else if (name.equals("expires")) { + /* + * In the RFC 2109 for the cookies, + * the Expires date format is "Wdy, DD-Mon-YY HH:MM:SS GMT". + * There might be one more? Wdy, DD-Mon-YYYY HH:MM:SS GMT + */ + try { + // RFC 1123, 822, Date and time specification is English. + DateFormat formatter = new SimpleDateFormat + ("EEE, dd-MMM-yyyy HH:mm:ss z", Locale.US); + String expiryDate = parameters[j].getValue(); + Date date = formatter.parse(expiryDate); + cookie.setExpiryDate(date); + } catch (ParseException e) { + } } } } @@ -531,7 +567,7 @@ if (cookie.getVersion() != 1) { throw new HttpException( "Bad Set-Cookie header: " + setCookie.getValue() + - "\nIllegal Version attribute"); + " Illegal Version attribute"); } // security check... we musn't allow the server to give us an @@ -547,7 +583,7 @@ if (!domain.endsWith(cookie.getDomain())){ throw new HttpException( "Bad Set-Cookie header: " + setCookie.getValue() + - "\nIllegal domain attribute" + cookie.getDomain()); + " Illegal domain attribute" + cookie.getDomain()); } // host minus domain may not contain any dots @@ -556,11 +592,35 @@ cookie.getDomain().length()).indexOf('.') != -1) { throw new HttpException( "Bad Set-Cookie header: " + setCookie.getValue() + - "\nIllegal domain attribute" + cookie.getDomain()); + " Illegal domain attribute " + cookie.getDomain()); } } + // another security check... we musn't allow the server to give us a + // secure cookie over an insecure channel + + if(cookie.getSecure() && !secure) { + throw new HttpException( + "Bad Set-Cookie header: " + setCookie.getValue() + + " Secure cookie sent over a non-secure channel."); + } + + // another security check... we musn't allow the server to give us a + // cookie that doesn't match this path + + if(cookie.getPath() != null && (!path.startsWith(cookie.getPath()))) { + throw new HttpException( + "Bad Set-Cookie header: " + setCookie.getValue() + + " Header targets a different path, found \"" + + cookie.getPath() + "\" for \"" + path + "\""); + } + // looks ok + + if(null == cookie.getPath()) { + // fix me, should be directory of the request, not root dir + cookie.setPath("/"); + } cookies[index++] = cookie; } 1.3.2.3 +4 -12 jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HeaderElement.java Index: HeaderElement.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HeaderElement.java,v retrieving revision 1.3.2.2 retrieving revision 1.3.2.3 diff -u -r1.3.2.2 -r1.3.2.3 --- HeaderElement.java 2001/08/17 02:24:15 1.3.2.2 +++ HeaderElement.java 2001/08/17 19:28:05 1.3.2.3 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HeaderElement.java,v 1.3.2.2 2001/08/17 02:24:15 rwaldhoff Exp $ - * $Revision: 1.3.2.2 $ - * $Date: 2001/08/17 02:24:15 $ + * $Header: /home/cvs/jakarta-commons/httpclient/src/java/org/apache/commons/httpclient/HeaderElement.java,v 1.3.2.3 2001/08/17 19:28:05 rwaldhoff Exp $ + * $Revision: 1.3.2.3 $ + * $Date: 2001/08/17 19:28:05 $ * * ==================================================================== * @@ -335,23 +335,15 @@ if (index >= 0) { if ((index + 1) < name.length()) { value = name.substring(index+1).trim(); - // strip quotation marks if (value.startsWith("\"") && value.endsWith("\"")) { value = value.substring(1,value.length()-1); } - - // is there anything left? - if (value.length() == 0) { - value = null; - } } name = name.substring(0,index).trim(); } - if (name != null && name.length() > 0) { - pair = new NameValuePair(name, value); - } + pair = new NameValuePair(name, value); return pair; } No revision No revision 1.1.2.1 +170 -14 jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java Index: TestCookie.java =================================================================== RCS file: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v retrieving revision 1.1 retrieving revision 1.1.2.1 diff -u -r1.1 -r1.1.2.1 --- TestCookie.java 2001/05/01 07:39:35 1.1 +++ TestCookie.java 2001/08/17 19:28:05 1.1.2.1 @@ -1,7 +1,7 @@ /* - * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v 1.1 2001/05/01 07:39:35 remm Exp $ - * $Revision: 1.1 $ - * $Date: 2001/05/01 07:39:35 $ + * $Header: /home/cvs/jakarta-commons/httpclient/src/test/org/apache/commons/httpclient/TestCookie.java,v 1.1.2.1 2001/08/17 19:28:05 rwaldhoff Exp $ + * $Revision: 1.1.2.1 $ + * $Date: 2001/08/17 19:28:05 $ * * ==================================================================== * @@ -71,14 +71,14 @@ * Test cases for Cookie * * @author BC Holmes - * @version $Revision: 1.1 $ + * @author Rod Waldhoff + * @version $Revision: 1.1.2.1 $ */ public class TestCookie extends TestCase { // -------------------------------------------------------------- Constants - private static final String DOMAIN_NAME = "www.apache.org"; private String[] testName = { "custno", "name", "name" }; @@ -86,7 +86,6 @@ private String[] testDomain = { "www.apache.org", ".apache.org", ".apache.org" }; - // ------------------------------------------------------------ Constructor @@ -112,7 +111,7 @@ public void testParse1() throws Exception { String headerValue = "custno = 12345; comment=test; version=1," + " name=John; version=1; max-age=600; secure; domain=.apache.org"; - Cookie[] cookies = Cookie.parse(DOMAIN_NAME, new Header( + Cookie[] cookies = Cookie.parse(DOMAIN_NAME,"/", true, new Header( "set-cookie", headerValue)); checkResultsOfParse(cookies, 2, 0); } @@ -152,7 +151,7 @@ public void testParse2() throws Exception { String headerValue = "custno=12345;comment=test; version=1," + "name=John;version=1;max-age=600;secure;domain=.apache.org"; - Cookie[] cookies = Cookie.parse(DOMAIN_NAME, new Header( + Cookie[] cookies = Cookie.parse(DOMAIN_NAME, "/", true, new Header( "set-cookie", headerValue)); checkResultsOfParse(cookies, 2, 0); } @@ -167,28 +166,185 @@ public void testParse3() throws Exception { String headerValue = "name=\"Doe, John\";version=1;max-age=600;secure;domain=.apache.org"; - Cookie[] cookies = Cookie.parse(DOMAIN_NAME, new Header( + Cookie[] cookies = Cookie.parse(DOMAIN_NAME,"/", true, new Header( "set-cookie", headerValue)); checkResultsOfParse(cookies, 1, 2); } + // ------------------------------------------------------------- More Tests - /** - * Test security error - */ public void testSecurityError() throws Exception { String headerValue = "custno=12345;comment=test; version=1," + "name=John;version=1;max-age=600;secure;domain=jakarta.apache.org"; - Exception exception = null; try { - Cookie[] cookies = Cookie.parse(DOMAIN_NAME, new Header( + Cookie[] cookies = Cookie.parse(DOMAIN_NAME, "/", new Header( "set-cookie", headerValue)); + fail("HttpException exception should have been thrown"); } catch (HttpException e) { - exception = e; + // expected } + } + + public void testParseSimple() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value"); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assertEquals("Value","cookie-value",parsed[0].getValue()); + assert("Comment",null == parsed[0].getComment()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("isToBeDiscarded",parsed[0].isToBeDiscarded()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assertEquals("Version",1,parsed[0].getVersion()); + } + + public void testParseNoName() throws Exception { + Header setCookie = new Header("Set-Cookie","=cookie-value"); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","",parsed[0].getName()); + assertEquals("Value","cookie-value",parsed[0].getValue()); + assert("Comment",null == parsed[0].getComment()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("isToBeDiscarded",parsed[0].isToBeDiscarded()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assertEquals("Version",1,parsed[0].getVersion()); + } + + public void testParseNoValue() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name="); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assert("Value",null == parsed[0].getValue()); + assert("Comment",null == parsed[0].getComment()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("isToBeDiscarded",parsed[0].isToBeDiscarded()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assertEquals("Version",1,parsed[0].getVersion()); + } + + public void testParseWithWhiteSpace() throws Exception { + Header setCookie = new Header("Set-Cookie"," cookie-name = cookie-value "); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assertEquals("Value","cookie-value",parsed[0].getValue()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("Comment",null == parsed[0].getComment()); + } + + public void testParseWithQuotes() throws Exception { + Header setCookie = new Header("Set-Cookie"," cookie-name = \" cookie-value \" ;path=/"); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assertEquals("Value"," cookie-value ",parsed[0].getValue()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("Comment",null == parsed[0].getComment()); + } - assert("Webdav exception should have been caught", exception != null); + public void testParseWithPath() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; Path=/path/"); + Cookie[] parsed = Cookie.parse("127.0.0.1","/path/",setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assertEquals("Value","cookie-value",parsed[0].getValue()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/path/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("Comment",null == parsed[0].getComment()); } + public void testParseWithDomain() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; Domain=127.0.0.1"); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assertEquals("Value","cookie-value",parsed[0].getValue()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("Comment",null == parsed[0].getComment()); + } + + public void testParseWithSecure() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; secure"); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",true,setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assertEquals("Value","cookie-value",parsed[0].getValue()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",parsed[0].getSecure()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assert("Comment",null == parsed[0].getComment()); + } + + public void testParseWithComment() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; comment=\"This is a comment.\""); + Cookie[] parsed = Cookie.parse("127.0.0.1","/",true,setCookie); + assertEquals("Found 1 cookie.",1,parsed.length); + assertEquals("Name","cookie-name",parsed[0].getName()); + assertEquals("Value","cookie-value",parsed[0].getValue()); + assertEquals("Domain","127.0.0.1",parsed[0].getDomain()); + assertEquals("Path","/",parsed[0].getPath()); + assert("Secure",!parsed[0].getSecure()); + assert("ExpiryDate",null == parsed[0].getExpiryDate()); + assertEquals("Comment","This is a comment.",parsed[0].getComment()); + } + public void testParseWithWrongDomain() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; domain=127.0.0.1"); + try { + Cookie[] parsed = Cookie.parse("127.0.0.2","/",setCookie); + fail("HttpException exception should have been thrown"); + } catch (HttpException e) { + // expected + } + } + + public void testParseWithWrongPath() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; domain=127.0.0.1; path=/not/just/root"); + try { + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + fail("HttpException exception should have been thrown"); + } catch (HttpException e) { + // expected + } + } + + public void testParseWithWrongSecure() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; domain=127.0.0.1; path=/; secure"); + try { + Cookie[] parsed = Cookie.parse("127.0.0.1","/",setCookie); + fail("HttpException exception should have been thrown"); + } catch (HttpException e) { + // expected + } + } + + public void testParseWithWrongSecure2() throws Exception { + Header setCookie = new Header("Set-Cookie","cookie-name=cookie-value; domain=127.0.0.1; path=/; secure"); + try { + Cookie[] parsed = Cookie.parse("127.0.0.1","/",false,setCookie); + fail("HttpException exception should have been thrown"); + } catch (HttpException e) { + // expected + } + } }