Source Code of org.apache.wicket.protocol.http.WebRequestWithCryptedUrl

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.wicket.protocol.http;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import org.apache.wicket.Application;
import org.apache.wicket.PageParameters;
import org.apache.wicket.WicketRuntimeException;
import org.apache.wicket.protocol.http.request.WebRequestCodingStrategy;
import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
import org.apache.wicket.util.crypt.ICrypt;
import org.apache.wicket.util.string.Strings;
import org.apache.wicket.util.value.ValueMap;


/**
 * It extends WebRequest and decodes URLs encoded by WebResponseWithCryptedUrl.
 * One reason for obfuscating the URL's query string might be, that you don't
 * want the details to be visible to the user to play around with.
 *
 * @author Juergen Donnerstag
 *
 * @deprecated since 1.2 Please see {@link org.apache.wicket.protocol.http.request.CryptedUrlwebRequestCodingStrategy}
 */
public class WebRequestWithCryptedUrl extends ServletWebRequest
{
  /** URL querystring decoded */
  private final String queryString;

  /** URL query parameters decoded */
  private final ValueMap parameters;

  /**
   * Constructor.
   *
   * @param request
   *            The oiginal request information
   */
  public WebRequestWithCryptedUrl(final HttpServletRequest request)
  {
    super(request);

    // Encoded query string have only a single parameter named "x"
    final String secureParam = request.getParameter("x");
    if ((secureParam != null) && (secureParam.length() > 0))
    {
      // Get the crypt implementation from the application
      ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory().newCrypt();

      // Decrypt the query string
      final String queryString = urlCrypt.decryptUrlSafe(secureParam);

      // The querystring might have been shortened (length reduced).
      // In that case, lengthen the query string again.
      this.queryString = rebuildUrl(queryString);

      // extract parameter key/value pairs from the query string
      this.parameters = new PageParameters();
      RequestUtils.decodeParameters(this.queryString, this.parameters);
    }
    else
    {
      // If "x" parameter does not exist, we assume the query string
      // is not encoded.
      // Note: You might want to throw an exception, if you don't want
      // the automatic fallback.
      this.queryString = null;
      this.parameters = new ValueMap();
    }

    // If available, add POST parameters as well. They are not encrypted.
    // The parameters from HttpRequest
    final Enumeration paramNames = request.getParameterNames();

    // For all parameters (POST + URL query string)
    while (paramNames.hasMoreElements())
    {
      String paramName = (String)paramNames.nextElement();

      // Ignore the "x" parameter
      if (!"x".equalsIgnoreCase(paramName))
      {
        String[] values = request.getParameterValues(paramName);
        // add key/value to our parameter map
        this.parameters.put(paramName, values);
      }
    }
  }

  /**
   * @see org.apache.wicket.Request#decodeURL(java.lang.String)
   */
  public String decodeURL(final String url)
  {
    int startIndex = url.indexOf("x=");
    if (startIndex != -1)
    {
      startIndex = startIndex + 2;
      final String secureParam;
      final int endIndex = url.indexOf("&", startIndex);
      try
      {
        if (endIndex == -1)
        {
          secureParam = URLDecoder.decode(url.substring(startIndex), Application.get()
              .getRequestCycleSettings().getResponseRequestEncoding());
        }
        else
        {
          secureParam = URLDecoder.decode(url.substring(startIndex, endIndex),
              Application.get().getRequestCycleSettings()
                  .getResponseRequestEncoding());
        }
      }
      catch (UnsupportedEncodingException ex)
      {
        // should never happen
        throw new WicketRuntimeException(ex);
      }

      // Get the crypt implementation from the application
      final ICrypt urlCrypt = Application.get().getSecuritySettings().getCryptFactory()
          .newCrypt();

      // Decrypt the query string
      final String queryString = urlCrypt.decryptUrlSafe(secureParam);

      // The querystring might have been shortened (length reduced).
      // In that case, lengthen the query string again.
      return rebuildUrl(queryString);
    }
    return url;
  }

  /**
   * In case the query string has been shortened prior to encryption, than
   * rebuild (lengthen) the query string now. Note: This implementation must
   * exactly match the reverse one implemented in WebResponseWithCryptedUrl.
   *
   * @param queryString
   *            The URL's query string
   * @return The lengthened query string
   */
  private String rebuildUrl(CharSequence queryString)
  {
    queryString = Strings.replaceAll(queryString, "1=",
        WebRequestCodingStrategy.BEHAVIOR_ID_PARAMETER_NAME + "=");
    queryString = Strings.replaceAll(queryString, "2=",
        WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IRedirectListener");
    queryString = Strings.replaceAll(queryString, "3=",
        WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IFormSubmitListener");
    queryString = Strings.replaceAll(queryString, "4=",
        WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=IOnChangeListener");
    queryString = Strings.replaceAll(queryString, "5=",
        WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=ILinkListener");
    queryString = Strings.replaceAll(queryString, "6=",
        WebRequestCodingStrategy.INTERFACE_PARAMETER_NAME + "=");
    queryString = Strings.replaceAll(queryString, "7=",
        WebRequestCodingStrategy.BOOKMARKABLE_PAGE_PARAMETER_NAME + "=");

    return queryString.toString();
  }

  /**
   * Gets the request parameter with the given key.
   *
   * @param key
   *            Parameter name
   * @return Parameter value
   */
  public String getParameter(final String key)
  {
    String[] value = (String[])this.parameters.get(key);
    if (value != null)
    {
      return value[0];
    }
    return null;
  }

  /**
   * Gets the request parameters.
   *
   * @return Map of parameters
   */
  public Map getParameterMap()
  {
    Map map = new HashMap(parameters.size(), 1);
    Iterator it = parameters.keySet().iterator();
    while (it.hasNext())
    {
      String param = (String)it.next();
      map.put(param, getParameter(param));
    }
    return map;
  }

  /**
   * Gets the request parameters with the given key.
   *
   * @param key
   *            Parameter name
   * @return Parameter values
   */
  public String[] getParameters(final String key)
  {
    return (String[])this.parameters.get(key);
  }

  /**
   * @see java.lang.Object#toString()
   */
  public String toString()
  {
    return super.toString();
  }
}