Home | History | Annotate | Download | only in base
      1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 // Brought to you by the letter D and the number 2.
      6 
      7 #ifndef NET_BASE_COOKIE_MONSTER_H_
      8 #define NET_BASE_COOKIE_MONSTER_H_
      9 #pragma once
     10 
     11 #include <map>
     12 #include <string>
     13 #include <utility>
     14 #include <vector>
     15 
     16 #include "base/basictypes.h"
     17 #include "base/gtest_prod_util.h"
     18 #include "base/memory/ref_counted.h"
     19 #include "base/memory/scoped_ptr.h"
     20 #include "base/synchronization/lock.h"
     21 #include "base/task.h"
     22 #include "base/time.h"
     23 #include "net/base/cookie_store.h"
     24 
     25 class GURL;
     26 
     27 namespace base {
     28 class Histogram;
     29 }
     30 
     31 namespace net {
     32 
     33 class CookieList;
     34 
     35 // The cookie monster is the system for storing and retrieving cookies. It has
     36 // an in-memory list of all cookies, and synchronizes non-session cookies to an
     37 // optional permanent storage that implements the PersistentCookieStore
     38 // interface.
     39 //
     40 // This class IS thread-safe. Normally, it is only used on the I/O thread, but
     41 // is also accessed directly through Automation for UI testing.
     42 //
     43 // TODO(deanm) Implement CookieMonster, the cookie database.
     44 //  - Verify that our domain enforcement and non-dotted handling is correct
     45 class CookieMonster : public CookieStore {
     46  public:
     47   class CanonicalCookie;
     48   class Delegate;
     49   class ParsedCookie;
     50   class PersistentCookieStore;
     51 
     52   // Terminology:
     53   //    * The 'top level domain' (TLD) of an internet domain name is
     54   //      the terminal "." free substring (e.g. "com" for google.com
     55   //      or world.std.com).
     56   //    * The 'effective top level domain' (eTLD) is the longest
     57   //      "." initiated terminal substring of an internet domain name
     58   //      that is controlled by a general domain registrar.
     59   //      (e.g. "co.uk" for news.bbc.co.uk).
     60   //    * The 'effective top level domain plus one' (eTLD+1) is the
     61   //      shortest "." delimited terminal substring of an internet
     62   //      domain name that is not controlled by a general domain
     63   //      registrar (e.g. "bbc.co.uk" for news.bbc.co.uk, or
     64   //      "google.com" for news.google.com).  The general assumption
     65   //      is that all hosts and domains under an eTLD+1 share some
     66   //      administrative control.
     67 
     68   // CookieMap is the central data structure of the CookieMonster.  It
     69   // is a map whose values are pointers to CanonicalCookie data
     70   // structures (the data structures are owned by the CookieMonster
     71   // and must be destroyed when removed from the map).  There are two
     72   // possible keys for the map, controlled on a per-CookieMonster basis
     73   // by expiry_and_key_scheme_/SetExpiryAndKeyScheme()
     74   // (defaulted by expiry_and_key_default_):
     75 
     76   // If expiry_and_key_scheme_ is EKS_KEEP_RECENT_AND_PURGE_ETLDP1
     77   // (default), then the key is based on the effective domain of the
     78   // cookies.  If the domain of the cookie has an eTLD+1, that is the
     79   // key for the map.  If the domain of the cookie does not have an eTLD+1,
     80   // the key of the map is the host the cookie applies to (it is not
     81   // legal to have domain cookies without an eTLD+1).  This rule
     82   // excludes cookies for, e.g, ".com", ".co.uk", or ".internalnetwork".
     83   // This behavior is the same as the behavior in Firefox v 3.6.10.
     84 
     85   // If use_effective_domain_key_scheme_ is EKS_DISCARD_RECENT_AND_PURGE_DOMAIN,
     86   // then the key is just the domain of the cookie.  Eventually, this
     87   // option will be removed.
     88 
     89   // NOTE(deanm):
     90   // I benchmarked hash_multimap vs multimap.  We're going to be query-heavy
     91   // so it would seem like hashing would help.  However they were very
     92   // close, with multimap being a tiny bit faster.  I think this is because
     93   // our map is at max around 1000 entries, and the additional complexity
     94   // for the hashing might not overcome the O(log(1000)) for querying
     95   // a multimap.  Also, multimap is standard, another reason to use it.
     96   // TODO(rdsmith): This benchmark should be re-done now that we're allowing
     97   // subtantially more entries in the map.
     98   typedef std::multimap<std::string, CanonicalCookie*> CookieMap;
     99   typedef std::pair<CookieMap::iterator, CookieMap::iterator> CookieMapItPair;
    100 
    101   // The key and expiry scheme to be used by the monster.
    102   // EKS_KEEP_RECENT_AND_PURGE_ETLDP1 means to use
    103   // the new key scheme based on effective domain and save recent cookies
    104   // in global garbage collection.  EKS_DISCARD_RECENT_AND_PURGE_DOMAIN
    105   // means to use the old key scheme based on full domain and be ruthless
    106   // about purging.
    107   enum ExpiryAndKeyScheme {
    108     EKS_KEEP_RECENT_AND_PURGE_ETLDP1,
    109     EKS_DISCARD_RECENT_AND_PURGE_DOMAIN,
    110     EKS_LAST_ENTRY
    111   };
    112 
    113   // The store passed in should not have had Init() called on it yet. This
    114   // class will take care of initializing it. The backing store is NOT owned by
    115   // this class, but it must remain valid for the duration of the cookie
    116   // monster's existence. If |store| is NULL, then no backing store will be
    117   // updated. If |delegate| is non-NULL, it will be notified on
    118   // creation/deletion of cookies.
    119   CookieMonster(PersistentCookieStore* store, Delegate* delegate);
    120 
    121   // Only used during unit testing.
    122   CookieMonster(PersistentCookieStore* store,
    123                 Delegate* delegate,
    124                 int last_access_threshold_milliseconds);
    125 
    126   // Parses the string with the cookie time (very forgivingly).
    127   static base::Time ParseCookieTime(const std::string& time_string);
    128 
    129   // Returns true if a domain string represents a host-only cookie,
    130   // i.e. it doesn't begin with a leading '.' character.
    131   static bool DomainIsHostOnly(const std::string& domain_string);
    132 
    133   // Sets a cookie given explicit user-provided cookie attributes. The cookie
    134   // name, value, domain, etc. are each provided as separate strings. This
    135   // function expects each attribute to be well-formed. It will check for
    136   // disallowed characters (e.g. the ';' character is disallowed within the
    137   // cookie value attribute) and will return false without setting the cookie
    138   // if such characters are found.
    139   bool SetCookieWithDetails(const GURL& url,
    140                             const std::string& name,
    141                             const std::string& value,
    142                             const std::string& domain,
    143                             const std::string& path,
    144                             const base::Time& expiration_time,
    145                             bool secure, bool http_only);
    146 
    147   // Returns all the cookies, for use in management UI, etc. This does not mark
    148   // the cookies as having been accessed.
    149   // The returned cookies are ordered by longest path, then by earliest
    150   // creation date.
    151   CookieList GetAllCookies();
    152 
    153   // Returns all the cookies, for use in management UI, etc. Filters results
    154   // using given url scheme, host / domain and path and options. This does not
    155   // mark the cookies as having been accessed.
    156   // The returned cookies are ordered by longest path, then earliest
    157   // creation date.
    158   CookieList GetAllCookiesForURLWithOptions(const GURL& url,
    159                                             const CookieOptions& options);
    160 
    161   // Invokes GetAllCookiesForURLWithOptions with options set to include HTTP
    162   // only cookies.
    163   CookieList GetAllCookiesForURL(const GURL& url);
    164 
    165   // Deletes all of the cookies.
    166   int DeleteAll(bool sync_to_store);
    167   // Deletes all of the cookies that have a creation_date greater than or equal
    168   // to |delete_begin| and less than |delete_end|
    169   int DeleteAllCreatedBetween(const base::Time& delete_begin,
    170                               const base::Time& delete_end,
    171                               bool sync_to_store);
    172   // Deletes all of the cookies that have a creation_date more recent than the
    173   // one passed into the function via |delete_after|.
    174   int DeleteAllCreatedAfter(const base::Time& delete_begin, bool sync_to_store);
    175 
    176   // Deletes all cookies that match the host of the given URL
    177   // regardless of path.  This includes all http_only and secure cookies,
    178   // but does not include any domain cookies that may apply to this host.
    179   // Returns the number of cookies deleted.
    180   int DeleteAllForHost(const GURL& url);
    181 
    182   // Deletes one specific cookie.
    183   bool DeleteCanonicalCookie(const CanonicalCookie& cookie);
    184 
    185   // Override the default list of schemes that are allowed to be set in
    186   // this cookie store.  Calling his overrides the value of
    187   // "enable_file_scheme_".
    188   // If this this method is called, it must be called before first use of
    189   // the instance (i.e. as part of the instance initialization process).
    190   void SetCookieableSchemes(const char* schemes[], size_t num_schemes);
    191 
    192   // Overrides the default key and expiry scheme.  See comments
    193   // before CookieMap and Garbage collection constants for details.  This
    194   // function must be called before initialization.
    195   void SetExpiryAndKeyScheme(ExpiryAndKeyScheme key_scheme);
    196 
    197   // Instructs the cookie monster to not delete expired cookies. This is used
    198   // in cases where the cookie monster is used as a data structure to keep
    199   // arbitrary cookies.
    200   void SetKeepExpiredCookies();
    201 
    202   // Delegates the call to set the |clear_local_store_on_exit_| flag of the
    203   // PersistentStore if it exists.
    204   void SetClearPersistentStoreOnExit(bool clear_local_store);
    205 
    206   // There are some unknowns about how to correctly handle file:// cookies,
    207   // and our implementation for this is not robust enough. This allows you
    208   // to enable support, but it should only be used for testing. Bug 1157243.
    209   // Must be called before creating a CookieMonster instance.
    210   static void EnableFileScheme();
    211 
    212   // Flush the backing store (if any) to disk and post the given task when done.
    213   // WARNING: THE CALLBACK WILL RUN ON A RANDOM THREAD. IT MUST BE THREAD SAFE.
    214   // It may be posted to the current thread, or it may run on the thread that
    215   // actually does the flushing. Your Task should generally post a notification
    216   // to the thread you actually want to be notified on.
    217   void FlushStore(Task* completion_task);
    218 
    219   // CookieStore implementation.
    220 
    221   // Sets the cookies specified by |cookie_list| returned from |url|
    222   // with options |options| in effect.
    223   virtual bool SetCookieWithOptions(const GURL& url,
    224                                     const std::string& cookie_line,
    225                                     const CookieOptions& options);
    226 
    227   // Gets all cookies that apply to |url| given |options|.
    228   // The returned cookies are ordered by longest path, then earliest
    229   // creation date.
    230   virtual std::string GetCookiesWithOptions(const GURL& url,
    231                                             const CookieOptions& options);
    232 
    233   // Deletes all cookies with that might apply to |url| that has |cookie_name|.
    234   virtual void DeleteCookie(const GURL& url, const std::string& cookie_name);
    235 
    236   virtual CookieMonster* GetCookieMonster();
    237 
    238   // Debugging method to perform various validation checks on the map.
    239   // Currently just checking that there are no null CanonicalCookie pointers
    240   // in the map.
    241   // Argument |arg| is to allow retaining of arbitrary data if the CHECKs
    242   // in the function trip.  TODO(rdsmith):Remove hack.
    243   void ValidateMap(int arg);
    244 
    245   // The default list of schemes the cookie monster can handle.
    246   static const char* kDefaultCookieableSchemes[];
    247   static const int kDefaultCookieableSchemesCount;
    248 
    249  private:
    250   // Testing support.
    251   // For SetCookieWithCreationTime.
    252   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest,
    253                            TestCookieDeleteAllCreatedAfterTimestamp);
    254   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest,
    255                            TestCookieDeleteAllCreatedBetweenTimestamps);
    256 
    257   // For gargage collection constants.
    258   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestHostGarbageCollection);
    259   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestTotalGarbageCollection);
    260   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, GarbageCollectionTriggers);
    261   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestGCTimes);
    262 
    263   // For validation of key values.
    264   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestDomainTree);
    265   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestImport);
    266   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, GetKey);
    267   FRIEND_TEST_ALL_PREFIXES(CookieMonsterTest, TestGetKey);
    268 
    269   // Internal reasons for deletion, used to populate informative histograms
    270   // and to provide a public cause for onCookieChange notifications.
    271   //
    272   // If you add or remove causes from this list, please be sure to also update
    273   // the Delegate::ChangeCause mapping inside ChangeCauseMapping. Moreover,
    274   // these are used as array indexes, so avoid reordering to keep the
    275   // histogram buckets consistent. New items (if necessary) should be added
    276   // at the end of the list, just before DELETE_COOKIE_LAST_ENTRY.
    277   enum DeletionCause {
    278     DELETE_COOKIE_EXPLICIT = 0,
    279     DELETE_COOKIE_OVERWRITE,
    280     DELETE_COOKIE_EXPIRED,
    281     DELETE_COOKIE_EVICTED,
    282     DELETE_COOKIE_DUPLICATE_IN_BACKING_STORE,
    283     DELETE_COOKIE_DONT_RECORD,  // e.g. For final cleanup after flush to store.
    284     DELETE_COOKIE_EVICTED_DOMAIN,
    285     DELETE_COOKIE_EVICTED_GLOBAL,
    286 
    287     // Cookies evicted during domain level garbage collection that
    288     // were accessed longer ago than kSafeFromGlobalPurgeDays
    289     DELETE_COOKIE_EVICTED_DOMAIN_PRE_SAFE,
    290 
    291     // Cookies evicted during domain level garbage collection that
    292     // were accessed more recently than kSafeFromGlobalPurgeDays
    293     // (and thus would have been preserved by global garbage collection).
    294     DELETE_COOKIE_EVICTED_DOMAIN_POST_SAFE,
    295 
    296     // A common idiom is to remove a cookie by overwriting it with an
    297     // already-expired expiration date. This captures that case.
    298     DELETE_COOKIE_EXPIRED_OVERWRITE,
    299 
    300     DELETE_COOKIE_LAST_ENTRY
    301   };
    302 
    303   // Cookie garbage collection thresholds.  Based off of the Mozilla defaults.
    304   // When the number of cookies gets to k{Domain,}MaxCookies
    305   // purge down to k{Domain,}MaxCookies - k{Domain,}PurgeCookies.
    306   // It might seem scary to have a high purge value, but really it's not.
    307   // You just make sure that you increase the max to cover the increase
    308   // in purge, and we would have been purging the same amount of cookies.
    309   // We're just going through the garbage collection process less often.
    310   // Note that the DOMAIN values are per eTLD+1; see comment for the
    311   // CookieMap typedef.  So, e.g., the maximum number of cookies allowed for
    312   // google.com and all of its subdomains will be 150-180.
    313   //
    314   // If the expiry and key scheme follows firefox standards (default,
    315   // set by SetExpiryAndKeyScheme()), any cookies accessed more recently
    316   // than kSafeFromGlobalPurgeDays will not be evicted by global garbage
    317   // collection, even if we have more than kMaxCookies.  This does not affect
    318   // domain garbage collection.
    319   //
    320   // Present in .h file to make accessible to tests through FRIEND_TEST.
    321   // Actual definitions are in cookie_monster.cc.
    322   static const size_t kDomainMaxCookies;
    323   static const size_t kDomainPurgeCookies;
    324   static const size_t kMaxCookies;
    325   static const size_t kPurgeCookies;
    326 
    327   // The number of days since last access that cookies will not be subject
    328   // to global garbage collection.
    329   static const int kSafeFromGlobalPurgeDays;
    330 
    331   // Default value for key and expiry scheme scheme.
    332   static const ExpiryAndKeyScheme expiry_and_key_default_ =
    333       EKS_KEEP_RECENT_AND_PURGE_ETLDP1;
    334 
    335   // Record statistics every kRecordStatisticsIntervalSeconds of uptime.
    336   static const int kRecordStatisticsIntervalSeconds = 10 * 60;
    337 
    338   ~CookieMonster();
    339 
    340   bool SetCookieWithCreationTime(const GURL& url,
    341                                  const std::string& cookie_line,
    342                                  const base::Time& creation_time);
    343 
    344   // Called by all non-static functions to ensure that the cookies store has
    345   // been initialized. This is not done during creating so it doesn't block
    346   // the window showing.
    347   // Note: this method should always be called with lock_ held.
    348   void InitIfNecessary() {
    349     if (!initialized_) {
    350       if (store_)
    351         InitStore();
    352       initialized_ = true;
    353     }
    354   }
    355 
    356   // Initializes the backing store and reads existing cookies from it.
    357   // Should only be called by InitIfNecessary().
    358   void InitStore();
    359 
    360   // Checks that |cookies_| matches our invariants, and tries to repair any
    361   // inconsistencies. (In other words, it does not have duplicate cookies).
    362   void EnsureCookiesMapIsValid();
    363 
    364   // Checks for any duplicate cookies for CookieMap key |key| which lie between
    365   // |begin| and |end|. If any are found, all but the most recent are deleted.
    366   // Returns the number of duplicate cookies that were deleted.
    367   int TrimDuplicateCookiesForKey(const std::string& key,
    368                                  CookieMap::iterator begin,
    369                                  CookieMap::iterator end);
    370 
    371   void SetDefaultCookieableSchemes();
    372 
    373   void FindCookiesForHostAndDomain(const GURL& url,
    374                                    const CookieOptions& options,
    375                                    bool update_access_time,
    376                                    std::vector<CanonicalCookie*>* cookies);
    377 
    378   void FindCookiesForKey(const std::string& key,
    379                          const GURL& url,
    380                          const CookieOptions& options,
    381                          const base::Time& current,
    382                          bool update_access_time,
    383                          std::vector<CanonicalCookie*>* cookies);
    384 
    385   // Delete any cookies that are equivalent to |ecc| (same path, domain, etc).
    386   // If |skip_httponly| is true, httponly cookies will not be deleted.  The
    387   // return value with be true if |skip_httponly| skipped an httponly cookie.
    388   // |key| is the key to find the cookie in cookies_; see the comment before
    389   // the CookieMap typedef for details.
    390   // NOTE: There should never be more than a single matching equivalent cookie.
    391   bool DeleteAnyEquivalentCookie(const std::string& key,
    392                                  const CanonicalCookie& ecc,
    393                                  bool skip_httponly,
    394                                  bool already_expired);
    395 
    396   // Takes ownership of *cc.
    397   void InternalInsertCookie(const std::string& key,
    398                             CanonicalCookie* cc,
    399                             bool sync_to_store);
    400 
    401   // Helper function that sets cookies with more control.
    402   // Not exposed as we don't want callers to have the ability
    403   // to specify (potentially duplicate) creation times.
    404   bool SetCookieWithCreationTimeAndOptions(const GURL& url,
    405                                            const std::string& cookie_line,
    406                                            const base::Time& creation_time,
    407                                            const CookieOptions& options);
    408 
    409 
    410   // Helper function that sets a canonical cookie, deleting equivalents and
    411   // performing garbage collection.
    412   bool SetCanonicalCookie(scoped_ptr<CanonicalCookie>* cc,
    413                           const base::Time& creation_time,
    414                           const CookieOptions& options);
    415 
    416   void InternalUpdateCookieAccessTime(CanonicalCookie* cc,
    417                                       const base::Time& current_time);
    418 
    419   // |deletion_cause| argument is used for collecting statistics and choosing
    420   // the correct Delegate::ChangeCause for OnCookieChanged notifications.
    421   void InternalDeleteCookie(CookieMap::iterator it, bool sync_to_store,
    422                             DeletionCause deletion_cause);
    423 
    424   // If the number of cookies for CookieMap key |key|, or globally, are
    425   // over the preset maximums above, garbage collect, first for the host and
    426   // then globally.  See comments above garbage collection threshold
    427   // constants for details.
    428   //
    429   // Returns the number of cookies deleted (useful for debugging).
    430   int GarbageCollect(const base::Time& current, const std::string& key);
    431 
    432   // Helper for GarbageCollect(); can be called directly as well.  Deletes
    433   // all expired cookies in |itpair|.  If |cookie_its| is non-NULL, it is
    434   // populated with all the non-expired cookies from |itpair|.
    435   //
    436   // Returns the number of cookies deleted.
    437   int GarbageCollectExpired(const base::Time& current,
    438                             const CookieMapItPair& itpair,
    439                             std::vector<CookieMap::iterator>* cookie_its);
    440 
    441   // Helper for GarbageCollect().  Deletes all cookies in the list
    442   // that were accessed before |keep_accessed_after|, using DeletionCause
    443   // |cause|.  If |keep_accessed_after| is null, deletes all cookies in the
    444   // list.  Returns the number of cookies deleted.
    445   int GarbageCollectDeleteList(const base::Time& current,
    446                                const base::Time& keep_accessed_after,
    447                                DeletionCause cause,
    448                                std::vector<CookieMap::iterator>& cookie_its);
    449 
    450   // Find the key (for lookup in cookies_) based on the given domain.
    451   // See comment on keys before the CookieMap typedef.
    452   std::string GetKey(const std::string& domain) const;
    453 
    454   bool HasCookieableScheme(const GURL& url);
    455 
    456   // Statistics support
    457 
    458   // This function should be called repeatedly, and will record
    459   // statistics if a sufficient time period has passed.
    460   void RecordPeriodicStats(const base::Time& current_time);
    461 
    462   // Initialize the above variables; should only be called from
    463   // the constructor.
    464   void InitializeHistograms();
    465 
    466   // The resolution of our time isn't enough, so we do something
    467   // ugly and increment when we've seen the same time twice.
    468   base::Time CurrentTime();
    469 
    470   // Histogram variables; see CookieMonster::InitializeHistograms() in
    471   // cookie_monster.cc for details.
    472   base::Histogram* histogram_expiration_duration_minutes_;
    473   base::Histogram* histogram_between_access_interval_minutes_;
    474   base::Histogram* histogram_evicted_last_access_minutes_;
    475   base::Histogram* histogram_count_;
    476   base::Histogram* histogram_domain_count_;
    477   base::Histogram* histogram_etldp1_count_;
    478   base::Histogram* histogram_domain_per_etldp1_count_;
    479   base::Histogram* histogram_number_duplicate_db_cookies_;
    480   base::Histogram* histogram_cookie_deletion_cause_;
    481   base::Histogram* histogram_time_get_;
    482   base::Histogram* histogram_time_load_;
    483 
    484   CookieMap cookies_;
    485 
    486   // Indicates whether the cookie store has been initialized. This happens
    487   // lazily in InitStoreIfNecessary().
    488   bool initialized_;
    489 
    490   // Indicates whether this cookie monster uses the new effective domain
    491   // key scheme or not.
    492   ExpiryAndKeyScheme expiry_and_key_scheme_;
    493 
    494   scoped_refptr<PersistentCookieStore> store_;
    495 
    496   base::Time last_time_seen_;
    497 
    498   // Minimum delay after updating a cookie's LastAccessDate before we will
    499   // update it again.
    500   const base::TimeDelta last_access_threshold_;
    501 
    502   // Approximate date of access time of least recently accessed cookie
    503   // in |cookies_|.  Note that this is not guaranteed to be accurate, only a)
    504   // to be before or equal to the actual time, and b) to be accurate
    505   // immediately after a garbage collection that scans through all the cookies.
    506   // This value is used to determine whether global garbage collection might
    507   // find cookies to purge.
    508   // Note: The default Time() constructor will create a value that compares
    509   // earlier than any other time value, which is is wanted.  Thus this
    510   // value is not initialized.
    511   base::Time earliest_access_time_;
    512 
    513   std::vector<std::string> cookieable_schemes_;
    514 
    515   scoped_refptr<Delegate> delegate_;
    516 
    517   // Lock for thread-safety
    518   base::Lock lock_;
    519 
    520   base::Time last_statistic_record_time_;
    521 
    522   bool keep_expired_cookies_;
    523 
    524   static bool enable_file_scheme_;
    525 
    526   DISALLOW_COPY_AND_ASSIGN(CookieMonster);
    527 };
    528 
    529 class CookieMonster::CanonicalCookie {
    530  public:
    531 
    532   // These constructors do no validation or canonicalization of their inputs;
    533   // the resulting CanonicalCookies should not be relied on to be canonical
    534   // unless the caller has done appropriate validation and canonicalization
    535   // themselves.
    536   CanonicalCookie();
    537   CanonicalCookie(const GURL& url,
    538                   const std::string& name,
    539                   const std::string& value,
    540                   const std::string& domain,
    541                   const std::string& path,
    542                   const base::Time& creation,
    543                   const base::Time& expiration,
    544                   const base::Time& last_access,
    545                   bool secure,
    546                   bool httponly,
    547                   bool has_expires);
    548 
    549   // This constructor does canonicalization but not validation.
    550   // The result of this constructor should not be relied on in contexts
    551   // in which pre-validation of the ParsedCookie has not been done.
    552   CanonicalCookie(const GURL& url, const ParsedCookie& pc);
    553 
    554   ~CanonicalCookie();
    555 
    556   // Supports the default copy constructor.
    557 
    558   // Creates a canonical cookie from unparsed attribute values.
    559   // Canonicalizes and validates inputs.  May return NULL if an attribute
    560   // value is invalid.
    561   static CanonicalCookie* Create(const GURL& url,
    562                                  const std::string& name,
    563                                  const std::string& value,
    564                                  const std::string& domain,
    565                                  const std::string& path,
    566                                  const base::Time& creation,
    567                                  const base::Time& expiration,
    568                                  bool secure,
    569                                  bool http_only);
    570 
    571   const std::string& Source() const { return source_; }
    572   const std::string& Name() const { return name_; }
    573   const std::string& Value() const { return value_; }
    574   const std::string& Domain() const { return domain_; }
    575   const std::string& Path() const { return path_; }
    576   const base::Time& CreationDate() const { return creation_date_; }
    577   const base::Time& LastAccessDate() const { return last_access_date_; }
    578   bool DoesExpire() const { return has_expires_; }
    579 #if defined(ANDROID)
    580   // Android can shut down our app at any time, so we persist session cookies.
    581   bool IsPersistent() const { return true; }
    582   bool IsSessionCookie() const { return !DoesExpire(); }
    583 #else
    584   bool IsPersistent() const { return DoesExpire(); }
    585 #endif
    586   const base::Time& ExpiryDate() const { return expiry_date_; }
    587   bool IsSecure() const { return secure_; }
    588   bool IsHttpOnly() const { return httponly_; }
    589   bool IsDomainCookie() const {
    590     return !domain_.empty() && domain_[0] == '.'; }
    591   bool IsHostCookie() const { return !IsDomainCookie(); }
    592 
    593   bool IsExpired(const base::Time& current) {
    594     return has_expires_ && current >= expiry_date_;
    595   }
    596 
    597   // Are the cookies considered equivalent in the eyes of RFC 2965.
    598   // The RFC says that name must match (case-sensitive), domain must
    599   // match (case insensitive), and path must match (case sensitive).
    600   // For the case insensitive domain compare, we rely on the domain
    601   // having been canonicalized (in
    602   // GetCookieDomainWithString->CanonicalizeHost).
    603   bool IsEquivalent(const CanonicalCookie& ecc) const {
    604     // It seems like it would make sense to take secure and httponly into
    605     // account, but the RFC doesn't specify this.
    606     // NOTE: Keep this logic in-sync with TrimDuplicateCookiesForHost().
    607     return (name_ == ecc.Name() && domain_ == ecc.Domain()
    608             && path_ == ecc.Path());
    609   }
    610 
    611   void SetLastAccessDate(const base::Time& date) {
    612     last_access_date_ = date;
    613   }
    614 
    615   bool IsOnPath(const std::string& url_path) const;
    616   bool IsDomainMatch(const std::string& scheme, const std::string& host) const;
    617 
    618   std::string DebugString() const;
    619 
    620   // Returns the cookie source when cookies are set for |url|.  This function
    621   // is public for unit test purposes only.
    622   static std::string GetCookieSourceFromURL(const GURL& url);
    623 
    624  private:
    625   // The source member of a canonical cookie is the origin of the URL that tried
    626   // to set this cookie, minus the port number if any.  This field is not
    627   // persistent though; its only used in the in-tab cookies dialog to show the
    628   // user the source URL. This is used for both allowed and blocked cookies.
    629   // When a CanonicalCookie is constructed from the backing store (common case)
    630   // this field will be null.  CanonicalCookie consumers should not rely on
    631   // this field unless they guarantee that the creator of those
    632   // CanonicalCookies properly initialized the field.
    633   std::string source_;
    634   std::string name_;
    635   std::string value_;
    636   std::string domain_;
    637   std::string path_;
    638   base::Time creation_date_;
    639   base::Time expiry_date_;
    640   base::Time last_access_date_;
    641   bool secure_;
    642   bool httponly_;
    643   bool has_expires_;
    644 };
    645 
    646 class CookieMonster::Delegate
    647     : public base::RefCountedThreadSafe<CookieMonster::Delegate> {
    648  public:
    649   // The publicly relevant reasons a cookie might be changed.
    650   enum ChangeCause {
    651     // The cookie was changed directly by a consumer's action.
    652     CHANGE_COOKIE_EXPLICIT,
    653     // The cookie was automatically removed due to an insert operation that
    654     // overwrote it.
    655     CHANGE_COOKIE_OVERWRITE,
    656     // The cookie was automatically removed as it expired.
    657     CHANGE_COOKIE_EXPIRED,
    658     // The cookie was automatically evicted during garbage collection.
    659     CHANGE_COOKIE_EVICTED,
    660     // The cookie was overwritten with an already-expired expiration date.
    661     CHANGE_COOKIE_EXPIRED_OVERWRITE
    662   };
    663 
    664   // Will be called when a cookie is added or removed. The function is passed
    665   // the respective |cookie| which was added to or removed from the cookies.
    666   // If |removed| is true, the cookie was deleted, and |cause| will be set
    667   // to the reason for it's removal. If |removed| is false, the cookie was
    668   // added, and |cause| will be set to CHANGE_COOKIE_EXPLICIT.
    669   //
    670   // As a special case, note that updating a cookie's properties is implemented
    671   // as a two step process: the cookie to be updated is first removed entirely,
    672   // generating a notification with cause CHANGE_COOKIE_OVERWRITE.  Afterwards,
    673   // a new cookie is written with the updated values, generating a notification
    674   // with cause CHANGE_COOKIE_EXPLICIT.
    675   virtual void OnCookieChanged(const CookieMonster::CanonicalCookie& cookie,
    676                                bool removed,
    677                                ChangeCause cause) = 0;
    678  protected:
    679   friend class base::RefCountedThreadSafe<CookieMonster::Delegate>;
    680   virtual ~Delegate() {}
    681 };
    682 
    683 class CookieMonster::ParsedCookie {
    684  public:
    685   typedef std::pair<std::string, std::string> TokenValuePair;
    686   typedef std::vector<TokenValuePair> PairList;
    687 
    688   // The maximum length of a cookie string we will try to parse
    689   static const size_t kMaxCookieSize = 4096;
    690   // The maximum number of Token/Value pairs.  Shouldn't have more than 8.
    691   static const int kMaxPairs = 16;
    692 
    693   // Construct from a cookie string like "BLAH=1; path=/; domain=.google.com"
    694   ParsedCookie(const std::string& cookie_line);
    695   ~ParsedCookie();
    696 
    697   // You should not call any other methods on the class if !IsValid
    698   bool IsValid() const { return is_valid_; }
    699 
    700   const std::string& Name() const { return pairs_[0].first; }
    701   const std::string& Token() const { return Name(); }
    702   const std::string& Value() const { return pairs_[0].second; }
    703 
    704   bool HasPath() const { return path_index_ != 0; }
    705   const std::string& Path() const { return pairs_[path_index_].second; }
    706   bool HasDomain() const { return domain_index_ != 0; }
    707   const std::string& Domain() const { return pairs_[domain_index_].second; }
    708   bool HasExpires() const { return expires_index_ != 0; }
    709   const std::string& Expires() const { return pairs_[expires_index_].second; }
    710   bool HasMaxAge() const { return maxage_index_ != 0; }
    711   const std::string& MaxAge() const { return pairs_[maxage_index_].second; }
    712   bool IsSecure() const { return secure_index_ != 0; }
    713   bool IsHttpOnly() const { return httponly_index_ != 0; }
    714 
    715   // Returns the number of attributes, for example, returning 2 for:
    716   //   "BLAH=hah; path=/; domain=.google.com"
    717   size_t NumberOfAttributes() const { return pairs_.size() - 1; }
    718 
    719   // For debugging only!
    720   std::string DebugString() const;
    721 
    722   // Returns an iterator pointing to the first terminator character found in
    723   // the given string.
    724   static std::string::const_iterator FindFirstTerminator(const std::string& s);
    725 
    726   // Given iterators pointing to the beginning and end of a string segment,
    727   // returns as output arguments token_start and token_end to the start and end
    728   // positions of a cookie attribute token name parsed from the segment, and
    729   // updates the segment iterator to point to the next segment to be parsed.
    730   // If no token is found, the function returns false.
    731   static bool ParseToken(std::string::const_iterator* it,
    732                          const std::string::const_iterator& end,
    733                          std::string::const_iterator* token_start,
    734                          std::string::const_iterator* token_end);
    735 
    736   // Given iterators pointing to the beginning and end of a string segment,
    737   // returns as output arguments value_start and value_end to the start and end
    738   // positions of a cookie attribute value parsed from the segment, and updates
    739   // the segment iterator to point to the next segment to be parsed.
    740   static void ParseValue(std::string::const_iterator* it,
    741                          const std::string::const_iterator& end,
    742                          std::string::const_iterator* value_start,
    743                          std::string::const_iterator* value_end);
    744 
    745   // Same as the above functions, except the input is assumed to contain the
    746   // desired token/value and nothing else.
    747   static std::string ParseTokenString(const std::string& token);
    748   static std::string ParseValueString(const std::string& value);
    749 
    750  private:
    751   static const char kTerminator[];
    752   static const int  kTerminatorLen;
    753   static const char kWhitespace[];
    754   static const char kValueSeparator[];
    755   static const char kTokenSeparator[];
    756 
    757   void ParseTokenValuePairs(const std::string& cookie_line);
    758   void SetupAttributes();
    759 
    760   PairList pairs_;
    761   bool is_valid_;
    762   // These will default to 0, but that should never be valid since the
    763   // 0th index is the user supplied token/value, not an attribute.
    764   // We're really never going to have more than like 8 attributes, so we
    765   // could fit these into 3 bits each if we're worried about size...
    766   size_t path_index_;
    767   size_t domain_index_;
    768   size_t expires_index_;
    769   size_t maxage_index_;
    770   size_t secure_index_;
    771   size_t httponly_index_;
    772 
    773   DISALLOW_COPY_AND_ASSIGN(ParsedCookie);
    774 };
    775 
    776 typedef base::RefCountedThreadSafe<CookieMonster::PersistentCookieStore>
    777     RefcountedPersistentCookieStore;
    778 
    779 class CookieMonster::PersistentCookieStore
    780     : public RefcountedPersistentCookieStore {
    781  public:
    782   virtual ~PersistentCookieStore() {}
    783 
    784   // Initializes the store and retrieves the existing cookies. This will be
    785   // called only once at startup.
    786   virtual bool Load(std::vector<CookieMonster::CanonicalCookie*>* cookies) = 0;
    787 
    788   virtual void AddCookie(const CanonicalCookie& cc) = 0;
    789   virtual void UpdateCookieAccessTime(const CanonicalCookie& cc) = 0;
    790   virtual void DeleteCookie(const CanonicalCookie& cc) = 0;
    791 
    792   // Sets the value of the user preference whether the persistent storage
    793   // must be deleted upon destruction.
    794   virtual void SetClearLocalStateOnExit(bool clear_local_state) = 0;
    795 
    796   // Flush the store and post the given Task when complete.
    797   virtual void Flush(Task* completion_task) = 0;
    798 
    799  protected:
    800   PersistentCookieStore() {}
    801 
    802  private:
    803   DISALLOW_COPY_AND_ASSIGN(PersistentCookieStore);
    804 };
    805 
    806 class CookieList : public std::vector<CookieMonster::CanonicalCookie> {
    807 };
    808 
    809 }  // namespace net
    810 
    811 #endif  // NET_BASE_COOKIE_MONSTER_H_
    812