Logo Search packages:      
Sourcecode: paros version File versions  Download package

HttpMethodHelper.java

/*
 * Created on May 26, 2004
 *
 * Paros and its related class files.
 * 
 * Paros is an HTTP/HTTPS proxy for assessing web application security.
 * Copyright (C) 2003-2004 Chinotec Technologies Company
 * 
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the Clarified Artistic License
 * as published by the Free Software Foundation.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * Clarified Artistic License for more details.
 * 
 * You should have received a copy of the Clarified Artistic License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */
package org.parosproxy.paros.network;

import java.util.regex.Pattern;

import org.apache.commons.httpclient.Header;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpVersion;
import org.apache.commons.httpclient.URI;
import org.apache.commons.httpclient.URIException;
import org.apache.commons.httpclient.methods.ByteArrayRequestEntity;
import org.apache.commons.httpclient.methods.DeleteMethod;
import org.apache.commons.httpclient.methods.EntityEnclosingMethod;
import org.apache.commons.httpclient.methods.GetMethod;
import org.apache.commons.httpclient.methods.HeadMethod;
import org.apache.commons.httpclient.methods.OptionsMethod;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.PutMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.commons.httpclient.methods.TraceMethod;
//import org.apache.commons.httpclient.methods.TraceMethod;
import org.apache.commons.httpclient.params.HttpMethodParams;



/**
 *
 * To change the template for this generated type comment go to
 * Window - Preferences - Java - Code Generation - Code and Comments
 */
00051 public class HttpMethodHelper {

      private static final String OPTIONS = "OPTIONS";
      private static final String GET           = "GET";
      private static final String HEAD    = "HEAD";
      private static final String POST    = "POST";
      private static final String PUT           = "PUT";
      private static final String DELETE  = "DELETE";
      private static final String TRACE   = "TRACE";
      private static final String CONNECT = "CONNECT";
      private static final String HTTP11  = "HTTP/1.1";
      private static final String HTTP10  = "HTTP/1.0";
      private static final String HTTP    = "http";
      private static final String HTTPS   = "https";
      
      private static final String CRLF    =     "\r\n";
      private static final String LF            =     "\n";
      private static final Pattern patternCRLF  = Pattern.compile("\\r\\n", Pattern.MULTILINE);
      private static final Pattern patternLF          = Pattern.compile("\\n", Pattern.MULTILINE);
      
      private static final String p_TEXT        = "[^\\x00-\\x1f\\r\\n]*"; 
      private static final String p_METHOD      = "(\\w+)";
      private static final String p_SP          = " +";
      private static final String p_URI         = "(\\S+)";
      private static final String p_VERSION     = "(HTTP/\\d+\\.\\d+)";
      
      private static final Pattern patternRequestLine = Pattern.compile(p_METHOD + p_SP + p_URI + p_SP + p_VERSION, Pattern.CASE_INSENSITIVE);
      private static final Pattern patternHostHeader = Pattern.compile("([^:]+)\\s*:?\\s*(\\d*)");

      private static final String HEADER_HOST = "Host";
      
      private String mUserAgent = "";
      public void setUserAgent(String userAgent) {
            mUserAgent = userAgent;
      }

      // Not used - all abstract using Generic method but GET cannot be used.
      public HttpMethod createRequestMethodNew(HttpRequestHeader header, HttpBody body) throws URIException {
            HttpMethod httpMethod = null;
            
            String method = header.getMethod();
            URI uri     = header.getURI();
            String version = header.getVersion();
            
            httpMethod = new GenericMethod(method);

            httpMethod.setURI(uri);
            HttpMethodParams httpParams = httpMethod.getParams();
            // default to use HTTP 1.0
            httpParams.setVersion(HttpVersion.HTTP_1_0);
            if (version.equalsIgnoreCase(HttpHeader.HTTP11)) {
                  httpParams.setVersion(HttpVersion.HTTP_1_1);
            }
            
            // set various headers
            int pos = 0;
            Pattern pattern = null;
            String delimiter = CRLF;
            
            String msg = header.getHeadersAsString();
            if ((pos = msg.indexOf(CRLF)) < 0) {
                  if ((pos = msg.indexOf(LF)) < 0) {
                        delimiter = LF;
                        pattern = patternLF;
                  }
            } else {
                  delimiter = CRLF;
                  pattern = patternCRLF;
            }
              
            String[] split = pattern.split(msg);
            String token = null;
            String name = null;
            String value = null;
            String host = null;
            
            for (int i=0; i<split.length; i++) {
                  token = split[i];
                  if (token.equals("")) {
                        continue;
                  }
                  
                  if ((pos = token.indexOf(":")) < 0) {
                        return null;
                  }
                  name  = token.substring(0, pos).trim();
                  value = token.substring(pos +1).trim();               
                  httpMethod.addRequestHeader(name, value);

            }

            // set body if post method or put method
            if (body != null && body.length() > 0) {
                  EntityEnclosingMethod generic = (EntityEnclosingMethod) httpMethod;
//                generic.setRequestEntity(new StringRequestEntity(body.toString()));
            generic.setRequestEntity(new ByteArrayRequestEntity(body.getBytes()));

        }

            httpMethod.setFollowRedirects(false);
            return httpMethod;

      }

      //  This is the currently in use method.
      // may be replaced by the New method - however the New method is not yet fully tested so this is stil used.
      public HttpMethod createRequestMethod(HttpRequestHeader header, HttpBody body) throws URIException {
            HttpMethod httpMethod = null;
            
            String method = header.getMethod();
            URI uri     = header.getURI();
            String version = header.getVersion();
            
            if (method.equalsIgnoreCase(GET)) {
                  httpMethod = new GetMethod();
            } else if (method.equalsIgnoreCase(POST)) {
                  httpMethod = new PostMethod();
            } else if (method.equalsIgnoreCase(DELETE)) {
                  httpMethod = new DeleteMethod();
            } else if (method.equalsIgnoreCase(PUT)) {
                  httpMethod = new PutMethod();
            } else if (method.equalsIgnoreCase(HEAD)) {
                  httpMethod = new HeadMethod();
            } else if (method.equalsIgnoreCase(OPTIONS)) {
                  httpMethod = new OptionsMethod();
            } else if (method.equalsIgnoreCase(TRACE)) {
                  httpMethod = new TraceMethod(uri.toString());
            } else {
                  httpMethod = new GenericMethod(method);
            }

            httpMethod.setURI(uri);
            HttpMethodParams httpParams = httpMethod.getParams();
            // default to use HTTP 1.0
            httpParams.setVersion(HttpVersion.HTTP_1_0);
            if (version.equalsIgnoreCase(HttpHeader.HTTP11)) {
                  httpParams.setVersion(HttpVersion.HTTP_1_1);
            }
            
            // set various headers
            int pos = 0;
            Pattern pattern = null;
            String delimiter = CRLF;
            
            String msg = header.getHeadersAsString();
            if ((pos = msg.indexOf(CRLF)) < 0) {
                  if ((pos = msg.indexOf(LF)) < 0) {
                        delimiter = LF;
                        pattern = patternLF;
                  }
            } else {
                  delimiter = CRLF;
                  pattern = patternCRLF;
            }
              
            String[] split = pattern.split(msg);
            String token = null;
            String name = null;
            String value = null;
            
            for (int i=0; i<split.length; i++) {
                  token = split[i];
                  if (token.equals("")) {
                        continue;
                  }
                  
                  if ((pos = token.indexOf(":")) < 0) {
                        return null;
                  }
                  name  = token.substring(0, pos).trim();
                  value = token.substring(pos +1).trim();               
                  httpMethod.addRequestHeader(name, value);

            }

            // set body if post method or put method
            if (body != null && body.length() > 0 && (httpMethod instanceof PostMethod || httpMethod instanceof PutMethod)) {
                  EntityEnclosingMethod post = (EntityEnclosingMethod) httpMethod;
//                post.setRequestEntity(new StringRequestEntity(body.toString()));
            post.setRequestEntity(new ByteArrayRequestEntity(body.getBytes()));

            }

            httpMethod.setFollowRedirects(false);
            return httpMethod;

      }
      
      
      /**
       * Build a HttpMethod (eg GET, POST) from raw string.  All headers will be set accordingly as in
       * the raw string.
       * @param request raw request string with header and body.
       * @param isSecure true if the connection is SSL.
       * @return an unexecuted HttpMethod
       */
      /* This is the original code using a String as request.  Now obsolete
       * 
      private HttpMethod createRequestMethod(String request, boolean isSecure) throws HttpException, URIException {
            HttpMethod httpMethod = null;
            Pattern pattern = null;
            String delimiter = CRLF;
            
            int pos = 0;
            
            if (request == null || request.equals("")) {
                  throw new HttpException ("Null or empty request");
            }
            
            if ((pos = request.indexOf(CRLF)) < 0) {
                  if ((pos = request.indexOf(LF)) < 0) {
                        throw new HttpException ("Invalid HTTP request with missing CR/LF");
                  } else {
                        delimiter = LF;
                        pattern = patternLF;
                  }
            } else {
                  delimiter = CRLF;
                  pattern = patternCRLF;
            }
              
            String[] split = pattern.split(request);
            String startLine = split[0];
            httpMethod = createMethodFromStartLine(startLine);
            
            String token = null;
            String name = null;
            String value = null;
            String host = null;
            
            for (int i=1; i<split.length; i++) {
                  token = split[i];
                  if (token.equals("")) {
                        continue;
                  }
                  
                  if ((pos = token.indexOf(":")) < 0) {
                        return null;
                  }
                  name  = token.substring(0, pos).trim();
                  value = token.substring(pos +1).trim();

                  if (name.equalsIgnoreCase(HEADER_HOST)) {
                        host = value;
                  }
                  
                  httpMethod.addRequestHeader(name, value);

            }

            URI uri = httpMethod.getURI();                  
            boolean isUriChanged = false;
            if (uri.getScheme() == null || uri.getScheme().equals("")) {
                  uri = new URI(HTTP + "://" + host + uri.toString(), true);
                  isUriChanged = true;
            }

            if (isSecure && uri.getScheme().equalsIgnoreCase(HTTP)) {
                  uri = new URI(uri.toString().replaceFirst(HTTP, HTTPS), true);
                  isUriChanged = true;
            }
            
            if (isUriChanged) {
                  httpMethod.setURI(uri);
            }
            
            httpMethod.setFollowRedirects(false);
            return httpMethod;
      }
      
      private HttpMethod createMethodFromStartLine(String startLine) throws URIException {
            HttpMethod httpMethod = null;
            
            Matcher matcher = patternRequestLine.matcher(startLine);
            if (!matcher.find()) {
                  throw new URIException("Missing startLine in HTTP request");
            }
            
            String method = matcher.group(1);
            String uri  = matcher.group(2);
            String version = matcher.group(3);
            
            if (method.equalsIgnoreCase(GET)) {
                  httpMethod = new GetMethod();
            } else if (method.equalsIgnoreCase(POST)) {
                  httpMethod = new PostMethod();
            } else if (method.equalsIgnoreCase(DELETE)) {
                  httpMethod = new DeleteMethod();
            } else if (method.equalsIgnoreCase(PUT)) {
                  httpMethod = new PutMethod();
            } else if (method.equalsIgnoreCase(HEAD)) {
                  httpMethod = new HeadMethod();
            } else if (method.equalsIgnoreCase(OPTIONS)) {
                  httpMethod = new OptionsMethod();
            } else if (method.equalsIgnoreCase(TRACE)) {
                  httpMethod = new TraceMethod(uri);
            } else {
                  // httpMethod = GenericMethod();
            }

            httpMethod.setURI(new URI(uri, true));
            HttpMethodParams httpParams = httpMethod.getParams();
            // default to use HTTP 1.0
            httpParams.setVersion(HttpVersion.HTTP_1_0);
            if (version.equalsIgnoreCase(HTTP11)) {
                  httpParams.setVersion(HttpVersion.HTTP_1_1);
            }

            httpMethod.setParams(httpParams);
            
            return httpMethod;
      }
      */
      
00365       public static void updateHttpRequestHeaderSent(HttpRequestHeader req, HttpMethod httpMethodSent) {
            StringBuffer sb = new StringBuffer(200);
            String name = null;
            String value = null;

            // Not used yet, no need to update request.
            if (!httpMethodSent.hasBeenUsed()) {
                return;
            }
            
            // add status line
            sb.append(req.getPrimeHeader() + CRLF);

            Header[] header = httpMethodSent.getRequestHeaders();
            for (int i=0; i<header.length; i++) {
                  name = header[i].getName();
                  value = header[i].getValue();
                  sb.append(name + ": " + value + CRLF);
            }
            
            sb.append(CRLF);
          try {
            req.setMessage(sb.toString());
        } catch (HttpMalformedHeaderException e) {
            e.printStackTrace();
        }
      }
      
      private static String getHttpResponseHeaderAsString(HttpMethod httpMethod) {
            StringBuffer sb = new StringBuffer(200);
            String name = null;
            String value = null;

            // add status line
            sb.append(httpMethod.getStatusLine().toString() + CRLF);

            Header[] header = httpMethod.getResponseHeaders();
            for (int i=0; i<header.length; i++) {
                  name = header[i].getName();
                  value = header[i].getValue();
                  sb.append(name + ": " + value + CRLF);
            }
            
            sb.append(CRLF);
            return sb.toString();
      }

      
      public static HttpResponseHeader getHttpResponseHeader(HttpMethod httpMethod) throws HttpMalformedHeaderException {
            return new HttpResponseHeader(getHttpResponseHeaderAsString(httpMethod));
      }

      /*
      public static String getHttpRequestHeaderAsString(HttpMethod httpMethod) {
            StringBuffer sb = new StringBuffer(200);
            String name = null;
            String value = null;

            // add status line
            try {
                  sb.append(httpMethod.getName() + " " + httpMethod.getURI().toString() + " " + httpMethod.getParams().getVersion() + CRLF);
            } catch (URIException e) {
                  
            }
            
            Header[] header = httpMethod.getRequestHeaders();
            for (int i=0; i<header.length; i++) {
                  name = header[i].getName();
                  value = header[i].getValue();
                  sb.append(name + ": " + value + CRLF);
            }
            
            sb.append(CRLF);
            return sb.toString();
      }
      */

      
      
}

Generated by  Doxygen 1.6.0   Back to index