001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.taglib.security;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.util.CharPool;
020    import com.liferay.portal.kernel.util.Http;
021    import com.liferay.portal.kernel.util.HttpUtil;
022    import com.liferay.portal.kernel.util.StringBundler;
023    import com.liferay.portal.kernel.util.StringPool;
024    import com.liferay.portal.kernel.util.StringUtil;
025    import com.liferay.portal.kernel.util.Validator;
026    import com.liferay.portal.model.Company;
027    import com.liferay.portal.util.PortalUtil;
028    import com.liferay.util.Encryptor;
029    import com.liferay.util.EncryptorException;
030    
031    import java.security.Key;
032    
033    import java.util.HashSet;
034    import java.util.Set;
035    import java.util.StringTokenizer;
036    
037    import javax.servlet.http.HttpServletRequest;
038    import javax.servlet.jsp.JspException;
039    import javax.servlet.jsp.JspWriter;
040    import javax.servlet.jsp.tagext.TagSupport;
041    
042    /**
043     * @author Brian Wing Shun Chan
044     */
045    public class EncryptTag extends TagSupport {
046    
047            @Override
048            public int doEndTag() throws JspException {
049                    try {
050                            JspWriter jspWriter = pageContext.getOut();
051    
052                            jspWriter.write("</a>");
053    
054                            return EVAL_PAGE;
055                    }
056                    catch (Exception e) {
057                            throw new JspException(e);
058                    }
059            }
060    
061            @Override
062            public int doStartTag() throws JspException {
063                    try {
064                            StringBundler sb = new StringBundler();
065    
066                            // Open anchor
067    
068                            sb.append("<a ");
069    
070                            // Class
071    
072                            if (Validator.isNotNull(_className)) {
073                                    sb.append("class=\"");
074                                    sb.append(_className);
075                                    sb.append("\" ");
076                            }
077    
078                            // HREF
079    
080                            sb.append("href=\"");
081                            sb.append(_protocol);
082                            sb.append(Http.PROTOCOL_DELIMITER);
083    
084                            int pos = _url.indexOf(CharPool.QUESTION);
085    
086                            if (pos == -1) {
087                                    sb.append(_url);
088                            }
089                            else {
090                                    sb.append(_url.substring(0, pos));
091                                    sb.append(StringPool.QUESTION);
092    
093                                    Company company = PortalUtil.getCompany(
094                                            (HttpServletRequest)pageContext.getRequest());
095    
096                                    Key key = company.getKeyObj();
097    
098                                    StringTokenizer st = new StringTokenizer(
099                                            _url.substring(pos + 1, _url.length()),
100                                            StringPool.AMPERSAND);
101    
102                                    while (st.hasMoreTokens()) {
103                                            String paramAndValue = st.nextToken();
104    
105                                            int x = paramAndValue.indexOf(CharPool.EQUAL);
106    
107                                            String param = paramAndValue.substring(0, x);
108                                            String value = paramAndValue.substring(x + 1);
109    
110                                            sb.append(param).append(StringPool.EQUAL);
111    
112                                            if (_unencryptedParamsSet.contains(param)) {
113                                                    sb.append(HttpUtil.encodeURL(value));
114                                            }
115                                            else {
116                                                    try {
117                                                            sb.append(
118                                                                    HttpUtil.encodeURL(
119                                                                            Encryptor.encrypt(key, value)));
120                                                    }
121                                                    catch (EncryptorException ee) {
122                                                            _log.error(ee.getMessage());
123                                                    }
124    
125                                                    if (st.hasMoreTokens()) {
126                                                            sb.append(StringPool.AMPERSAND);
127                                                    }
128                                            }
129                                    }
130    
131                                    sb.append("&shuo=1");
132                            }
133    
134                            sb.append("\" ");
135    
136                            // Style
137    
138                            if (Validator.isNotNull(_style)) {
139                                    sb.append("style=\"");
140                                    sb.append(_style);
141                                    sb.append("\" ");
142                            }
143    
144                            // Target
145    
146                            if (Validator.isNotNull(_target)) {
147                                    sb.append("target=\"" + _target + "\"");
148                            }
149    
150                            // Close anchor
151    
152                            sb.append(">");
153    
154                            JspWriter jspWriter = pageContext.getOut();
155    
156                            jspWriter.write(sb.toString());
157    
158                            return EVAL_BODY_INCLUDE;
159                    }
160                    catch (Exception e) {
161                            throw new JspException(e);
162                    }
163            }
164    
165            public void setClassName(String className) {
166                    _className = className;
167            }
168    
169            public void setProtocol(String protocol) {
170                    _protocol = protocol;
171            }
172    
173            public void setStyle(String style) {
174                    _style = style;
175            }
176    
177            public void setTarget(String target) {
178                    _target = target;
179            }
180    
181            public void setUnencryptedParams(String unencryptedParams) {
182                    _unencryptedParamsSet.clear();
183    
184                    String[] unencryptedParamsArray = StringUtil.split(unencryptedParams);
185    
186                    for (int i = 0; i < unencryptedParamsArray.length; i++) {
187                            _unencryptedParamsSet.add(unencryptedParamsArray[i]);
188                    }
189            }
190    
191            public void setUrl(String url) {
192                    _url = url;
193            }
194    
195            private static Log _log = LogFactoryUtil.getLog(EncryptTag.class);
196    
197            private String _className;
198            private String _protocol;
199            private String _style;
200            private String _target;
201            private Set<String> _unencryptedParamsSet = new HashSet<String>();
202            private String _url;
203    
204    }