1/*
2 * Copyright (C) 2009 Google Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
6 * met:
7 *
8 *     * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 *     * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
13 * distribution.
14 *     * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31#include "config.h"
32#include "OriginAccessEntry.h"
33
34#include "SecurityOrigin.h"
35
36namespace WebCore {
37
38OriginAccessEntry::OriginAccessEntry(const String& protocol, const String& host, SubdomainSetting subdomainSetting)
39    : m_protocol(protocol.lower())
40    , m_host(host.lower())
41    , m_subdomainSettings(subdomainSetting)
42{
43    ASSERT(m_protocol == "http" || m_protocol == "https");
44    ASSERT(subdomainSetting == AllowSubdomains || subdomainSetting == DisallowSubdomains);
45
46    // Assume that any host that ends with a digit is trying to be an IP address.
47    m_hostIsIPAddress = !m_host.isEmpty() && isASCIIDigit(m_host[m_host.length() - 1]);
48}
49
50bool OriginAccessEntry::matchesOrigin(const SecurityOrigin& origin) const
51{
52    ASSERT(origin.host() == origin.host().lower());
53    ASSERT(origin.protocol() == origin.protocol().lower());
54
55    if (m_protocol != origin.protocol())
56        return false;
57
58    // Special case: Include subdomains and empty host means "all hosts, including ip addresses".
59    if (m_subdomainSettings == AllowSubdomains && m_host.isEmpty())
60        return true;
61
62    // Exact match.
63    if (m_host == origin.host())
64        return true;
65
66    // Otherwise we can only match if we're matching subdomains.
67    if (m_subdomainSettings == DisallowSubdomains)
68        return false;
69
70    // Don't try to do subdomain matching on IP addresses.
71    if (m_hostIsIPAddress)
72        return false;
73
74    // Match subdomains.
75    if (origin.host().length() > m_host.length() && origin.host()[origin.host().length() - m_host.length() - 1] == '.' && origin.host().endsWith(m_host))
76        return true;
77
78    return false;
79}
80
81} // namespace WebCore
82