Source code

001/*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.wicket.csp;
018
019import java.net.URI;
020import java.net.URISyntaxException;
021
022import org.apache.wicket.request.cycle.RequestCycle;
023import org.apache.wicket.util.string.Strings;
024
025/**
026 * A simple CSP value that renders the string specified.
027 * 
028 * @author papegaaij
029 */
030public class FixedCSPValue implements CSPRenderable
031{
032        private final String value;
033
034        /**
035         * Creates a new {@code FixedCSPValue} for the given value.
036         *
037         * @param value
038         *            the value to render;
039         */
040        public FixedCSPValue(String value)
041        {
042                if (Strings.isEmpty(value))
043                {
044                        throw new IllegalArgumentException("CSP directive cannot have empty or null values");
045                }
046                this.value = value;
047        }
048
049        @Override
050        public String render(ContentSecurityPolicySettings settings, RequestCycle cycle)
051        {
052                return value;
053        }
054
055        @Override
056        public void checkValidityForSrc()
057        {
058                String strValue = value;
059                if ("data:".equals(strValue) ||
060                                "blob:".equals(strValue) ||
061                                "mediastream:".equals(strValue) ||
062                                "filesystem:".equals(strValue) ||
063                                "https:".equals(strValue))
064                {
065                        return;
066                }
067
068                // strip off "*." so "*.example.com" becomes "example.com" and we can check if
069                // it is a valid uri
070                if (strValue.startsWith("*."))
071                {
072                        strValue = strValue.substring(2);
073                }
074
075                try
076                {
077                        new URI(strValue);
078                }
079                catch (URISyntaxException urise)
080                {
081                        throw new IllegalArgumentException("Illegal URI for -src directive", urise);
082                }
083        }
084
085        @Override
086        public String toString()
087        {
088                return value;
089        }
090}