001// Copyright 2009, 2010, 2011 The Apache Software Foundation
002//
003// Licensed under the Apache License, Version 2.0 (the "License");
004// you may not use this file except in compliance with the License.
005// You may obtain a copy of the License at
006//
007// http://www.apache.org/licenses/LICENSE-2.0
008//
009// Unless required by applicable law or agreed to in writing, software
010// distributed under the License is distributed on an "AS IS" BASIS,
011// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012// See the License for the specific language governing permissions and
013// limitations under the License.
014
015package org.apache.tapestry5.internal.services;
016
017import java.io.IOException;
018
019import javax.servlet.http.HttpServletResponse;
020
021import org.apache.tapestry5.ioc.Resource;
022import org.apache.tapestry5.services.AssetSource;
023import org.apache.tapestry5.services.Response;
024
025public class AssetResourceLocatorImpl implements AssetResourceLocator
026{
027    private final ResourceDigestManager digestManager;
028
029    private final Response response;
030
031    private final AssetSource assetSource;
032
033    public AssetResourceLocatorImpl(ResourceDigestManager digestManager, Response response, AssetSource assetSource)
034    {
035        this.digestManager = digestManager;
036        this.response = response;
037        this.assetSource = assetSource;
038    }
039
040    public Resource findClasspathResourceForPath(String path) throws IOException
041    {
042        Resource resource = assetSource.resourceForPath(path);
043
044        if (!digestManager.requiresDigest(resource))
045            return resource;
046
047        return validateChecksumOfClasspathResource(resource);
048    }
049
050    /**
051     * Validates the checksum encoded into the resource, and returns the true resource (with the checksum
052     * portion removed from the file name).
053     */
054    private Resource validateChecksumOfClasspathResource(Resource resource) throws IOException
055    {
056        String file = resource.getFile();
057
058        // Somehow this code got real ugly, but it's all about preventing NPEs when a resource
059        // that should have a digest doesn't.
060
061        boolean valid = false;
062        Resource result = resource;
063
064        int lastdotx = file.lastIndexOf('.');
065
066        if (lastdotx > 0)
067        {
068            int prevdotx = file.lastIndexOf('.', lastdotx - 1);
069
070            if (prevdotx > 0)
071            {
072                String requestDigest = file.substring(prevdotx + 1, lastdotx);
073
074                // Strip the digest out of the file name.
075
076                String realFile = file.substring(0, prevdotx) + file.substring(lastdotx);
077
078                result = resource.forFile(realFile);
079
080                String actualDigest = digestManager.getDigest(result);
081
082                valid = requestDigest.equals(actualDigest);
083            }
084        }
085
086        if (valid)
087            return result;
088
089        // TODO: Perhaps we should send an exception here, so that the caller can decide
090        // to send the error. I'm not happy with this.
091
092        response.sendError(HttpServletResponse.SC_FORBIDDEN, ServicesMessages.wrongAssetDigest(result));
093
094        return null;
095    }
096}