net/cookie.rs
1/* This Source Code Form is subject to the terms of the Mozilla Public
2 * License, v. 2.0. If a copy of the MPL was not distributed with this
3 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
4
5//! Implementation of cookie creation and matching as specified by
6//! <http://tools.ietf.org/html/rfc6265>
7
8use std::borrow::ToOwned;
9use std::net::{Ipv4Addr, Ipv6Addr};
10use std::time::SystemTime;
11
12use cookie::Cookie;
13use log::{Level, debug, log_enabled};
14use net_traits::CookieSource;
15use net_traits::pub_domains::is_pub_domain;
16use nom::branch::alt;
17use nom::bytes::complete::{tag, tag_no_case, take, take_while_m_n};
18use nom::combinator::{opt, recognize};
19use nom::multi::{many0, many1, separated_list1};
20use nom::sequence::{delimited, preceded, terminated};
21use nom::{IResult, Parser};
22use serde::{Deserialize, Serialize};
23use servo_url::ServoUrl;
24use time::{Date, Duration, Month, OffsetDateTime, Time};
25
26/// A stored cookie that wraps the definition in cookie-rs. This is used to implement
27/// various behaviours defined in the spec that rely on an associated request URL,
28/// which cookie-rs and hyper's header parsing do not support.
29#[derive(Clone, Debug, Deserialize, Serialize)]
30pub struct ServoCookie {
31 #[serde(
32 deserialize_with = "hyper_serde::deserialize",
33 serialize_with = "hyper_serde::serialize"
34 )]
35 pub cookie: Cookie<'static>,
36 pub host_only: bool,
37 pub persistent: bool,
38 pub creation_time: SystemTime,
39 pub last_access: SystemTime,
40 pub expiry_time: Option<SystemTime>,
41}
42
43impl ServoCookie {
44 pub fn from_cookie_string(
45 cookie_str: &str,
46 request: &ServoUrl,
47 source: CookieSource,
48 ) -> Option<ServoCookie> {
49 let mut cookie = Cookie::parse(cookie_str.to_owned()).ok()?;
50
51 // Cookie::parse uses RFC 2616 <http://tools.ietf.org/html/rfc2616#section-3.3.1> to parse
52 // cookie expiry date. If it fails to parse the expiry date, try to parse again with
53 // less strict algorithm from RFC6265.
54 // TODO: We can remove this code and the ServoCookie::parse_date function if cookie-rs
55 // library fixes this upstream.
56 if cookie.expires_datetime().is_none() {
57 let expiry_date_str = cookie_str
58 .split(';')
59 .filter_map(|key_value| {
60 key_value
61 .find('=')
62 .map(|i| (key_value[..i].trim(), key_value[(i + 1)..].trim()))
63 })
64 .find_map(|(key, value)| key.eq_ignore_ascii_case("expires").then_some(value));
65 if let Some(date_str) = expiry_date_str {
66 cookie.set_expires(Self::parse_date(date_str));
67 }
68 }
69
70 ServoCookie::new_wrapped(cookie, request, source)
71 }
72
73 /// Steps 6-22 from <https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-15.html#name-storage-model>
74 pub fn new_wrapped(
75 mut cookie: Cookie<'static>,
76 request: &ServoUrl,
77 source: CookieSource,
78 ) -> Option<ServoCookie> {
79 let persistent;
80 let expiry_time;
81
82 // Step 6. If the cookie-attribute-list contains an attribute with an attribute-name of "Max-Age":
83 if let Some(max_age) = cookie.max_age() {
84 // 1. Set the cookie's persistent-flag to true.
85 persistent = true;
86
87 // The user agent MUST limit the maximum value of the Max-Age attribute.
88 // The limit SHOULD NOT be greater than 400 days (34560000 seconds) in the future.
89 let clamped_max_age = max_age.min(Duration::seconds(34_560_000));
90
91 // 2. Set the cookie's expiry-time to attribute-value of the last
92 // attribute in the cookie-attribute-list with an attribute-name of "Max-Age".
93 expiry_time = Some(SystemTime::now() + clamped_max_age);
94 cookie.set_max_age(clamped_max_age);
95 // cookie-rs doesn't seem to mirror the max-age value to expiry and vice versa so we do explicitly
96 cookie.set_expires(Some(OffsetDateTime::now_utc() + clamped_max_age));
97 }
98 // Otherwise, if the cookie-attribute-list contains an attribute with an attribute-name of "Expires":
99 else if let Some(date_time) = cookie.expires_datetime() {
100 // 1. Set the cookie's persistent-flag to true.
101 persistent = true;
102
103 // The user agent MUST limit the maximum value of the Expires attribute.
104 // The limit SHOULD NOT be greater than 400 days (34560000 seconds) in the future.
105 let clamped_date_time =
106 date_time.min(OffsetDateTime::now_utc() + Duration::seconds(34_560_000));
107
108 // 2. Set the cookie's expiry-time to attribute-value of the last attribute in the
109 // cookie-attribute-list with an attribute-name of "Expires".
110 expiry_time = Some(clamped_date_time.into());
111 cookie.set_expires(Some(clamped_date_time));
112 // cookie-rs doesn't seem to mirror the max-age value to expiry and vice versa so we do explicitly
113 cookie.set_max_age(Some(clamped_date_time - OffsetDateTime::now_utc()));
114 }
115 // Otherwise:
116 else {
117 // 1. Set the cookie's persistent-flag to false.
118 persistent = false;
119
120 // 2. Set the cookie's expiry-time to the latest representable date.
121 expiry_time = None;
122 }
123
124 let url_host = request.host_str().unwrap_or("").to_owned();
125
126 // Step 7. If the cookie-attribute-list contains an attribute with an attribute-name of "Domain":
127 let mut domain = if let Some(domain) = cookie.domain() {
128 // 1. Let the domain-attribute be the attribute-value of the last attribute in the
129 // cookie-attribute-list [..]
130 // NOTE: This is done by the cookie crate
131 domain.to_owned()
132 }
133 // Otherwise:
134 else {
135 // 1. Let the domain-attribute be the empty string.
136 String::new()
137 };
138
139 // TODO Step 8. If the domain-attribute contains a character that is not in the range of [USASCII] characters,
140 // abort these steps and ignore the cookie entirely.
141 // NOTE: (is this done by the cookies crate?)
142
143 // Step 9. If the user agent is configured to reject "public suffixes" and the domain-attribute
144 // is a public suffix:
145 if is_pub_domain(&domain) {
146 // 1. If the domain-attribute is identical to the canonicalized request-host:
147 if domain == url_host {
148 // 1. Let the domain-attribute be the empty string.
149 domain = String::new();
150 }
151 // Otherwise:
152 else {
153 // 1.Abort these steps and ignore the cookie entirely.
154 return None;
155 }
156 }
157
158 // Step 10. If the domain-attribute is non-empty:
159 let host_only;
160 if !domain.is_empty() {
161 // 1. If the canonicalized request-host does not domain-match the domain-attribute:
162 if !ServoCookie::domain_match(&url_host, &domain) {
163 // 1. Abort these steps and ignore the cookie entirely.
164 return None;
165 } else {
166 // 1. Set the cookie's host-only-flag to false.
167 host_only = false;
168
169 // 2. Set the cookie's domain to the domain-attribute.
170 cookie.set_domain(domain);
171 }
172 }
173 // Otherwise:
174 else {
175 // 1. Set the cookie's host-only-flag to true.
176 host_only = true;
177
178 // 2. Set the cookie's domain to the canonicalized request-host.
179 cookie.set_domain(url_host);
180 };
181
182 // Step 11. If the cookie-attribute-list contains an attribute with an attribute-name of "Path",
183 // set the cookie's path to attribute-value of the last attribute in the cookie-attribute-list
184 // with both an attribute-name of "Path" and an attribute-value whose length is no more than 1024 octets.
185 // Otherwise, set the cookie's path to the default-path of the request-uri.
186 let mut has_path_specified = true;
187 let mut path = cookie
188 .path()
189 .unwrap_or_else(|| {
190 has_path_specified = false;
191 ""
192 })
193 .to_owned();
194 // TODO: Why do we do this?
195 if !path.starts_with('/') {
196 path = ServoCookie::default_path(request.path()).to_string();
197 }
198 cookie.set_path(path);
199
200 // Step 12. If the cookie-attribute-list contains an attribute with an attribute-name of "Secure",
201 // set the cookie's secure-only-flag to true. Otherwise, set the cookie's secure-only-flag to false.
202 let secure_only = cookie.secure().unwrap_or(false);
203
204 // Step 13. If the request-uri does not denote a "secure" connection (as defined by the user agent),
205 // and the cookie's secure-only-flag is true, then abort these steps and ignore the cookie entirely.
206 if secure_only && !request.is_secure_scheme() {
207 return None;
208 }
209
210 // Step 14. If the cookie-attribute-list contains an attribute with an attribute-name of "HttpOnly",
211 // set the cookie's http-only-flag to true. Otherwise, set the cookie's http-only-flag to false.
212 let http_only = cookie.http_only().unwrap_or(false);
213
214 // Step 15. If the cookie was received from a "non-HTTP" API and the cookie's
215 // http-only-flag is true, abort these steps and ignore the cookie entirely.
216 if http_only && source == CookieSource::NonHTTP {
217 return None;
218 }
219
220 // TODO: Step 16, Ignore cookies from insecure request uris based on existing cookies
221
222 // TODO: Steps 17-19, same-site-flag
223
224 // Step 20. If the cookie-name begins with a case-insensitive match for the string "__Secure-",
225 // abort these steps and ignore the cookie entirely unless the cookie's secure-only-flag is true.
226 let has_case_insensitive_prefix = |value: &str, prefix: &str| {
227 value
228 .get(..prefix.len())
229 .is_some_and(|p| p.eq_ignore_ascii_case(prefix))
230 };
231 if has_case_insensitive_prefix(cookie.name(), "__Secure-") &&
232 !cookie.secure().unwrap_or(false)
233 {
234 return None;
235 }
236
237 // Step 21. If the cookie-name begins with a case-insensitive match for the string "__Host-",
238 // abort these steps and ignore the cookie entirely unless the cookie meets all the following criteria:
239 if has_case_insensitive_prefix(cookie.name(), "__Host-") {
240 // 1. The cookie's secure-only-flag is true.
241 if !secure_only {
242 return None;
243 }
244
245 // 2. The cookie's host-only-flag is true.
246 if !host_only {
247 return None;
248 }
249
250 // 3. The cookie-attribute-list contains an attribute with an attribute-name of "Path",
251 // and the cookie's path is /.
252 #[allow(clippy::nonminimal_bool)]
253 if !has_path_specified || !cookie.path().is_some_and(|path| path == "/") {
254 return None;
255 }
256 }
257
258 // Step 22. If the cookie-name is empty and either of the following conditions are true,
259 // abort these steps and ignore the cookie entirely:
260 if cookie.name().is_empty() {
261 // 1. the cookie-value begins with a case-insensitive match for the string "__Secure-"
262 if has_case_insensitive_prefix(cookie.value(), "__Secure-") {
263 return None;
264 }
265
266 // 2. the cookie-value begins with a case-insensitive match for the string "__Host-"
267 if has_case_insensitive_prefix(cookie.value(), "__Host-") {
268 return None;
269 }
270 }
271
272 Some(ServoCookie {
273 cookie,
274 host_only,
275 persistent,
276 creation_time: SystemTime::now(),
277 last_access: SystemTime::now(),
278 expiry_time,
279 })
280 }
281
282 pub fn touch(&mut self) {
283 self.last_access = SystemTime::now();
284 }
285
286 pub fn set_expiry_time_in_past(&mut self) {
287 self.expiry_time = Some(SystemTime::UNIX_EPOCH)
288 }
289
290 /// <http://tools.ietf.org/html/rfc6265#section-5.1.4>
291 pub fn default_path(request_path: &str) -> &str {
292 // Step 2
293 if !request_path.starts_with('/') {
294 return "/";
295 }
296
297 // Step 3
298 let rightmost_slash_idx = request_path.rfind('/').unwrap();
299 if rightmost_slash_idx == 0 {
300 // There's only one slash; it's the first character
301 return "/";
302 }
303
304 // Step 4
305 &request_path[..rightmost_slash_idx]
306 }
307
308 /// <http://tools.ietf.org/html/rfc6265#section-5.1.4>
309 pub fn path_match(request_path: &str, cookie_path: &str) -> bool {
310 // A request-path path-matches a given cookie-path if at least one of
311 // the following conditions holds:
312
313 // The cookie-path and the request-path are identical.
314 request_path == cookie_path ||
315 (request_path.starts_with(cookie_path) &&
316 (
317 // The cookie-path is a prefix of the request-path, and the last
318 // character of the cookie-path is %x2F ("/").
319 cookie_path.ends_with('/') ||
320 // The cookie-path is a prefix of the request-path, and the first
321 // character of the request-path that is not included in the cookie-
322 // path is a %x2F ("/") character.
323 request_path[cookie_path.len()..].starts_with('/')
324 ))
325 }
326
327 /// <http://tools.ietf.org/html/rfc6265#section-5.1.3>
328 pub fn domain_match(string: &str, domain_string: &str) -> bool {
329 let string = &string.to_lowercase();
330 let domain_string = &domain_string.to_lowercase();
331
332 string == domain_string ||
333 (string.ends_with(domain_string) &&
334 string.as_bytes()[string.len() - domain_string.len() - 1] == b'.' &&
335 string.parse::<Ipv4Addr>().is_err() &&
336 string.parse::<Ipv6Addr>().is_err())
337 }
338
339 /// <http://tools.ietf.org/html/rfc6265#section-5.4> step 1
340 pub fn appropriate_for_url(&self, url: &ServoUrl, source: CookieSource) -> bool {
341 if log_enabled!(Level::Debug) {
342 debug!(
343 " === SENT COOKIE : {} {} {:?} {:?}",
344 self.cookie.name(),
345 self.cookie.value(),
346 self.cookie.domain(),
347 self.cookie.path()
348 );
349 }
350
351 let domain = url.host_str();
352 // Either: The cookie's host-only-flag is true and the canonicalized host of the
353 // retrieval's URI is identical to the cookie's domain
354 // Or: The cookie's host-only-flag is false and the canonicalized host of the
355 // retrieval's URI domain-matches the cookie's domain
356 if self.host_only {
357 if self.cookie.domain() != domain {
358 return false;
359 }
360 } else if let (Some(domain), Some(cookie_domain)) = (domain, &self.cookie.domain()) {
361 if !ServoCookie::domain_match(domain, cookie_domain) {
362 return false;
363 }
364 }
365
366 // The retrieval's URI's path path-matches the cookie's path.
367 if let Some(cookie_path) = self.cookie.path() {
368 if !ServoCookie::path_match(url.path(), cookie_path) {
369 return false;
370 }
371 }
372
373 // If the cookie's secure-only-flag is true, then the retrieval's URI must denote a "secure" connection
374 if self.cookie.secure().unwrap_or(false) && !url.is_secure_scheme() {
375 return false;
376 }
377
378 // If the cookie's http-only-flag is true, then exclude the cookie if the retrieval's type is "non-HTTP"
379 if self.cookie.http_only().unwrap_or(false) && source == CookieSource::NonHTTP {
380 return false;
381 }
382 // TODO: Apply same site checks
383 // TOOD: Apply Partitioning checks
384
385 true
386 }
387
388 /// <https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-20.html#name-dates>
389 pub fn parse_date(string: &str) -> Option<OffsetDateTime> {
390 let string_in_bytes = string.as_bytes();
391
392 // Helper closures
393 let parse_ascii_u8 =
394 |bytes: &[u8]| -> Option<u8> { std::str::from_utf8(bytes).ok()?.parse::<u8>().ok() };
395 let parse_ascii_i32 =
396 |bytes: &[u8]| -> Option<i32> { std::str::from_utf8(bytes).ok()?.parse::<i32>().ok() };
397
398 // Step 1. Using the grammar below, divide the cookie-date into date-tokens.
399 // *OCTET
400 let any_octets = |input| Ok(("".as_bytes(), input));
401 // delimiter = %x09 / %x20-2F / %x3B-40 / %x5B-60 / %x7B-7E
402 let delimiter: fn(&[u8]) -> IResult<&[u8], u8> = |input| {
403 let (input, bytes) = take(1usize)(input)?;
404 if matches!(bytes[0], 0x09 | 0x20..=0x2F | 0x3B..=0x40 | 0x5B..=0x60 | 0x7B..=0x7E) {
405 Ok((input, bytes[0]))
406 } else {
407 Err(nom::Err::Error(nom::error::Error::new(
408 input,
409 nom::error::ErrorKind::Verify,
410 )))
411 }
412 };
413 // non-delimiter = %x00-08 / %x0A-1F / DIGIT / ":" / ALPHA / %x7F-FF
414 let non_delimiter: fn(&[u8]) -> IResult<&[u8], u8> = |input| {
415 let (input, bytes) = take(1usize)(input)?;
416 if matches!(bytes[0],
417 0x00..=0x08 | 0x0A..=0x1F | b'0'..=b'9' | b':' | b'A'..=b'Z' | b'a'..=b'z' | 0x7F..=0xFF)
418 {
419 Ok((input, bytes[0]))
420 } else {
421 Err(nom::Err::Error(nom::error::Error::new(
422 input,
423 nom::error::ErrorKind::Verify,
424 )))
425 }
426 };
427 // non-digit = %x00-2F / %x3A-FF
428 let non_digit: fn(&[u8]) -> IResult<&[u8], u8> = |input| {
429 let (input, bytes) = take(1usize)(input)?;
430 if matches!(bytes[0], 0x00..=0x2F | 0x3A..=0xFF) {
431 Ok((input, bytes[0]))
432 } else {
433 Err(nom::Err::Error(nom::error::Error::new(
434 input,
435 nom::error::ErrorKind::Verify,
436 )))
437 }
438 };
439 // time-field = 1*2DIGIT
440 let time_field =
441 |input| take_while_m_n(1, 2, |byte: u8| byte.is_ascii_digit()).parse(input);
442 // hms-time = time-field ":" time-field ":" time-field
443 let hms_time = |input| {
444 (
445 time_field,
446 preceded(tag(":"), time_field),
447 preceded(tag(":"), time_field),
448 )
449 .parse(input)
450 };
451 // time = hms-time [ non-digit *OCTET ]
452 let time = |input| terminated(hms_time, opt((non_digit, any_octets))).parse(input);
453 // year = 2*4DIGIT [ non-digit *OCTET ]
454 let year = |input| {
455 terminated(
456 take_while_m_n(2, 4, |byte: u8| byte.is_ascii_digit()),
457 opt((non_digit, any_octets)),
458 )
459 .parse(input)
460 };
461 // month = ( "jan" / "feb" / "mar" / "apr" /
462 // "may" / "jun" / "jul" / "aug" /
463 // "sep" / "oct" / "nov" / "dec" ) *OCTET
464 let month = |input| {
465 terminated(
466 alt((
467 tag_no_case("jan"),
468 tag_no_case("feb"),
469 tag_no_case("mar"),
470 tag_no_case("apr"),
471 tag_no_case("may"),
472 tag_no_case("jun"),
473 tag_no_case("jul"),
474 tag_no_case("aug"),
475 tag_no_case("sep"),
476 tag_no_case("oct"),
477 tag_no_case("nov"),
478 tag_no_case("dec"),
479 )),
480 any_octets,
481 )
482 .parse(input)
483 };
484 // day-of-month = 1*2DIGIT [ non-digit *OCTET ]
485 let day_of_month = |input| {
486 terminated(
487 take_while_m_n(1, 2, |byte: u8| byte.is_ascii_digit()),
488 opt((non_digit, any_octets)),
489 )
490 .parse(input)
491 };
492 // date-token = 1*non-delimiter
493 let date_token = |input| recognize(many1(non_delimiter)).parse(input);
494 // date-token-list = date-token *( 1*delimiter date-token )
495 let date_token_list = |input| separated_list1(delimiter, date_token).parse(input);
496 // cookie-date = *delimiter date-token-list *delimiter
497 let cookie_date =
498 |input| delimited(many0(delimiter), date_token_list, many0(delimiter)).parse(input);
499
500 // Step 2. Process each date-token sequentially in the order the date-tokens appear in the cookie-date:
501 let mut time_value: Option<(u8, u8, u8)> = None; // Also represents found-time flag.
502 let mut day_of_month_value: Option<u8> = None; // Also represents found-day-of-month flag.
503 let mut month_value: Option<Month> = None; // Also represents found-month flag.
504 let mut year_value: Option<i32> = None; // Also represents found-year flag.
505
506 let (_, date_tokens) = cookie_date(string_in_bytes).ok()?;
507 for date_token in date_tokens {
508 // Step 2.1. If the found-time flag is not set and the token matches the time production,
509 if time_value.is_none() {
510 if let Ok((_, result)) = time(date_token) {
511 // set the found-time flag and set the hour-value, minute-value, and
512 // second-value to the numbers denoted by the digits in the date-token,
513 // respectively.
514 if let (Some(hour), Some(minute), Some(second)) = (
515 parse_ascii_u8(result.0),
516 parse_ascii_u8(result.1),
517 parse_ascii_u8(result.2),
518 ) {
519 time_value = Some((hour, minute, second));
520 }
521 // Skip the remaining sub-steps and continue to the next date-token.
522 continue;
523 }
524 }
525
526 // Step 2.2. If the found-day-of-month flag is not set and the date-token matches the
527 // day-of-month production,
528 if day_of_month_value.is_none() {
529 if let Ok((_, result)) = day_of_month(date_token) {
530 // set the found-day-of-month flag and set the day-of-month-value to the number
531 // denoted by the date-token.
532 day_of_month_value = parse_ascii_u8(result);
533 // Skip the remaining sub-steps and continue to the next date-token.
534 continue;
535 }
536 }
537
538 // Step 2.3. If the found-month flag is not set and the date-token matches the month production,
539 if month_value.is_none() {
540 if let Ok((_, result)) = month(date_token) {
541 // set the found-month flag and set the month-value to the month denoted by the date-token.
542 month_value = match std::str::from_utf8(result)
543 .unwrap()
544 .to_ascii_lowercase()
545 .as_str()
546 {
547 "jan" => Some(Month::January),
548 "feb" => Some(Month::February),
549 "mar" => Some(Month::March),
550 "apr" => Some(Month::April),
551 "may" => Some(Month::May),
552 "jun" => Some(Month::June),
553 "jul" => Some(Month::July),
554 "aug" => Some(Month::August),
555 "sep" => Some(Month::September),
556 "oct" => Some(Month::October),
557 "nov" => Some(Month::November),
558 "dec" => Some(Month::December),
559 _ => None,
560 };
561 // Skip the remaining sub-steps and continue to the next date-token.
562 continue;
563 }
564 }
565
566 // Step 2.4. If the found-year flag is not set and the date-token matches the year production,
567 if year_value.is_none() {
568 if let Ok((_, result)) = year(date_token) {
569 // set the found-year flag and set the year-value to the number denoted by the date-token.
570 year_value = parse_ascii_i32(result);
571 // Skip the remaining sub-steps and continue to the next date-token.
572 continue;
573 }
574 }
575 }
576
577 // Step 3. If the year-value is greater than or equal to 70 and less than or equal to 99,
578 // increment the year-value by 1900.
579 if let Some(value) = year_value {
580 if (70..=99).contains(&value) {
581 year_value = Some(value + 1900);
582 }
583 }
584
585 // Step 4. If the year-value is greater than or equal to 0 and less than or equal to 69,
586 // increment the year-value by 2000.
587 if let Some(value) = year_value {
588 if (0..=69).contains(&value) {
589 year_value = Some(value + 2000);
590 }
591 }
592
593 // Step 5. Abort these steps and fail to parse the cookie-date if:
594 // * at least one of the found-day-of-month, found-month, found-year, or found-time flags is not set,
595 if day_of_month_value.is_none() ||
596 month_value.is_none() ||
597 year_value.is_none() ||
598 time_value.is_none()
599 {
600 return None;
601 }
602 // * the day-of-month-value is less than 1 or greater than 31,
603 if let Some(value) = day_of_month_value {
604 if !(1..=31).contains(&value) {
605 return None;
606 }
607 }
608 // * the year-value is less than 1601,
609 if let Some(value) = year_value {
610 if value < 1601 {
611 return None;
612 }
613 }
614 // * the hour-value is greater than 23,
615 // * the minute-value is greater than 59, or
616 // * the second-value is greater than 59.
617 if let Some((hour_value, minute_value, second_value)) = time_value {
618 if hour_value > 23 || minute_value > 59 || second_value > 59 {
619 return None;
620 }
621 }
622
623 // Step 6. Let the parsed-cookie-date be the date whose day-of-month, month, year, hour,
624 // minute, and second (in UTC) are the day-of-month-value, the month-value, the year-value,
625 // the hour-value, the minute-value, and the second-value, respectively. If no such date
626 // exists, abort these steps and fail to parse the cookie-date.
627 let parsed_cookie_date = OffsetDateTime::new_utc(
628 Date::from_calendar_date(
629 year_value.unwrap(),
630 month_value.unwrap(),
631 day_of_month_value.unwrap(),
632 )
633 .ok()?,
634 Time::from_hms(
635 time_value.unwrap().0,
636 time_value.unwrap().1,
637 time_value.unwrap().2,
638 )
639 .ok()?,
640 );
641
642 // Step 7. Return the parsed-cookie-date as the result of this algorithm.
643 Some(parsed_cookie_date)
644 }
645
646 /// Returns true if the slice only contains bytes that are safe to use in cookie strings.
647 /// Rejects 0x7f, and values < 0x1f except 0x09
648 /// <https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-15.html#section-5.6-6>
649 pub fn is_valid_name_or_value(bytes: &[u8]) -> bool {
650 !bytes
651 .iter()
652 .any(|c| *c == 0x7f || (*c <= 0x1f && *c != 0x09))
653 }
654}