HstsSuperCookieNewIDServlet.java

package servlets.hstsSuperCookie;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet implementation class HSTSServlet
 */
public class HstsSuperCookieNewIDServlet extends HttpServlet {
	private static final long serialVersionUID = 1L;

	private Pattern domainRegexPattern;
	private Pattern pathRegexPattern;
	
	/**
	 * @see HttpServlet#HttpServlet()
	 */
	public HstsSuperCookieNewIDServlet() {
		super();
		this.domainRegexPattern = Pattern.compile("^hsts(\\d+).browserprint.info$");
		this.pathRegexPattern = Pattern.compile("^/hstsSuperCookie/newID/([01]{" + HstsSuperCookieStartServlet.ID_LENGTH + "})(:?;jsessionid=.*)?$");
	}

	/**
	 * Serves requests for hsts[1 to ID_LENGTH].browserprint.info/hstsSuperCookie/newID/*
	 * This script applies an given ID to a new client one bit at a time.
	 * 
	 * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		int subdomainNumber;
		{
			String subdomain = request.getServerName();
			Matcher domainRegexMatcher = domainRegexPattern.matcher(subdomain);
			if(domainRegexMatcher.matches() == false){
				System.err.println("HstsSuperCookieNewIDServlet: Invalid subdomain <" + subdomain + ">.");
				response.sendError(404);
				return;
			}
			subdomainNumber = Integer.parseInt(domainRegexMatcher.group(1));
		}
		int subdomainGroup = (subdomainNumber - 1) / HstsSuperCookieStartServlet.ID_LENGTH + 1;//1,2,3,4 = 1; 5,6,7,8 = 2; ...
		int subdomainGroupIndex = (subdomainNumber - 1) % HstsSuperCookieStartServlet.ID_LENGTH + 1;//1 = 1; 2 = 2; 3 = 3; 4 = 4; 5 = 1
		
		Matcher pathRegexMatcher = pathRegexPattern.matcher(request.getRequestURI());
		if(pathRegexMatcher.matches() == false){
			System.err.println("HstsSuperCookieNewIDServlet: Invalid path. Must contain valid ID. Path = <" + request.getRequestURI() + ">.");
			response.sendError(404);
			return;
		}
		
		String id = pathRegexMatcher.group(1);
		if(id.charAt(subdomainGroupIndex - 1) == '1'){
			//Enable HSTS so next time the client visits contacts this subdomain it will be using HTTPS.
			response.setHeader("Strict-Transport-Security", "max-age=31622400");
		}
		/*else{//Bit is 0, so don't do anything
		}*/
		
		if(subdomainGroupIndex < HstsSuperCookieStartServlet.ID_LENGTH){
			//Redirect the client to the next subdomain in the chain.
			response.sendRedirect("https://hsts" + (subdomainNumber + 1) + "." + getServletContext().getInitParameter("websiteBaseURL") + response.encodeRedirectURL("/hstsSuperCookie/newID/" + id));
			return;
		}
		else{//subdomainGroupIndex == HstsSuperCookieStartServlet.ID_LENGTH
			//This is the last subdomain in the ID assignment chain, redirect the client for ID extraction.
			response.sendRedirect("https://hsts0." + getServletContext().getInitParameter("websiteBaseURL") + response.encodeRedirectURL("/hstsSuperCookie/midpoint/" + subdomainGroup));
			return;
		}
	}

	/**
	 * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
	 */
	protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
		doGet(request, response);
	}
}