8027687: The constructors of URLPermission class do not behave as described in javad
Reviewed-by: chegar, mduigou
diff --git a/src/share/classes/java/net/HostPortrange.java b/src/share/classes/java/net/HostPortrange.java
index fc5e3d9..3c924d8 100644
--- a/src/share/classes/java/net/HostPortrange.java
+++ b/src/share/classes/java/net/HostPortrange.java
@@ -114,7 +114,7 @@
if (hoststr.equals("*")) {
hoststr = "";
} else if (hoststr.startsWith("*.")) {
- hoststr = hoststr.substring(1).toLowerCase(); // leave the '.' ?
+ hoststr = toLowerCase(hoststr.substring(1));
} else {
throw new IllegalArgumentException("invalid host wildcard specification");
}
@@ -147,7 +147,7 @@
hoststr = sb.toString();
} else {
// regular domain name
- hoststr = hoststr.toLowerCase();
+ hoststr = toLowerCase(hoststr);
}
}
}
@@ -161,6 +161,38 @@
}
}
+ static final int CASE_DIFF = 'A' - 'a';
+
+ /**
+ * Convert to lower case, and check that all chars are ascii
+ * alphanumeric, '-' or '.' only.
+ */
+ static String toLowerCase(String s) {
+ int len = s.length();
+ StringBuilder sb = null;
+
+ for (int i=0; i<len; i++) {
+ char c = s.charAt(i);
+ if ((c >= 'a' && c <= 'z') || (c == '.')) {
+ if (sb != null)
+ sb.append(c);
+ } else if ((c >= '0' && c <= '9') || (c == '-')) {
+ if (sb != null)
+ sb.append(c);
+ } else if (c >= 'A' && c <= 'Z') {
+ if (sb == null) {
+ sb = new StringBuilder(len);
+ sb.append(s, 0, i);
+ }
+ sb.append((char)(c - CASE_DIFF));
+ } else {
+ throw new IllegalArgumentException("Invalid characters in hostname");
+ }
+ }
+ return sb == null ? s : sb.toString();
+ }
+
+
public boolean literal() {
return literal;
}
diff --git a/src/share/classes/java/net/URLPermission.java b/src/share/classes/java/net/URLPermission.java
index 7ad56a1..13472a9 100644
--- a/src/share/classes/java/net/URLPermission.java
+++ b/src/share/classes/java/net/URLPermission.java
@@ -426,7 +426,10 @@
this.ssp = url.substring(delim + 1);
if (!ssp.startsWith("//")) {
- this.authority = new Authority(scheme, ssp.toLowerCase());
+ if (!ssp.equals("*")) {
+ throw new IllegalArgumentException("invalid URL string");
+ }
+ this.authority = new Authority(scheme, "*");
return;
}
String authpath = ssp.substring(2);
diff --git a/test/java/net/URLPermission/URLPermissionTest.java b/test/java/net/URLPermission/URLPermissionTest.java
index 3bf862b..948e9da 100644
--- a/test/java/net/URLPermission/URLPermissionTest.java
+++ b/test/java/net/URLPermission/URLPermissionTest.java
@@ -186,6 +186,14 @@
imtest("http:*", "https://www.foo.com/a/b/c", false),
imtest("http:*", "http://www.foo.com/a/b/c", true),
imtest("http:*", "http://foo/bar", true),
+ imtest("http://WWW.foO.cOM/a/b/*", "http://wwW.foo.com/a/b/c", true),
+ imtest("http://wWw.fOo.cOm/a/b/*", "http://Www.foo.com/a/b/*", true),
+ imtest("http://www.FOO.com/", "http://www.foo.COM/", true),
+ imtest("http://66ww-w.F-O012O.com/", "http://66ww-w.f-o012o.COM/",true),
+ imtest("http://xn--ire-9la.com/", "http://xn--ire-9la.COM/", true),
+ imtest("http://x/", "http://X/", true),
+ imtest("http://x/", "http://x/", true),
+ imtest("http://X/", "http://X/", true),
imtest("http://foo/bar", "https://foo/bar", false)
};
@@ -194,9 +202,12 @@
static Test[] exceptionTests = {
extest("http://1.2.3.4.5/a/b/c"),
extest("http://www.*.com"),
- //extest("http://www.foo.com:1-X"),
extest("http://[foo.com]:99"),
extest("http://[fec0::X]:99"),
+ extest("http:\\www.foo.com"),
+ extest("http://w_09ww.foo.com"),
+ extest("http://w&09ww.foo.com/p"),
+ extest("http://www+foo.com"),
extest("http:")
};