Fix IPv6 handling for cookies (square#3564)

Author: swankjesse

okhttp-tests/src/test/java/okhttp3/CookieTest.java

@@ -267,6 +267,35 @@ public final class CookieTest {
     assertEquals("123.45.234.56", Cookie.parse(urlWithIp, "a=b; domain=123.45.234.56").domain());
   }
 
+  @Test public void domainMatchesIpv6Address() throws Exception {
+    Cookie cookie = Cookie.parse(HttpUrl.parse("http://[::1]/"), "a=b; domain=::1");
+    assertEquals("::1", cookie.domain());
+    assertTrue(cookie.matches(HttpUrl.parse("http://[::1]/")));
+  }
+
+  @Test public void domainMatchesIpv6AddressWithCompression() throws Exception {
+    Cookie cookie = Cookie.parse(HttpUrl.parse("http://[0001:0000::]/"), "a=b; domain=0001:0000::");
+    assertEquals("1::", cookie.domain());
+    assertTrue(cookie.matches(HttpUrl.parse("http://[1::]/")));
+  }
+
+  @Test public void domainMatchesIpv6AddressWithIpv4Suffix() throws Exception {
+    Cookie cookie = Cookie.parse(
+        HttpUrl.parse("http://[::1:ffff:ffff]/"), "a=b; domain=::1:255.255.255.255");
+    assertEquals("::1:ffff:ffff", cookie.domain());
+    assertTrue(cookie.matches(HttpUrl.parse("http://[::1:ffff:ffff]/")));
+  }
+
+  @Test public void ipv6AddressDoesntMatch() throws Exception {
+    Cookie cookie = Cookie.parse(HttpUrl.parse("http://[::1]/"), "a=b; domain=::2");
+    assertNull(cookie);
+  }
+
+  @Test public void ipv6AddressMalformed() throws Exception {
+    Cookie cookie = Cookie.parse(HttpUrl.parse("http://[::1]/"), "a=b; domain=::2::2");
+    assertEquals("::1", cookie.domain());
+  }
+
   /**
    * These public suffixes were selected by inspecting the publicsuffix.org list. It's possible they
    * may change in the future. If this test begins to fail, please double check they are still
@@ -507,6 +536,15 @@ public final class CookieTest {
     assertEquals(true, cookie.httpOnly());
   }
 
+  @Test public void builderIpv6() throws Exception {
+    Cookie cookie = new Cookie.Builder()
+        .name("a")
+        .value("b")
+        .domain("0:0:0:0:0:0:0:1")
+        .build();
+    assertEquals("::1", cookie.domain());
+  }
+
   @Test public void equalsAndHashCode() throws Exception {
     List<String> cookieStrings = Arrays.asList(
         "a=b; Path=/c; Domain=example.com; Max-Age=5; Secure; HttpOnly",

okhttp-tests/src/test/java/okhttp3/internal/publicsuffix/PublicSuffixDatabaseTest.java

@@ -17,7 +17,6 @@
 
 import java.io.IOException;
 import java.io.InputStream;
-import java.io.InterruptedIOException;
 import okhttp3.internal.Util;
 import okio.Buffer;
 import okio.BufferedSource;
@@ -272,14 +271,14 @@ private void checkPublicSuffix(String domain, String registrablePart) {
       return;
     }
 
-    String canonicalDomain = Util.domainToAscii(domain);
+    String canonicalDomain = Util.canonicalizeHost(domain);
     if (canonicalDomain == null) return;
 
     String result = publicSuffixDatabase.getEffectiveTldPlusOne(canonicalDomain);
     if (registrablePart == null) {
       assertNull(result);
     } else {
-      assertEquals(Util.domainToAscii(registrablePart), result);
+      assertEquals(Util.canonicalizeHost(registrablePart), result);
     }
   }
 }

okhttp/src/main/java/okhttp3/Cookie.java

@@ -30,8 +30,8 @@
 import okhttp3.internal.publicsuffix.PublicSuffixDatabase;
 
 import static okhttp3.internal.Util.UTC;
+import static okhttp3.internal.Util.canonicalizeHost;
 import static okhttp3.internal.Util.delimiterOffset;
-import static okhttp3.internal.Util.domainToAscii;
 import static okhttp3.internal.Util.indexOfControlOrNonAscii;
 import static okhttp3.internal.Util.trimSubstring;
 import static okhttp3.internal.Util.verifyAsIpAddress;
@@ -429,7 +429,7 @@ private static String parseDomain(String s) {
     if (s.startsWith(".")) {
       s = s.substring(1);
     }
-    String canonicalDomain = domainToAscii(s);
+    String canonicalDomain = canonicalizeHost(s);
     if (canonicalDomain == null) {
       throw new IllegalArgumentException();
     }
@@ -508,7 +508,7 @@ public Builder hostOnlyDomain(String domain) {
 
     private Builder domain(String domain, boolean hostOnly) {
       if (domain == null) throw new NullPointerException("domain == null");
-      String canonicalDomain = Util.domainToAscii(domain);
+      String canonicalDomain = Util.canonicalizeHost(domain);
       if (canonicalDomain == null) {
         throw new IllegalArgumentException("unexpected domain: " + domain);
       }

okhttp/src/main/java/okhttp3/HttpUrl.java

@@ -23,7 +23,6 @@
 import java.net.UnknownHostException;
 import java.nio.charset.Charset;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.LinkedHashSet;
 import java.util.List;
@@ -33,8 +32,8 @@
 import okhttp3.internal.publicsuffix.PublicSuffixDatabase;
 import okio.Buffer;
 
+import static okhttp3.internal.Util.decodeHexDigit;
 import static okhttp3.internal.Util.delimiterOffset;
-import static okhttp3.internal.Util.domainToAscii;
 import static okhttp3.internal.Util.skipLeadingAsciiWhitespace;
 import static okhttp3.internal.Util.skipTrailingAsciiWhitespace;
 import static okhttp3.internal.Util.verifyAsIpAddress;
@@ -1589,162 +1588,7 @@ private static String canonicalizeHost(String input, int pos, int limit) {
       // Start by percent decoding the host. The WHATWG spec suggests doing this only after we've
       // checked for IPv6 square braces. But Chrome does it first, and that's more lenient.
       String percentDecoded = percentDecode(input, pos, limit, false);
-
-      // If the input contains a :, it’s an IPv6 address.
-      if (percentDecoded.contains(":")) {
-        // If the input is encased in square braces "[...]", drop 'em.
-        InetAddress inetAddress = percentDecoded.startsWith("[") && percentDecoded.endsWith("]")
-            ? decodeIpv6(percentDecoded, 1, percentDecoded.length() - 1)
-            : decodeIpv6(percentDecoded, 0, percentDecoded.length());
-        if (inetAddress == null) return null;
-        byte[] address = inetAddress.getAddress();
-        if (address.length == 16) return inet6AddressToAscii(address);
-        throw new AssertionError("Invalid IPv6 address: '" + percentDecoded + "'");
-      }
-
-      return domainToAscii(percentDecoded);
-    }
-
-    /** Decodes an IPv6 address like 1111:2222:3333:4444:5555:6666:7777:8888 or ::1. */
-    private static @Nullable InetAddress decodeIpv6(String input, int pos, int limit) {
-      byte[] address = new byte[16];
-      int b = 0;
-      int compress = -1;
-      int groupOffset = -1;
-
-      for (int i = pos; i < limit; ) {
-        if (b == address.length) return null; // Too many groups.
-
-        // Read a delimiter.
-        if (i + 2 <= limit && input.regionMatches(i, "::", 0, 2)) {
-          // Compression "::" delimiter, which is anywhere in the input, including its prefix.
-          if (compress != -1) return null; // Multiple "::" delimiters.
-          i += 2;
-          b += 2;
-          compress = b;
-          if (i == limit) break;
-        } else if (b != 0) {
-          // Group separator ":" delimiter.
-          if (input.regionMatches(i, ":", 0, 1)) {
-            i++;
-          } else if (input.regionMatches(i, ".", 0, 1)) {
-            // If we see a '.', rewind to the beginning of the previous group and parse as IPv4.
-            if (!decodeIpv4Suffix(input, groupOffset, limit, address, b - 2)) return null;
-            b += 2; // We rewound two bytes and then added four.
-            break;
-          } else {
-            return null; // Wrong delimiter.
-          }
-        }
-
-        // Read a group, one to four hex digits.
-        int value = 0;
-        groupOffset = i;
-        for (; i < limit; i++) {
-          char c = input.charAt(i);
-          int hexDigit = decodeHexDigit(c);
-          if (hexDigit == -1) break;
-          value = (value << 4) + hexDigit;
-        }
-        int groupLength = i - groupOffset;
-        if (groupLength == 0 || groupLength > 4) return null; // Group is the wrong size.
-
-        // We've successfully read a group. Assign its value to our byte array.
-        address[b++] = (byte) ((value >>> 8) & 0xff);
-        address[b++] = (byte) (value & 0xff);
-      }
-
-      // All done. If compression happened, we need to move bytes to the right place in the
-      // address. Here's a sample:
-      //
-      //      input: "1111:2222:3333::7777:8888"
-      //     before: { 11, 11, 22, 22, 33, 33, 00, 00, 77, 77, 88, 88, 00, 00, 00, 00  }
-      //   compress: 6
-      //          b: 10
-      //      after: { 11, 11, 22, 22, 33, 33, 00, 00, 00, 00, 00, 00, 77, 77, 88, 88 }
-      //
-      if (b != address.length) {
-        if (compress == -1) return null; // Address didn't have compression or enough groups.
-        System.arraycopy(address, compress, address, address.length - (b - compress), b - compress);
-        Arrays.fill(address, compress, compress + (address.length - b), (byte) 0);
-      }
-
-      try {
-        return InetAddress.getByAddress(address);
-      } catch (UnknownHostException e) {
-        throw new AssertionError();
-      }
-    }
-
-    /** Decodes an IPv4 address suffix of an IPv6 address, like 1111::5555:6666:192.168.0.1. */
-    private static boolean decodeIpv4Suffix(
-        String input, int pos, int limit, byte[] address, int addressOffset) {
-      int b = addressOffset;
-
-      for (int i = pos; i < limit; ) {
-        if (b == address.length) return false; // Too many groups.
-
-        // Read a delimiter.
-        if (b != addressOffset) {
-          if (input.charAt(i) != '.') return false; // Wrong delimiter.
-          i++;
-        }
-
-        // Read 1 or more decimal digits for a value in 0..255.
-        int value = 0;
-        int groupOffset = i;
-        for (; i < limit; i++) {
-          char c = input.charAt(i);
-          if (c < '0' || c > '9') break;
-          if (value == 0 && groupOffset != i) return false; // Reject unnecessary leading '0's.
-          value = (value * 10) + c - '0';
-          if (value > 255) return false; // Value out of range.
-        }
-        int groupLength = i - groupOffset;
-        if (groupLength == 0) return false; // No digits.
-
-        // We've successfully read a byte.
-        address[b++] = (byte) value;
-      }
-
-      if (b != addressOffset + 4) return false; // Too few groups. We wanted exactly four.
-      return true; // Success.
-    }
-
-    /** Encodes an IPv6 address in canonical form according to RFC 5952. */
-    private static String inet6AddressToAscii(byte[] address) {
-      // Go through the address looking for the longest run of 0s. Each group is 2-bytes.
-      // A run must be longer than one group (section 4.2.2).
-      // If there are multiple equal runs, the first one must be used (section 4.2.3).
-      int longestRunOffset = -1;
-      int longestRunLength = 0;
-      for (int i = 0; i < address.length; i += 2) {
-        int currentRunOffset = i;
-        while (i < 16 && address[i] == 0 && address[i + 1] == 0) {
-          i += 2;
-        }
-        int currentRunLength = i - currentRunOffset;
-        if (currentRunLength > longestRunLength && currentRunLength >= 4) {
-          longestRunOffset = currentRunOffset;
-          longestRunLength = currentRunLength;
-        }
-      }
-
-      // Emit each 2-byte group in hex, separated by ':'. The longest run of zeroes is "::".
-      Buffer result = new Buffer();
-      for (int i = 0; i < address.length; ) {
-        if (i == longestRunOffset) {
-          result.writeByte(':');
-          i += longestRunLength;
-          if (i == 16) result.writeByte(':');
-        } else {
-          if (i > 0) result.writeByte(':');
-          int group = (address[i] & 0xff) << 8 | address[i + 1] & 0xff;
-          result.writeHexadecimalUnsignedLong(group);
-          i += 2;
-        }
-      }
-      return result.readUtf8();
+      return Util.canonicalizeHost(percentDecoded);
     }
 
     private static int parsePort(String input, int pos, int limit) {
@@ -1817,13 +1661,6 @@ && decodeHexDigit(encoded.charAt(pos + 1)) != -1
         && decodeHexDigit(encoded.charAt(pos + 2)) != -1;
   }
 
-  static int decodeHexDigit(char c) {
-    if (c >= '0' && c <= '9') return c - '0';
-    if (c >= 'a' && c <= 'f') return c - 'a' + 10;
-    if (c >= 'A' && c <= 'F') return c - 'A' + 10;
-    return -1;
-  }
-
   /**
    * Returns a substring of {@code input} on the range {@code [pos..limit)} with the following
    * transformations: