8027687: The constructors of URLPermission class do not behave as described in javad

Reviewed-by: chegar, mduigou

src/share/classes/java/net/HostPortrange.java

@@ -114,7 +114,7 @@ class HostPortrange {
                 if (hoststr.equals("*")) {
                     hoststr = "";
                 } else if (hoststr.startsWith("*.")) {
-                    hoststr = hoststr.substring(1).toLowerCase(); // leave the '.' ?
+                    hoststr = toLowerCase(hoststr.substring(1));
                 } else {
                     throw new IllegalArgumentException("invalid host wildcard specification");
                 }
@@ -147,7 +147,7 @@ class HostPortrange {
                         hoststr = sb.toString();
                     } else {
                         // regular domain name
-                        hoststr = hoststr.toLowerCase();
+                        hoststr = toLowerCase(hoststr);
                     }
                 }
             }
@@ -161,6 +161,38 @@ class HostPortrange {
         }
     }
 
+    static final int CASE_DIFF = 'A' - 'a';
+
+    /**
+     * Convert to lower case, and check that all chars are ascii
+     * alphanumeric, '-' or '.' only.
+     */
+    static String toLowerCase(String s) {
+        int len = s.length();
+        StringBuilder sb = null;
+
+        for (int i=0; i<len; i++) {
+            char c = s.charAt(i);
+            if ((c >= 'a' && c <= 'z') || (c == '.')) {
+                if (sb != null)
+                    sb.append(c);
+            } else if ((c >= '0' && c <= '9') || (c == '-')) {
+                if (sb != null)
+                    sb.append(c);
+            } else if (c >= 'A' && c <= 'Z') {
+                if (sb == null) {
+                    sb = new StringBuilder(len);
+                    sb.append(s, 0, i);
+                }
+                sb.append((char)(c - CASE_DIFF));
+            } else {
+                throw new IllegalArgumentException("Invalid characters in hostname");
+            }
+        }
+        return sb == null ? s : sb.toString();
+    }
+
+
     public boolean literal() {
         return literal;
     }

src/share/classes/java/net/URLPermission.java

@@ -426,7 +426,10 @@ public final class URLPermission extends Permission {
         this.ssp = url.substring(delim + 1);
 
         if (!ssp.startsWith("//")) {
-            this.authority = new Authority(scheme, ssp.toLowerCase());
+            if (!ssp.equals("*")) {
+                throw new IllegalArgumentException("invalid URL string");
+            }
+            this.authority = new Authority(scheme, "*");
             return;
         }
         String authpath = ssp.substring(2);

test/java/net/URLPermission/URLPermissionTest.java

@@ -186,6 +186,14 @@ public class URLPermissionTest {
         imtest("http:*", "https://www.foo.com/a/b/c", false),
         imtest("http:*", "http://www.foo.com/a/b/c", true),
         imtest("http:*", "http://foo/bar", true),
+        imtest("http://WWW.foO.cOM/a/b/*", "http://wwW.foo.com/a/b/c", true),
+        imtest("http://wWw.fOo.cOm/a/b/*", "http://Www.foo.com/a/b/*", true),
+        imtest("http://www.FOO.com/", "http://www.foo.COM/", true),
+        imtest("http://66ww-w.F-O012O.com/", "http://66ww-w.f-o012o.COM/",true),
+        imtest("http://xn--ire-9la.com/", "http://xn--ire-9la.COM/", true),
+        imtest("http://x/", "http://X/", true),
+        imtest("http://x/", "http://x/", true),
+        imtest("http://X/", "http://X/", true),
         imtest("http://foo/bar", "https://foo/bar", false)
     };
 
@@ -194,9 +202,12 @@ public class URLPermissionTest {
     static Test[] exceptionTests = {
         extest("http://1.2.3.4.5/a/b/c"),
         extest("http://www.*.com"),
-        //extest("http://www.foo.com:1-X"),
         extest("http://[foo.com]:99"),
         extest("http://[fec0::X]:99"),
+        extest("http:\\www.foo.com"),
+        extest("http://w_09ww.foo.com"),
+        extest("http://w&09ww.foo.com/p"),
+        extest("http://www+foo.com"),
         extest("http:")
     };