8029354: URLPermission.<init> throws llegalArgumentException: Invalid characters in hostname

Reviewed-by: alanb, chegar

src/share/classes/java/net/URLPermission.java

@@ -47,7 +47,7 @@ import java.security.Permission;
  * class.
  * <i>authority</i> is specified as:
  * <pre>
- *     authority = hostrange [ : portrange ]
+ *     authority = [ userinfo @ ] hostrange [ : portrange ]
  *     portrange = portnumber | -portnumber | portnumber-[portnumber] | *
  *     hostrange = ([*.] dnsname) | IPv4address | IPv6address
  * </pre>
@@ -65,6 +65,9 @@ import java.security.Permission;
  * (default 443). No default is assumed for other schemes. A wildcard may be specified
  * which means all ports.
  * <p>
+ * <i>userinfo</i> is optional. A userinfo component if present, is ignored when
+ * creating a URLPermission, and has no effect on any other methods defined by this class.
+ * <p>
  * The <i>path</i> component comprises a sequence of path segments,
  * separated by '/' characters. <i>path</i> may also be empty. The path is specified
  * in a similar way to the path in {@link java.io.FilePermission}. There are
@@ -473,7 +476,12 @@ public final class URLPermission extends Permission {
         HostPortrange p;
 
         Authority(String scheme, String authority) {
-            p = new HostPortrange(scheme, authority);
+            int at = authority.indexOf('@');
+            if (at == -1) {
+                    p = new HostPortrange(scheme, authority);
+            } else {
+                    p = new HostPortrange(scheme, authority.substring(at+1));
+            }
         }
 
         boolean implies(Authority other) {

test/java/net/URLPermission/OpenURL.java

+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8029354
+ * @run main/othervm OpenURL
+ */
+
+import java.net.*;
+import java.io.*;
+
+public class OpenURL {
+
+    public static void main (String[] args) throws Exception {
+
+        System.setSecurityManager(new SecurityManager());
+
+        try {
+            URL url = new URL ("http://joe@127.0.0.1/a/b");
+            HttpURLConnection urlc = (HttpURLConnection)url.openConnection();
+            InputStream is = urlc.getInputStream();
+            // error will throw exception other than SecurityException
+        } catch (SecurityException e) {
+            System.out.println("OK");
+        }
+    }
+}

test/java/net/URLPermission/URLPermissionTest.java

@@ -26,7 +26,7 @@ import java.io.*;
 
 /**
  * @test
- * @bug 8010464 8027570 8027687
+ * @bug 8010464 8027570 8027687 8029354
  */
 
 public class URLPermissionTest {
@@ -37,7 +37,30 @@ public class URLPermissionTest {
         abstract boolean execute();
     };
 
+    // Instantiation: should succeed
+    static class CreateTest extends Test {
+        String arg;
+        CreateTest(String arg) {
+            this.arg = arg;
+        }
+
+        @Override
+        boolean execute() {
+            try {
+                URLPermission p = new URLPermission(arg);
+                return true;
+            } catch (Exception e) {
+                return false;
+            }
+        }
+    };
+
+    static CreateTest createtest(String arg) {
+        return new CreateTest(arg);
+    }
+
     // Should throw an IAE on construction
+
     static class ExTest extends Test {
         String arg;
         ExTest(String arg) {
@@ -262,6 +285,7 @@ public class URLPermissionTest {
         imtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true),
         imtest("https://www.foo.com:200-500/a/b", "https://www.foo.com/a/b", true),
         imtest("http://www.foo.com:*/a/b", "http://www.foo.com:1-12345/a/b", true),
+        imtest("http://host/a/b", "http://HOST/a/b", true),
 
         // misc
         imtest("https:*", "http://www.foo.com", false),
@@ -297,6 +321,16 @@ public class URLPermissionTest {
         eqtest("http://www.foo.com/a/b", "http://www.foo.com:82/a/b", false),
         eqtest("https://www.foo.com/a/b", "https://www.foo.com:443/a/b", true),
         eqtest("https://www.foo.com/a/b", "https://www.foo.com:444/a/b", false),
+        eqtest("http://michael@foo.com/bar","http://michael@foo.com/bar", true),
+        eqtest("http://Michael@foo.com/bar","http://michael@goo.com/bar",false),
+        eqtest("http://michael@foo.com/bar","http://george@foo.com/bar", true),
+        eqtest("http://@foo.com/bar","http://foo.com/bar", true)
+    };
+
+    static Test[] createTests = {
+        createtest("http://user@foo.com/a/b/c"),
+        createtest("http://user:pass@foo.com/a/b/c"),
+        createtest("http://user:@foo.com/a/b/c")
     };
 
     static boolean failed = false;
@@ -386,6 +420,17 @@ public class URLPermissionTest {
             }
         }
 
+        for (int i=0; i<createTests.length; i++) {
+            CreateTest test = (CreateTest)createTests[i];
+            boolean result = test.execute();
+            if (!result) {
+                System.out.println ("test failed: " + test.arg);
+                failed = true;
+            } else {
+                System.out.println ("create test " + i + " OK");
+            }
+        }
+
         for (int i=0; i<actionImplies.length ; i++) {
             ActionImpliesTest test = (ActionImpliesTest)actionImplies[i];
             Exception caught = null;