/** * 检测传入的URL是否在白名单的域名里 * url:需要检测的URL * urlWList: 一级域名的域名列表,比如String[] urlWList = {"joychou.com", "joychou.me"}; * 返回值:合法URL返回true,非法URL返回false */ public static Boolean checkUrlWlist(String url, String[] urlWList) { try { URL u = new URL(url); // 只允许http和https的协议 if (!u.getProtocol().startsWith("http") && !u.getProtocol().startsWith("https")) { return false; } // 获取域名,并转为小写 String host = u.getHost().toLowerCase(); // 获取一级域名 String rootDomain = InternetDomainName.from(host).topPrivateDomain().toString(); for (String whiteUrl: urlWList){ if (rootDomain.equals(whiteUrl)) { return true; } } return false; } catch (Exception e) { return false; } }
/** */ private Authority( Optional<String> userName, Optional<String> password, Optional<Object> host, int portOrNegOne, IDNA.Info info) { if (host.isPresent()) { Object hostObj = host.get(); Preconditions.checkArgument( hostObj instanceof InternetDomainName || hostObj instanceof Inet4Address || hostObj instanceof Inet6Address, "Invalid host", hostObj); } this.userName = userName; this.password = password; this.host = host; this.portOrNegOne = portOrNegOne; this.info = info; }
HostGlob(String globPattern) { int left = 0; int right = globPattern.length(); this.anySubdomain = globPattern.startsWith("**."); if (anySubdomain) { left += 3; this.aSubdomain = false; } else { this.aSubdomain = globPattern.startsWith("*."); if (this.aSubdomain) { left += 2; } } this.anyPublicSuffix = globPattern.endsWith(".*"); if (this.anyPublicSuffix) { right = Math.max(right - 2, left); } if (left == right) { this.middleParts = ImmutableList.of(); } else { this.middleParts = InternetDomainName.from(globPattern.substring(left, right)).parts(); } }
@Test public void testOneHost() { runCommonTestsWith( AuthorityClassifiers.builder() .host("example.com") .build(), "//example.com/", "blob:https://example.com/uuid", "http://example.com:80/", "http://example.com:8000/", "//example.com.:/" ); runCommonTestsWith( AuthorityClassifiers.builder() .host(InternetDomainName.from("example.com")) .build(), "//example.com/", "blob:https://example.com/uuid", "http://example.com:80/", "http://example.com:8000/", "//example.com.:/" ); }
/** * Return the {@link DomainResource} this host is subordinate to, or absent for out of zone * hosts. * * <p>We use this instead of {@link HostFlowUtils#lookupSuperordinateDomain} because we don't * want to use the EPP exception classes for the case when the superordinate domain doesn't * exist or isn't active. * * @throws IllegalStateException for hosts without superordinate domains */ private static Optional<DomainResource> lookupSuperordinateDomain( InternetDomainName hostName, DateTime now) { Optional<InternetDomainName> tld = findTldForName(hostName); // out of zone hosts cannot be linked if (!tld.isPresent()) { return Optional.empty(); } // This is a subordinate host String domainName = hostName .parts() .stream() .skip(hostName.parts().size() - (tld.get().parts().size() + 1)) .collect(joining(".")); DomainResource superordinateDomain = loadByForeignKey(DomainResource.class, domainName, now); // Hosts can't be linked if domains import hasn't been run checkState( superordinateDomain != null, "Superordinate domain does not exist: %s", domainName); return Optional.of(superordinateDomain); }
@Override public DomainPrices getDomainPrices(String fullyQualifiedDomainName, DateTime priceTime) { String tld = getTldFromDomainName(fullyQualifiedDomainName); String label = InternetDomainName.from(fullyQualifiedDomainName).parts().get(0); Registry registry = Registry.get(checkNotNull(tld, "tld")); Optional<Money> premiumPrice = getPremiumPrice(label, registry); boolean isNameCollisionInSunrise = registry.getTldState(priceTime).equals(SUNRISE) && getReservationTypes(label, tld).contains(NAME_COLLISION); String feeClass = emptyToNull(Joiner.on('-').skipNulls().join( premiumPrice.isPresent() ? "premium" : null, isNameCollisionInSunrise ? "collision" : null)); return DomainPrices.create( premiumPrice.isPresent(), premiumPrice.orElse(registry.getStandardCreateCost()), premiumPrice.orElse(registry.getStandardRenewCost(priceTime)), Optional.ofNullable(feeClass)); }
/** Return the {@link DomainResource} this host is subordinate to, or null for external hosts. */ public static Optional<DomainResource> lookupSuperordinateDomain( InternetDomainName hostName, DateTime now) throws EppException { Optional<InternetDomainName> tld = findTldForName(hostName); if (!tld.isPresent()) { // This is an host on a TLD we don't run, therefore obviously external, so we are done. return Optional.empty(); } // This is a subordinate host String domainName = hostName .parts() .stream() .skip(hostName.parts().size() - (tld.get().parts().size() + 1)) .collect(joining(".")); DomainResource superordinateDomain = loadByForeignKey(DomainResource.class, domainName, now); if (superordinateDomain == null || !isActive(superordinateDomain, now)) { throw new SuperordinateDomainDoesNotExistException(domainName); } return Optional.of(superordinateDomain); }
private ImmutableList<ResponseExtension> getDomainResponseExtensions( DomainResource domain, DateTime now) throws EppException { ImmutableList.Builder<ResponseExtension> extensions = new ImmutableList.Builder<>(); addSecDnsExtensionIfPresent(extensions, domain.getDsData()); ImmutableSet<GracePeriodStatus> gracePeriodStatuses = domain.getGracePeriodStatuses(); if (!gracePeriodStatuses.isEmpty()) { extensions.add(RgpInfoExtension.create(gracePeriodStatuses)); } FeeInfoCommandExtensionV06 feeInfo = eppInput.getSingleExtension(FeeInfoCommandExtensionV06.class); if (feeInfo != null) { // Fee check was requested. FeeInfoResponseExtensionV06.Builder builder = new FeeInfoResponseExtensionV06.Builder(); handleFeeRequest( feeInfo, builder, InternetDomainName.from(targetId), null, now, pricingLogic); extensions.add(builder.build()); } return extensions.build(); }
private ImmutableSet<? extends ImmutableObject> createBillingEventsAndPollMessages( InternetDomainName domainName, DomainApplication application, HistoryEntry historyEntry, boolean isSunrushAddGracePeriod, Registry registry, DateTime now, int years) { DateTime registrationExpirationTime = leapSafeAddYears(now, years); BillingEvent.OneTime oneTimeBillingEvent = createOneTimeBillingEvent( application, historyEntry, isSunrushAddGracePeriod, registry, now, years); PollMessage.OneTime oneTimePollMessage = createOneTimePollMessage(application, historyEntry, getReservationTypes(domainName), now); // Create a new autorenew billing event and poll message starting at the expiration time. BillingEvent.Recurring autorenewBillingEvent = createAutorenewBillingEvent(historyEntry, registrationExpirationTime); PollMessage.Autorenew autorenewPollMessage = createAutorenewPollMessage(historyEntry, registrationExpirationTime); return ImmutableSet.of( oneTimePollMessage, oneTimeBillingEvent, autorenewBillingEvent, autorenewPollMessage); }
private void verifyRestoreAllowed( Update command, DomainResource existingDomain, FeeUpdateCommandExtension feeUpdate, FeesAndCredits feesAndCredits, DateTime now) throws EppException { verifyOptionalAuthInfo(authInfo, existingDomain); if (!isSuperuser) { verifyResourceOwnership(clientId, existingDomain); verifyNotReserved(InternetDomainName.from(targetId), false); verifyPremiumNameIsNotBlocked(targetId, now, clientId); checkAllowedAccessToTld(clientId, existingDomain.getTld()); } // No other changes can be specified on a restore request. if (!command.noChangesPresent()) { throw new RestoreCommandIncludesChangesException(); } // Domain must be within the redemptionPeriod to be eligible for restore. if (!existingDomain.getGracePeriodStatuses().contains(GracePeriodStatus.REDEMPTION)) { throw new DomainNotEligibleForRestoreException(); } validateFeeChallenge(targetId, existingDomain.getTld(), now, feeUpdate, feesAndCredits); }
private Optional<String> getMessageForCheck( InternetDomainName domainName, Set<String> existingIds, DateTime now) { if (existingIds.contains(domainName.toString())) { return Optional.of("In use"); } Registry registry = Registry.get(domainName.parent().toString()); if (PENDING_ALLOCATION_TLD_STATES.contains(registry.getTldState(now)) && loadActiveApplicationsByDomainName(domainName.toString(), now) .stream() .anyMatch(input -> !input.getApplicationStatus().isFinalStatus())) { return Optional.of("Pending allocation"); } ImmutableSet<ReservationType> reservationTypes = getReservationTypes(domainName); if (reservationTypes.isEmpty() && isDomainPremium(domainName.toString(), now) && registry.getPremiumPriceAckRequired() && eppInput.getSingleExtension(FeeCheckCommandExtension.class) == null) { return Optional.of("Premium names require EPP ext."); } return reservationTypes.isEmpty() ? Optional.empty() : Optional.of(getTypeOfHighestSeverity(reservationTypes).getMessageForCheck()); }
/** Handle the fee check extension. */ private ImmutableList<? extends ResponseExtension> getResponseExtensions( ImmutableMap<String, InternetDomainName> domainNames, DateTime now) throws EppException { FeeCheckCommandExtension<?, ?> feeCheck = eppInput.getSingleExtension(FeeCheckCommandExtension.class); if (feeCheck == null) { return ImmutableList.of(); // No fee checks were requested. } ImmutableList.Builder<FeeCheckResponseExtensionItem> responseItems = new ImmutableList.Builder<>(); for (FeeCheckCommandExtensionItem feeCheckItem : feeCheck.getItems()) { for (String domainName : getDomainNamesToCheckForFee(feeCheckItem, domainNames.keySet())) { FeeCheckResponseExtensionItem.Builder<?> builder = feeCheckItem.createResponseBuilder(); handleFeeRequest( feeCheckItem, builder, domainNames.get(domainName), feeCheck.getCurrency(), now, pricingLogic); responseItems.add(builder.setDomainNameIfSupported(domainName).build()); } } return ImmutableList.of(feeCheck.createResponse(responseItems.build())); }
/** Returns a new renew price for the pricer. */ @SuppressWarnings("unused") public FeesAndCredits getRenewPrice( Registry registry, String domainName, DateTime date, int years) throws EppException { Money renewCost = getDomainRenewCost(domainName, date, years); return customLogic.customizeRenewPrice( RenewPriceParameters.newBuilder() .setFeesAndCredits( new FeesAndCredits.Builder() .setCurrency(registry.getCurrency()) .addFeeOrCredit(Fee.create(renewCost.getAmount(), FeeType.RENEW)) .build()) .setRegistry(registry) .setDomainName(InternetDomainName.from(domainName)) .setAsOfDate(date) .setYears(years) .build()); }
/** Returns a new restore price for the pricer. */ public FeesAndCredits getRestorePrice(Registry registry, String domainName, DateTime date) throws EppException { FeesAndCredits feesAndCredits = new FeesAndCredits.Builder() .setCurrency(registry.getCurrency()) .addFeeOrCredit( Fee.create(getDomainRenewCost(domainName, date, 1).getAmount(), FeeType.RENEW)) .addFeeOrCredit( Fee.create(registry.getStandardRestoreCost().getAmount(), FeeType.RESTORE)) .build(); return customLogic.customizeRestorePrice( RestorePriceParameters.newBuilder() .setFeesAndCredits(feesAndCredits) .setRegistry(registry) .setDomainName(InternetDomainName.from(domainName)) .setAsOfDate(date) .build()); }
/** Returns a new transfer price for the pricer. */ public FeesAndCredits getTransferPrice(Registry registry, String domainName, DateTime date) throws EppException { Money renewCost = getDomainRenewCost(domainName, date, 1); return customLogic.customizeTransferPrice( TransferPriceParameters.newBuilder() .setFeesAndCredits( new FeesAndCredits.Builder() .setCurrency(registry.getCurrency()) .addFeeOrCredit(Fee.create(renewCost.getAmount(), FeeType.RENEW)) .build()) .setRegistry(registry) .setDomainName(InternetDomainName.from(domainName)) .setAsOfDate(date) .build()); }
/** Returns a new update price for the pricer. */ public FeesAndCredits getUpdatePrice(Registry registry, String domainName, DateTime date) throws EppException { CurrencyUnit currency = registry.getCurrency(); BaseFee feeOrCredit = Fee.create(Money.zero(registry.getCurrency()).getAmount(), FeeType.UPDATE); return customLogic.customizeUpdatePrice( UpdatePriceParameters.newBuilder() .setFeesAndCredits( new FeesAndCredits.Builder() .setCurrency(currency) .addFeeOrCredit(feeOrCredit) .build()) .setRegistry(registry) .setDomainName(InternetDomainName.from(domainName)) .setAsOfDate(date) .build()); }
/** * Checks whether an LRP token String maps to a valid {@link LrpTokenEntity} for the domain name's * TLD, and return that entity (wrapped in an {@link Optional}) if one exists. * * <p>This method has no knowledge of whether or not an auth code (interpreted here as an LRP * token) has already been checked against the reserved list for QLP (anchor tenant), as auth * codes are used for both types of registrations. */ public static Optional<LrpTokenEntity> getMatchingLrpToken( String lrpToken, InternetDomainName domainName) { // Note that until the actual per-TLD logic is built out, what's being done here is a basic // domain-name-to-assignee match. if (!lrpToken.isEmpty()) { LrpTokenEntity token = ofy().load().key(Key.create(LrpTokenEntity.class, lrpToken)).now(); if (token != null && token.getAssignee().equalsIgnoreCase(domainName.toString()) && token.getRedemptionHistoryEntry() == null && token.getValidTlds().contains(domainName.parent().toString())) { return Optional.of(token); } } return Optional.empty(); }
static void validateNameserversCountForTld(String tld, InternetDomainName domainName, int count) throws EppException { // For TLDs with a nameserver whitelist, all domains must have at least 1 nameserver. ImmutableSet<String> tldNameserversWhitelist = Registry.get(tld).getAllowedFullyQualifiedHostNames(); if (!tldNameserversWhitelist.isEmpty() && count == 0) { throw new NameserversNotSpecifiedForTldWithNameserverWhitelistException( domainName.toString()); } // For domains with a nameserver restricted reservation, they must have at least 1 nameserver. ImmutableSet<String> domainNameserversWhitelist = getAllowedNameservers(domainName); if (!domainNameserversWhitelist.isEmpty() && count == 0) { throw new NameserversNotSpecifiedForNameserverRestrictedDomainException( domainName.toString()); } if (count > MAX_NAMESERVERS_PER_DOMAIN) { throw new TooManyNameserversException(String.format( "Only %d nameservers are allowed per domain", MAX_NAMESERVERS_PER_DOMAIN)); } }
/** Validate the contacts and nameservers specified in a domain or application create command. */ static void validateCreateCommandContactsAndNameservers( Create command, Registry registry, InternetDomainName domainName) throws EppException { verifyNotInPendingDelete( command.getContacts(), command.getRegistrant(), command.getNameservers()); validateContactsHaveTypes(command.getContacts()); String tld = registry.getTldStr(); validateRegistrantAllowedOnTld(tld, command.getRegistrantContactId()); validateNoDuplicateContacts(command.getContacts()); validateRequiredContactsPresent(command.getRegistrant(), command.getContacts()); Set<String> fullyQualifiedHostNames = nullToEmpty(command.getNameserverFullyQualifiedHostNames()); validateNameserversCountForTld(tld, domainName, fullyQualifiedHostNames.size()); validateNameserversAllowedOnTld(tld, fullyQualifiedHostNames); validateNameserversAllowedOnDomain(domainName, fullyQualifiedHostNames); }
@Override public void publishHost(String hostName) { // Get the superordinate domain name of the host. InternetDomainName host = InternetDomainName.from(hostName); ImmutableList<String> hostParts = host.parts(); Optional<InternetDomainName> tld = Registries.findTldForName(host); // host not managed by our registry, no need to update DNS. if (!tld.isPresent()) { return; } ImmutableList<String> tldParts = tld.get().parts(); ImmutableList<String> domainParts = hostParts.subList(hostParts.size() - tldParts.size() - 1, hostParts.size()); String domain = Joiner.on(".").join(domainParts); // Refresh the superordinate domain, always delete the host first to ensure idempotency, // and only publish the host if it is a glue record. publishDomain(domain, hostName); }
/** * Publish A/AAAA records to Cloud DNS. * * <p>Cloud DNS has no API for glue -- A/AAAA records are automatically matched to their * corresponding NS records to serve glue. */ @Override public void publishHost(String hostName) { // Get the superordinate domain name of the host. InternetDomainName host = InternetDomainName.from(hostName); Optional<InternetDomainName> tld = Registries.findTldForName(host); // Host not managed by our registry, no need to update DNS. if (!tld.isPresent()) { logger.severefmt("publishHost called for invalid host %s", hostName); return; } // Extract the superordinate domain name. The TLD and host may have several dots so this // must calculate a sublist. ImmutableList<String> hostParts = host.parts(); ImmutableList<String> tldParts = tld.get().parts(); ImmutableList<String> domainParts = hostParts.subList(hostParts.size() - tldParts.size() - 1, hostParts.size()); String domain = Joiner.on(".").join(domainParts); // Refresh the superordinate domain, since we shouldn't be publishing glue records if we are not // authoritative for the superordinate domain. publishDomain(domain); }
@Override protected void initMutatingEppToolCommand() { checkArgument(superuser, "This command must be run as a superuser."); findTldForNameOrThrow(InternetDomainName.from(domainName)); // Check that the tld exists. if (isNullOrEmpty(password)) { password = createToken(ANCHOR_TENANT, passwordGenerator); } Money cost = null; if (fee) { cost = getDomainCreateCost(domainName, DateTime.now(UTC), DEFAULT_ANCHOR_TENANT_PERIOD_YEARS); } setSoyTemplate(CreateAnchorTenantSoyInfo.getInstance(), CreateAnchorTenantSoyInfo.CREATEANCHORTENANT); addSoyRecord(clientId, new SoyMapData( "domainName", domainName, "contactId", contact, "reason", reason, "password", password, "period", DEFAULT_ANCHOR_TENANT_PERIOD_YEARS, "feeCurrency", cost != null ? cost.getCurrencyUnit().toString() : null, "fee", cost != null ? cost.getAmount().toString() : null)); }
@Test public void testMatchesAnchorTenantReservation_duplicatingAuthCodes() throws Exception { ReservedList rl1 = persistReservedList("reserved1", "lol,RESERVED_FOR_ANCHOR_TENANT,foo"); ReservedList rl2 = persistReservedList("reserved2", "lol,RESERVED_FOR_ANCHOR_TENANT,foo"); createTld("tld"); persistResource(Registry.get("tld").asBuilder().setReservedLists(rl1, rl2).build()); assertThat(matchesAnchorTenantReservation(InternetDomainName.from("lol.tld"), "foo")).isTrue(); assertThat(matchesAnchorTenantReservation(InternetDomainName.from("lol.tld"), "bar")).isFalse(); persistReservedList("reserved2", "lol,RESERVED_FOR_ANCHOR_TENANT,bar"); IllegalStateException thrown = expectThrows( IllegalStateException.class, () -> matchesAnchorTenantReservation(InternetDomainName.from("lol.tld"), "bar")); assertThat(thrown) .hasMessageThat() .contains("There are conflicting auth codes for domain: lol.tld"); }
@Test public void testFindTldForName() { initTestTlds(); assertThat(Registries.findTldForName(InternetDomainName.from("example.foo")).get().toString()) .isEqualTo("foo"); assertThat(Registries.findTldForName(InternetDomainName.from("x.y.a.b.c")).get().toString()) .isEqualTo("a.b.c"); // We don't have an "example" tld. assertThat(Registries.findTldForName(InternetDomainName.from("foo.example"))).isEmpty(); // A tld is not a match for itself. assertThat(Registries.findTldForName(InternetDomainName.from("foo"))).isEmpty(); // The name must match the entire tld. assertThat(Registries.findTldForName(InternetDomainName.from("x.y.a.b"))).isEmpty(); assertThat(Registries.findTldForName(InternetDomainName.from("x.y.b.c"))).isEmpty(); // Substring tld matches aren't considered. assertThat(Registries.findTldForName(InternetDomainName.from("example.barfoo"))).isEmpty(); }
/** * @see NameService#getHostByAddr(byte[]) */ @Override public InetAddress[] lookupAllHostAddr(String host) throws UnknownHostException { List<InetAddress> addresses = new ArrayList<>(1); InternetDomainName idn = InternetDomainName.from(host); String tld = getTld(idn); if (!tld.equals("bit")) { // Not a .bit domain, fall back to standard resolver throw new UnknownHostException(); } List<String> parts = idn.parts(); if (parts.size() < 2) { throw new UnknownHostException(); } // For now assume only 2 parts. String domain = parts.get(parts.size() - 2); return resolveNamecoin(domain); }
@Override public Object apply(List<Object> objects) { if(objects.isEmpty()) { return null; } Object dnObj = objects.get(0); InternetDomainName idn = toDomainName(dnObj); if(idn != null) { String dn = dnObj.toString(); String tld = extractTld(idn, dn); if(!StringUtils.isEmpty(dn)) { String suffix = safeSubstring(dn, 0, dn.length() - tld.length()); String hostnameWithoutTLD = safeSubstring(suffix, 0, suffix.length() - 1); if(hostnameWithoutTLD == null) { return dn; } String hostnameWithoutSubsAndTLD = Iterables.getLast(Splitter.on(".").split(hostnameWithoutTLD), null); if(hostnameWithoutSubsAndTLD == null) { return null; } return hostnameWithoutSubsAndTLD + "." + tld; } } return null; }
@Override public Object apply(List<Object> objects) { Object dnObj = objects.get(0); InternetDomainName idn = toDomainName(dnObj); if(idn != null) { String dn = dnObj.toString(); String tld = extractTld(idn, dn); String suffix = safeSubstring(dn, 0, dn.length() - tld.length()); if(StringUtils.isEmpty(suffix)) { return suffix; } else { return suffix.substring(0, suffix.length() - 1); } } return null; }
private static InternetDomainName toDomainName(Object dnObj) { if(dnObj != null) { if(dnObj instanceof String) { String dn = dnObj.toString(); try { return InternetDomainName.from(dn); } catch(IllegalArgumentException iae) { return null; } } else { throw new IllegalArgumentException(dnObj + " is not a string and therefore also not a domain."); } } return null; }
public static String getTopLevelDomain(String host) { InternetDomainName domain = null; try { domain = getDomainName(host); if(domain.isUnderPublicSuffix()) { return domain.topPrivateDomain().toString(); } else { // if the domain is a public suffix, just use it as top level domain return domain.toString(); } } catch (IllegalArgumentException e) { // when host is an IP address, use it as TLD if(InetAddresses.isInetAddress(host)) { return host; } throw new IllegalStateException("Invalid top private domain name=["+domain+"] in URL=["+host+"]", e); } }
protected String preprocess(webreduce.data.Dataset ds) { /* example of some useful preprocessing done while indexing */ try { ds.domain = InternetDomainName.from(new URI(ds.url).getHost()) .topPrivateDomain().toString(); } catch (Exception e) { ds.domain = null; } ds.titleTermSet = analyze(ds.title); ds.urlTermSet = analyze(joiner.join(splitURL(ds.url))); ds.columnTypes = new String[ds.relation.length]; for (int i = 0; i < ds.relation.length; i++) ds.columnTypes[i] = Types.columnType(Arrays.copyOfRange( ds.relation[i], 1, ds.relation[i].length)).Name; return ds.toJson(); }
public static String hostToPublicSuffix(String host) { InternetDomainName idn; try { idn = InternetDomainName.from(host); } catch(IllegalArgumentException e) { return host; } InternetDomainName tmp = idn.publicSuffix(); if(tmp == null) { return host; } String pubSuff = tmp.toString(); int idx = host.lastIndexOf(".", host.length() - (pubSuff.length()+2)); if(idx == -1) { return host; } return host.substring(idx+1); }
/** * Get the parent domain name, in order to find inheritence candidates: * @param domain * @return */ private static String getParentDomain(String hostname) { hostname = stripWWW(hostname); try { InternetDomainName idn = InternetDomainName.from(hostname); // Get the private domain, if there is one: if( idn.isUnderPublicSuffix() ) { InternetDomainName domain = idn.topPrivateDomain(); // If the domain is not just a naked TLD, return it: if( domain != null && domain.toString().contains(".")) { return domain.toString(); } } } catch( IllegalArgumentException e ) { Logger.info("Could not parse "+hostname+" as a domain name."); } return hostname; }
/** * Extract the pay-level domain (also known simply as domain, for example http://bbc.co.uk) of the URI provided as parameter. * About URIs: The hierarchical part of the URI is intended to hold identification information hierarchical in nature. * If this part begins with a double forward slash ("//"), it is followed by an authority part and a path. * If it doesn't it contains only a path and thus it doesn't have a PLD (e.g. urns). * @param resourceURI * @return */ public static String extractPayLevelDomainURI(String resourceURI) { // Argument validation. Fail fast if(resourceURI == null) { return null; } int extract = -1; if (resourceURI.startsWith("http://")) extract = resourceURI.indexOf("/", 7); else if (resourceURI.startsWith("https://")) extract = resourceURI.indexOf("/", 8); if(extract == -1) extract = resourceURI.length(); String matched = (resourceURI.startsWith("http://")) ? resourceURI.substring(7, extract) : (resourceURI.startsWith("https://")) ? resourceURI.substring(8, extract) : resourceURI; if(InternetDomainName.isValid(matched) && InternetDomainName.from(matched).isUnderPublicSuffix()) { return InternetDomainName.from(matched).topPrivateDomain().toString(); } else { return resourceURI; } }
/** * Returns the top level domain of the server from the request. This is used to limit the Cookie * to the top domain instead of the full domain name. * <p> * A lot of times, individual gateways of the same domain get their own subdomain but authentication * shall work across all subdomains of the top level domain. * <p> * For example, when sending a request to <code>app1.domain.com</code>, * this returns <code>.domain.com</code>. * * @param request the HTTP request we received from the client. * @return the top level domain to set the cookies for. * Returns null if the domain is not under a public suffix (.com, .co.uk), e.g. for localhost. */ private String getCookieDomain(HttpServletRequest request) { String domain = oAuth2Properties.getWebClientConfiguration().getCookieDomain(); if (domain != null) { return domain; } //if not explicitly defined, use top-level domain domain = request.getServerName().toLowerCase(); //strip off leading www. if (domain.startsWith("www.")) { domain = domain.substring(4); } //if it isn't an IP address if (!InetAddresses.isInetAddress(domain)) { //strip off subdomains, leaving the top level domain only InternetDomainName domainName = InternetDomainName.from(domain); if (domainName.isUnderPublicSuffix() && !domainName.isTopPrivateDomain()) { //preserve leading dot return "." + domainName.topPrivateDomain().toString(); } } //no top-level domain, stick with default domain return null; }
/** * @param info will have the errors and transitional differences set if * appropriate. */ static InternetDomainName toDomainName(String decodedHost, IDNA.Info info) { String unicodeName = IDN.toUnicode(decodedHost, IDN.USE_STD3_ASCII_RULES); IDNA idna = IDNA.getUTS46Instance(IDNA.DEFAULT); StringBuilder nameBuffer = new StringBuilder(decodedHost.length() + 16); nameBuffer = idna.nameToASCII(decodedHost, nameBuffer, info); return InternetDomainName.from(unicodeName); }
/** * Builds a classifier based on previous allow/match decisions. * This may be reused after a call to build and subsequent calls to * allow/match methods will not affect previously built classifiers. */ public AuthorityClassifier build() { ImmutableSet<Inet4Address> ipv4Set = ipv4s.build(); ImmutableSet<Inet6Address> ipv6Set = ipv6s.build(); ImmutableSet<InternetDomainName> domainNameSet = domainNames.build(); HostGlobMatcher hostGlobMatcher = new HostGlobMatcher(hostGlobs.build()); int[] allowedPortsSorted; { ImmutableSet<Integer> allowedPortIntSet = allowedPorts.build(); int n = allowedPortIntSet.size(); allowedPortsSorted = new int[n]; Iterator<Integer> allowedPortIt = allowedPortIntSet.iterator(); for (int i = 0; i < n; ++i) { allowedPortsSorted[i] = allowedPortIt.next(); } Arrays.sort(allowedPortsSorted); } Predicate<? super Integer> portClassifier = allowedPortsSorted.length == 0 // No exclusion specified ? Predicates.alwaysTrue() : Predicates.alwaysFalse(); if (this.allowedPortClassifier != null) { portClassifier = this.allowedPortClassifier; } UserInfoClassifier userInfoClassifier = this.allowedUserInfoClassifier != null ? this.allowedUserInfoClassifier : UserInfoClassifiers.NO_PASSWORD_BUT_USERNAME_IF_ALLOWED_BY_SCHEME; return new AuthorityClassifierImpl( ipv4Set, ipv6Set, domainNameSet, hostGlobMatcher, matchesAnyHost, allowedPortsSorted, portClassifier, userInfoClassifier); }
public AuthorityClassifierImpl( ImmutableSet<Inet4Address> ipv4Set, ImmutableSet<Inet6Address> ipv6Set, ImmutableSet<InternetDomainName> canonHostnameSet, HostGlobMatcher hostGlobMatcher, boolean matchesAnyHost, int[] allowedPortsSorted, Predicate<? super Integer> portClassifier, UserInfoClassifier userInfoClassifier) { this.ipv4Set = ipv4Set; this.ipv6Set = ipv6Set; this.domainNameSet = canonHostnameSet; this.hostGlobMatcher = hostGlobMatcher; this.matchesAnyHost = matchesAnyHost; this.allowedPortsSorted = allowedPortsSorted; this.portClassifier = portClassifier; this.userInfoClassifier = userInfoClassifier; }
public static String getCanonicalDomain(String domain) { InternetDomainName idn = InternetDomainName.from(domain); while (idn != null && !idn.isTopPrivateDomain()) { idn = idn.parent(); } return idn == null ? null : idn.toString(); }
private void setDomainField(String url) { try { URL u = URL.parse(url); String hostString = u.host().toHumanString(); String domain; if (!"localhost".equalsIgnoreCase(hostString) && !InetAddresses.isInetAddress(hostString)) { domain = InternetDomainName.from(hostString).topPrivateDomain().toString(); } else { domain = hostString; } doc.add(new StringField(FIELD_DOMAIN, domain, Field.Store.YES)); } catch (GalimatiasParseException e1) { LOG.error("Unable to parse url {}", url); } }
private IStatus allComponentsLengthAreValid(String value) { String[] components = value.split("\\."); for (String component : components) { if (component.length() == 0 || component.length() > 63) { return ValidationStatus.error(Messages.getString("bucket.name.invalid", value)); } } // if contains dots then must be a valid domain name if (components.length > 1 && !InternetDomainName.isValid(value)) { return ValidationStatus.error(Messages.getString("bucket.name.invalid", value)); } return ValidationStatus.ok(); }
