org.glassfish.grizzly.http.util
Class HttpRequestURIDecoder

java.lang.Object
  org.glassfish.grizzly.http.util.HttpRequestURIDecoder

public class HttpRequestURIDecoder
extends Object

Utility class that make sure an HTTP url defined inside a MessageBytes is normalized, converted and valid. It also makes sure there is no security hole. Mainly, this class can be used by doing:

 HttpRequestURIDecoder.decode(decodedURI, urlDecoder, encoding, b2cConverter);

 

Author:

Jeanfrancois Arcand

Field Summary

protected static boolean

ALLOW_BACKSLASH

Constructor Summary

HttpRequestURIDecoder()

Method Summary

static boolean	checkNormalize(CharChunk uriCC) Check that the URI is normalized following character decoding.
protected void	convertMB(MessageBytes mb) Character conversion of the a US-ASCII MessageBytes.
static void	convertToChars(DataChunk decodedURI, Charset encoding) Converts the normalized the HTTP request represented by the bytes inside DataChunk to chars representation, using the passed encoding.
protected static void	copyBytes(byte[] b, int dest, int src, int len) Copy an array of bytes to a different position.
static void	decode(DataChunk decodedURI) Decode the HTTP request represented by the bytes inside DataChunk.
static void	decode(DataChunk decodedURI, boolean isSlashAllowed) Decode the HTTP request represented by the bytes inside DataChunk.
static void	decode(DataChunk decodedURI, boolean isSlashAllowed, Charset encoding) Decode the HTTP request represented by the bytes inside DataChunk.
static void	decode(DataChunk originalURI, DataChunk targetDecodedURI, boolean isSlashAllowed, Charset encoding) Decode the HTTP request represented by the bytes inside DataChunk.
static void	decode(MessageBytes decodedURI, UDecoder urlDecoder) Decode the http request represented by the bytes inside MessageBytes using an UDecoder.
static void	decode(MessageBytes decodedURI, UDecoder urlDecoder, String encoding, B2CConverter b2cConverter) Decode the HTTP request represented by the bytes inside MessageBytes using an UDecoder, using the specified encoding, using the specified [@link B2CConverter} to decode the request.
protected void	log(String message) Log a message on the Logger associated with our Container (if any)
protected void	log(String message, Throwable throwable) Log a message on the Logger associated with our Container (if any)
static boolean	normalize(DataChunk dataChunk) Normalize URI.
static boolean	normalize(MessageBytes uriMB) Normalize URI.
static boolean	normalizeBuffer(BufferChunk bc)
static boolean	normalizeBytes(ByteChunk bc)
static boolean	normalizeChars(CharChunk uriCC)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ALLOW_BACKSLASH

protected static final boolean ALLOW_BACKSLASH

See Also:

Constant Field Values

Constructor Detail

HttpRequestURIDecoder

public HttpRequestURIDecoder()

Method Detail

decode

public static void decode(MessageBytes decodedURI,
                          UDecoder urlDecoder)
                   throws Exception

Decode the http request represented by the bytes inside MessageBytes using an UDecoder.

Parameters:

decodedURI - - The bytes to decode

urlDecoder - - The urlDecoder to use to decode.

Throws:

Exception

decode

public static void decode(MessageBytes decodedURI,
                          UDecoder urlDecoder,
                          String encoding,
                          B2CConverter b2cConverter)
                   throws Exception

Decode the HTTP request represented by the bytes inside MessageBytes using an UDecoder, using the specified encoding, using the specified [@link B2CConverter} to decode the request.

Parameters:

decodedURI - - The bytes to decode

urlDecoder - - The urlDecoder to use to decode.

encoding - the encoding value, default is UTF-8.

b2cConverter - the Bytes to Char Converter.

Throws:

Exception

decode

public static void decode(DataChunk decodedURI)
                   throws CharConversionException

Decode the HTTP request represented by the bytes inside DataChunk.

Parameters:

decodedURI - - The bytes to decode

Throws:

Exception

CharConversionException

decode

public static void decode(DataChunk decodedURI,
                          boolean isSlashAllowed)
                   throws CharConversionException

Decode the HTTP request represented by the bytes inside DataChunk.

Parameters:

decodedURI - - The bytes to decode

isSlashAllowed - allow encoded slashes

Throws:

Exception

CharConversionException

decode

public static void decode(DataChunk decodedURI,
                          boolean isSlashAllowed,
                          Charset encoding)
                   throws CharConversionException

Decode the HTTP request represented by the bytes inside DataChunk.

Parameters:

decodedURI - - The bytes to decode

encoding - the encoding value, default is UTF-8.

Throws:

Exception

CharConversionException

decode

public static void decode(DataChunk originalURI,
                          DataChunk targetDecodedURI,
                          boolean isSlashAllowed,
                          Charset encoding)
                   throws CharConversionException

Decode the HTTP request represented by the bytes inside DataChunk.

Parameters:

originalURI - - The bytes to decode

targetDecodedURI - the target DataChunk URI will be decoded to

isSlashAllowed - is '/' an allowable character

encoding - the encoding value, default is UTF-8

Throws:

Exception

CharConversionException

convertToChars

public static void convertToChars(DataChunk decodedURI,
                                  Charset encoding)
                           throws CharConversionException

Converts the normalized the HTTP request represented by the bytes inside DataChunk to chars representation, using the passed encoding.

Parameters:

decodedURI - - The bytes to decode

encoding - the encoding value, default is UTF-8.

Throws:

Exception

CharConversionException

normalize

public static boolean normalize(MessageBytes uriMB)

Normalize URI.

This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.

Parameters:

uriMB - URI to be normalized

normalize

public static boolean normalize(DataChunk dataChunk)

Normalize URI.

This method normalizes "\", "//", "/./" and "/../". This method will return false when trying to go above the root, or if the URI contains a null byte.

Parameters:

dataChunk - URI to be normalized

checkNormalize

public static boolean checkNormalize(CharChunk uriCC)

Check that the URI is normalized following character decoding.

This method checks for "\", 0, "//", "/./" and "/../". This method will return false if sequences that are supposed to be normalized are still present in the URI.

Parameters:

uriCC - URI to be checked (should be chars)

normalizeChars

public static boolean normalizeChars(CharChunk uriCC)

copyBytes

protected static void copyBytes(byte[] b,
                                int dest,
                                int src,
                                int len)

Copy an array of bytes to a different position. Used during normalization.

log

protected void log(String message)

Log a message on the Logger associated with our Container (if any)

Parameters:

message - Message to be logged

log

protected void log(String message,
                   Throwable throwable)

Log a message on the Logger associated with our Container (if any)

Parameters:

message - Message to be logged

throwable - Associated exception

convertMB

protected void convertMB(MessageBytes mb)

Character conversion of the a US-ASCII MessageBytes.

normalizeBytes

public static boolean normalizeBytes(ByteChunk bc)

normalizeBuffer

public static boolean normalizeBuffer(BufferChunk bc)