001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.commons.validator.routines;
018    
019    import java.io.Serializable;
020    import java.util.Arrays;
021    import java.util.Collections;
022    import java.util.HashSet;
023    import java.util.Set;
024    import java.util.regex.Matcher;
025    import java.util.regex.Pattern;
026    
027    /**
028     * <p><b>URL Validation</b> routines.</p>
029     * Behavior of validation is modified by passing in options:
030     * <li>ALLOW_2_SLASHES - [FALSE]  Allows double '/' characters in the path
031     * component.</li>
032     * <li>NO_FRAGMENT- [FALSE]  By default fragments are allowed, if this option is
033     * included then fragments are flagged as illegal.</li>
034     * <li>ALLOW_ALL_SCHEMES - [FALSE] By default only http, https, and ftp are
035     * considered valid schemes.  Enabling this option will let any scheme pass validation.</li>
036     *
037     * <p>Originally based in on php script by Debbie Dyer, validation.php v1.2b, Date: 03/07/02,
038     * http://javascript.internet.com. However, this validation now bears little resemblance
039     * to the php original.</p>
040     * <pre>
041     *   Example of usage:
042     *   Construct a UrlValidator with valid schemes of "http", and "https".
043     *
044     *    String[] schemes = {"http","https"}.
045     *    UrlValidator urlValidator = new UrlValidator(schemes);
046     *    if (urlValidator.isValid("ftp://foo.bar.com/")) {
047     *       System.out.println("url is valid");
048     *    } else {
049     *       System.out.println("url is invalid");
050     *    }
051     *
052     *    prints "url is invalid"
053     *   If instead the default constructor is used.
054     *
055     *    UrlValidator urlValidator = new UrlValidator();
056     *    if (urlValidator.isValid("ftp://foo.bar.com/")) {
057     *       System.out.println("url is valid");
058     *    } else {
059     *       System.out.println("url is invalid");
060     *    }
061     *
062     *   prints out "url is valid"
063     *  </pre>
064     *
065     * @see
066     * <a href='http://www.ietf.org/rfc/rfc2396.txt' >
067     *  Uniform Resource Identifiers (URI): Generic Syntax
068     * </a>
069     *
070     * @version $Revision: 595020 $ $Date: 2007-11-14 20:36:45 +0100 (Mi, 14. Nov 2007) $
071     * @since Validator 1.4
072     */
073    public class UrlValidator implements Serializable {
074    
075        /**
076         * Allows all validly formatted schemes to pass validation instead of
077         * supplying a set of valid schemes.
078         */
079        public static final long ALLOW_ALL_SCHEMES = 1 << 0;
080    
081        /**
082         * Allow two slashes in the path component of the URL.
083         */
084        public static final long ALLOW_2_SLASHES = 1 << 1;
085    
086        /**
087         * Enabling this options disallows any URL fragments.
088         */
089        public static final long NO_FRAGMENTS = 1 << 2;
090    
091        // Drop numeric, and  "+-." for now
092        private static final String AUTHORITY_CHARS_REGEX = "\\p{Alnum}\\-\\.";
093    
094        /**
095         * This expression derived/taken from the BNF for URI (RFC2396).
096         */
097        private static final String URL_REGEX =
098                "^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\\?([^#]*))?(#(.*))?";
099        //                                                                      12            3  4          5       6   7        8 9
100        private static final Pattern URL_PATTERN = Pattern.compile(URL_REGEX);
101    
102        /**
103         * Schema/Protocol (ie. http:, ftp:, file:, etc).
104         */
105        private static final int PARSE_URL_SCHEME = 2;
106    
107        /**
108         * Includes hostname/ip and port number.
109         */
110        private static final int PARSE_URL_AUTHORITY = 4;
111    
112        private static final int PARSE_URL_PATH = 5;
113    
114        private static final int PARSE_URL_QUERY = 7;
115    
116        private static final int PARSE_URL_FRAGMENT = 9;
117    
118        /**
119         * Protocol (ie. http:, ftp:,https:).
120         */
121        private static final String SCHEME_REGEX = "^\\p{Alpha}[\\p{Alnum}\\+\\-\\.]*";
122        private static final Pattern SCHEME_PATTERN = Pattern.compile(SCHEME_REGEX);
123    
124        private static final String AUTHORITY_REGEX =
125                "^([" + AUTHORITY_CHARS_REGEX + "]*)(:\\d*)?(.*)?";
126        //                                                                            1                          2  3       4
127        private static final Pattern AUTHORITY_PATTERN = Pattern.compile(AUTHORITY_REGEX);
128    
129        private static final int PARSE_AUTHORITY_HOST_IP = 1;
130    
131        private static final int PARSE_AUTHORITY_PORT = 2;
132    
133        /**
134         * Should always be empty.
135         */
136        private static final int PARSE_AUTHORITY_EXTRA = 3;
137    
138        private static final String PATH_REGEX = "^(/[-\\w:@&?=+,.!/~*'%$_;\\(\\)]*)?$";
139        private static final Pattern PATH_PATTERN = Pattern.compile(PATH_REGEX);
140    
141        private static final String QUERY_REGEX = "^(.*)$";
142        private static final Pattern QUERY_PATTERN = Pattern.compile(QUERY_REGEX);
143    
144        private static final String LEGAL_ASCII_REGEX = "^\\p{ASCII}+$";
145        private static final Pattern ASCII_PATTERN = Pattern.compile(LEGAL_ASCII_REGEX);
146    
147        private static final String PORT_REGEX = "^:(\\d{1,5})$";
148        private static final Pattern PORT_PATTERN = Pattern.compile(PORT_REGEX);
149    
150        /**
151         * Holds the set of current validation options.
152         */
153        private final long options;
154    
155        /**
156         * The set of schemes that are allowed to be in a URL.
157         */
158        private final Set allowedSchemes;
159    
160        /**
161         * Regular expressions used to manually validate authorities if IANA
162         * domain name validation isn't desired.
163         */
164        private final RegexValidator authorityValidator;
165    
166        /**
167         * If no schemes are provided, default to this set.
168         */
169        private static final String[] DEFAULT_SCHEMES = {"http", "https", "ftp"};
170    
171        /**
172         * Singleton instance of this class with default schemes and options.
173         */
174        private static final UrlValidator DEFAULT_URL_VALIDATOR = new UrlValidator();
175    
176        /**
177         * Returns the singleton instance of this class with default schemes and options.
178         * @return singleton instance with default schemes and options
179         */
180        public static UrlValidator getInstance() {
181            return DEFAULT_URL_VALIDATOR;    
182        }
183    
184        /**
185         * Create a UrlValidator with default properties.
186         */
187        public UrlValidator() {
188            this(null);
189        }
190    
191        /**
192         * Behavior of validation is modified by passing in several strings options:
193         * @param schemes Pass in one or more url schemes to consider valid, passing in
194         *        a null will default to "http,https,ftp" being valid.
195         *        If a non-null schemes is specified then all valid schemes must
196         *        be specified. Setting the ALLOW_ALL_SCHEMES option will
197         *        ignore the contents of schemes.
198         */
199        public UrlValidator(String[] schemes) {
200            this(schemes, (long)0);
201        }
202    
203        /**
204         * Initialize a UrlValidator with the given validation options.
205         * @param options The options should be set using the public constants declared in
206         * this class.  To set multiple options you simply add them together.  For example,
207         * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
208         */
209        public UrlValidator(long options) {
210            this(null, null, options);
211        }
212    
213        /**
214         * Behavior of validation is modified by passing in options:
215         * @param schemes The set of valid schemes.
216         * @param options The options should be set using the public constants declared in
217         * this class.  To set multiple options you simply add them together.  For example,
218         * ALLOW_2_SLASHES + NO_FRAGMENTS enables both of those options.
219         */
220        public UrlValidator(String[] schemes, long options) {
221            this(schemes, null, options);
222        }
223    
224        /**
225         * Initialize a UrlValidator with the given validation options.
226         * @param authorityValidator Regular expression validator used to validate the authority part
227         * @param options Validation options. Set using the public constants of this class.
228         * To set multiple options, simply add them together:
229         * <p><code>ALLOW_2_SLASHES + NO_FRAGMENTS</code></p>
230         * enables both of those options.
231         */
232        public UrlValidator(RegexValidator authorityValidator, long options) {
233            this(null, authorityValidator, options);
234        }
235    
236        /**
237         * Customizable constructor. Validation behavior is modifed by passing in options.
238         * @param schemes the set of valid schemes
239         * @param authorityValidator Regular expression validator used to validate the authority part
240         * @param options Validation options. Set using the public constants of this class.
241         * To set multiple options, simply add them together:
242         * <p><code>ALLOW_2_SLASHES + NO_FRAGMENTS</code></p>
243         * enables both of those options.
244         */
245        public UrlValidator(String[] schemes, RegexValidator authorityValidator, long options) {
246            this.options = options;
247    
248            if (isOn(ALLOW_ALL_SCHEMES)) {
249                this.allowedSchemes = Collections.EMPTY_SET;
250            } else {
251                if (schemes == null) {
252                    schemes = DEFAULT_SCHEMES;
253                }
254                this.allowedSchemes = new HashSet();
255                this.allowedSchemes.addAll(Arrays.asList(schemes));
256            }
257    
258            this.authorityValidator = authorityValidator;
259    
260        }
261    
262        /**
263         * <p>Checks if a field has a valid url address.</p>
264         *
265         * @param value The value validation is being performed on.  A <code>null</code>
266         * value is considered invalid.
267         * @return true if the url is valid.
268         */
269        public boolean isValid(String value) {
270            if (value == null) {
271                return false;
272            }
273    
274            if (!ASCII_PATTERN.matcher(value).matches()) {
275                return false;
276            }
277    
278            // Check the whole url address structure
279            Matcher urlMatcher = URL_PATTERN.matcher(value);
280            if (!urlMatcher.matches()) {
281                return false;
282            }
283    
284            if (!isValidScheme(urlMatcher.group(PARSE_URL_SCHEME))) {
285                return false;
286            }
287    
288            if (!isValidAuthority(urlMatcher.group(PARSE_URL_AUTHORITY))) {
289                return false;
290            }
291    
292            if (!isValidPath(urlMatcher.group(PARSE_URL_PATH))) {
293                return false;
294            }
295    
296            if (!isValidQuery(urlMatcher.group(PARSE_URL_QUERY))) {
297                return false;
298            }
299    
300            if (!isValidFragment(urlMatcher.group(PARSE_URL_FRAGMENT))) {
301                return false;
302            }
303    
304            return true;
305        }
306    
307        /**
308         * Validate scheme. If schemes[] was initialized to a non null,
309         * then only those scheme's are allowed.  Note this is slightly different
310         * than for the constructor.
311         * @param scheme The scheme to validate.  A <code>null</code> value is considered
312         * invalid.
313         * @return true if valid.
314         */
315        protected boolean isValidScheme(String scheme) {
316            if (scheme == null) {
317                return false;
318            }
319    
320            if (!SCHEME_PATTERN.matcher(scheme).matches()) {
321                return false;
322            }
323    
324            if (isOff(ALLOW_ALL_SCHEMES)) {
325    
326                if (!this.allowedSchemes.contains(scheme)) {
327                    return false;
328                }
329            }
330    
331            return true;
332        }
333    
334        /**
335         * Returns true if the authority is properly formatted.  An authority is the combination
336         * of hostname and port.  A <code>null</code> authority value is considered invalid.
337         * @param authority Authority value to validate.
338         * @return true if authority (hostname and port) is valid.
339         */
340        protected boolean isValidAuthority(String authority) {
341            if (authority == null) {
342                return false;
343            }
344    
345            // check manual authority validation if specified
346            if (authorityValidator != null) {
347                if (authorityValidator.isValid(authority)) {
348                    return true;
349                }
350            }
351    
352            Matcher authorityMatcher = AUTHORITY_PATTERN.matcher(authority);
353            if (!authorityMatcher.matches()) {
354                return false;
355            }
356    
357            String hostLocation = authorityMatcher.group(PARSE_AUTHORITY_HOST_IP);
358            // check if authority is hostname or IP address:
359            // try a hostname first since that's much more likely
360            DomainValidator domainValidator = DomainValidator.getInstance();
361            if (!domainValidator.isValid(hostLocation)) {
362                // try an IP address
363                InetAddressValidator inetAddressValidator =
364                    InetAddressValidator.getInstance();
365                if (!inetAddressValidator.isValid(hostLocation)) {
366                    // isn't either one, so the URL is invalid
367                    return false;
368                }
369            }
370    
371            String port = authorityMatcher.group(PARSE_AUTHORITY_PORT);
372            if (port != null) {
373                if (!PORT_PATTERN.matcher(port).matches()) {
374                    return false;
375                }
376            }
377    
378            String extra = authorityMatcher.group(PARSE_AUTHORITY_EXTRA);
379            if (extra != null && extra.trim().length() > 0){
380                return false;
381            }
382    
383            return true;
384        }
385    
386        /**
387         * Returns true if the path is valid.  A <code>null</code> value is considered invalid.
388         * @param path Path value to validate.
389         * @return true if path is valid.
390         */
391        protected boolean isValidPath(String path) {
392            if (path == null) {
393                return false;
394            }
395    
396            if (!PATH_PATTERN.matcher(path).matches()) {
397                return false;
398            }
399    
400            int slash2Count = countToken("//", path);
401            if (isOff(ALLOW_2_SLASHES) && (slash2Count > 0)) {
402                return false;
403            }
404    
405            int slashCount = countToken("/", path);
406            int dot2Count = countToken("..", path);
407            if (dot2Count > 0) {
408                if ((slashCount - slash2Count - 1) <= dot2Count) {
409                    return false;
410                }
411            }
412    
413            return true;
414        }
415    
416        /**
417         * Returns true if the query is null or it's a properly formatted query string.
418         * @param query Query value to validate.
419         * @return true if query is valid.
420         */
421        protected boolean isValidQuery(String query) {
422            if (query == null) {
423                return true;
424            }
425    
426            return QUERY_PATTERN.matcher(query).matches();
427        }
428    
429        /**
430         * Returns true if the given fragment is null or fragments are allowed.
431         * @param fragment Fragment value to validate.
432         * @return true if fragment is valid.
433         */
434        protected boolean isValidFragment(String fragment) {
435            if (fragment == null) {
436                return true;
437            }
438    
439            return isOff(NO_FRAGMENTS);
440        }
441    
442        /**
443         * Returns the number of times the token appears in the target.
444         * @param token Token value to be counted.
445         * @param target Target value to count tokens in.
446         * @return the number of tokens.
447         */
448        protected int countToken(String token, String target) {
449            int tokenIndex = 0;
450            int count = 0;
451            while (tokenIndex != -1) {
452                tokenIndex = target.indexOf(token, tokenIndex);
453                if (tokenIndex > -1) {
454                    tokenIndex++;
455                    count++;
456                }
457            }
458            return count;
459        }
460    
461        /**
462         * Tests whether the given flag is on.  If the flag is not a power of 2 
463         * (ie. 3) this tests whether the combination of flags is on.
464         *
465         * @param flag Flag value to check.
466         *
467         * @return whether the specified flag value is on.
468         */
469        private boolean isOn(long flag) {
470            return (this.options & flag) > 0;
471        }
472    
473        /**
474         * Tests whether the given flag is off.  If the flag is not a power of 2 
475         * (ie. 3) this tests whether the combination of flags is off.
476         *
477         * @param flag Flag value to check.
478         *
479         * @return whether the specified flag value is off.
480         */
481        private boolean isOff(long flag) {
482            return (this.options & flag) == 0;
483        }
484    }