anmolnar commented on code in PR #2280:
URL: https://github.com/apache/zookeeper/pull/2280#discussion_r2270809575
##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/IPAuthenticationProvider.java:
##########
@@ -81,6 +96,121 @@ private byte[] v4addr2Bytes(String addr) {
return b;
}
+ /**
+ * Validates an IPv6 address string and converts it into a byte array.
+ *
+ * @param ipv6Addr The IPv6 address string to validate.
+ * @return A byte array representing the IPv6 address if valid, or null if
the address
+ * is invalid or cannot be parsed.
+ */
+ public static byte[] v6addr2Bytes(String ipv6Addr) {
+ // Split the address by "::" to handle zero compression, -1 to keep
trailing empty strings
+ String[] parts = ipv6Addr.trim().split("::", -1);
+
+ String[] segments1 = new String[0];
+ String[] segments2 = new String[0];
+
+ // Case 1: No "::" (full address)
+ if (parts.length == 1) {
+ segments1 = parts[0].split(":");
+ if (segments1.length != IPV6_SEGMENT_COUNT) {
+ LOG.info("IPv6 address without '::' must have " +
IPV6_SEGMENT_COUNT + " segments: {}", ipv6Addr);
+ return null;
+ }
+ } else if (parts.length == 2) {
+ // Case 2: "::" is present
+ // Handle cases like "::1" or "1::"
+ if (!parts[0].isEmpty()) {
+ segments1 = parts[0].split(":");
+ }
+ if (!parts[1].isEmpty()) {
+ segments2 = parts[1].split(":");
+ }
+
+ // Check if the total number of explicit segments exceeds 8
+ if (segments1.length + segments2.length >= IPV6_SEGMENT_COUNT) {
+ LOG.info("Too many segments in IPv6 address with '::': {}",
ipv6Addr);
+ return null;
+ }
+ } else {
+ // Case 3: Invalid number of parts after splitting by "::" (should
be 1 or 2)
+ LOG.warn("Invalid IPv6 address format (unexpected '::' split
result): {}", ipv6Addr);
Review Comment:
Since this is already a warning message, other errors should be reported at
warning level too to be consistent.
##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/IPAuthenticationProvider.java:
##########
@@ -81,6 +96,121 @@ private byte[] v4addr2Bytes(String addr) {
return b;
}
+ /**
+ * Validates an IPv6 address string and converts it into a byte array.
+ *
+ * @param ipv6Addr The IPv6 address string to validate.
+ * @return A byte array representing the IPv6 address if valid, or null if
the address
+ * is invalid or cannot be parsed.
+ */
+ public static byte[] v6addr2Bytes(String ipv6Addr) {
+ // Split the address by "::" to handle zero compression, -1 to keep
trailing empty strings
+ String[] parts = ipv6Addr.trim().split("::", -1);
+
+ String[] segments1 = new String[0];
+ String[] segments2 = new String[0];
+
+ // Case 1: No "::" (full address)
+ if (parts.length == 1) {
+ segments1 = parts[0].split(":");
+ if (segments1.length != IPV6_SEGMENT_COUNT) {
+ LOG.info("IPv6 address without '::' must have " +
IPV6_SEGMENT_COUNT + " segments: {}", ipv6Addr);
Review Comment:
Shouldn't be these warning or rather error messages?
##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/IPAuthenticationProvider.java:
##########
@@ -81,6 +96,121 @@ private byte[] v4addr2Bytes(String addr) {
return b;
}
+ /**
+ * Validates an IPv6 address string and converts it into a byte array.
+ *
+ * @param ipv6Addr The IPv6 address string to validate.
+ * @return A byte array representing the IPv6 address if valid, or null if
the address
+ * is invalid or cannot be parsed.
+ */
+ public static byte[] v6addr2Bytes(String ipv6Addr) {
+ // Split the address by "::" to handle zero compression, -1 to keep
trailing empty strings
+ String[] parts = ipv6Addr.trim().split("::", -1);
+
+ String[] segments1 = new String[0];
+ String[] segments2 = new String[0];
+
+ // Case 1: No "::" (full address)
+ if (parts.length == 1) {
+ segments1 = parts[0].split(":");
+ if (segments1.length != IPV6_SEGMENT_COUNT) {
+ LOG.info("IPv6 address without '::' must have " +
IPV6_SEGMENT_COUNT + " segments: {}", ipv6Addr);
+ return null;
+ }
+ } else if (parts.length == 2) {
+ // Case 2: "::" is present
+ // Handle cases like "::1" or "1::"
+ if (!parts[0].isEmpty()) {
+ segments1 = parts[0].split(":");
+ }
+ if (!parts[1].isEmpty()) {
+ segments2 = parts[1].split(":");
+ }
+
+ // Check if the total number of explicit segments exceeds 8
+ if (segments1.length + segments2.length >= IPV6_SEGMENT_COUNT) {
+ LOG.info("Too many segments in IPv6 address with '::': {}",
ipv6Addr);
+ return null;
+ }
+ } else {
+ // Case 3: Invalid number of parts after splitting by "::" (should
be 1 or 2)
+ LOG.warn("Invalid IPv6 address format (unexpected '::' split
result): {}", ipv6Addr);
+ return null;
+ }
+
+ List<Byte> byteList = new ArrayList<>();
+
+ try {
+ // Process segments before "::"
+ for (String segment : segments1) {
+ if (isInvalidSegment(segment)) {
+ LOG.info("Invalid IPv6 segment: '{}' in address: {}",
segment, ipv6Addr);
Review Comment:
warning
##########
zookeeper-server/src/main/java/org/apache/zookeeper/server/auth/IPAuthenticationProvider.java:
##########
@@ -81,6 +96,121 @@ private byte[] v4addr2Bytes(String addr) {
return b;
}
+ /**
+ * Validates an IPv6 address string and converts it into a byte array.
+ *
+ * @param ipv6Addr The IPv6 address string to validate.
+ * @return A byte array representing the IPv6 address if valid, or null if
the address
+ * is invalid or cannot be parsed.
+ */
+ public static byte[] v6addr2Bytes(String ipv6Addr) {
+ // Split the address by "::" to handle zero compression, -1 to keep
trailing empty strings
+ String[] parts = ipv6Addr.trim().split("::", -1);
+
+ String[] segments1 = new String[0];
+ String[] segments2 = new String[0];
+
+ // Case 1: No "::" (full address)
+ if (parts.length == 1) {
+ segments1 = parts[0].split(":");
+ if (segments1.length != IPV6_SEGMENT_COUNT) {
+ LOG.info("IPv6 address without '::' must have " +
IPV6_SEGMENT_COUNT + " segments: {}", ipv6Addr);
+ return null;
+ }
+ } else if (parts.length == 2) {
+ // Case 2: "::" is present
+ // Handle cases like "::1" or "1::"
+ if (!parts[0].isEmpty()) {
+ segments1 = parts[0].split(":");
+ }
+ if (!parts[1].isEmpty()) {
+ segments2 = parts[1].split(":");
+ }
+
+ // Check if the total number of explicit segments exceeds 8
+ if (segments1.length + segments2.length >= IPV6_SEGMENT_COUNT) {
+ LOG.info("Too many segments in IPv6 address with '::': {}",
ipv6Addr);
+ return null;
+ }
+ } else {
+ // Case 3: Invalid number of parts after splitting by "::" (should
be 1 or 2)
+ LOG.warn("Invalid IPv6 address format (unexpected '::' split
result): {}", ipv6Addr);
+ return null;
+ }
+
+ List<Byte> byteList = new ArrayList<>();
+
+ try {
+ // Process segments before "::"
+ for (String segment : segments1) {
+ if (isInvalidSegment(segment)) {
+ LOG.info("Invalid IPv6 segment: '{}' in address: {}",
segment, ipv6Addr);
+ return null;
+ }
+ int value = Integer.parseInt(segment, 16);
+ byteList.add((byte) ((value >> 8) & 0xFF));
+ byteList.add((byte) (value & 0xFF));
+ }
+
+ // Add zero segments for "::" compression
+ int missingSegments = IPV6_SEGMENT_COUNT - (segments1.length +
segments2.length);
+ for (int i = 0; i < missingSegments; i++) {
+ byteList.add((byte) 0x00);
+ byteList.add((byte) 0x00);
+ }
+
+ // Process segments after "::"
+ for (String segment : segments2) {
+ if (isInvalidSegment(segment)) {
+ LOG.info("Invalid IPv6 segment: '{}' in address: {}",
segment, ipv6Addr);
+ return null;
+ }
+ int value = Integer.parseInt(segment, 16);
+ byteList.add((byte) ((value >> 8) & 0xFF));
+ byteList.add((byte) (value & 0xFF));
+ }
+
+ } catch (NumberFormatException e) {
+ // 3. Catch NumberFormatException if String cannot be parsed
+ LOG.debug("Invalid hexadecimal format in IPv6 address: {} - {}",
ipv6Addr, e.getMessage());
Review Comment:
This one is at debug level. I think either we should log the error message
at Error level or log every detail at debug level and say just "invalid ipv6
address" to the user, because now it seems to confusing.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
