本站源代码
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

683 lines
18KB

  1. // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
  2. // Copyright 2016 The Go Authors. All rights reserved.
  3. // Use of this source code is governed by a BSD-style
  4. // license that can be found in the LICENSE file.
  5. // +build !go1.10
  6. // Package idna implements IDNA2008 using the compatibility processing
  7. // defined by UTS (Unicode Technical Standard) #46, which defines a standard to
  8. // deal with the transition from IDNA2003.
  9. //
  10. // IDNA2008 (Internationalized Domain Names for Applications), is defined in RFC
  11. // 5890, RFC 5891, RFC 5892, RFC 5893 and RFC 5894.
  12. // UTS #46 is defined in https://www.unicode.org/reports/tr46.
  13. // See https://unicode.org/cldr/utility/idna.jsp for a visualization of the
  14. // differences between these two standards.
  15. package idna // import "golang.org/x/net/idna"
  16. import (
  17. "fmt"
  18. "strings"
  19. "unicode/utf8"
  20. "golang.org/x/text/secure/bidirule"
  21. "golang.org/x/text/unicode/norm"
  22. )
  23. // NOTE: Unlike common practice in Go APIs, the functions will return a
  24. // sanitized domain name in case of errors. Browsers sometimes use a partially
  25. // evaluated string as lookup.
  26. // TODO: the current error handling is, in my opinion, the least opinionated.
  27. // Other strategies are also viable, though:
  28. // Option 1) Return an empty string in case of error, but allow the user to
  29. // specify explicitly which errors to ignore.
  30. // Option 2) Return the partially evaluated string if it is itself a valid
  31. // string, otherwise return the empty string in case of error.
  32. // Option 3) Option 1 and 2.
  33. // Option 4) Always return an empty string for now and implement Option 1 as
  34. // needed, and document that the return string may not be empty in case of
  35. // error in the future.
  36. // I think Option 1 is best, but it is quite opinionated.
  37. // ToASCII is a wrapper for Punycode.ToASCII.
  38. func ToASCII(s string) (string, error) {
  39. return Punycode.process(s, true)
  40. }
  41. // ToUnicode is a wrapper for Punycode.ToUnicode.
  42. func ToUnicode(s string) (string, error) {
  43. return Punycode.process(s, false)
  44. }
  45. // An Option configures a Profile at creation time.
  46. type Option func(*options)
  47. // Transitional sets a Profile to use the Transitional mapping as defined in UTS
  48. // #46. This will cause, for example, "ß" to be mapped to "ss". Using the
  49. // transitional mapping provides a compromise between IDNA2003 and IDNA2008
  50. // compatibility. It is used by most browsers when resolving domain names. This
  51. // option is only meaningful if combined with MapForLookup.
  52. func Transitional(transitional bool) Option {
  53. return func(o *options) { o.transitional = true }
  54. }
  55. // VerifyDNSLength sets whether a Profile should fail if any of the IDN parts
  56. // are longer than allowed by the RFC.
  57. func VerifyDNSLength(verify bool) Option {
  58. return func(o *options) { o.verifyDNSLength = verify }
  59. }
  60. // RemoveLeadingDots removes leading label separators. Leading runes that map to
  61. // dots, such as U+3002 IDEOGRAPHIC FULL STOP, are removed as well.
  62. //
  63. // This is the behavior suggested by the UTS #46 and is adopted by some
  64. // browsers.
  65. func RemoveLeadingDots(remove bool) Option {
  66. return func(o *options) { o.removeLeadingDots = remove }
  67. }
  68. // ValidateLabels sets whether to check the mandatory label validation criteria
  69. // as defined in Section 5.4 of RFC 5891. This includes testing for correct use
  70. // of hyphens ('-'), normalization, validity of runes, and the context rules.
  71. func ValidateLabels(enable bool) Option {
  72. return func(o *options) {
  73. // Don't override existing mappings, but set one that at least checks
  74. // normalization if it is not set.
  75. if o.mapping == nil && enable {
  76. o.mapping = normalize
  77. }
  78. o.trie = trie
  79. o.validateLabels = enable
  80. o.fromPuny = validateFromPunycode
  81. }
  82. }
  83. // StrictDomainName limits the set of permissable ASCII characters to those
  84. // allowed in domain names as defined in RFC 1034 (A-Z, a-z, 0-9 and the
  85. // hyphen). This is set by default for MapForLookup and ValidateForRegistration.
  86. //
  87. // This option is useful, for instance, for browsers that allow characters
  88. // outside this range, for example a '_' (U+005F LOW LINE). See
  89. // http://www.rfc-editor.org/std/std3.txt for more details This option
  90. // corresponds to the UseSTD3ASCIIRules option in UTS #46.
  91. func StrictDomainName(use bool) Option {
  92. return func(o *options) {
  93. o.trie = trie
  94. o.useSTD3Rules = use
  95. o.fromPuny = validateFromPunycode
  96. }
  97. }
  98. // NOTE: the following options pull in tables. The tables should not be linked
  99. // in as long as the options are not used.
  100. // BidiRule enables the Bidi rule as defined in RFC 5893. Any application
  101. // that relies on proper validation of labels should include this rule.
  102. func BidiRule() Option {
  103. return func(o *options) { o.bidirule = bidirule.ValidString }
  104. }
  105. // ValidateForRegistration sets validation options to verify that a given IDN is
  106. // properly formatted for registration as defined by Section 4 of RFC 5891.
  107. func ValidateForRegistration() Option {
  108. return func(o *options) {
  109. o.mapping = validateRegistration
  110. StrictDomainName(true)(o)
  111. ValidateLabels(true)(o)
  112. VerifyDNSLength(true)(o)
  113. BidiRule()(o)
  114. }
  115. }
  116. // MapForLookup sets validation and mapping options such that a given IDN is
  117. // transformed for domain name lookup according to the requirements set out in
  118. // Section 5 of RFC 5891. The mappings follow the recommendations of RFC 5894,
  119. // RFC 5895 and UTS 46. It does not add the Bidi Rule. Use the BidiRule option
  120. // to add this check.
  121. //
  122. // The mappings include normalization and mapping case, width and other
  123. // compatibility mappings.
  124. func MapForLookup() Option {
  125. return func(o *options) {
  126. o.mapping = validateAndMap
  127. StrictDomainName(true)(o)
  128. ValidateLabels(true)(o)
  129. RemoveLeadingDots(true)(o)
  130. }
  131. }
  132. type options struct {
  133. transitional bool
  134. useSTD3Rules bool
  135. validateLabels bool
  136. verifyDNSLength bool
  137. removeLeadingDots bool
  138. trie *idnaTrie
  139. // fromPuny calls validation rules when converting A-labels to U-labels.
  140. fromPuny func(p *Profile, s string) error
  141. // mapping implements a validation and mapping step as defined in RFC 5895
  142. // or UTS 46, tailored to, for example, domain registration or lookup.
  143. mapping func(p *Profile, s string) (string, error)
  144. // bidirule, if specified, checks whether s conforms to the Bidi Rule
  145. // defined in RFC 5893.
  146. bidirule func(s string) bool
  147. }
  148. // A Profile defines the configuration of a IDNA mapper.
  149. type Profile struct {
  150. options
  151. }
  152. func apply(o *options, opts []Option) {
  153. for _, f := range opts {
  154. f(o)
  155. }
  156. }
  157. // New creates a new Profile.
  158. //
  159. // With no options, the returned Profile is the most permissive and equals the
  160. // Punycode Profile. Options can be passed to further restrict the Profile. The
  161. // MapForLookup and ValidateForRegistration options set a collection of options,
  162. // for lookup and registration purposes respectively, which can be tailored by
  163. // adding more fine-grained options, where later options override earlier
  164. // options.
  165. func New(o ...Option) *Profile {
  166. p := &Profile{}
  167. apply(&p.options, o)
  168. return p
  169. }
  170. // ToASCII converts a domain or domain label to its ASCII form. For example,
  171. // ToASCII("bücher.example.com") is "xn--bcher-kva.example.com", and
  172. // ToASCII("golang") is "golang". If an error is encountered it will return
  173. // an error and a (partially) processed result.
  174. func (p *Profile) ToASCII(s string) (string, error) {
  175. return p.process(s, true)
  176. }
  177. // ToUnicode converts a domain or domain label to its Unicode form. For example,
  178. // ToUnicode("xn--bcher-kva.example.com") is "bücher.example.com", and
  179. // ToUnicode("golang") is "golang". If an error is encountered it will return
  180. // an error and a (partially) processed result.
  181. func (p *Profile) ToUnicode(s string) (string, error) {
  182. pp := *p
  183. pp.transitional = false
  184. return pp.process(s, false)
  185. }
  186. // String reports a string with a description of the profile for debugging
  187. // purposes. The string format may change with different versions.
  188. func (p *Profile) String() string {
  189. s := ""
  190. if p.transitional {
  191. s = "Transitional"
  192. } else {
  193. s = "NonTransitional"
  194. }
  195. if p.useSTD3Rules {
  196. s += ":UseSTD3Rules"
  197. }
  198. if p.validateLabels {
  199. s += ":ValidateLabels"
  200. }
  201. if p.verifyDNSLength {
  202. s += ":VerifyDNSLength"
  203. }
  204. return s
  205. }
  206. var (
  207. // Punycode is a Profile that does raw punycode processing with a minimum
  208. // of validation.
  209. Punycode *Profile = punycode
  210. // Lookup is the recommended profile for looking up domain names, according
  211. // to Section 5 of RFC 5891. The exact configuration of this profile may
  212. // change over time.
  213. Lookup *Profile = lookup
  214. // Display is the recommended profile for displaying domain names.
  215. // The configuration of this profile may change over time.
  216. Display *Profile = display
  217. // Registration is the recommended profile for checking whether a given
  218. // IDN is valid for registration, according to Section 4 of RFC 5891.
  219. Registration *Profile = registration
  220. punycode = &Profile{}
  221. lookup = &Profile{options{
  222. transitional: true,
  223. useSTD3Rules: true,
  224. validateLabels: true,
  225. removeLeadingDots: true,
  226. trie: trie,
  227. fromPuny: validateFromPunycode,
  228. mapping: validateAndMap,
  229. bidirule: bidirule.ValidString,
  230. }}
  231. display = &Profile{options{
  232. useSTD3Rules: true,
  233. validateLabels: true,
  234. removeLeadingDots: true,
  235. trie: trie,
  236. fromPuny: validateFromPunycode,
  237. mapping: validateAndMap,
  238. bidirule: bidirule.ValidString,
  239. }}
  240. registration = &Profile{options{
  241. useSTD3Rules: true,
  242. validateLabels: true,
  243. verifyDNSLength: true,
  244. trie: trie,
  245. fromPuny: validateFromPunycode,
  246. mapping: validateRegistration,
  247. bidirule: bidirule.ValidString,
  248. }}
  249. // TODO: profiles
  250. // Register: recommended for approving domain names: don't do any mappings
  251. // but rather reject on invalid input. Bundle or block deviation characters.
  252. )
  253. type labelError struct{ label, code_ string }
  254. func (e labelError) code() string { return e.code_ }
  255. func (e labelError) Error() string {
  256. return fmt.Sprintf("idna: invalid label %q", e.label)
  257. }
  258. type runeError rune
  259. func (e runeError) code() string { return "P1" }
  260. func (e runeError) Error() string {
  261. return fmt.Sprintf("idna: disallowed rune %U", e)
  262. }
  263. // process implements the algorithm described in section 4 of UTS #46,
  264. // see https://www.unicode.org/reports/tr46.
  265. func (p *Profile) process(s string, toASCII bool) (string, error) {
  266. var err error
  267. if p.mapping != nil {
  268. s, err = p.mapping(p, s)
  269. }
  270. // Remove leading empty labels.
  271. if p.removeLeadingDots {
  272. for ; len(s) > 0 && s[0] == '.'; s = s[1:] {
  273. }
  274. }
  275. // It seems like we should only create this error on ToASCII, but the
  276. // UTS 46 conformance tests suggests we should always check this.
  277. if err == nil && p.verifyDNSLength && s == "" {
  278. err = &labelError{s, "A4"}
  279. }
  280. labels := labelIter{orig: s}
  281. for ; !labels.done(); labels.next() {
  282. label := labels.label()
  283. if label == "" {
  284. // Empty labels are not okay. The label iterator skips the last
  285. // label if it is empty.
  286. if err == nil && p.verifyDNSLength {
  287. err = &labelError{s, "A4"}
  288. }
  289. continue
  290. }
  291. if strings.HasPrefix(label, acePrefix) {
  292. u, err2 := decode(label[len(acePrefix):])
  293. if err2 != nil {
  294. if err == nil {
  295. err = err2
  296. }
  297. // Spec says keep the old label.
  298. continue
  299. }
  300. labels.set(u)
  301. if err == nil && p.validateLabels {
  302. err = p.fromPuny(p, u)
  303. }
  304. if err == nil {
  305. // This should be called on NonTransitional, according to the
  306. // spec, but that currently does not have any effect. Use the
  307. // original profile to preserve options.
  308. err = p.validateLabel(u)
  309. }
  310. } else if err == nil {
  311. err = p.validateLabel(label)
  312. }
  313. }
  314. if toASCII {
  315. for labels.reset(); !labels.done(); labels.next() {
  316. label := labels.label()
  317. if !ascii(label) {
  318. a, err2 := encode(acePrefix, label)
  319. if err == nil {
  320. err = err2
  321. }
  322. label = a
  323. labels.set(a)
  324. }
  325. n := len(label)
  326. if p.verifyDNSLength && err == nil && (n == 0 || n > 63) {
  327. err = &labelError{label, "A4"}
  328. }
  329. }
  330. }
  331. s = labels.result()
  332. if toASCII && p.verifyDNSLength && err == nil {
  333. // Compute the length of the domain name minus the root label and its dot.
  334. n := len(s)
  335. if n > 0 && s[n-1] == '.' {
  336. n--
  337. }
  338. if len(s) < 1 || n > 253 {
  339. err = &labelError{s, "A4"}
  340. }
  341. }
  342. return s, err
  343. }
  344. func normalize(p *Profile, s string) (string, error) {
  345. return norm.NFC.String(s), nil
  346. }
  347. func validateRegistration(p *Profile, s string) (string, error) {
  348. if !norm.NFC.IsNormalString(s) {
  349. return s, &labelError{s, "V1"}
  350. }
  351. for i := 0; i < len(s); {
  352. v, sz := trie.lookupString(s[i:])
  353. // Copy bytes not copied so far.
  354. switch p.simplify(info(v).category()) {
  355. // TODO: handle the NV8 defined in the Unicode idna data set to allow
  356. // for strict conformance to IDNA2008.
  357. case valid, deviation:
  358. case disallowed, mapped, unknown, ignored:
  359. r, _ := utf8.DecodeRuneInString(s[i:])
  360. return s, runeError(r)
  361. }
  362. i += sz
  363. }
  364. return s, nil
  365. }
  366. func validateAndMap(p *Profile, s string) (string, error) {
  367. var (
  368. err error
  369. b []byte
  370. k int
  371. )
  372. for i := 0; i < len(s); {
  373. v, sz := trie.lookupString(s[i:])
  374. start := i
  375. i += sz
  376. // Copy bytes not copied so far.
  377. switch p.simplify(info(v).category()) {
  378. case valid:
  379. continue
  380. case disallowed:
  381. if err == nil {
  382. r, _ := utf8.DecodeRuneInString(s[start:])
  383. err = runeError(r)
  384. }
  385. continue
  386. case mapped, deviation:
  387. b = append(b, s[k:start]...)
  388. b = info(v).appendMapping(b, s[start:i])
  389. case ignored:
  390. b = append(b, s[k:start]...)
  391. // drop the rune
  392. case unknown:
  393. b = append(b, s[k:start]...)
  394. b = append(b, "\ufffd"...)
  395. }
  396. k = i
  397. }
  398. if k == 0 {
  399. // No changes so far.
  400. s = norm.NFC.String(s)
  401. } else {
  402. b = append(b, s[k:]...)
  403. if norm.NFC.QuickSpan(b) != len(b) {
  404. b = norm.NFC.Bytes(b)
  405. }
  406. // TODO: the punycode converters require strings as input.
  407. s = string(b)
  408. }
  409. return s, err
  410. }
  411. // A labelIter allows iterating over domain name labels.
  412. type labelIter struct {
  413. orig string
  414. slice []string
  415. curStart int
  416. curEnd int
  417. i int
  418. }
  419. func (l *labelIter) reset() {
  420. l.curStart = 0
  421. l.curEnd = 0
  422. l.i = 0
  423. }
  424. func (l *labelIter) done() bool {
  425. return l.curStart >= len(l.orig)
  426. }
  427. func (l *labelIter) result() string {
  428. if l.slice != nil {
  429. return strings.Join(l.slice, ".")
  430. }
  431. return l.orig
  432. }
  433. func (l *labelIter) label() string {
  434. if l.slice != nil {
  435. return l.slice[l.i]
  436. }
  437. p := strings.IndexByte(l.orig[l.curStart:], '.')
  438. l.curEnd = l.curStart + p
  439. if p == -1 {
  440. l.curEnd = len(l.orig)
  441. }
  442. return l.orig[l.curStart:l.curEnd]
  443. }
  444. // next sets the value to the next label. It skips the last label if it is empty.
  445. func (l *labelIter) next() {
  446. l.i++
  447. if l.slice != nil {
  448. if l.i >= len(l.slice) || l.i == len(l.slice)-1 && l.slice[l.i] == "" {
  449. l.curStart = len(l.orig)
  450. }
  451. } else {
  452. l.curStart = l.curEnd + 1
  453. if l.curStart == len(l.orig)-1 && l.orig[l.curStart] == '.' {
  454. l.curStart = len(l.orig)
  455. }
  456. }
  457. }
  458. func (l *labelIter) set(s string) {
  459. if l.slice == nil {
  460. l.slice = strings.Split(l.orig, ".")
  461. }
  462. l.slice[l.i] = s
  463. }
  464. // acePrefix is the ASCII Compatible Encoding prefix.
  465. const acePrefix = "xn--"
  466. func (p *Profile) simplify(cat category) category {
  467. switch cat {
  468. case disallowedSTD3Mapped:
  469. if p.useSTD3Rules {
  470. cat = disallowed
  471. } else {
  472. cat = mapped
  473. }
  474. case disallowedSTD3Valid:
  475. if p.useSTD3Rules {
  476. cat = disallowed
  477. } else {
  478. cat = valid
  479. }
  480. case deviation:
  481. if !p.transitional {
  482. cat = valid
  483. }
  484. case validNV8, validXV8:
  485. // TODO: handle V2008
  486. cat = valid
  487. }
  488. return cat
  489. }
  490. func validateFromPunycode(p *Profile, s string) error {
  491. if !norm.NFC.IsNormalString(s) {
  492. return &labelError{s, "V1"}
  493. }
  494. for i := 0; i < len(s); {
  495. v, sz := trie.lookupString(s[i:])
  496. if c := p.simplify(info(v).category()); c != valid && c != deviation {
  497. return &labelError{s, "V6"}
  498. }
  499. i += sz
  500. }
  501. return nil
  502. }
  503. const (
  504. zwnj = "\u200c"
  505. zwj = "\u200d"
  506. )
  507. type joinState int8
  508. const (
  509. stateStart joinState = iota
  510. stateVirama
  511. stateBefore
  512. stateBeforeVirama
  513. stateAfter
  514. stateFAIL
  515. )
  516. var joinStates = [][numJoinTypes]joinState{
  517. stateStart: {
  518. joiningL: stateBefore,
  519. joiningD: stateBefore,
  520. joinZWNJ: stateFAIL,
  521. joinZWJ: stateFAIL,
  522. joinVirama: stateVirama,
  523. },
  524. stateVirama: {
  525. joiningL: stateBefore,
  526. joiningD: stateBefore,
  527. },
  528. stateBefore: {
  529. joiningL: stateBefore,
  530. joiningD: stateBefore,
  531. joiningT: stateBefore,
  532. joinZWNJ: stateAfter,
  533. joinZWJ: stateFAIL,
  534. joinVirama: stateBeforeVirama,
  535. },
  536. stateBeforeVirama: {
  537. joiningL: stateBefore,
  538. joiningD: stateBefore,
  539. joiningT: stateBefore,
  540. },
  541. stateAfter: {
  542. joiningL: stateFAIL,
  543. joiningD: stateBefore,
  544. joiningT: stateAfter,
  545. joiningR: stateStart,
  546. joinZWNJ: stateFAIL,
  547. joinZWJ: stateFAIL,
  548. joinVirama: stateAfter, // no-op as we can't accept joiners here
  549. },
  550. stateFAIL: {
  551. 0: stateFAIL,
  552. joiningL: stateFAIL,
  553. joiningD: stateFAIL,
  554. joiningT: stateFAIL,
  555. joiningR: stateFAIL,
  556. joinZWNJ: stateFAIL,
  557. joinZWJ: stateFAIL,
  558. joinVirama: stateFAIL,
  559. },
  560. }
  561. // validateLabel validates the criteria from Section 4.1. Item 1, 4, and 6 are
  562. // already implicitly satisfied by the overall implementation.
  563. func (p *Profile) validateLabel(s string) error {
  564. if s == "" {
  565. if p.verifyDNSLength {
  566. return &labelError{s, "A4"}
  567. }
  568. return nil
  569. }
  570. if p.bidirule != nil && !p.bidirule(s) {
  571. return &labelError{s, "B"}
  572. }
  573. if !p.validateLabels {
  574. return nil
  575. }
  576. trie := p.trie // p.validateLabels is only set if trie is set.
  577. if len(s) > 4 && s[2] == '-' && s[3] == '-' {
  578. return &labelError{s, "V2"}
  579. }
  580. if s[0] == '-' || s[len(s)-1] == '-' {
  581. return &labelError{s, "V3"}
  582. }
  583. // TODO: merge the use of this in the trie.
  584. v, sz := trie.lookupString(s)
  585. x := info(v)
  586. if x.isModifier() {
  587. return &labelError{s, "V5"}
  588. }
  589. // Quickly return in the absence of zero-width (non) joiners.
  590. if strings.Index(s, zwj) == -1 && strings.Index(s, zwnj) == -1 {
  591. return nil
  592. }
  593. st := stateStart
  594. for i := 0; ; {
  595. jt := x.joinType()
  596. if s[i:i+sz] == zwj {
  597. jt = joinZWJ
  598. } else if s[i:i+sz] == zwnj {
  599. jt = joinZWNJ
  600. }
  601. st = joinStates[st][jt]
  602. if x.isViramaModifier() {
  603. st = joinStates[st][joinVirama]
  604. }
  605. if i += sz; i == len(s) {
  606. break
  607. }
  608. v, sz = trie.lookupString(s[i:])
  609. x = info(v)
  610. }
  611. if st == stateFAIL || st == stateAfter {
  612. return &labelError{s, "C"}
  613. }
  614. return nil
  615. }
  616. func ascii(s string) bool {
  617. for i := 0; i < len(s); i++ {
  618. if s[i] >= utf8.RuneSelf {
  619. return false
  620. }
  621. }
  622. return true
  623. }
上海开阖软件有限公司 沪ICP备12045867号-1