001    /*
002     * Copyright (C) 2008 The Guava Authors
003     *
004     * Licensed under the Apache License, Version 2.0 (the "License");
005     * you may not use this file except in compliance with the License.
006     * You may obtain a copy of the License at
007     *
008     * http://www.apache.org/licenses/LICENSE-2.0
009     *
010     * Unless required by applicable law or agreed to in writing, software
011     * distributed under the License is distributed on an "AS IS" BASIS,
012     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013     * See the License for the specific language governing permissions and
014     * limitations under the License.
015     */
016    
017    package com.google.common.net;
018    
019    import com.google.common.annotations.Beta;
020    import com.google.common.annotations.VisibleForTesting;
021    import com.google.common.base.Preconditions;
022    import com.google.common.io.ByteStreams;
023    import com.google.common.primitives.Ints;
024    
025    import java.net.Inet4Address;
026    import java.net.Inet6Address;
027    import java.net.InetAddress;
028    import java.net.UnknownHostException;
029    import java.nio.ByteBuffer;
030    import java.util.Arrays;
031    
032    import javax.annotation.Nullable;
033    
034    /**
035     * Static utility methods pertaining to {@link InetAddress} instances.
036     *
037     * <p><b>Important note:</b> Unlike {@code InetAddress.getByName()}, the
038     * methods of this class never cause DNS services to be accessed. For
039     * this reason, you should prefer these methods as much as possible over
040     * their JDK equivalents whenever you are expecting to handle only
041     * IP address string literals -- there is no blocking DNS penalty for a
042     * malformed string.
043     *
044     * <p>This class hooks into the {@code sun.net.util.IPAddressUtil} class
045     * to make use of the {@code textToNumericFormatV4} and
046     * {@code textToNumericFormatV6} methods directly as a means to avoid
047     * accidentally traversing all nameservices (it can be vitally important
048     * to avoid, say, blocking on DNS at times).
049     *
050     * <p>When dealing with {@link Inet4Address} and {@link Inet6Address}
051     * objects as byte arrays (vis. {@code InetAddress.getAddress()}) they
052     * are 4 and 16 bytes in length, respectively, and represent the address
053     * in network byte order.
054     *
055     * <p>Examples of IP addresses and their byte representations:
056     * <ul>
057     * <li>The IPv4 loopback address, {@code "127.0.0.1"}.<br/>
058     *     {@code 7f 00 00 01}
059     *
060     * <li>The IPv6 loopback address, {@code "::1"}.<br/>
061     *     {@code 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01}
062     *
063     * <li>From the IPv6 reserved documentation prefix ({@code 2001:db8::/32}),
064     *     {@code "2001:db8::1"}.<br/>
065     *     {@code 20 01 0d b8 00 00 00 00 00 00 00 00 00 00 00 01}
066     *
067     * <li>An IPv6 "IPv4 compatible" (or "compat") address,
068     *     {@code "::192.168.0.1"}.<br/>
069     *     {@code 00 00 00 00 00 00 00 00 00 00 00 00 c0 a8 00 01}
070     *
071     * <li>An IPv6 "IPv4 mapped" address, {@code "::ffff:192.168.0.1"}.<br/>
072     *     {@code 00 00 00 00 00 00 00 00 00 00 ff ff c0 a8 00 01}
073     * </ul>
074     *
075     * <p>A few notes about IPv6 "IPv4 mapped" addresses and their observed
076     * use in Java.
077     * <br><br>
078     * "IPv4 mapped" addresses were originally a representation of IPv4
079     * addresses for use on an IPv6 socket that could receive both IPv4
080     * and IPv6 connections (by disabling the {@code IPV6_V6ONLY} socket
081     * option on an IPv6 socket).  Yes, it's confusing.  Nevertheless,
082     * these "mapped" addresses were never supposed to be seen on the
083     * wire.  That assumption was dropped, some say mistakenly, in later
084     * RFCs with the apparent aim of making IPv4-to-IPv6 transition simpler.
085     *
086     * <p>Technically one <i>can</i> create a 128bit IPv6 address with the wire
087     * format of a "mapped" address, as shown above, and transmit it in an
088     * IPv6 packet header.  However, Java's InetAddress creation methods
089     * appear to adhere doggedly to the original intent of the "mapped"
090     * address: all "mapped" addresses return {@link Inet4Address} objects.
091     *
092     * <p>For added safety, it is common for IPv6 network operators to filter
093     * all packets where either the source or destination address appears to
094     * be a "compat" or "mapped" address.  Filtering suggestions usually
095     * recommend discarding any packets with source or destination addresses
096     * in the invalid range {@code ::/3}, which includes both of these bizarre
097     * address formats.  For more information on "bogons", including lists
098     * of IPv6 bogon space, see:
099     *
100     * <ul>
101     * <li><a target="_parent"
102     *        href="http://en.wikipedia.org/wiki/Bogon_filtering"
103     *       >http://en.wikipedia.org/wiki/Bogon_filtering</a>
104     * <li><a target="_parent"
105     *        href="http://www.cymru.com/Bogons/ipv6.txt"
106     *       >http://www.cymru.com/Bogons/ipv6.txt</a>
107     * <li><a target="_parent"
108     *        href="http://www.cymru.com/Bogons/v6bogon.html"
109     *       >http://www.cymru.com/Bogons/v6bogon.html</a>
110     * <li><a target="_parent"
111     *        href="http://www.space.net/~gert/RIPE/ipv6-filters.html"
112     *       >http://www.space.net/~gert/RIPE/ipv6-filters.html</a>
113     * </ul>
114     *
115     * @author Erik Kline
116     * @since 5.0
117     */
118    @Beta
119    public final class InetAddresses {
120      private static final int IPV4_PART_COUNT = 4;
121      private static final int IPV6_PART_COUNT = 8;
122      private static final Inet4Address LOOPBACK4 =
123          (Inet4Address) forString("127.0.0.1");
124      private static final Inet4Address ANY4 =
125          (Inet4Address) forString("0.0.0.0");
126    
127      private InetAddresses() {}
128    
129      /**
130       * Returns an {@link Inet4Address}, given a byte array representation
131       * of the IPv4 address.
132       *
133       * @param bytes byte array representing an IPv4 address (should be
134       *              of length 4).
135       * @return {@link Inet4Address} corresponding to the supplied byte
136       *         array.
137       * @throws IllegalArgumentException if a valid {@link Inet4Address}
138       *         can not be created.
139       */
140      private static Inet4Address getInet4Address(byte[] bytes) {
141        Preconditions.checkArgument(bytes.length == 4,
142            "Byte array has invalid length for an IPv4 address: %s != 4.",
143            bytes.length);
144    
145        try {
146          InetAddress ipv4 = InetAddress.getByAddress(bytes);
147          if (!(ipv4 instanceof Inet4Address)) {
148            throw new UnknownHostException(
149                String.format("'%s' is not an IPv4 address.",
150                              ipv4.getHostAddress()));
151          }
152    
153          return (Inet4Address) ipv4;
154        } catch (UnknownHostException e) {
155    
156          /*
157           * This really shouldn't happen in practice since all our byte
158           * sequences should be valid IP addresses.
159           *
160           * However {@link InetAddress#getByAddress} is documented as
161           * potentially throwing this "if IP address is of illegal length".
162           *
163           * This is mapped to IllegalArgumentException since, presumably,
164           * the argument triggered some bizarre processing bug.
165           */
166          throw new IllegalArgumentException(
167              String.format("Host address '%s' is not a valid IPv4 address.",
168                            Arrays.toString(bytes)),
169              e);
170        }
171      }
172    
173      /**
174       * Returns the {@link InetAddress} having the given string
175       * representation.
176       *
177       * <p>This deliberately avoids all nameservice lookups (e.g. no DNS).
178       *
179       * @param ipString {@code String} containing an IPv4 or IPv6 string literal,
180       *                 e.g. {@code "192.168.0.1"} or {@code "2001:db8::1"}
181       * @return {@link InetAddress} representing the argument
182       * @throws IllegalArgumentException if the argument is not a valid
183       *         IP string literal
184       */
185      public static InetAddress forString(String ipString) {
186        byte[] addr = ipStringToBytes(ipString);
187    
188        // The argument was malformed, i.e. not an IP string literal.
189        if (addr == null) {
190          throw new IllegalArgumentException(
191              String.format("'%s' is not an IP string literal.", ipString));
192        }
193    
194        try {
195          return InetAddress.getByAddress(addr);
196        } catch (UnknownHostException e) {
197    
198          /*
199           * This really shouldn't happen in practice since all our byte
200           * sequences should be valid IP addresses.
201           *
202           * However {@link InetAddress#getByAddress} is documented as
203           * potentially throwing this "if IP address is of illegal length".
204           *
205           * This is mapped to IllegalArgumentException since, presumably,
206           * the argument triggered some processing bug in either
207           * {@link IPAddressUtil#textToNumericFormatV4} or
208           * {@link IPAddressUtil#textToNumericFormatV6}.
209           */
210          throw new IllegalArgumentException(
211              String.format("'%s' is extremely broken.", ipString), e);
212        }
213      }
214    
215      /**
216       * Returns {@code true} if the supplied string is a valid IP string
217       * literal, {@code false} otherwise.
218       *
219       * @param ipString {@code String} to evaluated as an IP string literal
220       * @return {@code true} if the argument is a valid IP string literal
221       */
222      public static boolean isInetAddress(String ipString) {
223        return ipStringToBytes(ipString) != null;
224      }
225    
226      private static byte[] ipStringToBytes(String ipString) {
227        // Make a first pass to categorize the characters in this string.
228        boolean hasColon = false;
229        boolean hasDot = false;
230        for (int i = 0; i < ipString.length(); i++) {
231          char c = ipString.charAt(i);
232          if (c == '.') {
233            hasDot = true;
234          } else if (c == ':') {
235            if (hasDot) {
236              return null;  // Colons must not appear after dots.
237            }
238            hasColon = true;
239          } else if (Character.digit(c, 16) == -1) {
240            return null;  // Everything else must be a decimal or hex digit.
241          }
242        }
243    
244        // Now decide which address family to parse.
245        if (hasColon) {
246          if (hasDot) {
247            ipString = convertDottedQuadToHex(ipString);
248            if (ipString == null) {
249              return null;
250            }
251          }
252          return textToNumericFormatV6(ipString);
253        } else if (hasDot) {
254          return textToNumericFormatV4(ipString);
255        }
256        return null;
257      }
258    
259      private static byte[] textToNumericFormatV4(String ipString) {
260        String[] address = ipString.split("\\.", IPV4_PART_COUNT + 1);
261        if (address.length != IPV4_PART_COUNT) {
262          return null;
263        }
264    
265        byte[] bytes = new byte[IPV4_PART_COUNT];
266        try {
267          for (int i = 0; i < bytes.length; i++) {
268            bytes[i] = parseOctet(address[i]);
269          }
270        } catch (NumberFormatException ex) {
271          return null;
272        }
273    
274        return bytes;
275      }
276    
277      private static byte[] textToNumericFormatV6(String ipString) {
278        // An address can have [2..8] colons, and N colons make N+1 parts.
279        String[] parts = ipString.split(":", IPV6_PART_COUNT + 2);
280        if (parts.length < 3 || parts.length > IPV6_PART_COUNT + 1) {
281          return null;
282        }
283    
284        // Disregarding the endpoints, find "::" with nothing in between.
285        // This indicates that a run of zeroes has been skipped.
286        int skipIndex = -1;
287        for (int i = 1; i < parts.length - 1; i++) {
288          if (parts[i].length() == 0) {
289            if (skipIndex >= 0) {
290              return null;  // Can't have more than one ::
291            }
292            skipIndex = i;
293          }
294        }
295    
296        int partsHi;  // Number of parts to copy from above/before the "::"
297        int partsLo;  // Number of parts to copy from below/after the "::"
298        if (skipIndex >= 0) {
299          // If we found a "::", then check if it also covers the endpoints.
300          partsHi = skipIndex;
301          partsLo = parts.length - skipIndex - 1;
302          if (parts[0].length() == 0 && --partsHi != 0) {
303            return null;  // ^: requires ^::
304          }
305          if (parts[parts.length - 1].length() == 0 && --partsLo != 0) {
306            return null;  // :$ requires ::$
307          }
308        } else {
309          // Otherwise, allocate the entire address to partsHi.  The endpoints
310          // could still be empty, but parseHextet() will check for that.
311          partsHi = parts.length;
312          partsLo = 0;
313        }
314    
315        // If we found a ::, then we must have skipped at least one part.
316        // Otherwise, we must have exactly the right number of parts.
317        int partsSkipped = IPV6_PART_COUNT - (partsHi + partsLo);
318        if (!(skipIndex >= 0 ? partsSkipped >= 1 : partsSkipped == 0)) {
319          return null;
320        }
321    
322        // Now parse the hextets into a byte array.
323        ByteBuffer rawBytes = ByteBuffer.allocate(2 * IPV6_PART_COUNT);
324        try {
325          for (int i = 0; i < partsHi; i++) {
326            rawBytes.putShort(parseHextet(parts[i]));
327          }
328          for (int i = 0; i < partsSkipped; i++) {
329            rawBytes.putShort((short) 0);
330          }
331          for (int i = partsLo; i > 0; i--) {
332            rawBytes.putShort(parseHextet(parts[parts.length - i]));
333          }
334        } catch (NumberFormatException ex) {
335          return null;
336        }
337        return rawBytes.array();
338      }
339    
340      private static String convertDottedQuadToHex(String ipString) {
341        int lastColon = ipString.lastIndexOf(':');
342        String initialPart = ipString.substring(0, lastColon + 1);
343        String dottedQuad = ipString.substring(lastColon + 1);
344        byte[] quad = textToNumericFormatV4(dottedQuad);
345        if (quad == null) {
346          return null;
347        }
348        String penultimate = Integer.toHexString(((quad[0] & 0xff) << 8) | (quad[1] & 0xff));
349        String ultimate = Integer.toHexString(((quad[2] & 0xff) << 8) | (quad[3] & 0xff));
350        return initialPart + penultimate + ":" + ultimate;
351      }
352    
353      private static byte parseOctet(String ipPart) {
354        // Note: we already verified that this string contains only hex digits.
355        int octet = Integer.parseInt(ipPart);
356        // Disallow leading zeroes, because no clear standard exists on
357        // whether these should be interpreted as decimal or octal.
358        if (octet > 255 || (ipPart.startsWith("0") && ipPart.length() > 1)) {
359          throw new NumberFormatException();
360        }
361        return (byte) octet;
362      }
363    
364      private static short parseHextet(String ipPart) {
365        // Note: we already verified that this string contains only hex digits.
366        int hextet = Integer.parseInt(ipPart, 16);
367        if (hextet > 0xffff) {
368          throw new NumberFormatException();
369        }
370        return (short) hextet;
371      }
372    
373      /**
374       * Returns the string representation of an {@link InetAddress}.
375       *
376       * <p>For IPv4 addresses, this is identical to
377       * {@link InetAddress#getHostAddress()}, but for IPv6 addresses, the output
378       * follows <a href="http://tools.ietf.org/html/rfc5952">RFC 5952</a>
379       * section 4.  The main difference is that this method uses "::" for zero
380       * compression, while Java's version uses the uncompressed form.
381       *
382       * <p>This method uses hexadecimal for all IPv6 addresses, including
383       * IPv4-mapped IPv6 addresses such as "::c000:201".  The output does not
384       * include a Scope ID.
385       *
386       * @param ip {@link InetAddress} to be converted to an address string
387       * @return {@code String} containing the text-formatted IP address
388       * @since 10.0
389       */
390      public static String toAddrString(InetAddress ip) {
391        Preconditions.checkNotNull(ip);
392        if (ip instanceof Inet4Address) {
393          // For IPv4, Java's formatting is good enough.
394          return ip.getHostAddress();
395        }
396        Preconditions.checkArgument(ip instanceof Inet6Address);
397        byte[] bytes = ip.getAddress();
398        int[] hextets = new int[IPV6_PART_COUNT];
399        for (int i = 0; i < hextets.length; i++) {
400          hextets[i] = Ints.fromBytes(
401              (byte) 0, (byte) 0, bytes[2 * i], bytes[2 * i + 1]);
402        }
403        compressLongestRunOfZeroes(hextets);
404        return hextetsToIPv6String(hextets);
405      }
406    
407      /**
408       * Identify and mark the longest run of zeroes in an IPv6 address.
409       *
410       * <p>Only runs of two or more hextets are considered.  In case of a tie, the
411       * leftmost run wins.  If a qualifying run is found, its hextets are replaced
412       * by the sentinel value -1.
413       *
414       * @param hextets {@code int[]} mutable array of eight 16-bit hextets.
415       */
416      private static void compressLongestRunOfZeroes(int[] hextets) {
417        int bestRunStart = -1;
418        int bestRunLength = -1;
419        int runStart = -1;
420        for (int i = 0; i < hextets.length + 1; i++) {
421          if (i < hextets.length && hextets[i] == 0) {
422            if (runStart < 0) {
423              runStart = i;
424            }
425          } else if (runStart >= 0) {
426            int runLength = i - runStart;
427            if (runLength > bestRunLength) {
428              bestRunStart = runStart;
429              bestRunLength = runLength;
430            }
431            runStart = -1;
432          }
433        }
434        if (bestRunLength >= 2) {
435          Arrays.fill(hextets, bestRunStart, bestRunStart + bestRunLength, -1);
436        }
437      }
438    
439      /** 
440       * Convert a list of hextets into a human-readable IPv6 address.
441       *
442       * <p>In order for "::" compression to work, the input should contain negative
443       * sentinel values in place of the elided zeroes.
444       *
445       * @param hextets {@code int[]} array of eight 16-bit hextets, or -1s.
446       */
447      private static String hextetsToIPv6String(int[] hextets) {
448        /*
449         * While scanning the array, handle these state transitions:
450         *   start->num => "num"     start->gap => "::"
451         *   num->num   => ":num"    num->gap   => "::"
452         *   gap->num   => "num"     gap->gap   => ""
453         */
454        StringBuilder buf = new StringBuilder(39);
455        boolean lastWasNumber = false;
456        for (int i = 0; i < hextets.length; i++) {
457          boolean thisIsNumber = hextets[i] >= 0;
458          if (thisIsNumber) {
459            if (lastWasNumber) {
460              buf.append(':');
461            }
462            buf.append(Integer.toHexString(hextets[i]));
463          } else {
464            if (i == 0 || lastWasNumber) {
465              buf.append("::");
466            }
467          }
468          lastWasNumber = thisIsNumber;
469        }
470        return buf.toString();
471      }
472    
473      /**
474       * Returns the string representation of an {@link InetAddress} suitable
475       * for inclusion in a URI.
476       *
477       * <p>For IPv4 addresses, this is identical to
478       * {@link InetAddress#getHostAddress()}, but for IPv6 addresses it
479       * compresses zeroes and surrounds the text with square brackets; for example
480       * {@code "[2001:db8::1]"}.
481       *
482       * <p>Per section 3.2.2 of
483       * <a target="_parent"
484       *    href="http://tools.ietf.org/html/rfc3986#section-3.2.2"
485       *  >http://tools.ietf.org/html/rfc3986</a>,
486       * a URI containing an IPv6 string literal is of the form
487       * {@code "http://[2001:db8::1]:8888/index.html"}.
488       *
489       * <p>Use of either {@link InetAddresses#toAddrString},
490       * {@link InetAddress#getHostAddress()}, or this method is recommended over
491       * {@link InetAddress#toString()} when an IP address string literal is
492       * desired.  This is because {@link InetAddress#toString()} prints the
493       * hostname and the IP address string joined by a "/".
494       *
495       * @param ip {@link InetAddress} to be converted to URI string literal
496       * @return {@code String} containing URI-safe string literal
497       */
498      public static String toUriString(InetAddress ip) {
499        if (ip instanceof Inet6Address) {
500          return "[" + toAddrString(ip) + "]";
501        }
502        return toAddrString(ip);
503      }
504    
505      /**
506       * Returns an InetAddress representing the literal IPv4 or IPv6 host
507       * portion of a URL, encoded in the format specified by RFC 3986 section 3.2.2.
508       *
509       * <p>This function is similar to {@link InetAddresses#forString(String)},
510       * however, it requires that IPv6 addresses are surrounded by square brackets.
511       *
512       * <p>This function is the inverse of
513       * {@link InetAddresses#toUriString(java.net.InetAddress)}.
514       *
515       * @param hostAddr A RFC 3986 section 3.2.2 encoded IPv4 or IPv6 address
516       * @return an InetAddress representing the address in {@code hostAddr}
517       * @throws IllegalArgumentException if {@code hostAddr} is not a valid
518       *     IPv4 address, or IPv6 address surrounded by square brackets
519       */
520      public static InetAddress forUriString(String hostAddr) {
521        Preconditions.checkNotNull(hostAddr);
522        Preconditions.checkArgument(hostAddr.length() > 0, "host string is empty");
523        InetAddress retval = null;
524    
525        // IPv4 address?
526        try {
527          retval = forString(hostAddr);
528          if (retval instanceof Inet4Address) {
529            return retval;
530          }
531        } catch (IllegalArgumentException e) {
532          // Not a valid IP address, fall through.
533        }
534    
535        // IPv6 address
536        if (!(hostAddr.startsWith("[") && hostAddr.endsWith("]"))) {
537          throw new IllegalArgumentException("Not a valid address: \"" + hostAddr + '"');
538        }
539    
540        retval = forString(hostAddr.substring(1, hostAddr.length() - 1));
541        if (retval instanceof Inet6Address) {
542          return retval;
543        }
544    
545        throw new IllegalArgumentException("Not a valid address: \"" + hostAddr + '"');
546      }
547    
548      /**
549       * Returns {@code true} if the supplied string is a valid URI IP string
550       * literal, {@code false} otherwise.
551       *
552       * @param ipString {@code String} to evaluated as an IP URI host string literal
553       * @return {@code true} if the argument is a valid IP URI host
554       */
555      public static boolean isUriInetAddress(String ipString) {
556        try {
557          forUriString(ipString);
558          return true;
559        } catch (IllegalArgumentException e) {
560          return false;
561        }
562      }
563    
564      /**
565       * Evaluates whether the argument is an IPv6 "compat" address.
566       *
567       * <p>An "IPv4 compatible", or "compat", address is one with 96 leading
568       * bits of zero, with the remaining 32 bits interpreted as an
569       * IPv4 address.  These are conventionally represented in string
570       * literals as {@code "::192.168.0.1"}, though {@code "::c0a8:1"} is
571       * also considered an IPv4 compatible address (and equivalent to
572       * {@code "::192.168.0.1"}).
573       *
574       * <p>For more on IPv4 compatible addresses see section 2.5.5.1 of
575       * <a target="_parent"
576       *    href="http://tools.ietf.org/html/rfc4291#section-2.5.5.1"
577       *    >http://tools.ietf.org/html/rfc4291</a>
578       *
579       * <p>NOTE: This method is different from
580       * {@link Inet6Address#isIPv4CompatibleAddress} in that it more
581       * correctly classifies {@code "::"} and {@code "::1"} as
582       * proper IPv6 addresses (which they are), NOT IPv4 compatible
583       * addresses (which they are generally NOT considered to be).
584       *
585       * @param ip {@link Inet6Address} to be examined for embedded IPv4
586       *           compatible address format
587       * @return {@code true} if the argument is a valid "compat" address
588       */
589      public static boolean isCompatIPv4Address(Inet6Address ip) {
590        if (!ip.isIPv4CompatibleAddress()) {
591          return false;
592        }
593    
594        byte[] bytes = ip.getAddress();
595        if ((bytes[12] == 0) && (bytes[13] == 0) && (bytes[14] == 0)
596                && ((bytes[15] == 0) || (bytes[15] == 1))) {
597          return false;
598        }
599    
600        return true;
601      }
602    
603      /**
604       * Returns the IPv4 address embedded in an IPv4 compatible address.
605       *
606       * @param ip {@link Inet6Address} to be examined for an embedded
607       *           IPv4 address
608       * @return {@link Inet4Address} of the embedded IPv4 address
609       * @throws IllegalArgumentException if the argument is not a valid
610       *         IPv4 compatible address
611       */
612      public static Inet4Address getCompatIPv4Address(Inet6Address ip) {
613        Preconditions.checkArgument(isCompatIPv4Address(ip),
614            "Address '%s' is not IPv4-compatible.", toAddrString(ip));
615    
616        return getInet4Address(copyOfRange(ip.getAddress(), 12, 16));
617      }
618    
619      /**
620       * Evaluates whether the argument is a 6to4 address.
621       *
622       * <p>6to4 addresses begin with the {@code "2002::/16"} prefix.
623       * The next 32 bits are the IPv4 address of the host to which
624       * IPv6-in-IPv4 tunneled packets should be routed.
625       *
626       * <p>For more on 6to4 addresses see section 2 of
627       * <a target="_parent" href="http://tools.ietf.org/html/rfc3056#section-2"
628       *    >http://tools.ietf.org/html/rfc3056</a>
629       *
630       * @param ip {@link Inet6Address} to be examined for 6to4 address
631       *        format
632       * @return {@code true} if the argument is a 6to4 address
633       */
634      public static boolean is6to4Address(Inet6Address ip) {
635        byte[] bytes = ip.getAddress();
636        return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x02);
637      }
638    
639      /**
640       * Returns the IPv4 address embedded in a 6to4 address.
641       *
642       * @param ip {@link Inet6Address} to be examined for embedded IPv4
643       *           in 6to4 address.
644       * @return {@link Inet4Address} of embedded IPv4 in 6to4 address.
645       * @throws IllegalArgumentException if the argument is not a valid
646       *         IPv6 6to4 address.
647       */
648      public static Inet4Address get6to4IPv4Address(Inet6Address ip) {
649        Preconditions.checkArgument(is6to4Address(ip),
650            "Address '%s' is not a 6to4 address.", toAddrString(ip));
651    
652        return getInet4Address(copyOfRange(ip.getAddress(), 2, 6));
653      }
654    
655      /**
656       * A simple data class to encapsulate the information to be found in a
657       * Teredo address.
658       *
659       * <p>All of the fields in this class are encoded in various portions
660       * of the IPv6 address as part of the protocol.  More protocols details
661       * can be found at:
662       * <a target="_parent" href="http://en.wikipedia.org/wiki/Teredo_tunneling"
663       *    >http://en.wikipedia.org/wiki/Teredo_tunneling</a>.
664       *
665       * <p>The RFC can be found here:
666       * <a target="_parent" href="http://tools.ietf.org/html/rfc4380"
667       *    >http://tools.ietf.org/html/rfc4380</a>.
668       *
669       * @since 5.0
670       */
671      @Beta
672      public static final class TeredoInfo {
673        private final Inet4Address server;
674        private final Inet4Address client;
675        private final int port;
676        private final int flags;
677    
678        /**
679         * Constructs a TeredoInfo instance.
680         *
681         * <p>Both server and client can be {@code null}, in which case the
682         * value {@code "0.0.0.0"} will be assumed.
683         *
684         * @throws IllegalArgumentException if either of the {@code port}
685         *         or the {@code flags} arguments are out of range of an
686         *         unsigned short
687         */
688        // TODO: why is this public?
689        public TeredoInfo(@Nullable Inet4Address server,
690                          @Nullable Inet4Address client,
691                          int port, int flags) {
692          Preconditions.checkArgument((port >= 0) && (port <= 0xffff),
693              "port '%s' is out of range (0 <= port <= 0xffff)", port);
694          Preconditions.checkArgument((flags >= 0) && (flags <= 0xffff),
695              "flags '%s' is out of range (0 <= flags <= 0xffff)", flags);
696    
697          if (server != null) {
698            this.server = server;
699          } else {
700            this.server = ANY4;
701          }
702    
703          if (client != null) {
704            this.client = client;
705          } else {
706            this.client = ANY4;
707          }
708    
709          this.port = port;
710          this.flags = flags;
711        }
712    
713        public Inet4Address getServer() {
714          return server;
715        }
716    
717        public Inet4Address getClient() {
718          return client;
719        }
720    
721        public int getPort() {
722          return port;
723        }
724    
725        public int getFlags() {
726          return flags;
727        }
728      }
729    
730      /**
731       * Evaluates whether the argument is a Teredo address.
732       *
733       * <p>Teredo addresses begin with the {@code "2001::/32"} prefix.
734       *
735       * @param ip {@link Inet6Address} to be examined for Teredo address
736       *        format.
737       * @return {@code true} if the argument is a Teredo address
738       */
739      public static boolean isTeredoAddress(Inet6Address ip) {
740        byte[] bytes = ip.getAddress();
741        return (bytes[0] == (byte) 0x20) && (bytes[1] == (byte) 0x01)
742               && (bytes[2] == 0) && (bytes[3] == 0);
743      }
744    
745      /**
746       * Returns the Teredo information embedded in a Teredo address.
747       *
748       * @param ip {@link Inet6Address} to be examined for embedded Teredo
749       *           information
750       * @return extracted {@code TeredoInfo}
751       * @throws IllegalArgumentException if the argument is not a valid
752       *         IPv6 Teredo address
753       */
754      public static TeredoInfo getTeredoInfo(Inet6Address ip) {
755        Preconditions.checkArgument(isTeredoAddress(ip),
756            "Address '%s' is not a Teredo address.", toAddrString(ip));
757    
758        byte[] bytes = ip.getAddress();
759        Inet4Address server = getInet4Address(copyOfRange(bytes, 4, 8));
760    
761        int flags = ByteStreams.newDataInput(bytes, 8).readShort() & 0xffff;
762    
763        // Teredo obfuscates the mapped client port, per section 4 of the RFC.
764        int port = ~ByteStreams.newDataInput(bytes, 10).readShort() & 0xffff;
765    
766        byte[] clientBytes = copyOfRange(bytes, 12, 16);
767        for (int i = 0; i < clientBytes.length; i++) {
768          // Teredo obfuscates the mapped client IP, per section 4 of the RFC.
769          clientBytes[i] = (byte) ~clientBytes[i];
770        }
771        Inet4Address client = getInet4Address(clientBytes);
772    
773        return new TeredoInfo(server, client, port, flags);
774      }
775    
776      /**
777       * Evaluates whether the argument is an ISATAP address.
778       *
779       * <p>From RFC 5214: "ISATAP interface identifiers are constructed in
780       * Modified EUI-64 format [...] by concatenating the 24-bit IANA OUI
781       * (00-00-5E), the 8-bit hexadecimal value 0xFE, and a 32-bit IPv4
782       * address in network byte order [...]"
783       *
784       * <p>For more on ISATAP addresses see section 6.1 of
785       * <a target="_parent" href="http://tools.ietf.org/html/rfc5214#section-6.1"
786       *    >http://tools.ietf.org/html/rfc5214</a>
787       *
788       * @param ip {@link Inet6Address} to be examined for ISATAP address
789       *        format.
790       * @return {@code true} if the argument is an ISATAP address
791       */
792      public static boolean isIsatapAddress(Inet6Address ip) {
793    
794        // If it's a Teredo address with the right port (41217, or 0xa101)
795        // which would be encoded as 0x5efe then it can't be an ISATAP address.
796        if (isTeredoAddress(ip)) {
797          return false;
798        }
799    
800        byte[] bytes = ip.getAddress();
801    
802        if ((bytes[8] | (byte) 0x03) != (byte) 0x03) {
803    
804          // Verify that high byte of the 64 bit identifier is zero, modulo
805          // the U/L and G bits, with which we are not concerned.
806          return false;
807        }
808    
809        return (bytes[9] == (byte) 0x00) && (bytes[10] == (byte) 0x5e)
810               && (bytes[11] == (byte) 0xfe);
811      }
812    
813      /**
814       * Returns the IPv4 address embedded in an ISATAP address.
815       *
816       * @param ip {@link Inet6Address} to be examined for embedded IPv4
817       *           in ISATAP address
818       * @return {@link Inet4Address} of embedded IPv4 in an ISATAP address
819       * @throws IllegalArgumentException if the argument is not a valid
820       *         IPv6 ISATAP address
821       */
822      public static Inet4Address getIsatapIPv4Address(Inet6Address ip) {
823        Preconditions.checkArgument(isIsatapAddress(ip),
824            "Address '%s' is not an ISATAP address.", toAddrString(ip));
825    
826        return getInet4Address(copyOfRange(ip.getAddress(), 12, 16));
827      }
828    
829      /**
830       * Examines the Inet6Address to determine if it is an IPv6 address of one
831       * of the specified address types that contain an embedded IPv4 address.
832       *
833       * <p>NOTE: ISATAP addresses are explicitly excluded from this method
834       * due to their trivial spoofability.  With other transition addresses
835       * spoofing involves (at least) infection of one's BGP routing table.
836       *
837       * @param ip {@link Inet6Address} to be examined for embedded IPv4
838       *           client address.
839       * @return {@code true} if there is an embedded IPv4 client address.
840       * @since 7.0
841       */
842      public static boolean hasEmbeddedIPv4ClientAddress(Inet6Address ip) {
843        return isCompatIPv4Address(ip) || is6to4Address(ip) ||
844               isTeredoAddress(ip);
845      }
846    
847      /**
848       * Examines the Inet6Address to extract the embedded IPv4 client address
849       * if the InetAddress is an IPv6 address of one of the specified address
850       * types that contain an embedded IPv4 address.
851       *
852       * <p>NOTE: ISATAP addresses are explicitly excluded from this method
853       * due to their trivial spoofability.  With other transition addresses
854       * spoofing involves (at least) infection of one's BGP routing table.
855       *
856       * @param ip {@link Inet6Address} to be examined for embedded IPv4
857       *           client address.
858       * @return {@link Inet4Address} of embedded IPv4 client address.
859       * @throws IllegalArgumentException if the argument does not have a valid
860       *         embedded IPv4 address.
861       */
862      public static Inet4Address getEmbeddedIPv4ClientAddress(Inet6Address ip) {
863        if (isCompatIPv4Address(ip)) {
864          return getCompatIPv4Address(ip);
865        }
866    
867        if (is6to4Address(ip)) {
868          return get6to4IPv4Address(ip);
869        }
870    
871        if (isTeredoAddress(ip)) {
872          return getTeredoInfo(ip).getClient();
873        }
874    
875        throw new IllegalArgumentException(
876            String.format("'%s' has no embedded IPv4 address.",
877                          toAddrString(ip)));
878      }
879    
880      /**
881       * Evaluates whether the argument is an "IPv4 mapped" IPv6 address.
882       *
883       * <p>An "IPv4 mapped" address is anything in the range ::ffff:0:0/96
884       * (sometimes written as ::ffff:0.0.0.0/96), with the last 32 bits
885       * interpreted as an IPv4 address.
886       *
887       * <p>For more on IPv4 mapped addresses see section 2.5.5.2 of
888       * <a target="_parent"
889       *    href="http://tools.ietf.org/html/rfc4291#section-2.5.5.2"
890       *    >http://tools.ietf.org/html/rfc4291</a>
891       *
892       * <p>Note: This method takes a {@code String} argument because
893       * {@link InetAddress} automatically collapses mapped addresses to IPv4.
894       * (It is actually possible to avoid this using one of the obscure
895       * {@link Inet6Address} methods, but it would be unwise to depend on such
896       * a poorly-documented feature.)
897       *
898       * @param ipString {@code String} to be examined for embedded IPv4-mapped
899       *     IPv6 address format
900       * @return {@code true} if the argument is a valid "mapped" address
901       * @since 10.0
902       */
903      public static boolean isMappedIPv4Address(String ipString) {
904        byte[] bytes = ipStringToBytes(ipString);
905        if (bytes != null && bytes.length == 16) {
906          for (int i = 0; i < 10; i++) {
907            if (bytes[i] != 0) {
908              return false;
909            }
910          }
911          for (int i = 10; i < 12; i++) {
912            if (bytes[i] != (byte) 0xff) {
913              return false;
914            }
915          }
916          return true;
917        }
918        return false;
919      }
920    
921      /**
922       * Coerces an IPv6 address into an IPv4 address.
923       *
924       * <p>HACK: As long as applications continue to use IPv4 addresses for
925       * indexing into tables, accounting, et cetera, it may be necessary to
926       * <b>coerce</b> IPv6 addresses into IPv4 addresses. This function does
927       * so by hashing the upper 64 bits into {@code 224.0.0.0/3}
928       * (64 bits into 29 bits).
929       *
930       * <p>A "coerced" IPv4 address is equivalent to itself.
931       *
932       * <p>NOTE: This function is failsafe for security purposes: ALL IPv6
933       * addresses (except localhost (::1)) are hashed to avoid the security
934       * risk associated with extracting an embedded IPv4 address that might
935       * permit elevated privileges.
936       *
937       * @param ip {@link InetAddress} to "coerce"
938       * @return {@link Inet4Address} represented "coerced" address
939       * @since 7.0
940       */
941      public static Inet4Address getCoercedIPv4Address(InetAddress ip) {
942        if (ip instanceof Inet4Address) {
943          return (Inet4Address) ip;
944        }
945    
946        // Special cases:
947        byte[] bytes = ip.getAddress();
948        boolean leadingBytesOfZero = true;
949        for (int i = 0; i < 15; ++i) {
950          if (bytes[i] != 0) {
951            leadingBytesOfZero = false;
952            break;
953          }
954        }
955        if (leadingBytesOfZero && (bytes[15] == 1)) {
956          return LOOPBACK4;  // ::1
957        } else if (leadingBytesOfZero && (bytes[15] == 0)) {
958          return ANY4;  // ::0
959        }
960    
961        Inet6Address ip6 = (Inet6Address) ip;
962        long addressAsLong = 0;
963        if (hasEmbeddedIPv4ClientAddress(ip6)) {
964          addressAsLong = getEmbeddedIPv4ClientAddress(ip6).hashCode();
965        } else {
966    
967          // Just extract the high 64 bits (assuming the rest is user-modifiable).
968          addressAsLong = ByteBuffer.wrap(ip6.getAddress(), 0, 8).getLong();
969        }
970    
971        // Many strategies for hashing are possible.  This might suffice for now.
972        int coercedHash = hash64To32(addressAsLong);
973    
974        // Squash into 224/4 Multicast and 240/4 Reserved space (i.e. 224/3).
975        coercedHash |= 0xe0000000;
976    
977        // Fixup to avoid some "illegal" values.  Currently the only potential
978        // illegal value is 255.255.255.255.
979        if (coercedHash == 0xffffffff) {
980          coercedHash = 0xfffffffe;
981        }
982    
983        return getInet4Address(Ints.toByteArray(coercedHash));
984      }
985    
986      /**
987       * Returns an {@code int} hash of a 64-bit long.
988       *
989       * This comes from http://www.concentric.net/~ttwang/tech/inthash.htm
990       *
991       * This hash gives no guarantees on the cryptographic suitability nor the
992       * quality of randomness produced, and the mapping may change in the future.
993       *
994       * @param key A 64-bit number to hash
995       * @return {@code int} the input hashed into 32 bits
996       */
997      @VisibleForTesting static int hash64To32(long key) {
998        key = (~key) + (key << 18);
999        key = key ^ (key >>> 31);
1000        key = key * 21;
1001        key = key ^ (key >>> 11);
1002        key = key + (key << 6);
1003        key = key ^ (key >>> 22);
1004        return (int) key;
1005      }
1006    
1007      /**
1008       * Returns an integer representing an IPv4 address regardless of
1009       * whether the supplied argument is an IPv4 address or not.
1010       *
1011       * <p>IPv6 addresses are <b>coerced</b> to IPv4 addresses before being
1012       * converted to integers.
1013       *
1014       * <p>As long as there are applications that assume that all IP addresses
1015       * are IPv4 addresses and can therefore be converted safely to integers
1016       * (for whatever purpose) this function can be used to handle IPv6
1017       * addresses as well until the application is suitably fixed.
1018       *
1019       * <p>NOTE: an IPv6 address coerced to an IPv4 address can only be used
1020       * for such purposes as rudimentary identification or indexing into a
1021       * collection of real {@link InetAddress}es.  They cannot be used as
1022       * real addresses for the purposes of network communication.
1023       *
1024       * @param ip {@link InetAddress} to convert
1025       * @return {@code int}, "coerced" if ip is not an IPv4 address
1026       * @since 7.0
1027       */
1028      public static int coerceToInteger(InetAddress ip) {
1029        return ByteStreams.newDataInput(getCoercedIPv4Address(ip).getAddress()).readInt();
1030      }
1031    
1032      /**
1033       * Returns an Inet4Address having the integer value specified by
1034       * the argument.
1035       *
1036       * @param address {@code int}, the 32bit integer address to be converted
1037       * @return {@link Inet4Address} equivalent of the argument
1038       */
1039      public static Inet4Address fromInteger(int address) {
1040        return getInet4Address(Ints.toByteArray(address));
1041      }
1042    
1043      /**
1044       * Returns an address from a <b>little-endian ordered</b> byte array
1045       * (the opposite of what {@link InetAddress#getByAddress} expects).
1046       *
1047       * <p>IPv4 address byte array must be 4 bytes long and IPv6 byte array
1048       * must be 16 bytes long.
1049       *
1050       * @param addr the raw IP address in little-endian byte order
1051       * @return an InetAddress object created from the raw IP address
1052       * @throws UnknownHostException if IP address is of illegal length
1053       */
1054      public static InetAddress fromLittleEndianByteArray(byte[] addr)
1055          throws UnknownHostException {
1056        byte[] reversed = new byte[addr.length];
1057        for (int i = 0; i < addr.length; i++) {
1058          reversed[i] = addr[addr.length - i - 1];
1059        }
1060        return InetAddress.getByAddress(reversed);
1061      }
1062    
1063      /**
1064       * Returns a new InetAddress that is one more than the passed in address.
1065       * This method works for both IPv4 and IPv6 addresses.
1066       *
1067       * @param address the InetAddress to increment
1068       * @return a new InetAddress that is one more than the passed in address.
1069       * @throws IllegalArgumentException if InetAddress is at the end of its
1070       *         range.
1071       * @since 10.0
1072       */
1073      public static InetAddress increment(InetAddress address) {
1074        byte[] addr = address.getAddress();
1075        int i = addr.length - 1;
1076        while (i >= 0 && addr[i] == (byte) 0xff) {
1077          addr[i] = 0;
1078          i--;
1079        }
1080    
1081        Preconditions.checkArgument(
1082            i >= 0, "Incrementing " + address + " would wrap.");
1083    
1084        addr[i]++;
1085        try {
1086          return InetAddress.getByAddress(addr);
1087        } catch (UnknownHostException e) {
1088          throw new AssertionError(e);
1089        }
1090      }
1091    
1092      /**
1093       * Returns true if the InetAddress is either 255.255.255.255 for IPv4 or
1094       * ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
1095       *
1096       * @return true if the InetAddress is either 255.255.255.255 for IPv4 or
1097       *          ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff for IPv6.
1098       * @since 10.0
1099       */
1100      public static boolean isMaximum(InetAddress address) {
1101        byte[] addr = address.getAddress();
1102        for (int i = 0; i < addr.length; i++) {
1103          if (addr[i] != (byte) 0xff) {
1104            return false;
1105          }
1106        }
1107        return true;
1108      }
1109    
1110      /**
1111       * This method emulates the Java 6 method
1112       * {@code Arrays.copyOfRange(byte, int, int)}, which is not available in
1113       * Java 5, and thus cannot be used in Guava code.
1114       */
1115      private static byte[] copyOfRange(byte[] original, int from, int to) {
1116        Preconditions.checkNotNull(original);
1117    
1118        int end = Math.min(to, original.length);
1119        byte[] result = new byte[to - from];
1120    
1121        System.arraycopy(original, from, result, 0, end - from);
1122        return result;
1123      }
1124    }