HTTP/2 request with IPv6 address in URL fails

[manger]

Environment Details

• Helidon Version: 4.1.4
• Helidon SE
• JDK version: openjdk version "21.0.2" 2024-01-16
• OS: macOS Sequoia 15.1.1
• Docker version (if applicable):

---

Problem Description

When an HTTP/2 request is made to a URL with an IPv6 address the receiving Helidon webserver throws.

java.lang.IllegalArgumentException: UriInfo cannot be used to create a URI: UriInfo{scheme=https,host=/[0:0:0:0:0:0:0:1]:8090,port=443,path=/simple-greet,query=,fragment=}
        at io.helidon.common.uri.UriInfoBlueprint.toUri(UriInfoBlueprint.java:106)
        at io.helidon.webserver.security.SecurityContextFilter.filter(SecurityContextFilter.java:63)
        at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
        at io.helidon.common.context.Contexts.runInContext(Contexts.java:117)
        at io.helidon.webserver.context.ContextRoutingFeature.filter(ContextRoutingFeature.java:50)
        at io.helidon.webserver.http.Filters$FilterChainImpl.proceed(Filters.java:119)
        at io.helidon.webserver.http.Filters.executeFilters(Filters.java:87)
        at io.helidon.webserver.http.Filters.lambda$filter$0(Filters.java:83)
        at io.helidon.webserver.http.ErrorHandlers.runWithErrorHandling(ErrorHandlers.java:76)
        at io.helidon.webserver.http.Filters.filter(Filters.java:83)
        at io.helidon.webserver.http.HttpRoutingImpl.route(HttpRoutingImpl.java:73)
        at io.helidon.webserver.http2.Http2ServerStream.handle(Http2ServerStream.java:531)
        at io.helidon.webserver.http2.Http2ServerStream.run(Http2ServerStream.java:290)
        at io.helidon.webserver.http2.Http2Connection$StreamRunnable.run(Http2Connection.java:902)
        at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:572)
        at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:317)
        at java.base/java.lang.VirtualThread.run(VirtualThread.java:309)
Caused by: java.net.URISyntaxException: Illegal character in hostname at index 8: https://%2F[0:0:0:0:0:0:0:1]:8090:443/simple-greet
        at java.base/java.net.URI$Parser.fail(URI.java:2995)
        at java.base/java.net.URI$Parser.parseHostname(URI.java:3547)
        at java.base/java.net.URI$Parser.parseServer(URI.java:3394)
        at java.base/java.net.URI$Parser.parseAuthority(URI.java:3304)
        at java.base/java.net.URI$Parser.parseHierarchical(URI.java:3240)
        at java.base/java.net.URI$Parser.parse(URI.java:3196)
        at java.base/java.net.URI.<init>(URI.java:807)
        at io.helidon.common.uri.UriInfoBlueprint.toUri(UriInfoBlueprint.java:104)
        ... 16 more

The problem is that Helidon thinks the host is /[0:0:0:0:0:0:0:1]:8090.
It has added an leading / that should not be there.
This throws when trying to construct a URI with this value as the authority.

Curiously, /127.0.0.1:8090 does not throw when constructing a URI.

One bug is probably in io.helidon.webserver.http2.Http2ServerRequest line 184 createUriInfo() that uses this.localPeer().address().toString(). This uses InetAddress.toString(), which returns /[0:0:0:0:0:0:0:1]:8090 in this case.

I can't see how createUriInfo() produces the right URI in any circumstance. It's just that it doesn't throw is some cases.

A second likely bug is io.helidon.http.RequestedUriDiscoveryContext line 222 hostPart(String address).
It keeps the part of address before the first colon. That works for example.com:8443 and 127.0.0.1:8443,
but not for IPv6 addresses such a [0:0:0:0:0:0:0:1]:8443.
Perhaps int colon = address.indexOf(':', address.lastIndexOf(']') + 1);.

Steps to reproduce

Run a Helidon webserver on localhost with TLS enabled and with HTTP/2 support (io.helidon.webserver:helidon-webserver-http2 as a dependency).

Call the webserver with:

curl --insecure 'https://[::1]:8443/'

See the error

UriInfo cannot be used to create a URI: UriInfo{scheme=https,host=/[0:0:0:0:0:0:0:1]:8443,port=443,path=/,query=,fragment=}

A sample unit test:

import static org.junit.jupiter.api.Assertions.*;

import io.helidon.common.uri.UriQuery;
import io.helidon.http.RequestedUriDiscoveryContext;
import io.helidon.http.ServerRequestHeaders;
import org.junit.jupiter.api.Test;

class RequestedUriDiscoveryContextTests {

  static final ServerRequestHeaders HEADERS = ServerRequestHeaders.create();

  @Test
  void slashIpv6Throws() {
    var context = RequestedUriDiscoveryContext.builder().build();
    var uriInfo =
        context.uriInfo(
            "/1.2.3.4:9999",
            "/[0:0:0:0:0:0:0:1]:8090",
            "/",
            ServerRequestHeaders.create(),
            UriQuery.empty(),
            true);
    assertThrows(IllegalArgumentException.class, () -> uriInfo.toUri());
  }

  @Test
  void slashIpv4Succeeds_strangely() {
    var context = RequestedUriDiscoveryContext.builder().build();
    var actual =
        context.uriInfo(
            "/1.2.3.4:9999",
            "/127.0.0.1:8443",
            "/",
            ServerRequestHeaders.create(),
            UriQuery.empty(),
            true);
    assertNotNull(actual.toUri());
  }
}