From f2fd2f12269c6a781c5b2c20b3c24141055a3d68 Mon Sep 17 00:00:00 2001
From: rstoyanchev <rossen.stoyanchev@broadcom.com>
Date: Tue, 5 Mar 2024 19:16:34 +0000
Subject: [PATCH] Extract reusable checkSchemeAndPort method

Closes gh-32440
---
 .../web/util/UriComponentsBuilder.java        | 22 ++++++++++++-------
 1 file changed, 14 insertions(+), 8 deletions(-)

diff --git a/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java b/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
index afea8c3a5397..b05112c65315 100644
--- a/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
+++ b/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
@@ -77,9 +77,9 @@ public class UriComponentsBuilder implements UriBuilder, Cloneable {
 
 	private static final String HTTP_PATTERN = "(?i)(http|https):";
 
-	private static final String USERINFO_PATTERN = "([^@/?#]*)";
+	private static final String USERINFO_PATTERN = "([^/?#]*)";
 
-	private static final String HOST_IPV4_PATTERN = "[^\\[/?#:]*";
+	private static final String HOST_IPV4_PATTERN = "[^/?#:]*";
 
 	private static final String HOST_IPV6_PATTERN = "\\[[\\p{XDigit}:.]*[%\\p{Alnum}]*]";
 
@@ -252,9 +252,7 @@ public static UriComponentsBuilder fromUriString(String uri) {
 				builder.schemeSpecificPart(ssp);
 			}
 			else {
-				if (StringUtils.hasLength(scheme) && scheme.startsWith("http") && !StringUtils.hasLength(host)) {
-					throw new IllegalArgumentException("[" + uri + "] is not a valid HTTP URL");
-				}
+				checkSchemeAndHost(uri, scheme, host);
 				builder.userInfo(userInfo);
 				builder.host(host);
 				if (StringUtils.hasLength(port)) {
@@ -296,9 +294,7 @@ public static UriComponentsBuilder fromHttpUrl(String httpUrl) {
 			builder.scheme(scheme != null ? scheme.toLowerCase() : null);
 			builder.userInfo(matcher.group(4));
 			String host = matcher.group(5);
-			if (StringUtils.hasLength(scheme) && !StringUtils.hasLength(host)) {
-				throw new IllegalArgumentException("[" + httpUrl + "] is not a valid HTTP URL");
-			}
+			checkSchemeAndHost(httpUrl, scheme, host);
 			builder.host(host);
 			String port = matcher.group(7);
 			if (StringUtils.hasLength(port)) {
@@ -317,6 +313,15 @@ public static UriComponentsBuilder fromHttpUrl(String httpUrl) {
 		}
 	}
 
+	private static void checkSchemeAndHost(String uri, @Nullable String scheme, @Nullable String host) {
+		if (StringUtils.hasLength(scheme) && scheme.startsWith("http") && !StringUtils.hasLength(host)) {
+			throw new IllegalArgumentException("[" + uri + "] is not a valid HTTP URL");
+		}
+		if (StringUtils.hasLength(host) && host.startsWith("[") && !host.endsWith("]")) {
+			throw new IllegalArgumentException("Invalid IPV6 host in [" + uri + "]");
+		}
+	}
+
 	/**
 	 * Create a new {@code UriComponents} object from the URI associated with
 	 * the given HttpRequest while also overlaying with values from the headers
@@ -402,6 +407,7 @@ public static UriComponentsBuilder fromOriginHeader(String origin) {
 			if (StringUtils.hasLength(port)) {
 				builder.port(port);
 			}
+			checkSchemeAndHost(origin, scheme, host);
 			return builder;
 		}
 		else {