Remove illegal characters from EAS 2.5 attachment file names

* For some reason, EAS 2.5 sends us partially encoded file names,
  which we use to specify attachments to be loaded.
* It turns out that these file names aren't properly encoded for
  EAS's use in the GetAttachment command; some additional characters
  must be escaped using %nn.
* We now check for EAS 2.5 and escape illegal characters

Bug: 5341416
Change-Id: Ie112359e139581c8ae31e40869b2fa0e568d7f65

3 files changed, 285 insertions, 1 deletions

diff --git a/src/com/android/exchange/adapter/AttachmentLoader.java b/src/com/android/exchange/adapter/AttachmentLoader.java
index 38b77d20..1d79267f 100644
--- a/src/com/android/exchange/adapter/AttachmentLoader.java
+++ b/src/com/android/exchange/adapter/AttachmentLoader.java
@@ -31,6 +31,8 @@ import com.android.exchange.EasResponse;
 import com.android.exchange.EasSyncService;
 import com.android.exchange.ExchangeService;
 import com.android.exchange.PartRequest;
+import com.android.exchange.utility.UriCodec;
+import com.google.common.annotations.VisibleForTesting;
 
 import org.apache.http.HttpStatus;
 
@@ -136,6 +138,26 @@ public class AttachmentLoader {
         }
     }
 
+    @VisibleForTesting
+    static String encodeForExchange2003(String str) {
+        AttachmentNameEncoder enc = new AttachmentNameEncoder();
+        StringBuilder sb = new StringBuilder(str.length() + 16);
+        enc.appendPartiallyEncoded(sb, str);
+        return sb.toString();
+    }
+
+    /**
+     * Encoder for Exchange 2003 attachment names.  They come from the server partially encoded,
+     * but there are still possible characters that need to be encoded (Why, MSFT, why?)
+     */
+    private static class AttachmentNameEncoder extends UriCodec {
+        @Override protected boolean isRetained(char c) {
+            // These four characters are commonly received in EAS 2.5 attachment names and are
+            // valid (verified by testing); we won't encode them
+            return c == '_' || c == ':' || c == '/' || c == '.';
+        }
+    }
+
     /**
      * Loads an attachment, based on the PartRequest passed in the constructor
      * @throws IOException
@@ -159,7 +181,13 @@ public class AttachmentLoader {
             s.end().end().done(); // ITEMS_FETCH, ITEMS_ITEMS
             resp = mService.sendHttpClientPost("ItemOperations", s.toByteArray());
         } else {
-            String cmd = "GetAttachment&AttachmentName=" + mAttachment.mLocation;
+            String location = mAttachment.mLocation;
+            // For Exchange 2003 (EAS 2.5), we have to look for illegal characters in the file name
+            // that EAS sent to us!
+            if (mService.mProtocolVersionDouble < Eas.SUPPORTED_PROTOCOL_EX2007_DOUBLE) {
+                location = encodeForExchange2003(location);
+            }
+            String cmd = "GetAttachment&AttachmentName=" + location;
             resp = mService.sendHttpClientPost(cmd, null, EasSyncService.COMMAND_TIMEOUT);
         }
 
diff --git a/src/com/android/exchange/utility/UriCodec.java b/src/com/android/exchange/utility/UriCodec.java
new file mode 100644
index 00000000..d8811c61
--- /dev/null
+++ b/src/com/android/exchange/utility/UriCodec.java
@@ -0,0 +1,216 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  See the NOTICE file distributed with
+ *  this work for additional information regarding copyright ownership.
+ *  The ASF licenses this file to You under the Apache License, Version 2.0
+ *  (the "License"); you may not use this file except in compliance with
+ *  the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+
+package com.android.exchange.utility;
+
+import java.io.ByteArrayOutputStream;
+import java.net.URISyntaxException;
+import java.nio.charset.Charset;
+import java.nio.charset.Charsets;
+
+// Note: This class copied verbatim from libcore.net
+
+/**
+ * Encodes and decodes {@code application/x-www-form-urlencoded} content.
+ * Subclasses define exactly which characters are legal.
+ *
+ * <p>By default, UTF-8 is used to encode escaped characters. A single input
+ * character like "\u0080" may be encoded to multiple octets like %C2%80.
+ */
+public abstract class UriCodec {
+
+    /**
+     * Returns true if {@code c} does not need to be escaped.
+     */
+    protected abstract boolean isRetained(char c);
+
+    /**
+     * Throws if {@code s} is invalid according to this encoder.
+     */
+    public final String validate(String uri, int start, int end, String name)
+            throws URISyntaxException {
+        for (int i = start; i < end; ) {
+            char ch = uri.charAt(i);
+            if ((ch >= 'a' && ch <= 'z')
+                    || (ch >= 'A' && ch <= 'Z')
+                    || (ch >= '0' && ch <= '9')
+                    || isRetained(ch)) {
+                i++;
+            } else if (ch == '%') {
+                if (i + 2 >= end) {
+                    throw new URISyntaxException(uri, "Incomplete % sequence in " + name, i);
+                }
+                int d1 = hexToInt(uri.charAt(i + 1));
+                int d2 = hexToInt(uri.charAt(i + 2));
+                if (d1 == -1 || d2 == -1) {
+                    throw new URISyntaxException(uri, "Invalid % sequence: "
+                            + uri.substring(i, i + 3) + " in " + name, i);
+                }
+                i += 3;
+            } else {
+                throw new URISyntaxException(uri, "Illegal character in " + name, i);
+            }
+        }
+        return uri.substring(start, end);
+    }
+
+    /**
+     * Throws if {@code s} contains characters that are not letters, digits or
+     * in {@code legal}.
+     */
+    public static void validateSimple(String s, String legal)
+            throws URISyntaxException {
+        for (int i = 0; i < s.length(); i++) {
+            char ch = s.charAt(i);
+            if (!((ch >= 'a' && ch <= 'z')
+                    || (ch >= 'A' && ch <= 'Z')
+                    || (ch >= '0' && ch <= '9')
+                    || legal.indexOf(ch) > -1)) {
+                throw new URISyntaxException(s, "Illegal character", i);
+            }
+        }
+    }
+
+    /**
+     * Encodes {@code s} and appends the result to {@code builder}.
+     *
+     * @param isPartiallyEncoded true to fix input that has already been
+     *     partially or fully encoded. For example, input of "hello%20world" is
+     *     unchanged with isPartiallyEncoded=true but would be double-escaped to
+     *     "hello%2520world" otherwise.
+     */
+    private void appendEncoded(StringBuilder builder, String s, Charset charset,
+            boolean isPartiallyEncoded) {
+        if (s == null) {
+            throw new NullPointerException();
+        }
+
+        int escapeStart = -1;
+        for (int i = 0; i < s.length(); i++) {
+            char c = s.charAt(i);
+            if ((c >= 'a' && c <= 'z')
+                    || (c >= 'A' && c <= 'Z')
+                    || (c >= '0' && c <= '9')
+                    || isRetained(c)
+                    || (c == '%' && isPartiallyEncoded)) {
+                if (escapeStart != -1) {
+                    appendHex(builder, s.substring(escapeStart, i), charset);
+                    escapeStart = -1;
+                }
+                if (c == '%' && isPartiallyEncoded) {
+                    // this is an encoded 3-character sequence like "%20"
+                    builder.append(s, i, i + 3);
+                    i += 2;
+                } else if (c == ' ') {
+                    builder.append('+');
+                } else {
+                    builder.append(c);
+                }
+            } else if (escapeStart == -1) {
+                escapeStart = i;
+            }
+        }
+        if (escapeStart != -1) {
+            appendHex(builder, s.substring(escapeStart, s.length()), charset);
+        }
+    }
+
+    public final String encode(String s, Charset charset) {
+        // Guess a bit larger for encoded form
+        StringBuilder builder = new StringBuilder(s.length() + 16);
+        appendEncoded(builder, s, charset, false);
+        return builder.toString();
+    }
+
+    public final void appendEncoded(StringBuilder builder, String s) {
+        appendEncoded(builder, s, Charsets.UTF_8, false);
+    }
+
+    public final void appendPartiallyEncoded(StringBuilder builder, String s) {
+        appendEncoded(builder, s, Charsets.UTF_8, true);
+    }
+
+    /**
+     * @param convertPlus true to convert '+' to ' '.
+     */
+    public static String decode(String s, boolean convertPlus, Charset charset) {
+        if (s.indexOf('%') == -1 && (!convertPlus || s.indexOf('+') == -1)) {
+            return s;
+        }
+
+        StringBuilder result = new StringBuilder(s.length());
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        for (int i = 0; i < s.length();) {
+            char c = s.charAt(i);
+            if (c == '%') {
+                do {
+                    if (i + 2 >= s.length()) {
+                        throw new IllegalArgumentException("Incomplete % sequence at: " + i);
+                    }
+                    int d1 = hexToInt(s.charAt(i + 1));
+                    int d2 = hexToInt(s.charAt(i + 2));
+                    if (d1 == -1 || d2 == -1) {
+                        throw new IllegalArgumentException("Invalid % sequence " +
+                                s.substring(i, i + 3) + " at " + i);
+                    }
+                    out.write((byte) ((d1 << 4) + d2));
+                    i += 3;
+                } while (i < s.length() && s.charAt(i) == '%');
+                result.append(new String(out.toByteArray(), charset));
+                out.reset();
+            } else {
+                if (convertPlus && c == '+') {
+                    c = ' ';
+                }
+                result.append(c);
+                i++;
+            }
+        }
+        return result.toString();
+    }
+
+    /**
+     * Like {@link Character#digit}, but without support for non-ASCII
+     * characters.
+     */
+    private static int hexToInt(char c) {
+        if ('0' <= c && c <= '9') {
+            return c - '0';
+        } else if ('a' <= c && c <= 'f') {
+            return 10 + (c - 'a');
+        } else if ('A' <= c && c <= 'F') {
+            return 10 + (c - 'A');
+        } else {
+            return -1;
+        }
+    }
+
+    public static String decode(String s) {
+        return decode(s, false, Charsets.UTF_8);
+    }
+
+    private static void appendHex(StringBuilder builder, String s, Charset charset) {
+        for (byte b : s.getBytes(charset)) {
+            appendHex(builder, b);
+        }
+    }
+
+    private static void appendHex(StringBuilder sb, byte b) {
+        sb.append('%');
+        sb.append(Byte.toHexString(b, true));
+    }
+}
diff --git a/tests/src/com/android/exchange/adapter/AttachmentLoaderTests.java b/tests/src/com/android/exchange/adapter/AttachmentLoaderTests.java
new file mode 100644
index 00000000..2e16ac82
--- /dev/null
+++ b/tests/src/com/android/exchange/adapter/AttachmentLoaderTests.java
@@ -0,0 +1,40 @@
+/* Copyright (C) 2011 The Android Open Source Project.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/**
+ * You can run this entire test case with:
+ *   runtest -c com.android.exchange.adapter.AttachmentLoaderTests exchange
+ */
+package com.android.exchange.adapter;
+
+import android.test.AndroidTestCase;
+import android.test.suitebuilder.annotation.SmallTest;
+
+@SmallTest
+public class AttachmentLoaderTests extends AndroidTestCase {
+    private static final String TEST_LOCATION =
+        "Inbox/FW:%204G%20Netbook%20|%20Now%20Available%20for%20Order.EML/image012.jpg";
+
+    public void testEncodeForExchange2003() {
+        assertEquals("abc", AttachmentLoader.encodeForExchange2003("abc"));
+        // We don't encode the four characters after abc
+        assertEquals("abc_:/.", AttachmentLoader.encodeForExchange2003("abc_:/."));
+        // We don't re-encode escaped characters
+        assertEquals("%20%33", AttachmentLoader.encodeForExchange2003("%20%33"));
+        // Test with the location that failed in use
+        assertEquals(TEST_LOCATION.replace("|", "%7C"),
+                AttachmentLoader.encodeForExchange2003(TEST_LOCATION));
+    }
+}