diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-30 08:36:03 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2016-03-30 08:36:03 +0200 |
commit | bd53025fa776091cd82d0fca57a28a5404fb4f37 (patch) | |
tree | 76cd9d099074c62949513ae269134bd3a31b1eae | |
parent | c6edd632f9422a3873a85cd8b38b7e763a4bb5aa (diff) | |
download | moa-id-spss-bd53025fa776091cd82d0fca57a28a5404fb4f37.tar.gz moa-id-spss-bd53025fa776091cd82d0fca57a28a5404fb4f37.tar.bz2 moa-id-spss-bd53025fa776091cd82d0fca57a28a5404fb4f37.zip |
fix problem with XML parser and additional features options
18 files changed, 234 insertions, 85 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java index a4ab92f58..3d69b0380 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java @@ -23,14 +23,9 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; import java.io.IOException; -import java.io.StringWriter; -import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; import javax.xml.transform.TransformerFactoryConfigurationError; -import javax.xml.transform.dom.DOMSource; -import javax.xml.transform.stream.StreamResult; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.FilterException; @@ -41,6 +36,7 @@ import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; /** * @author tlenz @@ -69,19 +65,21 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter { EntityDescriptor entityDes = (EntityDescriptor) metadata; //check signature; try { - Transformer transformer = TransformerFactory.newInstance() - .newTransformer(); - StringWriter sw = new StringWriter(); - StreamResult sr = new StreamResult(sw); - DOMSource source = new DOMSource(metadata.getDOM()); - transformer.transform(source, sr); - sw.close(); - String metadataXML = sw.toString(); + byte[] serialized = DOMUtils.serializeNode(metadata.getDOM(), "UTF-8"); + +// Transformer transformer = TransformerFactory.newInstance() +// .newTransformer(); +// StringWriter sw = new StringWriter(); +// StreamResult sr = new StreamResult(sw); +// DOMSource source = new DOMSource(metadata.getDOM()); +// transformer.transform(source, sr); +// sw.close(); +// String metadataXML = sw.toString(); SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); VerifyXMLSignatureResponse result = sigVerify.verify( - metadataXML.getBytes(), trustProfileID); + serialized, trustProfileID); //check signature-verification result if (result.getSignatureCheckCode() != 0) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index f97d646b6..47ea91753 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -46,20 +46,20 @@ package at.gv.egovernment.moa.id.util;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
-import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -68,12 +68,22 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
public class ParamValidatorUtils extends MOAIDAuthConstants{
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
/**
* Checks if the given target is valid
* @param target HTTP parameter from request
@@ -482,11 +492,13 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{ return false;
Logger.debug("Ueberpruefe Parameter XMLDocument");
- try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- DocumentBuilder builder = factory.newDocumentBuilder();
- InputSource is = new InputSource(new StringReader(document));
- builder.parse(is);
+ try {
+ DOMUtils.parseXmlValidating(new ByteArrayInputStream(document.getBytes()), parserFeatures);
+
+// DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+// DocumentBuilder builder = factory.newDocumentBuilder();
+// InputSource is = new InputSource(new StringReader(document));
+// builder.parse(is);
Logger.debug("Parameter XMLDocument erfolgreich ueberprueft");
return true;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java index 0a07fc4a7..95cd63643 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -33,6 +33,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.Set; import java.util.Vector; @@ -115,7 +116,7 @@ public class DOMUtils { private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities"; - private static final String DISALLOW_DOCTYPE_FEATURE = + public static final String DISALLOW_DOCTYPE_FEATURE = "http://apache.org/xml/features/disallow-doctype-decl"; @@ -205,7 +206,8 @@ public class DOMUtils { String externalSchemaLocations, String externalNoNamespaceSchemaLocation, EntityResolver entityResolver, - ErrorHandler errorHandler) + ErrorHandler errorHandler, + Map<String, Object> parserFeatures) throws SAXException, IOException, ParserConfigurationException { DOMParser parser; @@ -247,8 +249,25 @@ public class DOMUtils { parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); + //set external added parser features + if (parserFeatures != null) { + for (Entry<String, Object> el : parserFeatures.entrySet()) { + String key = el.getKey(); + if (MiscUtil.isNotEmpty(key)) { + Object value = el.getValue(); + if (value != null && value instanceof Boolean) + parser.setFeature(key, (boolean)value); + + else + Logger.warn("This XML parser only allows features with 'boolean' values"); + + } else + Logger.warn("Can not set 'null' feature to XML parser"); + } + } + //fix XXE problem - parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); if (validating) { @@ -346,6 +365,7 @@ public class DOMUtils { * @param externalNoNamespaceSchemaLocation The schema location of the * schema for elements without a namespace, the same way it is accepted by the * <code>xsi:noNamespaceSchemaLocation</code> attribute. + * @param parserFeatures * @return The parsed XML document as a DOM tree. * @throws SAXException An error occurred parsing the document. * @throws IOException An error occurred reading the document. @@ -356,7 +376,7 @@ public class DOMUtils { InputStream inputStream, boolean validating, String externalSchemaLocations, - String externalNoNamespaceSchemaLocation) + String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures) throws SAXException, IOException, ParserConfigurationException { @@ -367,7 +387,8 @@ public class DOMUtils { externalSchemaLocations, externalNoNamespaceSchemaLocation, new MOAEntityResolver(), - new MOAErrorHandler()); + new MOAErrorHandler(), + parserFeatures); } /** @@ -396,6 +417,46 @@ public class DOMUtils { String encoding, boolean validating, String externalSchemaLocations, + String externalNoNamespaceSchemaLocation, + Map<String, Object> parserFeatures) + throws SAXException, IOException, ParserConfigurationException { + + InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding)); + return parseDocument( + in, + validating, + externalSchemaLocations, + externalNoNamespaceSchemaLocation, + parserFeatures); + } + + + /** + * Parse an XML document from a <code>String</code>. + * + * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code> + * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>. + * + * @param xmlString The <code>String</code> containing the XML document. + * @param encoding The encoding of the XML document. + * @param validating If <code>true</code>, parse validating. + * @param externalSchemaLocations A <code>String</code> containing namespace + * URI to schema location pairs, the same way it is accepted by the <code>xsi: + * schemaLocation</code> attribute. + * @param externalNoNamespaceSchemaLocation The schema location of the + * schema for elements without a namespace, the same way it is accepted by the + * <code>xsi:noNamespaceSchemaLocation</code> attribute. + * @return The parsed XML document as a DOM tree. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Document parseDocument( + String xmlString, + String encoding, + boolean validating, + String externalSchemaLocations, String externalNoNamespaceSchemaLocation) throws SAXException, IOException, ParserConfigurationException { @@ -404,7 +465,8 @@ public class DOMUtils { in, validating, externalSchemaLocations, - externalNoNamespaceSchemaLocation); + externalNoNamespaceSchemaLocation, + null); } /** @@ -453,7 +515,26 @@ public class DOMUtils { public static Element parseXmlValidating(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null) + .getDocumentElement(); + } + + /** + * A convenience method to parse an XML document validating. + * + * @param inputStream The <code>InputStream</code> containing the XML + * document. + * @param parserFeatures Set additional features to XML parser + * @return The root element of the parsed XML document. + * @throws SAXException An error occurred parsing the document. + * @throws IOException An error occurred reading the document. + * @throws ParserConfigurationException An error occurred configuring the XML + * parser. + */ + public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures) + throws ParserConfigurationException, SAXException, IOException { + return DOMUtils + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures) .getDocumentElement(); } @@ -471,7 +552,7 @@ public class DOMUtils { public static Element parseXmlNonValidating(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null) + .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, null) .getDocumentElement(); } diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java index ba7a0edc4..c0a93bf03 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java @@ -24,16 +24,10 @@ package test.at.gv.egovernment.moa; -import test.at.gv.egovernment.moa.util.DOMUtilsTest; -import test.at.gv.egovernment.moa.util.DateTimeUtilsTest; -import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest; -import test.at.gv.egovernment.moa.util.SSLUtilsTest; -import test.at.gv.egovernment.moa.util.XPathUtilsTest; - import junit.awtui.TestRunner; import junit.framework.Test; import junit.framework.TestSuite; - + /** * @author patrick * @version $Id$ diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java index 5d1c5371a..66bf1faff 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java @@ -26,18 +26,19 @@ package test.at.gv.egovernment.moa; import java.io.FileInputStream; import java.io.StringReader; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import org.w3c.dom.Document; - import org.xml.sax.InputSource; -import junit.framework.TestCase; - import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import junit.framework.TestCase; /** * Base class for MOA test cases. @@ -51,6 +52,16 @@ public class MOATestCase extends TestCase { protected static final String TESTDATA_ROOT = "data/test/"; + protected static final Map<String, Object> parserFeatures = + Collections.unmodifiableMap(new HashMap<String, Object>() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + + /** * Constructor for MOATestCase. * @param arg0 @@ -67,7 +78,8 @@ public class MOATestCase extends TestCase { new FileInputStream(fileName), false, null, - null); + null, + parserFeatures); } /** @@ -80,7 +92,8 @@ public class MOATestCase extends TestCase { new FileInputStream(fileName), true, Constants.ALL_SCHEMA_LOCATIONS, - null); + null, + parserFeatures); } /** diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java index 1a2b6904d..7b1c0cb67 100644 --- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java +++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java @@ -23,6 +23,7 @@ package test.at.gv.egovernment.moa.util; + import java.io.FileInputStream; import java.util.Map; @@ -30,10 +31,9 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; -import test.at.gv.egovernment.moa.*; - import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import test.at.gv.egovernment.moa.MOATestCase; /** * @author Patrick Peck @@ -78,7 +78,8 @@ public class DOMUtilsTest extends MOATestCase { new FileInputStream(fileName), true, Constants.ALL_SCHEMA_LOCATIONS, - null); + null, + parserFeatures); } public void testParseCreateXMLSignature() throws Exception { @@ -113,6 +114,7 @@ public class DOMUtilsTest extends MOATestCase { new FileInputStream(fileName), false, null, + null, null); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index b39cf9e9b..eca231094 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -49,7 +49,10 @@ package at.gv.egovernment.moa.id.auth.parser; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; import java.util.List; +import java.util.Map; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -96,6 +99,15 @@ public class CreateXMLSignatureResponseParser { /** This is the root element of the CreateXMLsignatureResponse */ private Element sigResponse_; + private static final Map<String, Object> parserFeatures = + Collections.unmodifiableMap(new HashMap<String, Object>() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + /** * Parses and validates the document given as string and extracts the * root element. @@ -156,7 +168,7 @@ public class CreateXMLSignatureResponseParser { private void init(InputStream is) throws AuthenticationException, ParseException, BKUException { try { - Element responseElem = DOMUtils.parseXmlValidating(is); + Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures); if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) { sigResponse_ = responseElem; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 31c91cd40..90fd7e1c7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -50,6 +50,9 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.security.cert.CertificateException; +import java.util.Collections; +import java.util.HashMap; +import java.util.Map; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -82,6 +85,16 @@ public class InfoboxReadResponseParser { /** This is the root element of the XML-Document provided by the Security Layer Card*/ private Element infoBoxElem_; + private static final Map<String, Object> parserFeatures = + Collections.unmodifiableMap(new HashMap<String, Object>() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + + /** * Parses and validates the document given as string and extracts the * root element. @@ -132,7 +145,8 @@ public class InfoboxReadResponseParser { private void init(InputStream is) throws AuthenticationException, ParseException, BKUException { try { - Element responseElem = DOMUtils.parseXmlValidating(is); + + Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures); if ("InfoboxReadResponse".equals(responseElem.getLocalName())) { infoBoxElem_ = responseElem; diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar Binary files differnew file mode 100644 index 000000000..f166efece --- /dev/null +++ b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar Binary files differindex 5097e2f28..f57276444 100644 --- a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar +++ b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar diff --git a/spss/pom.xml b/spss/pom.xml index 1c2a3fbfa..9780bc5b5 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -1,10 +1,10 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> -<!-- <parent> + <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> <version>2.x</version> - </parent> --> + </parent> <modelVersion>4.0.0</modelVersion> <artifactId>spss</artifactId> @@ -18,7 +18,7 @@ <modules> <module>server</module> - <module>handbook</module> + <!-- <module>handbook</module> --> </modules> <build> diff --git a/spss/server/pom.xml b/spss/server/pom.xml index eb37775c1..362f2e1b2 100644 --- a/spss/server/pom.xml +++ b/spss/server/pom.xml @@ -13,7 +13,7 @@ <name>MOA SP/SS Server</name>
<modules>
- <module>tools</module>
+ <!-- <module>tools</module> -->
<module>serverlib</module>
<module>serverws</module>
</modules>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index cafd8341b..3437f84db 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -9,29 +9,33 @@ <groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<packaging>jar</packaging>
- <version>${moa-spss-version}</version>
+ <version>2.0.5</version>
<name>MOA SP/SS API</name>
<properties>
<repositoryPath>${basedir}/../../../repository</repositoryPath>
</properties>
- <dependencies>
+ <dependencies>
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
+ <version>1.0_IAIK_1.2</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-jaxrpc</artifactId>
+ <version>1.4</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-saaj</artifactId>
+ <version>1.4</version>
</dependency>
<dependency>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
+ <version>1.5.1</version>
</dependency>
<dependency>
<groupId>commons-discovery</groupId>
@@ -56,6 +60,7 @@ <dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
+ <version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
@@ -63,7 +68,7 @@ </dependency>
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
+ <artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
@@ -127,8 +132,8 @@ <optional>true</optional>
</dependency>
<dependency>
- <groupId>MOA</groupId>
- <artifactId>moa-common</artifactId>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
<type>jar</type>
</dependency>
<!--
@@ -141,8 +146,8 @@ <dependency>
- <groupId>MOA</groupId>
- <artifactId>moa-common</artifactId>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
<type>test-jar</type>
<scope>test</scope>
</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java index 3d2da8384..3c67ca3ca 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java @@ -23,17 +23,6 @@ package at.gv.egovernment.moa.spss.server.config; -import iaik.asn1.structures.Name; -import iaik.ixsil.exceptions.URIException; -import iaik.ixsil.util.URI; -import iaik.pki.pathvalidation.ChainingModes; -import iaik.pki.revocation.RevocationSourceTypes; -import iaik.server.modules.xml.BlackListEntry; -import iaik.server.modules.xml.ExternalReferenceChecker; -import iaik.server.modules.xml.WhiteListEntry; -import iaik.utils.RFC2253NameParser; -import iaik.utils.RFC2253NameParserException; - import java.io.File; import java.io.FileInputStream; import java.io.IOException; @@ -70,6 +59,16 @@ import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.asn1.structures.Name; +import iaik.ixsil.exceptions.URIException; +import iaik.ixsil.util.URI; +import iaik.pki.pathvalidation.ChainingModes; +import iaik.pki.revocation.RevocationSourceTypes; +import iaik.server.modules.xml.BlackListEntry; +import iaik.server.modules.xml.ExternalReferenceChecker; +import iaik.server.modules.xml.WhiteListEntry; +import iaik.utils.RFC2253NameParser; +import iaik.utils.RFC2253NameParserException; /** * A class that builds configuration data from a DOM based representation. @@ -1429,7 +1428,7 @@ public class ConfigurationPartsBuilder { private static Element parseXml(InputStream inputStream) throws ParserConfigurationException, SAXException, IOException { return DOMUtils - .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null) + .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null) .getDocumentElement(); } diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java index 148be664b..fd7ef8cb2 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java @@ -24,11 +24,6 @@ package at.gv.egovernment.moa.spss.server.invoke; -import iaik.ixsil.util.URI; -import iaik.ixsil.util.XPointerReferenceResolver; -import iaik.server.modules.xml.DataObject; -import iaik.server.modules.xml.XMLDataObject; - import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; @@ -76,6 +71,10 @@ import at.gv.egovernment.moa.util.MOAErrorHandler; import at.gv.egovernment.moa.util.StreamEntityResolver; import at.gv.egovernment.moa.util.StreamUtils; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.ixsil.util.URI; +import iaik.ixsil.util.XPointerReferenceResolver; +import iaik.server.modules.xml.DataObject; +import iaik.server.modules.xml.XMLDataObject; /** * A class to create <code>DataObject</code>s contained in different @@ -259,7 +258,8 @@ public class DataObjectFactory { Constants.ALL_SCHEMA_LOCATIONS, null, entityResolver, - new MOAErrorHandler()); + new MOAErrorHandler(), + null); Logger.trace("<<< parsed"); return new XMLDataObjectImpl(doc.getDocumentElement()); @@ -272,7 +272,7 @@ public class DataObjectFactory { // try to parse non-validating try { ByteArrayInputStream is = new ByteArrayInputStream(contentBytes); - Document doc = DOMUtils.parseDocument(is, false, null, null); + Document doc = DOMUtils.parseDocument(is, false, null, null, null); // Since the parse tree will not contain any post schema validation information, // we need to register any attributes known to be of type xsd:Id manually. NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH); @@ -765,7 +765,7 @@ public class DataObjectFactory { // try parsing non-validating: this has to succeed or we // bail out by throwing an exception is = resolver.resolve(uri); - doc = DOMUtils.parseDocument(is, false, null, null); + doc = DOMUtils.parseDocument(is, false, null, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (ParserConfigurationException e) { throw new MOASystemException("1106", null, e); @@ -782,7 +782,7 @@ public class DataObjectFactory { try { // try parsing non-validating: need not succeed is = resolver.resolve(uri); - doc = DOMUtils.parseDocument(is, false, null, null); + doc = DOMUtils.parseDocument(is, false, null, null, null); closeInputStream(is); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (Exception e) { @@ -981,7 +981,7 @@ public class DataObjectFactory { Document doc; try { - doc = DOMUtils.parseDocument(byteStream, false, null, null); + doc = DOMUtils.parseDocument(byteStream, false, null, null, null); dataObject = new XMLDataObjectImpl(doc.getDocumentElement()); } catch (ParserConfigurationException e) { throw new MOASystemException("1106", null, e); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java index 639a75ab1..b7ce0fa7d 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java @@ -30,7 +30,10 @@ import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.security.cert.X509Certificate; +import java.util.Collections; +import java.util.HashMap; import java.util.Iterator; +import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -100,6 +103,15 @@ public class AxisHandler extends BasicHandler { /** Simple string contains the post part of the enveloping SOAP wrapping */ private static final String SOAP_PART_POST = "</soapenv:Body></soapenv:Envelope>"; + private static final Map<String, Object> parserFeatures = + Collections.unmodifiableMap(new HashMap<String, Object>() { + private static final long serialVersionUID = 1L; + { + put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true); + + } + }); + /** * Handle an invocation of this handler. * @@ -146,7 +158,12 @@ public class AxisHandler extends BasicHandler { Element xmlRequest = null; //log.info(soapMessage.getSOAPPartAsString()); - Element soapPart = DOMUtils.parseDocument(new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null).getDocumentElement(); + Element soapPart = DOMUtils.parseDocument( + new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), + false, + null, + null, + parserFeatures).getDocumentElement(); if (soapPart!=null) { //TODO: check if DOM Version is intolerant when white spaces are between tags (preceding normalization would be necessary) NodeList soapBodies = soapPart.getElementsByTagNameNS(SOAP_NS_URI, "Body"); diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java index d986f7a1b..1114cb7b0 100644 --- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java +++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java @@ -85,7 +85,8 @@ public class ServiceUtils { Constants.ALL_SCHEMA_LOCATIONS, null, new MOASPSSEntityResolver(), - new MOAErrorHandler()); + new MOAErrorHandler(), + null); // DOMUtils.parseDocument( // new ByteArrayInputStream(requestBytes), diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index b90026252..ce665cad0 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -94,8 +94,8 @@ <!--version>${pom.version}</version--> </dependency> <dependency> - <groupId>MOA</groupId> - <artifactId>moa-common</artifactId> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-commons</artifactId> </dependency> <dependency> <groupId>iaik.prod</groupId> @@ -118,6 +118,7 @@ <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId> + <version>1.2.17</version> </dependency> <!-- <dependency> <groupId>iaik</groupId> |