aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2016-03-30 08:36:03 +0200
committerThomas Lenz <tlenz@iaik.tugraz.at>2016-03-30 08:36:03 +0200
commitbd53025fa776091cd82d0fca57a28a5404fb4f37 (patch)
tree76cd9d099074c62949513ae269134bd3a31b1eae
parentc6edd632f9422a3873a85cd8b38b7e763a4bb5aa (diff)
downloadmoa-id-spss-bd53025fa776091cd82d0fca57a28a5404fb4f37.tar.gz
moa-id-spss-bd53025fa776091cd82d0fca57a28a5404fb4f37.tar.bz2
moa-id-spss-bd53025fa776091cd82d0fca57a28a5404fb4f37.zip
fix problem with XML parser and additional features options
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java30
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java97
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java8
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java23
-rw-r--r--id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java14
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java16
-rw-r--r--repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jarbin0 -> 976947 bytes
-rw-r--r--repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jarbin380513 -> 381412 bytes
-rw-r--r--spss/pom.xml6
-rw-r--r--spss/server/pom.xml2
-rw-r--r--spss/server/serverlib/pom.xml19
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java23
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java20
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java19
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java3
-rw-r--r--spss/server/serverws/pom.xml5
18 files changed, 234 insertions, 85 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
index a4ab92f58..3d69b0380 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MOASPMetadataSignatureFilter.java
@@ -23,14 +23,9 @@
package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
import java.io.IOException;
-import java.io.StringWriter;
-import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
import javax.xml.transform.TransformerFactoryConfigurationError;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.FilterException;
@@ -41,6 +36,7 @@ import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
/**
* @author tlenz
@@ -69,19 +65,21 @@ public class MOASPMetadataSignatureFilter implements MetadataFilter {
EntityDescriptor entityDes = (EntityDescriptor) metadata;
//check signature;
try {
- Transformer transformer = TransformerFactory.newInstance()
- .newTransformer();
- StringWriter sw = new StringWriter();
- StreamResult sr = new StreamResult(sw);
- DOMSource source = new DOMSource(metadata.getDOM());
- transformer.transform(source, sr);
- sw.close();
- String metadataXML = sw.toString();
+ byte[] serialized = DOMUtils.serializeNode(metadata.getDOM(), "UTF-8");
+
+// Transformer transformer = TransformerFactory.newInstance()
+// .newTransformer();
+// StringWriter sw = new StringWriter();
+// StreamResult sr = new StreamResult(sw);
+// DOMSource source = new DOMSource(metadata.getDOM());
+// transformer.transform(source, sr);
+// sw.close();
+// String metadataXML = sw.toString();
SignatureVerificationUtils sigVerify =
new SignatureVerificationUtils();
VerifyXMLSignatureResponse result = sigVerify.verify(
- metadataXML.getBytes(), trustProfileID);
+ serialized, trustProfileID);
//check signature-verification result
if (result.getSignatureCheckCode() != 0) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index f97d646b6..47ea91753 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -46,20 +46,20 @@
package at.gv.egovernment.moa.id.util;
+import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.StringReader;
import java.net.MalformedURLException;
import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
-import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -68,12 +68,22 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
public class ParamValidatorUtils extends MOAIDAuthConstants{
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
/**
* Checks if the given target is valid
* @param target HTTP parameter from request
@@ -482,11 +492,13 @@ public class ParamValidatorUtils extends MOAIDAuthConstants{
return false;
Logger.debug("Ueberpruefe Parameter XMLDocument");
- try {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- DocumentBuilder builder = factory.newDocumentBuilder();
- InputSource is = new InputSource(new StringReader(document));
- builder.parse(is);
+ try {
+ DOMUtils.parseXmlValidating(new ByteArrayInputStream(document.getBytes()), parserFeatures);
+
+// DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+// DocumentBuilder builder = factory.newDocumentBuilder();
+// InputSource is = new InputSource(new StringReader(document));
+// builder.parse(is);
Logger.debug("Parameter XMLDocument erfolgreich ueberprueft");
return true;
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 0a07fc4a7..95cd63643 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -33,6 +33,7 @@ import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Map.Entry;
import java.util.Set;
import java.util.Vector;
@@ -115,7 +116,7 @@ public class DOMUtils {
private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
"http://xml.org/sax/features/external-parameter-entities";
- private static final String DISALLOW_DOCTYPE_FEATURE =
+ public static final String DISALLOW_DOCTYPE_FEATURE =
"http://apache.org/xml/features/disallow-doctype-decl";
@@ -205,7 +206,8 @@ public class DOMUtils {
String externalSchemaLocations,
String externalNoNamespaceSchemaLocation,
EntityResolver entityResolver,
- ErrorHandler errorHandler)
+ ErrorHandler errorHandler,
+ Map<String, Object> parserFeatures)
throws SAXException, IOException, ParserConfigurationException {
DOMParser parser;
@@ -247,8 +249,25 @@ public class DOMUtils {
parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+ //set external added parser features
+ if (parserFeatures != null) {
+ for (Entry<String, Object> el : parserFeatures.entrySet()) {
+ String key = el.getKey();
+ if (MiscUtil.isNotEmpty(key)) {
+ Object value = el.getValue();
+ if (value != null && value instanceof Boolean)
+ parser.setFeature(key, (boolean)value);
+
+ else
+ Logger.warn("This XML parser only allows features with 'boolean' values");
+
+ } else
+ Logger.warn("Can not set 'null' feature to XML parser");
+ }
+ }
+
//fix XXE problem
- parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+ //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
if (validating) {
@@ -346,6 +365,7 @@ public class DOMUtils {
* @param externalNoNamespaceSchemaLocation The schema location of the
* schema for elements without a namespace, the same way it is accepted by the
* <code>xsi:noNamespaceSchemaLocation</code> attribute.
+ * @param parserFeatures
* @return The parsed XML document as a DOM tree.
* @throws SAXException An error occurred parsing the document.
* @throws IOException An error occurred reading the document.
@@ -356,7 +376,7 @@ public class DOMUtils {
InputStream inputStream,
boolean validating,
String externalSchemaLocations,
- String externalNoNamespaceSchemaLocation)
+ String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures)
throws SAXException, IOException, ParserConfigurationException {
@@ -367,7 +387,8 @@ public class DOMUtils {
externalSchemaLocations,
externalNoNamespaceSchemaLocation,
new MOAEntityResolver(),
- new MOAErrorHandler());
+ new MOAErrorHandler(),
+ parserFeatures);
}
/**
@@ -396,6 +417,46 @@ public class DOMUtils {
String encoding,
boolean validating,
String externalSchemaLocations,
+ String externalNoNamespaceSchemaLocation,
+ Map<String, Object> parserFeatures)
+ throws SAXException, IOException, ParserConfigurationException {
+
+ InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
+ return parseDocument(
+ in,
+ validating,
+ externalSchemaLocations,
+ externalNoNamespaceSchemaLocation,
+ parserFeatures);
+ }
+
+
+ /**
+ * Parse an XML document from a <code>String</code>.
+ *
+ * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
+ * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
+ *
+ * @param xmlString The <code>String</code> containing the XML document.
+ * @param encoding The encoding of the XML document.
+ * @param validating If <code>true</code>, parse validating.
+ * @param externalSchemaLocations A <code>String</code> containing namespace
+ * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+ * schemaLocation</code> attribute.
+ * @param externalNoNamespaceSchemaLocation The schema location of the
+ * schema for elements without a namespace, the same way it is accepted by the
+ * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+ * @return The parsed XML document as a DOM tree.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Document parseDocument(
+ String xmlString,
+ String encoding,
+ boolean validating,
+ String externalSchemaLocations,
String externalNoNamespaceSchemaLocation)
throws SAXException, IOException, ParserConfigurationException {
@@ -404,7 +465,8 @@ public class DOMUtils {
in,
validating,
externalSchemaLocations,
- externalNoNamespaceSchemaLocation);
+ externalNoNamespaceSchemaLocation,
+ null);
}
/**
@@ -453,7 +515,26 @@ public class DOMUtils {
public static Element parseXmlValidating(InputStream inputStream)
throws ParserConfigurationException, SAXException, IOException {
return DOMUtils
- .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+ .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
+ .getDocumentElement();
+ }
+
+ /**
+ * A convenience method to parse an XML document validating.
+ *
+ * @param inputStream The <code>InputStream</code> containing the XML
+ * document.
+ * @param parserFeatures Set additional features to XML parser
+ * @return The root element of the parsed XML document.
+ * @throws SAXException An error occurred parsing the document.
+ * @throws IOException An error occurred reading the document.
+ * @throws ParserConfigurationException An error occurred configuring the XML
+ * parser.
+ */
+ public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures)
+ throws ParserConfigurationException, SAXException, IOException {
+ return DOMUtils
+ .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
.getDocumentElement();
}
@@ -471,7 +552,7 @@ public class DOMUtils {
public static Element parseXmlNonValidating(InputStream inputStream)
throws ParserConfigurationException, SAXException, IOException {
return DOMUtils
- .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null)
+ .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, null)
.getDocumentElement();
}
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
index ba7a0edc4..c0a93bf03 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -24,16 +24,10 @@
package test.at.gv.egovernment.moa;
-import test.at.gv.egovernment.moa.util.DOMUtilsTest;
-import test.at.gv.egovernment.moa.util.DateTimeUtilsTest;
-import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest;
-import test.at.gv.egovernment.moa.util.SSLUtilsTest;
-import test.at.gv.egovernment.moa.util.XPathUtilsTest;
-
import junit.awtui.TestRunner;
import junit.framework.Test;
import junit.framework.TestSuite;
-
+
/**
* @author patrick
* @version $Id$
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
index 5d1c5371a..66bf1faff 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -26,18 +26,19 @@ package test.at.gv.egovernment.moa;
import java.io.FileInputStream;
import java.io.StringReader;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
-
import org.xml.sax.InputSource;
-import junit.framework.TestCase;
-
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
+import junit.framework.TestCase;
/**
* Base class for MOA test cases.
@@ -51,6 +52,16 @@ public class MOATestCase extends TestCase {
protected static final String TESTDATA_ROOT = "data/test/";
+ protected static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
+
/**
* Constructor for MOATestCase.
* @param arg0
@@ -67,7 +78,8 @@ public class MOATestCase extends TestCase {
new FileInputStream(fileName),
false,
null,
- null);
+ null,
+ parserFeatures);
}
/**
@@ -80,7 +92,8 @@ public class MOATestCase extends TestCase {
new FileInputStream(fileName),
true,
Constants.ALL_SCHEMA_LOCATIONS,
- null);
+ null,
+ parserFeatures);
}
/**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
index 1a2b6904d..7b1c0cb67 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -23,6 +23,7 @@
package test.at.gv.egovernment.moa.util;
+
import java.io.FileInputStream;
import java.util.Map;
@@ -30,10 +31,9 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-import test.at.gv.egovernment.moa.*;
-
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
+import test.at.gv.egovernment.moa.MOATestCase;
/**
* @author Patrick Peck
@@ -78,7 +78,8 @@ public class DOMUtilsTest extends MOATestCase {
new FileInputStream(fileName),
true,
Constants.ALL_SCHEMA_LOCATIONS,
- null);
+ null,
+ parserFeatures);
}
public void testParseCreateXMLSignature() throws Exception {
@@ -113,6 +114,7 @@ public class DOMUtilsTest extends MOATestCase {
new FileInputStream(fileName),
false,
null,
+ null,
null);
}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index b39cf9e9b..eca231094 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -49,7 +49,10 @@ package at.gv.egovernment.moa.id.auth.parser;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
@@ -96,6 +99,15 @@ public class CreateXMLSignatureResponseParser {
/** This is the root element of the CreateXMLsignatureResponse */
private Element sigResponse_;
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
/**
* Parses and validates the document given as string and extracts the
* root element.
@@ -156,7 +168,7 @@ public class CreateXMLSignatureResponseParser {
private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
try {
- Element responseElem = DOMUtils.parseXmlValidating(is);
+ Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
sigResponse_ = responseElem;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 31c91cd40..90fd7e1c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -50,6 +50,9 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
@@ -82,6 +85,16 @@ public class InfoboxReadResponseParser {
/** This is the root element of the XML-Document provided by the Security Layer Card*/
private Element infoBoxElem_;
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
+
/**
* Parses and validates the document given as string and extracts the
* root element.
@@ -132,7 +145,8 @@ public class InfoboxReadResponseParser {
private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
try {
- Element responseElem = DOMUtils.parseXmlValidating(is);
+
+ Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
infoBoxElem_ = responseElem;
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar
new file mode 100644
index 000000000..f166efece
--- /dev/null
+++ b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5-javadoc.jar
Binary files differ
diff --git a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
index 5097e2f28..f57276444 100644
--- a/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
+++ b/repository/MOA/spss/server/moa-spss-lib/2.0.5/moa-spss-lib-2.0.5.jar
Binary files differ
diff --git a/spss/pom.xml b/spss/pom.xml
index 1c2a3fbfa..9780bc5b5 100644
--- a/spss/pom.xml
+++ b/spss/pom.xml
@@ -1,10 +1,10 @@
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-<!-- <parent>
+ <parent>
<groupId>MOA</groupId>
<artifactId>MOA</artifactId>
<version>2.x</version>
- </parent> -->
+ </parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>spss</artifactId>
@@ -18,7 +18,7 @@
<modules>
<module>server</module>
- <module>handbook</module>
+ <!-- <module>handbook</module> -->
</modules>
<build>
diff --git a/spss/server/pom.xml b/spss/server/pom.xml
index eb37775c1..362f2e1b2 100644
--- a/spss/server/pom.xml
+++ b/spss/server/pom.xml
@@ -13,7 +13,7 @@
<name>MOA SP/SS Server</name>
<modules>
- <module>tools</module>
+ <!-- <module>tools</module> -->
<module>serverlib</module>
<module>serverws</module>
</modules>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml
index cafd8341b..3437f84db 100644
--- a/spss/server/serverlib/pom.xml
+++ b/spss/server/serverlib/pom.xml
@@ -9,29 +9,33 @@
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<packaging>jar</packaging>
- <version>${moa-spss-version}</version>
+ <version>2.0.5</version>
<name>MOA SP/SS API</name>
<properties>
<repositoryPath>${basedir}/../../../repository</repositoryPath>
</properties>
- <dependencies>
+ <dependencies>
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
+ <version>1.0_IAIK_1.2</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-jaxrpc</artifactId>
+ <version>1.4</version>
</dependency>
<dependency>
<groupId>org.apache.axis</groupId>
<artifactId>axis-saaj</artifactId>
+ <version>1.4</version>
</dependency>
<dependency>
<groupId>axis</groupId>
<artifactId>axis-wsdl4j</artifactId>
+ <version>1.5.1</version>
</dependency>
<dependency>
<groupId>commons-discovery</groupId>
@@ -56,6 +60,7 @@
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
+ <version>1.2.17</version>
</dependency>
<dependency>
<groupId>org.postgresql</groupId>
@@ -63,7 +68,7 @@
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
- <artifactId>servlet-api</artifactId>
+ <artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
@@ -127,8 +132,8 @@
<optional>true</optional>
</dependency>
<dependency>
- <groupId>MOA</groupId>
- <artifactId>moa-common</artifactId>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
<type>jar</type>
</dependency>
<!--
@@ -141,8 +146,8 @@
<dependency>
- <groupId>MOA</groupId>
- <artifactId>moa-common</artifactId>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
<type>test-jar</type>
<scope>test</scope>
</dependency>
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
index 3d2da8384..3c67ca3ca 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/config/ConfigurationPartsBuilder.java
@@ -23,17 +23,6 @@
package at.gv.egovernment.moa.spss.server.config;
-import iaik.asn1.structures.Name;
-import iaik.ixsil.exceptions.URIException;
-import iaik.ixsil.util.URI;
-import iaik.pki.pathvalidation.ChainingModes;
-import iaik.pki.revocation.RevocationSourceTypes;
-import iaik.server.modules.xml.BlackListEntry;
-import iaik.server.modules.xml.ExternalReferenceChecker;
-import iaik.server.modules.xml.WhiteListEntry;
-import iaik.utils.RFC2253NameParser;
-import iaik.utils.RFC2253NameParserException;
-
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
@@ -70,6 +59,16 @@ import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.asn1.structures.Name;
+import iaik.ixsil.exceptions.URIException;
+import iaik.ixsil.util.URI;
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.server.modules.xml.BlackListEntry;
+import iaik.server.modules.xml.ExternalReferenceChecker;
+import iaik.server.modules.xml.WhiteListEntry;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
/**
* A class that builds configuration data from a DOM based representation.
@@ -1429,7 +1428,7 @@ public class ConfigurationPartsBuilder {
private static Element parseXml(InputStream inputStream)
throws ParserConfigurationException, SAXException, IOException {
return DOMUtils
- .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+ .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
.getDocumentElement();
}
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
index 148be664b..fd7ef8cb2 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/DataObjectFactory.java
@@ -24,11 +24,6 @@
package at.gv.egovernment.moa.spss.server.invoke;
-import iaik.ixsil.util.URI;
-import iaik.ixsil.util.XPointerReferenceResolver;
-import iaik.server.modules.xml.DataObject;
-import iaik.server.modules.xml.XMLDataObject;
-
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -76,6 +71,10 @@ import at.gv.egovernment.moa.util.MOAErrorHandler;
import at.gv.egovernment.moa.util.StreamEntityResolver;
import at.gv.egovernment.moa.util.StreamUtils;
import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.ixsil.util.URI;
+import iaik.ixsil.util.XPointerReferenceResolver;
+import iaik.server.modules.xml.DataObject;
+import iaik.server.modules.xml.XMLDataObject;
/**
* A class to create <code>DataObject</code>s contained in different
@@ -259,7 +258,8 @@ public class DataObjectFactory {
Constants.ALL_SCHEMA_LOCATIONS,
null,
entityResolver,
- new MOAErrorHandler());
+ new MOAErrorHandler(),
+ null);
Logger.trace("<<< parsed");
return new XMLDataObjectImpl(doc.getDocumentElement());
@@ -272,7 +272,7 @@ public class DataObjectFactory {
// try to parse non-validating
try {
ByteArrayInputStream is = new ByteArrayInputStream(contentBytes);
- Document doc = DOMUtils.parseDocument(is, false, null, null);
+ Document doc = DOMUtils.parseDocument(is, false, null, null, null);
// Since the parse tree will not contain any post schema validation information,
// we need to register any attributes known to be of type xsd:Id manually.
NodeList idAttributes = XPathUtils.selectNodeList(doc.getDocumentElement(), XPATH);
@@ -765,7 +765,7 @@ public class DataObjectFactory {
// try parsing non-validating: this has to succeed or we
// bail out by throwing an exception
is = resolver.resolve(uri);
- doc = DOMUtils.parseDocument(is, false, null, null);
+ doc = DOMUtils.parseDocument(is, false, null, null, null);
dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
} catch (ParserConfigurationException e) {
throw new MOASystemException("1106", null, e);
@@ -782,7 +782,7 @@ public class DataObjectFactory {
try {
// try parsing non-validating: need not succeed
is = resolver.resolve(uri);
- doc = DOMUtils.parseDocument(is, false, null, null);
+ doc = DOMUtils.parseDocument(is, false, null, null, null);
closeInputStream(is);
dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
} catch (Exception e) {
@@ -981,7 +981,7 @@ public class DataObjectFactory {
Document doc;
try {
- doc = DOMUtils.parseDocument(byteStream, false, null, null);
+ doc = DOMUtils.parseDocument(byteStream, false, null, null, null);
dataObject = new XMLDataObjectImpl(doc.getDocumentElement());
} catch (ParserConfigurationException e) {
throw new MOASystemException("1106", null, e);
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
index 639a75ab1..b7ce0fa7d 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/AxisHandler.java
@@ -30,7 +30,10 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.Iterator;
+import java.util.Map;
import javax.servlet.http.HttpServletRequest;
@@ -100,6 +103,15 @@ public class AxisHandler extends BasicHandler {
/** Simple string contains the post part of the enveloping SOAP wrapping */
private static final String SOAP_PART_POST = "</soapenv:Body></soapenv:Envelope>";
+ private static final Map<String, Object> parserFeatures =
+ Collections.unmodifiableMap(new HashMap<String, Object>() {
+ private static final long serialVersionUID = 1L;
+ {
+ put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+
+ }
+ });
+
/**
* Handle an invocation of this handler.
*
@@ -146,7 +158,12 @@ public class AxisHandler extends BasicHandler {
Element xmlRequest = null;
//log.info(soapMessage.getSOAPPartAsString());
- Element soapPart = DOMUtils.parseDocument(new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()), false, null, null).getDocumentElement();
+ Element soapPart = DOMUtils.parseDocument(
+ new ByteArrayInputStream(soapMessage.getSOAPPartAsBytes()),
+ false,
+ null,
+ null,
+ parserFeatures).getDocumentElement();
if (soapPart!=null) {
//TODO: check if DOM Version is intolerant when white spaces are between tags (preceding normalization would be necessary)
NodeList soapBodies = soapPart.getElementsByTagNameNS(SOAP_NS_URI, "Body");
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
index d986f7a1b..1114cb7b0 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/service/ServiceUtils.java
@@ -85,7 +85,8 @@ public class ServiceUtils {
Constants.ALL_SCHEMA_LOCATIONS,
null,
new MOASPSSEntityResolver(),
- new MOAErrorHandler());
+ new MOAErrorHandler(),
+ null);
// DOMUtils.parseDocument(
// new ByteArrayInputStream(requestBytes),
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml
index b90026252..ce665cad0 100644
--- a/spss/server/serverws/pom.xml
+++ b/spss/server/serverws/pom.xml
@@ -94,8 +94,8 @@
<!--version>${pom.version}</version-->
</dependency>
<dependency>
- <groupId>MOA</groupId>
- <artifactId>moa-common</artifactId>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
@@ -118,6 +118,7 @@
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
+ <version>1.2.17</version>
</dependency>
<!-- <dependency>
<groupId>iaik</groupId>