aboutsummaryrefslogtreecommitdiff
path: root/common/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'common/src/main/java/at')
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/Constants.java11
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java4
2 files changed, 15 insertions, 0 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 8d71f2e84..5d12691f8 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -381,6 +381,16 @@ public interface Constants {
public static final String XENC_SCHEMA_LOCATION =
SCHEMA_ROOT + "xenc-schema.xsd";
+ /** Prefix used for the XML Encryption XML namespace */
+ public static final String SAML2_METADATA_PREFIX = "md";
+
+ /** Prefix used for the XML Encryption XML namespace */
+ public static final String SAML2_METADATA_URI = "urn:oasis:names:tc:SAML:2.0:metadata";
+
+ /** Local location of the XML Encryption XML schema definition. */
+ public static final String SAML2_METADATA_SCHEMA_LOCATION =
+ SCHEMA_ROOT + "saml-schema-metadata-2.0.xsd";
+
/**
* Contains all namespaces and local schema locations for XML schema
* definitions relevant for MOA. For use in validating XML parsers.
@@ -413,6 +423,7 @@ public interface Constants {
+ (SAML2P_NS_URI + " " + SAML2P_SCHEMA_LOCATION + " ")
+ (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ")
+ (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ")
+ + (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ")
+ (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION);
/** URN prefix for bPK and wbPK. */
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 2b816ed4c..0a07fc4a7 100644
--- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -246,6 +246,10 @@ public class DOMUtils {
parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false);
parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+
+ //fix XXE problem
+ parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+
if (validating) {
if (externalSchemaLocations != null) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-24 08:33:55 +0000