1 files changed, 23 insertions, 11 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 28ce69e95..90fd7e1c7 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -46,18 +46,19 @@
 
 package at.gv.egovernment.moa.id.auth.parser;
 
-import iaik.x509.X509Certificate;
-
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
 import java.io.InputStream;
 import java.security.cert.CertificateException;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.transform.TransformerException;
 
-import org.apache.axis.encoding.Base64;
 import org.apache.xpath.XPathAPI;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
@@ -66,9 +67,11 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BKUException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.util.Base64Utils;
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
 import at.gv.egovernment.moa.util.XPathUtils;
+import iaik.x509.X509Certificate;
 
 /**
  * Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
@@ -82,6 +85,16 @@ public class InfoboxReadResponseParser {
   /** This is the root element of the XML-Document provided by the Security Layer Card*/
   private Element infoBoxElem_;
 
+  private static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+
+  
   /**
    * Parses and validates the document given as string and extracts the 
    * root element.
@@ -132,7 +145,8 @@ public class InfoboxReadResponseParser {
   private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
     try {
       
-      Element responseElem = DOMUtils.parseXmlValidating(is);
+    	
+      Element responseElem = DOMUtils.parseXmlValidating(is, parserFeatures);
       
       if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
         infoBoxElem_ = responseElem;
@@ -256,16 +270,14 @@ public class InfoboxReadResponseParser {
          
          String base64Content = DOMUtils.getText(base64ContentElement);
          
-         // Decode Base64 value to X509Certificate
-         byte[] content = Base64.decode(base64Content);
+         // Decode Base64 value to X509Certificate         					
+         byte[] content = Base64Utils.decode(base64Content, false);
          return new X509Certificate(content);
          
-      } catch (ParserConfigurationException e) {
-         throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
-      } catch (TransformerException e) {
-         throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
-      } catch (CertificateException e) {
+      } catch (ParserConfigurationException | TransformerException |
+    		  CertificateException | IOException  e) {
          throw new ParseException("parser.01", new Object[] { "Could not parse X509Certificate from InfoboxReadRequest."}, e);
+         
       } 
 
    }