From bd53025fa776091cd82d0fca57a28a5404fb4f37 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Wed, 30 Mar 2016 08:36:03 +0200
Subject: fix problem with XML parser and additional features options

---
 .../java/at/gv/egovernment/moa/util/DOMUtils.java  | 97 ++++++++++++++++++++--
 .../java/test/at/gv/egovernment/moa/AllTests.java  |  8 +-
 .../test/at/gv/egovernment/moa/MOATestCase.java    | 23 +++--
 .../at/gv/egovernment/moa/util/DOMUtilsTest.java   |  8 +-
 4 files changed, 113 insertions(+), 23 deletions(-)

(limited to 'id/server/moa-id-commons')

diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
index 0a07fc4a7..95cd63643 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java
@@ -33,6 +33,7 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 import java.util.Vector;
 
@@ -115,7 +116,7 @@ public class DOMUtils {
   private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE =
 	  "http://xml.org/sax/features/external-parameter-entities";
   
-  private static final String DISALLOW_DOCTYPE_FEATURE =
+  public static final String DISALLOW_DOCTYPE_FEATURE =
 		  "http://apache.org/xml/features/disallow-doctype-decl";
   
   
@@ -205,7 +206,8 @@ public class DOMUtils {
     String externalSchemaLocations,
     String externalNoNamespaceSchemaLocation,
     EntityResolver entityResolver,
-    ErrorHandler errorHandler)
+    ErrorHandler errorHandler,
+    Map<String, Object> parserFeatures)
     throws  SAXException, IOException, ParserConfigurationException {
 
     DOMParser parser;
@@ -247,8 +249,25 @@ public class DOMUtils {
 	    parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
 	    parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
 	    
+	    //set external added parser features
+	    if (parserFeatures != null) {
+	    	for (Entry<String, Object> el : parserFeatures.entrySet()) {
+	    		String key = el.getKey();
+	    		if (MiscUtil.isNotEmpty(key)) {
+	    			Object value = el.getValue();
+	    			if (value != null && value instanceof Boolean)	    		
+	    				parser.setFeature(key, (boolean)value);
+	    			
+	    			else
+	    				Logger.warn("This XML parser only allows features with 'boolean' values");
+	    			
+	    		} else 
+	    			Logger.warn("Can not set 'null' feature to XML parser");
+	    	}
+	    }
+	    
 	    //fix XXE problem
-	    parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
+	    //parser.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
 	    
 	
 	    if (validating) {
@@ -346,6 +365,7 @@ public class DOMUtils {
    * @param externalNoNamespaceSchemaLocation The schema location of the
    * schema for elements without a namespace, the same way it is accepted by the
    * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+ * @param parserFeatures 
    * @return The parsed XML document as a DOM tree.
    * @throws SAXException An error occurred parsing the document.
    * @throws IOException An error occurred reading the document.
@@ -356,7 +376,7 @@ public class DOMUtils {
     InputStream inputStream,
     boolean validating,
     String externalSchemaLocations,
-    String externalNoNamespaceSchemaLocation)
+    String externalNoNamespaceSchemaLocation, Map<String, Object> parserFeatures)
     throws SAXException, IOException, ParserConfigurationException {
 
   
@@ -367,9 +387,50 @@ public class DOMUtils {
       externalSchemaLocations,
       externalNoNamespaceSchemaLocation,
       new MOAEntityResolver(),
-      new MOAErrorHandler());
+      new MOAErrorHandler(),
+      parserFeatures);
   }
 
+  /**
+   * Parse an XML document from a <code>String</code>.
+   * 
+   * It uses a <code>MOAEntityResolver</code> as the <code>EntityResolver</code>
+   * and a <code>MOAErrorHandler</code> as the <code>ErrorHandler</code>.
+   * 
+   * @param xmlString The <code>String</code> containing the XML document.
+   * @param encoding The encoding of the XML document.
+   * @param validating If <code>true</code>, parse validating.
+   * @param externalSchemaLocations A <code>String</code> containing namespace
+   * URI to schema location pairs, the same way it is accepted by the <code>xsi:
+   * schemaLocation</code> attribute. 
+   * @param externalNoNamespaceSchemaLocation The schema location of the
+   * schema for elements without a namespace, the same way it is accepted by the
+   * <code>xsi:noNamespaceSchemaLocation</code> attribute.
+   * @return The parsed XML document as a DOM tree.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Document parseDocument(
+    String xmlString,
+    String encoding,
+    boolean validating,
+    String externalSchemaLocations,
+    String externalNoNamespaceSchemaLocation,
+    Map<String, Object> parserFeatures)
+    throws SAXException, IOException, ParserConfigurationException {
+
+    InputStream in = new ByteArrayInputStream(xmlString.getBytes(encoding));
+    return parseDocument(
+      in,
+      validating,
+      externalSchemaLocations,
+      externalNoNamespaceSchemaLocation,
+      parserFeatures);
+  }
+  
+  
   /**
    * Parse an XML document from a <code>String</code>.
    * 
@@ -404,7 +465,8 @@ public class DOMUtils {
       in,
       validating,
       externalSchemaLocations,
-      externalNoNamespaceSchemaLocation);
+      externalNoNamespaceSchemaLocation,
+      null);
   }
 
   /**
@@ -453,7 +515,26 @@ public class DOMUtils {
   public static Element parseXmlValidating(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, null)
+      .getDocumentElement();
+  }
+  
+  /**
+   * A convenience method to parse an XML document validating.
+   * 
+   * @param inputStream The <code>InputStream</code> containing the XML
+   * document.
+   * @param parserFeatures Set additional features to XML parser
+   * @return The root element of the parsed XML document.
+   * @throws SAXException An error occurred parsing the document.
+   * @throws IOException An error occurred reading the document.
+   * @throws ParserConfigurationException An error occurred configuring the XML
+   * parser.
+   */
+  public static Element parseXmlValidating(InputStream inputStream, Map<String, Object> parserFeatures)
+    throws ParserConfigurationException, SAXException, IOException {
+    return DOMUtils
+      .parseDocument(inputStream, true, Constants.ALL_SCHEMA_LOCATIONS, null, parserFeatures)
       .getDocumentElement();
   }
   
@@ -471,7 +552,7 @@ public class DOMUtils {
   public static Element parseXmlNonValidating(InputStream inputStream)
     throws ParserConfigurationException, SAXException, IOException {
     return DOMUtils
-      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null)
+      .parseDocument(inputStream, false, Constants.ALL_SCHEMA_LOCATIONS, null, null)
       .getDocumentElement();
   }
 
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
index ba7a0edc4..c0a93bf03 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/AllTests.java
@@ -24,16 +24,10 @@
 
 package test.at.gv.egovernment.moa;
 
-import test.at.gv.egovernment.moa.util.DOMUtilsTest;
-import test.at.gv.egovernment.moa.util.DateTimeUtilsTest;
-import test.at.gv.egovernment.moa.util.KeyStoreUtilsTest;
-import test.at.gv.egovernment.moa.util.SSLUtilsTest;
-import test.at.gv.egovernment.moa.util.XPathUtilsTest;
-
 import junit.awtui.TestRunner;
 import junit.framework.Test;
 import junit.framework.TestSuite;
-
+ 
 /**
  * @author patrick
  * @version $Id$
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
index 5d1c5371a..66bf1faff 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/MOATestCase.java
@@ -26,18 +26,19 @@ package test.at.gv.egovernment.moa;
 
 import java.io.FileInputStream;
 import java.io.StringReader;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 
 import org.w3c.dom.Document;
-
 import org.xml.sax.InputSource;
 
-import junit.framework.TestCase;
-
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import junit.framework.TestCase;
 
 /**
  * Base class for MOA test cases.
@@ -51,6 +52,16 @@ public class MOATestCase extends TestCase {
 
   protected static final String TESTDATA_ROOT = "data/test/";
 
+  protected static final Map<String, Object> parserFeatures =
+		  Collections.unmodifiableMap(new HashMap<String, Object>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					put(DOMUtils.DISALLOW_DOCTYPE_FEATURE, true);
+					
+				}
+		  });
+  
+  
   /**
    * Constructor for MOATestCase.
    * @param arg0
@@ -67,7 +78,8 @@ public class MOATestCase extends TestCase {
       new FileInputStream(fileName),
       false,
       null,
-      null);
+      null,
+      parserFeatures);
   }
 
   /**
@@ -80,7 +92,8 @@ public class MOATestCase extends TestCase {
       new FileInputStream(fileName),
       true,
       Constants.ALL_SCHEMA_LOCATIONS,
-      null);
+      null,
+      parserFeatures);
   }
 
   /**
diff --git a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
index 1a2b6904d..7b1c0cb67 100644
--- a/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
+++ b/id/server/moa-id-commons/src/test/java/test/at/gv/egovernment/moa/util/DOMUtilsTest.java
@@ -23,6 +23,7 @@
 
 
 package test.at.gv.egovernment.moa.util;
+
 import java.io.FileInputStream;
 import java.util.Map;
 
@@ -30,10 +31,9 @@ import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.NodeList;
 
-import test.at.gv.egovernment.moa.*;
-
 import at.gv.egovernment.moa.util.Constants;
 import at.gv.egovernment.moa.util.DOMUtils;
+import test.at.gv.egovernment.moa.MOATestCase;
 
 /**
  * @author Patrick Peck
@@ -78,7 +78,8 @@ public class DOMUtilsTest extends MOATestCase {
       new FileInputStream(fileName),
       true,
       Constants.ALL_SCHEMA_LOCATIONS,
-      null);
+      null,
+      parserFeatures);
   }
 
   public void testParseCreateXMLSignature() throws Exception {
@@ -113,6 +114,7 @@ public class DOMUtilsTest extends MOATestCase {
       new FileInputStream(fileName),
       false,
       null,
+      null, 
       null);
   }
 
-- 
cgit v1.2.3