fix another possible XXE, SSRF problem.

INFO: DocTypes are disabled by default for all XML content that should be signed with mocca!!! Consequently, XML and XAdES signatures for XML documents that contains a DocType declaration is not possible any more.
If DocType declarations are absolutely necessary than this feature can be skipped by set the Java System-Property "-Degiz.mocca.xades.xml.allow.doctype=true"

3 files changed, 73 insertions, 2 deletions

diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
index c838b24b..c3c2f14c 100644
--- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
+++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java
@@ -73,6 +73,7 @@ import org.w3c.dom.ls.LSException;
 import org.w3c.dom.ls.LSInput;
 import org.w3c.dom.ls.LSOutput;
 import org.w3c.dom.ls.LSParser;
+import org.w3c.dom.ls.LSParserFilter;
 import org.w3c.dom.ls.LSResourceResolver;
 import org.w3c.dom.ls.LSSerializer;
 
@@ -104,6 +105,8 @@ import at.gv.egiz.xades.QualifyingPropertiesFactory;
 public class Signature {
   public static final String XMLDSIG_PREFIX = "dsig";
   
+  public static final String SYSTEM_PROPERTY_ALLOW_DOCTYPES = "egiz.mocca.xades.xml.allow.doctype";
+  
   /**
    * Logging facility.
    */
@@ -899,7 +902,12 @@ public class Signature {
     LSResourceResolverAdapter resourceResolver = new LSResourceResolverAdapter(supplements);
     domConfig.setParameter("resource-resolver", resourceResolver);
     domConfig.setParameter("validate", Boolean.TRUE);
-
+    
+    //Disallow DocTypes per default
+    String docTypeFlagString =  System.getProperty(SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
+    boolean docTypeFlag = Boolean.parseBoolean(docTypeFlagString.toLowerCase());
+    domConfig.setParameter("disallow-doctype", !docTypeFlag);
+    
     Document doc;
     try {
       doc = parser.parse(input);
diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java
index 23fdfc17..6e5612f6 100644
--- a/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java
+++ b/bkucommon/src/test/java/at/gv/egiz/bku/slcommands/impl/xsect/SignatureTest.java
@@ -317,13 +317,54 @@ public class SignatureTest {
   }
 
   @Test
+  public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_And_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException {
+
+    SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml");
+    
+    Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
+    
+    //allow DocTypes to perform this test
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));  
+    try {
+    	signature.setSignatureInfo(signatureInfo);    	
+    	assertTrue("Check_ALLOW_DOCTYPES_System_Property", false);
+    	
+    } catch (SLCommandException e) {
+    	assertTrue("Check_ALLOW_DOCTYPES_System_Property", true);
+    	
+	}        
+  }
+  
+  @Test
+  public void testSetSignature_Base64_WITH_DISALLOWED_DOCTYPE_WithOut_SystemParameter() throws JAXBException, SLCommandException, XMLStreamException {
+
+    SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml");
+    
+    Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
+    
+    //allow DocTypes to perform this test
+    System.clearProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES);
+    try {
+    	signature.setSignatureInfo(signatureInfo);    	
+    	assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", false);
+    	
+    } catch (SLCommandException e) {
+    	assertTrue("Check_ALLOW_DOCTYPES_WithOut_System_Property", true);
+    	
+	}        
+  }
+  
+  @Test
   public void testSetSignature_Base64_2() throws JAXBException, SLCommandException, XMLStreamException {
 
     SignatureInfoCreationType signatureInfo = unmarshalSignatureInfo("SignatureInfo_Base64_2.xml");
     
     Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
     
+    //allow DocTypes to perform this test
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));  
     signature.setSignatureInfo(signatureInfo);
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
     
     Node parent = signature.getParent();
     Node nextSibling = signature.getNextSibling();
@@ -343,7 +384,10 @@ public class SignatureTest {
     
     Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true);
     
+    //allow DocTypes to perform this test
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));  
     signature.setSignatureInfo(signatureInfo);
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
     
     Node parent = signature.getParent();
     Node nextSibling = signature.getNextSibling();
@@ -363,7 +407,10 @@ public class SignatureTest {
     
     Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, false);
     
+    //allow DocTypes to perform this test
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));  
     signature.setSignatureInfo(signatureInfo);
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
     
     Node parent = signature.getParent();
     Node nextSibling = signature.getNextSibling();
@@ -383,7 +430,10 @@ public class SignatureTest {
     
     Signature signature = new Signature(urlDereferencer, new IdValueFactoryImpl(), null, true);
     
-    signature.setSignatureInfo(signatureInfo);
+    //allow DocTypes to perform this test
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.TRUE));    
+    signature.setSignatureInfo(signatureInfo);    
+    System.setProperty(Signature.SYSTEM_PROPERTY_ALLOW_DOCTYPES, String.valueOf(Boolean.FALSE));
     
     Node parent = signature.getParent();
     Node nextSibling = signature.getNextSibling();
diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_4.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_4.xml
new file mode 100644
index 00000000..d7950f1e
--- /dev/null
+++ b/bkucommon/src/test/resources/at/gv/egiz/bku/slcommands/impl/SignatureInfo_Base64_4.xml
@@ -0,0 +1,13 @@
+<sl:CreateXMLSignatureRequest xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+  <sl:SignatureInfo>
+    <sl:SignatureEnvironment>
+      <sl:Base64Content>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhRE9DVFlQRSByIFsNCiAgICA8IUVMRU1FTlQgciBBTlkgPg0KICAgIDwhRU5USVRZICUgc3AgU1lTVEVNICJodHRwOi8vdXBkYXRlLmVnaXouZ3YuYXQvdGVzdC5kdGQiPg0KICAgICVzcDsNCiAgICAlcGFyYW0xOw0KICAgICVleGZpbDsNCl0+DQo8WE1MRG9jdW1lbnQ+DQogICAgPFBhcmFncmFwaD5JY2ggYmluIGRlciBlcnN0ZSBBYnNhdHogaW4gZGllc2VtIERva3VtZW50LjwvUGFyYWdyYXBoPg0KICAgIDxQYXJhZ3JhcGggUGFyYUlkPSJQYXJhMiI+VW5kIGljaCBiaW4gZGVyIHp3ZWl0ZSBBYnNhdHogaW4gZGllc2VtIERva3VtZW50Lg0KICAgIEljaCBoYWJlIHdlaXRlcnMgZWluIGVpZ2VuZW5zIElELUF0dHJpYnV0IGJla29tbWVuLjwvUGFyYWdyYXBoPg0KPC9YTUxEb2N1bWVudD4=</sl:Base64Content>
+    </sl:SignatureEnvironment>
+    <sl:SignatureLocation xmlns:doc="urn:document" Index="1">/XMLDocument</sl:SignatureLocation>
+    <sl:Supplement>
+      <sl:Content Reference="urn:Document.dtd">
+        <sl:LocRefContent>testlocal:Document.dtd</sl:LocRefContent>
+      </sl:Content>
+    </sl:Supplement>
+  </sl:SignatureInfo>
+</sl:CreateXMLSignatureRequest>
\ No newline at end of file