diff --git a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/pom.xml b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/pom.xml index c622ed3db3..fe92a5e6ba 100644 --- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/pom.xml +++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/pom.xml @@ -140,9 +140,7 @@ org.wso2.carbon.event.stream.core, org.wso2.carbon.event.stream.core.exception, org.wso2.carbon.utils, - javax.xml.bind, - javax.xml.bind.annotation, - javax.xml.parsers; version=0.0.0, + javax.xml.*, org.w3c.dom, org.wso2.carbon.identity.oauth2.stub, org.wso2.carbon.identity.oauth2.stub.dto, diff --git a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/src/main/java/org/wso2/carbon/device/mgt/iot/output/adapter/ui/util/WebsocketUtils.java b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/src/main/java/org/wso2/carbon/device/mgt/iot/output/adapter/ui/util/WebsocketUtils.java index c049e45408..4d85e697f0 100644 --- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/src/main/java/org/wso2/carbon/device/mgt/iot/output/adapter/ui/util/WebsocketUtils.java +++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/src/main/java/org/wso2/carbon/device/mgt/iot/output/adapter/ui/util/WebsocketUtils.java @@ -21,6 +21,7 @@ package org.wso2.carbon.device.mgt.iot.output.adapter.ui.util; import org.w3c.dom.Document; import org.wso2.carbon.device.mgt.iot.output.adapter.ui.config.WebsocketValidationConfigurationFailedException; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; @@ -34,7 +35,9 @@ public class WebsocketUtils { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { - DocumentBuilder docBuilder = factory.newDocumentBuilder(); + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + DocumentBuilder docBuilder = dbf.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new WebsocketValidationConfigurationFailedException("Error occurred while parsing file, while converting " + diff --git a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/pom.xml b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/pom.xml index cc76206419..96d952981a 100644 --- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/pom.xml +++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/pom.xml @@ -70,9 +70,7 @@ org.wso2.carbon.core, org.wso2.carbon.device.mgt.common, org.wso2.carbon.utils, - javax.xml.bind, - javax.xml.bind.annotation, - javax.xml.parsers; version="${javax.xml.parsers.import.pkg.version}", + javax.xml.*, org.w3c.dom diff --git a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java index a32a88bdfb..82afe7dd59 100644 --- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java +++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java @@ -22,6 +22,7 @@ import org.w3c.dom.Document; import org.wso2.carbon.device.mgt.iot.devicetype.config.DeviceManagementConfiguration; import org.wso2.carbon.device.mgt.iot.devicetype.config.exception.DeviceTypeConfigurationException; +import javax.xml.XMLConstants; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; @@ -38,7 +39,9 @@ public class DeviceTypeConfigUtil { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { - DocumentBuilder docBuilder = factory.newDocumentBuilder(); + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + DocumentBuilder docBuilder = dbf.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceTypeConfigurationException("Error occurred while parsing file, while converting " + @@ -46,7 +49,4 @@ public class DeviceTypeConfigUtil { } } - - - } diff --git a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/pom.xml b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/pom.xml index 715beb9dfa..2e30e81c4e 100644 --- a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/pom.xml +++ b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/pom.xml @@ -55,10 +55,9 @@ org.osgi.framework, org.osgi.service.component, org.apache.commons.logging, - javax.xml.bind.*, + javax.xml.*, javax.naming, javax.sql, - javax.xml.parsers; version=0.0.0, org.w3c.dom, org.wso2.carbon.context, org.wso2.carbon.utils.*, diff --git a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/src/main/java/org/wso2/carbon/device/mgt/mobile/util/MobileDeviceManagementUtil.java b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/src/main/java/org/wso2/carbon/device/mgt/mobile/util/MobileDeviceManagementUtil.java index e97c0cb0da..e9fb47ccd0 100644 --- a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/src/main/java/org/wso2/carbon/device/mgt/mobile/util/MobileDeviceManagementUtil.java +++ b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/src/main/java/org/wso2/carbon/device/mgt/mobile/util/MobileDeviceManagementUtil.java @@ -35,6 +35,7 @@ import org.wso2.carbon.registry.api.RegistryException; import org.wso2.carbon.registry.api.Resource; import org.wso2.carbon.registry.core.Registry; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import java.io.File; @@ -63,7 +64,9 @@ public class MobileDeviceManagementUtil { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); try { - DocumentBuilder docBuilder = factory.newDocumentBuilder(); + DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + DocumentBuilder docBuilder = dbf.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException( diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java index a0520028bd..8e587bfc0f 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java @@ -51,6 +51,7 @@ import org.xml.sax.SAXException; import javax.annotation.Resource; import javax.jws.WebService; import javax.servlet.ServletContext; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -233,9 +234,8 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded()); DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); - DocumentBuilder builder; - - builder = domFactory.newDocumentBuilder(); + domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + DocumentBuilder builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM); Node caCertificatePosition = wapParm.item(PluginConstants.CertificateEnrolment.CA_CERTIFICATE_POSITION);