Rasika Perera 7 years ago
parent d8caf3baea
commit f3860e42f7

@ -123,6 +123,8 @@ public class Utils {
private static Document convertToDocument(File file) throws APIMCertificateMGTException { private static Document convertToDocument(File file) throws APIMCertificateMGTException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
try { try {
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

@ -78,6 +78,8 @@ public class APIMConfigReader {
private static Document convertToDocument(File file) throws APIMClientException { private static Document convertToDocument(File file) throws APIMClientException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
try { try {
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();

@ -34,6 +34,8 @@ public class WebappPublisherUtil {
public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException { public static Document convertToDocument(File file) throws WebappPublisherConfigurationFailedException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
try { try {
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();

@ -38,7 +38,7 @@ public final class CertificateManagementConstants {
public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n"; public static final String RSA_PRIVATE_KEY_BEGIN_TEXT = "-----BEGIN RSA PRIVATE KEY-----\n";
public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----"; public static final String RSA_PRIVATE_KEY_END_TEXT = "-----END RSA PRIVATE KEY-----";
public static final String EMPTY_TEXT = ""; public static final String EMPTY_TEXT = "";
public static final int RSA_KEY_LENGTH = 1024; public static final int RSA_KEY_LENGTH = 2048;
public static final class DataBaseTypes { public static final class DataBaseTypes {
private DataBaseTypes() { private DataBaseTypes() {

@ -45,6 +45,8 @@ public class CertificateManagerUtil {
public static Document convertToDocument(File file) throws CertificateManagementException { public static Document convertToDocument(File file) throws CertificateManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
try { try {
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();

@ -35,6 +35,8 @@ public class DeviceTypeConfigUtil {
public static Document convertToDocument(File file) throws DeviceTypeConfigurationException { public static Document convertToDocument(File file) throws DeviceTypeConfigurationException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
try { try {
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();

@ -31,6 +31,9 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException; import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller; import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller; import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import java.io.StringReader; import java.io.StringReader;
import java.io.StringWriter; import java.io.StringWriter;
import java.nio.charset.Charset; import java.nio.charset.Charset;
@ -80,14 +83,19 @@ public class PlatformConfigurationManagementServiceImpl
try { try {
resource = ConfigurationManagerUtil.getRegistryResource(resourcePath); resource = ConfigurationManagerUtil.getRegistryResource(resourcePath);
if(resource != null){ if(resource != null){
JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class); XMLInputFactory factory = XMLInputFactory.newFactory();
Unmarshaller unmarshaller = context.createUnmarshaller(); factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
return (PlatformConfiguration) unmarshaller.unmarshal( factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader reader = factory.createXMLStreamReader(
new StringReader(new String((byte[]) resource.getContent(), Charset new StringReader(new String((byte[]) resource.getContent(), Charset
.forName(ConfigurationManagerConstants.CharSets.CHARSET_UTF8)))); .forName(ConfigurationManagerConstants.CharSets.CHARSET_UTF8))));
JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class);
Unmarshaller unmarshaller = context.createUnmarshaller();
return (PlatformConfiguration) unmarshaller.unmarshal(reader);
} }
return new PlatformConfiguration(); return new PlatformConfiguration();
} catch (JAXBException e) { } catch (JAXBException | XMLStreamException e) {
throw new ConfigurationManagementException( throw new ConfigurationManagementException(
"Error occurred while parsing the Tenant configuration : " + e.getMessage(), e); "Error occurred while parsing the Tenant configuration : " + e.getMessage(), e);
} catch (RegistryException e) { } catch (RegistryException e) {

@ -82,6 +82,8 @@ public final class DeviceManagerUtil {
public static Document convertToDocument(File file) throws DeviceManagementException { public static Document convertToDocument(File file) throws DeviceManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
try { try {
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();

@ -50,6 +50,9 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException; import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller; import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller; import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import java.io.File; import java.io.File;
import java.io.StringReader; import java.io.StringReader;
import java.io.StringWriter; import java.io.StringWriter;
@ -235,11 +238,16 @@ public class DeviceTypeManager implements DeviceManager {
try { try {
resource = DeviceTypeUtils.getRegistryResource(deviceType); resource = DeviceTypeUtils.getRegistryResource(deviceType);
if (resource != null) { if (resource != null) {
XMLInputFactory factory = XMLInputFactory.newFactory();
factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
factory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
XMLStreamReader reader = factory.createXMLStreamReader(
new StringReader(new String((byte[]) resource.getContent(), Charset
.forName(DeviceTypePluginConstants.CHARSET_UTF8))));
JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class); JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class);
Unmarshaller unmarshaller = context.createUnmarshaller(); Unmarshaller unmarshaller = context.createUnmarshaller();
return (PlatformConfiguration) unmarshaller.unmarshal( return (PlatformConfiguration) unmarshaller.unmarshal(reader);
new StringReader(new String((byte[]) resource.getContent(), Charset.
forName(DeviceTypePluginConstants.CHARSET_UTF8))));
} else if (defaultPlatformConfiguration != null) { } else if (defaultPlatformConfiguration != null) {
return defaultPlatformConfiguration; return defaultPlatformConfiguration;
} }
@ -247,7 +255,7 @@ public class DeviceTypeManager implements DeviceManager {
} catch (DeviceTypeMgtPluginException e) { } catch (DeviceTypeMgtPluginException e) {
throw new DeviceManagementException( throw new DeviceManagementException(
"Error occurred while retrieving the Registry instance : " + e.getMessage(), e); "Error occurred while retrieving the Registry instance : " + e.getMessage(), e);
} catch (JAXBException e) { } catch (JAXBException | XMLStreamException e) {
throw new DeviceManagementException( throw new DeviceManagementException(
"Error occurred while parsing the " + deviceType + " configuration : " + e.getMessage(), e); "Error occurred while parsing the " + deviceType + " configuration : " + e.getMessage(), e);
} catch (RegistryException e) { } catch (RegistryException e) {

@ -140,6 +140,8 @@ public class DeviceTypeUtils {
public static Document convertToDocument(File file) throws DeviceTypeMgtPluginException { public static Document convertToDocument(File file) throws DeviceTypeMgtPluginException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
try { try {
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();

@ -61,6 +61,8 @@ public class PolicyManagerUtil {
public static Document convertToDocument(File file) throws PolicyManagementException { public static Document convertToDocument(File file) throws PolicyManagementException {
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setNamespaceAware(true); factory.setNamespaceAware(true);
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
try { try {
DocumentBuilder docBuilder = factory.newDocumentBuilder(); DocumentBuilder docBuilder = factory.newDocumentBuilder();
factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);

Loading…
Cancel
Save