From c4f96a33afc8394265e8c3e2836b6eb0b1ad534a Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Tue, 23 Jan 2018 18:08:19 +0530 Subject: [PATCH 1/3] Fixing https://github.com/wso2/product-iots/issues/1624 --- .../mobile/android/impl/AndroidDeviceManager.java | 15 +++++++++++---- .../impl/util/MobileDeviceManagementUtil.java | 2 ++ .../enrollment/impl/EnrollmentServiceImpl.java | 2 ++ .../impl/CertificateEnrollmentServiceImpl.java | 3 +++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java index d3c42e923..60ff48725 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/AndroidDeviceManager.java @@ -47,6 +47,9 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; +import javax.xml.stream.XMLInputFactory; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamReader; import java.io.StringReader; import java.io.StringWriter; import java.nio.charset.Charset; @@ -128,17 +131,21 @@ public class AndroidDeviceManager implements DeviceManager { MobileDeviceTypes.MOBILE_DEVICE_TYPE_ANDROID); resource = MobileDeviceManagementUtil.getRegistryResource(androidRegPath); if (resource != null) { - JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class); - Unmarshaller unmarshaller = context.createUnmarshaller(); - return (PlatformConfiguration) unmarshaller.unmarshal( + XMLInputFactory factory = XMLInputFactory.newFactory(); + factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); + factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); + XMLStreamReader reader = factory.createXMLStreamReader( new StringReader(new String((byte[]) resource.getContent(), Charset. forName(AndroidPluginConstants.MobilePluginConstants.CHARSET_UTF8)))); + JAXBContext context = JAXBContext.newInstance(PlatformConfiguration.class); + Unmarshaller unmarshaller = context.createUnmarshaller(); + return (PlatformConfiguration) unmarshaller.unmarshal(reader); } return null; } catch (AndroidDeviceMgtPluginException e) { throw new DeviceManagementException( "Error occurred while retrieving the Registry instance : " + e.getMessage(), e); - } catch (JAXBException e) { + } catch (JAXBException | XMLStreamException e) { throw new DeviceManagementException( "Error occurred while parsing the Android configuration : " + e.getMessage(), e); } catch (RegistryException e) { diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java index 210c73502..92c39f7e8 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java @@ -66,6 +66,8 @@ public class MobileDeviceManagementUtil { public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java index 558cd601b..0e1005276 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java @@ -231,6 +231,8 @@ public class EnrollmentServiceImpl implements EnrollmentService { DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); DocumentBuilder builder; builder = domFactory.newDocumentBuilder(); diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java index f71aa52e2..9dd426326 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java @@ -239,6 +239,9 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); + domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + DocumentBuilder builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM); From 9b10c347ed2105de8c907de297ce11275b5e0111 Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Tue, 23 Jan 2018 18:39:36 +0530 Subject: [PATCH 2/3] Fixing https://github.com/wso2/product-iots/issues/1624 --- .../org.wso2.carbon.device.mgt.mobile.android/pom.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml index e2aca3de8..a0f10cf41 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/pom.xml @@ -60,6 +60,7 @@ org.osgi.service.component, org.apache.commons.logging, javax.xml, + javax.xml.stream, javax.xml.bind.*, javax.sql, javax.xml.parsers; version=0.0.0, From ad36ac48df06d6476f5e7ce52a2edeed2227ce7e Mon Sep 17 00:00:00 2001 From: Rasika Perera Date: Wed, 24 Jan 2018 07:31:36 +0530 Subject: [PATCH 3/3] Fixes for the https://github.com/wso2/product-iots/issues/1624 --- .../mobile/android/impl/util/MobileDeviceManagementUtil.java | 3 +-- .../api/services/enrollment/impl/EnrollmentServiceImpl.java | 3 +-- .../services/wstep/impl/CertificateEnrollmentServiceImpl.java | 3 +-- .../mobile/windows/impl/util/MobileDeviceManagementUtil.java | 1 + 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java index 92c39f7e8..8ac7d9529 100644 --- a/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java +++ b/components/mobile-plugins/android-plugin/org.wso2.carbon.device.mgt.mobile.android/src/main/java/org/wso2/carbon/device/mgt/mobile/android/impl/util/MobileDeviceManagementUtil.java @@ -66,10 +66,9 @@ public class MobileDeviceManagementUtil { public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - factory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java index 0e1005276..e13cb60cb 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/enrollment/impl/EnrollmentServiceImpl.java @@ -231,8 +231,7 @@ public class EnrollmentServiceImpl implements EnrollmentService { DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder; builder = domFactory.newDocumentBuilder(); diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java index 9dd426326..24b5dc7ae 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java @@ -239,8 +239,7 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); - domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); - domFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_SCHEMA, ""); + domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); diff --git a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java index 72bf59ef2..bb5a7578b 100644 --- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java +++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/impl/util/MobileDeviceManagementUtil.java @@ -68,6 +68,7 @@ public class MobileDeviceManagementUtil { factory.setNamespaceAware(true); try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); + factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) {