Merge pull request #406 from Malintha/master

Adding secured documentBuilder factory
8 years ago · 218e7aa58f
parent f5c3a55aa8 13cb358153
commit 218e7aa58f
4 changed files with 15 additions and 9 deletions
--- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/src/main/java/org/wso2/carbon/device/mgt/iot/output/adapter/ui/util/WebsocketUtils.java
+++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot.output.adapter.ui/src/main/java/org/wso2/carbon/device/mgt/iot/output/adapter/ui/util/WebsocketUtils.java
@ -21,6 +21,7 @@ package org.wso2.carbon.device.mgt.iot.output.adapter.ui.util;
 import org.w3c.dom.Document;
 import org.wso2.carbon.device.mgt.iot.output.adapter.ui.config.WebsocketValidationConfigurationFailedException;
 import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
@ -34,7 +35,9 @@ public class WebsocketUtils {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setNamespaceAware(true);
        try {
-            DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
            DocumentBuilder docBuilder = dbf.newDocumentBuilder();
            return docBuilder.parse(file);
        } catch (Exception e) {
            throw new WebsocketValidationConfigurationFailedException("Error occurred while parsing file, while converting " +
--- a/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java
+++ b/components/iot-plugins/iot-base-plugin/org.wso2.carbon.device.mgt.iot/src/main/java/org/wso2/carbon/device/mgt/iot/devicetype/util/DeviceTypeConfigUtil.java
@ -22,6 +22,7 @@ import org.w3c.dom.Document;
 import org.wso2.carbon.device.mgt.iot.devicetype.config.DeviceManagementConfiguration;
 import org.wso2.carbon.device.mgt.iot.devicetype.config.exception.DeviceTypeConfigurationException;
 import javax.xml.XMLConstants;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
@ -38,7 +39,9 @@ public class DeviceTypeConfigUtil {
        DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
        factory.setNamespaceAware(true);
        try {
-            DocumentBuilder docBuilder = factory.newDocumentBuilder();
+            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
            DocumentBuilder docBuilder = dbf.newDocumentBuilder();
            return docBuilder.parse(file);
        } catch (Exception e) {
            throw new DeviceTypeConfigurationException("Error occurred while parsing file, while converting " +
@ -46,7 +49,4 @@ public class DeviceTypeConfigUtil {
        }
    }
 }
--- a/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/src/main/java/org/wso2/carbon/device/mgt/mobile/util/MobileDeviceManagementUtil.java
+++ b/components/mobile-plugins/mobile-base-plugin/org.wso2.carbon.device.mgt.mobile/src/main/java/org/wso2/carbon/device/mgt/mobile/util/MobileDeviceManagementUtil.java
@ -35,6 +35,7 @@ import org.wso2.carbon.registry.api.RegistryException;
 import org.wso2.carbon.registry.api.Resource;
 import org.wso2.carbon.registry.core.Registry;
 import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import java.io.File;
@ -63,7 +64,9 @@ public class MobileDeviceManagementUtil {
 		DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
 		factory.setNamespaceAware(true);
 		try {
-			DocumentBuilder docBuilder = factory.newDocumentBuilder();
+			DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
 			dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
 			DocumentBuilder docBuilder = dbf.newDocumentBuilder();
 			return docBuilder.parse(file);
 		} catch (Exception e) {
 			throw new DeviceManagementException(
--- a/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java
+++ b/components/mobile-plugins/windows-plugin/org.wso2.carbon.device.mgt.mobile.windows.api/src/main/java/org/wso2/carbon/device/mgt/mobile/windows/api/services/wstep/impl/CertificateEnrollmentServiceImpl.java
@ -51,6 +51,7 @@ import org.xml.sax.SAXException;
 import javax.annotation.Resource;
 import javax.jws.WebService;
 import javax.servlet.ServletContext;
 import javax.xml.XMLConstants;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@ -233,9 +234,8 @@ public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentSe
            signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded());
            DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance();
-            DocumentBuilder builder;
+            domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-
+            DocumentBuilder builder = domFactory.newDocumentBuilder();
            builder = domFactory.newDocumentBuilder();
            Document document = builder.parse(wapProvisioningFilePath);
            NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM);
            Node caCertificatePosition = wapParm.item(PluginConstants.CertificateEnrolment.CA_CERTIFICATE_POSITION);