List of usage examples for javax.xml.parsers DocumentBuilderFactory setFeature
public abstract void setFeature(String name, boolean value) throws ParserConfigurationException;
From source file:org.wso2.carbon.datasource.utils.DataSourceUtils.java
/** * Replaces system variables in the input xml configuration. * * @param xmlConfiguration InputStream that carries xml configuration * @return returns a InputStream that has evaluated system variables in input * @throws DataSourceException/*from w ww.j a v a2 s .c o m*/ */ public static InputStream replaceSystemVariablesInXml(InputStream xmlConfiguration) throws DataSourceException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder; Document doc; try { documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); // SecurityManager securityManager = new SecurityManager(); // securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); // documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver((publicId, systemId) -> { throw new SAXException("Possible XML External Entity (XXE) attack. Skip resolving entity"); }); doc = documentBuilder.parse(xmlConfiguration); } catch (ParserConfigurationException | IOException | SAXException e) { throw new DataSourceException("Error in building Document", e); } NodeList nodeList = null; if (doc != null) { nodeList = doc.getElementsByTagName("*"); } if (nodeList != null) { for (int i = 0; i < nodeList.getLength(); i++) { resolveLeafNodeValue(nodeList.item(i)); } } return toInputStream(doc); }
From source file:org.wso2.carbon.device.mgt.analytics.data.publisher.DataPublisherUtil.java
public static Document convertToDocument(File file) throws DataPublisherConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*ww w . j a va 2 s. c o m*/ try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DataPublisherConfigurationException( "Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document", e); } }
From source file:org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil.java
public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);//from w w w . ja v a 2 s .c o m try { factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException( "Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document", e); } }
From source file:org.wso2.carbon.device.mgt.extensions.device.type.template.util.DeviceTypeUtils.java
public static Document convertToDocument(File file) throws DeviceTypeMgtPluginException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from ww w. ja v a 2 s . c om*/ try { factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceTypeMgtPluginException( "Error occurred while parsing file '" + file.getName() + "' to" + " a org.w3c.dom.Document", e); } }
From source file:org.wso2.carbon.device.mgt.mobile.android.impl.util.MobileDeviceManagementUtil.java
public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/* ww w .j a va 2s. c o m*/ try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException("Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document : " + e.getMessage(), e); } }
From source file:org.wso2.carbon.device.mgt.mobile.util.MobileDeviceManagementUtil.java
public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/* w ww. j ava 2s .c o m*/ try { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = dbf.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException("Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document : " + e.getMessage(), e); } }
From source file:org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.impl.EnrollmentServiceImpl.java
/** * This method prepares the wap-provisioning file by including relevant certificates etc. * * @param binarySecurityToken - CSR from device * @param wapProvisioningFilePath - File path of wap-provisioning file * @return - base64 encoded final wap-provisioning file as a String * @throws CertificateGenerationException * @throws org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.WAPProvisioningException *//* ww w .j a va 2s. com*/ private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath, String headerBst) throws CertificateGenerationException, WAPProvisioningException, WindowsDeviceEnrolmentException { String rootCertEncodedString; String signedCertEncodedString; X509Certificate signedCertificate; String provisioningXmlString; CertificateManagementServiceImpl certMgtServiceImpl = CertificateManagementServiceImpl.getInstance(); Base64 base64Encoder = new Base64(); try { X509Certificate rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate(); rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded()); signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken); signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded()); DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder; builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM); Node caCertificatePosition = wapParm.item(PluginConstants.CertificateEnrolment.CA_CERTIFICATE_POSITION); //Adding SHA1 CA certificate finger print to wap-provisioning xml. caCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase()); //Adding encoded CA certificate to wap-provisioning file after removing new line // characters. NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes(); Node rootCertNode = rootCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); rootCertEncodedString = rootCertEncodedString.replaceAll("\n", ""); rootCertNode.setTextContent(rootCertEncodedString); if (log.isDebugEnabled()) { log.debug("Root certificate: " + rootCertEncodedString); } Node signedCertificatePosition = wapParm .item(PluginConstants.CertificateEnrolment.SIGNED_CERTIFICATE_POSITION); //Adding SHA1 signed certificate finger print to wap-provisioning xml. signedCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase()); //Adding encoded signed certificate to wap-provisioning file after removing new line // characters. NamedNodeMap clientCertAttributes = signedCertificatePosition.getAttributes(); Node clientEncodedNode = clientCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); signedCertEncodedString = signedCertEncodedString.replaceAll("\n", ""); clientEncodedNode.setTextContent(signedCertEncodedString); if (log.isDebugEnabled()) { log.debug("Signed certificate: " + signedCertEncodedString); } //Adding domainName to wap-provisioning xml. Node domainPosition = wapParm.item(PluginConstants.CertificateEnrolment.DOMAIN_POSITION); NamedNodeMap domainAttribute = domainPosition.getAttributes(); Node domainNode = domainAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); domainNode.setTextContent(domain); //Adding Next provisioning service URL to wap-provisioning xml. Node syncmlServicePosition = wapParm .item(PluginConstants.CertificateEnrolment.SYNCML_PROVISIONING_ADDR_POSITION); NamedNodeMap syncmlServiceAttribute = syncmlServicePosition.getAttributes(); Node syncmlServiceNode = syncmlServiceAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); syncmlServiceNode.setTextContent(provisioningURL); // Adding user name auth token to wap-provisioning xml. Node userNameAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_USERNAME_POSITION); NamedNodeMap appServerAttribute = userNameAuthPosition.getAttributes(); Node authNameNode = appServerAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); String userName = getRequestedUser(headerBst); //CacheEntry cacheEntry = (CacheEntry) DeviceUtil.getCacheEntry(headerBst); // String userName = cacheEntry.getUsername(); authNameNode.setTextContent(userName); DeviceUtil.removeTokenEntry(headerBst); String password = DeviceUtil.generateRandomToken(); Node passwordAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_PASSWORD_POSITION); NamedNodeMap appSrvPasswordAttribute = passwordAuthPosition.getAttributes(); Node authPasswordNode = appSrvPasswordAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); authPasswordNode.setTextContent(password); String requestSecurityTokenResponse = SyncmlCredentialUtil.generateRST(userName, password); DeviceUtil.persistChallengeToken(requestSecurityTokenResponse, null, userName); // Get device polling frequency from the tenant Configurations. Node numberOfFirstRetries = wapParm .item(PluginConstants.CertificateEnrolment.POLLING_FREQUENCY_POSITION); NamedNodeMap pollingAttributes = numberOfFirstRetries.getAttributes(); Node pollValue = pollingAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); pollValue.setTextContent(pollingFrequency); provisioningXmlString = convertDocumentToString(document); } catch (ParserConfigurationException e) { throw new WAPProvisioningException("Problem occurred while creating configuration request", e); } catch (CertificateEncodingException e) { throw new WindowsDeviceEnrolmentException("Error occurred while encoding certificates.", e); } catch (SAXException e) { throw new WAPProvisioningException("Error occurred while parsing wap-provisioning.xml file.", e); } catch (TransformerException e) { throw new WAPProvisioningException("Error occurred while transforming wap-provisioning.xml file.", e); } catch (IOException e) { throw new WAPProvisioningException("Error occurred while getting wap-provisioning.xml file.", e); } catch (SyncmlMessageFormatException e) { throw new WindowsDeviceEnrolmentException("Error occurred while generating password hash value.", e); } catch (KeystoreException e) { throw new CertificateGenerationException("CA certificate cannot be generated.", e); } return base64Encoder.encodeAsString(provisioningXmlString.getBytes()); }
From source file:org.wso2.carbon.device.mgt.mobile.windows.api.services.wstep.impl.CertificateEnrollmentServiceImpl.java
/** * This method prepares the wap-provisioning file by including relevant certificates etc. * * @param binarySecurityToken - CSR from device * @param wapProvisioningFilePath - File path of wap-provisioning file * @return - base64 encoded final wap-provisioning file as a String * @throws CertificateGenerationException * @throws org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.WAPProvisioningException *///from w w w . j av a 2 s . co m private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath, String headerBst) throws CertificateGenerationException, WAPProvisioningException, WindowsDeviceEnrolmentException { String rootCertEncodedString; String signedCertEncodedString; X509Certificate signedCertificate; String provisioningXmlString; CertificateManagementServiceImpl certMgtServiceImpl = CertificateManagementServiceImpl.getInstance(); Base64 base64Encoder = new Base64(); try { rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate(); rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded()); signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken); signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded()); DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM); Node caCertificatePosition = wapParm.item(PluginConstants.CertificateEnrolment.CA_CERTIFICATE_POSITION); //Adding SHA1 CA certificate finger print to wap-provisioning xml. caCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase()); //Adding encoded CA certificate to wap-provisioning file after removing new line // characters. NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes(); Node rootCertNode = rootCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); rootCertEncodedString = rootCertEncodedString.replaceAll("\n", ""); rootCertNode.setTextContent(rootCertEncodedString); if (log.isDebugEnabled()) { log.debug("Root certificate: " + rootCertEncodedString); } Node signedCertificatePosition = wapParm .item(PluginConstants.CertificateEnrolment.SIGNED_CERTIFICATE_POSITION); //Adding SHA1 signed certificate finger print to wap-provisioning xml. signedCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase()); //Adding encoded signed certificate to wap-provisioning file after removing new line // characters. NamedNodeMap clientCertAttributes = signedCertificatePosition.getAttributes(); Node clientEncodedNode = clientCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); signedCertEncodedString = signedCertEncodedString.replaceAll("\n", ""); clientEncodedNode.setTextContent(signedCertEncodedString); if (log.isDebugEnabled()) { log.debug("Signed certificate: " + signedCertEncodedString); } //Adding domainName to wap-provisioning xml. Node domainPosition = wapParm.item(PluginConstants.CertificateEnrolment.DOMAIN_POSITION); NamedNodeMap domainAttribute = domainPosition.getAttributes(); Node domainNode = domainAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); domainNode.setTextContent(domain); //Adding Next provisioning service URL to wap-provisioning xml. Node syncmlServicePosition = wapParm .item(PluginConstants.CertificateEnrolment.SYNCML_PROVISIONING_ADDR_POSITION); NamedNodeMap syncmlServiceAttribute = syncmlServicePosition.getAttributes(); Node syncmlServiceNode = syncmlServiceAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); syncmlServiceNode.setTextContent(provisioningURL); // Adding user name auth token to wap-provisioning xml. Node userNameAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_USERNAME_POSITION); NamedNodeMap appServerAttribute = userNameAuthPosition.getAttributes(); Node authNameNode = appServerAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); MobileCacheEntry cacheEntry = DeviceUtil.getTokenEntry(headerBst); String userName = cacheEntry.getUsername(); authNameNode.setTextContent(cacheEntry.getUsername()); DeviceUtil.removeTokenEntry(headerBst); String password = DeviceUtil.generateRandomToken(); Node passwordAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_PASSWORD_POSITION); NamedNodeMap appSrvPasswordAttribute = passwordAuthPosition.getAttributes(); Node authPasswordNode = appSrvPasswordAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); authPasswordNode.setTextContent(password); String requestSecurityTokenResponse = SyncmlCredentialUtil.generateRST(userName, password); DeviceUtil.persistChallengeToken(requestSecurityTokenResponse, null, userName); // Get device polling frequency from the tenant Configurations. Node numberOfFirstRetries = wapParm .item(PluginConstants.CertificateEnrolment.POLLING_FREQUENCY_POSITION); NamedNodeMap pollingAttributes = numberOfFirstRetries.getAttributes(); Node pollValue = pollingAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); pollValue.setTextContent(pollingFrequency); provisioningXmlString = convertDocumentToString(document); } catch (ParserConfigurationException e) { throw new WAPProvisioningException("Problem occurred while creating configuration request", e); } catch (CertificateEncodingException e) { throw new WindowsDeviceEnrolmentException("Error occurred while encoding certificates.", e); } catch (SAXException e) { throw new WAPProvisioningException("Error occurred while parsing wap-provisioning.xml file.", e); } catch (TransformerException e) { throw new WAPProvisioningException("Error occurred while transforming wap-provisioning.xml file.", e); } catch (IOException e) { throw new WAPProvisioningException("Error occurred while getting wap-provisioning.xml file.", e); } catch (SyncmlMessageFormatException e) { throw new WindowsDeviceEnrolmentException("Error occurred while generating password hash value.", e); } catch (KeystoreException e) { throw new CertificateGenerationException("CA certificate cannot be generated.", e); } return base64Encoder.encodeAsString(provisioningXmlString.getBytes()); }
From source file:org.wso2.carbon.event.output.adapter.core.internal.util.EventAdapterConfigHelper.java
private static DocumentBuilderFactory getSecuredDocumentBuilder() { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true);/*from w w w. ja v a 2 s .co m*/ dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); try { dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false); dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false); } catch (ParserConfigurationException e) { log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE); } SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); return dbf; }
From source file:org.wso2.carbon.event.processor.core.internal.util.EventProcessorUtil.java
private static DocumentBuilderFactory getSecuredDocumentBuilder() { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true);//from w ww . ja v a 2s .c om dbf.setXIncludeAware(false); dbf.setExpandEntityReferences(false); try { dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false); dbf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); dbf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false); } catch (ParserConfigurationException e) { log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE); } org.apache.xerces.util.SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); dbf.setAttribute(Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY, securityManager); return dbf; }