List of usage examples for javax.xml XMLConstants FEATURE_SECURE_PROCESSING
String FEATURE_SECURE_PROCESSING
To view the source code for javax.xml XMLConstants FEATURE_SECURE_PROCESSING.
Click Source Link
From source file:org.wso2.carbon.datasource.utils.DataSourceUtils.java
/** * Replaces system variables in the input xml configuration. * * @param xmlConfiguration InputStream that carries xml configuration * @return returns a InputStream that has evaluated system variables in input * @throws DataSourceException//from ww w.jav a2 s . c o m */ public static InputStream replaceSystemVariablesInXml(InputStream xmlConfiguration) throws DataSourceException { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder; Document doc; try { documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); // SecurityManager securityManager = new SecurityManager(); // securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); // documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); documentBuilder = documentBuilderFactory.newDocumentBuilder(); documentBuilder.setEntityResolver((publicId, systemId) -> { throw new SAXException("Possible XML External Entity (XXE) attack. Skip resolving entity"); }); doc = documentBuilder.parse(xmlConfiguration); } catch (ParserConfigurationException | IOException | SAXException e) { throw new DataSourceException("Error in building Document", e); } NodeList nodeList = null; if (doc != null) { nodeList = doc.getElementsByTagName("*"); } if (nodeList != null) { for (int i = 0; i < nodeList.getLength(); i++) { resolveLeafNodeValue(nodeList.item(i)); } } return toInputStream(doc); }
From source file:org.wso2.carbon.device.mgt.analytics.data.publisher.DataPublisherUtil.java
public static Document convertToDocument(File file) throws DataPublisherConfigurationException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from w ww . ja v a 2s . com*/ try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DataPublisherConfigurationException( "Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document", e); } }
From source file:org.wso2.carbon.device.mgt.core.util.DeviceManagerUtil.java
public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);//from ww w . j a va2 s .c om try { factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException( "Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document", e); } }
From source file:org.wso2.carbon.device.mgt.extensions.device.type.template.util.DeviceTypeUtils.java
public static Document convertToDocument(File file) throws DeviceTypeMgtPluginException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from w w w . jav a2 s. c o m*/ try { factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceTypeMgtPluginException( "Error occurred while parsing file '" + file.getName() + "' to" + " a org.w3c.dom.Document", e); } }
From source file:org.wso2.carbon.device.mgt.mobile.android.impl.util.MobileDeviceManagementUtil.java
public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from w w w . j a v a 2 s. c o m*/ try { factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder docBuilder = factory.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException("Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document : " + e.getMessage(), e); } }
From source file:org.wso2.carbon.device.mgt.mobile.util.MobileDeviceManagementUtil.java
public static Document convertToDocument(File file) throws DeviceManagementException { DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true);/*from w w w.j av a 2s. c o m*/ try { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); DocumentBuilder docBuilder = dbf.newDocumentBuilder(); return docBuilder.parse(file); } catch (Exception e) { throw new DeviceManagementException("Error occurred while parsing file, while converting " + "to a org.w3c.dom.Document : " + e.getMessage(), e); } }
From source file:org.wso2.carbon.device.mgt.mobile.windows.api.services.enrollment.impl.EnrollmentServiceImpl.java
/** * This method prepares the wap-provisioning file by including relevant certificates etc. * * @param binarySecurityToken - CSR from device * @param wapProvisioningFilePath - File path of wap-provisioning file * @return - base64 encoded final wap-provisioning file as a String * @throws CertificateGenerationException * @throws org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.WAPProvisioningException *///from ww w . j a va2 s . co m private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath, String headerBst) throws CertificateGenerationException, WAPProvisioningException, WindowsDeviceEnrolmentException { String rootCertEncodedString; String signedCertEncodedString; X509Certificate signedCertificate; String provisioningXmlString; CertificateManagementServiceImpl certMgtServiceImpl = CertificateManagementServiceImpl.getInstance(); Base64 base64Encoder = new Base64(); try { X509Certificate rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate(); rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded()); signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken); signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded()); DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder; builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM); Node caCertificatePosition = wapParm.item(PluginConstants.CertificateEnrolment.CA_CERTIFICATE_POSITION); //Adding SHA1 CA certificate finger print to wap-provisioning xml. caCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase()); //Adding encoded CA certificate to wap-provisioning file after removing new line // characters. NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes(); Node rootCertNode = rootCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); rootCertEncodedString = rootCertEncodedString.replaceAll("\n", ""); rootCertNode.setTextContent(rootCertEncodedString); if (log.isDebugEnabled()) { log.debug("Root certificate: " + rootCertEncodedString); } Node signedCertificatePosition = wapParm .item(PluginConstants.CertificateEnrolment.SIGNED_CERTIFICATE_POSITION); //Adding SHA1 signed certificate finger print to wap-provisioning xml. signedCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase()); //Adding encoded signed certificate to wap-provisioning file after removing new line // characters. NamedNodeMap clientCertAttributes = signedCertificatePosition.getAttributes(); Node clientEncodedNode = clientCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); signedCertEncodedString = signedCertEncodedString.replaceAll("\n", ""); clientEncodedNode.setTextContent(signedCertEncodedString); if (log.isDebugEnabled()) { log.debug("Signed certificate: " + signedCertEncodedString); } //Adding domainName to wap-provisioning xml. Node domainPosition = wapParm.item(PluginConstants.CertificateEnrolment.DOMAIN_POSITION); NamedNodeMap domainAttribute = domainPosition.getAttributes(); Node domainNode = domainAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); domainNode.setTextContent(domain); //Adding Next provisioning service URL to wap-provisioning xml. Node syncmlServicePosition = wapParm .item(PluginConstants.CertificateEnrolment.SYNCML_PROVISIONING_ADDR_POSITION); NamedNodeMap syncmlServiceAttribute = syncmlServicePosition.getAttributes(); Node syncmlServiceNode = syncmlServiceAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); syncmlServiceNode.setTextContent(provisioningURL); // Adding user name auth token to wap-provisioning xml. Node userNameAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_USERNAME_POSITION); NamedNodeMap appServerAttribute = userNameAuthPosition.getAttributes(); Node authNameNode = appServerAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); String userName = getRequestedUser(headerBst); //CacheEntry cacheEntry = (CacheEntry) DeviceUtil.getCacheEntry(headerBst); // String userName = cacheEntry.getUsername(); authNameNode.setTextContent(userName); DeviceUtil.removeTokenEntry(headerBst); String password = DeviceUtil.generateRandomToken(); Node passwordAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_PASSWORD_POSITION); NamedNodeMap appSrvPasswordAttribute = passwordAuthPosition.getAttributes(); Node authPasswordNode = appSrvPasswordAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); authPasswordNode.setTextContent(password); String requestSecurityTokenResponse = SyncmlCredentialUtil.generateRST(userName, password); DeviceUtil.persistChallengeToken(requestSecurityTokenResponse, null, userName); // Get device polling frequency from the tenant Configurations. Node numberOfFirstRetries = wapParm .item(PluginConstants.CertificateEnrolment.POLLING_FREQUENCY_POSITION); NamedNodeMap pollingAttributes = numberOfFirstRetries.getAttributes(); Node pollValue = pollingAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); pollValue.setTextContent(pollingFrequency); provisioningXmlString = convertDocumentToString(document); } catch (ParserConfigurationException e) { throw new WAPProvisioningException("Problem occurred while creating configuration request", e); } catch (CertificateEncodingException e) { throw new WindowsDeviceEnrolmentException("Error occurred while encoding certificates.", e); } catch (SAXException e) { throw new WAPProvisioningException("Error occurred while parsing wap-provisioning.xml file.", e); } catch (TransformerException e) { throw new WAPProvisioningException("Error occurred while transforming wap-provisioning.xml file.", e); } catch (IOException e) { throw new WAPProvisioningException("Error occurred while getting wap-provisioning.xml file.", e); } catch (SyncmlMessageFormatException e) { throw new WindowsDeviceEnrolmentException("Error occurred while generating password hash value.", e); } catch (KeystoreException e) { throw new CertificateGenerationException("CA certificate cannot be generated.", e); } return base64Encoder.encodeAsString(provisioningXmlString.getBytes()); }
From source file:org.wso2.carbon.device.mgt.mobile.windows.api.services.wstep.impl.CertificateEnrollmentServiceImpl.java
/** * This method prepares the wap-provisioning file by including relevant certificates etc. * * @param binarySecurityToken - CSR from device * @param wapProvisioningFilePath - File path of wap-provisioning file * @return - base64 encoded final wap-provisioning file as a String * @throws CertificateGenerationException * @throws org.wso2.carbon.device.mgt.mobile.windows.api.common.exceptions.WAPProvisioningException *///from ww w . j a v a2 s . c om private String prepareWapProvisioningXML(String binarySecurityToken, String wapProvisioningFilePath, String headerBst) throws CertificateGenerationException, WAPProvisioningException, WindowsDeviceEnrolmentException { String rootCertEncodedString; String signedCertEncodedString; X509Certificate signedCertificate; String provisioningXmlString; CertificateManagementServiceImpl certMgtServiceImpl = CertificateManagementServiceImpl.getInstance(); Base64 base64Encoder = new Base64(); try { rootCACertificate = (X509Certificate) certMgtServiceImpl.getCACertificate(); rootCertEncodedString = base64Encoder.encodeAsString(rootCACertificate.getEncoded()); signedCertificate = certMgtServiceImpl.getSignedCertificateFromCSR(binarySecurityToken); signedCertEncodedString = base64Encoder.encodeAsString(signedCertificate.getEncoded()); DocumentBuilderFactory domFactory = DocumentBuilderFactory.newInstance(); domFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); domFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); DocumentBuilder builder = domFactory.newDocumentBuilder(); Document document = builder.parse(wapProvisioningFilePath); NodeList wapParm = document.getElementsByTagName(PluginConstants.CertificateEnrolment.PARM); Node caCertificatePosition = wapParm.item(PluginConstants.CertificateEnrolment.CA_CERTIFICATE_POSITION); //Adding SHA1 CA certificate finger print to wap-provisioning xml. caCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(rootCACertificate.getEncoded())).toUpperCase()); //Adding encoded CA certificate to wap-provisioning file after removing new line // characters. NamedNodeMap rootCertAttributes = caCertificatePosition.getAttributes(); Node rootCertNode = rootCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); rootCertEncodedString = rootCertEncodedString.replaceAll("\n", ""); rootCertNode.setTextContent(rootCertEncodedString); if (log.isDebugEnabled()) { log.debug("Root certificate: " + rootCertEncodedString); } Node signedCertificatePosition = wapParm .item(PluginConstants.CertificateEnrolment.SIGNED_CERTIFICATE_POSITION); //Adding SHA1 signed certificate finger print to wap-provisioning xml. signedCertificatePosition.getParentNode().getAttributes() .getNamedItem(PluginConstants.CertificateEnrolment.TYPE).setTextContent( String.valueOf(DigestUtils.sha1Hex(signedCertificate.getEncoded())).toUpperCase()); //Adding encoded signed certificate to wap-provisioning file after removing new line // characters. NamedNodeMap clientCertAttributes = signedCertificatePosition.getAttributes(); Node clientEncodedNode = clientCertAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); signedCertEncodedString = signedCertEncodedString.replaceAll("\n", ""); clientEncodedNode.setTextContent(signedCertEncodedString); if (log.isDebugEnabled()) { log.debug("Signed certificate: " + signedCertEncodedString); } //Adding domainName to wap-provisioning xml. Node domainPosition = wapParm.item(PluginConstants.CertificateEnrolment.DOMAIN_POSITION); NamedNodeMap domainAttribute = domainPosition.getAttributes(); Node domainNode = domainAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); domainNode.setTextContent(domain); //Adding Next provisioning service URL to wap-provisioning xml. Node syncmlServicePosition = wapParm .item(PluginConstants.CertificateEnrolment.SYNCML_PROVISIONING_ADDR_POSITION); NamedNodeMap syncmlServiceAttribute = syncmlServicePosition.getAttributes(); Node syncmlServiceNode = syncmlServiceAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); syncmlServiceNode.setTextContent(provisioningURL); // Adding user name auth token to wap-provisioning xml. Node userNameAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_USERNAME_POSITION); NamedNodeMap appServerAttribute = userNameAuthPosition.getAttributes(); Node authNameNode = appServerAttribute.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); MobileCacheEntry cacheEntry = DeviceUtil.getTokenEntry(headerBst); String userName = cacheEntry.getUsername(); authNameNode.setTextContent(cacheEntry.getUsername()); DeviceUtil.removeTokenEntry(headerBst); String password = DeviceUtil.generateRandomToken(); Node passwordAuthPosition = wapParm .item(PluginConstants.CertificateEnrolment.APPAUTH_PASSWORD_POSITION); NamedNodeMap appSrvPasswordAttribute = passwordAuthPosition.getAttributes(); Node authPasswordNode = appSrvPasswordAttribute .getNamedItem(PluginConstants.CertificateEnrolment.VALUE); authPasswordNode.setTextContent(password); String requestSecurityTokenResponse = SyncmlCredentialUtil.generateRST(userName, password); DeviceUtil.persistChallengeToken(requestSecurityTokenResponse, null, userName); // Get device polling frequency from the tenant Configurations. Node numberOfFirstRetries = wapParm .item(PluginConstants.CertificateEnrolment.POLLING_FREQUENCY_POSITION); NamedNodeMap pollingAttributes = numberOfFirstRetries.getAttributes(); Node pollValue = pollingAttributes.getNamedItem(PluginConstants.CertificateEnrolment.VALUE); pollValue.setTextContent(pollingFrequency); provisioningXmlString = convertDocumentToString(document); } catch (ParserConfigurationException e) { throw new WAPProvisioningException("Problem occurred while creating configuration request", e); } catch (CertificateEncodingException e) { throw new WindowsDeviceEnrolmentException("Error occurred while encoding certificates.", e); } catch (SAXException e) { throw new WAPProvisioningException("Error occurred while parsing wap-provisioning.xml file.", e); } catch (TransformerException e) { throw new WAPProvisioningException("Error occurred while transforming wap-provisioning.xml file.", e); } catch (IOException e) { throw new WAPProvisioningException("Error occurred while getting wap-provisioning.xml file.", e); } catch (SyncmlMessageFormatException e) { throw new WindowsDeviceEnrolmentException("Error occurred while generating password hash value.", e); } catch (KeystoreException e) { throw new CertificateGenerationException("CA certificate cannot be generated.", e); } return base64Encoder.encodeAsString(provisioningXmlString.getBytes()); }
From source file:org.wso2.carbon.identity.application.authenticator.passive.sts.manager.PassiveSTSManager.java
/** * @param samlString/*from www .ja va2s . c o m*/ * @return * @throws PassiveSTSException */ private XMLObject unmarshall(String samlString) throws PassiveSTSException { String samlStr = decodeHTMLCharacters(samlString); try { DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder(); docBuilder.setEntityResolver(new CarbonEntityResolver()); ByteArrayInputStream is = new ByteArrayInputStream(samlStr.getBytes(Charset.forName("UTF-8"))); Document document = docBuilder.parse(is); Element element = document.getDocumentElement(); NodeList nodeList = element.getElementsByTagNameNS("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "RequestedSecurityToken"); if (nodeList == null || nodeList.getLength() == 0) { throw new PassiveSTSException("Security Token is not found in the Response"); } if (nodeList.getLength() > 1) { log.warn("More than one Security Token is found in the Response"); } Element node = (Element) nodeList.item(0).getFirstChild(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(node); return unmarshaller.unmarshall(node); } catch (ParserConfigurationException e) { throw new PassiveSTSException( PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } catch (UnmarshallingException e) { throw new PassiveSTSException( PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } catch (SAXException e) { throw new PassiveSTSException( PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } catch (IOException e) { throw new PassiveSTSException( PassiveSTSConstants.ERROR_IN_UNMARSHALLING_SAML_REQUEST_FROM_THE_ENCODED_STRING, e); } }
From source file:org.wso2.carbon.identity.application.authenticator.samlsso.manager.DefaultSAML2SSOManager.java
private XMLObject unmarshall(String samlString) throws SAMLSSOException { try {/*from w ww .j a va2 s . co m*/ DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance(); documentBuilderFactory.setNamespaceAware(true); documentBuilderFactory.setExpandEntityReferences(false); documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); org.apache.xerces.util.SecurityManager securityManager = new SecurityManager(); securityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT); documentBuilderFactory.setAttribute(SECURITY_MANAGER_PROPERTY, securityManager); DocumentBuilder docBuilder = documentBuilderFactory.newDocumentBuilder(); docBuilder.setEntityResolver(new CarbonEntityResolver()); ByteArrayInputStream is = new ByteArrayInputStream(samlString.getBytes()); Document document = docBuilder.parse(is); Element element = document.getDocumentElement(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(element); return unmarshaller.unmarshall(element); } catch (ParserConfigurationException e) { throw new SAMLSSOException("Error in unmarshalling SAML Request from the encoded String", e); } catch (UnmarshallingException e) { throw new SAMLSSOException("Error in unmarshalling SAML Request from the encoded String", e); } catch (SAXException e) { throw new SAMLSSOException("Error in unmarshalling SAML Request from the encoded String", e); } catch (IOException e) { throw new SAMLSSOException("Error in unmarshalling SAML Request from the encoded String", e); } }