1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/ws/util/xml/XmlUtil.java Wed Apr 27 01:27:09 2016 +0800 1.3 @@ -0,0 +1,461 @@ 1.4 +/* 1.5 + * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved. 1.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.7 + * 1.8 + * This code is free software; you can redistribute it and/or modify it 1.9 + * under the terms of the GNU General Public License version 2 only, as 1.10 + * published by the Free Software Foundation. Oracle designates this 1.11 + * particular file as subject to the "Classpath" exception as provided 1.12 + * by Oracle in the LICENSE file that accompanied this code. 1.13 + * 1.14 + * This code is distributed in the hope that it will be useful, but WITHOUT 1.15 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 1.16 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 1.17 + * version 2 for more details (a copy is included in the LICENSE file that 1.18 + * accompanied this code). 1.19 + * 1.20 + * You should have received a copy of the GNU General Public License version 1.21 + * 2 along with this work; if not, write to the Free Software Foundation, 1.22 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 1.23 + * 1.24 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 1.25 + * or visit www.oracle.com if you need additional information or have any 1.26 + * questions. 1.27 + */ 1.28 + 1.29 +package com.sun.xml.internal.ws.util.xml; 1.30 + 1.31 +import com.sun.istack.internal.Nullable; 1.32 +import com.sun.org.apache.xml.internal.resolver.Catalog; 1.33 +import com.sun.org.apache.xml.internal.resolver.CatalogManager; 1.34 +import com.sun.org.apache.xml.internal.resolver.tools.CatalogResolver; 1.35 +import com.sun.xml.internal.ws.server.ServerRtException; 1.36 +import com.sun.xml.internal.ws.util.ByteArrayBuffer; 1.37 +import org.w3c.dom.Attr; 1.38 +import org.w3c.dom.Element; 1.39 +import org.w3c.dom.EntityReference; 1.40 +import org.w3c.dom.Node; 1.41 +import org.w3c.dom.NodeList; 1.42 +import org.w3c.dom.Text; 1.43 +import org.xml.sax.*; 1.44 + 1.45 +import javax.xml.XMLConstants; 1.46 +import javax.xml.namespace.QName; 1.47 +import javax.xml.parsers.DocumentBuilderFactory; 1.48 +import javax.xml.parsers.ParserConfigurationException; 1.49 +import javax.xml.parsers.SAXParserFactory; 1.50 +import javax.xml.stream.XMLInputFactory; 1.51 +import javax.xml.transform.Result; 1.52 +import javax.xml.transform.Source; 1.53 +import javax.xml.transform.Transformer; 1.54 +import javax.xml.transform.TransformerConfigurationException; 1.55 +import javax.xml.transform.TransformerException; 1.56 +import javax.xml.transform.TransformerFactory; 1.57 +import javax.xml.transform.sax.SAXTransformerFactory; 1.58 +import javax.xml.transform.sax.TransformerHandler; 1.59 +import javax.xml.transform.stream.StreamSource; 1.60 +import javax.xml.validation.SchemaFactory; 1.61 +import javax.xml.ws.WebServiceException; 1.62 +import javax.xml.xpath.XPathFactory; 1.63 +import javax.xml.xpath.XPathFactoryConfigurationException; 1.64 +import java.io.IOException; 1.65 +import java.io.InputStream; 1.66 +import java.io.OutputStreamWriter; 1.67 +import java.io.Writer; 1.68 +import java.net.URL; 1.69 +import java.util.ArrayList; 1.70 +import java.util.Enumeration; 1.71 +import java.util.Iterator; 1.72 +import java.util.List; 1.73 +import java.util.StringTokenizer; 1.74 +import java.util.logging.Level; 1.75 +import java.util.logging.Logger; 1.76 + 1.77 +/** 1.78 + * @author WS Development Team 1.79 + */ 1.80 +public class XmlUtil { 1.81 + 1.82 + // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used 1.83 + private static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; 1.84 + 1.85 + private final static String LEXICAL_HANDLER_PROPERTY = 1.86 + "http://xml.org/sax/properties/lexical-handler"; 1.87 + 1.88 + private static final Logger LOGGER = Logger.getLogger(XmlUtil.class.getName()); 1.89 + 1.90 + private static boolean XML_SECURITY_DISABLED; 1.91 + 1.92 + static { 1.93 + String disableXmlSecurity = System.getProperty("com.sun.xml.internal.ws.disableXmlSecurity"); 1.94 + XML_SECURITY_DISABLED = disableXmlSecurity == null || !Boolean.valueOf(disableXmlSecurity); 1.95 + } 1.96 + 1.97 + public static String getPrefix(String s) { 1.98 + int i = s.indexOf(':'); 1.99 + if (i == -1) 1.100 + return null; 1.101 + return s.substring(0, i); 1.102 + } 1.103 + 1.104 + public static String getLocalPart(String s) { 1.105 + int i = s.indexOf(':'); 1.106 + if (i == -1) 1.107 + return s; 1.108 + return s.substring(i + 1); 1.109 + } 1.110 + 1.111 + 1.112 + 1.113 + public static String getAttributeOrNull(Element e, String name) { 1.114 + Attr a = e.getAttributeNode(name); 1.115 + if (a == null) 1.116 + return null; 1.117 + return a.getValue(); 1.118 + } 1.119 + 1.120 + public static String getAttributeNSOrNull( 1.121 + Element e, 1.122 + String name, 1.123 + String nsURI) { 1.124 + Attr a = e.getAttributeNodeNS(nsURI, name); 1.125 + if (a == null) 1.126 + return null; 1.127 + return a.getValue(); 1.128 + } 1.129 + 1.130 + public static String getAttributeNSOrNull( 1.131 + Element e, 1.132 + QName name) { 1.133 + Attr a = e.getAttributeNodeNS(name.getNamespaceURI(), name.getLocalPart()); 1.134 + if (a == null) 1.135 + return null; 1.136 + return a.getValue(); 1.137 + } 1.138 + 1.139 +/* public static boolean matchesTagNS(Element e, String tag, String nsURI) { 1.140 + try { 1.141 + return e.getLocalName().equals(tag) 1.142 + && e.getNamespaceURI().equals(nsURI); 1.143 + } catch (NullPointerException npe) { 1.144 + 1.145 + // localname not null since parsing would fail before here 1.146 + throw new WSDLParseException( 1.147 + "null.namespace.found", 1.148 + e.getLocalName()); 1.149 + } 1.150 + } 1.151 + 1.152 + public static boolean matchesTagNS( 1.153 + Element e, 1.154 + javax.xml.namespace.QName name) { 1.155 + try { 1.156 + return e.getLocalName().equals(name.getLocalPart()) 1.157 + && e.getNamespaceURI().equals(name.getNamespaceURI()); 1.158 + } catch (NullPointerException npe) { 1.159 + 1.160 + // localname not null since parsing would fail before here 1.161 + throw new WSDLParseException( 1.162 + "null.namespace.found", 1.163 + e.getLocalName()); 1.164 + } 1.165 + }*/ 1.166 + 1.167 + public static Iterator getAllChildren(Element element) { 1.168 + return new NodeListIterator(element.getChildNodes()); 1.169 + } 1.170 + 1.171 + public static Iterator getAllAttributes(Element element) { 1.172 + return new NamedNodeMapIterator(element.getAttributes()); 1.173 + } 1.174 + 1.175 + public static List<String> parseTokenList(String tokenList) { 1.176 + List<String> result = new ArrayList<String>(); 1.177 + StringTokenizer tokenizer = new StringTokenizer(tokenList, " "); 1.178 + while (tokenizer.hasMoreTokens()) { 1.179 + result.add(tokenizer.nextToken()); 1.180 + } 1.181 + return result; 1.182 + } 1.183 + 1.184 + public static String getTextForNode(Node node) { 1.185 + StringBuilder sb = new StringBuilder(); 1.186 + 1.187 + NodeList children = node.getChildNodes(); 1.188 + if (children.getLength() == 0) 1.189 + return null; 1.190 + 1.191 + for (int i = 0; i < children.getLength(); ++i) { 1.192 + Node n = children.item(i); 1.193 + 1.194 + if (n instanceof Text) 1.195 + sb.append(n.getNodeValue()); 1.196 + else if (n instanceof EntityReference) { 1.197 + String s = getTextForNode(n); 1.198 + if (s == null) 1.199 + return null; 1.200 + else 1.201 + sb.append(s); 1.202 + } else 1.203 + return null; 1.204 + } 1.205 + 1.206 + return sb.toString(); 1.207 + } 1.208 + 1.209 + public static InputStream getUTF8Stream(String s) { 1.210 + try { 1.211 + ByteArrayBuffer bab = new ByteArrayBuffer(); 1.212 + Writer w = new OutputStreamWriter(bab, "utf-8"); 1.213 + w.write(s); 1.214 + w.close(); 1.215 + return bab.newInputStream(); 1.216 + } catch (IOException e) { 1.217 + throw new RuntimeException("should not happen"); 1.218 + } 1.219 + } 1.220 + 1.221 + static final ContextClassloaderLocal<TransformerFactory> transformerFactory = new ContextClassloaderLocal<TransformerFactory>() { 1.222 + @Override 1.223 + protected TransformerFactory initialValue() throws Exception { 1.224 + return TransformerFactory.newInstance(); 1.225 + } 1.226 + }; 1.227 + 1.228 + static final ContextClassloaderLocal<SAXParserFactory> saxParserFactory = new ContextClassloaderLocal<SAXParserFactory>() { 1.229 + @Override 1.230 + protected SAXParserFactory initialValue() throws Exception { 1.231 + SAXParserFactory factory = SAXParserFactory.newInstance(); 1.232 + factory.setNamespaceAware(true); 1.233 + return factory; 1.234 + } 1.235 + }; 1.236 + 1.237 + /** 1.238 + * Creates a new identity transformer. 1.239 + */ 1.240 + public static Transformer newTransformer() { 1.241 + try { 1.242 + return transformerFactory.get().newTransformer(); 1.243 + } catch (TransformerConfigurationException tex) { 1.244 + throw new IllegalStateException("Unable to create a JAXP transformer"); 1.245 + } 1.246 + } 1.247 + 1.248 + /** 1.249 + * Performs identity transformation. 1.250 + */ 1.251 + public static <T extends Result> 1.252 + T identityTransform(Source src, T result) throws TransformerException, SAXException, ParserConfigurationException, IOException { 1.253 + if (src instanceof StreamSource) { 1.254 + // work around a bug in JAXP in JDK6u4 and earlier where the namespace processing 1.255 + // is not turned on by default 1.256 + StreamSource ssrc = (StreamSource) src; 1.257 + TransformerHandler th = ((SAXTransformerFactory) transformerFactory.get()).newTransformerHandler(); 1.258 + th.setResult(result); 1.259 + XMLReader reader = saxParserFactory.get().newSAXParser().getXMLReader(); 1.260 + reader.setContentHandler(th); 1.261 + reader.setProperty(LEXICAL_HANDLER_PROPERTY, th); 1.262 + reader.parse(toInputSource(ssrc)); 1.263 + } else { 1.264 + newTransformer().transform(src, result); 1.265 + } 1.266 + return result; 1.267 + } 1.268 + 1.269 + private static InputSource toInputSource(StreamSource src) { 1.270 + InputSource is = new InputSource(); 1.271 + is.setByteStream(src.getInputStream()); 1.272 + is.setCharacterStream(src.getReader()); 1.273 + is.setPublicId(src.getPublicId()); 1.274 + is.setSystemId(src.getSystemId()); 1.275 + return is; 1.276 + } 1.277 + 1.278 + /* 1.279 + * Gets an EntityResolver using XML catalog 1.280 + */ 1.281 + public static EntityResolver createEntityResolver(@Nullable URL catalogUrl) { 1.282 + // set up a manager 1.283 + CatalogManager manager = new CatalogManager(); 1.284 + manager.setIgnoreMissingProperties(true); 1.285 + // Using static catalog may result in to sharing of the catalog by multiple apps running in a container 1.286 + manager.setUseStaticCatalog(false); 1.287 + Catalog catalog = manager.getCatalog(); 1.288 + try { 1.289 + if (catalogUrl != null) { 1.290 + catalog.parseCatalog(catalogUrl); 1.291 + } 1.292 + } catch (IOException e) { 1.293 + throw new ServerRtException("server.rt.err",e); 1.294 + } 1.295 + return workaroundCatalogResolver(catalog); 1.296 + } 1.297 + 1.298 + /** 1.299 + * Gets a default EntityResolver for catalog at META-INF/jaxws-catalog.xml 1.300 + */ 1.301 + public static EntityResolver createDefaultCatalogResolver() { 1.302 + 1.303 + // set up a manager 1.304 + CatalogManager manager = new CatalogManager(); 1.305 + manager.setIgnoreMissingProperties(true); 1.306 + // Using static catalog may result in to sharing of the catalog by multiple apps running in a container 1.307 + manager.setUseStaticCatalog(false); 1.308 + // parse the catalog 1.309 + ClassLoader cl = Thread.currentThread().getContextClassLoader(); 1.310 + Enumeration<URL> catalogEnum; 1.311 + Catalog catalog = manager.getCatalog(); 1.312 + try { 1.313 + if (cl == null) { 1.314 + catalogEnum = ClassLoader.getSystemResources("META-INF/jax-ws-catalog.xml"); 1.315 + } else { 1.316 + catalogEnum = cl.getResources("META-INF/jax-ws-catalog.xml"); 1.317 + } 1.318 + 1.319 + while(catalogEnum.hasMoreElements()) { 1.320 + URL url = catalogEnum.nextElement(); 1.321 + catalog.parseCatalog(url); 1.322 + } 1.323 + } catch (IOException e) { 1.324 + throw new WebServiceException(e); 1.325 + } 1.326 + 1.327 + return workaroundCatalogResolver(catalog); 1.328 + } 1.329 + 1.330 + /** 1.331 + * Default CatalogResolver implementation is broken as it depends on CatalogManager.getCatalog() which will always create a new one when 1.332 + * useStaticCatalog is false. 1.333 + * This returns a CatalogResolver that uses the catalog passed as parameter. 1.334 + * @param catalog 1.335 + * @return CatalogResolver 1.336 + */ 1.337 + private static CatalogResolver workaroundCatalogResolver(final Catalog catalog) { 1.338 + // set up a manager 1.339 + CatalogManager manager = new CatalogManager() { 1.340 + @Override 1.341 + public Catalog getCatalog() { 1.342 + return catalog; 1.343 + } 1.344 + }; 1.345 + manager.setIgnoreMissingProperties(true); 1.346 + // Using static catalog may result in to sharing of the catalog by multiple apps running in a container 1.347 + manager.setUseStaticCatalog(false); 1.348 + 1.349 + return new CatalogResolver(manager); 1.350 + } 1.351 + 1.352 + /** 1.353 + * {@link ErrorHandler} that always treat the error as fatal. 1.354 + */ 1.355 + public static final ErrorHandler DRACONIAN_ERROR_HANDLER = new ErrorHandler() { 1.356 + @Override 1.357 + public void warning(SAXParseException exception) { 1.358 + } 1.359 + 1.360 + @Override 1.361 + public void error(SAXParseException exception) throws SAXException { 1.362 + throw exception; 1.363 + } 1.364 + 1.365 + @Override 1.366 + public void fatalError(SAXParseException exception) throws SAXException { 1.367 + throw exception; 1.368 + } 1.369 + }; 1.370 + 1.371 + public static DocumentBuilderFactory newDocumentBuilderFactory() { 1.372 + return newDocumentBuilderFactory(true); 1.373 + } 1.374 + 1.375 + public static DocumentBuilderFactory newDocumentBuilderFactory(boolean secureXmlProcessing) { 1.376 + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); 1.377 + try { 1.378 + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessing)); 1.379 + } catch (ParserConfigurationException e) { 1.380 + LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } ); 1.381 + } 1.382 + return factory; 1.383 + } 1.384 + 1.385 + public static TransformerFactory newTransformerFactory(boolean secureXmlProcessingEnabled) { 1.386 + TransformerFactory factory = TransformerFactory.newInstance(); 1.387 + try { 1.388 + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled)); 1.389 + } catch (TransformerConfigurationException e) { 1.390 + LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()}); 1.391 + } 1.392 + return factory; 1.393 + } 1.394 + 1.395 + public static TransformerFactory newTransformerFactory() { 1.396 + return newTransformerFactory(true); 1.397 + } 1.398 + 1.399 + public static SAXParserFactory newSAXParserFactory(boolean secureXmlProcessingEnabled) { 1.400 + SAXParserFactory factory = SAXParserFactory.newInstance(); 1.401 + try { 1.402 + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled)); 1.403 + } catch (Exception e) { 1.404 + LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[]{factory.getClass().getName()}); 1.405 + } 1.406 + return factory; 1.407 + } 1.408 + 1.409 + public static XPathFactory newXPathFactory(boolean secureXmlProcessingEnabled) { 1.410 + XPathFactory factory = XPathFactory.newInstance(); 1.411 + try { 1.412 + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, isXMLSecurityDisabled(secureXmlProcessingEnabled)); 1.413 + } catch (XPathFactoryConfigurationException e) { 1.414 + LOGGER.log(Level.WARNING, "Factory [{0}] doesn't support secure xml processing!", new Object[] { factory.getClass().getName() } ); 1.415 + } 1.416 + return factory; 1.417 + } 1.418 + 1.419 + public static XMLInputFactory newXMLInputFactory(boolean secureXmlProcessingEnabled) { 1.420 + XMLInputFactory factory = XMLInputFactory.newInstance(); 1.421 + if (isXMLSecurityDisabled(secureXmlProcessingEnabled)) { 1.422 + // TODO-Miran: are those apppropriate defaults? 1.423 + factory.setProperty(XMLInputFactory.SUPPORT_DTD, false); 1.424 + factory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false); 1.425 + } 1.426 + return factory; 1.427 + } 1.428 + 1.429 + private static boolean isXMLSecurityDisabled(boolean runtimeDisabled) { 1.430 + return XML_SECURITY_DISABLED || runtimeDisabled; 1.431 + } 1.432 + 1.433 + public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) { 1.434 + 1.435 + // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied 1.436 + if (isXMLSecurityDisabled(disableSecureProcessing)) { 1.437 + if (LOGGER.isLoggable(Level.FINE)) { 1.438 + LOGGER.log(Level.FINE, "Xml Security disabled, no JAXP xsd external access configuration necessary."); 1.439 + } 1.440 + return sf; 1.441 + } 1.442 + 1.443 + if (System.getProperty("javax.xml.accessExternalSchema") != null) { 1.444 + if (LOGGER.isLoggable(Level.FINE)) { 1.445 + LOGGER.log(Level.FINE, "Detected explicitly JAXP configuration, no JAXP xsd external access configuration necessary."); 1.446 + } 1.447 + return sf; 1.448 + } 1.449 + 1.450 + try { 1.451 + sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value); 1.452 + if (LOGGER.isLoggable(Level.FINE)) { 1.453 + LOGGER.log(Level.FINE, "Property \"{0}\" is supported and has been successfully set by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA}); 1.454 + } 1.455 + } catch (SAXException ignored) { 1.456 + // nothing to do; support depends on version JDK or SAX implementation 1.457 + if (LOGGER.isLoggable(Level.CONFIG)) { 1.458 + LOGGER.log(Level.CONFIG, "Property \"{0}\" is not supported by used JAXP implementation.", new Object[]{ACCESS_EXTERNAL_SCHEMA}); 1.459 + } 1.460 + } 1.461 + return sf; 1.462 + } 1.463 + 1.464 +}