aoqi@0: /* mkos@721: * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. aoqi@0: * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. aoqi@0: * aoqi@0: * This code is free software; you can redistribute it and/or modify it aoqi@0: * under the terms of the GNU General Public License version 2 only, as aoqi@0: * published by the Free Software Foundation. Oracle designates this aoqi@0: * particular file as subject to the "Classpath" exception as provided aoqi@0: * by Oracle in the LICENSE file that accompanied this code. aoqi@0: * aoqi@0: * This code is distributed in the hope that it will be useful, but WITHOUT aoqi@0: * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or aoqi@0: * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License aoqi@0: * version 2 for more details (a copy is included in the LICENSE file that aoqi@0: * accompanied this code). aoqi@0: * aoqi@0: * You should have received a copy of the GNU General Public License version aoqi@0: * 2 along with this work; if not, write to the Free Software Foundation, aoqi@0: * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. aoqi@0: * aoqi@0: * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA aoqi@0: * or visit www.oracle.com if you need additional information or have any aoqi@0: * questions. aoqi@0: */ aoqi@0: aoqi@0: package com.sun.xml.internal.bind.v2.util; aoqi@0: aoqi@0: import com.sun.xml.internal.bind.v2.Messages; mkos@721: mkos@721: import java.security.AccessController; mkos@721: import java.security.PrivilegedAction; aoqi@0: import java.util.logging.Level; aoqi@0: import java.util.logging.Logger; aoqi@0: import javax.xml.XMLConstants; aoqi@0: import javax.xml.parsers.DocumentBuilderFactory; aoqi@0: import javax.xml.parsers.ParserConfigurationException; aoqi@0: import javax.xml.parsers.SAXParserFactory; aoqi@0: import javax.xml.transform.TransformerConfigurationException; aoqi@0: import javax.xml.transform.TransformerFactory; aoqi@0: import javax.xml.validation.SchemaFactory; aoqi@0: import javax.xml.xpath.XPathFactory; aoqi@0: import javax.xml.xpath.XPathFactoryConfigurationException; aoqi@0: aoqi@0: import org.xml.sax.SAXException; aoqi@0: import org.xml.sax.SAXNotRecognizedException; aoqi@0: import org.xml.sax.SAXNotSupportedException; aoqi@0: aoqi@0: /** aoqi@0: * Provides helper methods for creating properly configured XML parser aoqi@0: * factory instances with namespace support turned on and configured for aoqi@0: * security. aoqi@0: * @author snajper aoqi@0: */ aoqi@0: public class XmlFactory { aoqi@0: aoqi@0: // not in older JDK, so must be duplicated here, otherwise javax.xml.XMLConstants should be used aoqi@0: public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema"; aoqi@0: public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD"; aoqi@0: aoqi@0: private static final Logger LOGGER = Logger.getLogger(XmlFactory.class.getName()); aoqi@0: aoqi@0: /** aoqi@0: * If true XML security features when parsing XML documents will be disabled. aoqi@0: * The default value is false. aoqi@0: * aoqi@0: * Boolean aoqi@0: * @since 2.2.6 aoqi@0: */ aoqi@0: private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity"; aoqi@0: mkos@721: private static final boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( mkos@721: new PrivilegedAction() { mkos@721: @Override mkos@721: public Boolean run() { mkos@721: return Boolean.getBoolean(DISABLE_XML_SECURITY); mkos@721: } mkos@721: } mkos@721: ); aoqi@0: aoqi@0: private static boolean isXMLSecurityDisabled(boolean runtimeSetting) { aoqi@0: return XML_SECURITY_DISABLED || runtimeSetting; aoqi@0: } aoqi@0: aoqi@0: /** aoqi@0: * Returns properly configured (e.g. security features) schema factory aoqi@0: * - namespaceAware == true aoqi@0: * - securityProcessing == is set based on security processing property, default is true aoqi@0: */ aoqi@0: public static SchemaFactory createSchemaFactory(final String language, boolean disableSecureProcessing) throws IllegalStateException { aoqi@0: try { aoqi@0: SchemaFactory factory = SchemaFactory.newInstance(language); aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, "SchemaFactory instance: {0}", factory); aoqi@0: } aoqi@0: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); aoqi@0: return factory; aoqi@0: } catch (SAXNotRecognizedException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException(ex); aoqi@0: } catch (SAXNotSupportedException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException(ex); aoqi@0: } catch (AbstractMethodError er) { aoqi@0: LOGGER.log(Level.SEVERE, null, er); aoqi@0: throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); aoqi@0: } aoqi@0: } aoqi@0: aoqi@0: /** aoqi@0: * Returns properly configured (e.g. security features) parser factory aoqi@0: * - namespaceAware == true aoqi@0: * - securityProcessing == is set based on security processing property, default is true aoqi@0: */ aoqi@0: public static SAXParserFactory createParserFactory(boolean disableSecureProcessing) throws IllegalStateException { aoqi@0: try { aoqi@0: SAXParserFactory factory = SAXParserFactory.newInstance(); aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, "SAXParserFactory instance: {0}", factory); aoqi@0: } aoqi@0: factory.setNamespaceAware(true); aoqi@0: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); aoqi@0: return factory; aoqi@0: } catch (ParserConfigurationException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException( ex); aoqi@0: } catch (SAXNotRecognizedException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException( ex); aoqi@0: } catch (SAXNotSupportedException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException( ex); aoqi@0: } catch (AbstractMethodError er) { aoqi@0: LOGGER.log(Level.SEVERE, null, er); aoqi@0: throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); aoqi@0: } aoqi@0: } aoqi@0: aoqi@0: /** aoqi@0: * Returns properly configured (e.g. security features) factory aoqi@0: * - securityProcessing == is set based on security processing property, default is true aoqi@0: */ aoqi@0: public static XPathFactory createXPathFactory(boolean disableSecureProcessing) throws IllegalStateException { aoqi@0: try { aoqi@0: XPathFactory factory = XPathFactory.newInstance(); aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, "XPathFactory instance: {0}", factory); aoqi@0: } aoqi@0: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); aoqi@0: return factory; aoqi@0: } catch (XPathFactoryConfigurationException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException( ex); aoqi@0: } catch (AbstractMethodError er) { aoqi@0: LOGGER.log(Level.SEVERE, null, er); aoqi@0: throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); aoqi@0: } aoqi@0: } aoqi@0: aoqi@0: /** aoqi@0: * Returns properly configured (e.g. security features) factory aoqi@0: * - securityProcessing == is set based on security processing property, default is true aoqi@0: */ aoqi@0: public static TransformerFactory createTransformerFactory(boolean disableSecureProcessing) throws IllegalStateException { aoqi@0: try { aoqi@0: TransformerFactory factory = TransformerFactory.newInstance(); aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, "TransformerFactory instance: {0}", factory); aoqi@0: } aoqi@0: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); aoqi@0: return factory; aoqi@0: } catch (TransformerConfigurationException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException( ex); aoqi@0: } catch (AbstractMethodError er) { aoqi@0: LOGGER.log(Level.SEVERE, null, er); aoqi@0: throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); aoqi@0: } aoqi@0: } aoqi@0: aoqi@0: /** aoqi@0: * Returns properly configured (e.g. security features) factory aoqi@0: * - namespaceAware == true aoqi@0: * - securityProcessing == is set based on security processing property, default is true aoqi@0: */ aoqi@0: public static DocumentBuilderFactory createDocumentBuilderFactory(boolean disableSecureProcessing) throws IllegalStateException { aoqi@0: try { aoqi@0: DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, "DocumentBuilderFactory instance: {0}", factory); aoqi@0: } aoqi@0: factory.setNamespaceAware(true); aoqi@0: factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, !isXMLSecurityDisabled(disableSecureProcessing)); aoqi@0: return factory; aoqi@0: } catch (ParserConfigurationException ex) { aoqi@0: LOGGER.log(Level.SEVERE, null, ex); aoqi@0: throw new IllegalStateException( ex); aoqi@0: } catch (AbstractMethodError er) { aoqi@0: LOGGER.log(Level.SEVERE, null, er); aoqi@0: throw new IllegalStateException(Messages.INVALID_JAXP_IMPLEMENTATION.format(), er); aoqi@0: } aoqi@0: } aoqi@0: aoqi@0: public static SchemaFactory allowExternalAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) { aoqi@0: aoqi@0: // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied aoqi@0: if (isXMLSecurityDisabled(disableSecureProcessing)) { aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format()); aoqi@0: } aoqi@0: return sf; aoqi@0: } aoqi@0: aoqi@0: if (System.getProperty("javax.xml.accessExternalSchema") != null) { aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format()); aoqi@0: } aoqi@0: return sf; aoqi@0: } aoqi@0: aoqi@0: try { aoqi@0: sf.setProperty(ACCESS_EXTERNAL_SCHEMA, value); aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA)); aoqi@0: } aoqi@0: } catch (SAXException ignored) { aoqi@0: // nothing to do; support depends on version JDK or SAX implementation aoqi@0: if (LOGGER.isLoggable(Level.CONFIG)) { aoqi@0: LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_SCHEMA), ignored); aoqi@0: } aoqi@0: } aoqi@0: return sf; aoqi@0: } aoqi@0: aoqi@0: public static SchemaFactory allowExternalDTDAccess(SchemaFactory sf, String value, boolean disableSecureProcessing) { aoqi@0: aoqi@0: // if xml security (feature secure processing) disabled, nothing to do, no restrictions applied aoqi@0: if (isXMLSecurityDisabled(disableSecureProcessing)) { aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, Messages.JAXP_XML_SECURITY_DISABLED.format()); aoqi@0: } aoqi@0: return sf; aoqi@0: } aoqi@0: aoqi@0: if (System.getProperty("javax.xml.accessExternalDTD") != null) { aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, Messages.JAXP_EXTERNAL_ACCESS_CONFIGURED.format()); aoqi@0: } aoqi@0: return sf; aoqi@0: } aoqi@0: aoqi@0: try { aoqi@0: sf.setProperty(ACCESS_EXTERNAL_DTD, value); aoqi@0: if (LOGGER.isLoggable(Level.FINE)) { aoqi@0: LOGGER.log(Level.FINE, Messages.JAXP_SUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD)); aoqi@0: } aoqi@0: } catch (SAXException ignored) { aoqi@0: // nothing to do; support depends on version JDK or SAX implementation aoqi@0: if (LOGGER.isLoggable(Level.CONFIG)) { aoqi@0: LOGGER.log(Level.CONFIG, Messages.JAXP_UNSUPPORTED_PROPERTY.format(ACCESS_EXTERNAL_DTD), ignored); aoqi@0: } aoqi@0: } aoqi@0: return sf; aoqi@0: } aoqi@0: aoqi@0: }