All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.activemq.artemis.utils.XmlProvider Maven / Gradle / Ivy

There is a newer version: 2.38.0
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements. See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License. You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.activemq.artemis.utils;

import javax.xml.XMLConstants;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerConfigurationException;
import javax.xml.transform.TransformerFactory;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import java.io.InputStream;
import java.io.Reader;
import java.net.URL;
import java.util.Map;

import org.w3c.dom.ls.LSInput;
import org.xml.sax.SAXException;

public class XmlProvider {
   public static final String ARTEMIS_DISABLE_XXE_PROPERTY = "artemis.disableXxe";

   public static final String XINCLUDE_AWARE_PROPERTY = "XINCLUDE_AWARE";
   public static final String NAMESPACE_AWARE_PROPERTY = "NAMESPACE_AWARE";
   public static final String IGNORE_COMMENTS_PROPERTY = "IGNORE_COMMENTS";
   public static final String IGNORE_ELEMENT_CONTENT_WHITESPACE_PROPERTY = "IGNORE_ELEMENT_CONTENT_WHITESPACE";

   private static final String ACTIVEMQ_CORE_NS = "urn:activemq:core";
   private static final String ACTIVEMQ_JMS_NS = "urn:activemq:jms";

   private static final String ARTEMIS_XML_SCHEMA_SID = "xml.xsd";
   private static final String ARTEMIS_CONFIGURATION_SCHEMA_SID = "artemis-configuration.xsd";
   private static final String ARTEMIS_JMS_SCHEMA_SID = "artemis-jms.xsd";

   private static final String ARTEMIS_SCHEMA_BASE_URL = "schema/";
   private static final String ARTEMIS_XML_SCHEMA_URL = ARTEMIS_SCHEMA_BASE_URL + ARTEMIS_XML_SCHEMA_SID;
   private static final String ARTEMIS_CONFIGURATION_SCHEMA_URL = ARTEMIS_SCHEMA_BASE_URL + ARTEMIS_CONFIGURATION_SCHEMA_SID;
   private static final String ARTEMIS_JMS_SCHEMA_URL = ARTEMIS_SCHEMA_BASE_URL + ARTEMIS_JMS_SCHEMA_SID;

   private static boolean xxeEnabled = !"".equals(System.getProperty(ARTEMIS_DISABLE_XXE_PROPERTY)) &&
      !Boolean.parseBoolean(System.getProperty(ARTEMIS_DISABLE_XXE_PROPERTY, Boolean.FALSE.toString()));

   public static boolean isXxeEnabled() {
      return xxeEnabled;
   }

   public static void setXxeEnabled(boolean enabled) {
      xxeEnabled = enabled;
   }

   public static DocumentBuilder newDocumentBuilder() throws ParserConfigurationException {
      return newDocumentBuilder(null, null);
   }

   public static DocumentBuilder newDocumentBuilder(Map features, Map properties) throws ParserConfigurationException {
      DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();

      if (features != null) {
         for (Map.Entry feature : features.entrySet()) {
            factory.setFeature(feature.getKey(), feature.getValue());
         }
      }

      if (properties != null) {
         for (Map.Entry property : properties.entrySet()) {
            if (XINCLUDE_AWARE_PROPERTY.equals(property.getKey())) {
               factory.setXIncludeAware(property.getValue());
            } else if (NAMESPACE_AWARE_PROPERTY.equals(property.getKey())) {
               factory.setNamespaceAware(property.getValue());
            } else if (IGNORE_COMMENTS_PROPERTY.equals(property.getKey())) {
               factory.setIgnoringComments(property.getValue());
            } else if (IGNORE_ELEMENT_CONTENT_WHITESPACE_PROPERTY.equals(property.getKey())) {
               factory.setIgnoringElementContentWhitespace(property.getValue());
            } else {
               throw new IllegalArgumentException("Property not supported: " + property.getKey());
            }
         }
      }

      if (!isXxeEnabled()) {
         factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
         factory.setFeature("http://xml.org/sax/features/external-general-entities", false);
         factory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
         factory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);

         factory.setXIncludeAware(false);
         factory.setExpandEntityReferences(false);
      }

      return factory.newDocumentBuilder();
   }

   public static XMLStreamReader createXMLStreamReader(InputStream inputStream) throws XMLStreamException {
      XMLInputFactory xmlInputFactory = XMLInputFactory.newInstance();

      if (!isXxeEnabled()) {
         // This disables DTDs entirely for that factory
         xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
         // disable external entities
         xmlInputFactory.setProperty("javax.xml.stream.isSupportingExternalEntities", false);
      }

      return xmlInputFactory.createXMLStreamReader(inputStream);
   }

   public static Schema newSchema(Source schema, Map features) throws SAXException {
      return newSchemaFactory(features).newSchema(schema);
   }

   private static SchemaFactory newSchemaFactory(Map features) throws SAXException {
      SchemaFactory factory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);

      if (features != null) {
         for (Map.Entry feature : features.entrySet()) {
            factory.setFeature(feature.getKey(), feature.getValue());
         }
      }

      if (!isXxeEnabled()) {
         factory.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         factory.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");

         factory.setResourceResolver((type, namespaceURI, publicId, systemId, baseURI) -> {
            if (XMLConstants.W3C_XML_SCHEMA_NS_URI.equals(type) && XMLConstants.XML_NS_URI.equals(namespaceURI) && ARTEMIS_XML_SCHEMA_SID.equals(systemId)) {
               return newLSInput(publicId, systemId, baseURI, Thread.currentThread().getContextClassLoader().getResourceAsStream(ARTEMIS_XML_SCHEMA_URL));
            } else if (XMLConstants.W3C_XML_SCHEMA_NS_URI.equals(type) && ACTIVEMQ_CORE_NS.equals(namespaceURI) && ARTEMIS_CONFIGURATION_SCHEMA_SID.equals(systemId)) {
               return newLSInput(publicId, systemId, baseURI, Thread.currentThread().getContextClassLoader().getResourceAsStream(ARTEMIS_CONFIGURATION_SCHEMA_URL));
            } else if (XMLConstants.W3C_XML_SCHEMA_NS_URI.equals(type) && ACTIVEMQ_JMS_NS.equals(namespaceURI) && ARTEMIS_JMS_SCHEMA_SID.equals(systemId)) {
               return newLSInput(publicId, systemId, baseURI, Thread.currentThread().getContextClassLoader().getResourceAsStream(ARTEMIS_JMS_SCHEMA_URL));
            }

            return null;
         });
      }

      return factory;
   }

   public static Transformer newTransformer() throws TransformerConfigurationException {
      TransformerFactory transformerFactory = TransformerFactory.newInstance();

      if (!isXxeEnabled()) {
         transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
      }

      return transformerFactory.newTransformer();
   }

   public static Validator newValidator(URL schema) throws SAXException {
      Validator validator = newSchemaFactory(null).newSchema(schema).newValidator();

      if (!isXxeEnabled()) {
         validator.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
         validator.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
      }

      return validator;
   }

   private static LSInput newLSInput(String publicId, String systemId, String baseURI, InputStream byteStream) {
      return new LSInput() {
         @Override
         public Reader getCharacterStream() {
            return null;
         }

         @Override
         public void setCharacterStream(Reader reader) {

         }

         @Override
         public InputStream getByteStream() {
            return byteStream;
         }

         @Override
         public void setByteStream(InputStream inputStream) {

         }

         @Override
         public String getStringData() {
            return null;
         }

         @Override
         public void setStringData(String s) {

         }

         @Override
         public String getSystemId() {
            return systemId;
         }

         @Override
         public void setSystemId(String s) {

         }

         @Override
         public String getPublicId() {
            return publicId;
         }

         @Override
         public void setPublicId(String s) {

         }

         @Override
         public String getBaseURI() {
            return baseURI;
         }

         @Override
         public void setBaseURI(String s) {

         }

         @Override
         public String getEncoding() {
            return null;
         }

         @Override
         public void setEncoding(String s) {

         }

         @Override
         public boolean getCertifiedText() {
            return false;
         }

         @Override
         public void setCertifiedText(boolean b) {

         }
      };
   }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy