Fix CVE-2022-2414
This commit is contained in:
wk333
parent
923e34123f
commit
65ef9fa987
929
CVE-2022-2414.patch
Normal file
929
CVE-2022-2414.patch
Normal file
@ -0,0 +1,929 @@
|
||||
From 4551594a1f71ab69f6d0bed1336255ea2a41ac17 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Kelley <ckelley@redhat.com>
|
||||
Date: Fri, 10 Jun 2022 17:25:07 +0100
|
||||
Subject: [PATCH] Disable access to external entities when parsing XML
|
||||
|
||||
Origin: https://github.com/dogtagpki/pki/commit/4551594a1f71ab69f6d0bed1336255ea2a41ac17
|
||||
|
||||
This reduces the vulnerability of XML parsers to XXE (XML external
|
||||
entity) injection.
|
||||
|
||||
The best way to prevent XXE is to stop using XML altogether, which we do
|
||||
plan to do. Until that happens I consider it worthwhile to tighten the
|
||||
security here though.
|
||||
---
|
||||
.../main/java/com/netscape/certsrv/account/Account.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/base/PKIException.java | 4 ++++
|
||||
.../main/java/com/netscape/certsrv/base/RESTMessage.java | 4 ++++
|
||||
.../main/java/com/netscape/certsrv/cert/CertData.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertDataInfo.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertDataInfos.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertEnrollmentRequest.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertRequestInfo.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertRequestInfos.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertRetrievalRequest.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertRevokeRequest.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertSearchRequest.java | 4 ++++
|
||||
.../netscape/certsrv/key/AsymKeyGenerationRequest.java | 1 +
|
||||
.../com/netscape/certsrv/key/KeyArchivalRequest.java | 1 +
|
||||
.../java/com/netscape/certsrv/key/KeyRequestInfo.java | 4 ++++
|
||||
.../netscape/certsrv/key/KeyRequestInfoCollection.java | 4 ++++
|
||||
.../netscape/certsrv/key/SymKeyGenerationRequest.java | 1 +
|
||||
.../com/netscape/certsrv/profile/PolicyConstraint.java | 4 ++++
|
||||
.../netscape/certsrv/profile/PolicyConstraintValue.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/PolicyDefault.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileAttribute.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/ProfileData.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileDataInfo.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileDataInfos.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/ProfileInput.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/ProfileOutput.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileParameter.java | 4 ++++
|
||||
.../com/netscape/certsrv/request/CMSRequestInfo.java | 4 ++++
|
||||
base/common/src/main/java/org/dogtagpki/common/Info.java | 4 ++++
|
||||
.../cms/servlet/csadmin/SecurityDomainProcessor.java | 6 +++++-
|
||||
.../main/java/com/netscape/cmscore/apps/ServerXml.java | 1 +
|
||||
.../main/java/com/netscape/cmsutil/xml/XMLObject.java | 9 +++++++++
|
||||
32 files changed, 122 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/account/Account.java b/base/common/src/main/java/com/netscape/certsrv/account/Account.java
|
||||
index 7447bfa36f1..6aaca9ccde1 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/account/Account.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/account/Account.java
|
||||
@@ -23,6 +23,7 @@
|
||||
import java.util.Collection;
|
||||
import java.util.TreeSet;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -209,6 +210,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(accountElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -224,6 +227,7 @@ public String toXML() throws Exception {
|
||||
public static Account fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java b/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java
|
||||
index f4876f8bd2d..6ea5c3d6fdf 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -158,6 +159,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -173,6 +176,7 @@ public String toXML() throws Exception {
|
||||
public static Data fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java b/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java
|
||||
index a62a1aea0fc..136fcf54a84 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java
|
||||
@@ -10,6 +10,7 @@
|
||||
import java.util.Map;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -317,6 +318,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -332,6 +335,7 @@ public String toXML() throws Exception {
|
||||
public static RESTMessage fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java
|
||||
index 2a47c3c6653..a3a19e71a2e 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java
|
||||
@@ -23,6 +23,7 @@
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Date;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -475,6 +476,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(infoElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -490,6 +493,7 @@ public String toXML() throws Exception {
|
||||
public static CertData fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java
|
||||
index 847e32b0c48..516fac96027 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java
|
||||
@@ -24,6 +24,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Date;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -513,6 +514,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(infoElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -528,6 +531,7 @@ public String toXML() throws Exception {
|
||||
public static CertDataInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java
|
||||
index 8554da4692d..22627396ba6 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -74,6 +75,8 @@ public String toXML() throws Exception {
|
||||
toDOM(document);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -118,6 +121,7 @@ public static CertDataInfos fromDOM(Element infosElement) {
|
||||
public static CertDataInfos fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java
|
||||
index 88de02e755e..f48fa56564f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java
|
||||
@@ -28,6 +28,7 @@
|
||||
import java.util.HashMap;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -514,6 +515,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -527,6 +530,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static CertEnrollmentRequest fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java
|
||||
index 79bff39c93a..b7aa718db5e 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -246,6 +247,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -261,6 +264,7 @@ public String toXML() throws Exception {
|
||||
public static CertRequestInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java
|
||||
index 8365e334f7a..4720bc42fce 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Collection;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -108,6 +109,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -152,6 +155,7 @@ public static CertRequestInfos fromDOM(Element infosElement) {
|
||||
public static CertRequestInfos fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java
|
||||
index db169174d27..bde7e992d3a 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Objects;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -126,6 +127,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(requestElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -141,6 +144,7 @@ public String toXML() throws Exception {
|
||||
public static CertRetrievalRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java
|
||||
index 5f0a9f4d069..709db381a29 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Date;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -226,6 +227,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(requestElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -241,6 +244,7 @@ public String toXML() throws Exception {
|
||||
public static CertRevokeRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java
|
||||
index 1d178b6b7ca..67da3c1b61d 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.util.Objects;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -1079,6 +1080,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(rootElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -1094,6 +1097,7 @@ public String toXML() throws Exception {
|
||||
public static CertSearchRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java
|
||||
index 05303b29faa..fc1fe0fff7f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java
|
||||
@@ -114,6 +114,7 @@ public static AsymKeyGenerationRequest fromDOM(Element element) {
|
||||
public static AsymKeyGenerationRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java
|
||||
index 3152e8880fe..462f2284b66 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java
|
||||
@@ -256,6 +256,7 @@ public static KeyArchivalRequest fromDOM(Element element) {
|
||||
public static KeyArchivalRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java
|
||||
index 8970a70ebaa..dca3f01d42a 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -139,6 +140,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -154,6 +157,7 @@ public String toXML() throws Exception {
|
||||
public static KeyRequestInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java
|
||||
index c471f6985f2..6cc98407a72 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Collection;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -99,6 +100,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -143,6 +146,7 @@ public static KeyRequestInfoCollection fromDOM(Element infosElement) {
|
||||
public static KeyRequestInfoCollection fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java
|
||||
index f86bba27bfa..e7542f6d5af 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java
|
||||
@@ -103,6 +103,7 @@ public static SymKeyGenerationRequest fromDOM(Element element) {
|
||||
public static SymKeyGenerationRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java
|
||||
index 763eaaec9dc..5d43bf187a0 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -228,6 +229,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(accountElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -242,6 +245,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static PolicyConstraint fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java
|
||||
index be84f086cd2..9986837cffc 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -169,6 +170,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pcvElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -183,6 +186,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static PolicyConstraintValue fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java
|
||||
index 49e25989f43..b4602c68e0f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -231,6 +232,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pdElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -245,6 +248,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static PolicyDefault fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java
|
||||
index 0e43db83d9c..7abd149c165 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -180,6 +181,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(accountElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -193,6 +196,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileAttribute fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java
|
||||
index f80c0d55669..7506a7f334e 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java
|
||||
@@ -31,6 +31,7 @@
|
||||
import java.util.Objects;
|
||||
import java.util.Vector;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -554,6 +555,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pdElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -568,6 +571,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileData fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java
|
||||
index 8f1744e76e0..a67d6972429 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Objects;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -177,6 +178,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(profileParameterElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -191,6 +194,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileDataInfo fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java
|
||||
index 7225c83a571..8975bc6d99f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -74,6 +75,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -118,6 +121,7 @@ public static ProfileDataInfos fromDOM(Element infosElement) {
|
||||
public static ProfileDataInfos fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java
|
||||
index 303785da978..aac8f0d0dc7 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java
|
||||
@@ -23,6 +23,7 @@
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -354,6 +355,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -367,6 +370,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileInput fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java
|
||||
index b2442c7fb39..c85bfede2a4 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -234,6 +235,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pdElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -248,6 +251,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileOutput fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java
|
||||
index 55e07b419ca..e868eaccd23 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Objects;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -128,6 +129,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(profileParameterElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -142,6 +145,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileParameter fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java
|
||||
index b6c2fa491e8..661355ae179 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -229,6 +230,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -244,6 +247,7 @@ public String toXML() throws Exception {
|
||||
public static CMSRequestInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/org/dogtagpki/common/Info.java b/base/common/src/main/java/org/dogtagpki/common/Info.java
|
||||
index 0929ada9b05..3d1b693157f 100644
|
||||
--- a/base/common/src/main/java/org/dogtagpki/common/Info.java
|
||||
+++ b/base/common/src/main/java/org/dogtagpki/common/Info.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -183,6 +184,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -198,6 +201,7 @@ public String toXML() throws Exception {
|
||||
public static Info fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
|
||||
index bdd485e89ab..07fae1ad50c 100644
|
||||
--- a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
|
||||
+++ b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
|
||||
@@ -24,6 +24,7 @@
|
||||
import java.util.Locale;
|
||||
import java.util.Vector;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
import javax.xml.transform.Transformer;
|
||||
@@ -697,7 +698,10 @@ public static void main(String args[]) throws Exception {
|
||||
XMLObject xmlObject = convertDomainInfoToXMLObject(before);
|
||||
Document document = xmlObject.getDocument();
|
||||
|
||||
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
|
||||
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
+ Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
|
||||
diff --git a/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java b/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java
|
||||
index 2a02d722a1f..d9ac5727476 100644
|
||||
--- a/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java
|
||||
+++ b/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java
|
||||
@@ -41,6 +41,7 @@ public static ServerXml load(String filename) throws Exception {
|
||||
ServerXml serverXml = new ServerXml();
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(filename);
|
||||
|
||||
diff --git a/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java b/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java
|
||||
index 81fdbf4b2e0..1043bcb477f 100644
|
||||
--- a/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java
|
||||
+++ b/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Vector;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
@@ -56,6 +57,7 @@ public XMLObject() throws ParserConfigurationException {
|
||||
public XMLObject(InputStream s)
|
||||
throws SAXException, IOException, ParserConfigurationException {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
mDoc = docBuilder.parse(s);
|
||||
}
|
||||
@@ -63,6 +65,7 @@ public XMLObject(InputStream s)
|
||||
public XMLObject(File f)
|
||||
throws SAXException, IOException, ParserConfigurationException {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
mDoc = docBuilder.parse(f);
|
||||
}
|
||||
@@ -159,6 +162,8 @@ public Vector<String> getValuesFromContainer(Node container, String tagname) {
|
||||
public byte[] toByteArray() throws TransformerConfigurationException, TransformerException {
|
||||
ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||
TransformerFactory tranFactory = TransformerFactory.newInstance();
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer aTransformer = tranFactory.newTransformer();
|
||||
Source src = new DOMSource(mDoc);
|
||||
Result dest = new StreamResult(bos);
|
||||
@@ -169,6 +174,8 @@ public byte[] toByteArray() throws TransformerConfigurationException, Transforme
|
||||
public void output(OutputStream os)
|
||||
throws TransformerConfigurationException, TransformerException {
|
||||
TransformerFactory tranFactory = TransformerFactory.newInstance();
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer aTransformer = tranFactory.newTransformer();
|
||||
Source src = new DOMSource(mDoc);
|
||||
Result dest = new StreamResult(os);
|
||||
@@ -177,6 +184,8 @@ public void output(OutputStream os)
|
||||
|
||||
public String toXMLString() throws TransformerConfigurationException, TransformerException {
|
||||
TransformerFactory tranFactory = TransformerFactory.newInstance();
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = tranFactory.newTransformer();
|
||||
Source src = new DOMSource(mDoc);
|
||||
StreamResult dest = new StreamResult(new StringWriter());
|
||||
@ -3,12 +3,13 @@
|
||||
|
||||
Name: pki-core
|
||||
Version: 11.0.0
|
||||
Release: 4
|
||||
Release: 5
|
||||
Summary: The PKI Core Package
|
||||
License: GPLv2 and LGPLv2
|
||||
URL: http://www.dogtagpki.org/
|
||||
Source0: https://github.com/dogtagpki/pki/archive/v%{version}/pki-v%{version}.tar.gz
|
||||
Source1: https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz
|
||||
Patch0: CVE-2022-2414.patch
|
||||
BuildRequires: git make cmake >= 2.8.9-1 gcc-c++ zip java-latest-openjdk-devel java-latest-openjdk-headless
|
||||
BuildRequires: ldapjdk >= 4.21.0 apache-commons-cli apache-commons-codec apache-commons-io
|
||||
BuildRequires: apache-commons-lang jakarta-commons-httpclient glassfish-jaxb-api slf4j
|
||||
@ -454,6 +455,9 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jun 28 2023 wangkai <13474090681@163.com> - 11.0.0-5
|
||||
- Fix CVE-2022-2414
|
||||
|
||||
* Tue Apr 18 2023 Ge Wang <wang--ge@126.com> - 11.0.0-4
|
||||
- Fix EBS compile failure caused by lack of openjdk-headless
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user