Compare commits
10 Commits
566454228e
...
0d5d376d7f
| Author | SHA1 | Date | |
|---|---|---|---|
|
0d5d376d7f | ||
|
|
65ef9fa987 | ||
|
|
923e34123f | ||
|
|
65b2aad257 | ||
|
|
d5157fbd55 | ||
|
|
69b4ffe185 | ||
|
|
cb2351063a | ||
|
|
84a733328b | ||
|
|
e31ace945f | ||
|
|
ffd8befa32 |
@ -1,42 +0,0 @@
|
||||
From d57b32e2b4e0f7aa43f8f38e7ce539da6e0e93d7 Mon Sep 17 00:00:00 2001
|
||||
From: Dinesh Prasanth M K <SilleBille@users.noreply.github.com>
|
||||
Date: Wed, 14 Aug 2019 17:36:38 -0400
|
||||
Subject: [PATCH] Fix URL redirection for KRA and OCSP web UI (#241)
|
||||
|
||||
Fixes changes introduced via commit: 2210c2a
|
||||
|
||||
Signed-off-by: Dinesh Prasanth M K <dmoluguw@redhat.com>
|
||||
---
|
||||
base/kra/shared/webapps/kra/services.template | 2 +-
|
||||
base/ocsp/shared/webapps/ocsp/services.template | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/base/kra/shared/webapps/kra/services.template b/base/kra/shared/webapps/kra/services.template
|
||||
index 941fb5277..930b41345 100644
|
||||
--- a/base/kra/shared/webapps/kra/services.template
|
||||
+++ b/base/kra/shared/webapps/kra/services.template
|
||||
@@ -106,7 +106,7 @@ Certificate System DRM Services Page
|
||||
<tr valign="TOP">
|
||||
<td>
|
||||
<td>
|
||||
-<li><font size=4 face="PrimaSans BT, Verdana, sans-serif"><a href="ee/kra">SSL End Users Services</a></font>
|
||||
+<li><font size=4 face="PrimaSans BT, Verdana, sans-serif"><a href="agent/kra">Agent Services</a></font>
|
||||
</font>
|
||||
</td>
|
||||
</tr>
|
||||
diff --git a/base/ocsp/shared/webapps/ocsp/services.template b/base/ocsp/shared/webapps/ocsp/services.template
|
||||
index c1c2839bb..5cc662845 100644
|
||||
--- a/base/ocsp/shared/webapps/ocsp/services.template
|
||||
+++ b/base/ocsp/shared/webapps/ocsp/services.template
|
||||
@@ -106,7 +106,7 @@ Certificate System OCSP Services Page
|
||||
<tr valign="TOP">
|
||||
<td>
|
||||
<td>
|
||||
-<li><font size=4 face="PrimaSans BT, Verdana, sans-serif"><a href="ee/ocsp">SSL End Users Services</a></font>
|
||||
+<li><font size=4 face="PrimaSans BT, Verdana, sans-serif"><a href="agent/ocsp">Agent Services</a></font>
|
||||
</font>
|
||||
</td>
|
||||
</tr>
|
||||
--
|
||||
2.21.0
|
||||
|
||||
929
CVE-2022-2414.patch
Normal file
929
CVE-2022-2414.patch
Normal file
@ -0,0 +1,929 @@
|
||||
From 4551594a1f71ab69f6d0bed1336255ea2a41ac17 Mon Sep 17 00:00:00 2001
|
||||
From: Chris Kelley <ckelley@redhat.com>
|
||||
Date: Fri, 10 Jun 2022 17:25:07 +0100
|
||||
Subject: [PATCH] Disable access to external entities when parsing XML
|
||||
|
||||
Origin: https://github.com/dogtagpki/pki/commit/4551594a1f71ab69f6d0bed1336255ea2a41ac17
|
||||
|
||||
This reduces the vulnerability of XML parsers to XXE (XML external
|
||||
entity) injection.
|
||||
|
||||
The best way to prevent XXE is to stop using XML altogether, which we do
|
||||
plan to do. Until that happens I consider it worthwhile to tighten the
|
||||
security here though.
|
||||
---
|
||||
.../main/java/com/netscape/certsrv/account/Account.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/base/PKIException.java | 4 ++++
|
||||
.../main/java/com/netscape/certsrv/base/RESTMessage.java | 4 ++++
|
||||
.../main/java/com/netscape/certsrv/cert/CertData.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertDataInfo.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertDataInfos.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertEnrollmentRequest.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertRequestInfo.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/cert/CertRequestInfos.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertRetrievalRequest.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertRevokeRequest.java | 4 ++++
|
||||
.../com/netscape/certsrv/cert/CertSearchRequest.java | 4 ++++
|
||||
.../netscape/certsrv/key/AsymKeyGenerationRequest.java | 1 +
|
||||
.../com/netscape/certsrv/key/KeyArchivalRequest.java | 1 +
|
||||
.../java/com/netscape/certsrv/key/KeyRequestInfo.java | 4 ++++
|
||||
.../netscape/certsrv/key/KeyRequestInfoCollection.java | 4 ++++
|
||||
.../netscape/certsrv/key/SymKeyGenerationRequest.java | 1 +
|
||||
.../com/netscape/certsrv/profile/PolicyConstraint.java | 4 ++++
|
||||
.../netscape/certsrv/profile/PolicyConstraintValue.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/PolicyDefault.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileAttribute.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/ProfileData.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileDataInfo.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileDataInfos.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/ProfileInput.java | 4 ++++
|
||||
.../java/com/netscape/certsrv/profile/ProfileOutput.java | 4 ++++
|
||||
.../com/netscape/certsrv/profile/ProfileParameter.java | 4 ++++
|
||||
.../com/netscape/certsrv/request/CMSRequestInfo.java | 4 ++++
|
||||
base/common/src/main/java/org/dogtagpki/common/Info.java | 4 ++++
|
||||
.../cms/servlet/csadmin/SecurityDomainProcessor.java | 6 +++++-
|
||||
.../main/java/com/netscape/cmscore/apps/ServerXml.java | 1 +
|
||||
.../main/java/com/netscape/cmsutil/xml/XMLObject.java | 9 +++++++++
|
||||
32 files changed, 122 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/account/Account.java b/base/common/src/main/java/com/netscape/certsrv/account/Account.java
|
||||
index 7447bfa36f1..6aaca9ccde1 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/account/Account.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/account/Account.java
|
||||
@@ -23,6 +23,7 @@
|
||||
import java.util.Collection;
|
||||
import java.util.TreeSet;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -209,6 +210,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(accountElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -224,6 +227,7 @@ public String toXML() throws Exception {
|
||||
public static Account fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java b/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java
|
||||
index f4876f8bd2d..6ea5c3d6fdf 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
|
||||
import javax.ws.rs.core.Response;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -158,6 +159,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -173,6 +176,7 @@ public String toXML() throws Exception {
|
||||
public static Data fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java b/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java
|
||||
index a62a1aea0fc..136fcf54a84 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java
|
||||
@@ -10,6 +10,7 @@
|
||||
import java.util.Map;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -317,6 +318,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -332,6 +335,7 @@ public String toXML() throws Exception {
|
||||
public static RESTMessage fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java
|
||||
index 2a47c3c6653..a3a19e71a2e 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java
|
||||
@@ -23,6 +23,7 @@
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Date;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -475,6 +476,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(infoElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -490,6 +493,7 @@ public String toXML() throws Exception {
|
||||
public static CertData fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java
|
||||
index 847e32b0c48..516fac96027 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java
|
||||
@@ -24,6 +24,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Date;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -513,6 +514,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(infoElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -528,6 +531,7 @@ public String toXML() throws Exception {
|
||||
public static CertDataInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java
|
||||
index 8554da4692d..22627396ba6 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -74,6 +75,8 @@ public String toXML() throws Exception {
|
||||
toDOM(document);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -118,6 +121,7 @@ public static CertDataInfos fromDOM(Element infosElement) {
|
||||
public static CertDataInfos fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java
|
||||
index 88de02e755e..f48fa56564f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java
|
||||
@@ -28,6 +28,7 @@
|
||||
import java.util.HashMap;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -514,6 +515,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -527,6 +530,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static CertEnrollmentRequest fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java
|
||||
index 79bff39c93a..b7aa718db5e 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -246,6 +247,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -261,6 +264,7 @@ public String toXML() throws Exception {
|
||||
public static CertRequestInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java
|
||||
index 8365e334f7a..4720bc42fce 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Collection;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -108,6 +109,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -152,6 +155,7 @@ public static CertRequestInfos fromDOM(Element infosElement) {
|
||||
public static CertRequestInfos fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java
|
||||
index db169174d27..bde7e992d3a 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Objects;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -126,6 +127,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(requestElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -141,6 +144,7 @@ public String toXML() throws Exception {
|
||||
public static CertRetrievalRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java
|
||||
index 5f0a9f4d069..709db381a29 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Date;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -226,6 +227,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(requestElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -241,6 +244,7 @@ public String toXML() throws Exception {
|
||||
public static CertRevokeRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java
|
||||
index 1d178b6b7ca..67da3c1b61d 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.util.Objects;
|
||||
|
||||
import javax.ws.rs.core.MultivaluedMap;
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -1079,6 +1080,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(rootElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -1094,6 +1097,7 @@ public String toXML() throws Exception {
|
||||
public static CertSearchRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java
|
||||
index 05303b29faa..fc1fe0fff7f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java
|
||||
@@ -114,6 +114,7 @@ public static AsymKeyGenerationRequest fromDOM(Element element) {
|
||||
public static AsymKeyGenerationRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java
|
||||
index 3152e8880fe..462f2284b66 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java
|
||||
@@ -256,6 +256,7 @@ public static KeyArchivalRequest fromDOM(Element element) {
|
||||
public static KeyArchivalRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java
|
||||
index 8970a70ebaa..dca3f01d42a 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -139,6 +140,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -154,6 +157,7 @@ public String toXML() throws Exception {
|
||||
public static KeyRequestInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java
|
||||
index c471f6985f2..6cc98407a72 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Collection;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -99,6 +100,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -143,6 +146,7 @@ public static KeyRequestInfoCollection fromDOM(Element infosElement) {
|
||||
public static KeyRequestInfoCollection fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java
|
||||
index f86bba27bfa..e7542f6d5af 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java
|
||||
@@ -103,6 +103,7 @@ public static SymKeyGenerationRequest fromDOM(Element element) {
|
||||
public static SymKeyGenerationRequest fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java
|
||||
index 763eaaec9dc..5d43bf187a0 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -228,6 +229,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(accountElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -242,6 +245,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static PolicyConstraint fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java
|
||||
index be84f086cd2..9986837cffc 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -169,6 +170,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pcvElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -183,6 +186,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static PolicyConstraintValue fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java
|
||||
index 49e25989f43..b4602c68e0f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -231,6 +232,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pdElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -245,6 +248,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static PolicyDefault fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java
|
||||
index 0e43db83d9c..7abd149c165 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -180,6 +181,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(accountElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -193,6 +196,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileAttribute fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java
|
||||
index f80c0d55669..7506a7f334e 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java
|
||||
@@ -31,6 +31,7 @@
|
||||
import java.util.Objects;
|
||||
import java.util.Vector;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -554,6 +555,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pdElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -568,6 +571,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileData fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java
|
||||
index 8f1744e76e0..a67d6972429 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Objects;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -177,6 +178,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(profileParameterElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -191,6 +194,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileDataInfo fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java
|
||||
index 7225c83a571..8975bc6d99f 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -74,6 +75,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -118,6 +121,7 @@ public static ProfileDataInfos fromDOM(Element infosElement) {
|
||||
public static ProfileDataInfos fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java
|
||||
index 303785da978..aac8f0d0dc7 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java
|
||||
@@ -23,6 +23,7 @@
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -354,6 +355,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -367,6 +370,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileInput fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java
|
||||
index b2442c7fb39..c85bfede2a4 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java
|
||||
@@ -22,6 +22,7 @@
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -234,6 +235,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(pdElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -248,6 +251,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileOutput fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java
|
||||
index 55e07b419ca..e868eaccd23 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Objects;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -128,6 +129,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(profileParameterElement);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -142,6 +145,7 @@ public String toXML() throws Exception {
|
||||
|
||||
public static ProfileParameter fromXML(String xml) throws Exception {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java
|
||||
index b6c2fa491e8..661355ae179 100644
|
||||
--- a/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java
|
||||
+++ b/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java
|
||||
@@ -20,6 +20,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -229,6 +230,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -244,6 +247,7 @@ public String toXML() throws Exception {
|
||||
public static CMSRequestInfo fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/common/src/main/java/org/dogtagpki/common/Info.java b/base/common/src/main/java/org/dogtagpki/common/Info.java
|
||||
index 0929ada9b05..3d1b693157f 100644
|
||||
--- a/base/common/src/main/java/org/dogtagpki/common/Info.java
|
||||
+++ b/base/common/src/main/java/org/dogtagpki/common/Info.java
|
||||
@@ -21,6 +21,7 @@
|
||||
import java.io.StringReader;
|
||||
import java.io.StringWriter;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
@@ -183,6 +184,8 @@ public String toXML() throws Exception {
|
||||
document.appendChild(element);
|
||||
|
||||
TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
@@ -198,6 +201,7 @@ public String toXML() throws Exception {
|
||||
public static Info fromXML(String xml) throws Exception {
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(new InputSource(new StringReader(xml)));
|
||||
|
||||
diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
|
||||
index bdd485e89ab..07fae1ad50c 100644
|
||||
--- a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
|
||||
+++ b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java
|
||||
@@ -24,6 +24,7 @@
|
||||
import java.util.Locale;
|
||||
import java.util.Vector;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
import javax.xml.transform.OutputKeys;
|
||||
import javax.xml.transform.Transformer;
|
||||
@@ -697,7 +698,10 @@ public static void main(String args[]) throws Exception {
|
||||
XMLObject xmlObject = convertDomainInfoToXMLObject(before);
|
||||
Document document = xmlObject.getDocument();
|
||||
|
||||
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
|
||||
+ TransformerFactory transformerFactory = TransformerFactory.newInstance();
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
+ Transformer transformer = transformerFactory.newTransformer();
|
||||
transformer.setOutputProperty(OutputKeys.INDENT, "yes");
|
||||
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
|
||||
|
||||
diff --git a/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java b/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java
|
||||
index 2a02d722a1f..d9ac5727476 100644
|
||||
--- a/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java
|
||||
+++ b/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java
|
||||
@@ -41,6 +41,7 @@ public static ServerXml load(String filename) throws Exception {
|
||||
ServerXml serverXml = new ServerXml();
|
||||
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder builder = factory.newDocumentBuilder();
|
||||
Document document = builder.parse(filename);
|
||||
|
||||
diff --git a/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java b/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java
|
||||
index 81fdbf4b2e0..1043bcb477f 100644
|
||||
--- a/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java
|
||||
+++ b/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java
|
||||
@@ -25,6 +25,7 @@
|
||||
import java.io.StringWriter;
|
||||
import java.util.Vector;
|
||||
|
||||
+import javax.xml.XMLConstants;
|
||||
import javax.xml.parsers.DocumentBuilder;
|
||||
import javax.xml.parsers.DocumentBuilderFactory;
|
||||
import javax.xml.parsers.ParserConfigurationException;
|
||||
@@ -56,6 +57,7 @@ public XMLObject() throws ParserConfigurationException {
|
||||
public XMLObject(InputStream s)
|
||||
throws SAXException, IOException, ParserConfigurationException {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
mDoc = docBuilder.parse(s);
|
||||
}
|
||||
@@ -63,6 +65,7 @@ public XMLObject(InputStream s)
|
||||
public XMLObject(File f)
|
||||
throws SAXException, IOException, ParserConfigurationException {
|
||||
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
|
||||
+ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
|
||||
DocumentBuilder docBuilder = factory.newDocumentBuilder();
|
||||
mDoc = docBuilder.parse(f);
|
||||
}
|
||||
@@ -159,6 +162,8 @@ public Vector<String> getValuesFromContainer(Node container, String tagname) {
|
||||
public byte[] toByteArray() throws TransformerConfigurationException, TransformerException {
|
||||
ByteArrayOutputStream bos = new ByteArrayOutputStream();
|
||||
TransformerFactory tranFactory = TransformerFactory.newInstance();
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer aTransformer = tranFactory.newTransformer();
|
||||
Source src = new DOMSource(mDoc);
|
||||
Result dest = new StreamResult(bos);
|
||||
@@ -169,6 +174,8 @@ public byte[] toByteArray() throws TransformerConfigurationException, Transforme
|
||||
public void output(OutputStream os)
|
||||
throws TransformerConfigurationException, TransformerException {
|
||||
TransformerFactory tranFactory = TransformerFactory.newInstance();
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer aTransformer = tranFactory.newTransformer();
|
||||
Source src = new DOMSource(mDoc);
|
||||
Result dest = new StreamResult(os);
|
||||
@@ -177,6 +184,8 @@ public void output(OutputStream os)
|
||||
|
||||
public String toXMLString() throws TransformerConfigurationException, TransformerException {
|
||||
TransformerFactory tranFactory = TransformerFactory.newInstance();
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
|
||||
+ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
|
||||
Transformer transformer = tranFactory.newTransformer();
|
||||
Source src = new DOMSource(mDoc);
|
||||
StreamResult dest = new StreamResult(new StringWriter());
|
||||
Binary file not shown.
@ -1,25 +1,21 @@
|
||||
%define package_option() %bcond_with %1
|
||||
%define debug_package %{nil}
|
||||
%define _unpackaged_files_terminate_build 0
|
||||
|
||||
Name: pki-core
|
||||
Version: 10.7.3
|
||||
Release: 4
|
||||
Version: 11.0.0
|
||||
Release: 5
|
||||
Summary: The PKI Core Package
|
||||
License: GPLv2 and LGPLv2
|
||||
URL: http://www.dogtagpki.org/
|
||||
Source0: https://github.com/dogtagpki/pki/archive/v%{version}/pki-%{version}.tar.gz
|
||||
Source0: https://github.com/dogtagpki/pki/archive/v%{version}/pki-v%{version}.tar.gz
|
||||
Source1: https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz
|
||||
Patch1: 0001-Fix-URL-redirection-for-KRA-and-OCSP-web-UI-241.patch
|
||||
Patch2: remove-sslget-V-option.patch
|
||||
Patch3: remove-revoker-V-option.patch
|
||||
|
||||
BuildRequires: git make cmake >= 2.8.9-1 gcc-c++ zip java-1.8.0-openjdk-devel
|
||||
Patch0: CVE-2022-2414.patch
|
||||
BuildRequires: git make cmake >= 2.8.9-1 gcc-c++ zip java-latest-openjdk-devel java-latest-openjdk-headless
|
||||
BuildRequires: ldapjdk >= 4.21.0 apache-commons-cli apache-commons-codec apache-commons-io
|
||||
BuildRequires: apache-commons-lang jakarta-commons-httpclient glassfish-jaxb-api slf4j
|
||||
BuildRequires: slf4j-jdk14 nspr-devel nss-devel >= 3.36.1 python3-lxml python3-sphinx
|
||||
BuildRequires: velocity xalan-j2 xerces-j2 resteasy-jackson2-provider >= 3.0.17-1
|
||||
BuildRequires: jboss-annotations-1.2-api jboss-jaxrs-2.0-api jboss-logging
|
||||
BuildRequires: jboss-annotations-1.2-api jboss-jaxrs-2.0-api jboss-logging apache-commons-net
|
||||
BuildRequires: resteasy-atom-provider >= 3.0.17-1 resteasy-client >= 3.0.17-1
|
||||
BuildRequires: resteasy-jaxb-provider >= 3.0.17-1 resteasy-core >= 3.0.17-1
|
||||
BuildRequires: python3 python3-devel python3-cryptography python3-ldap python3-libselinux
|
||||
@ -29,7 +25,8 @@ BuildRequires: python3 python3-devel python3-cryptography python3-lxml pyt
|
||||
BuildRequires: python3-nss python3-requests >= 2.6.0 systemd-units tomcat >= 1:9.0.7
|
||||
BuildRequires: junit jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 tomcatjss >= 7.4.1
|
||||
BuildRequires: apr-devel apr-util-devel cyrus-sasl-devel httpd-devel >= 2.4.2 pcre-devel
|
||||
BuildRequires: systemd zlib zlib-devel nss-tools openssl golang
|
||||
BuildRequires: systemd zlib zlib-devel nss-tools openssl golang chrpath
|
||||
BuildRequires: java-1.8.0-openjdk-headless java-11-openjdk-headless
|
||||
%description
|
||||
Dogtag PKI is a designed enterprise software system
|
||||
manage enterprise Public Key Infrastructure deployments.
|
||||
@ -38,7 +35,7 @@ manage enterprise Public Key Infrastructure deployments.
|
||||
|
||||
%package -n pki-symkey
|
||||
Summary: The PKI Symmetric Key Package
|
||||
Requires: java-1.8.0-openjdk-headless jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0
|
||||
Requires: java-latest-openjdk-headless jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0
|
||||
Requires: nss >= 3.38.0
|
||||
Conflicts: pki-symkey < %{version} pki-javadoc < %{version}
|
||||
Conflicts: pki-server-theme < %{version} pki-console-theme < %{version}
|
||||
@ -62,7 +59,8 @@ Summary: The PKI Python 3 Package
|
||||
BuildArch: noarch
|
||||
Obsoletes: pki-base-python3 < %{version}
|
||||
Provides: pki-base-python3 = %{version}
|
||||
%{?python_provide:%python_provide python3-pki}
|
||||
Provides: python3-pki = %{version}
|
||||
Provides: python-pki = %{version}
|
||||
Requires: pki-base = %{version} python3-cryptography python3-lxml
|
||||
Requires: python3-requests >= 2.6.0 python3-six python3-nss
|
||||
%description -n python3-pki
|
||||
@ -71,7 +69,7 @@ This package is included in the Python 3 PKI client library .
|
||||
%package -n pki-base-java
|
||||
Summary: The PKI Base Java Package
|
||||
BuildArch: noarch
|
||||
Requires: java-1.8.0-openjdk-headless apache-commons-cli apache-commons-codec
|
||||
Requires: java-latest-openjdk-headless apache-commons-cli apache-commons-codec
|
||||
Requires: apache-commons-io apache-commons-lang apache-commons-logging
|
||||
Requires: jakarta-commons-httpclient glassfish-jaxb-api slf4j slf4j-jdk14
|
||||
Requires: jpackage-utils >= 0:1.7.5-10 jss >= 4.6.0 pki-base = %{version}
|
||||
@ -208,9 +206,12 @@ The PKI console is a Java application used to manage the PKI server.
|
||||
tar -xf %{SOURCE1}
|
||||
|
||||
%build
|
||||
openjdk_latest_version=`rpm -qi java-latest-openjdk-headless | grep Version | cut -b 15-16`
|
||||
java_home=/usr/lib/jvm/jre-${openjdk_latest_version}-openjdk
|
||||
|
||||
tomcat_version=`/usr/sbin/tomcat version | sed -n 's/Server number: *\([0-9]\+\.[0-9]\+\).*/\1/p'`
|
||||
if [ $tomcat_version == "9.0" ]; then
|
||||
app_server=tomcat-8.5
|
||||
app_server=tomcat-9.0
|
||||
else
|
||||
app_server=tomcat-$tomcat_version
|
||||
fi
|
||||
@ -224,7 +225,7 @@ cd build
|
||||
|
||||
%cmake \
|
||||
--no-warn-unused-cli -DVERSION=%{version}-%{release} \
|
||||
-DVAR_INSTALL_DIR:PATH=/var -DJAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk \
|
||||
-DVAR_INSTALL_DIR:PATH=/var -DJAVA_HOME=${java_home} \
|
||||
-DJAVA_LIB_INSTALL_DIR=%{_jnidir} -DSYSTEMD_LIB_INSTALL_DIR=%{_unitdir} \
|
||||
-DAPP_SERVER=$app_server \
|
||||
-DJAXRS_API_JAR=/usr/share/java/jboss-jaxrs-2.0-api.jar \
|
||||
@ -254,6 +255,12 @@ cd build
|
||||
ln -sf /usr/share/java/jboss-annotations-1.2-api/jboss-annotations-api_1.2_spec.jar\
|
||||
%{buildroot}%{_datadir}/pki/server/common/lib/jboss-annotations-api_1.2_spec.jar
|
||||
|
||||
chrpath -d %{buildroot}/%{_bindir}/tpsclient
|
||||
chrpath -d %{buildroot}/%{_libdir}/tps/libtokendb.so
|
||||
chrpath -d %{buildroot}/%{_libdir}/tps/libtps.so
|
||||
mkdir -p %{buildroot}/etc/ld.so.conf.d
|
||||
echo "%{_libdir}/tps" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
|
||||
|
||||
%pretrans -n pki-base -p <lua>
|
||||
function test(a)
|
||||
if posix.stat(a) then
|
||||
@ -314,11 +321,16 @@ then
|
||||
systemctl daemon-reload
|
||||
fi
|
||||
|
||||
%post -n pki-tps
|
||||
/sbin/ldconfig
|
||||
|
||||
%postun -n pki-tps
|
||||
/sbin/ldconfig
|
||||
|
||||
%files -n pki-symkey
|
||||
%doc base/symkey/LICENSE
|
||||
%{_jnidir}/symkey.jar
|
||||
%{_libdir}/symkey/
|
||||
%exclude %{buildroot}%{_datadir}/pki/lib/scannotation.jar
|
||||
|
||||
%files -n pki-base
|
||||
%doc base/common/LICENSE
|
||||
@ -326,8 +338,10 @@ fi
|
||||
%doc %{_datadir}/doc/pki-base/html
|
||||
%dir %{_datadir}/pki
|
||||
%{_datadir}/pki/VERSION
|
||||
%{_datadir}/pki/pom.xml
|
||||
%dir %{_datadir}/pki/etc
|
||||
%{_datadir}/pki/etc/{logging.properties,pki.conf}
|
||||
%dir %{_datadir}/pki/lib
|
||||
%dir %{_datadir}/pki/scripts
|
||||
%{_datadir}/pki/{scripts/config,upgrade/,key/templates}
|
||||
%dir %{_sysconfdir}/pki
|
||||
@ -350,13 +364,12 @@ fi
|
||||
%{python3_sitelib}/pki
|
||||
|
||||
%files -n pki-tools
|
||||
%doc base/native-tools/LICENSE base/native-tools/doc/README
|
||||
%doc base/tools/LICENSE base/tools/doc/README
|
||||
%{_bindir}/{pki,p7tool,revoker,setpin}
|
||||
%{_bindir}/{sslget,tkstool,AtoB,AuditVerify}
|
||||
%{_datadir}/pki/native-tools/
|
||||
%{_bindir}/{sslget,tkstool,AtoB,AuditVerify}
|
||||
%{_bindir}/{BtoA,CMCEnroll,CMCRequest}
|
||||
%{_bindir}/{CMCResponse,CMCRevoke}
|
||||
%{_bindir}/{CMCSharedToken,CRMFPopClient}
|
||||
%{_bindir}/{CMCResponse,CMCRevoke,p12tool}
|
||||
%{_bindir}/{CMCSharedToken,CRMFPopClient,pistool}
|
||||
%{_bindir}/DRMTool
|
||||
%{_bindir}/ExtJoiner
|
||||
%{_bindir}/{GenExtKeyUsage,GenIssuerAltNameExt}
|
||||
@ -365,15 +378,18 @@ fi
|
||||
%{_bindir}/{PKCS12Export,PKICertImport}
|
||||
%{_bindir}/{PrettyPrintCert,PrettyPrintCrl,TokenInfo}
|
||||
%{_javadir}/pki/pki-tools.jar
|
||||
%{_datadir}/pki/java-tools/
|
||||
%{_datadir}/pki/tools/
|
||||
%{_datadir}/pki/lib/p11-kit-trust.so
|
||||
|
||||
%files -n pki-server
|
||||
%doc base/common/THIRD_PARTY_LICENSES
|
||||
%doc base/server/{LICENSE,README}
|
||||
%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki
|
||||
%attr(755,-,-) %dir %{_sysconfdir}/sysconfig/pki/tomcat
|
||||
%{_sbindir}/{pkispawn,pkidestroy,pki-server,pki-server-upgrade}
|
||||
%{_sbindir}/{pkispawn,pkidestroy,pki-server,pki-server-upgrade,pki-healthcheck}
|
||||
%{python3_sitelib}/pki/server/
|
||||
%{python3_sitelib}/pkihealthcheck-*.egg-info/
|
||||
%config(noreplace) %{_sysconfdir}/pki/healthcheck.conf
|
||||
%{_datadir}/pki/etc/tomcat.conf
|
||||
%dir %{_datadir}/pki/deployment
|
||||
%{_datadir}/pki/deployment/config/
|
||||
@ -423,9 +439,10 @@ fi
|
||||
%{_datadir}/pki/tps/{applets/,conf/,setup/,webapps/}
|
||||
%{_bindir}/tpsclient
|
||||
%{_libdir}/tps/{libtps.so,libtokendb.so}
|
||||
%config(noreplace) /etc/ld.so.conf.d/*
|
||||
|
||||
%files -n pki-help
|
||||
%{_javadocdir}/pki-%{version}/
|
||||
%{_javadocdir}/pki/
|
||||
%{_mandir}/man1/*
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/man8/*
|
||||
@ -438,6 +455,21 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Jun 28 2023 wangkai <13474090681@163.com> - 11.0.0-5
|
||||
- Fix CVE-2022-2414
|
||||
|
||||
* Tue Apr 18 2023 Ge Wang <wang--ge@126.com> - 11.0.0-4
|
||||
- Fix EBS compile failure caused by lack of openjdk-headless
|
||||
|
||||
* Wed Nov 23 2022 wulei <wulei80@h-partners.com> - 11.0.0-3
|
||||
- Rectify the pki-core compilation failure caused by the openjdk-latest upgrade
|
||||
|
||||
* Wed Aug 24 2022 wangkai <wangkai385@h-partners.com> - 11.0.0-2
|
||||
- Remove rpath and enable debuginfo
|
||||
|
||||
* Thu Jun 16 2022 liyanan <liyanan32@h-partners.com> - 11.0.0-1
|
||||
- Update to 11.0.0
|
||||
|
||||
* Mon Oct 11 2021 wangyue <wangyue92@huawei.com> - 10.7.3-4
|
||||
- remove sslget and revoker -V option
|
||||
|
||||
|
||||
BIN
pki-v11.0.0.tar.gz
Normal file
BIN
pki-v11.0.0.tar.gz
Normal file
Binary file not shown.
@ -1,78 +0,0 @@
|
||||
From d39e6a872df75ca34d6960f0f1294f84e1290ea4 Mon Sep 17 00:00:00 2001
|
||||
From: rpm-build <rpm-build>
|
||||
Date: Mon, 11 Oct 2021 15:42:09 +0800
|
||||
Subject: [PATCH] 2
|
||||
|
||||
---
|
||||
base/native-tools/src/revoker/revoker.c | 39 ++++++++++---------------
|
||||
1 file changed, 15 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/base/native-tools/src/revoker/revoker.c b/base/native-tools/src/revoker/revoker.c
|
||||
index b7ff4ea..89ad2ad 100644
|
||||
--- a/base/native-tools/src/revoker/revoker.c
|
||||
+++ b/base/native-tools/src/revoker/revoker.c
|
||||
@@ -94,8 +94,6 @@ int getopt(int ac, char * const av[], const char * opts);
|
||||
#endif /* XP_PC */
|
||||
/*end secopt.h*/
|
||||
|
||||
-#define VERSIONSTRING "$Revision$ ($Date$)"
|
||||
-
|
||||
#ifndef PORT_Sprintf
|
||||
#define PORT_Sprintf sprintf
|
||||
#endif
|
||||
@@ -137,21 +135,20 @@ static void
|
||||
Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
- "Usage: %s -s serialNum -n rsa_nickname [-p password | -w pwfile ] [-d dbdir] \n"
|
||||
- " [-v] [-V] [-u] [-r reasoncode] [-i numberOfHours] hostname[:port]\n"
|
||||
- " serialNum: List of serial numbers to revoke, in hex, e.g. '0x31' or '0x44,0x643,0x22'\n"
|
||||
- " reasoncode: integer from 0 to 6, as follows\n"
|
||||
- " 0 = Unspecified (default)\n"
|
||||
- " 1 = Key compromised\n"
|
||||
- " 2 = CA key compromised\n"
|
||||
- " 3 = Affiliation changed\n"
|
||||
- " 4 = Certificate superseded\n"
|
||||
- " 5 = Cessation of operation\n"
|
||||
- " 6 = Certificate is on hold\n"
|
||||
- " -u : unrevoke (take off hold)\n"
|
||||
- " -v : verbose\n"
|
||||
- " -V : report version information\n",
|
||||
- progName);
|
||||
+ "Usage: %s -s serialNum -n rsa_nickname [-p password | -w pwfile ] [-d dbdir] \n"
|
||||
+ " [-v] [-u] [-r reasoncode] [-i numberOfHours] hostname[:port]\n"
|
||||
+ " serialNum: List of serial numbers to revoke, in hex, e.g. '0x31' or '0x44,0x643,0x22'\n"
|
||||
+ " reasoncode: integer from 0 to 6, as follows\n"
|
||||
+ " 0 = Unspecified (default)\n"
|
||||
+ " 1 = Key compromised\n"
|
||||
+ " 2 = CA key compromised\n"
|
||||
+ " 3 = Affiliation changed\n"
|
||||
+ " 4 = Certificate superseded\n"
|
||||
+ " 5 = Cessation of operation\n"
|
||||
+ " 6 = Certificate is on hold\n"
|
||||
+ " -u : unrevoke (take off hold)\n"
|
||||
+ " -v : verbose\n",
|
||||
+ progName);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@@ -745,15 +742,9 @@ main(int argc, char **argv)
|
||||
progName = progName ? progName + 1 : tmp;
|
||||
|
||||
|
||||
- while ((optchar = getopt(argc, argv, "Vd:n:p:s:r:i:w:uv")) != -1) {
|
||||
+ while ((optchar = getopt(argc, argv, "d:n:p:s:r:i:w:uv")) != -1) {
|
||||
switch(optchar) {
|
||||
|
||||
-/* Version */
|
||||
- case 'V':
|
||||
- printf("%s\n",VERSIONSTRING);
|
||||
- PR_Cleanup();
|
||||
- return 0;
|
||||
-
|
||||
/* Directory which holds NSS database */
|
||||
case 'd':
|
||||
dir = optarg;
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,62 +0,0 @@
|
||||
From bf0fc39a800136fc25c4dca488c6058178bd74ab Mon Sep 17 00:00:00 2001
|
||||
From: Alexander Scheel <ascheel@redhat.com>
|
||||
Date: Tue, 18 Feb 2020 15:59:12 -0500
|
||||
Subject: [PATCH] Remove sslget -V option
|
||||
|
||||
Since we haven't used SVN in a while, $Revision$ and $Date$
|
||||
no longer update. Remove the -V option instead of passing in
|
||||
a valid version number.
|
||||
|
||||
Signed-off-by: Alexander Scheel <ascheel@redhat.com>
|
||||
---
|
||||
base/native-tools/src/sslget/sslget.c | 21 ++++++---------------
|
||||
1 file changed, 6 insertions(+), 15 deletions(-)
|
||||
|
||||
diff --git a/base/native-tools/src/sslget/sslget.c b/base/native-tools/src/sslget/sslget.c
|
||||
index 4f3ebc4500..f115b21347 100644
|
||||
--- a/base/native-tools/src/sslget/sslget.c
|
||||
+++ b/base/native-tools/src/sslget/sslget.c
|
||||
@@ -96,8 +96,6 @@ int getopt(int ac, char * const av[], const char * opts);
|
||||
#endif /* XP_PC */
|
||||
/*end secopt.h*/
|
||||
|
||||
-#define VERSIONSTRING "$Revision$ ($Date$)"
|
||||
-
|
||||
#ifndef PORT_Sprintf
|
||||
#define PORT_Sprintf sprintf
|
||||
#endif
|
||||
@@ -140,12 +138,11 @@ static void
|
||||
Usage(const char *progName)
|
||||
{
|
||||
fprintf(stderr,
|
||||
- "Usage: %s [-n nickname] [-p password | -w pwfile ] [-d dbdir] \n"
|
||||
- " [-e post] [-v] [-V] -r url hostname[:port]\n"
|
||||
- " -n : nickname or hsm:nickname\n"
|
||||
- " -v : verbose\n"
|
||||
- " -V : report version information\n",
|
||||
- progName);
|
||||
+ "Usage: %s [-n nickname] [-p password | -w pwfile ] [-d dbdir] \n"
|
||||
+ " [-e post] [-v] -r url hostname[:port]\n"
|
||||
+ " -n : nickname or hsm:nickname\n"
|
||||
+ " -v : verbose\n",
|
||||
+ progName);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@@ -823,15 +820,9 @@ main(int argc, char **argv)
|
||||
progName = progName ? progName + 1 : tmp;
|
||||
|
||||
|
||||
- while ((optchar = getopt(argc, argv, "Vd:e:n:p:r:w:v")) != -1) {
|
||||
+ while ((optchar = getopt(argc, argv, "d:e:n:p:r:w:v")) != -1) {
|
||||
switch(optchar) {
|
||||
|
||||
-/* Version */
|
||||
- case 'V':
|
||||
- printf("%s\n",VERSIONSTRING);
|
||||
- PR_Cleanup();
|
||||
- return 0;
|
||||
-
|
||||
/* Directory which holds NSS database */
|
||||
case 'd':
|
||||
dir = optarg;
|
||||
Loading…
x
Reference in New Issue
Block a user