author | joehw |
Wed, 04 Oct 2017 10:54:18 -0700 | |
changeset 47312 | d4f959806fe9 |
parent 47216 | 71c04702a3d5 |
permissions | -rw-r--r-- |
20964 | 1 |
/* |
47312 | 2 |
* Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. |
20964 | 3 |
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 |
* |
|
5 |
* This code is free software; you can redistribute it and/or modify it |
|
6 |
* under the terms of the GNU General Public License version 2 only, as |
|
7 |
* published by the Free Software Foundation. Oracle designates this |
|
8 |
* particular file as subject to the "Classpath" exception as provided |
|
9 |
* by Oracle in the LICENSE file that accompanied this code. |
|
10 |
* |
|
11 |
* This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 |
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 |
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 |
* version 2 for more details (a copy is included in the LICENSE file that |
|
15 |
* accompanied this code). |
|
16 |
* |
|
17 |
* You should have received a copy of the GNU General Public License version |
|
18 |
* 2 along with this work; if not, write to the Free Software Foundation, |
|
19 |
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 |
* |
|
21 |
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 |
* or visit www.oracle.com if you need additional information or have any |
|
23 |
* questions. |
|
24 |
*/ |
|
25 |
||
26 |
package com.sun.org.apache.xerces.internal.utils; |
|
27 |
||
28 |
import com.sun.org.apache.xerces.internal.impl.Constants; |
|
20973 | 29 |
import com.sun.org.apache.xerces.internal.util.SecurityManager; |
35729
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
30 |
import java.util.concurrent.CopyOnWriteArrayList; |
47312 | 31 |
import jdk.xml.internal.SecuritySupport; |
35729
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
32 |
import org.xml.sax.SAXException; |
20964 | 33 |
|
34 |
/** |
|
35 |
* This class manages standard and implementation-specific limitations. |
|
36 |
* |
|
37 |
*/ |
|
38 |
public final class XMLSecurityManager { |
|
39 |
||
40 |
/** |
|
41 |
* States of the settings of a property, in the order: default value, value |
|
42 |
* set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system |
|
43 |
* properties, and jaxp api properties |
|
44 |
*/ |
|
45 |
public static enum State { |
|
46 |
//this order reflects the overriding order |
|
20968 | 47 |
|
48 |
DEFAULT("default"), FSP("FEATURE_SECURE_PROCESSING"), |
|
49 |
JAXPDOTPROPERTIES("jaxp.properties"), SYSTEMPROPERTY("system property"), |
|
50 |
APIPROPERTY("property"); |
|
51 |
||
52 |
final String literal; |
|
53 |
State(String literal) { |
|
54 |
this.literal = literal; |
|
55 |
} |
|
56 |
||
57 |
String literal() { |
|
58 |
return literal; |
|
59 |
} |
|
20964 | 60 |
} |
61 |
||
62 |
/** |
|
63 |
* Limits managed by the security manager |
|
64 |
*/ |
|
65 |
public static enum Limit { |
|
20968 | 66 |
|
33352 | 67 |
ENTITY_EXPANSION_LIMIT("EntityExpansionLimit", |
68 |
Constants.JDK_ENTITY_EXPANSION_LIMIT, Constants.SP_ENTITY_EXPANSION_LIMIT, 0, 64000), |
|
69 |
MAX_OCCUR_NODE_LIMIT("MaxOccurLimit", |
|
70 |
Constants.JDK_MAX_OCCUR_LIMIT, Constants.SP_MAX_OCCUR_LIMIT, 0, 5000), |
|
71 |
ELEMENT_ATTRIBUTE_LIMIT("ElementAttributeLimit", |
|
72 |
Constants.JDK_ELEMENT_ATTRIBUTE_LIMIT, Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, 0, 10000), |
|
73 |
TOTAL_ENTITY_SIZE_LIMIT("TotalEntitySizeLimit", |
|
74 |
Constants.JDK_TOTAL_ENTITY_SIZE_LIMIT, Constants.SP_TOTAL_ENTITY_SIZE_LIMIT, 0, 50000000), |
|
75 |
GENERAL_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", |
|
76 |
Constants.JDK_GENERAL_ENTITY_SIZE_LIMIT, Constants.SP_GENERAL_ENTITY_SIZE_LIMIT, 0, 0), |
|
77 |
PARAMETER_ENTITY_SIZE_LIMIT("MaxEntitySizeLimit", |
|
78 |
Constants.JDK_PARAMETER_ENTITY_SIZE_LIMIT, Constants.SP_PARAMETER_ENTITY_SIZE_LIMIT, 0, 1000000), |
|
79 |
MAX_ELEMENT_DEPTH_LIMIT("MaxElementDepthLimit", |
|
80 |
Constants.JDK_MAX_ELEMENT_DEPTH, Constants.SP_MAX_ELEMENT_DEPTH, 0, 0), |
|
81 |
MAX_NAME_LIMIT("MaxXMLNameLimit", |
|
39799 | 82 |
Constants.JDK_XML_NAME_LIMIT, Constants.SP_XML_NAME_LIMIT, 1000, 1000), |
83 |
ENTITY_REPLACEMENT_LIMIT("EntityReplacementLimit", |
|
84 |
Constants.JDK_ENTITY_REPLACEMENT_LIMIT, Constants.SP_ENTITY_REPLACEMENT_LIMIT, 0, 3000000); |
|
20968 | 85 |
|
33352 | 86 |
final String key; |
20968 | 87 |
final String apiProperty; |
88 |
final String systemProperty; |
|
89 |
final int defaultValue; |
|
90 |
final int secureValue; |
|
20964 | 91 |
|
33352 | 92 |
Limit(String key, String apiProperty, String systemProperty, int value, int secureValue) { |
93 |
this.key = key; |
|
20968 | 94 |
this.apiProperty = apiProperty; |
95 |
this.systemProperty = systemProperty; |
|
96 |
this.defaultValue = value; |
|
97 |
this.secureValue = secureValue; |
|
98 |
} |
|
99 |
||
100 |
public boolean equalsAPIPropertyName(String propertyName) { |
|
101 |
return (propertyName == null) ? false : apiProperty.equals(propertyName); |
|
102 |
} |
|
20964 | 103 |
|
20968 | 104 |
public boolean equalsSystemPropertyName(String propertyName) { |
105 |
return (propertyName == null) ? false : systemProperty.equals(propertyName); |
|
106 |
} |
|
107 |
||
33352 | 108 |
public String key() { |
109 |
return key; |
|
110 |
} |
|
111 |
||
20968 | 112 |
public String apiProperty() { |
113 |
return apiProperty; |
|
114 |
} |
|
115 |
||
116 |
String systemProperty() { |
|
117 |
return systemProperty; |
|
20964 | 118 |
} |
119 |
||
33352 | 120 |
public int defaultValue() { |
20964 | 121 |
return defaultValue; |
122 |
} |
|
20968 | 123 |
|
124 |
int secureValue() { |
|
125 |
return secureValue; |
|
126 |
} |
|
20964 | 127 |
} |
128 |
||
129 |
/** |
|
20968 | 130 |
* Map old property names with the new ones |
20964 | 131 |
*/ |
20968 | 132 |
public static enum NameMap { |
133 |
||
134 |
ENTITY_EXPANSION_LIMIT(Constants.SP_ENTITY_EXPANSION_LIMIT, Constants.ENTITY_EXPANSION_LIMIT), |
|
135 |
MAX_OCCUR_NODE_LIMIT(Constants.SP_MAX_OCCUR_LIMIT, Constants.MAX_OCCUR_LIMIT), |
|
136 |
ELEMENT_ATTRIBUTE_LIMIT(Constants.SP_ELEMENT_ATTRIBUTE_LIMIT, Constants.ELEMENT_ATTRIBUTE_LIMIT); |
|
137 |
final String newName; |
|
138 |
final String oldName; |
|
139 |
||
140 |
NameMap(String newName, String oldName) { |
|
141 |
this.newName = newName; |
|
142 |
this.oldName = oldName; |
|
143 |
} |
|
144 |
||
145 |
String getOldName(String newName) { |
|
146 |
if (newName.equals(this.newName)) { |
|
147 |
return oldName; |
|
148 |
} |
|
149 |
return null; |
|
150 |
} |
|
151 |
} |
|
152 |
private static final int NO_LIMIT = 0; |
|
20964 | 153 |
/** |
20968 | 154 |
* Values of the properties |
155 |
*/ |
|
156 |
private final int[] values; |
|
157 |
/** |
|
158 |
* States of the settings for each property |
|
159 |
*/ |
|
160 |
private State[] states; |
|
161 |
/** |
|
162 |
* Flag indicating if secure processing is set |
|
20964 | 163 |
*/ |
20968 | 164 |
boolean secureProcessing; |
165 |
||
166 |
/** |
|
167 |
* States that determine if properties are set explicitly |
|
168 |
*/ |
|
169 |
private boolean[] isSet; |
|
170 |
||
171 |
||
172 |
/** |
|
173 |
* Index of the special entityCountInfo property |
|
174 |
*/ |
|
33352 | 175 |
private final int indexEntityCountInfo = 10000; |
20968 | 176 |
private String printEntityCountInfo = ""; |
20964 | 177 |
|
178 |
/** |
|
179 |
* Default constructor. Establishes default values for known security |
|
180 |
* vulnerabilities. |
|
181 |
*/ |
|
182 |
public XMLSecurityManager() { |
|
20968 | 183 |
this(false); |
184 |
} |
|
185 |
||
186 |
/** |
|
187 |
* Instantiate Security Manager in accordance with the status of |
|
188 |
* secure processing |
|
189 |
* @param secureProcessing |
|
190 |
*/ |
|
191 |
public XMLSecurityManager(boolean secureProcessing) { |
|
192 |
values = new int[Limit.values().length]; |
|
193 |
states = new State[Limit.values().length]; |
|
194 |
isSet = new boolean[Limit.values().length]; |
|
195 |
this.secureProcessing = secureProcessing; |
|
20964 | 196 |
for (Limit limit : Limit.values()) { |
20968 | 197 |
if (secureProcessing) { |
198 |
values[limit.ordinal()] = limit.secureValue; |
|
199 |
states[limit.ordinal()] = State.FSP; |
|
200 |
} else { |
|
201 |
values[limit.ordinal()] = limit.defaultValue(); |
|
202 |
states[limit.ordinal()] = State.DEFAULT; |
|
203 |
} |
|
20964 | 204 |
} |
205 |
//read system properties or jaxp.properties |
|
206 |
readSystemProperties(); |
|
207 |
} |
|
208 |
||
209 |
/** |
|
20968 | 210 |
* Setting FEATURE_SECURE_PROCESSING explicitly |
211 |
*/ |
|
212 |
public void setSecureProcessing(boolean secure) { |
|
213 |
secureProcessing = secure; |
|
214 |
for (Limit limit : Limit.values()) { |
|
215 |
if (secure) { |
|
216 |
setLimit(limit.ordinal(), State.FSP, limit.secureValue()); |
|
217 |
} else { |
|
218 |
setLimit(limit.ordinal(), State.FSP, limit.defaultValue()); |
|
219 |
} |
|
220 |
} |
|
221 |
} |
|
222 |
||
223 |
/** |
|
224 |
* Return the state of secure processing |
|
225 |
* @return the state of secure processing |
|
226 |
*/ |
|
227 |
public boolean isSecureProcessing() { |
|
228 |
return secureProcessing; |
|
229 |
} |
|
230 |
||
231 |
||
232 |
/** |
|
233 |
* Set limit by property name and state |
|
234 |
* @param propertyName property name |
|
235 |
* @param state the state of the property |
|
236 |
* @param value the value of the property |
|
237 |
* @return true if the property is managed by the security manager; false |
|
238 |
* if otherwise. |
|
239 |
*/ |
|
240 |
public boolean setLimit(String propertyName, State state, Object value) { |
|
241 |
int index = getIndex(propertyName); |
|
242 |
if (index > -1) { |
|
243 |
setLimit(index, state, value); |
|
244 |
return true; |
|
245 |
} |
|
246 |
return false; |
|
247 |
} |
|
248 |
||
249 |
/** |
|
250 |
* Set the value for a specific limit. |
|
20964 | 251 |
* |
20968 | 252 |
* @param limit the limit |
253 |
* @param state the state of the property |
|
254 |
* @param value the value of the property |
|
20964 | 255 |
*/ |
256 |
public void setLimit(Limit limit, State state, int value) { |
|
20968 | 257 |
setLimit(limit.ordinal(), state, value); |
258 |
} |
|
259 |
||
260 |
/** |
|
261 |
* Set the value of a property by its index |
|
262 |
* |
|
263 |
* @param index the index of the property |
|
264 |
* @param state the state of the property |
|
265 |
* @param value the value of the property |
|
266 |
*/ |
|
267 |
public void setLimit(int index, State state, Object value) { |
|
268 |
if (index == indexEntityCountInfo) { |
|
269 |
printEntityCountInfo = (String)value; |
|
270 |
} else { |
|
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
271 |
int temp; |
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
272 |
if (Integer.class.isAssignableFrom(value.getClass())) { |
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
273 |
temp = ((Integer)value).intValue(); |
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
274 |
} else { |
20968 | 275 |
temp = Integer.parseInt((String) value); |
276 |
if (temp < 0) { |
|
277 |
temp = 0; |
|
278 |
} |
|
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
279 |
} |
20968 | 280 |
setLimit(index, state, temp); |
281 |
} |
|
282 |
} |
|
283 |
||
284 |
/** |
|
285 |
* Set the value of a property by its index |
|
286 |
* |
|
287 |
* @param index the index of the property |
|
288 |
* @param state the state of the property |
|
289 |
* @param value the value of the property |
|
290 |
*/ |
|
291 |
public void setLimit(int index, State state, int value) { |
|
292 |
if (index == indexEntityCountInfo) { |
|
293 |
//if it's explicitly set, it's treated as yes no matter the value |
|
294 |
printEntityCountInfo = Constants.JDK_YES; |
|
295 |
} else { |
|
296 |
//only update if it shall override |
|
297 |
if (state.compareTo(states[index]) >= 0) { |
|
298 |
values[index] = value; |
|
299 |
states[index] = state; |
|
300 |
isSet[index] = true; |
|
301 |
} |
|
20964 | 302 |
} |
303 |
} |
|
304 |
||
305 |
/** |
|
20968 | 306 |
* Return the value of the specified property |
20964 | 307 |
* |
20968 | 308 |
* @param propertyName the property name |
309 |
* @return the value of the property as a string. If a property is managed |
|
310 |
* by this manager, its value shall not be null. |
|
311 |
*/ |
|
312 |
public String getLimitAsString(String propertyName) { |
|
313 |
int index = getIndex(propertyName); |
|
314 |
if (index > -1) { |
|
315 |
return getLimitValueByIndex(index); |
|
316 |
} |
|
317 |
||
318 |
return null; |
|
319 |
} |
|
320 |
/** |
|
321 |
* Return the value of the specified property |
|
322 |
* |
|
323 |
* @param limit the property |
|
324 |
* @return the value of the property |
|
20964 | 325 |
*/ |
326 |
public int getLimit(Limit limit) { |
|
20968 | 327 |
return values[limit.ordinal()]; |
328 |
} |
|
329 |
||
330 |
/** |
|
331 |
* Return the value of a property by its ordinal |
|
332 |
* |
|
333 |
* @param limit the property |
|
334 |
* @return value of a property |
|
335 |
*/ |
|
336 |
public String getLimitValueAsString(Limit limit) { |
|
337 |
return Integer.toString(values[limit.ordinal()]); |
|
338 |
} |
|
339 |
||
340 |
/** |
|
341 |
* Return the value of a property by its ordinal |
|
342 |
* |
|
343 |
* @param index the index of a property |
|
344 |
* @return limit of a property as a string |
|
345 |
*/ |
|
346 |
public String getLimitValueByIndex(int index) { |
|
347 |
if (index == indexEntityCountInfo) { |
|
348 |
return printEntityCountInfo; |
|
349 |
} |
|
350 |
||
351 |
return Integer.toString(values[index]); |
|
352 |
} |
|
353 |
||
354 |
/** |
|
355 |
* Return the state of the limit property |
|
356 |
* |
|
357 |
* @param limit the limit |
|
358 |
* @return the state of the limit property |
|
359 |
*/ |
|
360 |
public State getState(Limit limit) { |
|
361 |
return states[limit.ordinal()]; |
|
362 |
} |
|
363 |
||
364 |
/** |
|
365 |
* Return the state of the limit property |
|
366 |
* |
|
367 |
* @param limit the limit |
|
368 |
* @return the state of the limit property |
|
369 |
*/ |
|
370 |
public String getStateLiteral(Limit limit) { |
|
371 |
return states[limit.ordinal()].literal(); |
|
372 |
} |
|
373 |
||
374 |
/** |
|
375 |
* Get the index by property name |
|
376 |
* |
|
377 |
* @param propertyName property name |
|
378 |
* @return the index of the property if found; return -1 if not |
|
379 |
*/ |
|
380 |
public int getIndex(String propertyName) { |
|
381 |
for (Limit limit : Limit.values()) { |
|
382 |
if (limit.equalsAPIPropertyName(propertyName)) { |
|
383 |
//internally, ordinal is used as index |
|
384 |
return limit.ordinal(); |
|
385 |
} |
|
386 |
} |
|
387 |
//special property to return entity count info |
|
388 |
if (propertyName.equals(Constants.JDK_ENTITY_COUNT_INFO)) { |
|
389 |
return indexEntityCountInfo; |
|
390 |
} |
|
391 |
return -1; |
|
392 |
} |
|
393 |
||
394 |
/** |
|
395 |
* Check if there's no limit defined by the Security Manager |
|
396 |
* @param limit |
|
397 |
* @return |
|
398 |
*/ |
|
399 |
public boolean isNoLimit(int limit) { |
|
400 |
return limit==NO_LIMIT; |
|
401 |
} |
|
402 |
/** |
|
403 |
* Check if the size (length or count) of the specified limit property is |
|
404 |
* over the limit |
|
405 |
* |
|
406 |
* @param limit the type of the limit property |
|
407 |
* @param entityName the name of the entity |
|
408 |
* @param size the size (count or length) of the entity |
|
409 |
* @return true if the size is over the limit, false otherwise |
|
410 |
*/ |
|
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
411 |
public boolean isOverLimit(Limit limit, String entityName, int size, |
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
412 |
XMLLimitAnalyzer limitAnalyzer) { |
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
413 |
return isOverLimit(limit.ordinal(), entityName, size, limitAnalyzer); |
20968 | 414 |
} |
415 |
||
416 |
/** |
|
417 |
* Check if the value (length or count) of the specified limit property is |
|
418 |
* over the limit |
|
419 |
* |
|
420 |
* @param index the index of the limit property |
|
421 |
* @param entityName the name of the entity |
|
422 |
* @param size the size (count or length) of the entity |
|
423 |
* @return true if the size is over the limit, false otherwise |
|
424 |
*/ |
|
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
425 |
public boolean isOverLimit(int index, String entityName, int size, |
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
426 |
XMLLimitAnalyzer limitAnalyzer) { |
20968 | 427 |
if (values[index] == NO_LIMIT) { |
428 |
return false; |
|
429 |
} |
|
430 |
if (size > values[index]) { |
|
431 |
limitAnalyzer.addValue(index, entityName, size); |
|
432 |
return true; |
|
433 |
} |
|
434 |
return false; |
|
435 |
} |
|
436 |
||
437 |
/** |
|
438 |
* Check against cumulated value |
|
439 |
* |
|
440 |
* @param limit the type of the limit property |
|
441 |
* @param size the size (count or length) of the entity |
|
442 |
* @return true if the size is over the limit, false otherwise |
|
443 |
*/ |
|
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
444 |
public boolean isOverLimit(Limit limit, XMLLimitAnalyzer limitAnalyzer) { |
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
445 |
return isOverLimit(limit.ordinal(), limitAnalyzer); |
20968 | 446 |
} |
447 |
||
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
448 |
public boolean isOverLimit(int index, XMLLimitAnalyzer limitAnalyzer) { |
20968 | 449 |
if (values[index] == NO_LIMIT) { |
450 |
return false; |
|
451 |
} |
|
452 |
||
25591 | 453 |
if (index == Limit.ELEMENT_ATTRIBUTE_LIMIT.ordinal() || |
454 |
index == Limit.ENTITY_EXPANSION_LIMIT.ordinal() || |
|
455 |
index == Limit.TOTAL_ENTITY_SIZE_LIMIT.ordinal() || |
|
39799 | 456 |
index == Limit.ENTITY_REPLACEMENT_LIMIT.ordinal() || |
33352 | 457 |
index == Limit.MAX_ELEMENT_DEPTH_LIMIT.ordinal() || |
458 |
index == Limit.MAX_NAME_LIMIT.ordinal() |
|
459 |
) { |
|
20968 | 460 |
return (limitAnalyzer.getTotalValue(index) > values[index]); |
461 |
} else { |
|
462 |
return (limitAnalyzer.getValue(index) > values[index]); |
|
463 |
} |
|
464 |
} |
|
465 |
||
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
466 |
public void debugPrint(XMLLimitAnalyzer limitAnalyzer) { |
20968 | 467 |
if (printEntityCountInfo.equals(Constants.JDK_YES)) { |
22418
1ee8fd0184d1
8028111: XML readers share the same entity expansion counter
joehw
parents:
20973
diff
changeset
|
468 |
limitAnalyzer.debugPrint(this); |
20968 | 469 |
} |
470 |
} |
|
471 |
||
472 |
||
473 |
/** |
|
474 |
* Indicate if a property is set explicitly |
|
475 |
* @param index |
|
476 |
* @return |
|
477 |
*/ |
|
478 |
public boolean isSet(int index) { |
|
479 |
return isSet[index]; |
|
480 |
} |
|
481 |
||
482 |
public boolean printEntityCountInfo() { |
|
483 |
return printEntityCountInfo.equals(Constants.JDK_YES); |
|
20964 | 484 |
} |
485 |
||
486 |
/** |
|
487 |
* Read from system properties, or those in jaxp.properties |
|
488 |
*/ |
|
489 |
private void readSystemProperties() { |
|
20968 | 490 |
|
491 |
for (Limit limit : Limit.values()) { |
|
492 |
if (!getSystemProperty(limit, limit.systemProperty())) { |
|
493 |
//if system property is not found, try the older form if any |
|
494 |
for (NameMap nameMap : NameMap.values()) { |
|
495 |
String oldName = nameMap.getOldName(limit.systemProperty()); |
|
496 |
if (oldName != null) { |
|
497 |
getSystemProperty(limit, oldName); |
|
498 |
} |
|
499 |
} |
|
500 |
} |
|
501 |
} |
|
502 |
||
20964 | 503 |
} |
504 |
||
35729
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
505 |
// Array list to store printed warnings for each SAX parser used |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
506 |
private static final CopyOnWriteArrayList<String> printedWarnings = new CopyOnWriteArrayList<>(); |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
507 |
|
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
508 |
/** |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
509 |
* Prints out warnings if a parser does not support the specified feature/property. |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
510 |
* |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
511 |
* @param parserClassName the name of the parser class |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
512 |
* @param propertyName the property name |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
513 |
* @param exception the exception thrown by the parser |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
514 |
*/ |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
515 |
public static void printWarning(String parserClassName, String propertyName, SAXException exception) { |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
516 |
String key = parserClassName+":"+propertyName; |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
517 |
if (printedWarnings.addIfAbsent(key)) { |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
518 |
System.err.println( "Warning: "+parserClassName+": "+exception.getMessage()); |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
519 |
} |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
520 |
} |
49f1515c5f5c
8144593: Suppress not recognized property/feature warning messages from SAXParser
aefimov
parents:
33352
diff
changeset
|
521 |
|
20964 | 522 |
/** |
523 |
* Read from system properties, or those in jaxp.properties |
|
524 |
* |
|
20968 | 525 |
* @param property the type of the property |
526 |
* @param sysPropertyName the name of system property |
|
20964 | 527 |
*/ |
20968 | 528 |
private boolean getSystemProperty(Limit limit, String sysPropertyName) { |
20964 | 529 |
try { |
20968 | 530 |
String value = SecuritySupport.getSystemProperty(sysPropertyName); |
20964 | 531 |
if (value != null && !value.equals("")) { |
20968 | 532 |
values[limit.ordinal()] = Integer.parseInt(value); |
20964 | 533 |
states[limit.ordinal()] = State.SYSTEMPROPERTY; |
20968 | 534 |
return true; |
20964 | 535 |
} |
536 |
||
20968 | 537 |
value = SecuritySupport.readJAXPProperty(sysPropertyName); |
20964 | 538 |
if (value != null && !value.equals("")) { |
20968 | 539 |
values[limit.ordinal()] = Integer.parseInt(value); |
20964 | 540 |
states[limit.ordinal()] = State.JAXPDOTPROPERTIES; |
20968 | 541 |
return true; |
20964 | 542 |
} |
543 |
} catch (NumberFormatException e) { |
|
20968 | 544 |
//invalid setting |
545 |
throw new NumberFormatException("Invalid setting for system property: " + limit.systemProperty()); |
|
20964 | 546 |
} |
20968 | 547 |
return false; |
20964 | 548 |
} |
20973 | 549 |
|
550 |
||
551 |
/** |
|
552 |
* Convert a value set through setProperty to XMLSecurityManager. |
|
553 |
* If the value is an instance of XMLSecurityManager, use it to override the default; |
|
554 |
* If the value is an old SecurityManager, convert to the new XMLSecurityManager. |
|
555 |
* |
|
556 |
* @param value user specified security manager |
|
557 |
* @param securityManager an instance of XMLSecurityManager |
|
558 |
* @return an instance of the new security manager XMLSecurityManager |
|
559 |
*/ |
|
560 |
static public XMLSecurityManager convert(Object value, XMLSecurityManager securityManager) { |
|
561 |
if (value == null) { |
|
562 |
if (securityManager == null) { |
|
563 |
securityManager = new XMLSecurityManager(true); |
|
564 |
} |
|
565 |
return securityManager; |
|
566 |
} |
|
567 |
if (XMLSecurityManager.class.isAssignableFrom(value.getClass())) { |
|
568 |
return (XMLSecurityManager)value; |
|
569 |
} else { |
|
570 |
if (securityManager == null) { |
|
571 |
securityManager = new XMLSecurityManager(true); |
|
572 |
} |
|
573 |
if (SecurityManager.class.isAssignableFrom(value.getClass())) { |
|
574 |
SecurityManager origSM = (SecurityManager)value; |
|
575 |
securityManager.setLimit(Limit.MAX_OCCUR_NODE_LIMIT, State.APIPROPERTY, origSM.getMaxOccurNodeLimit()); |
|
576 |
securityManager.setLimit(Limit.ENTITY_EXPANSION_LIMIT, State.APIPROPERTY, origSM.getEntityExpansionLimit()); |
|
577 |
securityManager.setLimit(Limit.ELEMENT_ATTRIBUTE_LIMIT, State.APIPROPERTY, origSM.getElementAttrLimit()); |
|
578 |
} |
|
579 |
return securityManager; |
|
580 |
} |
|
581 |
} |
|
20964 | 582 |
} |