10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.org.apache.xerces.internal.utils; 27 28 import com.sun.org.apache.xerces.internal.impl.Constants; 29 import com.sun.org.apache.xerces.internal.util.SecurityManager; 30 31 /** 32 * This class manages standard and implementation-specific limitations. 33 * 34 */ 35 public final class XMLSecurityManager { 36 37 /** 38 * States of the settings of a property, in the order: default value, value 39 * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system 40 * properties, and jaxp api properties 41 */ 42 public static enum State { 43 //this order reflects the overriding order 44 45 DEFAULT("default"), FSP("FEATURE_SECURE_PROCESSING"), 46 JAXPDOTPROPERTIES("jaxp.properties"), SYSTEMPROPERTY("system property"), 47 APIPROPERTY("property"); 48 49 final String literal; 477 return printEntityCountInfo.equals(Constants.JDK_YES); 478 } 479 480 /** 481 * Read from system properties, or those in jaxp.properties 482 */ 483 private void readSystemProperties() { 484 485 for (Limit limit : Limit.values()) { 486 if (!getSystemProperty(limit, limit.systemProperty())) { 487 //if system property is not found, try the older form if any 488 for (NameMap nameMap : NameMap.values()) { 489 String oldName = nameMap.getOldName(limit.systemProperty()); 490 if (oldName != null) { 491 getSystemProperty(limit, oldName); 492 } 493 } 494 } 495 } 496 497 } 498 499 /** 500 * Read from system properties, or those in jaxp.properties 501 * 502 * @param property the type of the property 503 * @param sysPropertyName the name of system property 504 */ 505 private boolean getSystemProperty(Limit limit, String sysPropertyName) { 506 try { 507 String value = SecuritySupport.getSystemProperty(sysPropertyName); 508 if (value != null && !value.equals("")) { 509 values[limit.ordinal()] = Integer.parseInt(value); 510 states[limit.ordinal()] = State.SYSTEMPROPERTY; 511 return true; 512 } 513 514 value = SecuritySupport.readJAXPProperty(sysPropertyName); 515 if (value != null && !value.equals("")) { 516 values[limit.ordinal()] = Integer.parseInt(value); | 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package com.sun.org.apache.xerces.internal.utils; 27 28 import com.sun.org.apache.xerces.internal.impl.Constants; 29 import com.sun.org.apache.xerces.internal.util.SecurityManager; 30 import java.util.concurrent.CopyOnWriteArrayList; 31 import org.xml.sax.SAXException; 32 33 /** 34 * This class manages standard and implementation-specific limitations. 35 * 36 */ 37 public final class XMLSecurityManager { 38 39 /** 40 * States of the settings of a property, in the order: default value, value 41 * set by FEATURE_SECURE_PROCESSING, jaxp.properties file, jaxp system 42 * properties, and jaxp api properties 43 */ 44 public static enum State { 45 //this order reflects the overriding order 46 47 DEFAULT("default"), FSP("FEATURE_SECURE_PROCESSING"), 48 JAXPDOTPROPERTIES("jaxp.properties"), SYSTEMPROPERTY("system property"), 49 APIPROPERTY("property"); 50 51 final String literal; 479 return printEntityCountInfo.equals(Constants.JDK_YES); 480 } 481 482 /** 483 * Read from system properties, or those in jaxp.properties 484 */ 485 private void readSystemProperties() { 486 487 for (Limit limit : Limit.values()) { 488 if (!getSystemProperty(limit, limit.systemProperty())) { 489 //if system property is not found, try the older form if any 490 for (NameMap nameMap : NameMap.values()) { 491 String oldName = nameMap.getOldName(limit.systemProperty()); 492 if (oldName != null) { 493 getSystemProperty(limit, oldName); 494 } 495 } 496 } 497 } 498 499 } 500 501 // Array list to store printed warnings for each SAX parser used 502 private static final CopyOnWriteArrayList<String> printedWarnings = new CopyOnWriteArrayList<>(); 503 504 /** 505 * Prints out warnings if a parser does not support the specified feature/property. 506 * 507 * @param parserClassName the name of the parser class 508 * @param propertyName the property name 509 * @param exception the exception thrown by the parser 510 */ 511 public static void printWarning(String parserClassName, String propertyName, SAXException exception) { 512 String key = parserClassName+":"+propertyName; 513 if (printedWarnings.addIfAbsent(key)) { 514 System.err.println( "Warning: "+parserClassName+": "+exception.getMessage()); 515 } 516 } 517 518 /** 519 * Read from system properties, or those in jaxp.properties 520 * 521 * @param property the type of the property 522 * @param sysPropertyName the name of system property 523 */ 524 private boolean getSystemProperty(Limit limit, String sysPropertyName) { 525 try { 526 String value = SecuritySupport.getSystemProperty(sysPropertyName); 527 if (value != null && !value.equals("")) { 528 values[limit.ordinal()] = Integer.parseInt(value); 529 states[limit.ordinal()] = State.SYSTEMPROPERTY; 530 return true; 531 } 532 533 value = SecuritySupport.readJAXPProperty(sysPropertyName); 534 if (value != null && !value.equals("")) { 535 values[limit.ordinal()] = Integer.parseInt(value); |