001/* 002 * The MIT License 003 * Copyright (c) 2012 Microsoft Corporation 004 * 005 * Permission is hereby granted, free of charge, to any person obtaining a copy 006 * of this software and associated documentation files (the "Software"), to deal 007 * in the Software without restriction, including without limitation the rights 008 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 009 * copies of the Software, and to permit persons to whom the Software is 010 * furnished to do so, subject to the following conditions: 011 * 012 * The above copyright notice and this permission notice shall be included in 013 * all copies or substantial portions of the Software. 014 * 015 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 016 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 017 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 018 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 019 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 020 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 021 * THE SOFTWARE. 022 */ 023 024package microsoft.exchange.webservices.data.security; 025 026import org.apache.commons.logging.Log; 027import org.apache.commons.logging.LogFactory; 028import org.w3c.dom.DOMImplementation; 029import org.w3c.dom.Document; 030import org.xml.sax.EntityResolver; 031import org.xml.sax.ErrorHandler; 032import org.xml.sax.InputSource; 033import org.xml.sax.SAXException; 034 035import javax.xml.parsers.DocumentBuilder; 036import javax.xml.stream.XMLEventReader; 037import javax.xml.stream.XMLInputFactory; 038import javax.xml.stream.XMLStreamException; 039import javax.xml.stream.XMLStreamReader; 040 041import java.io.FileInputStream; 042import java.io.FileNotFoundException; 043import java.io.IOException; 044import java.io.InputStream; 045import java.io.Reader; 046import java.io.StringReader; 047 048/** 049 * XmlDocument that does not allow DTD parsing. 050 */ 051public class SafeXmlDocument extends DocumentBuilder { 052 053 private static final Log LOG = LogFactory.getLog(SafeXmlDocument.class); 054 055 /** 056 * Initializes a new instance of the SafeXmlDocument class. 057 */ 058 private final XMLInputFactory inputFactory; 059 060 public SafeXmlDocument() { 061 super(); 062 inputFactory = XMLInputFactory.newInstance(); 063 } 064 065 066 /** 067 * Loads the XML document from the specified stream. 068 * 069 * @param inStream The stream containing the XML document to load. 070 * @throws javax.xml.stream.XMLStreamException 071 */ 072 public void load(InputStream inStream) throws XMLStreamException { 073 // not in a using block because 074 // the stream doesn't belong to us 075 if (inputFactory != null) { 076 XMLEventReader reader = inputFactory 077 .createXMLEventReader(inStream); 078 079 this.load((InputStream) reader); 080 } 081 } 082 083 /** 084 * Loads the XML document from the specified URL. 085 * 086 * @param filename URL for the file containing the XML document to load. The URL 087 * can be either a local file or an HTTP URL (a Web address). 088 */ 089 public void load(String filename) { 090 if (inputFactory != null) { 091 FileInputStream inp; 092 093 XMLEventReader reader; 094 try { 095 inp = new FileInputStream(filename); 096 reader = inputFactory.createXMLEventReader(inp); 097 this.load((InputStream) reader); 098 } catch (XMLStreamException e) { 099 // TODO Auto-generated catch block 100 LOG.error(e); 101 } catch (FileNotFoundException e) { 102 // TODO Auto-generated catch block 103 LOG.error(e); 104 } 105 } 106 } 107 108 /** 109 * Loads the XML document from the specified TextReader. 110 * 111 * @param txtReader The TextReader used to feed the XML data into the document. 112 */ 113 public void load(Reader txtReader) { 114 if (inputFactory != null) { 115 116 XMLEventReader reader; 117 try { 118 reader = inputFactory 119 .createXMLEventReader(txtReader); 120 121 this.load((InputStream) reader); 122 } catch (XMLStreamException e) { 123 // TODO Auto-generated catch block 124 LOG.error(e); 125 } 126 } 127 } 128 129 /** 130 * Loads the XML document from the specified XMLReader. 131 * 132 * @param reader The XMLReader used to feed the XML data into the document. 133 * @throws java.io.IOException 134 * @throws org.xml.sax.SAXException 135 */ 136 public void load(XMLStreamReader reader) throws SAXException, IOException { 137 138 super.parse((InputStream) reader); 139 } 140 141 /** 142 * Loads the XML document from the specified string. 143 * 144 * @param xml String containing the XML document to load. 145 */ 146 public void loadXml(String xml) { 147 if (inputFactory != null) { 148 try { 149 XMLEventReader reader = inputFactory 150 .createXMLEventReader(new StringReader(xml)); 151 152 this.load((InputStream) reader); 153 } catch (XMLStreamException e) { 154 // TODO Auto-generated catch block 155 LOG.error(e); 156 } 157 } 158 159 } 160 161 @Override 162 public DOMImplementation getDOMImplementation() { 163 // TODO Auto-generated method stub 164 return null; 165 } 166 167 @Override 168 public boolean isNamespaceAware() { 169 // TODO Auto-generated method stub 170 return false; 171 } 172 173 @Override 174 public boolean isValidating() { 175 // TODO Auto-generated method stub 176 return false; 177 } 178 179 @Override 180 public Document newDocument() { 181 // TODO Auto-generated method stub 182 return null; 183 } 184 185 @Override 186 public Document parse(InputSource is) throws SAXException, IOException { 187 // TODO Auto-generated method stub 188 return null; 189 } 190 191 @Override 192 public void setEntityResolver(EntityResolver er) { 193 // TODO Auto-generated method stub 194 195 } 196 197 @Override 198 public void setErrorHandler(ErrorHandler eh) { 199 // TODO Auto-generated method stub 200 201 } 202 203 204}