@Nullable
  @ReturnsMutableCopy
  public static byte[] getDecodedASCIIHex(@Nullable final byte[] aEncodedBuffer) {
    if (aEncodedBuffer == null) return null;

    final NonBlockingByteArrayOutputStream aBAOS = new NonBlockingByteArrayOutputStream();
    try {
      boolean bFirstByte = true;
      int nFirstByte = 0;
      for (final byte nEncByte : aEncodedBuffer) {
        if (nEncByte == '>') break;

        // Ignore whitespaces
        if (Character.isWhitespace(nEncByte)) continue;

        final byte nDecByte = (byte) StringHelper.getHexValue((char) nEncByte);
        if (nDecByte == CGlobal.ILLEGAL_UINT)
          throw new DecodeException(
              "Failed to convert byte '"
                  + nEncByte
                  + "/"
                  + ((char) nEncByte)
                  + "' to hex value in ASCIIHexDecode");
        if (bFirstByte) nFirstByte = nDecByte;
        else aBAOS.write((byte) (nFirstByte << 4 | nDecByte));
        bFirstByte = !bFirstByte;
      }

      // Write trailing byte
      if (!bFirstByte) aBAOS.write((byte) (nFirstByte << 4));
      return aBAOS.toByteArray();
    } finally {
      StreamHelper.close(aBAOS);
    }
  }
 public void save(@WillClose final OutputStream aOS, final char[] aPassword)
     throws OpenAS2Exception {
   try {
     final KeyStore aKeyStore = getKeyStore();
     synchronized (aKeyStore) {
       aKeyStore.store(aOS, aPassword);
     }
   } catch (final IOException ex) {
     throw WrappedOpenAS2Exception.wrap(ex);
   } catch (final GeneralSecurityException ex) {
     throw WrappedOpenAS2Exception.wrap(ex);
   } finally {
     StreamHelper.close(aOS);
   }
 }
 public void load(@Nonnull @WillClose final InputStream aIS, @Nonnull final char[] aPassword)
     throws OpenAS2Exception {
   try {
     final KeyStore aKeyStore = getKeyStore();
     synchronized (aKeyStore) {
       aKeyStore.load(aIS, aPassword);
     }
   } catch (final IOException ex) {
     throw WrappedOpenAS2Exception.wrap(ex);
   } catch (final GeneralSecurityException ex) {
     throw WrappedOpenAS2Exception.wrap(ex);
   } finally {
     StreamHelper.close(aIS);
   }
 }
  @Test
  public void testExternalEntityExpansion() throws SAXException, MalformedURLException {
    // Include a dummy file
    final File aFile = new File("src/test/resources/test1.txt");
    assertTrue(aFile.exists());
    final String sFileContent =
        StreamHelper.getAllBytesAsString(
            new FileSystemResource(aFile), CCharset.CHARSET_ISO_8859_1_OBJ);

    // The XML with XXE problem
    final String sXML =
        "<?xml version='1.0' encoding='utf-8'?>"
            + "<!DOCTYPE root ["
            + " <!ELEMENT root ANY >"
            + " <!ENTITY xxe SYSTEM \""
            + aFile.toURI().toURL().toExternalForm()
            + "\" >]>"
            + "<root>&xxe;</root>";
    final DOMReaderSettings aDRS =
        new DOMReaderSettings()
            .setEntityResolver(
                new EntityResolver() {
                  public InputSource resolveEntity(final String publicId, final String systemId)
                      throws SAXException, IOException {
                    // Read as URL
                    return InputSourceFactory.create(new URLResource(systemId));
                  }
                });

    // Read successful - entity expansion!
    final Document aDoc = DOMReader.readXMLDOM(sXML, aDRS);
    assertNotNull(aDoc);
    assertEquals(sFileContent, aDoc.getDocumentElement().getTextContent());

    // Should fail because inline DTD is present
    try {
      DOMReader.readXMLDOM(
          sXML, aDRS.getClone().setFeatureValues(EXMLParserFeature.AVOID_XXE_SETTINGS));
      fail();
    } catch (final SAXParseException ex) {
      // Expected
      assertTrue(ex.getMessage().contains("http://apache.org/xml/features/disallow-doctype-decl"));
    }
  }
Example #5
0
  /**
   * Constructs {@link CSVReader} with supplied {@link CSVParser}.
   *
   * @param aReader the reader to an underlying CSV source.
   * @param aParser the parser to use to parse input
   * @param bKeepCR <code>true</code> to keep carriage returns in data read, <code>false</code>
   *     otherwise
   */
  public CSVReader(
      @Nonnull final Reader aReader, @Nonnull final CSVParser aParser, final boolean bKeepCR) {
    ValueEnforcer.notNull(aReader, "Reader");
    ValueEnforcer.notNull(aParser, "Parser");

    Reader aInternallyBufferedReader = StreamHelper.getBuffered(aReader);
    if (bKeepCR) m_aLineReader = new CSVLineReaderKeepCR(aInternallyBufferedReader);
    else if (aInternallyBufferedReader instanceof BufferedReader)
      m_aLineReader = new CSVLineReaderBufferedReader((BufferedReader) aInternallyBufferedReader);
    else {
      if (!(aInternallyBufferedReader instanceof NonBlockingBufferedReader)) {
        // It is buffered, but we need it to support readLine
        aInternallyBufferedReader = new NonBlockingBufferedReader(aInternallyBufferedReader);
      }
      m_aLineReader =
          new CSVLineReaderNonBlockingBufferedReader(
              (NonBlockingBufferedReader) aInternallyBufferedReader);
    }
    m_aReader = aInternallyBufferedReader;
    m_aParser = aParser;
    m_bKeepCR = bKeepCR;
  }
Example #6
0
  protected void sendSyncMDN(
      @Nonnull final String sClientInfo,
      @Nonnull final IAS2HttpResponseHandler aResponseHandler,
      @Nonnull final AS2Message aMsg,
      @Nonnull final DispositionType aDisposition,
      @Nonnull final String sText) {
    final boolean bMDNBlocked = aMsg.getPartnership().isBlockErrorMDN();
    if (!bMDNBlocked) {
      try {
        final IAS2Session aSession = m_aReceiverModule.getSession();
        final IMessageMDN aMdn = AS2Helper.createMDN(aSession, aMsg, aDisposition, sText);

        if (aMsg.isRequestingAsynchMDN()) {
          // if asyncMDN requested, close connection and initiate separate MDN
          // send
          final InternetHeaders aHeaders = new InternetHeaders();
          aHeaders.setHeader(CAS2Header.HEADER_CONTENT_LENGTH, Integer.toString(0));
          // Empty data
          final NonBlockingByteArrayOutputStream aData = new NonBlockingByteArrayOutputStream();
          aResponseHandler.sendHttpResponse(HttpURLConnection.HTTP_OK, aHeaders, aData);

          s_aLogger.info(
              "Setup to send asynch MDN ["
                  + aDisposition.getAsString()
                  + "] "
                  + sClientInfo
                  + aMsg.getLoggingText());

          // trigger explicit sending
          aSession.getMessageProcessor().handle(IProcessorSenderModule.DO_SENDMDN, aMsg, null);
        } else {
          // otherwise, send sync MDN back on same connection
          s_aLogger.info(
              "Sending back sync MDN ["
                  + aDisposition.getAsString()
                  + "] "
                  + sClientInfo
                  + aMsg.getLoggingText());

          // Get data and therefore content length for sync MDN
          final NonBlockingByteArrayOutputStream aData = new NonBlockingByteArrayOutputStream();
          final MimeBodyPart aPart = aMdn.getData();
          StreamHelper.copyInputStreamToOutputStream(aPart.getInputStream(), aData);
          aMdn.setHeader(CAS2Header.HEADER_CONTENT_LENGTH, Integer.toString(aData.getSize()));

          // start HTTP response
          aResponseHandler.sendHttpResponse(HttpURLConnection.HTTP_OK, aMdn.getHeaders(), aData);

          // Save sent MDN for later examination
          try {
            aSession.getMessageProcessor().handle(IProcessorStorageModule.DO_STOREMDN, aMsg, null);
          } catch (final ComponentNotFoundException ex) {
            // No message processor found
          } catch (final NoModuleException ex) {
            // No module found in message processor
          }
          s_aLogger.info(
              "sent MDN ["
                  + aDisposition.getAsString()
                  + "] "
                  + sClientInfo
                  + aMsg.getLoggingText());
        }
      } catch (final Exception ex) {
        final OpenAS2Exception we = WrappedOpenAS2Exception.wrap(ex);
        we.addSource(OpenAS2Exception.SOURCE_MESSAGE, aMsg);
        we.terminate();
      }
    }
  }