diff --git a/.gitignore b/.gitignore index 34cbcf617..7d5eb25f3 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ /out.xml /target *.iml +/bin/ diff --git a/docbook/pom.xml b/docbook/pom.xml new file mode 100644 index 000000000..f0708e89c --- /dev/null +++ b/docbook/pom.xml @@ -0,0 +1,108 @@ + + + 4.0.0 + + xerces + secure-configuration-guide + 2.11.0.SP5-SNAPSHOT + jdocbook + + Xerces Secure Configuration Guide + + Discusses the implementation of the SECURE PROCESSING FEATURE introduced in JAXP. + + http://xerces.apache.org/xerces2-j + 2005 + + Apache Software Foundation + http://www.apache.org/ + + + + The Apache Software License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0.txt + repo + + + + + + + org.jboss.maven.plugins + maven-jdocbook-plugin + 2.3.8 + true + + + + org.jboss.pressgang + pressgang-xslt-ns + 2.0.2 + + + org.jboss.pressgang + pressgang-jdocbook-style + jdocbook-style + 2.0.2 + + + + + master.xml + en-US + reference/en + + reference/en + + images/* + + + + + html_single + classpath:/xslt/org/jboss/xhtml-single.xsl + index.html + + + + html + classpath:/xslt/org/jboss/xhtml.xsl + index.html + + + + pdf + classpath:/xslt/org/jboss/pdf.xsl + ${project.artifactId}.pdf + + + + + + + + + + project.version + ${project.version} + + + + saxon + true + true + + 1.72.0 + + + + + + + + + en-US + + diff --git a/docbook/reference/en/en-US/master.xml b/docbook/reference/en/en-US/master.xml new file mode 100644 index 000000000..f60f67dfd --- /dev/null +++ b/docbook/reference/en/en-US/master.xml @@ -0,0 +1,25 @@ + + + + + ]> + +
+ + + Xerces: Secure Processing Configuration + 2.11.0.SP5 + + + + + &Introduction; + &Features; + &Properties; + &Compatibility; + +
+ diff --git a/docbook/reference/en/en-US/modules/Compatibility.xml b/docbook/reference/en/en-US/modules/Compatibility.xml new file mode 100644 index 000000000..b214fa99c --- /dev/null +++ b/docbook/reference/en/en-US/modules/Compatibility.xml @@ -0,0 +1,61 @@ +
+Compatibility with Wildfly + +As noted in the Introduction, the increased +security imposed by the SECURE_PROCESSING_FEATURE might require additional +configuration. We examine two different versions of Wildfly to determine if +changes are necessary. + +
+Wildfly 8.2.1.Final + + In Wildfly 8.2.1.Final, the following changes are necessary for the basic integration + testsuite to pass. + + + + + hibernate-core: + org.hibernate.cfg.Configuration needs additional configuration of a + SAXReader. + + + jsf-impl: + com.sun.faces.facelets.compiler.SAXCompiler needs additional configuration + of a SAXParserFactory. + + + picketbox: + org.jboss.security.util.xml.DOMUtils needs additional configuration + of a DocumentBuilderFactory. + + + wildfly-core-impl: + org.jboss.weld.xml.BeansXmlParser needs additional configuration of a + SAXParserFactory. + + + + + The particular changes vary from case to case, but they generally involve + + + + http://apache.org/xml/features/disallow-doctype-decl + http://apache.org/xml/features/nonvalidating/load-external-dtd + http://javax.xml.XMLConstants/property/accessExternalDTD + http://javax.xml.XMLConstants/property/accessExternalSchema + + +
+ +
+Wildfly 10.0.0.CR4 + + +The entire testsuites of Wildfly 10.0.0.CR4 and EAP 7 10.0.0.CR6-redhat-SNAPSHOT run without any changes. + + +
+ +
diff --git a/docbook/reference/en/en-US/modules/Features.xml b/docbook/reference/en/en-US/modules/Features.xml new file mode 100644 index 000000000..598936ed1 --- /dev/null +++ b/docbook/reference/en/en-US/modules/Features.xml @@ -0,0 +1,92 @@ +
+Features + + + Everything begins with SECURE_PROCESSING_FEATURE + (http://javax.xml.XMLConstants/feature/secure-processing). It is defined in the JAXP specification, + and all JAXP conformant software is required to support it. When it is set to true, all of the other + features and properties described here are assigned default values that promote security. When it is + set to false, the other features and properties are ignored. Its default value is true. + + + + In SAX, a feature may be set to true or false either by calling SAXParserFactory.setFeature() + or by calling setFeature() directly on the XMLReader retrieved + from the SAXParser. + In DOM, a feature may be set either by calling DocumentBuilderFactory.setFeature() or + by calling setFeature() directly on the DOMParser retrieved + from the DocumentBuilder. + + + + The following security features are supported. The default values given assume that SECURE_PROCESSING_FEATURE + is set to true. + + + + DISALLOW_DOCTYPE_DECL_FEATURE + + + parser/factory feature: http://apache.org/xml/features/disallow-doctype-decl + + + definition: Setting this property to true outlaws all DTDs, internal or external. + Setting it to false permits the parser to use DTDs. + + + default: true + + + + + + EXTERNAL_GENERAL_ENTITIES_FEATURE + + + parser/factory feature: http://xml.org/sax/features/external-general-entities + + + definition: Setting this property to true allows the parser to load external + general entities, and setting it to false prevents the parser from doing so. + + + default: false + + + + + + EXTERNAL_PARAMETER_ENTITIES_FEATURE + + + parser/factory feature: http://xml.org/sax/features/external-parameter-entities + + + definition: Setting this property to true allows the parser to load external DTD + subsets referenced by external parameter entities, and setting it to false prevents the parser from doing so. + + + default: false + + + + + + LOAD_EXTERNAL_DTD_FEATURE + + + parser/factory feature: http://apache.org/xml/features/nonvalidating/load-external-dtd + + + definition: Setting this property to true allows the parser to load external DTDs, and + setting it to false prevents the parser from doing so. Note. This feature is relevant + only if the parser is configured not to do validation. If the parser is configured to do validation, external DTDs are + eligible to be loaded. See also ACCESS_EXTERNAL_DTD_PROPERTY. + + + default: false + + + + +
diff --git a/docbook/reference/en/en-US/modules/Introduction.xml b/docbook/reference/en/en-US/modules/Introduction.xml new file mode 100644 index 000000000..64f333a89 --- /dev/null +++ b/docbook/reference/en/en-US/modules/Introduction.xml @@ -0,0 +1,51 @@ +
+Introduction + + +Xerces, like all XML parsers, is vulnerable to a variety of Denial of Service attacks, such as +XXE (XML External Entity) attacks, and a number of features and +properties have been introduced over time to strengthen its defenses. These have various sources. + + + + +Some, such as SECURE_PROCESSING_FEATURE +(http://javax.xml.XMLConstants/feature/secure-processing), were introduced in one of the series of JAXP +specifications. + + + Some, such as EXTERNAL_GENERAL_ENTITIES_FEATURE +(http://xml.org/sax/features/external-general-entities), were introduced in the de facto SAX standard. + + +Others, such as DISALLOW_DOCTYPE_DECL_FEATURE (http://apache.org/xml/features/disallow-doctype-decl), were +introduced by Xerces. + + +And some, such as ACCESS_EXTERNAL_DTD_PROPERTY (http://javax.xml.XMLConstants/property/accessExternalDTD) and +MAX_TOTAL_ENTITY_SIZE_LIMIT (http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit) were introduced in +the Oracle reference implementation of JAXP. + + + + +As of release 2.11.0.SP5, the JBoss fork of Xerces implements all of the related security features and +properties found in Oracle JDK 1.8.0_11. + + + + N.B. When Xerces is accessed by way of JAXP sanctioned classes + javax.xml.parsers.SAXParserFactory and + javax.xml.parsers.DocumentBuilderFactory, all of these features and properties + are assigned security promoting default values. + + + + N.B. These features and properties have default values that incline + toward increased security. That means that it is possible for some currently working applications to fail + in the presence of a Xerces upgrade. For example, the default value of DISALLOW_DOCTYPE_DECL_FEATURE is + true, which means that DTDs cannot be used. It follows that additional configuration + may be necessary to preserve the functionality of existing applications. + + +
diff --git a/docbook/reference/en/en-US/modules/Properties.xml b/docbook/reference/en/en-US/modules/Properties.xml new file mode 100644 index 000000000..169ffbf07 --- /dev/null +++ b/docbook/reference/en/en-US/modules/Properties.xml @@ -0,0 +1,339 @@ +
+Properties + +
+Configuring properties + + + If the SECURE_PROCESSING_FEATURE is set to true, each property may be configured in three ways: + + + + + Setting a system property + + + + Setting a parser property: + + SAX: A SAXParser may be configured by calling + SAXParser.setProperty() or by calling setProperty()on the + XMLReader retrieved from the SAXParser. + + + DOM: A DocumentBuilder may be configured by calling + DocumentBuilderFactory.setAttribute() + or by calling setProperty() on the + DOMParser retrieved from the + org.apache.xerces.jaxp.DocumentBuilderImpl. + + + + + A set method on a SecurityManager may be invoked. + + + + + Note that SecurityManagers are created when a SAXParser + or a DocumentBuilder is created. The current SecurityManager can + be retrieved with the "http://apache.org/xml/properties/security-manager" property: + + + +SAXParserFactory factory = SAXParserFactory.newInstance(); +SAXParser parser = factory.newSAXParser(); +SecurityManager securityManager = parser.getProperty("http://apache.org/xml/properties/security-manager"); + + + +or + + + +DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); +DocumentBuilderImpl builder = (DocumentBuilderImpl) dbf.newDocumentBuilder(); +SecurityManager securityManager = builder.getDOMParser().getProperty("http://apache.org/xml/properties/security-manager"); + + + + Note. If the SECURE_PROCESSING_FEATURE is set to false, + the system and parser properties are ignored, and there is no SecurityManager. + That is, the properties simply do not apply. + + + + Note. For numeric valued properties, + + Any value < 0 is interpreted as 0 + 0 is interpreted as Integer.MAX_VALUE + + + +
+ +
+Supported properties + + + The following properties are supported. + + + + Note. For historical reasons, some of these have more than one + parser property. + + + + RESOLVE_EXTERNAL_ENTITIES_PROPERTY: + + + + system property: jdk.xml.resolveExternalEntities + + + definition: + When SECURE_PROCESSING_FEATURE is true, this special property controls the default value of several + other features and properties. See Table 3.1. + When SECURE_PROCESSING_FEATURE is false, RESOLVE_EXTERNAL_ENTITIES_PROPERTY is ignored. + + + default: false + + + + + + + + Effect of setting RESOLVE_EXTERNAL_ENTITIES_PROPERTY + + + + + + + RESOLVE_EXTERNAL_ENTITIES_PROPERTY + FALSE + TRUE + + + + + EXTERNAL_GENERAL_ENTITIES_FEATURE + FALSE + TRUE + + + EXTERNAL_PARAMETER_ENTITIES_FEATURE + FALSE + TRUE + + + LOAD_EXTERNAL_DTD_FEATURE + FALSE + TRUE + + + ACCESS_EXTERNAL_DTD_PROPERTY + "" + "all" + + + ACCESS_EXTERNAL_SCHEMA_PROPERTY + "" + "all" + + + +
+ + + ACCESS_EXTERNAL_DTD_PROPERTY + + + system property: javax.xml.accessExternalDTD + + + parser property: http://javax.xml.XMLConstants/property/accessExternalDTD + + + definition: This property is a comma separated string which lists the protocols which can + be used to access external DTDs. For example, "all" means that any protocol can be used, "file,jar" means that the file and + jar protocols can be used, and "" means that no protocols can be used. + + + default: see Table 3.1 + + + + + + ACCESS_EXTERNAL_SCHEMA_PROPERTY + + + system property: javax.xml.accessExternalSchema + + + parser property: http://javax.xml.XMLConstants/property/accessExternalSchema + + + definition: This property is a comma separated string which lists the protocols which + can be used to access external schemas. For example, "all" means that any protocol can be used, "file,jar" means that the + file and jar protocols can be used, and "" means that no protocols can be used. + + + default: see Table 3.1 + + + + + + ELEMENT_ATTRIBUTE_LIMIT_PROPERTY + + + system property: jdk.xml.elementAttributeLimit + + + parser property: + + http://apache.org/xml/properties/elementAttributeLimit + http://www.oracle.com/xml/jaxp/properties/elementAttributeLimit + + + + definition: Limits the number of attributes an element can have. + + + default: 10,000 + + + + + + + ENTITY_EXPANSION_LIMIT_PROPERTY + + + system property: jdk.xml.entityExpansionLimit + + + parser property: + + http://apache.org/xml/properties/entity-expansion-limit + http://www.oracle.com/xml/jaxp/properties/entityExpansionLimit + + + + definition: Limits the number of entity expansions. + + + default: 64,000 + + + + + + + MAX_ELEMENT_DEPTH_PROPERTY + + + system property: jdk.xml.maxElementDepth + + + parser property: + + http://java.sun.com/xml/jaxp/properties/maxElementDepth + http://www.oracle.com/xml/jaxp/properties/maxElementDepth + + + + definition: Limits the maximum element depth. + + + default: Integer.MAX_VALUE + + + + + + + MAX_OCCUR_LIMIT_PROPERTY + + + system property: jdk.xml.maxOccur + + + parser property: http://www.oracle.com/xml/jaxp/properties/maxOccurLimit + + + definition: Limit the number of content model nodes that may be created when building a + grammar for a W3C XML Schema that contains maxOccurs attributes with values other than "unbounded". + + + default: 5000 + + + + + + + MAX_GENERAL_ENTITY_SIZE_LIMIT + + + system property: jdk.xml.maxGeneralEntitySizeLimit + + + parser property: http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit + + + definition: Limits the maximum size of any general entities. + + + default: Integer.MAX_VALUE + + + + + + + MAX_PARAMETER_ENTITY_SIZE_LIMIT + + + system property: jdk.xml.maxParameterEntitySizeLimit + + + parser property: http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit + + + definition: Limits the maximum size of any parameter entities, including + the result of nesting multiple parameter entities. + + + default: 1,000,000 + + + + + + + MAX_TOTAL_ENTITY_SIZE_LIMIT + + + system property: jdk.xml.totalEntitySizeLimit + + + parser property: http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit + + + definition: Limits the total size of all entities that include general and parameter entities. ??? + + + default: 50,000,000 + + + + + +
+
diff --git a/pom.xml b/pom.xml index d8cd05e0f..ae494a523 100644 --- a/pom.xml +++ b/pom.xml @@ -105,6 +105,18 @@ xml-resolver true + + junit + junit + + 4.8.1 + + + javax.xml + jaxp-api + 1.4.2 + test + @@ -186,6 +198,16 @@ + + + org.apache.maven.plugins + maven-gpg-plugin + + + none + + + org.apache.maven.plugins maven-antrun-plugin @@ -297,6 +319,37 @@ + + org.apache.maven.plugins + maven-source-plugin + 2.4 + + + attach-sources + verify + + jar-no-fork + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.3 + + 1.5 + 1.5 + + **/org/apache/xerces/test/** + + + + + org.apache.maven.plugins + maven-surefire-plugin + 2.19 + diff --git a/samples/dom/Counter.java b/samples/dom/Counter.java index 642ced89b..2ba783b92 100644 --- a/samples/dom/Counter.java +++ b/samples/dom/Counter.java @@ -369,7 +369,7 @@ public static void main(String argv[]) { // create parser try { - parser = (ParserWrapper)Class.forName(DEFAULT_PARSER_NAME).newInstance(); + parser = (ParserWrapper) Class.forName(DEFAULT_PARSER_NAME).getConstructor(boolean.class).newInstance(false); } catch (Exception e) { System.err.println("error: Unable to instantiate parser ("+DEFAULT_PARSER_NAME+")"); diff --git a/samples/dom/Writer.java b/samples/dom/Writer.java index 98990e37f..34b39871a 100644 --- a/samples/dom/Writer.java +++ b/samples/dom/Writer.java @@ -576,7 +576,7 @@ public static void main(String argv[]) { // create parser try { - parser = (ParserWrapper)Class.forName(DEFAULT_PARSER_NAME).newInstance(); + parser = (ParserWrapper) Class.forName(DEFAULT_PARSER_NAME).getConstructor(boolean.class).newInstance(false); } catch (Exception e) { System.err.println("error: Unable to instantiate parser ("+DEFAULT_PARSER_NAME+")"); diff --git a/samples/dom/wrappers/Xerces.java b/samples/dom/wrappers/Xerces.java index c8cb36c0e..46dd67cf0 100644 --- a/samples/dom/wrappers/Xerces.java +++ b/samples/dom/wrappers/Xerces.java @@ -42,7 +42,7 @@ public class Xerces // /** Parser. */ - protected DOMParser parser = new DOMParser(); + protected DOMParser parser; // // Constructors @@ -50,9 +50,15 @@ public class Xerces /** Default constructor. */ public Xerces() { + parser = new DOMParser(false); parser.setErrorHandler(this); } // () + public Xerces(boolean secureProcessing) { + parser = new DOMParser(secureProcessing); + parser.setErrorHandler(this); + } // () + // // ParserWrapper methods // diff --git a/src/org/apache/xerces/impl/Constants.java b/src/org/apache/xerces/impl/Constants.java index af2f84429..0268a6641 100644 --- a/src/org/apache/xerces/impl/Constants.java +++ b/src/org/apache/xerces/impl/Constants.java @@ -120,13 +120,41 @@ public final class Constants { public static final String JAXP_PROPERTY_PREFIX = "http://java.sun.com/xml/jaxp/properties/"; + /** JAXP property prefix ("http://java.sun.com/xml/jaxp/properties/"). */ + public static final String JAXP_ORACLE_PROPERTY_PREFIX = + "http://www.oracle.com/xml/jaxp/properties/"; + + /** JAXP property prefix ("http://javax.xml.XMLConstants/property/"). */ + public static final String JAXP_JAVAX_PROPERTY_PREFIX = + "http://javax.xml.XMLConstants/property/"; + /** JAXP schemaSource property: when used internally may include DTD sources (DOM) */ public static final String SCHEMA_SOURCE = "schemaSource"; /** JAXP schemaSource language: when used internally may include DTD namespace (DOM) */ public static final String SCHEMA_LANGUAGE = "schemaLanguage"; + /** JAXP property: restrict access to external DTDs by protocol */ + public static final String ACCESS_EXTERNAL_DTD = "accessExternalDTD"; + + /** JAXP property: restrict access to external schemas by protocol */ + public static final String ACCESS_EXTERNAL_SCHEMA = "accessExternalSchema"; + + /** JAXP property: limit the value of maxOccurs attribute in XML schema */ + public static final String MAX_OCCUR_LIMIT = "maxOccurLimit"; + + /** JAXP property: limit the maximum size of any general entities */ + public static final String MAX_GENERAL_ENTITY_SIZE_LIMIT = "maxGeneralEntitySizeLimit"; + /** JAXP property: limit the maximum size of any parameter entities */ + public static final String MAX_PARAMETER_ENTITY_SIZE_LIMIT = "maxParameterEntitySizeLimit"; + + /** JAXP property: limit the total size of all entities that include general and parameter entities */ + public static final String MAX_TOTAL_ENTITY_SIZE_LIMIT = "totalEntitySizeLimit"; + + /** JAXP property: limit the maximum element depth */ + public static final String MAX_ELEMENT_DEPTH = "maxElementDepth"; + // // DOM features // @@ -430,6 +458,13 @@ public final class Constants { /** Schema element declaration for the root element in a document ("internal/validation/schema/dv-factory"). */ public static final String SCHEMA_DV_FACTORY_PROPERTY = "internal/validation/schema/dv-factory"; + + /** Limit the number of entity expansions */ + public static final String ENTITY_EXPANSION_LIMIT_PROPERTY = "entity-expansion-limit"; + public static final String ENTITY_EXPANSION_LIMIT_PROPERTY2 = "entityExpansionLimit"; + + /** Limit the number of attributes an element can have */ + public static final String ELEMENT_ATTRIBUTE_LIMIT_PROPERTY = "elementAttributeLimit"; // general constants @@ -554,6 +589,8 @@ public final class Constants { ROOT_TYPE_DEFINITION_PROPERTY, ROOT_ELEMENT_DECLARATION_PROPERTY, SCHEMA_DV_FACTORY_PROPERTY, + ENTITY_EXPANSION_LIMIT_PROPERTY, + ENTITY_EXPANSION_LIMIT_PROPERTY2 }; /** Empty enumeration. */ diff --git a/src/org/apache/xerces/impl/XML11NSDocumentScannerImpl.java b/src/org/apache/xerces/impl/XML11NSDocumentScannerImpl.java index 4c3aaecdc..cbe3032dc 100644 --- a/src/org/apache/xerces/impl/XML11NSDocumentScannerImpl.java +++ b/src/org/apache/xerces/impl/XML11NSDocumentScannerImpl.java @@ -161,6 +161,10 @@ protected boolean scanStartElement() throws IOException, XNIException { boolean empty = false; fAttributes.removeAllAttributes(); do { + if (fSecurityManager != null && fAttributes.getLength() > fSecurityManager.getElementAttributeLimit()) + { + reportFatalError("ElementAttributeLimit", new Object[]{fCurrentElement, Integer.toString(fSecurityManager.getElementAttributeLimit())}); + } // spaces boolean sawSpace = fEntityScanner.skipSpaces(); diff --git a/src/org/apache/xerces/impl/XMLDocumentFragmentScannerImpl.java b/src/org/apache/xerces/impl/XMLDocumentFragmentScannerImpl.java index 7b5b44787..5d0b69fb3 100644 --- a/src/org/apache/xerces/impl/XMLDocumentFragmentScannerImpl.java +++ b/src/org/apache/xerces/impl/XMLDocumentFragmentScannerImpl.java @@ -24,6 +24,7 @@ import org.apache.xerces.impl.io.MalformedByteSequenceException; import org.apache.xerces.impl.msg.XMLMessageFormatter; import org.apache.xerces.util.AugmentationsImpl; +import org.apache.xerces.util.SecurityManager; import org.apache.xerces.util.XMLAttributesImpl; import org.apache.xerces.util.XMLChar; import org.apache.xerces.util.XMLStringBuffer; @@ -125,6 +126,10 @@ public class XMLDocumentFragmentScannerImpl protected static final String ENTITY_RESOLVER = Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_RESOLVER_PROPERTY; + /** Property identifier: security manager. */ + protected static final String SECURITY_MANAGER_PROPERTY = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + // recognized features and properties /** Recognized features. */ @@ -394,6 +399,8 @@ public void reset(XMLComponentManager componentManager) fExternalSubsetResolver = null; } } + + fSecurityManager = (SecurityManager) componentManager.getProperty(SECURITY_MANAGER_PROPERTY); } // reset(XMLComponentManager) @@ -774,6 +781,11 @@ protected boolean scanStartElement() boolean empty = false; fAttributes.removeAllAttributes(); do { + if (fSecurityManager != null && fAttributes.getLength() > fSecurityManager.getElementAttributeLimit()) + { + reportFatalError("ElementAttributeLimit", new Object[]{fCurrentElement, Integer.toString(fSecurityManager.getElementAttributeLimit())}); + } + // spaces boolean sawSpace = fEntityScanner.skipSpaces(); @@ -1641,6 +1653,11 @@ else if (c != -1 && isInvalidLiteral(c)) { } case SCANNER_STATE_START_OF_MARKUP: { fMarkupDepth++; + if (fSecurityManager != null && fMarkupDepth > fSecurityManager.getMaxElementDepth()) + { + String name = fCurrentElement.rawname != null ? fCurrentElement.rawname : ""; + reportFatalError("MaxElementDepthExceeded", new Object[]{name, fMarkupDepth, fSecurityManager.getMaxElementDepth()}); + } if (fEntityScanner.skipChar('/')) { if (scanEndElement() == 0) { if (elementDepthIsZeroHook()) { @@ -1703,6 +1720,11 @@ else if (isValidNameStartHighSurrogate(fEntityScanner.peekChar())) { } case SCANNER_STATE_REFERENCE: { fMarkupDepth++; + if (fSecurityManager != null && fMarkupDepth > fSecurityManager.getMaxElementDepth()) + { + String name = fCurrentElement.rawname != null ? fCurrentElement.rawname : ""; + reportFatalError("MaxElementDepthExceeded", new Object[]{name, fMarkupDepth, fSecurityManager.getMaxElementDepth()}); + } // NOTE: We need to set the state beforehand // because the XMLEntityHandler#startEntity // callback could set the state to @@ -1721,6 +1743,11 @@ else if (isValidNameStartHighSurrogate(fEntityScanner.peekChar())) { // scan text decl if (fEntityScanner.skipString(" fSecurityManager.getMaxElementDepth()) + { + String name = fCurrentElement.rawname != null ? fCurrentElement.rawname : ""; + reportFatalError("MaxElementDepthExceeded", new Object[]{name, fMarkupDepth, fSecurityManager.getMaxElementDepth()}); + } // NOTE: special case where entity starts with a PI // whose name starts with "xml" (e.g. "xmlfoo") if (isValidNameChar(fEntityScanner.peekChar())) { diff --git a/src/org/apache/xerces/impl/XMLDocumentScannerImpl.java b/src/org/apache/xerces/impl/XMLDocumentScannerImpl.java index 5af31f502..0dd3839ff 100644 --- a/src/org/apache/xerces/impl/XMLDocumentScannerImpl.java +++ b/src/org/apache/xerces/impl/XMLDocumentScannerImpl.java @@ -26,6 +26,7 @@ import org.apache.xerces.impl.msg.XMLMessageFormatter; import org.apache.xerces.impl.validation.ValidationManager; import org.apache.xerces.util.NamespaceSupport; +import org.apache.xerces.util.SecurityManager; import org.apache.xerces.util.XMLChar; import org.apache.xerces.util.XMLStringBuffer; import org.apache.xerces.xni.Augmentations; @@ -102,6 +103,10 @@ public class XMLDocumentScannerImpl /** Feature identifier: load external DTD. */ protected static final String DISALLOW_DOCTYPE_DECL_FEATURE = Constants.XERCES_FEATURE_PREFIX + Constants.DISALLOW_DOCTYPE_DECL_FEATURE; + + /** Feature identifier: standard uri conformant */ + protected static final String STANDARD_URI_CONFORMANT = + Constants.XERCES_FEATURE_PREFIX + Constants.STANDARD_URI_CONFORMANT_FEATURE; // property identifiers @@ -116,8 +121,18 @@ public class XMLDocumentScannerImpl /** property identifier: NamespaceContext */ protected static final String NAMESPACE_CONTEXT = Constants.XERCES_PROPERTY_PREFIX + Constants.NAMESPACE_CONTEXT_PROPERTY; - - + + /** Property identifier: security manager. */ + private static final String SECURITY_MANAGER_PROPERTY = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + + /** Property identifier: access external DTD */ + private static final String ACCESS_EXTERNAL_DTD_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_DTD; + + /** Property identifier: access external schema */ + private static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; // recognized features and properties @@ -125,12 +140,14 @@ public class XMLDocumentScannerImpl private static final String[] RECOGNIZED_FEATURES = { LOAD_EXTERNAL_DTD, DISALLOW_DOCTYPE_DECL_FEATURE, + STANDARD_URI_CONFORMANT, }; /** Feature defaults. */ private static final Boolean[] FEATURE_DEFAULTS = { Boolean.TRUE, Boolean.FALSE, + Boolean.FALSE }; /** Recognized properties. */ @@ -138,6 +155,8 @@ public class XMLDocumentScannerImpl DTD_SCANNER, VALIDATION_MANAGER, NAMESPACE_CONTEXT, + ACCESS_EXTERNAL_DTD_PROPERTY, + ACCESS_EXTERNAL_SCHEMA_PROPERTY, }; /** Property defaults. */ @@ -145,6 +164,8 @@ public class XMLDocumentScannerImpl null, null, null, + null, + null, }; // @@ -157,7 +178,10 @@ public class XMLDocumentScannerImpl protected XMLDTDScanner fDTDScanner; /** Validation manager . */ protected ValidationManager fValidationManager; - + + /** Allowed external DTD protocols */ + protected String fAccessExternalDTD; + // protected data /** Scanning DTD. */ @@ -184,6 +208,12 @@ public class XMLDocumentScannerImpl /** Disallow doctype declaration. */ protected boolean fDisallowDoctype = false; + + /** + * standard uri conformant (strict uri). + * http://apache.org/xml/features/standard-uri-conformant + */ + protected boolean fStrictURI; // state @@ -298,6 +328,13 @@ public void reset(XMLComponentManager componentManager) catch (XMLConfigurationException e) { fDisallowDoctype = false; } + + try { + fStrictURI = componentManager.getFeature(STANDARD_URI_CONFORMANT); + } + catch (XMLConfigurationException e) { + fStrictURI = false; + } // xerces properties fDTDScanner = (XMLDTDScanner)componentManager.getProperty(DTD_SCANNER); @@ -317,6 +354,16 @@ public void reset(XMLComponentManager componentManager) } fNamespaceContext.reset(); + SecurityManager securityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER_PROPERTY); + if (securityManager != null) + { + fAccessExternalDTD = securityManager.getAccessExternalDTD(); + } + if (fAccessExternalDTD == null) + { + fAccessExternalDTD = "all"; + } + // setup dispatcher setScannerState(SCANNER_STATE_XML_DECL); setDispatcher(fXMLDeclDispatcher); @@ -603,6 +650,19 @@ protected boolean scanDoctypeDecl() throws IOException, XNIException { } // scanDoctypeDecl():boolean + /** + * Check the protocol used in the systemId against allowed protocols + * + * @param systemId the Id of the URI + * @param allowedProtocols a list of allowed protocols separated by comma + * @return the name of the protocol if rejected, null otherwise + */ + protected String checkAccess(String systemId, String allowedProtocols) throws IOException { + String baseSystemId = fEntityScanner.getBaseSystemId(); + String expandedSystemId = fEntityManager.expandSystemId(systemId, baseSystemId, fStrictURI); + return SecurityManager.checkAccess(expandedSystemId, allowedProtocols, "all"); + } + // // Private methods // @@ -662,6 +722,11 @@ public boolean dispatch(boolean complete) try { if (fEntityScanner.skipString(" fSecurityManager.getMaxElementDepth()) + { + String name = fCurrentElement.rawname != null ? fCurrentElement.rawname : ""; + reportFatalError("MaxElementDepthExceeded", new Object[]{name, fMarkupDepth, fSecurityManager.getMaxElementDepth()}); + } // NOTE: special case where document starts with a PI // whose name starts with "xml" (e.g. "xmlfoo") if (XMLChar.isName(fEntityScanner.peekChar())) { @@ -767,6 +832,11 @@ else if (fEntityScanner.skipChar('&')) { } case SCANNER_STATE_START_OF_MARKUP: { fMarkupDepth++; + if (fSecurityManager != null && fMarkupDepth > fSecurityManager.getMaxElementDepth()) + { + String name = fCurrentElement.rawname != null ? fCurrentElement.rawname : ""; + reportFatalError("MaxElementDepthExceeded", new Object[]{name, fMarkupDepth, fSecurityManager.getMaxElementDepth()}); + } if (fEntityScanner.skipChar('!')) { if (fEntityScanner.skipChar('-')) { if (!fEntityScanner.skipChar('-')) { @@ -836,6 +906,7 @@ else if (isValidNameStartHighSurrogate(fEntityScanner.peekChar())) { if (fDoctypeSystemId != null) { fIsEntityDeclaredVC = !fStandalone; if (((fValidation || fLoadExternalDTD) + && checkAccess(fDoctypeSystemId, fAccessExternalDTD) == null && (fValidationManager == null || !fValidationManager.isCachedDTD()))) { setScannerState(SCANNER_STATE_DTD_EXTERNAL); setDispatcher(fDTDDispatcher); @@ -845,6 +916,7 @@ else if (isValidNameStartHighSurrogate(fEntityScanner.peekChar())) { else if (fExternalSubsetSource != null) { fIsEntityDeclaredVC = !fStandalone; if (((fValidation || fLoadExternalDTD) + && checkAccess(fDoctypeSystemId, fAccessExternalDTD) == null && (fValidationManager == null || !fValidationManager.isCachedDTD()))) { // This handles the case of a DOCTYPE that had neither an internal subset or an external subset. fDTDScanner.setInputSource(fExternalSubsetSource); @@ -947,7 +1019,9 @@ public boolean dispatch(boolean complete) // REVISIT: Should there be a feature for // the "complete" parameter? boolean completeDTD = true; - boolean readExternalSubset = (fValidation || fLoadExternalDTD) && (fValidationManager == null || !fValidationManager.isCachedDTD()); + boolean readExternalSubset = (fValidation || fLoadExternalDTD) + && checkAccess(fDoctypeSystemId, fAccessExternalDTD) == null + && (fValidationManager == null || !fValidationManager.isCachedDTD()); boolean moreToScan = fDTDScanner.scanDTDInternalSubset(completeDTD, fStandalone, fHasExternalDTD && readExternalSubset); if (!moreToScan) { // end doctype declaration @@ -1249,6 +1323,11 @@ public boolean dispatch(boolean complete) } case SCANNER_STATE_START_OF_MARKUP: { fMarkupDepth++; + if (fSecurityManager != null && fMarkupDepth > fSecurityManager.getMaxElementDepth()) + { + String name = fCurrentElement.rawname != null ? fCurrentElement.rawname : ""; + reportFatalError("MaxElementDepthExceeded", new Object[]{name, fMarkupDepth, fSecurityManager.getMaxElementDepth()}); + } if (fEntityScanner.skipChar('?')) { setScannerState(SCANNER_STATE_PI); again = true; diff --git a/src/org/apache/xerces/impl/XMLEntityManager.java b/src/org/apache/xerces/impl/XMLEntityManager.java index b74173c2e..47495aae7 100644 --- a/src/org/apache/xerces/impl/XMLEntityManager.java +++ b/src/org/apache/xerces/impl/XMLEntityManager.java @@ -159,6 +159,14 @@ public class XMLEntityManager protected static final String SECURITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + /** property identifier: entity expansion limit. */ + protected static final String ENTITY_EXPANSION_LIMIT = + Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY; + + /** property identifier: entity expansion limit alternate. */ + protected static final String ENTITY_EXPANSION_LIMIT2 = + Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY2; + // recognized features and properties /** Recognized features. */ @@ -189,6 +197,8 @@ public class XMLEntityManager VALIDATION_MANAGER, BUFFER_SIZE, SECURITY_MANAGER, + ENTITY_EXPANSION_LIMIT, + ENTITY_EXPANSION_LIMIT2 }; /** Property defaults. */ @@ -199,6 +209,8 @@ public class XMLEntityManager null, new Integer(DEFAULT_BUFFER_SIZE), null, + new Integer(-1), + new Integer(-1) }; private static final String XMLEntity = "[xml]".intern(); @@ -1500,6 +1512,20 @@ public void setProperty(String propertyId, Object value) fSecurityManager = (SecurityManager)value; fEntityExpansionLimit = (fSecurityManager != null)?fSecurityManager.getEntityExpansionLimit():0; } + // Property value overrides SecurityManager value. + if (suffixLength == Constants.ENTITY_EXPANSION_LIMIT_PROPERTY.length() && + propertyId.endsWith(Constants.ENTITY_EXPANSION_LIMIT_PROPERTY) + || suffixLength == Constants.ENTITY_EXPANSION_LIMIT_PROPERTY2.length() && + propertyId.endsWith(Constants.ENTITY_EXPANSION_LIMIT_PROPERTY2)) { + if (value instanceof Integer) + { + fEntityExpansionLimit = (Integer) value; + } + else + { + fEntityExpansionLimit = Integer.parseInt((String) value); + } + } } } // setProperty(String,Object) diff --git a/src/org/apache/xerces/impl/XMLNSDocumentScannerImpl.java b/src/org/apache/xerces/impl/XMLNSDocumentScannerImpl.java index 8cb0332d2..b991322ab 100644 --- a/src/org/apache/xerces/impl/XMLNSDocumentScannerImpl.java +++ b/src/org/apache/xerces/impl/XMLNSDocumentScannerImpl.java @@ -155,6 +155,11 @@ protected boolean scanStartElement() boolean empty = false; fAttributes.removeAllAttributes(); do { + if (fSecurityManager != null && fAttributes.getLength() > fSecurityManager.getElementAttributeLimit()) + { + reportFatalError("ElementAttributeLimit", new Object[]{fCurrentElement, Integer.toString(fSecurityManager.getElementAttributeLimit())}); + } + // spaces boolean sawSpace = fEntityScanner.skipSpaces(); diff --git a/src/org/apache/xerces/impl/XMLScanner.java b/src/org/apache/xerces/impl/XMLScanner.java index 93f1074f9..fdd350f46 100644 --- a/src/org/apache/xerces/impl/XMLScanner.java +++ b/src/org/apache/xerces/impl/XMLScanner.java @@ -20,6 +20,7 @@ import java.io.IOException; import org.apache.xerces.impl.msg.XMLMessageFormatter; +import org.apache.xerces.util.SecurityManager; import org.apache.xerces.util.SymbolTable; import org.apache.xerces.util.XMLChar; import org.apache.xerces.util.XMLResourceIdentifierImpl; @@ -96,6 +97,10 @@ public abstract class XMLScanner protected static final String ENTITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY; + /** Property identifier: security manager. */ + protected static final String SECURITY_MANAGER = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + // debugging /** Debug attribute normalization. */ @@ -123,6 +128,8 @@ public abstract class XMLScanner /** Internal parser-settings feature */ protected boolean fParserSettings = true; + protected SecurityManager fSecurityManager; + // properties /** Symbol table. */ @@ -231,6 +238,7 @@ public void reset(XMLComponentManager componentManager) fSymbolTable = (SymbolTable)componentManager.getProperty(SYMBOL_TABLE); fErrorReporter = (XMLErrorReporter)componentManager.getProperty(ERROR_REPORTER); fEntityManager = (XMLEntityManager)componentManager.getProperty(ENTITY_MANAGER); + fSecurityManager = (SecurityManager)componentManager.getProperty(SECURITY_MANAGER); // sax features try { diff --git a/src/org/apache/xerces/impl/msg/XMLMessages.properties b/src/org/apache/xerces/impl/msg/XMLMessages.properties index 4545bf3a5..9e52481e8 100644 --- a/src/org/apache/xerces/impl/msg/XMLMessages.properties +++ b/src/org/apache/xerces/impl/msg/XMLMessages.properties @@ -306,4 +306,11 @@ #Application can set the limit of number of entities that should be expanded by the parser. EntityExpansionLimitExceeded=The parser has encountered more than \"{0}\" entity expansions in this document; this is the limit imposed by the application. +ElementAttributeLimit = Element "{0}" has more than "{1}" attributes, "{1}" is the limit imposed by JAXP security. +TotalEntitySizeLimitExceeded=The parser has encountered more than \"{0}\" bytes or characters within entities declared and referenced by this document; this is the limit imposed by the application. +MaxGeneralEntitySizeLimitExceeded=The parser has encountered more than \"{0}\" bytes or characters within a general entity; this is the limit imposed by the application. +MaxParameterEntitySizeLimitExceeded=The parser has encountered more than \"{0}\" bytes or characters within a parameter entity; this is the limit imposed by the application. +MaxElementDepthExceeded=The element \"{0}\" has a depth of \"{1}\" that exceeds the limit \"{2}\" set by "maxElementDepth". +ResolveExternalEntitiesPropertyIgnored=The property \"jdk.xml.resolveExternalEntities\" is ignored. It is replaced by \"javax.xml.accessExternalDTD\" and \"javax.xml.accessExternalSchema\" +schema_reference.access=Failed to read schema document \"{0}\", because \"{1}\" access is not allowed due to restriction set by the accessExternalSchema property. diff --git a/src/org/apache/xerces/impl/msg/XMLSchemaMessages.properties b/src/org/apache/xerces/impl/msg/XMLSchemaMessages.properties index fb96da655..b3c240d9a 100644 --- a/src/org/apache/xerces/impl/msg/XMLSchemaMessages.properties +++ b/src/org/apache/xerces/impl/msg/XMLSchemaMessages.properties @@ -318,3 +318,4 @@ jaxp12-schema-source-type.2 = The ''http://java.sun.com/xml/jaxp/properties/schemaSource'' property cannot have an array value of type ''{0}''. Possible types of the array supported are Object, String, File, InputStream and InputSource. jaxp12-schema-source-ns = When using an array of Objects as the value of the 'http://java.sun.com/xml/jaxp/properties/schemaSource' property, it is illegal to have two schemas that share the same target namespace. + schema_reference.access = Failed to read schema document \"{0}\", because \"{1}\" access is not allowed due to restriction set by the accessExternalSchema property. diff --git a/src/org/apache/xerces/impl/xs/SecuritySupport.java b/src/org/apache/xerces/impl/xs/SecuritySupport.java new file mode 100644 index 000000000..f71b90f0a --- /dev/null +++ b/src/org/apache/xerces/impl/xs/SecuritySupport.java @@ -0,0 +1,339 @@ +/* + * Copyright (c) 2011-2013, Oracle and/or its affiliates. All rights reserved. + * ORACLE PROPRIETARY/CONFIDENTIAL. Use is subject to license terms. + */ +/* + * Copyright 2002,2004 The Apache Software Foundation. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.impl.xs; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; +import java.util.Locale; +import java.util.MissingResourceException; +import java.util.Properties; +import java.util.PropertyResourceBundle; +import java.util.ResourceBundle; + +/** + * This class is duplicated for each subpackage so keep it in sync. + * It is package private and therefore is not exposed as part of any API. + * + * @xerces.internal + */ +public final class SecuritySupport { + + private static final SecuritySupport securitySupport = new SecuritySupport(); + + /** + * Return an instance of this class. + */ + public static SecuritySupport getInstance() { + return securitySupport; + } + + static ClassLoader getContextClassLoader() { + return (ClassLoader) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + ClassLoader cl = null; + try { + cl = Thread.currentThread().getContextClassLoader(); + } catch (SecurityException ex) { } + return cl; + } + }); + } + + static ClassLoader getSystemClassLoader() { + return (ClassLoader) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + ClassLoader cl = null; + try { + cl = ClassLoader.getSystemClassLoader(); + } catch (SecurityException ex) {} + return cl; + } + }); + } + + static ClassLoader getParentClassLoader(final ClassLoader cl) { + return (ClassLoader) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + ClassLoader parent = null; + try { + parent = cl.getParent(); + } catch (SecurityException ex) {} + + // eliminate loops in case of the boot + // ClassLoader returning itself as a parent + return (parent == cl) ? null : parent; + } + }); + } + + public static String getSystemProperty(final String propName) { + return (String) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + return System.getProperty(propName); + } + }); + } + + static FileInputStream getFileInputStream(final File file) + throws FileNotFoundException + { + try { + return (FileInputStream) + AccessController.doPrivileged(new PrivilegedExceptionAction() { + public Object run() throws FileNotFoundException { + return new FileInputStream(file); + } + }); + } catch (PrivilegedActionException e) { + throw (FileNotFoundException)e.getException(); + } + } +// /** +// * Return resource using the same classloader for the ObjectFactory by default +// * or bootclassloader when Security Manager is in place +// */ +// public static InputStream getResourceAsStream(final String name) { +// if (System.getSecurityManager()!=null) { +// return getResourceAsStream(null, name); +// } else { +// return getResourceAsStream(ObjectFactory.findClassLoader(), name); +// } +// } + + public static InputStream getResourceAsStream(final ClassLoader cl, + final String name) + { + return (InputStream) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + InputStream ris; + if (cl == null) { + ris = Object.class.getResourceAsStream("/"+name); + } else { + ris = cl.getResourceAsStream(name); + } + return ris; + } + }); + } + + /** + * Gets a resource bundle using the specified base name, the default locale, and the caller's class loader. + * @param bundle the base name of the resource bundle, a fully qualified class name + * @return a resource bundle for the given base name and the default locale + */ + public static ResourceBundle getResourceBundle(String bundle) { + return getResourceBundle(bundle, Locale.getDefault()); + } + + /** + * Gets a resource bundle using the specified base name and locale, and the caller's class loader. + * @param bundle the base name of the resource bundle, a fully qualified class name + * @param locale the locale for which a resource bundle is desired + * @return a resource bundle for the given base name and locale + */ + public static ResourceBundle getResourceBundle(final String bundle, final Locale locale) { + return AccessController.doPrivileged(new PrivilegedAction() { + public ResourceBundle run() { + try { + return PropertyResourceBundle.getBundle(bundle, locale); + } catch (MissingResourceException e) { + try { + return PropertyResourceBundle.getBundle(bundle, new Locale("en", "US")); + } catch (MissingResourceException e2) { + throw new MissingResourceException( + "Could not load any resource bundle by " + bundle, bundle, ""); + } + } + } + }); + } + + static boolean getFileExists(final File f) { + return ((Boolean) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + return f.exists() ? Boolean.TRUE : Boolean.FALSE; + } + })).booleanValue(); + } + + static long getLastModified(final File f) { + return ((Long) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + return new Long(f.lastModified()); + } + })).longValue(); + } + + /** + * Strip off path from an URI + * + * @param uri an URI with full path + * @return the file name only + */ + public static String sanitizePath(String uri) { + if (uri == null) { + return ""; + } + int i = uri.lastIndexOf("/"); + if (i > 0) { + return uri.substring(i+1, uri.length()); + } + return uri; + } + + /** + * Check the protocol used in the systemId against allowed protocols + * + * @param systemId the Id of the URI + * @param allowedProtocols a list of allowed protocols separated by comma + * @param accessAny keyword to indicate allowing any protocol + * @return the name of the protocol if rejected, null otherwise + */ + public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException { + if (systemId == null || (allowedProtocols != null && + allowedProtocols.equalsIgnoreCase(accessAny))) { + return null; + } + + String protocol; + if (systemId.indexOf(":")==-1) { + protocol = "file"; + } else { + URL url = new URL(systemId); + protocol = url.getProtocol(); + if (protocol.equalsIgnoreCase("jar")) { + String path = url.getPath(); + protocol = path.substring(0, path.indexOf(":")); + } + } + + if (isProtocolAllowed(protocol, allowedProtocols)) { + //access allowed + return null; + } else { + return protocol; + } + } + + /** + * Check if the protocol is in the allowed list of protocols. The check + * is case-insensitive while ignoring whitespaces. + * + * @param protocol a protocol + * @param allowedProtocols a list of allowed protocols + * @return true if the protocol is in the list + */ + private static boolean isProtocolAllowed(String protocol, String allowedProtocols) { + if (allowedProtocols == null) { + return false; + } + String temp[] = allowedProtocols.split(","); + for (String t : temp) { + t = t.trim(); + if (t.equalsIgnoreCase(protocol)) { + return true; + } + } + return false; + } + + /** + * Read JAXP system property in this order: system property, + * $java.home/lib/jaxp.properties if the system property is not specified + * + * @param propertyId the Id of the property + * @return the value of the property + */ + public static String getJAXPSystemProperty(String sysPropertyId) { + String accessExternal = getSystemProperty(sysPropertyId); + if (accessExternal == null) { + accessExternal = readJAXPProperty(sysPropertyId); + } + return accessExternal; + } + + /** + * Read from $java.home/lib/jaxp.properties for the specified property + * The program + * + * @param propertyId the Id of the property + * @return the value of the property + */ + static String readJAXPProperty(String propertyId) { + String value = null; + InputStream is = null; + try { + if (firstTime) { + synchronized (cacheProps) { + if (firstTime) { + String configFile = getSystemProperty("java.home") + File.separator + + "lib" + File.separator + "jaxp.properties"; + File f = new File(configFile); + if (getFileExists(f)) { + is = getFileInputStream(f); + cacheProps.load(is); + } + firstTime = false; + } + } + } + value = cacheProps.getProperty(propertyId); + + } + catch (Exception ex) {} + finally { + if (is != null) { + try { + is.close(); + } catch (IOException ex) {} + } + } + + return value; + } + + /** + * Cache for properties in java.home/lib/jaxp.properties + */ + static final Properties cacheProps = new Properties(); + + /** + * Flag indicating if the program has tried reading java.home/lib/jaxp.properties + */ + static volatile boolean firstTime = true; + + private SecuritySupport () {} +} diff --git a/src/org/apache/xerces/impl/xs/XMLSchemaLoader.java b/src/org/apache/xerces/impl/xs/XMLSchemaLoader.java index 60be549e1..c1efdefe7 100644 --- a/src/org/apache/xerces/impl/xs/XMLSchemaLoader.java +++ b/src/org/apache/xerces/impl/xs/XMLSchemaLoader.java @@ -48,6 +48,7 @@ import org.apache.xerces.util.DefaultErrorHandler; import org.apache.xerces.util.MessageFormatter; import org.apache.xerces.util.ParserConfigurationSettings; +import org.apache.xerces.util.SecurityManager; import org.apache.xerces.util.SymbolTable; import org.apache.xerces.util.XMLSymbols; import org.apache.xerces.util.URI.MalformedURIException; @@ -150,6 +151,10 @@ public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElemen protected static final String SCHEMA_DV_FACTORY = Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY; + /** Property identifier: access external schema */ + private static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; + // recognized features: private static final String[] RECOGNIZED_FEATURES = { SCHEMA_FULL_CHECKING, @@ -207,7 +212,10 @@ public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElemen Constants.XERCES_PROPERTY_PREFIX + Constants.LOCALE_PROPERTY; protected static final String ENTITY_MANAGER = - Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY; + Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_MANAGER_PROPERTY; + + private static final String MAX_OCCUR_LIMIT = + Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_OCCUR_LIMIT; // recognized properties private static final String [] RECOGNIZED_PROPERTIES = { @@ -222,7 +230,8 @@ public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElemen JAXP_SCHEMA_SOURCE, SECURITY_MANAGER, LOCALE, - SCHEMA_DV_FACTORY + SCHEMA_DV_FACTORY, + MAX_OCCUR_LIMIT }; // Data @@ -243,6 +252,8 @@ public class XMLSchemaLoader implements XMLGrammarLoader, XMLComponent, XSElemen private boolean fJAXPProcessed = false; // if features/properties has not been changed, the value of this attribute is "false" private boolean fSettingsChanged = true; + // permissible protocols for accessing external schemas + private String fAccessExternalSchema; // xml schema parsing private XSDHandler fSchemaHandler; @@ -543,7 +554,7 @@ public Grammar loadGrammar(XMLInputSource source) // We don't call tokenizeSchemaLocationStr here, because we also want // to check whether the values are valid URI. processExternalHints(fExternalSchemas, fExternalNoNSSchema, - locationPairs, fErrorReporter); + locationPairs, fAccessExternalSchema, fErrorReporter); SchemaGrammar grammar = loadSchema(desc, source, locationPairs); if(grammar != null && fGrammarPool != null) { @@ -577,6 +588,16 @@ SchemaGrammar loadSchema(XSDDescription desc, if(!fJAXPProcessed) { processJAXPSchemaSource(locationPairs); } + + if (desc.isExternal()) { + String accessError = SecurityManager.checkAccess(desc.getExpandedSystemId(), fAccessExternalSchema, "all"); + if (accessError != null) { + throw new XNIException(fErrorReporter.reportError(XSMessageFormatter.SCHEMA_DOMAIN, + "schema_reference.access", + new Object[] { SecuritySupport.sanitizePath(desc.getExpandedSystemId()), accessError }, XMLErrorReporter.SEVERITY_ERROR)); + } + } + SchemaGrammar grammar = fSchemaHandler.parseSchema(source, desc, locationPairs); return grammar; @@ -627,7 +648,7 @@ public static XMLInputSource resolveDocument(XSDDescription desc, Hashtable loca // add external schema locations to the location pairs public static void processExternalHints(String sl, String nsl, Hashtable locations, - XMLErrorReporter er) { + String accessExternalSchema, XMLErrorReporter er) { if (sl != null) { try { // get the attribute decl for xsi:schemaLocation @@ -636,7 +657,7 @@ public static void processExternalHints(String sl, String nsl, XSAttributeDecl attrDecl = SchemaGrammar.SG_XSI.getGlobalAttributeDecl(SchemaSymbols.XSI_SCHEMALOCATION); // validation the string value to get the list of URI's attrDecl.fType.validate(sl, null, null); - if (!tokenizeSchemaLocationStr(sl, locations, null)) { + if (!tokenizeSchemaLocationStr(sl, locations, null, accessExternalSchema)) { // report warning (odd number of items) er.reportError(XSMessageFormatter.SCHEMA_DOMAIN, "SchemaLocation", @@ -679,7 +700,7 @@ public static void processExternalHints(String sl, String nsl, // @param schemaStr The schemaLocation string to tokenize // @param locations Hashtable mapping namespaces to LocationArray objects holding lists of locaitons // @return true if no problems; false if string could not be tokenized - public static boolean tokenizeSchemaLocationStr(String schemaStr, Hashtable locations, String base) { + public static boolean tokenizeSchemaLocationStr(String schemaStr, Hashtable locations, String base, String accessExternalSchema) { if (schemaStr!= null) { StringTokenizer t = new StringTokenizer(schemaStr, " \n\t\r"); String namespace, location; @@ -689,6 +710,19 @@ public static boolean tokenizeSchemaLocationStr(String schemaStr, Hashtable loca return false; // error! } location = t.nextToken(); + try { + String expandedLocation = XMLEntityManager.expandSystemId(location, "", true); + String protocol = SecurityManager.checkAccess(expandedLocation, accessExternalSchema, "all"); + if (protocol != null) + { + continue; + } + } catch (MalformedURIException e1) { + continue; + } catch (IOException e) { + continue; + } + LocationArray la = ((LocationArray)locations.get(namespace)); if(la == null) { la = new LocationArray(); @@ -1009,6 +1043,22 @@ public void reset(XMLComponentManager componentManager) throws XMLConfigurationE fExternalSchemas = null; fExternalNoNSSchema = null; } + + // get permissible protocols for external schemas + try { + fAccessExternalSchema = (String) componentManager.getProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY); + } catch (XMLConfigurationException e) { + // + } + + SecurityManager securityManager = (SecurityManager) componentManager.getProperty(SECURITY_MANAGER); + if (securityManager != null) { + fAccessExternalSchema = securityManager.getAccessExternalSchema(); + } + if (fAccessExternalSchema == null) { + fAccessExternalSchema = "all"; + } + // get JAXP sources if available try { fJAXPSource = componentManager.getProperty(JAXP_SCHEMA_SOURCE); diff --git a/src/org/apache/xerces/impl/xs/XMLSchemaValidator.java b/src/org/apache/xerces/impl/xs/XMLSchemaValidator.java index 19b1a508c..735180a43 100644 --- a/src/org/apache/xerces/impl/xs/XMLSchemaValidator.java +++ b/src/org/apache/xerces/impl/xs/XMLSchemaValidator.java @@ -53,6 +53,7 @@ import org.apache.xerces.impl.xs.models.XSCMValidator; import org.apache.xerces.util.AugmentationsImpl; import org.apache.xerces.util.IntStack; +import org.apache.xerces.util.SecurityManager; import org.apache.xerces.util.SymbolTable; import org.apache.xerces.util.XMLAttributesImpl; import org.apache.xerces.util.XMLChar; @@ -253,6 +254,14 @@ public class XMLSchemaValidator protected static final String SCHEMA_DV_FACTORY = Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_DV_FACTORY_PROPERTY; + /** Property identifier: Security property manager. */ + protected static final String SECURITY_MANAGER_PROPERTY = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + + /** Property identifier: access external schema */ + private static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; + // recognized features and properties /** Recognized features. */ @@ -1292,6 +1301,12 @@ public void endGeneralEntity(String name, Augmentations augs) throws XNIExceptio // used to apply default/fixed values // only need to check id/idref/entity, so we set checkFacets to false private ValidationState fState4ApplyDefault = new ValidationState(); + + /** Valid protocols for loading schemas */ + private String fAccessExternalSchema; + + /** SecurityManager */ + private SecurityManager fSecurityManager; // identity constraint information @@ -1381,6 +1396,28 @@ public void reset(XMLComponentManager componentManager) throws XMLConfigurationE parser_settings = true; } + try { + fSecurityManager = (SecurityManager) componentManager.getProperty(SECURITY_MANAGER_PROPERTY); + } catch (XMLConfigurationException e) + { + fSecurityManager = null; + } + + try { + fAccessExternalSchema = (String) componentManager.getProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY); + } catch (XMLConfigurationException e) { + // + } + if (fAccessExternalSchema == null) { + SecurityManager securityManager = (SecurityManager) componentManager.getProperty(SECURITY_MANAGER_PROPERTY); + if (securityManager != null) { + fAccessExternalSchema = securityManager.getAccessExternalSchema(); + } + if (fAccessExternalSchema == null) { + fAccessExternalSchema = "all"; + } + } + if (!parser_settings) { // parser settings have not been changed fValidationManager.addValidationState(fValidationState); @@ -1391,6 +1428,7 @@ public void reset(XMLComponentManager componentManager) throws XMLConfigurationE fExternalSchemas, fExternalNoNamespaceSchema, fLocationPairs, + fAccessExternalSchema, fXSIErrorReporter.fErrorReporter); return; } @@ -1568,6 +1606,7 @@ else if (rootDecl instanceof javax.xml.namespace.QName) { fExternalSchemas, fExternalNoNamespaceSchema, fLocationPairs, + fAccessExternalSchema, fXSIErrorReporter.fErrorReporter); try { @@ -2604,7 +2643,7 @@ Augmentations getEmptyAugs(Augmentations augs) { void storeLocations(String sLocation, String nsLocation) { if (sLocation != null) { - if (!XMLSchemaLoader.tokenizeSchemaLocationStr(sLocation, fLocationPairs, fLocator == null ? null : fLocator.getExpandedSystemId())) { + if (!XMLSchemaLoader.tokenizeSchemaLocationStr(sLocation, fLocationPairs, fLocator == null ? null : fLocator.getExpandedSystemId(), fAccessExternalSchema)) { // error! fXSIErrorReporter.reportError( XSMessageFormatter.SCHEMA_DOMAIN, diff --git a/src/org/apache/xerces/impl/xs/XSDDescription.java b/src/org/apache/xerces/impl/xs/XSDDescription.java index 2253bf4e1..c3699493a 100644 --- a/src/org/apache/xerces/impl/xs/XSDDescription.java +++ b/src/org/apache/xerces/impl/xs/XSDDescription.java @@ -178,6 +178,18 @@ public boolean fromInstance() { fContextType == CONTEXT_XSITYPE; } + /** + * @return true is the schema is external + */ + public boolean isExternal() { + return fContextType == CONTEXT_INCLUDE || + fContextType == CONTEXT_REDEFINE || + fContextType == CONTEXT_IMPORT || + fContextType == CONTEXT_ELEMENT || + fContextType == CONTEXT_ATTRIBUTE || + fContextType == CONTEXT_XSITYPE; + } + /** * Compares this grammar with the given grammar. Currently, we compare * the target namespaces. diff --git a/src/org/apache/xerces/impl/xs/traversers/XSAttributeChecker.java b/src/org/apache/xerces/impl/xs/traversers/XSAttributeChecker.java index 0cab232a8..fe38c4e8f 100644 --- a/src/org/apache/xerces/impl/xs/traversers/XSAttributeChecker.java +++ b/src/org/apache/xerces/impl/xs/traversers/XSAttributeChecker.java @@ -1169,6 +1169,38 @@ else if (SchemaSymbols.ATT_XML_LANG.equals(attrName) && int min = ((XInt)attrValues[ATTIDX_MINOCCURS]).intValue(); int max = ((XInt)attrValues[ATTIDX_MAXOCCURS]).intValue(); if (max != SchemaSymbols.OCCURRENCE_UNBOUNDED) { + + // maxOccurLimit is only checked in secure mode + if (fSchemaHandler.fSecurityManager != null) { + String localName = element.getLocalName(); + + // The maxOccurs restriction no longer applies to elements + // and wildcards in a sequence in which they are the only + // particle. These are now validated using a constant + // space algorithm. The restriction still applies to all + // other cases. + + // Determine if constant-space algorithm can be applied + final boolean optimize = + (localName.equals("element") || localName.equals("any")) && + (element.getNextSibling() == null) && + (element.getPreviousSibling() == null) && + (element.getParentNode().getLocalName().equals("sequence")); + + if (!optimize) { + // Revisit :: IMO this is not right place to check + // maxOccurNodeLimit. Comment from jdk. + int maxOccurNodeLimit = fSchemaHandler.fSecurityManager.getMaxOccurNodeLimit(); + if (max > maxOccurNodeLimit) { + reportSchemaError("maxOccurLimit", new Object[] {new Integer(maxOccurNodeLimit)}, element); + + // reset max values in case processing continues on error + attrValues[ATTIDX_MAXOCCURS] = fXIntPool.getXInt(maxOccurNodeLimit); + max = maxOccurNodeLimit; + } + } + } + if (min > max) { reportSchemaError ("p-props-correct.2.1", new Object[] {elName, attrValues[ATTIDX_MINOCCURS], attrValues[ATTIDX_MAXOCCURS]}, diff --git a/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java b/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java index e05409d6e..1cd0aeda7 100644 --- a/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java +++ b/src/org/apache/xerces/impl/xs/traversers/XSDHandler.java @@ -65,6 +65,7 @@ import org.apache.xerces.util.DefaultErrorHandler; import org.apache.xerces.util.ErrorHandlerWrapper; import org.apache.xerces.util.SAXInputSource; +import org.apache.xerces.util.SecurityManager; import org.apache.xerces.util.StAXInputSource; import org.apache.xerces.util.StAXLocationWrapper; import org.apache.xerces.util.SymbolHash; @@ -215,6 +216,9 @@ public class XSDHandler { protected static final boolean DEBUG_NODE_POOL = false; + private static final String SECURE_PROCESSING = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + // Data // different sorts of declarations; should make lookup and @@ -444,6 +448,8 @@ private String doc2SystemId(Element ele) { private XSElementDecl [] fKeyrefElems = new XSElementDecl [INIT_KEYREF_STACK]; private String [][] fKeyrefNamespaceContext = new String[INIT_KEYREF_STACK][1]; + protected SecurityManager fSecurityManager; + // global decls: map from decl name to decl object SymbolHash fGlobalAttrDecls = new SymbolHash(); SymbolHash fGlobalAttrGrpDecls = new SymbolHash(); @@ -3473,6 +3479,8 @@ public void reset(XMLComponentManager componentManager) { // set symbol table fSymbolTable = (SymbolTable) componentManager.getProperty(SYMBOL_TABLE); + fSecurityManager = (SecurityManager) componentManager.getProperty(SECURITY_MANAGER); + //set entity resolver fEntityResolver = (XMLEntityResolver) componentManager.getProperty(ENTITY_MANAGER); XMLEntityResolver er = (XMLEntityResolver)componentManager.getProperty(ENTITY_RESOLVER); diff --git a/src/org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.java b/src/org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.java index 22d36341b..54199b730 100644 --- a/src/org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.java +++ b/src/org/apache/xerces/jaxp/DocumentBuilderFactoryImpl.java @@ -28,6 +28,7 @@ import org.apache.xerces.impl.Constants; import org.apache.xerces.parsers.DOMParser; import org.apache.xerces.util.SAXMessageFormatter; +import org.apache.xerces.util.SecurityManager; import org.xml.sax.SAXException; import org.xml.sax.SAXNotRecognizedException; import org.xml.sax.SAXNotSupportedException; @@ -74,9 +75,9 @@ public class DocumentBuilderFactoryImpl extends DocumentBuilderFactory { private boolean isXIncludeAware; /** - * State of the secure processing feature, initially false + * State of the secure processing feature, initially true */ - private boolean fSecureProcess = false; + private boolean fSecureProcess = true; /** * Creates a new instance of a {@link javax.xml.parsers.DocumentBuilder} @@ -164,7 +165,7 @@ public Object getAttribute(String name) // We create a dummy DocumentBuilderImpl in case the attribute // name is not one that is in the attributes hashtable. domParser = - new DocumentBuilderImpl(this, attributes, features).getDOMParser(); + new DocumentBuilderImpl(this, attributes, features, fSecureProcess).getDOMParser(); return domParser.getProperty(name); } catch (SAXException se1) { // assert(name is not recognized or not supported), try feature diff --git a/src/org/apache/xerces/jaxp/DocumentBuilderImpl.java b/src/org/apache/xerces/jaxp/DocumentBuilderImpl.java index bb2305254..014c81142 100644 --- a/src/org/apache/xerces/jaxp/DocumentBuilderImpl.java +++ b/src/org/apache/xerces/jaxp/DocumentBuilderImpl.java @@ -32,7 +32,6 @@ import org.apache.xerces.impl.xs.XMLSchemaValidator; import org.apache.xerces.jaxp.validation.XSGrammarPoolContainer; import org.apache.xerces.parsers.DOMParser; -import org.apache.xerces.util.SecurityManager; import org.apache.xerces.xni.XMLDocumentHandler; import org.apache.xerces.xni.parser.XMLComponent; import org.apache.xerces.xni.parser.XMLComponentManager; @@ -114,7 +113,7 @@ public class DocumentBuilderImpl extends DocumentBuilder DocumentBuilderImpl(DocumentBuilderFactoryImpl dbf, Hashtable dbfAttrs, Hashtable features, boolean secureProcessing) throws SAXNotRecognizedException, SAXNotSupportedException { - domParser = new DOMParser(); + domParser = new DOMParser(secureProcessing); // If validating, provide a default ErrorHandler that prints // validation errors with a warning telling the user to set an @@ -149,11 +148,6 @@ public class DocumentBuilderImpl extends DocumentBuilder domParser.setFeature(XINCLUDE_FEATURE, true); } - // If the secure processing feature is on set a security manager. - if (secureProcessing) { - domParser.setProperty(SECURITY_MANAGER, new SecurityManager()); - } - this.grammar = dbf.getSchema(); if (grammar != null) { XMLParserConfiguration config = domParser.getXMLParserConfiguration(); @@ -355,11 +349,11 @@ public void reset() { } } - // package private - DOMParser getDOMParser() { + public DOMParser getDOMParser() { return domParser; } - + + // package private private void resetSchemaValidator() throws SAXException { try { fSchemaValidator.reset(fSchemaValidatorComponentManager); diff --git a/src/org/apache/xerces/jaxp/ObjectFactory.java b/src/org/apache/xerces/jaxp/ObjectFactory.java new file mode 100644 index 000000000..11ab12132 --- /dev/null +++ b/src/org/apache/xerces/jaxp/ObjectFactory.java @@ -0,0 +1,336 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.jaxp; + +import java.io.BufferedReader; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.util.Properties; + +/** + * This class is duplicated for each JAXP subpackage so keep it in sync. + * It is package private and therefore is not exposed as part of the JAXP + * API. + *

+ * This code is designed to implement the JAXP 1.1 spec pluggability + * feature and is designed to run on JDK version 1.1 and + * later, and to compile on JDK 1.2 and onward. + * The code also runs both as part of an unbundled jar file and + * when bundled as part of the JDK. + *

+ * + * @xerces.internal + * + * @version $Id$ + */ +final class ObjectFactory { + + // + // Constants + // + + // name of default properties file to look for in JDK's jre/lib directory + private static final String DEFAULT_PROPERTIES_FILENAME = "xerces.properties"; + + /** Set to true for debugging */ + private static final boolean DEBUG = isDebugEnabled(); + + /** + * Default columns per line. + */ + private static final int DEFAULT_LINE_LENGTH = 80; + + /** cache the contents of the xerces.properties file. + * Until an attempt has been made to read this file, this will + * be null; if the file does not exist or we encounter some other error + * during the read, this will be empty. + */ + private static Properties fXercesProperties = null; + + /*** + * Cache the time stamp of the xerces.properties file so + * that we know if it's been modified and can invalidate + * the cache when necessary. + */ + private static long fLastModified = -1; + + // + // static methods + // + + /** + * Finds the implementation Class object in the specified order. The + * specified order is the following: + *

    + *
  1. query the system property using System.getProperty + *
  2. read META-INF/services/factoryId file + *
  3. use fallback classname + *
+ * + * @return Class object of factory, never null + * + * @param factoryId Name of the factory to find, same as + * a property name + * @param fallbackClassName Implementation class name, if nothing else + * is found. Use null to mean no fallback. + * + * @exception ObjectFactory.ConfigurationError + */ + static Object createObject(String factoryId, String fallbackClassName) + throws ConfigurationError { + return createObject(factoryId, null, fallbackClassName); + } // createObject(String,String):Object + + /** + * Finds the implementation Class object in the specified order. The + * specified order is the following: + *
    + *
  1. query the system property using System.getProperty + *
  2. read $java.home/lib/propertiesFilename file + *
  3. read META-INF/services/factoryId file + *
  4. use fallback classname + *
+ * + * @return Class object of factory, never null + * + * @param factoryId Name of the factory to find, same as + * a property name + * @param propertiesFilename The filename in the $java.home/lib directory + * of the properties file. If none specified, + * ${java.home}/lib/xerces.properties will be used. + * @param fallbackClassName Implementation class name, if nothing else + * is found. Use null to mean no fallback. + * + * @exception ObjectFactory.ConfigurationError + */ + static Object createObject(String factoryId, + String propertiesFilename, + String fallbackClassName) + throws ConfigurationError + { + try { + return Class.forName(fallbackClassName).newInstance(); + } catch (Exception e) { + throw new ConfigurationError(e.getMessage(), e); + } + } // createObject(String,String,String):Object + + // + // Private static methods + // + + /** Returns true if debug has been enabled. */ + private static boolean isDebugEnabled() { + try { + String val = SecuritySupport.getSystemProperty("xerces.debug"); + // Allow simply setting the prop to turn on debug + return (val != null && (!"false".equals(val))); + } + catch (SecurityException se) {} + return false; + } // isDebugEnabled() + + /** Prints a message to standard error if debugging is enabled. */ + private static void debugPrintln(String msg) { + if (DEBUG) { + System.err.println("XERCES: " + msg); + } + } // debugPrintln(String) + + /** + * Figure out which ClassLoader to use. For JDK 1.2 and later use + * the context ClassLoader. + */ + static ClassLoader findClassLoader() + throws ConfigurationError + { + return ObjectFactory.class.getClassLoader(); + } // findClassLoader():ClassLoader + + /** + * Create an instance of a class using the specified ClassLoader + */ + static Object newInstance(String className, ClassLoader cl, + boolean doFallback) + throws ConfigurationError + { + // assert(className != null); + try{ + Class providerClass = findProviderClass(className, cl, doFallback); + Object instance = providerClass.newInstance(); + if (DEBUG) debugPrintln("created new instance of " + providerClass + + " using ClassLoader: " + cl); + return instance; + } catch (ClassNotFoundException x) { + throw new ConfigurationError( + "Provider " + className + " not found", x); + } catch (Exception x) { + throw new ConfigurationError( + "Provider " + className + " could not be instantiated: " + x, + x); + } + } + + /** + * Find a Class using the specified ClassLoader + */ + static Class findProviderClass(String className, ClassLoader cl, + boolean doFallback) + throws ClassNotFoundException, ConfigurationError + { + return Class.forName(className); + } + + /* + * Try to find provider using Jar Service Provider Mechanism + * + * @return instance of provider class if found or null + */ + private static Object findJarServiceProvider(String factoryId) + throws ConfigurationError + { + String serviceId = "META-INF/services/" + factoryId; + InputStream is = null; + + // First try the Context ClassLoader + ClassLoader cl = findClassLoader(); + + is = SecuritySupport.getResourceAsStream(cl, serviceId); + + // If no provider found then try the current ClassLoader + if (is == null) { + ClassLoader current = ObjectFactory.class.getClassLoader(); + if (cl != current) { + cl = current; + is = SecuritySupport.getResourceAsStream(cl, serviceId); + } + } + + if (is == null) { + // No provider found + return null; + } + + if (DEBUG) debugPrintln("found jar resource=" + serviceId + + " using ClassLoader: " + cl); + + // Read the service provider name in UTF-8 as specified in + // the jar spec. Unfortunately this fails in Microsoft + // VJ++, which does not implement the UTF-8 + // encoding. Theoretically, we should simply let it fail in + // that case, since the JVM is obviously broken if it + // doesn't support such a basic standard. But since there + // are still some users attempting to use VJ++ for + // development, we have dropped in a fallback which makes a + // second attempt using the platform's default encoding. In + // VJ++ this is apparently ASCII, which is a subset of + // UTF-8... and since the strings we'll be reading here are + // also primarily limited to the 7-bit ASCII range (at + // least, in English versions), this should work well + // enough to keep us on the air until we're ready to + // officially decommit from VJ++. [Edited comment from + // jkesselm] + BufferedReader rd; + try { + rd = new BufferedReader(new InputStreamReader(is, "UTF-8"), DEFAULT_LINE_LENGTH); + } catch (java.io.UnsupportedEncodingException e) { + rd = new BufferedReader(new InputStreamReader(is), DEFAULT_LINE_LENGTH); + } + + String factoryClassName = null; + try { + // XXX Does not handle all possible input as specified by the + // Jar Service Provider specification + factoryClassName = rd.readLine(); + } catch (IOException x) { + // No provider found + return null; + } + finally { + try { + // try to close the reader. + rd.close(); + } + // Ignore the exception. + catch (IOException exc) {} + } + + if (factoryClassName != null && + ! "".equals(factoryClassName)) { + if (DEBUG) debugPrintln("found in resource, value=" + + factoryClassName); + + // Note: here we do not want to fall back to the current + // ClassLoader because we want to avoid the case where the + // resource file was found using one ClassLoader and the + // provider class was instantiated using a different one. + return newInstance(factoryClassName, cl, false); + } + + // No provider found + return null; + } + + // + // Classes + // + + /** + * A configuration error. + */ + static final class ConfigurationError + extends Error { + + /** Serialization version. */ + static final long serialVersionUID = 1914065341994951202L; + + // + // Data + // + + /** Exception. */ + private Exception exception; + + // + // Constructors + // + + /** + * Construct a new instance with the specified detail string and + * exception. + */ + ConfigurationError(String msg, Exception x) { + super(msg); + this.exception = x; + } // (String,Exception) + + // + // methods + // + + /** Returns the exception associated to this error. */ + Exception getException() { + return exception; + } // getException():Exception + + } // class ConfigurationError + +} // class ObjectFactory diff --git a/src/org/apache/xerces/jaxp/SAXParserFactoryImpl.java b/src/org/apache/xerces/jaxp/SAXParserFactoryImpl.java index ef2e47cb9..e1b68f267 100644 --- a/src/org/apache/xerces/jaxp/SAXParserFactoryImpl.java +++ b/src/org/apache/xerces/jaxp/SAXParserFactoryImpl.java @@ -59,9 +59,9 @@ public class SAXParserFactoryImpl extends SAXParserFactory { private boolean isXIncludeAware; /** - * State of the secure processing feature, initially false + * State of the secure processing feature, initially true */ - private boolean fSecureProcess = false; + private boolean fSecureProcess = true; /** * Creates a new instance of SAXParser using the currently @@ -91,7 +91,7 @@ private SAXParserImpl newSAXParserImpl() SAXParserImpl saxParserImpl; try { - saxParserImpl = new SAXParserImpl(this, features); + saxParserImpl = new SAXParserImpl(this, features, fSecureProcess); } catch (SAXNotSupportedException e) { throw e; } catch (SAXNotRecognizedException e) { diff --git a/src/org/apache/xerces/jaxp/SAXParserImpl.java b/src/org/apache/xerces/jaxp/SAXParserImpl.java index 3218b2ad6..27d0e390f 100644 --- a/src/org/apache/xerces/jaxp/SAXParserImpl.java +++ b/src/org/apache/xerces/jaxp/SAXParserImpl.java @@ -87,6 +87,14 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser /** Property identifier: security manager. */ private static final String SECURITY_MANAGER = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + + /** Property identifier: access external DTD */ + private static final String ACCESS_EXTERNAL_DTD_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_DTD; + + /** Property identifier: access external schema */ + private static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; private final JAXPSAXParser xmlReader; private String schemaLanguage = null; // null means DTD @@ -109,7 +117,7 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser */ SAXParserImpl(SAXParserFactoryImpl spf, Hashtable features) throws SAXException { - this(spf, features, false); + this(spf, features, true); } /** @@ -120,7 +128,7 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser throws SAXException { // Instantiate a SAXParser directly and not through SAX so that we use the right ClassLoader - xmlReader = new JAXPSAXParser(this); + xmlReader = new JAXPSAXParser(this, secureProcessing); // JAXP "namespaceAware" == SAX Namespaces feature // Note: there is a compatibility problem here with default values: @@ -139,11 +147,6 @@ public class SAXParserImpl extends javax.xml.parsers.SAXParser xmlReader.setFeature0(XINCLUDE_FEATURE, true); } - // If the secure processing feature is on set a security manager. - if (secureProcessing) { - xmlReader.setProperty0(SECURITY_MANAGER, new SecurityManager()); - } - // Set application's features, followed by validation features. setFeatures(features); @@ -364,14 +367,28 @@ public static class JAXPSAXParser extends org.apache.xerces.parsers.SAXParser { private final HashMap fInitFeatures = new HashMap(); private final HashMap fInitProperties = new HashMap(); private final SAXParserImpl fSAXParser; + private SecurityManager fSecurityManager; public JAXPSAXParser() { - this(null); + this(null, true); + } + + public JAXPSAXParser(SAXParserImpl saxParser) + { + this(saxParser, true); } - JAXPSAXParser(SAXParserImpl saxParser) { - super(); + JAXPSAXParser(SAXParserImpl saxParser, boolean secureProcessing) { + super((XMLParserConfiguration)ObjectFactory.createObject( + "org.apache.xerces.xni.parser.XMLParserConfiguration", + secureProcessing ? "org.apache.xerces.parsers.SecureProcessingConfiguration" : + "org.apache.xerces.parsers.XIncludeAwareParserConfiguration" + )); fSAXParser = saxParser; + fSecurityManager = (SecurityManager) fConfiguration.getProperty(SECURITY_MANAGER); + if (fSecurityManager == null) { + fSecurityManager = new SecurityManager(); + } } /** @@ -445,6 +462,11 @@ public synchronized void setProperty(String name, Object value) // TODO: Add localized error message. throw new NullPointerException(); } + + if (fSecurityManager.setIfManagedBySecurityManager(name, value)) { + return; + } + if (fSAXParser != null) { // JAXP 1.2 support if (JAXP_SCHEMA_LANGUAGE.equals(name)) { diff --git a/src/org/apache/xerces/jaxp/SecuritySupport.java b/src/org/apache/xerces/jaxp/SecuritySupport.java new file mode 100644 index 000000000..e978b66f3 --- /dev/null +++ b/src/org/apache/xerces/jaxp/SecuritySupport.java @@ -0,0 +1,141 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.jaxp; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +/** + * This class is duplicated for each subpackage so keep it in sync. + * It is package private and therefore is not exposed as part of any API. + * + * @xerces.internal + * + * @version $Id$ + */ +final class SecuritySupport { + + static ClassLoader getContextClassLoader() { + return (ClassLoader) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + ClassLoader cl = null; + try { + cl = Thread.currentThread().getContextClassLoader(); + } catch (SecurityException ex) { } + return cl; + } + }); + } + + static ClassLoader getSystemClassLoader() { + return (ClassLoader) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + ClassLoader cl = null; + try { + cl = ClassLoader.getSystemClassLoader(); + } catch (SecurityException ex) {} + return cl; + } + }); + } + + static ClassLoader getParentClassLoader(final ClassLoader cl) { + return (ClassLoader) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + ClassLoader parent = null; + try { + parent = cl.getParent(); + } catch (SecurityException ex) {} + + // eliminate loops in case of the boot + // ClassLoader returning itself as a parent + return (parent == cl) ? null : parent; + } + }); + } + + static String getSystemProperty(final String propName) { + return (String) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + return System.getProperty(propName); + } + }); + } + + static FileInputStream getFileInputStream(final File file) + throws FileNotFoundException + { + try { + return (FileInputStream) + AccessController.doPrivileged(new PrivilegedExceptionAction() { + public Object run() throws FileNotFoundException { + return new FileInputStream(file); + } + }); + } catch (PrivilegedActionException e) { + throw (FileNotFoundException)e.getException(); + } + } + + static InputStream getResourceAsStream(final ClassLoader cl, + final String name) + { + return (InputStream) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + InputStream ris; + if (cl == null) { + ris = ClassLoader.getSystemResourceAsStream(name); + } else { + ris = cl.getResourceAsStream(name); + } + return ris; + } + }); + } + + static boolean getFileExists(final File f) { + return ((Boolean) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + return f.exists() ? Boolean.TRUE : Boolean.FALSE; + } + })).booleanValue(); + } + + static long getLastModified(final File f) { + return ((Long) + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + return new Long(f.lastModified()); + } + })).longValue(); + } + + private SecuritySupport () {} +} diff --git a/src/org/apache/xerces/parsers/DOMParser.java b/src/org/apache/xerces/parsers/DOMParser.java index 16e5511d1..bcc22d2f1 100644 --- a/src/org/apache/xerces/parsers/DOMParser.java +++ b/src/org/apache/xerces/parsers/DOMParser.java @@ -26,6 +26,7 @@ import org.apache.xerces.util.EntityResolverWrapper; import org.apache.xerces.util.ErrorHandlerWrapper; import org.apache.xerces.util.SAXMessageFormatter; +import org.apache.xerces.util.SecurityManager; import org.apache.xerces.util.SymbolTable; import org.apache.xerces.xni.XNIException; import org.apache.xerces.xni.grammars.XMLGrammarPool; @@ -85,10 +86,32 @@ public class DOMParser XMLGRAMMAR_POOL, }; + /** Property identifier: security manager. */ + private static final String SECURITY_MANAGER = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + + /** Property identifier: access external DTD */ + private static final String ACCESS_EXTERNAL_DTD_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_DTD; + + /** Property identifier: access external schema */ + private static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; + + /** Feature identifier: load external DTD. */ + private static final String LOAD_EXTERNAL_DTD = + Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE; + + /** Feature identifier: disallow DTDs. */ + protected static final String DISALLOW_DOCTYPE_DECL_FEATURE = + Constants.XERCES_FEATURE_PREFIX + Constants.DISALLOW_DOCTYPE_DECL_FEATURE; + // // Data // + protected SecurityManager fSecurityManager; + // features /** Use EntityResolver2. */ @@ -109,14 +132,21 @@ public DOMParser(XMLParserConfiguration config) { * Constructs a DOM parser using the dtd/xml schema parser configuration. */ public DOMParser() { - this(null, null); + this(null, null, true); } // () + /** + * Constructs a DOM parser using the dtd/xml schema parser configuration and secure processing flag. + */ + public DOMParser(boolean secureProcessing) { + this(null, null, secureProcessing); + } // () + /** * Constructs a DOM parser using the specified symbol table. */ public DOMParser(SymbolTable symbolTable) { - this(symbolTable, null); + this(symbolTable, null, true); } // (SymbolTable) @@ -124,9 +154,18 @@ public DOMParser(SymbolTable symbolTable) { * Constructs a DOM parser using the specified symbol table and * grammar pool. */ - public DOMParser(SymbolTable symbolTable, XMLGrammarPool grammarPool) { + public DOMParser(SymbolTable symbolTable, XMLGrammarPool grammarPool) + { + this(symbolTable, grammarPool, true); + } + + /** + * Constructs a DOM parser using the specified symbol table, grammar pool, and secure processing flag. + */ + public DOMParser(SymbolTable symbolTable, XMLGrammarPool grammarPool, boolean secureProcessing) { super((XMLParserConfiguration)ObjectFactory.createObject( "org.apache.xerces.xni.parser.XMLParserConfiguration", + secureProcessing ? "org.apache.xerces.parsers.SecureProcessingConfiguration" : "org.apache.xerces.parsers.XIncludeAwareParserConfiguration" )); @@ -138,6 +177,13 @@ public DOMParser(SymbolTable symbolTable, XMLGrammarPool grammarPool) { if (grammarPool != null) { fConfiguration.setProperty(XMLGRAMMAR_POOL, grammarPool); } + + // Look for shared SecurityManager. + // If none, get a SecurityManager for local use in setProperty(). + fSecurityManager = (SecurityManager) fConfiguration.getProperty(SECURITY_MANAGER); + if (fSecurityManager == null) { + fSecurityManager = new SecurityManager(); + } } // (SymbolTable,XMLGrammarPool) @@ -522,6 +568,10 @@ public boolean getFeature(String featureId) public void setProperty(String propertyId, Object value) throws SAXNotRecognizedException, SAXNotSupportedException { + if (fSecurityManager.setIfManagedBySecurityManager(propertyId, value)) { + return; + } + try { fConfiguration.setProperty(propertyId, value); } diff --git a/src/org/apache/xerces/parsers/SecureProcessingConfiguration.java b/src/org/apache/xerces/parsers/SecureProcessingConfiguration.java new file mode 100644 index 000000000..7f0f4c3b0 --- /dev/null +++ b/src/org/apache/xerces/parsers/SecureProcessingConfiguration.java @@ -0,0 +1,1178 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.parsers; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FilterInputStream; +import java.io.FilterReader; +import java.io.IOException; +import java.io.InputStream; +import java.io.Reader; +import java.net.URL; +import java.util.Properties; + +import org.apache.xerces.impl.Constants; +import org.apache.xerces.impl.XMLEntityDescription; +import org.apache.xerces.impl.XMLErrorReporter; +import org.apache.xerces.impl.msg.XMLMessageFormatter; +import org.apache.xerces.util.SecurityManager; +import org.apache.xerces.util.SymbolTable; +import org.apache.xerces.xni.Augmentations; +import org.apache.xerces.xni.XMLDTDHandler; +import org.apache.xerces.xni.XMLLocator; +import org.apache.xerces.xni.XMLResourceIdentifier; +import org.apache.xerces.xni.XMLString; +import org.apache.xerces.xni.XNIException; +import org.apache.xerces.xni.grammars.XMLGrammarPool; +import org.apache.xerces.xni.parser.XMLComponentManager; +import org.apache.xerces.xni.parser.XMLConfigurationException; +import org.apache.xerces.xni.parser.XMLDTDFilter; +import org.apache.xerces.xni.parser.XMLDTDSource; +import org.apache.xerces.xni.parser.XMLEntityResolver; +import org.apache.xerces.xni.parser.XMLInputSource; + +/** + * This configuration enhances Xerces support for the JAXP secure processing feature. + * + * @author Michael Glavassevich, IBM + * + * @version $Id$ + */ +public final class SecureProcessingConfiguration extends + XIncludeAwareParserConfiguration { + + // + // Constants + // + + /** Property identifier: security manager. */ + private static final String SECURITY_MANAGER_PROPERTY = + Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + + /** Property identifier: entity resolver. */ + private static final String ENTITY_RESOLVER_PROPERTY = + Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_RESOLVER_PROPERTY; + + /** Property identifier: access external DTD */ + private static final String ACCESS_EXTERNAL_DTD_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_DTD; + + /** Property identifier: access external schema */ + private static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY = + Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; + + /** Property identifier: element attribute limit */ + private static final String ELEMENT_ATTRIBUTE_LIMIT_PROPERTY = + Constants.XERCES_PROPERTY_PREFIX + Constants.ELEMENT_ATTRIBUTE_LIMIT_PROPERTY; + + /** Property identifier: alternate element attribute limit */ + private static final String ELEMENT_ATTRIBUTE_LIMIT_PROPERTY2 = + Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.ELEMENT_ATTRIBUTE_LIMIT_PROPERTY; + + /** Property identifier: entity expansion limit */ + private static final String ENTITY_EXPANSION_LIMIT_PROPERTY = + Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY; + + /** Property identifier: entity expansion limit */ + private static final String ENTITY_EXPANSION_LIMIT_PROPERTY2 = + Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY2; + + /** Feature identifier: disallow DTDs. */ + protected static final String DISALLOW_DOCTYPE_DECL_FEATURE_FEATURE = + Constants.XERCES_FEATURE_PREFIX + Constants.DISALLOW_DOCTYPE_DECL_FEATURE; + + /** Feature identifier: external general entities. */ + private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = + Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE; + + /** Feature identifier: external parameter entities. */ + private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = + Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE; + + /** Feature identifier: load external DTD. */ + private static final String LOAD_EXTERNAL_DTD_FEATURE = + Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE; + + private static final String ACCESS_NO_PROTOCOLS = ""; + private static final String ACCESS_ALL_PROTOCOLS = "all"; + + /** Set to true for debugging */ + private static final boolean DEBUG = isDebugEnabled(); + + /** Cache the contents of the jaxp.properties file, if used. */ + private static Properties jaxpProperties = null; + + /** Cache the timestamp of the jaxp.properties file, if used. */ + private static long lastModified = -1; + + /** System properties */ + private static final String ACCESS_EXTERNAL_DTD_PROPERTY_NAME = "javax.xml.accessExternalDTD"; + private static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY_NAME = "javax.xml.accessExternalSchema"; + private static final String ELEMENT_ATTRIBUTE_LIMIT_PROPERTY_NAME = "jdk.xml.elementAttributeLimit"; + private static final String ENTITY_EXPANSION_LIMIT_PROPERTY_NAME = "jdk.xml.entityExpansionLimit"; + private static final String MAX_ELEMENT_DEPTH_PROPERTY_NAME = "jdk.xml.maxElementDepth"; + private static final String MAX_OCCUR_LIMIT_PROPERTY_NAME = "jdk.xml.maxOccur"; + private static final String MAX_GENERAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME = "jdk.xml.maxGeneralEntitySizeLimit"; + private static final String MAX_PARAMETER_ENTITY_SIZE_LIMIT_PROPERTY_NAME = "jdk.xml.maxParameterEntitySizeLimit"; + private static final String MAX_TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME = "jdk.xml.totalEntitySizeLimit"; + private static final String RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME = "jdk.xml.resolveExternalEntities"; + + /** Default values */ + private static final String ACCESS_EXTERNAL_DTD_DEFAULT_VALUE = "all"; + private static final String ACCESS_EXTERNAL_SCHEMA_DEFAULT_VAULE = "all"; + private static final int ELEMENT_ATTRIBUTE_LIMIT_DEFAULT_VALUE = 10000; + private static final int ENTITY_EXPANSION_LIMIT_DEFAULT_VALUE = 64000; + private static final int MAX_ELEMENT_DEPTH_DEFAULT_VALUE = Integer.MAX_VALUE; + private static final int MAX_OCCUR_LIMIT_DEFAULT_VALUE = 5000; + private static final int MAX_GENERAL_ENTITY_SIZE_LIMIT_DEFAULT_VALUE = Integer.MAX_VALUE; + private static final int MAX_PARAMETER_ENTITY_SIZE_LIMIT_DEFAULT_VALUE = 1000000; + private static final int MAX_TOTAL_ENTITY_SIZE_LIMIT_DEFAULT_VALUE = 50000000; + private static final boolean RESOLVE_EXTERNAL_ENTITIES_DEFAULT_VALUE = false; + + /** Xerces SecurityManager default value for entity expansion limit. **/ + private static final int SECURITY_MANAGER_DEFAULT_ENTITY_EXPANSION_LIMIT = 100000; + + /** Xerces SecurityManager default value of number of nodes created. **/ + private static final int SECURITY_MANAGER_DEFAULT_MAX_OCCUR_NODE_LIMIT = 3000; + + + protected final String ACCESS_EXTERNAL_DTD_SYSTEM_VALUE; + protected final String ACCESS_EXTERNAL_SCHEMA_SYSTEM_VALUE; + protected final int ELEMENT_ATTRIBUTE_LIMIT_SYSTEM_VALUE; + protected final int ENTITY_EXPANSION_LIMIT_SYSTEM_VALUE; + protected final int MAX_ELEMENT_DEPTH_SYSTEM_VALUE; + protected final int MAX_OCCUR_LIMIT_SYSTEM_VALUE; + protected final int MAX_GENERAL_ENTITY_SIZE_LIMIT_SYSTEM_VALUE; + protected final int MAX_PARAMETER_ENTITY_SIZE_LIMIT_SYSTEM_VALUE; + protected final int MAX_TOTAL_ENTITY_SIZE_LIMIT_SYSTEM_VALUE; + protected final boolean RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE; + + // + // Fields + // + + private final boolean fJavaSecurityManagerEnabled; + private boolean fLimitSpecified; + private SecurityManager fSecurityManager; + private InternalEntityMonitor fInternalEntityMonitor; + private final ExternalEntityMonitor fExternalEntityMonitor; + private int fTotalEntitySize = 0; + + /** Default constructor. */ + public SecureProcessingConfiguration() { + this(null, null, null); + } // () + + /** + * Constructs a parser configuration using the specified symbol table. + * + * @param symbolTable The symbol table to use. + */ + public SecureProcessingConfiguration(SymbolTable symbolTable) { + this(symbolTable, null, null); + } // (SymbolTable) + + /** + * Constructs a parser configuration using the specified symbol table and + * grammar pool. + *

+ * + * @param symbolTable The symbol table to use. + * @param grammarPool The grammar pool to use. + */ + public SecureProcessingConfiguration( + SymbolTable symbolTable, + XMLGrammarPool grammarPool) { + this(symbolTable, grammarPool, null); + } // (SymbolTable,XMLGrammarPool) + + /** + * Constructs a parser configuration using the specified symbol table, + * grammar pool, and parent settings. + *

+ * + * @param symbolTable The symbol table to use. + * @param grammarPool The grammar pool to use. + * @param parentSettings The parent settings. + */ + public SecureProcessingConfiguration( + SymbolTable symbolTable, + XMLGrammarPool grammarPool, + XMLComponentManager parentSettings) { + + super(symbolTable, grammarPool, parentSettings); + fJavaSecurityManagerEnabled = (System.getSecurityManager() != null); + fSecurityManager = new org.apache.xerces.util.SecurityManager(); + super.setProperty(SECURITY_MANAGER_PROPERTY, fSecurityManager); + + ELEMENT_ATTRIBUTE_LIMIT_SYSTEM_VALUE = getPropertyValue(ELEMENT_ATTRIBUTE_LIMIT_PROPERTY_NAME, ELEMENT_ATTRIBUTE_LIMIT_DEFAULT_VALUE); + ENTITY_EXPANSION_LIMIT_SYSTEM_VALUE = getPropertyValue(ENTITY_EXPANSION_LIMIT_PROPERTY_NAME, ENTITY_EXPANSION_LIMIT_DEFAULT_VALUE); + MAX_ELEMENT_DEPTH_SYSTEM_VALUE = getPropertyValue(MAX_ELEMENT_DEPTH_PROPERTY_NAME, MAX_ELEMENT_DEPTH_DEFAULT_VALUE); + MAX_OCCUR_LIMIT_SYSTEM_VALUE = getPropertyValue(MAX_OCCUR_LIMIT_PROPERTY_NAME, MAX_OCCUR_LIMIT_DEFAULT_VALUE); + MAX_GENERAL_ENTITY_SIZE_LIMIT_SYSTEM_VALUE = getPropertyValue(MAX_GENERAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME, MAX_GENERAL_ENTITY_SIZE_LIMIT_DEFAULT_VALUE); + MAX_PARAMETER_ENTITY_SIZE_LIMIT_SYSTEM_VALUE = getPropertyValue(MAX_PARAMETER_ENTITY_SIZE_LIMIT_PROPERTY_NAME, MAX_PARAMETER_ENTITY_SIZE_LIMIT_DEFAULT_VALUE); + MAX_TOTAL_ENTITY_SIZE_LIMIT_SYSTEM_VALUE = getPropertyValue(MAX_TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME, MAX_TOTAL_ENTITY_SIZE_LIMIT_DEFAULT_VALUE); + fSecurityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT_SYSTEM_VALUE); + fSecurityManager.setElementAttributeLimit(ELEMENT_ATTRIBUTE_LIMIT_SYSTEM_VALUE); + fSecurityManager.setMaxOccurNodeLimit(MAX_OCCUR_LIMIT_SYSTEM_VALUE); + fSecurityManager.setGeneralEntitySizeLimit(MAX_GENERAL_ENTITY_SIZE_LIMIT_SYSTEM_VALUE); + fSecurityManager.setParameterEntitySizeLimit(MAX_PARAMETER_ENTITY_SIZE_LIMIT_SYSTEM_VALUE); + fSecurityManager.setTotalEntitySizeLimit(MAX_TOTAL_ENTITY_SIZE_LIMIT_SYSTEM_VALUE); + fSecurityManager.setMaxElementDepth(MAX_ELEMENT_DEPTH_SYSTEM_VALUE); + + RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE = getPropertyValue(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME, RESOLVE_EXTERNAL_ENTITIES_DEFAULT_VALUE); + if (!RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE) { + super.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + super.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); + super.setFeature(LOAD_EXTERNAL_DTD_FEATURE, false); + super.setProperty(ACCESS_EXTERNAL_DTD_PROPERTY, ACCESS_NO_PROTOCOLS); + super.setProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY, ACCESS_NO_PROTOCOLS); + fSecurityManager.setAccessExternalDTD(ACCESS_NO_PROTOCOLS); + fSecurityManager.setAccessExternalSchema(ACCESS_NO_PROTOCOLS); + } + else + { + super.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, true); + super.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, true); + super.setFeature(LOAD_EXTERNAL_DTD_FEATURE, true); + super.setProperty(ACCESS_EXTERNAL_DTD_PROPERTY, ACCESS_ALL_PROTOCOLS); + super.setProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY, ACCESS_ALL_PROTOCOLS); + fSecurityManager.setAccessExternalDTD(ACCESS_ALL_PROTOCOLS); + fSecurityManager.setAccessExternalSchema(ACCESS_ALL_PROTOCOLS); + } + + ACCESS_EXTERNAL_DTD_SYSTEM_VALUE = getPropertyValue(ACCESS_EXTERNAL_DTD_PROPERTY_NAME, ACCESS_EXTERNAL_DTD_DEFAULT_VALUE); + if (fLimitSpecified) { + super.setProperty(ACCESS_EXTERNAL_DTD_PROPERTY, ACCESS_EXTERNAL_DTD_SYSTEM_VALUE); + fSecurityManager.setAccessExternalDTD(ACCESS_EXTERNAL_DTD_SYSTEM_VALUE); + } + ACCESS_EXTERNAL_SCHEMA_SYSTEM_VALUE = getPropertyValue(ACCESS_EXTERNAL_SCHEMA_PROPERTY_NAME, ACCESS_EXTERNAL_SCHEMA_DEFAULT_VAULE); + if (fLimitSpecified) { + super.setProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY, ACCESS_EXTERNAL_SCHEMA_SYSTEM_VALUE); + fSecurityManager.setAccessExternalSchema(ACCESS_EXTERNAL_SCHEMA_SYSTEM_VALUE); + } + + super.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE_FEATURE, true); + fExternalEntityMonitor = new ExternalEntityMonitor(); + super.setProperty(ENTITY_RESOLVER_PROPERTY, fExternalEntityMonitor); + + // add default recognized properties + final String[] recognizedProperties = + { + ELEMENT_ATTRIBUTE_LIMIT_PROPERTY, + ELEMENT_ATTRIBUTE_LIMIT_PROPERTY2 + }; + addRecognizedProperties(recognizedProperties); + } + + protected void checkEntitySizeLimits(int sizeOfEntity, int delta, boolean isPE) { + fTotalEntitySize += delta; + if (fTotalEntitySize > fSecurityManager.getTotalEntitySizeLimit()) { + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, + "TotalEntitySizeLimitExceeded", + new Object[] {new Integer(fSecurityManager.getTotalEntitySizeLimit())}, + XMLErrorReporter.SEVERITY_FATAL_ERROR); + } + if (isPE) { + if (sizeOfEntity > fSecurityManager.getParameterEntitySizeLimit()) { + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, + "MaxParameterEntitySizeLimitExceeded", + new Object[] {new Integer(fSecurityManager.getParameterEntitySizeLimit())}, + XMLErrorReporter.SEVERITY_FATAL_ERROR); + } + } + else if (sizeOfEntity > fSecurityManager.getGeneralEntitySizeLimit()) { + fErrorReporter.reportError(XMLMessageFormatter.XML_DOMAIN, + "MaxGeneralEntitySizeLimitExceeded", + new Object[] {new Integer(fSecurityManager.getGeneralEntitySizeLimit())}, + XMLErrorReporter.SEVERITY_FATAL_ERROR); + } + } + + /** + * Returns the value of a property. + * + * @param propertyId The property identifier. + * @return the value of the property + * + * @throws XMLConfigurationException Thrown for configuration error. + * In general, components should + * only throw this exception if + * it is really + * a critical error. + */ + public Object getProperty(String propertyId) + throws XMLConfigurationException { + if (SECURITY_MANAGER_PROPERTY.equals(propertyId)) { + return fSecurityManager; + } + else if (ENTITY_RESOLVER_PROPERTY.equals(propertyId)) { + return fExternalEntityMonitor; + } + Object o = fSecurityManager.getIfManagedBySecurityManager(propertyId); + if (o != null) + { + return o; + } + return super.getProperty(propertyId); + } + + /** + * setProperty + * + * @param propertyId + * @param value + */ + public void setProperty(String propertyId, Object value) + throws XMLConfigurationException { + if (SECURITY_MANAGER_PROPERTY.equals(propertyId)) { + // Do not allow the Xerces SecurityManager to be + // removed if the Java SecurityManager has been installed. + if (value == null && fJavaSecurityManagerEnabled) { + return; + } + fSecurityManager = (SecurityManager) value; + if (fSecurityManager != null) { + // Override SecurityManager default values with the system property / jaxp.properties / config default determined values. + if (fSecurityManager.getEntityExpansionLimit() == SECURITY_MANAGER_DEFAULT_ENTITY_EXPANSION_LIMIT) { + fSecurityManager.setEntityExpansionLimit(ENTITY_EXPANSION_LIMIT_SYSTEM_VALUE); + } + if (fSecurityManager.getMaxOccurNodeLimit() == SECURITY_MANAGER_DEFAULT_MAX_OCCUR_NODE_LIMIT) { + fSecurityManager.setMaxOccurNodeLimit(MAX_OCCUR_LIMIT_SYSTEM_VALUE); + } + fSecurityManager.setMaxElementDepth(MAX_ELEMENT_DEPTH_SYSTEM_VALUE); + } + } + else if (ENTITY_RESOLVER_PROPERTY.equals(propertyId)) { + fExternalEntityMonitor.setEntityResolver((XMLEntityResolver) value); + } + if (ENTITY_EXPANSION_LIMIT_PROPERTY.equals(propertyId) || ENTITY_EXPANSION_LIMIT_PROPERTY2.equals(propertyId)) + { + if (value instanceof Integer) + { + fSecurityManager.setEntityExpansionLimit(Integer.class.cast(value).intValue()); + } + else + { + fSecurityManager.setEntityExpansionLimit(Integer.parseInt(String.class.cast(value))); + } + } + if (ELEMENT_ATTRIBUTE_LIMIT_PROPERTY.equals(propertyId) || ELEMENT_ATTRIBUTE_LIMIT_PROPERTY2.equals(propertyId)) + { + if (value instanceof Integer) + { + fSecurityManager.setElementAttributeLimit(Integer.class.cast(value).intValue()); + } + else + { + fSecurityManager.setElementAttributeLimit(Integer.parseInt(String.class.cast(value))); + } + } + super.setProperty(propertyId, value); + } + + /** Configures the XML 1.0 pipeline. */ + protected void configurePipeline() { + super.configurePipeline(); + configurePipelineCommon(); + } + + /** Configures the XML 1.1 pipeline. */ + protected void configureXML11Pipeline() { + super.configureXML11Pipeline(); + configurePipelineCommon(); + if (fXML11DTDScanner != null && fInternalEntityMonitor != null) { + fXML11DTDScanner.setDTDHandler(fInternalEntityMonitor); + fInternalEntityMonitor.setDTDSource(fXML11DTDScanner); + fInternalEntityMonitor.setDTDHandler(fXML11DTDProcessor); + fXML11DTDProcessor.setDTDSource(fInternalEntityMonitor); + } + } + + private void configurePipelineCommon() { + if (fSecurityManager != null) { + fTotalEntitySize = 0; + if (fInternalEntityMonitor == null) { + fInternalEntityMonitor = new InternalEntityMonitor(); + } + // Reconfigure DTD pipeline. Insert internal entity decl monitor. + fDTDScanner.setDTDHandler(fInternalEntityMonitor); + fInternalEntityMonitor.setDTDSource(fDTDScanner); + fInternalEntityMonitor.setDTDHandler(fDTDProcessor); + fDTDProcessor.setDTDSource(fInternalEntityMonitor); + } + } + + private int getPropertyValue(String propertyName, int defaultValue) { + + fLimitSpecified = false; + + // Step #1: Use the system property first + try { + String propertyValue = SecuritySupport.getSystemProperty(propertyName); + if (propertyValue != null && propertyValue.length() >= 0) { + if (DEBUG) { + debugPrintln("found system property \"" + propertyName + "\", value=" + propertyValue); + } + final int intValue = Integer.parseInt(propertyValue); + fLimitSpecified = true; + if (intValue > 0) { + return intValue; + } + // Treat 0 and negative numbers as no limit (i.e. max integer). + return Integer.MAX_VALUE; + } + } + // The VM ran out of memory or there was some other serious problem. Re-throw. + catch (VirtualMachineError vme) { + throw vme; + } + // ThreadDeath should always be re-thrown + catch (ThreadDeath td) { + throw td; + } + catch (Throwable e) { + // Ignore all other exceptions/errors and continue w/ next location + if (DEBUG) { + debugPrintln(e.getClass().getName() + ": " + e.getMessage()); + e.printStackTrace(); + } + } + + // Step #2: Use $java.home/lib/jaxp.properties + try { + boolean fExists = false; + File f = null; + try { + String javah = SecuritySupport.getSystemProperty("java.home"); + String configFile = javah + File.separator + + "lib" + File.separator + "jaxp.properties"; + + f = new File(configFile); + fExists = SecuritySupport.getFileExists(f); + + } + catch (SecurityException se) { + // If there is a security exception, move on to next location. + lastModified = -1; + jaxpProperties = null; + } + + synchronized (SecureProcessingConfiguration.class) { + + boolean runBlock = false; + FileInputStream fis = null; + + try { + if (lastModified >= 0) { + // File has been modified, or didn't previously exist. + // Need to reload properties + if ((fExists) && + (lastModified < (lastModified = SecuritySupport.getLastModified(f)))) { + runBlock = true; + } + else { + if (!fExists) { + // file existed, but it's been deleted. + lastModified = -1; + jaxpProperties = null; + } + } + } + else { + if (fExists) { + // File didn't exist, but it does now. + runBlock = true; + lastModified = SecuritySupport.getLastModified(f); + } + } + + if (runBlock == true) { + // Try to read from $java.home/lib/jaxp.properties + jaxpProperties = new Properties(); + + fis = SecuritySupport.getFileInputStream(f); + jaxpProperties.load(fis); + } + + } + catch (Exception x) { + lastModified = -1; + jaxpProperties = null; + // assert(x instanceof FileNotFoundException + // || x instanceof SecurityException) + // In both cases, ignore and return the default value + } + finally { + // try to close the input stream if one was opened. + if (fis != null) { + try { + fis.close(); + } + // Ignore the exception. + catch (IOException exc) {} + } + } + } + + if (jaxpProperties != null) { + String propertyValue = jaxpProperties.getProperty(propertyName); + if (propertyValue != null && propertyValue.length() >= 0) { + if (DEBUG) { + debugPrintln("found \"" + propertyName + "\" in jaxp.properties, value=" + propertyValue); + } + final int intValue = Integer.parseInt(propertyValue); + fLimitSpecified = true; + if (intValue > 0) { + return intValue; + } + // Treat 0 and negative numbers as no limit (i.e. max integer). + return Integer.MAX_VALUE; + } + } + } + // The VM ran out of memory or there was some other serious problem. Re-throw. + catch (VirtualMachineError vme) { + throw vme; + } + // ThreadDeath should always be re-thrown + catch (ThreadDeath td) { + throw td; + } + catch (Throwable e) { + // Ignore all other exceptions/errors and return the default value. + if (DEBUG) { + debugPrintln(e.getClass().getName() + ": " + e.getMessage()); + e.printStackTrace(); + } + } + + // Step #3: Return the default value. + return defaultValue; + } + + private String getPropertyValue(String propertyName, String defaultValue) { + + fLimitSpecified = false; + + // Step #1: Use the system property first + try { + String propertyValue = SecuritySupport.getSystemProperty(propertyName); + if (propertyValue != null && propertyValue.length() >= 0) { + if (DEBUG) { + debugPrintln("found system property \"" + propertyName + "\", value=" + propertyValue); + } + fLimitSpecified = true; + return propertyValue; + } + } + // The VM ran out of memory or there was some other serious problem. Re-throw. + catch (VirtualMachineError vme) { + throw vme; + } + // ThreadDeath should always be re-thrown + catch (ThreadDeath td) { + throw td; + } + catch (Throwable e) { + // Ignore all other exceptions/errors and continue w/ next location + if (DEBUG) { + debugPrintln(e.getClass().getName() + ": " + e.getMessage()); + e.printStackTrace(); + } + } + + // Step #2: Use $java.home/lib/jaxp.properties + try { + boolean fExists = false; + File f = null; + try { + String javah = SecuritySupport.getSystemProperty("java.home"); + String configFile = javah + File.separator + + "lib" + File.separator + "jaxp.properties"; + + f = new File(configFile); + fExists = SecuritySupport.getFileExists(f); + + } + catch (SecurityException se) { + // If there is a security exception, move on to next location. + lastModified = -1; + jaxpProperties = null; + } + + synchronized (SecureProcessingConfiguration.class) { + + boolean runBlock = false; + FileInputStream fis = null; + + try { + if (lastModified >= 0) { + // File has been modified, or didn't previously exist. + // Need to reload properties + if ((fExists) && + (lastModified < (lastModified = SecuritySupport.getLastModified(f)))) { + runBlock = true; + } + else { + if (!fExists) { + // file existed, but it's been deleted. + lastModified = -1; + jaxpProperties = null; + } + } + } + else { + if (fExists) { + // File didn't exist, but it does now. + runBlock = true; + lastModified = SecuritySupport.getLastModified(f); + } + } + + if (runBlock == true) { + // Try to read from $java.home/lib/jaxp.properties + jaxpProperties = new Properties(); + + fis = SecuritySupport.getFileInputStream(f); + jaxpProperties.load(fis); + } + + } + catch (Exception x) { + lastModified = -1; + jaxpProperties = null; + // assert(x instanceof FileNotFoundException + // || x instanceof SecurityException) + // In both cases, ignore and return the default value + } + finally { + // try to close the input stream if one was opened. + if (fis != null) { + try { + fis.close(); + } + // Ignore the exception. + catch (IOException exc) {} + } + } + } + + if (jaxpProperties != null) { + String propertyValue = jaxpProperties.getProperty(propertyName); + if (propertyValue != null && propertyValue.length() >= 0) { + if (DEBUG) { + debugPrintln("found \"" + propertyName + "\" in jaxp.properties, value=" + propertyValue); + } + fLimitSpecified = true; + return propertyValue; + } + } + } + // The VM ran out of memory or there was some other serious problem. Re-throw. + catch (VirtualMachineError vme) { + throw vme; + } + // ThreadDeath should always be re-thrown + catch (ThreadDeath td) { + throw td; + } + catch (Throwable e) { + // Ignore all other exceptions/errors and return the default value. + if (DEBUG) { + debugPrintln(e.getClass().getName() + ": " + e.getMessage()); + e.printStackTrace(); + } + } + + // Step #3: Return the default value. + return defaultValue; + } + + private boolean getPropertyValue(String propertyName, boolean defaultValue) { + + fLimitSpecified = false; + + // Step #1: Use the system property first + try { + String propertyValue = SecuritySupport.getSystemProperty(propertyName); + if (propertyValue != null && propertyValue.length() >= 0) { + if (DEBUG) { + debugPrintln("found system property \"" + propertyName + "\", value=" + propertyValue); + } + final boolean booleanValue = Boolean.valueOf(propertyValue).booleanValue(); + fLimitSpecified = true; + return booleanValue; + } + } + // The VM ran out of memory or there was some other serious problem. Re-throw. + catch (VirtualMachineError vme) { + throw vme; + } + // ThreadDeath should always be re-thrown + catch (ThreadDeath td) { + throw td; + } + catch (Throwable e) { + // Ignore all other exceptions/errors and continue w/ next location + if (DEBUG) { + debugPrintln(e.getClass().getName() + ": " + e.getMessage()); + e.printStackTrace(); + } + } + + // Step #2: Use $java.home/lib/jaxp.properties + try { + boolean fExists = false; + File f = null; + try { + String javah = SecuritySupport.getSystemProperty("java.home"); + String configFile = javah + File.separator + + "lib" + File.separator + "jaxp.properties"; + + f = new File(configFile); + fExists = SecuritySupport.getFileExists(f); + + } + catch (SecurityException se) { + // If there is a security exception, move on to next location. + lastModified = -1; + jaxpProperties = null; + } + + synchronized (SecureProcessingConfiguration.class) { + + boolean runBlock = false; + FileInputStream fis = null; + + try { + if (lastModified >= 0) { + // File has been modified, or didn't previously exist. + // Need to reload properties + if ((fExists) && + (lastModified < (lastModified = SecuritySupport.getLastModified(f)))) { + runBlock = true; + } + else { + if (!fExists) { + // file existed, but it's been deleted. + lastModified = -1; + jaxpProperties = null; + } + } + } + else { + if (fExists) { + // File didn't exist, but it does now. + runBlock = true; + lastModified = SecuritySupport.getLastModified(f); + } + } + + if (runBlock == true) { + // Try to read from $java.home/lib/jaxp.properties + jaxpProperties = new Properties(); + + fis = SecuritySupport.getFileInputStream(f); + jaxpProperties.load(fis); + } + + } + catch (Exception x) { + lastModified = -1; + jaxpProperties = null; + // assert(x instanceof FileNotFoundException + // || x instanceof SecurityException) + // In both cases, ignore and return the default value + } + finally { + // try to close the input stream if one was opened. + if (fis != null) { + try { + fis.close(); + } + // Ignore the exception. + catch (IOException exc) {} + } + } + } + + if (jaxpProperties != null) { + String propertyValue = jaxpProperties.getProperty(propertyName); + if (propertyValue != null && propertyValue.length() >= 0) { + if (DEBUG) { + debugPrintln("found \"" + propertyName + "\" in jaxp.properties, value=" + propertyValue); + } + final boolean booleanValue = Boolean.valueOf(propertyValue).booleanValue(); + fLimitSpecified = true; + return booleanValue; + } + } + } + // The VM ran out of memory or there was some other serious problem. Re-throw. + catch (VirtualMachineError vme) { + throw vme; + } + // ThreadDeath should always be re-thrown + catch (ThreadDeath td) { + throw td; + } + catch (Throwable e) { + // Ignore all other exceptions/errors and return the default value. + if (DEBUG) { + debugPrintln(e.getClass().getName() + ": " + e.getMessage()); + e.printStackTrace(); + } + } + + // Step #3: Return the default value. + return defaultValue; + } + + // + // Private static methods + // + + /** Returns true if debug has been enabled. */ + private static boolean isDebugEnabled() { + try { + String val = SecuritySupport.getSystemProperty("xerces.debug"); + // Allow simply setting the prop to turn on debug + return (val != null && (!"false".equals(val))); + } + catch (SecurityException se) {} + return false; + } // isDebugEnabled() + + /** Prints a message to standard error if debugging is enabled. */ + private static void debugPrintln(String msg) { + if (DEBUG) { + System.err.println("XERCES: " + msg); + } + } // debugPrintln(String) + + /** + * XMLDTDFilter which checks limits imposed by the application + * on the sizes of general and parameter entities. + */ + final class InternalEntityMonitor implements XMLDTDFilter { + + /** DTD source and handler. **/ + private XMLDTDSource fDTDSource; + private XMLDTDHandler fDTDHandler; + + public InternalEntityMonitor() {//System.out.println("InternalEntityMonitor()"); + } + + /* + * XMLDTDHandler methods + */ + + public void startDTD(XMLLocator locator, Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.startDTD(locator, augmentations); + } + } + + public void startParameterEntity(String name, + XMLResourceIdentifier identifier, String encoding, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.startParameterEntity(name, identifier, encoding, augmentations); + } + } + + public void textDecl(String version, String encoding, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.textDecl(version, encoding, augmentations); + } + } + + public void endParameterEntity(String name, Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.endParameterEntity(name, augmentations); + } + } + + public void startExternalSubset(XMLResourceIdentifier identifier, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.startExternalSubset(identifier, augmentations); + } + } + + public void endExternalSubset(Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.endExternalSubset(augmentations); + } + } + + public void comment(XMLString text, Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.comment(text, augmentations); + } + } + + public void processingInstruction(String target, XMLString data, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.processingInstruction(target, data, augmentations); + } + } + + public void elementDecl(String name, String contentModel, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.elementDecl(name, contentModel, augmentations); + } + } + + public void startAttlist(String elementName, Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.startAttlist(elementName, augmentations); + } + } + + public void attributeDecl(String elementName, String attributeName, + String type, String[] enumeration, String defaultType, + XMLString defaultValue, XMLString nonNormalizedDefaultValue, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.attributeDecl(elementName, attributeName, + type, enumeration, defaultType, + defaultValue, nonNormalizedDefaultValue, + augmentations); + } + } + + public void endAttlist(Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.endAttlist(augmentations); + } + } + + public void internalEntityDecl(String name, XMLString text, + XMLString nonNormalizedText, Augmentations augmentations) + throws XNIException { + checkEntitySizeLimits(text.length, text.length, name != null && name.startsWith("%")); + if (fDTDHandler != null) { + fDTDHandler.internalEntityDecl(name, text, + nonNormalizedText, augmentations); + } + } + + public void externalEntityDecl(String name, + XMLResourceIdentifier identifier, Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.externalEntityDecl(name, identifier, augmentations); + } + } + + public void unparsedEntityDecl(String name, + XMLResourceIdentifier identifier, String notation, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.unparsedEntityDecl(name, identifier, notation, augmentations); + } + } + + public void notationDecl(String name, XMLResourceIdentifier identifier, + Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.notationDecl(name, identifier, augmentations); + } + } + + public void startConditional(short type, Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.startConditional(type, augmentations); + } + } + + public void ignoredCharacters(XMLString text, Augmentations augmentations) + throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.ignoredCharacters(text, augmentations); + } + + } + + public void endConditional(Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.endConditional(augmentations); + } + } + + public void endDTD(Augmentations augmentations) throws XNIException { + if (fDTDHandler != null) { + fDTDHandler.endDTD(augmentations); + } + } + + public void setDTDSource(XMLDTDSource source) { + fDTDSource = source; + } + + public XMLDTDSource getDTDSource() { + return fDTDSource; + } + + /* + * XMLDTDSource methods + */ + + public void setDTDHandler(XMLDTDHandler handler) { + fDTDHandler = handler; + } + + public XMLDTDHandler getDTDHandler() { + return fDTDHandler; + } + } + + /** + * XMLEntityResolver which checks limits imposed by the application + * on the sizes of general and parameter entities. + */ + final class ExternalEntityMonitor implements XMLEntityResolver { + + public ExternalEntityMonitor() + { + //System.out.println("ExternalEntityMonitor()"); + } + /** + * java.io.InputStream wrapper which check entity size limits. + */ + final class InputStreamMonitor extends FilterInputStream { + + private final boolean isPE; + private int size = 0; + + protected InputStreamMonitor(InputStream in, boolean isPE) { + super(in); + this.isPE = isPE; + } + + public int read() throws IOException { + int i = super.read(); + if (i != -1) { + ++size; + checkEntitySizeLimits(size, 1, isPE); + } + return i; + } + + public int read(byte[] b, int off, int len) throws IOException { + int i = super.read(b, off, len); + if (i > 0) { + size += i; + checkEntitySizeLimits(size, i, isPE); + } + return i; + } + } + + /** + * java.io.Reader wrapper which check entity size limits. + */ + final class ReaderMonitor extends FilterReader { + + private final boolean isPE; + private int size = 0; + + protected ReaderMonitor(Reader in, boolean isPE) { + super(in); + this.isPE = isPE; + } + + public int read() throws IOException { + int i = super.read(); + if (i != -1) { + ++size; + checkEntitySizeLimits(size, 1, isPE); + } + return i; + } + + public int read(char[] cbuf, int off, int len) throws IOException { + int i = super.read(cbuf, off, len); + if (i > 0) { + size += i; + checkEntitySizeLimits(size, i, isPE); + } + return i; + } + } + + private XMLEntityResolver fEntityResolver; + + public XMLInputSource resolveEntity(XMLResourceIdentifier resourceIdentifier) throws XNIException, + IOException { + XMLInputSource source = null; + if (fEntityResolver != null) { + source = fEntityResolver.resolveEntity(resourceIdentifier); + } + if (fSecurityManager != null && resourceIdentifier instanceof XMLEntityDescription) { + String name = ((XMLEntityDescription) resourceIdentifier).getEntityName(); + boolean isPE = name != null && name.startsWith("%"); + if (source == null) { + String publicId = resourceIdentifier.getPublicId(); + String systemId = resourceIdentifier.getExpandedSystemId(); + String baseSystemId = resourceIdentifier.getBaseSystemId(); + source = new XMLInputSource(publicId, systemId, baseSystemId); + } + Reader reader = source.getCharacterStream(); + if (reader != null) { + source.setCharacterStream(new ReaderMonitor(reader, isPE)); + } + else { + InputStream stream = source.getByteStream(); + if (stream != null) { + source.setByteStream(new InputStreamMonitor(stream, isPE)); + } + else { + String systemId = resourceIdentifier.getExpandedSystemId(); + URL url = new URL(systemId); + stream = url.openStream(); + source.setByteStream(new InputStreamMonitor(stream, isPE)); + } + } + } + return source; + } + + /** Sets the XNI entity resolver. */ + public void setEntityResolver(XMLEntityResolver entityResolver) { + fEntityResolver = entityResolver; + } // setEntityResolver(XMLEntityResolver) + + /** Returns the XNI entity resolver. */ + public XMLEntityResolver getEntityResolver() { + return fEntityResolver; + } // getEntityResolver():XMLEntityResolver + } +} diff --git a/src/org/apache/xerces/util/SecurityManager.java b/src/org/apache/xerces/util/SecurityManager.java index 9efae5334..9bccd02c6 100644 --- a/src/org/apache/xerces/util/SecurityManager.java +++ b/src/org/apache/xerces/util/SecurityManager.java @@ -17,6 +17,11 @@ package org.apache.xerces.util; +import java.io.IOException; +import java.net.URL; + +import org.apache.xerces.impl.Constants; + /** * This class is a container for parser settings that relate to * security, or more specifically, it is intended to be used to prevent denial-of-service @@ -37,46 +42,110 @@ */ public final class SecurityManager { + // + // Recognized properties + // + + private final static String ACCESS_EXTERNAL_DTD_PROPERTY = Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_DTD; + private final static String ACCESS_EXTERNAL_SCHEMA_PROPERTY = Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; + private final static String ELEMENT_ATTRIBUTE_LIMIT_PROPERTY = Constants.XERCES_PROPERTY_PREFIX + Constants.ELEMENT_ATTRIBUTE_LIMIT_PROPERTY; + private static final String ELEMENT_ATTRIBUTE_LIMIT_PROPERTY2 = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.ELEMENT_ATTRIBUTE_LIMIT_PROPERTY; + private final static String ENTITY_EXPANSION_LIMIT_PROPERTY = Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY; + private final static String ENTITY_EXPANSION_LIMIT_PROPERTY2 = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY2; + private final static String MAX_ELEMENT_DEPTH_PROPERTY = Constants.JAXP_PROPERTY_PREFIX + Constants.MAX_ELEMENT_DEPTH; + private final static String MAX_ELEMENT_DEPTH_PROPERTY2 = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_ELEMENT_DEPTH; + private final static String MAX_OCCUR_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_OCCUR_LIMIT; + private final static String MAX_GENERAL_ENTITY_SIZE_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_GENERAL_ENTITY_SIZE_LIMIT; + private final static String MAX_PARAMETER_ENTITY_SIZE_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_PARAMETER_ENTITY_SIZE_LIMIT; + private final static String MAX_TOTAL_ENTITY_SIZE_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_TOTAL_ENTITY_SIZE_LIMIT; // // Constants // + private static final String DEFAULT_ACCESS_EXTERNAL_DTD = "all"; + private static final String DEFAULT_ACCESS_EXTERNAL_SCHEMA = "all"; + + /** Default value of number of attributes allowed. **/ + private final static int DEFAULT_ELEMENT_ATTRIBUTE_LIMIT = 10000; + /** Default value for entity expansion limit. **/ private final static int DEFAULT_ENTITY_EXPANSION_LIMIT = 100000; + /** Default value of maximum element depth. **/ + private final static int DEFAULT_MAX_ELEMENT_DEPTH = Integer.MAX_VALUE; + /** Default value of number of nodes created. **/ - private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 3000; + private final static int DEFAULT_MAX_OCCUR_NODE_LIMIT = 3000; + + private static final int DEFAULT_MAX_GENERAL_ENTITY_SIZE_LIMIT = Integer.MAX_VALUE; + private static final int DEFAULT_MAX_PARAMETER_ENTITY_SIZE_LIMIT = 1000000; + private static final int DEFAULT_TOTAL_ENTITY_SIZE_LIMIT = 50000000; // // Data // - + + private String accessExternalDTD = DEFAULT_ACCESS_EXTERNAL_DTD; + + private String accessExternalSchema = DEFAULT_ACCESS_EXTERNAL_SCHEMA; + + private int elementAttributeLimit = DEFAULT_ELEMENT_ATTRIBUTE_LIMIT; + /** Entity expansion limit. **/ - private int entityExpansionLimit; + private int entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; + + private int maxElementDepth = DEFAULT_MAX_ELEMENT_DEPTH; /** W3C XML Schema maxOccurs limit. **/ - private int maxOccurLimit; + private int maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT; + + private int generalEntitySizeLimit = DEFAULT_MAX_GENERAL_ENTITY_SIZE_LIMIT; + + private int parameterEntitySizeLimit = DEFAULT_MAX_PARAMETER_ENTITY_SIZE_LIMIT; + + private int totalEntitySizeLimit = DEFAULT_TOTAL_ENTITY_SIZE_LIMIT; /** - * Default constructor. Establishes default values - * for known security vulnerabilities. + * Default constructor. */ public SecurityManager() { - entityExpansionLimit = DEFAULT_ENTITY_EXPANSION_LIMIT; - maxOccurLimit = DEFAULT_MAX_OCCUR_NODE_LIMIT ; + } + + public String getAccessExternalDTD() { + return accessExternalDTD; } - /** - *

Sets the number of entity expansions that the - * parser should permit in a document.

- * - * @param limit the number of entity expansions - * permitted in a document - */ - public void setEntityExpansionLimit(int limit) { - entityExpansionLimit = limit; + public void setAccessExternalDTD(String accessExternalDTD) { + this.accessExternalDTD = accessExternalDTD; } + public String getAccessExternalSchema() { + return accessExternalSchema; + } + + public void setAccessExternalSchema(String accessExternalSchema) { + this.accessExternalSchema = accessExternalSchema; + } + + public int getElementAttributeLimit() { + return elementAttributeLimit; + } + + public void setElementAttributeLimit(int limit) { + if (limit > 0) + { + elementAttributeLimit = limit; + } + else if (limit == 0) + { + elementAttributeLimit = Integer.MAX_VALUE; + } + else + { + elementAttributeLimit = 0; + } + } + /** *

Returns the number of entity expansions * that the parser permits in a document.

@@ -89,18 +158,46 @@ public int getEntityExpansionLimit() { } /** - *

Sets the limit of the number of content model nodes - * that may be created when building a grammar for a W3C - * XML Schema that contains maxOccurs attributes with values - * other than "unbounded".

+ *

Sets the number of entity expansions that the + * parser should permit in a document.

* - * @param limit the maximum value for maxOccurs other - * than "unbounded" + * @param limit the number of entity expansions + * permitted in a document */ - public void setMaxOccurNodeLimit(int limit){ - maxOccurLimit = limit; + public void setEntityExpansionLimit(int limit) { + if (limit > 0) + { + entityExpansionLimit = limit; + } + else if (limit == 0) + { + entityExpansionLimit = Integer.MAX_VALUE; + } + else + { + entityExpansionLimit = 0; + } } + public int getMaxElementDepth() { + return maxElementDepth; + } + + public void setMaxElementDepth(int limit) { + if (limit > 0) + { + maxElementDepth = limit; + } + else if (limit == 0) + { + maxElementDepth = Integer.MAX_VALUE; + } + else + { + maxElementDepth = 0; + } + } + /** *

Returns the limit of the number of content model nodes * that may be created when building a grammar for a W3C @@ -114,5 +211,234 @@ public int getMaxOccurNodeLimit(){ return maxOccurLimit; } + /** + *

Sets the limit of the number of content model nodes + * that may be created when building a grammar for a W3C + * XML Schema that contains maxOccurs attributes with values + * other than "unbounded".

+ * + * @param limit the maximum value for maxOccurs other + * than "unbounded" + */ + public void setMaxOccurNodeLimit(int limit){ + if (limit > 0) + { + maxOccurLimit = limit; + } + else if (limit == 0) + { + maxOccurLimit = Integer.MAX_VALUE; + } + else + { + maxOccurLimit = 0; + } + } + + public int getGeneralEntitySizeLimit() { + return generalEntitySizeLimit; + } + + public void setGeneralEntitySizeLimit(int limit) { + if (limit > 0) + { + generalEntitySizeLimit = limit; + } + else if (limit == 0) + { + generalEntitySizeLimit = Integer.MAX_VALUE; + } + else + { + generalEntitySizeLimit = 0; + } + } + + public int getParameterEntitySizeLimit() { + return parameterEntitySizeLimit; + } + + public void setParameterEntitySizeLimit(int limit) { + if (limit > 0) + { + parameterEntitySizeLimit = limit; + } + else if (limit == 0) + { + parameterEntitySizeLimit = Integer.MAX_VALUE; + } + else + { + parameterEntitySizeLimit = 0; + } + } + + public int getTotalEntitySizeLimit() { + return totalEntitySizeLimit; + } + + public void setTotalEntitySizeLimit(int limit) { + if (limit > 0) + { + totalEntitySizeLimit = limit; + } + else if (limit == 0) + { + totalEntitySizeLimit = Integer.MAX_VALUE; + } + else + { + totalEntitySizeLimit = 0; + } + } + + public boolean setIfManagedBySecurityManager(String property, Object value) + { + boolean isManaged = false; + if (ACCESS_EXTERNAL_DTD_PROPERTY.equals(property)) + { + setAccessExternalDTD(String.class.cast(value)); + isManaged = true; + } + else if (ACCESS_EXTERNAL_SCHEMA_PROPERTY.equals(property)) + { + setAccessExternalSchema(String.class.cast(value)); + isManaged = true; + } + else if (ELEMENT_ATTRIBUTE_LIMIT_PROPERTY.equals(property) || ELEMENT_ATTRIBUTE_LIMIT_PROPERTY2.equals(property)) + { + setElementAttributeLimit(Integer.class.cast(value)); + isManaged = true; + } + else if (ENTITY_EXPANSION_LIMIT_PROPERTY.equals(property) || ENTITY_EXPANSION_LIMIT_PROPERTY2.equals(property)) + { + setEntityExpansionLimit(Integer.class.cast(value)); + isManaged = true; + } + else if (MAX_ELEMENT_DEPTH_PROPERTY.equals(property) || MAX_ELEMENT_DEPTH_PROPERTY2.equals(property)) + { + setMaxElementDepth(Integer.class.cast(value)); + isManaged = true; + } + else if (MAX_OCCUR_LIMIT.equals(property)) + { + setMaxOccurNodeLimit(Integer.class.cast(value)); + isManaged = true; + } + else if (MAX_GENERAL_ENTITY_SIZE_LIMIT.equals(property)) + { + setGeneralEntitySizeLimit(Integer.class.cast(value)); + isManaged = true; + } + else if (MAX_PARAMETER_ENTITY_SIZE_LIMIT.equals(property)) + { + setParameterEntitySizeLimit(Integer.class.cast(value)); + isManaged = true; + } + else if (MAX_TOTAL_ENTITY_SIZE_LIMIT.equals(property)) + { + setTotalEntitySizeLimit(Integer.class.cast(value)); + isManaged = true; + } + return isManaged; + } + + public Object getIfManagedBySecurityManager(String property) + { + if (ACCESS_EXTERNAL_DTD_PROPERTY.equals(property)) + { + return getAccessExternalDTD(); + } + else if (ACCESS_EXTERNAL_SCHEMA_PROPERTY.equals(property)) + { + return getAccessExternalSchema(); + } + else if (ELEMENT_ATTRIBUTE_LIMIT_PROPERTY.equals(property) || ELEMENT_ATTRIBUTE_LIMIT_PROPERTY2.equals(property)) + { + return getElementAttributeLimit(); + } + else if (ENTITY_EXPANSION_LIMIT_PROPERTY.equals(property) || ENTITY_EXPANSION_LIMIT_PROPERTY2.equals(property)) + { + return getEntityExpansionLimit(); + } + else if (MAX_ELEMENT_DEPTH_PROPERTY.equals(property) || MAX_ELEMENT_DEPTH_PROPERTY2.equals(property)) + { + return getMaxElementDepth(); + } + else if (MAX_OCCUR_LIMIT.equals(property)) + { + return getMaxOccurNodeLimit(); + } + else if (MAX_GENERAL_ENTITY_SIZE_LIMIT.equals(property)) + { + return getGeneralEntitySizeLimit(); + } + else if (MAX_PARAMETER_ENTITY_SIZE_LIMIT.equals(property)) + { + return getParameterEntitySizeLimit(); + } + else if (MAX_TOTAL_ENTITY_SIZE_LIMIT.equals(property)) + { + return getTotalEntitySizeLimit(); + } + return null; + } + + /** + * Check the protocol used in the systemId against allowed protocols + * + * @param systemId the Id of the URI + * @param allowedProtocols a list of allowed protocols separated by comma + * @param accessAny keyword to indicate allowing any protocol + * @return the name of the protocol if rejected, null otherwise + */ + public static String checkAccess(String systemId, String allowedProtocols, String accessAny) throws IOException { + if (systemId == null || (allowedProtocols != null && + allowedProtocols.equalsIgnoreCase(accessAny))) { + return null; + } + + String protocol; + if (systemId.indexOf(":")==-1) { + protocol = "file"; + } else { + URL url = new URL(systemId); + protocol = url.getProtocol(); + if (protocol.equalsIgnoreCase("jar")) { + String path = url.getPath(); + protocol = path.substring(0, path.indexOf(":")); + } + } + + if (isProtocolAllowed(protocol, allowedProtocols)) { + //access allowed + return null; + } else { + return protocol; + } + } + + /** + * Check if the protocol is in the allowed list of protocols. The check + * is case-insensitive while ignoring whitespaces. + * + * @param protocol a protocol + * @param allowedProtocols a list of allowed protocols + * @return true if the protocol is in the list + */ + private static boolean isProtocolAllowed(String protocol, String allowedProtocols) { + if (allowedProtocols == null) { + return false; + } + String temp[] = allowedProtocols.split(","); + for (String t : temp) { + t = t.trim(); + if (t.equalsIgnoreCase(protocol)) { + return true; + } + } + return false; + } + } // class SecurityManager diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessing.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessing.java new file mode 100644 index 000000000..914344c43 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessing.java @@ -0,0 +1,5556 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +import static org.junit.Assert.fail; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.nio.charset.Charset; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; + +import javax.xml.XMLConstants; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.SAXParser; +import javax.xml.parsers.SAXParserFactory; +import javax.xml.transform.stream.StreamSource; +import javax.xml.validation.Schema; +import javax.xml.validation.SchemaFactory; + +import junit.framework.Assert; + +import org.apache.xerces.impl.Constants; +import org.apache.xerces.jaxp.DocumentBuilderImpl; +import org.apache.xerces.jaxp.JAXPConstants; +import org.apache.xerces.util.SecurityManager; +import org.junit.BeforeClass; +import org.junit.Test; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.Attributes; +import org.xml.sax.ErrorHandler; +import org.xml.sax.InputSource; +import org.xml.sax.SAXException; +import org.xml.sax.SAXParseException; +import org.xml.sax.helpers.DefaultHandler; + + +/** + * + * namespaces: false + * validating: false + * xml version: 1.0 + * + * The following Features and Properties are tested in the named test methods. + * + * FEATURES: + * + * * DISALLOW_DOCTYPE_DECL_FEATURE (http://apache.org/xml/features/disallow-doctype-decl): testDisallowDoctype() + * * EXTERNAL_GENERAL_ENTITIES_FEATURE (http://xml.org/sax/features/external-general-entities): testExternalEntities() + * * EXTERNAL_PARAMETER_ENTITIES_FEATURE (http://xml.org/sax/features/external-parameter-entities): testExternalEntities() + * * LOAD_EXTERNAL_DTD_FEATURE (http://apache.org/xml/features/nonvalidating/load-external-dtd): testExternalDTD() + * + * PROPERTIES: + * + * * ACCESS_EXTERNAL_DTD_PROPERTY (http://javax.xml.XMLConstants/property/accessExternalDTD): testExternalDTD() + * * ACCESS_EXTERNAL_SCHEMA_PROPERTY (http://javax.xml.XMLConstants/property/accessExternalSchema): testExternalSchema() + * * ELEMENT_ATTRIBUTE_LIMIT (http://apache.org/xml/properties/elementAttributeLimit): testElementAttributeLimit() + * * ENTITY_EXPANSION_LIMIT (http://apache.org/xml/properties/entity-expansion-limit): testEntityExpansionLimit() + * * MAX_OCCUR_LIMIT (http://www.oracle.com/xml/jaxp/properties/maxOccurLimit): testMaxOccursSchema(), testMaxOccurs() + * * MAX_GENERAL_ENTITY_SIZE_LIMIT (http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit): testEntitySizeLimit() + * * MAX_GENERAL_ENTITY_SIZE_LIMIT2 (http://java.sun.com/xml/jaxp/properties/maxGeneralEntitySizeLimit: testEntitySizeLimit() + * * MAX_PARAMETER_ENTITY_SIZE_LIMIT (http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit): testEntitySizeLimit() + * * MAX_ELEMENT_DEPTH (http://java.sun.com/xml/jaxp/properties/maxElementDepth): testElementDepthLimit() + * * MAX_TOTAL_ENTITY_SIZE_LIMIT (http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimit): testTotalEntitySizeLimit() + * + * Note. In the following tests, -1 is interpreted as "use default value". + * + * @author Ron Sigal + * @date November 24, 2014 + * + */ +public class TestSecureProcessing +{ + protected static final String SECURITY_MANAGER_PROPERTY = Constants.XERCES_PROPERTY_PREFIX + Constants.SECURITY_MANAGER_PROPERTY; + + protected static final String DISALLOW_DOCTYPE_DECL_FEATURE = Constants.XERCES_FEATURE_PREFIX + Constants.DISALLOW_DOCTYPE_DECL_FEATURE; + protected static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = "http://xml.org/sax/features/external-general-entities"; + protected static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = "http://xml.org/sax/features/external-parameter-entities"; + protected static final String LOAD_EXTERNAL_DTD_FEATURE = Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE; + + protected static final String ACCESS_EXTERNAL_DTD_PROPERTY = Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_DTD; + protected static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY = Constants.JAXP_JAVAX_PROPERTY_PREFIX + Constants.ACCESS_EXTERNAL_SCHEMA; + protected static final String MAX_OCCUR_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_OCCUR_LIMIT; + protected static final String MAX_GENERAL_ENTITY_SIZE_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_GENERAL_ENTITY_SIZE_LIMIT; + protected static final String MAX_GENERAL_ENTITY_SIZE_LIMIT2 = Constants.JAXP_PROPERTY_PREFIX + Constants.MAX_GENERAL_ENTITY_SIZE_LIMIT; + protected static final String MAX_PARAMETER_ENTITY_SIZE_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_PARAMETER_ENTITY_SIZE_LIMIT; + protected static final String MAX_TOTAL_ENTITY_SIZE_LIMIT = Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_TOTAL_ENTITY_SIZE_LIMIT; + + /** Property identifier: schema location. */ + protected static final String SCHEMA_LOCATION = Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_LOCATION; + + /** Property identifier: no namespace schema location. */ + protected static final String SCHEMA_NONS_LOCATION = Constants.XERCES_PROPERTY_PREFIX + Constants.SCHEMA_NONS_LOCATION; + + protected static final String RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME = "jdk.xml.resolveExternalEntities"; + protected static final String ENTITY_EXPANSION_LIMIT_PROPERTY_NAME = "jdk.xml.entityExpansionLimit"; + protected static final String ELEMENT_ATTRIBUTE_LIMIT_PROPERTY_NAME = "jdk.xml.elementAttributeLimit"; + protected static final String MAX_OCCUR_LIMIT_PROPERTY_NAME = "jdk.xml.maxOccur"; + protected static final String TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME = "jdk.xml.totalEntitySizeLimit"; + protected static final String MAX_GENERAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME = "jdk.xml.maxGeneralEntitySizeLimit"; + protected static final String MAX_PARAMETER_ENTITY_SIZE_LIMIT_PROPERTY_NAME = "jdk.xml.maxParameterEntitySizeLimit"; + protected static final String MAX_ELEMENT_DEPTH_PROPERTY_NAME = "jdk.xml.maxElementDepth"; + protected static final String ACCESS_EXTERNAL_SCHEMA_PROPERTY_NAME = "javax.xml.accessExternalSchema"; + protected static final String ACCESS_EXTERNAL_DTD_PROPERTY_NAME = "javax.xml.accessExternalDTD"; + + /** Feature identifier: namespaces. */ + protected static final String NAMESPACES = Constants.SAX_FEATURE_PREFIX + Constants.NAMESPACES_FEATURE; + + protected static String currentDirectory = System.getProperty("user.dir"); + protected static String file; + protected static StringBuffer sb; + + protected boolean namespaces() + { + return false; + } + + protected String XMLVersion() + { + return "\r"; + } + + protected boolean validating() + { + return false; + } + + protected String getElementAttributeLimitProperty() + { + return Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.ELEMENT_ATTRIBUTE_LIMIT_PROPERTY; + } + + protected String getEntityExpansionLimitProperty() + { + return Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY2; + } + + protected String getMaxElementDepthProperty() + { + return Constants.JAXP_ORACLE_PROPERTY_PREFIX + Constants.MAX_ELEMENT_DEPTH; + } + + protected String getExternalGeneralEntityDoc() + { + String externalGeneralEntityDoc = + XMLVersion() + + "" + + " " + + "]>" + + "&externalGeneralEntity;"; + return externalGeneralEntityDoc; + } + + protected String getExternalParameterEntityDoc() + { + String externalParameterEntityDoc = + XMLVersion() + + "" + + " %externalParameterEntity;" + + "]>" + + "&foo;"; + return externalParameterEntityDoc; + } + + protected String getInternalDTDDoc() + { + String internalDTDDoc = + XMLVersion() + + "" + + "" + + "]>" + + "&foo;"; + return internalDTDDoc; + } + + protected String getBigElementDoctype() + { + String bigElementDoctype = + XMLVersion() + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "]>"; + String bigXmlRootElement = bigElementDoctype + "&foo5;"; + return bigXmlRootElement; + } + + protected String bigAttributeDoc; + protected String reallyBigAttributeDoc; + + protected String getBigAttributeDoc() + { + if (bigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(""); + bigAttributeDoc = sb.toString(); + } + return bigAttributeDoc; + } + + protected String getReallyBigAttributeDoc() + { + if (reallyBigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(""); + reallyBigAttributeDoc = sb.toString(); + } + return reallyBigAttributeDoc; + } + + protected String getMaxOccursDoc() + { + file = System.getProperty("user.dir") + "/src/test/java/org/apache/xerces/test/secureprocessing/test.xsd"; + sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + for (int i = 0; i < 9999; i++) + { + sb.append("x"); + } + sb.append(""); + String maxOccursDoc = sb.toString(); + return maxOccursDoc; + } + + protected String getExternalDTDWithInternalDTDDoc() + { + String externalDTDWithInternalDTDDoc = + XMLVersion() + + "" + + "&foo;"; + return externalDTDWithInternalDTDDoc; + } + + protected String getExternalDTDWithoutInternalDTDDoc() + { + String externalDTDWithoutInternalDTDDoc = + XMLVersion() + + "" + + "&foo;"; + return externalDTDWithoutInternalDTDDoc; + } + + protected String getExternalSchemaDoc() + { + String file = System.getProperty("user.dir") + "/src/test/java/org/apache/xerces/test/secureprocessing/foo.xsd"; + StringBuffer sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + sb.append("x"); + sb.append(""); + String externalSchemaDoc = sb.toString(); + return externalSchemaDoc; + } + + protected String getTotalEntitySizeDoc() + { + String totalEntitySizeDoc = + XMLVersion() + + "" + + "" + + "" + + "" + + "" + + "]> "; + return totalEntitySizeDoc; + } + + protected String getGeneralEntitySizeDoc() + { + String generalEntitySizeDoc = + XMLVersion() + + "" + + "" + + "]> "; + return generalEntitySizeDoc; + } + + protected String getParameterEntitySizeDoc() + { + String parameterEntitySizeDoc = + XMLVersion() + + "" + + "" + + "]> "; + return parameterEntitySizeDoc; + } + + protected String getMaxElementDepthDoc() + { + String maxElementDepthDoc = + XMLVersion() + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + ""; + return maxElementDepthDoc; + } + + protected enum E + { + TRUE(true), + FALSE(false), + DEFAULT(null); + + private Boolean b; + + E(Boolean b) + { + this.b = b; + } + + public String toString() + { + return b.toString(); + } + + public Boolean bool() + { + return b; + } + } + + protected enum ParserType + { + SAX, DOM; + } + + protected enum EntityType + { + GENERAL("general"), + PARAMETER("parameter"); + + private String entityType; + + EntityType(String entityType) + { + this.entityType = entityType; + } + + public String toString() + { + return entityType; + } + } + + static protected boolean debug = false; + + @BeforeClass + static public void before() + { + debug = Boolean.getBoolean("debug"); + System.out.println("debug: " + (debug ? "on" : "off")); + } + + public void debug(Object s) + { + if (debug) + { + System.out.println(s.toString()); + } + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // External general and parameter entity features: + // + // * http://xml.org/sax/features/external-general-entities + // * http://xml.org/sax/features/external-parameter-entities + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testExternalEntities() throws Exception + { + // Notes. + // + // 1. If the SECURE_PROCESSING_FEATURE is set to true + // + // a. If RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME (jdk.xml.resolveExternalEntities) is true, then + // the features EXTERNAL_GENERAL_ENTITIES and EXTERNAL_PARAMETER_ENTITIES are set to true. + // + // b. If RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME (jdk.xml.resolveExternalEntities) is false, then + // the features EXTERNAL_GENERAL_ENTITIES and EXTERNAL_PARAMETER_ENTITIES are set to false. + // + // c. if RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME is not set, the features EXTERNAL_GENERAL_ENTITIES + // and EXTERNAL_PARAMETER_ENTITIES default to false. + // + // 2. If the SECURE_PROCESSING_FEATURE is set to false, RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME + // is ignored, and the features EXTERNAL_GENERAL_ENTITIES and EXTERNAL_PARAMETER_ENTITIES + // default to true. + // + // 3. If the features EXTERNAL_GENERAL_ENTITIES or EXTERNAL_PARAMETER_ENTITIES are passed to the + // SAX parser or the DOM parser factory, that value takes precedence over the values set according + // to items 1 and 2. + + doTestExternalEntities(ParserType.SAX, EntityType.GENERAL); + doTestExternalEntities(ParserType.DOM, EntityType.GENERAL); + doTestExternalEntities(ParserType.SAX, EntityType.PARAMETER); + doTestExternalEntities(ParserType.DOM, EntityType.PARAMETER); + } + + void doTestExternalEntities(ParserType type, EntityType entityType) throws Exception + { +// jdk.xml.resolveExternalEntities +// | secure processing feature +// | | load external entity feature +// | | | expected value + doTestExternalEntities(type, entityType, E.TRUE, E.TRUE, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.TRUE, E.TRUE, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.TRUE, E.TRUE, E.DEFAULT, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.TRUE, E.FALSE, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.TRUE, E.FALSE, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.TRUE, E.FALSE, E.DEFAULT, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.TRUE, E.DEFAULT, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.TRUE, E.DEFAULT, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.TRUE, E.DEFAULT, E.DEFAULT, "external " + entityType + " entity"); + + doTestExternalEntities(type, entityType, E.FALSE, E.TRUE, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.FALSE, E.TRUE, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.FALSE, E.TRUE, E.DEFAULT, ""); + doTestExternalEntities(type, entityType, E.FALSE, E.FALSE, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.FALSE, E.FALSE, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.FALSE, E.FALSE, E.DEFAULT, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.FALSE, E.DEFAULT, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.FALSE, E.DEFAULT, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.FALSE, E.DEFAULT, E.DEFAULT, ""); + + doTestExternalEntities(type, entityType, E.DEFAULT, E.TRUE, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.DEFAULT, E.TRUE, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.DEFAULT, E.TRUE, E.DEFAULT, ""); + doTestExternalEntities(type, entityType, E.DEFAULT, E.FALSE, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.DEFAULT, E.FALSE, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.DEFAULT, E.FALSE, E.DEFAULT, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.DEFAULT, E.DEFAULT, E.TRUE, "external " + entityType + " entity"); + doTestExternalEntities(type, entityType, E.DEFAULT, E.DEFAULT, E.FALSE, ""); + doTestExternalEntities(type, entityType, E.DEFAULT, E.DEFAULT, E.DEFAULT, ""); + } + + void doTestExternalEntities(ParserType type, EntityType entityType, E systemProperty, E secureProcessing, E externalParameterEntities, String expected) throws Exception + { + try + { + String result = doTestExternalEntitiesParse(type, entityType, systemProperty, secureProcessing, externalParameterEntities); + debug("doTestExternalParameterEntitiesPasses(): " + result); + Assert.assertEquals(expected, result); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + String doTestExternalEntitiesParse(ParserType type, EntityType entityType, E systemProperty, E secureProcessing, E externalEntities) throws Exception + { + try + { + if (!E.DEFAULT.equals(systemProperty)) + { + System.setProperty(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME, systemProperty.toString()); + } + ParserFactory factory = ParserFactory.newInstance(type); + factory.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, false); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + if (!E.DEFAULT.equals(externalEntities)) + { + if (EntityType.GENERAL.equals(entityType)) + { + factory.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, externalEntities.bool()); + } + else + { + factory.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, externalEntities.bool()); + } + } + factory.setFeature(NAMESPACES, namespaces()); + factory.setValidating(validating()); + Parser parser = factory.newParser(); + ByteArrayInputStream baos = null; + if (EntityType.GENERAL.equals(entityType)) + { + baos = new ByteArrayInputStream(getExternalGeneralEntityDoc().getBytes()); + } + else + { + baos = new ByteArrayInputStream(getExternalParameterEntityDoc().getBytes()); + } + + parser.parse(baos); + return parser.getText(); + } + finally + { + if (!E.DEFAULT.equals(systemProperty)) + { + System.setProperty(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME, ""); + } + } + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // disallow doctype feature: http://apache.org/xml/features/disallow-doctype-decl + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testDisallowDoctype() throws Exception + { + doTestDisallowDoctype(ParserType.SAX); + doTestDisallowDoctype(ParserType.DOM); + } + + public void doTestDisallowDoctype(ParserType type) throws Exception + { + // Test disallowDoctype: secure processing true, disallowDoctype true + doTestDisallowDoctypeFails(type, E.TRUE, E.TRUE); + + // Test disallowDoctype: secure processing true, disallowDoctype false + doTestDisallowDoctypePasses(type, E.TRUE, E.FALSE); + + // Test disallowDoctype: secure processing true, disallowDoctype omitted + doTestDisallowDoctypeFails(type, E.TRUE, E.DEFAULT); + + // Test disallowDoctype: secure processing false, disallowDoctype true + doTestDisallowDoctypeFails(type, E.FALSE, E.TRUE); + + // Test disallowDoctype: secure processing false, disallowDoctype false + doTestDisallowDoctypePasses(type, E.FALSE, E.FALSE); + + // Test disallowDoctype: secure processing false, disallowDoctype omitted + doTestDisallowDoctypePasses(type, E.FALSE, E.DEFAULT); + + // Test disallowDoctype: secure processing omitted, disallowDoctype true + doTestDisallowDoctypeFails(type, E.DEFAULT, E.TRUE); + + // Test disallowDoctype: secure processing omitted, disallowDoctype false + doTestDisallowDoctypePasses(type, E.DEFAULT, E.FALSE); + + // Test disallowDoctype: secure processing omitted, disallowDoctype omitted + doTestDisallowDoctypeFails(type, E.DEFAULT, E.DEFAULT); + } + + void doTestDisallowDoctypePasses(ParserType type, E secureProcessing, E disallowDoctype) throws Exception + { + try + { + doTestDisallowDoctypeParse(type, secureProcessing, disallowDoctype); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestDisallowDoctypeFails(ParserType type, E secureProcessing, E disallowDoctype) throws Exception + { + try + { + doTestDisallowDoctypeParse(type, secureProcessing, disallowDoctype); + fail("Expecting exception"); + } + catch (SAXParseException e) + { + debug(e); + Assert.assertTrue(e.getMessage().contains("DOCTYPE is disallowed when the feature \"http://apache.org/xml/features/disallow-doctype-decl\" set to true.")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + } + + void doTestDisallowDoctypeParse(ParserType type, E secureProcessing, E disallowDoctype) throws Exception + { + ParserFactory factory = ParserFactory.newInstance(type); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + if (!E.DEFAULT.equals(disallowDoctype)) + { + factory.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, disallowDoctype.bool()); + } + factory.setFeature(NAMESPACES, namespaces()); + factory.setValidating(validating()); + Parser parser = factory.newParser(); + ByteArrayInputStream baos = new ByteArrayInputStream(getInternalDTDDoc().getBytes()); + parser.parse(baos); + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // Entity expansion limit property: + // + // * jdk.xml.entityExpansionLimit + // * http://apache.org/xml/properties/entity-expansion-limit + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testEntityExpansionLimit() throws Exception + { + doTestEntityExpansionLimit(ParserType.SAX); + doTestEntityExpansionLimit(ParserType.DOM); + } + + void doTestEntityExpansionLimit(ParserType type) throws Exception + { +// secure processing feature +// | system property limit +// | | factory property limit +// | | | security manager limit +// | | | | expected limit + doTestEntityExpansionLimitFails(type, E.TRUE, 12345, 34567, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, 12345, 34567, 0); + doTestEntityExpansionLimitFails(type, E.TRUE, 12345, 34567, -1, "34,567"); + doTestEntityExpansionLimitFails(type, E.TRUE, 12345, 0, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, 12345, 0, 0); + doTestEntityExpansionLimitPasses(type, E.TRUE, 12345, 0, -1); + doTestEntityExpansionLimitFails(type, E.TRUE, 12345, -1, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, 12345, -1, 0); + doTestEntityExpansionLimitFails(type, E.TRUE, 12345, -1, -1, "12,345"); + + doTestEntityExpansionLimitFails(type, E.TRUE, 0, 34567, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, 0, 34567, 0); + doTestEntityExpansionLimitFails(type, E.TRUE, 0, 34567, -1, "34,567"); + doTestEntityExpansionLimitFails(type, E.TRUE, 0, 0, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, 0, 0, 0); + doTestEntityExpansionLimitPasses(type, E.TRUE, 0, 0, -1); + doTestEntityExpansionLimitFails(type, E.TRUE, 0, -1, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, 0, -1, 0); + doTestEntityExpansionLimitPasses(type, E.TRUE, 0, -1, -1); + + doTestEntityExpansionLimitFails(type, E.TRUE, -1, 34567, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, -1, 34567, 0); + doTestEntityExpansionLimitFails(type, E.TRUE, -1, 34567, -1, "34,567"); + doTestEntityExpansionLimitFails(type, E.TRUE, -1, 0, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, -1, 0, 0); + doTestEntityExpansionLimitPasses(type, E.TRUE, -1, 0, -1); + doTestEntityExpansionLimitFails(type, E.TRUE, -1, -1, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.TRUE, -1, -1, 0); + doTestEntityExpansionLimitFails(type, E.TRUE, -1, -1, -1, "64,000"); + + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, 34567, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, 34567, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, 34567, -1); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, 0, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, 0, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, 0, -1); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, -1, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, -1, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, 12345, -1, -1); + + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, 34567, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, 34567, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, 34567, -1); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, 0, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, 0, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, 0, -1); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, -1, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, -1, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, 0, -1, -1); + + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, 34567, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, 34567, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, 34567, -1); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, 0, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, 0, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, 0, -1); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, -1, 45678); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, -1, 0); + doTestEntityExpansionLimitPasses(type, E.FALSE, -1, -1, -1); + + doTestEntityExpansionLimitFails(type, E.DEFAULT, 12345, 34567, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 12345, 34567, 0); + doTestEntityExpansionLimitFails(type, E.DEFAULT, 12345, 34567, -1, "34,567"); + doTestEntityExpansionLimitFails(type, E.DEFAULT, 12345, 0, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 12345, 0, 0); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 12345, 0, -1); + doTestEntityExpansionLimitFails(type, E.DEFAULT, 12345, -1, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 12345, -1, 0); + doTestEntityExpansionLimitFails(type, E.DEFAULT, 12345, -1, -1, "12,345"); + + doTestEntityExpansionLimitFails(type, E.DEFAULT, 0, 34567, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 0, 34567, 0); + doTestEntityExpansionLimitFails(type, E.DEFAULT, 0, 34567, -1, "34,567"); + doTestEntityExpansionLimitFails(type, E.DEFAULT, 0, 0, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 0, 0, 0); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 0, 0, -1); + doTestEntityExpansionLimitFails(type, E.DEFAULT, 0, -1, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 0, -1, 0); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, 0, -1, -1); + + doTestEntityExpansionLimitFails(type, E.DEFAULT, -1, 34567, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, -1, 34567, 0); + doTestEntityExpansionLimitFails(type, E.DEFAULT, -1, 34567, -1, "34,567"); + doTestEntityExpansionLimitFails(type, E.DEFAULT, -1, 0, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, -1, 0, 0); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, -1, 0, -1); + doTestEntityExpansionLimitFails(type, E.DEFAULT, -1, -1, 45678, "45,678"); + doTestEntityExpansionLimitPasses(type, E.DEFAULT, -1, -1, 0); + doTestEntityExpansionLimitFails(type, E.DEFAULT, -1, -1, -1, "64,000"); + } + + void doTestEntityExpansionLimitPasses(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + doTestEntityExpansionLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestEntityExpansionLimitFails(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit, String expectedLimit) throws Exception + { + try + { + doTestEntityExpansionLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + fail("Expecting exception"); + } + catch (SAXParseException e) + { + debug(e); + debug("expectedLimit: " + expectedLimit); +// e.printStackTrace(); + Assert.assertTrue(e.getMessage().contains("The parser has encountered more than \"" + expectedLimit + "\" entity expansions")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException"); + } + } + + void doTestEntityExpansionLimitParse(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + if (systemLimit > -1) + { + System.setProperty(ENTITY_EXPANSION_LIMIT_PROPERTY_NAME, Integer.toString(systemLimit)); + } + ParserFactory factory = ParserFactory.newInstance(type); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + factory.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, false); + if (factoryLimit >=0) + { + factory.setProperty(getEntityExpansionLimitProperty(), factoryLimit); + } + factory.setFeature(NAMESPACES, namespaces()); + factory.setValidating(validating()); + Parser parser = factory.newParser(); + SecurityManager sm = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (sm != null && securityLimit >= 0) + { + sm.setEntityExpansionLimit(securityLimit); + } + ByteArrayInputStream baos = new ByteArrayInputStream(getBigElementDoctype().getBytes(Charset.forName("UTF-8"))); + parser.parse(baos); + } + finally + { + System.setProperty(ENTITY_EXPANSION_LIMIT_PROPERTY_NAME, ""); + } + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // element attribute limit: + // + // * jdk.xml.elementAttributeLimit + // * http://apache.org/xml/properties/elementAttributeLimit + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testElementAttributeLimit() throws Exception + { + doTestElementAttributeLimit(ParserType.SAX); + doTestElementAttributeLimit(ParserType.DOM); + } + + void doTestElementAttributeLimit(ParserType type) throws Exception + { +// secure processing feature +// | system property limit +// | | factory property limit +// | | | security manager limit +// | | | | expected limit + doTestElementAttributeLimitFails(type, E.TRUE, "23", 34, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "23", 34, 0); + doTestElementAttributeLimitFails(type, E.TRUE, "23", 34, -1, "34"); + doTestElementAttributeLimitFails(type, E.TRUE, "23", 0, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "23", 0, 0); + doTestElementAttributeLimitPasses(type, E.TRUE, "23", 0, -1); + doTestElementAttributeLimitFails(type, E.TRUE, "23", -1, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "23", -1, 0); + doTestElementAttributeLimitFails(type, E.TRUE, "23", -1, -1, "23"); + + doTestElementAttributeLimitFails(type, E.TRUE, "0", 34, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "0", 34, 0); + doTestElementAttributeLimitFails(type, E.TRUE, "0", 34, -1, "34"); + doTestElementAttributeLimitFails(type, E.TRUE, "0", 0, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "0", 0, 0); + doTestElementAttributeLimitPasses(type, E.TRUE, "0", 0, -1); + doTestElementAttributeLimitFails(type, E.TRUE, "0", -1, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "0", -1, 0); + doTestElementAttributeLimitPasses(type, E.TRUE, "0", -1, -1); + + doTestElementAttributeLimitFails(type, E.TRUE, "-1", 34, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "-1", 34, 0); + doTestElementAttributeLimitFails(type, E.TRUE, "-1", 34, -1, "34"); + doTestElementAttributeLimitFails(type, E.TRUE, "-1", 0, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "-1", 0, 0); + doTestElementAttributeLimitPasses(type, E.TRUE, "-1", 0, -1); + doTestElementAttributeLimitFails(type, E.TRUE, "-1", -1, 45, "45"); + doTestElementAttributeLimitPasses(type, E.TRUE, "-1", -1, 0); + doTestElementAttributeLimitFails(type, E.TRUE, "-1", -1, -1, "10000"); + + doTestElementAttributeLimitPasses(type, E.FALSE, "23", 34, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", 34, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", 34, -1); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", 0, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", 0, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", 0, -1); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", -1, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", -1, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "23", -1, -1); + + doTestElementAttributeLimitPasses(type, E.FALSE, "0", 34, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", 34, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", 34, -1); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", 0, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", 0, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", 0, -1); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", -1, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", -1, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "0", -1, -1); + + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", 34, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", 34, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", 34, -1); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", 0, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", 0, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", 0, -1); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", -1, 45); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", -1, 0); + doTestElementAttributeLimitPasses(type, E.FALSE, "-1", -1, -1); + + doTestElementAttributeLimitFails(type, E.DEFAULT, "23", 34, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "23", 34, 0); + doTestElementAttributeLimitFails(type, E.DEFAULT, "23", 34, -1, "34"); + doTestElementAttributeLimitFails(type, E.DEFAULT, "23", 0, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "23", 0, 0); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "23", 0, -1); + doTestElementAttributeLimitFails(type, E.DEFAULT, "23", -1, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "23", -1, 0); + doTestElementAttributeLimitFails(type, E.DEFAULT, "23", -1, -1, "23"); + + doTestElementAttributeLimitFails(type, E.DEFAULT, "0", 34, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "0", 34, 0); + doTestElementAttributeLimitFails(type, E.DEFAULT, "0", 34, -1, "34"); + doTestElementAttributeLimitFails(type, E.DEFAULT, "0", 0, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "0", 0, 0); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "0", 0, -1); + doTestElementAttributeLimitFails(type, E.DEFAULT, "0", -1, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "0", -1, 0); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "0", -1, -1); + + doTestElementAttributeLimitFails(type, E.DEFAULT, "-1", 34, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "-1", 34, 0); + doTestElementAttributeLimitFails(type, E.DEFAULT, "-1", 34, -1, "34"); + doTestElementAttributeLimitFails(type, E.DEFAULT, "-1", 0, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "-1", 0, 0); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "-1", 0, -1); + doTestElementAttributeLimitFails(type, E.DEFAULT, "-1", -1, 45, "45"); + doTestElementAttributeLimitPasses(type, E.DEFAULT, "-1", -1, 0); + doTestElementAttributeLimitFails(type, E.DEFAULT, "-1", -1, -1, "10000"); + } + + void doTestElementAttributeLimitPasses(ParserType type, E secureProcessing, String systemLimit, int factoryLimit, int securityLimit) + { + try + { + doTestElementAttributeLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestElementAttributeLimitFails(ParserType type, E secureProcessing, String systemLimit, int factoryLimit, int securityLimit, String expected) + { + try + { + doTestElementAttributeLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + fail("Expecting SAXParseException"); + } + catch (SAXParseException e) + { + debug(e); + Assert.assertTrue(e.getMessage().contains("has more than \"" + expected + "\" attributes")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException"); + } + } + + void doTestElementAttributeLimitParse(ParserType type, E secureProcessing, String systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + if (Integer.valueOf(systemLimit).intValue() > -1) + { + System.setProperty(ELEMENT_ATTRIBUTE_LIMIT_PROPERTY_NAME, systemLimit); + } + ParserFactory factory = ParserFactory.newInstance(type); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + factory.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, false); + factory.setFeature(NAMESPACES, true); + factory.setValidating(validating()); + if (factoryLimit >=0) + { + factory.setProperty(getElementAttributeLimitProperty(), factoryLimit); + } + Parser parser = factory.newParser(); + if (securityLimit >= 0) + { + SecurityManager sm = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (sm != null) + { + sm.setElementAttributeLimit(securityLimit); + } + } + String doc = null; + if ("-1".equals(systemLimit) && factoryLimit == -1 && securityLimit == -1) + { + doc = getReallyBigAttributeDoc(); + } + else + { + doc = getBigAttributeDoc(); + } + ByteArrayInputStream baos = new ByteArrayInputStream(doc.getBytes(Charset.forName("UTF-8"))); + parser.parse(baos); + } + finally + { + if (Integer.valueOf(systemLimit).intValue() > -1) + { + System.setProperty(ELEMENT_ATTRIBUTE_LIMIT_PROPERTY_NAME, ""); + } + } + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // max occurs limit: + // + // * jdk.xml.maxOccur + // * http://www.oracle.com/xml/jaxp/properties/maxOccurLimit + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testMaxOccursSchema() throws Exception + { + String s = "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + ""; + try + { + ByteArrayInputStream bais = new ByteArrayInputStream(s.getBytes()); + SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); + Schema schema = sf.newSchema(new StreamSource(bais)); + debug("schema: " + schema); + Assert.assertNotNull(schema); + } + catch (SAXParseException e) + { + e.printStackTrace(); + debug(e); + Assert.assertTrue(e.getMessage().contains("Current configuration of the parser doesn't allow the expansion of a content model for a complex type to contain more than 5,000 nodes.")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expected SAXParseException, not " + e.getLocalizedMessage()); + } + } + + @Test + public void testMaxOccurs() throws Exception + { + doTestMaxOccurs(ParserType.SAX); + doTestMaxOccurs(ParserType.DOM); + } + + void doTestMaxOccurs(ParserType type) throws Exception + { + // Notes. + // + // 1. The maxOccurs property is tested only when the secure processing feature is turned on. + // 2. The value set in the SecurityManager overrides the system property. + // 3. Any value <= 0 is treated as Integer.MAX_VALUE. + // 4. The test sets the system property or the SecurityManager value only when the value is >= 0. + // I.e., it is not set for -1. + +// secure processing feature +// | system property limit +// | | factory property limit +// | | | security manager limit +// | | | | expected limit + doTestMaxOccursFails(type, E.TRUE, 3456, 4567, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, 3456, 4567, 0); + doTestMaxOccursFails(type, E.TRUE, 3456, 4567, -1, "4,567"); + doTestMaxOccursFails(type, E.TRUE, 3456, 0, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, 3456, 0, 0); + doTestMaxOccursPasses(type, E.TRUE, 3456, 0, -1); + doTestMaxOccursFails(type, E.TRUE, 3456, -1, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, 3456, -1, 0); + doTestMaxOccursFails(type, E.TRUE, 3456, -1, -1, "3,456"); + + doTestMaxOccursFails(type, E.TRUE, 0, 4567, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, 0, 4567, 0); + doTestMaxOccursFails(type, E.TRUE, 0, 4567, -1, "4,567"); + doTestMaxOccursFails(type, E.TRUE, 0, 0, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, 0, 0, 0); + doTestMaxOccursPasses(type, E.TRUE, 0, 0, -1); + doTestMaxOccursFails(type, E.TRUE, 0, -1, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, 0, -1, 0); + doTestMaxOccursPasses(type, E.TRUE, 0, -1, -1); + + doTestMaxOccursFails(type, E.TRUE, -1, 4567, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, -1, 4567, 0); + doTestMaxOccursFails(type, E.TRUE, -1, 4567, -1, "4,567"); + doTestMaxOccursFails(type, E.TRUE, -1, 0, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, -1, 0, 0); + doTestMaxOccursPasses(type, E.TRUE, -1, 0, -1); + doTestMaxOccursFails(type, E.TRUE, -1, -1, 5678, "5,678"); + doTestMaxOccursPasses(type, E.TRUE, -1, -1, 0); + doTestMaxOccursFails(type, E.TRUE, -1, -1, -1, "5,000"); // default is 5000 + + doTestMaxOccursPasses(type, E.FALSE, 3456, 4567, 5678); + doTestMaxOccursPasses(type, E.FALSE, 3456, 4567, 0); + doTestMaxOccursPasses(type, E.FALSE, 3456, 4567, -1); + doTestMaxOccursPasses(type, E.FALSE, 3456, 0, 5678); + doTestMaxOccursPasses(type, E.FALSE, 3456, 0, 0); + doTestMaxOccursPasses(type, E.FALSE, 3456, 0, -1); + doTestMaxOccursPasses(type, E.FALSE, 3456, -1, 5678); + doTestMaxOccursPasses(type, E.FALSE, 3456, -1, 0); + doTestMaxOccursPasses(type, E.FALSE, 3456, -1, -1); + + doTestMaxOccursPasses(type, E.FALSE, 0, 4567, 5678); + doTestMaxOccursPasses(type, E.FALSE, 0, 4567, 0); + doTestMaxOccursPasses(type, E.FALSE, 0, 4567, -1); + doTestMaxOccursPasses(type, E.FALSE, 0, 0, 5678); + doTestMaxOccursPasses(type, E.FALSE, 0, 0, 0); + doTestMaxOccursPasses(type, E.FALSE, 0, 0, -1); + doTestMaxOccursPasses(type, E.FALSE, 0, -1, 5678); + doTestMaxOccursPasses(type, E.FALSE, 0, -1, 0); + doTestMaxOccursPasses(type, E.FALSE, 0, -1, -1); + + doTestMaxOccursPasses(type, E.FALSE, -1, 4567, 5678); + doTestMaxOccursPasses(type, E.FALSE, -1, 4567, 0); + doTestMaxOccursPasses(type, E.FALSE, -1, 4567, -1); + doTestMaxOccursPasses(type, E.FALSE, -1, 0, 5678); + doTestMaxOccursPasses(type, E.FALSE, -1, 0, 0); + doTestMaxOccursPasses(type, E.FALSE, -1, 0, -1); + doTestMaxOccursPasses(type, E.FALSE, -1, -1, 5678); + doTestMaxOccursPasses(type, E.FALSE, -1, -1, 0); + doTestMaxOccursPasses(type, E.FALSE, -1, -1, -1); + + doTestMaxOccursFails(type, E.DEFAULT, 3456, 4567, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, 3456, 4567, 0); + doTestMaxOccursFails(type, E.DEFAULT, 3456, 4567, -1, "4,567"); + doTestMaxOccursFails(type, E.DEFAULT, 3456, 0, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, 3456, 0, 0); + doTestMaxOccursPasses(type, E.DEFAULT, 3456, 0, -1); + doTestMaxOccursFails(type, E.DEFAULT, 3456, -1, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, 3456, -1, 0); + doTestMaxOccursFails(type, E.DEFAULT, 3456, -1, -1, "3,456"); + + doTestMaxOccursFails(type, E.DEFAULT, 0, 4567, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, 0, 4567, 0); + doTestMaxOccursFails(type, E.DEFAULT, 0, 4567, -1, "4,567"); + doTestMaxOccursFails(type, E.DEFAULT, 0, 0, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, 0, 0, 0); + doTestMaxOccursPasses(type, E.DEFAULT, 0, 0, -1); + doTestMaxOccursFails(type, E.DEFAULT, 0, -1, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, 0, -1, 0); + doTestMaxOccursPasses(type, E.DEFAULT, 0, -1, -1); + + doTestMaxOccursFails(type, E.DEFAULT, -1, 4567, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, -1, 4567, 0); + doTestMaxOccursFails(type, E.DEFAULT, -1, 4567, -1, "4,567"); + doTestMaxOccursFails(type, E.DEFAULT, -1, 0, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, -1, 0, 0); + doTestMaxOccursPasses(type, E.DEFAULT, -1, 0, -1); + doTestMaxOccursFails(type, E.DEFAULT, -1, -1, 5678, "5,678"); + doTestMaxOccursPasses(type, E.DEFAULT, -1, -1, 0); + doTestMaxOccursFails(type, E.DEFAULT, -1, -1, -1, "5,000"); // default is 5000 + } + + void doTestMaxOccursPasses(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + doTestMaxOccursParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestMaxOccursFails(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit, String expected) throws Exception + { + try + { + doTestMaxOccursParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + fail("Expecting exception"); + } + catch (SAXParseException e) + { + debug(e); + Assert.assertTrue(e.getLocalizedMessage().contains("Current configuration of the parser doesn't allow the expansion of a content model for a complex type to contain more than " + expected + " nodes.")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + } + + void doTestMaxOccursParse(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + System.setProperty(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME, "true"); + System.setProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY_NAME, "all"); + if (systemLimit >= 0) + { + System.setProperty(MAX_OCCUR_LIMIT_PROPERTY_NAME, Integer.toString(systemLimit)); + } + ParserFactory factory = ParserFactory.newInstance(type); + factory.setValidating(true); // maxOccur is checked by validating parser + factory.setNamespaceAware(true); + factory.setProperty(JAXPConstants.JAXP_SCHEMA_LANGUAGE, XMLConstants.W3C_XML_SCHEMA_NS_URI); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + factory.setFeature(NAMESPACES, true); + Parser parser = factory.newParser(); + if (factoryLimit >= 0) + { + parser.setProperty(MAX_OCCUR_LIMIT, factoryLimit); + } + if (securityLimit >= 0) + { + SecurityManager sm = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (sm != null) + { + sm.setMaxOccurNodeLimit(securityLimit); + } + } + TestErrorHandler errorHandler = new TestErrorHandler(); + parser.setErrorHandler(errorHandler); + ByteArrayInputStream baos = new ByteArrayInputStream(getMaxOccursDoc().getBytes(Charset.forName("UTF-8"))); + parser.parse(baos); + } + finally + { + if (systemLimit >= 0) + { + System.setProperty(MAX_OCCUR_LIMIT_PROPERTY_NAME, ""); + } + } + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // Load external DTD feature, Access external DTD property: + // + // * jdk.xml.resolveExternalEntities + // * javax.xml.accessExternalDTD + // * http://apache.org/xml/features/nonvalidating/load-external-dtd + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testExternalDTD() throws Exception + { + doTestExternalDTD(ParserType.SAX); + doTestExternalDTD(ParserType.DOM); + } + + void doTestExternalDTD(ParserType type) throws Exception + { + // Notes. + // + // 1. There are several features and properties that determine if an external DTD will be loaded. + // + // a. SECURE_PROCESSING_FEATURE: When true, it imposes a number of property and feature restrictions. For example, + // by default it will set the LOAD_EXTERNAL_DTD feature to false. The default value of SECURE_PROCESSING_FEATURE + // is true. + // + // b. RESOLVE_EXTERNAL_ENTITIES_PROPERTY property: It is relevant only when SECURE_PROCESSING_FEATURE is true. + // When set to false, it will, among other things, set the LOAD_EXTERNAL_DTD feature to false. When the + // SECURE_PROCESSING_FEATURE feature is true and the RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME property is true, + // the LOAD_EXTERNAL_DTD feature defaults to true. The default value of RESOLVE_EXTERNAL_ENTITIES_PROPERTY + // is false. + // + // c. LOAD_EXTERNAL_DTD feature: when set to false, external DTDs will not be loaded. When SECURE_PROCESSING_FEATURE + // is true, the value of LOAD_EXTERNAL_DTD is determined as above. If SECURE_PROCESSING_FEATURE is false, + // LOAD_EXTERNAL_DTD defaults to true. + // + // d. VALIDATION: LOAD_EXTERNAL_DTD (http://apache.org/xml/features/nonvalidating/load-external-dtd) is relevant only when validation + // is turned off. When validation is turned on, external DTDs are loaded if permitted by the other features and properties. + // + // e. DISALLOW_DOCTYPE feature: When set to true, no DTDs, internal or external, are permitted. When SECURE_PROCESSING_FEATURE + // is true, it defaults to true. Otherwise, it defaults to false. + // + // f. ACCESS_EXTERNAL_DTD property: When configuration allows the loading of external DTDs, this property can be set to a comma + // separated list of protocols, e.g., "jar,file", by which DTDs may be loaded. + // + // i. If SECURE_PROCESSING_FEATURE is false, ACCESS_EXTERNAL_DTD defaults to "all", meaning all protocols may be used. + // ii. If SECURE_PROCESSING_FEATURE is true and RESOLVE_EXTERNAL_ENTITIES_PROPERTY is false (the default value), + // ACCESS_EXTERNAL_DTD defaults to "", meaning no protocols may be used. + // iii. If SECURE_PROCESSING_FEATURE is true and RESOLVE_EXTERNAL_ENTITIES_PROPERTY is true, ACCESS_EXTERNAL_DTD defaults to "all" + // + // As with many security related properties, ACCESS_EXTERNAL_DTD may, if SECURE_PROCESSING_FEATURE is true, + // be set in several ways: + // + // i. "javax.xml.accessExternalDTD" system property + // ii. "http://javax.xml.XMLConstants/property/accessExternalDTD" parser / parser factory property + // iii. SecurityManager.setAccessExternalDTD() + // + // 2. In this test, since we're testing external DTDs, DISALLOW_DOCTYPE is always set to false. + // + // 3. Depending on the combination of features and properties, one of two things can happen: + // + // a. If loading of external DTDs is permitted, the the general entity &foo; will be retrieved from an external DTD + // and doTestExternalDTDParse() will return the string "foo";. + // + // b. If loading of external DTDs is not permitted, parsing will succeed and doTestExternalDTDParse() will return "". + // + +////////////////////////////////////////// +// TRUE, TRUE, TRUE +// RESOLVE_EXTERNAL_ENTITIES_PROPERTY +// | SECURE_PROCESSING_FEATURE +// | | LOAD_EXTERNAL_DTD +// | | | system property value +// | | | | factory property limit +// | | | | | security manager limit +// | | | | | | expected limit + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, "", null, null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.TRUE, null, null, null, "foo"); +// +//////////////////////////////////////////// +// TRUE, TRUE, FALSE +// +// LOAD_EXTERNAL_DTD = false overrides + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, "", null, null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.FALSE, null, null, null, ifValidating()); +// +//////////////////////////////////////////// +// TRUE, TRUE, DEFAULT + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "all", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, "", null, null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "", "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, null, "", ""); + doTestExternalDTD(type, E.TRUE, E.TRUE, E.DEFAULT, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// TRUE, FALSE, TRUE +//// +//// SECURE_PROCESSING_FEATURE = false, so "javax.xml.accessExternalDTD" is ignored and +//// there is no SecurityManager. +// + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, "", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.TRUE, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// TRUE, FALSE, FALSE +//// +//// LOAD_EXTERNAL_DTD = false overrides. +// + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "all", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", "", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", null, "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "all", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", "", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", null, "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "all", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", "", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", null, "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, "", null, null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "all", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "", "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, "", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, null, "", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.FALSE, null, null, null, ifValidating()); +//// +////////////////////////////////////////////// +//// TRUE, FALSE, DEFAULT +//// +//// SECURE_PROCESSING_FEATURE = false, so only factory/parser property is examined. +//// LOAD_EXTERNAL_DTD defaults to true when SECURE_PROCESSING_FEATURE is false +// + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "all", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, "", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "all", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "jar,file", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "", "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, "", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, null, "", "foo"); + doTestExternalDTD(type, E.TRUE, E.FALSE, E.DEFAULT, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// TRUE, DEFAULT, TRUE +// + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, "", null, null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.TRUE, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// TRUE, DEFAULT, FALSE +//// +//// LOAD_EXTERNAL_DTD feature overrides ACCESS_EXTERNAL_DTD property. +// + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, "", null, null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.FALSE, null, null, null, ifValidating()); +//// +////////////////////////////////////////////// +//// TRUE, DEFAULT, DEFAULT +// + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "all", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, "", null, null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "all", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "all", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "all", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "jar,file", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "", "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "", "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, "", null, ""); + + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, null, "all", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, null, "", ""); + doTestExternalDTD(type, E.TRUE, E.DEFAULT, E.DEFAULT, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// FALSE, TRUE, TRUE +//// +//// SECURE_PROCESSING_FEATURE = true and "jdk.xml.resolveExternalEntities" = false, so +//// ACCESS_EXTERNAL_DTD defaults to "". +// + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, "", null, null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.TRUE, null, null, null, ""); +// +////////////////////////////////////////////// +//// FALSE, TRUE, FALSE +// + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, "", null, null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.FALSE, null, null, null, ""); +//// +////////////////////////////////////////////// +//// FALSE, TRUE, DEFAULT +//// +//// SECURE_PROCESSING_FEATURE = true and "jdk.xml.resolveExternalEntities" = false, so +//// ACCESS_EXTERNAL_DTD defaults to "" and LOAD_EXTERNAL_DTD defaults to false. +// + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, "", null, null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "", "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, null, "", ""); + doTestExternalDTD(type, E.FALSE, E.TRUE, E.DEFAULT, null, null, null, ""); +//// +////////////////////////////////////////////// +//// FALSE, FALSE, TRUE +//// +//// SECURE_PROCESSING_FEATURE is off, so the only property that is applied is the parser +//// factory / parser property. +// + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, "", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.TRUE, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// FALSE, FALSE, FALSE +//// +//// SECURE_PROCESSING_FEATURE is off, so the only property that is applied is the parser +//// factory / parser property. LOAD_EXTERNAL_DTD = false overrides unless validating is on. +// + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "all", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", "", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", null, "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "all", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", "", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", null, "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "all", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", "", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", null, "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, "", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "all", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "", "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, "", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, null, "", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.FALSE, null, null, null, ifValidating()); +//// +//////////////////////////////////////////////// +////// FALSE, FALSE, DEFAULT +//// +//// When SECURE_PROCESSING_FEATURE is false +//// * the default value of LOAD_EXTERNAL_DTD is true +//// * the only property that is applied is the parser / parser factory property +//// * the default value for the parser / parser factory is "all" +//// + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "all", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, "", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "all", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "jar,file", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "", "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, "", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, null, "", "foo"); + doTestExternalDTD(type, E.FALSE, E.FALSE, E.DEFAULT, null, null, null, "foo"); +// +////////////////////////////////////////////// +//// FALSE, DEFAULT, TRUE +//// +//// * RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE = false sets ACCESS_EXTERNAL_DTD factory property to "". +//// * Setting ACCESS_EXTERNAL_DTD factory property on the factory/parser overrides the default value of "" +//// * The SecurityManager property, if set, overrides all others. +//// + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, "", null, null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.TRUE, null, null, null, ""); +//// +////////////////////////////////////////////// +//// FALSE, DEFAULT, FALSE +//// +//// * LOAD_EXTERNAL_DTD = false overrides, unless validating is on. +//// + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, "", null, null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.FALSE, null, null, null, ""); +//// +////////////////////////////////////////////// +//// FALSE, DEFAULT, DEFAULT +//// +//// * RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE = false sets LOAD_EXTERNAL_DTD feature to false. +//// + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, "", null, null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "all", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "jar,file", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "", "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, "", null, ""); + + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, null, "", ""); + doTestExternalDTD(type, E.FALSE, E.DEFAULT, E.DEFAULT, null, null, null, ""); +//// +////////////////////////////////////////////// +//// DEFAULT, TRUE, TRUE +//// +//// * RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE defaults to false, which sets LOAD_EXTERNAL_DTD feature to false +//// * but LOAD_EXTERNAL_DTD = true set on parser / parser factory overrides. +// + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, "", null, null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.TRUE, null, null, null, ""); +//// +////////////////////////////////////////////// +//// DEFAULT, TRUE, FALSE +//// +//// LOAD_EXTERNAL_DTD = false overrides. +// + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, "", null, null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.FALSE, null, null, null, ""); +//// +////////////////////////////////////////////// +//// DEFAULT, TRUE, DEFAULT +//// +//// * RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE defaults to false, which sets LOAD_EXTERNAL_DTD feature to false. +// + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, "", null, null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.TRUE, E.DEFAULT, null, null, null, ""); +//// +////////////////////////////////////////////// +//// DEFAULT, FALSE, TRUE +//// +//// * With SECURE_PROCESSING_FEATURE false, ACCESS_EXTERNAL_DTD defaults to "all". +//// * "javax.xml.accessExternalDTD" is ignored and there is no SecurityManager. +//// * The only property applied is the parser / parser factory property. +// + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, "", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.TRUE, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// DEFAULT, FALSE, FALSE +//// +//// LOAD_EXTERNAL_DTD = false overrides, even though there is no SecurityManager. +// The only property applied is the parser / parser factory property. +// The default value of ACCESS_EXTERNAL_DTD is "all". +// + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "all", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", "", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", null, "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "all", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", "", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", null, "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "all", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", "", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", null, "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, "", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "all", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "jar,file", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "", "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, "", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, null, "", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.FALSE, null, null, null, ifValidating()); +//// +////////////////////////////////////////////// +//// DEFAULT, FALSE, DEFAULT +//// +//// * With SECURE_PROCESSING_FEATURE false, ACCESS_EXTERNAL_DTD defaults to "all" +//// and LOAD_EXTERNAL_DTD defaults to true. +//// * The only property applied is the parser / parser factory property/ +//// + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "all", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, "", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "all", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "jar,file", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "", "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, "", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, null, "", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.FALSE, E.DEFAULT, null, null, null, "foo"); +//// +////////////////////////////////////////////// +//// DEFAULT, DEFAULT, TRUE +//// +//// SECURE_PROCESSING_FEATURE defaults to true and RESOLVE_EXTERNAL_ENTITIES_SYSTEM_VALUE defaults to false, +//// which sets ACCESS_EXTERNAL_DTD factory/parser property to "". +//// + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "all", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "jar,file", null, null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, "", null, null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "all", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "all", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "all", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "jar,file", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "jar,file", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "jar,file", null, "foo"); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "", "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "", "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, null, "all", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, null, "jar,file", "foo"); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.TRUE, null, null, null, ""); +//// +////////////////////////////////////////////// +//// DEFAULT, DEFAULT, FALSE +//// + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, "", null, null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.FALSE, null, null, null, ""); +//// +////////////////////////////////////////////// +//// DEFAULT, DEFAULT, DEFAULT +//// +//// * Same as FALSE, TRUE, FALSE +// + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "all", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "jar,file", null, null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, "", null, null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "all", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "all", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "all", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "all", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "jar,file", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "jar,file", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "jar,file", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "jar,file", null, ifValidating()); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "", "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "", "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "", "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, "", null, ""); + + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, null, "all", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, null, "jar,file", ifValidating()); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, null, "", ""); + doTestExternalDTD(type, E.DEFAULT, E.DEFAULT, E.DEFAULT, null, null, null, ""); + } + + protected String ifValidating() + { + return validating() ? "foo" : ""; + } + + void doTestExternalDTD(ParserType type, E systemProperty, E secureProcessing, E loadExternalDTD, String systemProtocols, String factoryProtocols, String securityManagerProtocols, String expected) throws Exception + { + try + { + String text = doTestExternalDTDParse(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalDTDWithInternalDTDDoc()); + debug("text: " + text); + Assert.assertEquals(expected, text); + + text = doTestExternalDTDParse(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalDTDWithoutInternalDTDDoc()); + debug("text: " + text); + Assert.assertEquals(expected, text); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + String doTestExternalDTDParse(ParserType type, E systemProperty, E secureProcessing, E loadExternalDTD, String systemProtocols, String factoryProtocols, String securityManagerProtocols, String doc) throws Exception + { + try + { + if (!E.DEFAULT.equals(systemProperty)) + { + System.setProperty(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME, systemProperty.toString()); + } + if (systemProtocols != null) + { + System.setProperty(ACCESS_EXTERNAL_DTD_PROPERTY_NAME, systemProtocols); + } + ParserFactory factory = ParserFactory.newInstance(type); + factory.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, false); + factory.setFeature(NAMESPACES, namespaces()); + factory.setValidating(validating()); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + if (!E.DEFAULT.equals(loadExternalDTD)) + { + factory.setFeature(LOAD_EXTERNAL_DTD_FEATURE, loadExternalDTD.bool()); + } + if (factoryProtocols != null) + { + factory.setProperty(ACCESS_EXTERNAL_DTD_PROPERTY, factoryProtocols); + } + Parser parser = factory.newParser(); + if (securityManagerProtocols != null) + { + SecurityManager securityManager = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (securityManager != null) + { + securityManager.setAccessExternalDTD(securityManagerProtocols); + } + } + ByteArrayInputStream baos = new ByteArrayInputStream(doc.getBytes()); + parser.parse(baos); + return parser.getText(); + } + finally + { + if (!E.DEFAULT.equals(systemProperty)) + { + System.clearProperty(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME); + } + if (systemProtocols != null) + { + System.clearProperty(ACCESS_EXTERNAL_DTD_PROPERTY_NAME); + } + } + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // Load external schema feature: + // + // * jdk.xml.resolveExternalEntities" + // * javax.xml.accessExternalSchema + // * http://javax.xml.XMLConstants/property/accessExternalSchema + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + // Notes. + // + // 1. There are several features and properties that determine if an external schema will be loaded. + // + // a. SECURE_PROCESSING_FEATURE: When true, it imposes a number of property and feature restrictions. The default value + // of SECURE_PROCESSING_FEATURE is true. + // + // b. RESOLVE_EXTERNAL_ENTITIES_PROPERTY property: It is relevant only when SECURE_PROCESSING_FEATURE is true. + // When set to false, it will, among other things, set the ACCESS_EXTERNAL_SCHEMA property to "", and when + // RESOLVE_EXTERNAL_ENTITIES_PROPERTY is true, the ACCESS_EXTERNAL_SCHEMA property is set to "all". See item c for a + // discussion of ACCESS_EXTERNAL_SCHEMA. The default value of RESOLVE_EXTERNAL_ENTITIES_PROPERTY is false. + // + // c. ACCESS_EXTERNAL_SCHEMA property: This property can be set to a comma separated list of protocols, e.g., "jar,file", by + // which schemas may be loaded. If SECURE_PROCESSING_FEATURE is false, ACCESS_EXTERNAL_DTD defaults to "all", meaning all + // protocols may be used. Otherwise, if SECURE_PROCESSING_FEATURE is true and RESOLVE_EXTERNAL_ENTITIES_PROPERTY is false, + // ACCESS_EXTERNAL_DTD defaults to "", meaning no protocols may be used. + // + // As with many security related properties, ACCESS_EXTERNAL_SCHEMA may, if SECURE_PROCESSING_FEATURE is true, + // be set in several ways: + // + // i. "javax.xml.accessExternalSchema" system property + // ii. "http://javax.xml.XMLConstants/property/accessExternalSchema" parser / parser factory property + // iii. SecurityManager.setAccessExternalSchema() + // + + @Test + public void testExternalSchema() throws Exception + { + doTestExternalSchema(ParserType.SAX); + doTestExternalSchema(ParserType.DOM); + } + + void doTestExternalSchema(ParserType type) throws Exception + { +// +//////////////////////////////////////////// +// TRUE, TRUE +// +// jdk.xml.resolveExternalEntities +// | http://javax.xml.XMLConstants/feature/secure-processing +// | | system property +// | | | factory property +// | | | | security manager property + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "all", "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "all", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "all", null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "all", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "jar,file", "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "", "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, "", null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "", null, ""); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, "", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, null, "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, null, "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, null, "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.TRUE, null, null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.TRUE, null, null, null); +// +//////////////////////////////////////////// +// TRUE, FALSE +// +// SECURE_PROCESSING_FEATURE is off, so ACCESS_EXTERNAL_SCHEMA is set to "all". +// + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "all", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, "", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "", "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, null, "jar,file"); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.FALSE, null, null, null); +// +//////////////////////////////////////////// +// TRUE, FALSE +// +// Same as TRUE, TRUE +// + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "all", "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "all", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "all", null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "all", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "jar,file", "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "", "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "", "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "", "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, "", null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "", null, ""); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, "", null, null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "all", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, null, "all", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "all", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "", "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, "", "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, null, "", ""); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, null, "", null); + + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, null, "all"); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, null, "jar,file"); + doTestsExternalSchemaFails(type, E.TRUE, E.DEFAULT, null, null, ""); + doTestsExternalSchemaPasses(type, E.TRUE, E.DEFAULT, null, null, null); +// +//////////////////////////////////////////// +// FALSE, TRUE +// + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "all", "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "all", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "all", null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "all", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "jar,file", "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "", "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, "", null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "", null, ""); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, "", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, null, "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, null, "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, null, "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.TRUE, null, null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, null, null, ""); + doTestsExternalSchemaFails(type, E.FALSE, E.TRUE, null, null, null); +// +//////////////////////////////////////////// +// FALSE, FALSE +// +// SECURE_PROCESSING_FEATURE is off, so ACCESS_EXTERNAL_SCHEMA is set to "all". +// + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "all", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, "", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "", "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, "", null); + + // No SecurityManager, no SecureProcessingConfiguration to read value of + // system property "jdk.xml.resolveExternalEntities", + // "http://javax.xml.XMLConstants/property/accessExternalSchema" property + // is not set on parser/parser factory, and default value is "all". + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, null, "jar,file"); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.FALSE, null, null, null); +// +//////////////////////////////////////////// +// FALSE, DEFAULT +// +// Same as FALSE, TRUE +// + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "all", "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "all", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "all", null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "all", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "jar,file", "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "", "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "", "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "", "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, "", null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "", null, ""); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, "", null, null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "all", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, null, "all", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "all", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "", "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, "", "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, null, "", ""); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, null, "", null); + + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, null, "all"); + doTestsExternalSchemaPasses(type, E.FALSE, E.DEFAULT, null, null, "jar,file"); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, null, null, ""); + doTestsExternalSchemaFails(type, E.FALSE, E.DEFAULT, null, null, null); +// +//////////////////////////////////////////// +// FALSE, DEFAULT +// +// Same as TRUE, TRUE +// + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "all", "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "all", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "all", null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "all", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "jar,file", "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "", "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, "", null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "", null, ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, "", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, null, "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, null, "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, null, "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.TRUE, null, null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, null, null, ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.TRUE, null, null, null); +// +//////////////////////////////////////////// +// DEFAULT, FALSE +// +// SECURE_PROCESSING_FEATURE is off, so ACCESS_EXTERNAL_SCHEMA is set to "all". +// + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "all", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", null, "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, "", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "all", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "jar,file", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "", "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, null, "jar,file"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.FALSE, null, null, null); +// +//////////////////////////////////////////// +// DEFAULT, DEFAULT +// +// Same as TRUE, TRUE +// + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "all", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "all", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "all", "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "all", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "all", null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "all", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "jar,file", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "jar,file", "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "jar,file", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "jar,file", null, ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "jar,file", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "", "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "", "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "", "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "", "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, "", null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "", null, ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, "", null, null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "all", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "all", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, null, "all", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "all", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "jar,file", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "jar,file", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, null, "jar,file", ""); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "jar,file", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "", "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, "", "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, null, "", ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, null, "", null); + + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, null, "all"); + doTestsExternalSchemaPasses(type, E.DEFAULT, E.DEFAULT, null, null, "jar,file"); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, null, null, ""); + doTestsExternalSchemaFails(type, E.DEFAULT, E.DEFAULT, null, null, null); + } + + void doTestsExternalSchemaPasses(ParserType type, E systemProperty, E secureProcessing, String systemProtocols, String factoryProtocols, String securityManagerProtocols) throws Exception + { + try + { + doTestExternalSchemaParse(type, secureProcessing, systemProperty, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalSchemaDoc()); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestsExternalSchemaFails(ParserType type, E systemProperty, E secureProcessing, String systemProtocols, String factoryProtocols, String securityManagerProtocols) throws Exception + { + try + { + doTestExternalSchemaParse(type, secureProcessing, systemProperty, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalSchemaDoc()); + fail("Expecting exception"); + } + catch (SAXParseException e) + { + debug(e.getMessage()); + Assert.assertTrue(e.getMessage().contains("Failed to read schema document \"foo")); + Assert.assertTrue(e.getMessage().contains(".xsd\", because \"file\" access is not allowed due to restriction set by the accessExternalSchema property.")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + } + + void doTestExternalSchemaParse(ParserType type, E secureProcessing, E systemProperty, String systemProtocols, String factoryProtocols, String securityManagerProtocols, String file) throws Exception + { + try + { + if (!E.DEFAULT.equals(systemProperty)) + { + System.setProperty(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME, systemProperty.toString()); + } + if (systemProtocols != null) + { + System.setProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY_NAME, systemProtocols); + } + ParserFactory factory = ParserFactory.newInstance(type); + factory.setValidating(true); + factory.setNamespaceAware(true); + factory.setFeature(NAMESPACES, true); + factory.setProperty(JAXPConstants.JAXP_SCHEMA_LANGUAGE, XMLConstants.W3C_XML_SCHEMA_NS_URI); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + if (factoryProtocols != null) + { + factory.setProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY, factoryProtocols); + } + Parser parser = factory.newParser(); + if (securityManagerProtocols != null) + { + SecurityManager securityManager = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (securityManager != null) + { + securityManager.setAccessExternalSchema(securityManagerProtocols); + } + } + ByteArrayInputStream baos = new ByteArrayInputStream(file.getBytes()); + parser.parse(baos); + } + finally + { + if (!E.DEFAULT.equals(systemProperty)) + { + System.clearProperty(RESOLVE_EXTERNAL_ENTITIES_PROPERTY_NAME); + } + if (systemProtocols != null) + { + System.clearProperty(ACCESS_EXTERNAL_SCHEMA_PROPERTY_NAME); + } + } + } + + + //////////////////////////////////////////////////////////////////////////////////////////////////// + // + // total entity size limit: + // + // * jdk.xml.totalEntitySizeLimit + // * http://www.oracle.com/xml/jaxp/properties/totalEntitySizeLimi + // + //////////////////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testTotalEntitySizeLimit() throws Exception + { + doTestTotalEntitySizeLimit(ParserType.SAX); + doTestTotalEntitySizeLimit(ParserType.DOM); + } + + void doTestTotalEntitySizeLimit(ParserType type) throws Exception + { +// secure processing feature +// | system property limit +// | | factory property limit +// | | | security manager limit +// | | | | expected limit + doTestTotalEntitySizeLimitFails(type, E.TRUE, 3, 5, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 3, 5, 0); + doTestTotalEntitySizeLimitFails(type, E.TRUE, 3, 5, -1, "5"); + doTestTotalEntitySizeLimitFails(type, E.TRUE, 3, 0, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 3, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 3, 0, -1); + doTestTotalEntitySizeLimitFails(type, E.TRUE, 3, -1, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 3, -1, 0); + doTestTotalEntitySizeLimitFails(type, E.TRUE, 3, -1, -1, "3"); + + doTestTotalEntitySizeLimitFails(type, E.TRUE, 0, 5, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 0, 5, 0); + doTestTotalEntitySizeLimitFails(type, E.TRUE, 0, 5, -1, "5"); + doTestTotalEntitySizeLimitFails(type, E.TRUE, 0, 0, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 0, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 0, 0, -1); + doTestTotalEntitySizeLimitFails(type, E.TRUE, 0, -1, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 0, -1, 0); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, 0, -1, -1); + + doTestTotalEntitySizeLimitFails(type, E.TRUE, -1, 5, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, -1, 5, 0); + doTestTotalEntitySizeLimitFails(type, E.TRUE, -1, 5, -1, "5"); + doTestTotalEntitySizeLimitFails(type, E.TRUE, -1, 0, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, -1, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, -1, 0, -1); + doTestTotalEntitySizeLimitFails(type, E.TRUE, -1, -1, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, -1, -1, 0); + doTestTotalEntitySizeLimitPasses(type, E.TRUE, -1, -1, -1); + + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, 5, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, 5, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, 5, -1); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, 0, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, 0, -1); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, -1, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, -1, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 3, -1, -1); + + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, 5, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, 5, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, 5, -1); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, 0, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, 0, -1); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, -1, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, -1, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, 0, -1, -1); + + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, 5, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, 5, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, 5, -1); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, 0, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, 0, -1); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, -1, 7); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, -1, 0); + doTestTotalEntitySizeLimitPasses(type, E.FALSE, -1, -1, -1); + + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 3, 5, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 3, 5, 0); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 3, 5, -1, "5"); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 3, 0, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 3, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 3, 0, -1); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 3, -1, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 3, -1, 0); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 3, -1, -1, "3"); + + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 0, 5, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 0, 5, 0); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 0, 5, -1, "5"); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 0, 0, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 0, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 0, 0, -1); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, 0, -1, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 0, -1, 0); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, 0, -1, -1); + + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, -1, 5, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, -1, 5, 0); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, -1, 5, -1, "5"); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, -1, 0, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, -1, 0, 0); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, -1, 0, -1); + doTestTotalEntitySizeLimitFails(type, E.DEFAULT, -1, -1, 7, "7"); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, -1, -1, 0); + doTestTotalEntitySizeLimitPasses(type, E.DEFAULT, -1, -1, -1); + } + + void doTestTotalEntitySizeLimitPasses(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) + { + try + { + doTestTotalEntitySizeLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestTotalEntitySizeLimitFails(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit, String expected) + { + try + { + doTestTotalEntitySizeLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + fail("Expecting SAXParseException"); + } + catch (SAXParseException e) + { + debug(e); + Assert.assertTrue(e.getMessage().contains("The parser has encountered more than \"" + expected + "\" bytes or characters within entities declared and referenced by this document; this is the limit imposed by the application.")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException"); + } + } + + void doTestTotalEntitySizeLimitParse(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + if (systemLimit >= 0) + { + System.setProperty(TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME, Integer.toString(systemLimit)); + } + ParserFactory factory = ParserFactory.newInstance(type); + factory.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, false); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + factory.setFeature(NAMESPACES, namespaces()); + factory.setValidating(validating()); + Parser parser = factory.newParser(); + if (factoryLimit >= 0) + { + parser.setProperty(MAX_TOTAL_ENTITY_SIZE_LIMIT, factoryLimit); + } + if (securityLimit >= 0) + { + SecurityManager sm = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (sm != null) + { + sm.setTotalEntitySizeLimit(securityLimit); + } + } + TestErrorHandler errorHandler = new TestErrorHandler(); + parser.setErrorHandler(errorHandler); + ByteArrayInputStream baos = new ByteArrayInputStream(getTotalEntitySizeDoc().getBytes(Charset.forName("UTF-8"))); + parser.parse(baos); + } + finally + { + if (systemLimit >= 0) + { + System.setProperty(TOTAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME, ""); + } + } + } + + + ///////////////////////////////////////////////////////////////////////////////////////// + // + // general and parameter entity size limit + // + // * jdk.xml.maxGeneralEntitySizeLimit + // * jdk.xml.maxParameterEntitySizeLimit + // * http://java.sun.com/xml/jaxp/properties/maxGeneralEntitySizeLimit + // * http://www.oracle.com/xml/jaxp/properties/maxGeneralEntitySizeLimit + // * http://www.oracle.com/xml/jaxp/properties/maxParameterEntitySizeLimit + // + ///////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testEntitySizeLimit() throws Exception + { + doTestEntitySizeLimit(ParserType.SAX, EntityType.GENERAL); + doTestEntitySizeLimit(ParserType.DOM, EntityType.GENERAL); + doTestEntitySizeLimit(ParserType.SAX, EntityType.PARAMETER); + doTestEntitySizeLimit(ParserType.DOM, EntityType.PARAMETER); + } + + void doTestEntitySizeLimit(ParserType parserType, EntityType entityType) throws Exception + { +// secure processing feature +// | system property limit +// | | factory property limit +// | | | security manager limit +// | | | | expected limit + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 3, 5, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 3, 5, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 3, 5, -1, "5"); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 3, 0, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 3, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 3, 0, -1); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 3, -1, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 3, -1, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 3, -1, -1, "3"); + + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 0, 5, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 0, 5, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 0, 5, -1, "5"); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 0, 0, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 0, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 0, 0, -1); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, 0, -1, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 0, -1, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, 0, -1, -1); + + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, -1, 5, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, -1, 5, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, -1, 5, -1, "5"); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, -1, 0, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, -1, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, -1, 0, -1); + doTestEntitySizeLimitFails(parserType, entityType, E.TRUE, -1, -1, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, -1, -1, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.TRUE, -1, -1, -1); + + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, 5, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, 5, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, 5, -1); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, 0, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, 0, -1); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, -1, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, -1, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 3, -1, -1); + + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, 5, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, 5, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, 5, -1); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, 0, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, 0, -1); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, -1, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, -1, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, 0, -1, -1); + + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, 5, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, 5, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, 5, -1); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, 0, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, 0, -1); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, -1, 7); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, -1, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.FALSE, -1, -1, -1); + + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 3, 5, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 3, 5, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 3, 5, -1, "5"); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 3, 0, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 3, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 3, 0, -1); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 3, -1, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 3, -1, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 3, -1, -1, "3"); + + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 0, 5, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 0, 5, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 0, 5, -1, "5"); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 0, 0, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 0, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 0, 0, -1); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, 0, -1, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 0, -1, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, 0, -1, -1); + + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, -1, 5, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, -1, 5, 0); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, -1, 5, -1, "5"); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, -1, 0, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, -1, 0, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, -1, 0, -1); + doTestEntitySizeLimitFails(parserType, entityType, E.DEFAULT, -1, -1, 7, "7"); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, -1, -1, 0); + doTestEntitySizeLimitPasses(parserType, entityType, E.DEFAULT, -1, -1, -1); + } + + void doTestEntitySizeLimitPasses(ParserType type, EntityType entityType, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) + { + try + { + doTestEntitySizeLimitParse(type, entityType, secureProcessing, systemLimit, factoryLimit, securityLimit); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestEntitySizeLimitFails(ParserType type, EntityType entityType, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit, String expected) throws Exception + { + try + { + doTestEntitySizeLimitParse(type, entityType, secureProcessing, systemLimit, factoryLimit, securityLimit); + fail("Expecting SAXParseException"); + } + catch (SAXParseException e) + { + debug(e); + String s = String.format("The parser has encountered more than \"%1$s\" bytes or characters within a %2$s entity; this is the limit imposed by the application.", expected, entityType.toString()); + debug(s); + Assert.assertEquals(s, e.getMessage()); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException"); + } + } + + void doTestEntitySizeLimitParse(ParserType parserType, EntityType entityType, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + if (systemLimit >= 0) + { + switch (entityType) + { + case GENERAL: + System.setProperty(MAX_GENERAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME, Integer.toString(systemLimit)); + break; + + case PARAMETER: + System.setProperty(MAX_PARAMETER_ENTITY_SIZE_LIMIT_PROPERTY_NAME, Integer.toString(systemLimit)); + break; + + default: + throw new Exception("Unrecognized entity type: " + entityType.toString()); + } + } + ParserFactory factory = ParserFactory.newInstance(parserType); + factory.setFeature(NAMESPACES, namespaces()); + factory.setValidating(validating()); +// factory.setValidating(true); +// factory.setNamespaceAware(true); +// factory.setProperty("http://java.sun.com/xml/jaxp/properties/schemaLanguage", "http://www.w3.org/2001/XMLSchema"); + factory.setFeature(DISALLOW_DOCTYPE_DECL_FEATURE, false); + if (factoryLimit >= 0) + { + switch (entityType) + { + case GENERAL: + factory.setProperty(MAX_GENERAL_ENTITY_SIZE_LIMIT, factoryLimit); + break; + + case PARAMETER: + factory.setProperty(MAX_PARAMETER_ENTITY_SIZE_LIMIT, factoryLimit); + break; + + default: + throw new Exception("Unrecognized entity type: " + entityType.toString()); + } + } + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + Parser parser = factory.newParser(); + if (securityLimit >= 0) + { + SecurityManager sm = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (sm != null) + { + switch (entityType) + { + case GENERAL: + sm.setGeneralEntitySizeLimit(securityLimit); + break; + + case PARAMETER: + sm.setParameterEntitySizeLimit(securityLimit); + break; + + default: + throw new Exception("Unrecognized entity type: " + entityType.toString()); + } + } + } + TestErrorHandler errorHandler = new TestErrorHandler(); + parser.setErrorHandler(errorHandler); + + ByteArrayInputStream baos = null; + switch (entityType) + { + case GENERAL: + baos = new ByteArrayInputStream(getGeneralEntitySizeDoc().getBytes(Charset.forName("UTF-8"))); + break; + + case PARAMETER: + baos = new ByteArrayInputStream(getParameterEntitySizeDoc().getBytes(Charset.forName("UTF-8"))); + break; + + default: + throw new Exception("Unrecognized entity type: " + entityType.toString()); + } + + + parser.parse(baos); + } + finally + { + if (systemLimit >= 0) + { + switch (entityType) + { + case GENERAL: + System.setProperty(MAX_GENERAL_ENTITY_SIZE_LIMIT_PROPERTY_NAME, ""); + break; + + case PARAMETER: + System.setProperty(MAX_PARAMETER_ENTITY_SIZE_LIMIT_PROPERTY_NAME, ""); + break; + + default: + throw new Exception("Unrecognized entity type: " + entityType.toString()); + } + } + } + } + + + ///////////////////////////////////////////////////////////////////////////////////////// + // + // element depth limit + // + ///////////////////////////////////////////////////////////////////////////////////////// + + @Test + public void testElementDepthLimit() throws Exception + { + doTestElementDepthLimit(ParserType.SAX); + doTestElementDepthLimit(ParserType.DOM); + } + + void doTestElementDepthLimit(ParserType parserType) throws Exception + { + // Note. + + // 1. The depth counting in xerces is such that the first element is given a depth of 2. + // 2. The default value of maxElementDepth is Integer.MAX_VALUE, so the test will pass + // if neither element is set. + // 3. The system property is set only if E.TRUE is passed. There's no need to test E.DEFAULT. + +// secure processing feature +// | system property limit +// | | factory property limit +// | | | security manager limit +// | | | | expected limit + doTestElementDepthLimitFails(parserType, E.TRUE, 2, 3, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, 2, 3, 0); + doTestElementDepthLimitFails(parserType, E.TRUE, 2, 3, -1, 3); + doTestElementDepthLimitFails(parserType, E.TRUE, 2, 0, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, 2, 0, 0); + doTestElementDepthLimitPasses(parserType, E.TRUE, 2, 0, -1); + doTestElementDepthLimitFails(parserType, E.TRUE, 2, -1, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, 2, -1, 0); + doTestElementDepthLimitFails(parserType, E.TRUE, 2, -1, -1, 2); + + doTestElementDepthLimitFails(parserType, E.TRUE, 0, 3, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, 0, 3, 0); + doTestElementDepthLimitFails(parserType, E.TRUE, 0, 3, -1, 3); + doTestElementDepthLimitFails(parserType, E.TRUE, 0, 0, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, 0, 0, 0); + doTestElementDepthLimitPasses(parserType, E.TRUE, 0, 0, -1); + doTestElementDepthLimitFails(parserType, E.TRUE, 0, -1, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, 0, -1, 0); + doTestElementDepthLimitPasses(parserType, E.TRUE, 0, -1, -1); + + doTestElementDepthLimitFails(parserType, E.TRUE, -1, 3, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, -1, 3, 0); + doTestElementDepthLimitFails(parserType, E.TRUE, -1, 3, -1, 3); + doTestElementDepthLimitFails(parserType, E.TRUE, -1, 0, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, -1, 0, 0); + doTestElementDepthLimitPasses(parserType, E.TRUE, -1, 0, -1); + doTestElementDepthLimitFails(parserType, E.TRUE, -1, -1, 5, 5); + doTestElementDepthLimitPasses(parserType, E.TRUE, -1, -1, 0); + doTestElementDepthLimitPasses(parserType, E.TRUE, -1, -1, -1); + + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, 3, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, 3, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, 3, -1); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, 0, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, 0, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, 0, -1); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, -1, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, -1, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, 2, -1, -1); + + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, 3, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, 3, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, 3, -1); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, 0, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, 0, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, 0, -1); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, -1, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, -1, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, 0, -1, -1); + + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, 3, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, 3, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, 3, -1); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, 0, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, 0, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, 0, -1); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, -1, 5); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, -1, 0); + doTestElementDepthLimitPasses(parserType, E.FALSE, -1, -1, -1); + + doTestElementDepthLimitFails(parserType, E.DEFAULT, 2, 3, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 2, 3, 0); + doTestElementDepthLimitFails(parserType, E.DEFAULT, 2, 3, -1, 3); + doTestElementDepthLimitFails(parserType, E.DEFAULT, 2, 0, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 2, 0, 0); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 2, 0, -1); + doTestElementDepthLimitFails(parserType, E.DEFAULT, 2, -1, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 2, -1, 0); + doTestElementDepthLimitFails(parserType, E.DEFAULT, 2, -1, -1, 2); + + doTestElementDepthLimitFails(parserType, E.DEFAULT, 0, 3, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 0, 3, 0); + doTestElementDepthLimitFails(parserType, E.DEFAULT, 0, 3, -1, 3); + doTestElementDepthLimitFails(parserType, E.DEFAULT, 0, 0, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 0, 0, 0); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 0, 0, -1); + doTestElementDepthLimitFails(parserType, E.DEFAULT, 0, -1, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 0, -1, 0); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, 0, -1, -1); + + doTestElementDepthLimitFails(parserType, E.DEFAULT, -1, 3, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, -1, 3, 0); + doTestElementDepthLimitFails(parserType, E.DEFAULT, -1, 3, -1, 3); + doTestElementDepthLimitFails(parserType, E.DEFAULT, -1, 0, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, -1, 0, 0); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, -1, 0, -1); + doTestElementDepthLimitFails(parserType, E.DEFAULT, -1, -1, 5, 5); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, -1, -1, 0); + doTestElementDepthLimitPasses(parserType, E.DEFAULT, -1, -1, -1); + } + + void doTestElementDepthLimitPasses(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) + { + try + { + doTestElementDepthLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Wasn't expecting exception: " + e); + } + } + + void doTestElementDepthLimitFails(ParserType type, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit, int expected) throws Exception + { + try + { + doTestElementDepthLimitParse(type, secureProcessing, systemLimit, factoryLimit, securityLimit); + fail("Expecting SAXParseException"); + } + catch (SAXParseException e) + { + debug(e); +// e.printStackTrace(); + String s = String.format("The element \"ent%1$s\" has a depth of \"%2$s\" that exceeds the limit \"%3$s\" set by \"maxElementDepth\".", expected - 1, expected + 1, expected); + debug("s: " + s); + Assert.assertEquals(s, e.getMessage()); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException"); + } + } + + void doTestElementDepthLimitParse(ParserType parserType, E secureProcessing, int systemLimit, int factoryLimit, int securityLimit) throws Exception + { + try + { + if (systemLimit >= 0) + { + System.setProperty(MAX_ELEMENT_DEPTH_PROPERTY_NAME, Integer.toString(systemLimit)); + } + ParserFactory factory = ParserFactory.newInstance(parserType); + if (!E.DEFAULT.equals(secureProcessing)) + { + factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, secureProcessing.bool()); + } + if (factoryLimit >=0) + { + factory.setProperty(getMaxElementDepthProperty(), factoryLimit); + } + Parser parser = factory.newParser(); + factory.setFeature(NAMESPACES, namespaces()); + factory.setValidating(validating()); + if (securityLimit >= 0) + { + SecurityManager sm = (SecurityManager) parser.getProperty(SECURITY_MANAGER_PROPERTY); + if (sm != null) + { + sm.setMaxElementDepth(securityLimit); + } + } + TestErrorHandler errorHandler = new TestErrorHandler(); + parser.setErrorHandler(errorHandler); + ByteArrayInputStream baos = new ByteArrayInputStream(getMaxElementDepthDoc().getBytes(Charset.forName("UTF-8"))); + parser.parse(baos); + } + finally + { + if (systemLimit >= 0) + { + System.setProperty(MAX_ELEMENT_DEPTH_PROPERTY_NAME, ""); + } + } + } + + + ///////////////////////////////////////////////////////////////////////////////// + // + // Classes + // + ///////////////////////////////////////////////////////////////////////////////// + static class TestHandler extends DefaultHandler + { + public int count; + public StringBuffer sb = new StringBuffer(); + + public void startElement (String uri, String localName, String qName, Attributes attributes) throws SAXException + { + count++; + super.startElement(uri, localName, qName, attributes); + } + public void characters (char ch[], int start, int length) throws SAXException + { + sb.append(ch, start, length); + } + public String getText() + { + return sb.toString(); + } + + public void error (SAXParseException e) throws SAXException + { + throw e; + } + } + + static class TestErrorHandler implements ErrorHandler + { + public Exception e; + + public void warning(SAXParseException paramSAXParseException) throws SAXException + { +// paramSAXParseException.printStackTrace(); + e = paramSAXParseException; + } + + public void error(SAXParseException paramSAXParseException) throws SAXException + { +// paramSAXParseException.printStackTrace(); + e = paramSAXParseException; + throw paramSAXParseException; + } + + public void fatalError(SAXParseException paramSAXParseException) throws SAXException + { +// paramSAXParseException.printStackTrace(); + e = paramSAXParseException; + throw paramSAXParseException; + } + } + + static abstract class ParserFactory + { + static ParserFactory newInstance(ParserType type) throws Exception + { + switch (type) + { + case DOM: + return new TestDOMParserFactory(); + + case SAX: + return new TestSAXParserFactory(); + + default: + throw new Exception("Unrecognized parser type: " + type.toString()); + } + } + + abstract public Parser newParser() throws Exception; + abstract public void setFeatures(Map features) throws Exception; + abstract public void setFeature(String name, boolean value) throws Exception; + abstract public void setProperty(String name, Object value) throws Exception; + abstract public void setValidating(boolean b) throws Exception; + abstract public void setNamespaceAware(boolean b) throws Exception; + } + + static class TestSAXParserFactory extends ParserFactory + { + private SAXParserFactory spf = SAXParserFactory.newInstance(); + private HashMap properties = new HashMap(); + + @Override + public Parser newParser() throws Exception + { + SAXParserImpl parser = new SAXParserImpl(spf.newSAXParser()); + for (Iterator it = properties.keySet().iterator(); it.hasNext(); ) + { + String key = it.next(); + parser.setProperty(key, properties.get(key)); + } + return parser; + } + + @Override + public void setFeatures(Map features) throws Exception + { + for (Iterator it = features.keySet().iterator(); it.hasNext(); ) + { + String key = it.next(); + spf.setFeature(key, features.get(key)); + } + } + + @Override + public void setFeature(String name, boolean value) throws Exception + { + spf.setFeature(name, value); + } + + @Override + public void setProperty(String name, Object value) throws Exception + { + properties.put(name, value); + } + + @Override + public void setValidating(boolean b) throws Exception + { + spf.setValidating(b); + } + + @Override + public void setNamespaceAware(boolean b) throws Exception + { + spf.setNamespaceAware(b); + } + } + + static class TestDOMParserFactory extends ParserFactory + { + private DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + + @Override + public Parser newParser() throws Exception + { + DocumentBuilderImpl db = (DocumentBuilderImpl) dbf.newDocumentBuilder(); + return new DOMParserImpl(db); + } + + @Override + public void setFeatures(Map features) throws Exception + { + for (Iterator it = features.keySet().iterator(); it.hasNext(); ) + { + String key = it.next(); + dbf.setFeature(key, features.get(key)); + } + } + + @Override + public void setFeature(String name, boolean value) throws Exception + { + dbf.setFeature(name, value); + } + + @Override + public void setProperty(String name, Object value) throws Exception + { + dbf.setAttribute(name, value); + } + + @Override + public void setValidating(boolean b) throws Exception + { + dbf.setValidating(b); + } + + @Override + public void setNamespaceAware(boolean b) throws Exception + { + dbf.setNamespaceAware(b); + } + } + + interface Parser + { + void parse(InputStream is) throws Exception; + void parse(InputSource is) throws Exception; + void setProperty(String name, Object value) throws Exception; + Object getProperty(String name) throws Exception; + void setErrorHandler(ErrorHandler errorHandler) throws Exception; + String getText() throws Exception; + } + + static class SAXParserImpl implements Parser + { + private SAXParser parser; + private TestHandler handler = new TestHandler(); + private TestErrorHandler errorHandler = new TestErrorHandler(); + + public SAXParserImpl(SAXParser parser) throws Exception + { + this.parser = parser; + this.parser.getXMLReader().setErrorHandler(errorHandler); + } + + public void parse(InputStream is) throws Exception + { + parser.parse(is, handler); + } + + public void parse(InputSource is) throws Exception + { + parser.parse(is, handler); + } + + public void setProperty(String name, Object value) throws Exception + { + parser.getXMLReader().setProperty(name, value); + } + + public Object getProperty(String name) throws Exception + { + return parser.getProperty(name); + } + + public void setErrorHandler(ErrorHandler errorHandler) throws Exception + { + parser.getXMLReader().setErrorHandler(errorHandler); + } + + public String getText() throws Exception + { + return handler.getText(); + } + } + + static class DOMParserImpl implements Parser + { + private DocumentBuilderImpl builder; + private TestErrorHandler errorHandler = new TestErrorHandler(); + private Document document; + + public DOMParserImpl(DocumentBuilderImpl builder) + { + this.builder = builder; + this.builder.setErrorHandler(errorHandler); + } + + public void parse(InputStream is) throws Exception + { + document = builder.parse(new InputSource(is)); + } + + public void parse(InputSource is) throws Exception + { + document = builder.parse(is); + } + + public void setProperty(String name, Object value) throws Exception + { + builder.getDOMParser().setProperty(name, value); + } + + public Object getProperty(String name) throws Exception + { + return builder.getDOMParser().getProperty(name); + } + + public void setErrorHandler(ErrorHandler errorHandler) throws Exception + { + builder.setErrorHandler(errorHandler); + } + + public String getText() throws Exception + { + StringBuffer sb = new StringBuffer(); + doGetText(sb, document.getChildNodes()); + return sb.toString(); + } + + void doGetText(StringBuffer sb, NodeList list) + { + for (int i = 0; i < list.getLength(); i++) + { + if (Node.TEXT_NODE == list.item(i).getNodeType()) + { + sb.append(list.item(i).getNodeValue()); + return; + } + doGetText(sb, list.item(i).getChildNodes()); + } + } + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessing11.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessing11.java new file mode 100644 index 000000000..e8e6ba945 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessing11.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +/** + * + * namespaces: false + * validating: false + * xml version: 1.1 + * + * @author Ron Sigal + * @date October 30, 2015 + * + */ +public class TestSecureProcessing11 extends TestSecureProcessing +{ + protected String XMLVersion() + { + return "\r"; + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingAlternateProperties.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingAlternateProperties.java new file mode 100644 index 000000000..30f52c00c --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingAlternateProperties.java @@ -0,0 +1,46 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +import org.apache.xerces.impl.Constants; + +/** + * + * @author Ron Sigal + * @date December 25, 2015 + */ +public class TestSecureProcessingAlternateProperties extends TestSecureProcessing +{ + @Override + protected String getElementAttributeLimitProperty() + { + return Constants.XERCES_PROPERTY_PREFIX + Constants.ELEMENT_ATTRIBUTE_LIMIT_PROPERTY; + } + + @Override + protected String getEntityExpansionLimitProperty() + { + return Constants.XERCES_PROPERTY_PREFIX + Constants.ENTITY_EXPANSION_LIMIT_PROPERTY; + } + + @Override + protected String getMaxElementDepthProperty() + { + return Constants.JAXP_PROPERTY_PREFIX + Constants.MAX_ELEMENT_DEPTH; + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNS.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNS.java new file mode 100644 index 000000000..0edfffd9f --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNS.java @@ -0,0 +1,299 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +import static org.junit.Assert.fail; +import junit.framework.Assert; + +import org.xml.sax.SAXParseException; + +/** + * + * namespaces: true + * validating: false + * xml version: 1.0 + * + * @author Ron Sigal + * @date October 30, 2015 + * + */ +public class TestSecureProcessingNS extends TestSecureProcessing +{ + protected boolean namespaces() + { + return true; + } + + protected String getExternalGeneralEntityDoc() + { + String externalGeneralEntityDoc = + "" + + " " + + " " + + "]>" + + "&externalGeneralEntity;"; + return externalGeneralEntityDoc; + } + + protected String getExternalParameterEntityDoc() + { + String externalParameterEntityDoc = + "" + + " %externalParameterEntity;" + + "]>" + + "&foo;"; + return externalParameterEntityDoc; + } + + protected String getInternalDTDDoc() + { + String internalDTDDoc = + XMLVersion() + + "" + + " " + + " " + + "]>" + + "&foo;"; + return internalDTDDoc; + } + + protected String getBigElementDoctype() + { + String bigElementDoctype = + XMLVersion() + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "" + + "]>"; + String body = "&foo5;"; + String bigXmlRootElement = bigElementDoctype + body; + return bigXmlRootElement; + } + + @Override + protected String getBigAttributeDoc() + { + if (bigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(""); + bigAttributeDoc = sb.toString(); + } + return bigAttributeDoc; + } + + @Override + protected String getReallyBigAttributeDoc() + { + if (reallyBigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(""); + reallyBigAttributeDoc = sb.toString(); + } + return reallyBigAttributeDoc; + } + + protected String getMaxOccursDoc() + { + String file = System.getProperty("user.dir") + "/src/test/java/org/apache/xerces/test/secureprocessing/test_ns.xsd"; + StringBuffer sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + for (int i = 0; i < 9999; i++) + { + sb.append("x"); + } + sb.append(""); + String maxOccursDoc = sb.toString(); + return maxOccursDoc; + } + + protected String getExternalDTDWithInternalDTDDoc() + { + String externalDTDWithInternalDTDDoc = + XMLVersion() + + "" + + "&foo;"; + return externalDTDWithInternalDTDDoc; + } + + protected String getExternalDTDWithoutInternalDTDDoc() + { + String externalDTDWithoutInternalDTDDoc = + XMLVersion() + + "" + + "&foo;"; + return externalDTDWithoutInternalDTDDoc; + } + + protected String getExternalSchemaDoc() + { + String file = System.getProperty("user.dir") + "/src/test/java/org/apache/xerces/test/secureprocessing/foo_ns.xsd"; + StringBuffer sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + sb.append("x"); + sb.append(""); + String externalSchemaDoc = sb.toString(); + debug(externalSchemaDoc); + return externalSchemaDoc; + } + + protected String getTotalEntitySizeDoc() + { + String file = System.getProperty("user.dir") + "/tests/secure/sax/test_ns.xsd"; + String totalEntitySizeDoc = + XMLVersion() + + "" + + "" + + "" + + "" + + "" + + "" + + "]>" + + ""; + return totalEntitySizeDoc; + } + + protected String getGeneralEntitySizeDoc() + { + String file = System.getProperty("user.dir") + "/src/test/java/org/apache/xerces/test/secureprocessing/test_ns.xsd"; + String generalEntitySizeDoc = + XMLVersion() + + "" + + "" + + "" + + "]>" + + ""; + return generalEntitySizeDoc; + } + + protected String getParameterEntitySizeDoc() + { + String file = System.getProperty("user.dir") + "/src/test/java/org/apache/xerces/test/secureprocessing/test_ns.xsd"; + String parameterEntitySizeDoc = + XMLVersion() + + "" + + "" + + "" + + "]>" + + ""; + return parameterEntitySizeDoc; + } + + protected String getMaxElementDepthDoc() + { + String file = System.getProperty("user.dir") + "/src/test/java/org/apache/xerces/test/secureprocessing/ent_ns.xsd"; + String maxElementDepthDoc = + XMLVersion() + + "" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + "\r" + + ""; + return maxElementDepthDoc; + } + + + /** + * We override doTestsExternalSchemaFails() because of the behavior of org.apache.xerces.impl.xs.XMLSchemaValidator.storeLocations(). + * storeLocations() looks for the attributes schemaLocation and noNamespaceSchemaLocation to find the document's + * grammar, but it behaves differently according to whether or not the grammar has a namespace. + * + * 1. If the grammar has a namespace, storeLocations() looks at the value of the accessExternalSchema property. If + * the schema is accessed by a protocol which is ruled out by accessExternalSchema, then the address of the + * grammar is not stored. Consequently, an exception is thrown by org.apache.xerces.impl.xs.XMLSchemaValidator.handleStartElement() + * indicating that the grammar cannot be found. + * + * 2. If the grammar does not have a namespace, storeLocations() stores the address of the grammar, regardless of the + * value of accessExternalSchema. If the protocol is prohibited, an exception is thrown later by + * org.apache.xerces.impl.xs.XMLSchemaLoader.loadSchema() indicating that the problem is due to the value + * of the accessExternalSchema property. + */ + void doTestsExternalSchemaFails(ParserType type, E systemProperty, E secureProcessing, String systemProtocols, String factoryProtocols, String securityManagerProtocols) throws Exception + { + try + { + doTestExternalSchemaParse(type, secureProcessing, systemProperty, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalSchemaDoc()); + fail("Expecting exception"); + } + catch (SAXParseException e) + { + debug(e.getMessage()); + Assert.assertTrue(e.getMessage().contains("cvc-elt.1.a: Cannot find the declaration of element 'test:foo'.")); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNS11.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNS11.java new file mode 100644 index 000000000..a1c0c94c1 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNS11.java @@ -0,0 +1,36 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +/** + * + * namespaces: true + * validating: false + * xml version: 1.1 + * + * @author Ron Sigal + * @date October 30, 2015 + * + */ +public class TestSecureProcessingNS11 extends TestSecureProcessingNS +{ + protected String XMLVersion() + { + return "\r"; + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNSValidating.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNSValidating.java new file mode 100644 index 000000000..929952ff3 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNSValidating.java @@ -0,0 +1,166 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +import static org.junit.Assert.fail; +import junit.framework.Assert; + +import org.xml.sax.SAXParseException; + + +/** + * + * namespaces: true + * validating: true + * xml version: 1.0 + * + * @author Ron Sigal + * @date December 16, 2015 + * + */ +public class TestSecureProcessingNSValidating extends TestSecureProcessingNS +{ + @Override + protected boolean validating() + { + return true; + } + + @Override + protected String getBigAttributeDoc() + { + if (bigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + sb.append(" ]>"); + sb.append(""); + bigAttributeDoc = sb.toString(); + } + return bigAttributeDoc; + } + + @Override + protected String getReallyBigAttributeDoc() + { + if (reallyBigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + sb.append(" ]>"); + sb.append(""); + reallyBigAttributeDoc = sb.toString(); + } + return reallyBigAttributeDoc; + } + + @Override + void doTestExternalEntities(ParserType type, EntityType entityType, E systemProperty, E secureProcessing, E externalParameterEntities, String expected) throws Exception + { + if (entityType.equals(EntityType.GENERAL) || !"".equals(expected)) + { + super.doTestExternalEntities(type, entityType, systemProperty, secureProcessing, externalParameterEntities, expected); + return; + } + else + { + try + { + String result = doTestExternalEntitiesParse(type, entityType, systemProperty, secureProcessing, externalParameterEntities); + debug("doTestExternalParameterEntitiesPasses(): " + result); + Assert.fail("Expected SAXParseException"); + } + catch (SAXParseException e) + { + debug(e.getLocalizedMessage()); + Assert.assertTrue(e.getLocalizedMessage().indexOf("Element type \"test:externalParameterEntity\" must be declared.") > -1); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + } + return; + } + + @Override + void doTestExternalDTD(ParserType type, E systemProperty, E secureProcessing, E loadExternalDTD, String systemProtocols, String factoryProtocols, String securityManagerProtocols, String expected) throws Exception + { + if (!"".equals(expected)) + { + super.doTestExternalDTD(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, expected); + return; + } + + try + { + String text = doTestExternalDTDParse(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalDTDWithInternalDTDDoc()); + debug("text: " + text); + Assert.assertEquals(expected, text); + } + catch (SAXParseException e) + { + Assert.assertTrue(e.getLocalizedMessage().indexOf("Element type \"test:foo\" must be declared.") > -1); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + + try + { + String text = doTestExternalDTDParse(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalDTDWithoutInternalDTDDoc()); + debug("text: " + text); + Assert.assertEquals(expected, text); + } + catch (SAXParseException e) + { + Assert.assertTrue(e.getLocalizedMessage().indexOf("Element type \"test:foo\" must be declared.") > -1); + } + catch (Exception e) + { + fail("Expecting SAXParseException, not " + e); + } + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNSValidating11.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNSValidating11.java new file mode 100644 index 000000000..ad9311d88 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingNSValidating11.java @@ -0,0 +1,41 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +import static org.junit.Assert.fail; +import junit.framework.Assert; + +import org.xml.sax.SAXParseException; + + +/** + * + * namespaces: true + * validating: true + * xml version: 1.1 + * + * @author Ron Sigal + * @date December 16, 2015 + */ +public class TestSecureProcessingNSValidating11 extends TestSecureProcessingNSValidating +{ + protected String XMLVersion() + { + return "\r"; + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingValidating.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingValidating.java new file mode 100644 index 000000000..72b3d5a4a --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingValidating.java @@ -0,0 +1,168 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +import static org.junit.Assert.fail; +import junit.framework.Assert; + +import org.xml.sax.SAXParseException; + + +/** + * + * namespaces: false + * validating: true + * xml version: 1.0 + * + * @author Ron Sigal + * @date December 16, 2015 + * + */ +public class TestSecureProcessingValidating extends TestSecureProcessing +{ + @Override + protected boolean validating() + { + return true; + } + + @Override + protected String getBigAttributeDoc() + { + if (bigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + sb.append(" ]>"); + sb.append(""); + bigAttributeDoc = sb.toString(); + } + return bigAttributeDoc; + } + + @Override + protected String getReallyBigAttributeDoc() + { + if (reallyBigAttributeDoc == null) + { + StringBuffer sb = new StringBuffer(); + sb.append(XMLVersion()); + sb.append(""); + sb.append(" ]>"); + sb.append(""); + reallyBigAttributeDoc = sb.toString(); + } + return reallyBigAttributeDoc; + } + + @Override + void doTestExternalEntities(ParserType type, EntityType entityType, E systemProperty, E secureProcessing, E externalParameterEntities, String expected) throws Exception + { + if (entityType.equals(EntityType.GENERAL) || !"".equals(expected)) + { + super.doTestExternalEntities(type, entityType, systemProperty, secureProcessing, externalParameterEntities, expected); + return; + } + else + { + try + { + String result = doTestExternalEntitiesParse(type, entityType, systemProperty, secureProcessing, externalParameterEntities); + debug("doTestExternalParameterEntitiesPasses(): " + result); + Assert.fail("Expected SAXParseException"); + } + catch (SAXParseException e) + { + debug(e.getLocalizedMessage()); + Assert.assertTrue(e.getLocalizedMessage().indexOf("Element type \"externalParameterEntity\" must be declared.") > -1); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + } + return; + } + + @Override + void doTestExternalDTD(ParserType type, E systemProperty, E secureProcessing, E loadExternalDTD, String systemProtocols, String factoryProtocols, String securityManagerProtocols, String expected) throws Exception + { + if (!"".equals(expected)) + { + super.doTestExternalDTD(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, expected); + return; + } + + try + { + String text = doTestExternalDTDParse(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalDTDWithInternalDTDDoc()); + debug("text: " + text); + if (!expected.equals(text)) + new Exception("doTestExternalDTD").printStackTrace(); + Assert.assertEquals(expected, text); + } + catch (SAXParseException e) + { + Assert.assertTrue(e.getLocalizedMessage().indexOf("Element type \"foo\" must be declared.") > -1); + } + catch (Exception e) + { + e.printStackTrace(); + fail("Expecting SAXParseException, not " + e); + } + + try + { + String text = doTestExternalDTDParse(type, systemProperty, secureProcessing, loadExternalDTD, systemProtocols, factoryProtocols, securityManagerProtocols, getExternalDTDWithoutInternalDTDDoc()); + debug("text: " + text); + Assert.assertEquals(expected, text); + } + catch (SAXParseException e) + { + Assert.assertTrue(e.getLocalizedMessage().indexOf("Element type \"foo\" must be declared.") > -1); + } + catch (Exception e) + { + fail("Expecting SAXParseException, not " + e); + } + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingValidating11.java b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingValidating11.java new file mode 100644 index 000000000..db382b7a5 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/TestSecureProcessingValidating11.java @@ -0,0 +1,42 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.xerces.test.secureprocessing; + +import static org.junit.Assert.fail; +import junit.framework.Assert; + +import org.xml.sax.SAXParseException; + + +/** + * + * namespaces: false + * validating: true + * xml version: 1.0 + * + * @author Ron Sigal + * @date December 16, 2015 + * + */ +public class TestSecureProcessingValidating11 extends TestSecureProcessingValidating +{ + protected String XMLVersion() + { + return "\r"; + } +} diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/ent_ns.xsd b/src/test/java/org/apache/xerces/test/secureprocessing/ent_ns.xsd new file mode 100644 index 000000000..df40f5c06 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/ent_ns.xsd @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/external.dtd b/src/test/java/org/apache/xerces/test/secureprocessing/external.dtd new file mode 100644 index 000000000..ca680f0e7 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/external.dtd @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/external.text b/src/test/java/org/apache/xerces/test/secureprocessing/external.text new file mode 100644 index 000000000..0cf77c3ef --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/external.text @@ -0,0 +1 @@ +external general entity \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/externalParameterEntity.dtd b/src/test/java/org/apache/xerces/test/secureprocessing/externalParameterEntity.dtd new file mode 100644 index 000000000..c9f8fa10d --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/externalParameterEntity.dtd @@ -0,0 +1,2 @@ + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/externalParameterEntityNS.dtd b/src/test/java/org/apache/xerces/test/secureprocessing/externalParameterEntityNS.dtd new file mode 100644 index 000000000..bde634083 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/externalParameterEntityNS.dtd @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/external_ns.dtd b/src/test/java/org/apache/xerces/test/secureprocessing/external_ns.dtd new file mode 100644 index 000000000..d20413d35 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/external_ns.dtd @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/foo.xml b/src/test/java/org/apache/xerces/test/secureprocessing/foo.xml new file mode 100644 index 000000000..9c2448277 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/foo.xml @@ -0,0 +1,13 @@ + + + xx + xx + xx + xx + xx + xx + xx + xx + xx + xx + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/foo.xsd b/src/test/java/org/apache/xerces/test/secureprocessing/foo.xsd new file mode 100644 index 000000000..49a3a8b79 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/foo.xsd @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/foo_ns.xsd b/src/test/java/org/apache/xerces/test/secureprocessing/foo_ns.xsd new file mode 100644 index 000000000..bb24f4151 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/foo_ns.xsd @@ -0,0 +1,14 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/test.xsd b/src/test/java/org/apache/xerces/test/secureprocessing/test.xsd new file mode 100644 index 000000000..10597e39a --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/test.xsd @@ -0,0 +1,11 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/src/test/java/org/apache/xerces/test/secureprocessing/test_ns.xsd b/src/test/java/org/apache/xerces/test/secureprocessing/test_ns.xsd new file mode 100644 index 000000000..03b9a8af9 --- /dev/null +++ b/src/test/java/org/apache/xerces/test/secureprocessing/test_ns.xsd @@ -0,0 +1,14 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/tests/dom/traversal/AbstractTestCase.java b/tests/dom/traversal/AbstractTestCase.java index ebc8bc67a..0e0aaa566 100644 --- a/tests/dom/traversal/AbstractTestCase.java +++ b/tests/dom/traversal/AbstractTestCase.java @@ -20,6 +20,7 @@ import java.io.IOException; import java.io.StringReader; +import javax.xml.XMLConstants; import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -44,6 +45,7 @@ public abstract class AbstractTestCase extends TestCase { protected final void setUp() { try { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); + dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING,false); dbf.setNamespaceAware(true); dbf.setExpandEntityReferences(false); fDocumentBuilder = dbf.newDocumentBuilder(); diff --git a/tests/jaxp/JAXP12Tests.java b/tests/jaxp/JAXP12Tests.java index 761b799b1..82fff12e7 100644 --- a/tests/jaxp/JAXP12Tests.java +++ b/tests/jaxp/JAXP12Tests.java @@ -31,6 +31,9 @@ /** * Test JAXP 1.2 specific features + * + * Note. Now that the SecureProcessingFeature is turned on by default, it is + * turned off in these tests, even though it is not a JAXP 1.2 feature. -Ron Sigal * * @author Edwin Goei * @@ -91,6 +94,7 @@ public Object getStatus() { protected void setUp() throws Exception { dbf = DocumentBuilderFactory.newInstance(); + dbf.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", false); db = dbf.newDocumentBuilder(); // non-namespaceAware version dbf.setNamespaceAware(true); dbn = dbf.newDocumentBuilder(); // namespaceAware version @@ -100,6 +104,7 @@ protected void setUp() throws Exception { dbnv.setErrorHandler(new MyErrorHandler()); spf = SAXParserFactory.newInstance(); + spf.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", false); spf.setNamespaceAware(true); spn = spf.newSAXParser(); spf.setValidating(true); diff --git a/tests/jaxp/PropertyTest.java b/tests/jaxp/PropertyTest.java index 4e3e014cf..7fa5459bc 100644 --- a/tests/jaxp/PropertyTest.java +++ b/tests/jaxp/PropertyTest.java @@ -26,6 +26,9 @@ /** * This sample program tests JAXP 1.2 properties + * + * Note. Now that the SecureProcessingFeature is turned on by default, it is + * turned off in these tests, even though it is not a JAXP 1.2 feature. -Ron Sigal */ public class PropertyTest extends DefaultHandler{ @@ -35,6 +38,7 @@ public static void main(String[] argv) { SAXParserFactory spf = SAXParserFactory.newInstance(); spf.setValidating(true); spf.setNamespaceAware(true); + spf.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", false); SAXParser parser = spf.newSAXParser(); parser.setProperty( "http://java.sun.com/xml/jaxp/properties/schemaLanguage", diff --git a/tests/schema/config/BaseTest.java b/tests/schema/config/BaseTest.java index 84fea808e..452d5bd7d 100644 --- a/tests/schema/config/BaseTest.java +++ b/tests/schema/config/BaseTest.java @@ -73,6 +73,15 @@ public abstract class BaseTest extends TestCase { protected final static String DOCUMENT_CLASS_NAME = Constants.XERCES_PROPERTY_PREFIX + Constants.DOCUMENT_CLASS_NAME_PROPERTY; + protected static final String SECURE_PROCESSING_FEATURE = + "http://javax.xml.XMLConstants/feature/secure-processing"; + + protected static final String LOAD_EXTERNAL_DTD_FEATURE = + Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE; + + protected static final String DISALLOW_DOCTYPE_FEATURE = + "http://apache.org/xml/features/disallow-doctype-decl"; + protected Validator fValidator; protected SpecialCaseErrorHandler fErrorHandler; protected Document fDocument; @@ -97,6 +106,9 @@ protected void setUp() throws Exception { docFactory.setAttribute(DOCUMENT_CLASS_NAME, "org.apache.xerces.dom.PSVIDocumentImpl"); docFactory.setNamespaceAware(true); + docFactory.setFeature(SECURE_PROCESSING_FEATURE, false); + docFactory.setFeature(LOAD_EXTERNAL_DTD_FEATURE, true); + docFactory.setFeature(DISALLOW_DOCTYPE_FEATURE, false); DocumentBuilder builder = docFactory.newDocumentBuilder(); // build the location URL of the document String packageDir = this.getClass().getPackage().getName().replace('.', diff --git a/tools/junit-4.12.jar b/tools/junit-4.12.jar new file mode 100644 index 000000000..3a7fc266c Binary files /dev/null and b/tools/junit-4.12.jar differ