Examples with Unmarshaller javax.xml.bind.Unmarshaller used on opensource projects

Example 11 with Unmarshaller

use of javax.xml.bind.Unmarshaller in project OpenAttestation by OpenAttestation.

the class TrustAgentSecureClient method sendHostRequest.

/**
     * 
     * @return an object representing the RESPONSE from the Trust Agent
     * @throws UnknownHostException if the IP address of the host could not be determined from local hosts file or DNS
     * @throws IOException if there was an error connecting to the host, such as it is not reachable on the network or it dropped the connection
     * @throws JAXBException when the response from the host cannot be interpreted properly
     * @throws NoSuchAlgorithmException 
     * @throws KeyManagementException 
     */
public synchronized HostRequestType sendHostRequest() throws UnknownHostException, IOException, JAXBException, KeyManagementException, NoSuchAlgorithmException {
    try {
        byte[] buf = sendRequestWithSSLSocket();
        log.info("Unmarshalling to Jaxb object.");
        JAXBContext jc = JAXBContext.newInstance("com.intel.mountwilson.ta.host.data");
        log.debug("Created JAXBContext Instance {}", jc.toString());
        //assert jc != null; Expression always true
        Unmarshaller u = jc.createUnmarshaller();
        log.debug("Created Unmarshaller Instance {}", u.toString());
        //assert new String(buf) != null; //Expresion always return null.
        assert buf != null;
        log.debug("Unmarshalling");
        JAXBElement po = (JAXBElement) u.unmarshal(new StringReader(new String(buf).trim()));
        log.debug("Unmarshalled");
        assert po != null;
        HostRequestType response = (HostRequestType) po.getValue();
        assert response != null;
        checkHostError(response);
        log.info("Done reading/writing to/from socket, closing socket.");
        return response;
    } finally {
    }
}

Example 12 with Unmarshaller

use of javax.xml.bind.Unmarshaller in project OpenAttestation by OpenAttestation.

the class TrustAgentSecureClient method sendQuoteRequest.

/**
     * 
     * @return an object representing the RESPONSE from the Trust Agent
     * @throws UnknownHostException if the IP address of the host could not be determined from local hosts file or DNS
     * @throws IOException if there was an error connecting to the host, such as it is not reachable on the network or it dropped the connection
     * @throws JAXBException when the response from the host cannot be interpreted properly
     * @throws NoSuchAlgorithmException 
     * @throws KeyManagementException 
     */
public synchronized ClientRequestType sendQuoteRequest() throws UnknownHostException, IOException, JAXBException, KeyManagementException, NoSuchAlgorithmException {
    try {
        byte[] buf = sendRequestWithSSLSocket();
        log.info("Unmarshalling to Jaxb object.");
        JAXBContext jc = JAXBContext.newInstance("com.intel.mountwilson.ta.data");
        assert jc != null;
        Unmarshaller u = jc.createUnmarshaller();
        assert u != null;
        assert new String(buf) != null;
        JAXBElement po = (JAXBElement) u.unmarshal(new StringReader(new String(buf).trim()));
        assert po != null;
        ClientRequestType response = (ClientRequestType) po.getValue();
        assert response != null;
        checkQuoteError(response);
        log.info("Done reading/writing to/from socket, closing socket.");
        return response;
    } finally {
    }
}

Example 13 with Unmarshaller

use of javax.xml.bind.Unmarshaller in project OpenAttestation by OpenAttestation.

the class JAXB method convert.

public <T> T convert(Node fromDocument, Class<T> toValueType) throws JAXBException {
    JAXBContext jc = getContextForType(toValueType);
    Unmarshaller u = jc.createUnmarshaller();
    JAXBElement<T> element = u.unmarshal(fromDocument, toValueType);
    return element.getValue();
}

Example 14 with Unmarshaller

use of javax.xml.bind.Unmarshaller in project OpenAttestation by OpenAttestation.

the class JAXB method read.

/**
     * Does not allow XML External Entity (XXE) injection CWE-611
     * http://cwe.mitre.org/data/definitions/611.html
     *
     * @param <T>
     * @param document
     * @param valueType
     * @return
     * @throws IOException
     * @throws JAXBException
     */
public <T> T read(String document, Class<T> valueType) throws IOException, JAXBException, XMLStreamException {
    JAXBContext jc = getContextForType(valueType);
    // CWE-611 restrict XML external entity references
    XMLInputFactory xif = XMLInputFactory.newFactory();
    // if true allows sender to include external files via entity declaration in the DTD, which is a security vulnerability
    xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
    // if true allows sender to declare a DTD, and the DTD spec has security vulnerabilities so a reference implementation cannot be secure
    xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
    // if true allows sender to encode &gt; &lt; &quot; &amp; and &apos;  but not custom-defined entity references because we disable dtd support ; http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Predefined_entities_in_XML
    xif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
    XMLStreamReader xsr = xif.createXMLStreamReader(new StreamSource(new StringReader(document)));
    Unmarshaller u = jc.createUnmarshaller();
    JAXBElement<T> doc = u.unmarshal(xsr, valueType);
    return doc.getValue();
}

Example 15 with Unmarshaller

use of javax.xml.bind.Unmarshaller in project feign by OpenFeign.

the class JAXBDecoder method decode.

@Override
public Object decode(Response response, Type type) throws IOException {
    if (response.status() == 404)
        return Util.emptyValueOf(type);
    if (response.body() == null)
        return null;
    if (!(type instanceof Class)) {
        throw new UnsupportedOperationException("JAXB only supports decoding raw types. Found " + type);
    }
    try {
        SAXParserFactory saxParserFactory = SAXParserFactory.newInstance();
        /* Explicitly control sax configuration to prevent XXE attacks */
        saxParserFactory.setFeature("http://xml.org/sax/features/external-general-entities", false);
        saxParserFactory.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
        saxParserFactory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", false);
        saxParserFactory.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
        saxParserFactory.setNamespaceAware(namespaceAware);
        Source source = new SAXSource(saxParserFactory.newSAXParser().getXMLReader(), new InputSource(response.body().asInputStream()));
        Unmarshaller unmarshaller = jaxbContextFactory.createUnmarshaller((Class) type);
        return unmarshaller.unmarshal(source);
    } catch (JAXBException e) {
        throw new DecodeException(e.toString(), e);
    } catch (ParserConfigurationException e) {
        throw new DecodeException(e.toString(), e);
    } catch (SAXException e) {
        throw new DecodeException(e.toString(), e);
    } finally {
        if (response.body() != null) {
            response.body().close();
        }
    }
}