Search in sources :

Example 11 with JAXBContext

use of javax.xml.bind.JAXBContext in project malmo by Microsoft.

the class SchemaHelper method getJAXBContext.

/** Serialise the object to an XML string
     * @param obj the object to be serialised
     * @param objclass the class of the object to be serialised
     * @return an XML string representing the object, or null if the object couldn't be serialised
     * @throws JAXBException 
     */
private static JAXBContext getJAXBContext(Class<?> objclass) throws JAXBException {
    JAXBContext jaxbContext;
    if (jaxbContentCache.containsKey(objclass.getName())) {
        jaxbContext = jaxbContentCache.get(objclass.getName());
    } else {
        jaxbContext = JAXBContext.newInstance(objclass);
        jaxbContentCache.put(objclass.getName(), jaxbContext);
    }
    return jaxbContext;
}
Also used : JAXBContext(javax.xml.bind.JAXBContext)

Example 12 with JAXBContext

use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.

the class TrustAgentSecureClient method sendHostRequest.

/**
     * 
     * @return an object representing the RESPONSE from the Trust Agent
     * @throws UnknownHostException if the IP address of the host could not be determined from local hosts file or DNS
     * @throws IOException if there was an error connecting to the host, such as it is not reachable on the network or it dropped the connection
     * @throws JAXBException when the response from the host cannot be interpreted properly
     * @throws NoSuchAlgorithmException 
     * @throws KeyManagementException 
     */
public synchronized HostRequestType sendHostRequest() throws UnknownHostException, IOException, JAXBException, KeyManagementException, NoSuchAlgorithmException {
    try {
        byte[] buf = sendRequestWithSSLSocket();
        log.info("Unmarshalling to Jaxb object.");
        JAXBContext jc = JAXBContext.newInstance("com.intel.mountwilson.ta.host.data");
        log.debug("Created JAXBContext Instance {}", jc.toString());
        //assert jc != null; Expression always true
        Unmarshaller u = jc.createUnmarshaller();
        log.debug("Created Unmarshaller Instance {}", u.toString());
        //assert new String(buf) != null; //Expresion always return null.
        assert buf != null;
        log.debug("Unmarshalling");
        JAXBElement po = (JAXBElement) u.unmarshal(new StringReader(new String(buf).trim()));
        log.debug("Unmarshalled");
        assert po != null;
        HostRequestType response = (HostRequestType) po.getValue();
        assert response != null;
        checkHostError(response);
        log.info("Done reading/writing to/from socket, closing socket.");
        return response;
    } finally {
    }
}
Also used : HostRequestType(com.intel.mountwilson.ta.host.data.HostRequestType) StringReader(java.io.StringReader) JAXBContext(javax.xml.bind.JAXBContext) JAXBElement(javax.xml.bind.JAXBElement) Unmarshaller(javax.xml.bind.Unmarshaller)

Example 13 with JAXBContext

use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.

the class TrustAgentSecureClient method sendQuoteRequest.

/**
     * 
     * @return an object representing the RESPONSE from the Trust Agent
     * @throws UnknownHostException if the IP address of the host could not be determined from local hosts file or DNS
     * @throws IOException if there was an error connecting to the host, such as it is not reachable on the network or it dropped the connection
     * @throws JAXBException when the response from the host cannot be interpreted properly
     * @throws NoSuchAlgorithmException 
     * @throws KeyManagementException 
     */
public synchronized ClientRequestType sendQuoteRequest() throws UnknownHostException, IOException, JAXBException, KeyManagementException, NoSuchAlgorithmException {
    try {
        byte[] buf = sendRequestWithSSLSocket();
        log.info("Unmarshalling to Jaxb object.");
        JAXBContext jc = JAXBContext.newInstance("com.intel.mountwilson.ta.data");
        assert jc != null;
        Unmarshaller u = jc.createUnmarshaller();
        assert u != null;
        assert new String(buf) != null;
        JAXBElement po = (JAXBElement) u.unmarshal(new StringReader(new String(buf).trim()));
        assert po != null;
        ClientRequestType response = (ClientRequestType) po.getValue();
        assert response != null;
        checkQuoteError(response);
        log.info("Done reading/writing to/from socket, closing socket.");
        return response;
    } finally {
    }
}
Also used : StringReader(java.io.StringReader) JAXBContext(javax.xml.bind.JAXBContext) JAXBElement(javax.xml.bind.JAXBElement) Unmarshaller(javax.xml.bind.Unmarshaller) ClientRequestType(com.intel.mountwilson.ta.data.ClientRequestType)

Example 14 with JAXBContext

use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.

the class JAXB method convert.

public <T> T convert(Node fromDocument, Class<T> toValueType) throws JAXBException {
    JAXBContext jc = getContextForType(toValueType);
    Unmarshaller u = jc.createUnmarshaller();
    JAXBElement<T> element = u.unmarshal(fromDocument, toValueType);
    return element.getValue();
}
Also used : JAXBContext(javax.xml.bind.JAXBContext) Unmarshaller(javax.xml.bind.Unmarshaller)

Example 15 with JAXBContext

use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.

the class JAXB method read.

/**
     * Does not allow XML External Entity (XXE) injection CWE-611
     * http://cwe.mitre.org/data/definitions/611.html
     *
     * @param <T>
     * @param document
     * @param valueType
     * @return
     * @throws IOException
     * @throws JAXBException
     */
public <T> T read(String document, Class<T> valueType) throws IOException, JAXBException, XMLStreamException {
    JAXBContext jc = getContextForType(valueType);
    // CWE-611 restrict XML external entity references
    XMLInputFactory xif = XMLInputFactory.newFactory();
    // if true allows sender to include external files via entity declaration in the DTD, which is a security vulnerability
    xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
    // if true allows sender to declare a DTD, and the DTD spec has security vulnerabilities so a reference implementation cannot be secure
    xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
    // if true allows sender to encode &gt; &lt; &quot; &amp; and &apos;  but not custom-defined entity references because we disable dtd support ; http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Predefined_entities_in_XML
    xif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
    XMLStreamReader xsr = xif.createXMLStreamReader(new StreamSource(new StringReader(document)));
    Unmarshaller u = jc.createUnmarshaller();
    JAXBElement<T> doc = u.unmarshal(xsr, valueType);
    return doc.getValue();
}
Also used : XMLStreamReader(javax.xml.stream.XMLStreamReader) StreamSource(javax.xml.transform.stream.StreamSource) StringReader(java.io.StringReader) JAXBContext(javax.xml.bind.JAXBContext) Unmarshaller(javax.xml.bind.Unmarshaller) XMLInputFactory(javax.xml.stream.XMLInputFactory)

Aggregations

JAXBContext (javax.xml.bind.JAXBContext)442 Unmarshaller (javax.xml.bind.Unmarshaller)240 Marshaller (javax.xml.bind.Marshaller)129 JAXBException (javax.xml.bind.JAXBException)128 Test (org.junit.Test)92 InputStream (java.io.InputStream)84 File (java.io.File)50 StringWriter (java.io.StringWriter)47 BaseTest (org.orcid.core.BaseTest)39 V2Convertible (org.orcid.core.version.V2Convertible)39 StringReader (java.io.StringReader)27 IOException (java.io.IOException)26 InputSource (org.xml.sax.InputSource)21 ArrayList (java.util.ArrayList)20 ByteArrayOutputStream (java.io.ByteArrayOutputStream)19 JAXBElement (javax.xml.bind.JAXBElement)19 FileOutputStream (java.io.FileOutputStream)18 Schema (javax.xml.validation.Schema)18 SchemaFactory (javax.xml.validation.SchemaFactory)17 SAXSource (javax.xml.transform.sax.SAXSource)14