use of javax.xml.bind.JAXBContext in project malmo by Microsoft.
the class SchemaHelper method getJAXBContext.
/** Serialise the object to an XML string
* @param obj the object to be serialised
* @param objclass the class of the object to be serialised
* @return an XML string representing the object, or null if the object couldn't be serialised
* @throws JAXBException
*/
private static JAXBContext getJAXBContext(Class<?> objclass) throws JAXBException {
JAXBContext jaxbContext;
if (jaxbContentCache.containsKey(objclass.getName())) {
jaxbContext = jaxbContentCache.get(objclass.getName());
} else {
jaxbContext = JAXBContext.newInstance(objclass);
jaxbContentCache.put(objclass.getName(), jaxbContext);
}
return jaxbContext;
}
use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.
the class TrustAgentSecureClient method sendHostRequest.
/**
*
* @return an object representing the RESPONSE from the Trust Agent
* @throws UnknownHostException if the IP address of the host could not be determined from local hosts file or DNS
* @throws IOException if there was an error connecting to the host, such as it is not reachable on the network or it dropped the connection
* @throws JAXBException when the response from the host cannot be interpreted properly
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public synchronized HostRequestType sendHostRequest() throws UnknownHostException, IOException, JAXBException, KeyManagementException, NoSuchAlgorithmException {
try {
byte[] buf = sendRequestWithSSLSocket();
log.info("Unmarshalling to Jaxb object.");
JAXBContext jc = JAXBContext.newInstance("com.intel.mountwilson.ta.host.data");
log.debug("Created JAXBContext Instance {}", jc.toString());
//assert jc != null; Expression always true
Unmarshaller u = jc.createUnmarshaller();
log.debug("Created Unmarshaller Instance {}", u.toString());
//assert new String(buf) != null; //Expresion always return null.
assert buf != null;
log.debug("Unmarshalling");
JAXBElement po = (JAXBElement) u.unmarshal(new StringReader(new String(buf).trim()));
log.debug("Unmarshalled");
assert po != null;
HostRequestType response = (HostRequestType) po.getValue();
assert response != null;
checkHostError(response);
log.info("Done reading/writing to/from socket, closing socket.");
return response;
} finally {
}
}
use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.
the class TrustAgentSecureClient method sendQuoteRequest.
/**
*
* @return an object representing the RESPONSE from the Trust Agent
* @throws UnknownHostException if the IP address of the host could not be determined from local hosts file or DNS
* @throws IOException if there was an error connecting to the host, such as it is not reachable on the network or it dropped the connection
* @throws JAXBException when the response from the host cannot be interpreted properly
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public synchronized ClientRequestType sendQuoteRequest() throws UnknownHostException, IOException, JAXBException, KeyManagementException, NoSuchAlgorithmException {
try {
byte[] buf = sendRequestWithSSLSocket();
log.info("Unmarshalling to Jaxb object.");
JAXBContext jc = JAXBContext.newInstance("com.intel.mountwilson.ta.data");
assert jc != null;
Unmarshaller u = jc.createUnmarshaller();
assert u != null;
assert new String(buf) != null;
JAXBElement po = (JAXBElement) u.unmarshal(new StringReader(new String(buf).trim()));
assert po != null;
ClientRequestType response = (ClientRequestType) po.getValue();
assert response != null;
checkQuoteError(response);
log.info("Done reading/writing to/from socket, closing socket.");
return response;
} finally {
}
}
use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.
the class JAXB method convert.
public <T> T convert(Node fromDocument, Class<T> toValueType) throws JAXBException {
JAXBContext jc = getContextForType(toValueType);
Unmarshaller u = jc.createUnmarshaller();
JAXBElement<T> element = u.unmarshal(fromDocument, toValueType);
return element.getValue();
}
use of javax.xml.bind.JAXBContext in project OpenAttestation by OpenAttestation.
the class JAXB method read.
/**
* Does not allow XML External Entity (XXE) injection CWE-611
* http://cwe.mitre.org/data/definitions/611.html
*
* @param <T>
* @param document
* @param valueType
* @return
* @throws IOException
* @throws JAXBException
*/
public <T> T read(String document, Class<T> valueType) throws IOException, JAXBException, XMLStreamException {
JAXBContext jc = getContextForType(valueType);
// CWE-611 restrict XML external entity references
XMLInputFactory xif = XMLInputFactory.newFactory();
// if true allows sender to include external files via entity declaration in the DTD, which is a security vulnerability
xif.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
// if true allows sender to declare a DTD, and the DTD spec has security vulnerabilities so a reference implementation cannot be secure
xif.setProperty(XMLInputFactory.SUPPORT_DTD, false);
// if true allows sender to encode > < " & and ' but not custom-defined entity references because we disable dtd support ; http://en.wikipedia.org/wiki/List_of_XML_and_HTML_character_entity_references#Predefined_entities_in_XML
xif.setProperty(XMLInputFactory.IS_REPLACING_ENTITY_REFERENCES, true);
XMLStreamReader xsr = xif.createXMLStreamReader(new StreamSource(new StringReader(document)));
Unmarshaller u = jc.createUnmarshaller();
JAXBElement<T> doc = u.unmarshal(xsr, valueType);
return doc.getValue();
}
Aggregations