diff --git a/CVE-2022-2414.patch b/CVE-2022-2414.patch new file mode 100644 index 0000000000000000000000000000000000000000..cd4489a1f80ad355843e06219cf28decb3ae4a01 --- /dev/null +++ b/CVE-2022-2414.patch @@ -0,0 +1,929 @@ +From 4551594a1f71ab69f6d0bed1336255ea2a41ac17 Mon Sep 17 00:00:00 2001 +From: Chris Kelley +Date: Fri, 10 Jun 2022 17:25:07 +0100 +Subject: [PATCH] Disable access to external entities when parsing XML + +Origin: https://github.com/dogtagpki/pki/commit/4551594a1f71ab69f6d0bed1336255ea2a41ac17 + +This reduces the vulnerability of XML parsers to XXE (XML external +entity) injection. + +The best way to prevent XXE is to stop using XML altogether, which we do +plan to do. Until that happens I consider it worthwhile to tighten the +security here though. +--- + .../main/java/com/netscape/certsrv/account/Account.java | 4 ++++ + .../java/com/netscape/certsrv/base/PKIException.java | 4 ++++ + .../main/java/com/netscape/certsrv/base/RESTMessage.java | 4 ++++ + .../main/java/com/netscape/certsrv/cert/CertData.java | 4 ++++ + .../java/com/netscape/certsrv/cert/CertDataInfo.java | 4 ++++ + .../java/com/netscape/certsrv/cert/CertDataInfos.java | 4 ++++ + .../com/netscape/certsrv/cert/CertEnrollmentRequest.java | 4 ++++ + .../java/com/netscape/certsrv/cert/CertRequestInfo.java | 4 ++++ + .../java/com/netscape/certsrv/cert/CertRequestInfos.java | 4 ++++ + .../com/netscape/certsrv/cert/CertRetrievalRequest.java | 4 ++++ + .../com/netscape/certsrv/cert/CertRevokeRequest.java | 4 ++++ + .../com/netscape/certsrv/cert/CertSearchRequest.java | 4 ++++ + .../netscape/certsrv/key/AsymKeyGenerationRequest.java | 1 + + .../com/netscape/certsrv/key/KeyArchivalRequest.java | 1 + + .../java/com/netscape/certsrv/key/KeyRequestInfo.java | 4 ++++ + .../netscape/certsrv/key/KeyRequestInfoCollection.java | 4 ++++ + .../netscape/certsrv/key/SymKeyGenerationRequest.java | 1 + + .../com/netscape/certsrv/profile/PolicyConstraint.java | 4 ++++ + .../netscape/certsrv/profile/PolicyConstraintValue.java | 4 ++++ + .../java/com/netscape/certsrv/profile/PolicyDefault.java | 4 ++++ + .../com/netscape/certsrv/profile/ProfileAttribute.java | 4 ++++ + .../java/com/netscape/certsrv/profile/ProfileData.java | 4 ++++ + .../com/netscape/certsrv/profile/ProfileDataInfo.java | 4 ++++ + .../com/netscape/certsrv/profile/ProfileDataInfos.java | 4 ++++ + .../java/com/netscape/certsrv/profile/ProfileInput.java | 4 ++++ + .../java/com/netscape/certsrv/profile/ProfileOutput.java | 4 ++++ + .../com/netscape/certsrv/profile/ProfileParameter.java | 4 ++++ + .../com/netscape/certsrv/request/CMSRequestInfo.java | 4 ++++ + base/common/src/main/java/org/dogtagpki/common/Info.java | 4 ++++ + .../cms/servlet/csadmin/SecurityDomainProcessor.java | 6 +++++- + .../main/java/com/netscape/cmscore/apps/ServerXml.java | 1 + + .../main/java/com/netscape/cmsutil/xml/XMLObject.java | 9 +++++++++ + 32 files changed, 122 insertions(+), 1 deletion(-) + +diff --git a/base/common/src/main/java/com/netscape/certsrv/account/Account.java b/base/common/src/main/java/com/netscape/certsrv/account/Account.java +index 7447bfa36f1..6aaca9ccde1 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/account/Account.java ++++ b/base/common/src/main/java/com/netscape/certsrv/account/Account.java +@@ -23,6 +23,7 @@ + import java.util.Collection; + import java.util.TreeSet; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -209,6 +210,8 @@ public String toXML() throws Exception { + document.appendChild(accountElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -224,6 +227,7 @@ public String toXML() throws Exception { + public static Account fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java b/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java +index f4876f8bd2d..6ea5c3d6fdf 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java ++++ b/base/common/src/main/java/com/netscape/certsrv/base/PKIException.java +@@ -21,6 +21,7 @@ + import java.io.StringWriter; + + import javax.ws.rs.core.Response; ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -158,6 +159,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -173,6 +176,7 @@ public String toXML() throws Exception { + public static Data fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java b/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java +index a62a1aea0fc..136fcf54a84 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java ++++ b/base/common/src/main/java/com/netscape/certsrv/base/RESTMessage.java +@@ -10,6 +10,7 @@ + import java.util.Map; + + import javax.ws.rs.core.MultivaluedMap; ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -317,6 +318,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -332,6 +335,7 @@ public String toXML() throws Exception { + public static RESTMessage fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java +index 2a47c3c6653..a3a19e71a2e 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertData.java +@@ -23,6 +23,7 @@ + import java.security.cert.X509Certificate; + import java.util.Date; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -475,6 +476,8 @@ public String toXML() throws Exception { + document.appendChild(infoElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -490,6 +493,7 @@ public String toXML() throws Exception { + public static CertData fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java +index 847e32b0c48..516fac96027 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfo.java +@@ -24,6 +24,7 @@ + import java.io.StringWriter; + import java.util.Date; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -513,6 +514,8 @@ public String toXML() throws Exception { + document.appendChild(infoElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -528,6 +531,7 @@ public String toXML() throws Exception { + public static CertDataInfo fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java +index 8554da4692d..22627396ba6 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertDataInfos.java +@@ -20,6 +20,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -74,6 +75,8 @@ public String toXML() throws Exception { + toDOM(document); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -118,6 +121,7 @@ public static CertDataInfos fromDOM(Element infosElement) { + public static CertDataInfos fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java +index 88de02e755e..f48fa56564f 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertEnrollmentRequest.java +@@ -28,6 +28,7 @@ + import java.util.HashMap; + + import javax.ws.rs.core.MultivaluedMap; ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -514,6 +515,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -527,6 +530,7 @@ public String toXML() throws Exception { + + public static CertEnrollmentRequest fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java +index 79bff39c93a..b7aa718db5e 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfo.java +@@ -21,6 +21,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -246,6 +247,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -261,6 +264,7 @@ public String toXML() throws Exception { + public static CertRequestInfo fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java +index 8365e334f7a..4720bc42fce 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRequestInfos.java +@@ -21,6 +21,7 @@ + import java.io.StringWriter; + import java.util.Collection; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -108,6 +109,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -152,6 +155,7 @@ public static CertRequestInfos fromDOM(Element infosElement) { + public static CertRequestInfos fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java +index db169174d27..bde7e992d3a 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRetrievalRequest.java +@@ -25,6 +25,7 @@ + import java.io.StringWriter; + import java.util.Objects; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -126,6 +127,8 @@ public String toXML() throws Exception { + document.appendChild(requestElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -141,6 +144,7 @@ public String toXML() throws Exception { + public static CertRetrievalRequest fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java +index 5f0a9f4d069..709db381a29 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertRevokeRequest.java +@@ -22,6 +22,7 @@ + import java.io.StringWriter; + import java.util.Date; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -226,6 +227,8 @@ public String toXML() throws Exception { + document.appendChild(requestElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -241,6 +244,7 @@ public String toXML() throws Exception { + public static CertRevokeRequest fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java b/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java +index 1d178b6b7ca..67da3c1b61d 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java ++++ b/base/common/src/main/java/com/netscape/certsrv/cert/CertSearchRequest.java +@@ -25,6 +25,7 @@ + import java.util.Objects; + + import javax.ws.rs.core.MultivaluedMap; ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -1079,6 +1080,8 @@ public String toXML() throws Exception { + document.appendChild(rootElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -1094,6 +1097,7 @@ public String toXML() throws Exception { + public static CertSearchRequest fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java +index 05303b29faa..fc1fe0fff7f 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java ++++ b/base/common/src/main/java/com/netscape/certsrv/key/AsymKeyGenerationRequest.java +@@ -114,6 +114,7 @@ public static AsymKeyGenerationRequest fromDOM(Element element) { + public static AsymKeyGenerationRequest fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java +index 3152e8880fe..462f2284b66 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java ++++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyArchivalRequest.java +@@ -256,6 +256,7 @@ public static KeyArchivalRequest fromDOM(Element element) { + public static KeyArchivalRequest fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java +index 8970a70ebaa..dca3f01d42a 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java ++++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfo.java +@@ -21,6 +21,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -139,6 +140,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -154,6 +157,7 @@ public String toXML() throws Exception { + public static KeyRequestInfo fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java +index c471f6985f2..6cc98407a72 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java ++++ b/base/common/src/main/java/com/netscape/certsrv/key/KeyRequestInfoCollection.java +@@ -21,6 +21,7 @@ + import java.io.StringWriter; + import java.util.Collection; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -99,6 +100,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -143,6 +146,7 @@ public static KeyRequestInfoCollection fromDOM(Element infosElement) { + public static KeyRequestInfoCollection fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java b/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java +index f86bba27bfa..e7542f6d5af 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java ++++ b/base/common/src/main/java/com/netscape/certsrv/key/SymKeyGenerationRequest.java +@@ -103,6 +103,7 @@ public static SymKeyGenerationRequest fromDOM(Element element) { + public static SymKeyGenerationRequest fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java +index 763eaaec9dc..5d43bf187a0 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraint.java +@@ -22,6 +22,7 @@ + import java.util.ArrayList; + import java.util.List; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -228,6 +229,8 @@ public String toXML() throws Exception { + document.appendChild(accountElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -242,6 +245,7 @@ public String toXML() throws Exception { + + public static PolicyConstraint fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java +index be84f086cd2..9986837cffc 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyConstraintValue.java +@@ -20,6 +20,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -169,6 +170,8 @@ public String toXML() throws Exception { + document.appendChild(pcvElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -183,6 +186,7 @@ public String toXML() throws Exception { + + public static PolicyConstraintValue fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java +index 49e25989f43..b4602c68e0f 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/PolicyDefault.java +@@ -22,6 +22,7 @@ + import java.util.ArrayList; + import java.util.List; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -231,6 +232,8 @@ public String toXML() throws Exception { + document.appendChild(pdElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -245,6 +248,7 @@ public String toXML() throws Exception { + + public static PolicyDefault fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java +index 0e43db83d9c..7abd149c165 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileAttribute.java +@@ -20,6 +20,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -180,6 +181,8 @@ public String toXML() throws Exception { + document.appendChild(accountElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -193,6 +196,7 @@ public String toXML() throws Exception { + + public static ProfileAttribute fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java +index f80c0d55669..7506a7f334e 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileData.java +@@ -31,6 +31,7 @@ + import java.util.Objects; + import java.util.Vector; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -554,6 +555,8 @@ public String toXML() throws Exception { + document.appendChild(pdElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -568,6 +571,7 @@ public String toXML() throws Exception { + + public static ProfileData fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java +index 8f1744e76e0..a67d6972429 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfo.java +@@ -21,6 +21,7 @@ + import java.io.StringWriter; + import java.util.Objects; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -177,6 +178,8 @@ public String toXML() throws Exception { + document.appendChild(profileParameterElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -191,6 +194,7 @@ public String toXML() throws Exception { + + public static ProfileDataInfo fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java +index 7225c83a571..8975bc6d99f 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileDataInfos.java +@@ -20,6 +20,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -74,6 +75,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -118,6 +121,7 @@ public static ProfileDataInfos fromDOM(Element infosElement) { + public static ProfileDataInfos fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java +index 303785da978..aac8f0d0dc7 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileInput.java +@@ -23,6 +23,7 @@ + import java.util.Collection; + import java.util.List; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -354,6 +355,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -367,6 +370,7 @@ public String toXML() throws Exception { + + public static ProfileInput fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java +index b2442c7fb39..c85bfede2a4 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileOutput.java +@@ -22,6 +22,7 @@ + import java.util.ArrayList; + import java.util.List; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -234,6 +235,8 @@ public String toXML() throws Exception { + document.appendChild(pdElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -248,6 +251,7 @@ public String toXML() throws Exception { + + public static ProfileOutput fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java +index 55e07b419ca..e868eaccd23 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java ++++ b/base/common/src/main/java/com/netscape/certsrv/profile/ProfileParameter.java +@@ -21,6 +21,7 @@ + import java.io.StringWriter; + import java.util.Objects; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -128,6 +129,8 @@ public String toXML() throws Exception { + document.appendChild(profileParameterElement); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -142,6 +145,7 @@ public String toXML() throws Exception { + + public static ProfileParameter fromXML(String xml) throws Exception { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java b/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java +index b6c2fa491e8..661355ae179 100644 +--- a/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java ++++ b/base/common/src/main/java/com/netscape/certsrv/request/CMSRequestInfo.java +@@ -20,6 +20,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -229,6 +230,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -244,6 +247,7 @@ public String toXML() throws Exception { + public static CMSRequestInfo fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/common/src/main/java/org/dogtagpki/common/Info.java b/base/common/src/main/java/org/dogtagpki/common/Info.java +index 0929ada9b05..3d1b693157f 100644 +--- a/base/common/src/main/java/org/dogtagpki/common/Info.java ++++ b/base/common/src/main/java/org/dogtagpki/common/Info.java +@@ -21,6 +21,7 @@ + import java.io.StringReader; + import java.io.StringWriter; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.transform.OutputKeys; +@@ -183,6 +184,8 @@ public String toXML() throws Exception { + document.appendChild(element); + + TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); +@@ -198,6 +201,7 @@ public String toXML() throws Exception { + public static Info fromXML(String xml) throws Exception { + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(new InputSource(new StringReader(xml))); + +diff --git a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java +index bdd485e89ab..07fae1ad50c 100644 +--- a/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java ++++ b/base/server/src/main/java/com/netscape/cms/servlet/csadmin/SecurityDomainProcessor.java +@@ -24,6 +24,7 @@ + import java.util.Locale; + import java.util.Vector; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.ParserConfigurationException; + import javax.xml.transform.OutputKeys; + import javax.xml.transform.Transformer; +@@ -697,7 +698,10 @@ public static void main(String args[]) throws Exception { + XMLObject xmlObject = convertDomainInfoToXMLObject(before); + Document document = xmlObject.getDocument(); + +- Transformer transformer = TransformerFactory.newInstance().newTransformer(); ++ TransformerFactory transformerFactory = TransformerFactory.newInstance(); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); ++ Transformer transformer = transformerFactory.newTransformer(); + transformer.setOutputProperty(OutputKeys.INDENT, "yes"); + transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4"); + +diff --git a/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java b/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java +index 2a02d722a1f..d9ac5727476 100644 +--- a/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java ++++ b/base/server/src/main/java/com/netscape/cmscore/apps/ServerXml.java +@@ -41,6 +41,7 @@ public static ServerXml load(String filename) throws Exception { + ServerXml serverXml = new ServerXml(); + + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder builder = factory.newDocumentBuilder(); + Document document = builder.parse(filename); + +diff --git a/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java b/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java +index 81fdbf4b2e0..1043bcb477f 100644 +--- a/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java ++++ b/base/util/src/main/java/com/netscape/cmsutil/xml/XMLObject.java +@@ -25,6 +25,7 @@ + import java.io.StringWriter; + import java.util.Vector; + ++import javax.xml.XMLConstants; + import javax.xml.parsers.DocumentBuilder; + import javax.xml.parsers.DocumentBuilderFactory; + import javax.xml.parsers.ParserConfigurationException; +@@ -56,6 +57,7 @@ public XMLObject() throws ParserConfigurationException { + public XMLObject(InputStream s) + throws SAXException, IOException, ParserConfigurationException { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder docBuilder = factory.newDocumentBuilder(); + mDoc = docBuilder.parse(s); + } +@@ -63,6 +65,7 @@ public XMLObject(InputStream s) + public XMLObject(File f) + throws SAXException, IOException, ParserConfigurationException { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); ++ factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true); + DocumentBuilder docBuilder = factory.newDocumentBuilder(); + mDoc = docBuilder.parse(f); + } +@@ -159,6 +162,8 @@ public Vector getValuesFromContainer(Node container, String tagname) { + public byte[] toByteArray() throws TransformerConfigurationException, TransformerException { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + TransformerFactory tranFactory = TransformerFactory.newInstance(); ++ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer aTransformer = tranFactory.newTransformer(); + Source src = new DOMSource(mDoc); + Result dest = new StreamResult(bos); +@@ -169,6 +174,8 @@ public byte[] toByteArray() throws TransformerConfigurationException, Transforme + public void output(OutputStream os) + throws TransformerConfigurationException, TransformerException { + TransformerFactory tranFactory = TransformerFactory.newInstance(); ++ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer aTransformer = tranFactory.newTransformer(); + Source src = new DOMSource(mDoc); + Result dest = new StreamResult(os); +@@ -177,6 +184,8 @@ public void output(OutputStream os) + + public String toXMLString() throws TransformerConfigurationException, TransformerException { + TransformerFactory tranFactory = TransformerFactory.newInstance(); ++ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, ""); ++ tranFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, ""); + Transformer transformer = tranFactory.newTransformer(); + Source src = new DOMSource(mDoc); + StreamResult dest = new StreamResult(new StringWriter()); diff --git a/pki-core.spec b/pki-core.spec index 661c5e0d6279f41b0101d849b4ced4a6c056c341..d43acd8cace6c1d4c3ec44067f1f958fd5303a34 100644 --- a/pki-core.spec +++ b/pki-core.spec @@ -3,12 +3,13 @@ Name: pki-core Version: 11.0.0 -Release: 4 +Release: 5 Summary: The PKI Core Package License: GPLv2 and LGPLv2 URL: http://www.dogtagpki.org/ Source0: https://github.com/dogtagpki/pki/archive/v%{version}/pki-v%{version}.tar.gz Source1: https://github.com/cpuguy83/go-md2man/archive/v1.0.10.tar.gz +Patch0: CVE-2022-2414.patch BuildRequires: git make cmake >= 2.8.9-1 gcc-c++ zip java-latest-openjdk-devel java-latest-openjdk-headless BuildRequires: ldapjdk >= 4.21.0 apache-commons-cli apache-commons-codec apache-commons-io BuildRequires: apache-commons-lang jakarta-commons-httpclient glassfish-jaxb-api slf4j @@ -454,6 +455,9 @@ fi %endif %changelog +* Wed Jun 28 2023 wangkai <13474090681@163.com> - 11.0.0-5 +- Fix CVE-2022-2414 + * Tue Apr 18 2023 Ge Wang - 11.0.0-4 - Fix EBS compile failure caused by lack of openjdk-headless