demo/validator
1
0
Fork 0
mirror of https://github.com/itplr-kosit/validator.git synced 2026-05-26 01:05:38 +00:00
Code Issues Projects Releases Packages Wiki Activity

(enhance) introduce resolving strategy (configurable xml security); introduce API configuration

Browse source
This commit is contained in:
Andreas Penski (init) 2020-04-29 10:06:00 +02:00
parent 7a86f049ac
commit 35c0797898
67 changed files with 2441 additions and 845 deletions
Download patch file Download diff file Expand all files Collapse all files

26
src/main/java/de/kosit/validationtool/api/CheckConfiguration.java
View file

@ -21,18 +21,17 @@ package de.kosit.validationtool.api;
import java.net.URI;
import java.util.List;
import java.util.Map;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.Setter;
import lombok.extern.slf4j.Slf4j;
import de.kosit.validationtool.config.LoadConfiguration;
import de.kosit.validationtool.config.ConfigurationLoader;
import de.kosit.validationtool.impl.ContentRepository;
import de.kosit.validationtool.impl.Scenario;
import net.sf.saxon.s9api.Processor;
/**
* Zentrale Konfigration einer Prüf-Instanz.
*
@ -56,11 +55,13 @@ public class CheckConfiguration implements Configuration {
*/
private URI scenarioRepository;
private LoadConfiguration delegate;
private ConfigurationLoader loader;
private LoadConfiguration getDelegate() {
private Configuration delegate;
private Configuration getDelegate() {
if (this.delegate == null) {
this.delegate = Configuration.load(this.scenarioDefinition, this.scenarioRepository);
this.delegate = Configuration.load(this.scenarioDefinition, this.scenarioRepository).build();
}
return this.delegate;
}
@ -76,13 +77,13 @@ public class CheckConfiguration implements Configuration {
}
@Override
public void build() {
getDelegate().build();
public String getDate() {
return getDelegate().getDate();
}
@Override
public String getDate() {
return getDelegate().getDate();
public Map<String, Object> getAdditionalParameters() {
return this.delegate.getAdditionalParameters();
}
@Override
@ -95,10 +96,7 @@ public class CheckConfiguration implements Configuration {
return getDelegate().getAuthor();
}
@Override
public Processor getProcessor() {
return getDelegate().getProcessor();
}
@Override
public ContentRepository getContentRepository() {

91
src/main/java/de/kosit/validationtool/api/Configuration.java
View file

@ -2,20 +2,19 @@ package de.kosit.validationtool.api;
import java.net.URI;
import java.util.List;
import java.util.Map;
import de.kosit.validationtool.config.ConfigurationBuilder;
import de.kosit.validationtool.config.LoadConfiguration;
import de.kosit.validationtool.config.ConfigurationLoader;
import de.kosit.validationtool.impl.ContentRepository;
import de.kosit.validationtool.impl.Scenario;
import net.sf.saxon.s9api.Processor;
/**
* Configuration of the actual {@link Check} instance. This is a contruct and can be used implemented by custom
* Configuration of the actual {@link Check} instance. This is an interface and can be implemented by custom
* configuration classes. There are two implementations supported out of the box:
*
* <ol>
* <li>{@link LoadConfiguration} implements loading {@link Check} configurations from a scenario.xml file</li>
* <li>{@link ConfigurationLoader} implements loading {@link Check} configurations from a scenario.xml file</li>
* <li>Using a builder style api {@link de.kosit.validationtool.config.ConfigurationBuilder}to configure the
* {@link Check}</li>
* </ol>
@ -27,33 +26,77 @@ import net.sf.saxon.s9api.Processor;
public interface Configuration {
/**
* Returns a list of configured scenarios.
*
* @return the list of scenarios
*/
List<Scenario> getScenarios();
static LoadConfiguration load(final URI scenarioDefinition) {
/**
* Returns the configured fallback scenario to use, in case no configured scenario match.
*
* @return the fallback scenario
*/
Scenario getFallbackScenario();
/**
* Returns the author of this configuration.
*
* @return the author
*/
String getAuthor();
/**
* Returns the name of the specification
*
* @return the name
*/
String getName();
/**
* The creation date of the config
*
* @return the date
*/
String getDate();
Map<String, Object> getAdditionalParameters();
/**
* The content repository including resolving strategies.
*
* @return the configured {@link ContentRepository}
*/
ContentRepository getContentRepository();
/**
* Loads an XML based scenario definition from the file specified via URI.
*
* @param scenarioDefinition the XML file with scenario definition
* @return the loaded configuration
*/
static ConfigurationLoader load(final URI scenarioDefinition) {
return load(scenarioDefinition, null);
}
static LoadConfiguration load(final URI scenarioDefinition, final URI repository) {
final LoadConfiguration config = new LoadConfiguration(scenarioDefinition, repository);
config.build();
return config;
/**
* Loads an XML based scenario definition from the file with an specific repository / source location specified via
* URIs.
*
* @param scenarioDefinition the XML file with scenario definition
* @return the loaded configuration
*/
static ConfigurationLoader load(final URI scenarioDefinition, final URI repository) {
return new ConfigurationLoader(scenarioDefinition, repository);
}
/**
* Creates a {@link Configuration} based on a builder style API using {@link ConfigurationBuilder}
*
* @return the Builder
*/
static ConfigurationBuilder create() {
return new ConfigurationBuilder();
}
Scenario getFallbackScenario();
void build();
String getAuthor();
String getName();
String getDate();
Processor getProcessor();
ContentRepository getContentRepository();
}

7
src/main/java/de/kosit/validationtool/api/Input.java
View file

@ -20,7 +20,6 @@
package de.kosit.validationtool.api;
import java.io.IOException;
import java.io.InputStream;
import javax.xml.transform.Source;
@ -54,10 +53,10 @@ public interface Input {
String getDigestAlgorithm();
/**
* Opens a new {@link InputStream } for this input which carries the actual data
* Creates a new {@link Source } for this input which carries the actual data
*
* @return an open {@link InputStream}
* @throws IOException on I/O while opening the stream
* @return an open {@link Source}
* @throws IOException on I/O while opening the source
*/
Source getSource() throws IOException;

5
src/main/java/de/kosit/validationtool/api/InputFactory.java
View file

@ -54,10 +54,6 @@ public class InputFactory {
static final String DEFAULT_ALGORITH = "SHA-256";
private static final int EOF = -1;
private static final int DEFAULT_BUFFER_SIZE = 4096;
private static final String MESSAGE_OPEN_STREAM_ERROR = "Can not open stream from";
@Getter
@ -108,7 +104,6 @@ public class InputFactory {
return read(file, DEFAULT_ALGORITH);
}
/**
* Liest einen Prüfling von der übergebenen URI. Es wird der Default-Prüfsummenalgorithmus zur Ermittlung der Prüfsumme
* genutzt.

64
src/main/java/de/kosit/validationtool/api/ResolvingConfigurationStrategy.java Normal file
View file

@ -0,0 +1,64 @@
package de.kosit.validationtool.api;
import java.net.URI;
import javax.xml.transform.URIResolver;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import javax.xml.validation.Validator;
import net.sf.saxon.s9api.Processor;
/**
* Centralized construction and configuration of XML related infrastructore components. The KoSIT Validator provides out
* of the box implementaions with various security levels.
*
* If you decide to implement a custom strategy, please be aware of XML security within your stack. The validator
* components beyond this strategy asume secured implementation of the interfaces provided by this strategy. There is no
* effort to mitigate or prevent xml related security issues such as XXE, loading external sources etc.
*
* @see de.kosit.validationtool.impl.ResolvingMode
* @author Andreas Penski
*/
public interface ResolvingConfigurationStrategy {
/**
* Creates a preconfigured {@link SchemaFactory} for loading {@link javax.xml.validation.Schema} objects. The
* implementation is responsible for xml security. Take care
*
* @return preconfigured {@link SchemaFactory}
*/
SchemaFactory createSchemaFactory();
/**
* Creates a preconfigured {@link Processor Saxon Processor} for various tasks within the Validator. The validator
* leverages the saxon s9api for internal processing e.g. xml reading and writing. So this is the main object to secure
* for reading, transforming and writing xml files.
*
* @return a preconfigured {@link Processor}
*/
Processor createProcessor();
/**
* Creates a specific implementation for resolving referenced objects in XML files. The URIResolver, it is used for
* dereferencing an absolute URI (after resolution) to return a {@link javax.xml.transform.Source}. It <b>can</b> be
* used for resolving relative URIs against a base URI or restrict access to certain URIs.
* <p>
* This URIResolver is used to dereference the URIs appearing in <code>xsl:import</code>, <code>xsl:include</code>, and
* <code>xsl:import-schema</code> declarations.
* </p>
*
* @return a preconfigured {@link URIResolver}
*/
URIResolver createResolver(URI scenarioRepository);
/**
* Creates a preconfigured {@link Validator } instance for a given schema for xml file validation. The implementation
* takes care about security and reference resolving strategies.
*
* @param schema the scheme to create a {@link Validator} for
* @return a preconfigured {@link Validator}
*/
Validator createValidator(Schema schema);
}