/**
* Copyright (c) 2009, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.task.ui.internal;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axis2.util.XMLUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.task.TaskDescription;
import org.apache.xerces.impl.Constants;
import org.apache.xerces.util.SecurityManager;
import org.xml.sax.EntityResolver;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.xml.XMLConstants;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.util.*;
/**
* Provide utilities for Task Description Management
*/
public class TaskManagementHelper {
private static final Log log = LogFactory.getLog(TaskManagementHelper.class);
private static final String TASK_EXTENSION_NS = "http://www.wso2.org/products/wso2commons/tasks";
private static final OMFactory FACTORY = OMAbstractFactory.getOMFactory();
private static final OMNamespace TASK_OM_NAMESPACE = FACTORY.createOMNamespace(
TASK_EXTENSION_NS, "task");
/**
* Factory method to create a Task Description from HttpServletResuet
*
* @param request HttpServletRequest instance
* @return A Task Description
* @throws ServletException Throws for any error during Task Description creation
*/
public static TaskDescription createTaskDescription(
HttpServletRequest request) throws ServletException {
String name = request.getParameter("taskName");
if (name == null || "".equals(name)) {
name = request.getParameter("taskName_hidden");
if (name == null || "".equals(name)) {
handleException("Name cannot be null or empty");
}
}
String group = request.getParameter("taskGroup");
if (group == null || "".equals(group)) {
group = request.getParameter("taskGroup_hidden");
if (group == null || "".equals(group)) {
handleException("Task group cannot be null or empty");
}
}
String taskClass = request.getParameter("taskClass");
if (taskClass == null || "".equals(taskClass)) {
handleException("Task Class cannot be null or empty");
}
TaskDescription taskDescription = new TaskDescription();
taskDescription.setName(name.trim());
taskDescription.setTaskGroup(group.trim());
taskDescription.setTaskImplClassName(taskClass.trim());
String trigger = request.getParameter("taskTrigger");
if (trigger != null && !"".equals(trigger)) {
if ("simple".equals(trigger)) {
String interval = request.getParameter("triggerInterval");
if (interval != null && !"".equals(interval)) {
try {
taskDescription.setInterval(Long.parseLong(interval.trim()) * 1000);
taskDescription.setIntervalInMs(true);
} catch (NumberFormatException e) {
handleException("Invalid value for interval (Expected type is long) : " +
interval);
}
}
String count = request.getParameter("triggerCount");
if (count != null && !"".equals(count)) {
try {
taskDescription.setCount(Integer.parseInt(count.trim()));
} catch (NumberFormatException e) {
handleException("Invalid value for Count (Expected type is int) : " +
count);
}
}
} else if ("cron".equals(trigger)) {
String cron = request.getParameter("triggerCron");
if (cron != null && !"".equals(cron)) {
taskDescription.setCronExpression(cron.trim());
} else {
handleException("Cron expression cannot be empty for cron trigger");
}
}
} else {
handleException("No Trigger has been selected");
}
String pinnedServers = request.getParameter("pinnedServers");
if (pinnedServers != null || !"".equals(pinnedServers)) {
StringTokenizer st = new StringTokenizer(pinnedServers, " ,");
List<String> pinnedServersList = new ArrayList<String>();
while (st.hasMoreTokens()) {
String token = st.nextToken();
if (token.length() != 0) {
pinnedServersList.add(token);
}
}
taskDescription.setPinnedServers(pinnedServersList);
}
String propertyCount = request.getParameter("propertyCount");
if (propertyCount != null && !"".equals(propertyCount)) {
try {
int propCount = Integer.parseInt(propertyCount.trim());
if (log.isDebugEnabled()) {
log.debug("Number of properties : " + propCount);
}
for (int i = 0; i < propCount; i++) {
String id = "property_name_hidden" + String.valueOf(i);
String propName = request.getParameter(id);
if (propName != null && !"".equals(propName)) {
String propertyType = request.getParameter("propertyTypeSelection" +
String.valueOf(i));
if ("literal".equals(propertyType)) {
String value = request.getParameter("textField" + String.valueOf(i));
if (log.isDebugEnabled()) {
log.debug("[ Property Name : " + name + " ]" +
"[ Property Value : " + value + " ]");
}
if (value != null && !"".equals(value)) {
OMElement propElem = FACTORY.createOMElement("property",
TASK_OM_NAMESPACE);
OMNamespace nullNS = FACTORY.createOMNamespace("", "");
propElem.addAttribute("name", propName.trim(), nullNS);
propElem.addAttribute("value", value.trim(), nullNS);
taskDescription.setXmlProperty(propElem);
}
} else if ("xml".equals(propertyType)) {
String value = request.getParameter("textArea" + String.valueOf(i));
if (log.isDebugEnabled()) {
log.debug("[ Property Name : " + name + " ][ Property Value : " +
value + " ]");
}
if (value != null && !"".equals(value)) {
OMElement propElem = FACTORY.createOMElement("property",
TASK_OM_NAMESPACE);
OMNamespace nullNS = FACTORY.createOMNamespace("", "");
propElem.addAttribute("name", propName.trim(), nullNS);
try {
propElem.addChild(createOMElement(value.trim()));
} catch (Throwable e) {
handleException("Invalid XML has been provided " +
"for property : " + propName);
}
taskDescription.setXmlProperty(propElem);
}
}
}
}
} catch (NumberFormatException ignored) {
handleException("Invalid number of properties " + propertyCount);
}
}
return taskDescription;
}
private static OMElement createOMElement(String xml) throws Exception {
return XMLUtils.toOM(getSecuredDocumentBuilder(true).
parse(new ByteArrayInputStream(xml.getBytes())).getDocumentElement());
}
private static void handleException(String msg) throws ServletException {
log.error(msg);
throw new ServletException(msg);
}
public static TaskDescription getTaskDescription(HttpServletRequest request,
TaskManagementClient client,
String name, String group) throws Exception {
if (name == null || "".equals(name)) {
handleException("Task Name cannot be empty");
}
name = name.trim();
TaskDescription taskDescription = client.getTaskDescription(name, group);
if (taskDescription == null) {
handleException("No task description for name :" + name);
}
return taskDescription;
}
public static List<OMElement> mergeProperties(OMElement allPropertyElement,
Set<OMElement> propertySources) {
List<OMElement> toBeReturn = new ArrayList<OMElement>();
if (allPropertyElement == null || propertySources == null) {
return toBeReturn;
}
Iterator propertyIterator = allPropertyElement.getChildElements();
while (propertyIterator.hasNext()) {
OMElement property = (OMElement) propertyIterator.next();
if (property != null) {
String name = property.getAttributeValue(new QName("", "name", ""));
if (name != null && !"".equals(name)) {
OMElement element = getValueElement(propertySources, name);
if (element != null) {
toBeReturn.add(element.cloneOMElement());
} else {
toBeReturn.add(property.cloneOMElement());
}
}
}
}
return toBeReturn;
}
private static OMElement getValueElement(Set<OMElement> sources, String name) {
for (OMElement element : sources) {
if (element != null) {
String elementName = element.getAttributeValue(new QName("", "name", ""));
if (elementName != null && !"".equals(elementName)) {
if (elementName.trim().equals(name.trim())) {
return element;
}
}
}
}
return null;
}
/**
* This method provides a secured document builder which will secure XXE attacks.
*
* @param setIgnoreComments whether to set setIgnoringComments in DocumentBuilderFactory.
* @return DocumentBuilder
* @throws javax.xml.parsers.ParserConfigurationException
*/
public static DocumentBuilder getSecuredDocumentBuilder(boolean setIgnoreComments) throws
ParserConfigurationException {
DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
documentBuilderFactory.setIgnoringComments(setIgnoreComments);
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setExpandEntityReferences(false);
documentBuilderFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
documentBuilderFactory.setXIncludeAware(false);
org.apache.xerces.util.SecurityManager securityManager = new SecurityManager();
securityManager.setEntityExpansionLimit(0);
documentBuilderFactory.setAttribute(Constants.XERCES_PROPERTY_PREFIX +
Constants.SECURITY_MANAGER_PROPERTY, securityManager);
DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
documentBuilder.setEntityResolver(new EntityResolver() {
@Override
public InputSource resolveEntity(String publicId, String systemId) throws SAXException, IOException {
throw new SAXException("Possible XML External Entity (XXE) attack. Skipping entity resolving");
}
});
return documentBuilder;
}
}