8306632: Add a JDK Property for specifying DTD support

Reviewed-by: lancea, smarks

src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/compiler/Parser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -51,8 +51,6 @@
 import org.xml.sax.InputSource;
 import org.xml.sax.Locator;
 import org.xml.sax.SAXException;
-import org.xml.sax.SAXNotRecognizedException;
-import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.XMLReader;
 import org.xml.sax.helpers.AttributesImpl;
 
@@ -62,7 +60,7 @@
  * @author G. Todd Miller
  * @author Morten Jorgensen
  * @author Erwin Bolwidt <ejb@klomp.org>
- * @LastModified: Jan 2022
+ * @LastModified: July 2023
  */
 public class Parser implements Constants, ContentHandler {
 
@@ -469,64 +467,21 @@ public SyntaxTreeNode parse(XMLReader reader, InputSource input) {
      * @return The root of the abstract syntax tree
      */
     public SyntaxTreeNode parse(InputSource input) {
-        try {
-            final XMLReader reader = JdkXmlUtils.getXMLReader(_overrideDefaultParser,
-                    _xsltc.isSecureProcessing());
-
-            JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, XMLConstants.ACCESS_EXTERNAL_DTD,
-                    _xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD), true);
-
-
-            boolean supportCatalog = true;
-            boolean useCatalog = _xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG);
-            try {
-                reader.setFeature(JdkXmlUtils.USE_CATALOG, useCatalog);
-            }
-            catch (SAXNotRecognizedException | SAXNotSupportedException e) {
-                supportCatalog = false;
-            }
-
-            if (supportCatalog && useCatalog) {
-                try {
-                    CatalogFeatures cf = (CatalogFeatures)_xsltc.getProperty(JdkXmlFeatures.CATALOG_FEATURES);
-                        if (cf != null) {
-                            for (CatalogFeatures.Feature f : CatalogFeatures.Feature.values()) {
-                                reader.setProperty(f.getPropertyName(), cf.get(f));
-                            }
-                        }
-                } catch (SAXNotRecognizedException e) {
-                    //shall not happen for internal settings
-                }
-            }
+        final XMLReader reader = JdkXmlUtils.getXMLReader(
+                (XMLSecurityManager)_xsltc.getProperty(JdkConstants.SECURITY_MANAGER),
+                _overrideDefaultParser,
+                _xsltc.isSecureProcessing(),
+                _xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG),
+                (CatalogFeatures)_xsltc.getProperty(JdkXmlFeatures.CATALOG_FEATURES));
 
-            String lastProperty = "";
-            try {
-                XMLSecurityManager securityManager =
-                        (XMLSecurityManager)_xsltc.getProperty(JdkConstants.SECURITY_MANAGER);
-                for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
-                    if (limit.isSupported(XMLSecurityManager.Processor.PARSER)) {
-                        lastProperty = limit.apiProperty();
-                        reader.setProperty(lastProperty, securityManager.getLimitValueAsString(limit));
-                    }
-                }
-                if (securityManager.printEntityCountInfo()) {
-                    lastProperty = JdkConstants.JDK_DEBUG_LIMIT;
-                    reader.setProperty(lastProperty, JdkConstants.JDK_YES);
-                }
-            } catch (SAXException se) {
-                XMLSecurityManager.printWarning(reader.getClass().getName(), lastProperty, se);
-            }
+        JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, XMLConstants.ACCESS_EXTERNAL_DTD,
+                _xsltc.getProperty(XMLConstants.ACCESS_EXTERNAL_DTD), true);
 
-            // try setting other JDK-impl properties, ignore if not supported
-            JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
-                _xsltc.getProperty(JdkConstants.CDATA_CHUNK_SIZE), false);
+        // try setting other JDK-impl properties, ignore if not supported
+        JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
+            _xsltc.getProperty(JdkConstants.CDATA_CHUNK_SIZE), false);
 
-            return(parse(reader, input));
-        }
-        catch (SAXException e) {
-            reportError(ERROR, new ErrorMsg(e.getMessage()));
-        }
-        return null;
+        return(parse(reader, input));
     }
 
     public SyntaxTreeNode getDocumentRoot() {

src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TrAXFilter.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2011, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2011, 2023, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -42,6 +42,8 @@
  * skeleton extension of XMLFilterImpl for now.
  * @author Santiago Pericas-Geertsen
  * @author G. Todd Miller
+ *
+ * @LastModified: July 2023
  */
 @SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
 public class TrAXFilter extends XMLFilterImpl {
@@ -64,8 +66,11 @@ public Transformer getTransformer() {
     }
 
     private void createParent() throws SAXException {
-        XMLReader parent = JdkXmlUtils.getXMLReader(_overrideDefaultParser,
-                _transformer.isSecureProcessing());
+        XMLReader parent = JdkXmlUtils.getXMLReader(_transformer._securityManager,
+                _overrideDefaultParser,
+                _transformer.isSecureProcessing(),
+                _transformer._useCatalog,
+                _transformer._catalogFeatures);
 
         // make this XMLReader the parent of this filter
         setParent(parent);

src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerFactoryImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -20,8 +20,6 @@
 
 package com.sun.org.apache.xalan.internal.xsltc.trax;
 
-import jdk.xml.internal.JdkConstants;
-import jdk.xml.internal.XMLSecurityManager;
 import com.sun.org.apache.xalan.internal.utils.FeaturePropertyBase;
 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
 import com.sun.org.apache.xalan.internal.utils.XMLSecurityPropertyManager.Property;
@@ -71,13 +69,15 @@
 import javax.xml.transform.stax.*;
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
+import jdk.xml.internal.JdkConstants;
 import jdk.xml.internal.JdkProperty;
 import jdk.xml.internal.JdkXmlFeatures;
 import jdk.xml.internal.JdkXmlUtils;
 import jdk.xml.internal.JdkProperty.ImplPropMap;
 import jdk.xml.internal.JdkProperty.State;
 import jdk.xml.internal.SecuritySupport;
 import jdk.xml.internal.TransformErrorListener;
+import jdk.xml.internal.XMLSecurityManager;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 import org.xml.sax.XMLFilter;
@@ -88,7 +88,7 @@
  * @author G. Todd Miller
  * @author Morten Jorgensen
  * @author Santiago Pericas-Geertsen
- * @LastModified: Jan 2022
+ * @LastModified: July 2023
  */
 public class TransformerFactoryImpl
     extends SAXTransformerFactory implements SourceLoader
@@ -503,19 +503,19 @@ else if (ImplPropMap.EXTCLSLOADER.is(name)) {
             }
         } else if (JdkXmlUtils.CATALOG_FILES.equals(name)) {
             _catalogFiles = (String) value;
-            cfBuilder = CatalogFeatures.builder().with(Feature.FILES, _catalogFiles);
+            cfBuilder = cfBuilder.with(Feature.FILES, _catalogFiles);
             return;
         } else if (JdkXmlUtils.CATALOG_DEFER.equals(name)) {
             _catalogDefer = (String) value;
-            cfBuilder = CatalogFeatures.builder().with(Feature.DEFER, _catalogDefer);
+            cfBuilder = cfBuilder.with(Feature.DEFER, _catalogDefer);
             return;
         } else if (JdkXmlUtils.CATALOG_PREFER.equals(name)) {
             _catalogPrefer = (String) value;
-            cfBuilder = CatalogFeatures.builder().with(Feature.PREFER, _catalogPrefer);
+            cfBuilder = cfBuilder.with(Feature.PREFER, _catalogPrefer);
             return;
         } else if (JdkXmlUtils.CATALOG_RESOLVE.equals(name)) {
             _catalogResolve = (String) value;
-            cfBuilder = CatalogFeatures.builder().with(Feature.RESOLVE, _catalogResolve);
+            cfBuilder = cfBuilder.with(Feature.RESOLVE, _catalogResolve);
             return;
         } else if (ImplPropMap.CDATACHUNKSIZE.is(name)) {
             _cdataChunkSize = JdkXmlUtils.getValue(value, _cdataChunkSize);
@@ -765,8 +765,11 @@ public Source  getAssociatedStylesheet(Source source, String media,
                 baseId = isource.getSystemId();
 
                 if (reader == null) {
-                    reader = JdkXmlUtils.getXMLReader(_overrideDefaultParser,
-                            !_isNotSecureProcessing);
+                    reader = JdkXmlUtils.getXMLReader(_xmlSecurityManager,
+                            _overrideDefaultParser,
+                            !_isNotSecureProcessing,
+                            _xmlFeatures.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG),
+                            _catalogFeatures);
                 }
 
                 _stylesheetPIHandler.setBaseId(baseId);

src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/TransformerImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2007, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2007, 2023, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -82,7 +82,6 @@
 import javax.xml.transform.stream.StreamResult;
 import javax.xml.transform.stream.StreamSource;
 import jdk.xml.internal.JdkConstants;
-import static jdk.xml.internal.JdkConstants.SP_XSLTC_IS_STANDALONE;
 import jdk.xml.internal.JdkProperty;
 import jdk.xml.internal.JdkXmlFeatures;
 import jdk.xml.internal.JdkXmlUtils;
@@ -101,7 +100,7 @@
  * @author Morten Jorgensen
  * @author G. Todd Miller
  * @author Santiago Pericas-Geertsen
- * @LastModified: Jan 2022
+ * @LastModified: July 2023
  */
 public final class TransformerImpl extends Transformer
     implements DOMCache
@@ -219,7 +218,7 @@ public final class TransformerImpl extends Transformer
      */
     private String _accessExternalDTD = JdkConstants.EXTERNAL_ACCESS_DEFAULT;
 
-    private XMLSecurityManager _securityManager;
+    protected XMLSecurityManager _securityManager;
     /**
      * A map to store parameters for the identity transform. These
      * are not needed during the transformation, but we must keep track of
@@ -307,7 +306,7 @@ protected TransformerImpl(Translet translet, Properties outputProperties,
         _useCatalog = _tfactory.getFeature(XMLConstants.USE_CATALOG);
         if (_useCatalog) {
             _catalogFeatures = (CatalogFeatures)_tfactory.getAttribute(JdkXmlFeatures.CATALOG_FEATURES);
-            String catalogFiles = _catalogFeatures.get(CatalogFeatures.Feature.DEFER);
+            String catalogFiles = _catalogFeatures.get(CatalogFeatures.Feature.FILES);
             if (catalogFiles != null) {
                 _readerManager.setFeature(XMLConstants.USE_CATALOG, _useCatalog);
                 _readerManager.setProperty(JdkXmlFeatures.CATALOG_FEATURES, _catalogFeatures);

src/java.xml/share/classes/com/sun/org/apache/xalan/internal/xsltc/trax/Util.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2016, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2016, 2023, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -41,7 +41,6 @@
 import jdk.xml.internal.XMLSecurityManager;
 import org.w3c.dom.Document;
 import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
 import org.xml.sax.SAXNotRecognizedException;
 import org.xml.sax.SAXNotSupportedException;
 import org.xml.sax.XMLReader;
@@ -51,7 +50,7 @@
  *
  * Added Catalog Support for URI resolution
  *
- * @LastModified: Jan 2022
+ * @LastModified: July 2023
  */
 @SuppressWarnings("deprecation") //org.xml.sax.helpers.XMLReaderFactory
 public final class Util {
@@ -91,8 +90,12 @@ public static InputSource getInputSource(XSLTC xsltc, Source source)
                     if (reader == null) {
                         boolean overrideDefaultParser = xsltc.getFeature(
                                 JdkXmlFeatures.XmlFeature.JDK_OVERRIDE_PARSER);
-                        reader = JdkXmlUtils.getXMLReader(overrideDefaultParser,
-                                xsltc.isSecureProcessing());
+                        reader = JdkXmlUtils.getXMLReader(
+                                (XMLSecurityManager)xsltc.getProperty(JdkConstants.SECURITY_MANAGER),
+                                overrideDefaultParser,
+                                xsltc.isSecureProcessing(),
+                                xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG),
+                                (CatalogFeatures)xsltc.getProperty(JdkXmlFeatures.CATALOG_FEATURES));
                     } else {
                         // compatibility for legacy applications
                         reader.setFeature
@@ -107,27 +110,6 @@ public static InputSource getInputSource(XSLTC xsltc, Source source)
                     JdkXmlUtils.setXMLReaderPropertyIfSupport(reader, JdkConstants.CDATA_CHUNK_SIZE,
                             xsltc.getProperty(JdkConstants.CDATA_CHUNK_SIZE), false);
 
-                    String lastProperty = "";
-                    try {
-                        XMLSecurityManager securityManager =
-                                (XMLSecurityManager)xsltc.getProperty(JdkConstants.SECURITY_MANAGER);
-                        if (securityManager != null) {
-                            for (XMLSecurityManager.Limit limit : XMLSecurityManager.Limit.values()) {
-                                if (limit.isSupported(XMLSecurityManager.Processor.PARSER)) {
-                                    lastProperty = limit.apiProperty();
-                                    reader.setProperty(lastProperty,
-                                            securityManager.getLimitValueAsString(limit));
-                                }
-                            }
-                            if (securityManager.printEntityCountInfo()) {
-                                lastProperty = JdkConstants.JDK_DEBUG_LIMIT;
-                                reader.setProperty(lastProperty, JdkConstants.JDK_YES);
-                            }
-                        }
-                    } catch (SAXException se) {
-                        XMLSecurityManager.printWarning(reader.getClass().getName(), lastProperty, se);
-                    }
-
                     boolean supportCatalog = true;
                     boolean useCatalog = xsltc.getFeature(JdkXmlFeatures.XmlFeature.USE_CATALOG);
                     try {

src/java.xml/share/classes/com/sun/org/apache/xerces/internal/dom/DOMConfigurationImpl.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2023, Oracle and/or its affiliates. All rights reserved.
  */
 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
@@ -32,7 +32,6 @@
 import com.sun.org.apache.xerces.internal.util.ParserConfigurationSettings;
 import com.sun.org.apache.xerces.internal.util.PropertyState;
 import com.sun.org.apache.xerces.internal.util.SymbolTable;
-import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
 import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDContentModelHandler;
 import com.sun.org.apache.xerces.internal.xni.XMLDTDHandler;
@@ -56,6 +55,7 @@
 import javax.xml.catalog.CatalogFeatures;
 import jdk.xml.internal.JdkConstants;
 import jdk.xml.internal.JdkXmlUtils;
+import jdk.xml.internal.XMLSecurityManager;
 import org.w3c.dom.DOMConfiguration;
 import org.w3c.dom.DOMErrorHandler;
 import org.w3c.dom.DOMException;
@@ -71,7 +71,7 @@
  *
  * @author Elena Litani, IBM
  * @author Neeraj Bajaj, Sun Microsystems.
- * @LastModified: May 2021
+ * @LastModified: July 2023
  */
 public class DOMConfigurationImpl extends ParserConfigurationSettings
     implements XMLParserConfiguration, DOMConfiguration {

src/java.xml/share/classes/com/sun/org/apache/xerces/internal/impl/PropertyManager.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2005, 2023, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -24,7 +24,6 @@
  */
 package com.sun.org.apache.xerces.internal.impl;
 
-import com.sun.org.apache.xerces.internal.utils.XMLSecurityManager;
 import com.sun.org.apache.xerces.internal.utils.XMLSecurityPropertyManager;
 import com.sun.xml.internal.stream.StaxEntityResolverWrapper;
 import java.util.HashMap;
@@ -36,6 +35,7 @@
 import jdk.xml.internal.JdkConstants;
 import jdk.xml.internal.JdkProperty;
 import jdk.xml.internal.JdkXmlUtils;
+import jdk.xml.internal.XMLSecurityManager;
 
 /**
  * This class manages the properties for the Stax specification and its
@@ -45,6 +45,8 @@
  * @author Neeraj Bajaj
  * @author K Venugopal
  * @author Sunitha Reddy
+ *
+ * @LastModified: July 2023
  */
 public class PropertyManager {