1 /*
2 * Copyright (c) 2007, 2016, Oracle and/or its affiliates. All rights reserved.
3 */
4 /*
5 * Licensed to the Apache Software Foundation (ASF) under one or more
6 * contributor license agreements. See the NOTICE file distributed with
7 * this work for additional information regarding copyright ownership.
8 * The ASF licenses this file to You under the Apache License, Version 2.0
9 * (the "License"); you may not use this file except in compliance with
10 * the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20 package com.sun.org.apache.xalan.internal.xsltc.trax;
21
22 import com.sun.org.apache.xalan.internal.XalanConstants;
23 import com.sun.org.apache.xalan.internal.utils.ObjectFactory;
24 import com.sun.org.apache.xalan.internal.utils.SecuritySupport;
25 import com.sun.org.apache.xalan.internal.xsltc.DOM;
26 import com.sun.org.apache.xalan.internal.xsltc.Translet;
27 import com.sun.org.apache.xalan.internal.xsltc.compiler.Constants;
28 import com.sun.org.apache.xalan.internal.xsltc.compiler.util.ErrorMsg;
29 import com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet;
30 import java.io.IOException;
31 import java.io.UncheckedIOException;
32 import java.io.NotSerializableException;
33 import java.io.ObjectInputStream;
34 import java.io.ObjectOutputStream;
35 import java.io.ObjectStreamField;
36 import java.io.Serializable;
37 import java.lang.module.Configuration;
38 import java.lang.module.ModuleDescriptor;
39 import java.lang.module.ModuleFinder;
40 import java.lang.module.ModuleReference;
41 import java.lang.reflect.Layer;
42 import java.lang.reflect.Module;
43 import java.security.AccessController;
44 import java.security.PrivilegedAction;
45 import java.util.Arrays;
46 import java.util.HashMap;
47 import java.util.Map;
48 import java.util.Optional;
49 import java.util.Properties;
50 import java.util.Set;
51 import javax.xml.XMLConstants;
52 import javax.xml.transform.Templates;
53 import javax.xml.transform.Transformer;
54 import javax.xml.transform.TransformerConfigurationException;
55 import javax.xml.transform.URIResolver;
56
57
58 /**
59 * @author Morten Jorgensen
60 * @author G. Todd Millerj
61 * @author Jochen Cordes <Jochen.Cordes@t-online.de>
62 * @author Santiago Pericas-Geertsen
63 */
64 public final class TemplatesImpl implements Templates, Serializable {
65 static final long serialVersionUID = 673094361519270707L;
66 public final static String DESERIALIZE_TRANSLET = "jdk.xml.enableTemplatesImplDeserialization";
67
68 /**
69 * Name of the superclass of all translets. This is needed to
70 * determine which, among all classes comprising a translet,
71 * is the main one.
72 */
73 private static String ABSTRACT_TRANSLET
74 = "com.sun.org.apache.xalan.internal.xsltc.runtime.AbstractTranslet";
75
76 /**
77 * Name of the main class or default name if unknown.
78 */
79 private String _name = null;
80
81 /**
82 * Contains the actual class definition for the translet class and
83 * any auxiliary classes.
84 */
85 private byte[][] _bytecodes = null;
86
87 /**
88 * Contains the translet class definition(s). These are created when
89 * this Templates is created or when it is read back from disk.
90 */
91 private Class[] _class = null;
92
93 /**
94 * The index of the main translet class in the arrays _class[] and
95 * _bytecodes.
96 */
97 private int _transletIndex = -1;
98
99 /**
100 * Contains the list of auxiliary class definitions.
101 */
102 private transient Map<String, Class<?>> _auxClasses = null;
103
104 /**
105 * Output properties of this translet.
106 */
107 private Properties _outputProperties;
108
109 /**
110 * Number of spaces to add for output indentation.
111 */
112 private int _indentNumber;
113
114 /**
115 * This URIResolver is passed to all Transformers.
116 * Declaring it transient to fix bug 22438
117 */
118 private transient URIResolver _uriResolver = null;
119
120 /**
121 * Cache the DTM for the stylesheet in a thread local variable,
122 * which is used by the document('') function.
123 * Use ThreadLocal because a DTM cannot be shared between
124 * multiple threads.
125 * Declaring it transient to fix bug 22438
126 */
127 private transient ThreadLocal _sdom = new ThreadLocal();
128
129 /**
130 * A reference to the transformer factory that this templates
131 * object belongs to.
132 */
133 private transient TransformerFactoryImpl _tfactory = null;
134
135 /**
136 * A flag to determine whether the Service Mechanism is used
137 */
138 private transient boolean _useServicesMechanism;
139
140 /**
141 * protocols allowed for external references set by the stylesheet processing instruction, Import and Include element.
142 */
143 private transient String _accessExternalStylesheet = XalanConstants.EXTERNAL_ACCESS_DEFAULT;
144
145 /**
146 * @serialField _name String The Name of the main class
147 * @serialField _bytecodes byte[][] Class definition
148 * @serialField _class Class[] The translet class definition(s).
149 * @serialField _transletIndex int The index of the main translet class
150 * @serialField _outputProperties Properties Output properties of this translet.
151 * @serialField _indentNumber int Number of spaces to add for output indentation.
152 */
153 private static final ObjectStreamField[] serialPersistentFields =
154 new ObjectStreamField[] {
155 new ObjectStreamField("_name", String.class),
156 new ObjectStreamField("_bytecodes", byte[][].class),
157 new ObjectStreamField("_class", Class[].class),
158 new ObjectStreamField("_transletIndex", int.class),
159 new ObjectStreamField("_outputProperties", Properties.class),
160 new ObjectStreamField("_indentNumber", int.class),
161 };
162
163 static final class TransletClassLoader extends ClassLoader {
164 private final Map<String, Class<?>> _loadedExternalExtensionFunctions;
165
166 TransletClassLoader(ClassLoader parent) {
167 super(parent);
168 _loadedExternalExtensionFunctions = null;
169 }
170
171 TransletClassLoader(ClassLoader parent,Map<String, Class<?>> mapEF) {
172 super(parent);
173 _loadedExternalExtensionFunctions = mapEF;
174 }
175
176 public Class<?> loadClass(String name) throws ClassNotFoundException {
177 Class<?> ret = null;
178 // The _loadedExternalExtensionFunctions will be empty when the
179 // SecurityManager is not set and the FSP is turned off
180 if (_loadedExternalExtensionFunctions != null) {
181 ret = _loadedExternalExtensionFunctions.get(name);
182 }
183 if (ret == null) {
184 ret = super.loadClass(name);
185 }
186 return ret;
187 }
188
189 /**
190 * Access to final protected superclass member from outer class.
191 */
192 Class defineClass(final byte[] b) {
193 return defineClass(null, b, 0, b.length);
194 }
195 }
196
197
198 /**
199 * Create an XSLTC template object from the bytecodes.
200 * The bytecodes for the translet and auxiliary classes, plus the name of
201 * the main translet class, must be supplied.
202 */
203 protected TemplatesImpl(byte[][] bytecodes, String transletName,
204 Properties outputProperties, int indentNumber,
205 TransformerFactoryImpl tfactory)
206 {
207 _bytecodes = bytecodes;
208 init(transletName, outputProperties, indentNumber, tfactory);
209 }
210
211 /**
212 * Create an XSLTC template object from the translet class definition(s).
213 */
214 protected TemplatesImpl(Class[] transletClasses, String transletName,
215 Properties outputProperties, int indentNumber,
216 TransformerFactoryImpl tfactory)
217 {
218 _class = transletClasses;
219 _transletIndex = 0;
220 init(transletName, outputProperties, indentNumber, tfactory);
221 }
222
223 private void init(String transletName,
224 Properties outputProperties, int indentNumber,
225 TransformerFactoryImpl tfactory) {
226 _name = transletName;
227 _outputProperties = outputProperties;
228 _indentNumber = indentNumber;
229 _tfactory = tfactory;
230 _useServicesMechanism = tfactory.useServicesMechnism();
231 _accessExternalStylesheet = (String) tfactory.getAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET);
232 }
233 /**
234 * Need for de-serialization, see readObject().
235 */
236 public TemplatesImpl() { }
237
238 /**
239 * Overrides the default readObject implementation since we decided
240 * it would be cleaner not to serialize the entire tranformer
241 * factory. [ ref bugzilla 12317 ]
242 * We need to check if the user defined class for URIResolver also
243 * implemented Serializable
244 * if yes then we need to deserialize the URIResolver
245 * Fix for bugzilla bug 22438
246 */
247 @SuppressWarnings("unchecked")
248 private void readObject(ObjectInputStream is)
249 throws IOException, ClassNotFoundException
250 {
251 SecurityManager security = System.getSecurityManager();
252 if (security != null){
253 String temp = SecuritySupport.getSystemProperty(DESERIALIZE_TRANSLET);
254 if (temp == null || !(temp.length()==0 || temp.equalsIgnoreCase("true"))) {
255 ErrorMsg err = new ErrorMsg(ErrorMsg.DESERIALIZE_TRANSLET_ERR);
256 throw new UnsupportedOperationException(err.toString());
257 }
258 }
259
260 // We have to read serialized fields first.
261 ObjectInputStream.GetField gf = is.readFields();
262 _name = (String)gf.get("_name", null);
263 _bytecodes = (byte[][])gf.get("_bytecodes", null);
264 _class = (Class[])gf.get("_class", null);
265 _transletIndex = gf.get("_transletIndex", -1);
266
267 _outputProperties = (Properties)gf.get("_outputProperties", null);
268 _indentNumber = gf.get("_indentNumber", 0);
269
270 if (is.readBoolean()) {
271 _uriResolver = (URIResolver) is.readObject();
272 }
273
274 _tfactory = new TransformerFactoryImpl();
275 }
276
277
278 /**
279 * This is to fix bugzilla bug 22438
280 * If the user defined class implements URIResolver and Serializable
281 * then we want it to get serialized
282 */
283 private void writeObject(ObjectOutputStream os)
284 throws IOException, ClassNotFoundException {
285 if (_auxClasses != null) {
286 //throw with the same message as when Hashtable was used for compatibility.
287 throw new NotSerializableException(
288 "com.sun.org.apache.xalan.internal.xsltc.runtime.Hashtable");
289 }
290
291 // Write serialized fields
292 ObjectOutputStream.PutField pf = os.putFields();
293 pf.put("_name", _name);
294 pf.put("_bytecodes", _bytecodes);
295 pf.put("_class", _class);
296 pf.put("_transletIndex", _transletIndex);
297 pf.put("_outputProperties", _outputProperties);
298 pf.put("_indentNumber", _indentNumber);
299 os.writeFields();
300
301 if (_uriResolver instanceof Serializable) {
302 os.writeBoolean(true);
303 os.writeObject((Serializable) _uriResolver);
304 }
305 else {
306 os.writeBoolean(false);
307 }
308 }
309
310 /**
311 * Return the state of the services mechanism feature.
312 */
313 public boolean useServicesMechnism() {
314 return _useServicesMechanism;
315 }
316
317 /**
318 * Store URIResolver needed for Transformers.
319 */
320 public synchronized void setURIResolver(URIResolver resolver) {
321 _uriResolver = resolver;
322 }
323
324 /**
325 * The TransformerFactory must pass us the translet bytecodes using this
326 * method before we can create any translet instances
327 *
328 * Note: This method is private for security reasons. See
329 * CR 6537898. When merging with Apache, we must ensure
330 * that the privateness of this method is maintained (that
331 * is why it wasn't removed).
332 */
333 private synchronized void setTransletBytecodes(byte[][] bytecodes) {
334 _bytecodes = bytecodes;
335 }
336
337 /**
338 * Returns the translet bytecodes stored in this template
339 *
340 * Note: This method is private for security reasons. See
341 * CR 6537898. When merging with Apache, we must ensure
342 * that the privateness of this method is maintained (that
343 * is why it wasn't removed).
344 */
345 private synchronized byte[][] getTransletBytecodes() {
346 return _bytecodes;
347 }
348
349 /**
350 * Returns the translet bytecodes stored in this template
351 *
352 * Note: This method is private for security reasons. See
353 * CR 6537898. When merging with Apache, we must ensure
354 * that the privateness of this method is maintained (that
355 * is why it wasn't removed).
356 */
357 private synchronized Class[] getTransletClasses() {
358 try {
359 if (_class == null) defineTransletClasses();
360 }
361 catch (TransformerConfigurationException e) {
362 // Falls through
363 }
364 return _class;
365 }
366
367 /**
368 * Returns the index of the main class in array of bytecodes
369 */
370 public synchronized int getTransletIndex() {
371 try {
372 if (_class == null) defineTransletClasses();
373 }
374 catch (TransformerConfigurationException e) {
375 // Falls through
376 }
377 return _transletIndex;
378 }
379
380 /**
381 * The TransformerFactory should call this method to set the translet name
382 */
383 protected synchronized void setTransletName(String name) {
384 _name = name;
385 }
386
387 /**
388 * Returns the name of the main translet class stored in this template
389 */
390 protected synchronized String getTransletName() {
391 return _name;
392 }
393
394
395 /**
396 * Creates a module layer with one module that is defined to the given class
397 * loader.
398 */
399 private Module createModule(ModuleDescriptor descriptor, ClassLoader loader) {
400 String mn = descriptor.name();
401
402 ModuleReference mref = new ModuleReference(descriptor, null, () -> {
403 IOException ioe = new IOException("<dynamic module>");
404 throw new UncheckedIOException(ioe);
405 });
406
407 ModuleFinder finder = new ModuleFinder() {
408 @Override
409 public Optional<ModuleReference> find(String name) {
410 if (name.equals(mn)) {
411 return Optional.of(mref);
412 } else {
413 return Optional.empty();
414 }
415 }
416 @Override
417 public Set<ModuleReference> findAll() {
418 return Set.of(mref);
419 }
420 };
421
422 Layer bootLayer = Layer.boot();
423
424 Configuration cf = bootLayer.configuration()
425 .resolveRequires(finder, ModuleFinder.of(), Set.of(mn));
426
427 PrivilegedAction<Layer> pa = () -> bootLayer.defineModules(cf, name -> loader);
428 Layer layer = AccessController.doPrivileged(pa);
429
430 Module m = layer.findModule(mn).get();
431 assert m.getLayer() == layer;
432
433 return m;
434 }
435
436 /**
437 * Defines the translet class and auxiliary classes.
438 * Returns a reference to the Class object that defines the main class
439 */
440 private void defineTransletClasses()
441 throws TransformerConfigurationException {
442
443 if (_bytecodes == null) {
444 ErrorMsg err = new ErrorMsg(ErrorMsg.NO_TRANSLET_CLASS_ERR);
445 throw new TransformerConfigurationException(err.toString());
446 }
447
448 TransletClassLoader loader = (TransletClassLoader)
449 AccessController.doPrivileged(new PrivilegedAction() {
450 public Object run() {
451 return new TransletClassLoader(ObjectFactory.findClassLoader(),_tfactory.getExternalExtensionsMap());
452 }
453 });
454
455 try {
456 final int classCount = _bytecodes.length;
457 _class = new Class[classCount];
458
459 if (classCount > 1) {
460 _auxClasses = new HashMap<>();
461 }
462
463 // create a module for the translet
464
465 String mn = "jdk.translet";
466
467 String pn = _tfactory.getPackageName();
468 assert pn != null && pn.length() > 0;
469
470 ModuleDescriptor descriptor
471 = new ModuleDescriptor.Builder(mn)
472 .requires("java.xml")
473 .exports(pn)
474 .build();
475
476 Module m = createModule(descriptor, loader);
477
478 // the module needs access to runtime classes
479 Module thisModule = TemplatesImpl.class.getModule();
480 Arrays.asList(Constants.PKGS_USED_BY_TRANSLET_CLASSES).forEach(p -> {
481 thisModule.addExports(p, m);
482 });
483
484 // java.xml needs to instanitate the translet class
485 thisModule.addReads(m);
486
487 for (int i = 0; i < classCount; i++) {
488 _class[i] = loader.defineClass(_bytecodes[i]);
489 final Class superClass = _class[i].getSuperclass();
490
491 // Check if this is the main class
492 if (superClass.getName().equals(ABSTRACT_TRANSLET)) {
493 _transletIndex = i;
494 }
495 else {
496 _auxClasses.put(_class[i].getName(), _class[i]);
497 }
498 }
499
500 if (_transletIndex < 0) {
501 ErrorMsg err= new ErrorMsg(ErrorMsg.NO_MAIN_TRANSLET_ERR, _name);
502 throw new TransformerConfigurationException(err.toString());
503 }
504 }
505 catch (ClassFormatError e) {
506 ErrorMsg err = new ErrorMsg(ErrorMsg.TRANSLET_CLASS_ERR, _name);
507 throw new TransformerConfigurationException(err.toString(), e);
508 }
509 catch (LinkageError e) {
510 ErrorMsg err = new ErrorMsg(ErrorMsg.TRANSLET_OBJECT_ERR, _name);
511 throw new TransformerConfigurationException(err.toString(), e);
512 }
513 }
514
515 /**
516 * This method generates an instance of the translet class that is
517 * wrapped inside this Template. The translet instance will later
518 * be wrapped inside a Transformer object.
519 */
520 private Translet getTransletInstance()
521 throws TransformerConfigurationException {
522 try {
523 if (_name == null) return null;
524
525 if (_class == null) defineTransletClasses();
526
527 // The translet needs to keep a reference to all its auxiliary
528 // class to prevent the GC from collecting them
529 AbstractTranslet translet = (AbstractTranslet) _class[_transletIndex].newInstance();
530 translet.postInitialization();
531 translet.setTemplates(this);
532 translet.setServicesMechnism(_useServicesMechanism);
533 translet.setAllowedProtocols(_accessExternalStylesheet);
534 if (_auxClasses != null) {
535 translet.setAuxiliaryClasses(_auxClasses);
536 }
537
538 return translet;
539 }
540 catch (InstantiationException e) {
541 ErrorMsg err = new ErrorMsg(ErrorMsg.TRANSLET_OBJECT_ERR, _name);
542 throw new TransformerConfigurationException(err.toString());
543 }
544 catch (IllegalAccessException e) {
545 ErrorMsg err = new ErrorMsg(ErrorMsg.TRANSLET_OBJECT_ERR, _name);
546 throw new TransformerConfigurationException(err.toString());
547 }
548 }
549
550 /**
551 * Implements JAXP's Templates.newTransformer()
552 *
553 * @throws TransformerConfigurationException
554 */
555 public synchronized Transformer newTransformer()
556 throws TransformerConfigurationException
557 {
558 TransformerImpl transformer;
559
560 transformer = new TransformerImpl(getTransletInstance(), _outputProperties,
561 _indentNumber, _tfactory);
562
563 if (_uriResolver != null) {
564 transformer.setURIResolver(_uriResolver);
565 }
566
567 if (_tfactory.getFeature(XMLConstants.FEATURE_SECURE_PROCESSING)) {
568 transformer.setSecureProcessing(true);
569 }
570 return transformer;
571 }
572
573 /**
574 * Implements JAXP's Templates.getOutputProperties(). We need to
575 * instanciate a translet to get the output settings, so
576 * we might as well just instanciate a Transformer and use its
577 * implementation of this method.
578 */
579 public synchronized Properties getOutputProperties() {
580 try {
581 return newTransformer().getOutputProperties();
582 }
583 catch (TransformerConfigurationException e) {
584 return null;
585 }
586 }
587
588 /**
589 * Return the thread local copy of the stylesheet DOM.
590 */
591 public DOM getStylesheetDOM() {
592 return (DOM)_sdom.get();
593 }
594
595 /**
596 * Set the thread local copy of the stylesheet DOM.
597 */
598 public void setStylesheetDOM(DOM sdom) {
599 _sdom.set(sdom);
600 }
601 }