Merge remote-tracking branch 'origin/duplicate-claim-value-error-code…

…' into duplicate-claim-value-error-code

.github/workflows/pr-builder.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Clear Maven Cache for commons-compress
         run: rm -rf ~/.m2/repository/org/wso2/orbit/org/apache/commons/commons-compress/1.26.1.wso2v1
       - name: Build with Maven
-        run: mvn clean install -U -B
+        run: mvn clean install -U -B -Djdk.util.zip.disableZip64ExtraFieldValidation=true
       - name: Generate coverage report
         run: mvn test jacoco:report
       - name: Delete SNAPSHOT artifacts

components/action-mgt/org.wso2.carbon.identity.action.execution/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>action-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/action-mgt/org.wso2.carbon.identity.action.management/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>action-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/action-mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>identity-framework</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/ai-services-mgt/org.wso2.carbon.identity.ai.service.mgt/pom.xml

@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>ai-services-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/ai-services-mgt/pom.xml

@@ -23,7 +23,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>identity-framework</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.collection.mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>api-resource-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/api-resource-mgt/org.wso2.carbon.identity.api.resource.mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>api-resource-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>org.wso2.carbon.identity.api.resource.mgt</artifactId>

components/api-resource-mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>identity-framework</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

components/application-mgt/org.wso2.carbon.identity.application.common/pom.xml

@@ -18,7 +18,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/application-mgt/org.wso2.carbon.identity.application.mgt.ui/pom.xml

@@ -19,7 +19,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 

components/application-mgt/org.wso2.carbon.identity.application.mgt/pom.xml

@@ -21,7 +21,7 @@
     <parent>
         <groupId>org.wso2.carbon.identity.framework</groupId>
         <artifactId>application-mgt</artifactId>
-        <version>7.7.229-SNAPSHOT</version>
+        <version>7.7.240-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <artifactId>org.wso2.carbon.identity.application.mgt</artifactId>

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationManagementServiceImpl.java

@@ -25,7 +25,6 @@
 import org.apache.commons.lang3.SerializationUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.apache.xerces.impl.Constants;
 import org.w3c.dom.Document;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.context.CarbonContext;
@@ -135,24 +134,20 @@
 import java.util.Set;
 import java.util.stream.Collectors;
 
-import javax.xml.XMLConstants;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
 import javax.xml.bind.UnmarshallerHandler;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
 import javax.xml.transform.OutputKeys;
-import javax.xml.transform.Source;
 import javax.xml.transform.Transformer;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.sax.SAXSource;
 import javax.xml.transform.stream.StreamResult;
 
 import static org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants.Error.APPLICATION_ALREADY_EXISTS;
@@ -2134,21 +2129,7 @@ private ServiceProvider unmarshalSPTemplate(String spTemplateXml)
                     " is provided."});
         }
         try {
-            SAXParserFactory spf = SAXParserFactory.newInstance();
-            spf.setNamespaceAware(true);
-            spf.setXIncludeAware(false);
-            try {
-                spf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-                spf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
-                spf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
-                spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-
-            } catch (SAXException | ParserConfigurationException e) {
-                log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE +
-                        " or " + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " +
-                        Constants.LOAD_EXTERNAL_DTD_FEATURE + " or secure-processing.");
-            }
-
+            SAXParserFactory spf = ApplicationMgtUtil.getSaxParserFactory();
             JAXBContext jc = JAXBContext.newInstance(ServiceProvider.class);
             UnmarshallerHandler unmarshallerHandler = jc.createUnmarshaller().getUnmarshallerHandler();
             SAXParser sp = spf.newSAXParser();
@@ -2237,11 +2218,9 @@ private ServiceProvider unmarshalSP(String spTemplateXml, String tenantDomain)
                     "unmarshal");
         }
         try {
-            JAXBContext jaxbContext = JAXBContext.newInstance(ServiceProvider.class);
-            Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
-            return (ServiceProvider) unmarshaller.unmarshal(new ByteArrayInputStream(
-                    spTemplateXml.getBytes(StandardCharsets.UTF_8)));
-        } catch (JAXBException e) {
+            InputSource inputSource = new InputSource(new StringReader(spTemplateXml));
+            return ApplicationMgtUtil.getSecureSaxParserFactory(inputSource);
+        } catch (JAXBException | SAXException | ParserConfigurationException e) {
             throw new IdentityApplicationManagementException("Error in reading Service Provider template " +
                     "configuration ", e);
         }
@@ -2433,27 +2412,8 @@ private ServiceProvider unmarshalSP(SpFileContent spFileContent, String tenantDo
                     " %s uploaded by tenant: %s", spFileContent.getFileName(), tenantDomain));
         }
         try {
-            // Creating secure parser by disabling XXE.
-            SAXParserFactory spf = SAXParserFactory.newInstance();
-            spf.setNamespaceAware(true);
-            spf.setXIncludeAware(false);
-            try {
-                spf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
-                spf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
-                spf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
-                spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
-            } catch (SAXException | ParserConfigurationException e) {
-                log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or "
-                        + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE
-                        + " or secure-processing.");
-            }
-            // Creating source object using the secure parser.
-            Source xmlSource = new SAXSource(spf.newSAXParser().getXMLReader(),
-                    new InputSource(new StringReader(spFileContent.getContent())));
-            // Performing unmarshall operation by passing the generated source object to the unmarshaller.
-            JAXBContext jaxbContext = JAXBContext.newInstance(ServiceProvider.class);
-            Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
-            return (ServiceProvider) unmarshaller.unmarshal(xmlSource);
+            InputSource inputSource = new InputSource(new StringReader(spFileContent.getContent()));
+            return ApplicationMgtUtil.getSecureSaxParserFactory(inputSource);
         } catch (JAXBException | SAXException | ParserConfigurationException e) {
             throw new IdentityApplicationManagementException(String.format("Error in reading Service Provider " +
                     "configuration file %s uploaded by tenant: %s", spFileContent.getFileName(), tenantDomain), e);

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/ApplicationMgtUtil.java

@@ -29,6 +29,7 @@
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.xerces.impl.Constants;
 import org.json.JSONObject;
 import org.wso2.carbon.CarbonConstants;
 import org.wso2.carbon.base.MultitenantConstants;
@@ -64,6 +65,8 @@
 import org.wso2.carbon.user.core.common.AbstractUserStoreManager;
 import org.wso2.carbon.user.core.util.UserCoreUtil;
 import org.wso2.carbon.utils.multitenancy.MultitenantUtils;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -78,6 +81,10 @@
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.parsers.SAXParserFactory;
+import javax.xml.transform.Source;
+import javax.xml.transform.sax.SAXSource;
 
 import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.CONSOLE_ACCESS_ORIGIN;
 import static org.wso2.carbon.identity.application.mgt.ApplicationConstants.CONSOLE_ACCESS_URL_FROM_SERVER_CONFIGS;
@@ -659,14 +666,9 @@ public static ServiceProvider getApplicationFromSpFileStream(SpFileStream spFile
             throws IdentityApplicationManagementException {
 
         try {
-            JAXBContext jaxbContext = JAXBContext.newInstance(ServiceProvider.class);
-            Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
-            // Disable external entity processing to prevent XXE attacks.
-            unmarshaller.setProperty(XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            unmarshaller.setProperty(XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
-            return (ServiceProvider) unmarshaller.unmarshal(spFileStream.getFileStream());
-
-        } catch (JAXBException e) {
+            InputSource inputSource = new InputSource(spFileStream.getFileStream());
+            return getSecureSaxParserFactory(inputSource);
+        } catch (JAXBException | SAXException | ParserConfigurationException e) {
             throw new IdentityApplicationManagementException(String.format("Error in reading Service Provider " +
                     "configuration file %s uploaded by tenant: %s", spFileStream.getFileName(), tenantDomain), e);
         } catch (Exception e) {
@@ -677,6 +679,46 @@ public static ServiceProvider getApplicationFromSpFileStream(SpFileStream spFile
         }
     }
 
+    /**
+     * This method is used to get the service provider object from the input source.
+     * @return ServiceProvider object.
+     * @throws ParserConfigurationException if a parser cannot be created which satisfies the requested configuration.
+     * @throws SAXException if any parse errors occur.
+     * @throws JAXBException if any unexpected errors occur during unmarshalling.
+     */
+    public static ServiceProvider getSecureSaxParserFactory(InputSource inputsource) throws
+            ParserConfigurationException, SAXException, JAXBException {
+
+        // Creating secure parser by disabling XXE.
+        SAXParserFactory spf = getSaxParserFactory();
+        Source xmlSource = new SAXSource(spf.newSAXParser().getXMLReader(), inputsource);
+        JAXBContext jaxbContext = JAXBContext.newInstance(ServiceProvider.class);
+        Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+        return (ServiceProvider) unmarshaller.unmarshal(xmlSource);
+    }
+
+    /**
+     * This method is used to get the secure SAX parser factory.
+     * @return SAXParserFactory object.
+     */
+    public static SAXParserFactory getSaxParserFactory() {
+
+        SAXParserFactory spf = SAXParserFactory.newInstance();
+        spf.setNamespaceAware(true);
+        spf.setXIncludeAware(false);
+        try {
+            spf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE, false);
+            spf.setFeature(Constants.SAX_FEATURE_PREFIX + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE, false);
+            spf.setFeature(Constants.XERCES_FEATURE_PREFIX + Constants.LOAD_EXTERNAL_DTD_FEATURE, false);
+            spf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+        } catch (SAXException | ParserConfigurationException e) {
+            log.error("Failed to load XML Processor Feature " + Constants.EXTERNAL_GENERAL_ENTITIES_FEATURE + " or "
+                    + Constants.EXTERNAL_PARAMETER_ENTITIES_FEATURE + " or " + Constants.LOAD_EXTERNAL_DTD_FEATURE
+                    + " or secure-processing.");
+        }
+        return spf;
+    }
+
     /**
      * Resolve user.
      *

components/application-mgt/org.wso2.carbon.identity.application.mgt/src/main/java/org/wso2/carbon/identity/application/mgt/listener/ApplicationIdentityProviderMgtListener.java

@@ -30,6 +30,7 @@
 import org.wso2.carbon.identity.application.mgt.cache.IdentityServiceProviderCache;
 import org.wso2.carbon.identity.application.mgt.dao.ApplicationDAO;
 import org.wso2.carbon.identity.application.mgt.dao.impl.CacheBackedApplicationDAO;
+import org.wso2.carbon.idp.mgt.IdentityProviderManagementClientException;
 import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
 import org.wso2.carbon.idp.mgt.IdentityProviderManager;
 import org.wso2.carbon.idp.mgt.listener.AbstractIdentityProviderMgtListener;
@@ -169,8 +170,8 @@ private void validateIdpDisable(IdentityProvider identityProvider, String tenant
                     identityProviderManager.isOutboundConnectorReferredBySP(identityProvider.getResourceId(),
                             identityProvider.getIdentityProviderName(), provisioningConnectorConfig.getName(),
                             tenantDomain)) {
-                throw new IdentityProviderManagementException(provisioningConnectorConfig.getName() +
-                        " outbound provisioning connector is referred by service providers.");
+                throw new IdentityProviderManagementClientException(provisioningConnectorConfig.getName() +
+                        " connector is already configured for outbound provisioning.");
             }
         }
     }