From b04236f7de32c311ea9428f2775db040c6727c98 Mon Sep 17 00:00:00 2001
From: stianst <stianst@gmail.com>
Date: Mon, 27 Sep 2021 16:25:40 +0200
Subject: [PATCH] Fix saml-core issues without changing Java version

---
 saml-core/pom.xml                                |  4 ++--
 .../saml/common/util/TransformerUtil.java        |  5 +++--
 .../processing/core/util/FixXMLConstants.java    | 16 ++++++++++++++++
 .../processing/core/util/JAXPValidationUtil.java |  4 ++--
 4 files changed, 23 insertions(+), 6 deletions(-)
 create mode 100644 saml-core/src/main/java/org/keycloak/saml/processing/core/util/FixXMLConstants.java

diff --git a/saml-core/pom.xml b/saml-core/pom.xml
index 008a158858..cc39c03d1e 100755
--- a/saml-core/pom.xml
+++ b/saml-core/pom.xml
@@ -31,8 +31,8 @@
     <description/>
 
     <properties>
-        <maven.compiler.target>1.8</maven.compiler.target>
-        <maven.compiler.source>1.8</maven.compiler.source>
+        <maven.compiler.target>1.7</maven.compiler.target>
+        <maven.compiler.source>1.7</maven.compiler.source>
 
         <timestamp>${maven.build.timestamp}</timestamp>
         <skip.security-manager.tests>true</skip.security-manager.tests>
diff --git a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
index f6fe90acad..e65a2e91a5 100755
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/TransformerUtil.java
@@ -23,6 +23,7 @@ import org.keycloak.saml.common.constants.GeneralConstants;
 import org.keycloak.saml.common.exceptions.ConfigurationException;
 import org.keycloak.saml.common.exceptions.ParsingException;
 import org.keycloak.saml.common.exceptions.ProcessingException;
+import org.keycloak.saml.processing.core.util.FixXMLConstants;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
@@ -116,9 +117,9 @@ public class TransformerUtil {
                     logger.warn("XML External Entity switches are not supported.  You may get XML injection vulnerabilities.");
                 }
                 try {
-                    transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_DTD, "");
+                    transformerFactory.setAttribute(FixXMLConstants.ACCESS_EXTERNAL_DTD, "");
 
-                    transformerFactory.setAttribute(XMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
+                    transformerFactory.setAttribute(FixXMLConstants.ACCESS_EXTERNAL_STYLESHEET, "");
                 } catch (Exception ignored) {
                     // some platforms don't support this.   For example our testsuite pulls Selenium which requires Xalan 2.7.1
                     logger.warn("XML External Entity switches are not supported.  You may get XML injection vulnerabilities.");
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/FixXMLConstants.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/FixXMLConstants.java
new file mode 100644
index 0000000000..027f3ee6c8
--- /dev/null
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/FixXMLConstants.java
@@ -0,0 +1,16 @@
+package org.keycloak.saml.processing.core.util;
+
+/**
+ * Constants copied from XMLConstants to work around issues with IntelliJ
+ *
+ * See https://issues.redhat.com/browse/KEYCLOAK-19403
+ */
+public class FixXMLConstants {
+
+    public static final String ACCESS_EXTERNAL_DTD = "http://javax.xml.XMLConstants/property/accessExternalDTD";
+
+    public static final String ACCESS_EXTERNAL_SCHEMA = "http://javax.xml.XMLConstants/property/accessExternalSchema";
+
+    public static final String ACCESS_EXTERNAL_STYLESHEET = "http://javax.xml.XMLConstants/property/accessExternalStylesheet";
+
+}
diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
index a1405a6d62..ba1ec9ddc8 100755
--- a/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
+++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/util/JAXPValidationUtil.java
@@ -98,8 +98,8 @@ public class JAXPValidationUtil {
             // Do not optimize the following into setProperty(...) && setProperty(...).
             // This way if it fails in the first setProperty, it will try the subsequent setProperty anyway
             // which it would not due to short-circuiting in case of an && expression.
-            boolean successful1 = setProperty(validator, XMLConstants.ACCESS_EXTERNAL_DTD, "");
-            successful1 &= setProperty(validator, XMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
+            boolean successful1 = setProperty(validator, FixXMLConstants.ACCESS_EXTERNAL_DTD, "");
+            successful1 &= setProperty(validator, FixXMLConstants.ACCESS_EXTERNAL_SCHEMA, "");
             boolean successful2 = setFeature(validator, feature_disallow_doctype_decl, true);
             successful2 &= setFeature(validator, feature_external_general_entities, false);
             successful2 &= setFeature(validator, feature_external_parameter_entities, false);