Fix XML parsing issues that occur on dependency update (#3012)

We want to make sure that we use the same XML factories no matter what,
so we use "newDefaultFactory" instead of "newFactory" (to avoid picking
up some random thing on the classpath).

This also fixes an exception that occurs if you haven't synced the
internal repo with the public repo.

core/src/main/java/google/registry/flows/EppXmlSanitizer.java

@@ -15,6 +15,7 @@
 package google.registry.flows;
 
 import static com.google.common.base.Preconditions.checkState;
+import static google.registry.xml.XmlTransformer.createXmlInputFactory;
 
 import com.google.common.base.CharMatcher;
 import com.google.common.collect.ImmutableSet;
@@ -72,8 +73,8 @@ public class EppXmlSanitizer {
   private static final String DEFAULT_MASK = "*";
 
   private static final XMLInputFactory XML_INPUT_FACTORY = createXmlInputFactory();
-  private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newFactory();
-  private static final XMLEventFactory XML_EVENT_FACTORY = XMLEventFactory.newFactory();
+  private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newDefaultFactory();
+  private static final XMLEventFactory XML_EVENT_FACTORY = XMLEventFactory.newDefaultFactory();
 
   /**
    * Returns sanitized EPP XML message. For malformed XML messages, base64-encoded raw bytes will be
@@ -158,16 +159,4 @@ public class EppXmlSanitizer {
   private static boolean isMatchingEndEvent(XMLEvent xmlEvent, QName startEventName) {
     return xmlEvent.isEndElement() && xmlEvent.asEndElement().getName().equals(startEventName);
   }
-
-  private static XMLInputFactory createXmlInputFactory() {
-    XMLInputFactory xmlInputFactory = XMLInputFactory.newFactory();
-    // Coalesce adjacent data, so that all chars in a string will be grouped as one item.
-    xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, true);
-    // Preserve Name Space information.
-    xmlInputFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, true);
-    // Prevent XXE attacks.
-    xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
-    xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
-    return xmlInputFactory;
-  }
 }

core/src/main/java/google/registry/xml/XmlTransformer.java

@@ -41,7 +41,6 @@ import java.util.Collection;
 import java.util.Map;
 import javax.annotation.Nullable;
 import javax.xml.XMLConstants;
-import javax.xml.stream.FactoryConfigurationError;
 import javax.xml.stream.XMLInputFactory;
 import javax.xml.stream.XMLStreamException;
 import javax.xml.transform.OutputKeys;
@@ -69,7 +68,7 @@ public class XmlTransformer {
   private final JAXBContext jaxbContext;
 
   /** A factory for setting flags to disable XXE attacks. */
-  private static final XMLInputFactory XML_INPUT_FACTORY = createInputFactory();
+  private static final XMLInputFactory XML_INPUT_FACTORY = createXmlInputFactory();
 
   /** A {@link Schema} to validate XML. */
   private final Schema schema;
@@ -107,9 +106,13 @@ public class XmlTransformer {
     }
   }
 
-  private static XMLInputFactory createInputFactory() throws FactoryConfigurationError {
+  public static XMLInputFactory createXmlInputFactory() {
+    XMLInputFactory xmlInputFactory = XMLInputFactory.newDefaultFactory();
+    // Coalesce adjacent data, so that all chars in a string will be grouped as one item.
+    xmlInputFactory.setProperty(XMLInputFactory.IS_COALESCING, true);
+    // Preserve Name Space information.
+    xmlInputFactory.setProperty(XMLInputFactory.IS_NAMESPACE_AWARE, true);
     // Prevent XXE attacks.
-    XMLInputFactory xmlInputFactory = XMLInputFactory.newFactory();
     xmlInputFactory.setProperty(XMLInputFactory.IS_SUPPORTING_EXTERNAL_ENTITIES, false);
     xmlInputFactory.setProperty(XMLInputFactory.SUPPORT_DTD, false);
     return xmlInputFactory;