Upgrade uses of Jena to 5.3.0 (hapifhir#6704)

* Upgrade uses of Jena to 5.3.0
-fixes CVE-2024-7254 in dependencies prior to 5.2.0
-hapi-fhir-base: include httpclient dependency which was removed from jena-arq
-hapi-fhir-base RDFParser: init JenaSystem on initialization
-hapi-fhir-base RDFParser: specify signature for null values on methods that are overloaded
-hapi-fhir-base RDFUtil: Jena Riot RDFDataMgr no longer accepts reading and writing
into generic reader and writer. Handle reading for StringReader and InputStreamReader.
Handle writing by building an output stream from the writer.
-hapi-fhir-structures-r4: Remove shexjava dependency - unmaintained
-hapi-fhir-structures-r4: Use jena-shex for shex validation
-hapi-fhir-structures-r4 RDFParserTest: use jena libraries - compatibile with jena-shex
-hapi-fhir-structures-r4 RDFParserTest: simplify FixedShapeMapEntry by attaching nodes vs recreating them (handles blank nodes)
-hapi-fhir-structures-r4 RDFParserR4Test: jena 5.0.0 defaults to using PREFIX, not @Prefix. Read testing strings and
use isomorphic comparison to check for equality. Added extra assertion to test isomorphism check.

* Credit for hapifhir#6704

* Add missing error codes to exceptions

---------

Co-authored-by: James Agnew <[email protected]>

Author: krauzer

hapi-fhir-base/pom.xml

@@ -62,15 +62,18 @@
 			<optional>true</optional>
 		</dependency>
 
-		<!-- <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId> 
+		<!-- <dependency> <groupId>xerces</groupId> <artifactId>xercesImpl</artifactId>
 			<version>2.11.0</version> <optional>true</optional> </dependency> -->
 
 		<!-- General -->
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
 		</dependency>
-
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+		</dependency>
 		<!-- JENA Dependencies - Used for Turtle encoding -->
 		<dependency>
 			<groupId>org.apache.jena</groupId>

hapi-fhir-base/src/main/java/ca/uhn/fhir/parser/RDFParser.java

@@ -96,6 +96,11 @@ public class RDFParser extends BaseParser {
 	private static final org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(RDFParser.class);
 
 	public static final String NODE_ROLE = "nodeRole";
+
+	static {
+		org.apache.jena.sys.JenaSystem.init(); // Jena must be initialized before RDF.type.getURI() is run;
+	}
+
 	private static final List<String> ignoredPredicates =
 			Arrays.asList(RDF.type.getURI(), FHIR_NS + FHIR_INDEX, FHIR_NS + NODE_ROLE);
 	public static final String TREE_ROOT = "treeRoot";
@@ -158,7 +163,11 @@ protected void doEncodeResourceToWriter(
 
 		encodeResourceToRDFStreamWriter(resource, rdfModel, false, resourceId, encodeContext, true, null);
 
-		RDFUtil.writeRDFModel(writer, rdfModel, lang);
+		try {
+			RDFUtil.writeRDFModel(writer, rdfModel, lang);
+		} catch (Exception e) {
+			throw new DataFormatException(Msg.code(2618) + "Error writing RDF model to writer", e);
+		}
 	}
 
 	/**
@@ -172,7 +181,13 @@ protected void doEncodeResourceToWriter(
 	@Override
 	protected <T extends IBaseResource> T doParseResource(final Class<T> resourceType, final Reader reader)
 			throws DataFormatException {
-		Model model = RDFUtil.readRDFToModel(reader, this.lang);
+
+		Model model = null;
+		try {
+			model = RDFUtil.readRDFToModel(reader, this.lang);
+		} catch (Exception e) {
+			throw new DataFormatException(Msg.code(2619) + "Error reading RDF model from reader", e);
+		}
 		return parseResource(resourceType, model);
 	}
 
@@ -213,7 +228,7 @@ private Resource encodeResourceToRDFStreamWriter(
 
 		if (parentResource == null) {
 			if (!resource.getIdElement().toUnqualified().hasIdPart()) {
-				parentResource = rdfModel.getResource(null);
+				parentResource = rdfModel.getResource((String) null);
 			} else {
 
 				String resourceUri = IRIs.resolve(

hapi-fhir-base/src/main/java/ca/uhn/fhir/util/rdf/RDFUtil.java

@@ -19,12 +19,18 @@
  */
 package ca.uhn.fhir.util.rdf;
 
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.io.output.WriterOutputStream;
 import org.apache.jena.rdf.model.Model;
 import org.apache.jena.rdf.model.ModelFactory;
 import org.apache.jena.riot.Lang;
 import org.apache.jena.riot.RDFDataMgr;
 
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStream;
 import java.io.Reader;
+import java.io.StringReader;
 import java.io.Writer;
 
 public class RDFUtil {
@@ -34,17 +40,28 @@ public static Model initializeRDFModel() {
 		return ModelFactory.createDefaultModel();
 	}
 
-	public static Model readRDFToModel(final Reader reader, final Lang lang) {
+	public static Model readRDFToModel(final Reader reader, final Lang lang) throws IOException {
+		// Jena has removed methods that use a generic Reader.
+		// reads only from InputStream, StringReader, or String
+		// Reader must be explicitly cast to StringReader
 		Model rdfModel = initializeRDFModel();
-		RDFDataMgr.read(rdfModel, reader, null, lang);
+		if (reader instanceof StringReader) {
+			RDFDataMgr.read(rdfModel, (StringReader) reader, null, lang);
+		} else if (reader instanceof InputStreamReader) {
+			String content = IOUtils.toString(reader);
+			RDFDataMgr.read(rdfModel, new StringReader(content), null, lang);
+		}
 		return rdfModel;
 	}
 
-	public static void writeRDFModel(Writer writer, Model rdfModel, Lang lang) {
-		// This writes to the provided Writer.
-		// Jena has deprecated methods that use a generic Writer
-		// writer could be explicitly casted to StringWriter in order to hit a
-		// non-deprecated overload
-		RDFDataMgr.write(writer, rdfModel, lang);
+	public static void writeRDFModel(Writer writer, Model rdfModel, Lang lang) throws IOException {
+		// Jena has removed methods that use a generic Writer.
+		// Writer must be explicitly cast to StringWriter or OutputStream
+		// in order to hit a write method.
+		OutputStream outputStream = WriterOutputStream.builder()
+				.setWriter(writer)
+				.setCharset("UTF-8")
+				.get();
+		RDFDataMgr.write(outputStream, rdfModel, lang);
 	}
 }

hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/8_2_0/6704-upgrade-jena.yaml

@@ -0,0 +1,5 @@
+---
+type: change
+issue: 6704
+title: "The JENA library used to provide RDF/Turtle encoding and parsing services has been
+  upgraded from 4.9.0 to 5.3.0. Thanks to Dylan Krause for the contribution!"

hapi-fhir-structures-r4/pom.xml

@@ -13,10 +13,6 @@
 	<artifactId>hapi-fhir-structures-r4</artifactId>
 	<packaging>bundle</packaging>
 
-	<properties>
-		<shexjava_version>1.3beta</shexjava_version>
-	</properties>
-
 	<name>HAPI FHIR Structures - FHIR R4</name>
 
 	<dependencies>
@@ -25,7 +21,7 @@
 			<artifactId>okhttp</artifactId>
 			<optional>true</optional>
 		</dependency>
-		
+
 		<dependency>
 			<groupId>ca.uhn.hapi.fhir</groupId>
 			<artifactId>hapi-fhir-base</artifactId>
@@ -59,7 +55,7 @@
 			</exclusions>
 		</dependency>
 
-		<!-- 
+		<!--
 		Optional dependencies from RI codebase
 		-->
 		<dependency>
@@ -85,7 +81,7 @@
 
 
 		<!--
-		Test dependencies on other optional parts of HAPI 
+		Test dependencies on other optional parts of HAPI
 		-->
 		<dependency>
 			<groupId>ca.uhn.hapi.fhir</groupId>
@@ -124,21 +120,8 @@
 			</exclusions>
 		</dependency>
 		<dependency>
-			<groupId>fr.inria.lille.shexjava</groupId>
-			<artifactId>shexjava-core</artifactId>
-			<version>${shexjava_version}</version>
-			<scope>test</scope>
-			<exclusions>
-				<!-- If this is included it confused the RDFParser -->
-				<exclusion>
-					<groupId>org.apache.commons</groupId>
-					<artifactId>commons-rdf-jena</artifactId>
-				</exclusion>
-				<exclusion>
-					<artifactId>xml-apis</artifactId>
-					<groupId>xml-apis</groupId>
-				</exclusion>
-			</exclusions>
+			<groupId>org.apache.jena</groupId>
+			<artifactId>jena-shex</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>com.helger.commons</groupId>

hapi-fhir-structures-r4/src/test/java/ca/uhn/fhir/parser/RDFParserR4Test.java

@@ -2,20 +2,26 @@
 
 import ca.uhn.fhir.context.FhirContext;
 import ca.uhn.fhir.rest.server.exceptions.InternalErrorException;
+import org.apache.jena.rdf.model.Model;
+import org.apache.jena.rdf.model.ModelFactory;
+import org.apache.jena.riot.Lang;
+import org.apache.jena.riot.RDFDataMgr;
 import org.hl7.fhir.r4.model.DecimalType;
 import org.hl7.fhir.r4.model.HumanName;
 import org.hl7.fhir.r4.model.Patient;
 import org.hl7.fhir.r4.model.StringType;
 import org.junit.jupiter.api.Test;
 
+import java.io.StringReader;
+
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertTrue;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
 public class RDFParserR4Test {
 	private static final FhirContext ourCtx = FhirContext.forR4Cached();
 
-
-
 	@Test
 	public void testEncodeToString_PrimitiveDataType() {
 		DecimalType object = new DecimalType("123.456000");
@@ -43,8 +49,32 @@ public void testEncodeToString_Resource() {
 			        fhir:nodeRole        fhir:treeRoot .
 			""";
 
+		Model expectedModel = ModelFactory.createDefaultModel();
+		RDFDataMgr.read(expectedModel, new StringReader(expected), null, Lang.TURTLE);
+
 		String actual = ourCtx.newRDFParser().encodeToString(p);
-		assertEquals(expected, actual);
+		Model actualModel = ModelFactory.createDefaultModel();
+		RDFDataMgr.read(actualModel, new StringReader(actual), null, Lang.TURTLE);
+
+		assertTrue(expectedModel.isIsomorphicWith(actualModel));
+
+		String unexpected = """
+			@prefix fhir: <http://hl7.org/fhir/> .
+			@prefix rdf:  <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
+			@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
+			@prefix sct:  <http://snomed.info/id#> .
+			@prefix xsd:  <http://www.w3.org/2001/XMLSchema#> .
+			   
+			<http://hl7.org/fhir/Patient/123>
+			        rdf:type             fhir:Patient;
+			        fhir:Patient.active  [ fhir:value  true ];
+			        fhir:Resource.id     [ fhir:value  "124" ];
+			        fhir:nodeRole        fhir:treeRoot .
+			""";
+
+		Model unexpectedModel = ModelFactory.createDefaultModel();
+		RDFDataMgr.read(unexpectedModel, new StringReader(unexpected), null, Lang.TURTLE);
+		assertFalse(actualModel.isIsomorphicWith(unexpectedModel));
 	}
 
 	@Test