core/src/main/java/com/att/cadi/wsse/WSSEParser.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aai\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * Copyright © 2017 Amdocs\r
   7  * * ===========================================================================\r
   8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   9  * * you may not use this file except in compliance with the License.\r
  10  * * You may obtain a copy of the License at\r
  11  * * \r
  12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  13  * * \r
  14  *  * Unless required by applicable law or agreed to in writing, software\r
  15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  17  * * See the License for the specific language governing permissions and\r
  18  * * limitations under the License.\r
  19  * * ============LICENSE_END====================================================\r
  20  * *\r
  21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  22  * *\r
  23  ******************************************************************************/\r
  24 package com.att.cadi.wsse;\r
  25 \r
  26 import java.io.IOException;\r
  27 import java.io.InputStream;\r
  28 \r
  29 import javax.xml.stream.XMLStreamException;\r
  30 \r
  31 import com.att.cadi.BasicCred;\r
  32 \r
  33 \r
  34 /**\r
  35  * WSSE Parser\r
  36  * \r
  37  * Read the User and Password from WSSE Formatted SOAP Messages \r
  38  * \r
  39  * This class uses StAX so that processing is stopped as soon as the Security User/Password are read into BasicCred, or the Header Ends\r
  40  * \r
  41  * This class is intended to be created once (or very few times) and reused as much as possible.\r
  42  * \r
  43  * It is as thread safe as StAX parsing is.\r
  44  * \r
  45  */\r
  46 public class WSSEParser {\r
  47         private static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";\r
  48         private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";\r
  49         private Match<BasicCred> parseTree;\r
  50         //private XMLInputFactory inputFactory;\r
  51 \r
  52         public WSSEParser() {\r
  53                 // soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/[wsse:Password&wsse:Username]\r
  54                 parseTree = new Match<BasicCred>(SOAP_NS,"root", // need a root level to start from... Doesn't matter what the tag is\r
  55                         new Match<BasicCred>(SOAP_NS,"Envelope",\r
  56                                 new Match<BasicCred>(SOAP_NS,"Header",\r
  57                                         new Match<BasicCred>(WSSE_NS,"Security",\r
  58                                                 new Match<BasicCred>(WSSE_NS,"UsernameToken",\r
  59                                                         new Match<BasicCred>(WSSE_NS,"Password").set(new Action<BasicCred>() {\r
  60                                                                 public boolean content(BasicCred bc,String text) {\r
  61                                                                         bc.setCred(text.getBytes());\r
  62                                                                         return true;\r
  63                                                                 }\r
  64                                                         }),\r
  65                                                         new Match<BasicCred>(WSSE_NS,"Username").set(new Action<BasicCred>() {\r
  66                                                                 public boolean content(BasicCred bc,String text) {\r
  67                                                                         bc.setUser(text);\r
  68                                                                         return true;\r
  69                                                                 }\r
  70                                                         })\r
  71                                                 ).stopAfter() // if found, end when UsernameToken ends (no further processing needed)\r
  72                                         )\r
  73                                 ).stopAfter() // Stop Processing when Header Ends\r
  74                         ).exclusive()// Envelope must match Header, and no other.  FYI, Body comes after Header short circuits (see above), so it's ok\r
  75                 ).exclusive(); // root must be Envelope\r
  76                 //inputFactory = XMLInputFactory.newInstance();\r
  77         }\r
  78         \r
  79         public XMLStreamException parse(BasicCred bc, InputStream is) throws IOException {\r
  80                 try {\r
  81                         parseTree.onMatch(bc, new XReader(is));\r
  82                         return null;\r
  83                 } catch (XMLStreamException e) {\r
  84                         return e;\r
  85                 }\r
  86         }\r
  87 }\r