1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.cadi.wsse;
\r
25 import java.io.IOException;
\r
26 import java.io.InputStream;
\r
28 import javax.xml.stream.XMLStreamException;
\r
30 import org.onap.aaf.cadi.BasicCred;
\r
36 * Read the User and Password from WSSE Formatted SOAP Messages
\r
38 * This class uses StAX so that processing is stopped as soon as the Security User/Password are read into BasicCred, or the Header Ends
\r
40 * This class is intended to be created once (or very few times) and reused as much as possible.
\r
42 * It is as thread safe as StAX parsing is.
\r
45 public class WSSEParser {
\r
46 private static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
\r
47 private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
\r
48 private Match<BasicCred> parseTree;
\r
49 //private XMLInputFactory inputFactory;
\r
51 public WSSEParser() {
\r
52 // soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/[wsse:Password&wsse:Username]
\r
53 parseTree = new Match<BasicCred>(SOAP_NS,"root", // need a root level to start from... Doesn't matter what the tag is
\r
54 new Match<BasicCred>(SOAP_NS,"Envelope",
\r
55 new Match<BasicCred>(SOAP_NS,"Header",
\r
56 new Match<BasicCred>(WSSE_NS,"Security",
\r
57 new Match<BasicCred>(WSSE_NS,"UsernameToken",
\r
58 new Match<BasicCred>(WSSE_NS,"Password").set(new Action<BasicCred>() {
\r
59 public boolean content(BasicCred bc,String text) {
\r
60 bc.setCred(text.getBytes());
\r
64 new Match<BasicCred>(WSSE_NS,"Username").set(new Action<BasicCred>() {
\r
65 public boolean content(BasicCred bc,String text) {
\r
70 ).stopAfter() // if found, end when UsernameToken ends (no further processing needed)
\r
72 ).stopAfter() // Stop Processing when Header Ends
\r
73 ).exclusive()// Envelope must match Header, and no other. FYI, Body comes after Header short circuits (see above), so it's ok
\r
74 ).exclusive(); // root must be Envelope
\r
75 //inputFactory = XMLInputFactory.newInstance();
\r
78 public XMLStreamException parse(BasicCred bc, InputStream is) throws IOException {
\r
80 parseTree.onMatch(bc, new XReader(is));
\r
82 } catch (XMLStreamException e) {
\r