cadi/core/src/main/java/org/onap/aaf/cadi/wsse/WSSEParser.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.cadi.wsse;
  23
  24 import java.io.IOException;
  25 import java.io.InputStream;
  26
  27 import javax.xml.stream.XMLStreamException;
  28
  29 import org.onap.aaf.cadi.BasicCred;
  30
  31
  32 /**
  33  * WSSE Parser
  34  *
  35  * Read the User and Password from WSSE Formatted SOAP Messages
  36  *
  37  * This class uses StAX so that processing is stopped as soon as the Security User/Password are read into BasicCred, or the Header Ends
  38  *
  39  * This class is intended to be created once (or very few times) and reused as much as possible.
  40  *
  41  * It is as thread safe as StAX parsing is.
  42  *
  43  * @author Jonathan
  44  */
  45 public class WSSEParser {
  46         private static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
  47         private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
  48         private Match<BasicCred> parseTree;
  49         //private XMLInputFactory inputFactory;
  50
  51         public WSSEParser() {
  52                 // soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/[wsse:Password&wsse:Username]
  53                 parseTree = new Match<BasicCred>(SOAP_NS,"root", // need a root level to start from... Doesn't matter what the tag is
  54                         new Match<BasicCred>(SOAP_NS,"Envelope",
  55                                 new Match<BasicCred>(SOAP_NS,"Header",
  56                                         new Match<BasicCred>(WSSE_NS,"Security",
  57                                                 new Match<BasicCred>(WSSE_NS,"UsernameToken",
  58                                                         new Match<BasicCred>(WSSE_NS,"Password").set(new Action<BasicCred>() {
  59                                                                 public boolean content(BasicCred bc,String text) {
  60                                                                         bc.setCred(text.getBytes());
  61                                                                         return true;
  62                                                                 }
  63                                                         }),
  64                                                         new Match<BasicCred>(WSSE_NS,"Username").set(new Action<BasicCred>() {
  65                                                                 public boolean content(BasicCred bc,String text) {
  66                                                                         bc.setUser(text);
  67                                                                         return true;
  68                                                                 }
  69                                                         })
  70                                                 ).stopAfter() // if found, end when UsernameToken ends (no further processing needed)
  71                                         )
  72                                 ).stopAfter() // Stop Processing when Header Ends
  73                         ).exclusive()// Envelope must match Header, and no other.  FYI, Body comes after Header short circuits (see above), so it's ok
  74                 ).exclusive(); // root must be Envelope
  75                 //inputFactory = XMLInputFactory.newInstance();
  76         }
  77
  78         public XMLStreamException parse(BasicCred bc, InputStream is) throws IOException {
  79                 try {
  80                         parseTree.onMatch(bc, new XReader(is));
  81                         return null;
  82                 } catch (XMLStreamException e) {
  83                         return e;
  84                 }
  85         }
  86 }