2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.wsse;
24 import java.io.InputStream;
26 import javax.xml.stream.XMLStreamException;
28 import org.onap.aaf.cadi.BasicCred;
34 * Read the User and Password from WSSE Formatted SOAP Messages
36 * This class uses StAX so that processing is stopped as soon as the Security User/Password are read into BasicCred, or the Header Ends
38 * This class is intended to be created once (or very few times) and reused as much as possible.
40 * It is as thread safe as StAX parsing is.
44 public class WSSEParser {
45 private static final String SOAP_NS = "http://schemas.xmlsoap.org/soap/envelope/";
46 private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
47 private Match<BasicCred> parseTree;
50 // soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/[wsse:Password&wsse:Username]
51 parseTree = new Match<BasicCred>(SOAP_NS,"root", // need a root level to start from... Doesn't matter what the tag is
52 new Match<BasicCred>(SOAP_NS,"Envelope",
53 new Match<BasicCred>(SOAP_NS,"Header",
54 new Match<BasicCred>(WSSE_NS,"Security",
55 new Match<BasicCred>(WSSE_NS,"UsernameToken",
56 new Match<BasicCred>(WSSE_NS,"Password").set(new Action<BasicCred>() {
57 public boolean content(BasicCred bc,String text) {
58 bc.setCred(text.getBytes());
62 new Match<BasicCred>(WSSE_NS,"Username").set(new Action<BasicCred>() {
63 public boolean content(BasicCred bc,String text) {
68 ).stopAfter() // if found, end when UsernameToken ends (no further processing needed)
70 ).stopAfter() // Stop Processing when Header Ends
71 ).exclusive()// Envelope must match Header, and no other. FYI, Body comes after Header short circuits (see above), so it's ok
72 ).exclusive(); // root must be Envelope
75 public XMLStreamException parse(BasicCred bc, InputStream is) {
77 parseTree.onMatch(bc, new XReader(is));
79 } catch (XMLStreamException e) {