components/camel-xmlsecurity/src/main/java/org/apache/camel/component/xmlsecurity/processor/XmlSignatureProcessor.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.camel.component.xmlsecurity.processor;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.util.Map;

import javax.xml.XMLConstants;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;

import org.xml.sax.SAXException;

import org.apache.camel.Message;
import org.apache.camel.Processor;
import org.apache.camel.component.validator.DefaultLSResourceResolver;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureConstants;
import org.apache.camel.component.xmlsecurity.api.XmlSignatureException;
import org.apache.camel.support.ResourceHelper;
import org.apache.camel.util.IOHelper;
import org.apache.camel.util.ObjectHelper;
import org.apache.camel.util.xml.BytesSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public abstract class XmlSignatureProcessor implements Processor {

    private static final Logger LOG = LoggerFactory.getLogger(XmlSignatureProcessor.class);

    static {
        try {
            SantuarioUtil.initializeSantuario();
            SantuarioUtil.addSantuarioJSR105Provider();
        } catch (Throwable t) { //NOPMD
            // provider not in classpath, ignore and fall back to jre default
            LOG.info("Cannot add the SantuarioJSR105Provider due to {0}, fall back to JRE default.", t);
        }
    }

    public abstract XmlSignatureConfiguration getConfiguration();

    void setUriDereferencerAndBaseUri(XMLCryptoContext context) {
        setUriDereferencer(context);
        setBaseUri(context);
    }

    private void setUriDereferencer(XMLCryptoContext context) {
        if (getConfiguration().getUriDereferencer() != null) {
            context.setURIDereferencer(getConfiguration().getUriDereferencer());
            LOG.debug("URI dereferencer set");
        }
    }

    private void setBaseUri(XMLCryptoContext context) {
        if (getConfiguration().getBaseUri() != null) {
            context.setBaseURI(getConfiguration().getBaseUri());
            LOG.debug("Base URI {} set", context.getBaseURI());
        }
    }

    protected void setCryptoContextProperties(XMLCryptoContext cryptoContext) {
        Map<String, ? extends Object> props = getConfiguration().getCryptoContextProperties();
        if (props == null) {
            return;
        }
        for (String prop : props.keySet()) {
            Object val = props.get(prop);
            cryptoContext.setProperty(prop, val);
            LOG.debug("Context property {} set to value {}", prop, val);
        }
    }

    protected void clearMessageHeaders(Message message) {
        if (getConfiguration().getClearHeaders() != null && getConfiguration().getClearHeaders()) {
            Map<String, Object> headers = message.getHeaders();
            for (Field f : XmlSignatureConstants.class.getFields()) {
                headers.remove(ObjectHelper.lookupConstantFieldValue(XmlSignatureConstants.class, f.getName()));
            }
        }
    }

    protected Schema getSchema(Message message) throws SAXException, XmlSignatureException, IOException {

        String schemaResourceUri = getSchemaResourceUri(message);
        if (schemaResourceUri == null || schemaResourceUri.isEmpty()) {
            return null;
        }
        InputStream is = ResourceHelper.resolveResourceAsInputStream(getConfiguration().getCamelContext().getClassResolver(),
                schemaResourceUri);
        if (is == null) {
            throw new XmlSignatureException(
                    "XML Signature component is wrongly configured: No XML schema found for specified schema resource URI "
                            + schemaResourceUri);
        }
        byte[] bytes;
        try {
            bytes = message.getExchange().getContext().getTypeConverter().convertTo(byte[].class, is);
        } finally {
            // and make sure to close the input stream after the schema has been loaded
            IOHelper.close(is);
        }
        SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
        schemaFactory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        schemaFactory.setResourceResolver(new DefaultLSResourceResolver(getConfiguration().getCamelContext(), getConfiguration()
                .getSchemaResourceUri()));
        LOG.debug("Instantiating schema for validation");
        return schemaFactory.newSchema(new BytesSource(bytes));
    }

    protected String getSchemaResourceUri(Message message) {
        String schemaResourceUri = message.getHeader(XmlSignatureConstants.HEADER_SCHEMA_RESOURCE_URI, String.class);
        if (schemaResourceUri == null) {
            schemaResourceUri = getConfiguration().getSchemaResourceUri();
        }
        LOG.debug("schema resource URI: {}", getConfiguration().getSchemaResourceUri());
        return schemaResourceUri;
    }

}