SecureVaultResolver.java

/*
 * Copyright (c) 2019, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.

 * WSO2 Inc. licenses this file to you under the Apache License,
 * Version 2.0 (the "License"); you may not use this file except
 * in compliance with the License.
 * You may obtain a copy of the License at

 * http://www.apache.org/licenses/LICENSE-2.0

 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.synapse.util.resolver;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.synapse.SynapseException;
import org.apache.synapse.core.SynapseEnvironment;
import org.apache.synapse.mediators.Value;
import org.apache.synapse.util.xpath.SynapseXPath;
import org.jaxen.JaxenException;

import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * Check the secret alias match with the vaultLookupPattern regex.
 */
public class SecureVaultResolver {

    private static Log log = LogFactory.getLog(CustomWSDLLocator.class);

    private SecureVaultResolver(){}

    /** regex for secure vault expression */
    private static final String SECURE_VAULT_REGEX = "\\{((.*?):vault-lookup\\('(.*?)'\\))\\}";

    private static Pattern vaultLookupPattern = Pattern.compile(SECURE_VAULT_REGEX);

    /**
     * Check the secret alias match with the vaultLookupPattern regex.
     *
     * @param aliasSecret Value of secret alias
     * @return boolean state of the pattern existence.
     */
    public static boolean checkVaultLookupPattersExists(String aliasSecret) {
        Matcher lookupMatcher = vaultLookupPattern.matcher(aliasSecret);
        return lookupMatcher.find();
    }

    /**
     * Convert the secret alias to the actual password using synapse message context.
     *
     * @param synapseEnvironment synapse environment
     * @param value Value of password from DBMediator
     * @return the actual password from the Secure Vault Password Management.
     */
    public static String resolve(SynapseEnvironment synapseEnvironment, String value) {
        //Password can be null, it is optional
        if (value == null) {
            return null;
        }
        Matcher lookupMatcher = vaultLookupPattern.matcher(value);
        String resolvedValue = value;
        if (lookupMatcher.find()) {
            Value expression = null;
            //getting the expression with out curly brackets
            String expressionStr = lookupMatcher.group(1);
            try {
                expression = new Value(new SynapseXPath(expressionStr));
            } catch (JaxenException e) {
                throw new SynapseException("Error while building the expression : " + expressionStr, e);
            }
            resolvedValue =
                    resolvedValue.replaceFirst(SECURE_VAULT_REGEX,
                            expression.evaluateValue(synapseEnvironment.createMessageContext()));
            if (StringUtils.isEmpty(resolvedValue)) {
                log.warn("Found Empty value for expression : " + expression.getExpression());
                resolvedValue = "";
            }
        }
        return resolvedValue;
    }
}