Java tutorial
//package com.java2s; // Licensed under the Apache License, Version 2.0 (the "License"); import org.w3c.dom.Node; import java.util.Arrays; import java.util.HashMap; import java.util.Map; import java.util.Map.Entry; import java.util.regex.Matcher; import java.util.regex.Pattern; public class Main { private static final String[] SENSITIVE_HEADER_TAGS = { "authToken", "authentication" }; private static final String SENSITIVE_REGEX = "(^.*<(?:[^:]+:)?%s(?:\\s[^>]*)?>).*(<\\/(?:[^:]+:)?%s\\s*>.*$)"; /** * Gets a sanitized soap XML request stripped of sensitive headers * defined in {@code SENSITIVE_HEADER_TAGS}. * * @param xml the XML to sanitize * @param headerNode the {@code Node} header from {@code xml} * @return a {@code String} representation of the XML with sensitive values * removed */ public static String getSanitizedSoapXml(String xml, Node headerNode) { Map<String, String> dirtyXmlMap = createTagToDirtyXmlMap(headerNode); Map<String, String> cleanXmlMap = createTagToCleanXmlMap(dirtyXmlMap); return sanitizeXml(new StringBuilder(xml), dirtyXmlMap, cleanXmlMap); } /** * Creates a map of tag name to dirty header XML from the SOAP header node. * * @param headerNode the header node to extract all XML from * @return a map of tag name to dirty header XML */ private static Map<String, String> createTagToDirtyXmlMap(Node headerNode) { Map<String, String> dirtyXmlMap = new HashMap<String, String>(); for (int i = 0; i < headerNode.getChildNodes().getLength(); i++) { Node headerChildNode = headerNode.getChildNodes().item(i); if (Arrays.asList(SENSITIVE_HEADER_TAGS).contains(headerChildNode.getLocalName())) { dirtyXmlMap.put(headerChildNode.getLocalName(), headerChildNode.toString()); } } return dirtyXmlMap; } /** * Creates a map of tag name to clean header XML by running a substitution * regex on each entry of tag to dirty header XML. * * @param dirtyXmlMap a map of tag name to dirty header XML * @return a map of tag name to clean header XML */ private static Map<String, String> createTagToCleanXmlMap(Map<String, String> dirtyXmlMap) { Map<String, String> cleanXmlMap = new HashMap<String, String>(); for (Entry<String, String> sensitiveXml : dirtyXmlMap.entrySet()) { Pattern p = Pattern.compile( String.format(SENSITIVE_REGEX, sensitiveXml.getKey(), sensitiveXml.getKey()), Pattern.CASE_INSENSITIVE | Pattern.DOTALL); Matcher m = p.matcher(sensitiveXml.getValue()); if (m.matches()) { cleanXmlMap.put(sensitiveXml.getKey(), m.replaceFirst("$1******$2")); } } return cleanXmlMap; } /** * Sanitizes the XML represented by {@code xml} by replacing dirty header XML * snippets in the {@code dirtyXmlMap} map with clean header XML snippets from * the {@code cleanXmlMap} map. * * @param xml the XML to sanitize * @param dirtyXmlMap a map of tag name to dirty XML header * @param cleanXmlMap a map of tag name to clean XML header * @return a sanitized copy of the XML with all sensitive tags masked */ private static String sanitizeXml(StringBuilder xml, Map<String, String> dirtyXmlMap, Map<String, String> cleanXmlMap) { for (Entry<String, String> cleanXml : cleanXmlMap.entrySet()) { String dirtyXml = dirtyXmlMap.get(cleanXml.getKey()); String endTag = cleanXml.getKey() + ">"; int startIndex = xml.indexOf(dirtyXml.split(" ")[0]); int endIndex = xml.lastIndexOf(endTag) + endTag.length(); xml = xml.replace(startIndex, endIndex, cleanXml.getValue()); } return xml.toString(); } }