parco_ws_security/
security.rs

1use parco_xml::xml;
2
3use crate::{SignedInfo, Timestamp, wssu_id::WSSUId};
4
5/// Represents a complete WS-Security SOAP header.
6#[derive(Clone, Debug)]
7pub struct Security<'a> {
8    /// Timestamp defining the message validity window.
9    pub timestamp: Timestamp,
10    /// Base64-encoded X.509 certificate.
11    pub binary_security_token: BinarySecurityToken<'a>,
12    /// XML Signature metadata referencing the timestamp.
13    pub signed_info: SignedInfo,
14    /// Base64-encoded RSA signature value.
15    pub signature: String,
16}
17
18/// Represents the binary security token header
19///
20/// the easiest way to build it is via [`BinarySecurityToken::new`] which takes care of [`WSSUId`]s for you
21#[derive(Clone, Debug)]
22pub struct BinarySecurityToken<'a> {
23    /// the actual base64 cert
24    pub binary_security_token: &'a str,
25    /// the wssu id used for this element
26    pub wssu_id: WSSUId,
27}
28
29xml! {
30    ref Security;
31
32    @ns {
33        dsig = "http://www.w3.org/2000/09/xmldsig#",
34        soap = "http://schemas.xmlsoap.org/soap/envelope/",
35        wsse = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd",
36        wssu = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd",
37    }
38
39    wsse:Security soap:mustUnderstand="1" {
40        (self.timestamp.display())
41
42        wsse:BinarySecurityToken
43            EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
44            ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
45            wssu:Id=(self.binary_security_token.wssu_id.no_hash()) {
46                (self.binary_security_token.binary_security_token)
47            }
48
49        dsig:Signature {
50            (self.signed_info.display())
51
52            dsig:SignatureValue {
53                (self.signature)
54            }
55
56            dsig:KeyInfo {
57                wsse:SecurityTokenReference {
58                    wsse:Reference
59                        URI=(self.binary_security_token.wssu_id.with_hash())
60                        ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" {}
61                }
62            }
63        }
64    }
65}
66
67impl<'a> BinarySecurityToken<'a> {
68    /// construct a new BinarySecurityToken via the base64 cert and generates the [WSSUId] for you
69    pub fn new(binary_security_token: &'a str) -> Self {
70        Self {
71            binary_security_token,
72            wssu_id: WSSUId::new(),
73        }
74    }
75}