You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by mi...@apache.org on 2008/04/03 11:05:58 UTC
svn commit: r644231 - in /webservices/rampart/scratch/c/pkcs/c:
include/oxs_key_mgr.h include/oxs_utility.h src/omxmlsec/encryption.c
src/omxmlsec/key_mgr.c src/util/rampart_sec_header_processor.c
Author: milinda
Date: Thu Apr 3 02:05:56 2008
New Revision: 644231
URL: http://svn.apache.org/viewvc?rev=644231&view=rev
Log:
Changes to key management.
Modified:
webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h
webservices/rampart/scratch/c/pkcs/c/include/oxs_utility.h
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/encryption.c
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c
webservices/rampart/scratch/c/pkcs/c/src/util/rampart_sec_header_processor.c
Modified: webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h?rev=644231&r1=644230&r2=644231&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h (original)
+++ webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h Thu Apr 3 02:05:56 2008
@@ -63,10 +63,11 @@
* @password the password for the key store
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
- AXIS2_EXTERN axis2_status_t AXIS2_CALL
- oxs_key_mgr_load_key(const axutil_env_t *env,
- oxs_asym_ctx_t *ctx,
- axis2_char_t *password);
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ oxs_key_mgr_load_key(
+ oxs_key_mgr_t *key_mgr,
+ const axutil_env_t *env,
+ oxs_asym_ctx_t *ctx);
/**
* Loads a private key from a string buffer @pem_buf which of PEM format.
* -----BEGIN RSA PRIVATE KEY-----
Modified: webservices/rampart/scratch/c/pkcs/c/include/oxs_utility.h
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/include/oxs_utility.h?rev=644231&r1=644230&r2=644231&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/include/oxs_utility.h (original)
+++ webservices/rampart/scratch/c/pkcs/c/include/oxs_utility.h Thu Apr 3 02:05:56 2008
@@ -32,6 +32,7 @@
#include <axis2_defines.h>
#include <axutil_env.h>
#include <oxs_asym_ctx.h>
+#include <oxs_key_mgr.h>
#ifdef __cplusplus
extern "C"
@@ -65,7 +66,7 @@
* @param env pointer to environment struct
* @param file_name the file name
**/
- AXIS2_EXTERN oxs_asym_ctx_format_t AXIS2_CALL
+ AXIS2_EXTERN oxs_key_mgr_format_t AXIS2_CALL
oxs_util_get_format_by_file_extension(const axutil_env_t *env,
axis2_char_t *file_name);
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/encryption.c?rev=644231&r1=644230&r2=644231&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/encryption.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/encryption.c Thu Apr 3 02:05:56 2008
@@ -211,7 +211,6 @@
openssl_pkey_t *pkey = NULL;
oxs_asym_ctx_operation_t operation = -1;
axis2_status_t status = AXIS2_FAILURE;
- axis2_char_t *password = NULL;
axis2_char_t *algorithm = NULL;
axis2_char_t *padding = NULL;
@@ -230,17 +229,6 @@
else if ((axutil_strcmp(OXS_HREF_RSA_PKCS1, algorithm)) == 0)
{
padding = OPENSSL_RSA_PKCS1_PADDING;
- }
-
- /*Load the key using key manager*/
- password = oxs_asym_ctx_get_password(asym_ctx, env);
- status = oxs_key_mgr_load_key(env, asym_ctx, password);
- if (status == AXIS2_FAILURE)
- {
- oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,
- "Key loading failed for Key encryption");
-
- return AXIS2_FAILURE;
}
/*Check for the operation and call appropriate method*/
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c?rev=644231&r1=644230&r2=644231&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c Thu Apr 3 02:05:56 2008
@@ -407,9 +407,10 @@
* 2. Else if the key file name has specified, Take that as the source.
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-oxs_key_mgr_load_key(const axutil_env_t *env,
- oxs_asym_ctx_t *ctx,
- axis2_char_t *password)
+oxs_key_mgr_load_key(
+ oxs_key_mgr_t *key_mgr,
+ const axutil_env_t *env,
+ oxs_asym_ctx_t *ctx)
{
axis2_char_t *filename = NULL;
axis2_char_t *pem_buf = NULL;
@@ -426,61 +427,70 @@
/* If user has specified the certificate/private key directly we will extract the information from it.
* Else we will look for a file name to load the certificate/private key*/
- pem_buf = oxs_asym_ctx_get_pem_buf(ctx, env);
- if(pem_buf){
+ pem_buf = oxs_key_mgr_get_pem_buf(key_mgr, env);
+ if(pem_buf)
+ {
if( OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT == oxs_asym_ctx_get_operation(ctx, env) ||
- OXS_ASYM_CTX_OPERATION_PUB_DECRYPT == oxs_asym_ctx_get_operation(ctx, env)){
+ OXS_ASYM_CTX_OPERATION_PUB_DECRYPT == oxs_asym_ctx_get_operation(ctx, env))
+ {
/*load certificate from buf*/
status = openssl_x509_load_from_buffer(env, pem_buf, &cert);
- }else{
-
+ }
+ else
+ {
/*load private key from buf*/
- status = openssl_pem_buf_read_pkey(env, pem_buf, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
- if(status == AXIS2_FAILURE){
+ status = openssl_pem_buf_read_pkey(env, pem_buf, key_mgr->prv_key_password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
+ if(status == AXIS2_FAILURE)
+ {
prvkey = NULL;
}
}
- }else{
-
+ }
+ else
+ {
/* pem_buf is NULL. So we have to fetch the key in a file*/
/* Get file to be loaded. Can be either in PEM or PKCS12 format*/
- filename = oxs_asym_ctx_get_file_name(ctx, env);
- if(!filename){
- return AXIS2_FAILURE;
- }
-
- if(OXS_ASYM_CTX_FORMAT_PEM == oxs_asym_ctx_get_format(ctx, env)){
- oxs_asym_ctx_operation_t operation ;
- format = OPENSSL_X509_FORMAT_PEM;
-
-
- /*First let's check if this is a file containing a certificate*/
- status = openssl_x509_load_from_pem(env, filename, &cert);
-
- if((status == AXIS2_FAILURE) || (!cert)){
-
- /* If we cannot get the certificate then the file might contain either a public key or a private key*/
- /* The type depends on the operation*/
+ if(OXS_KEY_MGR_FORMAT_PEM == oxs_key_mgr_get_format(key_mgr, env))
+ {
+ oxs_asym_ctx_operation_t operation ;
operation = oxs_asym_ctx_get_operation(ctx, env);
- if((operation == OXS_ASYM_CTX_OPERATION_PRV_DECRYPT) || (operation == OXS_ASYM_CTX_OPERATION_PRV_ENCRYPT)){
- status = openssl_pem_read_pkey(env, filename, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
- if(status == AXIS2_FAILURE){
+ if((operation == OXS_ASYM_CTX_OPERATION_PRV_DECRYPT) || (operation == OXS_ASYM_CTX_OPERATION_PRV_ENCRYPT))
+ {
+ filename = oxs_key_mgr_get_private_key_file(key_mgr, env);
+ if(!filename)
+ return AXIS2_FAILURE;
+ status = openssl_pem_read_pkey(env, filename, key_mgr->prv_key_password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
+ if(status == AXIS2_FAILURE)
+ {
prvkey = NULL;
}
- } else if((operation == OXS_ASYM_CTX_OPERATION_PUB_DECRYPT) || (operation == OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT)){
- status = openssl_pem_read_pkey(env, filename, password, OPENSSL_PEM_PKEY_TYPE_PUBLIC_KEY, &pubkey);
- if(status == AXIS2_FAILURE){
+ }
+ else if(operation == OXS_ASYM_CTX_OPERATION_PUB_DECRYPT)
+ {
+ filename = oxs_key_mgr_get_reciever_certificate_file(key_mgr, env);
+ status = openssl_pem_read_pkey(env, filename, key_mgr->prv_key_password, OPENSSL_PEM_PKEY_TYPE_PUBLIC_KEY, &pubkey);
+ if(status == AXIS2_FAILURE)
+ {
+ pubkey = NULL;
+ }
+ }
+ else if(operation == OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT)
+ {
+ filename = oxs_key_mgr_get_reciever_certificate_file(key_mgr, env);
+ status = openssl_pem_read_pkey(env, filename, key_mgr->prv_key_password, OPENSSL_PEM_PKEY_TYPE_PUBLIC_KEY, &pubkey);
+ if(status == AXIS2_FAILURE)
+ {
pubkey = NULL;
}
}
- }
+
}else if(OXS_ASYM_CTX_FORMAT_PKCS12 == oxs_asym_ctx_get_format(ctx, env)){
format = OPENSSL_X509_FORMAT_PKCS12;
/* Here we load both key and the certificate*/
- status = openssl_x509_load_from_pkcs12(env, filename, password, &cert, &prvkey, &ca);
+ status = openssl_x509_load_from_pkcs12(env, filename, key_mgr->prv_key_password, &cert, &prvkey, &ca);
if(AXIS2_FAILURE == status){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_DEFAULT,
"Error reading the certificate");
@@ -601,7 +611,8 @@
}
AXIS2_EXTERN openssl_pkey_t* AXIS2_CALL
-oxs_key_mgr_load_private_key_from_pem_file(const axutil_env_t *env,
+oxs_key_mgr_load_private_key_from_pem_file(
+ const axutil_env_t *env,
axis2_char_t *filename,
axis2_char_t *password)
{
@@ -610,7 +621,7 @@
EVP_PKEY *prvkey = NULL;
/*Read EVP_PKEY*/
- status = openssl_pem_read_pkey(env, filename, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
+ status = openssl_pem_read_pkey(env, password, filename, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
/*Populate*/
if(prvkey){
Modified: webservices/rampart/scratch/c/pkcs/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/util/rampart_sec_header_processor.c?rev=644231&r1=644230&r2=644231&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/util/rampart_sec_header_processor.c Thu Apr 3 02:05:56 2008
@@ -697,7 +697,10 @@
oxs_key_mgr_set_prv_key_password(key_mgr, env, password);
}
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
-
+
+ /* TODO:Populate assymetric context */
+ oxs_key_mgr_load_key(key_mgr, env, asym_ctx);
+
/*Create an empty key*/
decrypted_sym_key = oxs_key_create(env);