You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by sh...@apache.org on 2008/06/25 12:53:48 UTC
svn commit: r671507 [1/2] - in /webservices/rampart/trunk/c: build/win32/
ides/Rampart/Rampart/ include/ samples/client/sec_echo/
samples/sct_provider/ samples/secpolicy/ samples/secpolicy/scenario25/
samples/secpolicy/scenario26/ samples/server/sec_ec...
Author: shankar
Date: Wed Jun 25 03:53:47 2008
New Revision: 671507
URL: http://svn.apache.org/viewvc?rev=671507&view=rev
Log:
Support for Rahas module
Added:
webservices/rampart/trunk/c/include/rahas_mod.h
webservices/rampart/trunk/c/include/rahas_request_processor.h
webservices/rampart/trunk/c/samples/secpolicy/scenario25/
webservices/rampart/trunk/c/samples/secpolicy/scenario25/client-policy.xml
webservices/rampart/trunk/c/samples/secpolicy/scenario25/services.xml
webservices/rampart/trunk/c/samples/secpolicy/scenario26/
webservices/rampart/trunk/c/samples/secpolicy/scenario26/client-policy.xml
webservices/rampart/trunk/c/samples/secpolicy/scenario26/services.xml
webservices/rampart/trunk/c/src/data/rahas_module.xml
webservices/rampart/trunk/c/src/rahas/
webservices/rampart/trunk/c/src/rahas/mod_rahas.c
webservices/rampart/trunk/c/src/rahas/rahas_in_handler.c
webservices/rampart/trunk/c/src/rahas/rahas_request_processor.c
Modified:
webservices/rampart/trunk/c/build/win32/deploy_rampart.bat
webservices/rampart/trunk/c/build/win32/makefile
webservices/rampart/trunk/c/ides/Rampart/Rampart/Rampart.vcproj
webservices/rampart/trunk/c/include/trust_constants.h
webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.bat
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c
webservices/rampart/trunk/c/samples/secpolicy/README
webservices/rampart/trunk/c/samples/secpolicy/run_all.bat
webservices/rampart/trunk/c/samples/server/sec_echo/server_axis2.xml
webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c
webservices/rampart/trunk/c/src/secconv/sct_provider.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
Modified: webservices/rampart/trunk/c/build/win32/deploy_rampart.bat
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/build/win32/deploy_rampart.bat?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/build/win32/deploy_rampart.bat (original)
+++ webservices/rampart/trunk/c/build/win32/deploy_rampart.bat Wed Jun 25 03:53:47 2008
@@ -8,6 +8,11 @@
copy modules\rampart\module.xml %AXIS2C_HOME%\modules\rampart\
copy modules\rampart\mod_rampart.* %AXIS2C_HOME%\lib\
+md %AXIS2C_HOME%\modules\rahas\
+copy modules\rahas\mod_rahas.dll %AXIS2C_HOME%\modules\rahas\
+bin\samples\secpolicy\deploy.js modules\rahas\module.xml %AXIS2C_HOME%\modules\rahas\module.xml
+copy modules\rahas\mod_rahas.* %AXIS2C_HOME%\lib\
+
md %AXIS2C_HOME%\services\sec_echo\
copy bin\samples\services\sec_echo\sec_echo.dll %AXIS2C_HOME%\services\sec_echo\
copy bin\samples\services\sec_echo\services.xml %AXIS2C_HOME%\services\sec_echo\
Modified: webservices/rampart/trunk/c/build/win32/makefile
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/build/win32/makefile?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/build/win32/makefile (original)
+++ webservices/rampart/trunk/c/build/win32/makefile Wed Jun 25 03:53:47 2008
@@ -30,6 +30,8 @@
TRUST_SRC = $(RAMPART_SOURCE_DIR)\src\trust\*.c
+RAHAS_SRC = $(RAMPART_SOURCE_DIR)\src\rahas\*.c
+
MOD_RAMPART_INCLUDE_PATH = /I$(RAMPART_SOURCE_DIR)\include \
/I$(OPENSSL_BIN_DIR)\include \
/I$(AXIS2_BIN_DIR)\include
@@ -106,6 +108,7 @@
if not exist $(RAMPART_DISTDIR)\bin\samples\credential_provider mkdir $(RAMPART_DISTDIR)\bin\samples\credential_provider
if not exist $(RAMPART_DISTDIR)\bin\samples\data mkdir $(RAMPART_DISTDIR)\bin\samples\data
if not exist $(RAMPART_DISTDIR)\modules\rampart mkdir $(RAMPART_DISTDIR)\modules\rampart
+ if not exist $(RAMPART_DISTDIR)\modules\rahas mkdir $(RAMPART_DISTDIR)\modules\rahas
if not exist $(RAMPART_DISTDIR)\include mkdir $(RAMPART_DISTDIR)\include
clean:
@@ -115,6 +118,7 @@
intdirs:
if not exist $(RAMPART_INTDIR) mkdir $(RAMPART_INTDIR)
+ if not exist $(RAMPART_INTDIR)\rahas mkdir $(RAMPART_INTDIR)\rahas
if not exist $(RAMPART_INTDIR)\samples\callback\pwcb mkdir $(RAMPART_INTDIR)\samples\callback\pwcb
if not exist $(RAMPART_INTDIR)\samples\authn_provider mkdir $(RAMPART_INTDIR)\samples\authn_provider
if not exist $(RAMPART_INTDIR)\samples\replay_detector mkdir $(RAMPART_INTDIR)\samples\replay_detector
@@ -142,6 +146,16 @@
mod_rampart : $(RAMPART_DISTDIR)\modules\rampart\mod_rampart.dll
+$(RAMPART_DISTDIR)\modules\rahas\mod_rahas.dll : $(RAHAS_SRC)
+ $(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) $(RAHAS_SRC) /Fo$(RAMPART_INTDIR)\rahas\ /c
+ $(LD) /LIBPATH:$(RAMPART_DISTDIR)\modules\rampart $(LDFLAGS) $(RAMPART_INTDIR)\rahas\*.obj $(LIBS) axutil.lib axiom.lib \
+ axis2_parser.lib axis2_engine.lib neethi.lib mod_rampart.lib \
+ /DLL /OUT:$(RAMPART_DISTDIR)\modules\rahas\mod_rahas.dll /IMPLIB:$(RAMPART_DISTDIR)\modules\rahas\mod_rahas.lib
+ -@$(_VC_MANIFEST_EMBED_DLL)
+ copy $(RAMPART_SOURCE_DIR)\src\data\rahas_module.xml $(RAMPART_DISTDIR)\modules\rahas\module.xml
+
+mod_rahas : $(RAMPART_DISTDIR)\modules\rahas\mod_rahas.dll
+
$(RAMPART_DISTDIR)\bin\samples\callback\pwcb.dll : $(RAMPART_SOURCE_DIR)\samples\callback\pwcb.c
$(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) $(RAMPART_SOURCE_DIR)\samples\callback\pwcb.c \
/Fo$(RAMPART_INTDIR)\samples\callback\ /c
@@ -338,7 +352,7 @@
copy_docs:
if exist $(RAMPART_SOURCE_DIR)\docs xcopy /E /I /Y $(RAMPART_SOURCE_DIR)\docs $(RAMPART_DISTDIR)\docs
-dist: distdir intdirs mod_rampart mod_rampart_pwcb mod_rampart_authn mod_rampart_rd mod_rampart_sct_provider mod_rampart_sct_provider_hashdb mod_rampart_services_sec_echo mod_rampart_services_secconv_echo mod_rampart_services_saml_sts mod_rampart_samples_sec_echo mod_rampart_samples_saml_echo mod_rampart_samples_issued_token mod_rampart_samples_saml_protect mod_rampart_samples_credential_provider mod_rampart_copy_deploy mod_rampart_copy_include copy_dist_files copy_sec_policy mod_rampart_copy_keys del_am mod_rampart_sample_data copy_docs
+dist: distdir intdirs mod_rampart mod_rahas mod_rampart_pwcb mod_rampart_authn mod_rampart_rd mod_rampart_sct_provider mod_rampart_sct_provider_hashdb mod_rampart_services_sec_echo mod_rampart_services_secconv_echo mod_rampart_services_saml_sts mod_rampart_samples_sec_echo mod_rampart_samples_saml_echo mod_rampart_samples_issued_token mod_rampart_samples_saml_protect mod_rampart_samples_credential_provider mod_rampart_copy_deploy mod_rampart_copy_include copy_dist_files copy_sec_policy mod_rampart_copy_keys del_am mod_rampart_sample_data copy_docs
dist_no_samples: clean distdir intdirs mod_rampart mod_rampart_copy_include copy_dist_files
Modified: webservices/rampart/trunk/c/ides/Rampart/Rampart/Rampart.vcproj
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/ides/Rampart/Rampart/Rampart.vcproj?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/ides/Rampart/Rampart/Rampart.vcproj (original)
+++ webservices/rampart/trunk/c/ides/Rampart/Rampart/Rampart.vcproj Wed Jun 25 03:53:47 2008
@@ -710,6 +710,58 @@
>
</File>
</Filter>
+ <Filter
+ Name="rahas"
+ >
+ <File
+ RelativePath="..\..\..\src\rahas\mod_rahas.c"
+ >
+ <FileConfiguration
+ Name="Debug|Win32"
+ >
+ <Tool
+ Name="VCCLCompilerTool"
+ ObjectFile="$(IntDir)\$(InputName)1.obj"
+ XMLDocumentationFileName="$(IntDir)\$(InputName)1.xdc"
+ />
+ </FileConfiguration>
+ <FileConfiguration
+ Name="Release|Win32"
+ >
+ <Tool
+ Name="VCCLCompilerTool"
+ ObjectFile="$(IntDir)\$(InputName)1.obj"
+ XMLDocumentationFileName="$(IntDir)\$(InputName)1.xdc"
+ />
+ </FileConfiguration>
+ </File>
+ <File
+ RelativePath="..\..\..\src\rahas\rahas_in_handler.c"
+ >
+ <FileConfiguration
+ Name="Debug|Win32"
+ >
+ <Tool
+ Name="VCCLCompilerTool"
+ ObjectFile="$(IntDir)\$(InputName)1.obj"
+ XMLDocumentationFileName="$(IntDir)\$(InputName)1.xdc"
+ />
+ </FileConfiguration>
+ <FileConfiguration
+ Name="Release|Win32"
+ >
+ <Tool
+ Name="VCCLCompilerTool"
+ ObjectFile="$(IntDir)\$(InputName)1.obj"
+ XMLDocumentationFileName="$(IntDir)\$(InputName)1.xdc"
+ />
+ </FileConfiguration>
+ </File>
+ <File
+ RelativePath="..\..\..\src\rahas\rahas_request_processor.c"
+ >
+ </File>
+ </Filter>
</Filter>
<Filter
Name="Header Files"
@@ -877,6 +929,14 @@
>
</File>
<File
+ RelativePath="..\..\..\include\rahas_mod.h"
+ >
+ </File>
+ <File
+ RelativePath="..\..\..\include\rahas_request_processor.h"
+ >
+ </File>
+ <File
RelativePath="..\..\..\include\rampart_authn_provider.h"
>
</File>
Added: webservices/rampart/trunk/c/include/rahas_mod.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rahas_mod.h?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/include/rahas_mod.h (added)
+++ webservices/rampart/trunk/c/include/rahas_mod.h Wed Jun 25 03:53:47 2008
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RAHAS_MOD_H
+#define RAHAS_MOD_H
+
+/**
+ * @file rahas_mod.h
+ * @brief Axis2 rahas module interface
+ */
+
+/**
+* @defgroup rahas_mod Rahas Module
+* @{
+*/
+#include <axis2_handler.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ /**
+ * Creates In handler
+ * @param env pointer to environment struct
+ * @param qname
+ * @return Created In handler
+ */
+ AXIS2_EXTERN axis2_handler_t* AXIS2_CALL
+ rahas_in_handler_create(const axutil_env_t *env,
+ axutil_string_t *name);
+
+ /** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RAHAS_MOD_H */
Added: webservices/rampart/trunk/c/include/rahas_request_processor.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rahas_request_processor.h?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/include/rahas_request_processor.h (added)
+++ webservices/rampart/trunk/c/include/rahas_request_processor.h Wed Jun 25 03:53:47 2008
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RAHAS_REQUEST_PROCESSOR_H
+#define RAHAS_REQUEST_PROCESSOR_H
+
+/**
+ * @file rahas_request_processor.h
+ * @brief Process requests related to secure conversation.
+ */
+
+/**
+* @defgroup rahas SecurityContextToken Issuer
+* @{
+*/
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ /**
+ * Processes issue request
+ * @param env pointer to environment struct
+ * @param rst request security token struct
+ * @param rstr request security token response struct
+ * @param msg_ctx message context structure
+ * @param trust_version Trust specification. Can be TRUST_VERSION_05_02 or TRUST_VERSION_05_12
+ * @return AXIS2_SUCCESS if processed successfully. AXIS2_FAILURE otherwise.
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rahas_process_issue_request(
+ const axutil_env_t *env,
+ trust_rst_t *rst,
+ trust_rstr_t *rstr,
+ axis2_msg_ctx_t *msg_ctx,
+ int trust_version);
+
+ /** @} */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RAHAS_REQUEST_PROCESSOR_H */
Modified: webservices/rampart/trunk/c/include/trust_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/trust_constants.h?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/trust_constants.h (original)
+++ webservices/rampart/trunk/c/include/trust_constants.h Wed Jun 25 03:53:47 2008
@@ -144,10 +144,22 @@
#define TRUST_XS "xs"
#define TRUST_XS_XMLNS "http://www.w3.org/2001/XMLSchema"
-#define SECCONV_200502_REQUEST_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT"
-#define SECCONV_200502_REPLY_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT"
-#define SECCONV_200512_REQUEST_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT"
-#define SECCONV_200512_REPLY_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT"
+#define SECCONV_200502_REQUEST_ISSUE_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT"
+#define SECCONV_200502_REPLY_ISSUE_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT"
+#define SECCONV_200502_REQUEST_AMEND_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Amend"
+#define SECCONV_200502_REPLY_AMEND_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Amend"
+#define SECCONV_200502_REQUEST_RENEW_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew"
+#define SECCONV_200502_REPLY_RENEW_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew"
+#define SECCONV_200502_REQUEST_CANCEL_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel"
+#define SECCONV_200502_REPLY_CANCEL_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel"
+#define SECCONV_200512_REQUEST_ISSUE_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT"
+#define SECCONV_200512_REPLY_ISSUE_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT"
+#define SECCONV_200512_REQUEST_AMEND_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Amend"
+#define SECCONV_200512_REPLY_AMEND_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Amend"
+#define SECCONV_200512_REQUEST_RENEW_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Renew"
+#define SECCONV_200512_REPLY_RENEW_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Renew"
+#define SECCONV_200512_REQUEST_CANCEL_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel"
+#define SECCONV_200512_REPLY_CANCEL_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel"
#define SECCONV_GLOBAL_ID_PREFIX "urn:uuid:"
#define SECCONV_LOCAL_ID_PREFIX "sctId"
@@ -161,6 +173,12 @@
#define TRUST_VERSION_05_02 1
#define TRUST_VERSION_05_12 2
+#define SECCONV_ACTION_INVALID 0
+#define SECCONV_ACTION_ISSUE 1
+#define SECCONV_ACTION_AMEND 2
+#define SECCONV_ACTION_RENEW 3
+#define SECCONV_ACTION_CANCEL 4
+
/* WS-SX Namespaces*/
Modified: webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.bat
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.bat?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.bat (original)
+++ webservices/rampart/trunk/c/samples/client/sec_echo/update_n_run.bat Wed Jun 25 03:53:47 2008
@@ -6,6 +6,6 @@
echo "Copying latest module to client_repo"
xcopy /E /Y /I "%AXIS2C_HOME%\modules\rampart" "%CLIENT_REPO%\modules\rampart"
-%AXIS2C_HOME%\bin\samples\rampart\client\sec_echo\echo.exe http://localhost:9090/axis2/services/sec_echo/echoString %CLIENT_REPO%
+%AXIS2C_HOME%\bin\samples\rampart\client\sec_echo\echo.exe http://localhost:9090/axis2/services/sec_echo %CLIENT_REPO%
@echo on
Modified: webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c (original)
+++ webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c Wed Jun 25 03:53:47 2008
@@ -194,8 +194,8 @@
{
/* if both local_id and global_id are NULL, then we can't store it */
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart]Security context token identifiers are not valid. \
- Cannot store security context token. ");
+ "[rampart]Security context token identifiers are not valid. "
+ "Cannot store security context token. ");
status = AXIS2_FAILURE;
}
}
Modified: webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c (original)
+++ webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c Wed Jun 25 03:53:47 2008
@@ -223,8 +223,8 @@
{
/* if both local_id and global_id are NULL, then we can't store it */
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart]Security context token identifiers are not valid. \
- Cannot store security context token. ");
+ "[rampart]Security context token identifiers are not valid. "
+ "Cannot store security context token. ");
status = AXIS2_FAILURE;
}
}
Modified: webservices/rampart/trunk/c/samples/secpolicy/README
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/README?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/README (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/README Wed Jun 25 03:53:47 2008
@@ -59,14 +59,12 @@
Using different tokens for encryption and signature.
The protection token is Sign->Encrypt. Signature is Encrypted.
20. SAML Scenario. Get a SAML token from samlsts and give the saml token to sec_echo service to access the service. Cannot be run with test_scen.sh. Please use saml.sh script
-
-21. Asymetric binding encryption with PKCS12 as the key store.
-
-22. Asymetric binding signature with PKCS12 as the key store.
-
-23. Symmetric binding signature and encryption with PKCS12 key store.
-
-24. SAML as a protection token for signing and encrypting a message.
+21. Asymetric binding encryption with PKCS12 as the key store.
+22. Asymetric binding signature with PKCS12 as the key store.
+23. Symmetric binding signature and encryption with PKCS12 key store.
+24. SAML as a protection token for signing and encrypting a message.
+25. SecureConversation using Rahas module. Issue operation is defined in rahas
+26. SecureConversation using Rahas module. Issue operation is defined in service
FAQ:
---
Modified: webservices/rampart/trunk/c/samples/secpolicy/run_all.bat
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/run_all.bat?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/run_all.bat (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/run_all.bat Wed Jun 25 03:53:47 2008
@@ -7,7 +7,7 @@
-for %%i in (1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 21 22 23) do call test_scen.bat %_SCEN%%%i %_PORT% off
+for %%i in (1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 21 22 23 25 26) do call test_scen.bat %_SCEN%%%i %_PORT% off
taskkill /F /IM axis2_http_server.exe
echo DONE
Added: webservices/rampart/trunk/c/samples/secpolicy/scenario25/client-policy.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario25/client-policy.xml?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario25/client-policy.xml (added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario25/client-policy.xml Wed Jun 25 03:53:47 2008
@@ -0,0 +1,210 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:EncryptionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:BootstrapPolicy>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:User>Alice</rampc:User>
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ <rampc:EncryptionUser>a</rampc:EncryptionUser>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+ <rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+ <rampc:ReceiverCertificate>AXIS2C_HOME/bin/samples/rampart/keys/ahome/bob_cert.cert</rampc:ReceiverCertificate>
+ <rampc:Certificate>AXIS2C_HOME/bin/samples/rampart/keys/ahome/alice_cert.cert</rampc:Certificate>
+ <rampc:PrivateKey>AXIS2C_HOME/bin/samples/rampart/keys/ahome/alice_key.pem</rampc:PrivateKey>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:EncryptionToken>
+ <sp:SignatureToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:BootstrapPolicy>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:User>Alice</rampc:User>
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ <rampc:EncryptionUser>a</rampc:EncryptionUser>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+ <rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+ <rampc:ReceiverCertificate>AXIS2C_HOME/bin/samples/rampart/keys/ahome/bob_cert.cert</rampc:ReceiverCertificate>
+ <rampc:Certificate>AXIS2C_HOME/bin/samples/rampart/keys/ahome/alice_cert.cert</rampc:Certificate>
+ <rampc:PrivateKey>AXIS2C_HOME/bin/samples/rampart/keys/ahome/alice_key.pem</rampc:PrivateKey>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:SignatureToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:EncryptSignature/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:User>Alice</rampc:User>
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+ <rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/rampart/trunk/c/samples/secpolicy/scenario25/services.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario25/services.xml?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario25/services.xml (added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario25/services.xml Wed Jun 25 03:53:47 2008
@@ -0,0 +1,81 @@
+<service name="sec_echo">
+ <parameter name="ServiceClass" locked="xsd:false">sec_echo</parameter>
+
+ <description>
+ This is a testing service , to test the system is working or not
+ </description>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <operation name="echoString">
+ <parameter name="wsamapping">http://example.com/ws/2004/09/policy/Test/EchoRequest</parameter>
+ </operation>
+
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:EncryptionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:SC10SecurityContextToken/>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:EncryptionToken>
+ <sp:SignatureToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:SC10SecurityContextToken/>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:SignatureToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:EncryptSignature/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefEmbeddedToken/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:User>Bob</rampc:User>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+ <rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+
+</service>
Added: webservices/rampart/trunk/c/samples/secpolicy/scenario26/client-policy.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario26/client-policy.xml?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario26/client-policy.xml (added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario26/client-policy.xml Wed Jun 25 03:53:47 2008
@@ -0,0 +1,148 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:EncryptionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:BootstrapPolicy>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:EncryptionToken>
+ <sp:SignatureToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:BootstrapPolicy>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:SignatureToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:EncryptSignature/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:User>Alice</rampc:User>
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+ <rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/rampart/trunk/c/samples/secpolicy/scenario26/services.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario26/services.xml?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario26/services.xml (added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario26/services.xml Wed Jun 25 03:53:47 2008
@@ -0,0 +1,201 @@
+<service name="sec_echo">
+ <parameter name="ServiceClass" locked="xsd:false">sec_echo</parameter>
+
+ <description>
+ This is a testing service , to test the system is working or not
+ </description>
+ <module ref="rampart"/>
+ <module ref="rahas"/>
+
+ <operation name="SecConv10Issue">
+ <parameter name="wsamapping">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</parameter>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </operation>
+
+ <operation name="echoString">
+ <parameter name="wsamapping">http://example.com/ws/2004/09/policy/Test/EchoRequest</parameter>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:EncryptionToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:SC10SecurityContextToken/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:EncryptionToken>
+ <sp:SignatureToken>
+ <wsp:Policy>
+ <sp:SecureConversationToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:SC10SecurityContextToken/>
+ <sp:BootstrapPolicy>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+
+ </sp:BootstrapPolicy>
+ </wsp:Policy>
+ </sp:SecureConversationToken>
+ </wsp:Policy>
+ </sp:SignatureToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ <sp:EncryptSignature/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefEmbeddedToken/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:User>Bob</rampc:User>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+ <rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </operation>
+
+
+</service>
Modified: webservices/rampart/trunk/c/samples/server/sec_echo/server_axis2.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/server/sec_echo/server_axis2.xml?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/server/sec_echo/server_axis2.xml (original)
+++ webservices/rampart/trunk/c/samples/server/sec_echo/server_axis2.xml Wed Jun 25 03:53:47 2008
@@ -38,10 +38,6 @@
<!--parameter name="Transfer-Encoding">chunked</parameter-->
<!--parameter name="PROXY" proxy_host="127.0.0.1" proxy_port="8080" locked="true"/-->
</transportSender>
- <!-- Uncomment this one with the appropriate papameters to enable the XMPP transport Sender-->
- <!--transportSender name="xmpp" class="axis2_xmpp_sender">
- <parameter name="PROTOCOL" locked="false">XMPP</parameter>
- </transportSender-->
<!-- Uncomment this one with the appropriate papameters to enable the TCP transport Sender-->
<!--transportSender name="tcp" class="axis2_tcp_sender">
<parameter name="PROTOCOL" locked="false">TCP</parameter>
@@ -82,6 +78,7 @@
<!-- After PostDispatch phase, module or service author can add any phase as required -->
<!-- User defined phases could be added here -->
<phase name="userphase1"/>
+ <phase name="Rahas"/>
<phase name="RMPhase"/>
<phase name="SavanPhase"/>
</phaseOrder>
Modified: webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c?rev=671507&r1=671506&r2=671507&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c (original)
+++ webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c Wed Jun 25 03:53:47 2008
@@ -309,7 +309,7 @@
trust_rstr_free(rstr, env);
/*set the action*/
- axis2_msg_ctx_set_wsa_action(msg_ctx, env, SECCONV_200502_REPLY_ACTION);
+ axis2_msg_ctx_set_wsa_action(msg_ctx, env, SECCONV_200502_REQUEST_ISSUE_ACTION);
/*return the node*/
return rstr_node;
Added: webservices/rampart/trunk/c/src/data/rahas_module.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/data/rahas_module.xml?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/data/rahas_module.xml (added)
+++ webservices/rampart/trunk/c/src/data/rahas_module.xml Wed Jun 25 03:53:47 2008
@@ -0,0 +1,74 @@
+<module name="rahas" class="mod_rahas">
+ <inflow>
+ <handler name="RahasInHandler" class="mod_rahas">
+ <order phase="Rahas"/>
+ </handler>
+ </inflow>
+
+ <operation name="SecConv10Issue">
+ <actionMapping>http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</actionMapping>
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefEmbeddedToken/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:SignedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:User>Bob</rampc:User>
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ <rampc:EncryptionUser>b</rampc:EncryptionUser>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+ <rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+ <rampc:ReceiverCertificate>AXIS2C_HOME/bin/samples/rampart/keys/bhome/alice_cert.cert</rampc:ReceiverCertificate>
+ <rampc:Certificate>AXIS2C_HOME/bin/samples/rampart/keys/bhome/bob_cert.cert</rampc:Certificate>
+ <rampc:PrivateKey>AXIS2C_HOME/bin/samples/rampart/keys/bhome/bob_key.pem</rampc:PrivateKey>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+ </operation>
+
+</module>
Added: webservices/rampart/trunk/c/src/rahas/mod_rahas.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/rahas/mod_rahas.c?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/rahas/mod_rahas.c (added)
+++ webservices/rampart/trunk/c/src/rahas/mod_rahas.c Wed Jun 25 03:53:47 2008
@@ -0,0 +1,155 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <axis2_module.h>
+#include <rahas_mod.h>
+#include <rampart_constants.h>
+#include <axis2_conf_ctx.h>
+
+axis2_status_t AXIS2_CALL
+rahas_mod_shutdown(
+ axis2_module_t *module,
+ const axutil_env_t *env);
+
+axis2_status_t AXIS2_CALL
+rahas_mod_init(
+ axis2_module_t *module,
+ const axutil_env_t *env,
+ axis2_conf_ctx_t *conf_ctx,
+ axis2_module_desc_t *module_desc);
+
+axis2_status_t AXIS2_CALL
+rahas_mod_fill_handler_create_func_map(
+ axis2_module_t *module,
+ const axutil_env_t *env);
+
+static const axis2_module_ops_t addr_module_ops_var = {
+ rahas_mod_init,
+ rahas_mod_shutdown,
+ rahas_mod_fill_handler_create_func_map
+ };
+
+axis2_module_t *
+rahas_mod_create(
+ const axutil_env_t *env)
+{
+ axis2_module_t *module = NULL;
+ module = AXIS2_MALLOC(env->allocator, sizeof(axis2_module_t));
+ if (!module)
+ {
+ AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Not enough memory. Cannot create module.");
+ return NULL;
+ }
+
+ module->ops = &addr_module_ops_var;
+ return module;
+}
+
+axis2_status_t AXIS2_CALL
+rahas_mod_init(
+ axis2_module_t *module,
+ const axutil_env_t *env,
+ axis2_conf_ctx_t *conf_ctx,
+ axis2_module_desc_t *module_desc)
+{
+ /*
+ * Any initialization stuff of Rahas module goes here. At the moment we have NONE.
+ * Intialization happens in handlers depending on the message flow and policies
+ */
+ AXIS2_LOG_INFO(env->log,
+ "[rahas]Rahas module initialized");
+ return AXIS2_SUCCESS;
+}
+
+axis2_status_t AXIS2_CALL
+rahas_mod_shutdown(
+ axis2_module_t *module,
+ const axutil_env_t *env)
+{
+ AXIS2_LOG_INFO(env->log,
+ "[rahas] Rahas module shutdown");
+
+ if (module)
+ {
+ if (module->handler_create_func_map)
+ {
+ axutil_hash_free(module->handler_create_func_map, env);
+ module->handler_create_func_map = NULL;
+ }
+ AXIS2_FREE(env->allocator, module);
+ module = NULL;
+ }
+ return AXIS2_SUCCESS;
+}
+
+axis2_status_t AXIS2_CALL
+rahas_mod_fill_handler_create_func_map(
+ axis2_module_t *module,
+ const axutil_env_t *env)
+{
+ module->handler_create_func_map = axutil_hash_make(env);
+ if (!module->handler_create_func_map)
+ {
+ AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas] Cannot create function map.");
+ return AXIS2_FAILURE;
+ }
+
+ /*
+ * Set Rahas Handlers
+ * 1. Rahas In Handler to process message
+ * 2. No out handler for rahas
+ */
+ axutil_hash_set(module->handler_create_func_map, RAHAS_IN_HANDLER,
+ AXIS2_HASH_KEY_STRING, rahas_in_handler_create);
+
+ return AXIS2_SUCCESS;
+}
+
+/**
+ * Following block distinguish the exposed part of the dll.
+ */
+AXIS2_EXPORT int
+axis2_get_instance(
+ axis2_module_t **inst,
+ const axutil_env_t *env)
+{
+ *inst = rahas_mod_create(env);
+ if (!(*inst))
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas] Rahas module creation failed");
+ return AXIS2_FAILURE;
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXPORT int
+axis2_remove_instance(
+ axis2_module_t *inst,
+ const axutil_env_t *env)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+ if (inst)
+ {
+ status = rahas_mod_shutdown(inst, env);
+ }
+ return status;
+}
Added: webservices/rampart/trunk/c/src/rahas/rahas_in_handler.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/rahas/rahas_in_handler.c?rev=671507&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/rahas/rahas_in_handler.c (added)
+++ webservices/rampart/trunk/c/src/rahas/rahas_in_handler.c Wed Jun 25 03:53:47 2008
@@ -0,0 +1,385 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <axis2_handler_desc.h>
+#include <axis2_core_utils.h>
+#include <axiom_soap_envelope.h>
+#include <axiom_soap_body.h>
+#include <trust_constants.h>
+#include <axis2_engine.h>
+#include <trust_rst.h>
+#include <trust_rstr.h>
+#include <rahas_request_processor.h>
+
+static axis2_status_t
+rahas_send_reply(
+ axiom_node_t *body_node,
+ axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx);
+
+static void
+rahas_find_trust_version_specific_details(
+ const axutil_env_t *env,
+ axis2_char_t *action,
+ int *trust_version,
+ int *request_type,
+ axis2_char_t **reply_action);
+
+static axiom_node_t *
+rahas_request_security_token(
+ const axutil_env_t *env,
+ axiom_node_t *node,
+ axis2_msg_ctx_t *msg_ctx,
+ int trust_version,
+ int request_type);
+
+axis2_status_t AXIS2_CALL
+rahas_in_handler_invoke(
+ struct axis2_handler *handler,
+ const axutil_env_t *env,
+ struct axis2_msg_ctx *msg_ctx);
+
+AXIS2_EXTERN axis2_handler_t *AXIS2_CALL
+rahas_in_handler_create(
+ const axutil_env_t *env,
+ axutil_string_t *name)
+{
+ axis2_handler_t *handler = NULL;
+ AXIS2_ENV_CHECK(env, NULL);
+
+ handler = axis2_handler_create(env);
+ if (!handler)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rahas] Cannot create in-handler.");
+ return NULL;
+ }
+
+ /*Set the function to invoke*/
+ axis2_handler_set_invoke(handler, env, rahas_in_handler_invoke);
+
+ return handler;
+}
+
+axis2_status_t AXIS2_CALL
+rahas_in_handler_invoke(
+ struct axis2_handler *handler,
+ const axutil_env_t *env,
+ struct axis2_msg_ctx *msg_ctx)
+{
+ axutil_string_t *soap_action = NULL;
+ axis2_char_t *action = NULL;
+ axiom_soap_envelope_t *soap_envelope = NULL;
+ axiom_soap_body_t *soap_body = NULL;
+ axiom_node_t *body_node = NULL;
+ axiom_node_t *body_child_node = NULL;
+ axiom_node_t *reply_body_child_node = NULL;
+ int trust_version = TRUST_VERSION_INVALID;
+ int request_type = SECCONV_ACTION_INVALID;
+ axis2_char_t *reply_action = NULL;
+
+ AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
+ AXIS2_LOG_INFO(env->log, "[rahas]Rahas in handler is called. ");
+
+ /* check whether this is server side. Rahas is not needed in client side */
+ if(!axis2_msg_ctx_get_server_side(msg_ctx, env))
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Rahas is engaged in client side. It is not supported in client side.");
+ return AXIS2_FAILURE;
+ }
+
+ /* check whether the action is valid secure conversation related action. First check soap action
+ * and if it is not valid, check for wsa action. To proceed, either should be valid.
+ * If neither of them are valid, then it is not a secure conversation request. It could be
+ * application message. So return success. If action is valid secure conversation action, then
+ * we can find trust version using action
+ */
+ soap_action = axis2_msg_ctx_get_soap_action(msg_ctx, env);
+ if(soap_action)
+ {
+ action = axutil_string_get_buffer(soap_action, env);
+ }
+
+ if(!action)
+ {
+ action = axis2_msg_ctx_get_wsa_action(msg_ctx, env);
+ }
+
+
+ if(action)
+ {
+ rahas_find_trust_version_specific_details(
+ env, action, &trust_version, &request_type, &reply_action);
+ }
+
+ if(!trust_version)
+ {
+ /* this is not a secure conversation related message. So can return without proceeding */
+ AXIS2_LOG_INFO(env->log, "[rahas] Message with action %s will not be processed by rahas.",
+ action);
+ return AXIS2_SUCCESS;
+ }
+
+ soap_envelope = axis2_msg_ctx_get_soap_envelope(msg_ctx, env);
+ if(!soap_envelope)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rahas]SOAP envelope cannot be found.");
+ return AXIS2_FAILURE;
+ }
+
+ soap_body = axiom_soap_envelope_get_body(soap_envelope, env);
+ if(!soap_body)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rahas]SOAP body cannot be found.");
+ return AXIS2_FAILURE;
+ }
+
+ body_node = axiom_soap_body_get_base_node(soap_body, env);
+ if(!body_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rahas]SOAP body node cannot be found.");
+ return AXIS2_FAILURE;
+ }
+
+ body_child_node = axiom_node_get_first_element(body_node, env);
+ if(!body_child_node)
+ {
+ /* body node is empty. Secure conversation related messages should have a non empty body */
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rahas]SOAP body node is empty.");
+ return AXIS2_FAILURE;
+ }
+
+ /* We got a valid secure conversation related message. Check the request and build the reply */
+ reply_body_child_node = rahas_request_security_token(
+ env, body_child_node, msg_ctx, trust_version, request_type);
+
+ if(!reply_body_child_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Cannot process SecureConversation request.");
+ return AXIS2_FAILURE;
+ }
+
+ /* set the reply action in to message context */
+ axis2_msg_ctx_set_wsa_action(msg_ctx, env, reply_action);
+
+ /* no need to proceed in in_flow. We can send above node as response. When axis2 get the
+ * control from here, it should continue to out_flow and send the reply
+ */
+ if(rahas_send_reply(reply_body_child_node, env, msg_ctx) != AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rahas]Cannot send reply from rahas.");
+ return AXIS2_FAILURE;
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+static axis2_status_t
+rahas_send_reply(
+ axiom_node_t *body_node,
+ axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ axis2_msg_ctx_t *out_msg_ctx = NULL;
+ axiom_soap_envelope_t *soap_envelope = NULL;
+ axiom_soap_body_t *soap_body = NULL;
+ axiom_node_t *body_parent_node = NULL;
+ axis2_engine_t *engine = NULL;
+
+ /* find soap envelop and set the body node */
+ out_msg_ctx = axis2_core_utils_create_out_msg_ctx(env, msg_ctx);
+ if(!out_msg_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rahas]Cannot create out message context.");
+ return AXIS2_FAILURE;
+ }
+
+ soap_envelope = axis2_msg_ctx_get_soap_envelope(out_msg_ctx, env);
+ if(!soap_envelope)
+ {
+ int soap_version = AXIOM_SOAP12;
+ if(axis2_msg_ctx_get_is_soap_11(msg_ctx, env))
+ {
+ soap_version = AXIOM_SOAP11;
+ }
+ soap_envelope = axiom_soap_envelope_create_default_soap_envelope(env, soap_version);
+ axis2_msg_ctx_set_soap_envelope(out_msg_ctx, env, soap_envelope);
+ }
+
+ soap_body = axiom_soap_envelope_get_body(soap_envelope, env);
+ if(!soap_body)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]SOAP body cannot be found from out message context.");
+ return AXIS2_FAILURE;
+ }
+
+ body_parent_node = axiom_soap_body_get_base_node(soap_body, env);
+ if(!body_parent_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]SOAP body node cannot be found from out message context.");
+ return AXIS2_FAILURE;
+ }
+
+ axiom_node_add_child(body_parent_node, env, body_node);
+
+ /* Now we have to tell axis2 not to continue in in_flow, go to out_flow */
+ axis2_msg_ctx_set_paused(msg_ctx, env, AXIS2_TRUE);
+ axis2_msg_ctx_set_flow(out_msg_ctx, env, AXIS2_OUT_FLOW);
+
+ /* Send the reply */
+ engine = axis2_engine_create(env, axis2_msg_ctx_get_conf_ctx(out_msg_ctx, env));
+ axis2_engine_send(engine, env, out_msg_ctx);
+ if(engine)
+ axis2_engine_free(engine, env);
+
+ return AXIS2_SUCCESS;
+
+}
+
+static axiom_node_t *
+rahas_request_security_token(
+ const axutil_env_t *env,
+ axiom_node_t *node,
+ axis2_msg_ctx_t *msg_ctx,
+ int trust_version,
+ int request_type)
+{
+ axis2_char_t *trust_xml_ns = NULL;
+ trust_rst_t* rst = NULL;
+ trust_rstr_t* rstr = NULL;
+ axiom_node_t* rstr_node = NULL;
+ axis2_status_t status = AXIS2_SUCCESS;
+
+ /* Get trust version specific values */
+ if(trust_version == TRUST_VERSION_05_02)
+ {
+ trust_xml_ns = TRUST_WST_XMLNS_05_02;
+ }
+ else
+ {
+ trust_xml_ns = TRUST_WST_XMLNS_05_12;
+ }
+
+ /* create rst and set trust version. Trust version is needed to populate rst structure with
+ * given node. After setting them, populate rst structure */
+ rst = trust_rst_create(env);
+ if(!rst)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Cannot create RequestSecurityToken structure. Insufficient memory.");
+ return NULL;
+ }
+
+ trust_rst_set_wst_ns_uri(rst, env, trust_xml_ns);
+ status = trust_rst_populate_rst(rst, env, node);
+ if(status != AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Cannot populate RequestSecurityToken structure. Given message might not "
+ "be a valid security token request. ");
+ trust_rst_free(rst, env);
+ return NULL;
+ }
+
+ /*create rstr and populate*/
+ rstr = trust_rstr_create(env);
+ if(!rstr)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Cannot create RequestSecurityTokenResponse structure. Insufficient memory.");
+ trust_rst_free(rst, env);
+ return NULL;
+ }
+
+ /* set request type and namespace */
+ trust_rstr_set_wst_ns_uri(rstr, env, trust_xml_ns);
+ trust_rstr_set_request_type(rstr, env, trust_rst_get_request_type(rst, env));
+
+ /* call request processor */
+ if(request_type == SECCONV_ACTION_ISSUE)
+ {
+ status = rahas_process_issue_request(env, rst, rstr, msg_ctx, trust_version);
+ }
+ else if(request_type == SECCONV_ACTION_CANCEL)
+ {
+ /* TODO implement cancel method */
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Inidentified security context token request type. "
+ "Only 'issue' and 'cancel' are supported.");
+ status = AXIS2_FAILURE;
+ }
+
+ if(status != AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rahas]Cannot Process security context token request.");
+ trust_rst_free(rst, env);
+ trust_rstr_free(rstr, env);
+ return NULL;
+ }
+
+ /* build the rstr node */
+ rstr_node = trust_rstr_build_rstr(rstr, env, NULL);
+
+ /* clear stuff */
+ trust_rstr_free(rstr, env);
+ trust_rst_free(rst, env);
+
+ return rstr_node;
+}
+
+static void
+rahas_find_trust_version_specific_details(
+ const axutil_env_t *env,
+ axis2_char_t *action,
+ int *trust_version,
+ int *request_type,
+ axis2_char_t **reply_action)
+{
+ if(!axutil_strcmp(action, SECCONV_200502_REQUEST_ISSUE_ACTION))
+ {
+ *trust_version = TRUST_VERSION_05_02;
+ *request_type = SECCONV_ACTION_ISSUE;
+ *reply_action = SECCONV_200502_REPLY_ISSUE_ACTION;
+ }
+ else if(!axutil_strcmp(action, SECCONV_200502_REQUEST_CANCEL_ACTION))
+ {
+ *trust_version = TRUST_VERSION_05_02;
+ *request_type = SECCONV_ACTION_CANCEL;
+ *reply_action = SECCONV_200502_REPLY_CANCEL_ACTION;
+ }
+ else if(!axutil_strcmp(action, SECCONV_200512_REQUEST_ISSUE_ACTION))
+ {
+ *trust_version = TRUST_VERSION_05_12;
+ *request_type = SECCONV_ACTION_ISSUE;
+ *reply_action = SECCONV_200512_REPLY_ISSUE_ACTION;
+ }
+ else if(!axutil_strcmp(action, SECCONV_200512_REQUEST_CANCEL_ACTION))
+ {
+ *trust_version = TRUST_VERSION_05_12;
+ *request_type = SECCONV_ACTION_CANCEL;
+ *reply_action = SECCONV_200512_REPLY_CANCEL_ACTION;
+ }
+ /* TODO: we still don't support amend and renew. Implement them */
+}
+