You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ka...@apache.org on 2006/12/11 05:42:13 UTC
svn commit: r485493 - in /webservices/axis2/trunk/c/rampart: include/
samples/client/enc_echo/ samples/client/enc_echo/data/ src/handlers/
src/omxmlsec/ src/omxmlsec/openssl/ src/omxmlsec/tokens/ src/util/
Author: kaushalye
Date: Sun Dec 10 20:42:09 2006
New Revision: 485493
URL: http://svn.apache.org/viewvc?view=rev&rev=485493
Log:
-Introduced post security processing for the rampart module
-Add comments for important header files. Improved inline comments
-Changed the assymmetric RSA encryption to use buffers.
-Plus some monir changes
Modified:
webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h
webservices/axis2/trunk/c/rampart/include/openssl_rsa.h
webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
webservices/axis2/trunk/c/rampart/include/oxs_buffer.h
webservices/axis2/trunk/c/rampart/include/oxs_cipher.h
webservices/axis2/trunk/c/rampart/include/oxs_encryption.h
webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h
webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h
webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h
webservices/axis2/trunk/c/rampart/include/rampart_sec_processed_result.h
webservices/axis2/trunk/c/rampart/include/rampart_util.h
webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/client.enc.axis2.xml
webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/server.enc.axis2.xml
webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh
webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c
webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_cipher_data.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c
webservices/axis2/trunk/c/rampart/src/util/rampart_action.c
webservices/axis2/trunk/c/rampart/src/util/rampart_crypto_util.c
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_processed_result.c
Modified: webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h Sun Dec 10 20:42:09 2006
@@ -18,8 +18,8 @@
#include <openssl/evp.h>
#include <oxs_key.h>
/**
- * @file
- * @brief
+ * @file openssl_cipher_ctx.h
+ * @brief The cipher context in which the data to be hidden
*/
#ifndef OPENSSL_CIPHER_CTX_H
#define OPENSSL_CIPHER_CTX_H
@@ -37,27 +37,52 @@
struct openssl_cipher_ctx_ops
{
-
+ /**
+ * Free function
+ * @param ctx to the openssl cipher ctx struct
+ * @param env pointer to environment struct
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
free)(openssl_cipher_ctx_t *ctx,
const axis2_env_t *env
);
-
+ /**
+ * Given the ctx return the CIPHER
+ * @param ctx to the openssl cipher ctx struct
+ * @param env pointer to environment struct
+ * @return RVP_CIPHER the cipher
+ */
const EVP_CIPHER* (AXIS2_CALL *
get_cipher)(openssl_cipher_ctx_t *ctx,
const axis2_env_t *env
);
-
+ /**
+ * Given the ctx return key
+ * @param ctx to the openssl cipher ctx struct
+ * @param env pointer to environment struct
+ * @return key
+ */
oxs_key_t *(AXIS2_CALL *
get_key)(openssl_cipher_ctx_t *ctx,
const axis2_env_t *env
);
-
+ /**
+ * Given the ctx return iv
+ * @param ctx to the openssl cipher ctx struct
+ * @param env pointer to environment struct
+ * @return iv
+ */
axis2_char_t *(AXIS2_CALL *
get_iv)(openssl_cipher_ctx_t *ctx,
const axis2_env_t *env
);
-
+ /**
+ * Given the ctx return the padding
+ * @param ctx to the openssl cipher ctx struct
+ * @param env pointer to environment struct
+ * @return padding
+ */
axis2_char_t *(AXIS2_CALL *
get_pad)(openssl_cipher_ctx_t *ctx,
const axis2_env_t *env
Modified: webservices/axis2/trunk/c/rampart/include/openssl_rsa.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_rsa.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_rsa.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_rsa.h Sun Dec 10 20:42:09 2006
@@ -48,26 +48,52 @@
struct openssl_rsa_ops
{
+
+ /**
+ * Free function
+ * @rsa pointer to openssl_rsa struct
+ * @env pointer to environment struct
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ **/
+
axis2_status_t (AXIS2_CALL *
free)(
openssl_rsa_t *rsa,
const axis2_env_t *env);
+ /**
+ * Decrypts data using a private key specified in @pkey
+ * @rsa pointer to openssl_rsa struct
+ * @env pointer to environment struct
+ * @pkey private key for decryption
+ * @in input data
+ * @out output data
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ **/
int (AXIS2_CALL *
prv_decrypt)(
openssl_rsa_t *rsa,
const axis2_env_t *env,
const openssl_pkey_t *pkey,
- unsigned char *in,
- unsigned char **out );
+ oxs_buffer_t *in,
+ oxs_buffer_t *out );
+ /**
+ * Encrypts data using a public key specified in @pkey
+ * @rsa pointer to openssl_rsa struct
+ * @env pointer to environment struct
+ * @pkey public key for encryption
+ * @in input data
+ * @out output data
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ **/
int (AXIS2_CALL*
pub_encrypt)(
openssl_rsa_t *rsa,
const axis2_env_t *env,
const openssl_pkey_t *pkey,
- unsigned char *in,
- unsigned char **out );
+ oxs_buffer_t *in,
+ oxs_buffer_t *out );
};
struct openssl_rsa
Modified: webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h Sun Dec 10 20:42:09 2006
@@ -66,78 +66,182 @@
/**********************Getter functions******************************************/
-
+
+/**
+* Free function for the asymmetric context struct
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_free(oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
-
+
+/**
+*Returns the filename. This is usually the filename of the certificate or the PKCS12 file
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_asym_ctx_get_file_name(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+*Returns the password. Usually the password for the keystore. But alternatively may kepe the
+*password for the private key in a PEM file.
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_asym_ctx_get_password(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+*Get the format. Can be either PEM or PKCS12
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN oxs_asym_ctx_format_t AXIS2_CALL
oxs_asym_ctx_get_format(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+*Get the algorithm used to encrypt
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_asym_ctx_get_algorithm(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+*Get the SecurityTokenReference pattern. For ex: IssuerSerial
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_asym_ctx_get_st_ref_pattern(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+*Get the operation. For ex: Public Key encrypt, Private Key Decrypt
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN oxs_asym_ctx_operation_t AXIS2_CALL
oxs_asym_ctx_get_operation(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+*Get the private key used
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN openssl_pkey_t* AXIS2_CALL
oxs_asym_ctx_get_private_key(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+* Get the x509 crtificate used.
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN oxs_x509_cert_t* AXIS2_CALL
oxs_asym_ctx_get_certificate(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+/**
+* Set the file name. May be a PKCS12 file or a X509 certificate in PEM format.
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_file_name(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
axis2_char_t *file_name);
-
+/**
+* Set the password. Usually the password for the keystore. But alternatively may kepe the
+*password for the private key in a PEM file.
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@password the password
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_password(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
axis2_char_t *password);
-
+/**
+* Sets the format. Can be either PEM or PKCS12
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@format Can be either PEM or PKCS12
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_format(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
oxs_asym_ctx_format_t format);
-
+/**
+* Sets the algorithm used to encrypt
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@algorithm used to encrypt
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_algorithm(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
axis2_char_t *algorithm);
-
+/**
+* Set the SecurityTokenReference pattern. For ex: IssuerSerial
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@st_ref_pattern SecurityTokenReference pattern. For ex: IssuerSerial
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_st_ref_pattern(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
axis2_char_t *st_ref_pattern);
-
+/**
+* Sets the operation. For ex: Public Key encrypt, Private Key Decrypt
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@operation the operation. For ex: Public Key encrypt, Private Key Decrypt
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_operation(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
oxs_asym_ctx_operation_t operation);
-
+/**
+* Sets the x509 crtificate used.
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@certificate the x509 crtificate used.
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_certificate(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
oxs_x509_cert_t *certificate);
-
+/**
+* Sets private key used
+*@ctx pointer to the OMXMLSec asymmetric context struct
+*@env pointer to environment struct
+*@private_key private key used
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_private_key(oxs_asym_ctx_t *asym_ctx,
const axis2_env_t *env,
Modified: webservices/axis2/trunk/c/rampart/include/oxs_buffer.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_buffer.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_buffer.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_buffer.h Sun Dec 10 20:42:09 2006
@@ -58,26 +58,51 @@
struct oxs_buffer_ops
{
+ /**
+ *Free function of the buffer
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
free)(
oxs_buffer_t *buffer,
const axis2_env_t *env
);
-
+ /**
+ *Removes the first (size) charcters from the buffer
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@size number of characters to be removed
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
remove_head)(
oxs_buffer_t *buffer,
const axis2_env_t *env,
int size
);
-
+ /**
+ *Removes the last (size) charcters from the buffer
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@size number of characters to be removed
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
remove_tail)(
oxs_buffer_t *buffer,
const axis2_env_t *env,
int size
);
-
+ /**
+ *populates the buffer using the @data set the @size as the useful length
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@data the data for the buffer
+ *@size the effective length of data
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
populate)(
oxs_buffer_t *buffer,
@@ -85,7 +110,14 @@
unsigned char *data,
int size
);
-
+ /**
+ *Append data (to the end)
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@data the data for the buffer
+ *@size the effective length of data
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
append)(
oxs_buffer_t *buffer,
@@ -93,7 +125,14 @@
unsigned char *data,
int size
);
-
+ /**
+ *Prepends data (to the front of the buffer)
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@data the data for the buffer
+ *@size the effective length of data
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
prepend)(
oxs_buffer_t *buffer,
@@ -101,40 +140,73 @@
unsigned char *data,
int size
);
-
+ /**
+ *Reads a file specified by @filename
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@filename The name of the file
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
read_file)(
oxs_buffer_t *buffer,
const axis2_env_t *env,
const axis2_char_t *filename
);
-
+ /**
+ *Sets the size
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@size the value of the size
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
set_size)(
oxs_buffer_t *buffer,
const axis2_env_t *env,
int size
);
-
+ /**
+ *Sets the maximum size of the buffer. Usually this will be allocated dynamically
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@size the maximum size of the buffer
+ *@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t (AXIS2_CALL *
set_max_size)(
oxs_buffer_t *buffer,
const axis2_env_t *env,
int size
);
-
+ /**
+ *Returns data
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@return data in the buffer
+ */
unsigned char* (AXIS2_CALL *
get_data)(
oxs_buffer_t *buffer,
const axis2_env_t *env
);
-
+ /**
+ *Returns the effective length of the buffer
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@return the effective length of the buffer as int
+ */
int (AXIS2_CALL *
get_size)(
oxs_buffer_t *buffer,
const axis2_env_t *env
);
-
+ /**
+ *Returns the maximum size of the buffer
+ *@buffer pointer to the OMXMLSec buffer struct
+ *@env pointer to environment struct
+ *@return the maximum size of the buffer
+ */
int (AXIS2_CALL *
get_max_size)(
oxs_buffer_t *buffer,
Modified: webservices/axis2/trunk/c/rampart/include/oxs_cipher.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_cipher.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_cipher.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_cipher.h Sun Dec 10 20:42:09 2006
@@ -33,16 +33,29 @@
{
#endif
+/**Get the cipher property for the given url
+* @env pointer to environment struct
+* @url the url as a string
+* @return the property
+*/
AXIS2_EXTERN openssl_cipher_property_t *AXIS2_CALL
oxs_get_cipher_property_for_url(const axis2_env_t *env,
axis2_char_t *url);
-/*Get the cipher name for the given url*/
+/**Get the cipher name for the given url
+* @env pointer to environment struct
+* @url the url as a string
+* @return the name as a string
+*/
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_get_cipher_name_for_url(const axis2_env_t *env,
axis2_char_t *url);
-/*Get the cipher url for the given name*/
+/**Get the cipher url for the given name
+ *@env pointer to environment struct
+ *@name the name as a string
+ *@return the url as a string
+ */
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_get_cipher_url_for_name(const axis2_env_t *env,
axis2_char_t *name);
Modified: webservices/axis2/trunk/c/rampart/include/oxs_encryption.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_encryption.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_encryption.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_encryption.h Sun Dec 10 20:42:09 2006
@@ -21,7 +21,7 @@
/**
* @file oxs_encryption.h
- * @brief
+ * @brief Provides data encryption and decryption functionalities of the OMXMLSec.
*/
#include <axis2_defines.h>
@@ -36,18 +36,40 @@
extern "C"
{
#endif
-
+/**
+*En/Decrypts given data buffer depending on the information avalable in the encryption context using
+*a symmetric key.
+*The resulted data will be placed on the result buffer.
+*Data are not valid only if the method returns AXIS2_SUCCESS
+*@enc_ctx pointer to the OMXMLSec symmetric encryption context struct
+*@env pointer to environment struct
+*@input the input buffer
+*@result the ouput or the ressulted data buffer
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_encryption_symmetric_crypt(const axis2_env_t *env,
oxs_ctx_t * enc_ctx,
oxs_buffer_t *input,
oxs_buffer_t *result);
-
+
+/**
+*En/Decrypts given data buffer deoending on the information avalable in the encryption context using an
+*asymmetric key, which can be a publik key extracted from a certificate or a private key.
+*The resulted data will be placed on the result buffer.
+*Data are not valid only if the method returns AXIS2_SUCCESS
+*@enc_ctx pointer to the OMXMLSec asymmetric encryption context struct
+*@env pointer to environment struct
+*@input the input buffer
+*@result the ouput or the ressulted data buffer
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_encryption_asymmetric_crypt(const axis2_env_t *env,
oxs_asym_ctx_t * enc_ctx,
oxs_buffer_t *input,
oxs_buffer_t *result);
+
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h Sun Dec 10 20:42:09 2006
@@ -38,7 +38,14 @@
extern "C"
{
#endif
-
+
+/**
+*Loads keys/certificates from a keystore or a PEm file depending on information available in the @ctx
+*@ctx pointer to the OMXMLSec asymmetric encryption context struct
+*@env pointer to environment struct
+*@password the password for the key store
+*@return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_key_mgr_load_key(const axis2_env_t *env,
oxs_asym_ctx_t *ctx,
Modified: webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h Sun Dec 10 20:42:09 2006
@@ -109,7 +109,15 @@
axis2_msg_ctx_t *msg_ctx,
axiom_soap_header_t *soap_header);
-
+ /**
+ * Creates a SOAP envelope based on params described below
+ * @param env pointer to environment struct
+ * @param sub_code the text of the Subcode element of a SOAP fault message
+ * @param reason_text the text in soapenv:Reason element
+ * @param detail_node_text the text in the soapenv:Detail element
+ * @param msg_ctx the msg_ctx
+ * @return soap_header security element node
+ */
AXIS2_EXTERN void AXIS2_CALL
rampart_create_fault_envelope(const axis2_env_t *env,
const axis2_char_t *sub_code,
@@ -117,6 +125,12 @@
const axis2_char_t *detail_node_text,
axis2_msg_ctx_t *msg_ctx);
+ /**
+ *Validates a security header elements
+ * @param env pointer to environment struct
+ * @param msg_ctx the msg_ctx
+ *@param sec_node the reference to the security node
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_validate_security_token(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
Modified: webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h Sun Dec 10 20:42:09 2006
@@ -34,6 +34,10 @@
#endif
/**
+* Processes a message depending on it's security related claims.
+* This is th emain module in the infow of a message if rampart is enabled.
+* Processing is depending on the order of tokens apear in the @sec_node
+* Also the module will check for the InflowSecurity Settings
* @param env pointer to environment struct
* @param msg_ctx message context
* @param actions actions defined in the descriptor file
Modified: webservices/axis2/trunk/c/rampart/include/rampart_sec_processed_result.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_sec_processed_result.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_sec_processed_result.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_sec_processed_result.h Sun Dec 10 20:42:09 2006
@@ -58,6 +58,8 @@
/**
* Set a security processed result property to the message context
+* @env the environment
+* @msg_ctx the message context in which data are extracted
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_set_security_processed_results_property(const axis2_env_t *env,
@@ -65,6 +67,8 @@
/**
* Get the complete set of security processed results
+* @env the environment
+* @msg_ctx the message context in which data are extracted
*/
AXIS2_EXTERN axis2_hash_t* AXIS2_CALL
rampart_get_all_security_processed_results(const axis2_env_t *env,
@@ -72,6 +76,8 @@
/**
* Prints all ke/val pairs in the security processed results
+ * @env the environment
+ * @msg_ctx the message context in which data are extracted
*
*/
AXIS2_EXTERN void AXIS2_CALL
Modified: webservices/axis2/trunk/c/rampart/include/rampart_util.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_util.h?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_util.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_util.h Sun Dec 10 20:42:09 2006
@@ -38,7 +38,13 @@
* @ingroup Rampart_Util
*/
-
+ /**
+ *@env the environment
+ *@callback_module_name the file name of the callback module (.so or .DLL)
+ *@username the name of the user to get the password
+ *@ctx The axis2 context
+ *@return the password for the user or NULL if failed
+ */
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
rampart_callback_password(const axis2_env_t *env,
@@ -48,6 +54,7 @@
/**
* Generates the nonce. Nonce is a base64 encoded random string.
+ * @env the environment
* @return generated nonce
*/
Modified: webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/client.enc.axis2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/client.enc.axis2.xml?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/client.enc.axis2.xml (original)
+++ webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/client.enc.axis2.xml Sun Dec 10 20:42:09 2006
@@ -29,7 +29,7 @@
<timeToLive>360</timeToLive>
<encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-1_5</encryptionKeyTransportAlgorithm>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm>
- <encryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/xhome/y_cert.cert</encryptionPropFile>
+ <encryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/ahome/b_cert.cert</encryptionPropFile>
<!--encryptionKeyIdentifier options : Embedded IssuerSerial DirectReference KeyIdentifier-->
<encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
</action>
@@ -41,8 +41,8 @@
<items>Encrypt</items>
<!--Following should be changed with your DLL or SO path-->
<passwordCallbackClass>/home/kau/axis2/c/deploy/bin/samples/rampart/callback/libpwcb.so</passwordCallbackClass>
- <decryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/xhome/x_store.pfx</decryptionPropFile>
- <encryptionUser>x</encryptionUser>
+ <decryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/ahome/a_store.pfx</decryptionPropFile>
+ <encryptionUser>a</encryptionUser>
</action>
</parameter>
<!--Rampart configurations END -->
Modified: webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/server.enc.axis2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/server.enc.axis2.xml?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/server.enc.axis2.xml (original)
+++ webservices/axis2/trunk/c/rampart/samples/client/enc_echo/data/server.enc.axis2.xml Sun Dec 10 20:42:09 2006
@@ -29,7 +29,7 @@
<timeToLive>360</timeToLive>
<encryptionKeyTransportAlgorithm>http://www.w3.org/2001/04/xmlenc#rsa-1_5</encryptionKeyTransportAlgorithm>
<encryptionSymAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</encryptionSymAlgorithm>
- <encryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/yhome/x_cert.cert</encryptionPropFile>
+ <encryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/bhome/a_cert.cert</encryptionPropFile>
<!--encryptionKeyIdentifier options : Embedded IssuerSerial DirectReference KeyIdentifier-->
<encryptionKeyIdentifier>IssuerSerial</encryptionKeyIdentifier>
</action>
@@ -41,8 +41,8 @@
<items>UsernameToken Timestamp Encrypt</items>
<!--Following should be changed with your DLL or SO path-->
<passwordCallbackClass>/home/kau/axis2/c/deploy/bin/samples/rampart/callback/libpwcb.so</passwordCallbackClass>
- <decryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/yhome/y_store.pfx</decryptionPropFile>
- <encryptionUser>y</encryptionUser>
+ <decryptionPropFile>/home/kau/axis2/c/rampart/samples/keys/bhome/b_store.pfx</decryptionPropFile>
+ <encryptionUser>b</encryptionUser>
</action>
</parameter>
<!--Rampart configurations END -->
Modified: webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh (original)
+++ webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh Sun Dec 10 20:42:09 2006
@@ -23,7 +23,7 @@
#copy libs to client_repo
echo "Copying libraries to client_repo"
-cp -rr $AXIS2C_HOME/lib $CLIENT_REPO/
+cp -r $AXIS2C_HOME/lib $CLIENT_REPO/
#INSTALL MODULES to make sure that both server and client have the same module.
echo "Copying latest modules to client_repo"
Modified: webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c (original)
+++ webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c Sun Dec 10 20:42:09 2006
@@ -98,63 +98,72 @@
/*Check InFlowSecurity parameters*/
ctx = AXIS2_MSG_CTX_GET_BASE(msg_ctx, env);
- param_in_flow_security = rampart_get_security_param(env, msg_ctx, RAMPART_INFLOW_SECURITY);
+ param_in_flow_security = rampart_get_security_param(env, msg_ctx,
+ RAMPART_INFLOW_SECURITY);
if (param_in_flow_security)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_in_handler]Inflow Security found");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_in_handler]Inflow Security found");
/*Get actions*/
- action_list = rampart_get_actions(env, ctx, param_in_flow_security);
+ action_list = rampart_get_actions(env, ctx,
+ param_in_flow_security);
if (action_list)
{
if (AXIS2_ARRAY_LIST_IS_EMPTY(action_list, env))
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_in_handler] No actions defined.");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_in_handler] No actions defined.");
}
/*Now we support only one action.i.e. Only the first action*/
- param_action = (axis2_param_t*) AXIS2_ARRAY_LIST_GET(action_list, env, 0);
+ param_action = (axis2_param_t*) AXIS2_ARRAY_LIST_GET(action_list,
+ env, 0);
if (param_action)
{
- status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions, env, param_action);
+ status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions,
+ env, param_action);
}else{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_in_handler] Cannot find first action element from the InflowSecurityParameter");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_in_handler] Cannot find first action element from the InflowSecurityParameter");
}
}
}else{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_in_handler] No Inflow Security in the paramter list.");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_in_handler] No Inflow Security in the paramter list.");
return AXIS2_SUCCESS;
}
/*Then re-populate using the axis2_ctx*/
- status = RAMPART_ACTIONS_POPULATE_FROM_CTX(actions, env, ctx);
-
+ status = RAMPART_ACTIONS_POPULATE_FROM_CTX(actions, env, ctx);
sec_node = rampart_get_security_token(env, msg_ctx, soap_header);
/*Set the security processed results to the message ctx*/
status = rampart_set_security_processed_results_property(env, msg_ctx);
if(AXIS2_FAILURE == status){
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_in_handler] Unable to set the security processed results");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_in_handler] Unable to set the security processed results");
}
if(!sec_node){
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_in_handler] No security header element.");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_in_handler] No security header element.");
return AXIS2_SUCCESS;
}
/*The main entry point for all security header validations*/
- status = rampart_shp_process_message(env, msg_ctx, actions, soap_envelope, sec_node);
+ status = rampart_shp_process_message(env, msg_ctx, actions,
+ soap_envelope, sec_node);
if (AXIS2_FAILURE == status)
- {
- /*rampart_create_fault_envelope(env, "wsse:Security", "Security header processing failed", sub_codes, msg_ctx);*/
+ {
return AXIS2_FAILURE;
}
- /*rampart_print_security_processed_results_set(env, msg_ctx);*/
+
} /* End of sec_header */
Modified: webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c (original)
+++ webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c Sun Dec 10 20:42:09 2006
@@ -128,17 +128,20 @@
axiom_soap_header_block_t *sec_header_block = NULL;
axiom_namespace_t *sec_ns_obj = NULL;
soap_header_node = AXIOM_SOAP_HEADER_GET_BASE_NODE(soap_header, env);
- soap_header_ele = (axiom_element_t *)AXIOM_NODE_GET_DATA_ELEMENT(soap_header_node, env);
+ soap_header_ele = (axiom_element_t *)AXIOM_NODE_GET_DATA_ELEMENT(
+ soap_header_node, env);
/*Create and populate rampart actions*/
actions = rampart_actions_create(env);
ctx = AXIS2_MSG_CTX_GET_BASE(msg_ctx, env);
- param_out_flow_security = rampart_get_security_param(env, msg_ctx, RAMPART_OUTFLOW_SECURITY);
+ param_out_flow_security = rampart_get_security_param(env, msg_ctx,
+ RAMPART_OUTFLOW_SECURITY);
if (!param_out_flow_security)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] No Outflow Security. So nothing to do");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_out_handler] No Outflow Security. So nothing to do");
/*return AXIS2_SUCCESS;*/
}else{
@@ -147,26 +150,31 @@
if (!action_list)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] No actions defined in outflow security");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_out_handler] No actions defined in outflow security");
return AXIS2_SUCCESS;
}
if (AXIS2_ARRAY_LIST_IS_EMPTY(action_list, env))
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] No actions defined in outflow security");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_out_handler] No actions defined in outflow security");
return AXIS2_SUCCESS;
}
/*Now we support only one action.*/
- param_action = (axis2_param_t*) AXIS2_ARRAY_LIST_GET(action_list, env, 0);
+ param_action = (axis2_param_t*) AXIS2_ARRAY_LIST_GET(action_list,
+ env, 0);
if (!param_action)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] Cannot find first action element ERROR");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_out_handler] Cannot find first action element ERROR");
return AXIS2_FAILURE;
}
- status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions, env, param_action);
+ status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions, env,
+ param_action);
}
/*Then re-populate using the axis2_ctx.
*This is a hack to facilitate PHP extension to pass security parameters using options
@@ -178,7 +186,8 @@
if (!items)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] No action items defined. Nothing to do");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_out_handler] No action items defined. Nothing to do");
return AXIS2_SUCCESS;
}
@@ -189,7 +198,8 @@
env, RAMPART_SECURITY, sec_ns_obj);
/*Set mustUnderstand=1*/
- AXIOM_SOAP_HEADER_BLOCK_SET_MUST_UNDERSTAND_WITH_BOOL(sec_header_block, env, AXIS2_TRUE);
+ AXIOM_SOAP_HEADER_BLOCK_SET_MUST_UNDERSTAND_WITH_BOOL(sec_header_block,
+ env, AXIS2_TRUE);
if (sec_header_block)
{
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c Sun Dec 10 20:42:09 2006
@@ -165,7 +165,8 @@
/*Free*/
AXIS2_FREE(env->allocator, iv);
iv = NULL;
-
+ OPENSSL_CIPHER_CTX_FREE(oc_ctx, env);
+ oc_ctx = NULL;
return AXIS2_SUCCESS;
}
@@ -202,7 +203,7 @@
if( OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT == operation ){
axis2_char_t *encoded_str = NULL;
oxs_x509_cert_t *x509_cert = NULL;
- unsigned char *encrypted = NULL;
+ oxs_buffer_t *out_buf = NULL;
int enclen = -1;
int encodedlen = -1;
int ret = -1;
@@ -212,37 +213,39 @@
pkey = oxs_x509_cert_get_public_key(x509_cert, env);
/*Encrypt using the public key. Then base64 encode and populate the buffer */
- enclen = OPENSSL_RSA_PUB_ENCRYPT(rsa, env, pkey, OXS_BUFFER_GET_DATA(input, env), &encrypted);
+ out_buf = oxs_buffer_create(env);
+ enclen = OPENSSL_RSA_PUB_ENCRYPT(rsa, env, pkey, input, out_buf);
encodedlen = axis2_base64_encode_len(enclen);
encoded_str = AXIS2_MALLOC(env->allocator, encodedlen);
- ret = axis2_base64_encode(encoded_str, (const char *)encrypted, enclen);
+ ret = axis2_base64_encode(encoded_str, (const char *)OXS_BUFFER_GET_DATA(out_buf, env), enclen);
status = OXS_BUFFER_POPULATE(result, env, (unsigned char*)AXIS2_STRDUP(encoded_str, env), encodedlen);
/*Free*/
- AXIS2_FREE(env->allocator, encrypted);
- encrypted = NULL;
+ OXS_BUFFER_FREE(out_buf, env);
+ out_buf = NULL;
AXIS2_FREE(env->allocator, encoded_str);
encoded_str = NULL;
}else if(OXS_ASYM_CTX_OPERATION_PRV_DECRYPT == operation ){
unsigned char *decoded_encrypted_str = NULL;
- unsigned char *decrypted = NULL;
+ oxs_buffer_t *dec_enc_buf = NULL;
int ret = -1;
int declen = -1;
-
+
/*Operation id PRV DECRYPT; Get the private key from the context*/
pkey = oxs_asym_ctx_get_private_key(ctx, env);
/*Base64 decode first. Then do the decryption and populate the buffer*/
decoded_encrypted_str = AXIS2_MALLOC(env->allocator, axis2_base64_decode_len((char*)OXS_BUFFER_GET_DATA(input, env)));
ret = axis2_base64_decode((char*)decoded_encrypted_str, (char*)OXS_BUFFER_GET_DATA(input, env));
- declen = OPENSSL_RSA_PRV_DECRYPT(rsa, env, pkey, decoded_encrypted_str, &decrypted);
- status = OXS_BUFFER_POPULATE(result, env, AXIS2_STRMEMDUP(decrypted, declen, env), declen);
+ dec_enc_buf = oxs_buffer_create(env);
+ OXS_BUFFER_POPULATE(dec_enc_buf, env, decoded_encrypted_str, ret);
+ declen = OPENSSL_RSA_PRV_DECRYPT(rsa, env, pkey, dec_enc_buf, result);
/*Free*/
AXIS2_FREE(env->allocator, decoded_encrypted_str);
decoded_encrypted_str = NULL;
- AXIS2_FREE(env->allocator, decrypted);
- decrypted = NULL;
+ OXS_BUFFER_FREE(dec_enc_buf, env);
+ dec_enc_buf = NULL;
}else if(OXS_ASYM_CTX_OPERATION_PRV_ENCRYPT == operation ){
/**/
@@ -253,6 +256,9 @@
}
/*TODO Set certificate information taken from the PEM file */
+ /*Free*/
+ OPENSSL_RSA_FREE(rsa, env);
+ rsa = NULL;
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c Sun Dec 10 20:42:09 2006
@@ -158,13 +158,6 @@
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
ctx_impl = AXIS2_INTF_TO_IMPL(ctx);
- /*TODO Check how to free the EVP_CIPHER. Might be a problem if we try to free it here.*/
- if (ctx_impl->key)
- {
- OXS_KEY_FREE(ctx_impl->key, env);
- /*AXIS2_FREE(env->allocator, ctx_impl->key);*/
- ctx_impl->key = NULL;
- }
if (ctx_impl->iv)
{
@@ -266,10 +259,9 @@
if (ctx_impl->key)
{
OXS_KEY_FREE(ctx_impl->key, env);
- /*AXIS2_FREE(env->allocator, ctx_impl->key);*/
ctx_impl->key = NULL;
}
- ctx_impl->key = key ;/* AXIS2_STRDUP(key, env);*/
+ ctx_impl->key = key ;
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c Sun Dec 10 20:42:09 2006
@@ -58,16 +58,16 @@
openssl_rsa_t *rsa,
const axis2_env_t *env,
const openssl_pkey_t *pkey,
- unsigned char *in,
- unsigned char **out);
+ oxs_buffer_t *in,
+ oxs_buffer_t *out);
int AXIS2_CALL
openssl_rsa_pub_encrypt(
openssl_rsa_t *rsa,
const axis2_env_t *env,
const openssl_pkey_t *pkey,
- unsigned char *in,
- unsigned char **out);
+ oxs_buffer_t *in,
+ oxs_buffer_t *out);
/*****************End of function headers ****************************/
static void
@@ -134,8 +134,8 @@
openssl_rsa_t *rsa,
const axis2_env_t *env,
const openssl_pkey_t *pkey,
- unsigned char *in,
- unsigned char **out)
+ oxs_buffer_t *in,
+ oxs_buffer_t *out)
{
unsigned char *encrypted = NULL;
openssl_rsa_impl_t *rsa_impl = NULL;
@@ -147,8 +147,8 @@
key = (EVP_PKEY *)OPENSSL_PKEY_GET_KEY(pkey, env);
encrypted = AXIS2_MALLOC(env->allocator, RSA_size(key->pkey.rsa));
- ret = RSA_public_encrypt(strlen((char*)in),
- in,
+ ret = RSA_public_encrypt(OXS_BUFFER_GET_SIZE(in, env),
+ OXS_BUFFER_GET_DATA(in, env),
encrypted,
key->pkey.rsa ,
/*RSA_PKCS1_OAEP_PADDING);*/
@@ -159,7 +159,7 @@
"RSA encryption failed");
return (-1);
}
- *out = encrypted;
+ OXS_BUFFER_POPULATE(out, env, encrypted, ret);
return ret;
}
@@ -168,8 +168,8 @@
openssl_rsa_t *rsa,
const axis2_env_t *env,
const openssl_pkey_t *pkey,
- unsigned char *in,
- unsigned char **out)
+ oxs_buffer_t *in,
+ oxs_buffer_t *out)
{
unsigned char *decrypted = NULL;
openssl_rsa_impl_t *rsa_impl = NULL;
@@ -182,7 +182,7 @@
key = (EVP_PKEY *)OPENSSL_PKEY_GET_KEY(pkey, env);
decrypted = AXIS2_MALLOC(env->allocator, RSA_size(key->pkey.rsa));
ret = RSA_private_decrypt(RSA_size(key->pkey.rsa),
- in,
+ OXS_BUFFER_GET_DATA(in, env),
decrypted,
key->pkey.rsa,
/*RSA_PKCS1_OAEP_PADDING);*/
@@ -193,7 +193,7 @@
"RSA decryption failed");
return (-1);
}
- *out = decrypted;
+ OXS_BUFFER_POPULATE(out, env, decrypted, ret);
return ret;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c Sun Dec 10 20:42:09 2006
@@ -30,8 +30,6 @@
{
axis2_status_t status = AXIS2_FAILURE;
int ret;
- int encodedlen;
- axis2_char_t *encoded_str = NULL;
unsigned char temp_buffer[1024];
ret = RAND_bytes(temp_buffer, size);
@@ -42,13 +40,20 @@
return AXIS2_FAILURE;
}
/*Encoding make it easier to handle random data*/
+#if 0
+ int encodedlen;
+ axis2_char_t *encoded_str = NULL;
+
encodedlen = axis2_base64_encode_len(size);
encoded_str = AXIS2_MALLOC(env->allocator, encodedlen);
ret = axis2_base64_encode(encoded_str, (const char *)temp_buffer, size);
status = OXS_BUFFER_POPULATE(buffer, env, (unsigned char*)encoded_str, size);
-
AXIS2_FREE(env->allocator, encoded_str);
encoded_str = NULL;
+#else
+ status = OXS_BUFFER_POPULATE(buffer, env, (unsigned char*)temp_buffer, size);
+
+#endif
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c Sun Dec 10 20:42:09 2006
@@ -363,9 +363,6 @@
return result;
}
-
-
-
AXIS2_EXTERN void AXIS2_CALL
openssl_x509_print(const axis2_env_t *env,
X509 *cert)
@@ -380,7 +377,6 @@
printf("OPENSSL_X509_INFO_VERSION : %s\n", openssl_x509_get_info(env,OPENSSL_X509_INFO_VERSION ,cert));
printf("OPENSSL_X509_INFO_PUBKEY : %s\n", openssl_x509_get_info(env,OPENSSL_X509_INFO_PUBKEY ,cert));
printf("OPENSSL_X509_INFO_PUBKEY_ALGO : %s\n", openssl_x509_get_info(env,OPENSSL_X509_INFO_PUBKEY_ALGO ,cert));
- /*printf("SUBJ_NAME_HASH : %u\n", openssl_x509_get_subject_name_hash(env,cert));*/
printf("SERIAL : %u\n", openssl_x509_get_serial(env,cert));
printf("PUBKEY : %s\n", openssl_x509_get_cert_data(env,cert));
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_cipher_data.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_cipher_data.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_cipher_data.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_cipher_data.c Sun Dec 10 20:42:09 2006
@@ -58,7 +58,6 @@
value = oxs_token_get_cipher_value(env, cv_node);
}else{
/*If not then check for <CipherReference URI?>*/
- /*TODO*/
}
return value;
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c Sun Dec 10 20:42:09 2006
@@ -52,7 +52,7 @@
/*Its safe to assume that PEM can be without extension*/
return OXS_ASYM_CTX_FORMAT_PEM;
}
- printf("ext %s", extension);
+
if((strcmp(extension, ".pfx") == 0) ){
return OXS_ASYM_CTX_FORMAT_PKCS12;
}else{
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c Sun Dec 10 20:42:09 2006
@@ -258,6 +258,7 @@
}
/*Free*/
OXS_BUFFER_FREE(serialized_buf, env);
+ serialized_buf = NULL;
/*Return success*/
return AXIS2_SUCCESS;
@@ -299,6 +300,7 @@
/*Free buffers*/
OXS_BUFFER_FREE(result_buf, env);
+ result_buf = NULL;
return AXIS2_SUCCESS;
}
@@ -340,6 +342,9 @@
AXIOM_NODE_ADD_CHILD(parent_of_enc_node, env, deserialized_node);
AXIOM_NODE_DETACH(enc_type_node, env);
+ OXS_BUFFER_FREE(result_buf, env);
+ result_buf = NULL;
+
return AXIS2_SUCCESS;
}
@@ -357,6 +362,7 @@
axis2_char_t *type = NULL;
axis2_char_t *id = NULL;
oxs_buffer_t *input_buf = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
/*Get the symmetric encryption algorithm*/
enc_mtd_node = oxs_axiom_get_first_child_node_by_name(env, enc_type_node, OXS_NODE_ENCRYPTION_METHOD, NULL, NULL);
@@ -384,7 +390,13 @@
/*Decrypt*/
OXS_CTX_SET_OPERATION(enc_ctx, env, OXS_CTX_OPERATION_DECRYPT);
- return oxs_encryption_symmetric_crypt(env, enc_ctx, input_buf, result_buf);
+ status = oxs_encryption_symmetric_crypt(env, enc_ctx, input_buf, result_buf);
+
+ /*Free*/
+ OXS_BUFFER_FREE(input_buf, env);
+ input_buf = NULL;
+
+ return status;
}
/*For SOAP this parent is the wsse:Security node*/
@@ -417,6 +429,10 @@
/*Call encryption*/
status = oxs_encryption_asymmetric_crypt(env, asym_ctx, input, result);
+ /*Free input*/
+ OXS_BUFFER_FREE(input, env);
+ input = NULL;
+
if(AXIS2_FAILURE == status){
oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
"Assymmetric key encryption failed");
@@ -453,6 +469,10 @@
cv_node = oxs_token_build_cipher_value_element(env, cd_node, encrypted_key_data);
oxs_token_build_data_reference_list(env, encrypted_key_node, id_list);
+ /*Free*/
+ OXS_BUFFER_FREE(result, env);
+ result = NULL;
+
return AXIS2_SUCCESS;
}
@@ -505,6 +525,10 @@
/*Call decryption*/
status = oxs_encryption_asymmetric_crypt(env, asym_ctx, input_buf, result_buf);
+ /*Free input*/
+ OXS_BUFFER_FREE(input_buf, env);
+ input_buf = NULL;
+
if(AXIS2_FAILURE == status){
return AXIS2_FAILURE;
}
@@ -515,6 +539,9 @@
"decrypted_session_key",
OXS_BUFFER_GET_SIZE(result_buf, env),
OXS_KEY_USAGE_DECRYPT );
+ /*Free*/
+ OXS_BUFFER_FREE(result_buf, env);
+ result_buf = NULL;
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_action.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_action.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_action.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_action.c Sun Dec 10 20:42:09 2006
@@ -588,7 +588,8 @@
AXIS2_FREE(env->allocator, actions_impl->encryption_key_transport_algorithm);
actions_impl->encryption_key_transport_algorithm = NULL;
}
- actions_impl->encryption_key_transport_algorithm = AXIS2_STRDUP(encryption_key_transport_algorithm, env);
+ actions_impl->encryption_key_transport_algorithm =
+ AXIS2_STRDUP(encryption_key_transport_algorithm, env);
if(!actions_impl->encryption_key_transport_algorithm ){
return AXIS2_FAILURE;
}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_crypto_util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_crypto_util.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_crypto_util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_crypto_util.c Sun Dec 10 20:42:09 2006
@@ -63,7 +63,8 @@
}
else
{/*If all nonce, created and password are present*/
- input = AXIS2_MALLOC(env->allocator, decoded_nonce_length + AXIS2_STRLEN(created) + AXIS2_STRLEN(password) + 1);
+ input = AXIS2_MALLOC(env->allocator,
+ decoded_nonce_length + AXIS2_STRLEN(created) + AXIS2_STRLEN(password) + 1);
sprintf(input, "%s%s%s", decoded_nonce, created, password);
}
@@ -72,5 +73,3 @@
AXIS2_FREE(env->allocator, decoded_nonce);
return digest;
}
-
-
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Sun Dec 10 20:42:09 2006
@@ -35,11 +35,11 @@
#include <oxs_token_key_info.h>
#include <oxs_token_key_name.h>
#include <oxs_key.h>
+#include <oxs_axiom.h>
+#include <oxs_asym_ctx.h>
#include <oxs_token_reference_list.h>
#include <axis2_utils.h>
#include <axis2_array_list.h>
-#include <oxs_axiom.h>
-#include <oxs_asym_ctx.h>
/*Private functions*/
static axis2_status_t
@@ -219,14 +219,28 @@
"Data decryption failed", RAMPART_FAULT_IN_ENCRYPTED_DATA, msg_ctx);
return AXIS2_FAILURE;
}
+ /*Free*/
+ OXS_CTX_FREE(ctx, env);
+ ctx = NULL;
+
AXIS2_LOG_INFO(env->log, "[rampart][shp] Node ID=%s decrypted successfuly", id);
}
+
+
+ /*Set the security processed result*/
+ rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_ENC_CHECKED, RAMPART_YES);
+
+ /*Free*/
+ oxs_asym_ctx_free(asym_ctx, env);
+ asym_ctx = NULL;
+ OXS_KEY_FREE(decrypted_sym_key, env);
+ decrypted_sym_key = NULL;
return AXIS2_SUCCESS;
}
static axis2_status_t
-rampart_shp_enforce_security(const axis2_env_t *env,
+rampart_shp_pre_security_check(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
@@ -277,17 +291,78 @@
return AXIS2_FAILURE;
}
+ }
+
+ }
+ return AXIS2_SUCCESS;
+}
+
+/*Compare security checked results with action items*/
+static axis2_status_t
+rampart_shp_post_security_check(const axis2_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_actions_t *actions)
+{
+ axis2_char_t *items = NULL;
+ axis2_array_list_t *items_list = NULL;
+ int i = 0, size = 0;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Enforcing Security");
+ items = RAMPART_ACTIONS_GET_ITEMS(actions, env);
+ if (!items)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No items defined. So nothing to do.");
+ return AXIS2_SUCCESS;
+ }
+
+ /*Get action items seperated by spaces*/
+ items_list = axis2_tokenize(env, items, ' ');
+ size = AXIS2_ARRAY_LIST_SIZE(items_list, env);
+
+ /*Iterate thru items*/
+ for (i = 0; i < size; i++)
+ {
+ axis2_char_t *item = NULL;
+ axis2_char_t *result = NULL;
+ item = AXIS2_ARRAY_LIST_GET(items_list, env, i);
+
+ if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item, NULL))){
+ /*UT is a MUST. So identify if the UT is available*/
+ result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_CHECKED);
+ if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] UsernameToken is required. But not available");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_SECURITY_TOKEN_UNAVAILABLE,
+ "UsernameToken is not available", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ result = NULL;
+ }else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
+ /*TS is a MUST.*/
+ result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_TS_CHECKED);
+ if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is required. But not available");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_SECURITY_TOKEN_UNAVAILABLE,
+ "Timestamp is not available", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ result = NULL;
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_ENCRYPT, AXIS2_STRTRIM(env, item, NULL))){
/*Encryption is a MUST*/
+ result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_ENC_CHECKED);
+ if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Encryption is required. But not available");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_SECURITY_TOKEN_UNAVAILABLE,
+ "Data are not encrypted", RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ result = NULL;
}else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_SIGNATURE, AXIS2_STRTRIM(env, item, NULL))){
/*Signature is a MUST*/
}
- }
+ }
return AXIS2_SUCCESS;
}
-
-
/*Public functions*/
@@ -306,8 +381,8 @@
axis2_status_t status = AXIS2_FAILURE;
/*If certian security elements are expected by the reciever, rampart should check for those */
- /*This should be done along with the the message header processing. Need to be modified later for encryption*/
- status = rampart_shp_enforce_security(env, msg_ctx, actions, soap_envelope, sec_node);
+ /*This should be removed once header encryption is introduced. But this pre-check avoids further processing of headers.*/
+ status = rampart_shp_pre_security_check(env, msg_ctx, actions, soap_envelope, sec_node);
if(AXIS2_FAILURE == status){
return AXIS2_FAILURE;
}
@@ -362,7 +437,11 @@
cur_node = AXIOM_NODE_GET_NEXT_SIBLING(cur_node, env);
}/*End of while*/
-
+ status = rampart_shp_post_security_check(env, msg_ctx, actions);
+ if(AXIS2_FAILURE == status){
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header doesn't confirms reciever's policy");
+ return AXIS2_FAILURE;
+ }
AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE ");
/*Do the action accordingly*/
return AXIS2_SUCCESS;
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_processed_result.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_processed_result.c?view=diff&rev=485493&r1=485492&r2=485493
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_processed_result.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_processed_result.c Sun Dec 10 20:42:09 2006
@@ -114,7 +114,6 @@
for (hi = axis2_hash_first(sec_processed_results, env); hi; hi = axis2_hash_next(env, hi)) {
axis2_hash_this(hi, &key, NULL, &val);
AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][spr] (key, val) %s = %s\n", (axis2_char_t*)key, (axis2_char_t*)val);
- /*printf("%s = %s\n", (axis2_char_t*)key, (axis2_char_t*)val);*/
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org