You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/04/23 07:32:37 UTC
svn commit: r531338 - in /webservices/rampart/trunk/c: include/
samples/secpolicy/scenario9/ src/secpolicy/model/ src/util/
Author: kaushalye
Date: Sun Apr 22 22:32:35 2007
New Revision: 531338
URL: http://svn.apache.org/viewvc?view=rev&rev=531338
Log:
Fixing header signing problem in Rampart.
Changing scenario9 to depict more detailed signing approaches.
Modified:
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml
webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml
webservices/rampart/trunk/c/src/secpolicy/model/algorithmsuite.c
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?view=diff&rev=531338&r1=531337&r2=531338
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Sun Apr 22 22:32:35 2007
@@ -84,6 +84,7 @@
#define RAMPART_FAULT_IN_USERNAMETOKEN "wsse:UsernameToken"
#define RAMPART_FAULT_IN_ENCRYPTED_KEY "xenc:EncryptedKey"
#define RAMPART_FAULT_IN_ENCRYPTED_DATA "xenc:EncryptedData"
+#define RAMPART_FAULT_IN_SIGNATURE "ds:Signature"
/*Dynamically set values*/
#define RAMPART_ACTION_PASSWORD "password"
Modified: webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml?view=diff&rev=531338&r1=531337&r2=531338
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml Sun Apr 22 22:32:35 2007
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256Rsa15/>
+ <sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -35,10 +35,11 @@
</sp:AsymmetricBinding>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
- <rampc:SignedItems xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <!--rampc:SignedItems xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:Element Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
- </rampc:SignedItems>
+ </rampc:SignedItems-->
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:EncryptionUser>a</rampc:EncryptionUser>
<rampc:PasswordCallbackClass>/home/AXIS2_USER/axis2/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
Modified: webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml?view=diff&rev=531338&r1=531337&r2=531338
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml Sun Apr 22 22:32:35 2007
@@ -35,6 +35,7 @@
</sp:AsymmetricBinding>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
</sp:SignedParts>
<rampc:SignedItems xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:Element Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
Modified: webservices/rampart/trunk/c/src/secpolicy/model/algorithmsuite.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secpolicy/model/algorithmsuite.c?view=diff&rev=531338&r1=531337&r2=531338
==============================================================================
--- webservices/rampart/trunk/c/src/secpolicy/model/algorithmsuite.c (original)
+++ webservices/rampart/trunk/c/src/secpolicy/model/algorithmsuite.c Sun Apr 22 22:32:35 2007
@@ -107,6 +107,26 @@
return algorithmsuite->algosuite_string;
}
+/* Set different algorithm for enryption and signing etc. depending on the algorithm suite.
+ * The suites are defined in section 7.1 of WS-Security Policy specification
+ * Algorithm Suite [Dig] [Enc] [Sym KW] [Asym KW] [Enc KD] [Sig KD] [Min SKL]
+ * Basic256 Sha1 Aes256 KwAes256 KwRsaOaep PSha1L256 PSha1L192 256
+ * Basic192 Sha1 Aes192 KwAes192 KwRsaOaep PSha1L192 PSha1L192 192
+ * Basic128 Sha1 Aes128 KwAes128 KwRsaOaep PSha1L128 PSha1L128 128
+ * TripleDes Sha1 TripleDes KwTripleDes KwRsaOaep PSha1L192 PSha1L192 192
+ * Basic256Rsa15 Sha1 Aes256 KwAes256 KwRsa15 PSha1L256 PSha1L192 256
+ * Basic192Rsa15 Sha1 Aes192 KwAes192 KwRsa15 PSha1L192 PSha1L192 192
+ * Basic128Rsa15 Sha1 Aes128 KwAes128 KwRsa15 PSha1L128 PSha1L128 128
+ * TripleDesRsa15 Sha1 TripleDes KwTripleDes KwRsa15 PSha1L192 PSha1L192 192
+ * Basic256Sha256 Sha256 Aes256 KwAes256 KwRsaOaep PSha1L256 PSha1L192 256
+ * Basic192Sha256 Sha256 Aes192 KwAes192 KwRsaOaep PSha1L192 PSha1L192 192
+ * Basic128Sha256 Sha256 Aes128 KwAes128 KwRsaOaep PSha1L128 PSha1L128 128
+ * TripleDesSha256 Sha256 TripleDes KwTripleDes KwRsaOaep PSha1L192 PSha1L192 192
+ * Basic256Sha256Rsa15 Sha256 Aes256 KwAes256 KwRsa15 PSha1L256 PSha1L192 256
+ * Basic192Sha256Rsa15 Sha256 Aes192 KwAes192 KwRsa15 PSha1L192 PSha1L192 192
+ * Basic128Sha256Rsa15 Sha256 Aes128 KwAes128 KwRsa15 PSha1L128 PSha1L128 128
+ * TripleDesSha256Rsa15 Sha256 TripleDes KwTripleDes KwRsa15 PSha1L192 PSha1L192 192
+ **/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rp_algorithmsuite_set_algosuite(rp_algorithmsuite_t *algorithmsuite,
@@ -118,7 +138,7 @@
algorithmsuite->algosuite_string = algosuite_string;
- if(axutil_strcmp(algosuite_string,RP_ALGO_SUITE_BASIC256)==0)
+ if(axutil_strcmp(algosuite_string, RP_ALGO_SUITE_BASIC256)==0)
{
algorithmsuite->digest = RP_SHA1;
algorithmsuite->encryption = RP_AES256;
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?view=diff&rev=531338&r1=531337&r2=531338
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Sun Apr 22 22:32:35 2007
@@ -887,11 +887,11 @@
if(node)
{
axutil_array_list_add(nodes_to_encrypt_or_sign,env,node);
- return AXIS2_SUCCESS;
}
}
- }
+ }/*eof for*/
+ return AXIS2_SUCCESS;
}
else if(axutil_strcmp(local_name,"Security")==0)
{
@@ -1511,8 +1511,9 @@
if(header)
{
status = rampart_context_set_nodes_to_encrypt_or_sign(header,env,soap_envelope,nodes_to_sign_or_encrypt);
- if(status!=AXIS2_FAILURE)
+ if(status == AXIS2_FAILURE){
return AXIS2_FAILURE;
+ }
}
}
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?view=diff&rev=531338&r1=531337&r2=531338
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Sun Apr 22 22:32:35 2007
@@ -770,9 +770,13 @@
return AXIS2_FAILURE;
}
AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
+
status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
- if(status!=AXIS2_SUCCESS)
+
+ if(status!=AXIS2_SUCCESS){
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
return status;
+ }
}
else
{
@@ -868,8 +872,10 @@
}
AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
- if(status!=AXIS2_SUCCESS)
+ if(status!=AXIS2_SUCCESS){
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
return status;
+ }
}
else
{
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?view=diff&rev=531338&r1=531337&r2=531338
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Sun Apr 22 22:32:35 2007
@@ -105,12 +105,11 @@
status2 = rampart_context_get_elements_to_sign(rampart_context,env,soap_envelope,nodes_to_sign);
- if(status1 == AXIS2_SUCCESS || status2 == AXIS2_SUCCESS)
+ if(status1 == AXIS2_SUCCESS || status2 == AXIS2_SUCCESS){
return AXIS2_SUCCESS;
-
- else
+ }else{
return AXIS2_FAILURE;
-
+ }
}