You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ma...@apache.org on 2007/03/09 12:24:21 UTC
svn commit: r516373 - in /webservices/axis2/trunk/c/rampart/src/util:
rampart_sec_header_builder.c rampart_signature.c
Author: manjula
Date: Fri Mar 9 03:24:14 2007
New Revision: 516373
URL: http://svn.apache.org/viewvc?view=rev&rev=516373
Log:
modifying security header builder to build signature and making
key reference elements.
Modified:
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c
webservices/axis2/trunk/c/rampart/src/util/rampart_signature.c
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c?view=diff&rev=516373&r1=516372&r2=516373
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c Fri Mar 9 03:24:14 2007
@@ -43,6 +43,21 @@
#include <axis2_array_list.h>
/*Private functions*/
+axis2_status_t AXIS2_CALL
+rampart_interchange_nodes(const axis2_env_t *env,
+ axiom_node_t *node_to_move,
+ axiom_node_t *node_before)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+
+ axiom_node_t *temp_node = NULL;
+
+ temp_node = axiom_node_detach(node_to_move,env);
+ status = axiom_node_insert_sibling_before(node_before,env,temp_node);
+
+ return status;
+}
+
/*Public functions*/
@@ -63,6 +78,9 @@
axiom_namespace_t *sec_ns_obj = NULL;
axiom_node_t *sec_node = NULL;
axiom_element_t *sec_ele = NULL;
+ axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
+ axiom_node_t *sig_node = NULL;
+ axiom_node_t *enc_key_node = NULL;
AXIS2_ENV_CHECK(env,AXIS2_FAILURE);
soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
@@ -144,27 +162,59 @@
/*Check the encryption and signature order*/
if(rampart_context_is_encrypt_before_sign(rampart_context,env))
{
+ is_encrypt_before_sign = AXIS2_TRUE;
/*Check what are the parts to encrypt and send them to the encrypt method*/
status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node);
- if(!status)
+ if(status != AXIS2_SUCCESS)
return AXIS2_FAILURE;
/*Then do signature specific things*/
- /*status = rampart_sig_sign_message(env,msg_ctx,rampart_context,soap_envelope,sec_node);*/
+ status = rampart_sig_sign_message(env,msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(status != AXIS2_SUCCESS)
+ return AXIS2_FAILURE;
/*Then Handle Supporting token stuff */
}
else
{
+ is_encrypt_before_sign = AXIS2_FALSE;
/*First do signature specific stuff*/
+ status = rampart_sig_sign_message(env,msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(status != AXIS2_SUCCESS)
+ return AXIS2_FAILURE;
/*Then Handle Encryption stuff*/
status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node);
- if(!status)
+ if(status!=AXIS2_SUCCESS )
return AXIS2_FAILURE;
}
+ /*If both encryption and signature is done we should intercgange them.
+ * because the action done last should appear first in the header. */
+ sig_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
+ enc_key_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(sig_node && enc_key_node)
+ {
+ if(is_encrypt_before_sign)
+ {
+ status = rampart_interchange_nodes(env,sig_node,enc_key_node);
+ if(status!=AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shb]Node interchange failed.");
+ return status;
+ }
+ }
+ else
+ {
+ status = rampart_interchange_nodes(env,enc_key_node,sig_node);
+ if(status!=AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shb]Node interchange failed.");
+ return status;
+ }
+ }
+ }
return AXIS2_SUCCESS;
}
else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC)
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_signature.c?view=diff&rev=516373&r1=516372&r2=516373
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_signature.c Fri Mar 9 03:24:14 2007
@@ -40,8 +40,64 @@
#include <oxs_sign_ctx.h>
#include <oxs_sign_part.h>
#include <oxs_xml_signature.h>
-
+#include <axis2_key_type.h>
+#include <rampart_token_builder.h>
+#include <oxs_token_binary_security_token.h>
+#include <oxs_token_security_token_reference.h>
+#include <oxs_token_reference.h>
/*Public functions*/
+
+oxs_x509_cert_t *AXIS2_CALL
+rampart_sig_get_cert(const axis2_env_t *env,
+ rampart_context_t *rampart_context)
+{
+ void *key_buf = NULL;
+ axis2_key_type_t type = 0;
+ oxs_x509_cert_t *cert = NULL;
+ axis2_char_t *certificate_file = NULL;
+
+ key_buf = rampart_context_get_pub_key(rampart_context,env);
+ if(key_buf)
+ {
+ type = rampart_context_get_pub_key_type(rampart_context,env);
+ if(type == AXIS2_KEY_TYPE_PEM)
+ {
+ cert = oxs_key_mgr_load_x509_cert_from_string(env,(axis2_char_t *)key_buf);
+ if(!cert)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Certificate cannot be loaded from the buffer.");
+ return NULL;
+ }
+ else return cert;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Key file type unknown.");
+ return NULL;
+ }
+ }
+ else
+ {
+ certificate_file = rampart_context_get_public_key_file(rampart_context,env);
+ if(certificate_file)
+ {
+ cert = oxs_key_mgr_load_x509_cert_from_pem_file(env,certificate_file);
+ if(!cert)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Certificate cannot be loaded from the file.");
+ return NULL;
+ }
+ else return cert;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Public key certificate file is not specified.");
+ return NULL;
+ }
+ }
+
+}
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_sig_sign_message(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
@@ -66,10 +122,16 @@
rampart_callback_t *password_callback = NULL;
password_callback_fn password_function = NULL;
axiom_node_t *sig_node = NULL;
-
+ axis2_char_t *eki = NULL;
+ axis2_bool_t is_direct_reference = AXIS2_TRUE;
void *param = NULL;
void *key_buf = NULL;
int i = 0;
+ oxs_x509_cert_t *cert = NULL;
+ axiom_node_t *key_info_node = NULL;
+ axiom_node_t *bst_node = NULL;
+ axis2_char_t *cert_id = NULL;
+
/*Get nodes to be signed*/
server_side = axis2_msg_ctx_get_server_side(msg_ctx,env);
nodes_to_sign = axis2_array_list_create(env,0);
@@ -86,19 +148,59 @@
if(!token)
{
AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Signature Token is not specified");
- return AXIS2_SUCCESS;
+ return AXIS2_FAILURE;
}
token_type = rp_property_get_type(token,env);
if(token_type != RP_TOKEN_X509)
{
AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] We only support X509 tokens");
- return AXIS2_SUCCESS;
+ return AXIS2_FAILURE;
}
if(rampart_context_check_is_derived_keys(env,token))
{
AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] We still do not support derived keys");
return AXIS2_FAILURE;
}
+ eki = rampart_context_get_enc_key_identifier(rampart_context,token,server_side,env);
+ if(!eki)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Key Identifier cannot be found.");
+ return AXIS2_FAILURE;
+ }
+
+ /*If the type is direct reference we first build bst element*/
+ if(axis2_strcmp(eki,RAMPART_STR_DIRECT_REFERENCE)==0)
+ {
+ axis2_char_t *bst_data = NULL;
+
+ cert = rampart_sig_get_cert(env,rampart_context);
+ if(!cert)
+ {
+ return AXIS2_FAILURE;
+ }
+ /*This flag will be useful when creating key Info element.*/
+ is_direct_reference = AXIS2_TRUE;
+
+ cert_id = oxs_util_generate_id(env,(axis2_char_t*)OXS_CERT_ID);
+ bst_data = oxs_x509_cert_get_data(cert, env);
+ if(!bst_data)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Certificate data cannot be loaded from the cert.");
+ return AXIS2_FAILURE;
+ }
+
+ bst_node = oxs_token_build_binary_security_token_element(env,sec_node,
+ cert_id , OXS_VALUE_X509V3, OXS_ENCODING_BASE64BINARY, bst_data);
+ if(!bst_node)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_signature] Binary Security Token creation failed.");
+ return AXIS2_FAILURE;
+ }
+
+ }
+ else
+ is_direct_reference = AXIS2_FALSE;
+
/*Get the asymmetric signature algorithm*/
asym_sig_algo = rampart_context_get_asym_sig_algo(rampart_context,env);
digest_method = rampart_context_get_digest_mtd(rampart_context,env);
@@ -217,7 +319,58 @@
AXIS2_LOG_INFO(env->log, "[rampart][rampart_signature] Message signing failed.");
return AXIS2_FAILURE;
}
-
+ /*Now we must build the Key Info element*/
+
+ key_info_node = oxs_token_build_key_info_element(env,sig_node);
+ if(!key_info_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_signature] Key info element build failed.");
+ return AXIS2_FAILURE;
+ }
+ if(is_direct_reference)
+ {
+ axiom_node_t *str_node = NULL;
+ axiom_node_t *reference_node = NULL;
+ axis2_char_t *cert_id_ref = NULL;
+ str_node = oxs_token_build_security_token_reference_element(env,key_info_node);
+ if(!str_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_signature] Security Token element creation failed in Direct reference.");
+ return AXIS2_FAILURE;
+ }
+ cert_id_ref = axis2_stracat("#",cert_id,env);
+ reference_node = oxs_token_build_reference_element(env,str_node,cert_id_ref,OXS_VALUE_X509V3);
+ if(!reference_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_signature] Security Token element creation failed in Direct reference.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ cert = rampart_sig_get_cert(env,rampart_context);
+ if(!cert)
+ {
+ return AXIS2_FAILURE;
+ }
+ if(axis2_strcmp(eki,RAMPART_STR_EMBEDDED)==0)
+ {
+ status = rampart_token_build_security_token_reference(env,key_info_node,cert,RTBP_EMBEDDED);
+ }
+ else if(axis2_strcmp(eki,RAMPART_STR_ISSUER_SERIAL)==0)
+ {
+ status = rampart_token_build_security_token_reference(env,key_info_node,cert,RTBP_X509DATA_ISSUER_SERIAL);
+ }
+ else if(axis2_strcmp(eki,RAMPART_STR_KEY_IDENTIFIER)==0)
+ {
+ status = rampart_token_build_security_token_reference(env,key_info_node,cert,RTBP_KEY_IDENTIFIER);
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_signature] Unknown key Identifier type.Token attaching failed");
+ status = AXIS2_FAILURE;
+ }
+ }
return status;
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org