You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by sh...@apache.org on 2008/10/13 06:41:52 UTC
svn commit: r703913 [3/3] - in /webservices/rampart/trunk/c:
ides/Rampart/Rampart/ include/ samples/sct_provider/ src/omxmlsec/
src/secconv/ src/trust/ src/util/
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_processed_result.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_processed_result.c?rev=703913&r1=703912&r2=703913&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_processed_result.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_processed_result.c Sun Oct 12 21:41:51 2008
@@ -15,96 +15,149 @@
* limitations under the License.
*/
-
-/*
- *
- */
-#include <rampart_util.h>
-#include <axis2_util.h>
#include <axutil_property.h>
-#include <axis2_msg_ctx.h>
#include <rampart_constants.h>
#include <rampart_sec_processed_result.h>
+/**
+ * Set a security processed result to the message context
+ * @param env Environment structure
+ * @param msg_ctx message context sttucture
+ * @param key key of the security processed result
+ * @param value value of the security processed result
+ * @return status of the operation
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_set_security_processed_result(const axutil_env_t *env,
- axis2_msg_ctx_t *msg_ctx,
- axis2_char_t *key,
- void *value)
+rampart_set_security_processed_result(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *key,
+ void *value)
{
axutil_hash_t *sec_processed_results = NULL;
sec_processed_results = rampart_get_all_security_processed_results(env, msg_ctx);
- if(!sec_processed_results){
+ if(!sec_processed_results)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot retrieve security processed results container.");
return AXIS2_FAILURE;
}
+
axutil_hash_set(sec_processed_results, key, AXIS2_HASH_KEY_STRING, value);
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][spr] Set %s in Security Processed Results of message context ", key);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
+ "[rampart]Set %s in Security Processed Results of message context ", key);
return AXIS2_SUCCESS;
}
+/**
+ * Get a security processed result from a message context.
+ * A service may use this method to retirieve a particular result by the key
+ * @env the environment
+ * @msg_ctx the message context in which data are extracted
+ * @key as specified in rampart_constants section SPR
+ * @return value of the security processed result corresponding to @key
+ */
AXIS2_EXTERN void *AXIS2_CALL
-rampart_get_security_processed_result(const axutil_env_t *env,
- axis2_msg_ctx_t *msg_ctx,
- axis2_char_t *key)
+rampart_get_security_processed_result(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *key)
{
axutil_hash_t *sec_processed_results = NULL;
sec_processed_results = rampart_get_all_security_processed_results(env, msg_ctx);
- if(!sec_processed_results){
+ if(!sec_processed_results)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot retrieve security processed results container.");
return NULL;
}
return axutil_hash_get(sec_processed_results, key, AXIS2_HASH_KEY_STRING);
}
-
+/**
+ * Set a security processed result property to the message context
+ * @env the environment
+ * @msg_ctx the message context in which data are stored/extracted
+ * @return status of the operation
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_set_security_processed_results_property(const axutil_env_t *env,
- axis2_msg_ctx_t *msg_ctx)
+rampart_set_security_processed_results_property(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
{
axutil_hash_t *sec_processed_results = NULL;
axutil_property_t *sec_processed_results_prop = NULL;
- if(!msg_ctx){
+ sec_processed_results = axutil_hash_make(env);
+ if(!sec_processed_results)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security processed result hash container creation failed.");
return AXIS2_FAILURE;
}
- sec_processed_results = axutil_hash_make(env);
-
- sec_processed_results_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_REQUEST ,
- AXIS2_TRUE, (void *)axutil_hash_free, sec_processed_results);
+ sec_processed_results_prop = axutil_property_create_with_args(
+ env, AXIS2_SCOPE_REQUEST , AXIS2_TRUE, (void *)axutil_hash_free, sec_processed_results);
+ if(!sec_processed_results_prop)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security processed result property creation failed.");
+ return AXIS2_FAILURE;
+ }
- axis2_msg_ctx_set_property(msg_ctx, env, RAMPART_SECURITY_PROCESSED_RESULTS, sec_processed_results_prop);
+ axis2_msg_ctx_set_property(
+ msg_ctx, env, RAMPART_SECURITY_PROCESSED_RESULTS, sec_processed_results_prop);
return AXIS2_SUCCESS;
}
+/**
+ * Get the complete set of security processed results
+ * @env the environment
+ * @msg_ctx the message context in which data are extracted
+ * @return complete set of security processed results.
+ */
AXIS2_EXTERN axutil_hash_t* AXIS2_CALL
-rampart_get_all_security_processed_results(const axutil_env_t *env,
- axis2_msg_ctx_t *msg_ctx)
+rampart_get_all_security_processed_results(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
{
axutil_property_t *sec_processed_results_prop = NULL;
axutil_hash_t *sec_processed_results = NULL;
- sec_processed_results_prop = axis2_msg_ctx_get_property(msg_ctx, env, RAMPART_SECURITY_PROCESSED_RESULTS);
- if(!sec_processed_results_prop){
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][spr] Cannot get %s from msg ctx ", RAMPART_SECURITY_PROCESSED_RESULTS);
+ sec_processed_results_prop = axis2_msg_ctx_get_property(
+ msg_ctx, env, RAMPART_SECURITY_PROCESSED_RESULTS);
+ if(!sec_processed_results_prop)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get %s from msg ctx ", RAMPART_SECURITY_PROCESSED_RESULTS);
return NULL;
}
- sec_processed_results = (axutil_hash_t*)axutil_property_get_value(sec_processed_results_prop, env);
- if(!sec_processed_results){
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][spr] Cannot get Security Processed Results Hash table from the property");
+ sec_processed_results = (axutil_hash_t*)axutil_property_get_value(
+ sec_processed_results_prop, env);
+ if(!sec_processed_results)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get Security Processed Results Hash table from the property");
return NULL;
}
return sec_processed_results;
}
-
+/**
+ * Prints all ke/val pairs in the security processed results. For debugging purposes
+ * @env the environment
+ * @msg_ctx the message context in which data are extracted
+ * @return void
+ */
AXIS2_EXTERN void AXIS2_CALL
-rampart_print_security_processed_results_set(const axutil_env_t *env,
- axis2_msg_ctx_t *msg_ctx)
+rampart_print_security_processed_results_set(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
{
axutil_hash_t *sec_processed_results = NULL;
axutil_hash_index_t *hi = NULL;
@@ -112,13 +165,15 @@
void *val = NULL;
sec_processed_results = rampart_get_all_security_processed_results(env, msg_ctx);
- if(!sec_processed_results){
+ if(!sec_processed_results)
+ {
return;
}
- for (hi = axutil_hash_first(sec_processed_results, env); hi; hi = axutil_hash_next(env, hi)) {
+ for (hi = axutil_hash_first(sec_processed_results, env); hi; hi = axutil_hash_next(env, hi))
+ {
axutil_hash_this(hi, &key, NULL, &val);
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][spr] (key, val) %s = %s\n", (axis2_char_t*)key, (axis2_char_t*)val);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
+ "[rampart](key, val) %s = %s\n", (axis2_char_t*)key, (axis2_char_t*)val);
}
-
}
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=703913&r1=703912&r2=703913&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Sun Oct 12 21:41:51 2008
@@ -43,6 +43,7 @@
#include <rampart_sec_processed_result.h>
#include <rampart_sct_provider_utility.h>
#include <rampart_saml_token.h>
+#include <axiom_util.h>
/*Private functions*/
Modified: webservices/rampart/trunk/c/src/util/rampart_token_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_token_builder.c?rev=703913&r1=703912&r2=703913&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_token_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_token_builder.c Sun Oct 12 21:41:51 2008
@@ -15,105 +15,160 @@
* limitations under the License.
*/
-/*
- *
- */
-#include <stdio.h>
-#include <rampart_util.h>
#include <axis2_util.h>
-#include <axutil_base64.h>
-#include <oxs_buffer.h>
-#include <rampart_constants.h>
#include <rampart_token_builder.h>
-#include <oxs_constants.h>
-#include <oxs_key_mgr.h>
-#include <oxs_axiom.h>
-#include <oxs_x509_cert.h>
-#include <oxs_xml_key_processor.h>
#include <oxs_tokens.h>
-#include <oxs_utility.h>
+#include <rampart_constants.h>
+/**
+ * Build a SecurityTokenReference element according to the pattern specified in @pattern.
+ * The token will be attached to the node @parent and relavent data will be extracted from
+ * certificate @cert.
+ * @param env pointer to environment struct
+ * @param parent The parent node
+ * @param cert The X509 certificate
+ * @param pattern The build pattern
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_build_security_token_reference(const axutil_env_t *env,
- axiom_node_t *parent,
- oxs_x509_cert_t *cert,
- rampart_token_build_pattern_t pattern)
+rampart_token_build_security_token_reference(
+ const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert,
+ rampart_token_build_pattern_t pattern)
{
axis2_status_t status = AXIS2_FAILURE;
axiom_node_t *stref_node = NULL;
stref_node = oxs_token_build_security_token_reference_element(env, parent);
- if(RTBP_EMBEDDED == pattern){
+ if(RTBP_EMBEDDED == pattern)
+ {
status = rampart_token_build_embedded(env, stref_node, cert);
- }else if(RTBP_KEY_IDENTIFIER == pattern){
+ }
+ else if(RTBP_KEY_IDENTIFIER == pattern)
+ {
status = rampart_token_build_key_identifier(env, stref_node, cert);
- }else if(RTBP_X509DATA_X509CERTIFICATE == pattern){
+ }
+ else if(RTBP_X509DATA_X509CERTIFICATE == pattern)
+ {
status = rampart_token_build_x509_data_x509_certificate(env, stref_node, cert);
- }else if(RTBP_X509DATA_ISSUER_SERIAL == pattern){
+ }
+ else if(RTBP_X509DATA_ISSUER_SERIAL == pattern)
+ {
status = rampart_token_build_x509_data_issuer_serial(env, stref_node, cert);
- }else{
- oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Unsupported pattern %d to build wsse:SecurityTokenReference ", pattern);
- /*We do not support*/
+ }
+ else
+ {
+ /* reference method is not supported */
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Unsupported pattern %d to build wsse:SecurityTokenReference ", pattern);
return AXIS2_FAILURE;
}
return status;
}
-
+/**
+ * Build an Embedded token with data available in the certificate.
+ * <SecurityTokenReference>
+ * <Embedded>
+ * <BinarySecurityToken>UYISDjsdaousdWEqswOIUsd</BinarySecurityToken>
+ * </Embedded>
+ * </SecurityTokenReference>
+ * @param env pointer to environment struct
+ * @param parent The parent node
+ * @param cert The X509 certificate
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_build_embedded(const axutil_env_t *env,
- axiom_node_t *parent,
- oxs_x509_cert_t *cert)
+rampart_token_build_embedded(
+ const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert)
{
axis2_char_t *data = NULL;
axis2_char_t *bst_id = NULL;
axiom_node_t *embedded_node = NULL;
axiom_node_t *bst_node = NULL;
- /*Get data from the certificate*/
+ /* Get data from the certificate */
data = oxs_x509_cert_get_data(cert, env);
- if(!data){
- oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Cannot get data from the x509 certificate");
+ if(!data)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get data from the x509 certificate.");
return AXIS2_FAILURE;
}
- embedded_node = oxs_token_build_embedded_element(env, parent, "ID");
- bst_id = oxs_util_generate_id(env, (axis2_char_t*)"BST-");
- bst_node = oxs_token_build_binary_security_token_element(env, embedded_node, bst_id ,OXS_ENCODING_BASE64BINARY, OXS_VALUE_X509V3, data);
+
+ embedded_node = oxs_token_build_embedded_element(env, parent, RAMPART_EMBED_TOKEN_ID);
+ bst_id = oxs_util_generate_id(env, RAMPART_BST_ID_PREFIX);
+ bst_node = oxs_token_build_binary_security_token_element(
+ env, embedded_node, bst_id ,OXS_ENCODING_BASE64BINARY, OXS_VALUE_X509V3, data);
return AXIS2_SUCCESS;
}
+/**
+ * Build a KeyIndentifer token with data available in the certificate.
+ * <SecurityTokenReference>
+ * <KeyIdentifier>WEqswOIUsd</KeyIdentifier>
+ * </SecurityTokenReference>
+ * @param env pointer to environment struct
+ * @param parent The parent node
+ * @param cert The X509 certificate
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_build_key_identifier(const axutil_env_t *env,
- axiom_node_t *parent,
- oxs_x509_cert_t *cert)
+rampart_token_build_key_identifier(
+ const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert)
{
axiom_node_t *ki_node = NULL;
axis2_char_t *ki = NULL;
ki = oxs_x509_cert_get_key_identifier(cert, env);
- if(!ki){
- oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Cannot get key identifier from the x509 certificate");
+ if(!ki)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get key identifier from the x509 certificate.");
return AXIS2_FAILURE;
}
- ki_node = oxs_token_build_key_identifier_element(env, parent, OXS_ENCODING_BASE64BINARY,
- OXS_X509_SUBJ_KI, ki);
+
+ ki_node = oxs_token_build_key_identifier_element(
+ env, parent, OXS_ENCODING_BASE64BINARY, OXS_X509_SUBJ_KI, ki);
return AXIS2_SUCCESS;
}
+/*
+ * Build an X509Certificate token with data available in the certificate.
+ * <SecurityTokenReference>
+ * <ds:X509Data>
+ * <ds:X509Certificate>
+ * MIICzjCCAjegAwIBAgIJANyD+jwekxGuMA......
+ * </ds:X509Certificate>
+ * <ds:X509Data>
+ * </SecurityTokenReference>
+ * @param env pointer to environment struct
+ * @param parent The parent node
+ * @param cert The X509 certificate
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_build_x509_data_x509_certificate(const axutil_env_t *env,
- axiom_node_t *parent,
- oxs_x509_cert_t *cert)
+rampart_token_build_x509_data_x509_certificate(
+ const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert)
{
axiom_node_t *x509_data_node = NULL;
axiom_node_t *x509_cert_node = NULL;
axis2_char_t *data = NULL;
-
data = oxs_x509_cert_get_data(cert, env);
- if(!data){
+ if(!data)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get data from the x509 certificate.");
return AXIS2_FAILURE;
}
@@ -123,31 +178,56 @@
return AXIS2_SUCCESS;
}
+/**
+ * Build an X509IssuerSerial token with data available in the certificate.
+ * <SecurityTokenReference>
+ * <x509Data>
+ * <X509IssuerSerial>
+ * <X509IssuerName>C=US, O=VeriSign, Inc.,</X509IssuerName>
+ * <X509SerialNumber>93243297328</X509SerialNumber>
+ * </X509IssuerSerial>
+ * </x509Data>
+ * </SecurityTokenReference>
+ * @param env pointer to environment struct
+ * @param parent The parent node
+ * @param cert The X509 certificate
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_build_x509_data_issuer_serial(const axutil_env_t *env,
- axiom_node_t *parent,
- oxs_x509_cert_t *cert)
+rampart_token_build_x509_data_issuer_serial(
+ const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert)
{
axiom_node_t *x509_data_node = NULL;
axiom_node_t *x509_issuer_serial_node = NULL;
-
axis2_char_t *issuer = NULL;
- /*axis2_char_t *serial_num = NULL;*/
int serial = -1;
axis2_char_t serial_no[20];
issuer = oxs_x509_cert_get_issuer(cert, env);
serial = oxs_x509_cert_get_serial_number(cert, env);
- if(!issuer){
+ if(!issuer)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get issuer from the x509 certificate.");
+ return AXIS2_FAILURE;
+ }
+
+ if(serial == -1)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get serial from the x509 certificate.");
return AXIS2_FAILURE;
}
sprintf(serial_no, "%d", serial);
- /*Build tokens*/
+
+ /* Build tokens */
x509_data_node = oxs_token_build_x509_data_element(env, parent);
- x509_issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(env, x509_data_node, issuer, serial_no);
+ x509_issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(
+ env, x509_data_node, issuer, serial_no);
return AXIS2_SUCCESS;
-
}
Modified: webservices/rampart/trunk/c/src/util/rampart_token_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_token_processor.c?rev=703913&r1=703912&r2=703913&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_token_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_token_processor.c Sun Oct 12 21:41:51 2008
@@ -15,28 +15,27 @@
* limitations under the License.
*/
-/*
- *
- */
-#include <stdio.h>
-#include <rampart_util.h>
-#include <axis2_util.h>
-#include <axutil_base64.h>
-#include <oxs_buffer.h>
-#include <rampart_constants.h>
-#include <oxs_constants.h>
#include <oxs_key_mgr.h>
-#include <oxs_axiom.h>
-#include <oxs_x509_cert.h>
#include <oxs_tokens.h>
#include <oxs_xml_key_processor.h>
+#include <axiom_util.h>
#include <rampart_token_processor.h>
+/**
+ * extract certificate related information using given token_reference node and scope node
+ * @param env Environment structure
+ * @param st_ref_node security token reference node.
+ * @param scope_node node where additional details should be found. Can be NULL for all other
+ * scenarios but the Direct Reference
+ * @param cert certificate where values extracted shuold be populated
+ * @return status of the operation
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_process_security_token_reference(const axutil_env_t *env,
- axiom_node_t *st_ref_node,
- axiom_node_t *scope_node,/*Can be NULL for all other scenarios but the Direct Reference*/
- oxs_x509_cert_t *cert)
+rampart_token_process_security_token_reference(
+ const axutil_env_t *env,
+ axiom_node_t *st_ref_node,
+ axiom_node_t *scope_node,
+ oxs_x509_cert_t *cert)
{
axis2_char_t *child_name = NULL;
axiom_node_t *child_node = NULL;
@@ -45,28 +44,47 @@
child_node = axiom_node_get_first_element(st_ref_node, env);
child_name = axiom_util_get_localname(child_node, env);
- if(0 == axutil_strcmp(child_name, OXS_NODE_REFERENCE)){
+ if(!axutil_strcmp(child_name, OXS_NODE_REFERENCE))
+ {
status = rampart_token_process_direct_ref(env, child_node, scope_node, cert);
- }else if(0 == axutil_strcmp(child_name, OXS_NODE_EMBEDDED)){
+ }
+ else if(!axutil_strcmp(child_name, OXS_NODE_EMBEDDED))
+ {
status = rampart_token_process_embedded(env, child_node, cert);
- }else if(0 == axutil_strcmp(child_name, OXS_NODE_KEY_IDENTIFIER)){
+ }
+ else if(!axutil_strcmp(child_name, OXS_NODE_KEY_IDENTIFIER))
+ {
status = rampart_token_process_key_identifier(env, child_node, cert);
- }else if(0 == axutil_strcmp(child_name, OXS_NODE_X509_DATA)){
+ }
+ else if(!axutil_strcmp(child_name, OXS_NODE_X509_DATA))
+ {
status = rampart_token_process_x509_data(env, child_node, cert);
- }else{
- oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Unsupported child %s of wsse:SecurityTokenReference ", child_name);
- /*We do not support*/
+ }
+ else
+ {
+ /* reference method is not supported */
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]%s of wsse:SecurityTokenReference is not supported.", child_name);
return AXIS2_FAILURE;
}
return status;
}
+/**
+ * extract certificate using reference id given in reference node
+ * @param env Environment structure
+ * @param ref_node security token reference node.
+ * @param scope_node node where certificate details should be found using reference id
+ * @param cert certificate where values extracted shuold be populated
+ * @return status of the operation
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_process_direct_ref(const axutil_env_t *env,
- axiom_node_t *ref_node,
- axiom_node_t *scope_node,
- oxs_x509_cert_t *cert)
+rampart_token_process_direct_ref(
+ const axutil_env_t *env,
+ axiom_node_t *ref_node,
+ axiom_node_t *scope_node,
+ oxs_x509_cert_t *cert)
{
axis2_char_t *ref = NULL;
axis2_char_t *ref_id = NULL;
@@ -75,39 +93,53 @@
axis2_char_t *data = NULL;
oxs_x509_cert_t *_cert = NULL;
- /*Select ref using node*/
+ /* Select ref using <wsse:Reference> node. Since it is relative reference, we have to remove
+ * first character (which is '#') from the reference */
ref = oxs_token_get_reference(env, ref_node);
ref_id = axutil_string_substring_starting_at(axutil_strdup(env, ref), 1);
- /*Find the token with the id=ref_id within the scope of scope_node*/
- bst_node = oxs_axiom_get_node_by_id(env, scope_node, "Id", ref_id, OXS_WSU_XMLNS);
- if(!bst_node){
- oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "Error retrieving element with ID=%s", ref_id);
+ /* Find the token with the id = ref_id within the scope of scope_node */
+ bst_node = oxs_axiom_get_node_by_id(env, scope_node, OXS_ATTR_ID, ref_id, OXS_WSU_XMLNS);
+ if(!bst_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Error retrieving element with ID = %s", ref_id);
return AXIS2_FAILURE;
}
+ /* Process data. */
data = oxs_axiom_get_node_content(env, bst_node);
- /*Process data*/
_cert = oxs_key_mgr_load_x509_cert_from_string(env, data);
- if(_cert){
+ if(_cert)
+ {
status = AXIS2_SUCCESS;
- }else{
- oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_DEFAULT, "Cannot load certificate from string =%s", data);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot load certificate from string =%s", data);
status = AXIS2_FAILURE;
}
oxs_x509_cert_copy_to(_cert, env, cert);
-
oxs_x509_cert_free(_cert, env);
_cert = NULL;
return status;
}
+/**
+ * extract embedded certificate from given embed_node
+ * @param env Environment structure
+ * @param embed_node node where certificate is embedded.
+ * @param cert certificate where values extracted shuold be populated
+ * @return status of the operation
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_process_embedded(const axutil_env_t *env,
- axiom_node_t *embed_node,
- oxs_x509_cert_t *cert)
+rampart_token_process_embedded(
+ const axutil_env_t *env,
+ axiom_node_t *embed_node,
+ oxs_x509_cert_t *cert)
{
axis2_status_t status = AXIS2_FAILURE;
axis2_char_t *data = NULL;
@@ -116,41 +148,63 @@
bst_node = axiom_node_get_first_element(embed_node, env);
- if(!bst_node){
- oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ELEMENT_FAILED, "BST element is not found");
+ if(!bst_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]BST element is not found");
return AXIS2_FAILURE;
}
+ /* Process data */
data = oxs_axiom_get_node_content(env, bst_node);
- /*Process data*/
_cert = oxs_key_mgr_load_x509_cert_from_string(env, data);
- if(_cert){
+ if(_cert)
+ {
status = AXIS2_SUCCESS;
- }else{
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot load certificate from string =%s", data);
status = AXIS2_FAILURE;
}
oxs_x509_cert_copy_to(_cert, env, cert);
+ oxs_x509_cert_free(_cert, env);
return status;
}
+/**
+ * extract key identifier and populate the certificate
+ * @param env Environment structure
+ * @param ki_node node where key identifier is available.
+ * @param cert certificate where values extracted shuold be populated
+ * @return status of the operation
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_process_key_identifier(const axutil_env_t *env,
- axiom_node_t *ki_node,
- oxs_x509_cert_t *cert)
+rampart_token_process_key_identifier(
+ const axutil_env_t *env,
+ axiom_node_t *ki_node,
+ oxs_x509_cert_t *cert)
{
axis2_char_t *ki = NULL;
ki = oxs_axiom_get_node_content(env, ki_node);
oxs_x509_cert_set_key_identifier(cert, env, ki);
-
return AXIS2_SUCCESS;
}
+/**
+ * extract key details from x509data node
+ * @param env Environment structure
+ * @param x509_data_node x509data node.
+ * @param cert certificate where values extracted shuold be populated
+ * @return status of the operation
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_token_process_x509_data(const axutil_env_t *env,
- axiom_node_t *x509_data_node,
- oxs_x509_cert_t *cert)
+rampart_token_process_x509_data(
+ const axutil_env_t *env,
+ axiom_node_t *x509_data_node,
+ oxs_x509_cert_t *cert)
{
return oxs_xml_key_process_X509Data(env, x509_data_node, cert);
}
Modified: webservices/rampart/trunk/c/src/util/rampart_username_token.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_username_token.c?rev=703913&r1=703912&r2=703913&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_username_token.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_username_token.c Sun Oct 12 21:41:51 2008
@@ -15,26 +15,20 @@
* limitations under the License.
*/
-#include <axutil_qname.h>
-#include <axis2_svc.h>
-#include <axiom_soap_header.h>
-#include <axiom_soap_body.h>
-#include <axiom_soap_header_block.h>
-#include <axis2_endpoint_ref.h>
-#include <axutil_property.h>
#include <rampart_username_token.h>
-#include <rampart_constants.h>
#include <rampart_crypto_util.h>
#include <rampart_util.h>
-#include <rampart_callback.h>
#include <rampart_handler_util.h>
#include <rampart_sec_processed_result.h>
-#include <rampart_authn_provider.h>
-#include <oxs_axiom.h>
-#include <oxs_utility.h>
-
-/** public functions*/
+/*
+ * builds username token
+ * @param env pointer to environment struct
+ * @param rampart_context pointer to rampart context structure
+ * @param sec_node Security header node
+ * @param sec_ns_obj security namespace object
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t AXIS2_CALL
rampart_username_token_build(
const axutil_env_t *env,
@@ -42,180 +36,213 @@
axiom_node_t *sec_node,
axiom_namespace_t *sec_ns_obj)
{
-
axiom_node_t *ut_node = NULL;
axiom_node_t *un_node = NULL;
axiom_node_t *pw_node = NULL;
- axiom_node_t *nonce_node = NULL;
- axiom_node_t *created_node = NULL;
axiom_element_t *ut_ele = NULL;
axiom_element_t *un_ele = NULL;
axiom_element_t *pw_ele = NULL;
- axiom_element_t *nonce_ele = NULL;
- axiom_element_t *created_ele = NULL;
axiom_namespace_t *wsu_ns_obj = NULL;
- axiom_attribute_t *om_attr = NULL;
axis2_char_t *password = NULL;
axis2_char_t *username = NULL;
- rampart_callback_t *password_callback = NULL;
- /* axis2_bool_t isdigest = AXIS2_FALSE;*/
axis2_char_t *password_type = NULL;
- password_callback_fn password_function = NULL;
- void *param = NULL;
-
-
- AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
-
- /*Directly call the password from callback module*/
+ axiom_attribute_t *om_attr = NULL;
username = rampart_context_get_user(rampart_context, env);
if(!username)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] User is not specified.");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart] User name is not specified.");
return AXIS2_FAILURE;
}
+ /* check whether password is given in the configuration. If it is given, we should use it */
password = rampart_context_get_password(rampart_context, env);
-
if(!password)
{
+ /* password is not given. So have to check whether call back function is given, or call back
+ * module is given */
+
+ password_callback_fn password_function = NULL;
password_function = rampart_context_get_pwcb_function(rampart_context, env);
if(password_function)
{
+ /* We can use the callback function to get the password */
+
+ void *param = NULL;
param = rampart_context_get_pwcb_user_params(rampart_context, env);
if(!param)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Param is not set.");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Callback parameter needed password callback function is not set.");
return AXIS2_FAILURE;
}
password = (*password_function)(env, username, param);
}
else
{
+ /* callback function is not set. Check for password callback module */
+
+ rampart_callback_t *password_callback = NULL;
password_callback = rampart_context_get_password_callback(rampart_context, env);
if(!password_callback)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] password callback module is not loaded. ERROR");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Password callback module is not loaded.");
return AXIS2_FAILURE;
}
password = rampart_callback_password(env, password_callback, username);
}
+
+ /* check whether the password is valid */
+ if(!password)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find the password for user %s.", username);
+ return AXIS2_FAILURE;
+ }
}
- if (!password)
+
+ /* we have valid username and password. Can start to build UsernameToken */
+ axiom_namespace_increment_ref(sec_ns_obj, env);
+ ut_ele = axiom_element_create(
+ env, sec_node, RAMPART_SECURITY_USERNAMETOKEN, sec_ns_obj, &ut_node);
+ if(!ut_ele)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Cannot find the password for user %s. ERROR", username);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]UsernameToken element creation failed.");
return AXIS2_FAILURE;
}
+ wsu_ns_obj = axiom_namespace_create(env, RAMPART_WSU_XMLNS, RAMPART_WSU);
+ axiom_element_declare_namespace(ut_ele, env, ut_node, wsu_ns_obj);
+
+ /* Build Username element */
axiom_namespace_increment_ref(sec_ns_obj, env);
- ut_ele = axiom_element_create(env, sec_node,
- RAMPART_SECURITY_USERNAMETOKEN,
- sec_ns_obj,
- &ut_node);
-
- wsu_ns_obj = axiom_namespace_create(env, RAMPART_WSU_XMLNS,
- RAMPART_WSU);
- axiom_element_declare_namespace(ut_ele, env,
- ut_node, wsu_ns_obj);
-
- if (ut_ele)
+ un_ele = axiom_element_create(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_USERNAME, sec_ns_obj, &un_node);
+ if(un_ele)
{
+ axiom_element_set_text(un_ele, env, username, un_node);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Username element creation failed.");
+ return AXIS2_FAILURE;
+ }
+
+ /* build remaining token based on password type */
+ password_type = rampart_context_get_password_type(rampart_context, env);
+ if(!password_type)
+ {
+ password_type = RAMPART_PASSWORD_TEXT;
+ }
+
+ if (!axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST))
+ {
+ axis2_char_t *nonce_val = NULL;
+ axis2_char_t *created_val = NULL;
+ axis2_char_t *digest_val = NULL;
+ axis2_bool_t need_millisecond = AXIS2_TRUE;
+ axiom_node_t *nonce_node = NULL;
+ axiom_node_t *created_node = NULL;
+ axiom_element_t *nonce_ele = NULL;
+ axiom_element_t *created_ele = NULL;
+
+ need_millisecond = rampart_context_get_need_millisecond_precision(rampart_context, env);
+ nonce_val = oxs_util_generate_nonce(env, RAMPART_USERNAME_TOKEN_NONCE_LENGTH) ;
+ created_val = rampart_generate_time(env, 0, need_millisecond); /* current time */
+ digest_val = rampart_crypto_sha1(env, nonce_val, created_val, password);
+ /* create password element */
axiom_namespace_increment_ref(sec_ns_obj, env);
- un_ele = axiom_element_create(env, ut_node,
- RAMPART_SECURITY_USERNAMETOKEN_USERNAME, sec_ns_obj, &un_node);
- if (un_ele)
+ pw_ele = axiom_element_create(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node);
+ if(pw_ele)
+ {
+ axiom_element_set_text(pw_ele, env, digest_val, pw_node);
+ om_attr = axiom_attribute_create(env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE,
+ RAMPART_PASSWORD_DIGEST_URI, NULL);
+ axiom_element_add_attribute(pw_ele, env, om_attr, pw_node);
+ }
+ else
{
- axiom_element_set_text(un_ele, env, username, un_node);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Password element creation failed.");
+ return AXIS2_FAILURE;
}
- password_type = rampart_context_get_password_type(rampart_context, env);
- if(!password_type)
+ /* create Nonce element */
+ axiom_namespace_increment_ref(sec_ns_obj, env);
+ nonce_ele = axiom_element_create(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_NONCE, sec_ns_obj, &nonce_node);
+ if (nonce_ele)
{
- password_type = RAMPART_PASSWORD_TEXT;
+ axiom_element_set_text(nonce_ele, env, nonce_val , nonce_node);
}
-
- if (0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST))
+ else
{
- axis2_char_t *nonce_val = NULL;
- axis2_char_t *created_val = NULL;
- axis2_char_t *digest_val = NULL;
- axis2_bool_t need_millisecond = AXIS2_TRUE;
-
- need_millisecond = rampart_context_get_need_millisecond_precision(rampart_context, env);
- nonce_val = oxs_util_generate_nonce(env, 24) ;
- created_val = rampart_generate_time(env, 0, need_millisecond);
- digest_val = rampart_crypto_sha1(env, nonce_val, created_val, password);
-
- axiom_namespace_increment_ref(sec_ns_obj, env);
- pw_ele = axiom_element_create(env, ut_node,
- RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node);
- if (pw_ele)
- {
-
- axiom_element_set_text(pw_ele, env, digest_val, pw_node);
-
- om_attr = axiom_attribute_create(env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE,
- RAMPART_PASSWORD_DIGEST_URI, NULL);
-
- axiom_element_add_attribute(pw_ele, env, om_attr, pw_node);
-
- }
-
- axiom_namespace_increment_ref(sec_ns_obj, env);
- nonce_ele = axiom_element_create(env, ut_node,
- RAMPART_SECURITY_USERNAMETOKEN_NONCE, sec_ns_obj, &nonce_node);
- if (nonce_ele)
- {
- axiom_element_set_text(nonce_ele, env, nonce_val , nonce_node);
- }
-
- created_ele = axiom_element_create(env, ut_node,
- RAMPART_SECURITY_USERNAMETOKEN_CREATED, wsu_ns_obj, &created_node);
- if (created_ele)
- {
- axiom_element_set_text(created_ele, env, created_val, created_node);
- }
-
- if(nonce_val){
- AXIS2_FREE(env->allocator, nonce_val);
- nonce_val = NULL;
- }
- if(created_val)
- {
- AXIS2_FREE(env->allocator, created_val);
- created_val = NULL;
- }
- if(digest_val)
- {
- AXIS2_FREE(env->allocator, digest_val);
- digest_val = NULL;
- }
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Nonce element creation failed.");
+ return AXIS2_FAILURE;
}
- else /*default is passwordText*/
+ /* create Created element */
+ created_ele = axiom_element_create(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_CREATED, wsu_ns_obj, &created_node);
+ if (created_ele)
{
- axiom_namespace_increment_ref(sec_ns_obj, env);
- pw_ele = axiom_element_create(env, ut_node,
- RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node);
- if (pw_ele)
- {
- axiom_element_set_text(pw_ele, env, password, pw_node);
-
- om_attr = axiom_attribute_create(env,
- RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE, RAMPART_PASSWORD_TEXT_URI, NULL);
+ axiom_element_set_text(created_ele, env, created_val, created_node);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Created element creation failed.");
+ return AXIS2_FAILURE;
+ }
- axiom_element_add_attribute(pw_ele, env, om_attr, pw_node);
- }
- } /*End if passwordType == passwordText*/
+ if(nonce_val)
+ {
+ AXIS2_FREE(env->allocator, nonce_val);
+ nonce_val = NULL;
+ }
+ if(created_val)
+ {
+ AXIS2_FREE(env->allocator, created_val);
+ created_val = NULL;
+ }
+ if(digest_val)
+ {
+ AXIS2_FREE(env->allocator, digest_val);
+ digest_val = NULL;
+ }
+ }
+ else
+ {
+ /* default is passwordText */
+ axiom_namespace_increment_ref(sec_ns_obj, env);
+ pw_ele = axiom_element_create(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, sec_ns_obj, &pw_node);
+ if (pw_ele)
+ {
+ axiom_element_set_text(pw_ele, env, password, pw_node);
+ om_attr = axiom_attribute_create(env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE,
+ RAMPART_PASSWORD_TEXT_URI, NULL);
+ axiom_element_add_attribute(pw_ele, env, om_attr, pw_node);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Password element creation failed.");
+ return AXIS2_FAILURE;
+ }
}
+
return AXIS2_SUCCESS;
}
+/*
+ * Validates the given username token
+ * @param env pointer to environment struct
+ * @param msg_ctx axis2 message context
+ * @param ut_node User name token node
+ * @param rampart_context pointer to rampart context structure
+ * @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
+ */
axis2_status_t AXIS2_CALL
rampart_username_token_validate(
const axutil_env_t *env,
@@ -229,370 +256,334 @@
axis2_char_t *nonce = NULL;
axis2_char_t *created = NULL;
axis2_char_t *password_type = NULL;
- rampart_callback_t *password_callback = NULL;
rampart_authn_provider_t *authn_provider = NULL;
axis2_char_t *password_from_svr = NULL;
axis2_char_t *password_to_compare = NULL;
axis2_bool_t free_password_to_compare = AXIS2_FALSE;
- axis2_ctx_t *ctx = NULL;
rampart_authn_provider_status_t auth_status= RAMPART_AUTHN_PROVIDER_GENERAL_ERROR ;
axiom_element_t *ut_ele = NULL;
- password_callback_fn password_function = NULL;
- void *param = NULL;
- auth_password_func authenticate_with_password = NULL;
- auth_digest_func authenticate_with_digest = NULL;
- axis2_char_t *password_type_pol = NULL;
-
- AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
-
+
ut_ele = axiom_node_get_data_element(ut_node, env);
if(!ut_ele)
{
-
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]UsernameToken element could not be retrieved from the node.");
return AXIS2_FAILURE;
}
- /*Check: Any USERNAME_TOKEN MUST NOT have more than one PASSWORD*/
- if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node,
- RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, RAMPART_WSSE_XMLNS, RAMPART_WSSE))
+ /* Check: Any USERNAME_TOKEN MUST NOT have more than one PASSWORD */
+ if(1 < oxs_axiom_get_number_of_children_with_qname(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, RAMPART_WSSE_XMLNS, RAMPART_WSSE))
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Username token must not have more than one password");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Username token must not have more than one password");
return AXIS2_FAILURE;
}
- /*Check: Any USERNAME_TOKEN MUST NOT have more than one CREATED*/
- if (1 < oxs_axiom_get_number_of_children_with_qname(env,
- ut_node, RAMPART_SECURITY_USERNAMETOKEN_CREATED, RAMPART_WSSE_XMLNS, RAMPART_WSSE))
+ /* Check: Any USERNAME_TOKEN MUST NOT have more than one CREATED */
+ if(1 < oxs_axiom_get_number_of_children_with_qname(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_CREATED, RAMPART_WSSE_XMLNS, RAMPART_WSSE))
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Username token must not have more than one creted element");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Username token must not have more than one creted element");
return AXIS2_FAILURE;
}
- /*Check: Any USERNAME_TOKEN MUST NOT have more than one NONCE*/
- if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node,
- RAMPART_SECURITY_USERNAMETOKEN_NONCE, RAMPART_WSSE_XMLNS, RAMPART_WSSE))
+ /* Check: Any USERNAME_TOKEN MUST NOT have more than one NONCE */
+ if(1 < oxs_axiom_get_number_of_children_with_qname(
+ env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_NONCE, RAMPART_WSSE_XMLNS, RAMPART_WSSE))
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Username token must not have more than one nonce element");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Username token must not have more than one nonce element");
return AXIS2_FAILURE;
}
- /*Go thru children of UsernameToken element*/
+ /* Go thru children of UsernameToken element and validate */
children = axiom_element_get_child_elements(ut_ele, env, ut_node);
- if (children)
+ if(!children)
{
- /*Go thru children and find username token parameters*/
- while (AXIS2_TRUE == axiom_child_element_iterator_has_next(children, env))
- {
- axiom_node_t *node = NULL;
- axiom_element_t *element = NULL;
- axis2_char_t *localname = NULL;
-
- node = axiom_child_element_iterator_next(children, env);
- element = axiom_node_get_data_element(node, env);
- localname = axiom_element_get_localname(element, env);
-
- if (0 == axutil_strcmp(localname,
- RAMPART_SECURITY_USERNAMETOKEN_USERNAME))
- {
- username = axiom_element_get_text(element, env, node);
-
- }
- else if (0 == axutil_strcmp(localname ,
- RAMPART_SECURITY_USERNAMETOKEN_PASSWORD))
- {
- password_type = axiom_element_get_attribute_value_by_name(element,
- env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE);
-
- if (!password_type)
- {
- /*ERROR: R4201 Any PASSWORD MUST specify a Type attribute */
- /*AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password Type is not specified in the password element");
- return AXIS2_FAILURE;*/
- password_type = RAMPART_PASSWORD_TEXT_URI;
- }
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find child elements of UsernameToken");
+ return AXIS2_FAILURE;
+ }
- /*Then we must check the password type with policy*/
- password_type_pol = rampart_context_get_password_type(rampart_context, env);
- if(!password_type_pol)
- {
- password_type_pol = RP_PLAINTEXT;
- }
+ /*Go thru children and find username token parameters*/
+ while(axiom_child_element_iterator_has_next(children, env))
+ {
+ axiom_node_t *node = NULL;
+ axiom_element_t *element = NULL;
+ axis2_char_t *localname = NULL;
- if(axutil_strcmp(password_type_pol, RP_DIGEST)==0)
- {
- if(0 != axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Password Type is Wrong ");
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION,
- "Password Type is Wrong. Should be Digested.",
- RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ node = axiom_child_element_iterator_next(children, env);
+ element = axiom_node_get_data_element(node, env);
+ localname = axiom_element_get_localname(element, env);
- return AXIS2_FAILURE;
- }
- }
- else if(axutil_strcmp(password_type_pol, RP_PLAINTEXT)==0)
- {
- if(0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Password Type is Wrong ");
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION,
- "Password Type is Wrong. Should be PlainText.",
- RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ if(!axutil_strcmp(localname, RAMPART_SECURITY_USERNAMETOKEN_USERNAME))
+ {
+ username = axiom_element_get_text(element, env, node);
+ }
+ else if(!axutil_strcmp(localname, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD))
+ {
+ axis2_char_t *password_type_pol = NULL;
- return AXIS2_FAILURE;
- }
- }
- password = axiom_element_get_text(element, env, node);
+ password_type = axiom_element_get_attribute_value_by_name(
+ element, env, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD_ATTR_TYPE);
- }
- else if (0 == axutil_strcmp(localname,
- RAMPART_SECURITY_USERNAMETOKEN_NONCE))
+ if(!password_type)
{
- nonce = axiom_element_get_text(element, env, node);
- rampart_set_security_processed_result(env, msg_ctx,
- RAMPART_SPR_UT_NONCE, nonce);
-
+ password_type = RAMPART_PASSWORD_TEXT_URI;
}
- else if (0 == axutil_strcmp(localname ,
- RAMPART_SECURITY_USERNAMETOKEN_CREATED))
+
+ /* Then we must check the password type with policy */
+ password_type_pol = rampart_context_get_password_type(rampart_context, env);
+ if(!password_type_pol)
{
- created = axiom_element_get_text(element, env, node);
- rampart_set_security_processed_result(env,
- msg_ctx, RAMPART_SPR_UT_CREATED, created);
+ password_type_pol = RP_PLAINTEXT;
+ }
+ if(!axutil_strcmp(password_type_pol, RP_DIGEST))
+ {
+ if(axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Password Type is wrong");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION,
+ "Password Type is Wrong. Should be Digested.",
+ RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ return AXIS2_FAILURE;
+ }
}
- else
+ else if(!axutil_strcmp(password_type_pol, RP_PLAINTEXT))
{
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
- "\n[rampart][rampart_usernametoken] Unknown element found %s -> %s",
- localname, axiom_element_get_text(element, env, node));
+ if(!axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Password Type is Wrong ");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION,
+ "Password Type is Wrong. Should be PlainText.",
+ RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ return AXIS2_FAILURE;
+ }
}
+ password = axiom_element_get_text(element, env, node);
+ }
+ else if(!axutil_strcmp(localname, RAMPART_SECURITY_USERNAMETOKEN_NONCE))
+ {
+ nonce = axiom_element_get_text(element, env, node);
+ rampart_set_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_NONCE, nonce);
+ }
+ else if (!axutil_strcmp(localname , RAMPART_SECURITY_USERNAMETOKEN_CREATED))
+ {
+ created = axiom_element_get_text(element, env, node);
+ rampart_set_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_CREATED, created);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Unknown element found %s -> %s",
+ localname, axiom_element_get_text(element, env, node));
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION,
+ "Unknown element found in UsernameToken.",
+ RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ }/* end of while */
-
- }/*end of while*/
- }
- else
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Cannot find child elements of Usernametoken");
- return AXIS2_FAILURE;
- }
-
- /*Now we process collected usernametoken parameters*/
- if (!username)
+ /* Now we process collected usernametoken parameters */
+ if(!username)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Username is not specified");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart] Username is not specified in the UsernameToken.");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION,
+ "Username is not specified in UsernameToken.", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
return AXIS2_FAILURE;
}
- /*Set the username to the SPR*/
- rampart_set_security_processed_result(env,
- msg_ctx, RAMPART_SPR_UT_USERNAME, username);
- ctx = axis2_msg_ctx_get_base(msg_ctx, env);
+ /* Set the username to the SPR */
+ rampart_set_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_USERNAME, username);
/**
- * NOTE: Here we will try two apraoches to get the UT validated
- * 1. Authentication module
- * 2. Password callback module
+ * NOTE: Here we will try following apraoches to get the UT validated
+ * 1. Authentication function (will get username, password and verify them)
+ * 2. Authentication module (will get username, password and verify them)
+ * 3. Direct username and password set in rampart context.
+ * 4. Password callback function (will get username and return password)
+ * 5. Password callback module (will get username and return password)
*
* If authentication module is defined use it.
* Else try the usual approach to get password from the callback and compare
**/
-
- /*In both authentication and password callback methods we should first try to
- *use function pointers. */
-
- if (0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ /* We should first try to use function pointers. Function pointers will be different for digest
+ * password and plain password. */
+ if (!axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
{
- authenticate_with_digest = rampart_context_get_auth_digest_function(
- rampart_context, env);
+ auth_digest_func authenticate_with_digest = NULL;
+ authenticate_with_digest = rampart_context_get_auth_digest_function( rampart_context, env);
if(authenticate_with_digest)
{
- auth_status = authenticate_with_digest(env,
- username, nonce, created, password, NULL);
+ auth_status = authenticate_with_digest(env, username, nonce, created, password, NULL);
if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status)
{
- AXIS2_LOG_INFO(env->log,
- "[rampart][rampart_usernametoken] User authenticated");
- rampart_set_security_processed_result(env,
- msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES);
+ AXIS2_LOG_INFO(env->log, "[rampart]User authenticated");
+ rampart_set_security_processed_result(
+ env, msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES);
return AXIS2_SUCCESS;
}
else
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d",
- username, auth_status);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Password is not valid for user %s : status %d",
+ username, auth_status);
return AXIS2_FAILURE;
}
}
}
-
else
{
- authenticate_with_password =
- rampart_context_get_auth_password_function(rampart_context, env);
- if(authenticate_with_password)
+ auth_password_func auth_with_password = NULL;
+ auth_with_password = rampart_context_get_auth_password_function(rampart_context, env);
+ if(auth_with_password)
{
- auth_status = authenticate_with_password(env, username, password, NULL);
+ auth_status = auth_with_password(env, username, password, NULL);
if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User authenticated");
- rampart_set_security_processed_result(env,
- msg_ctx, RAMPART_SPR_UT_CHECKED, RAMPART_YES);
+ AXIS2_LOG_INFO(env->log, "[rampart]User authenticated");
+ rampart_set_security_processed_result(
+ env, msg_ctx, RAMPART_SPR_UT_CHECKED, RAMPART_YES);
return AXIS2_SUCCESS;
}
else
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d",
- username, auth_status);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Password is not valid for user %s : status %d",
+ username, auth_status);
return AXIS2_FAILURE;
}
}
}
+ /* password function is not given. so check authentication provider module */
authn_provider = rampart_context_get_authn_provider(rampart_context, env);
if(authn_provider)
{
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password authentication using AUTH MODULE");
- auth_status = rampart_authenticate_un_pw(env, authn_provider,
- username, password, nonce, created, password_type, msg_ctx);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
+ "[rampart]Password authentication using AUTH MODULE");
+ auth_status = rampart_authenticate_un_pw(
+ env, authn_provider, username, password, nonce, created, password_type, msg_ctx);
if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User authenticated");
- rampart_set_security_processed_result(env, msg_ctx,
- RAMPART_SPR_UT_CHECKED, RAMPART_YES);
+ AXIS2_LOG_INFO(env->log, "[rampart]User authenticated");
+ rampart_set_security_processed_result(
+ env, msg_ctx, RAMPART_SPR_UT_CHECKED, RAMPART_YES);
return AXIS2_SUCCESS;
}
else
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d",
- username, auth_status);
+ "[rampart]Password is not valid for user %s : status %d", username, auth_status);
return AXIS2_FAILURE;
}
+ }
+ /* Authentication provider module is not given. Then we must check the direct password. */
+ password_from_svr = rampart_context_get_password( rampart_context, env);
+ if(password_from_svr)
+ {
+ /* If the direct passowrd is available, then chk for the username too in the context.
+ * We need to compare it with the message's username. The reason is here we do not use
+ * callbacks. Thus there will be no failure if the username is wrong and the password is
+ * correct */
+ axis2_char_t *context_usr = NULL;
+ context_usr = rampart_context_get_user(rampart_context, env);
+ if(axutil_strcmp(context_usr, username))
+ {
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK, "Username is not valid.",
+ RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Username given in UsernameToken is not valid");
+ return AXIS2_FAILURE;
+ }
}
else
{
- /*Auth module is NULL. Use Callback password*/
- /*First we must check the password in rampart_context.*/
-
- password_from_svr = rampart_context_get_password(
- rampart_context, env);
+ /* direct password is not given. so have to check whether password callback function is
+ * available. If so, use it to get the password */
- /*If the direct passowrd is available, then chk for the username too in the context. We need to compare it with the message's:
- The reason is here we do not use callbacks. Thus there will be no failure if the username is wrong and the password is correct*/
- if(password_from_svr){
- axis2_char_t *context_usr = NULL;
-
- context_usr = rampart_context_get_user(rampart_context, env);
- if(0 != axutil_strcmp(context_usr, username)){
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
- "Username is not valid", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Username id not valid");
+ password_callback_fn password_function = NULL;
+ password_function = rampart_context_get_pwcb_function(rampart_context, env);
+ if(password_function)
+ {
+ void *param = NULL;
+ param = rampart_context_get_pwcb_user_params(rampart_context, env);
+ if(!param)
+ {
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Error in the Internal configuration.",
+ RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]User parameter needed by password callback function is not given.");
return AXIS2_FAILURE;
}
+ password_from_svr = (*password_function)(env, username, param);
}
-
- /*If not then check the call back function*/
- if(!password_from_svr)
+ else
{
- password_function = rampart_context_get_pwcb_function(rampart_context, env);
- if(password_function)
- {
- param = rampart_context_get_pwcb_user_params(rampart_context, env);
- if(!param)
- {
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
- "Error in the Internal configuration.", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Error in the pwcb function.");
- return AXIS2_FAILURE;
- }
- password_from_svr = (*password_function)(env, username, param);
- }
- else
+ /* password callback function is not given. so have to check password callback module */
+
+ rampart_callback_t *password_callback = NULL;
+ password_callback = rampart_context_get_password_callback(rampart_context, env);
+ if(!password_callback)
{
- password_callback = rampart_context_get_password_callback(rampart_context, env);
- if(!password_callback)
- {
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
- "Error in the Internal configuration.", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password callback module is not specified");
-
- return AXIS2_FAILURE;
- }
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password authentication using CALLBACK MODULE ");
- password_from_svr = rampart_callback_password(env, password_callback, username);
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Error in the Internal configuration.",
+ RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Password callback module is not specified");
+ return AXIS2_FAILURE;
}
- }else{
-
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Using the password is in the context");
+ password_from_svr = rampart_callback_password(env, password_callback, username);
}
- if (!password_from_svr)
+ if(!password_from_svr)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Cannot get the password for user %s", username);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get the password for user %s", username);
return AXIS2_FAILURE;
}
+ }
- /*Alright NOW we have the password. Is digest needed?*/
- if (0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
- {
- AXIS2_LOG_INFO(env->log,
- "[rampart][rampart_usernametoken] Generating digest to compare from the password");
- password_to_compare = rampart_crypto_sha1(env, nonce,
- created, password_from_svr);
- rampart_set_security_processed_result(env, msg_ctx,
- RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_DIGEST_URI);
- free_password_to_compare = AXIS2_TRUE;
- }
- else
- {
- password_to_compare = password_from_svr;
- rampart_set_security_processed_result(env, msg_ctx,
- RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_TEXT_URI);
- }
-
- /*The BIG moment. Compare passwords*/
- if (0 == axutil_strcmp(password_to_compare , password))
- {
- AXIS2_LOG_INFO(env->log,
- "[rampart][rampart_usernametoken] Password comparison SUCCESS");
- rampart_set_security_processed_result(env, msg_ctx,
- RAMPART_SPR_UT_CHECKED, RAMPART_YES);
- if(free_password_to_compare)
- {
- AXIS2_FREE(env->allocator, password_to_compare);
- }
- return AXIS2_SUCCESS;
- }
- else
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_usernametoken] Password is not valid for user %s",
- username);
- if(free_password_to_compare)
- {
- AXIS2_FREE(env->allocator, password_to_compare);
- }
- return AXIS2_FAILURE;
- }
+ /* NOW we have the password. Is digest needed? */
+ if (!axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ password_to_compare = rampart_crypto_sha1(env, nonce, created, password_from_svr);
+ rampart_set_security_processed_result(
+ env, msg_ctx, RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_DIGEST_URI);
+ free_password_to_compare = AXIS2_TRUE;
+ }
+ else
+ {
+ password_to_compare = password_from_svr;
+ rampart_set_security_processed_result(
+ env, msg_ctx, RAMPART_SPR_UT_PASSWORD_TYPE, RAMPART_PASSWORD_TEXT_URI);
+ }
+
+ /* The BIG moment. Compare passwords */
+ if (!axutil_strcmp(password_to_compare , password))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart]Password comparison SUCCESS");
+ rampart_set_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_CHECKED, RAMPART_YES);
+ if(free_password_to_compare)
+ {
+ AXIS2_FREE(env->allocator, password_to_compare);
+ }
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Password is not valid for user %s", username);
+ if(free_password_to_compare)
+ {
+ AXIS2_FREE(env->allocator, password_to_compare);
+ }
+ return AXIS2_FAILURE;
}
}
Modified: webservices/rampart/trunk/c/src/util/rampart_util.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_util.c?rev=703913&r1=703912&r2=703913&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_util.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_util.c Sun Oct 12 21:41:51 2008
@@ -16,21 +16,7 @@
*/
-#include <stdio.h>
#include <rampart_util.h>
-#include <axis2_util.h>
-#include <axutil_base64.h>
-#include <axutil_property.h>
-#include <time.h>
-#include <axis2_msg_ctx.h>
-#include <rampart_constants.h>
-#include <rampart_callback.h>
-#include <rampart_credentials.h>
-#include <rampart_replay_detector.h>
-#include <rampart_sct_provider.h>
-#include <oxs_buffer.h>
-#include <oxs_utility.h>
-#include <rampart_context.h>
/* Load a .dll or .so module */
static void*
@@ -43,8 +29,7 @@
axutil_param_t *impl_info_param = NULL;
void *ptr = NULL;
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Trying to load module %s", module_name);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Trying to load module %s", module_name);
dll_desc = axutil_dll_desc_create(env);
axutil_dll_desc_set_name(dll_desc, env, module_name);
impl_info_param = axutil_param_create(env, NULL, dll_desc);
@@ -55,19 +40,26 @@
if (!ptr)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Unable to load the module %s.", module_name);
+ "[rampart] Unable to load the module %s.", module_name);
axutil_param_free(impl_info_param, env);
}
else
{
AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Successfully loaded module %s", module_name);
+ "[rampart]Successfully loaded module %s", module_name);
*param = impl_info_param;
}
return ptr;
}
+/**
+ * Load the credentials module
+ * User MUST free memory
+ * @param env pointer to environment struct
+ * @param cred_module_name name of the credentails module to be loaded
+ * @return the loaded credentails module
+ */
AXIS2_EXTERN rampart_credentials_t* AXIS2_CALL
rampart_load_credentials_module(
const axutil_env_t *env,
@@ -80,8 +72,7 @@
if(!cred)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Unable to identify the credentials module %s.",
- cred_module_name);
+ "[rampart]Unable to identify the credentials module %s.", cred_module_name);
}
else if(param)
{
@@ -91,6 +82,16 @@
return cred;
}
+/**
+ * Call credentials module
+ * User MUST free memory of username and password
+ * @param env pointer to environment struct
+ * @param cred_module the credentails module
+ * @param ctx the message context
+ * @param username reference to the returned username
+ * @param password reference to the returned password
+ * @return the status of the operation
+ */
AXIS2_EXTERN rampart_credentials_status_t AXIS2_CALL
rampart_call_credentials(
const axutil_env_t *env,
@@ -100,11 +101,17 @@
axis2_char_t **password)
{
rampart_credentials_status_t cred_status = RAMPART_CREDENTIALS_GENERAL_ERROR;
-
cred_status = RAMPART_CREDENTIALS_USERNAME_GET(cred_module, env, msg_ctx, username, password);
return cred_status;
}
+/**
+ * Load authentication module
+ * User MUST free memory
+ * @param env pointer to environment struct
+ * @param auth_module_name name of the authentication module
+ * @return created athenticaiton module
+ */
AXIS2_EXTERN rampart_authn_provider_t* AXIS2_CALL
rampart_load_auth_module(
const axutil_env_t *env,
@@ -117,8 +124,7 @@
if(!authp)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Unable to identify the authentication module %s.",
- auth_module_name);
+ "[rampart]Unable to identify the authentication module %s.", auth_module_name);
}
else if(param)
{
@@ -128,6 +134,13 @@
return authp;
}
+/**
+ * Load replay detection module
+ * User MUST free memory
+ * @param env pointer to environment struct
+ * @param replay_detector_name name of the replay detection module
+ * @return created replay detection module
+ */
AXIS2_EXTERN rampart_replay_detector_t* AXIS2_CALL
rampart_load_replay_detector(
const axutil_env_t *env,
@@ -140,8 +153,7 @@
if(!rd)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Unable to identify the replay detection module %s.",
- replay_detector_name);
+ "[rampart]Unable to identify the replay detection module %s.", replay_detector_name);
}
else if(param)
{
@@ -151,6 +163,13 @@
return rd;
}
+/**
+ * Load security context token provider
+ * User MUST free memory
+ * @param env pointer to environment struct
+ * @param sct_provider_name name of the security context token provider
+ * @return created security context token provider module
+ */
AXIS2_EXTERN rampart_sct_provider_t* AXIS2_CALL
rampart_load_sct_provider(
const axutil_env_t *env,
@@ -163,7 +182,7 @@
if(!sct_provider)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Unable to identify security context token provider module %s.",
+ "[rampart]Unable to identify security context token provider module %s.",
sct_provider_name);
}
else if(param)
@@ -174,6 +193,13 @@
return sct_provider;
}
+/**
+ * Load the password callback module
+ * User MUST free memory
+ * @param env pointer to environment struct
+ * @callback_module_name the name of the callback module
+ * @return the loaded callback module
+ */
AXIS2_EXTERN rampart_callback_t* AXIS2_CALL
rampart_load_pwcb_module(
const axutil_env_t *env,
@@ -186,8 +212,7 @@
if(!cb)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Unable to identify the callback module %s.",
- callback_module_name);
+ "[rampart]Unable to identify the callback module %s.", callback_module_name);
}
else if(param)
{
@@ -197,14 +222,26 @@
return cb;
}
+/**
+ * Call auth module
+ * @param env pointer to environment struct
+ * @param authp the authentication module
+ * @param username the username in the UsernameToken
+ * @param password the password in the UsernameToken
+ * @param nonce the nonce in the UsernameToken. Can be NULL if plain text password is used.
+ * @param created created time in UsernameToken. Can be NULL if plain text password is used.
+ * @param password_type the type of the password. either plain text of digest
+ * @param msg_ctx the message context
+ * @return status of the operation
+ */
AXIS2_EXTERN rampart_authn_provider_status_t AXIS2_CALL
rampart_authenticate_un_pw(
const axutil_env_t *env,
rampart_authn_provider_t *authp,
const axis2_char_t *username,
const axis2_char_t *password,
- const axis2_char_t *nonce,/*Can be NULL if plain text*/
- const axis2_char_t *created,/*Can be NULL if plain text*/
+ const axis2_char_t *nonce,
+ const axis2_char_t *created,
const axis2_char_t *password_type,
axis2_msg_ctx_t *msg_ctx)
{
@@ -212,7 +249,7 @@
if(authp)
{
- if(0 == axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ if(!axutil_strcmp(password_type, RAMPART_PASSWORD_DIGEST_URI))
{
auth_status = RAMPART_AUTHN_PROVIDER_CHECK_PASSWORD_DIGEST(
authp, env, msg_ctx, username, nonce, created, password);
@@ -226,12 +263,19 @@
else
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_util] Cannot authenticate user. Authentication module is not valid");
+ "[rampart]Cannot authenticate user. Authentication module is not valid");
}
return auth_status;
}
+/**
+ * Gets the password of given user.
+ * @env the environment
+ * @callback_module callback module structure
+ * @username the name of the user to get the password
+ * @return the password for the user or NULL if failed
+ */
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
rampart_callback_password(
const axutil_env_t *env,
@@ -246,6 +290,13 @@
return password;
}
+/**
+ * Get the password for pkcs12 key store.
+ * @env pointer to environment struct
+ * @callback pointer to rampart callback module
+ * @username name of the pkcs12 owner
+ * @return the password for the user or NULL if username is incorrect
+ */
AXIS2_EXTERN axis2_char_t * AXIS2_CALL
rampart_callback_pkcs12_password(
const axutil_env_t *env,
@@ -260,7 +311,13 @@
return password;
}
-
+/**
+ * Generates time.
+ * User MUST free memory
+ * @param ttl Time to live. The time difference between created and expired in mili seconds.
+ * @param with_millisecond shows whether millisecond precision is needed or not
+ * @return generated time
+ **/
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
rampart_generate_time(
const axutil_env_t *env,
@@ -283,7 +340,13 @@
return dt_str;
}
-
+/**
+ * Check if @dt1 < @dt2. if not returns a false
+ * @param env pointer to environment struct
+ * @param dt1 date time 1.
+ * @param dt2 date time 2.
+ * @return AXIS2_SUCCESS if dt1 < dt2. AXIS2_FALSE otherwise
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_compare_date_time(
const axutil_env_t *env,
@@ -297,7 +360,7 @@
dt1 = axutil_date_time_create(env);
status = axutil_date_time_deserialize_date_time(dt1, env, dt1_str);
- if (!status)
+ if(status != AXIS2_SUCCESS)
{
axutil_date_time_free(dt1, env);
return AXIS2_FAILURE;
@@ -305,14 +368,14 @@
dt2 = axutil_date_time_create(env);
status = axutil_date_time_deserialize_date_time(dt2, env, dt2_str);
- if (status == AXIS2_FAILURE)
+ if (status != AXIS2_SUCCESS)
{
axutil_date_time_free(dt1, env);
axutil_date_time_free(dt2, env);
return AXIS2_FAILURE;
}
- /*dt1<dt2 for SUCCESS*/
+ /* dt1<dt2 for SUCCESS */
res = axutil_date_time_compare(dt1, env, dt2);
axutil_date_time_free(dt1, env);
axutil_date_time_free(dt2, env);
@@ -326,39 +389,3 @@
}
}
-AXIS2_EXTERN axis2_bool_t AXIS2_CALL
-is_different_session_key_for_encryption_and_signing(
- const axutil_env_t *env,
- rampart_context_t *rampart_context)
-{
- rp_property_t *binding = NULL;
- axis2_bool_t use_different_key = AXIS2_FALSE;
-
- if(rampart_context)
- {
- binding = rp_secpolicy_get_binding(rampart_context_get_secpolicy(rampart_context, env),env);
- if(binding)
- {
- if(rp_property_get_type(binding,env) == RP_PROPERTY_SYMMETRIC_BINDING)
- {
- rp_symmetric_binding_t *sym_binding = NULL;
- rp_property_t *token = NULL;
- sym_binding = (rp_symmetric_binding_t *)rp_property_get_value(binding,env);
- if(sym_binding)
- {
- /* check protection tokens have being specified. If not (means encryption token
- and signature token is specified), use different session key for
- encryption and signature
- */
- token = rp_symmetric_binding_get_protection_token(sym_binding,env);
- if(!token)
- use_different_key = AXIS2_TRUE;
- }
- }
- }
- }
-
- return use_different_key;
-}
-
-