You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/04/20 10:58:00 UTC
svn commit: r530700 - in /webservices/rampart/trunk/c: include/
samples/secpolicy/ src/core/ src/handlers/ src/omxmlsec/
src/secpolicy/builder/ src/util/
Author: kaushalye
Date: Fri Apr 20 01:57:56 2007
New Revision: 530700
URL: http://svn.apache.org/viewvc?view=rev&rev=530700
Log:
1. Fixed problem of reading policy files. We have to call the axiom_document_build_all.
2. Modified the scripts to be more robust.
3. Modified the way of keeping the rampart context in the server side. For the efficientcy we keep the context in the axis2_ctx. The context will be freed when axis2 engine goes down.
4. Plus some minor modifications
Modified:
webservices/rampart/trunk/c/include/rampart_authn_provider.h
webservices/rampart/trunk/c/include/rampart_engine.h
webservices/rampart/trunk/c/samples/secpolicy/run_all.sh
webservices/rampart/trunk/c/src/core/mod_rampart.c
webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c
webservices/rampart/trunk/c/src/omxmlsec/encryption.c
webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c
webservices/rampart/trunk/c/src/secpolicy/builder/policy_creator.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
webservices/rampart/trunk/c/src/util/rampart_token_builder.c
webservices/rampart/trunk/c/src/util/rampart_username_token.c
Modified: webservices/rampart/trunk/c/include/rampart_authn_provider.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_authn_provider.h?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_authn_provider.h (original)
+++ webservices/rampart/trunk/c/include/rampart_authn_provider.h Fri Apr 20 01:57:56 2007
@@ -68,6 +68,15 @@
{
+ /**
+ * Check plain text passwords. If the UseranmeToken is in plain text this function will be called.
+ * @param authn_provider the authentication provider struct
+ * @param env pointer to environment struct
+ * @param msg_ctx message context
+ * @username the username
+ * @password the password in plain text
+ * @return the status of the check
+ */
rampart_authn_provider_status_t (AXIS2_CALL*
rampart_authn_provider_check_password)(
rampart_authn_provider_t *authn_provider,
@@ -77,6 +86,17 @@
const axis2_char_t *password
);
+ /**
+ * Check digested passwords. If the UseranmeToken is in password digest form this function will be called.
+ * @param authn_provider the authentication provider struct
+ * @param env pointer to environment struct
+ * @param msg_ctx message context
+ * @username the username
+ * @nonce the noce or the random value of the username token
+ * @created the created value of the username token
+ * @digest the digest value of the SHA-1(password+created+nonce)
+ * @return the status of the check
+ */
rampart_authn_provider_status_t (AXIS2_CALL*
rampart_authn_provider_check_password_digest)(
rampart_authn_provider_t *authn_provider,
@@ -88,6 +108,12 @@
const char *digest
);
+ /**
+ * The free function to free all resources allocated
+ * @param authn_provider the authentication provider struct
+ * @param env pointer to environment struct
+ *
+ */
axis2_status_t (AXIS2_CALL*
free)(rampart_authn_provider_t *authn_provider,
const axutil_env_t* env);
Modified: webservices/rampart/trunk/c/include/rampart_engine.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_engine.h?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_engine.h (original)
+++ webservices/rampart/trunk/c/include/rampart_engine.h Fri Apr 20 01:57:56 2007
@@ -40,11 +40,21 @@
{
#endif
+ /**
+ * Initializes the rampart engine. This will perform the configuration loading for the rampart module.
+ * @param env pointer to environment struct
+ * @param msg_ctx message context
+ * @param is_inflow if the initialization is in IN-FLOW of the message this should be set to TRUE
+ * @return a rampart context nurished with configurations.
+ */
AXIS2_EXTERN rampart_context_t* AXIS2_CALL
rampart_engine_init(const axutil_env_t *env,
axis2_msg_ctx_t *msg_ctx,
axis2_bool_t is_inflow);
-
+ /**
+ *
+ *
+ */
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_engine_shutdown(const axutil_env_t *env,
rampart_context_t *rampart_context);
Modified: webservices/rampart/trunk/c/samples/secpolicy/run_all.sh
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/run_all.sh?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/run_all.sh (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/run_all.sh Fri Apr 20 01:57:56 2007
@@ -2,6 +2,7 @@
_SCEN="scenario"
_SMPL_DIR="$PWD"
_PORT=9090
+_SLEEP=2
#You may change these to scenarios u need to run
_LST="1 2 3 4 5 6 7 8"
@@ -17,9 +18,12 @@
S_i=$_SCEN$i
echo "-------------------------------------------------------------------------"
echo ">Deploying $S_i"
+ echo "-------------------------------------------------------------------------"
sh deploy.sh $S_i
echo ">Killing server"
killall axis2_http_server
+ echo "Sleeping for $_SLEEP seconds"
+ sleep $_SLEEP
echo ">Go to $AXIS2C_HOME"
cd $AXIS2C_HOME/bin
echo ">Start server @ $_PORT"
Modified: webservices/rampart/trunk/c/src/core/mod_rampart.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/core/mod_rampart.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/core/mod_rampart.c (original)
+++ webservices/rampart/trunk/c/src/core/mod_rampart.c Fri Apr 20 01:57:56 2007
@@ -69,9 +69,6 @@
if (module->handler_create_func_map)
{
- /* TODO
- * do the neccessary clean in hash map
- */
axutil_hash_free(module->handler_create_func_map, env);
module->handler_create_func_map = NULL;
}
Modified: webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c (original)
+++ webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c Fri Apr 20 01:57:56 2007
@@ -95,7 +95,6 @@
return AXIS2_SUCCESS;
}
- serverside = axis2_msg_ctx_get_server_side(msg_ctx,env);
soap_envelope = axis2_msg_ctx_get_soap_envelope(msg_ctx, env);
if(!soap_envelope)
@@ -145,8 +144,12 @@
return status;
}
+ serverside = axis2_msg_ctx_get_server_side(msg_ctx,env);
+ /*We do not need rampart context to be freed in the server side*/
+ if(!serverside){
/*This method will free the rampart_context*/
- /*status = rampart_engine_shutdown(env,rampart_context);*/
+ status = rampart_engine_shutdown(env, rampart_context);
+ }
return status;
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/encryption.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/encryption.c Fri Apr 20 01:57:56 2007
@@ -260,7 +260,5 @@
/**/
}
- /*TODO Set certificate information taken from the PEM file */
-
return AXIS2_SUCCESS;
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c Fri Apr 20 01:57:56 2007
@@ -191,7 +191,7 @@
oxs_buffer_t *output_buf = NULL;
axis2_status_t status = AXIS2_FAILURE;
- /*TODO : Cannonicalize <SignedInfo>*/
+ /*Cannonicalize <SignedInfo>*/
c14n_algo = oxs_sign_ctx_get_c14n_mtd(sign_ctx, env);
doc = axiom_node_get_document(signed_info_node, env);
@@ -256,7 +256,7 @@
for (i = 0; i < axutil_array_list_size(sign_parts, env); i++){
oxs_sign_part_t *sign_part = NULL;
- /*TODO Get ith sign_part*/
+ /*Get ith sign_part*/
sign_part = (oxs_sign_part_t*)axutil_array_list_get(sign_parts, env, i);
/*Create <ds:Reference> elements */
oxs_xml_sig_build_reference(env, signed_info_node, sign_part);
@@ -304,7 +304,6 @@
child_node_name = axiom_util_get_localname(child_node, env);
if(0 == axutil_strcmp(child_node_name, OXS_NODE_TRANSFORMS)){
/*Transforms found*/
- /*TODO*/
axiom_node_t *tr_node = NULL;
axutil_array_list_t *tr_list = NULL;
@@ -568,7 +567,6 @@
oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"<ds:Signature> node processing failed " );
return AXIS2_FAILURE;
}
- /*TODO Process KeyInfo if available*/
/*-----------------------------------------------------------------------------------------*/
/*At this point we have a ready to process signature context. So start verification process*/
Modified: webservices/rampart/trunk/c/src/secpolicy/builder/policy_creator.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secpolicy/builder/policy_creator.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/secpolicy/builder/policy_creator.c (original)
+++ webservices/rampart/trunk/c/src/secpolicy/builder/policy_creator.c Fri Apr 20 01:57:56 2007
@@ -39,7 +39,9 @@
return NULL;
}
- root = axiom_document_get_root_element(document, env);
+ /*root = axiom_document_get_root_element(document, env);*/
+ /*This is to get rid of the BUG in axiom. We can't use axiom_document_get_root_element without calling the build_all*/
+ root = axiom_document_build_all(document, env);
if(!root)
{
axiom_stax_builder_free(builder, env);
Modified: webservices/rampart/trunk/c/src/util/rampart_engine.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_engine.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_engine.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_engine.c Fri Apr 20 01:57:56 2007
@@ -166,6 +166,8 @@
"[rampart][rampart_Engine] No Security in the flow. So nothing to do");
return NULL;
}
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine] Trying to build rampart context from file %s ", file_name);
+
secpolicy = rp_policy_create_from_file(env,file_name);
if(!secpolicy)
@@ -246,18 +248,25 @@
{
return (rampart_context_t *)axutil_property_get_value(property,env);
}else{
+ /*We cannot find the rampart_context as a property in axis2_ctx. Thus we need to create*/
axis2_char_t *file_name = NULL;
rampart_context_t *rampart_context = NULL;
- if(axutil_strcmp(key,IN_MESSAGE_SECURITY)==0)
+ if(axutil_strcmp(key, IN_MESSAGE_SECURITY)==0)
{
file_name =(axis2_char_t *)rampart_get_rampart_configuration(env,msg_ctx,RAMPART_INFLOW_SECURITY_POLICY);
if(file_name)
{
rampart_context = build_rampart_context_from_file(env,file_name);
+ /*
property = axutil_property_create(env);
axutil_property_set_value(property,env,rampart_context);
- axis2_ctx_set_property(ctx,env,key,property);
+ */
+
+ property = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_FALSE, (void *)rampart_engine_shutdown, rampart_context );
+
+ axis2_ctx_set_property(ctx, env, key, property);
return rampart_context;
}
else
@@ -272,8 +281,11 @@
if(file_name)
{
rampart_context = build_rampart_context_from_file(env,file_name);
- property = axutil_property_create(env);
- axutil_property_set_value(property,env,rampart_context);
+ /*property = axutil_property_create(env);
+ axutil_property_set_value(property,env,rampart_context);*/
+
+ property = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_FALSE, (void *)rampart_engine_shutdown, rampart_context );
axis2_ctx_set_property(ctx,env,key,property);
return rampart_context;
}
Modified: webservices/rampart/trunk/c/src/util/rampart_token_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_token_builder.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_token_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_token_builder.c Fri Apr 20 01:57:56 2007
@@ -31,6 +31,7 @@
#include <oxs_x509_cert.h>
#include <oxs_xml_key_processor.h>
#include <oxs_tokens.h>
+#include <oxs_utility.h>
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_token_build_security_token_reference(const axutil_env_t *env,
@@ -77,7 +78,7 @@
return AXIS2_FAILURE;
}
embedded_node = oxs_token_build_embedded_element(env, parent, "ID");
- bst_id = "bst-id";/*TODO*/
+ bst_id = oxs_util_generate_id(env, (axis2_char_t*)"BST-");
bst_node = oxs_token_build_binary_security_token_element(env, embedded_node, bst_id , OXS_VALUE_X509V3, OXS_ENCODING_BASE64BINARY, data);
return AXIS2_SUCCESS;
}
Modified: webservices/rampart/trunk/c/src/util/rampart_username_token.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_username_token.c?view=diff&rev=530700&r1=530699&r2=530700
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_username_token.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_username_token.c Fri Apr 20 01:57:56 2007
@@ -197,7 +197,7 @@
if(nonce_val){
/*AXIS2_FREE(env->allocator, nonce_val);
- nonce_val = NULL;*//*TODO Check*/
+ nonce_val = NULL;*/
}
if(created_val){
AXIS2_FREE(env->allocator, created_val);