You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ka...@apache.org on 2006/12/06 08:39:00 UTC
svn commit: r482948 - in /webservices/axis2/trunk/c/rampart: include/
samples/client/enc_echo/ src/handlers/ src/omxmlsec/openssl/ src/util/
Author: kaushalye
Date: Tue Dec 5 23:38:57 2006
New Revision: 482948
URL: http://svn.apache.org/viewvc?view=rev&rev=482948
Log:
Improved SOAP fault mechanism in rampart.
Modified:
webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h
webservices/axis2/trunk/c/rampart/include/openssl_crypt.h
webservices/axis2/trunk/c/rampart/include/openssl_pkey.h
webservices/axis2/trunk/c/rampart/include/openssl_rsa.h
webservices/axis2/trunk/c/rampart/include/openssl_util.h
webservices/axis2/trunk/c/rampart/include/openssl_x509.h
webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
webservices/axis2/trunk/c/rampart/include/oxs_axiom.h
webservices/axis2/trunk/c/rampart/include/rampart_constants.h
webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h
webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h
webservices/axis2/trunk/c/rampart/include/rampart_timestamp_token.h
webservices/axis2/trunk/c/rampart/include/rampart_username_token.h
webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh
webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c
webservices/axis2/trunk/c/rampart/src/util/username_token.c
Modified: webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_cipher_ctx.h Tue Dec 5 23:38:57 2006
@@ -127,9 +127,6 @@
#define OPENSSL_CIPHER_CTX_SET_PAD(ctx, env, pad)\
((ctx)->ops->set_pad(ctx, env, pad))
-
-
-
/* @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/openssl_crypt.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_crypt.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_crypt.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_crypt.h Tue Dec 5 23:38:57 2006
@@ -35,8 +35,6 @@
* @{
*/
-
-
/**
*
*@param bc_ctx block cipher context
Modified: webservices/axis2/trunk/c/rampart/include/openssl_pkey.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_pkey.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_pkey.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_pkey.h Tue Dec 5 23:38:57 2006
@@ -23,8 +23,9 @@
#include <axis2_util.h>
/**
- * @file
- * @brief
+ * @file openssl_pkey
+ * @brief holds either a public key or a private key.
+ * The type is determined by the type attribute
*/
#ifndef OPENSSL_PKEY_H
#define OPENSSL_PKEY_H
@@ -38,7 +39,6 @@
* @{
*/
-/*TODO make these enums*/
#define OPENSSL_PKEY_TYPE_UNKNOWN 0
#define OPENSSL_PKEY_TYPE_PUBLIC_KEY 1
#define OPENSSL_PKEY_TYPE_PRIVATE_KEY 2
Modified: webservices/axis2/trunk/c/rampart/include/openssl_rsa.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_rsa.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_rsa.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_rsa.h Tue Dec 5 23:38:57 2006
@@ -25,8 +25,8 @@
#include <oxs_buffer.h>
/**
- * @file
- * @brief
+ * @file openssl_rsa.h
+ * @brief For RSA encryption.
*/
#ifndef OPENSSL_RSA_H
#define OPENSSL_RSA_H
Modified: webservices/axis2/trunk/c/rampart/include/openssl_util.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_util.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_util.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_util.h Tue Dec 5 23:38:57 2006
@@ -19,8 +19,8 @@
#include<openssl_cipher_property.h>
/**
- * @file
- * @brief
+ * @file openssl_util.h
+ * @brief General utility routines for openssl related functions.
*/
#ifndef OPENSSL_UTIL_H
#define OPENSSL_UTIL_H
@@ -29,6 +29,7 @@
extern "C" {
#endif
+/*Generate a random sgtring.*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
generate_random_data(const axis2_env_t *env, oxs_buffer_t *buffer, int size);
Modified: webservices/axis2/trunk/c/rampart/include/openssl_x509.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_x509.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_x509.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_x509.h Tue Dec 5 23:38:57 2006
@@ -25,8 +25,8 @@
#include <openssl/pkcs12.h>
#include <oxs_error.h>
/**
- * @file
- * @brief
+ * @file openssl_x509.h
+ * @brief Extracts information from a X509 certificate.
*/
#ifndef OPENSSL_X509_H
#define OPENSSL_X509_H
Modified: webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h Tue Dec 5 23:38:57 2006
@@ -20,7 +20,7 @@
/**
* @file oxs_asym_ctx.h
- * @brief
+ * @brief Keeps information relavent for asymmetric encryption.
*/
#include <axis2_defines.h>
Modified: webservices/axis2/trunk/c/rampart/include/oxs_axiom.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_axiom.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_axiom.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_axiom.h Tue Dec 5 23:38:57 2006
@@ -20,7 +20,7 @@
/**
* @file oxs_axiom.h
- * @brief
+ * @brief Utility functions related to AXIOM. A place for common code.
*/
#include <axis2_defines.h>
Modified: webservices/axis2/trunk/c/rampart/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_constants.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_constants.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_constants.h Tue Dec 5 23:38:57 2006
@@ -119,7 +119,9 @@
#define RAMPART_FAULT_FAILED_CHECK "wsse:FailedCheck"
#define RAMPART_FAULT_SECURITY_TOKEN_UNAVAILABLE "wsse:SecurityTokenUnavailable"
-
+/***********fault related strings*********/
+#define RAMPART_FAULT_IN_TIMESTAMP "wsse:Timestamp"
+#define RAMPART_FAULT_IN_USERNAMETOKEN "wsse:UsernameToken"
/*Dynamically set values*/
#define RAMPART_ACTION_PASSWORD "password"
Modified: webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_handler_util.h Tue Dec 5 23:38:57 2006
@@ -111,9 +111,9 @@
AXIS2_EXTERN void AXIS2_CALL
rampart_create_fault_envelope(const axis2_env_t *env,
- const axis2_char_t *header_name,
- const axis2_char_t *description,
- axis2_array_list_t *sub_codes,
+ const axis2_char_t *sub_code,
+ const axis2_char_t *reason_text,
+ const axis2_char_t *detail_node_text,
axis2_msg_ctx_t *msg_ctx);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
Modified: webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_sec_header_processor.h Tue Dec 5 23:38:57 2006
@@ -46,8 +46,7 @@
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *sec_node,
- axis2_array_list_t *sub_codes);
+ axiom_node_t *sec_node);
/* @} */
Modified: webservices/axis2/trunk/c/rampart/include/rampart_timestamp_token.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_timestamp_token.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_timestamp_token.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_timestamp_token.h Tue Dec 5 23:38:57 2006
@@ -70,8 +70,7 @@
validate)(rampart_timestamp_token_t *timestamp_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_node_t *ts_node,
- axis2_array_list_t *sub_codes);
+ axiom_node_t *ts_node);
};
/**
@@ -99,8 +98,8 @@
#define RAMPART_TIMESTAMP_TOKEN_BUILD(timestamp_token, env, ctx, sec_node, sec_ns_obj, ttl) \
((timestamp_token)->ops->build(timestamp_token, env, ctx, sec_node, sec_ns_obj, ttl))
-#define RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node, sub_codes) \
- ((timestamp_token)->ops->validate(timestamp_token, env, msg_ctx, ts_node, sub_codes))
+#define RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node) \
+ ((timestamp_token)->ops->validate(timestamp_token, env, msg_ctx, ts_node))
/** @} */
#ifdef __cplusplus
Modified: webservices/axis2/trunk/c/rampart/include/rampart_username_token.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_username_token.h?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_username_token.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_username_token.h Tue Dec 5 23:38:57 2006
@@ -73,8 +73,8 @@
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
axiom_soap_header_t *soap_header,
- rampart_actions_t *actions,
- axis2_array_list_t *sub_codes);
+ rampart_actions_t *actions
+ );
};
/**
@@ -102,8 +102,8 @@
#define RAMPART_USERNAME_TOKEN_BUILD(username_token, env, ctx, actions, sec_node, sec_ns_obj) \
((username_token)->ops->build(username_token, env, ctx, actions, sec_node, sec_ns_obj))
-#define RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env, msg_ctx, soap_header, actions, sub_codes) \
- ((username_token)->ops->validate(username_token, env, msg_ctx, soap_header, actions, sub_codes))
+#define RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env, msg_ctx, soap_header, actions) \
+ ((username_token)->ops->validate(username_token, env, msg_ctx, soap_header, actions))
/** @} */
#ifdef __cplusplus
Modified: webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh (original)
+++ webservices/axis2/trunk/c/rampart/samples/client/enc_echo/deploy_client_repo.sh Tue Dec 5 23:38:57 2006
@@ -3,7 +3,8 @@
CLIENT_REPO="$HOME/client_repo"
echo "Start creating a client repository at $CLIENT_REPO"
-if [-d $CLIENT_REPO]; then
+if [ -d $CLIENT_REPO ];
+then
echo "$CLIENT_REPO exists. "
else
#Create client repo
@@ -14,9 +15,10 @@
#copy [client]axis2.xml to CLIENT_REPO
echo "Copying axis2.xml to client_repo"
-cp data/client.enc.axis2.xml $CLIENT_REPO/
+cp data/client.enc.axis2.xml $CLIENT_REPO/axis2.xml
#copy [server]axis2.xml to AXIS2C_HOME
+echo "Copying axis2.xml to AXIS2C_HOME"
cp data/server.enc.axis2.xml $AXIS2C_HOME/axis2.xml
#copy libs to client_repo
Modified: webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c (original)
+++ webservices/axis2/trunk/c/rampart/src/handlers/rampart_in_handler.c Tue Dec 5 23:38:57 2006
@@ -75,7 +75,6 @@
axis2_param_t *param_action = NULL;
axiom_node_t *sec_node = NULL;
rampart_actions_t *actions = NULL;
- axis2_array_list_t *sub_codes = NULL;
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
@@ -134,7 +133,6 @@
sec_node = rampart_get_security_token(env, msg_ctx, soap_header);
- sub_codes = axis2_array_list_create(env, 0);
/*Set the security processed results to the message ctx*/
status = rampart_set_security_processed_results_property(env, msg_ctx);
if(AXIS2_FAILURE == status){
@@ -147,20 +145,11 @@
}
- /*status = rampart_validate_security_token(env, msg_ctx, sec_node);
- if (AXIS2_FAILURE == status)
- {
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, RAMPART_FAULT_INVALID_SECURITY_TOKEN);
- rampart_create_fault_envelope(env, "wsse:Security", "Security header element is not valid", sub_codes, msg_ctx);
- return AXIS2_FAILURE;
- }
- */
-
/*The main entry point for all security header validations*/
- status = rampart_shp_process_message(env, msg_ctx, actions, soap_envelope, sec_node, sub_codes);
+ status = rampart_shp_process_message(env, msg_ctx, actions, soap_envelope, sec_node);
if (AXIS2_FAILURE == status)
{
- rampart_create_fault_envelope(env, "wsse:Security", "Security header processing failed", sub_codes, msg_ctx);
+ /*rampart_create_fault_envelope(env, "wsse:Security", "Security header processing failed", sub_codes, msg_ctx);*/
return AXIS2_FAILURE;
}
@@ -169,5 +158,4 @@
} /* End of sec_header */
}/* End of soap_envelope */
- return status;
-}
+ return status;}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c Tue Dec 5 23:38:57 2006
@@ -151,6 +151,7 @@
in,
encrypted,
key->pkey.rsa ,
+ /*RSA_PKCS1_OAEP_PADDING);*/
RSA_PKCS1_PADDING);
if (ret < 0)
{
@@ -184,6 +185,7 @@
in,
decrypted,
key->pkey.rsa,
+ /*RSA_PKCS1_OAEP_PADDING);*/
RSA_PKCS1_PADDING);
if (ret < 0)
{
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c Tue Dec 5 23:38:57 2006
@@ -54,12 +54,11 @@
axis2_msg_ctx_t *msg_ctx,
axiom_soap_header_t *soap_header);
-
AXIS2_EXTERN void AXIS2_CALL
rampart_create_fault_envelope(const axis2_env_t *env,
- const axis2_char_t *header_name,
- const axis2_char_t *description,
- axis2_array_list_t *sub_codes,
+ const axis2_char_t *sub_code,
+ const axis2_char_t *reason_text,
+ const axis2_char_t *detail_node_text,
axis2_msg_ctx_t *msg_ctx);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
@@ -195,6 +194,7 @@
if (!header_block_ht)
return AXIS2_FAILURE;
+ /*TODO If there are multiple security header elements, get the one with @role=rampart*/
for (hash_index = axis2_hash_first(header_block_ht, env); hash_index;
hash_index = axis2_hash_next(env, hash_index))
{
@@ -224,9 +224,9 @@
AXIS2_EXTERN void AXIS2_CALL
rampart_create_fault_envelope(const axis2_env_t *env,
- const axis2_char_t *header_name,
- const axis2_char_t *description,
- axis2_array_list_t *sub_codes,
+ const axis2_char_t *sub_code,
+ const axis2_char_t *reason_text,
+ const axis2_char_t *detail_node_text,
axis2_msg_ctx_t *msg_ctx)
{
axiom_soap_envelope_t *envelope = NULL;
@@ -234,14 +234,18 @@
axiom_node_t* text_om_node = NULL;
axiom_element_t * text_om_ele = NULL;
axiom_namespace_t *ns1 = NULL;
+ axis2_array_list_t *sub_codes = NULL;
+
+ sub_codes = axis2_array_list_create(env, 1);
+ AXIS2_ARRAY_LIST_ADD(sub_codes, env, sub_code);
ns1 = axiom_namespace_create(env, RAMPART_WSSE_XMLNS, RAMPART_WSSE);
text_om_ele = axiom_element_create(env, NULL, "ProblemSecurityHeader", ns1, &text_om_node);
- AXIOM_ELEMENT_SET_TEXT(text_om_ele, env, header_name, text_om_node);
+ AXIOM_ELEMENT_SET_TEXT(text_om_ele, env, detail_node_text, text_om_node);
envelope = axiom_soap_envelope_create_default_soap_fault_envelope(env,
"soapenv:Sender",
- description,
+ reason_text,
soap_version, sub_codes, text_om_node);
AXIS2_MSG_CTX_SET_FAULT_SOAP_ENVELOPE(msg_ctx, env, envelope);
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Tue Dec 5 23:38:57 2006
@@ -45,14 +45,13 @@
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *ts_node,
- axis2_array_list_t *sub_codes)
+ axiom_node_t *ts_node)
{
rampart_timestamp_token_t *timestamp_token = NULL;
axis2_status_t valid_ts = AXIS2_FAILURE;
timestamp_token = rampart_timestamp_token_create(env);
- valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node, sub_codes);
+ valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node);
if (valid_ts)
{
@@ -61,12 +60,8 @@
}
else
{
- /*TODO return a fault*/
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
- if (sub_codes)
- {
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, RAMPART_FAULT_FAILED_AUTHENTICATION);
- }
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
return AXIS2_FAILURE;
}
}
@@ -76,8 +71,7 @@
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *ut_node,
- axis2_array_list_t *sub_codes)
+ axiom_node_t *ut_node)
{
rampart_username_token_t *username_token = NULL;
axiom_soap_header_t *soap_header = NULL;
@@ -88,18 +82,15 @@
username_token = rampart_username_token_create(env);
AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
- msg_ctx, soap_header, actions, sub_codes);
+ msg_ctx, soap_header, actions);
if (valid_user)
{
AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken SUCCESS");
return AXIS2_SUCCESS;
}else{
- if (sub_codes)
- {
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, RAMPART_FAULT_FAILED_AUTHENTICATION);
- }
AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken FAILED");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "UsernameToken is not valid", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
return AXIS2_FAILURE;
}
}
@@ -110,8 +101,7 @@
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node,
- axiom_node_t *encrypted_key_node,
- axis2_array_list_t *sub_codes)
+ axiom_node_t *encrypted_key_node)
{
axiom_node_t *ref_list_node = NULL;
axis2_array_list_t *reference_list = NULL;
@@ -122,7 +112,7 @@
oxs_asym_ctx_t *asym_ctx = NULL;
oxs_key_t *decrypted_sym_key = NULL;
int i = 0;
-
+
/*Get EncryptedData references */
ref_list_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_REFERENCE_LIST, NULL, NULL);
reference_list = oxs_token_get_reference_list_data(env, ref_list_node);
@@ -200,8 +190,7 @@
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *sec_node,
- axis2_array_list_t *sub_codes)
+ axiom_node_t *sec_node)
{
axis2_char_t *items = NULL;
axis2_array_list_t *items_list = NULL;
@@ -232,10 +221,8 @@
RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE);
if(1 != num_of_ut){
AXIS2_LOG_INFO(env->log, "[rampart][shp] UsernameToken is required. But not available");
- if (sub_codes)
- {
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, RAMPART_FAULT_INVALID_SECURITY);
- }
+ rampart_create_fault_envelope(env, RAMPART_FAULT_SECURITY_TOKEN_UNAVAILABLE,
+ "UsernameToken is not available", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
return AXIS2_FAILURE;
}
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
@@ -245,10 +232,8 @@
RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE);
if(1 != num_of_ts){
AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is required. But not available");
- if (sub_codes)
- {
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, RAMPART_FAULT_INVALID_SECURITY);
- }
+ rampart_create_fault_envelope(env, RAMPART_FAULT_SECURITY_TOKEN_UNAVAILABLE,
+ "Timestamp is not available", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
return AXIS2_FAILURE;
}
@@ -269,8 +254,7 @@
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *sec_node,
- axis2_array_list_t *sub_codes)
+ axiom_node_t *sec_node)
{
axiom_node_t *cur_node = NULL;
axiom_element_t *cur_ele = NULL;
@@ -280,7 +264,7 @@
/*If certian security elements are expected by the reciever, rampart should check for those */
/*This should be done along with the the message header processing. Need to be modified later for encryption*/
- status = rampart_shp_enforce_security(env, msg_ctx, actions, soap_envelope, sec_node, sub_codes);
+ status = rampart_shp_enforce_security(env, msg_ctx, actions, soap_envelope, sec_node);
if(AXIS2_FAILURE == status){
return AXIS2_FAILURE;
}
@@ -298,15 +282,15 @@
if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_USERNAMETOKEN) ){
/*Process UT*/
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Usernametoken");
- status = rampart_shp_process_usernametoken(env,msg_ctx, actions, soap_envelope, cur_node, sub_codes);
+ status = rampart_shp_process_usernametoken(env,msg_ctx, actions, soap_envelope, cur_node);
}else if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_TIMESTAMP)){
/*Verify TS*/
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Timestamptoken");
- status = rampart_shp_process_timestamptoken(env,msg_ctx, actions, soap_envelope, cur_node, sub_codes);
+ status = rampart_shp_process_timestamptoken(env,msg_ctx, actions, soap_envelope, cur_node);
}else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_KEY)){
/*Process EncryptedKey*/
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
- status = rampart_shp_process_encrypted_key(env,msg_ctx, actions, soap_envelope, sec_node, cur_node, sub_codes);
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, actions, soap_envelope, sec_node, cur_node);
}else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_DATA)){
/*Process Encrypteddata*/
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedData");
@@ -321,20 +305,14 @@
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process ReferenceList");
}else{
AXIS2_LOG_INFO(env->log, "[rampart][shp] Unknown token %s", cur_node_name);
- if (sub_codes)
- {
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, RAMPART_FAULT_INVALID_SECURITY_TOKEN);
- }
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN,
+ "Invalid security token found", cur_node_name, msg_ctx);
return AXIS2_FAILURE;
}
/*Retuen failure on error*/
if(AXIS2_FAILURE == status){
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header processing failure");
- if (sub_codes)
- {
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, RAMPART_FAULT_INVALID_SECURITY);
- }
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header processing failure");
return AXIS2_FAILURE;
}
/*Proceed to next node*/
Modified: webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c Tue Dec 5 23:38:57 2006
@@ -60,8 +60,7 @@
rampart_timestamp_token_validate(rampart_timestamp_token_t *timestamp_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_node_t *ts_node,
- axis2_array_list_t *sub_codes);
+ axiom_node_t *ts_node );
/*************************** end of function headers *********************************/
static void
@@ -187,8 +186,7 @@
rampart_timestamp_token_validate(rampart_timestamp_token_t *timestamp_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_node_t *ts_node,
- axis2_array_list_t *sub_codes)
+ axiom_node_t *ts_node )
{
axis2_status_t validity = AXIS2_FAILURE;
axiom_element_t *created_ele = NULL;
@@ -203,14 +201,14 @@
/*Check: TIMESTAMP MUST contain exactly one CREATED*/
if (1 != oxs_axiom_get_number_of_children_with_qname(env, ts_node, RAMPART_SECURITY_TIMESTAMP_CREATED, NULL, NULL))
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Timestamp must contain exactly one Created element");
+ AXIS2_LOG_INFO(env->log, "Timestamp not valid: Timestamp must contain exactly one Created element");
return AXIS2_FAILURE;
}
/*Check: TIMESTAMP MUST NOT contain more than one EXPIRES*/
if (1 < oxs_axiom_get_number_of_children_with_qname(env, ts_node, RAMPART_SECURITY_TIMESTAMP_CREATED, NULL, NULL))
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Timestamp must not contain more than one Expires element");
+ AXIS2_LOG_INFO(env->log, "Timestamp not valid: Timestamp must not contain more than one Expires element");
return AXIS2_FAILURE;
}
@@ -219,8 +217,7 @@
if (!ts_ele)
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Cannot find Timestamp element");
- AXIS2_LOG_INFO(env->log, " Cannot find timestamp ");
+ AXIS2_LOG_INFO(env->log, "Timestamp not valid: Cannot find timestamp ");
return AXIS2_FAILURE;
}
@@ -230,8 +227,7 @@
if (AXIS2_STRCMP(RAMPART_SECURITY_TIMESTAMP_CREATED ,
AXIOM_ELEMENT_GET_LOCALNAME(created_ele, env)) != 0)
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "The first elelment of a Timestamp token must be Created");
- AXIS2_LOG_INFO(env->log, "Cannot find created in timestamp element. The first element MUST be CREATED");
+ AXIS2_LOG_INFO(env->log, "Timestamp not valid: Cannot find created in timestamp element. The first element MUST be CREATED");
return AXIS2_FAILURE;
}
@@ -242,7 +238,7 @@
validity = rampart_compare_date_time(env, created_val, current_val);
if (validity == AXIS2_FAILURE)
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Created time is not valid");
+ AXIS2_LOG_INFO(env->log, "Timestamp not valid: Created time is not valid");
return AXIS2_FAILURE;
}
@@ -258,8 +254,7 @@
if (AXIS2_STRCMP(RAMPART_SECURITY_TIMESTAMP_EXPIRES ,
AXIOM_ELEMENT_GET_LOCALNAME(expires_ele, env)) != 0)
{
- AXIS2_LOG_INFO(env->log, " The second element of timestamp token (if any) MUST be EXPIRES");
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "The second elelment must be Expires, if any");
+ AXIS2_LOG_INFO(env->log, " Timestamp not valid: The second element of timestamp token (if any) MUST be EXPIRES");
return AXIS2_FAILURE;
}
@@ -272,7 +267,7 @@
validity = rampart_compare_date_time(env, current_val, expires_val);
if (validity == AXIS2_FAILURE)
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Timestamp token has expired");
+ AXIS2_LOG_INFO(env->log, " Timestamp not valid: Timestamp token has expired");
return AXIS2_FAILURE;
}
AXIS2_LOG_INFO(env->log, "[rampart][ts] Timstamp is valid");
Modified: webservices/axis2/trunk/c/rampart/src/util/username_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/username_token.c?view=diff&rev=482948&r1=482947&r2=482948
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/username_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/username_token.c Tue Dec 5 23:38:57 2006
@@ -84,8 +84,7 @@
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
axiom_soap_header_t *soap_header,
- rampart_actions_t *actions,
- axis2_array_list_t *sub_codes);
+ rampart_actions_t *actions);
/************************* End of function headers ****************************/
static void
@@ -399,8 +398,7 @@
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
axiom_soap_header_t *soap_header,
- rampart_actions_t *actions,
- axis2_array_list_t *sub_codes)
+ rampart_actions_t *actions)
{
axiom_element_t *sec_ele = NULL;
axiom_element_t *ut_ele = NULL;
@@ -446,7 +444,6 @@
if (!ut_ele)
{
AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Cannot find UsernameToken in Security header element...");
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "No username token in the security header");
return AXIS2_FAILURE;
}
}
@@ -454,21 +451,21 @@
/*Check: Any USERNAME_TOKEN MUST NOT have more than one PASSWORD*/
if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, NULL, NULL))
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Username token must not have more than one password");
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Username token must not have more than one password");
return AXIS2_FAILURE;
}
/*Check: Any USERNAME_TOKEN MUST NOT have more than one CREATED*/
if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_CREATED, NULL, NULL))
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Username token must not have more than one creted element");
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Username token must not have more than one creted element");
return AXIS2_FAILURE;
}
/*Check: Any USERNAME_TOKEN MUST NOT have more than one NONCE*/
if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_NONCE, NULL, NULL))
{
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Username token must not have more than one nonce element");
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Username token must not have more than one nonce element");
return AXIS2_FAILURE;
}
@@ -502,7 +499,6 @@
{
/*R4201 Any PASSWORD MUST specify a Type attribute */
AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password Type is not specified in the password element");
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Password Type is not specified in the password element");
return AXIS2_FAILURE;
}
@@ -549,7 +545,6 @@
pw_callback_module = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
if(!pw_callback_module){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken] Password callback module is not specified");
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Server configuration error. Callback module not specified");
return AXIS2_FAILURE;
}
@@ -583,7 +578,6 @@
else
{
AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password is not valid for user %s", username);
- AXIS2_ARRAY_LIST_ADD(sub_codes, env, "Password is not valid");
return AXIS2_FAILURE;
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org