You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ka...@apache.org on 2007/02/27 13:55:03 UTC
svn commit: r512242 - in /webservices/axis2/trunk/c/rampart:
src/omxmlsec/openssl/sign.c src/omxmlsec/xml_signature.c test/omxmlsec/test.c
Author: kaushalye
Date: Tue Feb 27 04:55:03 2007
New Revision: 512242
URL: http://svn.apache.org/viewvc?view=rev&rev=512242
Log:
XML Signature in OMXMLSecurity
Modified:
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c?view=diff&rev=512242&r1=512241&r2=512242
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c Tue Feb 27 04:55:03 2007
@@ -32,6 +32,50 @@
#define BUFSIZE 64
+AXIS2_EXTERN int AXIS2_CALL
+openssl_sign(const axis2_env_t *env,
+ oxs_sign_ctx_t *sign_ctx,
+ oxs_buffer_t *input_buf,
+ oxs_buffer_t *output_buf)
+{
+ openssl_pkey_t *open_pkey = NULL;
+ unsigned char sig_buf[4096]; /*Enough for the signature*/
+ unsigned int sig_len;
+ const EVP_MD* digest;
+ EVP_MD_CTX md_ctx;
+ EVP_PKEY* pkey = NULL;
+ int err, ret;
+ /*Get the key*/
+ open_pkey = oxs_sign_ctx_get_private_key(sign_ctx, env);
+ pkey = OPENSSL_PKEY_GET_KEY(open_pkey, env);
+ if(!pkey){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIGN_FAILED,"Cannot load the private key" );
+ }
+
+ /*TODO: Set the digest according to the signature method*/
+ digest = EVP_sha1();
+
+ /*MD Ctx init*/
+ EVP_MD_CTX_init(&md_ctx);
+
+ /*Sign init*/
+ ret = EVP_SignInit(&md_ctx, digest);
+ AXIS2_LOG_INFO(env->log, "[openssl][sig] Signing content %s", OXS_BUFFER_GET_DATA(input_buf, env) );
+ EVP_SignUpdate (&md_ctx, OXS_BUFFER_GET_DATA(input_buf, env), OXS_BUFFER_GET_SIZE(input_buf, env));
+ sig_len = sizeof(sig_buf);
+ err = EVP_SignFinal (&md_ctx,
+ sig_buf,
+ &sig_len,
+ pkey);
+ if (err != 1) {
+ ERR_print_errors_fp (stderr);
+ }
+ /*Fill the output buffer*/
+ OXS_BUFFER_POPULATE(output_buf, env, sig_buf, sig_len);
+
+ return sig_len;
+}
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
openssl_sig_verify(const axis2_env_t *env,
oxs_sign_ctx_t *sign_ctx,
@@ -43,15 +87,17 @@
oxs_x509_cert_t *cert = NULL;
const EVP_MD* digest;
EVP_MD_CTX md_ctx;
- EVP_PKEY* pkey;
+ EVP_PKEY* pkey = NULL;
int ret;
/*Get the publickey*/
cert = oxs_sign_ctx_get_certificate(sign_ctx, env);
open_pubkey = oxs_x509_cert_get_public_key(cert, env);
pkey = OPENSSL_PKEY_GET_KEY(open_pubkey, env);
-
- /*Set the digest according to the signature method*/
+ if(!pkey){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot load the public key" );
+ }
+ /*TODO Set the digest according to the signature method*/
digest = EVP_sha1();
/*Init MD Ctx*/
@@ -90,46 +136,5 @@
return status;
-}
-
-AXIS2_EXTERN int AXIS2_CALL
-openssl_sign(const axis2_env_t *env,
- oxs_sign_ctx_t *sign_ctx,
- oxs_buffer_t *input_buf,
- oxs_buffer_t *output_buf)
-{
- openssl_pkey_t *open_pkey = NULL;
- unsigned char sig_buf[4096]; /*Allocate enough memory dynamically*/
- unsigned int sig_len;
- const EVP_MD* digest;
- EVP_MD_CTX md_ctx;
- EVP_PKEY* pkey;
- int err, ret;
- /*Get the key*/
- open_pkey = oxs_sign_ctx_get_private_key(sign_ctx, env);
- pkey = OPENSSL_PKEY_GET_KEY(open_pkey, env);
-
- /*Set the digest according to the signature method*/
- digest = EVP_sha1();
-
- /*MD Ctx init*/
- EVP_MD_CTX_init(&md_ctx);
-
- /*Sign init*/
- ret = EVP_SignInit(&md_ctx, digest);
-
- EVP_SignUpdate (&md_ctx, OXS_BUFFER_GET_DATA(input_buf, env), OXS_BUFFER_GET_SIZE(input_buf, env));
- sig_len = sizeof(sig_buf);
- err = EVP_SignFinal (&md_ctx,
- sig_buf,
- &sig_len,
- pkey);
- if (err != 1) {
- ERR_print_errors_fp (stderr);
- }
- /*Fill the output buffer*/
- OXS_BUFFER_POPULATE(output_buf, env, sig_buf, sig_len);
-
- return sig_len;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c?view=diff&rev=512242&r1=512241&r2=512242
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c Tue Feb 27 04:55:03 2007
@@ -610,9 +610,11 @@
/*In the final step we Verify*/
status = oxs_sig_verify(env, sign_ctx, content , signature_val);
if(AXIS2_FAILURE == status){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Signature is not valid " );
return AXIS2_FAILURE;
+ }else{
+ return AXIS2_SUCCESS;
}
- return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c?view=diff&rev=512242&r1=512241&r2=512242
==============================================================================
--- webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c (original)
+++ webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c Tue Feb 27 04:55:03 2007
@@ -151,7 +151,7 @@
oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
/*Set the operation*/
- oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
+ oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
sig_node = oxs_axiom_get_first_child_node_by_name(env, tmpl,
OXS_NODE_SIGNATURE, OXS_DSIG_NS, OXS_DS );
@@ -161,7 +161,11 @@
}
/*Verify*/
status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
- status = AXIS2_SUCCESS;
+ if(AXIS2_SUCCESS != status){
+ printf("Signature Failed :-(\n");
+ }else{
+ printf("Signature Verified :-)\n");
+ }
}
return status;
@@ -173,17 +177,7 @@
axis2_char_t *filename = "input.xml";
axis2_char_t *certfile = "rsacert.pem";
axis2_char_t *prvkeyfile = "rsakey.pem";
- axis2_char_t *operation = "S";
-#if 0
- axis2_char_t *signed_result = NULL;
- axiom_node_t *node = NULL;
- oxs_sign_part_t *sign_part = NULL;
- oxs_sign_ctx_t *sign_ctx = NULL;
- oxs_transform_t *tr = NULL;
- axis2_array_list_t *sign_parts = NULL;
- axis2_array_list_t *tr_list = NULL;
- axis2_char_t *id = NULL;
-#endif
+ axis2_char_t *operation = "SIGN";
openssl_pkey_t *prvkey = NULL;
oxs_x509_cert_t *cert = NULL;
@@ -212,49 +206,6 @@
if(!cert){
printf("Cannot load certificate");
}
-#if 0
- /*Sign specific*/
- sign_part = oxs_sign_part_create(env);
- status = AXIS2_FAILURE;
-
- tr_list = axis2_array_list_create(env, 1);
- /*We need C14N transform*/
- tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
- axis2_array_list_add(tr_list, env, tr);
- oxs_sign_part_set_transforms(sign_part, env, tr_list);
-
- /*We need to sign this node add an ID to it*/
- node = axiom_node_get_first_element(tmpl, env);
- id = "Sig-ID-EFG"; /*oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID);*/
- oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS, OXS_ATTR_ID, id);
- status = oxs_sign_part_set_node(sign_part, env,node);
-
-
- sign_parts = axis2_array_list_create(env, 1);
- axis2_array_list_add(sign_parts, env, sign_part);
- sign_ctx = oxs_sign_ctx_create(env);
- if(sign_ctx){
- oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
- oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
- /*Set sig algo*/
- oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
- /*Set C14N method*/
- oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
- /*Set sig parts*/
- oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
- /*Set the operation*/
- oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
- /*Sign*/
- oxs_xml_sig_sign(env, sign_ctx, tmpl);
- }else{
- printf("Sign ctx creation failed");
- }
- signed_result = AXIOM_NODE_TO_STRING(tmpl, env) ;
-
- outf = fopen("result-sign.xml", "wb");
- fwrite(signed_result, 1, AXIS2_STRLEN(signed_result), outf);
- fclose(outf);
-#endif
if(0 == axis2_strcmp(operation, "SIGN")){
sign(env, filename, prvkey, cert);
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org