You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/26 08:01:35 UTC
svn commit: r511740 - in /webservices/axis2/trunk/c/rampart:
include/oxs_sign_ctx.h include/oxs_xml_signature.h
src/omxmlsec/xml_signature.c test/omxmlsec/test.c
Author: kaushalye
Date: Sun Feb 25 23:01:34 2007
New Revision: 511740
URL: http://svn.apache.org/viewvc?view=rev&rev=511740
Log:
Verifying signature parts
Modified:
webservices/axis2/trunk/c/rampart/include/oxs_sign_ctx.h
webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
Modified: webservices/axis2/trunk/c/rampart/include/oxs_sign_ctx.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_sign_ctx.h?view=diff&rev=511740&r1=511739&r2=511740
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_sign_ctx.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_sign_ctx.h Sun Feb 25 23:01:34 2007
@@ -66,6 +66,11 @@
const oxs_sign_ctx_t *sign_ctx,
const axis2_env_t *env);
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+oxs_sign_ctx_get_sig_val(
+ const oxs_sign_ctx_t *sign_ctx,
+ const axis2_env_t *env);
+
AXIS2_EXTERN axis2_array_list_t *AXIS2_CALL
oxs_sign_ctx_get_sign_parts(
const oxs_sign_ctx_t *sign_ctx,
@@ -103,6 +108,12 @@
oxs_sign_ctx_t *sign_ctx,
const axis2_env_t *env,
axis2_char_t *c14n_mtd);
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_sign_ctx_set_sig_val(
+ oxs_sign_ctx_t *sign_ctx,
+ const axis2_env_t *env,
+ axis2_char_t *sig_val);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_sign_ctx_set_sign_parts(
Modified: webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h?view=diff&rev=511740&r1=511739&r2=511740
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h Sun Feb 25 23:01:34 2007
@@ -50,6 +50,15 @@
/**
* Verify
*/
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_verify_sign_part(const axis2_env_t *env,
+ oxs_sign_part_t *sign_part);
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_verify_digests(const axis2_env_t *env,
+ oxs_sign_ctx_t *sign_ctx);
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_sig_verify(const axis2_env_t *env,
oxs_sign_ctx_t *sign_ctx,
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c?view=diff&rev=511740&r1=511739&r2=511740
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c Sun Feb 25 23:01:34 2007
@@ -288,6 +288,9 @@
ref_id = oxs_token_get_ds_reference(env, ref_node);
oxs_sign_part_set_id(sign_part, env, ref_id);
+ /*Remove the # from the id*/
+ ref_id = axis2_string_substring_starting_at(ref_id, 1);
+
/*Find the node refered by this ref_id and set to the sign part*/
reffed_node = oxs_axiom_get_node_by_id(env, scope_node, "wsu:Id", ref_id );
if(reffed_node){
@@ -468,6 +471,56 @@
return AXIS2_SUCCESS;
}
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_verify_sign_part(const axis2_env_t *env,
+ oxs_sign_part_t *sign_part)
+{
+ axis2_char_t *id = NULL;
+ axis2_char_t *digest_mtd = NULL;
+ axis2_char_t *digest_val = NULL;
+ axiom_node_t *node = NULL;
+ axis2_array_list_t *transforms = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ id = oxs_sign_part_get_id(sign_part, env);
+ digest_mtd = oxs_sign_part_get_digest_mtd(sign_part, env);
+ digest_val = oxs_sign_part_get_digest_val(sign_part, env);
+ node = oxs_sign_part_get_node(sign_part, env);
+ transforms = oxs_sign_part_get_transforms(sign_part, env);
+
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] Verifying signature part %s ", id );
+
+ /*Do transforms to the node*/
+
+ /*Make the digest*/
+
+ /*Compare the value*/
+
+ return status;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_verify_digests(const axis2_env_t *env,
+ oxs_sign_ctx_t *sign_ctx)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+ axis2_array_list_t *sign_parts = NULL;
+ int i = 0 ;
+
+ /*Get the sign_part list*/
+ sign_parts = oxs_sign_ctx_get_sign_parts(sign_ctx, env);
+ /*For each and every signature part in sig ctx,*/
+ for (i = 0; i < AXIS2_ARRAY_LIST_SIZE(sign_parts, env); i++){
+ oxs_sign_part_t *sign_part = NULL;
+
+ /*Get ith sign_part*/
+ sign_part = (oxs_sign_part_t*)axis2_array_list_get(sign_parts, env, i);
+ status = oxs_xml_sig_verify_sign_part(env, sign_part);
+ }
+
+ return status;
+}
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_sig_verify(const axis2_env_t *env,
oxs_sign_ctx_t *sign_ctx,
@@ -486,5 +539,9 @@
return AXIS2_FAILURE;
}
/*At this point we have a ready to process signature context. So why wait...? Verify*/
+
+ /*First step is to Verify the integrity of the message by comparing the digest values of each and every reference.*/
+ status = oxs_xml_sig_verify_digests(env, sign_ctx);
+
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c?view=diff&rev=511740&r1=511739&r2=511740
==============================================================================
--- webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c (original)
+++ webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c Sun Feb 25 23:01:34 2007
@@ -72,8 +72,8 @@
axis2_status_t verify(axis2_env_t *env,
axis2_char_t *filename,
- axis2_char_t *certfile,
- axis2_char_t *prvkeyfile
+ openssl_pkey_t *prvkey ,
+ oxs_x509_cert_t *cert
)
{
oxs_sign_ctx_t *sign_ctx = NULL;
@@ -83,22 +83,21 @@
tmpl = load_sample_xml(env , tmpl, filename);
sign_ctx = oxs_sign_ctx_create(env);
if(sign_ctx){
- openssl_pkey_t *prvkey = NULL;
- oxs_x509_cert_t *cert = NULL;
axiom_node_t *sig_node = NULL;
-
+#if 0
/*Set private key*/
prvkey = oxs_key_mgr_load_private_key_from_file(env, prvkeyfile, "");
if(!prvkey){
- printf("Cannot load private key");
+ printf("Verification : Cannot load private key\n");
}
- oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
/*TODO : Set x509 certificate. This is required to set the Key Information in ds:KeyInfo*/
cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certfile);
if(!cert){
- printf("Cannot load certificate");
+ printf("Verification : Cannot load certificate\n");
}
+#endif
+ oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
/*Set the operation*/
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
@@ -106,7 +105,7 @@
sig_node = oxs_axiom_get_first_child_node_by_name(env, tmpl,
OXS_NODE_SIGNATURE, OXS_DSIG_NS, OXS_DS );
if(!sig_node){
- printf("Cannot find ds:Signature node ");
+ printf("Verification : Cannot find ds:Signature node\n");
}
/*Verify*/
status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
@@ -133,6 +132,8 @@
axis2_array_list_t *sign_parts = NULL;
axis2_array_list_t *tr_list = NULL;
axis2_char_t *id = NULL;
+ openssl_pkey_t *prvkey = NULL;
+ oxs_x509_cert_t *cert = NULL;
FILE *outf;
@@ -182,8 +183,6 @@
axis2_array_list_add(sign_parts, env, sign_part);
sign_ctx = oxs_sign_ctx_create(env);
if(sign_ctx){
- openssl_pkey_t *prvkey = NULL;
- oxs_x509_cert_t *cert = NULL;
/*Set private key*/
prvkey = oxs_key_mgr_load_private_key_from_file(env, prvkeyfile, "");
@@ -219,7 +218,7 @@
fclose(outf);
/*****************VERIFY*********************/
- verify(env, signed_filename, prvkeyfile, certfile);
+ verify(env, signed_filename, prvkey, cert);
printf("\nDONE\n");
return 0;
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org