You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/14 07:20:09 UTC
svn commit: r507411 [3/3] - in /webservices/axis2/trunk/c/rampart: include/
src/core/ src/handlers/ src/secpolicy/builder/ src/secpolicy/model/
src/secpolicy/test-resources/ src/util/
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Tue Feb 13 22:20:06 2007
@@ -44,50 +44,162 @@
#include <axis2_array_list.h>
/*Private functions*/
+static axis2_bool_t
+rampart_shp_validate_qnames(const axis2_env_t *env,
+ axiom_node_t *node)
+
+{
+ axiom_element_t *node_ele = NULL;
+ axis2_qname_t *qname = NULL;
+ axis2_qname_t *node_qname = NULL;
+ axis2_char_t *local_name = NULL;
+
+ AXIS2_ENV_CHECK(env,AXIS2_FALSE);
+
+ node_ele = AXIOM_NODE_GET_DATA_ELEMENT(node, env);
+ if(!node_ele)
+ return AXIS2_FALSE;
+
+ local_name = AXIOM_ELEMENT_GET_LOCALNAME(node_ele,env);
+ if(!local_name)
+ return AXIS2_FALSE;
+
+ if(AXIS2_STRCMP(local_name,RAMPART_SECURITY_TIMESTAMP)==0)
+ qname = axis2_qname_create(env,local_name,RAMPART_WSU_XMLNS,RAMPART_WSU);
+
+ else if(AXIS2_STRCMP(local_name,RAMPART_SECURITY_USERNAMETOKEN)==0)
+ qname = axis2_qname_create(env,local_name,RAMPART_WSSE_XMLNS,RAMPART_WSSE);
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_ENCRYPTED_KEY)==0)
+ qname = axis2_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_ENCRYPTED_DATA)==0)
+ qname = axis2_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_SIGNATURE)==0)
+ return AXIS2_FALSE;
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_BINARY_SECURITY_TOKEN)==0)
+ return AXIS2_FALSE;
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_REFERENCE_LIST)==0)
+ return AXIS2_FALSE;
+
+ else return AXIS2_FALSE;
+
+ if(!qname)
+ return AXIS2_FALSE;
+
+ node_qname = AXIOM_ELEMENT_GET_QNAME(node_ele,env,node);
+
+ if(!node_qname)
+ {
+ AXIS2_QNAME_FREE(qname,env);
+ qname = NULL;
+ return AXIS2_FALSE;
+ }
+
+ if(AXIS2_QNAME_EQUALS(qname,env,node_qname))
+ {
+ AXIS2_QNAME_FREE(qname,env);
+ qname = NULL;
+ return AXIS2_TRUE;
+ }
+ return AXIS2_FALSE;
+}
+
+
+
static axis2_status_t
rampart_shp_process_timestamptoken(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
- axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *ts_node)
+ rampart_context_t *rampart_context,
+ axiom_node_t *sec_node)
{
rampart_timestamp_token_t *timestamp_token = NULL;
axis2_status_t valid_ts = AXIS2_FAILURE;
-
- timestamp_token = rampart_timestamp_token_create(env);
- valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node);
+ axiom_node_t *ts_node = NULL;
- if (valid_ts)
+ ts_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_TIMESTAMP);
+ if(!ts_node)
{
- AXIS2_LOG_INFO(env->log, "[rampart][scp] Validating Timestamp is SUCCESS ");
- return AXIS2_SUCCESS;
+ if(rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is not in the message");
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_SUCCESS;
+ }
+ else if(!rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp should not be in the message.");
+ return AXIS2_FAILURE;
}
- else
+ else
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
+ if(!rampart_shp_validate_qnames(env,ts_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ timestamp_token = rampart_timestamp_token_create(env);
+ valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node);
+
+ if (valid_ts)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][scp] Validating Timestamp is SUCCESS ");
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
return AXIS2_FAILURE;
+ }
}
}
static axis2_status_t
rampart_shp_process_usernametoken(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
- axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *ut_node)
+ rampart_context_t *rampart_context,
+ axiom_node_t *sec_node)
{
rampart_username_token_t *username_token = NULL;
- axiom_soap_header_t *soap_header = NULL;
axis2_status_t valid_user = AXIS2_FAILURE;
+ axiom_node_t *ut_node = NULL;
- soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
-
- username_token = rampart_username_token_create(env);
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
- valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
- msg_ctx, soap_header, actions);
+ ut_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_USERNAMETOKEN);
+ if(!ut_node)
+ {
+ if(rampart_context_is_include_username_token(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token is not in the message");
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_SUCCESS;
+ }
+ else if(!rampart_context_is_include_username_token(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token should not be in the message.");
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ if(!rampart_shp_validate_qnames(env,ut_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+ username_token = rampart_username_token_create(env);
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
+ valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
+ msg_ctx, ut_node, rampart_context);
+ }
if (valid_user)
{
AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken SUCCESS");
@@ -102,7 +214,7 @@
static axis2_status_t
rampart_shp_process_encrypted_key(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
+ rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node,
axiom_node_t *encrypted_key_node)
@@ -113,9 +225,15 @@
axis2_char_t *enc_asym_algo = NULL;
axis2_char_t *dec_key_file = NULL;
axis2_char_t *password = NULL;
+ axis2_char_t *enc_user = NULL;
+ rampart_callback_t *password_callback = NULL;
axis2_status_t status = AXIS2_FAILURE;
oxs_asym_ctx_t *asym_ctx = NULL;
oxs_key_t *decrypted_sym_key = NULL;
+ axis2_char_t *enc_asym_algo_in_pol = NULL;
+ axis2_char_t *enc_sym_algo_in_pol = NULL;
+ pfunc password_function = NULL;
+ void *param = NULL;
int i = 0;
/*Get EncryptedData references */
@@ -134,14 +252,54 @@
/*If the reference list > 0 then We have nodes to decrypt. Next step is to get the encrypted key*/
/*Obtain the session key which is encrypted*/
/*Create an asym_ctx*/
+ /*We should verify the algorithm with policy*/
+ enc_asym_algo_in_pol = rampart_context_get_enc_asym_algo(rampart_context,env);
+ if(!enc_asym_algo_in_pol)
+ return AXIS2_FAILURE;
+
+ if(AXIS2_STRCMP(enc_asym_algo_in_pol,enc_asym_algo)!=0)
+ {
+ AXIS2_LOG_INFO(env->log, "The key is encrypted with the wrong algorithm");
+ return AXIS2_FAILURE;
+ }
+
asym_ctx = oxs_asym_ctx_create(env);
- dec_key_file = RAMPART_ACTIONS_GET_DEC_KEY_FILE(actions, env);
+ dec_key_file = rampart_context_get_decryption_prop_file(rampart_context,env);
+ if(!dec_key_file)
+ {
+ AXIS2_LOG_INFO(env->log, "Decryption Profile is not specified.");
+ return AXIS2_FAILURE;
+ }
/*Get the password to retrieve the key from key store*/
- password = rampart_callback_encuser_password(env, actions, msg_ctx);
+/* password = rampart_callback_encuser_password(env, actions, msg_ctx);*/
+
+ enc_user = rampart_context_get_encryption_user(rampart_context,env);
+
+ if(!enc_user)
+ enc_user = rampart_context_get_user(rampart_context,env);
+
+ if(!enc_user)
+ return AXIS2_FAILURE;
+
+ password_function = rampart_context_get_password_function(rampart_context,env);
+ if(password_function)
+ password = (*password_function)(env,enc_user,param);
+
+ else
+ {
+ password_callback = rampart_context_get_password_callback(rampart_context,env);
+ if(!password_callback)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Password call back module is not specified.");
+ return AXIS2_FAILURE;
+ }
+ password = rampart_callback_password(env, password_callback, enc_user);
+ }
+
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_file_name(asym_ctx, env, dec_key_file);
- oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));
+/* oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));*/
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
oxs_asym_ctx_set_password(asym_ctx, env, password);
@@ -161,15 +319,28 @@
}
/*Alright now we have the key used to encrypt the elements in the reference_list*/
/*Go thru each and every node in the list and decrypt them*/
- for(i=0 ; i < AXIS2_ARRAY_LIST_SIZE(reference_list, env); i++ ){
+
+ /*Before decrypt we should get the symmetric algo from policy.
+ So for each encrypted element we can compare the algo. */
+
+ enc_sym_algo_in_pol = rampart_context_get_enc_sym_algo(rampart_context,env);
+ if(!enc_sym_algo_in_pol)
+ return AXIS2_FAILURE;
+
+ for(i=0 ; i < AXIS2_ARRAY_LIST_SIZE(reference_list, env); i++ )
+ {
axis2_char_t *id = NULL;
axis2_char_t *id2 = NULL;
axiom_node_t *enc_data_node = NULL;
axiom_node_t *envelope_node = NULL;
oxs_ctx_t *ctx = NULL;
axiom_node_t *decrypted_node = NULL;
+ axiom_node_t *mtd_node = NULL;
+ axis2_char_t *sym_algo = NULL;
axiom_soap_body_t *soap_body = NULL;
- /*This need to be called to build the SOAP Body. Not in use but DO NOT remove*/
+
+ /*This need to be done in order to build the soap body.Do not remove.*/
+
soap_body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env);
/*Get the i-th element and decrypt it */
@@ -190,9 +361,28 @@
return AXIS2_FAILURE;
}
/*Create an enc_ctx*/
+ mtd_node = oxs_axiom_get_first_child_node_by_name(env, enc_data_node, OXS_NODE_ENCRYPTION_METHOD, NULL, NULL);
+ if(!mtd_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Node with ID=%s cannot be found", id);
+ /*continue;*/
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Cannot find EncryptionMethod Element", RAMPART_FAULT_IN_ENCRYPTED_DATA, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ sym_algo = oxs_token_get_encryption_method(env, mtd_node);
+ if(!sym_algo)
+ return AXIS2_FAILURE;
+
+ if(AXIS2_STRCMP(sym_algo, enc_sym_algo_in_pol)!=0)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Sym algorithm is mismathced with policy.");
+ return AXIS2_FAILURE;
+ }
+
ctx = oxs_ctx_create(env);
OXS_CTX_SET_KEY(ctx, env, decrypted_sym_key);
-
+
status = oxs_xml_enc_decrypt_node(env, ctx, enc_data_node, &decrypted_node);
if(AXIS2_FAILURE == status){
rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
@@ -218,7 +408,7 @@
return AXIS2_SUCCESS;
}
-
+/*
#ifdef PRE_CHECK
static axis2_status_t
rampart_shp_pre_security_check(const axis2_env_t *env,
@@ -239,18 +429,18 @@
return AXIS2_SUCCESS;
}
- /*Get action items seperated by spaces*/
+
items_list = axis2_tokenize(env, items, ' ');
size = AXIS2_ARRAY_LIST_SIZE(items_list, env);
- /*Iterate thru items*/
+
for (i = 0; i < size; i++)
{
axis2_char_t *item = NULL;
item = AXIS2_ARRAY_LIST_GET(items_list, env, i);
if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item, NULL))){
- /*UT is a MUST. So identify if the UT is available*/
+
int num_of_ut = 0;
num_of_ut = oxs_axiom_get_number_of_children_with_qname(env, sec_node,
RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE);
@@ -261,7 +451,7 @@
return AXIS2_FAILURE;
}
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
- /*TS is a MUST.*/
+
int num_of_ts = 0;
num_of_ts = oxs_axiom_get_number_of_children_with_qname(env, sec_node,
RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE);
@@ -278,8 +468,9 @@
return AXIS2_SUCCESS;
}
#endif
-
+*/
/*Compare security checked results with action items*/
+/*
static axis2_status_t
rampart_shp_post_security_check(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
@@ -297,11 +488,11 @@
return AXIS2_SUCCESS;
}
- /*Get action items seperated by spaces*/
+
items_list = axis2_tokenize(env, items, ' ');
size = AXIS2_ARRAY_LIST_SIZE(items_list, env);
- /*Iterate thru items*/
+
for (i = 0; i < size; i++)
{
axis2_char_t *item = NULL;
@@ -309,7 +500,7 @@
item = AXIS2_ARRAY_LIST_GET(items_list, env, i);
if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item, NULL))){
- /*UT is a MUST. So identify if the UT is available*/
+
result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_CHECKED);
if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
AXIS2_LOG_INFO(env->log, "[rampart][shp] UsernameToken is required. But not available");
@@ -319,7 +510,7 @@
}
result = NULL;
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
- /*TS is a MUST.*/
+
result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_TS_CHECKED);
if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is required. But not available");
@@ -329,7 +520,7 @@
}
result = NULL;
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_ENCRYPT, AXIS2_STRTRIM(env, item, NULL))){
- /*Encryption is a MUST*/
+
result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_ENC_CHECKED);
if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
AXIS2_LOG_INFO(env->log, "[rampart][shp] Encryption is required. But not available");
@@ -339,94 +530,154 @@
}
result = NULL;
}else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_SIGNATURE, AXIS2_STRTRIM(env, item, NULL))){
- /*Signature is a MUST*/
+
}
}
return AXIS2_SUCCESS;
}
-
+*/
/*Public functions*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_shp_process_message(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
+ rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node)
{
axiom_node_t *cur_node = NULL;
- axiom_element_t *cur_ele = NULL;
- axis2_char_t *cur_node_name = NULL;
- axis2_qname_t *cur_qname = NULL;
axis2_status_t status = AXIS2_FAILURE;
/*If certian security elements are expected by the reciever, rampart should check for those */
/*This should be removed once header encryption is introduced. But this pre-check avoids further processing of headers.*/
+/*
#ifdef PRE_CHECK
status = rampart_shp_pre_security_check(env, msg_ctx, actions, soap_envelope, sec_node);
if(AXIS2_FAILURE == status){
return AXIS2_FAILURE;
}
#endif
+*/
+ /*TO DO*/
+ /*There should be method to verify the security header before processing*/
+
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process security header");
- /*Get the first token of the security header element*/
- cur_node = AXIOM_NODE_GET_FIRST_CHILD(sec_node, env);
-
- while(cur_node){
- cur_ele = AXIOM_NODE_GET_DATA_ELEMENT(cur_node, env);
- cur_qname = AXIOM_ELEMENT_GET_QNAME(cur_ele, env, cur_node);
- cur_node_name = AXIS2_QNAME_GET_LOCALPART(cur_qname, env);
-
- /*Check For following types, Username token, EncryptedKey, EncryptedData, ReferenceList, Signature*/
- if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_USERNAMETOKEN) ){
- /*Process UT*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Usernametoken");
- status = rampart_shp_process_usernametoken(env,msg_ctx, actions, soap_envelope, cur_node);
- }else if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_TIMESTAMP)){
- /*Verify TS*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Timestamptoken");
- status = rampart_shp_process_timestamptoken(env,msg_ctx, actions, soap_envelope, cur_node);
- }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_KEY)){
- /*Process EncryptedKey*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
- status = rampart_shp_process_encrypted_key(env,msg_ctx, actions, soap_envelope, sec_node, cur_node);
- }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_DATA)){
- /*Process Encrypteddata*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedData");
- /*TODO We need to support this scenario as well*/
-
- }else if(0 == AXIS2_STRCMP(cur_node_name , OXS_NODE_BINARY_SECURITY_TOKEN)){
- /*Process BinarySecurityToken*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process BinarySecurityToken");
- status = AXIS2_SUCCESS;
- }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_REFERENCE_LIST)){
- /*List is placed Out side of the EncryptedKey*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process ReferenceList");
- }else{
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Unknown token %s", cur_node_name);
- rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN,
- "Invalid security token found", cur_node_name, msg_ctx);
- return AXIS2_FAILURE;
- }
- /*Retuen failure on error*/
- if(AXIS2_FAILURE == status){
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header processing failure");
- return AXIS2_FAILURE;
+ if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_ASYMMETRIC)
+ {
+ if(rampart_context_is_encrypt_before_sign(rampart_context,env))
+ {
+ /*First we should verify signature, When signature is supported.*/
+
+ /*This verification is a quick hack.This should be cganged in the future
+ with a proper verification method before message processing */
+ if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context, soap_envelope, sec_node, cur_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;
+ }
+
}
- /*Proceed to next node*/
- cur_node = AXIOM_NODE_GET_NEXT_SIBLING(cur_node, env);
- }/*End of while*/
-
+ else
+ {
+ /*We should decrypt the message first*/
+ if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context, soap_envelope, sec_node, cur_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;;
+ }
+ /*After decrypting we may verify signature stuff.*/
+ }
+ /*Now we can process timestamp*/
+ status = rampart_shp_process_timestamptoken(env,msg_ctx,rampart_context,sec_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+
+ status = rampart_shp_process_usernametoken(env,msg_ctx,rampart_context,sec_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE ");
+ /*Do the action accordingly*/
+ return AXIS2_SUCCESS;
+
+
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Symmetric binding.");
+ return AXIS2_FAILURE;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_TRANSPORT)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Transport binding.");
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Invalid binding type.");
+ return AXIS2_FAILURE;
+ }
+ /*
status = rampart_shp_post_security_check(env, msg_ctx, actions);
if(AXIS2_FAILURE == status){
AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header doesn't confirms reciever's policy");
return AXIS2_FAILURE;
- }
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE ");
- /*Do the action accordingly*/
- return AXIS2_SUCCESS;
+ }*/
+
}
+
+
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_util.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_util.c Tue Feb 13 22:20:06 2007
@@ -61,7 +61,7 @@
{
AXIS2_LOG_INFO(env->log, "[rampart][rampart_util] Unable to load the module %s. ERROR", module_name);
return NULL;
- }
+ }
return ptr;
}
@@ -74,7 +74,7 @@
axis2_char_t **password)
{
rampart_credentials_status_t cred_status = RAMPART_CREDENTIALS_GENERAL_ERROR;
-
+
cred_status = RAMPART_CREDENTIALS_USERNAME_GET(cred_module, env, msg_ctx, username, password);
return cred_status;
}
@@ -84,7 +84,7 @@
axis2_char_t *cred_module_name)
{
rampart_credentials_t *cred = NULL;
-
+
cred = (rampart_credentials_t*)rampart_load_module(env, cred_module_name);
if (!cred)
{
@@ -95,7 +95,7 @@
return cred;
}
-AXIS2_EXTERN void* AXIS2_CALL
+AXIS2_EXTERN rampart_authn_provider_t* AXIS2_CALL
rampart_load_auth_module(const axis2_env_t *env,
axis2_char_t *auth_module_name)
{
@@ -131,7 +131,7 @@
if(0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI)){
auth_status = RAMPART_AUTHN_PROVIDER_CHECK_PASSWORD_DIGEST(authp, env, msg_ctx, username, nonce, created, password);
}else{
- auth_status = RAMPART_AUTHN_PROVIDER_CHECK_PASSWORD(authp, env, msg_ctx, username, password);
+ auth_status = RAMPART_AUTHN_PROVIDER_CHECK_PASSWORD(authp, env, msg_ctx, username, password);
}
return auth_status;
@@ -151,43 +151,26 @@
}
return cb;
-
+
}
+
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
rampart_callback_password(const axis2_env_t *env,
rampart_callback_t *callback_module,
- const axis2_char_t *username,
- axis2_ctx_t *ctx)
+ const axis2_char_t *username)
{
axis2_char_t *password = NULL;
- axis2_property_t* property = NULL;
void *cb_prop_val= NULL;
- /*Get callback specific property if any from the ctx. This is specially done for PHP folks to send the htpassword file location.
- */
- property = AXIS2_CTX_GET_PROPERTY(ctx, env, RAMPART_CALLBACK_SPECIFIC_PROPERTY, AXIS2_FALSE);
- if (property)
- {
- cb_prop_val = AXIS2_PROPERTY_GET_VALUE(property, env);
- property = NULL;
- }
-
- if (!callback_module)
- {
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Cannot callback password. PWCB module is NULL. ERROR");
- return NULL;
- }
-
/*Get the password thru the callback*/
password = RAMPART_CALLBACK_CALLBACK_PASSWORD(callback_module, env, username, cb_prop_val);
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password taken from the callback module. SUCCESS");
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password taken from the callback module . SUCCESS");
return password;
-
}
-AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
rampart_generate_nonce(const axis2_env_t *env)
{
oxs_buffer_t *buffer = NULL;
@@ -206,7 +189,7 @@
}
-AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
rampart_generate_time(const axis2_env_t *env, int ttl)
{
axis2_date_time_t *dt = NULL;
@@ -218,9 +201,7 @@
return dt_str;
}
-/**
- We expect dt1_str < dt2_str/ Otherwise FAILURE
-*/
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_compare_date_time(const axis2_env_t *env, axis2_char_t *dt1_str, axis2_char_t *dt2_str)
{
@@ -262,7 +243,7 @@
ss2 = AXIS2_DATE_TIME_GET_SECOND(dt2, env);
ml2 = AXIS2_DATE_TIME_GET_MSEC(dt2, env);
/**
- Comparison.
+ Comparison.
We expect dt1_str < dt2_str/ Otherwise FAILURE
*/
if (yyyy1 < yyyy2)
@@ -300,8 +281,7 @@
{
return AXIS2_FAILURE;
}
-
- if (mi1 < mi2)
+ if (mi1 < mi2)
{
return AXIS2_SUCCESS;
}
@@ -326,7 +306,7 @@
else if (ml1 > ml2)
{
return AXIS2_FAILURE;
- }
+ }
/*AXIS2_DATE_TIME_FREE(dt1, env);
AXIS2_DATE_TIME_FREE(dt2, env);*/
@@ -342,3 +322,6 @@
#endif
return AXIS2_SUCCESS;
}
+
+
+
Modified: webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c Tue Feb 13 22:20:06 2007
@@ -53,7 +53,6 @@
axis2_status_t AXIS2_CALL
rampart_timestamp_token_build(rampart_timestamp_token_t *timestamp_token,
const axis2_env_t *env,
- const axis2_ctx_t *ctx,
axiom_node_t *sec_node,
const axiom_namespace_t *sec_ns_obj,
int ttl);
@@ -131,7 +130,6 @@
axis2_status_t AXIS2_CALL
rampart_timestamp_token_build(rampart_timestamp_token_t *timestamp_token,
const axis2_env_t *env,
- const axis2_ctx_t *ctx,
axiom_node_t *sec_node,
const axiom_namespace_t *sec_ns_obj,
int ttl)
Modified: webservices/axis2/trunk/c/rampart/src/util/username_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/username_token.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/username_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/username_token.c Tue Feb 13 22:20:06 2007
@@ -52,16 +52,12 @@
* @param Outflow security parameter
* @return password
*/
-static axis2_char_t*
-rampart_get_password(const axis2_env_t *env,
- axis2_ctx_t *ctx,
- rampart_actions_t *actions);
/** public functions*/
axis2_status_t AXIS2_CALL
rampart_username_token_free(rampart_username_token_t *username_token,
const axis2_env_t *env);
-
+/*
axis2_status_t AXIS2_CALL
rampart_username_token_build(rampart_username_token_t *username_token,
const axis2_env_t *env,
@@ -69,14 +65,23 @@
rampart_actions_t *actions,
axiom_node_t *sec_node,
axiom_namespace_t *sec_ns_obj);
+*/
+
+axis2_status_t AXIS2_CALL
+rampart_username_token_build(rampart_username_token_t *username_token,
+ const axis2_env_t *env,
+ rampart_context_t *rampart_context,
+ axiom_node_t *sec_node,
+ axiom_namespace_t *sec_ns_obj);
+
axis2_status_t AXIS2_CALL
rampart_username_token_validate(rampart_username_token_t *username_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_soap_header_t *soap_header,
- rampart_actions_t *actions);
+ axiom_node_t *ut_node,
+ rampart_context_t *rampart_context);
/************************* End of function headers ****************************/
static void
@@ -89,42 +94,6 @@
}
-static axis2_char_t *
-rampart_get_password(const axis2_env_t *env,
- axis2_ctx_t *ctx,
- rampart_actions_t *actions)
-{
- axis2_char_t *password = NULL;
- axis2_char_t *username = NULL;
- axis2_char_t *pw_callback_module_name = NULL;
-
- /*Check if password is in the context.
- i.e.In any context in the cotext hierarchy starting from msg, op, svc, etc.*/
- password = rampart_get_property_from_ctx(env, ctx, RAMPART_ACTION_PASSWORD);
- if (password)
- {
- return password;
- }
-
- /*TODO: If not in the context, get the password+username from the credentials module*/
-
- /*If not check whether there is a callback class specified*/
- pw_callback_module_name = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
- if (pw_callback_module_name)
- {
- rampart_callback_t *pwcb = NULL;
-
- pwcb = rampart_load_pwcb_module(env, pw_callback_module_name);
- if(!pwcb){
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password callback module %s is NULL", pw_callback_module_name);
- return NULL;
- }
- username = RAMPART_ACTIONS_GET_USER(actions, env);
- password = rampart_callback_password(env, pwcb, username, ctx);
- }
- return password;
-}
-
rampart_username_token_t *AXIS2_CALL
rampart_username_token_create(
const axis2_env_t *env)
@@ -183,8 +152,7 @@
axis2_status_t AXIS2_CALL
rampart_username_token_build(rampart_username_token_t *username_token,
const axis2_env_t *env,
- axis2_ctx_t *ctx,
- rampart_actions_t *actions,
+ rampart_context_t *rampart_context,
axiom_node_t *sec_node,
axiom_namespace_t *sec_ns_obj
)
@@ -200,22 +168,43 @@
axiom_element_t *pw_ele = NULL;
axiom_element_t *nonce_ele = NULL;
axiom_element_t *created_ele = NULL;
- axis2_char_t *username = NULL;
- axis2_char_t *password = NULL;
- axis2_char_t *password_type = NULL;
axiom_namespace_t *wsu_ns_obj = NULL;
axiom_attribute_t *om_attr = NULL;
+ axis2_char_t *password = NULL;
rampart_username_token_impl_t *username_token_impl = NULL;
+ axis2_char_t *username = NULL;
+ rampart_callback_t *password_callback = NULL;
+ axis2_bool_t isdigest = AXIS2_FALSE;
+ pfunc password_function = NULL;
+ void *param = NULL;
+
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
username_token_impl = AXIS2_INTF_TO_IMPL(username_token);
- /*Get values from outflow security*/
+ /*Directly call the password from callback module*/
+
+ username = rampart_context_get_user(rampart_context,env);
+ if(!username)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User is not specified.");
+ return AXIS2_FAILURE;
+ }
+ password_function = rampart_context_get_password_function(rampart_context,env);
+ if(password_function)
+ password = (*password_function)(env,username,param);
- username = RAMPART_ACTIONS_GET_USER(actions, env);
- password_type = RAMPART_ACTIONS_GET_PASSWORD_TYPE(actions, env);
+ else
+ {
+ password_callback = rampart_context_get_password_callback(rampart_context,env);
+ if(!password_callback)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] password callback module is not loaded. ERROR");
+ return AXIS2_FAILURE;
+ }
- password = rampart_get_password(env, ctx, actions);
+ password = rampart_callback_password(env, password_callback,username);
+ }
if (!password)
{
@@ -250,8 +239,10 @@
AXIOM_ELEMENT_SET_NAMESPACE(un_ele, env, sec_ns_obj, un_node);
}
-
- if (0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST))
+ /*From policy we can get this as a bool */
+/* if (0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST))*/
+ isdigest = rampart_context_get_password_type(rampart_context,env);
+ if(isdigest)
{
axis2_char_t *nonce_val = NULL;
axis2_char_t *created_val = NULL;
@@ -348,58 +339,34 @@
rampart_username_token_validate(rampart_username_token_t *username_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_soap_header_t *soap_header,
- rampart_actions_t *actions)
+ axiom_node_t *ut_node,
+ rampart_context_t *rampart_context)
{
- axiom_element_t *sec_ele = NULL;
- axiom_element_t *ut_ele = NULL;
- axiom_node_t *sec_node = NULL;
- axiom_node_t *ut_node = NULL;
axiom_child_element_iterator_t *children = NULL;
axis2_char_t *username = NULL;
axis2_char_t *password = NULL;
axis2_char_t *nonce = NULL;
axis2_char_t *created = NULL;
axis2_char_t *password_type = NULL;
- axis2_char_t *pw_callback_module_name = NULL;
- axis2_char_t *authn_module_name = NULL;
+ rampart_callback_t *password_callback = NULL;
+ rampart_authn_provider_t *authn_provider = NULL;
axis2_char_t *password_from_svr = NULL;
axis2_char_t *password_to_compare = NULL;
axis2_ctx_t *ctx = NULL;
- axis2_qname_t *qname = NULL;
rampart_username_token_impl_t *username_token_impl = NULL;
rampart_authn_provider_status_t auth_status= RAMPART_AUTHN_PROVIDER_GENERAL_ERROR ;
+ axiom_element_t *ut_ele = NULL;
+ pfunc password_function = NULL;
+ void *param = NULL;
+ auth_password_func authenticate_with_password = NULL;
+ auth_digest_func authenticate_with_digest = NULL;
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
username_token_impl = AXIS2_INTF_TO_IMPL(username_token);
- sec_node = rampart_get_security_token(env, msg_ctx, soap_header);
- if (!sec_node)
- {
- AXIS2_LOG_INFO(env->log, " [rampart][rampart_usernametoken] Cannot find security header element");
+ ut_ele = AXIOM_NODE_GET_DATA_ELEMENT(ut_node, env);
+ if(!ut_ele)
return AXIS2_FAILURE;
- }
-
-
- sec_ele = AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env);
- if (!sec_ele)
- {
- return AXIS2_FAILURE;
- }
-
- qname = axis2_qname_create(env,
- RAMPART_SECURITY_USERNAMETOKEN,
- RAMPART_WSSE_XMLNS,
- RAMPART_WSSE);
- if (qname)
- {
- ut_ele = AXIOM_ELEMENT_GET_FIRST_CHILD_WITH_QNAME(sec_ele, env, qname, sec_node, &ut_node);
- if (!ut_ele)
- {
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Cannot find UsernameToken in Security header element...");
- return AXIS2_FAILURE;
- }
- }
/*Check: Any USERNAME_TOKEN MUST NOT have more than one PASSWORD*/
if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, NULL, NULL))
@@ -454,7 +421,24 @@
AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password Type is not specified in the password element");
return AXIS2_FAILURE;
}
-
+ /*Then we must check the password type with policy*/
+ else if(rampart_context_get_password_type(rampart_context,env))
+ {
+ if(0 != AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password Type is Wrong");
+ return AXIS2_FAILURE;
+ }
+
+ }
+ else if(!rampart_context_get_password_type(rampart_context,env))
+ {
+ if(0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password Type is Wrong");
+ return AXIS2_FAILURE;
+ }
+ }
password = AXIOM_ELEMENT_GET_TEXT(element, env, node);
}
@@ -503,14 +487,53 @@
* If authentication module is defined use it.
* Else try the usual approach to get password from the callback and compare
* */
+ /*In both authentication and password callback methods we should first try to
+ *use function pointers. */
/*authn_module_name = "/home/kau/axis2/c/deploy/bin/samples/rampart/authn_provider/libauthn.so";*/
- authn_module_name = RAMPART_ACTIONS_GET_AUTHN_MODULE_NAME(actions, env);
- if(authn_module_name){
- rampart_authn_provider_t *authp = NULL;
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password authentication using AUTH MODULE %s", authn_module_name);
- authp = rampart_load_auth_module(env, authn_module_name);
- auth_status = rampart_authenticate_un_pw(env, authp, username, password, nonce, created, password_type, msg_ctx);
+ if (0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ authenticate_with_digest = rampart_context_get_auth_digest_function(rampart_context,env);
+ if(authenticate_with_digest)
+ {
+ auth_status = authenticate_with_digest(env,username,nonce,created,password);
+ if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User authenticated");
+ rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES);
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", username, auth_status);
+ return AXIS2_FAILURE;
+ }
+ }
+ }
+ else
+ {
+ authenticate_with_password = rampart_context_get_auth_password_function(rampart_context,env);
+ if(authenticate_with_password)
+ {
+ auth_status = authenticate_with_password(env,username,password);
+ if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User authenticated");
+ rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES);
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password is not valid for user %s : status %d", username, auth_status);
+ return AXIS2_FAILURE;
+ }
+ }
+ }
+ authn_provider = rampart_context_get_authn_provider(rampart_context,env);
+ /*printf("AUTHN_MODULE_NAME =%s", authn_module_name);*/
+ if(authn_provider){
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password authentication using AUTH MODULE");
+ auth_status = rampart_authenticate_un_pw(env, authn_provider, username, password, nonce, created, password_type, msg_ctx);
if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status){
AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User authenticated");
rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES);
@@ -521,22 +544,26 @@
}
}else{
- rampart_callback_t *pwcb = NULL;
-
/*Auth module is NULL. Use Callback password*/
- pw_callback_module_name = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
- if(!pw_callback_module_name){
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken] Password callback module is not specified");
- return AXIS2_FAILURE;
- }
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password authentication using CALLBACK MODULE %s", pw_callback_module_name);
- pwcb = rampart_load_pwcb_module(env, pw_callback_module_name);
- if(!pwcb){
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password callback module %s is NULL", pw_callback_module_name);
- return AXIS2_FAILURE;
+ /*First we must check whether the password get function pointer is set.(eg:from php)*/
+ password_function = rampart_context_get_password_function(rampart_context,env);
+ if(password_function)
+ password_from_svr = (*password_function)(env,username,param);
+
+ else
+ {
+ password_callback = rampart_context_get_password_callback(rampart_context,env);
+ if(!password_callback){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken] Password callback module is not specified");
+ return AXIS2_FAILURE;
+ }
+
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password authentication using CALLBACK MODULE ");
+ /*password_from_svr = rampart_callback_password(env, pw_callback_module, username, ctx);*/
+ password_from_svr = rampart_callback_password(env, password_callback, username);
}
- password_from_svr = rampart_callback_password(env, pwcb, username, ctx);
+
if (!password_from_svr)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken] Cannot get the password for user %s", username);
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org