You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ka...@apache.org on 2006/12/08 05:20:27 UTC
svn commit: r483819 - in /webservices/axis2/trunk/c/rampart: include/
samples/callback/ samples/callback/htpasswd_callback/ src/omxmlsec/
src/omxmlsec/openssl/ src/util/
Author: kaushalye
Date: Thu Dec 7 20:20:23 2006
New Revision: 483819
URL: http://svn.apache.org/viewvc?view=rev&rev=483819
Log:
This commit includes
1. Support for using PrivateKeys in PEM format for decryption.
2. Modified Key Manager to support both PKCS12 and PEM formats in reading private keys
3. Automatic determining of the format of the en/decryption file.
4. Using password callbacks to get password for the keystore depending on the encryption user.
Added:
webservices/axis2/trunk/c/rampart/include/openssl_pem.h
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pem.c
Modified:
webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
webservices/axis2/trunk/c/rampart/include/oxs_utility.h
webservices/axis2/trunk/c/rampart/include/rampart_callback.h
webservices/axis2/trunk/c/rampart/include/rampart_util.h
webservices/axis2/trunk/c/rampart/samples/callback/htpasswd_callback/htpwcb.c
webservices/axis2/trunk/c/rampart/samples/callback/pwcb.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/Makefile.am
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c
webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
webservices/axis2/trunk/c/rampart/src/util/rampart_util.c
webservices/axis2/trunk/c/rampart/src/util/username_token.c
Added: webservices/axis2/trunk/c/rampart/include/openssl_pem.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_pem.h?view=auto&rev=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_pem.h (added)
+++ webservices/axis2/trunk/c/rampart/include/openssl_pem.h Thu Dec 7 20:20:23 2006
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <openssl_constants.h>
+#include <openssl_pkey.h>
+#include <axis2_util.h>
+#include <openssl/pkcs12.h>
+#include <oxs_error.h>
+/**
+ * @file openssl_x509.h
+ * @brief Extracts information from a X509 certificate.
+ */
+#ifndef OPENSSL_PEM_H
+#define OPENSSL_PEM_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/** @defgroup
+ * @ingroup
+ * @{
+ */
+
+typedef enum {
+ OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY = 0,
+ OPENSSL_PEM_PKEY_TYPE_PUBLIC_KEY,
+ OPENSSL_PEM_PKEY_TYPE_UNKNOWN
+} openssl_pem_pkey_type_t;
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_pem_read_pkey(const axis2_env_t *env,
+ axis2_char_t *filename,
+ axis2_char_t *password,
+ openssl_pem_pkey_type_t type,
+ EVP_PKEY **pkey);
+
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OPENSSL_PEM_H */
Modified: webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h Thu Dec 7 20:20:23 2006
@@ -41,7 +41,8 @@
*/
typedef enum {
- OXS_ASYM_CTX_FORMAT_PEM=0,
+ OXS_ASYM_CTX_FORMAT_UNKNOWN=0,
+ OXS_ASYM_CTX_FORMAT_PEM,
OXS_ASYM_CTX_FORMAT_PKCS12
}oxs_asym_ctx_format_t;
Modified: webservices/axis2/trunk/c/rampart/include/oxs_utility.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_utility.h?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_utility.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_utility.h Thu Dec 7 20:20:23 2006
@@ -26,6 +26,7 @@
#include <axis2_defines.h>
#include <axis2_env.h>
+#include <oxs_asym_ctx.h>
#ifdef __cplusplus
extern "C"
@@ -38,7 +39,11 @@
oxs_util_generate_id(const axis2_env_t *env,
axis2_char_t *prefix);
-
+/*Given the filename returns the format of the file.
+These formats are defined in asym_ctx.h*/
+AXIS2_EXTERN oxs_asym_ctx_format_t AXIS2_CALL
+oxs_util_get_format_by_file_extension(const axis2_env_t *env,
+ axis2_char_t *file_name);
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/rampart_callback.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_callback.h?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_callback.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_callback.h Thu Dec 7 20:20:23 2006
@@ -51,7 +51,7 @@
/**
* Retuens a password for the given username.
* By providing a function to this function pointer
- * user can write custom password callback midule
+ * user can write custom password callback module
* @param callback rampart callback pointer
* @param env environment must not be null
* @param username The username of the password expected.
Modified: webservices/axis2/trunk/c/rampart/include/rampart_util.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_util.h?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_util.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_util.h Thu Dec 7 20:20:23 2006
@@ -19,6 +19,8 @@
#include <axis2_defines.h>
#include <axis2_date_time.h>
#include <axis2_env.h>
+#include <axis2_property.h>
+#include <axis2_msg_ctx.h>
/**
* @file rampart_util.h
@@ -36,7 +38,14 @@
* @ingroup Rampart_Util
*/
-
+
+
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+rampart_callback_password(const axis2_env_t *env,
+ axis2_char_t *callback_module_name,
+ const axis2_char_t *username,
+ axis2_ctx_t *ctx);
+
/**
* Generates the nonce. Nonce is a base64 encoded random string.
* @return generated nonce
Modified: webservices/axis2/trunk/c/rampart/samples/callback/htpasswd_callback/htpwcb.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/callback/htpasswd_callback/htpwcb.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/callback/htpasswd_callback/htpwcb.c (original)
+++ webservices/axis2/trunk/c/rampart/samples/callback/htpasswd_callback/htpwcb.c Thu Dec 7 20:20:23 2006
@@ -17,7 +17,7 @@
{
axis2_char_t * password = NULL;
FILE *file = NULL;
- /*The default location is the following. But this will be overridden by the property values set in the meg_ctx*/
+ /*The default location is the following. But this will be overridden by the property values set in the msg_ctx*/
axis2_char_t *filename = "/usr/local/apache2/passwd/passwords";
if(param){
Modified: webservices/axis2/trunk/c/rampart/samples/callback/pwcb.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/callback/pwcb.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/callback/pwcb.c (original)
+++ webservices/axis2/trunk/c/rampart/samples/callback/pwcb.c Thu Dec 7 20:20:23 2006
@@ -15,6 +15,7 @@
const axis2_char_t *username,
void *param)
{
+ /*First set pf password are for sample usernames*/
axis2_char_t * pw = NULL;
if (0 == AXIS2_STRCMP(username, "Raigama"))
{
@@ -28,8 +29,28 @@
{
pw = "password";
}
+ /*These are for sample keystores*/
+ else if (0 == AXIS2_STRCMP(username, "a"))
+ {
+ pw = "a12345";
+ }
+ else if (0 == AXIS2_STRCMP(username, "b"))
+ {
+ pw = "b12345";
+ }
+ else if (0 == AXIS2_STRCMP(username, "x"))
+ {
+ pw = "x12345";
+ }
+ else if (0 == AXIS2_STRCMP(username, "y"))
+ {
+ pw = "y12345";
+ }
else
- {}
+ {
+ /*Append 12345 for any name not specified above*/
+ /*sprintf(pw, "%s%s", username, "12345");*/
+ }
return pw;
};
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c Thu Dec 7 20:20:23 2006
@@ -18,6 +18,7 @@
#include <axis2_util.h>
#include <oxs_error.h>
#include <oxs_key_mgr.h>
+#include <openssl_pem.h>
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_key_mgr_load_key(const axis2_env_t *env,
@@ -44,14 +45,31 @@
if(OXS_ASYM_CTX_FORMAT_PEM == oxs_asym_ctx_get_format(ctx, env)){
format = OPENSSL_X509_FORMAT_PEM;
- status = openssl_x509_load_from_pem(env, filename, &cert);
- if(AXIS2_FAILURE == status){
- oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
- "Error reading the certificate");
- return AXIS2_FAILURE;
- }
+ oxs_asym_ctx_operation_t operation ;
+
+ /*First let's check if this is a file containing a certificate*/
+ status = openssl_x509_load_from_pem(env, filename, &cert);
+
+ if((status == AXIS2_FAILURE) || (!cert)){/*>>*/
+ /*If we cannot get the certificate then the file might contain aither a public key or a private key*/
+ /*The type depends on the operation*/
+ operation = oxs_asym_ctx_get_operation(ctx, env);
+
+ if((operation == OXS_ASYM_CTX_OPERATION_PRV_DECRYPT) || (operation == OXS_ASYM_CTX_OPERATION_PRV_ENCRYPT)){
+ status = openssl_pem_read_pkey(env, filename, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
+ if(status == AXIS2_FAILURE){
+ prvkey = NULL;
+ }
+ } else if((operation == OXS_ASYM_CTX_OPERATION_PUB_DECRYPT) || (operation == OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT)){
+ status = openssl_pem_read_pkey(env, filename, password, OPENSSL_PEM_PKEY_TYPE_PUBLIC_KEY, &pubkey);
+ if(status == AXIS2_FAILURE){
+ pubkey = NULL;
+ }
+ }
+ }/*>>*/
}else if(OXS_ASYM_CTX_FORMAT_PKCS12 == oxs_asym_ctx_get_format(ctx, env)){
format = OPENSSL_X509_FORMAT_PKCS12;
+ /*Here we load both key and the certificate*/
status = openssl_x509_load_from_pkcs12(env, filename, password, &cert, &prvkey, &ca);
if(AXIS2_FAILURE == status){
oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
@@ -66,6 +84,15 @@
OPENSSL_PKEY_POPULATE(open_prvkey, env, prvkey, filename, OPENSSL_PKEY_TYPE_PRIVATE_KEY);
oxs_asym_ctx_set_private_key(ctx, env, open_prvkey);
}
+ /*If the public key is available populate*/
+ if(pubkey){
+ /*This scenario is not recommonded. This will be executed iff the file is a public key file in PEM format*/
+ open_pubkey = openssl_pkey_create(env);
+ OPENSSL_PKEY_POPULATE(open_pubkey, env, pubkey, filename, OPENSSL_PKEY_TYPE_PUBLIC_KEY);
+ oxs_cert = oxs_x509_cert_create(env);
+ oxs_x509_cert_set_public_key(oxs_cert, env, open_pubkey);
+ oxs_asym_ctx_set_certificate(ctx, env, oxs_cert);
+ }
/*If the X509 certificate is available, populate oxs_x509_cert*/
if(cert){
@@ -89,6 +116,11 @@
/*Set the x509 certificate to the asym ctx*/
oxs_asym_ctx_set_certificate(ctx, env, oxs_cert);
}
-
+ /*If this fails to get anything return failure*/
+ if((!cert) && (!pubkey) && (!prvkey)){
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error reading the file %s", filename);
+ return AXIS2_FAILURE;
+ }
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/Makefile.am?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/Makefile.am (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/Makefile.am Thu Dec 7 20:20:23 2006
@@ -1,5 +1,5 @@
noinst_LTLIBRARIES = libomopenssl.la
-libomopenssl_la_SOURCES = cipher_ctx.c crypt.c rsa.c pkey.c util.c cipher_property.c digest.c x509.c pkcs12.c
+libomopenssl_la_SOURCES = cipher_ctx.c crypt.c rsa.c pkey.c util.c cipher_property.c digest.c x509.c pkcs12.c pem.c
libomopenssl_la_LIBADD = -lssl\
../../../../util/src/libaxis2_util.la \
Added: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pem.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pem.c?view=auto&rev=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pem.c (added)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pem.c Thu Dec 7 20:20:23 2006
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axis2_util.h>
+#include <openssl_rsa.h>
+#include <openssl/rand.h>
+#include <openssl/evp.h>
+#include <openssl/pem.h>
+#include <openssl/bio.h>
+#include <openssl/rand.h>
+#include <oxs_buffer.h>
+#include <oxs_error.h>
+#include <openssl_pkcs12.h>
+#include <openssl_pem.h>
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_pem_read_pkey(const axis2_env_t *env,
+ axis2_char_t *filename,
+ axis2_char_t *password,
+ openssl_pem_pkey_type_t type,
+ EVP_PKEY **pkey)
+{
+ BIO *bio;
+ int ret;
+
+ bio = BIO_new_file(filename, "rb");
+
+ if(type == OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY){
+ *pkey = PEM_read_bio_PrivateKey(bio, NULL, 0 , password);
+ }else if(type == OPENSSL_PEM_PKEY_TYPE_PUBLIC_KEY){
+ *pkey = PEM_read_bio_PUBKEY(bio, NULL, 0 , password);
+ }else{/*Type unknown*/
+ /*Try to read the prv key first*/
+ *pkey = PEM_read_bio_PrivateKey(bio, NULL, 0 , password);
+ if (!*pkey)
+ {
+ /*If prv key is not found then read the public key*/
+ ret = BIO_reset(bio);
+ *pkey = PEM_read_bio_PUBKEY(bio, NULL, 0 , password);
+ }
+ }
+
+ ret = BIO_reset(bio);
+ ret = BIO_free(bio);
+ bio = NULL;
+ if(!*pkey){
+ return AXIS2_FAILURE;
+ }
+ return AXIS2_SUCCESS;
+}
+
+
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c Thu Dec 7 20:20:23 2006
@@ -92,16 +92,14 @@
if ((in=BIO_new_file(filename,"r")) == NULL)
{
- oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
- "Error reading the file %s", filename);
+ /*oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error reading the file %s", filename);*/
return AXIS2_FAILURE;
}
/*Read certificate*/
PEM_read_bio_X509(in, cert,NULL,NULL);
if(!*cert)
{
- oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
- "Error creating the certificate");
return AXIS2_FAILURE;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/utility.c Thu Dec 7 20:20:23 2006
@@ -18,6 +18,7 @@
#include <axis2_util.h>
#include <oxs_utility.h>
#include <oxs_error.h>
+#include <oxs_asym_ctx.h>
/* Generates an id for an element.
* Specially used in xml encryption and signature references.
@@ -37,3 +38,26 @@
}
+AXIS2_EXTERN oxs_asym_ctx_format_t AXIS2_CALL
+oxs_util_get_format_by_file_extension(const axis2_env_t *env,
+ axis2_char_t *file_name)
+{
+ axis2_char_t *extension = NULL;
+ if(!file_name){
+ return OXS_ASYM_CTX_FORMAT_UNKNOWN;
+ }
+ extension = AXIS2_RINDEX(file_name, '.');
+ if(!extension){
+ /*No extension*/
+ /*Its safe to assume that PEM can be without extension*/
+ return OXS_ASYM_CTX_FORMAT_PEM;
+ }
+ printf("ext %s", extension);
+ if((strcmp(extension, ".pfx") == 0) ){
+ return OXS_ASYM_CTX_FORMAT_PKCS12;
+ }else{
+ /*Its safe to assume that PEM can be in any extensions. e.g. .cert, .cer, .pem*/
+ return OXS_ASYM_CTX_FORMAT_PEM;
+ }
+
+}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c Thu Dec 7 20:20:23 2006
@@ -169,7 +169,8 @@
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
oxs_asym_ctx_set_st_ref_pattern(asym_ctx, env, eki);
/*TODO This should be taken from the configurations*/
- oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PEM);
+ /*oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PEM);*/
+ oxs_asym_ctx_set_format(asym_ctx, env, oxs_util_get_format_by_file_extension(env, certificate_file));
/*Encrypt the session key*/
status = oxs_xml_enc_encrypt_key(env, asym_ctx, sec_node,session_key, id_list);
if(AXIS2_FAILURE == status){
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Thu Dec 7 20:20:23 2006
@@ -21,6 +21,7 @@
#include <rampart_sec_header_processor.h>
#include <rampart_username_token.h>
#include <rampart_timestamp_token.h>
+#include <rampart_util.h>
#include <rampart_handler_util.h>
#include <oxs_ctx.h>
#include <oxs_error.h>
@@ -96,6 +97,38 @@
}
}
+
+static axis2_char_t*
+rampart_shp_callback_keystore_password(const axis2_env_t *env,
+ rampart_actions_t *actions,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ axis2_char_t *enc_user = NULL;
+ axis2_char_t *pw_callback_module = NULL;
+ axis2_char_t *password = NULL;
+ axis2_ctx_t *ctx = NULL;
+
+ enc_user = RAMPART_ACTIONS_GET_ENC_USER(actions, env);
+ pw_callback_module = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
+ if(!pw_callback_module){
+ return NULL;
+ }
+ if(!enc_user){
+ /*If a special enc_user hasn't specified try to get the user.
+ * But it is advisable to use enc_user instead of user.*/
+ enc_user = RAMPART_ACTIONS_GET_USER(actions, env);
+ if(!enc_user){
+ return NULL;
+ }
+ }
+ /*Get axis2_ctx_t. This is for designed specially for PHP*/
+ ctx = AXIS2_MSG_CTX_GET_BASE(msg_ctx, env);
+
+ password = rampart_callback_password(env, pw_callback_module, enc_user, ctx);
+
+ return password;
+}
+
static axis2_status_t
rampart_shp_process_encrypted_key(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
@@ -132,12 +165,14 @@
enc_asym_algo = RAMPART_ACTIONS_GET_ENC_KT_ALGO(actions, env);
certificate_file = RAMPART_ACTIONS_GET_DEC_KEY_FILE(actions, env);
/*Get the password to retrieve the key from key store*/
- password = RAMPART_ACTIONS_GET_ENC_USER(actions, env);
+ password = rampart_shp_callback_keystore_password(env, actions, msg_ctx);
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_file_name(asym_ctx, env, certificate_file);
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
oxs_asym_ctx_set_password(asym_ctx, env, password);
- oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PKCS12);
+
+ /*oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PKCS12);*/
+ oxs_asym_ctx_set_format(asym_ctx, env, oxs_util_get_format_by_file_extension(env, certificate_file));
/*Create an empty key*/
decrypted_sym_key = oxs_key_create(env);
@@ -251,6 +286,9 @@
}
return AXIS2_SUCCESS;
}
+
+
+
/*Public functions*/
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_util.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_util.c Thu Dec 7 20:20:23 2006
@@ -27,6 +27,7 @@
#include <openssl_util.h>
#include <axis2_msg_ctx.h>
#include <rampart_constants.h>
+#include <rampart_callback.h>
/*Calculate the hash of concatenated string of
* nonce, created and the password.
@@ -38,6 +39,58 @@
/*#define PRINTINFO 1 */
+
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+rampart_callback_password(const axis2_env_t *env,
+ axis2_char_t *callback_module_name,
+ const axis2_char_t *username,
+ axis2_ctx_t *ctx)
+{
+ rampart_callback_t* rcb = NULL;
+ axis2_char_t *password = NULL;
+ axis2_dll_desc_t *dll_desc = NULL;
+ void *ptr = NULL;
+ axis2_param_t *impl_info_param = NULL;
+ axis2_property_t* property = NULL;
+ void *cb_prop_val= NULL;
+
+ /*Get callback specific property if any from the ctx. This is specially done for PHP folks to send the hapassword file location.
+ */
+ property = AXIS2_CTX_GET_PROPERTY(ctx, env, RAMPART_CALLBACK_SPECIFIC_PROPERTY, AXIS2_FALSE);
+ if (property)
+ {
+ cb_prop_val = AXIS2_PROPERTY_GET_VALUE(property, env);
+ property = NULL;
+ }
+
+ dll_desc = axis2_dll_desc_create(env);
+ AXIS2_DLL_DESC_SET_NAME(dll_desc, env, callback_module_name);
+ impl_info_param = axis2_param_create(env, NULL, NULL);
+ AXIS2_PARAM_SET_VALUE(impl_info_param, env, dll_desc);
+ axis2_class_loader_init(env);
+ ptr = axis2_class_loader_create_dll(env, impl_info_param);
+
+ /*callback()*/
+ if (!ptr)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Unable to create the pw callback module %s. ERROR", callback_module_name);
+ return NULL;
+ }
+
+ rcb = (rampart_callback_t*)ptr;
+ if (!rcb)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Unable to load the pw callback module %s. ERROR", callback_module_name);
+ return NULL;
+ }
+
+ /*Get the password thru the callback*/
+ password = RAMPART_CALLBACK_CALLBACK_PASSWORD(rcb, env, username, cb_prop_val);
+
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password taken from the callback module %s. SUCCESS", callback_module_name);
+ return password;
+
+}
AXIS2_EXTERN axis2_char_t* AXIS2_CALL rampart_generate_nonce(const axis2_env_t *env)
{
Modified: webservices/axis2/trunk/c/rampart/src/util/username_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/username_token.c?view=diff&rev=483819&r1=483818&r2=483819
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/username_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/username_token.c Thu Dec 7 20:20:23 2006
@@ -54,17 +54,6 @@
rampart_get_password(const axis2_env_t *env,
axis2_ctx_t *ctx,
rampart_actions_t *actions);
-/**
- *
- * @param env pointer to environment struct
- * @param ctx axis2 context
- * @return property value
- */
-static axis2_char_t*
-rampart_username_token_callback_pw(const axis2_env_t *env,
- axis2_char_t *callback_module_name,
- const axis2_char_t *username,
- axis2_ctx_t *ctx);
/** public functions*/
axis2_status_t AXIS2_CALL
@@ -120,61 +109,11 @@
if (pw_callback_module)
{
username = RAMPART_ACTIONS_GET_USER(actions, env);
- password = rampart_username_token_callback_pw(env, pw_callback_module, username, ctx);
+ password = rampart_callback_password(env, pw_callback_module, username, ctx);
}
return password;
}
-
-static axis2_char_t*
-rampart_username_token_callback_pw(const axis2_env_t *env,
- axis2_char_t *callback_module_name,
- const axis2_char_t *username,
- axis2_ctx_t *ctx)
-{
- rampart_callback_t* rcb = NULL;
- axis2_char_t *password = NULL;
- axis2_dll_desc_t *dll_desc = NULL;
- void *ptr = NULL;
- axis2_param_t *impl_info_param = NULL;
- axis2_property_t* property = NULL;
- void *cb_prop_val = NULL;
-
- dll_desc = axis2_dll_desc_create(env);
- AXIS2_DLL_DESC_SET_NAME(dll_desc, env, callback_module_name);
- impl_info_param = axis2_param_create(env, NULL, NULL);
- AXIS2_PARAM_SET_VALUE(impl_info_param, env, dll_desc);
- axis2_class_loader_init(env);
- ptr = axis2_class_loader_create_dll(env, impl_info_param);
-
- /*callback()*/
- if (!ptr)
- {
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Unable to create the pw callback module %s. ERROR", callback_module_name);
- return NULL;
- }
-
- rcb = (rampart_callback_t*)ptr;
- if (!rcb)
- {
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Unable to load the pw callback module %s. ERROR", callback_module_name);
- return NULL;
- }
- /*Get callback specific property if any from the ctx*/
- property = AXIS2_CTX_GET_PROPERTY(ctx, env, RAMPART_CALLBACK_SPECIFIC_PROPERTY, AXIS2_FALSE);
- if (property)
- {
- cb_prop_val = AXIS2_PROPERTY_GET_VALUE(property, env);
- property = NULL;
- }
-
- /*Get the password thru the callback*/
- password = RAMPART_CALLBACK_CALLBACK_PASSWORD(rcb, env, username, cb_prop_val);
-
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password taken from the callback module %s. SUCCESS", callback_module_name);
- return password;
-}
-
rampart_username_token_t *AXIS2_CALL
rampart_username_token_create(
const axis2_env_t *env)
@@ -549,7 +488,7 @@
return AXIS2_FAILURE;
}
- password_from_svr = rampart_username_token_callback_pw(env, pw_callback_module, username, ctx);
+ password_from_svr = rampart_callback_password(env, pw_callback_module, username, ctx);
if (!password_from_svr)
{
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org