You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by mi...@apache.org on 2008/04/23 10:44:04 UTC
svn commit: r650790 - in /webservices/rampart/scratch/c/pkcs/c:
include/openssl_pkcs12_keystore.h include/oxs_key_mgr.h
include/rampart_callback.h samples/callback/pwcb.c src/omxmlsec/key_mgr.c
src/omxmlsec/openssl/pkcs12_keystore.c
Author: milinda
Date: Wed Apr 23 01:44:03 2008
New Revision: 650790
URL: http://svn.apache.org/viewvc?rev=650790&view=rev
Log:
Improving key manager.
Modified:
webservices/rampart/scratch/c/pkcs/c/include/openssl_pkcs12_keystore.h
webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h
webservices/rampart/scratch/c/pkcs/c/include/rampart_callback.h
webservices/rampart/scratch/c/pkcs/c/samples/callback/pwcb.c
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c
webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c
Modified: webservices/rampart/scratch/c/pkcs/c/include/openssl_pkcs12_keystore.h
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/include/openssl_pkcs12_keystore.h?rev=650790&r1=650789&r2=650790&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/include/openssl_pkcs12_keystore.h (original)
+++ webservices/rampart/scratch/c/pkcs/c/include/openssl_pkcs12_keystore.h Wed Apr 23 01:44:03 2008
@@ -82,6 +82,11 @@
const axutil_env_t *env,
axis2_char_t *ski);
+ AXIS2_EXTERN oxs_x509_cert_t * AXIS2_CALL
+ pkcs12_keystore_get_other_certificate(
+ pkcs12_keystore_t *keystore,
+ const axutil_env_t *env);
+
#ifdef __cplusplus
}
Modified: webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h?rev=650790&r1=650789&r2=650790&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h (original)
+++ webservices/rampart/scratch/c/pkcs/c/include/oxs_key_mgr.h Wed Apr 23 01:44:03 2008
@@ -274,6 +274,11 @@
const axutil_env_t *env,
void *pem_buf);
+ AXIS2_EXTERN pkcs12_keystore_t* AXIS2_CALL
+ oxs_key_mgr_get_key_store(
+ oxs_key_mgr_t *key_mgr,
+ const axutil_env_t *env);
+
/** @} */
#ifdef __cplusplus
}
Modified: webservices/rampart/scratch/c/pkcs/c/include/rampart_callback.h
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/include/rampart_callback.h?rev=650790&r1=650789&r2=650790&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/include/rampart_callback.h (original)
+++ webservices/rampart/scratch/c/pkcs/c/include/rampart_callback.h Wed Apr 23 01:44:03 2008
@@ -30,6 +30,8 @@
extern "C"
{
#endif
+
+ #define RAMPART_PKCS
/**
* Struct to get password using callbacks
@@ -61,7 +63,8 @@
* @param callback rampart callback pointer
* @param env environment must not be null
* @param username The username of the password expected.
- * @param param any parameter that is to be passed to the callback function.
+ * @param param any parameter that is to be passed to the callback function
+ * (Use 'pkcs' string as param when requesting pkcs keystore pssword.).
* @return returns password if any. Otherwise NULL returns
*/
axis2_char_t *(AXIS2_CALL*
@@ -69,7 +72,7 @@
const axutil_env_t *env,
const axis2_char_t *username,
void *param);
-
+
/**
* Free function of the rampart callback
* @param callback rampart callback pointer
Modified: webservices/rampart/scratch/c/pkcs/c/samples/callback/pwcb.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/samples/callback/pwcb.c?rev=650790&r1=650789&r2=650790&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/samples/callback/pwcb.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/samples/callback/pwcb.c Wed Apr 23 01:44:03 2008
@@ -83,6 +83,12 @@
{
pw = "y12345";
}
+ else if (param != NULL &&
+ 0 == axutil_strcmp(username, "Alice") &&
+ 0 == axutil_strcmp((axis2_char_t*)param, RAMPART_PKCS))
+ {
+ pw = "hello";
+ }
else
{
/*Append 12345 for any name not specified above*/
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c?rev=650790&r1=650789&r2=650790&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/key_mgr.c Wed Apr 23 01:44:03 2008
@@ -106,6 +106,14 @@
return AXIS2_SUCCESS;
}
+AXIS2_EXTERN pkcs12_keystore_t* AXIS2_CALL
+oxs_key_mgr_get_key_store(
+ oxs_key_mgr_t *key_mgr,
+ const axutil_env_t *env)
+{
+ return key_mgr->key_store;
+}
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_key_mgr_get_prv_key_password(
oxs_key_mgr_t *key_mgr,
@@ -205,56 +213,39 @@
oxs_x509_cert_t *cert = NULL;
axis2_char_t *certificate_file = NULL;
+
if (key_mgr->certificate)
{
return key_mgr->certificate;
}
- /*key_buf = oxs_key_mgr_get_pem_buf(key_mgr, env);
- if(key_buf)
+
+ certificate_file = oxs_key_mgr_get_certificate_file(key_mgr, env);
+ if(certificate_file)
{
- type = oxs_key_mgr_get_certificate_type(key_mgr, env);
- if(type == AXIS2_KEY_TYPE_PEM)
- {
- cert = oxs_key_mgr_load_x509_cert_from_string(env,
- (axis2_char_t *)key_buf);
- if(!cert)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_signature] Certificate cannot be loaded from the buffer.");
- return NULL;
- }
- else
- {
- return cert;
- }
- }
- else
+ cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
+ if(!cert)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_signature] Key file type unknown.");
+ "[rampart][rampart_signature] Certificate cannot be loaded from the file.");
return NULL;
}
- }
- else
- {*/
- certificate_file = oxs_key_mgr_get_certificate_file(key_mgr, env);
- if(certificate_file)
- {
- cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
- if(!cert)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_signature] Certificate cannot be loaded from the file.");
- return NULL;
- }
- }
- else
+ }else if(oxs_key_mgr_get_key_store(key_mgr, env))
+ {
+ cert = pkcs12_keystore_get_owner_certificate(key_mgr->key_store, env);
+ if(!cert)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_signature] Public key certificate file is not specified.");
+ "[rampart][rampart_signature] Certificate cannot be loaded from the key store.");
return NULL;
}
- /*}*/
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_signature] Public key certificate file is not specified.");
+ return NULL;
+ }
+
key_mgr->certificate = cert;
return key_mgr->certificate;
}
@@ -360,7 +351,14 @@
}
else
{
- oxs_cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, key_mgr->reciever_certificate_file);
+ if(key_mgr->reciever_certificate_file)
+ {
+ oxs_cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, key_mgr->reciever_certificate_file);
+ }
+ else if(key_mgr->key_store)
+ {
+ oxs_cert = pkcs12_keystore_get_other_certificate(key_mgr->key_store, env);
+ }
}
}
return oxs_cert;
Modified: webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c
URL: http://svn.apache.org/viewvc/webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c?rev=650790&r1=650789&r2=650790&view=diff
==============================================================================
--- webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c (original)
+++ webservices/rampart/scratch/c/pkcs/c/src/omxmlsec/openssl/pkcs12_keystore.c Wed Apr 23 01:44:03 2008
@@ -173,11 +173,26 @@
return keystore->pvt_key;
}
-AXIS2_EXTERN oxs_x509_cert_t * AXIS2_CALL pkcs12_keystore_get_owner_certificate(
+AXIS2_EXTERN oxs_x509_cert_t * AXIS2_CALL
+pkcs12_keystore_get_owner_certificate(
pkcs12_keystore_t *keystore,
const axutil_env_t *env)
{
return keystore->cert;
+}
+
+AXIS2_EXTERN oxs_x509_cert_t * AXIS2_CALL
+pkcs12_keystore_get_other_certificate(
+ pkcs12_keystore_t *keystore,
+ const axutil_env_t *env)
+{
+ oxs_x509_cert_t *cert = NULL;
+ if(axutil_array_list_size(keystore->other_certs, env) == 1)
+ {
+ cert = (oxs_x509_cert_t *)axutil_array_list_get(keystore->other_certs, env, 0);
+ }
+
+ return cert;
}
AXIS2_EXTERN oxs_x509_cert_t * AXIS2_CALL pkcs12_keystore_get_certificate_for_issuer_serial(