You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/14 07:20:09 UTC
svn commit: r507411 [2/3] - in /webservices/axis2/trunk/c/rampart: include/
src/core/ src/handlers/ src/secpolicy/builder/ src/secpolicy/model/
src/secpolicy/test-resources/ src/util/
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c Tue Feb 13 22:20:06 2007
@@ -96,7 +96,6 @@
if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_KEY_IDENTIFIER,node,element))
{
rp_wss11_set_must_support_ref_key_identifier(wss11,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -107,7 +106,6 @@
if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_ISSUER_SERIAL,node,element))
{
rp_wss11_set_must_support_ref_issuer_serial(wss11,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -118,7 +116,6 @@
if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_EXTERNAL_URI,node,element))
{
rp_wss11_set_must_support_ref_external_uri(wss11,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -129,7 +126,6 @@
if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_EMBEDDED_TOKEN,node,element))
{
rp_wss11_set_must_support_ref_embedded_token(wss11,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -140,7 +136,6 @@
if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_THUMBPRINT,node,element))
{
rp_wss11_set_must_support_ref_thumbprint(wss11,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -151,7 +146,6 @@
if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_ENCRYPTED_KEY,node,element))
{
rp_wss11_set_must_support_ref_encryptedkey(wss11,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -162,7 +156,6 @@
if(rp_match_secpolicy_qname(env,RP_REQUIRE_SIGNATURE_CONFIRMATION,node,element))
{
rp_wss11_set_require_signature_confirmation(wss11,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c Tue Feb 13 22:20:06 2007
@@ -126,7 +126,6 @@
if(rp_match_secpolicy_qname(env,RP_REQUIRE_KEY_IDENTIFIRE_REFERENCE,node,element))
{
rp_x509_token_set_require_key_identifier_reference(x509_token,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -137,7 +136,6 @@
if(rp_match_secpolicy_qname(env,RP_REQUIRE_ISSUER_SERIAL_REFERENCE,node,element))
{
rp_x509_token_set_require_issuer_serial_reference(x509_token,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -148,7 +146,6 @@
if(rp_match_secpolicy_qname(env,RP_REQUIRE_EMBEDDED_TOKEN_REFERENCE,node,element))
{
rp_x509_token_set_require_embedded_token_reference(x509_token,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -159,7 +156,6 @@
if(rp_match_secpolicy_qname(env,RP_REQUIRE_THUMBPRINT_REFERENCE,node,element))
{
rp_x509_token_set_require_thumb_print_reference(x509_token,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -170,7 +166,6 @@
if(rp_match_secpolicy_qname(env,RP_REQUIRE_DERIVED_KEYS,node,element))
{
rp_x509_token_set_derivedkeys(x509_token,env,AXIS2_TRUE);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -181,7 +176,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_V1_TOKEN_10,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -192,7 +186,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_V3_TOKEN_10,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -203,7 +196,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKCS7_TOKEN_10,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -214,7 +206,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKI_PATH_V1_TOKEN_10,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -225,7 +216,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_V1_TOKEN_11,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -236,7 +226,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_V3_TOKEN_11,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -247,7 +236,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKCS7_TOKEN_11,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
@@ -258,7 +246,6 @@
if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKI_PATH_V1_TOKEN_11,node,element))
{
rp_x509_token_set_token_version_and_type(x509_token,env,local_name);
- printf("%s\n",local_name);
return AXIS2_SUCCESS;
}
else
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c Tue Feb 13 22:20:06 2007
@@ -126,14 +126,9 @@
{
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error,initiator_token,AXIS2_FAILURE);
- if(!asymmetric_binding->initiator_token)
- {
- return AXIS2_FAILURE;
- }
asymmetric_binding->initiator_token =initiator_token;
-
return AXIS2_SUCCESS;
-
+
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
@@ -144,12 +139,8 @@
{
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error,recipient_token,AXIS2_FAILURE);
- if(!asymmetric_binding->recipient_token)
- {
- return AXIS2_FAILURE;
- }
+
asymmetric_binding->recipient_token = recipient_token;
-
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c Tue Feb 13 22:20:06 2007
@@ -54,16 +54,6 @@
if(header)
{
- if(header->name)
- {
- AXIS2_FREE(env->allocator, header->name);
- header->name = NULL;
- }
- if(header->namespace)
- {
- AXIS2_FREE(env->allocator, header->namespace);
- header->namespace = NULL;
- }
AXIS2_FREE(env->allocator, header);
header = NULL;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c Tue Feb 13 22:20:06 2007
@@ -83,7 +83,6 @@
AXIS2_PARAM_CHECK(env->error,inclusion,AXIS2_FAILURE);
https_token->inclusion = inclusion;
- printf("%s\n",https_token->inclusion);
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c Tue Feb 13 22:20:06 2007
@@ -37,7 +37,7 @@
AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE);
return NULL;
}
- layout->value = RP_LAYOUT_LAX;
+ layout->value = RP_LAYOUT_STRICT;
return layout;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c Tue Feb 13 22:20:06 2007
@@ -24,6 +24,7 @@
axis2_char_t *encryption_user;
axis2_char_t *password_callback_class;
axis2_char_t *authenticate_module;
+ axis2_char_t *password_type;
rp_signature_crypto_t *signature_crypto;
rp_encryption_crypto_t *encryption_crypto;
};
@@ -49,7 +50,7 @@
rampart_config->signature_crypto = NULL;
rampart_config->encryption_crypto = NULL;
rampart_config->authenticate_module = NULL;
-
+ rampart_config->password_type = NULL;
return rampart_config;
}
@@ -168,6 +169,29 @@
rampart_config->authenticate_module = authenticate_module;
return AXIS2_SUCCESS;
}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rp_rampart_config_get_password_type(
+ rp_rampart_config_t *rampart_config,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return rampart_config->password_type;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rp_rampart_config_set_password_type(rp_rampart_config_t *rampart_config,
+ const axis2_env_t *env,
+ axis2_char_t *password_type)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,password_type,AXIS2_FAILURE);
+
+ rampart_config->password_type = password_type;
+ return AXIS2_SUCCESS;
+}
+
AXIS2_EXTERN rp_signature_crypto_t *AXIS2_CALL
rp_rampart_config_get_signature_crypto(
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c Tue Feb 13 22:20:06 2007
@@ -70,7 +70,7 @@
/* Implementations */
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
-rp_username_token_get_inclsion(
+rp_username_token_get_inclusion(
rp_username_token_t *username_token,
const axis2_env_t *env)
{
@@ -89,7 +89,6 @@
AXIS2_PARAM_CHECK(env->error,inclusion,AXIS2_FAILURE);
username_token->inclusion = inclusion;
- printf("%s\n",username_token->inclusion);
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c Tue Feb 13 22:20:06 2007
@@ -25,6 +25,7 @@
axis2_bool_t must_support_ref_issuer_serial;
axis2_bool_t must_support_ref_external_uri;
axis2_bool_t must_support_ref_embedded_token;
+ axis2_bool_t must_support_direct_reference;
};
AXIS2_EXTERN rp_wss10_t *AXIS2_CALL
@@ -46,7 +47,8 @@
wss10->must_support_ref_issuer_serial = AXIS2_FALSE;
wss10->must_support_ref_external_uri = AXIS2_FALSE;
wss10->must_support_ref_embedded_token = AXIS2_FALSE;
-
+ wss10->must_support_direct_reference = AXIS2_TRUE;
+
return wss10;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c Tue Feb 13 22:20:06 2007
@@ -28,6 +28,7 @@
axis2_bool_t must_support_ref_thumbprint;
axis2_bool_t must_support_ref_encryptedkey;
axis2_bool_t require_signature_confirmation;
+ axis2_bool_t must_support_direct_reference;
};
AXIS2_EXTERN rp_wss11_t *AXIS2_CALL
@@ -52,6 +53,8 @@
wss11->must_support_ref_thumbprint = AXIS2_FALSE;
wss11->must_support_ref_encryptedkey = AXIS2_FALSE;
wss11->require_signature_confirmation = AXIS2_FALSE;
+ wss11->must_support_direct_reference = AXIS2_TRUE;
+
return wss11;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c Tue Feb 13 22:20:06 2007
@@ -74,7 +74,7 @@
/* Implementations */
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
-rp_x509_token_get_inclsion(rp_x509_token_t *x509_token,
+rp_x509_token_get_inclusion(rp_x509_token_t *x509_token,
const axis2_env_t *env)
{
AXIS2_ENV_CHECK(env, NULL);
@@ -91,7 +91,6 @@
AXIS2_PARAM_CHECK(env->error,inclusion,AXIS2_FAILURE);
x509_token->inclusion = inclusion;
- printf("%s\n",x509_token->inclusion);
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml (original)
+++ webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml Tue Feb 13 22:20:06 2007
@@ -5,7 +5,7 @@
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
@@ -14,7 +14,7 @@
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
@@ -23,7 +23,7 @@
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
- <sp:Basic256/>
+ <sp:Basic256Rsa15/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
@@ -31,29 +31,35 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
- <sp:IncludeTimestamp/>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
- </sp:AsymmetricBinding>
+ </sp:AsymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
- <sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
- <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
- </sp:SignedParts>
+ </sp:EncryptedParts>
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
- <rampc:user>alice</rampc:user>
- <rampc:encryptionUser>bob</rampc:encryptionUser>
- <rampc:passwordCallbackClass>/home/manjula/axis2/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:passwordCallbackClass>
+ <rampc:user>Gampola</rampc:user>
+ <rampc:encryptionUser>b</rampc:encryptionUser>
+ <rampc:passwordType>Digest</rampc:passwordType>
+ <rampc:passwordCallbackClass>/home/manjula/axis2/scratch/security-policy/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:passwordCallbackClass>
<rampc:signatureCrypto>
<rampc:signaturePropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert</rampc:signaturePropFile>
</rampc:signatureCrypto>
<rampc:encryptionCypto>
- <rampc:encryptionPropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert</rampc:encryptionPropFile>
- <rampc:decryptionPropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/a_store.pfx</rampc:decryptionPropFile>
+ <rampc:encryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/ahome/b_cert.cert</rampc:encryptionPropFile>
+ <rampc:decryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/bhome/b_store.pfx</rampc:decryptionPropFile>
</rampc:encryptionCypto>
</rampc:RampartConfig>
</wsp:All>
Modified: webservices/axis2/trunk/c/rampart/src/util/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/Makefile.am?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/Makefile.am (original)
+++ webservices/axis2/trunk/c/rampart/src/util/Makefile.am Tue Feb 13 22:20:06 2007
@@ -5,7 +5,7 @@
librampart_util_la_SOURCES = rampart_action.c rampart_crypto_util.c \
rampart_util.c rampart_handler_util.c username_token.c timestamp_token.c \
rampart_encryption.c rampart_sec_header_processor.c rampart_sec_processed_result.c \
- rampart_sec_header_builder.c
+ rampart_sec_header_builder.c rampart_context.c rampart_engine.c
librampart_util_la_LIBADD = -lssl \
@@ -15,4 +15,5 @@
INCLUDES = -I$(top_builddir)/include \
-I ../../../include \
-I ../../../util/include \
+ -I ../../../xml_schema/include \
-I ../../../axiom/include
Added: webservices/axis2/trunk/c/rampart/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_context.c?view=auto&rev=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_context.c (added)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_context.c Tue Feb 13 22:20:06 2007
@@ -0,0 +1,1089 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <rampart_context.h>
+#include <rampart_constants.h>
+#include <oxs_axiom.h>
+
+
+
+
+struct rampart_context_t
+{
+ rp_secpolicy_t *secpolicy;
+ rampart_callback_t* password_callback_module;
+ rampart_authn_provider_t *authn_provider;
+
+ /*Function pointers for php extension to assign*/
+ pfunc password_func;
+ auth_password_func authenticate_with_password;
+ auth_digest_func authenticate_with_digest;
+};
+
+
+/*private functions*/
+
+rp_symmetric_asymmetric_binding_commons_t
+*rampart_context_get_symmetric_asymmetric_binding_commons(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env);
+
+rp_binding_commons_t *rampart_context_get_binding_commons(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env);
+
+axis2_bool_t rampart_context_use_username_token(
+ rp_supporting_tokens_t *signed_supporting,
+ const axis2_env_t *env);
+
+axis2_bool_t rampart_context_validate_ut(
+ rp_username_token_t *username_token,
+ const axis2_env_t *env);
+
+rp_supporting_tokens_t
+*rampart_context_get_signed_supporting_from_binding(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env);
+
+axis2_status_t rampart_context_set_nodes_to_encrypt(
+ rp_header_t *header,
+ const axis2_env_t *env,
+ axiom_soap_envelope_t *soap_envelope,
+ axis2_array_list_t *nodes_to_encrypt);
+
+axis2_char_t *AXIS2_CALL
+rampart_context_get_key_identifier_from_wss(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env);
+
+
+
+AXIS2_EXTERN rampart_context_t *AXIS2_CALL
+rampart_context_create(const axis2_env_t *env)
+{
+ rampart_context_t *rampart_context = NULL;
+
+ AXIS2_ENV_CHECK(env, NULL);
+
+ rampart_context = (rampart_context_t *) AXIS2_MALLOC (env->allocator,
+ sizeof (rampart_context_t));
+
+ if(rampart_context == NULL)
+ {
+ AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE);
+ return NULL;
+ }
+ rampart_context->secpolicy = NULL;
+ rampart_context->password_callback_module = NULL;
+ rampart_context->authn_provider = NULL;
+ rampart_context->password_func = NULL;
+ rampart_context->authenticate_with_password = NULL;
+ rampart_context->authenticate_with_digest = NULL;
+
+ return rampart_context;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_free(rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ if(rampart_context)
+ {
+ if(rampart_context->secpolicy)
+ {
+ rp_secpolicy_free(rampart_context->secpolicy,env);
+ rampart_context->secpolicy = NULL;
+ }
+ AXIS2_FREE(env->allocator,rampart_context);
+ rampart_context = NULL;
+ }
+ return AXIS2_SUCCESS;
+}
+
+
+/* Implementations */
+
+AXIS2_EXTERN rp_secpolicy_t *AXIS2_CALL
+rampart_context_get_secpolicy(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return rampart_context->secpolicy;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_secpolicy(rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ rp_secpolicy_t *secpolicy)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,secpolicy,AXIS2_FAILURE);
+
+ rampart_context->secpolicy = secpolicy;
+ return AXIS2_SUCCESS;
+}
+
+
+AXIS2_EXTERN rampart_callback_t *AXIS2_CALL
+rampart_context_get_password_callback(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return rampart_context->password_callback_module;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_password_callback(rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ rampart_callback_t *password_callback_module)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,password_callback_module,AXIS2_FAILURE);
+
+ rampart_context->password_callback_module = password_callback_module;
+ return AXIS2_SUCCESS;
+}
+
+/*This function get the function pointer of the password callback function*/
+
+AXIS2_EXTERN pfunc AXIS2_CALL
+rampart_context_get_password_function(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return rampart_context->password_func;
+}
+
+/*set the password callback function*/
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_password_function(rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ pfunc password_func)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,password_func,AXIS2_FAILURE);
+
+ rampart_context->password_func = password_func;
+ return AXIS2_SUCCESS;
+}
+
+/*The 4 functions below deals with setting and getting authentication
+ *module function pointers */
+
+AXIS2_EXTERN auth_password_func AXIS2_CALL
+rampart_context_get_auth_password_function(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return rampart_context->authenticate_with_password;
+}
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_auth_password_function(rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ auth_password_func authenticate_with_password)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,authenticate_with_password,AXIS2_FAILURE);
+
+ rampart_context->authenticate_with_password = authenticate_with_password;
+ return AXIS2_SUCCESS;
+}
+
+
+
+AXIS2_EXTERN auth_digest_func AXIS2_CALL
+rampart_context_get_auth_digest_function(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return rampart_context->authenticate_with_digest;
+}
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_auth_digest_function(rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ auth_digest_func authenticate_with_digest)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,authenticate_with_digest,AXIS2_FAILURE);
+
+ rampart_context->authenticate_with_digest = authenticate_with_digest;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN rampart_authn_provider_t *AXIS2_CALL
+rampart_context_get_authn_provider(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return rampart_context->authn_provider;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_authn_provider(rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ rampart_authn_provider_t *authn_provider)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,authn_provider,AXIS2_FAILURE);
+
+ rampart_context->authn_provider = authn_provider;
+ return AXIS2_SUCCESS;
+}
+
+
+
+AXIS2_EXTERN int AXIS2_CALL
+rampart_context_get_binding_type(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_property_t *property = NULL;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ property = rp_secpolicy_get_binding(rampart_context->secpolicy,env);
+ if(!property)
+ return -1;
+
+ return rp_property_get_type(property,env);
+}
+
+rp_symmetric_asymmetric_binding_commons_t
+*rampart_context_get_symmetric_asymmetric_binding_commons(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_property_t *property = NULL;
+ property = rp_secpolicy_get_binding(rampart_context->secpolicy,env);
+ if(!property)
+ return NULL;
+
+ if(rp_property_get_type(property,env)==RP_BINDING_ASYMMETRIC)
+ {
+ rp_asymmetric_binding_t *asymmetric_binding = NULL;
+ asymmetric_binding = (rp_asymmetric_binding_t*)rp_property_get_value(property,env);
+ if(!asymmetric_binding)
+ return NULL;
+
+ return rp_asymmetric_binding_get_symmetric_asymmetric_binding_commons(asymmetric_binding,env);
+ }
+ else if(rp_property_get_type(property,env)==RP_BINDING_SYMMETRIC)
+ {
+ rp_symmetric_binding_t *symmetric_binding = NULL;
+ symmetric_binding = (rp_symmetric_binding_t*)rp_property_get_value(property,env);
+ if(!symmetric_binding)
+ return NULL;
+
+ return rp_symmetric_binding_get_symmetric_asymmetric_binding_commons(symmetric_binding,env);
+ }
+ else
+ return NULL;
+}
+
+rp_binding_commons_t
+*rampart_context_get_binding_commons(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_property_t *property = NULL;
+ property = rp_secpolicy_get_binding(rampart_context->secpolicy,env);
+ if(!property)
+ return NULL;
+
+ if(rp_property_get_type(property,env)==RP_BINDING_ASYMMETRIC)
+ {
+ rp_asymmetric_binding_t *asymmetric_binding = NULL;
+ rp_symmetric_asymmetric_binding_commons_t *sym_asym_commons = NULL;
+ asymmetric_binding = (rp_asymmetric_binding_t*)rp_property_get_value(property,env);
+ if(!asymmetric_binding)
+ return NULL;
+
+ sym_asym_commons = rp_asymmetric_binding_get_symmetric_asymmetric_binding_commons(asymmetric_binding,env);
+ if(!sym_asym_commons)
+ return NULL;
+
+ return rp_symmetric_asymmetric_binding_commons_get_binding_commons(sym_asym_commons,env);
+ }
+ else if(rp_property_get_type(property,env)==RP_BINDING_SYMMETRIC)
+ {
+ rp_symmetric_binding_t *symmetric_binding = NULL;
+ rp_symmetric_asymmetric_binding_commons_t *sym_asym_commons = NULL;
+ symmetric_binding = (rp_symmetric_binding_t*)rp_property_get_value(property,env);
+ if(!symmetric_binding)
+ return NULL;
+
+ sym_asym_commons = rp_symmetric_binding_get_symmetric_asymmetric_binding_commons(symmetric_binding,env);
+ if(!sym_asym_commons)
+ return NULL;
+
+ return rp_symmetric_asymmetric_binding_commons_get_binding_commons(sym_asym_commons,env);
+
+ }
+ else if(rp_property_get_type(property,env)==RP_BINDING_TRANSPORT)
+ {
+ rp_transport_binding_t *transport_binding = NULL;
+ transport_binding = (rp_transport_binding_t*)rp_property_get_value(property,env);
+ if(!transport_binding)
+ return NULL;
+
+ return rp_transport_binding_get_binding_commons(transport_binding,env);
+ }
+ else
+ return NULL;
+}
+/*supporting tokens may contain under binding*/
+
+rp_supporting_tokens_t
+*rampart_context_get_signed_supporting_from_binding(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_binding_commons_t *commons = NULL;
+ commons = rampart_context_get_binding_commons(rampart_context,env);
+ if(!commons)
+ return NULL;
+ return rp_binding_commons_get_signed_supporting_tokens(commons,env);
+}
+
+axis2_bool_t
+rampart_context_validate_ut(
+ rp_username_token_t *username_token,
+ const axis2_env_t *env)
+{
+ axis2_char_t *inclusion = NULL;
+ axis2_bool_t bval = AXIS2_FALSE;
+
+ bval = rp_username_token_get_useUTprofile10(username_token,env);
+ if(bval)
+ {
+ inclusion = rp_username_token_get_inclusion(username_token,env);
+ if((AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS)==0)||
+ (AXIS2_STRCMP(inclusion,RP_INCLUDE_ONCE)==0)||
+ (AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS_TO_RECIPIENT)==0))
+ return bval;
+ else
+ bval = AXIS2_FALSE;
+ }
+ return bval;
+}
+
+
+
+axis2_bool_t
+rampart_context_use_username_token(
+ rp_supporting_tokens_t *signed_supporting,
+ const axis2_env_t *env)
+{
+ axis2_array_list_t *array_list = NULL;
+ axis2_bool_t bvalidate = AXIS2_FALSE;
+ array_list = rp_supporting_tokens_get_tokens(signed_supporting,env);
+ if(!array_list)
+ return AXIS2_FALSE;
+
+ else
+ {
+ int i = 0;
+ for (i = 0; i < AXIS2_ARRAY_LIST_SIZE(array_list,env); i++)
+ {
+ rp_property_t *token = NULL;
+ token = (rp_property_t *)
+ AXIS2_ARRAY_LIST_GET(array_list,env, i);
+ if (token)
+ {
+ if(rp_property_get_type(token,env)==RP_TOKEN_USERNAME)
+ {
+ rp_username_token_t *username_token =
+ (rp_username_token_t *)rp_property_get_value(token,env);
+ bvalidate = rampart_context_validate_ut(username_token,env);
+ break;
+ }
+ }
+ }
+ }
+ return bvalidate;
+}
+
+axis2_status_t rampart_context_set_nodes_to_encrypt(
+ rp_header_t *header,
+ const axis2_env_t *env,
+ axiom_soap_envelope_t *soap_envelope,
+ axis2_array_list_t *nodes_to_encrypt)
+{
+ axis2_char_t *namespace = NULL;
+ axis2_char_t *local_name = NULL;
+ axiom_soap_header_t *soap_header = NULL;
+ axiom_node_t *header_node = NULL;
+
+ soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope,env);
+ if(!soap_header)
+ return AXIS2_FAILURE;
+
+ namespace = (axis2_char_t *) rp_header_get_namespace(header,env);
+ if(!namespace)
+ return AXIS2_FAILURE;
+
+ if(AXIS2_STRCMP(namespace,RP_SECURITY_NS)==0)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] We do not encrypt security namespace headers");
+ return AXIS2_FAILURE;
+ }
+
+ local_name = (axis2_char_t*) rp_header_get_name(header,env);
+ if(!local_name)
+ {
+ axis2_array_list_t *soap_header_blocks = NULL;
+ int i = 0;
+ soap_header_blocks = AXIOM_SOAP_HEADER_GET_HEADER_BLOCKS_WITH_NAMESPACE_URI(soap_header,env,namespace);
+ if(!soap_header_blocks)
+ return AXIS2_FAILURE;
+
+ for(i=0 ; i<AXIS2_ARRAY_LIST_SIZE(soap_header_blocks,env); i++)
+ {
+ axiom_soap_header_block_t *header_block = NULL;
+ axiom_node_t *node = NULL;
+ header_block = (axiom_soap_header_block_t *)AXIS2_ARRAY_LIST_GET(soap_header_blocks,env,i);
+ if(header_block)
+ {
+ node = AXIOM_SOAP_HEADER_BLOCK_GET_BASE_NODE(header_block,env);
+ if(node)
+ {
+ AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt,env,node);
+ return AXIS2_SUCCESS;
+ }
+ }
+
+ }
+ }
+ else if(AXIS2_STRCMP(local_name,"Security")==0)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] We do not encrypt %s", local_name);
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ axiom_node_t *ret_node = NULL;
+ header_node = AXIOM_SOAP_HEADER_GET_BASE_NODE(soap_header,env);
+ if(header_node)
+ {
+ ret_node = oxs_axiom_get_node_by_local_name(env,header_node,local_name);
+ if(ret_node)
+ {
+ axiom_element_t *ret_node_ele = NULL;
+ ret_node_ele = (axiom_element_t *)
+ AXIOM_NODE_GET_DATA_ELEMENT(ret_node, env);
+ if(ret_node_ele)
+ {
+ axiom_namespace_t *ns = NULL;
+ axis2_char_t *namespace_uri = NULL;
+ ns = AXIOM_ELEMENT_GET_NAMESPACE(ret_node_ele, env,ret_node);
+ if(ns)
+ {
+ namespace_uri = AXIOM_NAMESPACE_GET_URI(ns, env);
+ if (AXIS2_STRCMP(namespace_uri,namespace) == 0)
+ {
+ AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt,env,ret_node);
+ return AXIS2_SUCCESS;
+ }
+
+ }
+
+ }
+
+ }
+ }
+ }
+ return AXIS2_FAILURE;
+}
+
+rp_algorithmsuite_t *AXIS2_CALL
+rampart_context_get_algorithmsuite(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_binding_commons_t *binding_commons = NULL;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ binding_commons = rampart_context_get_binding_commons(rampart_context,env);
+
+ if(!binding_commons)
+ return AXIS2_FALSE;
+
+ return rp_binding_commons_get_algorithmsuite(binding_commons,env);
+}
+
+axis2_char_t *AXIS2_CALL
+rampart_context_get_key_identifier_from_wss(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_property_t *wss = NULL;
+ axis2_char_t *identifier = NULL;
+
+ wss = rp_secpolicy_get_wss(rampart_context->secpolicy,env);
+ if(!wss)
+ {
+ identifier = RAMPART_STR_DIRECT_REFERENCE;
+ return identifier;
+ }
+
+ if(rp_property_get_type(wss,env)==RP_WSS_WSS10)
+ {
+ rp_wss10_t *wss10 = NULL;
+ wss10 = rp_property_get_value(wss,env);
+ if(!wss10)
+ return NULL;
+
+ if(rp_wss10_get_must_support_ref_key_identifier(wss10,env))
+ identifier = RAMPART_STR_KEY_IDENTIFIER;
+ else if(rp_wss10_get_must_support_ref_issuer_serial(wss10,env))
+ identifier = RAMPART_STR_ISSUER_SERIAL;
+ else if(rp_wss10_get_must_support_ref_external_uri(wss10,env))
+ identifier = RAMPART_STR_EXTERNAL_URI;
+ else if(rp_wss10_get_must_support_ref_embedded_token(wss10,env))
+ identifier = RAMPART_STR_EMBEDDED;
+ else
+ identifier = RAMPART_STR_DIRECT_REFERENCE;
+
+ return identifier;
+ }
+ else if(rp_property_get_type(wss,env)==RP_WSS_WSS11)
+ {
+ rp_wss11_t *wss11 = NULL;
+ wss11 = rp_property_get_value(wss,env);
+ if(!wss11)
+ return NULL;
+
+ if(rp_wss11_get_must_support_ref_key_identifier(wss11,env))
+ identifier = RAMPART_STR_KEY_IDENTIFIER;
+ else if(rp_wss11_get_must_support_ref_issuer_serial(wss11,env))
+ identifier = RAMPART_STR_ISSUER_SERIAL;
+ else if(rp_wss11_get_must_support_ref_external_uri(wss11,env))
+ identifier = RAMPART_STR_EXTERNAL_URI;
+ else if(rp_wss11_get_must_support_ref_embedded_token(wss11,env))
+ identifier = RAMPART_STR_EMBEDDED;
+ else if(rp_wss11_get_must_support_ref_thumbprint(wss11,env))
+ identifier = RAMPART_STR_THUMB_PRINT;
+ else if(rp_wss11_get_must_support_ref_encryptedkey(wss11,env))
+ identifier = RAMPART_STR_ENCRYPTED_KEY;
+ else
+ identifier = RAMPART_STR_DIRECT_REFERENCE;
+
+ return identifier;
+ }
+ else return NULL;
+}
+
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_is_include_timestamp(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_binding_commons_t *binding_commons = NULL;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ binding_commons = rampart_context_get_binding_commons(rampart_context,env);
+
+ if(!binding_commons)
+ return AXIS2_FALSE;
+
+ return rp_binding_commons_get_include_timestamp(binding_commons,env);
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_is_include_username_token(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ /*Username tokens should be in signed supporting tikens.
+ Otherwise no meaning */
+
+ rp_supporting_tokens_t *signed_supporting = NULL;
+
+ /*First we should check in the direct policy members*/
+ signed_supporting = rp_secpolicy_get_signed_supporting_tokens(rampart_context->secpolicy,env);
+ /*If not there then we should ckeck in the binding*/
+ if(!signed_supporting)
+ {
+ signed_supporting = rampart_context_get_signed_supporting_from_binding(rampart_context,env);
+ if(!signed_supporting)
+ return AXIS2_FALSE;
+ }
+ /*Now we have signed supporting tokens*/
+ /*Get the user name token if available and check the validity*/
+ return rampart_context_use_username_token(signed_supporting,env);
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_user(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+
+ rp_rampart_config_t *config = NULL;
+ config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(!config)
+ return NULL;
+
+ return rp_rampart_config_get_user(config,env);
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_password_callback_class(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_rampart_config_t *config = NULL;
+ config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(!config)
+ return NULL;
+
+ return rp_rampart_config_get_password_callback_class(config,env);
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_authn_module_name(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_rampart_config_t *config = NULL;
+ config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(!config)
+ return NULL;
+
+ return rp_rampart_config_get_authenticate_module(config,env);
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_get_password_type(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ axis2_bool_t digest = AXIS2_FALSE;
+ axis2_char_t *type = NULL;
+ rp_rampart_config_t *config = NULL;
+
+ config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(!config)
+ return AXIS2_FALSE;
+
+ type = rp_rampart_config_get_password_type(config,env);
+ if(AXIS2_STRCMP(type,RP_DIGEST)==0)
+ {
+ digest = AXIS2_TRUE;
+ return digest;
+ }
+ else
+ return digest;
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_is_encrypt_before_sign(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ axis2_char_t *protection_order = NULL;
+ rp_symmetric_asymmetric_binding_commons_t *sym_asym_commons = NULL;
+ sym_asym_commons = rampart_context_get_symmetric_asymmetric_binding_commons(rampart_context,env);
+
+ if(!sym_asym_commons)
+ return AXIS2_FALSE;
+ else
+ {
+ protection_order = rp_symmetric_asymmetric_binding_commons_get_protection_order(sym_asym_commons,env);
+ if(!protection_order || AXIS2_STRCMP(protection_order,RP_SIGN_BEFORE_ENCRYPTING)==0)
+ return AXIS2_FALSE;
+
+ else if(AXIS2_STRCMP(protection_order,RP_ENCRYPT_BEFORE_SIGNING)==0)
+ return AXIS2_TRUE;
+ }
+ return AXIS2_FALSE;
+}
+
+/*This method will return all the parts in the soap message
+outside the security header which needs to be encrypted.*/
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_get_nodes_to_encrypt(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ axiom_soap_envelope_t *soap_envelope,
+ axis2_array_list_t *nodes_to_encrypt)
+{
+ rp_signed_encrypted_parts_t *encrypted_parts = NULL;
+ axis2_array_list_t *parts = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ encrypted_parts = rp_secpolicy_get_encrypted_parts(rampart_context->secpolicy,env);
+ if(!encrypted_parts)
+ return AXIS2_FAILURE;
+
+ parts = rp_signed_encrypted_parts_get_headers(encrypted_parts,env);
+ if(!parts || (AXIS2_ARRAY_LIST_SIZE(parts,env)==0))
+ {
+ if(rp_signed_encrypted_parts_get_body(encrypted_parts,env))
+ {
+ axiom_soap_body_t *body = NULL;
+ axiom_node_t *body_node = NULL;
+ axiom_node_t *body_child_node = NULL;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] No encryption parts specified. Using the body.");
+ body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env);
+ body_node = AXIOM_SOAP_BODY_GET_BASE_NODE(body, env);
+ body_child_node = AXIOM_NODE_GET_FIRST_CHILD(body_node, env);
+ AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt, env, body_child_node);
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] Nothing to encrypt");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ int i = 0;
+ for(i=0; i<AXIS2_ARRAY_LIST_SIZE(parts,env); i++)
+ {
+ rp_header_t *header = NULL;
+ header = (rp_header_t *)AXIS2_ARRAY_LIST_GET(parts,env,i);
+ if(header)
+ {
+ status = rampart_context_set_nodes_to_encrypt(header,env,soap_envelope,nodes_to_encrypt);
+ if(status!=AXIS2_FAILURE)
+ return AXIS2_FAILURE;
+ }
+
+ }
+ if(rp_signed_encrypted_parts_get_body(encrypted_parts,env))
+ {
+ axiom_soap_body_t *body = NULL;
+ axiom_node_t *body_node = NULL;
+ axiom_node_t *body_child_node = NULL;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] Including the body the body.");
+ body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env);
+ body_node = AXIOM_SOAP_BODY_GET_BASE_NODE(body, env);
+ body_child_node = AXIOM_NODE_GET_FIRST_CHILD(body_node, env);
+ AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt, env, body_child_node);
+ return AXIS2_SUCCESS;
+ }
+
+ }
+ return AXIS2_FAILURE;
+}
+
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_check_whether_to_encrypt(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_signed_encrypted_parts_t *encrypted_parts = NULL;
+ axis2_array_list_t *parts = NULL;
+
+ encrypted_parts = rp_secpolicy_get_encrypted_parts(rampart_context->secpolicy,env);
+ if(!encrypted_parts)
+ return AXIS2_FALSE;
+
+ parts = rp_signed_encrypted_parts_get_headers(encrypted_parts,env);
+ if(!parts || (AXIS2_ARRAY_LIST_SIZE(parts,env)==0))
+ {
+ if(rp_signed_encrypted_parts_get_body(encrypted_parts,env))
+ return AXIS2_TRUE;
+
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_context]No encryption parts specified Nothing to decrypt");
+ return AXIS2_FALSE;
+ }
+ }
+ return AXIS2_TRUE;
+}
+
+AXIS2_EXTERN rp_property_t *AXIS2_CALL
+rampart_context_get_token(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env,
+ axis2_bool_t for_encryption,
+ axis2_bool_t server_side)
+{
+ rp_property_t *binding = NULL;
+ binding = rp_secpolicy_get_binding(rampart_context->secpolicy,env);
+ if(!binding)
+ return NULL;
+
+ if(rp_property_get_type(binding,env)==RP_BINDING_ASYMMETRIC)
+ {
+ rp_asymmetric_binding_t *asym_binding = NULL;
+ asym_binding = (rp_asymmetric_binding_t *)rp_property_get_value(binding,env);
+ if(asym_binding)
+ {
+ if((for_encryption && server_side) || (!for_encryption && !server_side))
+ {
+ return rp_asymmetric_binding_get_initiator_token(asym_binding,env);
+ }
+ else if((for_encryption && !server_side) || (!for_encryption && server_side))
+ {
+ return rp_asymmetric_binding_get_recipient_token(asym_binding,env);
+ }
+ else return NULL;
+ }
+ else
+ return NULL;
+ }
+ /*In symmetric binding same tokens are used in the client and server sides.*/
+ else if(rp_property_get_type(binding,env)==RP_BINDING_SYMMETRIC)
+ {
+ rp_symmetric_binding_t *sym_binding = NULL;
+ rp_property_t *token = NULL;
+ sym_binding = (rp_symmetric_binding_t *)rp_property_get_value(binding,env);
+ if(sym_binding)
+ {
+ /*First check protection tokens have being specified.*/
+ token = rp_symmetric_binding_get_protection_token(sym_binding,env);
+ if(token)
+ return token;
+
+ else
+ {
+ if(for_encryption)
+ {
+ return rp_symmetric_binding_get_encryption_token(sym_binding,env);
+ }
+ else
+ {
+ return rp_symmetric_binding_get_signature_token(sym_binding,env);
+ }
+ }
+ }
+ else
+ return NULL;
+ }
+ else if(rp_property_get_type(binding,env)==RP_BINDING_TRANSPORT)
+ {
+ rp_transport_binding_t *transport_binding = NULL;
+ transport_binding = (rp_transport_binding_t *)rp_property_get_value(binding,env);
+ if(transport_binding)
+ {
+ return rp_transport_binding_get_transport_token(transport_binding,env);
+ }
+ else return NULL;
+ }
+ else return NULL;
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_check_is_derived_keys(
+ const axis2_env_t *env,
+ rp_property_t *token)
+{
+ if(rp_property_get_type(token,env)==RP_TOKEN_X509)
+ {
+ rp_x509_token_t *x509_token = NULL;
+ x509_token = (rp_x509_token_t *)rp_property_get_value(token,env);
+ return rp_x509_token_get_derivedkeys(x509_token,env);
+ }
+ /*This can be extended when we are supporting other token types.*/
+ else
+ return AXIS2_FALSE;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_enc_sym_algo(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_algorithmsuite_t *algosuite = NULL;
+
+ algosuite = rampart_context_get_algorithmsuite(rampart_context,env);
+ if(algosuite)
+ {
+ return rp_algorithmsuite_get_encryption(algosuite,env);
+ }
+ else
+ return NULL;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_enc_asym_algo(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_algorithmsuite_t *algosuite = NULL;
+
+ algosuite = rampart_context_get_algorithmsuite(rampart_context,env);
+ if(algosuite)
+ {
+ return rp_algorithmsuite_get_asymmetrickeywrap(algosuite,env);
+ }
+ else
+ return NULL;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_encryption_prop_file(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_rampart_config_t *rampart_config = NULL;
+ rp_encryption_crypto_t *enc_crypto = NULL;
+
+ rampart_config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(rampart_config)
+ {
+ enc_crypto = rp_rampart_config_get_encryption_crypto(rampart_config,env);
+ if(enc_crypto)
+ {
+ return rp_encryption_crypto_get_encryption_prop_file(enc_crypto,env);
+ }
+ else
+ return NULL;
+ }
+ else
+ return NULL;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_decryption_prop_file(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_rampart_config_t *rampart_config = NULL;
+ rp_encryption_crypto_t *enc_crypto = NULL;
+
+ rampart_config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(rampart_config)
+ {
+ enc_crypto = rp_rampart_config_get_encryption_crypto(rampart_config,env);
+ if(enc_crypto)
+ {
+ return rp_encryption_crypto_get_decryption_prop_file(enc_crypto,env);
+ }
+ else
+ return NULL;
+ }
+ else
+ return NULL;
+}
+
+
+
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_encryption_user(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_rampart_config_t *config = NULL;
+ config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(!config)
+ return NULL;
+
+ return rp_rampart_config_get_encryption_user(config,env);
+
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_enc_key_identifier(
+ rampart_context_t *rampart_context,
+ rp_property_t *token,
+ axis2_bool_t server_side,
+ const axis2_env_t *env)
+{
+ axis2_char_t *inclusion = NULL;
+ axis2_bool_t include = AXIS2_TRUE;
+ axis2_char_t *identifier = NULL;
+
+ if(rp_property_get_type(token,env)==RP_TOKEN_X509)
+ {
+ rp_x509_token_t *x509_token = NULL;
+ x509_token = (rp_x509_token_t *)rp_property_get_value(token,env);
+ inclusion = rp_x509_token_get_inclusion(x509_token,env);
+
+ if(server_side)
+ include = ((AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS)==0)||
+ (AXIS2_STRCMP(inclusion,RP_INCLUDE_ONCE)==0));
+ else
+ include = ((AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS)==0)||
+ (AXIS2_STRCMP(inclusion,RP_INCLUDE_ONCE)==0)||
+ (AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS_TO_RECIPIENT)==0));
+
+ if(include)
+ {
+ if(rp_x509_token_get_require_key_identifier_reference(x509_token,env))
+ identifier = RAMPART_STR_KEY_IDENTIFIER;
+ else if(rp_x509_token_get_require_issuer_serial_reference(x509_token,env))
+ identifier = RAMPART_STR_ISSUER_SERIAL;
+ else if(rp_x509_token_get_require_embedded_token_reference(x509_token,env))
+ identifier = RAMPART_STR_EMBEDDED;
+ else if(rp_x509_token_get_require_thumb_print_reference(x509_token,env))
+ identifier = RAMPART_STR_THUMB_PRINT;
+ else
+ return rampart_context_get_key_identifier_from_wss(rampart_context,env);
+
+ return identifier;
+ }
+ else return NULL;
+
+ }
+ /*This can be extended when we are supporting other token types.*/
+ else return NULL;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_layout(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_binding_commons_t *binding_commons = NULL;
+ rp_layout_t *layout = NULL;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ binding_commons = rampart_context_get_binding_commons(rampart_context,env);
+
+ if(!binding_commons)
+ return NULL;
+
+ layout = rp_binding_commons_get_layout(binding_commons,env);
+ if(!layout)
+ return RP_LAYOUT_STRICT;
+
+ return rp_layout_get_value(layout,env);
+}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c Tue Feb 13 22:20:06 2007
@@ -46,7 +46,7 @@
**/
/*Private function implementations*/
-
+/*
static axis2_status_t
rampart_enc_get_nodes_to_encrypt(const axis2_env_t *env,
rampart_actions_t *actions,
@@ -55,10 +55,7 @@
{
axis2_char_t *encryption_parts = NULL;
- /*Get encryption parts*/
encryption_parts = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ENCRYPTION_PARTS(actions, env), env);
- /*If no encryption parts are specified use body as default...
- * Well...hmmm.. the child of the body infact*/
if((!encryption_parts) || (0 == AXIS2_STRCMP(encryption_parts, "") || (0 == AXIS2_STRCMP(encryption_parts, "Body")))){
axiom_soap_body_t *body = NULL;
axiom_node_t *body_node = NULL;
@@ -82,12 +79,10 @@
AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] EncryptionParts specified = %s", encryption_parts);
envelope_node = AXIOM_SOAP_ENVELOPE_GET_BASE_NODE(soap_envelope, env);
- /*Tokenize*/
str_list = axis2_tokenize(env, encryption_parts, ' ');
size = AXIS2_ARRAY_LIST_SIZE(str_list, env);
for(i=0 ; i < size ; i++ ){
local_name = AXIS2_ARRAY_LIST_GET(str_list, env, i);
- /*We do not encrypt the security header*/
if(0 == AXIS2_STRCMP(local_name, "Security")){
AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] We do not encrypt %s", local_name);
continue;
@@ -100,7 +95,7 @@
return AXIS2_SUCCESS;
}
-
+*/
@@ -108,7 +103,7 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_enc_encrypt_message(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
+ rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node)
{
@@ -122,14 +117,46 @@
axis2_char_t *password = NULL;
oxs_key_t *session_key = NULL;
oxs_asym_ctx_t *asym_ctx = NULL;
+ axis2_bool_t server_side = AXIS2_FALSE;
+ int token_type = 0;
+ rp_property_t *token = NULL;
+ axis2_char_t *enc_user = NULL;
+ rampart_callback_t *password_callback = NULL;
+ pfunc password_function = NULL;
+ void *param = NULL;
int i = 0;
/*Get nodes to be encrypted*/
- nodes_to_encrypt = axis2_array_list_create(env, 5);
- status = rampart_enc_get_nodes_to_encrypt(env, actions, soap_envelope, nodes_to_encrypt);
+ server_side = axis2_msg_ctx_get_server_side(msg_ctx,env);
+ nodes_to_encrypt = axis2_array_list_create(env,0);
+ status = rampart_context_get_nodes_to_encrypt(rampart_context,env,soap_envelope,nodes_to_encrypt);
+
+ if((status!=AXIS2_SUCCESS)||(AXIS2_ARRAY_LIST_SIZE(nodes_to_encrypt,env)==0))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No parts specified or specified parts can't be found for encryprion.");
+ return AXIS2_SUCCESS;
+ }
+ /*Now we have to check whether a token is specified.*/
+ token = rampart_context_get_token(rampart_context,env,AXIS2_TRUE,server_side);
+ if(!token)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] Encryption Token is not specified");
+ return AXIS2_SUCCESS;
+ }
+ token_type = rp_property_get_type(token,env);
+ if(token_type != RP_TOKEN_X509)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] We only support X509 tokens");
+ return AXIS2_SUCCESS;
+ }
+ if(rampart_context_check_is_derived_keys(env,token))
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] We still do not support derived keys");
+ return AXIS2_FAILURE;
+ }
/*Get the symmetric encryption algorithm*/
- enc_sym_algo = RAMPART_ACTIONS_GET_ENC_SYM_ALGO(actions, env);
+ enc_sym_algo = rampart_context_get_enc_sym_algo(rampart_context,env);
/*If not specified set the default*/
if(!enc_sym_algo || (0 == AXIS2_STRCMP(enc_sym_algo, ""))){
AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No symmetric algorithm is specified for encryption. Using the default");
@@ -176,19 +203,48 @@
}
}
/*Get the asymmetric key encryption algorithm*/
- enc_asym_algo = RAMPART_ACTIONS_GET_ENC_KT_ALGO(actions, env);
+ enc_asym_algo = rampart_context_get_enc_asym_algo(rampart_context,env);
/*Get the certificate file name*/
- certificate_file = RAMPART_ACTIONS_GET_ENC_KEY_FILE(actions, env);
+ certificate_file = rampart_context_get_encryption_prop_file(rampart_context,env);
+
+
/*Get the password to retrieve the key from key store*/
- password = rampart_callback_encuser_password(env, actions, msg_ctx);
+ enc_user = rampart_context_get_encryption_user(rampart_context,env);
+
+ if(!enc_user)
+ enc_user = rampart_context_get_user(rampart_context,env);
+
+ if(!enc_user)
+ return AXIS2_FAILURE;
+
+ password_function = rampart_context_get_password_function(rampart_context,env);
+ if(password_function)
+ password = (*password_function)(env,enc_user,param);
+
+ else
+ {
+ password_callback = rampart_context_get_password_callback(rampart_context,env);
+ if(!password_callback)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Password call back module is not loaded.");
+ return AXIS2_FAILURE;
+ }
+ password = rampart_callback_password(env, password_callback, enc_user);
+ }
+/* password = rampart_callback_encuser_password(env, actions, msg_ctx);*/
/*Get encryption key identifier*/
- eki = RAMPART_ACTIONS_GET_ENC_KEY_IDENTIFIER(actions, env);
+ eki = rampart_context_get_enc_key_identifier(rampart_context,token,server_side,env);
+ if(!eki)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] The token is not needed for inclusion.");
+ return AXIS2_SUCCESS;
+ }
/*Create asymmetric encryption context*/
asym_ctx = oxs_asym_ctx_create(env);
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_file_name(asym_ctx, env, certificate_file);
- oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));
+/* oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));*/
oxs_asym_ctx_set_password(asym_ctx, env, password);
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
oxs_asym_ctx_set_st_ref_pattern(asym_ctx, env, eki);
Added: webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c?view=auto&rev=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c (added)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c Tue Feb 13 22:20:06 2007
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ *
+ */
+
+#include <rampart_engine.h>
+
+/*This method sets all the configurations
+ loads required modules and start rampart.*/
+
+
+AXIS2_EXTERN rampart_context_t* AXIS2_CALL
+rampart_engine_init(const axis2_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *x_flow_policy)
+{
+
+ axis2_char_t *file_name = NULL;
+ rampart_context_t *rampart_context = NULL;
+ rp_secpolicy_t *secpolicy = NULL;
+ rampart_callback_t* password_callback_module = NULL;
+ rampart_authn_provider_t *authn_provider = NULL;
+ axis2_char_t *pwcb_module_name = NULL;
+ axis2_char_t *authn_provider_name = NULL;
+
+ file_name = rampart_get_policy_location(env,msg_ctx,x_flow_policy);
+ if(!file_name)
+ {
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_Engine] No Security in the flow. So nothing to do");
+ return NULL;
+ }
+
+ secpolicy = rp_policy_create_from_file(env,file_name);
+
+ if(!secpolicy)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine] Cannot get policy" );
+ /*No policy so we cant proceed.*/
+ return NULL;
+ }
+ rampart_context = rampart_context_create(env);
+
+ if(!rampart_context)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine] Cannot get Rampart Context " );
+ /*No policy so we cant proceed.*/
+ return NULL;
+ }
+
+ rampart_context_set_secpolicy(rampart_context,env,secpolicy);
+
+ pwcb_module_name = rampart_context_get_password_callback_class(rampart_context,env);
+
+ if(pwcb_module_name)
+ {
+ password_callback_module = rampart_load_pwcb_module(env,pwcb_module_name);
+ if(password_callback_module)
+ rampart_context_set_password_callback(rampart_context,env,password_callback_module);
+ }
+ authn_provider_name = rampart_context_get_authn_module_name(rampart_context,env);
+
+ if(authn_provider_name)
+ {
+ authn_provider = rampart_load_auth_module(env,authn_provider_name);
+ if(authn_provider)
+ rampart_context_set_authn_provider(rampart_context,env,authn_provider);
+ }
+ return rampart_context;
+}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c Tue Feb 13 22:20:06 2007
@@ -72,6 +72,11 @@
axis2_msg_ctx_t *msg_ctx,
axiom_node_t *sec_node);
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_get_policy_location(const axis2_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *param_name);
+
/**********************end of header functions ****************************/
axis2_char_t* AXIS2_CALL
@@ -80,10 +85,9 @@
axis2_msg_ctx_t *msg_ctx)
{
axis2_char_t *enc_user = NULL;
- axis2_char_t *pw_callback_module_name = NULL;
+ axis2_char_t *pw_callback_module = NULL;
axis2_char_t *password = NULL;
axis2_ctx_t *ctx = NULL;
- rampart_callback_t *pwcb = NULL;
/*Check if encUserPassword is in the context. This is designed specially for PHP
i.e.In any context in the context hierarchy starting from msg, op, svc, etc.*/
@@ -96,8 +100,8 @@
/*If not found then callback the password*/
enc_user = RAMPART_ACTIONS_GET_ENC_USER(actions, env);
- pw_callback_module_name = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
- if(!pw_callback_module_name){
+ pw_callback_module = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
+ if(!pw_callback_module){
return NULL;
}
if(!enc_user){
@@ -109,18 +113,13 @@
}
}
/*Get axis2_ctx_t. This is designed specially for PHP*/
- pwcb = rampart_load_pwcb_module(env, pw_callback_module_name);
- if(!pwcb){
- AXIS2_LOG_INFO(env->log, "[rampart][rhu] Password callback module %s is NULL", pw_callback_module_name);
- return NULL;
- }else{
- password = rampart_callback_password(env, pwcb, enc_user, ctx);
- }
+
+/* password = rampart_callback_password(env, pw_callback_module, enc_user, ctx);*/
+/* password = rampart_callback_password(env, pw_callback_module, enc_user);*/
return password;
}
-
axis2_char_t* AXIS2_CALL
rampart_get_property_from_ctx(const axis2_env_t *env,
axis2_ctx_t *ctx,
@@ -320,5 +319,28 @@
}
return AXIS2_SUCCESS;
+}
+
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_get_policy_location(const axis2_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *param_name)
+
+{
+ axis2_param_t *param_x_flow_security = NULL;
+ axis2_char_t *value = NULL;
+
+ param_x_flow_security = rampart_get_security_param(env, msg_ctx,
+ param_name);
+
+ if (!param_x_flow_security)
+ {
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_handler_utils] some error in the configurations");
+ return NULL;
+ }
+ value = AXIS2_PARAM_GET_VALUE(param_x_flow_security, env);
+ return value;
}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c Tue Feb 13 22:20:06 2007
@@ -17,7 +17,6 @@
#include <stdio.h>
#include <rampart_encryption.h>
-#include <rampart_action.h>
#include <rampart_constants.h>
#include <rampart_sec_header_builder.h>
#include <rampart_username_token.h>
@@ -48,17 +47,158 @@
/*Public functions*/
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_shb_build_message(const axis2_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_soap_envelope_t *soap_envelope)
+{
+
+ axis2_status_t status = AXIS2_FAILURE;
+ axiom_soap_header_t *soap_header = NULL;
+ axiom_node_t *soap_header_node = NULL;
+ axiom_element_t *soap_header_ele = NULL;
+ axiom_soap_header_block_t *sec_header_block = NULL;
+ axiom_namespace_t *sec_ns_obj = NULL;
+ axiom_node_t *sec_node = NULL;
+ axiom_element_t *sec_ele = NULL;
+
+ AXIS2_ENV_CHECK(env,AXIS2_FAILURE);
+ soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
+ soap_header_node = AXIOM_SOAP_HEADER_GET_BASE_NODE(soap_header, env);
+ soap_header_ele = (axiom_element_t *)AXIOM_NODE_GET_DATA_ELEMENT(
+ soap_header_node, env);
+
+
+ sec_ns_obj = axiom_namespace_create(env, RAMPART_WSSE_XMLNS,
+ RAMPART_WSSE);
+
+ sec_header_block = AXIOM_SOAP_HEADER_ADD_HEADER_BLOCK(soap_header,
+ env, RAMPART_SECURITY, sec_ns_obj);
+
+ if(!sec_header_block)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Security header block is NULL");
+ return AXIS2_SUCCESS;
+ }
+
+ AXIOM_SOAP_HEADER_BLOCK_SET_MUST_UNDERSTAND_WITH_BOOL(sec_header_block,
+ env, AXIS2_TRUE);
+
+ sec_node = AXIOM_SOAP_HEADER_BLOCK_GET_BASE_NODE(sec_header_block, env);
+ sec_ele = (axiom_element_t *)
+ AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env);
+
+ /*check the binding*/
+ if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_ASYMMETRIC)
+ {
+ /*Do Asymmetric Binding specific things*/
+
+ /*Timestamp Inclusion*/
+ if(rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ rampart_timestamp_token_t *timestamp_token = NULL;
+ int ttl = -1;
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] building Timestamp Token");
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Using default timeToLive value %d",
+ RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE);
+ ttl = RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE;
+
+ timestamp_token = rampart_timestamp_token_create(env);
+ status = RAMPART_TIMESTAMP_TOKEN_BUILD(timestamp_token, env,
+ sec_node, sec_ns_obj, ttl);
+ if (status == AXIS2_FAILURE)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Timestamp Token build failed. ERROR");
+ return AXIS2_FAILURE;
+ }
+ }
+
+ /*Check whether we need username token*/
+ /*User name tokens includes in messages sent from client to server*/
+ if(!axis2_msg_ctx_get_server_side(msg_ctx,env))
+ {
+ if(rampart_context_is_include_username_token(rampart_context,env))
+ {
+ rampart_username_token_t *username_token = NULL;
+
+ username_token = rampart_username_token_create(env);
+ /*Now we are passing rampart_context here so inside this method user can
+ relevant parameters are extracted. */
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] building UsernmaeToken");
+ status = RAMPART_USERNAME_TOKEN_BUILD(username_token,
+ env,
+ rampart_context,
+ sec_node,
+ sec_ns_obj);
+ if (status == AXIS2_FAILURE)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] UsernmaeToken build failed. ERROR");
+ return AXIS2_FAILURE;
+ }
+ }
+ }
+ /*Check the encryption and signature order*/
+ if(rampart_context_is_encrypt_before_sign(rampart_context,env))
+ {
+ /*Check what are the parts to encrypt and send them to the encrypt method*/
+ status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(!status)
+ return AXIS2_FAILURE;
+
+
+ /*Then do signature specific things*/
+ /*Then Handle Supporting token stuff */
+ }
+ else
+ {
+ /*First do signature specific stuff*/
+
+ /*Then Handle Encryption stuff*/
+
+ status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(!status)
+ return AXIS2_FAILURE;
+
+ }
+
+ return AXIS2_SUCCESS;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC)
+ {
+ /*Do Symmetric_binding specific things*/
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Symmetric Binding. We do not support yet");
+ return AXIS2_FAILURE;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_TRANSPORT)
+ {
+ /*Do Transport Binding specific things */
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Transport Binding. We do not support yet");
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_FAILURE;
+ /*Timestamp Inclusion*/
+
+ /*username Token inclusion*/
+
+ /*check the protection order*/
+
+
+}
+/*
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_shb_build_message(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
+ rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope)
{
axis2_status_t status = AXIS2_FAILURE;
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
- /*We need a SOAP envelope.*/
if(soap_envelope){
axis2_ctx_t *ctx = NULL;
axiom_soap_header_t *soap_header = NULL;
@@ -68,7 +208,6 @@
axiom_soap_header_block_t *sec_header_block = NULL;
axiom_namespace_t *sec_ns_obj = NULL;
- /*We are checking for the soap header element*/
soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
soap_header_node = AXIOM_SOAP_HEADER_GET_BASE_NODE(soap_header, env);
soap_header_ele = (axiom_element_t *)AXIOM_NODE_GET_DATA_ELEMENT(
@@ -89,7 +228,6 @@
sec_header_block = AXIOM_SOAP_HEADER_ADD_HEADER_BLOCK(soap_header,
env, RAMPART_SECURITY, sec_ns_obj);
- /*Set mustUnderstand=1*/
AXIOM_SOAP_HEADER_BLOCK_SET_MUST_UNDERSTAND_WITH_BOOL(sec_header_block,
env, AXIS2_TRUE);
@@ -105,7 +243,6 @@
sec_ele = (axiom_element_t *)
AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env);
- /*Get action items seperated by spaces*/
string_list = axis2_tokenize(env, items, ' ');
if (string_list)
{
@@ -113,11 +250,9 @@
}
ctx = AXIS2_MSG_CTX_GET_BASE(msg_ctx, env);
- /*Iterate thru items. Eg. Usernmaetoken, Timestamp, Encrypt, Signature*/
for (i = 0; i < size; i++)
{
item = AXIS2_ARRAY_LIST_GET(string_list, env, i);
- /*Username token*/
if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN ,
AXIS2_STRTRIM(env, item, NULL)))
{
@@ -136,8 +271,6 @@
AXIS2_LOG_INFO(env->log, "[rampart][shb] UsernmaeToken build failed. ERROR");
return AXIS2_FAILURE;
}
- /*TODO free*/
- /*Timestamp token*/
}
else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP,
AXIS2_STRTRIM(env, item, NULL)))
@@ -148,7 +281,6 @@
AXIS2_LOG_INFO(env->log, "[rampart][shb] building Timestamp Token");
ttl_str = RAMPART_ACTIONS_GET_TIME_TO_LIVE(actions, env);
- /*Check for the ttl. If not specified use the default*/
if(!ttl_str){
AXIS2_LOG_INFO(env->log, "[rampart][shb] Using default timeToLive value %d",
RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE);
@@ -164,7 +296,6 @@
AXIS2_LOG_INFO(env->log, "[rampart][shb] Timestamp Token build failed. ERROR");
return AXIS2_FAILURE;
}
- /*Encrypt*/
}
else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_ENCRYPT,
AXIS2_STRTRIM(env, item, NULL)))
@@ -178,31 +309,29 @@
return AXIS2_FAILURE;
}
- /*Signature*/
}
else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_SIGNATURE,
AXIS2_STRTRIM(env, item, NULL)))
{
AXIS2_LOG_INFO(env->log, "[rampart][shb] Signing message. We do not support yet");
- /*Any other type of action*/
}
else
{
AXIS2_LOG_INFO(env->log, "[rampart][shb] We do not support %s item yet" , item);
}
- }/*End of for*/
+ }
}
else
{
AXIS2_LOG_INFO(env->log, "[rampart][shb] Security header block is NULL");
}
- }else{/*No SOAP message*/
+ }else{
return AXIS2_FAILURE;
}
return AXIS2_SUCCESS;
}
-
+*/
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org