You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/13 10:22:09 UTC
svn commit: r506920 - in /webservices/axis2/trunk/c/rampart:
include/oxs_key_mgr.h include/oxs_signature.h src/omxmlsec/key_mgr.c
src/omxmlsec/openssl/rsa.c src/omxmlsec/signature.c test/omxmlsec/test.c
Author: kaushalye
Date: Tue Feb 13 01:22:07 2007
New Revision: 506920
URL: http://svn.apache.org/viewvc?view=rev&rev=506920
Log:
Introducing new functionalities to Key Manager.
Implementing XML-Signature.
Modified:
webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h
webservices/axis2/trunk/c/rampart/include/oxs_signature.h
webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c
webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
Modified: webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h?view=diff&rev=506920&r1=506919&r2=506920
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_key_mgr.h Tue Feb 13 01:22:07 2007
@@ -51,6 +51,15 @@
oxs_asym_ctx_t *ctx,
axis2_char_t *password);
+AXIS2_EXTERN openssl_pkey_t* AXIS2_CALL
+oxs_key_mgr_load_private_key_from_string(const axis2_env_t *env,
+ axis2_char_t *string_buffer, /*in PEM format*/
+ axis2_char_t *password);
+
+AXIS2_EXTERN openssl_pkey_t* AXIS2_CALL
+oxs_key_mgr_load_private_key_from_file(const axis2_env_t *env,
+ axis2_char_t *file_name,
+ axis2_char_t *password);
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_signature.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_signature.h?view=diff&rev=506920&r1=506919&r2=506920
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_signature.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_signature.h Tue Feb 13 01:22:07 2007
@@ -36,6 +36,13 @@
extern "C"
{
#endif
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_sig_sign_rsa_sha1(const axis2_env_t *env,
+ oxs_sign_ctx_t *sign_ctx,
+ oxs_buffer_t *input,
+ oxs_buffer_t *output);
+
/**
* Sign
*/
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c?view=diff&rev=506920&r1=506919&r2=506920
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c Tue Feb 13 01:22:07 2007
@@ -153,3 +153,51 @@
}
return AXIS2_SUCCESS;
}
+
+/*These are new set of functions that break-up the complex logic in oxs_key_mgr_load_key()*/
+
+AXIS2_EXTERN openssl_pkey_t* AXIS2_CALL
+oxs_key_mgr_load_private_key_from_string(const axis2_env_t *env,
+ axis2_char_t *string_buffer, /*in PEM format*/
+ axis2_char_t *password)
+{
+ openssl_pkey_t *open_prvkey = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ EVP_PKEY *prvkey = NULL;
+
+ /*load private key from buf*/
+ status = openssl_pem_buf_read_pkey(env, string_buffer, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
+ /*Populate*/
+ if(prvkey){
+ open_prvkey = openssl_pkey_create(env);
+ OPENSSL_PKEY_POPULATE(open_prvkey, env, prvkey, NULL, OPENSSL_PKEY_TYPE_PRIVATE_KEY);
+ }else{
+ return NULL;
+ }
+
+ return open_prvkey;
+}
+
+AXIS2_EXTERN openssl_pkey_t* AXIS2_CALL
+oxs_key_mgr_load_private_key_from_file(const axis2_env_t *env,
+ axis2_char_t *filename,
+ axis2_char_t *password)
+{
+ openssl_pkey_t *open_prvkey = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ EVP_PKEY *prvkey = NULL;
+
+ /*Read EVP_PKEY*/
+ status = openssl_pem_read_pkey(env, filename, password, OPENSSL_PEM_PKEY_TYPE_PRIVATE_KEY, &prvkey);
+
+ /*Populate*/
+ if(prvkey){
+ open_prvkey = openssl_pkey_create(env);
+ OPENSSL_PKEY_POPULATE(open_prvkey, env, prvkey, filename, OPENSSL_PKEY_TYPE_PRIVATE_KEY);
+ }else{
+ return NULL;
+ }
+
+ return open_prvkey;
+}
+
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c?view=diff&rev=506920&r1=506919&r2=506920
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c Tue Feb 13 01:22:07 2007
@@ -319,7 +319,7 @@
if (ret < 0)
{
oxs_error(env, ERROR_LOCATION, OXS_ERROR_OPENSSL_FUNC_FAILED,
- "RSA private encryption(Signing) failed");
+ "RSA private encryption(Signing) failed. Error code %d: %s",ERR_get_error(), ERR_reason_error_string(ERR_get_error()));
return (-1);
}
OXS_BUFFER_POPULATE(out, env, encrypted, ret);
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c?view=diff&rev=506920&r1=506919&r2=506920
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c Tue Feb 13 01:22:07 2007
@@ -27,7 +27,54 @@
#include <openssl_rsa.h>
#include <openssl_digest.h>
/*Private functions*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_sig_sign_rsa_sha1(const axis2_env_t *env,
+ oxs_sign_ctx_t *sign_ctx,
+ oxs_buffer_t *input,
+ oxs_buffer_t *output)
+{
+ axis2_char_t *to_be_signed_content = NULL;
+ axis2_char_t *encoded_str = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ oxs_buffer_t *digested_buf = NULL;
+ oxs_buffer_t *signed_result_buf = NULL;
+ openssl_pkey_t *prv_key = NULL;
+ openssl_rsa_t *rsa = NULL;
+ int signedlen = -1, encodedlen = -1, ret = -1;
+ /*Make sha-1 digest. Do we really need to do this OR is it part of OpenSSL operation????*/
+ to_be_signed_content = openssl_sha1(env, (axis2_char_t*)OXS_BUFFER_GET_DATA(input, env), OXS_BUFFER_GET_SIZE(input, env));
+
+ /*Create and populate the new input buffer*/
+ digested_buf = oxs_buffer_create(env);
+ OXS_BUFFER_POPULATE(digested_buf, env, (unsigned char*)to_be_signed_content, axis2_strlen(to_be_signed_content));
+
+
+ /*Get the key*/
+ prv_key = oxs_sign_ctx_get_private_key(sign_ctx, env);
+
+ /*Create output buffer to store signed data*/
+ signed_result_buf = oxs_buffer_create(env);
+
+ /*Sign */
+ rsa = openssl_rsa_create(env);
+ signedlen = OPENSSL_RSA_PRV_ENCRYPT(rsa, env, prv_key, OPENSSL_RSA_PKCS1_PADDING, digested_buf, signed_result_buf);
+ if(signedlen < 0){
+ /*Error*/
+ }
+
+ /*Base64 encode*/
+ encodedlen = axis2_base64_encode_len(signedlen);
+ encoded_str = AXIS2_MALLOC(env->allocator, encodedlen);
+ ret = axis2_base64_encode(encoded_str, (const char *)OXS_BUFFER_GET_DATA(signed_result_buf, env), signedlen);
+ status = OXS_BUFFER_POPULATE(output, env, (unsigned char*)AXIS2_STRDUP(encoded_str, env), encodedlen);
+
+ /*Free digested_buf*/
+ /*Free signed_result_buf*/
+ /*Free rsa*/
+
+ return AXIS2_SUCCESS;
+}
/*Public functions*/
@@ -37,11 +84,26 @@
oxs_buffer_t *input,
oxs_buffer_t *output)
{
- /*Get the content*/
-
- /*Make the digest*/
+ axis2_char_t *sign_algo = NULL;
+
+
+ /*Get algo*/
+ sign_algo = oxs_sign_ctx_get_sign_mtd_algo(sign_ctx, env);
+
+ /*Prepare content and sign*/
+ if(0==(axis2_strcmp(sign_algo, OXS_HREF_RSA_SHA1))){
+ oxs_sig_sign_rsa_sha1(env, sign_ctx, input, output);
+ }else if(0==(axis2_strcmp(sign_algo, OXS_HREF_DSA_SHA1))){
+ /*Error we do not support*/
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,
+ "Cannot support cipher %s", sign_algo);
+ return AXIS2_FAILURE;
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,
+ "Cannot support cipher %s", sign_algo);
+ return AXIS2_FAILURE;
+ }
- /*Sign*/
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c?view=diff&rev=506920&r1=506919&r2=506920
==============================================================================
--- webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c (original)
+++ webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c Tue Feb 13 01:22:07 2007
@@ -26,6 +26,8 @@
#include <axis2_env.h>
#include <oxs_ctx.h>
#include <oxs_key.h>
+#include <oxs_key_mgr.h>
+#include <openssl_pkey.h>
#include <oxs_error.h>
#include <oxs_xml_signature.h>
#include <oxs_sign_ctx.h>
@@ -102,10 +104,26 @@
sign_parts = axis2_array_list_create(env, 1);
axis2_array_list_add(sign_parts, env, sign_part);
sign_ctx = oxs_sign_ctx_create(env);
- oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
- /*Sign*/
- oxs_xml_sig_sign(env, sign_ctx, tmpl);
+ if(sign_ctx){
+ openssl_pkey_t *prvkey = NULL;
+ /*Set private key*/
+ prvkey = oxs_key_mgr_load_private_key_from_file(env, "rsakey.pem", "");
+ if(!prvkey){
+ printf("Cannot load private key");
+ }
+ oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
+ /*Set sig algo*/
+ oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
+ /*Set C14N method*/
+ oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_C14N);
+ /*Set sig parts*/
+ oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
+ /*Sign*/
+ oxs_xml_sig_sign(env, sign_ctx, tmpl);
+ }else{
+ printf("Sign ctx creation failed");
+ }
signed_result = AXIOM_NODE_TO_STRING(tmpl, env) ;
outf = fopen("result-sign.xml", "wb");
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org