You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by su...@apache.org on 2008/02/12 09:21:38 UTC
svn commit: r620722 [2/2] - in /webservices/rampart/trunk/c: build/win32/
include/ samples/client/issued_token/ samples/secpolicy/
samples/secpolicy/scenario20/ samples/server/saml_sts/ src/trust/ src/util/
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=620722&r1=620721&r2=620722&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Tue Feb 12 00:21:23 2008
@@ -34,6 +34,7 @@
#include <axutil_array_list.h>
#include <rampart_signature.h>
#include <rampart_saml.h>
+#include <rampart_issued.h>
/*Private functions*/
axis2_status_t AXIS2_CALL
@@ -42,7 +43,8 @@
rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node,
- axiom_namespace_t *sec_ns_obj)
+ axiom_namespace_t *sec_ns_obj,
+ axutil_array_list_t *sign_parts_list)
{
axis2_bool_t signature_protection = AXIS2_FALSE;
axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
@@ -81,7 +83,7 @@
return AXIS2_FAILURE;
}
/*Then Sign the message*/
- status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+ status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -108,7 +110,7 @@
return AXIS2_FAILURE;
}
/*Then do signature specific things*/
- status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+ status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Signature failed. ERROR");
@@ -122,7 +124,7 @@
{
is_encrypt_before_sign = AXIS2_FALSE;
/*First do signature specific stuff*/
- status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+ status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Signing failed. ERROR");
@@ -194,7 +196,8 @@
rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node,
- axiom_namespace_t *sec_ns_obj)
+ axiom_namespace_t *sec_ns_obj,
+ axutil_array_list_t *sign_parts_list)
{
axis2_status_t status = AXIS2_FAILURE;
@@ -218,7 +221,7 @@
}
/*2. Sign*/
- status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+ status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -240,7 +243,7 @@
{
/*Sign before encrypt*/
/*First do signature specific stuff using Symmetric key*/
- status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+ status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -407,6 +410,11 @@
axiom_node_t *sec_node = NULL;
axiom_element_t *sec_ele = NULL;
axis2_bool_t server_side = AXIS2_FALSE;
+ /*
+ * sign parts list. Moved this up the building process. This was originally
+ * in the rampart_sig_sign_message
+ */
+ axutil_array_list_t *sign_parts_list = NULL;
AXIS2_ENV_CHECK(env,AXIS2_FAILURE);
soap_header = axiom_soap_envelope_get_header(soap_envelope, env);
soap_header_node = axiom_soap_header_get_base_node(soap_header, env);
@@ -435,7 +443,7 @@
sec_ele = (axiom_element_t *)
axiom_node_get_data_element(sec_node, env);
-
+ sign_parts_list = axutil_array_list_create(env, 4);
/*Timestamp Inclusion*/
if(rampart_context_is_include_timestamp(rampart_context,env))
{
@@ -482,9 +490,9 @@
}
}
- if (rampart_context_is_include_supporting_saml_token(rampart_context, server_side, AXIS2_FALSE, env))
+ if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_SAML_TOKEN))
{
- status = rampart_saml_supporting_token_build(env, rampart_context, sec_node);
+ status = rampart_saml_supporting_token_build(env, rampart_context, sec_node, sign_parts_list);
if (status == AXIS2_FAILURE)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -494,6 +502,18 @@
}
}
+ if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_ISSUED_TOKEN))
+ {
+ status = rampart_issued_supporting_token_build(rampart_context, env, sec_node, sign_parts_list);
+ if (status == AXIS2_FAILURE)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][shb] Issued supporting token build failed. ERROR");
+ axiom_namespace_free(sec_ns_obj, env);
+ return AXIS2_FAILURE;
+ }
+ }
+
/*Signature Confirmation support. Only in the server side*/
if(axis2_msg_ctx_get_server_side(msg_ctx,env)){
axis2_bool_t sign_conf_reqd = AXIS2_FALSE;
@@ -511,7 +531,7 @@
axis2_status_t status = AXIS2_FAILURE;
AXIS2_LOG_INFO(env->log, "[rampart][shb] Asymmetric Binding. ");
- status = rampart_shb_do_asymmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj);
+ status = rampart_shb_do_asymmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj, sign_parts_list);
axiom_namespace_free(sec_ns_obj, env);
if(AXIS2_FAILURE == status){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Asymmetric Binding failed");
@@ -533,7 +553,7 @@
/*Do Symmetric_binding specific things*/
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding. ");
- status = rampart_shb_do_symmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj);
+ status = rampart_shb_do_symmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj, sign_parts_list);
axiom_namespace_free(sec_ns_obj, env);
if(AXIS2_FAILURE == status){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding failed");
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=620722&r1=620721&r2=620722&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Tue Feb 12 00:21:23 2008
@@ -1562,8 +1562,10 @@
sub_conf = rampart_saml_token_get_subject_confirmation(env, saml_node);
if (sub_conf && axutil_strcmp(sub_conf, SAML_SUB_CONFIRMATION_SENDER_VOUCHES) == 0)
{
- if (!rampart_context_is_include_supporting_saml_token(rampart_context,
- !server_side, AXIS2_FALSE, env))
+ if (!rampart_context_is_include_supporting_token(rampart_context, env,
+ !server_side, AXIS2_FALSE, RP_PROPERTY_SAML_TOKEN) &&
+ !rampart_context_is_include_supporting_token(rampart_context, env,
+ !server_side, AXIS2_FALSE, RP_PROPERTY_ISSUED_TOKEN))
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[Rampart][shp] Unexpected SAML token.");
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=620722&r1=620721&r2=620722&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Tue Feb 12 00:21:23 2008
@@ -58,7 +58,8 @@
rampart_sig_create_sign_parts(const axutil_env_t *env,
rampart_context_t *rampart_context,
axutil_array_list_t *nodes_to_sign,
- axis2_bool_t server_side);
+ axis2_bool_t server_side,
+ axutil_array_list_t *sign_parts_list);
oxs_x509_cert_t *AXIS2_CALL
@@ -481,7 +482,8 @@
axis2_msg_ctx_t *msg_ctx,
rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *sec_node)
+ axiom_node_t *sec_node,
+ axutil_array_list_t *sign_parts_list)
{
axutil_array_list_t *nodes_to_sign = NULL;
axis2_status_t status = AXIS2_FAILURE;
@@ -641,9 +643,9 @@
sign_ctx = oxs_sign_ctx_create(env);
/* Create the sign parts */
- sign_parts = rampart_sig_create_sign_parts(env, rampart_context, nodes_to_sign, server_side);
+ rampart_sig_create_sign_parts(env, rampart_context, nodes_to_sign, server_side, sign_parts_list);
/* Set which parts to be signed*/
- oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
+ oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts_list);
/*Get the binding type. Either symmetric or asymmetric for signature*/
binding_type = rampart_context_get_binding_type(rampart_context,env);
@@ -863,11 +865,11 @@
rampart_sig_create_sign_parts(const axutil_env_t *env,
rampart_context_t *rampart_context,
axutil_array_list_t *nodes_to_sign,
- axis2_bool_t server_side)
+ axis2_bool_t server_side,
+ axutil_array_list_t *sign_parts)
{
int i = 0;
- axis2_char_t *digest_method = NULL;
- axutil_array_list_t *sign_parts = NULL;
+ axis2_char_t *digest_method = NULL;
axiom_node_t *node_to_sign = NULL;
axis2_char_t *id = NULL;
@@ -875,8 +877,7 @@
oxs_transform_t *tr = NULL;
axutil_array_list_t *tr_list = NULL;
- digest_method = rampart_context_get_digest_mtd(rampart_context, env);
- sign_parts = axutil_array_list_create(env, 0);
+ digest_method = rampart_context_get_digest_mtd(rampart_context, env);
/*Now we should create sign part for each node in the arraylist.*/
for (i=0 ; i < axutil_array_list_size(nodes_to_sign, env); i++)
@@ -902,22 +903,22 @@
}
}
- if (rampart_context_is_include_supporting_saml_token(rampart_context, server_side, AXIS2_FALSE, env))
+ /*if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_SAML_TOKEN))
{
axiom_element_t *stre = NULL;
axiom_node_t *strn = NULL, *assertion = NULL;
- axutil_qname_t *qname = NULL;
+ axutil_qname_t *qname = NULL;*/
/* These properties are guaranteed to exsists. If not we cannot reach this point. */
- rampart_saml_token_t *saml = rampart_context_get_saml_token(rampart_context, env, RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
+ /*rampart_saml_token_t *saml = rampart_context_get_saml_token(rampart_context, env, RP_PROPERTY_SIGNED_SUPPORTING_TOKEN);
strn = rampart_saml_token_get_str(saml, env);
assertion = rampart_saml_token_get_assertion(saml, env);
stre = axiom_node_get_data_element(strn, env);
qname = axutil_qname_create(env, OXS_NODE_SECURITY_TOKEN_REFRENCE, OXS_WSSE_XMLNS, NULL);
sign_part = oxs_sign_part_create(env);
- tr_list = axutil_array_list_create(env, 0);
+ tr_list = axutil_array_list_create(env, 0);*/
/* If ID is not present we add it */
- id = axiom_element_get_attribute_value(stre, env, qname);
+ /*id = axiom_element_get_attribute_value(stre, env, qname);
if (!id)
{
id = oxs_util_generate_id(env, (axis2_char_t*)OXS_SIG_ID);
@@ -928,15 +929,15 @@
tr = oxs_transforms_factory_produce_transform(env,
OXS_HREF_TRANSFORM_STR_TRANSFORM);
axutil_array_list_add(tr_list, env, tr);
- oxs_sign_part_set_transforms(sign_part, env, tr_list);
+ oxs_sign_part_set_transforms(sign_part, env, tr_list); */
/* Sign the assertion, not the securitytokenreference */
- oxs_sign_part_set_node(sign_part, env, strn);
+ /* oxs_sign_part_set_node(sign_part, env, strn);
oxs_sign_part_set_digest_mtd(sign_part, env, digest_method);
axutil_array_list_add(sign_parts, env, sign_part);
AXIS2_FREE(env->allocator, id);
id = NULL;
- }
+ }*/
/*Free array list*/
axutil_array_list_free(nodes_to_sign, env);
nodes_to_sign = NULL;