You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by sh...@apache.org on 2008/09/08 06:23:43 UTC
svn commit: r692990 - in /webservices/rampart/trunk/c: include/ src/secconv/
src/util/
Author: shankar
Date: Sun Sep 7 21:23:35 2008
New Revision: 692990
URL: http://svn.apache.org/viewvc?rev=692990&view=rev
Log:
Secure conversation bug in multiple messages.
Modified:
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/src/secconv/sct_provider_utility.c
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?rev=692990&r1=692989&r2=692990&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Sun Sep 7 21:23:35 2008
@@ -160,6 +160,8 @@
#define RAMPART_SCT_ID_TYPE_LOCAL 1
#define RAMPART_SCT_ID_TYPE_GLOBAL 2
+#define RAMPART_ENC_TOKEN_ID "EncryptionTokenID"
+#define RAMPART_SIG_TOKEN_ID "SignatureTokenID"
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?rev=692990&r1=692989&r2=692990&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Sun Sep 7 21:23:35 2008
@@ -1443,7 +1443,8 @@
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
rampart_context_get_encryption_token_id(
rampart_context_t *rampart_context,
- const axutil_env_t *env);
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx);
/**
*
* @param rampart_context
@@ -1455,7 +1456,8 @@
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
rampart_context_get_signature_token_id(
rampart_context_t *rampart_context,
- const axutil_env_t *env);
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx);
/**
*
* @param rampart_context
@@ -1469,7 +1471,8 @@
rampart_context_set_encryption_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
- axis2_char_t *sct_id);
+ axis2_char_t *sct_id,
+ axis2_msg_ctx_t* msg_ctx);
/**
*
* @param rampart_context
@@ -1483,7 +1486,8 @@
rampart_context_set_signature_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
- axis2_char_t *sct_id);
+ axis2_char_t *sct_id,
+ axis2_msg_ctx_t* msg_ctx);
/* Return the saml token of token type set in the rampart context */
Modified: webservices/rampart/trunk/c/src/secconv/sct_provider_utility.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secconv/sct_provider_utility.c?rev=692990&r1=692989&r2=692990&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/secconv/sct_provider_utility.c (original)
+++ webservices/rampart/trunk/c/src/secconv/sct_provider_utility.c Sun Sep 7 21:23:35 2008
@@ -56,9 +56,9 @@
if(!sct_id)
{
if(is_encryption)
- sct_id = rampart_context_get_encryption_token_id(rampart_context, env);
+ sct_id = rampart_context_get_encryption_token_id(rampart_context, env, msg_ctx);
else
- sct_id = rampart_context_get_signature_token_id(rampart_context, env);
+ sct_id = rampart_context_get_signature_token_id(rampart_context, env, msg_ctx);
}
if(!sct_id)
@@ -149,14 +149,14 @@
if(is_different_session_key_for_encryption_and_signing(env, rampart_context))
{
if(is_encryption)
- rampart_context_set_encryption_token_id(rampart_context, env, global_id);
+ rampart_context_set_encryption_token_id(rampart_context, env, global_id, msg_ctx);
else
- rampart_context_set_signature_token_id(rampart_context, env, global_id);
+ rampart_context_set_signature_token_id(rampart_context, env, global_id, msg_ctx);
}
else
{
- rampart_context_set_encryption_token_id(rampart_context, env, global_id);
- rampart_context_set_signature_token_id(rampart_context, env, global_id);
+ rampart_context_set_encryption_token_id(rampart_context, env, global_id, msg_ctx);
+ rampart_context_set_signature_token_id(rampart_context, env, global_id, msg_ctx);
}
}
}
@@ -786,40 +786,40 @@
axis2_msg_ctx_t *msg_ctx)
{
rampart_context_t *in_rampart_ctx = NULL;
- rampart_context_t *out_rampart_ctx = NULL;
- oxs_key_mgr_t *key_mgr = NULL;
-
- in_rampart_ctx = (rampart_context_t*)rampart_get_rampart_configuration(
- env, msg_ctx, RAMPART_CONFIGURATION);
-
- /* rampart context is not given by user. It was built by policy */
- if(!in_rampart_ctx)
- {
- return NULL;
- }
-
- out_rampart_ctx = rampart_context_create(env);
- if(!out_rampart_ctx)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart]Cannot create new rampart context. Insufficient memory.");
- return NULL;
- }
-
- rampart_context_set_ttl(out_rampart_ctx, env, rampart_context_get_ttl(in_rampart_ctx, env));
- rampart_context_set_user(out_rampart_ctx, env,
- axutil_strdup(env, rampart_context_get_user(in_rampart_ctx, env)));
- rampart_context_set_password_type(out_rampart_ctx, env,
- rampart_context_get_password_type(in_rampart_ctx, env));
- rampart_context_set_password(out_rampart_ctx, env,
- rampart_context_get_password(in_rampart_ctx, env));
- rampart_context_set_pwcb_function(out_rampart_ctx, env,
- rampart_context_get_pwcb_function(in_rampart_ctx, env),
- rampart_context_get_pwcb_user_params(in_rampart_ctx, env));
- rampart_context_set_replay_detect_function(out_rampart_ctx, env,
- rampart_context_get_replay_detect_function(in_rampart_ctx, env),
- rampart_context_get_rd_user_params(in_rampart_ctx, env));
- rampart_context_set_rd_val(out_rampart_ctx, env,
+ rampart_context_t *out_rampart_ctx = NULL;
+ oxs_key_mgr_t *key_mgr = NULL;
+
+ in_rampart_ctx = (rampart_context_t*)rampart_get_rampart_configuration(
+ env, msg_ctx, RAMPART_CONFIGURATION);
+
+ /* rampart context is not given by user. It was built by policy */
+ if(!in_rampart_ctx)
+ {
+ return NULL;
+ }
+
+ out_rampart_ctx = rampart_context_create(env);
+ if(!out_rampart_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot create new rampart context. Insufficient memory.");
+ return NULL;
+ }
+
+ rampart_context_set_ttl(out_rampart_ctx, env, rampart_context_get_ttl(in_rampart_ctx, env));
+ rampart_context_set_user(out_rampart_ctx, env,
+ axutil_strdup(env, rampart_context_get_user(in_rampart_ctx, env)));
+ rampart_context_set_password_type(out_rampart_ctx, env,
+ rampart_context_get_password_type(in_rampart_ctx, env));
+ rampart_context_set_password(out_rampart_ctx, env,
+ rampart_context_get_password(in_rampart_ctx, env));
+ rampart_context_set_pwcb_function(out_rampart_ctx, env,
+ rampart_context_get_pwcb_function(in_rampart_ctx, env),
+ rampart_context_get_pwcb_user_params(in_rampart_ctx, env));
+ rampart_context_set_replay_detect_function(out_rampart_ctx, env,
+ rampart_context_get_replay_detect_function(in_rampart_ctx, env),
+ rampart_context_get_rd_user_params(in_rampart_ctx, env));
+ rampart_context_set_rd_val(out_rampart_ctx, env,
rampart_context_get_rd_val(in_rampart_ctx, env));
/* set key manager as well */
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=692990&r1=692989&r2=692990&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Sun Sep 7 21:23:35 2008
@@ -2854,16 +2854,84 @@
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
rampart_context_get_encryption_token_id(
rampart_context_t *rampart_context,
- const axutil_env_t *env)
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
{
+ if((!rampart_context->encryption_token_id) && (!axis2_msg_ctx_get_server_side(msg_ctx, env)))
+ {
+ /* used by scripting bindings */
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+
+ /* Get the conf ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Conf context is NULL. Cannot get encryption token id.");
+ return NULL;
+ }
+
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot get encryption token id.");
+ return NULL;
+ }
+
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_ENC_TOKEN_ID);
+ if(property)
+ {
+ /* Get the store */
+ rampart_context->encryption_token_id =
+ (axis2_char_t*)axutil_property_get_value(property, env);
+ }
+ }
return rampart_context->encryption_token_id;
}
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
rampart_context_get_signature_token_id(
rampart_context_t *rampart_context,
- const axutil_env_t *env)
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
{
+ if((!rampart_context->signature_token_id)&& (!axis2_msg_ctx_get_server_side(msg_ctx, env)))
+ {
+ /* used by scripting bindings */
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+
+ /* Get the conf ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Conf context is NULL. Cannot get signature token id.");
+ return NULL;
+ }
+
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot get signature token id.");
+ return NULL;
+ }
+
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_SIG_TOKEN_ID);
+ if(property)
+ {
+ /* Get the store */
+ rampart_context->signature_token_id =
+ (axis2_char_t*)axutil_property_get_value(property, env);
+ }
+ }
return rampart_context->signature_token_id;
}
@@ -2871,8 +2939,46 @@
rampart_context_set_encryption_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
- axis2_char_t *sct_id)
+ axis2_char_t *sct_id,
+ axis2_msg_ctx_t *msg_ctx)
{
+ if (!axis2_msg_ctx_get_server_side(msg_ctx, env))
+ {
+ /* used by scripting bindings */
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+
+ /* Get the conf ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Conf context is NULL. Cannot store encryption token id.");
+ return AXIS2_FAILURE;
+ }
+
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot store encryption token id.");
+ return AXIS2_FAILURE;
+ }
+
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_ENC_TOKEN_ID);
+ if(property)
+ {
+ axutil_property_set_value(property, env, sct_id);
+ }
+ else
+ {
+ property = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_TRUE, (void *)NULL, sct_id);
+ axis2_ctx_set_property(ctx, env, RAMPART_ENC_TOKEN_ID, property);
+ }
+ }
rampart_context->encryption_token_id = sct_id;
return AXIS2_SUCCESS;
}
@@ -2881,8 +2987,47 @@
rampart_context_set_signature_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
- axis2_char_t *sct_id)
+ axis2_char_t *sct_id,
+ axis2_msg_ctx_t *msg_ctx)
{
+ if (!axis2_msg_ctx_get_server_side(msg_ctx, env))
+ {
+ /* used by scripting bindings */
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+
+ /* Get the op ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Conf context is NULL. Cannot store signature token id.");
+ return AXIS2_FAILURE;
+ }
+
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot store signature token id.");
+ return AXIS2_FAILURE;
+ }
+
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_SIG_TOKEN_ID);
+ if(property)
+ {
+ axutil_property_set_value(property, env, sct_id);
+ }
+ else
+ {
+ property = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_TRUE, (void *)NULL, sct_id);
+ axis2_ctx_set_property(ctx, env, RAMPART_SIG_TOKEN_ID, property);
+ }
+ }
+
rampart_context->signature_token_id = sct_id;
return AXIS2_SUCCESS;
}
@@ -3203,3 +3348,5 @@
}
+
+
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=692990&r1=692989&r2=692990&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Sun Sep 7 21:23:35 2008
@@ -329,7 +329,7 @@
else
{
axis2_char_t *token_id = NULL;
- token_id = rampart_context_get_encryption_token_id(rampart_context, env);
+ token_id = rampart_context_get_encryption_token_id(rampart_context, env, msg_ctx);
if(token_id)
{
session_key = rampart_context_get_key(rampart_context, env, token_id);
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=692990&r1=692989&r2=692990&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Sun Sep 7 21:23:35 2008
@@ -216,9 +216,9 @@
axis2_char_t *wsc_ns_uri = NULL;
if(is_encryption)
- token_id = rampart_context_get_encryption_token_id(rampart_context, env);
+ token_id = rampart_context_get_encryption_token_id(rampart_context, env, msg_ctx);
else
- token_id = rampart_context_get_signature_token_id(rampart_context, env);
+ token_id = rampart_context_get_signature_token_id(rampart_context, env, msg_ctx);
/*if already stored, then can return*/
if(token_id)
@@ -325,14 +325,14 @@
if(is_different_session_key_for_encryption_and_signing(env, rampart_context))
{
if(is_encryption)
- rampart_context_set_encryption_token_id(rampart_context, env, token_id);
+ rampart_context_set_encryption_token_id(rampart_context, env, token_id, msg_ctx);
else
- rampart_context_set_signature_token_id(rampart_context, env, token_id);
+ rampart_context_set_signature_token_id(rampart_context, env, token_id, msg_ctx);
}
else
{
- rampart_context_set_encryption_token_id(rampart_context, env, token_id);
- rampart_context_set_signature_token_id(rampart_context, env, token_id);
+ rampart_context_set_encryption_token_id(rampart_context, env, token_id, msg_ctx);
+ rampart_context_set_signature_token_id(rampart_context, env, token_id, msg_ctx);
}
}
@@ -1953,3 +1953,5 @@
}
+
+
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=692990&r1=692989&r2=692990&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Sun Sep 7 21:23:35 2008
@@ -261,7 +261,7 @@
else
{
axis2_char_t *token_id = NULL;
- token_id = rampart_context_get_signature_token_id(rampart_context, env);
+ token_id = rampart_context_get_signature_token_id(rampart_context, env, msg_ctx);
if(token_id)
{
int key_usage = OXS_KEY_USAGE_SESSION;