You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ka...@apache.org on 2006/11/30 09:47:45 UTC
svn commit: r480879 - in /webservices/axis2/trunk/c/rampart: include/
src/omxmlsec/ src/omxmlsec/openssl/ src/util/
Author: kaushalye
Date: Thu Nov 30 00:47:43 2006
New Revision: 480879
URL: http://svn.apache.org/viewvc?view=rev&rev=480879
Log:
Support for X509 certificates in .cert files in PEM format.
Modified:
webservices/axis2/trunk/c/rampart/include/openssl_x509.h
webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/error.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
Modified: webservices/axis2/trunk/c/rampart/include/openssl_x509.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_x509.h?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_x509.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_x509.h Thu Nov 30 00:47:43 2006
@@ -65,6 +65,11 @@
X509 **cert);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_x509_load_from_pem(const axis2_env_t *env,
+ axis2_char_t *filename,
+ X509 **cert);
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
openssl_x509_load_from_pkcs12(const axis2_env_t *env,
axis2_char_t *filename,
axis2_char_t *password,
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c Thu Nov 30 00:47:43 2006
@@ -187,7 +187,7 @@
if (asym_ctx->private_key)
{
- OPENSSL_PKEY_FREE(asym_ctx->private_key, env);
+ /*OPENSSL_PKEY_FREE(asym_ctx->private_key, env);*/
asym_ctx->private_key = NULL;
}
asym_ctx->private_key = private_key;
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c Thu Nov 30 00:47:43 2006
@@ -170,7 +170,9 @@
/*Load the key using key manager*/
password = oxs_asym_ctx_get_password(ctx, env);
status = oxs_key_mgr_load_key(env, ctx, password);
-
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
#if 0
/*1. Try to get the pkey from the asy_ctx*/
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/error.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/error.c?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/error.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/error.c Thu Nov 30 00:47:43 2006
@@ -21,6 +21,7 @@
#include <time.h>
#include <axis2_log_default.h>
#include <platforms/axis2_platform_auto_sense.h>
+
/*Table to map error codes with the error message*/
#define OXS_ERRORS_MAX_NUMBER 64
static oxs_error_description oxs_errors_table[OXS_ERRORS_MAX_NUMBER] =
@@ -88,6 +89,7 @@
AXIS2_VSNPRINTF(value, AXIS2_LEN_VALUE, msg, ap);
va_end(ap);
-
+ /*Should pass env to this method rather than creating a own one*/
+ /* AXIS2_LOG_INFO(env->log, "ERROR [%s:%d in %s] %s , %s", file, line, func, error_msg, value); */
printf("\nERROR [%s:%d in %s] %s , %s\n", file, line, func, error_msg, value);
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c Thu Nov 30 00:47:43 2006
@@ -44,13 +44,17 @@
if(OXS_ASYM_CTX_FORMAT_PEM == oxs_asym_ctx_get_format(ctx, env)){
format = OPENSSL_X509_FORMAT_PEM;
-
+ status = openssl_x509_load_from_pem(env, filename, &cert);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
}else if(OXS_ASYM_CTX_FORMAT_PKCS12 == oxs_asym_ctx_get_format(ctx, env)){
format = OPENSSL_X509_FORMAT_PKCS12;
status = openssl_x509_load_from_pkcs12(env, filename, password, &cert, &prvkey, &ca);
-
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
}
-
/*Alright if the prvkey is available, populate the openssl_pkey*/
if(prvkey){
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c Thu Nov 30 00:47:43 2006
@@ -86,13 +86,29 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
openssl_x509_load_from_pem(const axis2_env_t *env,
axis2_char_t *filename,
- axis2_char_t *password,
X509 **cert)
{
+ BIO *in;
+
+ if ((in=BIO_new_file(filename,"r")) == NULL)
+ {
+ printf("Error reading the file\n");
+ return AXIS2_FAILURE;
+ }
+ /*Read certificate*/
+ PEM_read_bio_X509(in, cert,NULL,NULL);
+ if(!*cert)
+ {
+ printf("Error creating the certificate\n");
+ return AXIS2_FAILURE;
+ }
+ BIO_reset(in);
+ BIO_free(in);
return AXIS2_SUCCESS;
}
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
openssl_x509_load_from_pkcs12(const axis2_env_t *env,
axis2_char_t *filename,
@@ -136,6 +152,10 @@
if(OPENSSL_X509_FORMAT_PEM == format){
/*Load from PEM*/
+ status = openssl_x509_load_from_pem(env, filename, cert);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
}else if(OPENSSL_X509_FORMAT_PKCS12 == format){
/*Load from PKCS12*/
EVP_PKEY *pkey = NULL;
@@ -209,6 +229,49 @@
return AXIS2_SUCCESS;
}
+#if 0
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+openssl_x509_get_subject_key_identifier(const axis2_env_t *env,
+ X509 *cert)
+{
+ X509_EXTENSION *ext;
+ ASN1_OCTET_STRING *keyId = NULL;
+ int index = 0;
+ EVP_ENCODE_CTX ctx;
+ int len, ret;
+ char buf[1000];
+ char output[100];
+
+ /*Get ext by ID*/
+ index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
+ if (index < 0) {
+ printf("index is less than zero\n");
+ return NULL;
+ }
+ /*Get the extension*/
+ ext = X509_get_ext(cert, index);
+ if (ext == NULL) {
+ printf("Extension is Null\n");
+ return NULL;
+ }
+ /*Subject Key Identifier*/
+ keyId = X509V3_EXT_d2i(ext);
+ if (keyId == NULL) {
+ printf("KeyId is NULL\n");
+ return NULL;
+ }
+ memcpy(buf, keyId->data, keyId->length);
+ buf[keyId->length] = 0;
+
+ EVP_EncodeInit(&ctx);
+ EVP_EncodeUpdate(&ctx, (unsigned char*)output, &len, (unsigned char*)buf, keyId->length);
+ EVP_EncodeFinal(&ctx, (unsigned char*)(output+len), &ret);
+
+ ret += len;
+ return output;
+}
+#endif
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
openssl_x509_get_info(const axis2_env_t *env,
openssl_x509_info_type_t type,
@@ -223,7 +286,7 @@
if(OPENSSL_X509_INFO_SUBJECT==type){
X509_NAME_print_ex(out, X509_get_subject_name(cert), 0, 0);
}else if(OPENSSL_X509_INFO_ISSUER == type){
- X509_NAME_print_ex(out, X509_get_subject_name(cert), 0, 0);
+ X509_NAME_print_ex(out, X509_get_issuer_name(cert), 0, 0);
}else if(OPENSSL_X509_INFO_VALID_FROM == type){
ASN1_TIME_print(out, X509_get_notBefore(cert));
}else if(OPENSSL_X509_INFO_VALID_TO == type){
@@ -291,6 +354,8 @@
return result;
}
+
+
AXIS2_EXTERN void AXIS2_CALL
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c Thu Nov 30 00:47:43 2006
@@ -66,6 +66,7 @@
axis2_char_t *enc_sym_algo = NULL;
axis2_char_t *enc_asym_algo = NULL;
axis2_char_t *certificate_file = NULL;
+ axis2_char_t *password = NULL;
oxs_key_t *session_key = NULL;
oxs_asym_ctx_t *asym_ctx = NULL;
@@ -115,14 +116,16 @@
enc_asym_algo = RAMPART_ACTIONS_GET_ENC_KT_ALGO(actions, env);
/*Get the certificate file name*/
certificate_file = RAMPART_ACTIONS_GET_ENC_KEY_FILE(actions, env);
+ /*Get the password to retrieve the key from key store*/
+ password = RAMPART_ACTIONS_GET_ENC_USER(actions, env);
/*Create asymmetric encryption context*/
asym_ctx = oxs_asym_ctx_create(env);
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_file_name(asym_ctx, env, certificate_file);
- oxs_asym_ctx_set_password(asym_ctx, env, "1234");
+ oxs_asym_ctx_set_password(asym_ctx, env, password);
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
/*TODO This should be taken from the configurations*/
- oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PKCS12);
+ oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PEM);
/*Encrypt the session key*/
oxs_xml_enc_encrypt_key(env, asym_ctx, sec_node,session_key, id_list);
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=480879&r1=480878&r2=480879
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Thu Nov 30 00:47:43 2006
@@ -116,6 +116,7 @@
axis2_array_list_t *reference_list = NULL;
axis2_char_t *enc_asym_algo = NULL;
axis2_char_t *certificate_file = NULL;
+ axis2_char_t *password = NULL;
axis2_status_t status = AXIS2_FAILURE;
oxs_asym_ctx_t *asym_ctx = NULL;
oxs_key_t *decrypted_sym_key = NULL;
@@ -138,9 +139,13 @@
/*Set default values. Might be useful if there are no data available to identify those*/
enc_asym_algo = RAMPART_ACTIONS_GET_ENC_KT_ALGO(actions, env);
certificate_file = RAMPART_ACTIONS_GET_DEC_KEY_FILE(actions, env);
+ /*Get the password to retrieve the key from key store*/
+ password = RAMPART_ACTIONS_GET_ENC_USER(actions, env);
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_file_name(asym_ctx, env, certificate_file);
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
+ oxs_asym_ctx_set_password(asym_ctx, env, password);
+ oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PKCS12);
/*Create an empty key*/
decrypted_sym_key = oxs_key_create(env);
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org