You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2006/12/06 17:49:11 UTC
svn commit: r483145 - in /webservices/axis2/trunk/c/rampart:
samples/client/enc_echo/ src/omxmlsec/ src/omxmlsec/openssl/ src/util/
Author: kaushalye
Date: Wed Dec 6 08:49:10 2006
New Revision: 483145
URL: http://svn.apache.org/viewvc?view=rev&rev=483145
Log:
Support for Subject Key Identifier to send Key Information.
Plus some other modification.
Modified:
webservices/axis2/trunk/c/rampart/samples/client/enc_echo/update_n_run.sh
webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pkcs12.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c
webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
Modified: webservices/axis2/trunk/c/rampart/samples/client/enc_echo/update_n_run.sh
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/client/enc_echo/update_n_run.sh?view=diff&rev=483145&r1=483144&r2=483145
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/client/enc_echo/update_n_run.sh (original)
+++ webservices/axis2/trunk/c/rampart/samples/client/enc_echo/update_n_run.sh Wed Dec 6 08:49:10 2006
@@ -1,10 +1,10 @@
#!/bin/bash
-
+#If your client repository is different, change the value.
CLIENT_REPO="$HOME/client_repo"
#INSTALL MODULE to make sure that both server and client have the same module.
echo "Copying latest module to client_repo"
-cp -r $AXIS2C_HOME/modules/rampart $CLIENT_REPO/
+cp -r $AXIS2C_HOME/modules/rampart $CLIENT_REPO/modules
#RUN
./echo http://localhost:9090/axis2/services/echo $CLIENT_REPO
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c?view=diff&rev=483145&r1=483144&r2=483145
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c Wed Dec 6 08:49:10 2006
@@ -78,7 +78,7 @@
oxs_x509_cert_set_subject(oxs_cert, env, openssl_x509_get_info(env, OPENSSL_X509_INFO_SUBJECT ,cert));
oxs_x509_cert_set_fingerprint(oxs_cert, env, openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER,cert));
oxs_x509_cert_set_serial_number(oxs_cert, env, openssl_x509_get_serial(env, cert));
- /*oxs_x509_cert_set_key_identifier(oxs_cert, env, openssl_x509_get_subject_key_identifier(env, cert));*/
+ oxs_x509_cert_set_key_identifier(oxs_cert, env, openssl_x509_get_subject_key_identifier(env, cert));
/*Additionally we need to set the public key*/
openssl_x509_get_pubkey(env, cert, &pubkey);
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pkcs12.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pkcs12.c?view=diff&rev=483145&r1=483144&r2=483145
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pkcs12.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/pkcs12.c Wed Dec 6 08:49:10 2006
@@ -43,7 +43,7 @@
fclose (fp);
if (!p12) {
- fprintf(stderr, "Error reading PKCS#12 file\n");
+ fprintf(stderr, "Error reading PKCS#12 file %s\n", filename);
ERR_print_errors_fp(stderr);
return AXIS2_FAILURE;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c?view=diff&rev=483145&r1=483144&r2=483145
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c Wed Dec 6 08:49:10 2006
@@ -93,7 +93,7 @@
if ((in=BIO_new_file(filename,"r")) == NULL)
{
oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
- "Error reading the file");
+ "Error reading the file %s", filename);
return AXIS2_FAILURE;
}
/*Read certificate*/
@@ -200,7 +200,7 @@
core_tail = axis2_strstr(unformatted, "\n");
res = axis2_strstr(core_tail,"-----END");
res[0] = '\0';
- core = (axis2_char_t*)axis2_strdup(core_tail,env);
+ core = (axis2_char_t*)AXIS2_STRDUP(core_tail,env);
return core;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c?view=diff&rev=483145&r1=483144&r2=483145
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c Wed Dec 6 08:49:10 2006
@@ -47,47 +47,33 @@
/*private functions*/
+/**
+* <KeyInfo>
+* <SecurityTokenReference>
+* <KeyIdentifier>WEqswOIUsd</KeyIdentifier>
+* </SecurityTokenReference>
+* </KeyInfo>
+*
+*/
static axis2_status_t
-oxs_xml_enc_process_key_info(const axis2_env_t *env,
+oxs_xml_enc_populate_stref_with_key_identifier(const axis2_env_t *env,
oxs_asym_ctx_t *asym_ctx,
- axiom_node_t *key_info_node,
- axiom_node_t *parent_node)
+ axiom_node_t *stref_node)
{
- axiom_node_t *st_ref_node = NULL;
- axiom_node_t *cur_node = NULL;
- axis2_char_t *node_name = NULL;
-
- st_ref_node = oxs_axiom_get_first_child_node_by_name(env, key_info_node, OXS_NODE_SECURITY_TOKEN_REFRENCE, NULL, NULL);
- if(!st_ref_node){
+ axiom_node_t *key_identifier_node = NULL;
+ axis2_char_t *key_identifier = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+ key_identifier = oxs_x509_cert_get_key_identifier(cert, env);
+ if(!key_identifier){
return AXIS2_FAILURE;
}
-/*
- WSS-Core specification suggests
- 1. Resolve any <wsse:Reference> elements (specified within
- <wsse:SecurityTokenReference>).
- 2. Resolve any <wsse:KeyIdentifier> elements (specified within
- <wsse:SecurityTokenReference>).
- 3. Resolve any <ds:KeyName> elements. NOT PERMITTED by WS-i
- 4. Resolve any other <ds:KeyInfo> elements. NOT PERMITTED by WS-i
-*/
-
- /*
- * Implementation of these are not important for Encryption.
- * Might've to relocate to another file as this processing is essential in Signature
- */
- cur_node = AXIOM_NODE_GET_FIRST_CHILD(st_ref_node, env);
- node_name = axiom_util_get_localname(cur_node, env);
- if(0 == AXIS2_STRCMP(OXS_NODE_REFERENCE, node_name)){
-
- }else if(0 == AXIS2_STRCMP(OXS_NODE_KEY_IDENTIFIER, node_name)){
-
- }else if(0 == AXIS2_STRCMP(OXS_NODE_X509_DATA, node_name)){
- }else if(0 == AXIS2_STRCMP(OXS_NODE_EMBEDDED, node_name)){
-
- }else{
- /*Unsupported*/
- }
+ /*Build KeyIdentifier node*/
+ key_identifier_node = oxs_token_build_key_identifier_element(
+ env, stref_node, OXS_ENCODING_BASE64BINARY,
+ OXS_X509_SUBJ_KI, key_identifier);
return AXIS2_SUCCESS;
}
@@ -133,36 +119,6 @@
/**
* <KeyInfo>
* <SecurityTokenReference>
-* <KeyIdentifier>WEqswOIUsd</KeyIdentifier>
-* </SecurityTokenReference>
-* </KeyInfo>
-*
-*/
-static axis2_status_t
-oxs_xml_enc_populate_stref_with_key_identifier(const axis2_env_t *env,
- oxs_asym_ctx_t *asym_ctx,
- axiom_node_t *stref_node)
-{
- axiom_node_t *key_identifier_node = NULL;
- axis2_char_t *key_identifier = NULL;
- oxs_x509_cert_t *cert = NULL;
-
- cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
- key_identifier = oxs_x509_cert_get_key_identifier(cert, env);
- if(!key_identifier){
- return AXIS2_FAILURE;
- }
-
- /*Build KeyIdentifier node*/
- key_identifier_node = oxs_token_build_key_identifier_element(
- env, stref_node, OXS_ENCODING_BASE64BINARY,
- OXS_X509_SUBJ_KI, key_identifier);
-
- return AXIS2_SUCCESS;
-}
-/**
-* <KeyInfo>
-* <SecurityTokenReference>
* <Embedded>
* <BinarySecurityToken>UYISDjsdaousdWEqswOIUsd</BinarySecurityToken>
* </Embedded>
@@ -229,6 +185,51 @@
/*Build x509Data*/
x509_data_node = oxs_token_build_x509_data_element(env, stref_node);
issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(env, x509_data_node, issuer_name, serial_number);
+ return AXIS2_SUCCESS;
+}
+
+static axis2_status_t
+oxs_xml_enc_process_key_info(const axis2_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *key_info_node,
+ axiom_node_t *parent_node)
+{
+ axiom_node_t *st_ref_node = NULL;
+ axiom_node_t *cur_node = NULL;
+ axis2_char_t *node_name = NULL;
+
+ st_ref_node = oxs_axiom_get_first_child_node_by_name(env, key_info_node, OXS_NODE_SECURITY_TOKEN_REFRENCE, NULL, NULL);
+ if(!st_ref_node){
+ return AXIS2_FAILURE;
+ }
+/*
+ WSS-Core specification suggests
+ 1. Resolve any <wsse:Reference> elements (specified within
+ <wsse:SecurityTokenReference>).
+ 2. Resolve any <wsse:KeyIdentifier> elements (specified within
+ <wsse:SecurityTokenReference>).
+ 3. Resolve any <ds:KeyName> elements. NOT PERMITTED by WS-i
+ 4. Resolve any other <ds:KeyInfo> elements. NOT PERMITTED by WS-i
+*/
+
+ /*
+ * Implementation of these are not important for Encryption.
+ * Might've to relocate to another file as this processing is essential in Signature
+ */
+ cur_node = AXIOM_NODE_GET_FIRST_CHILD(st_ref_node, env);
+ node_name = axiom_util_get_localname(cur_node, env);
+ if(0 == AXIS2_STRCMP(OXS_NODE_REFERENCE, node_name)){
+
+ }else if(0 == AXIS2_STRCMP(OXS_NODE_KEY_IDENTIFIER, node_name)){
+
+ }else if(0 == AXIS2_STRCMP(OXS_NODE_X509_DATA, node_name)){
+
+ }else if(0 == AXIS2_STRCMP(OXS_NODE_EMBEDDED, node_name)){
+
+ }else{
+ /*Unsupported*/
+ }
+
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c?view=diff&rev=483145&r1=483144&r2=483145
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c Wed Dec 6 08:49:10 2006
@@ -195,7 +195,7 @@
if (!header_block_ht)
return AXIS2_FAILURE;
- /*TODO If there are multiple security header elements, get the one with @role=rampart*/
+ /*BETTER IF : If there are multiple security header elements, get the one with @role=rampart*/
for (hash_index = axis2_hash_first(header_block_ht, env); hash_index;
hash_index = axis2_hash_next(env, hash_index))
{
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=483145&r1=483144&r2=483145
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Wed Dec 6 08:49:10 2006
@@ -21,6 +21,7 @@
#include <rampart_sec_header_processor.h>
#include <rampart_username_token.h>
#include <rampart_timestamp_token.h>
+#include <rampart_handler_util.h>
#include <oxs_ctx.h>
#include <oxs_error.h>
#include <oxs_utility.h>
@@ -40,7 +41,7 @@
#include <oxs_asym_ctx.h>
/*Private functions*/
-AXIS2_EXTERN axis2_status_t AXIS2_CALL
+static axis2_status_t
rampart_shp_process_timestamptoken(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
@@ -66,7 +67,7 @@
}
}
-AXIS2_EXTERN axis2_status_t AXIS2_CALL
+static axis2_status_t
rampart_shp_process_usernametoken(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
@@ -95,7 +96,7 @@
}
}
-AXIS2_EXTERN axis2_status_t AXIS2_CALL
+static axis2_status_t
rampart_shp_process_encrypted_key(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
@@ -185,7 +186,7 @@
return AXIS2_SUCCESS;
}
-AXIS2_EXTERN axis2_status_t AXIS2_CALL
+static axis2_status_t
rampart_shp_enforce_security(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org