You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by sh...@apache.org on 2008/02/08 11:06:22 UTC
svn commit: r619820 [1/2] - in /webservices/rampart/trunk/c: ./ build/win32/
include/ src/ src/core/ src/handlers/ src/omxmlsec/ src/omxmlsec/tokens/
src/secconv/ src/trust/ src/util/
Author: shankar
Date: Fri Feb 8 02:06:20 2008
New Revision: 619820
URL: http://svn.apache.org/viewvc?rev=619820&view=rev
Log:
includes
(1) secure conversation implementation
(2) support for EncryptionToken + SignatureToken assertion
Added:
webservices/rampart/trunk/c/include/rampart_sct_provider.h
webservices/rampart/trunk/c/include/secconv_security_context_token.h
webservices/rampart/trunk/c/src/secconv/Makefile.am
webservices/rampart/trunk/c/src/secconv/sct_provider.c
webservices/rampart/trunk/c/src/secconv/security_context_token.c
Modified:
webservices/rampart/trunk/c/AUTHORS
webservices/rampart/trunk/c/build/win32/deploy_rampart.bat
webservices/rampart/trunk/c/build/win32/makefile
webservices/rampart/trunk/c/include/oxs_constants.h
webservices/rampart/trunk/c/include/oxs_derivation.h
webservices/rampart/trunk/c/include/oxs_key.h
webservices/rampart/trunk/c/include/oxs_xml_encryption.h
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/include/rampart_util.h
webservices/rampart/trunk/c/include/trust_sts_client.h
webservices/rampart/trunk/c/project.xml
webservices/rampart/trunk/c/src/Makefile.am
webservices/rampart/trunk/c/src/core/Makefile.am
webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c
webservices/rampart/trunk/c/src/handlers/rampart_out_handler.c
webservices/rampart/trunk/c/src/omxmlsec/derivation.c
webservices/rampart/trunk/c/src/omxmlsec/tokens/token_security_token_reference.c
webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
webservices/rampart/trunk/c/src/trust/sts_client.c
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
webservices/rampart/trunk/c/src/util/rampart_policy_validator.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
webservices/rampart/trunk/c/src/util/rampart_util.c
Modified: webservices/rampart/trunk/c/AUTHORS
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/AUTHORS?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/AUTHORS (original)
+++ webservices/rampart/trunk/c/AUTHORS Fri Feb 8 02:06:20 2008
@@ -6,3 +6,4 @@
Samisa Abeysinghe
Sanjaya Ratnaweera
Dushshantha Chandradasa
+Selvaratnam Uthaiyashankar
Modified: webservices/rampart/trunk/c/build/win32/deploy_rampart.bat
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/build/win32/deploy_rampart.bat?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/build/win32/deploy_rampart.bat (original)
+++ webservices/rampart/trunk/c/build/win32/deploy_rampart.bat Fri Feb 8 02:06:20 2008
@@ -1,3 +1,8 @@
+@echo off
+echo -------------------------------------------------------------------------
+echo deploying rampart...
+echo -------------------------------------------------------------------------
+
md %AXIS2C_HOME%\modules\rampart\
copy modules\rampart\mod_rampart.dll %AXIS2C_HOME%\modules\rampart\
copy modules\rampart\module.xml %AXIS2C_HOME%\modules\rampart\
@@ -6,6 +11,10 @@
copy bin\samples\services\sec_echo\sec_echo.dll %AXIS2C_HOME%\services\sec_echo\
copy bin\samples\services\sec_echo\services.xml %AXIS2C_HOME%\services\sec_echo\
+md %AXIS2C_HOME%\services\secconv_echo\
+copy bin\samples\services\secconv_echo\secconv_echo.dll %AXIS2C_HOME%\services\secconv_echo\
+copy bin\samples\services\secconv_echo\services.xml %AXIS2C_HOME%\services\secconv_echo\
+
md %AXIS2C_HOME%\bin\samples\rampart\
md %AXIS2C_HOME%\bin\samples\rampart\authn_provider\
copy bin\samples\authn_provider\authn.dll %AXIS2C_HOME%\bin\samples\rampart\authn_provider\
@@ -13,6 +22,10 @@
md %AXIS2C_HOME%\bin\samples\rampart\replay_detector\
copy bin\samples\replay_detector\rdflatfile.dll %AXIS2C_HOME%\bin\samples\rampart\replay_detector\
+md %AXIS2C_HOME%\bin\samples\rampart\sct_provider\
+copy bin\samples\sct_provider\sctprovider.dll %AXIS2C_HOME%\bin\samples\rampart\sct_provider\
+copy bin\samples\sct_provider\sctprovider_hashdb.dll %AXIS2C_HOME%\bin\samples\rampart\sct_provider\
+
md %AXIS2C_HOME%\bin\samples\rampart\data\
copy bin\samples\data\passwords.txt %AXIS2C_HOME%\bin\samples\rampart\data\
@@ -29,3 +42,8 @@
xcopy bin\samples\keys %AXIS2C_HOME%\bin\samples\rampart\keys\ /E /I /Y /S
copy bin\samples\services\sec_echo\server_axis2.xml %AXIS2C_HOME%\axis2.xml
+
+echo -------------------------------------------------------------------------
+echo Rampart deployed
+echo -------------------------------------------------------------------------
+@echo on
Modified: webservices/rampart/trunk/c/build/win32/makefile
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/build/win32/makefile?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/build/win32/makefile (original)
+++ webservices/rampart/trunk/c/build/win32/makefile Fri Feb 8 02:06:20 2008
@@ -24,8 +24,11 @@
MOD_RAMPART_SRC = $(RAMPART_SOURCE_DIR)\src\core\*.c \
$(RAMPART_SOURCE_DIR)\src\handlers\*.c \
- $(RAMPART_SOURCE_DIR)\src\util\*.c \
- $(RAMPART_SOURCE_DIR)\src\trust\*.c
+ $(RAMPART_SOURCE_DIR)\src\util\*.c
+
+SECCONV_SRC = $(RAMPART_SOURCE_DIR)\src\secconv\*.c
+
+TRUST_SRC = $(RAMPART_SOURCE_DIR)\src\trust\*.c
MOD_RAMPART_INCLUDE_PATH = /I$(RAMPART_SOURCE_DIR)\include \
/I$(OPENSSL_BIN_DIR)\include \
@@ -87,7 +90,9 @@
mkdir $(RAMPART_DISTDIR)\bin\samples\callback
mkdir $(RAMPART_DISTDIR)\bin\samples\authn_provider
mkdir $(RAMPART_DISTDIR)\bin\samples\replay_detector
+ mkdir $(RAMPART_DISTDIR)\bin\samples\sct_provider
mkdir $(RAMPART_DISTDIR)\bin\samples\services\sec_echo
+ mkdir $(RAMPART_DISTDIR)\bin\samples\services\secconv_echo
mkdir $(RAMPART_DISTDIR)\bin\samples\client\sec_echo
mkdir $(RAMPART_DISTDIR)\bin\samples\client\sec_echo\data
mkdir $(RAMPART_DISTDIR)\bin\samples\credential_provider
@@ -105,7 +110,9 @@
if not exist $(RAMPART_INTDIR)\samples\callback\pwcb mkdir $(RAMPART_INTDIR)\samples\callback\pwcb
if not exist $(RAMPART_INTDIR)\samples\authn_provider mkdir $(RAMPART_INTDIR)\samples\authn_provider
if not exist $(RAMPART_INTDIR)\samples\replay_detector mkdir $(RAMPART_INTDIR)\samples\replay_detector
+ if not exist $(RAMPART_INTDIR)\samples\sct_provider mkdir $(RAMPART_INTDIR)\samples\sct_provider
if not exist $(RAMPART_INTDIR)\samples\services\sec_echo\ mkdir $(RAMPART_INTDIR)\samples\services\sec_echo
+ if not exist $(RAMPART_INTDIR)\samples\services\secconv_echo\ mkdir $(RAMPART_INTDIR)\samples\services\secconv_echo
if not exist $(RAMPART_INTDIR)\samples\client\sec_echo\ mkdir $(RAMPART_INTDIR)\samples\client\sec_echo
if not exist $(RAMPART_INTDIR)\samples\credential_provider\ mkdir $(RAMPART_INTDIR)\samples\credential_provider
@@ -113,7 +120,7 @@
copy $(RAMPART_SOURCE_DIR)\samples\data\passwords.txt $(RAMPART_DISTDIR)\bin\samples\data
$(RAMPART_DISTDIR)\modules\rampart\mod_rampart.dll :
- $(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) $(MOD_RAMPART_SRC) $(OMXMLSEC_SRC) \
+ $(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) $(MOD_RAMPART_SRC) $(OMXMLSEC_SRC) $(SECCONV_SRC) $(TRUST_SRC)\
$(APPLINK_FILE) /Fo$(RAMPART_INTDIR)\ /c
$(LD) $(LDFLAGS) $(RAMPART_INTDIR)\*.obj $(LIBS) axutil.lib axiom.lib \
axis2_parser.lib axis2_engine.lib neethi.lib /DLL /OUT:$(RAMPART_DISTDIR)\modules\rampart\mod_rampart.dll \
@@ -153,6 +160,25 @@
mod_rampart_rd: $(RAMPART_DISTDIR)\bin\samples\replay_detector\rdflatfile.dll
+$(RAMPART_DISTDIR)\bin\samples\sct_provider\sctprovider.dll :
+ $(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) $(RAMPART_SOURCE_DIR)\samples\sct_provider\sct_provider_stored_key.c \
+ /Fo$(RAMPART_INTDIR)\samples\sct_provider\ /c
+ $(LD) $(LDFLAGS) $(RAMPART_INTDIR)\samples\sct_provider\sct_provider_stored_key.obj mod_rampart.lib \
+ axutil.lib axis2_engine.lib neethi.lib /LIBPATH:$(RAMPART_DISTDIR)\modules\rampart /DLL \
+ /OUT:$(RAMPART_DISTDIR)\bin\samples\sct_provider\sctprovider.dll
+ -@$(_VC_MANIFEST_EMBED_DLL)
+
+mod_rampart_sct_provider: $(RAMPART_DISTDIR)\bin\samples\sct_provider\sctprovider.dll
+
+$(RAMPART_DISTDIR)\bin\samples\sct_provider\sctprovider_hashdb.dll :
+ $(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) $(RAMPART_SOURCE_DIR)\samples\sct_provider\sct_provider_hash_map.c \
+ /Fo$(RAMPART_INTDIR)\samples\sct_provider\ /c
+ $(LD) $(LDFLAGS) $(RAMPART_INTDIR)\samples\sct_provider\sct_provider_hash_map.obj mod_rampart.lib \
+ axutil.lib axis2_engine.lib neethi.lib /LIBPATH:$(RAMPART_DISTDIR)\modules\rampart /DLL \
+ /OUT:$(RAMPART_DISTDIR)\bin\samples\sct_provider\sctprovider_hashdb.dll
+ -@$(_VC_MANIFEST_EMBED_DLL)
+
+mod_rampart_sct_provider_hashdb: $(RAMPART_DISTDIR)\bin\samples\sct_provider\sctprovider_hashdb.dll
$(RAMPART_DISTDIR)\bin\samples\services\sec_echo\sec_echo.dll :
$(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) /I$(RAMPART_SOURCE_DIR)\samples\server\sec_echo \
@@ -169,13 +195,27 @@
mod_rampart_services_sec_echo: $(RAMPART_DISTDIR)\bin\samples\services\sec_echo\sec_echo.dll
+$(RAMPART_DISTDIR)\bin\samples\services\secconv_echo\secconv_echo.dll :
+ $(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) /I$(RAMPART_SOURCE_DIR)\samples\server\secconv_echo \
+ $(RAMPART_SOURCE_DIR)\samples\server\secconv_echo\*.c /Fo$(RAMPART_INTDIR)\samples\services\secconv_echo\ /c
+ $(LD) $(LDFLAGS) $(RAMPART_INTDIR)\samples\services\secconv_echo\*.obj \
+ axutil.lib axiom.lib axis2_parser.lib $(LIBS) axis2_engine.lib mod_rampart.lib /LIBPATH:$(RAMPART_DISTDIR)\modules\rampart\
+ axis2_http_receiver.lib axis2_http_sender.lib \
+ /DLL /OUT:$(RAMPART_DISTDIR)\bin\samples\services\secconv_echo\secconv_echo.dll
+ -@$(_VC_MANIFEST_EMBED_DLL)
+
+ copy $(RAMPART_SOURCE_DIR)\samples\server\secconv_echo\services.xml $(RAMPART_DISTDIR)\bin\samples\services\secconv_echo\
+
+ copy $(RAMPART_SOURCE_DIR)\samples\server\secconv_echo\server_axis2.xml $(RAMPART_DISTDIR)\bin\samples\services\secconv_echo\
+
+mod_rampart_services_secconv_echo: $(RAMPART_DISTDIR)\bin\samples\services\secconv_echo\secconv_echo.dll
$(RAMPART_DISTDIR)\bin\samples\client\sec_echo\echo.exe :
$(CC) $(CFLAGS) $(MOD_RAMPART_INCLUDE_PATH) \
$(RAMPART_SOURCE_DIR)\samples\client\sec_echo\echo.c \
/Fo$(RAMPART_INTDIR)\samples\client\sec_echo\ /c
$(LD) $(LDFLAGS) $(RAMPART_INTDIR)\samples\client\sec_echo\echo.obj axutil.lib axiom.lib neethi.lib \
- axis2_parser.lib axis2_engine.lib /OUT:$(RAMPART_DISTDIR)\bin\samples\client\sec_echo\echo.exe
+ axis2_parser.lib axis2_engine.lib /LIBPATH:$(RAMPART_DISTDIR)\modules\rampart mod_rampart.lib /OUT:$(RAMPART_DISTDIR)\bin\samples\client\sec_echo\echo.exe
-@$(_VC_MANIFEST_EMBED_EXE)
copy $(RAMPART_SOURCE_DIR)\samples\client\sec_echo\data\client.axis2.xml \
@@ -196,7 +236,7 @@
mod_rampart_samples_credential_provider: $(RAMPART_DISTDIR)\bin\samples\credential_provider\cred_provider.dll
-mod_rampart_samples: mod_rampart_samples_sec_echo mod_rampart_services_sec_echo
+mod_rampart_samples: mod_rampart_samples_sec_echo mod_rampart_services_sec_echo mod_rampart_services_secconv_echo
mod_rampart_copy_include:
xcopy /E /I /Y $(RAMPART_SOURCE_DIR)\include $(RAMPART_DISTDIR)\include
@@ -225,7 +265,7 @@
#copy make_bin_dist.bat $(RAMPART_DISTDIR)
-mod_rampart_all: mod_rampart mod_rampart_authn mod_rampart_rd mod_rampart_pwcb mod_rampart_htpwcb mod_rampart_samples mod_rampart_copy_include copy_dist_files
+mod_rampart_all: mod_rampart mod_rampart_authn mod_rampart_rd mod_rampart_sct_provider mod_rampart_sct_provider_hashdb mod_rampart_pwcb mod_rampart_htpwcb mod_rampart_samples mod_rampart_copy_include copy_dist_files
mv_dist:
move $(RAMPART_DISTDIR) $(RAMPART_DIST_NAME)
@@ -238,14 +278,16 @@
copy_docs:
if exist $(RAMPART_SOURCE_DIR)\docs xcopy /E /I /Y $(RAMPART_SOURCE_DIR)\docs $(RAMPART_DISTDIR)\docs
-dist: clean distdir intdirs mod_rampart mod_rampart_pwcb mod_rampart_authn mod_rampart_rd mod_rampart_services_sec_echo mod_rampart_samples_sec_echo mod_rampart_samples_credential_provider mod_rampart_copy_deploy mod_rampart_copy_include copy_dist_files copy_sec_policy mod_rampart_copy_keys del_am mod_rampart_sample_data copy_docs
+dist: clean distdir intdirs mod_rampart mod_rampart_pwcb mod_rampart_authn mod_rampart_rd mod_rampart_sct_provider mod_rampart_sct_provider_hashdb mod_rampart_services_sec_echo mod_rampart_services_secconv_echo mod_rampart_samples_sec_echo mod_rampart_samples_credential_provider mod_rampart_copy_deploy mod_rampart_copy_include copy_dist_files copy_sec_policy mod_rampart_copy_keys del_am mod_rampart_sample_data copy_docs
dist_no_samples: clean distdir intdirs mod_rampart mod_rampart_copy_include copy_dist_files
deploy:
chdir $(RAMPART_DISTDIR)
deploy_rampart.bat
- chdir .\..\win32
+ chdir $(RAMPART_DISTDIR)\bin\samples\client\sec_echo
+ deploy_client_repo.bat
+ chdir .\..\..\..\..\..\win32
install: dist deploy
Modified: webservices/rampart/trunk/c/include/oxs_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_constants.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_constants.h (original)
+++ webservices/rampart/trunk/c/include/oxs_constants.h Fri Feb 8 02:06:20 2008
@@ -133,6 +133,9 @@
#define OXS_NODE_LENGTH "Length"
#define OXS_NODE_LABEL "Label"
#define OXS_NODE_NONCE "Nonce"
+#define OXS_NODE_SECURITY_CONTEXT_TOKEN "SecurityContextToken"
+#define OXS_NODE_IDENTIFIER "Identifier"
+#define OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN "http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
/************************
SAML nodes
Modified: webservices/rampart/trunk/c/include/oxs_derivation.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_derivation.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_derivation.h (original)
+++ webservices/rampart/trunk/c/include/oxs_derivation.h Fri Feb 8 02:06:20 2008
@@ -63,7 +63,7 @@
* @param env pointer to environment struct
* @derived_key The derived key to be used to get information
* @parent The parent node to be attached to
- * @stref_uri Security Toekn Reference URI
+ * @stref_uri Security Token Reference URI
* @stref_val_type Security Token Reference Valut Type
* @return the built axiom node
*/
Modified: webservices/rampart/trunk/c/include/oxs_key.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_key.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_key.h (original)
+++ webservices/rampart/trunk/c/include/oxs_key.h Fri Feb 8 02:06:20 2008
@@ -40,13 +40,15 @@
#endif
/*Key usage is not specified yet*/
-#define OXS_KEY_USAGE_NONE 0
+#define OXS_KEY_USAGE_NONE 0
/*Key is a session key */
-#define OXS_KEY_USAGE_SESSION 1
+#define OXS_KEY_USAGE_SESSION 1
+ /*Key is a signature session key*/
+#define OXS_KEY_USAGE_SIGNATURE_SESSION 2
/*Key is a derived key */
-#define OXS_KEY_USAGE_DERIVED 2
+#define OXS_KEY_USAGE_DERIVED 3
-#define OXS_KEY_DEFAULT_SIZE 64
+#define OXS_KEY_DEFAULT_SIZE 64
/** Type name for struct oxs_key */
typedef struct oxs_key_t oxs_key_t;
Modified: webservices/rampart/trunk/c/include/oxs_xml_encryption.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_xml_encryption.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_xml_encryption.h (original)
+++ webservices/rampart/trunk/c/include/oxs_xml_encryption.h Fri Feb 8 02:06:20 2008
@@ -48,13 +48,15 @@
* @param enc_ctx encryption context
* @param node the node tobe encrypted
* @param enc_type_node reference to the EncryptedData node
+ * @param key_reference_node key reference provided by STS generated tokens.
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_encrypt_node(const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
axiom_node_t *node,
- axiom_node_t **enc_type_node);
+ axiom_node_t **enc_type_node,
+ axiom_node_t *key_reference_node);
/**
* Decrypts a node as specified in the @enc_ctx.
@@ -78,13 +80,15 @@
* @param enc_ctx encryption context
* @param content_buf the content to be encrypted.
* @param enc_type_node reference to the EncryptedData node
+ * @param key_reference_node key reference provided by STS generated tokens.
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_encrypt_data(const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
oxs_buffer_t *content_buf,
- axiom_node_t **enc_type_node);
+ axiom_node_t **enc_type_node,
+ axiom_node_t *key_reference_node);
/**
* Decrypts @enc_type_node and places the data inside the @result_buf
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Fri Feb 8 02:06:20 2008
@@ -152,6 +152,9 @@
#define RAMPART_RD_DEF_VALID_DURATION 60
#define RAMPART_RD_DEF_MAX_RCDS 5
+
+#define RAMPART_SCT_PROVIDER_DB_PROB "Rampart_SCT_Prov_DB_Prop"
+
#ifdef __cplusplus
}
#endif
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Fri Feb 8 02:06:20 2008
@@ -208,9 +208,9 @@
axis2_char_t *reciever_certificate_file);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
- rampart_context_add_derived_key(rampart_context_t *rampart_context,
+ rampart_context_add_key(rampart_context_t *rampart_context,
const axutil_env_t *env,
- oxs_key_t *derived_key);
+ oxs_key_t *key);
/**********************************************************8*/
@@ -298,13 +298,13 @@
const axutil_env_t *env);
AXIS2_EXTERN axutil_array_list_t* AXIS2_CALL
- rampart_context_get_derived_keys(rampart_context_t *rampart_context,
+ rampart_context_get_keys(rampart_context_t *rampart_context,
const axutil_env_t *env);
AXIS2_EXTERN oxs_key_t* AXIS2_CALL
- rampart_context_get_derived_key(rampart_context_t *rampart_context,
+ rampart_context_get_key(rampart_context_t *rampart_context,
const axutil_env_t *env,
- axis2_char_t* dk_id);
+ axis2_char_t* key_id);
/*End of Getters */
@@ -359,15 +359,25 @@
rampart_context_t *rampart_context,
const axutil_env_t *env);
+ AXIS2_EXTERN struct rampart_sct_provider_t *AXIS2_CALL
+ rampart_context_get_sct_provider(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_context_set_authn_provider(rampart_context_t *rampart_context,
- const axutil_env_t *env,
- rampart_authn_provider_t *authn_provider);
+ const axutil_env_t *env,
+ rampart_authn_provider_t *authn_provider);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_context_set_replay_detector(rampart_context_t *rampart_context,
- const axutil_env_t *env,
- struct rampart_replay_detector_t *replay_detector);
+ const axutil_env_t *env,
+ struct rampart_replay_detector_t *replay_detector);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_sct_provider(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ struct rampart_sct_provider_t *sct_module);
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_context_get_require_timestamp(
@@ -424,6 +434,11 @@
rampart_context_t *rampart_context,
const axutil_env_t *env);
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ rampart_context_get_sct_provider_name(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_context_is_encrypt_before_sign(
rampart_context_t *rampart_context,
@@ -578,12 +593,23 @@
const axutil_env_t *env);
AXIS2_EXTERN oxs_key_t *AXIS2_CALL
- rampart_context_get_session_key(
+ rampart_context_get_encryption_session_key(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_encryption_session_key(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ oxs_key_t *session_key);
+
+ AXIS2_EXTERN oxs_key_t *AXIS2_CALL
+ rampart_context_get_signature_session_key(
rampart_context_t *rampart_context,
const axutil_env_t *env);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
- rampart_context_set_session_key(
+ rampart_context_set_signature_session_key(
rampart_context_t *rampart_context,
const axutil_env_t *env,
oxs_key_t *session_key);
@@ -597,6 +623,28 @@
rampart_context_is_sig_confirmation_reqd(
rampart_context_t *rampart_context,
const axutil_env_t *env);
+
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ rampart_context_get_encryption_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ rampart_context_get_signature_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_encryption_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ axis2_char_t *sct_id);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_signature_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ axis2_char_t *sct_id);
/**
* Set weather the issued token is aquired or not. When setting this to
Added: webservices/rampart/trunk/c/include/rampart_sct_provider.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_sct_provider.h?rev=619820&view=auto
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_sct_provider.h (added)
+++ webservices/rampart/trunk/c/include/rampart_sct_provider.h Fri Feb 8 02:06:20 2008
@@ -0,0 +1,139 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#ifndef RAMPART_SCT_PROVIDER_H
+#define RAMPART_SCT_PROVIDER_H
+
+/**
+ * @file rampart_sct_provider.h
+ * @brief Security context token provider module for rampart
+ */
+
+/**
+* @defgroup sct_provider Security Context Token provider
+* @ingroup rampart_utils
+* @{
+*/
+
+#include <axis2_defines.h>
+#include <axutil_env.h>
+#include <axis2_msg_ctx.h>
+#include <axis2_conf_ctx.h>
+#include <rampart_context.h>
+#include <secconv_security_context_token.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ /**
+ * Type name for struct rampart_sct_provider_ops
+ */
+ typedef struct rampart_sct_provider_ops rampart_sct_provider_ops_t;
+
+ /**
+ * Type name for struct rampart_sct_provider
+ */
+
+ typedef struct rampart_sct_provider rampart_sct_provider_t;
+
+ /**
+ * get_sct_secret gives the shared secret of security context token
+ */
+ struct rampart_sct_provider_ops
+ {
+ security_context_token_t* (AXIS2_CALL*
+ get_token)(rampart_sct_provider_t *sct_provider,
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t server_side,
+ axis2_bool_t is_encryption,
+ axis2_char_t* identifier,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx);
+
+ axis2_status_t (AXIS2_CALL*
+ free)(rampart_sct_provider_t *sct_provider,
+ const axutil_env_t* env);
+ };
+
+ struct rampart_sct_provider
+ {
+ rampart_sct_provider_ops_t *ops;
+ axutil_param_t *param;
+ };
+
+ /*returned buffer should NOT be cleared by the caller*/
+ AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
+ sct_provider_get_secret(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t server_side,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx);
+
+ /*returned buffer should NOT be cleared by the caller*/
+ AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
+ sct_provider_get_secret_using_id(
+ const axutil_env_t* env,
+ axis2_char_t* sct_id,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx);
+
+ AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+ sct_provider_get_token(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t server_side,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx);
+
+ AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+ sct_provider_get_attached_reference(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t server_side,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx);
+
+ AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+ sct_provider_get_unattached_reference(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t server_side,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx);
+
+ /*************************** Function macros **********************************/
+#define RAMPART_SCT_PROVIDER_GET_TOKEN(sct_provider, env, token, server_side, is_enc, sct_id, rampart_ctx, msg_ctx) \
+ ((sct_provider)->ops->get_token(sct_provider, env, token, server_side, is_enc, sct_id, rampart_ctx, msg_ctx))
+
+#define RAMPART_SCT_PROVIDER_FREE(sct_provider, env) \
+ ((sct_provider)->ops->free(sct_provider, env))
+
+ /** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RAMPART_SCT_PROVIDER_H */
+
Modified: webservices/rampart/trunk/c/include/rampart_util.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_util.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_util.h (original)
+++ webservices/rampart/trunk/c/include/rampart_util.h Fri Feb 8 02:06:20 2008
@@ -26,6 +26,7 @@
#include <rampart_credentials.h>
#include <rampart_callback.h>
#include <rampart_replay_detector.h>
+#include <rampart_sct_provider.h>
/**
* @file rampart_util.h
* @brief Utilities of rampart
@@ -101,11 +102,23 @@
* User MUST free memory
* @param env pointer to environment struct
* @param replay_detector_name name of the replay detection module
- * @return creatd replay detection module
+ * @return created replay detection module
*/
AXIS2_EXTERN rampart_replay_detector_t* AXIS2_CALL
rampart_load_replay_detector(const axutil_env_t *env,
axis2_char_t *replay_detector_name);
+
+ /**
+ * Load security context token provider
+ * User MUST free memory
+ * @param env pointer to environment struct
+ * @param sct_provider_name name of the security context token provider
+ * @return created security context token provider module
+ */
+ AXIS2_EXTERN rampart_sct_provider_t* AXIS2_CALL
+ rampart_load_sct_provider(const axutil_env_t *env,
+ axis2_char_t *sct_provider_name);
+
/**
* Call auth module
* @param env pointer to environment struct
@@ -184,6 +197,15 @@
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_print_info(const axutil_env_t *env, axis2_char_t* info);
+
+ /**
+ * check whether different keys are needed for encryption and signature
+ * @param env pointer to environment struct
+ * @param rampart_context rampart context
+ */
+ AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+ is_different_session_key_for_encryption_and_signing(const axutil_env_t *env,
+ rampart_context_t *rampart_context);
/* @} */
#ifdef __cplusplus
Added: webservices/rampart/trunk/c/include/secconv_security_context_token.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/secconv_security_context_token.h?rev=619820&view=auto
==============================================================================
--- webservices/rampart/trunk/c/include/secconv_security_context_token.h (added)
+++ webservices/rampart/trunk/c/include/secconv_security_context_token.h Fri Feb 8 02:06:20 2008
@@ -0,0 +1,129 @@
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SECCONV_SECURITY_CONTEXT_TOKEN_H
+#define SECCONV_SECURITY_CONTEXT_TOKEN_H
+
+/**
+ * @file secconv_security_context_token.h
+ * @brief security context token
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <axutil_utils.h>
+#include <axutil_string.h>
+#include <oxs_buffer.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ typedef struct security_context_token_t security_context_token_t;
+
+ AXIS2_EXTERN security_context_token_t *AXIS2_CALL
+ security_context_token_create(
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN void AXIS2_CALL
+ security_context_token_free(
+ security_context_token_t *sct,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
+ security_context_token_get_secret(
+ security_context_token_t * sct,
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ security_context_token_get_global_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ security_context_token_get_local_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ security_context_token_set_secret(
+ security_context_token_t * sct,
+ const axutil_env_t * env,
+ oxs_buffer_t *buffer);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ security_context_token_set_global_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env,
+ axis2_char_t *global_id);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ security_context_token_set_local_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env,
+ axis2_char_t *local_id);
+
+ AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+ security_context_token_get_requested_proof_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+ security_context_token_get_attached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+ security_context_token_get_unattached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+ security_context_token_get_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ security_context_token_set_requested_proof_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ security_context_token_set_attached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ security_context_token_set_unattached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ security_context_token_set_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*SECCONV_SECURITY_CONTEXT_TOKEN_H */
Modified: webservices/rampart/trunk/c/include/trust_sts_client.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/trust_sts_client.h?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/trust_sts_client.h (original)
+++ webservices/rampart/trunk/c/include/trust_sts_client.h Fri Feb 8 02:06:20 2008
@@ -82,6 +82,25 @@
const axutil_env_t * env,
axis2_char_t * action);
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ trust_sts_client_set_issuer_address(
+ trust_sts_client_t * sts_client,
+ const axutil_env_t * env,
+ axis2_char_t * address);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ trust_sts_client_set_home_dir(
+ trust_sts_client_t * sts_client,
+ const axutil_env_t * env,
+ axis2_char_t * directory);
+
+ AXIS2_EXTERN void AXIS2_CALL
+ trust_sts_client_request_security_token_using_policy(
+ trust_sts_client_t * sts_client,
+ const axutil_env_t * env,
+ trust_context_t *trust_context,
+ neethi_policy_t *issuer_policy);
+
#ifdef __cplusplus
Modified: webservices/rampart/trunk/c/project.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/project.xml?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/project.xml (original)
+++ webservices/rampart/trunk/c/project.xml Fri Feb 8 02:06:20 2008
@@ -107,6 +107,12 @@
<email>dushshantha AT wso2.com</email>
<organization>WSO2</organization>
</developer>
+ <developer>
+ <name>Selvaratnam Uthaiyashankar</name>
+ <id>shankar</id>
+ <email>shankar AT wso2.com</email>
+ <organization>WSO2</organization>
+ </developer>
</developers>
<contributors>
<contributor>
Modified: webservices/rampart/trunk/c/src/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/Makefile.am?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/Makefile.am (original)
+++ webservices/rampart/trunk/c/src/Makefile.am Fri Feb 8 02:06:20 2008
@@ -1 +1 @@
-SUBDIRS = omxmlsec handlers util core data trust
+SUBDIRS = omxmlsec handlers util core data trust secconv
Modified: webservices/rampart/trunk/c/src/core/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/core/Makefile.am?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/core/Makefile.am (original)
+++ webservices/rampart/trunk/c/src/core/Makefile.am Fri Feb 8 02:06:20 2008
@@ -8,6 +8,7 @@
libmod_rampart_la_LIBADD = ../handlers/librampart_handlers.la \
../util/librampart_util.la \
../omxmlsec/libomxmlsec.la \
+ ../secconv/libsecconv.la \
@OPENSSLLIB@ \
-lcrypto \
-laxis2_engine
Modified: webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c (original)
+++ webservices/rampart/trunk/c/src/handlers/rampart_in_handler.c Fri Feb 8 02:06:20 2008
@@ -146,12 +146,14 @@
return status;
}
- serverside = axis2_msg_ctx_get_server_side(msg_ctx,env);
- if(serverside)
+ /*we don't need to clear the rampart context, since it is in the property map.
+ It will be freed when a new rampart context is assigned or when property map is freed*/
+ /*serverside = axis2_msg_ctx_get_server_side(msg_ctx,env);
+ if(!serverside)
{
rampart_context_free(rampart_context, env);
rampart_context = NULL;
- }
+ }*/
return status;
}
Modified: webservices/rampart/trunk/c/src/handlers/rampart_out_handler.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/handlers/rampart_out_handler.c?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/handlers/rampart_out_handler.c (original)
+++ webservices/rampart/trunk/c/src/handlers/rampart_out_handler.c Fri Feb 8 02:06:20 2008
@@ -141,11 +141,13 @@
return AXIS2_FAILURE;
}
- if(serverside)
+ /*we don't need to clear the rampart context, since it is in the property map.
+ It will be freed when a new rampart context is assigned or when property map is freed*/
+ /* if(serverside)
{
rampart_context_free(rampart_context, env);
rampart_context = NULL;
- }
+ }*/
}
return status;
Modified: webservices/rampart/trunk/c/src/omxmlsec/derivation.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/derivation.c?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/derivation.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/derivation.c Fri Feb 8 02:06:20 2008
@@ -130,53 +130,14 @@
axis2_char_t *stref_uri,
axis2_char_t *stref_val_type)
{
- axiom_node_t *dk_token = NULL;
axiom_node_t *str_token = NULL;
axiom_node_t *ref_token = NULL;
- axiom_node_t *nonce_token = NULL;
- axiom_node_t *offset_token = NULL;
- axiom_node_t *length_token = NULL;
- axis2_char_t *uri = NULL;
- /*axiom_node_t *label_token = NULL;*/
-
- axis2_char_t *dk_id = NULL;
- axis2_char_t *dk_name = NULL;
- axis2_char_t *nonce = NULL;
- axis2_char_t *label = NULL;
- int offset = -1;
- int length = 0;
+ axis2_char_t *uri = NULL;
- dk_name = oxs_key_get_name(derived_key, env);
- dk_id = axutil_string_substring_starting_at(dk_name, 1);
-
- uri = axutil_stracat(env, "#", stref_uri);
- dk_token = oxs_token_build_derived_key_token_element(env, parent, dk_id, NULL);
- str_token = oxs_token_build_security_token_reference_element(env, dk_token);
- ref_token = oxs_token_build_reference_element(env, str_token, uri, stref_val_type);
- AXIS2_FREE(env->allocator, uri);
-
- /*Create offset*/
- offset = oxs_key_get_offset(derived_key, env);
- if(offset > -1){
- offset_token = oxs_token_build_offset_element(env, dk_token, offset);
- }
- /*Create length*/
- length = oxs_key_get_length(derived_key, env);
- if(length > 0){
- length_token = oxs_token_build_length_element(env, dk_token, length);
- }
- /*Create nonce*/
- nonce = oxs_key_get_nonce(derived_key, env);
- if(nonce){
- nonce_token = oxs_token_build_nonce_element(env, dk_token, nonce);
- }
- /*Create label. Hmm we dont need to send the label. Use the default.*/
- label = oxs_key_get_label(derived_key, env);
- /*if(label){
- label_token = oxs_token_build_label_element(env, dk_token, label);
- }*/
-
- return dk_token;
+ uri = axutil_stracat(env, "#", stref_uri);
+ str_token = oxs_token_build_security_token_reference_element(env, NULL);
+ ref_token = oxs_token_build_reference_element(env, str_token, uri, stref_val_type);
+ return oxs_derivation_build_derived_key_token_with_stre(env, derived_key, parent, str_token);
}
AXIS2_EXTERN axiom_node_t * AXIS2_CALL
Modified: webservices/rampart/trunk/c/src/omxmlsec/tokens/token_security_token_reference.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/tokens/token_security_token_reference.c?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/tokens/token_security_token_reference.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/tokens/token_security_token_reference.c Fri Feb 8 02:06:20 2008
@@ -38,13 +38,16 @@
/* We especially pass parent=NULL in order to add WSSE namespace to the SECURITY_TOKEN_REFRENCE node.
* Otherwise if we encrypt the signature , the dercyption fails to build the node as the namespace is not within the doc*/
security_token_reference_ele = axiom_element_create(env, NULL, OXS_NODE_SECURITY_TOKEN_REFRENCE, ns_obj, &security_token_reference_node);
- axiom_node_add_child(parent, env, security_token_reference_node);
-
- if (!security_token_reference_ele)
+ if(!security_token_reference_ele)
{
oxs_error(env, ERROR_LOCATION,
OXS_ERROR_ELEMENT_FAILED, "Error creating SecurityTokenReference element");
return NULL;
+ }
+
+ if(parent)
+ {
+ axiom_node_add_child(parent, env, security_token_reference_node);
}
return security_token_reference_node;
Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c Fri Feb 8 02:06:20 2008
@@ -237,7 +237,8 @@
oxs_xml_enc_encrypt_node(const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
axiom_node_t *node,
- axiom_node_t **enc_type_node)
+ axiom_node_t **enc_type_node,
+ axiom_node_t *security_token_reference)
{
axis2_char_t *serialized_data = NULL;
oxs_buffer_t *serialized_buf= NULL;
@@ -250,7 +251,7 @@
ret = oxs_buffer_populate(serialized_buf, env, (unsigned char *)serialized_data, axutil_strlen(serialized_data));
/*We call encrypt_data*/
- ret = oxs_xml_enc_encrypt_data(env, enc_ctx, serialized_buf, enc_type_node);
+ ret = oxs_xml_enc_encrypt_data(env, enc_ctx, serialized_buf, enc_type_node, security_token_reference);
/*Remove the node from the parent*/
if(AXIS2_SUCCESS == ret){
@@ -265,6 +266,8 @@
AXIS2_FREE(env->allocator, serialized_data);
serialized_data = NULL;
+ serialized_data = axiom_node_to_string_non_optimized(*enc_type_node, env);
+
/*Return success*/
return AXIS2_SUCCESS;
}
@@ -274,7 +277,8 @@
oxs_xml_enc_encrypt_data(const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
oxs_buffer_t *content_buf,
- axiom_node_t **enc_type_node)
+ axiom_node_t **enc_type_node,
+ axiom_node_t *security_token_reference_node)
{
oxs_buffer_t *result_buf= NULL;
oxs_key_t *sym_key = NULL;
@@ -301,8 +305,18 @@
/*Create EncryptionMethod*/
enc_mtd_node = oxs_token_build_encryption_method_element(env, *enc_type_node, sym_algo);
- /*If the enc_ctx has a key name, then build the KeyInfo element*/
- if(oxs_ctx_get_ref_key_name(enc_ctx, env)){
+ /*If security_token_reference_node is given, then use it to build the key info*/
+ /*if we are using any trust/sct related token, then the key reference is given with the token
+ *and we are suppose to use it */
+ if(security_token_reference_node)
+ {
+ axiom_node_t *key_info_node = NULL;
+ key_info_node = oxs_token_build_key_info_element(env, *enc_type_node);
+ axiom_node_add_child(key_info_node, env, security_token_reference_node);
+ }
+ /*If the enc_ctx has a key name, then build the KeyInfo element using key name*/
+ else if(oxs_ctx_get_ref_key_name(enc_ctx, env))
+ {
axiom_node_t *key_info_node = NULL;
axiom_node_t *str_node = NULL;
axiom_node_t *ref_node = NULL;
@@ -311,6 +325,7 @@
str_node = oxs_token_build_security_token_reference_element(env, key_info_node);
ref_node = oxs_token_build_reference_element(env, str_node, oxs_ctx_get_ref_key_name(enc_ctx, env), NULL);
}
+
/*Create CipherData element and populate*/
cd_node = oxs_token_build_cipher_data_element(env, *enc_type_node);
cv_node = oxs_token_build_cipher_value_element(env, cd_node, (axis2_char_t*)oxs_buffer_get_data(result_buf, env));
Added: webservices/rampart/trunk/c/src/secconv/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secconv/Makefile.am?rev=619820&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/secconv/Makefile.am (added)
+++ webservices/rampart/trunk/c/src/secconv/Makefile.am Fri Feb 8 02:06:20 2008
@@ -0,0 +1,13 @@
+lib_LTLIBRARIES = libsecconv.la
+
+libsecconv_la_SOURCES = sct_provider.c \
+ security_context_token.c
+
+INCLUDES = -I$(top_builddir)/include \
+ -I ../../../../util/include \
+ -I ../../../../include \
+ -I ../../../../axiom/include \
+ @OPENSSLINC@ \
+ @UTILINC@ \
+ @AXIOMINC@ \
+ @AXIS2INC@
Added: webservices/rampart/trunk/c/src/secconv/sct_provider.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secconv/sct_provider.c?rev=619820&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/secconv/sct_provider.c (added)
+++ webservices/rampart/trunk/c/src/secconv/sct_provider.c Fri Feb 8 02:06:20 2008
@@ -0,0 +1,133 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <rampart_sct_provider.h>
+#include <oxs_constants.h>
+#include <oxs_buffer.h>
+#include <axiom_element.h>
+
+security_context_token_t*
+sct_provider_get_sct(const axutil_env_t* env, rp_property_t *token,
+ axis2_bool_t server_side, axis2_bool_t is_encryption, axis2_char_t *sct_id,
+ rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+{
+ rampart_sct_provider_t* sct_provider = NULL;
+ security_context_token_t* sct = NULL;
+
+ if(!sct_id)
+ {
+ if(is_encryption)
+ sct_id = rampart_context_get_encryption_sct_id(rampart_context, env);
+ else
+ sct_id = rampart_context_get_signature_sct_id(rampart_context, env);
+ }
+
+ sct_provider = rampart_context_get_sct_provider(rampart_context, env);
+ if(!sct_provider)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][sct_provider] Security context token provider module is not set");
+ return NULL;
+ }
+
+ sct = RAMPART_SCT_PROVIDER_GET_TOKEN(sct_provider, env, token, server_side, is_encryption,
+ sct_id, rampart_context, msg_ctx);
+
+ if(!sct)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][sct_provider] Security context token is not valid");
+ }
+
+ return sct;
+}
+
+AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
+sct_provider_get_secret(const axutil_env_t* env, rp_property_t *token,
+ axis2_bool_t server_side, axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+{
+ security_context_token_t* sct = NULL;
+
+ sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
+ rampart_context, msg_ctx);
+
+ if(!sct)
+ return NULL;
+
+ return security_context_token_get_secret(sct, env);
+}
+
+AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
+sct_provider_get_secret_using_id(const axutil_env_t* env, axis2_char_t* sct_id,
+ rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+{
+ security_context_token_t* sct = NULL;
+
+ sct = sct_provider_get_sct(env, NULL, axis2_msg_ctx_get_server_side(msg_ctx,env), AXIS2_TRUE, sct_id,
+ rampart_context, msg_ctx);
+
+ if(!sct)
+ return NULL;
+
+ return security_context_token_get_secret(sct, env);
+}
+
+AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+sct_provider_get_token(const axutil_env_t* env, rp_property_t *token,
+ axis2_bool_t server_side, axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+{
+ security_context_token_t* sct = NULL;
+
+ sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
+ rampart_context, msg_ctx);
+
+ if(!sct)
+ return NULL;
+
+ return security_context_token_get_token(sct, env);
+}
+
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+sct_provider_get_attached_reference(const axutil_env_t* env, rp_property_t *token,
+ axis2_bool_t server_side, axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+{
+ security_context_token_t* sct = NULL;
+
+ sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
+ rampart_context, msg_ctx);
+
+ if(!sct)
+ return NULL;
+
+ return security_context_token_get_attached_reference(sct, env);
+}
+
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+sct_provider_get_unattached_reference(const axutil_env_t* env, rp_property_t *token,
+ axis2_bool_t server_side, axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+{
+ security_context_token_t* sct = NULL;
+
+ sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
+ rampart_context, msg_ctx);
+
+ if(!sct)
+ return NULL;
+
+ return security_context_token_get_unattached_reference(sct, env);
+}
Added: webservices/rampart/trunk/c/src/secconv/security_context_token.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secconv/security_context_token.c?rev=619820&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/secconv/security_context_token.c (added)
+++ webservices/rampart/trunk/c/src/secconv/security_context_token.c Fri Feb 8 02:06:20 2008
@@ -0,0 +1,355 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <secconv_security_context_token.h>
+#include <oxs_buffer.h>
+#include <oxs_tokens.h>
+#include <trust_constants.h>
+
+struct security_context_token_t
+{
+ oxs_buffer_t *buffer;
+ axis2_char_t *global_id;
+ axis2_char_t *local_id;
+};
+
+AXIS2_EXTERN security_context_token_t *AXIS2_CALL
+ security_context_token_create(
+ const axutil_env_t * env)
+{
+ security_context_token_t *sct = NULL;
+
+ AXIS2_ENV_CHECK(env, NULL);
+
+ sct = (security_context_token_t *) AXIS2_MALLOC (env->allocator,
+ sizeof (security_context_token_t));
+
+ if(sct == NULL)
+ {
+ AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE);
+ return NULL;
+ }
+
+ sct->buffer = NULL;
+ sct->global_id = NULL;
+ sct->local_id = NULL;
+ return sct;
+}
+
+AXIS2_EXTERN void AXIS2_CALL
+security_context_token_free(
+ security_context_token_t *sct,
+ const axutil_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ if(sct->buffer)
+ {
+ oxs_buffer_free(sct->buffer, env);
+ }
+ AXIS2_FREE(env->allocator, sct);
+ return;
+}
+
+AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
+security_context_token_get_secret(
+ security_context_token_t * sct,
+ const axutil_env_t * env)
+{
+ return sct->buffer;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+security_context_token_get_global_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env)
+{
+ return sct->global_id;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+security_context_token_get_local_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env)
+{
+ return sct->local_id;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+security_context_token_set_secret(
+ security_context_token_t * sct,
+ const axutil_env_t * env,
+ oxs_buffer_t *buffer)
+{
+ sct->buffer = buffer;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+security_context_token_set_global_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env,
+ axis2_char_t *global_id)
+{
+ sct->global_id = global_id;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+security_context_token_set_local_identifier(
+ security_context_token_t * sct,
+ const axutil_env_t * env,
+ axis2_char_t *local_id)
+{
+ sct->local_id = local_id;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+security_context_token_get_requested_proof_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env)
+{
+ int encodedlen;
+ axis2_char_t *encoded_str = NULL;
+ axiom_node_t* proof_token = NULL;
+ axiom_element_t *proof_token_ele = NULL;
+ axiom_node_t* secret_node = NULL;
+ axiom_element_t *secret_ele = NULL;
+ axiom_namespace_t *ns_obj_wst = NULL;
+
+ if(!sct->buffer)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Security context token does not have a shared secret");
+ return NULL;
+ }
+
+ encodedlen = axutil_base64_encode_len(oxs_buffer_get_size(sct->buffer, env));
+ encoded_str = AXIS2_MALLOC(env->allocator, encodedlen);
+ axutil_base64_encode(encoded_str, (const char *)oxs_buffer_get_data(sct->buffer, env), oxs_buffer_get_size(sct->buffer, env));
+
+ ns_obj_wst = axiom_namespace_create(env, TRUST_WST_XMLNS, TRUST_WST);
+ proof_token_ele = axiom_element_create(env, NULL, TRUST_REQUESTED_PROOF_TOKEN, ns_obj_wst, &proof_token);
+ if (!proof_token_ele)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot create requested proof token");
+ return NULL;
+ }
+
+ secret_ele = axiom_element_create(env, proof_token, TRUST_BINARY_SECRET, ns_obj_wst, &secret_node);
+ if(!secret_ele)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot create binary secret token");
+ return NULL;
+ }
+ axiom_element_set_text(secret_ele, env, encoded_str, secret_node);
+
+ return proof_token;
+}
+
+AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+security_context_token_get_attached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env)
+{
+ axiom_node_t *str_token = NULL;
+ axiom_node_t *ref_token = NULL;
+
+ if(!sct->local_id)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Security context token does not have a local identifier");
+ return NULL;
+ }
+
+ str_token = oxs_token_build_security_token_reference_element(env, NULL);
+ ref_token = oxs_token_build_reference_element(env, str_token, sct->local_id, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN);
+ return str_token;
+}
+
+AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+security_context_token_get_unattached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env)
+{
+ axiom_node_t *str_token = NULL;
+ axiom_node_t *ref_token = NULL;
+
+ if(!sct->global_id)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Security context token does not have a global identifier");
+ return NULL;
+ }
+
+ str_token = oxs_token_build_security_token_reference_element(env, NULL);
+ ref_token = oxs_token_build_reference_element(env, str_token, sct->global_id, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN);
+ return str_token;
+}
+
+AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+security_context_token_get_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env)
+{
+ axiom_node_t* sct_token = NULL;
+ axiom_element_t *token_ele = NULL;
+ axiom_node_t* identifier_node = NULL;
+ axiom_element_t *identifier_ele = NULL;
+ axiom_namespace_t *ns_obj_sc = NULL;
+ axiom_namespace_t *ns_obj_wsu = NULL;
+ axiom_attribute_t *id_attr = NULL;
+
+ if(!sct->global_id)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Security context token does not have an identifier.");
+ return NULL;
+ }
+
+ ns_obj_sc = axiom_namespace_create(env, OXS_WSC_NS, OXS_WSC);
+ token_ele = axiom_element_create(env, NULL, OXS_NODE_SECURITY_CONTEXT_TOKEN, ns_obj_sc, &sct_token);
+ if (!token_ele)
+ {
+ oxs_error(env, ERROR_LOCATION,
+ OXS_ERROR_ELEMENT_FAILED, "Error creating SecurityContextToken element");
+ return NULL;
+ }
+
+ if(sct->local_id)
+ {
+ ns_obj_wsu = axiom_namespace_create(env, OXS_WSU_XMLNS, OXS_WSU);
+ id_attr = axiom_attribute_create(env, OXS_ATTR_ID, axutil_string_substring_starting_at(axutil_strdup(env, sct->local_id), 1), ns_obj_wsu);
+ axiom_element_add_attribute(token_ele, env, id_attr, sct_token);
+ }
+
+ identifier_ele = axiom_element_create(env, sct_token, OXS_NODE_IDENTIFIER, ns_obj_sc, &identifier_node);
+ if(!identifier_ele)
+ {
+ oxs_error(env, ERROR_LOCATION,
+ OXS_ERROR_ELEMENT_FAILED, "Error creating SecurityContextToken element");
+ return NULL;
+ }
+ axiom_element_set_text(identifier_ele, env, sct->global_id, identifier_node);
+
+ return sct_token;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+security_context_token_set_requested_proof_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node)
+{
+ /*axiom_node_t *secret_node = NULL;*/
+ axis2_char_t *shared_secret = NULL;
+ int decoded_len = 0;
+ axis2_char_t *decoded_shared_secret = NULL;
+
+ AXIS2_PARAM_CHECK(env->error, node, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, sct, AXIS2_FAILURE);
+
+ /*secret_node = oxs_axiom_get_first_child_node_by_name(env, node, TRUST_BINARY_SECRET, TRUST_WST_XMLNS, NULL);
+ if(!secret_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot get binary secret node from proof token");
+ return AXIS2_FAILURE;
+ }*/
+
+ shared_secret = oxs_axiom_get_node_content(env, node);
+ if(!shared_secret)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot get content of binary secret node");
+ return AXIS2_FAILURE;
+ }
+
+ decoded_len = axutil_base64_decode_len(shared_secret);
+ decoded_shared_secret = AXIS2_MALLOC(env->allocator, decoded_len);
+ axutil_base64_decode_binary((unsigned char*)decoded_shared_secret, shared_secret);
+
+ sct->buffer = oxs_buffer_create(env);
+ oxs_buffer_populate(sct->buffer, env, (unsigned char*)decoded_shared_secret, decoded_len);
+
+ AXIS2_FREE(env->allocator, decoded_shared_secret);
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+security_context_token_set_attached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node)
+{
+ axiom_node_t *ref_token = NULL;
+ axis2_char_t *local_id = NULL;
+
+ AXIS2_PARAM_CHECK(env->error, node, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, sct, AXIS2_FAILURE);
+
+ ref_token = oxs_axiom_get_first_child_node_by_name(env, node, OXS_NODE_REFERENCE, OXS_WSSE_XMLNS, NULL);
+ if(!ref_token)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot get reference node from attached reference");
+ return AXIS2_FAILURE;
+ }
+
+ local_id = oxs_token_get_reference(env, ref_token);
+ if(!local_id)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot get attached reference");
+ return AXIS2_FAILURE;
+ }
+
+ sct->local_id = local_id;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+security_context_token_set_unattached_reference(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node)
+{
+ axiom_node_t *ref_token = NULL;
+ axis2_char_t *reference_id = NULL;
+
+ AXIS2_PARAM_CHECK(env->error, node, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, sct, AXIS2_FAILURE);
+
+ ref_token = oxs_axiom_get_first_child_node_by_name(env, node, OXS_NODE_REFERENCE, OXS_WSSE_XMLNS, NULL);
+ if(!ref_token)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot get reference node from unattached reference");
+ return AXIS2_FAILURE;
+ }
+
+ reference_id = oxs_token_get_reference(env, ref_token);
+ if(!reference_id)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][security context token] Cannot get unattached reference");
+ return AXIS2_FAILURE;
+ }
+
+ sct->global_id = reference_id;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+security_context_token_set_token(
+ security_context_token_t *sct,
+ const axutil_env_t * env,
+ axiom_node_t *node)
+{
+ return AXIS2_SUCCESS;
+}
\ No newline at end of file
Modified: webservices/rampart/trunk/c/src/trust/sts_client.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/trust/sts_client.c?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/trust/sts_client.c (original)
+++ webservices/rampart/trunk/c/src/trust/sts_client.c Fri Feb 8 02:06:20 2008
@@ -350,3 +350,95 @@
return sts_client->service_policy_location;
}
+
+AXIS2_EXTERN void AXIS2_CALL
+trust_sts_client_request_security_token_using_policy(
+ trust_sts_client_t * sts_client,
+ const axutil_env_t * env,
+ trust_context_t *trust_context,
+ neethi_policy_t *issuer_policy)
+{
+ axis2_svc_client_t *svc_client = NULL;
+
+ axis2_status_t status = AXIS2_SUCCESS;
+ axiom_node_t *rst_node = NULL;
+ axiom_node_t *return_node = NULL;
+ axis2_op_client_t* op_client = NULL;
+ axis2_msg_ctx_t *in_msg_ctx = NULL;
+
+
+ /*Action Logic*/
+ trust_rst_t *rst = NULL;
+ axis2_char_t *request_type = NULL;
+
+ trust_sts_client_process_policies(sts_client, env, issuer_policy, issuer_policy);
+
+ /*Action Logic - RequestType - used for specify the requesting action*/
+ rst = trust_context_get_rst(trust_context, env);
+ if(NULL == rst)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[trust] RST is NULL: Created RST_CTX may not set to TrustContest");
+ return;
+ }
+
+ request_type = trust_rst_get_request_type(rst, env);
+
+ if(NULL == request_type)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[trust] RST-RequestType is NOT set. RST MUST have a RequestType");
+ return;
+ }
+
+ svc_client =
+ trust_sts_client_get_svc_client(sts_client, env, request_type);
+
+
+ if (svc_client)
+ {
+ status = axis2_svc_client_set_policy(svc_client, env, issuer_policy);
+
+ if (status == AXIS2_FAILURE)
+ {
+ axis2_svc_client_free(svc_client, env);
+ svc_client = NULL;
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Policy setting failed.");
+ }
+
+ /*Building the RST */
+ rst_node = trust_context_build_rst_node(trust_context, env);
+ if(rst_node)
+ {
+ return_node = axis2_svc_client_send_receive(svc_client, env, rst_node);
+ sts_client->sent_rst_node = return_node;
+
+ /*Processing Response*/
+ if(!return_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[trust] Return axiom node NULL");
+ }
+ else
+ {
+ /*Processing IN_MSG_CONTEXT*/
+ op_client = axis2_svc_client_get_op_client(svc_client, env);
+ if(op_client)
+ {
+ in_msg_ctx = (axis2_msg_ctx_t *)axis2_op_client_get_msg_ctx (op_client, env, AXIS2_WSDL_MESSAGE_LABEL_IN);
+
+ if(in_msg_ctx)
+ {
+ trust_context_process_rstr(trust_context, env, in_msg_ctx);
+ sts_client->received_in_msg_ctx = in_msg_ctx; /*Store the in_msg_context for sec_header extentions in trust*/
+ }
+ }
+
+ }
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[trust] RST-Not send -> RST Node building failed");
+ return;
+ }
+ }
+
+ return;
+}
\ No newline at end of file
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=619820&r1=619819&r2=619820&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Fri Feb 8 02:06:20 2008
@@ -20,6 +20,8 @@
#include <oxs_axiom.h>
#include <oxs_x509_cert.h>
#include <rampart_replay_detector.h>
+#include <rampart_sct_provider.h>
+#include <rampart_util.h>
#include <rp_saml_token.h>
#include <rp_issued_token.h>
#include <rampart_saml_token.h>
@@ -58,14 +60,17 @@
rampart_callback_t *password_callback_module;
rampart_authn_provider_t *authn_provider;
rampart_replay_detector_t *replay_detector;
+ rampart_sct_provider_t *sct_provider;
auth_password_func authenticate_with_password;
auth_digest_func authenticate_with_digest;
+ axis2_char_t *encryption_sct_id;
+ axis2_char_t *signature_sct_id;
+
axis2_bool_t require_timestamp;
axis2_bool_t require_ut;
- oxs_key_t *session_key;
- axutil_array_list_t *dk_list;
+ axutil_array_list_t *key_list;
/*This is used in callback functions.*/
void *ctx;
@@ -184,15 +189,18 @@
rampart_context->password_callback_module = NULL;
rampart_context->authn_provider = NULL;
rampart_context->replay_detector = NULL;
+ rampart_context->sct_provider = NULL;
rampart_context->authenticate_with_password = NULL;
rampart_context->authenticate_with_digest = NULL;
rampart_context->require_ut = AXIS2_FALSE;
rampart_context->require_timestamp = AXIS2_FALSE;
rampart_context->ctx = NULL;
rampart_context->ref = 0;
- rampart_context->session_key = NULL;
- rampart_context->dk_list = axutil_array_list_create(env, 2);
+ rampart_context->encryption_sct_id = NULL;
+ rampart_context->signature_sct_id = NULL;
+
+ rampart_context->key_list = axutil_array_list_create(env, 2);
return rampart_context;
}
@@ -251,24 +259,18 @@
}
}
- if(rampart_context->session_key)
- {
- oxs_key_free(rampart_context->session_key, env);
- rampart_context->session_key = NULL;
- }
-
/*Free derived key list*/
- if (rampart_context->dk_list)
+ if (rampart_context->key_list)
{
int i;
- for(i=0 ; i < axutil_array_list_size(rampart_context->dk_list, env); i++)
+ for(i=0 ; i < axutil_array_list_size(rampart_context->key_list, env); i++)
{
oxs_key_t* dk = NULL;
- dk = (oxs_key_t*)axutil_array_list_get(rampart_context->dk_list, env, i);
+ dk = (oxs_key_t*)axutil_array_list_get(rampart_context->key_list, env, i);
oxs_key_free(dk, env);
}
- axutil_array_list_free(rampart_context->dk_list, env);
- rampart_context->dk_list = NULL;
+ axutil_array_list_free(rampart_context->key_list, env);
+ rampart_context->key_list = NULL;
}
if(rampart_context->certificate){
@@ -280,22 +282,22 @@
rampart_context->receiver_certificate = NULL;
}
- if(rampart_context->dk_list){
+ if(rampart_context->key_list){
/*Need to free data of the list*/
int size = 0;
int j = 0;
- size = axutil_array_list_size(rampart_context->dk_list, env);
+ size = axutil_array_list_size(rampart_context->key_list, env);
for (j = 0; j < size; j++)
{
- oxs_key_t *dk = NULL;
+ oxs_key_t *key = NULL;
- dk = axutil_array_list_get(rampart_context->dk_list, env, j);
- oxs_key_free(dk , env);
- dk = NULL;
+ key = axutil_array_list_get(rampart_context->key_list, env, j);
+ oxs_key_free(key , env);
+ key = NULL;
}
- axutil_array_list_free(rampart_context->dk_list, env);
- rampart_context->dk_list = NULL;
+ axutil_array_list_free(rampart_context->key_list, env);
+ rampart_context->key_list = NULL;
}
AXIS2_FREE(env->allocator,rampart_context);
@@ -847,40 +849,115 @@
return AXIS2_SUCCESS;
}
-AXIS2_EXTERN oxs_key_t *AXIS2_CALL
-rampart_context_get_session_key(
+AXIS2_EXTERN struct rampart_sct_provider_t *AXIS2_CALL
+rampart_context_get_sct_provider(
rampart_context_t *rampart_context,
const axutil_env_t *env)
{
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
- return rampart_context->session_key;
+ return (void*)rampart_context->sct_provider;
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_context_set_session_key(rampart_context_t *rampart_context,
- const axutil_env_t *env,
- oxs_key_t *session_key)
+rampart_context_set_sct_provider(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ struct rampart_sct_provider_t *sct_provider)
{
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
- AXIS2_PARAM_CHECK(env->error, session_key, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,sct_provider,AXIS2_FAILURE);
- /*Dup before set*/
- if(rampart_context->session_key){
- oxs_key_free(rampart_context->session_key, env);
- rampart_context->session_key = NULL;
- }
- rampart_context->session_key = oxs_key_dup(session_key, env);
+ rampart_context->sct_provider= (rampart_sct_provider_t*)sct_provider;
return AXIS2_SUCCESS;
}
+AXIS2_EXTERN oxs_key_t *AXIS2_CALL
+rampart_context_get_encryption_session_key(rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ oxs_key_t* key = NULL;
+ int i = 0;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FALSE);
+
+ /*Repeat thru all the keys and find the matching one*/
+ for(i=0 ; i < axutil_array_list_size(rampart_context->key_list, env); i++)
+ {
+ key = (oxs_key_t*)axutil_array_list_get(rampart_context->key_list, env, i);
+ if(OXS_KEY_USAGE_SESSION == oxs_key_get_usage(key, env))
+ {
+ return key;
+ }
+ }
+
+ return NULL;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_encryption_session_key(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ oxs_key_t *session_key)
+{
+ if(rampart_context->key_list)
+ {
+ oxs_key_set_usage(session_key, env, OXS_KEY_USAGE_SESSION);
+ axutil_array_list_add(rampart_context->key_list, env, session_key);
+ return AXIS2_SUCCESS;
+ }
+
+ return AXIS2_FALSE;
+}
+
+AXIS2_EXTERN oxs_key_t *AXIS2_CALL
+rampart_context_get_signature_session_key(rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ oxs_key_t* key = NULL;
+ int i = 0;
+ int key_usage = OXS_KEY_USAGE_SESSION;
+
+ if(is_different_session_key_for_encryption_and_signing(env, rampart_context))
+ key_usage = OXS_KEY_USAGE_SIGNATURE_SESSION;
+
+ /*Repeat thru all the keys and find the matching one*/
+ for(i=0 ; i < axutil_array_list_size(rampart_context->key_list, env); i++)
+ {
+ key = (oxs_key_t*)axutil_array_list_get(rampart_context->key_list, env, i);
+ if(key_usage == oxs_key_get_usage(key, env))
+ {
+ return key;
+ }
+ }
+
+ return NULL;
+}
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_context_add_derived_key(rampart_context_t *rampart_context,
+rampart_context_set_signature_session_key(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ oxs_key_t *session_key)
+{
+ if(rampart_context->key_list)
+ {
+ int key_usage = OXS_KEY_USAGE_SESSION;
+ if(is_different_session_key_for_encryption_and_signing(env, rampart_context))
+ key_usage = OXS_KEY_USAGE_SIGNATURE_SESSION;
+
+ oxs_key_set_usage(session_key, env, key_usage);
+ axutil_array_list_add(rampart_context->key_list, env, session_key);
+ return AXIS2_SUCCESS;
+ }
+
+ return AXIS2_FALSE;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_add_key(rampart_context_t *rampart_context,
const axutil_env_t *env,
- oxs_key_t *derived_key)
+ oxs_key_t *key)
{
- if(rampart_context->dk_list){
- axutil_array_list_add(rampart_context->dk_list, env, derived_key);
+ if(rampart_context->key_list){
+ axutil_array_list_add(rampart_context->key_list, env, key);
}else{
return AXIS2_FALSE;
}
@@ -888,32 +965,32 @@
}
AXIS2_EXTERN axutil_array_list_t* AXIS2_CALL
-rampart_context_get_derived_keys(rampart_context_t *rampart_context,
+rampart_context_get_keys(rampart_context_t *rampart_context,
const axutil_env_t *env)
{
AXIS2_ENV_CHECK(env, AXIS2_FALSE);
- return rampart_context->dk_list;
+ return rampart_context->key_list;
}
AXIS2_EXTERN oxs_key_t* AXIS2_CALL
-rampart_context_get_derived_key(rampart_context_t *rampart_context,
+rampart_context_get_key(rampart_context_t *rampart_context,
const axutil_env_t *env,
- axis2_char_t* dk_id)
+ axis2_char_t* key_id)
{
- oxs_key_t* dk = NULL;
+ oxs_key_t* key = NULL;
int i = 0;
AXIS2_ENV_CHECK(env, AXIS2_FALSE);
/*Repeat thru all the derived keys and find the matching one*/
- for(i=0 ; i < axutil_array_list_size(rampart_context->dk_list, env); i++)
+ for(i=0 ; i < axutil_array_list_size(rampart_context->key_list, env); i++)
{
axis2_char_t *key_name = NULL;
- dk = (oxs_key_t*)axutil_array_list_get(rampart_context->dk_list, env, i);
- key_name = oxs_key_get_name(dk, env);
- if(0 == axutil_strcmp(key_name, dk_id)){
- return dk;
+ key = (oxs_key_t*)axutil_array_list_get(rampart_context->key_list, env, i);
+ key_name = oxs_key_get_name(key, env);
+ if(0 == axutil_strcmp(key_name, key_id)){
+ return key;
}
}
@@ -1441,6 +1518,20 @@
if(rp_x509_token_get_require_key_identifier_reference(x509_token,env))
return AXIS2_TRUE;
}
+ else if(rp_property_get_type(token, env) == RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
+ {
+ rp_security_context_token_t *security_context_token;
+ security_context_token = (rp_security_context_token_t *)rp_property_get_value(token, env);
+ if(security_context_token)
+ {
+ return AXIS2_TRUE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "Cannot get the token value from policy.");
+ return AXIS2_FALSE;
+ }
+ }
else
return AXIS2_FALSE;
@@ -1803,6 +1894,19 @@
return rp_rampart_config_get_replay_detector(config,env);
}
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_sct_provider_name(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ rp_rampart_config_t *config = NULL;
+ config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(!config)
+ return NULL;
+
+ return rp_rampart_config_get_sct_provider(config,env);
+}
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_context_set_password_type_from_file(
rampart_context_t *rampart_context,
@@ -2249,6 +2353,12 @@
x509_token = (rp_x509_token_t *)rp_property_get_value(token,env);
return rp_x509_token_get_derivedkeys(x509_token,env);
}
+ else if(rp_property_get_type(token, env) == RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
+ {
+ rp_security_context_token_t *security_context_token = NULL;
+ security_context_token = (rp_security_context_token_t *)rp_property_get_value(token, env);
+ return rp_security_context_token_get_derivedkeys(security_context_token, env);
+ }
/*This can be extended when we are supporting other token types.*/
else
return AXIS2_FALSE;
@@ -2404,11 +2514,13 @@
{
if(token_type == RP_PROPERTY_X509_TOKEN)
return AXIS2_TRUE;
+ else if (token_type == RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
+ return AXIS2_TRUE;
else if (token_type == RP_PROPERTY_SAML_TOKEN)
return AXIS2_TRUE;
else
{
- AXIS2_LOG_INFO(env->log,"We still only suppport X509 Tokens.");
+ AXIS2_LOG_INFO(env->log,"We still only suppport X509 Tokens and security context tokens.");
return AXIS2_FALSE;
}
/*This method will be extended when we are supporting other types of tokens.*/
@@ -2445,6 +2557,17 @@
saml_token = (rp_saml_token_t *)rp_property_get_value(token, env);
inclusion = rp_saml_token_get_inclusion(saml_token, env);
}
+ else if (token_type == RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
+ {
+ rp_security_context_token_t *security_context_token = NULL;
+ security_context_token = (rp_security_context_token_t *)rp_property_get_value(token, env);
+ inclusion = rp_security_context_token_get_inclusion(security_context_token, env);
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"We still only support x509 tokens and security context tokens");
+ return AXIS2_FALSE;
+ }
if(server_side)
{
@@ -2468,7 +2591,8 @@
else
include = (axutil_strcmp(inclusion,RP_INCLUDE_ALWAYS)==0);
}
- return include;
+ return include;
+
}
@@ -2562,6 +2686,41 @@
return AXIS2_SUCCESS;
}
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_encryption_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->encryption_sct_id;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_signature_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->signature_sct_id;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_encryption_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ axis2_char_t *sct_id)
+{
+ rampart_context->encryption_sct_id = sct_id;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_signature_sct_id(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ axis2_char_t *sct_id)
+{
+ rampart_context->signature_sct_id = sct_id;
+ return AXIS2_SUCCESS;
+}
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_context_is_issued_token_aquired(rampart_context_t *rampart_context,
const axutil_env_t *env)