You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by sh...@apache.org on 2008/06/23 06:30:03 UTC
svn commit: r670443 [1/2] - in /webservices/rampart/trunk/c: include/
samples/sct_provider/ samples/server/secconv_echo/ src/secconv/ src/trust/
src/util/
Author: shankar
Date: Sun Jun 22 21:30:03 2008
New Revision: 670443
URL: http://svn.apache.org/viewvc?rev=670443&view=rev
Log:
security context token API modifications.
Modified:
webservices/rampart/trunk/c/include/oxs_constants.h
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/include/rampart_replay_detector.h
webservices/rampart/trunk/c/include/rampart_sct_provider.h
webservices/rampart/trunk/c/include/trust_constants.h
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c
webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c
webservices/rampart/trunk/c/src/secconv/sct_provider.c
webservices/rampart/trunk/c/src/trust/rst.c
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
Modified: webservices/rampart/trunk/c/include/oxs_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_constants.h?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_constants.h (original)
+++ webservices/rampart/trunk/c/include/oxs_constants.h Sun Jun 22 21:30:03 2008
@@ -137,6 +137,7 @@
#define OXS_NODE_SECURITY_CONTEXT_TOKEN "SecurityContextToken"
#define OXS_NODE_IDENTIFIER "Identifier"
#define OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN "http://schemas.xmlsoap.org/ws/2005/02/sc/sct"
+#define OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN_05_12 "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct"
/************************
SAML nodes
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Sun Jun 22 21:30:03 2008
@@ -55,6 +55,10 @@
#define RAMPART_IN_HANDLER "RampartInHandler"
#define RAMPART_OUT_HANDLER "RampartOutHandler"
+ /* Rahas module */
+#define RAHAS_IN_HANDLER "RahasInHandler"
+#define RAHAS_OUT_HANDLER "RahasOutHandler"
+
/*Default values*/
#define RAMPART_DEFAULT_KT_ALGO OXS_DEFAULT_KT_ALGO_HREF
#define RAMPART_STR_DEFAULT OXS_STR_DEFAULT
@@ -153,8 +157,10 @@
#define RAMPART_RD_DEF_VALID_DURATION 60
#define RAMPART_RD_DEF_MAX_RCDS 5
+#define RAMPART_SCT_ID_TYPE_UNKNOWN 0
+#define RAMPART_SCT_ID_TYPE_LOCAL 1
+#define RAMPART_SCT_ID_TYPE_GLOBAL 2
-#define RAMPART_SCT_PROVIDER_DB_PROB "Rampart_SCT_Prov_DB_Prop"
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Sun Jun 22 21:30:03 2008
@@ -1,9 +1,10 @@
/*
- * Copyright 2004,2005 The Apache Software Foundation.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
@@ -51,29 +52,86 @@
typedef struct rampart_context_t rampart_context_t;
typedef axis2_char_t *(AXIS2_CALL*
- password_callback_fn)(const axutil_env_t *env,
- const axis2_char_t *username,
- void *user_params);
+ password_callback_fn)(
+ const axutil_env_t *env,
+ const axis2_char_t *username,
+ void *user_params);
typedef axis2_status_t (AXIS2_CALL*
- rampart_is_replayed_fn)(const axutil_env_t *env,
- axis2_msg_ctx_t* msg_ctx,
- rampart_context_t *rampart_context,
- void *user_params);
+ rampart_is_replayed_fn)(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ rampart_context_t *rampart_context,
+ void *user_params);
typedef rampart_authn_provider_status_t (AXIS2_CALL*
- auth_password_func)(const axutil_env_t* env,
- const axis2_char_t *username,
- const axis2_char_t *password,
- void *ctx);
+ auth_password_func)(
+ const axutil_env_t* env,
+ const axis2_char_t *username,
+ const axis2_char_t *password,
+ void *ctx);
typedef rampart_authn_provider_status_t (AXIS2_CALL*
- auth_digest_func)(const axutil_env_t* env,
- const axis2_char_t *username,
- const axis2_char_t *nonce,
- const axis2_char_t *created,
- const char *digest,
- void *ctx);
+ auth_digest_func)(
+ const axutil_env_t* env,
+ const axis2_char_t *username,
+ const axis2_char_t *nonce,
+ const axis2_char_t *created,
+ const char *digest,
+ void *ctx);
+
+ /* This function will be used to store sct. Global id, local id will be given so function
+ * writer can store them in anyway. Get or Delete method will use any of the Global id or local
+ * id, so Store function writer should be ready for that.
+ */
+ typedef axis2_status_t (AXIS2_CALL*
+ store_security_context_token_fn)(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_global_id,
+ axis2_char_t *sct_local_id,
+ void *sct,
+ void *user_params);
+
+ /* This function will be called to get previously stored sct. If secure conversation token is
+ * referred by this method, then sct_id will be not null. However, if security context token
+ * (pre-agreed and established offline) is refered then sct_id might be NULL. is_encryption is
+ * passed, so that if pre-agreed sct is different for encryption and signature, then it could be
+ * accessed. sct_id_type will be RAMPART_SCT_ID_TYPE_LOCAL or RAMPART_SCT_ID_TYPE_GLOBAL if
+ * sct_id is NOT NULL. If sct_id is NULL, then sct_id_type will be RAMPART_SCT_ID_TYPE_UNKNOWN
+ */
+ typedef void* (AXIS2_CALL*
+ obtain_security_context_token_fn)(
+ const axutil_env_t *env,
+ axis2_bool_t is_encryption,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params);
+
+ /* This function will be called to delete previously stored sct. sct_id_type can be
+ * RAMPART_SCT_ID_TYPE_LOCAL or RAMPART_SCT_ID_TYPE_GLOBAL
+ */
+ typedef axis2_status_t (AXIS2_CALL*
+ delete_security_context_token_fn)(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params);
+
+ /* Validates whether security context token is valid or not. Normally, we can directly send
+ * true as response. But if syntax of security context token is altered/added by using
+ * extensible mechanism (e.g having sessions, etc.) then user can implement this method.
+ * Axiom representation of the sct will be given as the parameter, because if sct is
+ * extended, we don't know the syntax. Method writer can implement whatever needed.
+ */
+ typedef axis2_status_t (AXIS2_CALL*
+ validate_security_context_token_fn)(
+ const axutil_env_t *env,
+ axiom_node_t *sct_node,
+ axis2_msg_ctx_t *msg_ctx,
+ void *user_params);
/**
@@ -84,7 +142,8 @@
*/
AXIS2_EXTERN rampart_context_t *AXIS2_CALL
- rampart_context_create(const axutil_env_t *env);
+ rampart_context_create(
+ const axutil_env_t *env);
/**
@@ -94,8 +153,9 @@
*/
AXIS2_EXTERN void AXIS2_CALL
- rampart_context_free(rampart_context_t *rampart_context,
- const axutil_env_t *env);
+ rampart_context_free(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
/****************************************************************/
@@ -1653,6 +1713,129 @@
const axutil_env_t *env,
void *key_store_buf,
int length);
+
+ /**
+ * Set the function used to store security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @param store_fn funtion pointer used to store sct
+ * @returns status of the operation
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_store_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ store_security_context_token_fn store_fn);
+
+ /**
+ * Set the function used to get security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @param get_fn funtion pointer used to get stored sct
+ * @returns status of the operation
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_obtain_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ obtain_security_context_token_fn get_fn);
+
+ /**
+ * Set the function used to delete security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @param delete_fn funtion pointer used to delete stored sct
+ * @returns status of the operation
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_delete_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ delete_security_context_token_fn delete_fn);
+
+ /**
+ * Set the user parameters used to invoke security context token related funtions
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @param user_params pointer to user params
+ * @returns status of the operation
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_security_context_token_user_params(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ void* user_params);
+
+ /**
+ * Set the function used to validate security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @param validate_fn funtion pointer used to validate sct
+ * @returns status of the operation
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_validate_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ validate_security_context_token_fn validate_fn);
+
+ /**
+ * Get the function used to store security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @returns untion pointer used to store sct
+ */
+ AXIS2_EXTERN store_security_context_token_fn AXIS2_CALL
+ rampart_context_get_store_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ /**
+ * Get the function used to get security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @returns funtion pointer used to get stored sct
+ */
+ AXIS2_EXTERN obtain_security_context_token_fn AXIS2_CALL
+ rampart_context_get_obtain_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ /**
+ * Get the function used to delete security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @returns funtion pointer used to delete stored sct
+ */
+ AXIS2_EXTERN delete_security_context_token_fn AXIS2_CALL
+ rampart_context_get_delete_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ /**
+ * Get the user parameters used to invoke security context token related funtions
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @param user_params pointer to user params
+ * @returns pointer to user parameter.
+ */
+ AXIS2_EXTERN void* AXIS2_CALL
+ rampart_context_get_security_context_token_user_params(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ /**
+ * Get the function used to validate security context token
+ * @param rampart_context Pointer to rampart context struct.
+ * @param env Pointer to environment struct
+ * @returns funtion pointer used to validate sct
+ */
+ AXIS2_EXTERN validate_security_context_token_fn AXIS2_CALL
+ rampart_context_get_validate_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/include/rampart_replay_detector.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_replay_detector.h?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_replay_detector.h (original)
+++ webservices/rampart/trunk/c/include/rampart_replay_detector.h Sun Jun 22 21:30:03 2008
@@ -88,7 +88,8 @@
* @returns status of the op. AXIS2_SUCCESS on success and AXIS2_FAILURE on error
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
- rampart_replay_detector_with_linked_list(const axutil_env_t *env,
+ rampart_replay_detector_default(
+ const axutil_env_t *env,
axis2_msg_ctx_t* msg_ctx,
rampart_context_t *rampart_context,
void *user_params);
Modified: webservices/rampart/trunk/c/include/rampart_sct_provider.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_sct_provider.h?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_sct_provider.h (original)
+++ webservices/rampart/trunk/c/include/rampart_sct_provider.h Sun Jun 22 21:30:03 2008
@@ -42,34 +42,51 @@
{
#endif
- /**
- * Type name for struct rampart_sct_provider_ops
- */
typedef struct rampart_sct_provider_ops rampart_sct_provider_ops_t;
-
- /**
- * Type name for struct rampart_sct_provider
- */
-
typedef struct rampart_sct_provider rampart_sct_provider_t;
- /**
- * get_sct_secret gives the shared secret of security context token
- */
struct rampart_sct_provider_ops
{
- security_context_token_t* (AXIS2_CALL*
- get_token)(rampart_sct_provider_t *sct_provider,
- const axutil_env_t* env,
- rp_property_t *token,
- axis2_bool_t server_side,
- axis2_bool_t is_encryption,
- axis2_char_t* identifier,
- rampart_context_t* rampart_context,
- axis2_msg_ctx_t* msg_ctx);
+ /* This function will be called to get previously stored sct. If secure conversation token
+ * is referred by this method, then sct_id will be not null. However, if security context
+ * token (pre-agreed and established offline) is refered then sct_id might be NULL.
+ * is_encryption is passed, so that if pre-agreed sct is different for encryption and
+ * signature, then it could be accessed. sct_id_type can be RAMPART_SCT_ID_TYPE_LOCAL
+ * or RAMPART_SCT_ID_TYPE_GLOBAL. user_param will be whatever stored using
+ * rampart_context_set_security_context_token_user_params.
+ */
+ obtain_security_context_token_fn obtain_security_context_token;
+
+ /* This function will be used to store sct. Global id, local id will be given so function
+ * writer can store them in anyway. Get or Delete method will use any of the Global id or
+ * local id, so Store function writer should be ready for that.
+ */
+ store_security_context_token_fn store_security_context_token;
+
+ /* This function will be called to delete previously stored sct. sct_id_type can be
+ * RAMPART_SCT_ID_TYPE_LOCAL or RAMPART_SCT_ID_TYPE_GLOBAL
+ */
+ delete_security_context_token_fn delete_security_context_token;
+
+ /* Validates whether security context token is valid or not. Normally, we can directly send
+ * true as response. But if syntax of security context token is altered/added by using
+ * extensible mechanism (e.g having sessions, etc.) then user can implement this method.
+ * Axiom representation of the sct will be given as the parameter, because if sct is
+ * extended, we don't know the syntax. Method writer can implement whatever needed.
+ */
+ validate_security_context_token_fn validate_security_context_token;
+
+ /* This function will be called to get the user paramters. It will be called only when
+ * loading sct_provider module. If user_params are not needed, this method can return NULL
+ */
+ void* (AXIS2_CALL*
+ get_user_params)(
+ const axutil_env_t *env);
+ /* This function will be called to free security context token provider module */
axis2_status_t (AXIS2_CALL*
- free)(rampart_sct_provider_t *sct_provider,
+ free)(
+ rampart_sct_provider_t *sct_provider,
const axutil_env_t* env);
};
@@ -79,17 +96,33 @@
axutil_param_t *param;
};
- /*returned buffer should NOT be cleared by the caller*/
+ /**
+ * Finds security context token and gets shared secret.
+ * returned buffer should NOT be cleared by the caller
+ * @param env Pointer to environment struct
+ * @param token rampart policy property of the token
+ * @param is_encryption boolean showing whether the token is needed for encryption or signature
+ * @param rampart_context pointer to rampart context structure
+ * @param msg_ctx pointer to message context structure
+ * @returns shared secret of the security context token. returned buffer should NOT be freed
+ */
AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
sct_provider_get_secret(
const axutil_env_t* env,
rp_property_t *token,
- axis2_bool_t server_side,
axis2_bool_t is_encryption,
rampart_context_t* rampart_context,
axis2_msg_ctx_t* msg_ctx);
- /*returned buffer should NOT be cleared by the caller*/
+ /**
+ * Finds security context token and gets shared secret.
+ * returned buffer should NOT be cleared by the caller
+ * @param env Pointer to environment struct
+ * @param sct_id id of security context token
+ * @param rampart_context pointer to rampart context structure
+ * @param msg_ctx pointer to message context structure
+ * @returns shared secret of the security context token. returned buffer should NOT be freed
+ */
AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
sct_provider_get_secret_using_id(
const axutil_env_t* env,
@@ -97,42 +130,152 @@
rampart_context_t* rampart_context,
axis2_msg_ctx_t* msg_ctx);
+ /**
+ * Finds security context token and gets the xml representation of token
+ * @param env Pointer to environment struct
+ * @param token rampart policy property of the token
+ * @param is_encryption boolean showing whether the token is needed for encryption or signature
+ * @param rampart_context pointer to rampart context structure
+ * @param msg_ctx pointer to message context structure
+ * @returns shared secret of the security context token. returned buffer should NOT be freed
+ */
AXIS2_EXTERN axiom_node_t *AXIS2_CALL
sct_provider_get_token(
const axutil_env_t* env,
rp_property_t *token,
- axis2_bool_t server_side,
axis2_bool_t is_encryption,
rampart_context_t* rampart_context,
axis2_msg_ctx_t* msg_ctx);
+ /**
+ * Finds security context token and gets the xml representation of key reference. This reference
+ * is used when security context token is included in the message
+ * @param env Pointer to environment struct
+ * @param token rampart policy property of the token
+ * @param is_encryption boolean showing whether the token is needed for encryption or signature
+ * @param rampart_context pointer to rampart context structure
+ * @param msg_ctx pointer to message context structure
+ * @returns shared secret of the security context token. returned buffer should NOT be freed
+ */
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
sct_provider_get_attached_reference(
const axutil_env_t* env,
rp_property_t *token,
- axis2_bool_t server_side,
axis2_bool_t is_encryption,
rampart_context_t* rampart_context,
axis2_msg_ctx_t* msg_ctx);
+ /**
+ * Finds security context token and gets the xml representation of key reference. This reference
+ * is used when security context token is NOT included in the message
+ * @param env Pointer to environment struct
+ * @param token rampart policy property of the token
+ * @param is_encryption boolean showing whether the token is needed for encryption or signature
+ * @param rampart_context pointer to rampart context structure
+ * @param msg_ctx pointer to message context structure
+ * @returns shared secret of the security context token. returned buffer should NOT be freed
+ */
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
sct_provider_get_unattached_reference(
const axutil_env_t* env,
rp_property_t *token,
- axis2_bool_t server_side,
axis2_bool_t is_encryption,
rampart_context_t* rampart_context,
axis2_msg_ctx_t* msg_ctx);
- AXIS2_EXTERN axutil_hash_t* AXIS2_CALL
- sct_provider_get_sct_hash(
+ /**
+ * Validates whether security context token is valid or not. Normally, we can directly send
+ * true as response. But if syntax of security context token is altered/added by using
+ * extensible mechanism (e.g having sessions, etc.) then user can implement this method.
+ * Axiom representation of the sct will be given as the parameter, because if sct is extended,
+ * we don't know the syntax. Method writer can implement whatever needed.
+ * @param env Pointer to environment struct
+ * @param sct_node axiom node representation of security context token.
+ * @param rampart_context pointer to rampart context structure
+ * @param msg_ctx pointer to message context structure
+ * @returns AXIS2_TRUE is sct is valid. AXIS2_FALSE otherwise.
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ sct_provider_validate_security_context_token(
const axutil_env_t *env,
- axis2_msg_ctx_t* msg_ctx);
+ axiom_node_t *sct_node,
+ rampart_context_t *rampart_context,
+ axis2_msg_ctx_t *msg_ctx);
+
+ /**
+ * Default implementation of obtain sct function. If neither sct_provider nor user defined
+ * obtain function is given, this function will be used. (obtain_security_context_token_fn)
+ * @param env pointer to environment struct
+ * @param is_encryption boolean denotes sct is needed for encryption or signature
+ * @param msg_ctx pointer to message context structure
+ * @param sct_id identifier of security context token. Can be NULL
+ * @param sct_id_type type of sct id. can be global, local or unknown
+ * @param user_params parameter provided by user (not used in this method)
+ * return security context token if found. NULL otherwise.
+ */
+ AXIS2_EXTERN void* AXIS2_CALL
+ sct_provider_obtain_sct_default(
+ const axutil_env_t *env,
+ axis2_bool_t is_encryption,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params);
- /*************************** Function macros **********************************/
-#define RAMPART_SCT_PROVIDER_GET_TOKEN(sct_provider, env, token, server_side, is_enc, sct_id, rampart_ctx, msg_ctx) \
- ((sct_provider)->ops->get_token(sct_provider, env, token, server_side, is_enc, sct_id, rampart_ctx, msg_ctx))
+ /**
+ * Default implementation of store sct function. If neither sct_provider nor user defined
+ * store function is given, this function will be used. (store_security_context_token_fn)
+ * @param env pointer to environment struct
+ * @param msg_ctx pointer to message context structure
+ * @param sct_global_id global identifier of security context token. Can be NULL
+ * @param sct_local_id local identifier of security context token. Can be NULL
+ * @param sct security context token to be stored
+ * @param user_params parameter provided by user (not used in this method)
+ * return AXIS2_SUCCESS if stored. AXIS2_FAILURE otherwise.
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ sct_provider_store_sct_default(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_global_id,
+ axis2_char_t *sct_local_id,
+ void *sct,
+ void *user_params);
+ /**
+ * Default implementation of delete sct function. If neither sct_provider nor user defined
+ * store function is given, this function will be used. (delete_security_context_token_fn)
+ * @param env pointer to environment struct
+ * @param msg_ctx pointer to message context structure
+ * @param sct_id identifier of security context token. Should not be NULL.
+ * @param sct_id_type type of sct id. can be global or local.
+ * @param user_params parameter provided by user (not used in this method)
+ * @return AXIS2_SUCCESS if deleted. AXIS2_FAILURE otherwise.
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ sct_provider_delete_sct_default(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params);
+
+ /**
+ * Default implementation of validate sct function. If neither sct_provider nor user defined
+ * store function is given, this function will be used. (validate_security_context_token_fn)
+ * @param env pointer to environment struct
+ * @param sct_node axiom representation of security context token
+ * @param user_params parameter provided by user (not used in this method)
+ * @return AXIS2_SUCCESS if valid. AXIS2_FAILURE otherwise.
+ */
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ sct_provider_validate_sct_default(
+ const axutil_env_t *env,
+ axiom_node_t *sct_node,
+ axis2_msg_ctx_t *msg_ctx,
+ void *user_params);
+
+ /*************************** Function macros **********************************/
#define RAMPART_SCT_PROVIDER_FREE(sct_provider, env) \
((sct_provider)->ops->free(sct_provider, env))
@@ -141,6 +284,6 @@
}
#endif
-#endif /* RAMPART_SCT_PROVIDER_H */
+#endif /* RAMPART_SCT_PROVIDER_H */
Modified: webservices/rampart/trunk/c/include/trust_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/trust_constants.h?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/trust_constants.h (original)
+++ webservices/rampart/trunk/c/include/trust_constants.h Sun Jun 22 21:30:03 2008
@@ -120,6 +120,7 @@
#define TRUST_ATTR_USE_KEY_SIG "Sig"
+#define TRUST_DEFAULT_KEY_SIZE 256
/* Trust Namespace URIs and Namespace prefix */
#define TRUST_S11 "S11"
@@ -143,9 +144,20 @@
#define TRUST_XS "xs"
#define TRUST_XS_XMLNS "http://www.w3.org/2001/XMLSchema"
+#define SECCONV_200502_REQUEST_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT"
+#define SECCONV_200502_REPLY_ACTION "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT"
+#define SECCONV_200512_REQUEST_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT"
+#define SECCONV_200512_REPLY_ACTION "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT"
+
+#define SECCONV_GLOBAL_ID_PREFIX "urn:uuid:"
+#define SECCONV_LOCAL_ID_PREFIX "sctId"
+
+
#define TRUST_COMPUTED_KEY_PSHA1 "http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1"
+#define TRUST_COMPUTED_KEY_PSHA1_05_12 "http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1"
/* NS Versions */
+#define TRUST_VERSION_INVALID 0
#define TRUST_VERSION_05_02 1
#define TRUST_VERSION_05_12 2
Modified: webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c (original)
+++ webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c Sun Jun 22 21:30:03 2008
@@ -15,23 +15,18 @@
* limitations under the License.
*/
-#include <stdio.h>
-#include <rampart_sct_provider.h>
#include <axutil_string.h>
#include <axutil_utils.h>
#include <oxs_utility.h>
-#include <trust_sts_client.h>
-
-#define SCT_DB_LABLE_ENC "Encryption"
-#define SCT_DB_LABLE_SIG "Signature"
-#define SCT_DB_LABLE_COM "Common"
+#include <rampart_util.h>
+#include <rampart_sct_provider.h>
-static security_context_token_t*
-sct_provider_obtain_token_from_sts(const axutil_env_t* env, rp_property_t *token, axis2_msg_ctx_t* msg_ctx);
+#define RAMPART_SCT_PROVIDER_HASH_PROB "Rampart_SCT_Prov_DB_Prop"
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-sct_provider_free(rampart_sct_provider_t *sct_provider,
- const axutil_env_t* env)
+sct_provider_free(
+ rampart_sct_provider_t *sct_provider,
+ const axutil_env_t* env)
{
if (sct_provider)
{
@@ -44,110 +39,219 @@
return AXIS2_SUCCESS;
}
-AXIS2_EXTERN security_context_token_t* AXIS2_CALL
-sct_provider_obtain_token(rampart_sct_provider_t *sct_provider, const axutil_env_t* env,
- rp_property_t *token, axis2_bool_t server_side,
- axis2_bool_t is_encryption, axis2_char_t* sct_id,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+static void
+sct_provider_hash_map_sct_hash_store_free(
+ axutil_hash_t *sct_hash_store,
+ const axutil_env_t *env)
{
- security_context_token_t* sct = NULL;
- rp_security_context_token_t* rp_sct = NULL;
- axis2_char_t *sct_db_lable = NULL;
- axutil_hash_t *sct_db = NULL;
-
- /* assume token is secure conversation token. In client side, we have to check whether the token is already
- * obtained from STS. in that case, it will be available in sct_db. but, we don't know the sct_id, so the key
- * should be "Encryption" or "Signature" or "Common". In server side, sct has to be in the sct_db and the key should be sct_id.
+ axutil_hash_index_t *hi = NULL;
- */
+ for (hi = axutil_hash_first(sct_hash_store, env); hi != NULL; hi = axutil_hash_next(env, hi))
+ {
+ void *v = NULL;
+ axutil_hash_this(hi, NULL, NULL, &v);
+ if (v)
+ {
+ security_context_token_free((security_context_token_t*)v, env);
+ }
+ }
- /*find the sct_db lable to be used*/
- if(sct_id)
- sct_db_lable = sct_id;
- else if (!server_side)
+ axutil_hash_free(sct_hash_store, env);
+}
+
+static axutil_hash_t *
+sct_provider_hash_map_get_sct_hash_store(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+ axutil_hash_t *hash_store = NULL;
+
+ /* Get the conf ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
{
- if(is_different_session_key_for_encryption_and_signing(env, rampart_context))
- {
- if(is_encryption)
- sct_db_lable = SCT_DB_LABLE_ENC;
- else
- sct_db_lable = SCT_DB_LABLE_SIG;
- }
- else
- {
- sct_db_lable = SCT_DB_LABLE_COM;
- }
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Config context is NULL. Cannot get security context token hash store.");
+ return NULL;
}
- /*get the sct_db*/
- axutil_allocator_switch_to_global_pool(env->allocator);
- sct_db = sct_provider_get_sct_hash(env, msg_ctx);
- if(!sct_db)
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot find sct datastore");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot get security context token hash store.");
return NULL;
}
- /*get the sct*/
- sct = (security_context_token_t *)axutil_hash_get(sct_db, sct_db_lable, AXIS2_HASH_KEY_STRING);
- axutil_allocator_switch_to_local_pool(env->allocator);
- if(sct)
- return sct;
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB);
+ if(property)
+ {
+ /* Get the store */
+ hash_store = (axutil_hash_t*)axutil_property_get_value(property, env);
+ }
+ else
+ {
+ axutil_property_t *hash_store_prop = NULL;
- /*sct is not in the db. So we have to get it*/
+ hash_store = axutil_hash_make(env);
+ hash_store_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_TRUE, (void *)sct_provider_hash_map_sct_hash_store_free, hash_store);
+ axis2_ctx_set_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB, hash_store_prop);
+ }
- /*check whether rp_property is valid*/
- if(!token)
+ return hash_store;
+}
+
+AXIS2_EXTERN void* AXIS2_CALL
+sct_provider_hash_map_obtain_token(
+ const axutil_env_t *env,
+ axis2_bool_t is_encryption,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params)
+{
+ axutil_hash_t *hash_store = NULL;
+ security_context_token_t *sct = NULL;
+
+ /* sct should be get from global pool */
+ axutil_allocator_switch_to_global_pool(env->allocator);
+
+ /* Get sct hash store */
+ hash_store = sct_provider_hash_map_get_sct_hash_store(env, msg_ctx);
+ if(!hash_store)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] token property is not valid");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find security context token storage.");
return NULL;
}
- rp_sct = (rp_security_context_token_t*)rp_property_get_value(token, env);
- if(!rp_sct)
+ /* get the sct if sct_id is given */
+ if(sct_id)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] value of token property is not valid");
- return NULL;
+ sct = (security_context_token_t *)axutil_hash_get(
+ hash_store, sct_id, AXIS2_HASH_KEY_STRING);
}
- /*check whether the assertion is SecureConversationToken. If not (e.g. SecurityContextToken) then you can't
- request the token from STS. We'll get it from stored token*/
- if(!rp_security_context_token_get_is_secure_conversation_token(rp_sct, env))
- {
- /*sct = sct_provider_get_stored_token(env, sct_id);
- if(sct)
- axutil_hash_set(sct_db, sct_db_lable, AXIS2_HASH_KEY_STRING, sct);
-
- return sct;*/
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] SecurityContextToken assertion is not supported. Only SecureConversationToken assertion is supported by this module.");
- return NULL;
+ if(!sct)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find security context token.");
}
+ axutil_allocator_switch_to_local_pool(env->allocator);
+
+ return sct;
+}
- /*so the token is secure conversation token. If client side then we can request from sts. If server side, can't do anything*/
- if(server_side)
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_hash_map_store_token(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_global_id,
+ axis2_char_t *sct_local_id,
+ void *sct,
+ void *user_params)
+{
+ axutil_hash_t *hash_store = NULL;
+ axis2_status_t status = AXIS2_SUCCESS;
+
+ /* if given sct is null, then we can't store it */
+ if(!sct)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot find security context token in server side");
- return NULL;
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security context token to be stored in not valid.");
+ return AXIS2_FAILURE;
}
+
+ /* sct should be stored in global pool */
+ axutil_allocator_switch_to_global_pool(env->allocator);
- sct = sct_provider_obtain_token_from_sts(env, token, msg_ctx);
- if(sct)
+ /* Get sct hash store */
+ hash_store = sct_provider_hash_map_get_sct_hash_store(env, msg_ctx);
+ if(hash_store)
{
- axutil_hash_set(sct_db, sct_db_lable, AXIS2_HASH_KEY_STRING, sct);
- sct_db_lable = security_context_token_get_global_identifier(sct, env);
- security_context_token_increment_ref(sct, env);
- axutil_hash_set(sct_db, sct_db_lable, AXIS2_HASH_KEY_STRING, sct);
+ /* store sct */
+ if(sct_global_id)
+ {
+ axutil_hash_set(hash_store, sct_global_id, AXIS2_HASH_KEY_STRING, sct);
+ if(sct_local_id)
+ {
+ security_context_token_increment_ref(sct, env);
+ axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct);
+ }
+ }
+ else
+ {
+ if(sct_local_id)
+ {
+ axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct);
+ }
+ else
+ {
+ /* if both local_id and global_id are NULL, then we can't store it */
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security context token identifiers are not valid. \
+ Cannot store security context token. ");
+ status = AXIS2_FAILURE;
+ }
+ }
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find security context token storage.");
+ status = AXIS2_FAILURE;
}
- return sct;
+ axutil_allocator_switch_to_local_pool(env->allocator);
+ return status;
+
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_hash_map_delete_token(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params)
+{
+ /* delete method is not implemented, because we are still not supporting sct cancel function */
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_hash_map_validate_token(
+ const axutil_env_t *env,
+ axiom_node_t *sct_node,
+ axis2_msg_ctx_t *msg_ctx,
+ void *user_params)
+{
+ /* default implementation does not need to validate anything. We haven't extended the
+ * functionality of sct */
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN void* AXIS2_CALL
+sct_provider_hash_map_get_user_params(
+ const axutil_env_t *env)
+{
+ return NULL;
}
/**
* Following block distinguish the exposed part of the dll.
*/
AXIS2_EXPORT int
-axis2_get_instance(rampart_sct_provider_t **inst,
- const axutil_env_t *env)
+axis2_get_instance(
+ rampart_sct_provider_t **inst,
+ const axutil_env_t *env)
{
rampart_sct_provider_t* sct_provider = NULL;
@@ -159,14 +263,19 @@
/*assign function pointers*/
- sct_provider->ops->get_token = sct_provider_obtain_token;
+ sct_provider->ops->obtain_security_context_token = sct_provider_hash_map_obtain_token;
+ sct_provider->ops->store_security_context_token = sct_provider_hash_map_store_token;
+ sct_provider->ops->delete_security_context_token = sct_provider_hash_map_delete_token;
+ sct_provider->ops->validate_security_context_token = sct_provider_hash_map_validate_token;
+ sct_provider->ops->get_user_params = sct_provider_hash_map_get_user_params;
sct_provider->ops->free = sct_provider_free;
*inst = sct_provider;
if (!(*inst))
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot initialize the sct provider module");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot initialize the sct provider module");
return AXIS2_FAILURE;
}
@@ -174,8 +283,9 @@
}
AXIS2_EXPORT int
-axis2_remove_instance(rampart_sct_provider_t *inst,
- const axutil_env_t *env)
+axis2_remove_instance(
+ rampart_sct_provider_t *inst,
+ const axutil_env_t *env)
{
axis2_status_t status = AXIS2_FAILURE;
if (inst)
@@ -184,179 +294,3 @@
}
return status;
}
-
-static neethi_policy_t *
-clone_policy(neethi_policy_t *policy, const axutil_env_t* env)
-{
- neethi_policy_t *return_policy = NULL;
-
- if (policy)
- {
- axutil_array_list_t *policy_components = NULL;
- axis2_char_t *name = NULL;
- axis2_char_t* id = NULL;
-
- return_policy = neethi_policy_create(env);
- policy_components = neethi_policy_get_policy_components(policy, env);
- neethi_policy_add_policy_components(return_policy, policy_components, env);
-
- name = neethi_policy_get_name(policy, env);
- if (name)
- {
- neethi_policy_set_name(return_policy, env, name);
- }
- id = neethi_policy_get_id(policy, env);
- if (id)
- {
- neethi_policy_set_id(return_policy, env, id);
- }
- }
- return return_policy;
-}
-
-static security_context_token_t*
-sct_provider_obtain_token_from_sts(const axutil_env_t* env, rp_property_t *token, axis2_msg_ctx_t* msg_ctx)
-{
- axis2_char_t* client_home = NULL;
- trust_sts_client_t* sts_client = NULL;
- axis2_char_t* issuer_address = NULL;
- rp_security_context_token_t* rp_sct = NULL;
- trust_context_t* trust_context = NULL;
- trust_rst_t* rst = NULL;
- trust_rstr_t* rstr = NULL;
- security_context_token_t *sct = NULL;
- neethi_policy_t *sts_policy = NULL;
- neethi_policy_t *cloned_policy = NULL;
- axis2_ctx_t *ctx = NULL;
- axis2_char_t *addressing_version_from_msg_ctx = NULL;
- axutil_property_t *property = NULL;
- oxs_buffer_t *buffer = NULL;
- axis2_bool_t is_soap11 = AXIS2_FALSE;
-
- /*check whether rp_property is valid*/
- rp_sct = (rp_security_context_token_t*)rp_property_get_value(token, env);
- if(!rp_sct)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] token property is not valid");
- return NULL;
- }
-
- /*check whether the assertion is SecureConversationToken. If not (e.g. SecurityContextToken) then you can't
- request the token from STS.*/
- if(!rp_security_context_token_get_is_secure_conversation_token(rp_sct, env))
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] token is not a secure conversation token.");
- return NULL;
- }
-
- /*get the token issuer address. If the address is not valid, then issuer should be same as the service.
- so get the service end point*/
- issuer_address = rp_security_context_token_get_issuer(rp_sct, env);
- if(!issuer_address)
- {
- axis2_endpoint_ref_t *endpoint = NULL;
- endpoint = axis2_msg_ctx_get_to(msg_ctx, env);
-
- if(endpoint)
- {
- issuer_address = axis2_endpoint_ref_get_address(endpoint, env);
- }
-
- if(!issuer_address)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] issuer address is not valid.");
- return NULL;
- }
- }
-
- /*get the client home from msg_ctx */
- client_home = axis2_conf_get_repo(axis2_conf_ctx_get_conf(axis2_msg_ctx_get_conf_ctx(msg_ctx, env), env), env);
- if(!client_home)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot get client home");
- return NULL;
- }
-
- /*get the addressing namespace to be used from msg_ctx*/
- ctx = axis2_msg_ctx_get_base(msg_ctx, env);
- property = axis2_ctx_get_property(ctx, env, AXIS2_WSA_VERSION);
- if(property)
- addressing_version_from_msg_ctx = axutil_property_get_value(property, env);
-
- is_soap11 = axis2_msg_ctx_get_is_soap_11(msg_ctx, env);
-
- /*Create sts client and set the values*/
- sts_client = trust_sts_client_create(env);
- trust_sts_client_set_home_dir(sts_client, env, client_home);
- trust_sts_client_set_issuer_address(sts_client, env, issuer_address);
-
- /*create trust context and populate it*/
- trust_context = trust_context_create(env);
- rst = trust_rst_create(env);
- trust_rst_set_request_type(rst, env, TRUST_REQ_TYPE_ISSUE);
- trust_rst_set_token_type(rst, env, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN);
- trust_rst_set_wst_ns_uri(rst, env, TRUST_WST_XMLNS_05_02);
- trust_rst_set_wsa_action(rst, env, "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT");
- trust_context_set_rst(trust_context, env, rst);
-
- /*call sts_client to get the token from sts*/
- sts_policy = rp_security_context_token_get_bootstrap_policy(rp_sct, env);
- if(sts_policy)
- {
- /*cloned_policy = clone_policy(sts_policy, env);*/
- cloned_policy = neethi_engine_get_normalize(env, AXIS2_FALSE, sts_policy);
- }
-
- buffer = trust_sts_client_request_security_token_using_policy(sts_client, env,
- trust_context, cloned_policy, addressing_version_from_msg_ctx, is_soap11);
-
- /*obtain the reply from sts*/
- rstr = trust_context_get_rstr(trust_context, env);
- if(!rstr)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot get RSTR from STS");
- return NULL;
- }
-
- /*create security context token and populate it with details given*/
- sct = security_context_token_create(env);
- security_context_token_set_token(sct, env, trust_rstr_get_requested_security_token(rstr, env));
- security_context_token_set_attached_reference(sct, env, trust_rstr_get_requested_attached_reference(rstr, env));
- security_context_token_set_unattached_reference(sct, env, trust_rstr_get_requested_unattached_reference(rstr, env));
- if(buffer)
- security_context_token_set_secret(sct, env, buffer);
- else
- security_context_token_set_requested_proof_token(sct, env, trust_rstr_get_requested_proof_token(rstr, env));
-
- /*now we can clear unwanted stuff*/
- trust_context_free(trust_context, env);
- trust_sts_client_free(sts_client, env);
-
- return sct;
-}
-
-/*
-static security_context_token_t *
-sct_provider_get_stored_token(const axutil_env_t *env, axis2_char_t *sct_id)
-{
- security_context_token_t* sct = NULL;
- oxs_buffer_t* key_buffer = NULL;
-
- sct = security_context_token_create(env);
- if(!sct)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot create security context token");
- return NULL;
- }
-
- key_buffer = oxs_buffer_create(env);
- oxs_buffer_populate(key_buffer, env, (unsigned char*)"01234567012345670123456701234567", 32);
- security_context_token_set_secret(sct, env, key_buffer);
-
- if(!sct_id)
- sct_id = oxs_util_generate_id(env,"urn:uuid:");
- security_context_token_set_global_identifier(sct, env, axutil_strdup(env, sct_id));
- security_context_token_set_local_identifier(sct, env, axutil_strdup(env, "#sctId-29530019"));
-
- return sct;
-}*/
Modified: webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c (original)
+++ webservices/rampart/trunk/c/samples/sct_provider/sct_provider_stored_key.c Sun Jun 22 21:30:03 2008
@@ -15,23 +15,18 @@
* limitations under the License.
*/
-#include <stdio.h>
#include <axutil_string.h>
#include <axutil_utils.h>
#include <oxs_utility.h>
#include <rampart_util.h>
#include <rampart_sct_provider.h>
-#define SCT_DB_LABLE_ENC "Encryption"
-#define SCT_DB_LABLE_SIG "Signature"
-#define SCT_DB_LABLE_COM "Common"
-
-static security_context_token_t *
-sct_provider_get_stored_token(const axutil_env_t *env, axis2_char_t *sct_id);
+#define RAMPART_SCT_PROVIDER_HASH_PROB "Rampart_SCT_Prov_DB_Prop"
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-sct_provider_free(rampart_sct_provider_t *sct_provider,
- const axutil_env_t* env)
+sct_provider_free(
+ rampart_sct_provider_t *sct_provider,
+ const axutil_env_t* env)
{
if (sct_provider)
{
@@ -44,66 +39,248 @@
return AXIS2_SUCCESS;
}
-AXIS2_EXTERN security_context_token_t* AXIS2_CALL
-sct_provider_obtain_token(rampart_sct_provider_t *sct_provider, const axutil_env_t* env,
- rp_property_t *token, axis2_bool_t server_side,
- axis2_bool_t is_encryption, axis2_char_t* sct_id,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
-{
- security_context_token_t* sct = NULL;
- rp_security_context_token_t* rp_sct = NULL;
- axis2_char_t *sct_db_lable = NULL;
- axutil_hash_t *sct_db = NULL;
-
- /* We have to check whether the token is already created/loaded. in that case, it will be available in sct_db.
- * in client side the key should be "Encryption" or "Signature" or "Common". In server side the key should be sct_id.
- */
-
- /*find the sct_db lable to be used*/
- if(server_side)
- sct_db_lable = sct_id;
+static void
+sct_provider_stored_key_sct_hash_store_free(
+ axutil_hash_t *sct_hash_store,
+ const axutil_env_t *env)
+{
+ axutil_hash_index_t *hi = NULL;
+
+ for (hi = axutil_hash_first(sct_hash_store, env); hi != NULL; hi = axutil_hash_next(env, hi))
+ {
+ void *v = NULL;
+ axutil_hash_this(hi, NULL, NULL, &v);
+ if (v)
+ {
+ security_context_token_free((security_context_token_t*)v, env);
+ }
+ }
+
+ axutil_hash_free(sct_hash_store, env);
+}
+
+static axutil_hash_t *
+sct_provider_stored_key_get_sct_hash_store(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+ axutil_hash_t *hash_store = NULL;
+
+ /* Get the conf ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Config context is NULL. Cannot get security context token hash store.");
+ return NULL;
+ }
+
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot get security context token hash store.");
+ return NULL;
+ }
+
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB);
+ if(property)
+ {
+ /* Get the store */
+ hash_store = (axutil_hash_t*)axutil_property_get_value(property, env);
+ }
else
{
- if(is_different_session_key_for_encryption_and_signing(env, rampart_context))
+ axutil_property_t *hash_store_prop = NULL;
+
+ hash_store = axutil_hash_make(env);
+ hash_store_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_TRUE, (void *)sct_provider_stored_key_sct_hash_store_free, hash_store);
+ axis2_ctx_set_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB, hash_store_prop);
+ }
+
+ return hash_store;
+}
+
+AXIS2_EXTERN void* AXIS2_CALL
+sct_provider_stored_key_obtain_token(
+ const axutil_env_t *env,
+ axis2_bool_t is_encryption,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params)
+{
+ axutil_hash_t *hash_store = NULL;
+ security_context_token_t *sct = NULL;
+
+ /* sct should be get from global pool */
+ axutil_allocator_switch_to_global_pool(env->allocator);
+
+ /* Get sct hash store */
+ hash_store = sct_provider_stored_key_get_sct_hash_store(env, msg_ctx);
+ if(!hash_store)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find security context token storage.");
+ return NULL;
+ }
+
+ /* get the sct if sct_id is given */
+ if(sct_id)
+ {
+ sct = (security_context_token_t *)axutil_hash_get(
+ hash_store, sct_id, AXIS2_HASH_KEY_STRING);
+ }
+
+ if(!sct)
+ {
+ /* we can create an sct and send it */
+
+ sct = security_context_token_create(env);
+ if(sct)
{
- if(is_encryption)
- sct_db_lable = SCT_DB_LABLE_ENC;
- else
- sct_db_lable = SCT_DB_LABLE_SIG;
+ oxs_buffer_t* key_buffer = NULL;
+ axis2_bool_t *free_sctid = AXIS2_FALSE;
+
+ key_buffer = oxs_buffer_create(env);
+ oxs_buffer_populate(
+ key_buffer, env, (unsigned char*)"01234567012345670123456701234567", 32);
+ security_context_token_set_secret(sct, env, key_buffer);
+ if(!sct_id)
+ {
+ sct_id = oxs_util_generate_id(env,"urn:uuid:");
+ free_sctid = AXIS2_TRUE;
+ }
+ security_context_token_set_global_identifier(sct, env, axutil_strdup(env, sct_id));
+ security_context_token_set_local_identifier(
+ sct, env, axutil_strdup(env, "#sctId-29530019"));
+
+ if(free_sctid)
+ {
+ AXIS2_FREE(env->allocator, sct_id);
+ }
}
else
{
- sct_db_lable = SCT_DB_LABLE_COM;
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot create security context token. Insufficient memory.");
}
}
+ axutil_allocator_switch_to_local_pool(env->allocator);
+
+ return sct;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_stored_key_store_token(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_global_id,
+ axis2_char_t *sct_local_id,
+ void *sct,
+ void *user_params)
+{
+ axutil_hash_t *hash_store = NULL;
+ axis2_status_t status = AXIS2_SUCCESS;
+
+ /* if given sct is null, then we can't store it */
+ if(!sct)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security context token to be stored in not valid.");
+ return AXIS2_FAILURE;
+ }
- /*get the sct_db*/
- sct_db = sct_provider_get_sct_hash(env, msg_ctx);
- if(!sct_db)
+ /* sct should be stored in global pool */
+ axutil_allocator_switch_to_global_pool(env->allocator);
+
+ /* Get sct hash store */
+ hash_store = sct_provider_stored_key_get_sct_hash_store(env, msg_ctx);
+ if(hash_store)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot find sct datastore");
- return NULL;
+ /* store sct */
+ if(sct_global_id)
+ {
+ axutil_hash_set(hash_store, sct_global_id, AXIS2_HASH_KEY_STRING, sct);
+ if(sct_local_id)
+ {
+ security_context_token_increment_ref(sct, env);
+ axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct);
+ }
+ }
+ else
+ {
+ if(sct_local_id)
+ {
+ axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct);
+ }
+ else
+ {
+ /* if both local_id and global_id are NULL, then we can't store it */
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security context token identifiers are not valid. \
+ Cannot store security context token. ");
+ status = AXIS2_FAILURE;
+ }
+ }
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find security context token storage.");
+ status = AXIS2_FAILURE;
}
- /*get the sct*/
- sct = (security_context_token_t *)axutil_hash_get(sct_db, sct_db_lable, AXIS2_HASH_KEY_STRING);
- if(sct)
- return sct;
-
- /*sct is not in the db. So we have to get it*/
- sct = sct_provider_get_stored_token(env, sct_id);
- if(sct)
- axutil_hash_set(sct_db, sct_db_lable, AXIS2_HASH_KEY_STRING, sct);
+ axutil_allocator_switch_to_local_pool(env->allocator);
+ return status;
+
+}
- return sct;
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_stored_key_delete_token(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params)
+{
+ /* delete method is not implemented, because we are still not supporting sct cancel function */
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_stored_key_validate_token(
+ const axutil_env_t *env,
+ axiom_node_t *sct_node,
+ axis2_msg_ctx_t *msg_ctx,
+ void *user_params)
+{
+ /* default implementation does not need to validate anything. We haven't extended the
+ * functionality of sct */
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN void* AXIS2_CALL
+sct_provider_stored_key_get_user_params(
+ const axutil_env_t *env)
+{
+ return NULL;
}
/**
* Following block distinguish the exposed part of the dll.
*/
AXIS2_EXPORT int
-axis2_get_instance(rampart_sct_provider_t **inst,
- const axutil_env_t *env)
+axis2_get_instance(
+ rampart_sct_provider_t **inst,
+ const axutil_env_t *env)
{
rampart_sct_provider_t* sct_provider = NULL;
@@ -115,14 +292,19 @@
/*assign function pointers*/
- sct_provider->ops->get_token = sct_provider_obtain_token;
+ sct_provider->ops->obtain_security_context_token = sct_provider_stored_key_obtain_token;
+ sct_provider->ops->store_security_context_token = sct_provider_stored_key_store_token;
+ sct_provider->ops->delete_security_context_token = sct_provider_stored_key_delete_token;
+ sct_provider->ops->validate_security_context_token = sct_provider_stored_key_validate_token;
+ sct_provider->ops->get_user_params = sct_provider_stored_key_get_user_params;
sct_provider->ops->free = sct_provider_free;
*inst = sct_provider;
if (!(*inst))
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot initialize the sct provider module");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot initialize the sct provider module");
return AXIS2_FAILURE;
}
@@ -130,8 +312,9 @@
}
AXIS2_EXPORT int
-axis2_remove_instance(rampart_sct_provider_t *inst,
- const axutil_env_t *env)
+axis2_remove_instance(
+ rampart_sct_provider_t *inst,
+ const axutil_env_t *env)
{
axis2_status_t status = AXIS2_FAILURE;
if (inst)
@@ -140,35 +323,3 @@
}
return status;
}
-
-static security_context_token_t *
-sct_provider_get_stored_token(const axutil_env_t *env, axis2_char_t *sct_id)
-{
- security_context_token_t* sct = NULL;
- oxs_buffer_t* key_buffer = NULL;
- axis2_bool_t *free_sctid = AXIS2_FALSE;
-
- sct = security_context_token_create(env);
- if(!sct)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider_sample] Cannot create security context token");
- return NULL;
- }
-
- key_buffer = oxs_buffer_create(env);
- oxs_buffer_populate(key_buffer, env, (unsigned char*)"01234567012345670123456701234567", 32);
- security_context_token_set_secret(sct, env, key_buffer);
-
- if(!sct_id)
- {
- sct_id = oxs_util_generate_id(env,"urn:uuid:");
- free_sctid = AXIS2_TRUE;
- }
- security_context_token_set_global_identifier(sct, env, axutil_strdup(env, sct_id));
- security_context_token_set_local_identifier(sct, env, axutil_strdup(env, "#sctId-29530019"));
-
- if(free_sctid)
- AXIS2_FREE(env->allocator, sct_id);
-
- return sct;
-}
Modified: webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c (original)
+++ webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c Sun Jun 22 21:30:03 2008
@@ -31,6 +31,8 @@
#include <rampart_sct_provider.h>
#include <openssl_hmac.h>
+#define RAMPART_SCT_PROVIDER_HASH_PROB "Rampart_SCT_Prov_DB_Prop"
+
axiom_node_t *
build_om_programatically(const axutil_env_t *env, axis2_char_t *text);
@@ -79,6 +81,74 @@
return echo_om_node;
}
+static void
+sct_hash_store_free(
+ axutil_hash_t *sct_hash_store,
+ const axutil_env_t *env)
+{
+ axutil_hash_index_t *hi = NULL;
+
+ for (hi = axutil_hash_first(sct_hash_store, env); hi != NULL; hi = axutil_hash_next(env, hi))
+ {
+ void *v = NULL;
+ axutil_hash_this(hi, NULL, NULL, &v);
+ if (v)
+ {
+ security_context_token_free((security_context_token_t*)v, env);
+ }
+ }
+
+ axutil_hash_free(sct_hash_store, env);
+}
+
+static axutil_hash_t *
+get_sct_hash_store(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+ axutil_hash_t *hash_store = NULL;
+
+ /* Get the conf ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Config context is NULL. Cannot get security context token hash store.");
+ return NULL;
+ }
+
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot get security context token hash store.");
+ return NULL;
+ }
+
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB);
+ if(property)
+ {
+ /* Get the store */
+ hash_store = (axutil_hash_t*)axutil_property_get_value(property, env);
+ }
+ else
+ {
+ axutil_property_t *hash_store_prop = NULL;
+
+ hash_store = axutil_hash_make(env);
+ hash_store_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_TRUE, (void *)sct_hash_store_free, hash_store);
+ axis2_ctx_set_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB, hash_store_prop);
+ }
+
+ return hash_store;
+}
+
+
axiom_node_t *
secconv_echo_sts_request_security_token(
const axutil_env_t *env,
@@ -177,7 +247,7 @@
}
/*store SCT so that when server needs it, can be extracted*/
- db = sct_provider_get_sct_hash(env, msg_ctx);
+ db = get_sct_hash_store(env, msg_ctx);
if(!db)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][secconv_service] Cannot get sct datastore");
@@ -239,7 +309,7 @@
trust_rstr_free(rstr, env);
/*set the action*/
- axis2_msg_ctx_set_wsa_action(msg_ctx, env, "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT");
+ axis2_msg_ctx_set_wsa_action(msg_ctx, env, SECCONV_200502_REPLY_ACTION);
/*return the node*/
return rstr_node;