You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/10/11 13:57:53 UTC
svn commit: r583783 - in /webservices/rampart/trunk/c: include/oxs_ctx.h
src/omxmlsec/ctx.c src/omxmlsec/xml_encryption.c
src/util/rampart_encryption.c src/util/rampart_sec_header_builder.c
Author: kaushalye
Date: Thu Oct 11 04:57:52 2007
New Revision: 583783
URL: http://svn.apache.org/viewvc?rev=583783&view=rev
Log:
Providing Key Information for parts encrypted using derived keys
Modified:
webservices/rampart/trunk/c/include/oxs_ctx.h
webservices/rampart/trunk/c/src/omxmlsec/ctx.c
webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
Modified: webservices/rampart/trunk/c/include/oxs_ctx.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_ctx.h?rev=583783&r1=583782&r2=583783&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_ctx.h (original)
+++ webservices/rampart/trunk/c/include/oxs_ctx.h Thu Oct 11 04:57:52 2007
@@ -172,7 +172,7 @@
* @return of the context
*/
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
- oxs_ctx_get_carried_key_name(
+ oxs_ctx_get_ref_key_name(
oxs_ctx_t *ctx,
const axutil_env_t *env
);
@@ -317,14 +317,14 @@
*
* @param ctx The OMXMLSecurity context
* @param env pointer to environment struct
- * @param carried_key_name the key name
+ * @param ref_key_name the key name
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
- oxs_ctx_set_carried_key_name(
+ oxs_ctx_set_ref_key_name(
oxs_ctx_t *ctx,
const axutil_env_t *env,
- axis2_char_t *carried_key_name
+ axis2_char_t *ref_key_name
);
/**
Modified: webservices/rampart/trunk/c/src/omxmlsec/ctx.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/ctx.c?rev=583783&r1=583782&r2=583783&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/ctx.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/ctx.c Thu Oct 11 04:57:52 2007
@@ -38,7 +38,7 @@
axis2_char_t* mime_type;
axis2_char_t* encoding;
axis2_char_t* recipient;
- axis2_char_t* carried_key_name;
+ axis2_char_t* ref_key_name;
/*attributes from EncryptionMethod*/
axis2_char_t* enc_mtd_algorithm;
@@ -70,7 +70,7 @@
ctx->mime_type = NULL;
ctx->encoding = NULL;
ctx->recipient = NULL;
- ctx->carried_key_name = NULL;
+ ctx->ref_key_name = NULL;
ctx->enc_mtd_algorithm = NULL;
ctx->input_data = NULL;
@@ -116,10 +116,10 @@
ctx->recipient = NULL;
}
- if (ctx->carried_key_name)
+ if (ctx->ref_key_name)
{
- AXIS2_FREE(env->allocator, ctx->carried_key_name);
- ctx->carried_key_name = NULL;
+ AXIS2_FREE(env->allocator, ctx->ref_key_name);
+ ctx->ref_key_name = NULL;
}
if (ctx->enc_mtd_algorithm)
@@ -236,14 +236,14 @@
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
-oxs_ctx_get_carried_key_name(
+oxs_ctx_get_ref_key_name(
oxs_ctx_t *ctx,
const axutil_env_t *env
)
{
AXIS2_ENV_CHECK(env, NULL);
- return ctx->carried_key_name ;
+ return ctx->ref_key_name ;
}
@@ -419,21 +419,21 @@
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-oxs_ctx_set_carried_key_name(
+oxs_ctx_set_ref_key_name(
oxs_ctx_t *ctx,
const axutil_env_t *env,
- axis2_char_t *carried_key_name
+ axis2_char_t *ref_key_name
)
{
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
- AXIS2_PARAM_CHECK(env->error, carried_key_name, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, ref_key_name, AXIS2_FAILURE);
- if (ctx->carried_key_name)
+ if (ctx->ref_key_name)
{
- AXIS2_FREE(env->allocator, ctx->carried_key_name);
- ctx->carried_key_name = NULL;
+ AXIS2_FREE(env->allocator, ctx->ref_key_name);
+ ctx->ref_key_name = NULL;
}
- ctx->carried_key_name = axutil_strdup(env, carried_key_name);
+ ctx->ref_key_name = axutil_strdup(env, ref_key_name);
return AXIS2_SUCCESS;
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c?rev=583783&r1=583782&r2=583783&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c Thu Oct 11 04:57:52 2007
@@ -291,8 +291,20 @@
/*Call encryption. Result should be base64 encoded*/
ret = oxs_encryption_symmetric_crypt(env, enc_ctx, content_buf, result_buf);
- /*Create EncryptionMethod, CipherData element and populate*/
+ /*Create EncryptionMethod*/
enc_mtd_node = oxs_token_build_encryption_method_element(env, *enc_type_node, sym_algo);
+
+ /*If the enc_ctx has a key name, then build the KeyInfo element*/
+ if(oxs_ctx_get_ref_key_name(enc_ctx, env)){
+ axiom_node_t *key_info_node = NULL;
+ axiom_node_t *str_node = NULL;
+ axiom_node_t *ref_node = NULL;
+
+ key_info_node = oxs_token_build_key_info_element(env, *enc_type_node);
+ str_node = oxs_token_build_security_token_reference_element(env, key_info_node);
+ ref_node = oxs_token_build_reference_element(env, str_node, oxs_ctx_get_ref_key_name(enc_ctx, env), NULL);
+ }
+ /*Create CipherData element and populate*/
cd_node = oxs_token_build_cipher_data_element(env, *enc_type_node);
cv_node = oxs_token_build_cipher_value_element(env, cd_node, (axis2_char_t*)oxs_buffer_get_data(result_buf, env));
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=583783&r1=583782&r2=583783&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Thu Oct 11 04:57:52 2007
@@ -72,6 +72,7 @@
axis2_status_t status = AXIS2_FAILURE;
oxs_key_t *session_key = NULL;
axutil_array_list_t *nodes_to_encrypt = NULL;
+ axutil_array_list_t *id_list = NULL;
axis2_char_t *enc_sym_algo = NULL;
int i = 0;
@@ -110,7 +111,7 @@
return AXIS2_FAILURE;
}
-
+ id_list = axutil_array_list_create(env, 5);
/* For each and every encryption part.
1. Derive a new key
2. Encrypt using that key
@@ -123,6 +124,8 @@
oxs_ctx_t *enc_ctx = NULL;
oxs_key_t *derived_key = NULL;
axis2_char_t *enc_data_id = NULL;
+ axiom_node_t *parent_of_node_to_enc = NULL;
+ axiom_node_t *enc_data_node = NULL;
/*Get the node to be encrypted*/
node_to_enc = (axiom_node_t *)axutil_array_list_get
@@ -137,13 +140,34 @@
/*Set the derived key for the encryption*/
oxs_ctx_set_key(enc_ctx, env, derived_key);
-
+
+ /*Set the ref key name to build KeyInfo element. Here the key name is the derived key id*/
+ oxs_ctx_set_ref_key_name(enc_ctx, env, oxs_key_get_name(derived_key, env));
+
/*Set the algorithm*/
oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, enc_sym_algo);
- /*Generate ID for the encrypted data element*/
+ /*Generate ID for the encrypted data ielement*/
+ parent_of_node_to_enc = axiom_node_get_parent(node_to_enc, env);
enc_data_id = oxs_util_generate_id(env, (axis2_char_t*)OXS_ENCDATA_ID);
-
+
+ if(parent_of_node_to_enc || enc_data_id)
+ {
+ enc_data_node = oxs_token_build_encrypted_data_element(env,
+ parent_of_node_to_enc, OXS_TYPE_ENC_ELEMENT, enc_data_id );
+ status = oxs_xml_enc_encrypt_node(env, enc_ctx,
+ node_to_enc, &enc_data_node);
+ axutil_array_list_add(id_list, env, enc_data_id);
+ if(AXIS2_FAILURE == status)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_encryption] Cannot encrypt the node " );
+ return AXIS2_FAILURE;
+ }
+
+ }
+ oxs_ctx_free(enc_ctx, env);
+ enc_ctx = NULL;
/*Free derived key*/
oxs_key_free(derived_key, env);
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=583783&r1=583782&r2=583783&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Thu Oct 11 04:57:52 2007
@@ -376,7 +376,12 @@
/*Do Symmetric_binding specific things*/
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding. We do not support yet");
status = rampart_shb_do_symmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj);
- return AXIS2_FAILURE;
+ if(AXIS2_FAILURE == status){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding failed");
+ return AXIS2_FAILURE;
+ }else{
+ return AXIS2_SUCCESS;
+ }
}
else if((rampart_context_get_binding_type(rampart_context,env)) == RP_PROPERTY_TRANSPORT_BINDING)
{