You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ka...@apache.org on 2007/03/08 09:21:16 UTC
svn commit: r515962 - in /webservices/axis2/trunk/c/rampart/samples:
configure.ac omxmlsec/Makefile.am omxmlsec/xmlsig/ omxmlsec/xmlsig/cert.pem
omxmlsec/xmlsig/input.xml omxmlsec/xmlsig/key.pem omxmlsec/xmlsig/sign.c
Author: kaushalye
Date: Thu Mar 8 00:21:14 2007
New Revision: 515962
URL: http://svn.apache.org/viewvc?view=rev&rev=515962
Log:
Adding xml signature sample for OMXMLSecurity
This includes input xml file, x509 certificates, keys that are required to run the sample.
Added:
webservices/axis2/trunk/c/rampart/samples/omxmlsec/Makefile.am
webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/
webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/cert.pem
webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/input.xml (with props)
webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/key.pem
webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/sign.c
Modified:
webservices/axis2/trunk/c/rampart/samples/configure.ac
Modified: webservices/axis2/trunk/c/rampart/samples/configure.ac
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/configure.ac?view=diff&rev=515962&r1=515961&r2=515962
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/configure.ac (original)
+++ webservices/axis2/trunk/c/rampart/samples/configure.ac Thu Mar 8 00:21:14 2007
@@ -86,6 +86,8 @@
client/Makefile
client/sec_echo/Makefile \
client/sec_echo/data/Makefile \
+ omxmlsec/Makefile \
+ omxmlsec/xmlsig/Makefile \
keys/Makefile \
keys/ahome/Makefile \
keys/bhome/Makefile \
Added: webservices/axis2/trunk/c/rampart/samples/omxmlsec/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/omxmlsec/Makefile.am?view=auto&rev=515962
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/omxmlsec/Makefile.am (added)
+++ webservices/axis2/trunk/c/rampart/samples/omxmlsec/Makefile.am Thu Mar 8 00:21:14 2007
@@ -0,0 +1,2 @@
+samplesdir=$(prefix)/samples/omxmlsec
+SUBDIRS = xmlsig
Added: webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/cert.pem
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/cert.pem?view=auto&rev=515962
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/cert.pem (added)
+++ webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/cert.pem Thu Mar 8 00:21:14 2007
@@ -0,0 +1,62 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ dc:83:fa:3c:1e:93:11:ae
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=SL, ST=WP, O=WS, OU=C, CN=Kaushalye/emailAddress=kaus@wso2.com
+ Validity
+ Not Before: Dec 6 10:27:18 2006 GMT
+ Not After : Dec 6 10:27:18 2007 GMT
+ Subject: C=SL, ST=WP, L=Katubedda, O=WS, OU=C, CN=Aaa/emailAddress=aaa@ws.com
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (1024 bit)
+ Modulus (1024 bit):
+ 00:c7:e1:d8:5c:ef:16:dd:5d:05:95:c8:16:7c:2f:
+ f5:13:15:b4:7a:0c:c8:fb:95:c8:03:db:3d:a8:41:
+ 5d:70:75:ce:27:15:e2:a3:ef:87:24:38:5a:ee:72:
+ ea:70:c2:45:44:b5:dd:46:ca:51:60:15:ac:51:c3:
+ 59:af:a8:17:85:af:cd:77:74:87:b2:4b:ab:13:e0:
+ 00:82:2f:2a:d0:6b:12:7d:09:dc:52:dc:16:10:58:
+ 46:38:74:c7:cf:98:96:e3:58:ce:8a:c8:31:fa:77:
+ 6c:69:65:dc:a1:4c:38:e7:b0:9e:dc:64:06:ae:aa:
+ 13:90:23:62:84:14:c0:9e:31
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 67:B7:BC:8C:22:29:1E:17:58:C6:43:91:A6:FB:82:E7:11:77:62:D6
+ X509v3 Authority Key Identifier:
+ keyid:D7:27:10:74:4B:F8:2F:44:0B:BC:C7:9E:04:EF:22:5B:15:18:21:CC
+
+ Signature Algorithm: sha1WithRSAEncryption
+ 4d:36:00:f0:51:10:44:72:73:5f:09:e4:fe:ad:f4:5b:a0:48:
+ 5f:50:50:d7:bb:bb:2a:98:b3:b7:d7:54:9e:57:6d:d2:cd:de:
+ d5:d5:30:4d:c7:03:09:b4:7d:d8:72:17:f7:c6:e8:72:69:89:
+ b9:bc:91:5a:a8:c8:9e:ee:76:0b:c2:ae:c2:65:59:94:5b:fe:
+ a2:30:bf:aa:49:25:b1:42:bc:6d:c4:0a:99:aa:2d:17:14:d8:
+ 8d:19:cd:75:22:84:51:22:55:4e:e1:9e:50:1f:c6:c2:57:e1:
+ 4b:58:87:d5:73:c1:69:fd:25:dd:3d:50:ee:0e:9f:6a:9a:13:
+ 52:45
+-----BEGIN CERTIFICATE-----
+MIICzjCCAjegAwIBAgIJANyD+jwekxGuMA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNV
+BAYTAlNMMQswCQYDVQQIEwJXUDELMAkGA1UEChMCV1MxCjAIBgNVBAsTAUMxEjAQ
+BgNVBAMTCUthdXNoYWx5ZTEcMBoGCSqGSIb3DQEJARYNa2F1c0B3c28yLmNvbTAe
+Fw0wNjEyMDYxMDI3MThaFw0wNzEyMDYxMDI3MThaMHAxCzAJBgNVBAYTAlNMMQsw
+CQYDVQQIEwJXUDESMBAGA1UEBxMJS2F0dWJlZGRhMQswCQYDVQQKEwJXUzEKMAgG
+A1UECxMBQzEMMAoGA1UEAxMDQWFhMRkwFwYJKoZIhvcNAQkBFgphYWFAd3MuY29t
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDH4dhc7xbdXQWVyBZ8L/UTFbR6
+DMj7lcgD2z2oQV1wdc4nFeKj74ckOFrucupwwkVEtd1GylFgFaxRw1mvqBeFr813
+dIeyS6sT4ACCLyrQaxJ9CdxS3BYQWEY4dMfPmJbjWM6KyDH6d2xpZdyhTDjnsJ7c
+ZAauqhOQI2KEFMCeMQIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQf
+Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUZ7e8jCIp
+HhdYxkORpvuC5xF3YtYwHwYDVR0jBBgwFoAU1ycQdEv4L0QLvMeeBO8iWxUYIcww
+DQYJKoZIhvcNAQEFBQADgYEATTYA8FEQRHJzXwnk/q30W6BIX1BQ17u7Kpizt9dU
+nldt0s3e1dUwTccDCbR92HIX98bocmmJubyRWqjInu52C8KuwmVZlFv+ojC/qkkl
+sUK8bcQKmaotFxTYjRnNdSKEUSJVTuGeUB/GwlfhS1iH1XPBaf0l3T1Q7g6fapoT
+UkU=
+-----END CERTIFICATE-----
Added: webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/input.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/input.xml?view=auto&rev=515962
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/input.xml (added)
+++ webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/input.xml Thu Mar 8 00:21:14 2007
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Foo xmlns="urn:omxmlsec">
+ <Bar>
+ Sample text
+ </Bar>
+</Foo>
Propchange: webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/input.xml
------------------------------------------------------------------------------
svn:executable = *
Added: webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/key.pem
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/key.pem?view=auto&rev=515962
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/key.pem (added)
+++ webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/key.pem Thu Mar 8 00:21:14 2007
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDH4dhc7xbdXQWVyBZ8L/UTFbR6DMj7lcgD2z2oQV1wdc4nFeKj
+74ckOFrucupwwkVEtd1GylFgFaxRw1mvqBeFr813dIeyS6sT4ACCLyrQaxJ9CdxS
+3BYQWEY4dMfPmJbjWM6KyDH6d2xpZdyhTDjnsJ7cZAauqhOQI2KEFMCeMQIDAQAB
+AoGAQIrSvJ+PeIdTCFyFtjAeKL13e3mpZGOnJGek7zG8JFZF7SUJ+/maX726zwhY
+X3S7vUYkX3lw8V/ONtCnoyrZ/QQBqvUPUGg2XJI+NDYDrc3RR9YHTBFiYt791iXX
+2/hpQJV7Fj2K40AxAgcDmOmsjhMROhc52cERXNUTvqo+sIECQQD+WbS0NQL4kcRZ
+kELonmCHNAFA+vYvfB82RCspctNbfoZUAUPn/BMWTf9jZms89mDGfzaWKP5xd9aB
+Hi7sTp4JAkEAyS204Q36vnbDh5Dzz5YkJNFTdgyrLTBIQ5r4ax+K1i6V/Mwq07Zw
+SCvdDaTiBHOSaVJSHE38iwZZxUsWAs6I6QJADGFlcFgcOukte4aQGy6KWEppvTX6
+Abmy8ztCNpRGQW/ZLgGZwpL8gtttEPONSLxdXYwXpht8tx00LbjAY/Q3sQJAHqEg
+2ur/9COs3WUKWd6oHhrotB51qWmidviPPfANeVKab2S+WIF8UuCqxTsHVloqPnLU
+IY8WFiyfWlR2Q3MikQJASXg8KPM8C8Jp17iBbF5f09V18iA1fAbQSaLk3Lcbp1/h
+0VsiOHjW05LvI8zIHMX2Ops7qAjxixK1T/2ec9qhuQ==
+-----END RSA PRIVATE KEY-----
Added: webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/sign.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/sign.c?view=auto&rev=515962
==============================================================================
--- webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/sign.c (added)
+++ webservices/axis2/trunk/c/rampart/samples/omxmlsec/xmlsig/sign.c Thu Mar 8 00:21:14 2007
@@ -0,0 +1,248 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include <stdio.h>
+#include <axis2_util.h>
+#include <oxs_constants.h>
+#include <oxs_utility.h>
+#include <oxs_axiom.h>
+#include <axiom.h>
+#include <axiom_xml_reader.h>
+#include <axis2_env.h>
+#include <oxs_ctx.h>
+#include <oxs_key.h>
+#include <oxs_key_mgr.h>
+#include <openssl_pkey.h>
+#include <oxs_error.h>
+#include <oxs_transform.h>
+#include <oxs_transforms_factory.h>
+#include <oxs_xml_signature.h>
+#include <oxs_sign_ctx.h>
+#include <oxs_sign_part.h>
+#include <oxs_xml_key_processor.h>
+#include <oxs_xml_key_info_builder.h>
+
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+load_sample_xml(const axis2_env_t *env,
+ axiom_node_t* tmpl,
+ axis2_char_t* filename
+ )
+{
+
+ axiom_document_t *doc = NULL;
+ axiom_stax_builder_t *builder = NULL;
+ axiom_xml_reader_t *reader = NULL;
+ /*axiom_xml_writer_t *writer = NULL;*/
+
+ reader = axiom_xml_reader_create_for_file(env, filename, NULL);
+ if (!reader) printf("\n Reader is NULL");
+ builder = axiom_stax_builder_create(env, reader);
+ if (!builder) printf("\n builder is NULL");
+ doc = axiom_document_create(env, NULL, builder);
+ if (!doc) printf("\n doc is NULL");
+ tmpl = AXIOM_DOCUMENT_BUILD_ALL(doc, env);
+
+ /* tmpl = AXIOM_DOCUMENT_GET_ROOT_ELEMENT(doc, env);*/
+ if (!tmpl) printf("\n tmpl is NULL");
+ return tmpl;
+}
+
+axis2_status_t sign(axis2_env_t *env,
+ axis2_char_t *filename,
+ openssl_pkey_t *prvkey ,
+ oxs_x509_cert_t *cert)
+{
+ axis2_char_t *signed_result = NULL;
+ axis2_char_t *signed_filename = "result-sign.xml";
+ axiom_node_t *node = NULL;
+ axiom_node_t *tmpl = NULL;
+ oxs_sign_part_t *sign_part = NULL;
+ oxs_sign_ctx_t *sign_ctx = NULL;
+ oxs_transform_t *tr = NULL;
+ axis2_array_list_t *sign_parts = NULL;
+ axis2_array_list_t *tr_list = NULL;
+ axis2_char_t *id = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ FILE *outf;
+
+ tmpl = load_sample_xml(env , tmpl, filename);
+
+ if (tmpl)
+ {
+ printf("load_sample_xml SUCCESS\n");
+ }
+ else
+ {
+ printf("load_sample_xml FAILED");
+ return -1;
+ }
+
+ /*Sign specific*/
+ sign_part = oxs_sign_part_create(env);
+
+ tr_list = axis2_array_list_create(env, 1);
+ /*We need C14N transform*/
+ tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
+ axis2_array_list_add(tr_list, env, tr);
+ oxs_sign_part_set_transforms(sign_part, env, tr_list);
+
+ /*We need to sign this node add an ID to it*/
+ node = axiom_node_get_first_element(tmpl, env);
+ id = /*"Sig-ID-EFG";*/ oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID);
+ oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS, OXS_ATTR_ID, id);
+ status = oxs_sign_part_set_node(sign_part, env,node);
+
+ status = oxs_sign_part_set_digest_mtd(sign_part, env, OXS_HREF_SHA1);
+
+ sign_parts = axis2_array_list_create(env, 1);
+ axis2_array_list_add(sign_parts, env, sign_part);
+ sign_ctx = oxs_sign_ctx_create(env);
+ if(sign_ctx){
+ axiom_node_t *sig_node = NULL;
+
+ oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
+ oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
+ /*Set sig algo*/
+ oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
+ /*Set C14N method*/
+ oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
+ /*Set sig parts*/
+ oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
+ /*Set the operation*/
+ oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
+ /*Sign*/
+ oxs_xml_sig_sign(env, sign_ctx, tmpl, &sig_node);
+ /*Finally build KeyInfo*/
+ oxs_xml_key_info_build(env, sig_node, cert, OXS_KIBP_X509DATA_X509CERTIFICATE);
+ }else{
+ printf("Sign ctx creation failed");
+ }
+ signed_result = AXIOM_NODE_TO_STRING(tmpl, env) ;
+
+ outf = fopen(signed_filename, "wb");
+ fwrite(signed_result, 1, AXIS2_STRLEN(signed_result), outf);
+
+ return AXIS2_SUCCESS;
+
+}
+
+axis2_status_t verify(axis2_env_t *env,
+ axis2_char_t *filename,
+ openssl_pkey_t *prvkey ,
+ oxs_x509_cert_t *cert)
+{
+ oxs_sign_ctx_t *sign_ctx = NULL;
+ axiom_node_t *tmpl = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ tmpl = load_sample_xml(env , tmpl, filename);
+ printf("File : \n%s\n", axiom_node_to_string(tmpl, env));
+ sign_ctx = oxs_sign_ctx_create(env);
+ if(sign_ctx){
+ axiom_node_t *sig_node = NULL;
+ /*Set the operation*/
+ oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
+
+ sig_node = oxs_axiom_get_first_child_node_by_name(env, tmpl,
+ OXS_NODE_SIGNATURE, OXS_DSIG_NS, OXS_DS );
+ if(!sig_node){
+ printf("Verification : Cannot find ds:Signature node\n");
+ return AXIS2_FAILURE;
+ }
+
+ /**If the certificate is not given check key information*/
+ if(!cert){
+ axiom_node_t *ki_node = NULL;
+ axiom_node_t *x509_node = NULL;
+ ki_node = oxs_axiom_get_first_child_node_by_name(env, sig_node, OXS_NODE_KEY_INFO, OXS_DSIG_NS, OXS_DS);
+ x509_node = oxs_axiom_get_first_child_node_by_name(env, ki_node, OXS_NODE_X509_DATA, OXS_DSIG_NS, OXS_DS);
+
+ cert = oxs_x509_cert_create(env);
+ printf("No certificate is given. Fetching certificate from the KeyInfo\n");
+ status = oxs_xml_key_process_X509Data(env, x509_node, cert);
+ if(AXIS2_FAILURE == status){
+ printf("Error reading KeyInfo\n");
+ return AXIS2_FAILURE;
+ }
+ }
+
+
+ /*Set certificate*/
+ if(cert){
+ oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
+ }else{
+ printf("Certificate is NULL\n");
+ return AXIS2_FAILURE;
+ }
+ /*Verify*/
+ status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
+ if(AXIS2_SUCCESS != status){
+ printf("\nSignature Failed :-(\n");
+ }else{
+ printf("\nSignature Verified :-)\n");
+ }
+ }
+
+ return status;
+}
+
+int main(int argc, char *argv[])
+{
+ axis2_env_t *env = NULL;
+ axis2_char_t *filename = NULL;
+ axis2_char_t *certfile = NULL;
+ axis2_char_t *prvkeyfile = NULL;
+ axis2_char_t *operation = NULL;
+ openssl_pkey_t *prvkey = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+
+ if (argc > 2){
+ filename = argv[1];
+ operation = argv[2];
+ certfile = argv[3];
+ prvkeyfile = argv[4];
+ }else{
+ printf("Usage ./test inputfile operation[S/V] certificate prvkey \n");
+ return -1;
+ }
+
+ env = axis2_env_create_all("./oxs.log", AXIS2_LOG_LEVEL_TRACE);
+ printf("--Testing started--------------------------------------------\n");
+
+ /*Load private key*/
+ prvkey = oxs_key_mgr_load_private_key_from_file(env, prvkeyfile, "");
+ if(!prvkey){
+ printf("Cannot load private key");
+ }
+
+ /*Load certificate*/
+ cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certfile);
+ if(!cert){
+ printf("Cannot load certificate");
+ }
+
+ if(0 == axis2_strcmp(operation, "S")){
+ sign(env, filename, prvkey, cert);
+ }else{
+ verify(env, filename, prvkey, cert);
+ }
+
+ printf("\nDONE\n");
+ return 0;
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org