You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ma...@apache.org on 2007/08/21 08:01:05 UTC
svn commit: r567969 -
/webservices/rampart/trunk/c/src/util/rampart_encryption.c
Author: manjula
Date: Mon Aug 20 23:01:05 2007
New Revision: 567969
URL: http://svn.apache.org/viewvc?rev=567969&view=rev
Log:
code cleaning and memory leaks fixing.
Modified:
webservices/rampart/trunk/c/src/util/rampart_encryption.c
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=567969&r1=567968&r2=567969&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Mon Aug 20 23:01:05 2007
@@ -44,15 +44,20 @@
axis2_status_t status1 = AXIS2_SUCCESS;
axis2_status_t status2 = AXIS2_SUCCESS;
- status1 = rampart_context_get_nodes_to_encrypt(rampart_context, env, soap_envelope, nodes_to_encrypt);
+ status1 = rampart_context_get_nodes_to_encrypt(
+ rampart_context, env, soap_envelope, nodes_to_encrypt);
- status2 = rampart_context_get_elements_to_encrypt(rampart_context, env, soap_envelope, nodes_to_encrypt);
+ status2 = rampart_context_get_elements_to_encrypt(
+ rampart_context, env, soap_envelope, nodes_to_encrypt);
if(status1 == AXIS2_SUCCESS || status2 == AXIS2_SUCCESS)
+ {
return AXIS2_SUCCESS;
+ }
else
+ {
return AXIS2_FAILURE;
-
+ }
}
@@ -94,22 +99,27 @@
server_side = axis2_msg_ctx_get_server_side(msg_ctx,env);
nodes_to_encrypt = axutil_array_list_create(env,0);
- signature_protection = rampart_context_is_encrypt_signature(rampart_context, env);
+ signature_protection = rampart_context_is_encrypt_signature(
+ rampart_context, env);
- status = rampart_enc_get_nodes_to_encrypt(rampart_context, env, soap_envelope, nodes_to_encrypt);
+ status = rampart_enc_get_nodes_to_encrypt(
+ rampart_context, env, soap_envelope, nodes_to_encrypt);
if(status != AXIS2_SUCCESS)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_signature] Error occured in Adding Encrypted parts..");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_signature]Error occured in Adding Encrypted parts..");
axutil_array_list_free(nodes_to_encrypt, env);
nodes_to_encrypt = NULL;
return AXIS2_FAILURE;
}
+
if((axutil_array_list_size(nodes_to_encrypt, env)==0))
{
if(!signature_protection)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No parts specified or specified parts can't be found for encryprion.");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption] No parts specified or specified parts can't be found for encryprion.");
return AXIS2_SUCCESS;
}
}
@@ -121,52 +131,66 @@
sig_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_SIGNATURE);
if(!sig_node)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting signature, Sigature Not found");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting signature, Sigature Not found");
return AXIS2_FAILURE;
}
axutil_array_list_add(nodes_to_encrypt, env, sig_node);
}
}
-
/*Now we have to check whether a token is specified.*/
- token = rampart_context_get_token(rampart_context, env, AXIS2_TRUE, server_side, AXIS2_FALSE);
+ token = rampart_context_get_token(rampart_context, env,
+ AXIS2_TRUE, server_side, AXIS2_FALSE);
if(!token)
{
- AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] Encryption Token is not specified");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encryption Token is not specified");
return AXIS2_SUCCESS;
}
- token_type = rp_property_get_type(token,env);
+ token_type = rp_property_get_type(token, env);
- if(!rampart_context_is_token_type_supported(token_type,env))
+ if(!rampart_context_is_token_type_supported(token_type, env))
+ {
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Specified token type not supported.");
return AXIS2_FAILURE;
-
+ }
if(rampart_context_check_is_derived_keys(env,token))
{
- AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] We still do not support derived keys");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]We still do not support derived keys");
return AXIS2_FAILURE;
}
+
/*Get the symmetric encryption algorithm*/
- enc_sym_algo = rampart_context_get_enc_sym_algo(rampart_context,env);
+ enc_sym_algo = rampart_context_get_enc_sym_algo(rampart_context, env);
+
/*If not specified set the default*/
- if(!enc_sym_algo || (0 == axutil_strcmp(enc_sym_algo, ""))){
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No symmetric algorithm is specified for encryption. Using the default");
+ if(!enc_sym_algo || (0 == axutil_strcmp(enc_sym_algo, "")))
+ {
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]No symmetric algorithm is specified for encryption. Using the default");
enc_sym_algo = OXS_DEFAULT_SYM_ALGO;
}
+
/*Generate the session key*/
session_key = oxs_key_create(env);
status = oxs_key_for_algo(session_key, env, enc_sym_algo);
- if(AXIS2_FAILURE == status){
+ if(AXIS2_FAILURE == status)
+ {
return AXIS2_FAILURE;
}
rampart_context_set_session_key(rampart_context, env, session_key);
/*Create a list to store EncDataIds. This will be used in building the ReferenceList*/
+
id_list = axutil_array_list_create(env, 5);
/*Repeat until all encryption parts are encrypted*/
- for(i=0 ; i < axutil_array_list_size(nodes_to_encrypt, env); i++){
+ for(i=0 ; i < axutil_array_list_size(nodes_to_encrypt, env); i++)
+ {
axiom_node_t *node_to_enc = NULL;
axiom_node_t *parent_of_node_to_enc = NULL;
axiom_node_t *enc_data_node = NULL;
@@ -175,8 +199,10 @@
axis2_status_t enc_status = AXIS2_FAILURE;
/*Get the node to be encrypted*/
- node_to_enc = (axiom_node_t *)axutil_array_list_get(nodes_to_encrypt, env, i);
- if(!node_to_enc){
+ node_to_enc = (axiom_node_t *)axutil_array_list_get
+ (nodes_to_encrypt, env, i);
+ if(!node_to_enc)
+ {
return AXIS2_FAILURE;
}
/*Create the encryption context for OMXMLSEC*/
@@ -187,32 +213,41 @@
oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, enc_sym_algo);
/*Create an empty EncryptedDataNode*/
parent_of_node_to_enc = axiom_node_get_parent(node_to_enc, env);
- id = oxs_util_generate_id(env,(axis2_char_t*)OXS_ENCDATA_ID);
- enc_data_node = oxs_token_build_encrypted_data_element(env, parent_of_node_to_enc, OXS_TYPE_ENC_ELEMENT, id );
- enc_status = oxs_xml_enc_encrypt_node(env, enc_ctx, node_to_enc, &enc_data_node);
- axutil_array_list_add(id_list, env, id);
- if(AXIS2_FAILURE == enc_status){
- return AXIS2_FAILURE;
- }
+ id = oxs_util_generate_id(env, (axis2_char_t*)OXS_ENCDATA_ID);
+
+ if(parent_of_node_to_enc || id)
+ {
+ enc_data_node = oxs_token_build_encrypted_data_element(env,
+ parent_of_node_to_enc, OXS_TYPE_ENC_ELEMENT, id );
+ enc_status = oxs_xml_enc_encrypt_node(env, enc_ctx,
+ node_to_enc, &enc_data_node);
+ axutil_array_list_add(id_list, env, id);
+ if(AXIS2_FAILURE == enc_status)
+ {
+ return AXIS2_FAILURE;
+ }
+ }
}
/*Get the asymmetric key encryption algorithm*/
- enc_asym_algo = rampart_context_get_enc_asym_algo(rampart_context,env);
+ enc_asym_algo = rampart_context_get_enc_asym_algo(rampart_context, env);
/*Get encryption key identifier*/
/*First we should check whether we include the token in the
*message.*/
- if(rampart_context_is_token_include(rampart_context,token,token_type,server_side,AXIS2_FALSE,env))
+ if(rampart_context_is_token_include(rampart_context,
+ token, token_type, server_side, AXIS2_FALSE, env))
{
eki = RAMPART_STR_DIRECT_REFERENCE;
}
else
{
- eki = rampart_context_get_key_identifier(rampart_context,token,env);
+ eki = rampart_context_get_key_identifier(rampart_context, token, env);
}
if(!eki)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No mechanism for attaching the token.");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]No mechanism for attaching the token.");
return AXIS2_FAILURE;
}
@@ -221,11 +256,11 @@
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
/*First check whether the public key is set*/
- key_buf = rampart_context_get_receiver_certificate(rampart_context,env);
+ key_buf = rampart_context_get_receiver_certificate(rampart_context, env);
if(key_buf)
{
axis2_key_type_t type = 0;
- type = rampart_context_get_receiver_certificate_type(rampart_context,env);
+ type = rampart_context_get_receiver_certificate_type(rampart_context, env);
if(type == AXIS2_KEY_TYPE_PEM)
{
oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PEM);
@@ -236,49 +271,65 @@
/*Buffer is null load from the file*/
else
{
- certificate_file = rampart_context_get_receiver_certificate_file(rampart_context,env);
+ certificate_file = rampart_context_get_receiver_certificate_file(
+ rampart_context, env);
oxs_asym_ctx_set_file_name(asym_ctx, env, certificate_file);
- oxs_asym_ctx_set_format(asym_ctx, env, oxs_util_get_format_by_file_extension(env, certificate_file));
+ oxs_asym_ctx_set_format(asym_ctx, env,
+ oxs_util_get_format_by_file_extension(env, certificate_file));
/*Get the password to retrieve the key from key store*/
- password = rampart_context_get_prv_key_password(rampart_context,env);
+ password = rampart_context_get_prv_key_password(rampart_context, env);
if(!password)
{
- enc_user = rampart_context_get_encryption_user(rampart_context,env);
+ enc_user = rampart_context_get_encryption_user(rampart_context, env);
if(!enc_user)
- enc_user = rampart_context_get_user(rampart_context,env);
+ {
+ enc_user = rampart_context_get_user(rampart_context, env);
+ }
if(enc_user)
{
- password_function = rampart_context_get_pwcb_function(rampart_context,env);
+ password_function = rampart_context_get_pwcb_function(rampart_context, env);
if(password_function)
- password = (*password_function)(env,enc_user,param);
+ {
+ password = (*password_function)(env, enc_user, param);
+ }
else
{
- password_callback = rampart_context_get_password_callback(rampart_context,env);
+ password_callback = rampart_context_get_password_callback
+ (rampart_context, env);
if(!password_callback)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Password call back module is not loaded.");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Password call back module is not loaded.");
return AXIS2_FAILURE;
}
password = rampart_callback_password(env, password_callback, enc_user);
if(password)
+ {
oxs_asym_ctx_set_password(asym_ctx, env, password);
+ }
}
}
}
}
- oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
+ oxs_asym_ctx_set_operation(asym_ctx, env,
+ OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
oxs_asym_ctx_set_st_ref_pattern(asym_ctx, env, eki);
+
/*Encrypt the session key*/
- status = oxs_xml_enc_encrypt_key(env, asym_ctx, sec_node, session_key, id_list);
- if(AXIS2_FAILURE == status){
+ status = oxs_xml_enc_encrypt_key(env, asym_ctx,
+ sec_node, session_key, id_list);
+ if(AXIS2_FAILURE == status)
+ {
return AXIS2_FAILURE;
}
oxs_asym_ctx_free(asym_ctx, env);
+ asym_ctx = NULL;
+
return AXIS2_SUCCESS;
}
@@ -305,43 +356,59 @@
axiom_element_t *body_ele = NULL;
axiom_element_t *encrypted_data_ele = NULL;
- encrypted_key_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_ENCRYPTED_KEY);
+ encrypted_key_node = oxs_axiom_get_node_by_local_name(
+ env, sec_node, OXS_NODE_ENCRYPTED_KEY);
if(!encrypted_key_node)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting signature, EncryptedKey Not found");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting signature, EncryptedKey Not found");
return AXIS2_FAILURE;
}
- key_id = oxs_util_generate_id(env,(axis2_char_t*)OXS_ENCKEY_ID);
- oxs_axiom_add_attribute(env, encrypted_key_node, OXS_WSU, RAMPART_WSU_XMLNS, OXS_ATTR_ID, key_id);
+ key_id = oxs_util_generate_id(env, (axis2_char_t*)OXS_ENCKEY_ID);
+
+ if(key_id)
+ {
+ oxs_axiom_add_attribute(env, encrypted_key_node, OXS_WSU,
+ RAMPART_WSU_XMLNS, OXS_ATTR_ID, key_id);
+ }
body = axiom_soap_envelope_get_body(soap_envelope, env);
body_node = axiom_soap_body_get_base_node(body, env);
body_ele = (axiom_element_t *)
- axiom_node_get_data_element(body_node, env);
+ axiom_node_get_data_element(body_node, env);
encrypted_data_ele = axiom_util_get_first_child_element_with_localname(
- body_ele, env, body_node, OXS_NODE_ENCRYPTED_DATA, &encrypted_data_node);
+ body_ele, env, body_node, OXS_NODE_ENCRYPTED_DATA, &encrypted_data_node);
if(encrypted_data_ele)
{
- key_info_node = oxs_token_build_key_info_element(env, encrypted_data_node);
+ key_info_node = oxs_token_build_key_info_element(
+ env, encrypted_data_node);
if(key_info_node)
{
- str_node = oxs_token_build_security_token_reference_element(env, key_info_node);
+ str_node = oxs_token_build_security_token_reference_element(
+ env, key_info_node);
if(str_node)
{
axis2_char_t *key_id_ref = NULL;
key_id_ref = axutil_stracat(env, "#",key_id);
- reference_node = oxs_token_build_reference_element(env, str_node, key_id_ref, NULL);
+ reference_node = oxs_token_build_reference_element(
+ env, str_node, key_id_ref, NULL);
+ AXIS2_FREE(env->allocator, key_id);
+ key_id = NULL;
+
if(!reference_node)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting signature, Reference Node build failed");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting signature, Reference Node build failed");
return AXIS2_FAILURE;
}
else
+ {
return AXIS2_SUCCESS;
+ }
}
else
return AXIS2_FAILURE;
@@ -379,56 +446,67 @@
if(!session_key)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Encrypting Signature.Session key not found");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting Signature.Session key not found");
return AXIS2_FAILURE;
}
- node_to_enc = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_SIGNATURE);
+ node_to_enc = oxs_axiom_get_node_by_local_name(
+ env, sec_node, OXS_NODE_SIGNATURE);
if(!node_to_enc)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Encrypting Signature. Signature node not found");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting Signature. Signature node not found");
return AXIS2_FAILURE;
}
- encrypted_key_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_ENCRYPTED_KEY);
+ encrypted_key_node = oxs_axiom_get_node_by_local_name(
+ env, sec_node, OXS_NODE_ENCRYPTED_KEY);
if(!encrypted_key_node)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting signature, EncryptedKey Not found");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting signature, EncryptedKey Not found");
return AXIS2_FAILURE;
}
enc_ctx = oxs_ctx_create(env);
oxs_ctx_set_key(enc_ctx, env, session_key);
- enc_sym_algo = rampart_context_get_enc_sym_algo(rampart_context,env);
+ enc_sym_algo = rampart_context_get_enc_sym_algo(rampart_context, env);
oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, enc_sym_algo);
- id = oxs_util_generate_id(env,(axis2_char_t*)OXS_ENCDATA_ID);
+ id = oxs_util_generate_id(env, (axis2_char_t*)OXS_ENCDATA_ID);
- enc_data_node = oxs_token_build_encrypted_data_element(env, sec_node, OXS_TYPE_ENC_ELEMENT, id );
- enc_status = oxs_xml_enc_encrypt_node(env, enc_ctx, node_to_enc, &enc_data_node);
+ enc_data_node = oxs_token_build_encrypted_data_element(
+ env, sec_node, OXS_TYPE_ENC_ELEMENT, id );
+ enc_status = oxs_xml_enc_encrypt_node(
+ env, enc_ctx, node_to_enc, &enc_data_node);
/*FREE*/
oxs_ctx_free(enc_ctx, env);
+ enc_ctx = NULL;
if(enc_status != AXIS2_SUCCESS)
{
return AXIS2_FAILURE;
}
- node_to_move = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_REFERENCE_LIST);
+ node_to_move = oxs_axiom_get_node_by_local_name(
+ env, sec_node, OXS_NODE_REFERENCE_LIST);
if(node_to_move)
{
temp_node = axiom_node_detach(node_to_move, env);
if(temp_node)
{
- enc_status = axiom_node_insert_sibling_after(enc_data_node, env, temp_node);
+ enc_status = axiom_node_insert_sibling_after(
+ enc_data_node, env, temp_node);
if(enc_status != AXIS2_SUCCESS)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting signature, Node moving failed.");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting signature, Node moving failed.");
return AXIS2_FAILURE;
}
}
@@ -438,10 +516,12 @@
axutil_array_list_add(id_list, env, id);
- enc_status = oxs_token_build_data_reference_list(env, encrypted_key_node, id_list);
+ enc_status = oxs_token_build_data_reference_list(
+ env, encrypted_key_node, id_list);
if(enc_status != AXIS2_SUCCESS)
{
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting signature,Building reference list failed");
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_encryption]Encrypting signature,Building reference list failed");
return AXIS2_FAILURE;
}