You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/26 15:59:01 UTC

svn commit: r511838 - in /webservices/axis2/trunk/c/rampart: include/openssl_sign.h src/omxmlsec/openssl/sign.c

Author: kaushalye
Date: Mon Feb 26 06:59:00 2007
New Revision: 511838

URL: http://svn.apache.org/viewvc?view=rev&rev=511838
Log:
Adding signature verification for the OpenSSL wrapper layer in OMXMLSecurity

Modified:
    webservices/axis2/trunk/c/rampart/include/openssl_sign.h
    webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c

Modified: webservices/axis2/trunk/c/rampart/include/openssl_sign.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_sign.h?view=diff&rev=511838&r1=511837&r2=511838
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_sign.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_sign.h Mon Feb 26 06:59:00 2007
@@ -42,7 +42,11 @@
         oxs_buffer_t *input_buf,
         oxs_buffer_t *output_buf);
 
-
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_sig_verify(const axis2_env_t *env,
+        oxs_sign_ctx_t *sign_ctx,
+        oxs_buffer_t *input_buf,
+        oxs_buffer_t *sig_buf);
 /** @} */
 #ifdef __cplusplus
 }

Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c?view=diff&rev=511838&r1=511837&r2=511838
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c Mon Feb 26 06:59:00 2007
@@ -31,6 +31,56 @@
 #include <openssl/bio.h>
 
 #define BUFSIZE 64
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_sig_verify(const axis2_env_t *env,
+    oxs_sign_ctx_t *sign_ctx,
+    oxs_buffer_t *input_buf,
+    oxs_buffer_t *sig_buf)
+{
+    axis2_status_t status = AXIS2_FAILURE;
+    openssl_pkey_t *open_pubkey = NULL;
+    oxs_x509_cert_t *cert = NULL;
+    const EVP_MD*   digest;
+    EVP_MD_CTX      md_ctx;
+    EVP_PKEY*       pkey;
+    int  ret;
+
+    /*Get the publickey*/
+    cert = oxs_sign_ctx_get_certificate(sign_ctx, env);
+    open_pubkey = oxs_x509_cert_get_public_key(cert, env);
+    pkey = OPENSSL_PKEY_GET_KEY(open_pubkey, env);
+
+    /*Set the digest according to the signature method*/
+    digest = EVP_sha1();
+    
+    ret = EVP_VerifyInit(&md_ctx, digest);
+    if(ret != 1) {
+        /*Error*/
+    }
+    ret = EVP_VerifyUpdate(&md_ctx,  OXS_BUFFER_GET_DATA(input_buf, env),  OXS_BUFFER_GET_SIZE(input_buf, env));
+    if(ret != 1) {
+        /*Error*/
+    }
+    
+    ret = EVP_VerifyFinal(&md_ctx, OXS_BUFFER_GET_DATA(sig_buf, env), 
+                                   OXS_BUFFER_GET_SIZE(sig_buf, env),
+                                   pkey);
+    if(ret == 0){
+        /*Error. Signature verification FAILED */
+        status = AXIS2_FAILURE;
+    }else if(ret < 0){
+        /*Erorr. Some other error*/
+        status = AXIS2_FAILURE;
+    }else{
+        /*SUCCESS. Det ar bra :-)*/ 
+        status = AXIS2_SUCCESS;
+    }
+
+    return status;    
+    
+}
+
 AXIS2_EXTERN int AXIS2_CALL
 openssl_sign(const axis2_env_t *env,
         oxs_sign_ctx_t *sign_ctx,



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org