You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by ka...@apache.org on 2006/12/05 06:44:22 UTC
svn commit: r482508 - in /webservices/axis2/trunk/c/rampart: include/
src/handlers/ src/omxmlsec/ src/omxmlsec/openssl/ src/omxmlsec/tokens/
src/util/ test/omxmlsec/
Author: kaushalye
Date: Mon Dec 4 21:44:21 2006
New Revision: 482508
URL: http://svn.apache.org/viewvc?view=rev&rev=482508
Log:
This commit includes
1. Support for BinarySecurityTokens
2. Ability to send Key Information using embedded references
3. Ability to send Key Information using X509Data references
4. Fixed random failure in EVP_CipherFinal_ex
5. Introducing wsse:Embedded and wsse:Reference tokens
6. Improving the default behavior in case of missing configurations in rampart
Plus some other minor modifications.
Added:
webservices/axis2/trunk/c/rampart/include/oxs_token_embedded.h
webservices/axis2/trunk/c/rampart/include/oxs_token_reference.h
webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_embedded.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_reference.c
Modified:
webservices/axis2/trunk/c/rampart/include/openssl_x509.h
webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
webservices/axis2/trunk/c/rampart/include/oxs_constants.h
webservices/axis2/trunk/c/rampart/include/oxs_token_binary_security_token.h
webservices/axis2/trunk/c/rampart/include/oxs_token_cipher_value.h
webservices/axis2/trunk/c/rampart/include/oxs_token_data_reference.h
webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_data.h
webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_key.h
webservices/axis2/trunk/c/rampart/include/oxs_token_encryption_method.h
webservices/axis2/trunk/c/rampart/include/oxs_token_key_identifier.h
webservices/axis2/trunk/c/rampart/include/oxs_token_key_info.h
webservices/axis2/trunk/c/rampart/include/oxs_token_key_name.h
webservices/axis2/trunk/c/rampart/include/oxs_token_reference_list.h
webservices/axis2/trunk/c/rampart/include/oxs_token_security_token_reference.h
webservices/axis2/trunk/c/rampart/include/oxs_token_x509_data.h
webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_name.h
webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_serial.h
webservices/axis2/trunk/c/rampart/include/oxs_token_x509_serial_number.h
webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h
webservices/axis2/trunk/c/rampart/include/oxs_xml_encryption.h
webservices/axis2/trunk/c/rampart/include/rampart_callback.h
webservices/axis2/trunk/c/rampart/include/rampart_constants.h
webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/cipher.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/key.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/crypt.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/Makefile.am
webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_binary_security_token.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c
webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c
webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
Modified: webservices/axis2/trunk/c/rampart/include/openssl_x509.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/openssl_x509.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/openssl_x509.h (original)
+++ webservices/axis2/trunk/c/rampart/include/openssl_x509.h Mon Dec 4 21:44:21 2006
@@ -103,6 +103,10 @@
EVP_PKEY **pubkey);
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+openssl_x509_get_subject_key_identifier(const axis2_env_t *env,
+ X509 *cert);
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
openssl_x509_get_info(const axis2_env_t *env,
openssl_x509_info_type_t type,
X509 *cert);
Modified: webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_asym_ctx.h Mon Dec 4 21:44:21 2006
@@ -85,6 +85,10 @@
oxs_asym_ctx_get_algorithm(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+oxs_asym_ctx_get_st_ref_pattern(const oxs_asym_ctx_t *ctx,
+ const axis2_env_t *env);
+
AXIS2_EXTERN oxs_asym_ctx_operation_t AXIS2_CALL
oxs_asym_ctx_get_operation(const oxs_asym_ctx_t *ctx,
const axis2_env_t *env);
@@ -116,6 +120,11 @@
oxs_asym_ctx_set_algorithm(oxs_asym_ctx_t *ctx,
const axis2_env_t *env,
axis2_char_t *algorithm);
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_asym_ctx_set_st_ref_pattern(oxs_asym_ctx_t *ctx,
+ const axis2_env_t *env,
+ axis2_char_t *st_ref_pattern);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_operation(oxs_asym_ctx_t *ctx,
Modified: webservices/axis2/trunk/c/rampart/include/oxs_constants.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_constants.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_constants.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_constants.h Mon Dec 4 21:44:21 2006
@@ -25,7 +25,9 @@
/*Default values*/
/*Key transfer algo*/
-#define OXS_DEFAULT_KT_ALGO_HREF OXS_HREF_RSA_PKCS1
+#define OXS_DEFAULT_KT_ALGO_HREF OXS_HREF_RSA_PKCS1
+#define OXS_DEFAULT_SYM_ALGO OXS_HREF_AES_256_CBC
+#define OXS_STR_DEFAULT OXS_STR_EMBEDDED
/****************************************************************
@@ -41,6 +43,7 @@
#define OXS_ENCDATA_ID "EncDataID"
#define OXS_ENCKEY_ID "EncKeyID"
#define OXS_CERT_ID "CertID"
+#define OXS_EMBEDDED_ID "EmbeddedID"
/****************************************************************
Global namespaces
@@ -94,6 +97,7 @@
#define OXS_NODE_BINARY_SECURITY_TOKEN "BinarySecurityToken"
#define OXS_NODE_KEY_IDENTIFIER "KeyIdentifier"
#define OXS_NODE_SECURITY_TOKEN_REFRENCE "SecurityTokenReference"
+#define OXS_NODE_EMBEDDED "Embedded"
/****************************************************************
@@ -306,7 +310,14 @@
****************************************************************/
#define OXS_ENCODING_BASE64BINARY "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
#define OXS_VALUE_X509V3 "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
-
+#define OXS_X509_SUBJ_KI "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier"
+/****************************************************************
+ ST References
+****************************************************************/
+#define OXS_STR_DIRECT_REFERENCE "DirectReference"
+#define OXS_STR_KEY_IDENTIFIER "KeyIdentifier"
+#define OXS_STR_EMBEDDED "Embedded"
+#define OXS_STR_ISSUER_SERIAL "IssuerSerial"
/*************************************************************************/
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_binary_security_token.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_binary_security_token.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_binary_security_token.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_binary_security_token.h Mon Dec 4 21:44:21 2006
@@ -41,11 +41,11 @@
axiom_node_t *parent,
axis2_char_t* id,
axis2_char_t* encoding_type,
- axis2_char_t* value_type
+ axis2_char_t* value_type,
+ axis2_char_t* data
);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_cipher_value.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_cipher_value.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_cipher_value.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_cipher_value.h Mon Dec 4 21:44:21 2006
@@ -49,7 +49,6 @@
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_data_reference.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_data_reference.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_data_reference.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_data_reference.h Mon Dec 4 21:44:21 2006
@@ -45,7 +45,6 @@
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_token_get_data_reference(const axis2_env_t *env, axiom_node_t *data_ref_node);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Added: webservices/axis2/trunk/c/rampart/include/oxs_token_embedded.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_embedded.h?view=auto&rev=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_embedded.h (added)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_embedded.h Mon Dec 4 21:44:21 2006
@@ -0,0 +1,49 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef OXS_TOKEN_EMBEDDED_H
+#define OXS_TOKEN_EMBEDDED_H
+
+
+/**
+ * @file oxs_token_embedded.h
+ * @brief
+ */
+
+#include <axis2_defines.h>
+#include <axis2_env.h>
+#include <axiom_node.h>
+#include <axiom_element.h>
+#include <axis2_qname.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+oxs_token_build_embedded_element(const axis2_env_t *env,
+ axiom_node_t *parent,
+ axis2_char_t* id);
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+oxs_token_get_embedded_id(const axis2_env_t *env, axiom_node_t *embedded_node);
+
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OXS_TOKEN_EMBEDDED_H */
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_data.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_data.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_data.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_data.h Mon Dec 4 21:44:21 2006
@@ -43,8 +43,6 @@
axis2_char_t* id
);
-/*TODO write get attribute methods*/
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_key.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_key.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_key.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_encrypted_key.h Mon Dec 4 21:44:21 2006
@@ -42,7 +42,6 @@
axiom_node_t *parent);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_encryption_method.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_encryption_method.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_encryption_method.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_encryption_method.h Mon Dec 4 21:44:21 2006
@@ -45,7 +45,6 @@
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_token_get_encryption_method(const axis2_env_t *env, axiom_node_t *enc_mtd_node);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_key_identifier.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_key_identifier.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_key_identifier.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_key_identifier.h Mon Dec 4 21:44:21 2006
@@ -45,7 +45,6 @@
);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_key_info.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_key_info.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_key_info.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_key_info.h Mon Dec 4 21:44:21 2006
@@ -42,7 +42,6 @@
);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_key_name.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_key_name.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_key_name.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_key_name.h Mon Dec 4 21:44:21 2006
@@ -45,7 +45,6 @@
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Added: webservices/axis2/trunk/c/rampart/include/oxs_token_reference.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_reference.h?view=auto&rev=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_reference.h (added)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_reference.h Mon Dec 4 21:44:21 2006
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef OXS_TOKEN_REFERENCE_H
+#define OXS_TOKEN_REFERENCE_H
+
+
+/**
+ * @file oxs_token_data_reference.h
+ * @brief
+ */
+
+#include <axis2_defines.h>
+#include <axis2_env.h>
+#include <axiom_node.h>
+#include <axiom_element.h>
+#include <axis2_qname.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/**
+* Reference element
+*/
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+oxs_token_build_reference_element(const axis2_env_t *env,
+ axiom_node_t *parent,
+ axis2_char_t *ref,
+ axis2_char_t *value_type
+ );
+
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+oxs_token_get_reference(const axis2_env_t *env, axiom_node_t *ref_node);
+
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* OXS_TOKEN_REFERENCE_H */
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_reference_list.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_reference_list.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_reference_list.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_reference_list.h Mon Dec 4 21:44:21 2006
@@ -49,7 +49,6 @@
oxs_token_get_reference_list_data(const axis2_env_t *env, axiom_node_t *ref_list_node);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_security_token_reference.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_security_token_reference.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_security_token_reference.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_security_token_reference.h Mon Dec 4 21:44:21 2006
@@ -37,7 +37,6 @@
axiom_node_t *parent);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_x509_data.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_x509_data.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_x509_data.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_x509_data.h Mon Dec 4 21:44:21 2006
@@ -40,7 +40,6 @@
oxs_token_build_x509_data_element(const axis2_env_t *env,
axiom_node_t *parent);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_name.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_name.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_name.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_name.h Mon Dec 4 21:44:21 2006
@@ -46,7 +46,6 @@
axiom_node_t *parent,
axis2_char_t* value );
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_serial.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_serial.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_serial.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_x509_issuer_serial.h Mon Dec 4 21:44:21 2006
@@ -47,7 +47,6 @@
axiom_node_t *parent);
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_token_x509_serial_number.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_token_x509_serial_number.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_token_x509_serial_number.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_token_x509_serial_number.h Mon Dec 4 21:44:21 2006
@@ -46,7 +46,6 @@
axiom_node_t *parent,
axis2_char_t* value );
-/*TODO write free method*/
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h Mon Dec 4 21:44:21 2006
@@ -60,27 +60,35 @@
AXIS2_EXTERN int AXIS2_CALL
oxs_x509_cert_get_serial_number(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_x509_cert_get_subject(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_x509_cert_get_issuer(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
-oxs_x509_cert_get_(oxs_x509_cert_t *x509_cert,
+oxs_x509_cert_get_key_identifier(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_x509_cert_get_fingerprint(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_x509_cert_get_date(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_x509_cert_get_hash(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_x509_cert_get_data(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
+
AXIS2_EXTERN openssl_pkey_t *AXIS2_CALL
oxs_x509_cert_get_public_key(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env);
@@ -93,6 +101,11 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_x509_cert_set_issuer(oxs_x509_cert_t *x509_cert,
+ const axis2_env_t *env,
+ axis2_char_t *value);
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_x509_cert_set_key_identifier(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env,
axis2_char_t *value);
Modified: webservices/axis2/trunk/c/rampart/include/oxs_xml_encryption.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_xml_encryption.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_xml_encryption.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_xml_encryption.h Mon Dec 4 21:44:21 2006
@@ -69,6 +69,7 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_decrypt_key(const axis2_env_t *env,
oxs_asym_ctx_t * asym_ctx,
+ axiom_node_t *parent,
axiom_node_t *encrypted_key_node,
oxs_key_t *key);
/** @} */
Modified: webservices/axis2/trunk/c/rampart/include/rampart_callback.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_callback.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_callback.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_callback.h Mon Dec 4 21:44:21 2006
@@ -81,7 +81,6 @@
};
/*************************** Function macros **********************************/
-/*TODO write the implementation*/
#define RAMPART_CALLBACK_FREE(callback, env) \
((callback)->ops->free (callback, env))
Modified: webservices/axis2/trunk/c/rampart/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/rampart_constants.h?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/rampart_constants.h (original)
+++ webservices/axis2/trunk/c/rampart/include/rampart_constants.h Mon Dec 4 21:44:21 2006
@@ -25,6 +25,7 @@
/*Default values*/
#define RAMPART_DEFAULT_KT_ALGO OXS_DEFAULT_KT_ALGO_HREF
+#define RAMPART_STR_DEFAULT OXS_STR_DEFAULT
/* rampart element names*/
#define RAMPART_SECURITY "Security"
@@ -138,6 +139,11 @@
#define RAMPART_YES "YES"
#define RAMPART_NO "NO"
+
+#define RAMPART_STR_DIRECT_REFERENCE OXS_STR_DIRECT_REFERENCE
+#define RAMPART_STR_KEY_IDENTIFIER OXS_STR_KEY_IDENTIFIER
+#define RAMPART_STR_EMBEDDED OXS_STR_EMBEDDED
+#define RAMPART_STR_ISSUER_SERIAL OXS_STR_ISSUER_SERIAL
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c (original)
+++ webservices/axis2/trunk/c/rampart/src/handlers/rampart_out_handler.c Mon Dec 4 21:44:21 2006
@@ -103,7 +103,7 @@
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
-
+
soap_envelope = AXIS2_MSG_CTX_GET_SOAP_ENVELOPE(msg_ctx, env);
if (!soap_envelope)
{
@@ -271,7 +271,13 @@
{
AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] Encrypting we do not support yet");
- status = rampart_enc_encrypt_message(env, msg_ctx, actions, soap_envelope, sec_node);
+ status = rampart_enc_encrypt_message(env, msg_ctx, actions, soap_envelope, sec_node);
+ if (status == AXIS2_FAILURE)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] Message encryption failed. ERROR");
+ return AXIS2_FAILURE;
+ }
+
/*Signature*/
}
else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_SIGNATURE,
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/asym_ctx.c Mon Dec 4 21:44:21 2006
@@ -25,6 +25,7 @@
axis2_char_t *file_name;
axis2_char_t *password;
axis2_char_t *algorithm;
+ axis2_char_t *st_ref_pattern;
oxs_asym_ctx_operation_t operation;
oxs_asym_ctx_format_t format;
oxs_x509_cert_t *certificate;
@@ -65,6 +66,14 @@
return asym_ctx->algorithm;
}
+axis2_char_t *AXIS2_CALL
+oxs_asym_ctx_get_st_ref_pattern(
+ const oxs_asym_ctx_t *asym_ctx,
+ const axis2_env_t *env)
+{
+ return asym_ctx->st_ref_pattern;
+}
+
oxs_asym_ctx_operation_t AXIS2_CALL
oxs_asym_ctx_get_operation(
const oxs_asym_ctx_t *asym_ctx,
@@ -151,6 +160,21 @@
}
axis2_status_t AXIS2_CALL
+oxs_asym_ctx_set_st_ref_pattern(
+ oxs_asym_ctx_t *asym_ctx,
+ const axis2_env_t *env,
+ axis2_char_t *st_ref_pattern)
+{
+ if (asym_ctx->st_ref_pattern)
+ {
+ AXIS2_FREE(env->allocator, asym_ctx->st_ref_pattern);
+ asym_ctx->st_ref_pattern = NULL;
+ }
+ asym_ctx->st_ref_pattern = AXIS2_STRDUP(st_ref_pattern, env);
+ return AXIS2_SUCCESS;
+}
+
+axis2_status_t AXIS2_CALL
oxs_asym_ctx_set_operation(
oxs_asym_ctx_t *asym_ctx,
const axis2_env_t *env,
@@ -213,6 +237,7 @@
asym_ctx->password= NULL;
asym_ctx->format= -1;
asym_ctx->algorithm = NULL;
+ asym_ctx->st_ref_pattern = NULL;
asym_ctx->operation = -1;
asym_ctx->certificate = NULL;
@@ -243,6 +268,12 @@
{
AXIS2_FREE(env->allocator, asym_ctx->algorithm);
asym_ctx->algorithm = NULL;
+ }
+
+ if (asym_ctx->st_ref_pattern)
+ {
+ AXIS2_FREE(env->allocator, asym_ctx->st_ref_pattern);
+ asym_ctx->st_ref_pattern = NULL;
}
if (asym_ctx->certificate)
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/cipher.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/cipher.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/cipher.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/cipher.c Mon Dec 4 21:44:21 2006
@@ -27,11 +27,19 @@
axis2_char_t *url)
{
openssl_cipher_property_t *cprop = NULL;
+ axis2_char_t *cipher_name = NULL;
axis2_status_t ret = AXIS2_SUCCESS;
cprop = openssl_cipher_property_create(env);
ret = OPENSSL_CIPHER_PROPERTY_SET_URL(cprop, env , url);
- ret = OPENSSL_CIPHER_PROPERTY_SET_NAME(cprop, env , (axis2_char_t*)oxs_get_cipher_name_for_url(env, url));
+
+ cipher_name = oxs_get_cipher_name_for_url(env, url);
+ if((!cipher_name) || (0 == AXIS2_STRCMP(cipher_name, ""))){
+ oxs_error(ERROR_LOCATION,
+ OXS_ERROR_INVALID_DATA, "Cannot populate cipher property");
+ return NULL;
+ }
+ ret = OPENSSL_CIPHER_PROPERTY_SET_NAME(cprop, env , cipher_name);
ret = openssl_populate_cipher_property(env, cprop);
if (ret == AXIS2_FAILURE)
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/encryption.c Mon Dec 4 21:44:21 2006
@@ -97,7 +97,7 @@
&out_main_buf, OPENSSL_ENCRYPT);
if(enclen < 0){
oxs_error(ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
- "openssl_block_cipher_crypt");
+ "openssl_block_cipher_crypt FAILED");
return AXIS2_FAILURE;
}
@@ -115,6 +115,8 @@
ret = OXS_BUFFER_POPULATE(result, env, (unsigned char*)AXIS2_STRDUP(encoded_str, env), encodedlen);
/*Free*/
+ AXIS2_FREE(env->allocator, out_main_buf);
+ out_main_buf = NULL;
AXIS2_FREE(env->allocator, encoded_str);
encoded_str = NULL;
@@ -132,13 +134,21 @@
{
oxs_error(ERROR_LOCATION, OXS_ERROR_DECRYPT_FAILED,
"axis2_base64_decode_binary failed");
+ return AXIS2_FAILURE;
}
/*Then we decrypt*/
enclen = openssl_block_cipher_crypt(env, oc_ctx,
decoded_data, decoded_len, &out_main_buf, OPENSSL_DECRYPT);
-
+
+ if(enclen < 0){
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DECRYPT_FAILED,
+ "openssl_block_cipher_crypt FAILED");
+ return AXIS2_FAILURE;
+ }
ret = OXS_BUFFER_POPULATE(result, env, AXIS2_STRMEMDUP(out_main_buf, enclen, env), enclen);
/*Free*/
+ AXIS2_FREE(env->allocator, out_main_buf);
+ out_main_buf = NULL;
AXIS2_FREE(env->allocator, decoded_data);
decoded_data = NULL;
@@ -147,7 +157,11 @@
"Invalid operation type %d", OXS_CTX_GET_OPERATION(enc_ctx, env));
return AXIS2_FAILURE;
}
-
+
+ /*Free*/
+ AXIS2_FREE(env->allocator, iv);
+ iv = NULL;
+
return AXIS2_SUCCESS;
}
@@ -163,9 +177,13 @@
oxs_asym_ctx_operation_t operation = -1;
axis2_status_t status = AXIS2_FAILURE;
axis2_char_t *password = NULL;
+ axis2_char_t *algorithm = NULL;
- /*TODO We support RSA encryption only. If any other algorithm is specified, reject*/
-
+ algorithm = oxs_asym_ctx_get_algorithm(ctx, env);
+ /* We support RSA v1.5 encryption only. If any other algorithm is specified, replace it with the proper one*/
+ if(0 != (AXIS2_STRCMP(OXS_HREF_RSA_PKCS1, algorithm ))) {
+ oxs_asym_ctx_set_algorithm(ctx, env, OXS_HREF_RSA_PKCS1);
+ }
/*Load the key using key manager*/
password = oxs_asym_ctx_get_password(ctx, env);
@@ -174,15 +192,6 @@
return AXIS2_FAILURE;
}
-#if 0
- /*1. Try to get the pkey from the asy_ctx*/
- axis2_char_t *file_name = NULL;
- /*2. If not try to load the key from the dec_prop_file*/
- file_name = oxs_asym_ctx_get_file_name(ctx, env);
- pkey = openssl_pkey_create(env);
- status = OPENSSL_PKEY_LOAD(pkey, env, file_name, "");/*TODO password*/
-#endif
-
/*Check for the operation and call appropriate method*/
operation = oxs_asym_ctx_get_operation(ctx, env);
rsa = openssl_rsa_create(env);
@@ -204,6 +213,12 @@
encoded_str = AXIS2_MALLOC(env->allocator, encodedlen);
ret = axis2_base64_encode(encoded_str, (const char *)encrypted, enclen);
status = OXS_BUFFER_POPULATE(result, env, (unsigned char*)AXIS2_STRDUP(encoded_str, env), encodedlen);
+
+ /*Free*/
+ AXIS2_FREE(env->allocator, encrypted);
+ encrypted = NULL;
+ AXIS2_FREE(env->allocator, encoded_str);
+ encoded_str = NULL;
}else if(OXS_ASYM_CTX_OPERATION_PRV_DECRYPT == operation ){
unsigned char *decoded_encrypted_str = NULL;
@@ -217,8 +232,14 @@
decoded_encrypted_str = AXIS2_MALLOC(env->allocator, axis2_base64_decode_len((char*)OXS_BUFFER_GET_DATA(input, env)));
ret = axis2_base64_decode((char*)decoded_encrypted_str, (char*)OXS_BUFFER_GET_DATA(input, env));
declen = OPENSSL_RSA_PRV_DECRYPT(rsa, env, pkey, decoded_encrypted_str, &decrypted);
- status = OXS_BUFFER_POPULATE(result, env, decrypted, declen);
-
+ status = OXS_BUFFER_POPULATE(result, env, AXIS2_STRMEMDUP(decrypted, declen, env), declen);
+
+ /*Free*/
+ AXIS2_FREE(env->allocator, decoded_encrypted_str);
+ decoded_encrypted_str = NULL;
+ AXIS2_FREE(env->allocator, decrypted);
+ decrypted = NULL;
+
}else if(OXS_ASYM_CTX_OPERATION_PRV_ENCRYPT == operation ){
/**/
}else if(OXS_ASYM_CTX_OPERATION_PRV_ENCRYPT == operation ){
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/key.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/key.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/key.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/key.c Mon Dec 4 21:44:21 2006
@@ -351,6 +351,7 @@
size = OPENSSL_CIPHER_PROPERTY_GET_KEY_SIZE(cprop, env);
key_buf = oxs_buffer_create(env);
+ /*The actual key generation happens here*/
ret = generate_random_data(env, key_buf, size);
if (ret == AXIS2_FAILURE)
{
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/key_mgr.c Mon Dec 4 21:44:21 2006
@@ -46,12 +46,16 @@
format = OPENSSL_X509_FORMAT_PEM;
status = openssl_x509_load_from_pem(env, filename, &cert);
if(AXIS2_FAILURE == status){
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error reading the certificate");
return AXIS2_FAILURE;
}
}else if(OXS_ASYM_CTX_FORMAT_PKCS12 == oxs_asym_ctx_get_format(ctx, env)){
format = OPENSSL_X509_FORMAT_PKCS12;
status = openssl_x509_load_from_pkcs12(env, filename, password, &cert, &prvkey, &ca);
if(AXIS2_FAILURE == status){
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error reading the certificate");
return AXIS2_FAILURE;
}
}
@@ -74,7 +78,7 @@
oxs_x509_cert_set_subject(oxs_cert, env, openssl_x509_get_info(env, OPENSSL_X509_INFO_SUBJECT ,cert));
oxs_x509_cert_set_fingerprint(oxs_cert, env, openssl_x509_get_info(env, OPENSSL_X509_INFO_FINGER,cert));
oxs_x509_cert_set_serial_number(oxs_cert, env, openssl_x509_get_serial(env, cert));
- /*TODO Subject hash*/
+ /*oxs_x509_cert_set_key_identifier(oxs_cert, env, openssl_x509_get_subject_key_identifier(env, cert));*/
/*Additionally we need to set the public key*/
openssl_x509_get_pubkey(env, cert, &pubkey);
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/cipher_ctx.c Mon Dec 4 21:44:21 2006
@@ -30,7 +30,6 @@
openssl_cipher_ctx_t ctx;
const EVP_CIPHER* cipher;
- /*axis2_char_t *key;*/
oxs_key_t *key;
axis2_char_t *iv;
axis2_char_t *pad;
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/crypt.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/crypt.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/crypt.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/crypt.c Mon Dec 4 21:44:21 2006
@@ -49,7 +49,7 @@
i = 0;
out_buf_index = 0;
-
+
/*Get the key*/
key = OPENSSL_CIPHER_CTX_GET_KEY(oc_ctx, env);
key_data = AXIS2_MALLOC(env->allocator, OXS_KEY_GET_SIZE(key, env));
@@ -57,8 +57,10 @@
/*Init ctx*/
EVP_CIPHER_CTX_init(&ctx);
ret = EVP_CipherInit_ex(&ctx, (EVP_CIPHER *)OPENSSL_CIPHER_CTX_GET_CIPHER(oc_ctx, env), NULL, NULL, NULL, do_encrypt);
+
ret = EVP_CipherInit_ex(&ctx, NULL, NULL, key_data,
- (unsigned char*)OPENSSL_CIPHER_CTX_GET_IV(oc_ctx, env),
+ /*(unsigned char*)OPENSSL_CIPHER_CTX_GET_IV(oc_ctx, env),*/
+ NULL,/*NULL instead of IV. Here we do not use IV*/
do_encrypt);
for (;;)
{
@@ -90,17 +92,19 @@
"Encryption failed");
EVP_CIPHER_CTX_cleanup(&ctx);
- return (-1);
+ return (-2);
}
- /*TODO: Write the encrypted block to the tempbuf*/
- tempbuf2 = malloc(out_buf_index + outlen);
+ /*Write the encrypted block to the tempbuf2*/
+ tempbuf2 = AXIS2_MALLOC(env->allocator, out_buf_index + outlen);
+
if (i > 0)
{/*Skip for the i=0 step*/
- memcpy(tempbuf2, tempbuf, out_buf_index);
- /*free tempbuf*/
- free(tempbuf);
+ memmove(tempbuf2, tempbuf, out_buf_index);
+ /*Free*/
+ AXIS2_FREE(env->allocator, tempbuf);
+ tempbuf = NULL;
}
- memcpy(tempbuf2 + out_buf_index, outbuf, outlen);
+ memmove(tempbuf2 + out_buf_index, outbuf, outlen);
tempbuf = tempbuf2; /*Assign new tempbuf2 to the old one*/
out_buf_index = out_buf_index + outlen;/*Update the writing position of the tempbuf*/
@@ -111,23 +115,28 @@
if (!ret)
{
/* Error */
- EVP_CIPHER_CTX_cleanup(&ctx);
- AXIS2_LOG_INFO(env->log, "[oxs][crypt.c] EVP_CIPHER_CTX_cleanup ");
- return (-1);
+ ret = EVP_CIPHER_CTX_cleanup(&ctx);
+ oxs_error(ERROR_LOCATION, OXS_ERROR_OPENSSL_FUNC_FAILED,
+ "Encryption Final_ex failed");
+ return (-3);
}
/*Alright now we need to write the last drop*/
- tempbuf2 = malloc(out_buf_index + outlen);
- memcpy(tempbuf2, tempbuf, out_buf_index);
- /*free tempbuf*/
- free(tempbuf);
- memcpy(tempbuf2 + out_buf_index, outbuf, outlen);
+ tempbuf2 = AXIS2_MALLOC(env->allocator, out_buf_index + outlen);
+ memmove(tempbuf2, tempbuf, out_buf_index);
+ /*Free*/
+ AXIS2_FREE(env->allocator, tempbuf);
+ tempbuf = NULL;
+
+ memmove(tempbuf2 + out_buf_index, outbuf, outlen);
tempbuf = tempbuf2; /*Assign new tempbuf2 to the old one*/
out_buf_index = out_buf_index + outlen;/*Update the writing position of the tempbuf*/
EVP_CIPHER_CTX_cleanup(&ctx);
/*Assign the temp buf to the out_main_buf*/
- *out_main_buf = malloc(out_buf_index+outlen);
- memcpy(*out_main_buf, tempbuf, out_buf_index+outlen);
- free(tempbuf2);
+ *out_main_buf = AXIS2_MALLOC(env->allocator, out_buf_index+outlen);
+ memmove(*out_main_buf, tempbuf, out_buf_index+outlen-1);
+ AXIS2_FREE(env->allocator, tempbuf2);
+ tempbuf2 = NULL;
+
return out_buf_index;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/rsa.c Mon Dec 4 21:44:21 2006
@@ -145,9 +145,8 @@
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
rsa_impl = AXIS2_INTF_TO_IMPL(rsa);
- /*encrypted = malloc(RSA_size(pubkey->key->pkey.rsa));*/
key = (EVP_PKEY *)OPENSSL_PKEY_GET_KEY(pkey, env);
- encrypted = malloc(RSA_size(key->pkey.rsa));
+ encrypted = AXIS2_MALLOC(env->allocator, RSA_size(key->pkey.rsa));
ret = RSA_public_encrypt(strlen((char*)in),
in,
encrypted,
@@ -155,7 +154,8 @@
RSA_PKCS1_PADDING);
if (ret < 0)
{
- printf("Encryption failed \n");
+ oxs_error(ERROR_LOCATION, OXS_ERROR_OPENSSL_FUNC_FAILED,
+ "RSA encryption failed");
return (-1);
}
*out = encrypted;
@@ -179,7 +179,7 @@
rsa_impl = AXIS2_INTF_TO_IMPL(rsa);
key = (EVP_PKEY *)OPENSSL_PKEY_GET_KEY(pkey, env);
- decrypted = malloc(RSA_size(key->pkey.rsa));
+ decrypted = AXIS2_MALLOC(env->allocator, RSA_size(key->pkey.rsa));
ret = RSA_private_decrypt(RSA_size(key->pkey.rsa),
in,
decrypted,
@@ -187,7 +187,8 @@
RSA_PKCS1_PADDING);
if (ret < 0)
{
- printf("Decryption failed \n");
+ oxs_error(ERROR_LOCATION, OXS_ERROR_OPENSSL_FUNC_FAILED,
+ "RSA decryption failed");
return (-1);
}
*out = decrypted;
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/util.c Mon Dec 4 21:44:21 2006
@@ -30,6 +30,8 @@
{
axis2_status_t status = AXIS2_FAILURE;
int ret;
+ int encodedlen;
+ axis2_char_t *encoded_str = NULL;
unsigned char temp_buffer[1024];
ret = RAND_bytes(temp_buffer, size);
@@ -39,9 +41,14 @@
OXS_ERROR_DEFAULT, "RAND_bytes failed %d", size);
return AXIS2_FAILURE;
}
+ /*Encoding make it easier to handle random data*/
+ encodedlen = axis2_base64_encode_len(size);
+ encoded_str = AXIS2_MALLOC(env->allocator, encodedlen);
+ ret = axis2_base64_encode(encoded_str, (const char *)temp_buffer, size);
+ status = OXS_BUFFER_POPULATE(buffer, env, (unsigned char*)encoded_str, size);
- status = OXS_BUFFER_POPULATE(buffer, env, temp_buffer, size);
-
+ AXIS2_FREE(env->allocator, encoded_str);
+ encoded_str = NULL;
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/x509.c Mon Dec 4 21:44:21 2006
@@ -65,8 +65,8 @@
#endif
if ((mem = BIO_new_mem_buf(buff, ilen)) == NULL)
{
- /*oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
- "BIO memeory allocation failure");*/
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "BIO memeory allocation failure");
return AXIS2_FAILURE;
}
@@ -88,29 +88,31 @@
axis2_char_t *filename,
X509 **cert)
{
- axis2_status_t status = AXIS2_SUCCESS;
BIO *in;
if ((in=BIO_new_file(filename,"r")) == NULL)
{
- printf("Error reading the file\n");
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error reading the file");
return AXIS2_FAILURE;
}
/*Read certificate*/
PEM_read_bio_X509(in, cert,NULL,NULL);
if(!*cert)
{
- printf("Error creating the certificate\n");
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error creating the certificate");
return AXIS2_FAILURE;
}
- if (BIO_reset(in) != 1)
- status = AXIS2_FAILURE;
-
- if (BIO_free(in) != 1)
- status = AXIS2_FAILURE;
-
- return status;
+ if (-1 == BIO_reset(in) ){
+ return AXIS2_FAILURE;
+ }
+
+ if (-1 == BIO_free(in) ){
+ return AXIS2_FAILURE;
+ }
+ return AXIS2_SUCCESS;
}
@@ -234,7 +236,6 @@
return AXIS2_SUCCESS;
}
-#if 0
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
openssl_x509_get_subject_key_identifier(const axis2_env_t *env,
X509 *cert)
@@ -246,23 +247,27 @@
int len, ret;
char buf[1000];
char output[100];
+ axis2_char_t *ski = NULL;
/*Get ext by ID*/
index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1);
if (index < 0) {
- printf("index is less than zero\n");
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "The extenension index of NID_subject_key_identifier is not valid");
return NULL;
}
- /*Get the extension*/
+/*Get the extension*/
ext = X509_get_ext(cert, index);
if (ext == NULL) {
- printf("Extension is Null\n");
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "The extension for NID_subject_key_identifier is NULL");
return NULL;
}
/*Subject Key Identifier*/
- keyId = X509V3_EXT_d2i(ext);
+ keyId = (ASN1_OCTET_STRING *)X509V3_EXT_d2i(ext);
if (keyId == NULL) {
- printf("KeyId is NULL\n");
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "The SubjectKeyIdentifier is NULL");
return NULL;
}
memcpy(buf, keyId->data, keyId->length);
@@ -273,9 +278,9 @@
EVP_EncodeFinal(&ctx, (unsigned char*)(output+len), &ret);
ret += len;
- return output;
+ ski = AXIS2_STRDUP(output, env);
+ return ski;
}
-#endif
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
openssl_x509_get_info(const axis2_env_t *env,
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/Makefile.am?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/Makefile.am (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/Makefile.am Mon Dec 4 21:44:21 2006
@@ -4,7 +4,8 @@
token_cipher_data.c token_key_name.c token_key_info.c token_binary_security_token.c \
token_reference_list.c token_data_reference.c token_encrypted_key.c \
token_key_identifier.c token_x509_data.c token_x509_issuer_serial.c\
- token_x509_issuer_name.c token_x509_serial_number.c token_security_token_reference.c
+ token_x509_issuer_name.c token_x509_serial_number.c token_security_token_reference.c \
+ token_embedded.c token_reference.c
liboxstokens_la_LIBADD =../../../../util/src/libaxis2_util.la \
../../../../axiom/src/om/libaxis2_axiom.la
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_binary_security_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_binary_security_token.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_binary_security_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_binary_security_token.c Mon Dec 4 21:44:21 2006
@@ -18,6 +18,7 @@
#include <oxs_constants.h>
#include <oxs_error.h>
#include <oxs_token_binary_security_token.h>
+#include <oxs_utility.h>
#include <axiom_attribute.h>
#include <axiom_element.h>
@@ -27,8 +28,8 @@
axiom_node_t *parent,
axis2_char_t* id,
axis2_char_t* encoding_type,
- axis2_char_t* value_type
- )
+ axis2_char_t* value_type,
+ axis2_char_t* data)
{
axiom_node_t *binary_security_token_node = NULL;
axiom_element_t *binary_security_token_ele = NULL;
@@ -49,6 +50,12 @@
return NULL;
}
+ if (!id)
+ {
+ id = oxs_util_generate_id(env,(axis2_char_t*)OXS_CERT_ID);
+ }
+
+
id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, NULL);
encoding_type_att = axiom_attribute_create(env, OXS_ATTR_ENCODING_TYPE, encoding_type, NULL);
value_type_att = axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE, value_type, NULL);
@@ -57,7 +64,12 @@
ret = AXIOM_ELEMENT_ADD_ATTRIBUTE(binary_security_token_ele, env, encoding_type_att, binary_security_token_node);
ret = AXIOM_ELEMENT_ADD_ATTRIBUTE(binary_security_token_ele, env, value_type_att, binary_security_token_node);
+ if(data){
+ ret = AXIOM_ELEMENT_SET_TEXT(binary_security_token_ele, env, data, binary_security_token_node);
+ }
+
return binary_security_token_node;
}
+
Added: webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_embedded.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_embedded.c?view=auto&rev=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_embedded.c (added)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_embedded.c Mon Dec 4 21:44:21 2006
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <oxs_constants.h>
+#include <oxs_error.h>
+#include <oxs_token_embedded.h>
+#include <axiom_attribute.h>
+#include <axiom_element.h>
+#include <oxs_utility.h>
+
+
+
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+oxs_token_build_embedded_element(const axis2_env_t *env,
+ axiom_node_t *parent,
+ axis2_char_t* id)
+{
+ axiom_node_t *embedded_node = NULL;
+ axiom_element_t *embedded_ele = NULL;
+ axiom_attribute_t *id_attr = NULL;
+ int ret;
+ axiom_namespace_t *ns_obj = NULL;
+
+ ns_obj = axiom_namespace_create(env, OXS_WSSE_NS,
+ OXS_WSSE);
+
+ embedded_ele = axiom_element_create(env, parent, OXS_NODE_EMBEDDED, ns_obj, &embedded_node);
+ if (!embedded_ele)
+ {
+ oxs_error(ERROR_LOCATION,
+ OXS_ERROR_ELEMENT_FAILED, "Error creating embedded element");
+ return NULL;
+ }
+ if (!id)
+ {
+ id = oxs_util_generate_id(env,(axis2_char_t*)OXS_EMBEDDED_ID);
+ }
+
+ id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, NULL);
+
+ ret = AXIOM_ELEMENT_ADD_ATTRIBUTE(embedded_ele, env, id_attr, embedded_node);
+
+ return embedded_node;
+
+}
+
+
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+oxs_token_get_embedded_id(const axis2_env_t *env, axiom_node_t *embedded_node)
+{
+ axis2_char_t *embedded = NULL;
+ axiom_element_t *embedded_ele = NULL;
+
+ embedded_ele = AXIOM_NODE_GET_DATA_ELEMENT(embedded_node, env);
+ if (!embedded_ele)
+ {
+ oxs_error(ERROR_LOCATION,
+ OXS_ERROR_ELEMENT_FAILED, "Error retrieving embedded element");
+ return NULL;
+ }
+
+ embedded = AXIOM_ELEMENT_GET_ATTRIBUTE_VALUE_BY_NAME(embedded_ele, env, OXS_ATTR_ID);
+ return embedded;
+
+}
+
Added: webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_reference.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_reference.c?view=auto&rev=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_reference.c (added)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/tokens/token_reference.c Mon Dec 4 21:44:21 2006
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2003-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <oxs_constants.h>
+#include <oxs_error.h>
+#include <oxs_token_reference.h>
+#include <axiom_attribute.h>
+#include <axiom_element.h>
+
+
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
+oxs_token_build_reference_element(const axis2_env_t *env,
+ axiom_node_t *parent,
+ axis2_char_t *ref,
+ axis2_char_t *value_type)
+{
+ axiom_node_t *reference_node = NULL;
+ axiom_element_t *reference_ele = NULL;
+ axiom_attribute_t *ref_attr = NULL;
+ axiom_attribute_t *value_type_attr = NULL;
+ int ret;
+ axiom_namespace_t *ns_obj = NULL;
+
+ ns_obj = axiom_namespace_create(env, OXS_WSSE_NS,
+ OXS_WSSE);
+
+ reference_ele = axiom_element_create(env, parent, OXS_NODE_REFERENCE, ns_obj, &reference_node);
+ if (!reference_ele)
+ {
+ oxs_error(ERROR_LOCATION,
+ OXS_ERROR_ELEMENT_FAILED, "Error creating Reference element");
+ return NULL;
+ }
+ /*attach empty string*/
+ if (!ref)
+ {
+ ref = "";
+ }
+
+ ref_attr = axiom_attribute_create(env, OXS_ATTR_URI , ref, NULL);
+ value_type_attr = axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE , value_type, NULL);
+
+ ret = AXIOM_ELEMENT_ADD_ATTRIBUTE(reference_ele, env, ref_attr, reference_node);
+ ret = AXIOM_ELEMENT_ADD_ATTRIBUTE(reference_ele, env, value_type_attr, reference_node);
+
+ return reference_node;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+oxs_token_get_reference(const axis2_env_t *env, axiom_node_t *ref_node)
+{
+ axis2_char_t *ref = NULL;
+ axiom_element_t *reference_ele = NULL;
+
+ reference_ele = AXIOM_NODE_GET_DATA_ELEMENT(ref_node, env);
+ if (!reference_ele)
+ {
+ oxs_error(ERROR_LOCATION,
+ OXS_ERROR_ELEMENT_FAILED, "Error retrieving data reference element");
+ return NULL;
+ }
+
+ ref = AXIOM_ELEMENT_GET_ATTRIBUTE_VALUE_BY_NAME(reference_ele, env, OXS_ATTR_URI);
+ return ref;
+
+}
+
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c Mon Dec 4 21:44:21 2006
@@ -25,6 +25,7 @@
int serial_number;
axis2_char_t *subject;
axis2_char_t *issuer;
+ axis2_char_t *key_identifier;
axis2_char_t *fingerprint;
axis2_char_t *date;
axis2_char_t *hash;
@@ -51,6 +52,7 @@
x509_cert->serial_number = 0;
x509_cert->subject =NULL;
x509_cert->issuer =NULL;
+ x509_cert->key_identifier =NULL;
x509_cert->fingerprint =NULL;
x509_cert->date =NULL;
x509_cert->hash =NULL;
@@ -72,6 +74,10 @@
AXIS2_FREE(env->allocator, x509_cert->issuer );
x509_cert->issuer =NULL;
}
+ if(x509_cert->key_identifier ){
+ AXIS2_FREE(env->allocator, x509_cert->key_identifier );
+ x509_cert->key_identifier =NULL;
+ }
if(x509_cert->fingerprint ){
AXIS2_FREE(env->allocator, x509_cert->fingerprint );
x509_cert->fingerprint =NULL;
@@ -111,6 +117,12 @@
return x509_cert->issuer;
}
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+oxs_x509_cert_get_key_identifier(oxs_x509_cert_t *x509_cert,
+ const axis2_env_t *env)
+{
+ return x509_cert->key_identifier;
+}
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
oxs_x509_cert_get_fingerprint(oxs_x509_cert_t *x509_cert,
const axis2_env_t *env)
{
@@ -176,6 +188,19 @@
x509_cert->issuer = NULL;
}
x509_cert->issuer = (axis2_char_t *)AXIS2_STRDUP(value, env);
+ return AXIS2_SUCCESS;
+}
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_x509_cert_set_key_identifier(oxs_x509_cert_t *x509_cert,
+ const axis2_env_t *env,
+ axis2_char_t *value)
+{
+ if(x509_cert->key_identifier)
+ {
+ AXIS2_FREE(env->allocator, x509_cert->key_identifier);
+ x509_cert->key_identifier = NULL;
+ }
+ x509_cert->key_identifier = (axis2_char_t *)AXIS2_STRDUP(value, env);
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_encryption.c Mon Dec 4 21:44:21 2006
@@ -17,6 +17,7 @@
#include <axis2_qname.h>
#include <axiom_namespace.h>
#include <axiom_node.h>
+#include <axiom_util.h>
#include <axiom_element.h>
#include <axis2_util.h>
#include <oxs_token_encrypted_data.h>
@@ -27,8 +28,12 @@
#include <oxs_token_reference_list.h>
#include <oxs_token_key_info.h>
#include <oxs_token_key_identifier.h>
+#include <oxs_token_x509_data.h>
#include <oxs_token_x509_issuer_serial.h>
#include <oxs_token_security_token_reference.h>
+#include <oxs_token_embedded.h>
+#include <oxs_token_reference.h>
+#include <oxs_token_binary_security_token.h>
#include <oxs_constants.h>
#include <oxs_axiom.h>
#include <oxs_ctx.h>
@@ -36,22 +41,182 @@
#include <oxs_buffer.h>
#include <oxs_cipher.h>
#include <oxs_iv.h>
+#include <oxs_utility.h>
#include <oxs_encryption.h>
#include <oxs_xml_encryption.h>
/*private functions*/
+
+static axis2_status_t
+oxs_xml_enc_process_key_info(const axis2_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *key_info_node,
+ axiom_node_t *parent_node)
+{
+ axiom_node_t *st_ref_node = NULL;
+ axiom_node_t *cur_node = NULL;
+ axis2_char_t *node_name = NULL;
+
+ st_ref_node = oxs_axiom_get_first_child_node_by_name(env, key_info_node, OXS_NODE_SECURITY_TOKEN_REFRENCE, NULL, NULL);
+ if(!st_ref_node){
+ return AXIS2_FAILURE;
+ }
+/*
+ WSS-Core specification suggests
+ 1. Resolve any <wsse:Reference> elements (specified within
+ <wsse:SecurityTokenReference>).
+ 2. Resolve any <wsse:KeyIdentifier> elements (specified within
+ <wsse:SecurityTokenReference>).
+ 3. Resolve any <ds:KeyName> elements. NOT PERMITTED by WS-i
+ 4. Resolve any other <ds:KeyInfo> elements. NOT PERMITTED by WS-i
+*/
+
+ /*
+ * Implementation of these are not important for Encryption.
+ * Might've to relocate to another file as this processing is essential in Signature
+ */
+ cur_node = AXIOM_NODE_GET_FIRST_CHILD(st_ref_node, env);
+ node_name = axiom_util_get_localname(cur_node, env);
+ if(0 == AXIS2_STRCMP(OXS_NODE_REFERENCE, node_name)){
+
+ }else if(0 == AXIS2_STRCMP(OXS_NODE_KEY_IDENTIFIER, node_name)){
+
+ }else if(0 == AXIS2_STRCMP(OXS_NODE_X509_DATA, node_name)){
+
+ }else if(0 == AXIS2_STRCMP(OXS_NODE_EMBEDDED, node_name)){
+
+ }else{
+ /*Unsupported*/
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+/**
+*
+* <BinarySecurityToken ID="CertID">KJDSsdlDJjsd</BinarySecurityToken>
+* <KeyInfo>
+* <SecurityTokenReference>
+* <Reference URI="CertID"/>
+* </SecurityTokenReference>
+* </KeyInfo>
+*/
+static axis2_status_t
+oxs_xml_enc_populate_stref_with_bst(const axis2_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *stref_node,
+ axiom_node_t *parent)
+{
+ axiom_node_t *ref_node = NULL;
+ axiom_node_t *bst_node = NULL;
+ axis2_char_t *bst_data = NULL;
+ axis2_char_t *id = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+ bst_data = oxs_x509_cert_get_data(cert, env);
+
+ if(!bst_data){
+ return AXIS2_FAILURE;
+ }
+ /*Generate an ID for BST*/
+ id = oxs_util_generate_id(env,(axis2_char_t*)OXS_CERT_ID);
+
+ /*Build BinarySecurityToken as a child of parent(wsse:Security)*/
+ bst_node = oxs_token_build_binary_security_token_element(env, parent, id, OXS_VALUE_X509V3, OXS_ENCODING_BASE64BINARY, bst_data);
+
+ /*Build a Reference to above BST*/
+ ref_node = oxs_token_build_reference_element(env, stref_node, id, OXS_VALUE_X509V3);
+
+ return AXIS2_SUCCESS;
+}
+/**
+* <KeyInfo>
+* <SecurityTokenReference>
+* <KeyIdentifier>WEqswOIUsd</KeyIdentifier>
+* </SecurityTokenReference>
+* </KeyInfo>
+*
+*/
+static axis2_status_t
+oxs_xml_enc_populate_stref_with_key_identifier(const axis2_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *stref_node)
+{
+ axiom_node_t *key_identifier_node = NULL;
+ axis2_char_t *key_identifier = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+ key_identifier = oxs_x509_cert_get_key_identifier(cert, env);
+ if(!key_identifier){
+ return AXIS2_FAILURE;
+ }
+
+ /*Build KeyIdentifier node*/
+ key_identifier_node = oxs_token_build_key_identifier_element(
+ env, stref_node, OXS_ENCODING_BASE64BINARY,
+ OXS_X509_SUBJ_KI, key_identifier);
+
+ return AXIS2_SUCCESS;
+}
+/**
+* <KeyInfo>
+* <SecurityTokenReference>
+* <Embedded>
+* <BinarySecurityToken>UYISDjsdaousdWEqswOIUsd</BinarySecurityToken>
+* </Embedded>
+* </SecurityTokenReference>
+* </KeyInfo>
+*/
+static axis2_status_t
+oxs_xml_enc_populate_stref_with_embedded(const axis2_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *stref_node)
+{
+ axiom_node_t *embedded_node = NULL;
+ axiom_node_t *bst_node = NULL;
+ axis2_char_t *bst_data = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+ bst_data = oxs_x509_cert_get_data(cert, env);
+
+ if(!bst_data){
+ return AXIS2_FAILURE;
+ }
+ /*Build embedded token*/
+ embedded_node = oxs_token_build_embedded_element(env, stref_node, NULL);
+ /*Build BinarySecurityToken*/
+ bst_node = oxs_token_build_binary_security_token_element(env, embedded_node, NULL, OXS_VALUE_X509V3, OXS_ENCODING_BASE64BINARY, bst_data);
+
+ return AXIS2_SUCCESS;
+}
+
+/**
+* <KeyInfo>
+* <SecurityTokenReference>
+* <x509Data>
+* <X509IssuerSerial>
+* <X509IssuerName>C=US, O=VeriSign, Inc.,</X509IssuerName>
+* <X509SerialNumber>93243297328</X509SerialNumber>
+* </X509IssuerSerial>
+* </x509Data>
+* </SecurityTokenReference>
+* </KeyInfo>
+*/
static axis2_status_t
oxs_xml_enc_populate_stref_with_issuer_serial(const axis2_env_t *env,
oxs_asym_ctx_t *asym_ctx,
axiom_node_t *stref_node)
{
+ axiom_node_t *x509_data_node = NULL;
axiom_node_t *issuer_serial_node = NULL;
oxs_x509_cert_t *cert = NULL;
axis2_char_t *issuer_name = NULL;
axis2_char_t serial_number[255];
int serial = -1;
- /*Get binary securty token data to be set to the KeyIdentifierNode*/
cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
issuer_name = oxs_x509_cert_get_issuer(cert, env);
@@ -61,8 +226,9 @@
}
sprintf(serial_number, "%d", serial);
-
- issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(env, stref_node, issuer_name, serial_number);
+ /*Build x509Data*/
+ x509_data_node = oxs_token_build_x509_data_element(env, stref_node);
+ issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(env, x509_data_node, issuer_name, serial_number);
return AXIS2_SUCCESS;
}
@@ -212,6 +378,7 @@
return oxs_encryption_symmetric_crypt(env, enc_ctx, input_buf, result_buf);
}
+/*For SOAP this parent is the wsse:Security node*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_encrypt_key(const axis2_env_t *env,
oxs_asym_ctx_t * asym_ctx,
@@ -221,6 +388,7 @@
{
axis2_char_t *algorithm = NULL;
axis2_char_t *encrypted_key_data = NULL;
+ axis2_char_t *st_ref_pattern = NULL;
oxs_buffer_t *input = NULL;
oxs_buffer_t *result = NULL;
axiom_node_t *encrypted_key_node = NULL;
@@ -240,7 +408,11 @@
/*Call encryption*/
status = oxs_encryption_asymmetric_crypt(env, asym_ctx, input, result);
-
+ if(AXIS2_FAILURE == status){
+ oxs_error(ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Assymmetric key encryption failed");
+ return AXIS2_FAILURE;
+ }
/*Get the encrypted key*/
encrypted_key_data = (axis2_char_t *)OXS_BUFFER_GET_DATA(result, env);
@@ -251,10 +423,22 @@
key_info_node = oxs_token_build_key_info_element(env, encrypted_key_node);
stref_node = oxs_token_build_security_token_reference_element(env, key_info_node);
- status = oxs_xml_enc_populate_stref_with_issuer_serial(env, asym_ctx, stref_node);
- if(AXIS2_SUCCESS!=status){
- return AXIS2_FAILURE;
+ /*Get the ST REF pattern. If not set the default*/
+ st_ref_pattern = oxs_asym_ctx_get_st_ref_pattern(asym_ctx, env);
+ if((!st_ref_pattern) || (0 == AXIS2_STRCMP(st_ref_pattern, ""))){
+ st_ref_pattern = OXS_STR_DEFAULT;
+ }
+
+ if(0 == AXIS2_STRCMP(st_ref_pattern, OXS_STR_ISSUER_SERIAL)){
+ status = oxs_xml_enc_populate_stref_with_issuer_serial(env, asym_ctx, stref_node);
+ }else if(0 == AXIS2_STRCMP(st_ref_pattern, OXS_STR_EMBEDDED)){
+ status = oxs_xml_enc_populate_stref_with_embedded(env, asym_ctx, stref_node);
+ }else if(0 == AXIS2_STRCMP(st_ref_pattern, OXS_STR_DIRECT_REFERENCE)){
+ status = oxs_xml_enc_populate_stref_with_bst(env, asym_ctx, stref_node, parent);
+ }else if(0 == AXIS2_STRCMP(st_ref_pattern, OXS_STR_KEY_IDENTIFIER)){
+ status = oxs_xml_enc_populate_stref_with_key_identifier(env, asym_ctx, stref_node);
}
+
cd_node = oxs_token_build_cipher_data_element(env, encrypted_key_node);
cv_node = oxs_token_build_cipher_value_element(env, cd_node, encrypted_key_data);
@@ -269,10 +453,12 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_decrypt_key(const axis2_env_t *env,
oxs_asym_ctx_t * asym_ctx,
+ axiom_node_t *parent,
axiom_node_t *encrypted_key_node,
oxs_key_t *key)
{
axiom_node_t *enc_mtd_node = NULL;
+ axiom_node_t *key_info_node = NULL;
axiom_node_t *cd_node = NULL;
axis2_char_t *enc_mtd_algo = NULL;
axis2_char_t *cipher_val = NULL;
@@ -289,11 +475,13 @@
cipher_val = oxs_token_get_cipher_value_from_cipher_data(env, cd_node);
/*Get key used to encrypt*/
+ key_info_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_KEY_INFO, NULL, NULL);
+ status = oxs_xml_enc_process_key_info(env, asym_ctx, key_info_node, parent);
/*Right now we support KeyInfo -> SecurityTokenReference -> Reference
KeyInfo -> SecurityTokenReference -> X509IssuerSerial */
-
+
+
/*Get the pkey used to decrypt the session key. If found set it to the asym_ctx*/
- /*TODO This can be achieved well thru a Keys Mgr*/
/*Create the input buffer*/
input_buf = oxs_buffer_create(env);
OXS_BUFFER_POPULATE(input_buf, env, (unsigned char*)cipher_val, AXIS2_STRLEN(cipher_val));
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c Mon Dec 4 21:44:21 2006
@@ -43,12 +43,45 @@
* If body is specified in the encryption parts encrypt the immediate child of <body>
**/
-static axis2_status_t
+/*Private function implementations*/
+
+static axis2_status_t
rampart_enc_get_nodes_to_encrypt(const axis2_env_t *env,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
- axis2_array_list_t *nodes_to_encrypt
-);
+ axis2_array_list_t *nodes_to_encrypt)
+{
+ axis2_array_list_t *str_list = NULL;
+ axis2_char_t *encryption_parts = NULL;
+ int size, i = 0;
+
+ /*Get encryption parts*/
+ encryption_parts = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ENCRYPTION_PARTS(actions, env), env);
+ /*If no encryption parts are specified use body as default...
+ * Well...hmmm.. the child of the body infact*/
+ if((!encryption_parts) || (0 == AXIS2_STRCMP(encryption_parts, " "))){
+ axiom_soap_body_t *body = NULL;
+ axiom_node_t *body_node = NULL;
+ axiom_node_t *body_child_node = NULL;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No encryption parts specified. Using the body as default");
+ body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env);
+ body_node = AXIOM_SOAP_BODY_GET_BASE_NODE(body, env);
+ body_child_node = AXIOM_NODE_GET_FIRST_CHILD(body_node, env);
+ AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt, env, body_child_node);
+ return AXIS2_SUCCESS;
+ }
+
+ /*Tokenize*/
+ str_list = axis2_tokenize(env, encryption_parts, ' ');
+ size = AXIS2_ARRAY_LIST_SIZE(str_list, env);
+ /*Find the node and add to the list*/
+ for(i=0 ; i < size ; i++ ){
+ /*TODO*/
+ }
+ return AXIS2_SUCCESS;
+}
+
@@ -65,6 +98,7 @@
axis2_status_t status = AXIS2_FAILURE;
axis2_char_t *enc_sym_algo = NULL;
axis2_char_t *enc_asym_algo = NULL;
+ axis2_char_t *eki = NULL;
axis2_char_t *certificate_file = NULL;
axis2_char_t *password = NULL;
oxs_key_t *session_key = NULL;
@@ -77,10 +111,17 @@
/*Get the symmetric encryption algorithm*/
enc_sym_algo = RAMPART_ACTIONS_GET_ENC_SYM_ALGO(actions, env);
-
+ /*If not specified set the default*/
+ if(!enc_sym_algo || (0 == AXIS2_STRCMP(enc_sym_algo, ""))){
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No symmetric algorithm is specified for encryption. Using the default");
+ enc_sym_algo = OXS_DEFAULT_SYM_ALGO;
+ }
/*Generate the session key*/
session_key = oxs_key_create(env);
status = OXS_KEY_FOR_ALGO(session_key, env, enc_sym_algo);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
/*Create a list to store EncDataIds. This will be used in building the ReferenceList*/
id_list = axis2_array_list_create(env, 5);
@@ -118,16 +159,22 @@
certificate_file = RAMPART_ACTIONS_GET_ENC_KEY_FILE(actions, env);
/*Get the password to retrieve the key from key store*/
password = RAMPART_ACTIONS_GET_ENC_USER(actions, env);
+ /*Get encryption key identifier*/
+ eki = RAMPART_ACTIONS_GET_ENC_KEY_IDENTIFIER(actions, env);
/*Create asymmetric encryption context*/
asym_ctx = oxs_asym_ctx_create(env);
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_file_name(asym_ctx, env, certificate_file);
oxs_asym_ctx_set_password(asym_ctx, env, password);
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
+ oxs_asym_ctx_set_st_ref_pattern(asym_ctx, env, eki);
/*TODO This should be taken from the configurations*/
oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PEM);
/*Encrypt the session key*/
- oxs_xml_enc_encrypt_key(env, asym_ctx, sec_node,session_key, id_list);
+ status = oxs_xml_enc_encrypt_key(env, asym_ctx, sec_node,session_key, id_list);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
return AXIS2_SUCCESS;
@@ -145,41 +192,4 @@
return AXIS2_SUCCESS;
}
-/*Private function implementations*/
-static axis2_status_t
-rampart_enc_get_nodes_to_encrypt(const axis2_env_t *env,
- rampart_actions_t *actions,
- axiom_soap_envelope_t *soap_envelope,
- axis2_array_list_t *nodes_to_encrypt)
-{
- axis2_array_list_t *str_list = NULL;
- axis2_char_t *encryption_parts = NULL;
- int size, i = 0;
-
- /*Get encryption parts*/
- encryption_parts = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ENCRYPTION_PARTS(actions, env), env);
- /*If no encryption parts are specified use body as default...
- * Well...hmmm.. the child of the body infact*/
- if((!encryption_parts) || (0 == AXIS2_STRCMP(encryption_parts, " "))){
- axiom_soap_body_t *body = NULL;
- axiom_node_t *body_node = NULL;
- axiom_node_t *body_child_node = NULL;
-
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No encryption parts specified. Using the body as default");
- body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env);
- body_node = AXIOM_SOAP_BODY_GET_BASE_NODE(body, env);
- body_child_node = AXIOM_NODE_GET_FIRST_CHILD(body_node, env);
- AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt, env, body_child_node);
- return AXIS2_SUCCESS;
- }
-
- /*Tokenize*/
- str_list = axis2_tokenize(env, encryption_parts, ' ');
- size = AXIS2_ARRAY_LIST_SIZE(str_list, env);
- /*Find the node and add to the list*/
- for(i=0 ; i < size ; i++ ){
- /*TODO*/
- }
- return AXIS2_SUCCESS;
-}
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Mon Dec 4 21:44:21 2006
@@ -15,7 +15,6 @@
*/
#include <stdio.h>
-#include <axis2_utils.h>
#include <rampart_encryption.h>
#include <rampart_action.h>
#include <rampart_constants.h>
@@ -35,6 +34,7 @@
#include <oxs_token_key_name.h>
#include <oxs_key.h>
#include <oxs_token_reference_list.h>
+#include <axis2_utils.h>
#include <axis2_array_list.h>
#include <oxs_axiom.h>
#include <oxs_asym_ctx.h>
@@ -109,6 +109,7 @@
axis2_msg_ctx_t *msg_ctx,
rampart_actions_t *actions,
axiom_soap_envelope_t *soap_envelope,
+ axiom_node_t *sec_node,
axiom_node_t *encrypted_key_node,
axis2_array_list_t *sub_codes)
{
@@ -151,8 +152,11 @@
decrypted_sym_key = oxs_key_create(env);
/*Call decrypt for the EncryptedKey*/
- status = oxs_xml_enc_decrypt_key(env, asym_ctx, encrypted_key_node, decrypted_sym_key);
-
+ status = oxs_xml_enc_decrypt_key(env, asym_ctx, sec_node, encrypted_key_node, decrypted_sym_key);
+ if(AXIS2_FAILURE == status){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] Cannot decrypt the EncryptedKey");
+ return AXIS2_FAILURE;
+ }
/*Alright now we have the key used to encrypt the elements in the reference_list*/
/*Go thru each and every node in the list and decrypt them*/
for(i=0 ; i < AXIS2_ARRAY_LIST_SIZE(reference_list, env); i++ ){
@@ -182,6 +186,9 @@
OXS_CTX_SET_KEY(ctx, env, decrypted_sym_key);
status = oxs_xml_enc_decrypt_node(env, ctx, enc_data_node, &decrypted_node);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
AXIS2_LOG_INFO(env->log, "[rampart][shp] Node ID=%s decrypted successfuly", id);
}
@@ -299,11 +306,15 @@
}else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_KEY)){
/*Process EncryptedKey*/
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
- status = rampart_shp_process_encrypted_key(env,msg_ctx, actions, soap_envelope, cur_node, sub_codes);
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, actions, soap_envelope, sec_node, cur_node, sub_codes);
}else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_DATA)){
/*Process Encrypteddata*/
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedData");
/*TODO We need to support this scenario as well*/
+
+ }else if(0 == AXIS2_STRCMP(cur_node_name , OXS_NODE_BINARY_SECURITY_TOKEN)){
+ /*Process BinarySecurityToken*/
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process BinarySecurityToken");
}else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_REFERENCE_LIST)){
/*List is placed Out side of the EncryptedKey*/
Modified: webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c?view=diff&rev=482508&r1=482507&r2=482508
==============================================================================
--- webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c (original)
+++ webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c Mon Dec 4 21:44:21 2006
@@ -119,7 +119,7 @@
axis2_char_t *id = NULL;
FILE *outf;
- env = test_init();
+ env = axis2_env_create_all("echo.log", AXIS2_LOG_LEVEL_TRACE);
printf("--Testing started--------------------------------------------\n");
if (argc > 1)
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org