You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/04/06 07:27:13 UTC
svn commit: r526061 - in /webservices/rampart/trunk/c: ./ include/ src/util/
Author: kaushalye
Date: Thu Apr 5 22:27:12 2007
New Revision: 526061
URL: http://svn.apache.org/viewvc?view=rev&rev=526061
Log:
Adding rampart replay detector interface
Added:
webservices/rampart/trunk/c/include/rampart_replay_detector.h
webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
Modified:
webservices/rampart/trunk/c/configure.ac
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/src/util/Makefile.am
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
Modified: webservices/rampart/trunk/c/configure.ac
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/configure.ac?view=diff&rev=526061&r1=526060&r2=526061
==============================================================================
--- webservices/rampart/trunk/c/configure.ac (original)
+++ webservices/rampart/trunk/c/configure.ac Thu Apr 5 22:27:12 2007
@@ -47,7 +47,7 @@
CFLAGS="$CFLAGS -D_LARGEFILE64_SOURCE"
if test "$GCC" = "yes"; then
- CFLAGS="$CFLAGS -ansi -Wall -Wno-implicit-function-declaration"
+ CFLAGS="$CFLAGS -ansi -Wall -Werror -Wno-implicit-function-declaration"
#CFLAGS="$CFLAGS -ansi -Wall -Wno-implicit-function-declaration"
fi
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?view=diff&rev=526061&r1=526060&r2=526061
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Thu Apr 5 22:27:12 2007
@@ -113,7 +113,7 @@
#define RAMPART_STR_EXTERNAL_URI OXS_STR_EXTERNAL_URI
#define RAMPART_STR_ENCRYPTED_KEY OXS_STR_ENCRYPTED_KEY
-#define AXIS2_PEM 10
+#define RAMPART_RD_DB_PROP "Rampart_RD_DB_Prop"
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?view=diff&rev=526061&r1=526060&r2=526061
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Thu Apr 5 22:27:12 2007
@@ -31,7 +31,7 @@
#include <rampart_callback.h>
#include <rampart_authn_provider.h>
#include <axis2_key_type.h>
-
+#include <axis2_msg_ctx.h>
#ifdef __cplusplus
extern "C"
{
@@ -42,6 +42,10 @@
const axis2_char_t *username,
void *ctx);
+ typedef axis2_status_t (AXIS2_CALL*
+ rampart_is_replayed_fn)(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx);
+
typedef rampart_authn_provider_status_t (AXIS2_CALL*
auth_password_func)(const axutil_env_t* env,
const axis2_char_t *username,
@@ -155,6 +159,11 @@
const axutil_env_t *env,
password_callback_fn pwcb_function,
void *ctx);
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_context_set_replay_detect_function(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ rampart_is_replayed_fn is_replayed_function);
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_context_set_password_type(rampart_context_t *rampart_context,
Added: webservices/rampart/trunk/c/include/rampart_replay_detector.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_replay_detector.h?view=auto&rev=526061
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_replay_detector.h (added)
+++ webservices/rampart/trunk/c/include/rampart_replay_detector.h Thu Apr 5 22:27:12 2007
@@ -0,0 +1,100 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#ifndef RAMPART_REPLAY_DETECTOR_H
+#define RAMPART_REPLAY_DETECTOR_H
+
+/**
+ * @file rampart_replay_detector.h
+ * @brief The replay_detector module for rampart
+ */
+#include <axis2_defines.h>
+#include <axutil_env.h>
+#include <axis2_msg_ctx.h>
+#include <axis2_conf_ctx.h>
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+ /**
+ * Struct to for replay_detectors
+ * @defgroup rampart_replay_detector rampart replay_detector
+ * @ingroup rampart_util
+ * @{
+ */
+
+ /**
+ * Type name for struct rampart_replay_detector_ops
+ */
+ typedef struct rampart_replay_detector_ops rampart_replay_detector_ops_t;
+
+ /**
+ * Type name for struct rampart_replay_detector
+ */
+
+ typedef struct rampart_replay_detector rampart_replay_detector_t;
+
+ /**
+ * Only operation get_password is to get the password
+ * User should provide a function pointer to this
+ */
+ struct rampart_replay_detector_ops
+ {
+ axis2_status_t (AXIS2_CALL*
+ load)(rampart_replay_detector_t *replay_detector,
+ const axutil_env_t *env);
+
+ axis2_status_t (AXIS2_CALL*
+ is_replayed)(rampart_replay_detector_t *rrd,
+ const axutil_env_t* env,
+ axis2_msg_ctx_t *msg_ctx);
+
+ axis2_status_t (AXIS2_CALL*
+ free)(rampart_replay_detector_t *rrd,
+ const axutil_env_t* env);
+
+ };
+
+ struct rampart_replay_detector
+ {
+ rampart_replay_detector_ops_t *ops;
+ };
+
+ /*The default impl for RRD*/
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ rampart_replay_detector_default(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx);
+
+
+ /*************************** Function macros **********************************/
+#define RAMPART_REPLAY_DETECTOR_LOAD(replay_detector, env) \
+ ((replay_detector)->ops->load(replay_detector, env))
+
+#define RAMPART_REPLAY_DETECTOR_IS_REPLAYED(replay_detector, env, msg_ctx) \
+ ((replay_detector)->ops->replay_detector_is_replayed(replay_detector, env, msg_ctx))
+
+#define RAMPART_REPLAY_DETECTOR_FREE(replay_detector, env) \
+ ((replay_detector)->ops->free(replay_detector, env))
+
+ /** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RAMPART_REPLAY_DETECTOR_H */
+
Modified: webservices/rampart/trunk/c/src/util/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/Makefile.am?view=diff&rev=526061&r1=526060&r2=526061
==============================================================================
--- webservices/rampart/trunk/c/src/util/Makefile.am (original)
+++ webservices/rampart/trunk/c/src/util/Makefile.am Thu Apr 5 22:27:12 2007
@@ -6,7 +6,7 @@
rampart_util.c rampart_handler_util.c username_token.c timestamp_token.c \
rampart_encryption.c rampart_sec_header_processor.c rampart_sec_processed_result.c \
rampart_sec_header_builder.c rampart_context.c rampart_engine.c rampart_token_processor.c rampart_signature.c \
- rampart_token_builder.c rampart_rd_record.c
+ rampart_token_builder.c rampart_rd_record.c rampart_replay_detector.c
librampart_util_la_LIBADD = -lssl \
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?view=diff&rev=526061&r1=526060&r2=526061
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Thu Apr 5 22:27:12 2007
@@ -33,6 +33,7 @@
axis2_char_t *password;
axis2_char_t *prv_key_password;
password_callback_fn pwcb_function;
+ rampart_is_replayed_fn is_replayed_function;
int ttl;
axis2_char_t *password_type;
@@ -153,6 +154,7 @@
rampart_context->password = NULL;
rampart_context->prv_key_password = NULL;
rampart_context->pwcb_function = NULL;
+ rampart_context->is_replayed_function = NULL;
rampart_context->ttl = 0;
rampart_context->password_type = NULL;
@@ -332,6 +334,18 @@
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_replay_detect_function(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ rampart_is_replayed_fn is_replayed_function)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, is_replayed_function, AXIS2_FAILURE);
+ rampart_context->is_replayed_function = is_replayed_function;
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_context_set_password_type(rampart_context_t *rampart_context,
const axutil_env_t *env,
axis2_char_t *password_type)
@@ -474,6 +488,17 @@
return rampart_context->pwcb_function;
}
+
+AXIS2_EXTERN rampart_is_replayed_fn AXIS2_CALL
+rampart_context_get_is_replayed_function(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, NULL);
+
+ return rampart_context->is_replayed_function;
+}
+
AXIS2_EXTERN void* AXIS2_CALL
rampart_context_get_ctx(
Modified: webservices/rampart/trunk/c/src/util/rampart_engine.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_engine.c?view=diff&rev=526061&r1=526060&r2=526061
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_engine.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_engine.c Thu Apr 5 22:27:12 2007
@@ -235,13 +235,12 @@
AXIS2_LOG_INFO(env->log, "[rampart][engine] axis2 context is NULL ");
return NULL;
}
+ /*Possible Keys : IN_MESSAGE_SECURITY, OUT_MESSAGE_SECURITY*/
property = axis2_ctx_get_property(ctx,env,key);
if(property)
{
return (rampart_context_t *)axutil_property_get_value(property,env);
- }
- else
- {
+ }else{
axis2_char_t *file_name = NULL;
rampart_context_t *rampart_context = NULL;
Added: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?view=auto&rev=526061
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (added)
+++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Thu Apr 5 22:27:12 2007
@@ -0,0 +1,160 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axutil_utils.h>
+#include <rampart_replay_detector.h>
+#include <axutil_property.h>
+#include <rampart_constants.h>
+#include <rampart_sec_processed_result.h>
+/*Private functions*/
+AXIS2_EXTERN axutil_hash_t *AXIS2_CALL
+rampart_replay_detector_get_default_db(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+ axutil_hash_t *hash = NULL;
+ /*Get the conf ctx*/
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI, "[rampart][rrd] Conf context is NULL ");
+ return NULL;
+ }
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][rrd] axis2 context is NULL ");
+ return NULL;
+ }
+ /*Get the DB property*/
+ property = axis2_ctx_get_property(ctx, env, RAMPART_RD_DB_PROP);
+ if(property)
+ {
+ /*Get the DB*/
+ hash = (axutil_hash_t*)axutil_property_get_value(property, env);
+ return hash;
+ }else{
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the property %s from msg_ctx", RAMPART_RD_DB_PROP);
+ return NULL;
+ }
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+rampart_replay_detector_get_ts(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_char_t *ts = NULL;
+ axutil_hash_t *hash = NULL;
+
+ /*Get timestamp from security processed results*/
+ hash = rampart_get_all_security_processed_results(env, msg_ctx);
+
+ ts = axutil_hash_get(hash, RAMPART_SPR_TS_CREATED, AXIS2_HASH_KEY_STRING);
+ return ts;
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_replay_detector_is_replayed(const axutil_env_t *env,
+ const axis2_char_t *msg_id,
+ const axis2_char_t *ts,
+ const axis2_char_t *id,
+ const axis2_char_t *val)
+{
+ /*If both has the same msg-id and the timestamp its a replay*/
+ if((0== axutil_strcmp(msg_id, id)) && (0== axutil_strcmp(ts, val))){
+ return AXIS2_SUCCESS;
+ }else{
+ return AXIS2_FALSE;
+ }
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_replay_detector_is_overdue(const axutil_env_t *env,
+ const axis2_char_t *val,
+ const axis2_char_t *ref)
+{
+ axutil_date_time_comp_result_t res = AXIS2_DATE_TIME_COMP_RES_UNKNOWN;
+ axutil_date_time_t *dt1 = NULL;
+ axutil_date_time_t *dt2 = NULL;
+
+ dt1 = axutil_date_time_create(env);
+ dt2 = axutil_date_time_create(env);
+
+ axutil_date_time_deserialize_time(dt1, env, val);
+ axutil_date_time_deserialize_time(dt2, env, ref);
+ /*If dt1(val) < dt2(ref) then its expired*/
+ res = axutil_date_time_compare(dt2, env, dt1);
+ if(AXIS2_DATE_TIME_COMP_RES_EXPIRED == res){
+ return AXIS2_TRUE;
+ }else{
+ return AXIS2_FALSE;
+ }
+}
+
+/*Public functions*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_replay_detector_default(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axutil_hash_t *hash = NULL;
+ axutil_hash_index_t *hi = NULL;
+ const axis2_char_t *msg_id = NULL;
+ const axis2_char_t *ts = NULL;
+
+ msg_id = axis2_msg_ctx_get_wsa_message_id(msg_ctx, env);
+ ts = rampart_replay_detector_get_ts( env, msg_ctx);
+ /*Get the DB*/
+ hash = rampart_replay_detector_get_default_db(env, msg_ctx);
+ if(!hash){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the default database for replay detection from msg_ctx");
+ return AXIS2_FAILURE;
+ }else{
+ void *id = NULL; /*Temp record id*/
+ void *val = NULL; /*Temp time stamp*/
+
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Number of records =%d", axutil_hash_count(hash));
+
+ /*If matches ERROR*/
+ for (hi = axutil_hash_first(hash, env); hi; hi = axutil_hash_next(env, hi)) {
+ axutil_hash_this(hi, (const void**)&id, NULL, &val);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] (id, val) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)val);
+ /*If replayed, return a FAILRE*/
+ if(AXIS2_TRUE == rampart_replay_detector_is_replayed(env, msg_id, ts, id, val)){
+ return AXIS2_FAILURE;
+ }
+ /*Clean up old records*/
+ if(AXIS2_TRUE == rampart_replay_detector_is_overdue(env , ts, val)){
+ /*Remove the record*/
+ AXIS2_FREE(env->allocator, id);
+ id = NULL;
+ AXIS2_FREE(env->allocator, val);
+ ts = NULL;
+ }
+ }
+ /*If not replayed then we will insert the new record to the DB*/
+ axutil_hash_set(hash, msg_id, AXIS2_HASH_KEY_STRING, ts);
+
+ return AXIS2_SUCCESS;
+ }
+}
+
+
+
+