You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/10/22 08:13:20 UTC
svn commit: r587005 - in /webservices/rampart/trunk/c/src/util:
rampart_encryption.c rampart_sec_header_builder.c
Author: kaushalye
Date: Sun Oct 21 23:13:20 2007
New Revision: 587005
URL: http://svn.apache.org/viewvc?rev=587005&view=rev
Log:
Symmetric key signing
Modified:
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=587005&r1=587004&r2=587005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Sun Oct 21 23:13:20 2007
@@ -223,6 +223,7 @@
axis2_char_t *enc_sym_algo = NULL;
axis2_char_t *asym_key_id = NULL;
axiom_node_t *encrypted_key_node = NULL;
+ axis2_bool_t use_derived_keys = AXIS2_TRUE;
int i = 0;
int j = 0;
@@ -269,9 +270,12 @@
id_list = axutil_array_list_create(env, 5);
dk_list = axutil_array_list_create(env, 5);
/* For each and every encryption part.
- 1. Derive a new key
+ 1. Derive a new key if key derivation is enabled. Or else use the same session key
2. Encrypt using that key
*/
+
+ /*TODO: We need to take the decision whether to use derived keys or not*/
+ /*use_derived_keys = rampart_context_check_is_derived_keys (env, token??);*/
/*Repeat until all encryption parts are encrypted*/
for(i=0 ; i < axutil_array_list_size(nodes_to_encrypt, env); i++)
@@ -287,19 +291,27 @@
node_to_enc = (axiom_node_t *)axutil_array_list_get
(nodes_to_encrypt, env, i);
- /*Derive a new key*/
- derived_key = oxs_key_create(env);
- status = oxs_derivation_derive_key(env, session_key, NULL, NULL, derived_key);
-
/*Create the encryption context for OMXMLSEC*/
enc_ctx = oxs_ctx_create(env);
- /*Set the derived key for the encryption*/
- oxs_ctx_set_key(enc_ctx, env, derived_key);
-
- /*Set the ref key name to build KeyInfo element. Here the key name is the derived key id*/
- oxs_ctx_set_ref_key_name(enc_ctx, env, oxs_key_get_name(derived_key, env));
-
+ if(AXIS2_TRUE == use_derived_keys){
+ /*Derive a new key*/
+ derived_key = oxs_key_create(env);
+ status = oxs_derivation_derive_key(env, session_key, NULL, NULL, derived_key);
+
+ /*Set the derived key for the encryption*/
+ oxs_ctx_set_key(enc_ctx, env, derived_key);
+
+ /*Set the ref key name to build KeyInfo element. Here the key name is the derived key id*/
+ oxs_ctx_set_ref_key_name(enc_ctx, env, oxs_key_get_name(derived_key, env));
+
+ /*Add derived key to the list. We will create tokens*/
+ axutil_array_list_add(dk_list, env, derived_key);
+ }else{
+ /*No key derivation. We use the same session key*/
+ oxs_ctx_set_key(enc_ctx, env, session_key);
+ oxs_ctx_set_ref_key_name(enc_ctx, env, oxs_key_get_name(session_key, env));
+ }
/*Set the algorithm*/
oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, enc_sym_algo);
@@ -316,8 +328,6 @@
/*Add Ids to the list. We will create reference list*/
axutil_array_list_add(id_list, env, enc_data_id);
- /*Add derived key to the list. We will create tokens*/
- axutil_array_list_add(dk_list, env, derived_key);
if(AXIS2_FAILURE == status)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=587005&r1=587004&r2=587005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Sun Oct 21 23:13:20 2007
@@ -95,7 +95,25 @@
{
is_encrypt_before_sign = AXIS2_TRUE;
/*TODO encrypt before sign. Complicated stuff...*/
-
+ /**
+ * 1. encrypt parts to be encrypted
+ * 2. sign parts to be signed
+ * 3. encrypt signature if required
+ */
+ status = rampart_enc_dk_encrypt_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+ if (status == AXIS2_FAILURE)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Sym binding, Encryption failed in Symmetric binding. ERROR");
+ return AXIS2_FAILURE;
+ }
+ status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+ if(status != AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][shb] Signing failed. ERROR");
+ return AXIS2_FAILURE;
+ }
+
}else{ /*Sign before encrypt*/
is_encrypt_before_sign = AXIS2_FALSE;