svn commit: r587005 - in /webservices/rampart/trunk/c/src/util: rampart_encryption.c rampart_sec_header_builder.c

[ka...@apache.org]

Author: kaushalye
Date: Sun Oct 21 23:13:20 2007
New Revision: 587005

URL: http://svn.apache.org/viewvc?rev=587005&view=rev
Log:
Symmetric key signing

Modified:
    webservices/rampart/trunk/c/src/util/rampart_encryption.c
    webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c

Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=587005&r1=587004&r2=587005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Sun Oct 21 23:13:20 2007
@@ -223,6 +223,7 @@
     axis2_char_t *enc_sym_algo = NULL;
     axis2_char_t *asym_key_id = NULL;
     axiom_node_t *encrypted_key_node = NULL;
+    axis2_bool_t use_derived_keys = AXIS2_TRUE;
     int i = 0;
     int j = 0;
 
@@ -269,9 +270,12 @@
     id_list = axutil_array_list_create(env, 5);
     dk_list = axutil_array_list_create(env, 5);
     /* For each and every encryption part.
-        1. Derive a new key
+        1. Derive a new key if key derivation is enabled. Or else use the same session key
         2. Encrypt using that key       
      */
+   
+    /*TODO: We need to take the decision whether to use derived keys or not*/
+    /*use_derived_keys = rampart_context_check_is_derived_keys (env, token??);*/
 
     /*Repeat until all encryption parts are encrypted*/
     for(i=0 ; i < axutil_array_list_size(nodes_to_encrypt, env); i++)
@@ -287,19 +291,27 @@
         node_to_enc = (axiom_node_t *)axutil_array_list_get
                       (nodes_to_encrypt, env, i);
     
-        /*Derive a new key*/
-        derived_key = oxs_key_create(env);
-        status = oxs_derivation_derive_key(env, session_key, NULL, NULL, derived_key); 
-
         /*Create the encryption context for OMXMLSEC*/
         enc_ctx = oxs_ctx_create(env);
 
-        /*Set the derived key for the encryption*/
-        oxs_ctx_set_key(enc_ctx, env, derived_key);
-
-        /*Set the ref key name to build KeyInfo element. Here the key name is the derived key id*/
-        oxs_ctx_set_ref_key_name(enc_ctx, env, oxs_key_get_name(derived_key, env));
-
+        if(AXIS2_TRUE == use_derived_keys){
+            /*Derive a new key*/
+            derived_key = oxs_key_create(env);
+            status = oxs_derivation_derive_key(env, session_key, NULL, NULL, derived_key); 
+
+            /*Set the derived key for the encryption*/
+            oxs_ctx_set_key(enc_ctx, env, derived_key);
+
+            /*Set the ref key name to build KeyInfo element. Here the key name is the derived key id*/
+            oxs_ctx_set_ref_key_name(enc_ctx, env, oxs_key_get_name(derived_key, env));
+            
+            /*Add derived key to the list. We will create tokens*/
+            axutil_array_list_add(dk_list, env, derived_key);
+        }else{
+            /*No key derivation. We use the same session key*/
+            oxs_ctx_set_key(enc_ctx, env, session_key);
+            oxs_ctx_set_ref_key_name(enc_ctx, env, oxs_key_get_name(session_key, env));
+        }
         /*Set the algorithm*/
         oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, enc_sym_algo);  
 
@@ -316,8 +328,6 @@
             /*Add Ids to the list. We will create reference list*/
             axutil_array_list_add(id_list, env, enc_data_id);
 
-            /*Add derived key to the list. We will create tokens*/
-            axutil_array_list_add(dk_list, env, derived_key);
             if(AXIS2_FAILURE == status)
             {
                 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,

Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=587005&r1=587004&r2=587005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Sun Oct 21 23:13:20 2007
@@ -95,7 +95,25 @@
     {
         is_encrypt_before_sign = AXIS2_TRUE;
         /*TODO encrypt before sign. Complicated stuff...*/
-
+        /**
+         * 1. encrypt parts to be encrypted
+         * 2. sign parts to be signed
+         * 3. encrypt signature if required
+         */
+        status = rampart_enc_dk_encrypt_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+        if (status == AXIS2_FAILURE)
+        {
+            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Sym binding, Encryption failed in Symmetric binding. ERROR");
+            return AXIS2_FAILURE;
+        }
+        status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
+        if(status != AXIS2_SUCCESS)
+        {
+                AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+                                "[rampart][shb] Signing failed. ERROR");
+                return AXIS2_FAILURE;
+        }
+         
     }else{ /*Sign before encrypt*/
         is_encrypt_before_sign = AXIS2_FALSE;