You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/03/06 10:25:29 UTC
svn commit: r515042 - in /webservices/axis2/trunk/c/rampart:
include/oxs_x509_cert.h include/oxs_xml_key_processor.h
src/omxmlsec/sign_ctx.c src/omxmlsec/signature.c src/omxmlsec/x509_cert.c
src/omxmlsec/xml_key_processor.c test/omxmlsec/test.c
Author: kaushalye
Date: Tue Mar 6 01:25:28 2007
New Revision: 515042
URL: http://svn.apache.org/viewvc?view=rev&rev=515042
Log:
1. Add copy method to X509 certificate
2. Modified Key Process methods to get a certificate from the calling party.
3. Modified test case for XML Signature
Modified:
webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h
webservices/axis2/trunk/c/rampart/include/oxs_xml_key_processor.h
webservices/axis2/trunk/c/rampart/src/omxmlsec/sign_ctx.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_key_processor.c
webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
Modified: webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h?view=diff&rev=515042&r1=515041&r2=515042
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_x509_cert.h Tue Mar 6 01:25:28 2007
@@ -262,6 +262,10 @@
const axis2_env_t *env,
openssl_pkey_t *public_key);
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_x509_cert_copy_to(oxs_x509_cert_t *x509_cert,
+ const axis2_env_t *env,
+ oxs_x509_cert_t *to);
/** @} */
#ifdef __cplusplus
}
Modified: webservices/axis2/trunk/c/rampart/include/oxs_xml_key_processor.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_xml_key_processor.h?view=diff&rev=515042&r1=515041&r2=515042
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_xml_key_processor.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_xml_key_processor.h Tue Mar 6 01:25:28 2007
@@ -36,29 +36,34 @@
{
#endif
/*Process a ds:X509SKI element and populate a certificate */
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509SKI(const axis2_env_t *env,
- axiom_node_t *X509SKI_node);
+ axiom_node_t *X509SKI_node,
+ oxs_x509_cert_t *cert);
/*Process a ds:X509SubjectName element and populate a certificate*/
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509SubjectName(const axis2_env_t *env,
- axiom_node_t *X509_subj_name_node);
+ axiom_node_t *X509_subj_name_node,
+ oxs_x509_cert_t *cert);
/*Process a ds:X509IssuerSerial element and populate a certificate*/
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509IssuerSerial(const axis2_env_t *env,
- axiom_node_t *X509_issuer_serial_node);
+ axiom_node_t *X509_issuer_serial_node,
+ oxs_x509_cert_t *cert);
/*Process data in a ds:X509Certificate and returns a certificate*/
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509Certificate(const axis2_env_t *env,
- axiom_node_t *X509_cert_node);
+ axiom_node_t *X509_cert_node,
+ oxs_x509_cert_t *cert);
/*Higher level function ot process an ds:X509Data element*/
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509Data(const axis2_env_t *env,
- axiom_node_t *X509_data_node);
+ axiom_node_t *X509_data_node,
+ oxs_x509_cert_t *cert);
/** @} */
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/sign_ctx.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/sign_ctx.c?view=diff&rev=515042&r1=515041&r2=515042
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/sign_ctx.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/sign_ctx.c Tue Mar 6 01:25:28 2007
@@ -91,10 +91,13 @@
{
/*If the public key is set then use it. Else get the public key from the certificate.*/
if(sign_ctx->pub_key){
+ AXIS2_LOG_INFO(env->log, "[oxs][sign_ctx] Public key is available directly");
return sign_ctx->pub_key ;
}else if(sign_ctx->certificate){
+ AXIS2_LOG_INFO(env->log, "[oxs][sign_ctx] Public key is not available directly. Extracting the certificate");
return oxs_x509_cert_get_public_key(sign_ctx->certificate, env);
}else{
+ AXIS2_LOG_INFO(env->log, "[oxs][sign_ctx] Public key is available neither in the ctx nor in the certificate");
return NULL;
}
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c?view=diff&rev=515042&r1=515041&r2=515042
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/signature.c Tue Mar 6 01:25:28 2007
@@ -130,10 +130,14 @@
in_buf = oxs_buffer_create(env);
status = OXS_BUFFER_POPULATE(in_buf, env, (unsigned char*)content, axis2_strlen(content));
- /*Get the public key. See.. this method is tricky. It might take the public key from the certificate if
+ /*Get the public key. See.. this method is trickey. It might take the public key from the certificate, only if
* the public key is not available directly*/
pubkey = oxs_sign_ctx_get_public_key(sign_ctx, env);
-
+ if(!pubkey){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot obtain the public key.");
+ return AXIS2_FAILURE;
+ }
+
/*Call OpenSSL function to verify the signature*/
status = openssl_sig_verify(env, pubkey, in_buf, sig_buf);
if(AXIS2_SUCCESS != status){
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c?view=diff&rev=515042&r1=515041&r2=515042
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/x509_cert.c Tue Mar 6 01:25:28 2007
@@ -34,6 +34,8 @@
openssl_pkey_t *public_key;
};
+
+
AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
oxs_x509_cert_create(const axis2_env_t *env)
{
@@ -95,6 +97,24 @@
AXIS2_FREE(env->allocator, x509_cert->data );
x509_cert->data =NULL;
}
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_x509_cert_copy_to(oxs_x509_cert_t *x509_cert,
+ const axis2_env_t *env,
+ oxs_x509_cert_t *to)
+{
+ oxs_x509_cert_set_serial_number(to, env, x509_cert->serial_number);
+ oxs_x509_cert_set_issuer(to, env, x509_cert->issuer);
+ oxs_x509_cert_set_key_identifier(to, env, x509_cert->key_identifier);
+ oxs_x509_cert_set_subject(to, env, x509_cert->subject);
+ oxs_x509_cert_set_fingerprint(to, env, x509_cert->fingerprint);
+ oxs_x509_cert_set_date(to, env, x509_cert->date);
+ oxs_x509_cert_set_hash(to, env, x509_cert->hash);
+ oxs_x509_cert_set_data(to, env, x509_cert->data);
+ oxs_x509_cert_set_public_key(to, env, x509_cert->public_key);
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_key_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_key_processor.c?view=diff&rev=515042&r1=515041&r2=515042
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_key_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_key_processor.c Tue Mar 6 01:25:28 2007
@@ -36,64 +36,65 @@
/*Private functions*/
/*Public functions*/
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509SKI(const axis2_env_t *env,
- axiom_node_t *X509SKI_node)
+ axiom_node_t *X509SKI_node,
+ oxs_x509_cert_t *cert)
{
- oxs_x509_cert_t *cert = NULL;
axis2_char_t *ski = NULL;
axis2_char_t *node_name = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
node_name = axiom_util_get_localname(X509SKI_node, env);
if(0 != axis2_strcmp(node_name, OXS_NODE_X509_SKI)){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_SKI, node_name);
- return NULL;
+ return AXIS2_FAILURE;
}
ski = oxs_axiom_get_node_content(env, X509SKI_node);
- cert = oxs_x509_cert_create(env);
oxs_x509_cert_set_subject(cert, env, ski);
- return cert;
+ return status;
}
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509SubjectName(const axis2_env_t *env,
- axiom_node_t *X509_subj_name_node)
+ axiom_node_t *X509_subj_name_node,
+ oxs_x509_cert_t *cert)
{
- oxs_x509_cert_t *cert = NULL;
axis2_char_t *subj_name = NULL;
axis2_char_t *node_name = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
node_name = axiom_util_get_localname(X509_subj_name_node, env);
if(0 != axis2_strcmp(node_name, OXS_NODE_X509_SUBJECT_NAME)){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_SUBJECT_NAME, node_name);
- return NULL;
+ return AXIS2_FAILURE;
}
subj_name = oxs_axiom_get_node_content(env, X509_subj_name_node);
- cert = oxs_x509_cert_create(env);
oxs_x509_cert_set_subject(cert, env, subj_name);
- return cert;
+ return status;
}
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509IssuerSerial(const axis2_env_t *env,
- axiom_node_t *X509_issuer_serial_node)
+ axiom_node_t *X509_issuer_serial_node,
+ oxs_x509_cert_t *cert)
{
- oxs_x509_cert_t *cert = NULL;
axiom_node_t *issuer_name_node = NULL;
axiom_node_t *serial_num_node = NULL;
axis2_char_t *node_name = NULL;
axis2_char_t *issuer_name = NULL;
axis2_char_t *serial_num_str = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
node_name = axiom_util_get_localname(X509_issuer_serial_node, env);
if(0 != axis2_strcmp(node_name, OXS_NODE_X509_ISSUER_SERIAL)){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_ISSUER_SERIAL, node_name);
- return NULL;
+ return AXIS2_FAILURE;
}
issuer_name_node = AXIOM_NODE_GET_FIRST_CHILD(X509_issuer_serial_node, env);
@@ -107,65 +108,71 @@
}
/*we set the key issuername and the serial number*/
- cert = oxs_x509_cert_create(env);
oxs_x509_cert_set_issuer(cert, env, issuer_name);
oxs_x509_cert_set_serial_number(cert, env, atoi(serial_num_str));
- return cert;
+ return status;
}
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509Certificate(const axis2_env_t *env,
- axiom_node_t *X509_cert_node)
+ axiom_node_t *X509_cert_node,
+ oxs_x509_cert_t *cert)
{
axis2_char_t *data = NULL;
axis2_char_t *node_name = NULL;
- oxs_x509_cert_t *cert = NULL;
-
+ axis2_status_t status = AXIS2_FAILURE;
+ oxs_x509_cert_t *_cert = NULL;
node_name = axiom_util_get_localname(X509_cert_node, env);
if(0 != axis2_strcmp(node_name, OXS_NODE_X509_CERTIFICATE)){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_CERTIFICATE, node_name);
- return NULL;
+ return AXIS2_FAILURE;
}
/*Get contents*/
data = oxs_token_get_x509_certificate(env, X509_cert_node);
- cert = oxs_key_mgr_load_x509_cert_from_string(env, data);
-
- return cert;
+ _cert = oxs_key_mgr_load_x509_cert_from_string(env, data);
+ if(_cert){
+ status = AXIS2_SUCCESS;
+ }else{
+ status = AXIS2_FAILURE;
+ }
+ oxs_x509_cert_copy_to(_cert, env, cert);
+ return status;
}
-AXIS2_EXTERN oxs_x509_cert_t *AXIS2_CALL
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_key_process_X509Data(const axis2_env_t *env,
- axiom_node_t *X509_data_node)
+ axiom_node_t *X509_data_node,
+ oxs_x509_cert_t *cert)
{
- oxs_x509_cert_t *cert = NULL;
axiom_node_t *child_node = NULL;
axis2_char_t *child_name = NULL;
axis2_char_t *node_name = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
node_name = axiom_util_get_localname(X509_data_node, env);
if(0 != axis2_strcmp(node_name, OXS_NODE_X509_DATA)){
oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_DATA, node_name);
- return NULL;
+ return AXIS2_FAILURE;
}
child_node = AXIOM_NODE_GET_FIRST_CHILD( X509_data_node, env);
child_name = axiom_util_get_localname(child_node, env);
/*Check wht's inside the <ds:X509Data>*/
if(0 == axis2_strcmp(child_name, OXS_NODE_X509_CERTIFICATE)){
- cert = oxs_xml_key_process_X509Certificate(env, child_node);
+ status = oxs_xml_key_process_X509Certificate(env, child_node, cert);
}else if(0 == axis2_strcmp(child_name, OXS_NODE_X509_ISSUER_SERIAL)){
- cert = oxs_xml_key_process_X509IssuerSerial(env, child_node);
+ status = oxs_xml_key_process_X509IssuerSerial(env, child_node, cert);
}else if(0 == axis2_strcmp(child_name, OXS_NODE_X509_SUBJECT_NAME )){
- cert = oxs_xml_key_process_X509SubjectName(env, child_node);
+ status = oxs_xml_key_process_X509SubjectName(env, child_node, cert);
}else if(0 == axis2_strcmp(child_name, OXS_NODE_X509_SKI )){
- cert = oxs_xml_key_process_X509SKI(env, child_node);
+ status = oxs_xml_key_process_X509SKI(env, child_node, cert);
}else{
/*We do not support*/
}
- return cert;
+ return status;
}
Modified: webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c?view=diff&rev=515042&r1=515041&r2=515042
==============================================================================
--- webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c (original)
+++ webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c Tue Mar 6 01:25:28 2007
@@ -165,8 +165,11 @@
axiom_node_t *x509_node = NULL;
ki_node = oxs_axiom_get_first_child_node_by_name(env, sig_node, OXS_NODE_KEY_INFO, OXS_DSIG_NS, OXS_DS);
x509_node = oxs_axiom_get_first_child_node_by_name(env, ki_node, OXS_NODE_X509_DATA, OXS_DSIG_NS, OXS_DS);
- cert = oxs_xml_key_process_X509Data(env, x509_node);
- if(!cert){
+
+ cert = oxs_x509_cert_create(env);
+ printf("No certificate is given. Fetching certificate from the KeyInfo\n");
+ status = oxs_xml_key_process_X509Data(env, x509_node, cert);
+ if(AXIS2_FAILURE == status){
printf("Error reading KeyInfo\n");
return AXIS2_FAILURE;
}
@@ -174,7 +177,12 @@
/*Set certificate*/
- oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
+ if(cert){
+ oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
+ }else{
+ printf("Certificate is NULL\n");
+ return AXIS2_FAILURE;
+ }
/*Verify*/
status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
if(AXIS2_SUCCESS != status){
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org