You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/04/16 07:10:19 UTC
svn commit: r529133 - in /webservices/rampart/trunk/c: include/
samples/client/sec_echo/ src/util/
Author: kaushalye
Date: Sun Apr 15 22:10:18 2007
New Revision: 529133
URL: http://svn.apache.org/viewvc?view=rev&rev=529133
Log:
Committing replay detection module logic.
Modified:
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/include/rampart_replay_detector.h
webservices/rampart/trunk/c/samples/client/sec_echo/echo.c
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?view=diff&rev=529133&r1=529132&r2=529133
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Sun Apr 15 22:10:18 2007
@@ -234,6 +234,11 @@
rampart_context_t *rampart_context,
const axutil_env_t *env);
+ AXIS2_EXTERN rampart_is_replayed_fn AXIS2_CALL
+ rampart_context_get_replay_detect_function(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
AXIS2_EXTERN void* AXIS2_CALL
rampart_context_get_ctx(
rampart_context_t *rampart_context,
Modified: webservices/rampart/trunk/c/include/rampart_replay_detector.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_replay_detector.h?view=diff&rev=529133&r1=529132&r2=529133
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_replay_detector.h (original)
+++ webservices/rampart/trunk/c/include/rampart_replay_detector.h Sun Apr 15 22:10:18 2007
@@ -80,6 +80,9 @@
rampart_replay_detector_default(const axutil_env_t *env,
axis2_msg_ctx_t* msg_ctx);
+ AXIS2_EXTERN axutil_hash_t *AXIS2_CALL
+ rampart_replay_detector_set_default_db(const axutil_env_t *env,
+ axis2_ctx_t *ctx);
/*************************** Function macros **********************************/
#define RAMPART_REPLAY_DETECTOR_LOAD(replay_detector, env) \
Modified: webservices/rampart/trunk/c/samples/client/sec_echo/echo.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/client/sec_echo/echo.c?view=diff&rev=529133&r1=529132&r2=529133
==============================================================================
--- webservices/rampart/trunk/c/samples/client/sec_echo/echo.c (original)
+++ webservices/rampart/trunk/c/samples/client/sec_echo/echo.c Sun Apr 15 22:10:18 2007
@@ -157,8 +157,10 @@
ns1 = axiom_namespace_create(env, "http://ws.apache.org/axis2/c/samples", "ns1");
echo_om_ele = axiom_element_create(env, NULL, "echoString", ns1, &echo_om_node);
+
+
text_om_ele = axiom_element_create(env, echo_om_node, "text", NULL, &text_om_node);
- axiom_element_set_text(text_om_ele, env, "echo5", text_om_node);
+ axiom_element_set_text(text_om_ele, env, "echo5\n", text_om_node);
om_str = axiom_node_to_string(echo_om_node, env);
if (om_str)
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?view=diff&rev=529133&r1=529132&r2=529133
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Sun Apr 15 22:10:18 2007
@@ -490,7 +490,7 @@
}
AXIS2_EXTERN rampart_is_replayed_fn AXIS2_CALL
-rampart_context_get_is_replayed_function(
+rampart_context_get_replay_detect_function(
rampart_context_t *rampart_context,
const axutil_env_t *env)
{
Modified: webservices/rampart/trunk/c/src/util/rampart_engine.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_engine.c?view=diff&rev=529133&r1=529132&r2=529133
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_engine.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_engine.c Sun Apr 15 22:10:18 2007
@@ -21,7 +21,7 @@
#include <rampart_engine.h>
#include <axis2_ctx.h>
-
+#include <rampart_replay_detector.h>
/*This method sets all the configurations
loads required modules and start rampart.*/
@@ -68,24 +68,27 @@
AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Type in the parameter is not rampart_context");
return NULL;
}
- return get_rampart_context_with_secpolicy_from_om(rampart_context,env);
+ /*We will build sec policy from the axiom representation of the policy. Used in PHP ext*/
+ rampart_context = get_rampart_context_with_secpolicy_from_om(rampart_context,env);
+
}else{
- if(axis2_msg_ctx_get_server_side(msg_ctx,env))
- {
+ /*For the performance we will first chk if we have a saved configuration in the conf ctx.[else block]
+ *If not we will extract configurations from the descriptor files*/
+ if(axis2_msg_ctx_get_server_side(msg_ctx,env)) {
/*If the server side*/
- return get_rampart_context_in_server_side(env,msg_ctx,IN_MESSAGE_SECURITY);
+ rampart_context = get_rampart_context_in_server_side(env,msg_ctx,IN_MESSAGE_SECURITY);
}else{
- /*We are in the client/incoming side*/
value = rampart_get_rampart_configuration(env,msg_ctx,RAMPART_INFLOW_SECURITY_POLICY);
- if(!value)
- {
+ if(!value){
AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Errors in the configurations");
return NULL;
}
file_name = (axis2_char_t *)value;
- return build_rampart_context_from_file(env,file_name);
+ rampart_context = build_rampart_context_from_file(env,file_name);
}
}
+ /*We set our default impl of replay detection function*/
+ rampart_context_set_replay_detect_function(rampart_context, env, rampart_replay_detector_default);
}else{
/*Outflow*/
value = rampart_get_rampart_configuration(env,msg_ctx,OUTFLOW_RAMPART_CONTEXT);
@@ -97,11 +100,11 @@
AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Type in the parameter is not rampart_context");
return NULL;
}
- return get_rampart_context_with_secpolicy_from_om(rampart_context,env);
+ rampart_context = get_rampart_context_with_secpolicy_from_om(rampart_context,env);
}else{
if(axis2_msg_ctx_get_server_side(msg_ctx,env))
{
- return get_rampart_context_in_server_side(env,msg_ctx,OUT_MESSAGE_SECURITY);
+ rampart_context = get_rampart_context_in_server_side(env,msg_ctx,OUT_MESSAGE_SECURITY);
}
else
{
@@ -112,10 +115,12 @@
return NULL;
}
file_name = (axis2_char_t *)value;
- return build_rampart_context_from_file(env,file_name);
+ rampart_context = build_rampart_context_from_file(env,file_name);
}
}
}
+
+ return rampart_context;
}
rampart_context_t *AXIS2_CALL
Modified: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?view=diff&rev=529133&r1=529132&r2=529133
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Sun Apr 15 22:10:18 2007
@@ -21,6 +21,7 @@
#include <axutil_property.h>
#include <rampart_constants.h>
#include <rampart_sec_processed_result.h>
+#include <rampart_util.h>
/*Private functions*/
AXIS2_EXTERN axutil_hash_t *AXIS2_CALL
rampart_replay_detector_get_default_db(const axutil_env_t *env,
@@ -51,8 +52,9 @@
hash = (axutil_hash_t*)axutil_property_get_value(property, env);
return hash;
}else{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the property %s from msg_ctx", RAMPART_RD_DB_PROP);
- return NULL;
+ hash = rampart_replay_detector_set_default_db(env, ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the property %s from msg_ctx. Creating a new", RAMPART_RD_DB_PROP);
+ return hash;
}
}
@@ -109,6 +111,27 @@
}
/*Public functions*/
+AXIS2_EXTERN axutil_hash_t *AXIS2_CALL
+rampart_replay_detector_set_default_db(const axutil_env_t *env,
+ axis2_ctx_t *ctx)
+{
+ axutil_hash_t *hash_db = NULL;
+ axutil_property_t *hash_db_prop = NULL;
+
+ if(!ctx){
+ return NULL;
+ }
+
+ hash_db = axutil_hash_make(env);
+ hash_db_prop = axutil_property_create(env);
+
+ axutil_property_set_value(hash_db_prop, env, hash_db);
+ axis2_ctx_set_property(ctx, env, RAMPART_RD_DB_PROP, hash_db_prop);
+
+ return hash_db;
+}
+
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_replay_detector_default(const axutil_env_t *env,
axis2_msg_ctx_t* msg_ctx)
@@ -119,6 +142,9 @@
const axis2_char_t *ts = NULL;
msg_id = axis2_msg_ctx_get_wsa_message_id(msg_ctx, env);
+ if(!msg_id){
+ msg_id = "MSG-ID";/*This has to be changed*/
+ }
ts = rampart_replay_detector_get_ts( env, msg_ctx);
/*Get the DB*/
hash = rampart_replay_detector_get_default_db(env, msg_ctx);
@@ -134,6 +160,7 @@
/*If matches ERROR*/
for (hi = axutil_hash_first(hash, env); hi; hi = axutil_hash_next(env, hi)) {
axutil_hash_this(hi, (const void**)&id, NULL, &val);
+ printf("[rampart][rrd] (id, val) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)val);
AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] (id, val) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)val);
/*If replayed, return a FAILRE*/
if(AXIS2_TRUE == rampart_replay_detector_is_replayed(env, msg_id, ts, id, val)){
@@ -142,12 +169,13 @@
/*Clean up old records*/
if(AXIS2_TRUE == rampart_replay_detector_is_overdue(env , ts, val)){
/*Remove the record*/
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] removing record (id, val) = (%s , %s)\n", (axis2_char_t*)id, (axis2_char_t*)val);
AXIS2_FREE(env->allocator, id);
id = NULL;
AXIS2_FREE(env->allocator, val);
ts = NULL;
}
- }
+ }/*eof for loop*/
/*If not replayed then we will insert the new record to the DB*/
axutil_hash_set(hash, msg_id, AXIS2_HASH_KEY_STRING, ts);
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?view=diff&rev=529133&r1=529132&r2=529133
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Sun Apr 15 22:10:18 2007
@@ -747,7 +747,7 @@
{
axiom_node_t *cur_node = NULL;
axis2_status_t status = AXIS2_FAILURE;
-
+ axis2_bool_t need_replay_detection = AXIS2_FALSE;
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process security header");
@@ -885,14 +885,32 @@
}
/*Now we can process timestamp*/
status = rampart_shp_process_timestamptoken(env,msg_ctx,rampart_context,sec_node);
- if(status!=AXIS2_SUCCESS)
+ if(status!=AXIS2_SUCCESS){
return status;
+ }
if( axis2_msg_ctx_get_server_side(msg_ctx, env))
{
status = rampart_shp_process_usernametoken(env,msg_ctx,rampart_context,sec_node);
if(status!=AXIS2_SUCCESS)
return status;
+ }
+
+ if(AXIS2_TRUE == need_replay_detection){/*TODO Chk for the policy configuration*/
+ rampart_is_replayed_fn rd_fn = NULL;
+ /*Is replayed*/
+ rd_fn = rampart_context_get_replay_detect_function(rampart_context, env);
+ if(rd_fn){
+ status = (*rd_fn)(env, msg_ctx);
+ if(status != AXIS2_SUCCESS){
+ /*Scream .. replayed*/
+ return AXIS2_FAILURE;
+ }else{
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Checked message for replays. Not a replay.");
+ }
+ }else{
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No replay detection function specified. Nothing to do. ");
+ }
}
AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE ");
/*Do the action accordingly*/