You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/07 10:11:00 UTC
svn commit: r504470 - in
/webservices/axis2/scratch/c/security-policy/c/rampart: include/
samples/client/enc_echo/ samples/client/enc_echo/data/ src/handlers/
src/secpolicy/test-resources/ src/util/
Author: kaushalye
Date: Wed Feb 7 01:10:59 2007
New Revision: 504470
URL: http://svn.apache.org/viewvc?view=rev&rev=504470
Log:
Aplying the patch in AXIS2C-488 Jira.
Added:
webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/incoming_policy.xml (with props)
webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/outgoing_policy.xml (with props)
webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/incoming_policy.xml (with props)
webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/outgoing_policy.xml (with props)
Modified:
webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_context.h
webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_sec_header_processor.h
webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_username_token.h
webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/deploy_client_repo.sh
webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_in_handler.c
webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_out_handler.c
webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/2.xml
webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_context.c
webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_sec_header_processor.c
webservices/axis2/scratch/c/security-policy/c/rampart/src/util/username_token.c
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_context.h
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_context.h?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_context.h (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_context.h Wed Feb 7 01:10:59 2007
@@ -135,6 +135,21 @@
axis2_bool_t server_side,
const axis2_env_t *env);
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ rampart_context_get_layout(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env);
+
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ rampart_context_get_decryption_prop_file(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env);
+
+ AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+ rampart_context_check_whether_to_encrypt(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env);
+
#ifdef __cplusplus
}
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_sec_header_processor.h
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_sec_header_processor.h?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_sec_header_processor.h (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_sec_header_processor.h Wed Feb 7 01:10:59 2007
@@ -22,6 +22,7 @@
#include <rampart_action.h>
#include <oxs_asym_ctx.h>
#include <oxs_xml_encryption.h>
+#include <rampart_context.h>
/**
* @file rampart_sec_header_processor.h
* @brief Processes a message depending on it's security related claims
@@ -48,7 +49,8 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_shp_process_message(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
+ /* rampart_actions_t *actions,*/
+ rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node);
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_username_token.h
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_username_token.h?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_username_token.h (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/include/rampart_username_token.h Wed Feb 7 01:10:59 2007
@@ -33,7 +33,7 @@
#include <rampart_constants.h>
#include <rampart_crypto_util.h>
#include <rampart_action.h>
-
+#include <rampart_context.h>
/** Type name for struct rampart_username_token_ops */
typedef struct rampart_username_token_ops rampart_username_token_ops_t;
/** Type name for struct rampart_username_token */
@@ -89,8 +89,8 @@
validate)(rampart_username_token_t *username_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_soap_header_t *soap_header,
- rampart_actions_t *actions
+ axiom_node_t *ut_node,
+ rampart_context_t *rampart_context
);
};
@@ -124,8 +124,8 @@
((username_token)->ops->build(username_token, env,username,password_callback_class,authn_module_name,isdigest,sec_node, sec_ns_obj))
-#define RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env, msg_ctx, soap_header, actions) \
- ((username_token)->ops->validate(username_token, env, msg_ctx, soap_header, actions))
+#define RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env, msg_ctx, ut_node, rampart_context) \
+ ((username_token)->ops->validate(username_token, env, msg_ctx, ut_node, rampart_context))
/** @} */
#ifdef __cplusplus
Added: webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/incoming_policy.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/incoming_policy.xml?view=auto&rev=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/incoming_policy.xml (added)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/incoming_policy.xml Wed Feb 7 01:10:59 2007
@@ -0,0 +1,62 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:user>Gampola</rampc:user>
+ <rampc:encryptionUser>a</rampc:encryptionUser>
+ <rampc:passwordType>Digest</rampc:passwordType>
+ <rampc:passwordCallbackClass>/home/manjula/axis2/scratch/security-policy/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:passwordCallbackClass>
+ <rampc:signatureCrypto>
+ <rampc:signaturePropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert</rampc:signaturePropFile>
+ </rampc:signatureCrypto>
+ <rampc:encryptionCypto>
+ <rampc:encryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/ahome/b_cert.cert</rampc:encryptionPropFile>
+ <rampc:decryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/ahome/a_store.pfx</rampc:decryptionPropFile>
+ </rampc:encryptionCypto>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Propchange: webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/incoming_policy.xml
------------------------------------------------------------------------------
svn:executable = *
Added: webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/outgoing_policy.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/outgoing_policy.xml?view=auto&rev=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/outgoing_policy.xml (added)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/outgoing_policy.xml Wed Feb 7 01:10:59 2007
@@ -0,0 +1,67 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:user>Gampola</rampc:user>
+ <rampc:encryptionUser>a</rampc:encryptionUser>
+ <rampc:passwordType>Digest</rampc:passwordType>
+ <rampc:passwordCallbackClass>/home/manjula/axis2/scratch/security-policy/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:passwordCallbackClass>
+ <rampc:signatureCrypto>
+ <rampc:signaturePropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert</rampc:signaturePropFile>
+ </rampc:signatureCrypto>
+ <rampc:encryptionCypto>
+ <rampc:encryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/ahome/b_cert.cert</rampc:encryptionPropFile>
+ <rampc:decryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/ahome/a_store.pfx</rampc:decryptionPropFile>
+ </rampc:encryptionCypto>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Propchange: webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/data/outgoing_policy.xml
------------------------------------------------------------------------------
svn:executable = *
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/deploy_client_repo.sh
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/deploy_client_repo.sh?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/deploy_client_repo.sh (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/samples/client/enc_echo/deploy_client_repo.sh Wed Feb 7 01:10:59 2007
@@ -16,6 +16,14 @@
echo "Copying axis2.xml to $CLIENT_REPO"
cp data/client.enc.axis2.xml $CLIENT_REPO/axis2.xml
+#copy [client]policy files to CLIENT_REPO
+
+echo "Copying incoming_policy.xml to $CLIENT_REPO"
+cp data/incoming_policy.xml $CLIENT_REPO/incoming_policy.xml
+
+echo "Copying outgoing_policy.xml to $CLIENT_REPO"
+cp data/outgoing_policy.xml $CLIENT_REPO/outgoing_policy.xml
+
#copy libs to client_repo
echo "Copying libraries to $CLIENT_REPO"
cp -r $AXIS2C_HOME/lib $CLIENT_REPO/
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_in_handler.c
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_in_handler.c?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_in_handler.c (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_in_handler.c Wed Feb 7 01:10:59 2007
@@ -33,6 +33,10 @@
#include <rampart_util.h>
#include <rampart_sec_header_processor.h>
#include <rampart_sec_processed_result.h>
+#include <rp_policy_creator.h>
+#include <rp_secpolicy_builder.h>
+#include <rampart_context.h>
+
/*************************** Function headers *********************************/
@@ -70,6 +74,97 @@
axiom_soap_envelope_t *soap_envelope = NULL;
axiom_soap_header_t *soap_header = NULL;
axis2_status_t status = AXIS2_FAILURE;
+ axiom_node_t *sec_node = NULL;
+ rp_secpolicy_t *secpolicy = NULL;
+ rampart_context_t *rampart_context = NULL;
+/* axis2_char_t *file_name = "/home/manjula/axis2/scratch/security-policy/c/rampart/src/secpolicy/test-resources/2.xml";*/
+ axis2_char_t *file_name = NULL;
+ axis2_bool_t serverside = AXIS2_FALSE;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
+
+ serverside = axis2_msg_ctx_get_server_side(msg_ctx,env);
+
+ if(serverside)
+ file_name = "/home/manjula/axis2/scratch/security-policy/c/rampart/src/secpolicy/test-resources/incoming_policy.xml";
+
+ else
+ file_name = "/home/manjula/axis2/scratch/security-policy/c/deploy/client_repo/incoming_policy.xml";
+
+ soap_envelope = AXIS2_MSG_CTX_GET_SOAP_ENVELOPE(msg_ctx, env);
+ if(!soap_envelope)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_in_handler] No SOAP envelope found. ERROR");
+ return AXIS2_FAILURE;
+ }
+
+ soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
+ if (!soap_header)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] No SOAP header found. ERROR");
+ /*No SOAP header, so no point of proceeding*/
+ return AXIS2_SUCCESS;
+ }
+ AXIS2_LOG_TRACE(env->log, AXIS2_LOG_SI, "SOAP header found");
+
+ secpolicy = rp_policy_create_from_file(env,file_name);
+
+ if(!secpolicy)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] Cannot get policy" );
+ /*No policy so we cant proceed.*/
+ return AXIS2_FAILURE;
+ }
+ rampart_context = rampart_context_create(env);
+ if(!rampart_context)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_out_handler] Cannot get Rampart Data " );
+ /*No policy so we cant proceed.*/
+ return AXIS2_FAILURE;
+ }
+
+ rampart_context_set_secpolicy(rampart_context,env,secpolicy);
+
+ sec_node = rampart_get_security_token(env, msg_ctx, soap_header);
+
+ status = rampart_set_security_processed_results_property(env, msg_ctx);
+
+ if(AXIS2_FAILURE == status)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_in_handler] Unable to set the security processed results");
+ }
+ if(!sec_node)
+ {
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_in_handler] No security header element.");
+ return AXIS2_SUCCESS;
+ }
+
+ status = rampart_shp_process_message(env, msg_ctx, rampart_context,
+ soap_envelope, sec_node);
+ if (AXIS2_FAILURE == status)
+ {
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ return AXIS2_SUCCESS;
+ }
+ return status;
+}
+
+
+/*
+axis2_status_t AXIS2_CALL
+rampart_in_handler_invoke(struct axis2_handler *handler,
+ const axis2_env_t *env,
+ struct axis2_msg_ctx *msg_ctx)
+{
+ axiom_soap_envelope_t *soap_envelope = NULL;
+ axiom_soap_header_t *soap_header = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
axis2_param_t *param_in_flow_security = NULL;
axis2_ctx_t *ctx = NULL;
axis2_array_list_t *action_list = NULL;
@@ -80,21 +175,20 @@
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
- /*Get SOAP envelope*/
soap_envelope = AXIS2_MSG_CTX_GET_SOAP_ENVELOPE(msg_ctx, env);
if (soap_envelope)
{
- /*Get SOAP header*/
+
soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
if (soap_header)
{
AXIS2_LOG_TRACE(env->log, AXIS2_LOG_SI, "SOAP header found");
- /*Create and populate rampart actions*/
+
actions = rampart_actions_create(env);
- /*Check InFlowSecurity parameters*/
+
ctx = AXIS2_MSG_CTX_GET_BASE(msg_ctx, env);
param_in_flow_security = rampart_get_security_param(env, msg_ctx,
RAMPART_INFLOW_SECURITY);
@@ -104,7 +198,7 @@
AXIS2_LOG_INFO(env->log,
"[rampart][rampart_in_handler]Inflow Security found");
- /*Get actions*/
+
action_list = rampart_get_actions(env, ctx,
param_in_flow_security);
@@ -116,7 +210,7 @@
AXIS2_LOG_INFO(env->log,
"[rampart][rampart_in_handler] No actions defined.");
}
- /*Now we support only one action.i.e. Only the first action*/
+
param_action = (axis2_param_t*) AXIS2_ARRAY_LIST_GET(action_list,
env, 0);
@@ -134,12 +228,12 @@
"[rampart][rampart_in_handler] No Inflow Security in the paramter list.");
return AXIS2_SUCCESS;
}
- /*Then re-populate using the axis2_ctx*/
+
status = RAMPART_ACTIONS_POPULATE_FROM_CTX(actions, env, ctx);
sec_node = rampart_get_security_token(env, msg_ctx, soap_header);
- /*Set the security processed results to the message ctx*/
+
status = rampart_set_security_processed_results_property(env, msg_ctx);
if(AXIS2_FAILURE == status){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -153,7 +247,7 @@
}
- /*The main entry point for all security header validations*/
+
status = rampart_shp_process_message(env, msg_ctx, actions,
soap_envelope, sec_node);
if (AXIS2_FAILURE == status)
@@ -163,9 +257,9 @@
- }else{ /* End of sec_header */
- /*It's OK to have SOAP envelopes without headers*/
+ }else{
+
return AXIS2_SUCCESS;
}
- }/* End of soap_envelope */
- return status;}
+ }
+ return status;}*/
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_out_handler.c
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_out_handler.c?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_out_handler.c (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/handlers/rampart_out_handler.c Wed Feb 7 01:10:59 2007
@@ -75,10 +75,21 @@
axis2_status_t status = AXIS2_FAILURE;
rampart_context_t *rampart_context = NULL;
rp_secpolicy_t *secpolicy = NULL;
- axis2_char_t *file_name = "/home/manjula/axis2/scratch/security-policy/c/rampart/src/secpolicy/test-resources/2.xml";
+/* axis2_char_t *file_name = "/home/manjula/axis2/scratch/security-policy/c/rampart/src/secpolicy/test-resources/2.xml";*/
+ axis2_char_t *file_name = NULL;
+ axis2_bool_t serverside = AXIS2_FALSE;
+
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
+
+ serverside = axis2_msg_ctx_get_server_side(msg_ctx,env);
+
+ if(serverside)
+ file_name = "/home/manjula/axis2/scratch/security-policy/c/rampart/src/secpolicy/test-resources/outgoing_policy.xml";
+
+ else
+ file_name = "/home/manjula/axis2/scratch/security-policy/c/deploy/client_repo/outgoing_policy.xml";
soap_envelope = AXIS2_MSG_CTX_GET_SOAP_ENVELOPE(msg_ctx, env);
if (!soap_envelope)
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/2.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/2.xml?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/2.xml (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/2.xml Wed Feb 7 01:10:59 2007
@@ -5,7 +5,7 @@
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
- <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
@@ -51,7 +51,7 @@
</sp:EncryptedParts>
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
<rampc:user>Gampola</rampc:user>
- <rampc:encryptionUser>a</rampc:encryptionUser>
+ <rampc:encryptionUser>b</rampc:encryptionUser>
<rampc:passwordType>Digest</rampc:passwordType>
<rampc:passwordCallbackClass>/home/manjula/axis2/scratch/security-policy/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:passwordCallbackClass>
<rampc:signatureCrypto>
@@ -59,7 +59,7 @@
</rampc:signatureCrypto>
<rampc:encryptionCypto>
<rampc:encryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/ahome/b_cert.cert</rampc:encryptionPropFile>
- <rampc:decryptionPropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/a_store.pfx</rampc:decryptionPropFile>
+ <rampc:decryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/bhome/b_store.pfx</rampc:decryptionPropFile>
</rampc:encryptionCypto>
</rampc:RampartConfig>
</wsp:All>
Added: webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/incoming_policy.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/incoming_policy.xml?view=auto&rev=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/incoming_policy.xml (added)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/incoming_policy.xml Wed Feb 7 01:10:59 2007
@@ -0,0 +1,67 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:user>Gampola</rampc:user>
+ <rampc:encryptionUser>b</rampc:encryptionUser>
+ <rampc:passwordType>Digest</rampc:passwordType>
+ <rampc:passwordCallbackClass>/home/manjula/axis2/scratch/security-policy/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:passwordCallbackClass>
+ <rampc:signatureCrypto>
+ <rampc:signaturePropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert</rampc:signaturePropFile>
+ </rampc:signatureCrypto>
+ <rampc:encryptionCypto>
+ <rampc:encryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/bhome/a_cert.cert</rampc:encryptionPropFile>
+ <rampc:decryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/bhome/b_store.pfx</rampc:decryptionPropFile>
+ </rampc:encryptionCypto>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Propchange: webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/incoming_policy.xml
------------------------------------------------------------------------------
svn:executable = *
Added: webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/outgoing_policy.xml
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/outgoing_policy.xml?view=auto&rev=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/outgoing_policy.xml (added)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/outgoing_policy.xml Wed Feb 7 01:10:59 2007
@@ -0,0 +1,59 @@
+<wsp:Policy wsu:Id="SigOnly" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always">
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256Rsa15/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
+ <wsp:Policy>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
+ <rampc:user>Gampola</rampc:user>
+ <rampc:encryptionUser>b</rampc:encryptionUser>
+ <rampc:passwordType>Digest</rampc:passwordType>
+ <rampc:passwordCallbackClass>/home/manjula/axis2/scratch/security-policy/c/deploy/bin/samples/rampart/callback/libpwcb.so</rampc:passwordCallbackClass>
+ <rampc:signatureCrypto>
+ <rampc:signaturePropFile>/home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert</rampc:signaturePropFile>
+ </rampc:signatureCrypto>
+ <rampc:encryptionCypto>
+ <rampc:encryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/bhome/a_cert.cert</rampc:encryptionPropFile>
+ <rampc:decryptionPropFile>/home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/bhome/b_store.pfx</rampc:decryptionPropFile>
+ </rampc:encryptionCypto>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Propchange: webservices/axis2/scratch/c/security-policy/c/rampart/src/secpolicy/test-resources/outgoing_policy.xml
------------------------------------------------------------------------------
svn:executable = *
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_context.c?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_context.c (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_context.c Wed Feb 7 01:10:59 2007
@@ -667,6 +667,34 @@
return AXIS2_FAILURE;
}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_check_whether_to_encrypt(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_signed_encrypted_parts_t *encrypted_parts = NULL;
+ axis2_array_list_t *parts = NULL;
+
+ encrypted_parts = rp_secpolicy_get_encrypted_parts(rampart_context->secpolicy,env);
+ if(!encrypted_parts)
+ return AXIS2_FALSE;
+
+ parts = rp_signed_encrypted_parts_get_headers(encrypted_parts,env);
+ if(!parts || (AXIS2_ARRAY_LIST_SIZE(parts,env)==0))
+ {
+ if(rp_signed_encrypted_parts_get_body(encrypted_parts,env))
+ return AXIS2_TRUE;
+
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_context]No encryption parts specified Nothing to decrypt");
+ return AXIS2_FALSE;
+ }
+ }
+ return AXIS2_TRUE;
+}
+
AXIS2_EXTERN rp_property_t *AXIS2_CALL
rampart_context_get_token(
rampart_context_t *rampart_context,
@@ -813,6 +841,31 @@
return NULL;
}
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_decryption_prop_file(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_rampart_config_t *rampart_config = NULL;
+ rp_encryption_crypto_t *enc_crypto = NULL;
+
+ rampart_config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(rampart_config)
+ {
+ enc_crypto = rp_rampart_config_get_encryption_crypto(rampart_config,env);
+ if(enc_crypto)
+ {
+ return rp_encryption_crypto_get_decryption_prop_file(enc_crypto,env);
+ }
+ else
+ return NULL;
+ }
+ else
+ return NULL;
+}
+
+
+
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
rampart_context_get_encryption_user(
@@ -873,4 +926,26 @@
}
/*This can be extended when we are supporting other token types.*/
else return NULL;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_layout(
+ rampart_context_t *rampart_context,
+ const axis2_env_t *env)
+{
+ rp_binding_commons_t *binding_commons = NULL;
+ rp_layout_t *layout = NULL;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ binding_commons = rampart_context_get_binding_commons(rampart_context,env);
+
+ if(!binding_commons)
+ return NULL;
+
+ layout = rp_binding_commons_get_layout(binding_commons,env);
+ if(!layout)
+ return RP_LAYOUT_STRICT;
+
+ return rp_layout_get_value(layout,env);
}
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/util/rampart_sec_header_processor.c Wed Feb 7 01:10:59 2007
@@ -44,50 +44,162 @@
#include <axis2_array_list.h>
/*Private functions*/
+static axis2_bool_t
+rampart_shp_validate_qnames(const axis2_env_t *env,
+ axiom_node_t *node)
+
+{
+ axiom_element_t *node_ele = NULL;
+ axis2_qname_t *qname = NULL;
+ axis2_qname_t *node_qname = NULL;
+ axis2_char_t *local_name = NULL;
+
+ AXIS2_ENV_CHECK(env,AXIS2_FALSE);
+
+ node_ele = AXIOM_NODE_GET_DATA_ELEMENT(node, env);
+ if(!node_ele)
+ return AXIS2_FALSE;
+
+ local_name = AXIOM_ELEMENT_GET_LOCALNAME(node_ele,env);
+ if(!local_name)
+ return AXIS2_FALSE;
+
+ if(AXIS2_STRCMP(local_name,RAMPART_SECURITY_TIMESTAMP)==0)
+ qname = axis2_qname_create(env,local_name,RAMPART_WSU_XMLNS,RAMPART_WSU);
+
+ else if(AXIS2_STRCMP(local_name,RAMPART_SECURITY_USERNAMETOKEN)==0)
+ qname = axis2_qname_create(env,local_name,RAMPART_WSSE_XMLNS,RAMPART_WSSE);
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_ENCRYPTED_KEY)==0)
+ qname = axis2_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_ENCRYPTED_DATA)==0)
+ qname = axis2_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_SIGNATURE)==0)
+ return AXIS2_FALSE;
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_BINARY_SECURITY_TOKEN)==0)
+ return AXIS2_FALSE;
+
+ else if(AXIS2_STRCMP(local_name,OXS_NODE_REFERENCE_LIST)==0)
+ return AXIS2_FALSE;
+
+ else return AXIS2_FALSE;
+
+ if(!qname)
+ return AXIS2_FALSE;
+
+ node_qname = AXIOM_ELEMENT_GET_QNAME(node_ele,env,node);
+
+ if(!node_qname)
+ {
+ AXIS2_QNAME_FREE(qname,env);
+ qname = NULL;
+ return AXIS2_FALSE;
+ }
+
+ if(AXIS2_QNAME_EQUALS(qname,env,node_qname))
+ {
+ AXIS2_QNAME_FREE(qname,env);
+ qname = NULL;
+ return AXIS2_TRUE;
+ }
+ return AXIS2_FALSE;
+}
+
+
+
static axis2_status_t
rampart_shp_process_timestamptoken(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
- axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *ts_node)
+ rampart_context_t *rampart_context,
+ axiom_node_t *sec_node)
{
rampart_timestamp_token_t *timestamp_token = NULL;
axis2_status_t valid_ts = AXIS2_FAILURE;
-
- timestamp_token = rampart_timestamp_token_create(env);
- valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node);
+ axiom_node_t *ts_node = NULL;
- if (valid_ts)
+ ts_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_TIMESTAMP);
+ if(!ts_node)
{
- AXIS2_LOG_INFO(env->log, "[rampart][scp] Validating Timestamp is SUCCESS ");
- return AXIS2_SUCCESS;
+ if(rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is not in the message");
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_SUCCESS;
+ }
+ else if(!rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp should not be in the message.");
+ return AXIS2_FAILURE;
}
- else
+ else
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
+ if(!rampart_shp_validate_qnames(env,ts_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ timestamp_token = rampart_timestamp_token_create(env);
+ valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node);
+
+ if (valid_ts)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][scp] Validating Timestamp is SUCCESS ");
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
return AXIS2_FAILURE;
+ }
}
}
static axis2_status_t
rampart_shp_process_usernametoken(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
- axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *ut_node)
+ rampart_context_t *rampart_context,
+ axiom_node_t *sec_node)
{
rampart_username_token_t *username_token = NULL;
- axiom_soap_header_t *soap_header = NULL;
axis2_status_t valid_user = AXIS2_FAILURE;
+ axiom_node_t *ut_node = NULL;
- soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
-
- username_token = rampart_username_token_create(env);
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
- valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
- msg_ctx, soap_header, actions);
+ ut_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_USERNAMETOKEN);
+ if(!ut_node)
+ {
+ if(rampart_context_is_include_username_token(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token is not in the message");
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_SUCCESS;
+ }
+ else if(!rampart_context_is_include_username_token(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token should not be in the message.");
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ if(!rampart_shp_validate_qnames(env,ut_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+ username_token = rampart_username_token_create(env);
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
+ valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
+ msg_ctx, ut_node, rampart_context);
+ }
if (valid_user)
{
AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken SUCCESS");
@@ -102,7 +214,7 @@
static axis2_status_t
rampart_shp_process_encrypted_key(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
+ rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node,
axiom_node_t *encrypted_key_node)
@@ -113,9 +225,13 @@
axis2_char_t *enc_asym_algo = NULL;
axis2_char_t *dec_key_file = NULL;
axis2_char_t *password = NULL;
+ axis2_char_t *enc_user = NULL;
+ axis2_char_t *pw_callback_module = NULL;
axis2_status_t status = AXIS2_FAILURE;
oxs_asym_ctx_t *asym_ctx = NULL;
oxs_key_t *decrypted_sym_key = NULL;
+ axis2_char_t *enc_asym_algo_in_pol = NULL;
+ axis2_char_t *enc_sym_algo_in_pol = NULL;
int i = 0;
/*Get EncryptedData references */
@@ -134,14 +250,48 @@
/*If the reference list > 0 then We have nodes to decrypt. Next step is to get the encrypted key*/
/*Obtain the session key which is encrypted*/
/*Create an asym_ctx*/
+ /*We should verify the algorithm with policy*/
+ enc_asym_algo_in_pol = rampart_context_get_enc_asym_algo(rampart_context,env);
+ if(!enc_asym_algo_in_pol)
+ return AXIS2_FAILURE;
+
+ if(AXIS2_STRCMP(enc_asym_algo_in_pol,enc_asym_algo)!=0)
+ {
+ AXIS2_LOG_INFO(env->log, "The key is encrypted with the wrong algorithm");
+ return AXIS2_FAILURE;
+ }
+
asym_ctx = oxs_asym_ctx_create(env);
- dec_key_file = RAMPART_ACTIONS_GET_DEC_KEY_FILE(actions, env);
+ dec_key_file = rampart_context_get_decryption_prop_file(rampart_context,env);
+ if(!dec_key_file)
+ {
+ AXIS2_LOG_INFO(env->log, "Decryption Profile is not specified.");
+ return AXIS2_FAILURE;
+ }
/*Get the password to retrieve the key from key store*/
- password = rampart_callback_encuser_password(env, actions, msg_ctx);
+/* password = rampart_callback_encuser_password(env, actions, msg_ctx);*/
+
+ enc_user = rampart_context_get_encryption_user(rampart_context,env);
+
+ if(!enc_user)
+ enc_user = rampart_context_get_user(rampart_context,env);
+
+ if(!enc_user)
+ return AXIS2_FAILURE;
+
+ pw_callback_module = rampart_context_get_password_callback_class(rampart_context,env);
+ if(!pw_callback_module)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Password call back module is not specified.");
+ return AXIS2_FAILURE;
+ }
+
+ password = rampart_callback_password(env, pw_callback_module, enc_user);
+
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_file_name(asym_ctx, env, dec_key_file);
- oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));
+/* oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));*/
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
oxs_asym_ctx_set_password(asym_ctx, env, password);
@@ -161,13 +311,24 @@
}
/*Alright now we have the key used to encrypt the elements in the reference_list*/
/*Go thru each and every node in the list and decrypt them*/
- for(i=0 ; i < AXIS2_ARRAY_LIST_SIZE(reference_list, env); i++ ){
+
+ /*Before decrypt we should get the symmetric algo from policy.
+ So for each encrypted element we can compare the algo. */
+
+ enc_sym_algo_in_pol = rampart_context_get_enc_sym_algo(rampart_context,env);
+ if(!enc_sym_algo_in_pol)
+ return AXIS2_FAILURE;
+
+ for(i=0 ; i < AXIS2_ARRAY_LIST_SIZE(reference_list, env); i++ )
+ {
axis2_char_t *id = NULL;
axis2_char_t *id2 = NULL;
axiom_node_t *enc_data_node = NULL;
axiom_node_t *envelope_node = NULL;
oxs_ctx_t *ctx = NULL;
axiom_node_t *decrypted_node = NULL;
+ axiom_node_t *mtd_node = NULL;
+ axis2_char_t *sym_algo = NULL;
/*Get the i-th element and decrypt it */
id = (axis2_char_t*)AXIS2_ARRAY_LIST_GET(reference_list, env, i);
@@ -187,9 +348,28 @@
return AXIS2_FAILURE;
}
/*Create an enc_ctx*/
+ mtd_node = oxs_axiom_get_first_child_node_by_name(env, enc_data_node, OXS_NODE_ENCRYPTION_METHOD, NULL, NULL);
+ if(!mtd_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Node with ID=%s cannot be found", id);
+ /*continue;*/
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Cannot find EncryptionMethod Element", RAMPART_FAULT_IN_ENCRYPTED_DATA, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ sym_algo = oxs_token_get_encryption_method(env, mtd_node);
+ if(!sym_algo)
+ return AXIS2_FAILURE;
+
+ if(AXIS2_STRCMP(sym_algo, enc_sym_algo_in_pol)!=0)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Sym algorithm is mismathced with policy.");
+ return AXIS2_FAILURE;
+ }
+
ctx = oxs_ctx_create(env);
OXS_CTX_SET_KEY(ctx, env, decrypted_sym_key);
-
+
status = oxs_xml_enc_decrypt_node(env, ctx, enc_data_node, &decrypted_node);
if(AXIS2_FAILURE == status){
rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
@@ -215,7 +395,7 @@
return AXIS2_SUCCESS;
}
-
+/*
#ifdef PRE_CHECK
static axis2_status_t
rampart_shp_pre_security_check(const axis2_env_t *env,
@@ -236,18 +416,18 @@
return AXIS2_SUCCESS;
}
- /*Get action items seperated by spaces*/
+
items_list = axis2_tokenize(env, items, ' ');
size = AXIS2_ARRAY_LIST_SIZE(items_list, env);
- /*Iterate thru items*/
+
for (i = 0; i < size; i++)
{
axis2_char_t *item = NULL;
item = AXIS2_ARRAY_LIST_GET(items_list, env, i);
if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item, NULL))){
- /*UT is a MUST. So identify if the UT is available*/
+
int num_of_ut = 0;
num_of_ut = oxs_axiom_get_number_of_children_with_qname(env, sec_node,
RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE);
@@ -258,7 +438,7 @@
return AXIS2_FAILURE;
}
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
- /*TS is a MUST.*/
+
int num_of_ts = 0;
num_of_ts = oxs_axiom_get_number_of_children_with_qname(env, sec_node,
RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE);
@@ -275,8 +455,9 @@
return AXIS2_SUCCESS;
}
#endif
-
+*/
/*Compare security checked results with action items*/
+/*
static axis2_status_t
rampart_shp_post_security_check(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
@@ -294,11 +475,11 @@
return AXIS2_SUCCESS;
}
- /*Get action items seperated by spaces*/
+
items_list = axis2_tokenize(env, items, ' ');
size = AXIS2_ARRAY_LIST_SIZE(items_list, env);
- /*Iterate thru items*/
+
for (i = 0; i < size; i++)
{
axis2_char_t *item = NULL;
@@ -306,7 +487,7 @@
item = AXIS2_ARRAY_LIST_GET(items_list, env, i);
if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item, NULL))){
- /*UT is a MUST. So identify if the UT is available*/
+
result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_CHECKED);
if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
AXIS2_LOG_INFO(env->log, "[rampart][shp] UsernameToken is required. But not available");
@@ -316,7 +497,7 @@
}
result = NULL;
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
- /*TS is a MUST.*/
+
result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_TS_CHECKED);
if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is required. But not available");
@@ -326,7 +507,7 @@
}
result = NULL;
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_ENCRYPT, AXIS2_STRTRIM(env, item, NULL))){
- /*Encryption is a MUST*/
+
result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_ENC_CHECKED);
if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
AXIS2_LOG_INFO(env->log, "[rampart][shp] Encryption is required. But not available");
@@ -336,94 +517,154 @@
}
result = NULL;
}else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_SIGNATURE, AXIS2_STRTRIM(env, item, NULL))){
- /*Signature is a MUST*/
+
}
}
return AXIS2_SUCCESS;
}
-
+*/
/*Public functions*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_shp_process_message(const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- rampart_actions_t *actions,
+ rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node)
{
axiom_node_t *cur_node = NULL;
- axiom_element_t *cur_ele = NULL;
- axis2_char_t *cur_node_name = NULL;
- axis2_qname_t *cur_qname = NULL;
axis2_status_t status = AXIS2_FAILURE;
/*If certian security elements are expected by the reciever, rampart should check for those */
/*This should be removed once header encryption is introduced. But this pre-check avoids further processing of headers.*/
+/*
#ifdef PRE_CHECK
status = rampart_shp_pre_security_check(env, msg_ctx, actions, soap_envelope, sec_node);
if(AXIS2_FAILURE == status){
return AXIS2_FAILURE;
}
#endif
+*/
+ /*TO DO*/
+ /*There should be method to verify the security header before processing*/
+
AXIS2_LOG_INFO(env->log, "[rampart][shp] Process security header");
- /*Get the first token of the security header element*/
- cur_node = AXIOM_NODE_GET_FIRST_CHILD(sec_node, env);
-
- while(cur_node){
- cur_ele = AXIOM_NODE_GET_DATA_ELEMENT(cur_node, env);
- cur_qname = AXIOM_ELEMENT_GET_QNAME(cur_ele, env, cur_node);
- cur_node_name = AXIS2_QNAME_GET_LOCALPART(cur_qname, env);
-
- /*Check For following types, Username token, EncryptedKey, EncryptedData, ReferenceList, Signature*/
- if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_USERNAMETOKEN) ){
- /*Process UT*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Usernametoken");
- status = rampart_shp_process_usernametoken(env,msg_ctx, actions, soap_envelope, cur_node);
- }else if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_TIMESTAMP)){
- /*Verify TS*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Timestamptoken");
- status = rampart_shp_process_timestamptoken(env,msg_ctx, actions, soap_envelope, cur_node);
- }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_KEY)){
- /*Process EncryptedKey*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
- status = rampart_shp_process_encrypted_key(env,msg_ctx, actions, soap_envelope, sec_node, cur_node);
- }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_DATA)){
- /*Process Encrypteddata*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedData");
- /*TODO We need to support this scenario as well*/
-
- }else if(0 == AXIS2_STRCMP(cur_node_name , OXS_NODE_BINARY_SECURITY_TOKEN)){
- /*Process BinarySecurityToken*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process BinarySecurityToken");
- status = AXIS2_SUCCESS;
- }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_REFERENCE_LIST)){
- /*List is placed Out side of the EncryptedKey*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process ReferenceList");
- }else{
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Unknown token %s", cur_node_name);
- rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN,
- "Invalid security token found", cur_node_name, msg_ctx);
- return AXIS2_FAILURE;
- }
- /*Retuen failure on error*/
- if(AXIS2_FAILURE == status){
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header processing failure");
- return AXIS2_FAILURE;
+ if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_ASYMMETRIC)
+ {
+ if(rampart_context_is_encrypt_before_sign(rampart_context,env))
+ {
+ /*First we should verify signature, When signature is supported.*/
+
+ /*This verification is a quick hack.This should be cganged in the future
+ with a proper verification method before message processing */
+ if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context, soap_envelope, sec_node, cur_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;
+ }
+
}
- /*Proceed to next node*/
- cur_node = AXIOM_NODE_GET_NEXT_SIBLING(cur_node, env);
- }/*End of while*/
-
+ else
+ {
+ /*We should decrypt the message first*/
+ if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context, soap_envelope, sec_node, cur_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;;
+ }
+ /*After decrypting we may verify signature stuff.*/
+ }
+ /*Now we can process timestamp*/
+ status = rampart_shp_process_timestamptoken(env,msg_ctx,rampart_context,sec_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+
+ status = rampart_shp_process_usernametoken(env,msg_ctx,rampart_context,sec_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE ");
+ /*Do the action accordingly*/
+ return AXIS2_SUCCESS;
+
+
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Symmetric binding.");
+ return AXIS2_FAILURE;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_TRANSPORT)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Transport binding.");
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Invalid binding type.");
+ return AXIS2_FAILURE;
+ }
+ /*
status = rampart_shp_post_security_check(env, msg_ctx, actions);
if(AXIS2_FAILURE == status){
AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header doesn't confirms reciever's policy");
return AXIS2_FAILURE;
- }
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE ");
- /*Do the action accordingly*/
- return AXIS2_SUCCESS;
+ }*/
+
}
+
+
Modified: webservices/axis2/scratch/c/security-policy/c/rampart/src/util/username_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/scratch/c/security-policy/c/rampart/src/util/username_token.c?view=diff&rev=504470&r1=504469&r2=504470
==============================================================================
--- webservices/axis2/scratch/c/security-policy/c/rampart/src/util/username_token.c (original)
+++ webservices/axis2/scratch/c/security-policy/c/rampart/src/util/username_token.c Wed Feb 7 01:10:59 2007
@@ -83,8 +83,8 @@
rampart_username_token_validate(rampart_username_token_t *username_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_soap_header_t *soap_header,
- rampart_actions_t *actions);
+ axiom_node_t *ut_node,
+ rampart_context_t *rampart_context);
/************************* End of function headers ****************************/
static void
@@ -318,13 +318,9 @@
rampart_username_token_validate(rampart_username_token_t *username_token,
const axis2_env_t *env,
axis2_msg_ctx_t *msg_ctx,
- axiom_soap_header_t *soap_header,
- rampart_actions_t *actions)
+ axiom_node_t *ut_node,
+ rampart_context_t *rampart_context)
{
- axiom_element_t *sec_ele = NULL;
- axiom_element_t *ut_ele = NULL;
- axiom_node_t *sec_node = NULL;
- axiom_node_t *ut_node = NULL;
axiom_child_element_iterator_t *children = NULL;
axis2_char_t *username = NULL;
axis2_char_t *password = NULL;
@@ -336,40 +332,16 @@
axis2_char_t *password_from_svr = NULL;
axis2_char_t *password_to_compare = NULL;
axis2_ctx_t *ctx = NULL;
- axis2_qname_t *qname = NULL;
rampart_username_token_impl_t *username_token_impl = NULL;
rampart_authn_provider_status_t auth_status= RAMPART_AUTHN_PROVIDER_GENERAL_ERROR ;
+ axiom_element_t *ut_ele = NULL;
AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
username_token_impl = AXIS2_INTF_TO_IMPL(username_token);
- sec_node = rampart_get_security_token(env, msg_ctx, soap_header);
- if (!sec_node)
- {
- AXIS2_LOG_INFO(env->log, " [rampart][rampart_usernametoken] Cannot find security header element");
+ ut_ele = AXIOM_NODE_GET_DATA_ELEMENT(ut_node, env);
+ if(!ut_ele)
return AXIS2_FAILURE;
- }
-
-
- sec_ele = AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env);
- if (!sec_ele)
- {
- return AXIS2_FAILURE;
- }
-
- qname = axis2_qname_create(env,
- RAMPART_SECURITY_USERNAMETOKEN,
- RAMPART_WSSE_XMLNS,
- RAMPART_WSSE);
- if (qname)
- {
- ut_ele = AXIOM_ELEMENT_GET_FIRST_CHILD_WITH_QNAME(sec_ele, env, qname, sec_node, &ut_node);
- if (!ut_ele)
- {
- AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Cannot find UsernameToken in Security header element...");
- return AXIS2_FAILURE;
- }
- }
/*Check: Any USERNAME_TOKEN MUST NOT have more than one PASSWORD*/
if (1 < oxs_axiom_get_number_of_children_with_qname(env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD, NULL, NULL))
@@ -424,7 +396,23 @@
AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password Type is not specified in the password element");
return AXIS2_FAILURE;
}
-
+ else if(rampart_context_get_password_type(rampart_context,env))
+ {
+ if(0 != AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password Type is Wrong");
+ return AXIS2_FAILURE;
+ }
+
+ }
+ else if(!rampart_context_get_password_type(rampart_context,env))
+ {
+ if(0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password Type is Wrong");
+ return AXIS2_FAILURE;
+ }
+ }
password = AXIOM_ELEMENT_GET_TEXT(element, env, node);
}
@@ -475,7 +463,7 @@
* */
/*authn_module_name = "/home/kau/axis2/c/deploy/bin/samples/rampart/authn_provider/libauthn.so";*/
- authn_module_name = RAMPART_ACTIONS_GET_AUTHN_MODULE_NAME(actions, env);
+ authn_module_name = rampart_context_get_authn_module_name(rampart_context,env);
printf("AUTHN_MODULE_NAME =%s", authn_module_name);
if(authn_module_name){
AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password authentication using AUTH MODULE %s", authn_module_name);
@@ -491,7 +479,7 @@
}else{
/*Auth module is NULL. Use Callback password*/
- pw_callback_module = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
+ pw_callback_module = rampart_context_get_password_callback_class(rampart_context,env);
if(!pw_callback_module){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken] Password callback module is not specified");
return AXIS2_FAILURE;
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org