You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by sh...@apache.org on 2008/06/23 06:30:03 UTC
svn commit: r670443 [2/2] - in /webservices/rampart/trunk/c: include/
samples/sct_provider/ samples/server/secconv_echo/ src/secconv/ src/trust/
src/util/
Modified: webservices/rampart/trunk/c/src/secconv/sct_provider.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secconv/sct_provider.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/secconv/sct_provider.c (original)
+++ webservices/rampart/trunk/c/src/secconv/sct_provider.c Sun Jun 22 21:30:03 2008
@@ -19,15 +19,30 @@
#include <oxs_buffer.h>
#include <axiom_element.h>
#include <rampart_constants.h>
+#include <trust_sts_client.h>
+#include <oxs_utility.h>
-security_context_token_t*
-sct_provider_get_sct(const axutil_env_t* env, rp_property_t *token,
- axis2_bool_t server_side, axis2_bool_t is_encryption, axis2_char_t *sct_id,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+#define RAMPART_SCT_PROVIDER_HASH_PROB "Rampart_SCT_Prov_DB_Prop"
+
+static security_context_token_t*
+sct_provider_obtain_token_from_sts(
+ const axutil_env_t* env,
+ rp_security_context_token_t* rp_sct,
+ axis2_msg_ctx_t* msg_ctx);
+
+static security_context_token_t*
+sct_provider_get_sct(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t is_encryption,
+ axis2_char_t *sct_id,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx)
{
rampart_sct_provider_t* sct_provider = NULL;
security_context_token_t* sct = NULL;
+ /* if sct id is not given, check whether it is stored in rampart context */
if(!sct_id)
{
if(is_encryption)
@@ -36,34 +51,145 @@
sct_id = rampart_context_get_signature_token_id(rampart_context, env);
}
- sct_provider = (rampart_sct_provider_t*)rampart_context_get_sct_provider(rampart_context, env);
- if(!sct_provider)
+ if(!sct_id)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider] Security context token provider module is not set");
- return NULL;
+ /* if sct id is not there in rampart context, then it is not created.
+ * (1) If it is secure conversation token
+ * (a) If server side, we can't do anything. We have to fail.
+ * (b) If client side, we can request from STS
+ * (2) If it is security context token - sct agreed by server and client offline
+ * (a) If server side, can call get_sct method and if returned successfully, store it
+ * (b) If client side, same as server_side
+ */
+ void* user_params = NULL;
+ rp_security_context_token_t* rp_sct = NULL;
+
+ /* to check whether security context token or secure conversation token, rp_property (token)
+ * should be valid. If valid, we can extract the security context token property */
+ if(!token)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]rampart policy property 'token' is not valid. Could not find whether \
+ token is SecureConversationToken or SecurityContextToken.");
+ return NULL;
+ }
+
+ rp_sct = (rp_security_context_token_t*)rp_property_get_value(token, env);
+ if(!rp_sct)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]value of rampart policy property 'token' is not valid. Could not find \
+ whether token is SecureConversationToken or SecurityContextToken.");
+ return NULL;
+ }
+
+ user_params = rampart_context_get_security_context_token_user_params(rampart_context, env);
+
+ if(rp_security_context_token_get_is_secure_conversation_token(rp_sct, env))
+ {
+ /* this is a secure conversation token */
+
+ axis2_bool_t is_server_side = AXIS2_FALSE;
+ is_server_side = axis2_msg_ctx_get_server_side(msg_ctx, env);
+ if(!is_server_side)
+ {
+ /* we can request sct from sts */
+
+ sct = sct_provider_obtain_token_from_sts(env, rp_sct, msg_ctx);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart] Secure conversation token is requested without giving ID of SCT. \
+ This cannot be done in server side.");
+ }
+ }
+ else
+ {
+ /* this is a security context token */
+
+ obtain_security_context_token_fn fn_get_sct = NULL;
+ fn_get_sct = rampart_context_get_obtain_security_context_token_fn(rampart_context, env);
+ sct = (security_context_token_t*)fn_get_sct(
+ env, is_encryption, msg_ctx, sct_id, RAMPART_SCT_ID_TYPE_UNKNOWN, user_params);
+ }
+
+ /* if valid sct, then we have to store it */
+ if(sct)
+ {
+ axis2_char_t *local_id = NULL;
+ axis2_char_t *global_id = NULL;
+ store_security_context_token_fn fn_store_sct = NULL;
+
+ local_id = security_context_token_get_local_identifier(sct, env);
+ global_id = security_context_token_get_global_identifier(sct, env);
+ fn_store_sct = rampart_context_get_store_security_context_token_fn(
+ rampart_context, env);
+ if(fn_store_sct(env, msg_ctx, global_id, local_id, (void*)sct, user_params)
+ != AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart] Cannot store newly created security context token.");
+ security_context_token_free(sct, env);
+ sct = NULL;
+ }
+
+ /* store the global id as encryption/signature id. if same key is used for encryption
+ * and signature, then store it at both place*/
+ if(is_different_session_key_for_encryption_and_signing(env, rampart_context))
+ {
+ if(is_encryption)
+ rampart_context_set_encryption_token_id(rampart_context, env, global_id);
+ else
+ rampart_context_set_signature_token_id(rampart_context, env, global_id);
+ }
+ else
+ {
+ rampart_context_set_encryption_token_id(rampart_context, env, global_id);
+ rampart_context_set_signature_token_id(rampart_context, env, global_id);
+ }
+ }
+ }
+ else
+ {
+ /* sct_id is given. So get it from sct provider function. */
+
+ void* user_params = NULL;
+ obtain_security_context_token_fn fn_get_sct = NULL;
+ int id_type = RAMPART_SCT_ID_TYPE_GLOBAL;
+
+ user_params = rampart_context_get_security_context_token_user_params(rampart_context, env);
+ fn_get_sct = rampart_context_get_obtain_security_context_token_fn(rampart_context, env);
+
+ /* by looking at the first character of sct_id, we can say whether it is local id or global
+ * id. If first character is '#' then it is a local id */
+ if(*sct_id == '#')
+ {
+ id_type = RAMPART_SCT_ID_TYPE_LOCAL;
+ }
+ sct = fn_get_sct(env, is_encryption, msg_ctx, sct_id, id_type, user_params);
}
-
- sct = RAMPART_SCT_PROVIDER_GET_TOKEN(sct_provider, env, token, server_side, is_encryption,
- sct_id, rampart_context, msg_ctx);
if(!sct)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider] Security context token is not valid");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart] Cannot find security context token for id [%s]", sct_id);
}
return sct;
}
AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
-sct_provider_get_secret(const axutil_env_t* env, rp_property_t *token,
- axis2_bool_t server_side, axis2_bool_t is_encryption,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+sct_provider_get_secret(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx)
{
security_context_token_t* sct = NULL;
- sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
- rampart_context, msg_ctx);
-
+ sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx);
if(!sct)
return NULL;
@@ -71,13 +197,17 @@
}
AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
-sct_provider_get_secret_using_id(const axutil_env_t* env, axis2_char_t* sct_id,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+sct_provider_get_secret_using_id(
+ const axutil_env_t* env,
+ axis2_char_t* sct_id,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx)
{
security_context_token_t* sct = NULL;
- sct = sct_provider_get_sct(env, NULL, axis2_msg_ctx_get_server_side(msg_ctx,env), AXIS2_TRUE, sct_id,
- rampart_context, msg_ctx);
+ /* since we are getting secret using id, we don't need to specify whether encryption or
+ * signature. Also we don't need to care about policy property of token */
+ sct = sct_provider_get_sct(env, NULL, AXIS2_TRUE, sct_id, rampart_context, msg_ctx);
if(!sct)
return NULL;
@@ -86,15 +216,15 @@
}
AXIS2_EXTERN axiom_node_t *AXIS2_CALL
-sct_provider_get_token(const axutil_env_t* env, rp_property_t *token,
- axis2_bool_t server_side, axis2_bool_t is_encryption,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+sct_provider_get_token(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx)
{
security_context_token_t* sct = NULL;
-
- sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
- rampart_context, msg_ctx);
-
+ sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx);
if(!sct)
return NULL;
@@ -102,15 +232,15 @@
}
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
-sct_provider_get_attached_reference(const axutil_env_t* env, rp_property_t *token,
- axis2_bool_t server_side, axis2_bool_t is_encryption,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+sct_provider_get_attached_reference(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx)
{
security_context_token_t* sct = NULL;
-
- sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
- rampart_context, msg_ctx);
-
+ sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx);
if(!sct)
return NULL;
@@ -118,29 +248,193 @@
}
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
-sct_provider_get_unattached_reference(const axutil_env_t* env, rp_property_t *token,
- axis2_bool_t server_side, axis2_bool_t is_encryption,
- rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx)
+sct_provider_get_unattached_reference(
+ const axutil_env_t* env,
+ rp_property_t *token,
+ axis2_bool_t is_encryption,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t* msg_ctx)
{
- security_context_token_t* sct = NULL;
-
- sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL,
- rampart_context, msg_ctx);
-
+ security_context_token_t* sct = NULL;
+ sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx);
if(!sct)
return NULL;
return security_context_token_get_unattached_reference(sct, env);
}
-AXIS2_EXTERN void AXIS2_CALL
-sct_provider_sct_db_free(axutil_hash_t *sct_db,
- const axutil_env_t *env)
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_validate_security_context_token(
+ const axutil_env_t *env,
+ axiom_node_t *sct_node,
+ rampart_context_t *rampart_context,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ validate_security_context_token_fn validate_fn = NULL;
+ void *user_param = NULL;
+
+ validate_fn = rampart_context_get_validate_security_context_token_fn(rampart_context, env);
+ user_param = rampart_context_get_security_context_token_user_params(rampart_context, env);
+ return validate_fn(env, sct_node, msg_ctx, user_param);
+}
+
+static security_context_token_t*
+sct_provider_obtain_token_from_sts(
+ const axutil_env_t* env,
+ rp_security_context_token_t* rp_sct,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_char_t* issuer_address = NULL;
+ axis2_char_t* client_home = NULL;
+ axis2_conf_ctx_t* conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+ axis2_char_t *addressing_version_from_msg_ctx = NULL;
+ axis2_bool_t is_soap11 = AXIS2_FALSE;
+ trust_sts_client_t* sts_client = NULL;
+ trust_context_t* trust_context = NULL;
+ trust_rst_t* rst = NULL;
+ trust_rstr_t* rstr = NULL;
+ security_context_token_t *sct = NULL;
+ neethi_policy_t *sts_policy = NULL;
+ neethi_policy_t *cloned_policy = NULL;
+ oxs_buffer_t *buffer = NULL;
+
+ /* Get the token issuer address. If the address is not valid, then issuer should be same as
+ the service. So get the service end point */
+ issuer_address = rp_security_context_token_get_issuer(rp_sct, env);
+ if(!issuer_address)
+ {
+ axis2_endpoint_ref_t *endpoint = NULL;
+ endpoint = axis2_msg_ctx_get_to(msg_ctx, env);
+
+ if(endpoint)
+ {
+ issuer_address = axis2_endpoint_ref_get_address(endpoint, env);
+ }
+
+ if(!issuer_address)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Token issuer address is not valid.");
+ return NULL;
+ }
+ }
+
+ /* Get the client home from msg_ctx */
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(conf_ctx)
+ {
+ axis2_conf_t *conf = NULL;
+ conf = axis2_conf_ctx_get_conf(conf_ctx, env);
+ if(conf)
+ {
+ client_home = axis2_conf_get_repo(conf, env);
+ }
+ }
+
+ if(!client_home)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get client home. Unable to send request to Security Token Service.");
+ return NULL;
+ }
+
+ /* Get the addressing namespace to be used from msg_ctx */
+ ctx = axis2_msg_ctx_get_base(msg_ctx, env);
+ property = axis2_ctx_get_property(ctx, env, AXIS2_WSA_VERSION);
+ if(property)
+ {
+ addressing_version_from_msg_ctx = axutil_property_get_value(property, env);
+ }
+
+ /* get the soap version */
+ is_soap11 = axis2_msg_ctx_get_is_soap_11(msg_ctx, env);
+
+ /* Create sts client and set the values (client home, issuer_address, etc.) */
+ sts_client = trust_sts_client_create(env);
+ if(!sts_client)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot create client to Security Token Service.");
+ return NULL;
+ }
+
+ trust_sts_client_set_home_dir(sts_client, env, client_home);
+ trust_sts_client_set_issuer_address(sts_client, env, issuer_address);
+
+ /* create trust context and populate it */
+ trust_context = trust_context_create(env);
+ if(!trust_context)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot create trust context. Cannot communicate with Token Service.");
+ return NULL;
+ }
+ rst = trust_rst_create(env);
+ if(!trust_context)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot create token request. Cannot communicate with Token Service.");
+ return NULL;
+ }
+ trust_rst_set_request_type(rst, env, TRUST_REQ_TYPE_ISSUE);
+ trust_rst_set_token_type(rst, env, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN);
+ trust_rst_set_wst_ns_uri(rst, env, TRUST_WST_XMLNS_05_02);
+ trust_rst_set_wsa_action(rst, env, SECCONV_200502_REQUEST_ACTION);
+ trust_context_set_rst(trust_context, env, rst);
+
+ /* call sts_client to get the token from sts. We should create a clone of that policy */
+ sts_policy = rp_security_context_token_get_bootstrap_policy(rp_sct, env);
+ if(sts_policy)
+ {
+ cloned_policy = neethi_engine_get_normalize(env, AXIS2_FALSE, sts_policy);
+ }
+
+ buffer = trust_sts_client_request_security_token_using_policy(
+ sts_client, env, trust_context, cloned_policy, addressing_version_from_msg_ctx, is_soap11);
+
+ /* Obtain the reply from sts */
+ rstr = trust_context_get_rstr(trust_context, env);
+ if(!rstr)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot get token response from Token Service. RSTR is invalid.");
+ return NULL;
+ }
+
+ /* Create security context token and populate it with details given */
+ sct = security_context_token_create(env);
+ security_context_token_set_token(sct, env, trust_rstr_get_requested_security_token(rstr, env));
+ security_context_token_set_attached_reference(
+ sct, env, trust_rstr_get_requested_attached_reference(rstr, env));
+ security_context_token_set_unattached_reference(
+ sct, env, trust_rstr_get_requested_unattached_reference(rstr, env));
+ if(buffer)
+ {
+ security_context_token_set_secret(sct, env, buffer);
+ }
+ else
+ {
+ security_context_token_set_requested_proof_token(
+ sct, env, trust_rstr_get_requested_proof_token(rstr, env));
+ }
+
+ /* Now we can clear unwanted stuff */
+ trust_context_free(trust_context, env);
+ trust_sts_client_free(sts_client, env);
+
+ return sct;
+}
+
+
+static void
+sct_provider_sct_hash_store_free(
+ axutil_hash_t *sct_hash_store,
+ const axutil_env_t *env)
{
- /*axutil_hash_t *attr_hash = NULL;*/
axutil_hash_index_t *hi = NULL;
- for (hi = axutil_hash_first(sct_db, env); hi != NULL; hi = axutil_hash_next(env, hi))
+ for (hi = axutil_hash_first(sct_hash_store, env); hi != NULL; hi = axutil_hash_next(env, hi))
{
void *v = NULL;
axutil_hash_this(hi, NULL, NULL, &v);
@@ -150,49 +444,209 @@
}
}
- axutil_hash_free(sct_db, env);
-
+ axutil_hash_free(sct_hash_store, env);
}
-AXIS2_EXTERN axutil_hash_t * AXIS2_CALL
-sct_provider_get_sct_hash(const axutil_env_t *env, axis2_msg_ctx_t* msg_ctx)
+static axutil_hash_t *
+sct_provider_get_sct_hash_store(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
{
axis2_conf_ctx_t *conf_ctx = NULL;
axis2_ctx_t *ctx = NULL;
axutil_property_t *property = NULL;
- axutil_hash_t *db = NULL;
+ axutil_hash_t *hash_store = NULL;
- /*Get the conf ctx*/
+ /* Get the conf ctx */
conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
if(!conf_ctx)
{
- AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI, "[rampart][sct_provider_sample] Conf context is NULL ");
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI,
+ "[rampart]Config context is NULL. Cannot get security context token hash store.");
return NULL;
}
+
ctx = axis2_conf_ctx_get_base(conf_ctx,env);
if(!ctx)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][sct_provider_sample] axis2 context is NULL ");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Axis2 context is NULL. Cannot get security context token hash store.");
return NULL;
}
- /*Get the DB property*/
- property = axis2_ctx_get_property(ctx, env, RAMPART_SCT_PROVIDER_DB_PROB);
+ /* Get the hash store property */
+ property = axis2_ctx_get_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB);
if(property)
{
- /*Get the DB*/
- db = (axutil_hash_t*)axutil_property_get_value(property, env);
+ /* Get the store */
+ hash_store = (axutil_hash_t*)axutil_property_get_value(property, env);
}
else
{
- axutil_property_t *db_prop = NULL;
+ axutil_property_t *hash_store_prop = NULL;
- db = axutil_hash_make(env);
- db_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_SESSION ,
- AXIS2_TRUE, (void *)sct_provider_sct_db_free, db);
- axis2_ctx_set_property(ctx, env, RAMPART_SCT_PROVIDER_DB_PROB, db_prop);
+ hash_store = axutil_hash_make(env);
+ hash_store_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_TRUE, (void *)sct_provider_sct_hash_store_free, hash_store);
+ axis2_ctx_set_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB, hash_store_prop);
}
- return db;
+ return hash_store;
}
+AXIS2_EXTERN void* AXIS2_CALL
+sct_provider_obtain_sct_default(
+ const axutil_env_t *env,
+ axis2_bool_t is_encryption,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params)
+{
+ axutil_hash_t *hash_store = NULL;
+ security_context_token_t *sct = NULL;
+
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider obtain function.");
+
+ /* sct should be get from global pool */
+ axutil_allocator_switch_to_global_pool(env->allocator);
+
+ /* Get sct hash store */
+ hash_store = sct_provider_get_sct_hash_store(env, msg_ctx);
+ if(!hash_store)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find security context token storage.");
+ return NULL;
+ }
+
+ /* get the sct if sct_id is given */
+ if(sct_id)
+ {
+ sct = (security_context_token_t *)axutil_hash_get(
+ hash_store, sct_id, AXIS2_HASH_KEY_STRING);
+ }
+ else
+ {
+ /* we can create an sct and send it */
+
+ sct = security_context_token_create(env);
+ if(sct)
+ {
+ oxs_buffer_t* key_buffer = NULL;
+ key_buffer = oxs_buffer_create(env);
+ oxs_buffer_populate(
+ key_buffer, env, (unsigned char*)"01234567012345670123456701234567", 32);
+ security_context_token_set_secret(sct, env, key_buffer);
+ sct_id = oxs_util_generate_id(env,"urn:uuid:");
+ security_context_token_set_global_identifier(sct, env, sct_id);
+ security_context_token_set_local_identifier(
+ sct, env, axutil_strdup(env, "#sctId-29530019"));
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot create security context token. Insufficient memory.");
+ }
+ }
+ axutil_allocator_switch_to_local_pool(env->allocator);
+
+ return sct;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_store_sct_default(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_global_id,
+ axis2_char_t *sct_local_id,
+ void *sct,
+ void *user_params)
+{
+ axutil_hash_t *hash_store = NULL;
+ axis2_status_t status = AXIS2_SUCCESS;
+
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider store function.");
+
+ /* if given sct is null, then we can't store it */
+ if(!sct)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security context token to be stored in not valid.");
+ return AXIS2_FAILURE;
+ }
+
+ /* sct should be stored in global pool */
+ axutil_allocator_switch_to_global_pool(env->allocator);
+
+ /* Get sct hash store */
+ hash_store = sct_provider_get_sct_hash_store(env, msg_ctx);
+ if(hash_store)
+ {
+ /* store sct */
+ if(sct_global_id)
+ {
+ axutil_hash_set(hash_store, sct_global_id, AXIS2_HASH_KEY_STRING, sct);
+ if(sct_local_id)
+ {
+ security_context_token_increment_ref(sct, env);
+ axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct);
+ }
+ }
+ else
+ {
+ if(sct_local_id)
+ {
+ axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct);
+ }
+ else
+ {
+ /* if both local_id and global_id are NULL, then we can't store it */
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Security context token identifiers are not valid. \
+ Cannot store security context token. ");
+ status = AXIS2_FAILURE;
+ }
+ }
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find security context token storage.");
+ status = AXIS2_FAILURE;
+ }
+
+ axutil_allocator_switch_to_local_pool(env->allocator);
+ return status;
+
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_delete_sct_default(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ axis2_char_t *sct_id,
+ int sct_id_type,
+ void* user_params)
+{
+ /* delete method is not implemented, because we are still not supporting sct cancel function */
+
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider delete function.");
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+sct_provider_validate_sct_default(
+ const axutil_env_t *env,
+ axiom_node_t *sct_node,
+ axis2_msg_ctx_t *msg_ctx,
+ void *user_params)
+{
+ /* default implementation does not need to validate anything. We haven't extended the
+ * functionality of sct */
+
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider validate function.");
+
+ return AXIS2_SUCCESS;
+}
\ No newline at end of file
Modified: webservices/rampart/trunk/c/src/trust/rst.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/trust/rst.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/trust/rst.c (original)
+++ webservices/rampart/trunk/c/src/trust/rst.c Sun Jun 22 21:30:03 2008
@@ -80,40 +80,42 @@
AXIS2_EXTERN trust_rst_t * AXIS2_CALL
trust_rst_create(
- const axutil_env_t *env)
+ const axutil_env_t *env)
{
trust_rst_t *rst = NULL;
-
rst = (trust_rst_t*)AXIS2_MALLOC(env->allocator, sizeof(trust_rst_t));
- rst->attr_context = NULL;
- rst->token_type = NULL;
- rst->request_type = NULL;
- rst->wsa_action = NULL;
- rst->applies_to_addr = NULL;
- rst->claims = NULL;
- rst->entropy = NULL;
- rst->key_type = NULL;
- rst->key_size = -1;
- rst->allow_postdating = AXIS2_FALSE;
- rst->renewing = AXIS2_FALSE;
- rst->attr_allow = AXIS2_FALSE;
- rst->attr_ok = AXIS2_FALSE;
- rst->renew_target = NULL;
- rst->cancel_target = NULL;
- rst->wst_ns_uri = NULL;
- rst->life_time = NULL;
- rst->authentication_type = NULL;
- rst->signature_algo = NULL;
- rst->encryption_algo = NULL;
- rst->canonicalization_algo = NULL;
- rst->computed_key_algo = NULL;
- rst->desired_encryption = NULL;
- rst->proof_encryption = NULL;
- rst->usekey = NULL;
- rst->usekey_sig_attr = NULL;
- rst->sign_with = NULL;
- rst->encrypt_with = NULL;
+ if(rst)
+ {
+ rst->attr_context = NULL;
+ rst->token_type = NULL;
+ rst->request_type = NULL;
+ rst->wsa_action = NULL;
+ rst->applies_to_addr = NULL;
+ rst->claims = NULL;
+ rst->entropy = NULL;
+ rst->key_type = NULL;
+ rst->key_size = -1;
+ rst->allow_postdating = AXIS2_FALSE;
+ rst->renewing = AXIS2_FALSE;
+ rst->attr_allow = AXIS2_FALSE;
+ rst->attr_ok = AXIS2_FALSE;
+ rst->renew_target = NULL;
+ rst->cancel_target = NULL;
+ rst->wst_ns_uri = NULL;
+ rst->life_time = NULL;
+ rst->authentication_type = NULL;
+ rst->signature_algo = NULL;
+ rst->encryption_algo = NULL;
+ rst->canonicalization_algo = NULL;
+ rst->computed_key_algo = NULL;
+ rst->desired_encryption = NULL;
+ rst->proof_encryption = NULL;
+ rst->usekey = NULL;
+ rst->usekey_sig_attr = NULL;
+ rst->sign_with = NULL;
+ rst->encrypt_with = NULL;
+ }
return rst;
}
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Sun Jun 22 21:30:03 2008
@@ -85,6 +85,13 @@
*/
axis2_bool_t found_cert_in_shp;
oxs_x509_cert_t *receiver_cert;
+
+ /* Security Context token operation related objects */
+ store_security_context_token_fn store_sct_funtion;
+ obtain_security_context_token_fn obtain_sct_function;
+ delete_security_context_token_fn delete_sct_function;
+ validate_security_context_token_fn validate_sct_function;
+ void *sct_user_params;
};
/*void rampart_context_set_callback_fn(axutil_env_t *env,
@@ -209,6 +216,12 @@
rampart_context->found_cert_in_shp = AXIS2_FALSE;
rampart_context->receiver_cert = NULL;
+
+ rampart_context->store_sct_funtion = NULL;
+ rampart_context->obtain_sct_function = NULL;
+ rampart_context->delete_sct_function = NULL;
+ rampart_context->validate_sct_function = NULL;
+ rampart_context->sct_user_params = NULL;
return rampart_context;
}
@@ -3042,3 +3055,92 @@
}
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_store_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ store_security_context_token_fn store_fn)
+{
+ rampart_context->store_sct_funtion = store_fn;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_obtain_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ obtain_security_context_token_fn get_fn)
+{
+ rampart_context->obtain_sct_function = get_fn;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_delete_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ delete_security_context_token_fn delete_fn)
+{
+ rampart_context->delete_sct_function = delete_fn;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_security_context_token_user_params(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ void* user_params)
+{
+ rampart_context->sct_user_params = user_params;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_validate_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ validate_security_context_token_fn validate_fn)
+{
+ rampart_context->validate_sct_function = validate_fn;
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN store_security_context_token_fn AXIS2_CALL
+rampart_context_get_store_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->store_sct_funtion;
+}
+
+AXIS2_EXTERN obtain_security_context_token_fn AXIS2_CALL
+rampart_context_get_obtain_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->obtain_sct_function;
+}
+
+AXIS2_EXTERN delete_security_context_token_fn AXIS2_CALL
+rampart_context_get_delete_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->delete_sct_function;
+}
+
+AXIS2_EXTERN void* AXIS2_CALL
+rampart_context_get_security_context_token_user_params(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->sct_user_params;
+}
+
+AXIS2_EXTERN validate_security_context_token_fn AXIS2_CALL
+rampart_context_get_validate_security_context_token_fn(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->validate_sct_function;
+}
\ No newline at end of file
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Sun Jun 22 21:30:03 2008
@@ -293,7 +293,7 @@
{
oxs_buffer_t *key_buf = NULL;
session_key = oxs_key_create(env);
- key_buf = sct_provider_get_secret(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ key_buf = sct_provider_get_secret(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
if(!key_buf)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -408,12 +408,12 @@
token, token_type, server_side, AXIS2_FALSE, env))
{
/*set the AttachedReference to key_reference_node*/
- key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
}
else
{
/*get the unattachedReference and set to key_reference_node*/
- key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
}
}
else if (token_type == RP_PROPERTY_SAML_TOKEN)
@@ -507,7 +507,7 @@
security_context_token_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_SECURITY_CONTEXT_TOKEN);
if((!security_context_token_node) || (is_different_session_key_for_encryption_and_signing(env, rampart_context)))
{
- security_context_token_node = sct_provider_get_token(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ security_context_token_node = sct_provider_get_token(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
if(!security_context_token_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -628,12 +628,12 @@
token, token_type, server_side, AXIS2_FALSE, env))
{
/*set the AttachedReference to key_reference_node*/
- key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
}
else
{
/*get the unattachedReference and set to key_reference_node*/
- key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
}
dk_node = oxs_derivation_build_derived_key_token_with_stre(env, dk, sec_node, key_reference_node);
}
@@ -1099,12 +1099,12 @@
token, token_type, server_side, AXIS2_FALSE, env))
{
/*set the AttachedReference to key_reference_node*/
- key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
}
else
{
/*get the unattachedReference and set to key_reference_node*/
- key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx);
}
}
else if(token_type == RP_PROPERTY_SAML_TOKEN)
Modified: webservices/rampart/trunk/c/src/util/rampart_engine.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_engine.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_engine.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_engine.c Sun Jun 22 21:30:03 2008
@@ -341,17 +341,6 @@
}
}
}
- else
- { /*Server side only*/
- /*We set our default impl of replay detection function. if the module is not set, then
- * this function will be used*/
- if(is_inflow)
- {
- void *rd_param = NULL;
- rd_param = rampart_context_get_rd_user_params(rampart_context, env);
- rampart_context_set_replay_detect_function(rampart_context, env, rampart_replay_detector_with_linked_list, rd_param);
- }
- }
return rampart_context;
}
@@ -362,27 +351,17 @@
axis2_msg_ctx_t *msg_ctx,
axis2_bool_t is_inflow)
{
-
- axis2_svc_t *svc = NULL;
axis2_desc_t *desc = NULL;
axis2_policy_include_t *policy_include = NULL;
neethi_policy_t *service_policy = NULL;
axis2_op_t *op = NULL;
axis2_msg_t *msg = NULL;
- svc = axis2_msg_ctx_get_svc(msg_ctx,env);
- if(!svc)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_neethi] Service is NULL.");
- return NULL;
- }
-
op = axis2_msg_ctx_get_op(msg_ctx, env);
if(!op)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_engine] Operation is NULL.");
+ "[rampart][rampart_engine] Cannot find policy. Operation is NULL.");
return NULL;
}
@@ -398,17 +377,15 @@
if(!msg)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_engine] Message is NULL.");
+ "[rampart][rampart_engine] Cannot find policy. Message is NULL.");
return NULL;
}
- /*desc = axis2_svc_get_base(svc, env);*/
-
desc = axis2_msg_get_base(msg, env);
if(!desc)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_engine] axis2 description is NULL.");
+ "[rampart][rampart_engine] Cannot find policy. Axis2 description is NULL.");
return NULL;
}
@@ -416,22 +393,19 @@
if(!policy_include)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_engine] Policy include is NULL.");
+ "[rampart][rampart_engine] Policy include is NULL.");
return NULL;
}
- /*service_policy = axis2_policy_include_get_policy(policy_include, env);*/
service_policy = axis2_policy_include_get_effective_policy(policy_include, env);
-
if(!service_policy)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_engine] Policy is NULL.");
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_engine] Policy is NULL.");
return NULL;
}
return service_policy;
-
}
@@ -449,28 +423,23 @@
axis2_char_t *authn_provider_name = NULL;
axis2_char_t *replay_detector_name = NULL;
axis2_char_t *sct_provider_name = NULL;
- axis2_status_t status = AXIS2_SUCCESS;
- status = rampart_context_set_user_from_file(rampart_context,env);
- if(status!=AXIS2_SUCCESS)
+ if(rampart_context_set_user_from_file(rampart_context,env) != AXIS2_SUCCESS)
{
return AXIS2_FAILURE;
}
- status = rampart_context_set_ttl_from_file(rampart_context,env);
- if(status!=AXIS2_SUCCESS)
+ if(rampart_context_set_ttl_from_file(rampart_context,env) != AXIS2_SUCCESS)
{
return AXIS2_FAILURE;
}
- status = rampart_context_set_rd_val_from_file(rampart_context,env);
- if(status!=AXIS2_SUCCESS)
+ if(rampart_context_set_rd_val_from_file(rampart_context,env) != AXIS2_SUCCESS)
{
return AXIS2_FAILURE;
}
- status = rampart_context_set_password_type_from_file(rampart_context,env);
- if(status!=AXIS2_SUCCESS)
+ if(rampart_context_set_password_type_from_file(rampart_context,env) != AXIS2_SUCCESS)
{
return AXIS2_FAILURE;
}
@@ -480,7 +449,13 @@
{
password_callback_module = rampart_load_pwcb_module(env, pwcb_module_name);
if(password_callback_module)
+ {
rampart_context_set_password_callback(rampart_context,env,password_callback_module);
+ }
+ else
+ {
+ return AXIS2_FAILURE;
+ }
}
authn_provider_name = rampart_context_get_authn_module_name(rampart_context,env);
@@ -488,7 +463,13 @@
{
authn_provider = rampart_load_auth_module(env,authn_provider_name);
if(authn_provider)
+ {
rampart_context_set_authn_provider(rampart_context,env,authn_provider);
+ }
+ else
+ {
+ return AXIS2_FAILURE;
+ }
}
replay_detector_name = rampart_context_get_replay_detector_name(rampart_context,env);
@@ -496,7 +477,23 @@
{
replay_detector = rampart_load_replay_detector(env,replay_detector_name);
if(replay_detector)
+ {
rampart_context_set_replay_detector(rampart_context,env,(void*)replay_detector);
+ }
+ else
+ {
+ AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ /* if replay detector is not set, we can use replay detection function. We have to check
+ * whether user has already set it. If not, we can use default function */
+ if(!rampart_context_get_replay_detect_function(rampart_context, env))
+ {
+ rampart_context_set_replay_detect_function(
+ rampart_context, env, rampart_replay_detector_default, NULL);
+ }
}
sct_provider_name = rampart_context_get_sct_provider_name(rampart_context,env);
@@ -504,9 +501,129 @@
{
sct_provider = rampart_load_sct_provider(env,sct_provider_name);
if(sct_provider)
+ {
+ rampart_sct_provider_ops_t *ops = NULL;
rampart_context_set_sct_provider(rampart_context,env,(void*)sct_provider);
+ ops = sct_provider->ops;
+
+ if(ops)
+ {
+
+ void *user_param = NULL;
+ store_security_context_token_fn store_fn = NULL;
+ obtain_security_context_token_fn obtain_fn = NULL;
+ delete_security_context_token_fn delete_fn = NULL;
+ validate_security_context_token_fn validate_fn = NULL;
+
+ /* we have to call sct_provider's get user param method */
+ if(ops->get_user_params)
+ {
+ user_param = ops->get_user_params(env);
+ rampart_context_set_security_context_token_user_params(
+ rampart_context, env, user_param);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find 'get user param' operation of secrutiy context token \
+ provider.");
+ return AXIS2_FAILURE;
+ }
+
+ /* get function pointers and set it to rampart context */
+ store_fn = ops->store_security_context_token;
+ if(store_fn)
+ {
+ rampart_context_set_store_security_context_token_fn(
+ rampart_context, env, store_fn);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find 'store' operation of secrutiy context token provider.");
+ return AXIS2_FAILURE;
+ }
+
+ obtain_fn = ops->obtain_security_context_token;
+ if(obtain_fn)
+ {
+ rampart_context_set_obtain_security_context_token_fn(
+ rampart_context, env, obtain_fn);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find 'obtain' operation of secrutiy context token provider.");
+ return AXIS2_FAILURE;
+ }
+
+ delete_fn = ops->delete_security_context_token;
+ if(delete_fn)
+ {
+ rampart_context_set_delete_security_context_token_fn(
+ rampart_context, env, delete_fn);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find 'delete' operation of secrutiy context token provider.");
+ return AXIS2_FAILURE;
+ }
+
+ validate_fn = ops->validate_security_context_token;
+ if(validate_fn)
+ {
+ rampart_context_set_validate_security_context_token_fn(
+ rampart_context, env, validate_fn);
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find 'validate' operation of secrutiy context token provider.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart]Cannot find operations of secrutiy context token provider.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ /* If sct_provider is not set, we can use sct functions. We have to check whether user has
+ * already set it. If not, we can use default function */
+ if(!rampart_context_get_obtain_security_context_token_fn(rampart_context, env))
+ {
+ rampart_context_set_obtain_security_context_token_fn(
+ rampart_context, env, sct_provider_obtain_sct_default);
+ }
+
+ if(!rampart_context_get_store_security_context_token_fn(rampart_context, env))
+ {
+ rampart_context_set_store_security_context_token_fn(
+ rampart_context, env, sct_provider_store_sct_default);
+ }
+
+ if(!rampart_context_get_delete_security_context_token_fn(rampart_context, env))
+ {
+ rampart_context_set_delete_security_context_token_fn(
+ rampart_context, env, sct_provider_delete_sct_default);
+ }
+
+ if(!rampart_context_get_validate_security_context_token_fn(rampart_context, env))
+ {
+ rampart_context_set_validate_security_context_token_fn(
+ rampart_context, env, sct_provider_validate_sct_default);
+ }
}
- return status;
+ return AXIS2_SUCCESS;
}
axis2_status_t AXIS2_CALL
Modified: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Sun Jun 22 21:30:03 2008
@@ -257,10 +257,11 @@
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_replay_detector_with_linked_list(const axutil_env_t *env,
- axis2_msg_ctx_t* msg_ctx,
- rampart_context_t *rampart_context,
- void *user_params)
+rampart_replay_detector_default(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ rampart_context_t *rampart_context,
+ void *user_params)
{
axutil_linked_list_t *ll = NULL;
const axis2_char_t *msg_id = NULL;
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Sun Jun 22 21:30:03 2008
@@ -685,36 +685,57 @@
}
static axis2_status_t
-rampart_shp_process_security_context_token(const axutil_env_t *env,
- axiom_node_t *token_node,
- rampart_context_t* rampart_context,
- axis2_msg_ctx_t *msg_ctx)
+rampart_shp_process_security_context_token(
+ const axutil_env_t *env,
+ axiom_node_t *token_node,
+ rampart_context_t* rampart_context,
+ axis2_msg_ctx_t *msg_ctx)
{
axiom_node_t *identifier_node = NULL;
axis2_char_t *identifier = NULL;
axis2_char_t *key_name = NULL;
+ /*Check whether security context token is valid */
+ if(sct_provider_validate_security_context_token(env, token_node, rampart_context, msg_ctx)
+ != AXIS2_SUCCESS)
+ {
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN,
+ "Security context token validation failed.",
+ RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][shp] Security context token validation failed.");
+ return AXIS2_FAILURE;
+ }
+
/*Get the identifier node*/
identifier_node = oxs_axiom_get_first_child_node_by_name(
env, token_node, OXS_NODE_IDENTIFIER, OXS_WSC_NS, NULL);
if(!identifier_node)
{
- rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, "Cannot find identifier node in security context token", RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx);
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] Cannot find identifier node in security context token");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN,
+ "Cannot find identifier node in security context token",
+ RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][shp] Cannot find identifier node in security context token");
return AXIS2_FAILURE;
}
identifier = oxs_axiom_get_node_content(env, identifier_node);
if(!identifier)
{
- rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, "Cannot find identifier content in security context token", RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx);
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] Cannot find identifier content in security context token");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN,
+ "Cannot find identifier content in security context token",
+ RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][shp] Cannot find identifier content in security context token");
return AXIS2_FAILURE;
}
- key_name = oxs_axiom_get_attribute_value_of_node_by_name(env, token_node, OXS_ATTR_ID, OXS_WSU_XMLNS);
- return rampart_shp_add_security_context_token(env, identifier, key_name, rampart_context, msg_ctx);
+ key_name = oxs_axiom_get_attribute_value_of_node_by_name(
+ env, token_node, OXS_ATTR_ID, OXS_WSU_XMLNS);
+ return rampart_shp_add_security_context_token(
+ env, identifier, key_name, rampart_context, msg_ctx);
}
static axis2_status_t
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=670443&r1=670442&r2=670443&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Sun Jun 22 21:30:03 2008
@@ -290,7 +290,7 @@
{
oxs_buffer_t *key_buf = NULL;
session_key = oxs_key_create(env);
- key_buf = sct_provider_get_secret(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx);
+ key_buf = sct_provider_get_secret(env, token, AXIS2_FALSE, rampart_context, msg_ctx);
if(!key_buf)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -593,7 +593,7 @@
security_context_token_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_SECURITY_CONTEXT_TOKEN);
if((!security_context_token_node) || (is_different_session_key_for_encryption_and_signing(env, rampart_context)))
{
- security_context_token_node = sct_provider_get_token(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx);
+ security_context_token_node = sct_provider_get_token(env, token, AXIS2_FALSE, rampart_context, msg_ctx);
if(!security_context_token_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -604,12 +604,12 @@
}
axiom_node_add_child(sec_node, env, security_context_token_node);
}
- key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_FALSE, rampart_context, msg_ctx);
}
else
{
/*get the unattachedReference and set to key_reference_node*/
- key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx);
+ key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_FALSE, rampart_context, msg_ctx);
}
}
else if (token_type == RP_PROPERTY_SAML_TOKEN)