You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by pi...@apache.org on 2007/09/06 12:49:17 UTC
svn commit: r573215 [14/22] - in /webservices/rampart/tags/c/0.90: ./ build/
build/linux/ build/win32/ include/ samples/ samples/authn_provider/
samples/callback/ samples/callback/htpasswd_callback/ samples/client/
samples/client/sec_echo/ samples/clie...
Added: webservices/rampart/tags/c/0.90/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/omxmlsec/xml_encryption.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/omxmlsec/xml_encryption.c (added)
+++ webservices/rampart/tags/c/0.90/src/omxmlsec/xml_encryption.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,540 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axutil_qname.h>
+#include <axiom_namespace.h>
+#include <axiom_node.h>
+#include <axiom_util.h>
+#include <axiom_element.h>
+#include <axis2_util.h>
+#include <oxs_tokens.h>
+#include <oxs_constants.h>
+#include <oxs_axiom.h>
+#include <oxs_ctx.h>
+#include <oxs_error.h>
+#include <oxs_buffer.h>
+#include <oxs_cipher.h>
+#include <oxs_iv.h>
+#include <oxs_utility.h>
+#include <oxs_encryption.h>
+#include <oxs_xml_encryption.h>
+
+/*private functions*/
+
+/**
+* <KeyInfo>
+* <SecurityTokenReference>
+* <KeyIdentifier>WEqswOIUsd</KeyIdentifier>
+* </SecurityTokenReference>
+* </KeyInfo>
+*
+*/
+static axis2_status_t
+oxs_xml_enc_populate_stref_with_key_identifier(const axutil_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *stref_node)
+{
+ axiom_node_t *key_identifier_node = NULL;
+ axis2_char_t *key_identifier = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+ key_identifier = oxs_x509_cert_get_key_identifier(cert, env);
+ if(!key_identifier){
+ return AXIS2_FAILURE;
+ }
+
+ /*Build KeyIdentifier node*/
+ key_identifier_node = oxs_token_build_key_identifier_element(
+ env, stref_node, OXS_ENCODING_BASE64BINARY,
+ OXS_X509_SUBJ_KI, key_identifier);
+
+ return AXIS2_SUCCESS;
+}
+
+/**
+*
+* <BinarySecurityToken ID="CertID">KJDSsdlDJjsd=</BinarySecurityToken>
+* <KeyInfo>
+* <SecurityTokenReference>
+* <Reference URI="CertID"/>
+* </SecurityTokenReference>
+* </KeyInfo>
+*/
+static axis2_status_t
+oxs_xml_enc_populate_stref_with_bst(const axutil_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *stref_node,
+ axiom_node_t *parent)
+{
+ axiom_node_t *ref_node = NULL;
+ axiom_node_t *bst_node = NULL;
+ axis2_char_t *bst_data = NULL;
+ axis2_char_t *id = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+ bst_data = oxs_x509_cert_get_data(cert, env);
+
+ if(!bst_data){
+ return AXIS2_FAILURE;
+ }
+ /*Generate an ID for BST*/
+ id = oxs_util_generate_id(env,(axis2_char_t*)OXS_CERT_ID);
+
+ /*Build BinarySecurityToken as a child of parent(wsse:Security)*/
+ bst_node = oxs_token_build_binary_security_token_element(env, parent, id, OXS_VALUE_X509V3, OXS_ENCODING_BASE64BINARY, bst_data);
+
+ /*Build a Reference to above BST*/
+ ref_node = oxs_token_build_reference_element(env, stref_node, id, OXS_VALUE_X509V3);
+
+ return AXIS2_SUCCESS;
+}
+/**
+* <KeyInfo>
+* <SecurityTokenReference>
+* <Embedded>
+* <BinarySecurityToken>UYISDjsdaousdWEqswOIUsd</BinarySecurityToken>
+* </Embedded>
+* </SecurityTokenReference>
+* </KeyInfo>
+*/
+static axis2_status_t
+oxs_xml_enc_populate_stref_with_embedded(const axutil_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *stref_node)
+{
+ axiom_node_t *embedded_node = NULL;
+ axiom_node_t *bst_node = NULL;
+ axis2_char_t *bst_data = NULL;
+ oxs_x509_cert_t *cert = NULL;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+ bst_data = oxs_x509_cert_get_data(cert, env);
+
+ if(!bst_data){
+ return AXIS2_FAILURE;
+ }
+ /*Build embedded token*/
+ embedded_node = oxs_token_build_embedded_element(env, stref_node, NULL);
+ /*Build BinarySecurityToken*/
+ bst_node = oxs_token_build_binary_security_token_element(env, embedded_node, NULL, OXS_VALUE_X509V3, OXS_ENCODING_BASE64BINARY, bst_data);
+
+ return AXIS2_SUCCESS;
+}
+
+/**
+* <KeyInfo>
+* <SecurityTokenReference>
+* <x509Data>
+* <X509IssuerSerial>
+* <X509IssuerName>C=US, O=VeriSign, Inc.,</X509IssuerName>
+* <X509SerialNumber>93243297328</X509SerialNumber>
+* </X509IssuerSerial>
+* </x509Data>
+* </SecurityTokenReference>
+* </KeyInfo>
+*/
+static axis2_status_t
+oxs_xml_enc_populate_stref_with_issuer_serial(const axutil_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *stref_node)
+{
+ axiom_node_t *x509_data_node = NULL;
+ axiom_node_t *issuer_serial_node = NULL;
+ oxs_x509_cert_t *cert = NULL;
+ axis2_char_t *issuer_name = NULL;
+ axis2_char_t serial_number[255];
+ int serial = -1;
+
+ cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
+
+ issuer_name = oxs_x509_cert_get_issuer(cert, env);
+ serial = oxs_x509_cert_get_serial_number(cert, env);
+ if((!issuer_name) || (serial<0)){
+ return AXIS2_FAILURE;
+ }
+
+ sprintf(serial_number, "%d", serial);
+ /*Build x509Data*/
+ x509_data_node = oxs_token_build_x509_data_element(env, stref_node);
+ issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(env, x509_data_node, issuer_name, serial_number);
+ return AXIS2_SUCCESS;
+}
+
+static axis2_status_t
+oxs_xml_enc_process_key_info(const axutil_env_t *env,
+ oxs_asym_ctx_t *asym_ctx,
+ axiom_node_t *key_info_node,
+ axiom_node_t *parent_node)
+{
+ axiom_node_t *st_ref_node = NULL;
+ axiom_node_t *cur_node = NULL;
+ axis2_char_t *node_name = NULL;
+
+ st_ref_node = oxs_axiom_get_first_child_node_by_name(env, key_info_node, OXS_NODE_SECURITY_TOKEN_REFRENCE,OXS_WSSE_XMLNS,OXS_WSSE);
+ if(!st_ref_node){
+ return AXIS2_FAILURE;
+ }
+ /*
+ WSS-Core specification suggests
+ 1. Resolve any <wsse:Reference> elements (specified within
+ <wsse:SecurityTokenReference>).
+ 2. Resolve any <wsse:KeyIdentifier> elements (specified within
+ <wsse:SecurityTokenReference>).
+ 3. Resolve any <ds:KeyName> elements. NOT PERMITTED by WS-i
+ 4. Resolve any other <ds:KeyInfo> elements. NOT PERMITTED by WS-i
+ */
+
+ /*
+ * Implementation of these are not important for Encryption.
+ * Might've to relocate to another file as this processing is essential in Signature
+ */
+ cur_node = axiom_node_get_first_element(st_ref_node, env);
+ node_name = axiom_util_get_localname(cur_node, env);
+ if(0 == axutil_strcmp(OXS_NODE_REFERENCE, node_name)){
+
+ }
+ else if(0 == axutil_strcmp(OXS_NODE_KEY_IDENTIFIER, node_name)){
+
+ }
+ else if(0 == axutil_strcmp(OXS_NODE_X509_DATA, node_name)){
+
+ }
+ else if(0 == axutil_strcmp(OXS_NODE_EMBEDDED, node_name)){
+
+ }
+ else{
+ /*Unsupported*/
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+/*public functions*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_enc_encrypt_node(const axutil_env_t *env,
+ oxs_ctx_t * enc_ctx,
+ axiom_node_t *node,
+ axiom_node_t **enc_type_node)
+{
+ axis2_char_t *serialized_data = NULL;
+ oxs_buffer_t *serialized_buf= NULL;
+ axis2_status_t ret = AXIS2_FAILURE;
+
+ /*Serialize node*/
+ serialized_data = axiom_node_to_string(node, env);
+ serialized_buf = oxs_buffer_create(env);
+ ret = oxs_buffer_populate(serialized_buf, env, (unsigned char *)serialized_data, axutil_strlen(serialized_data));
+
+ /*We call encrypt_data*/
+ ret = oxs_xml_enc_encrypt_data(env, enc_ctx, serialized_buf, enc_type_node);
+
+ /*Remove the node from the parent*/
+ if(AXIS2_SUCCESS == ret){
+ axiom_node_detach(node, env);
+ }
+ /*Free*/
+ oxs_buffer_free(serialized_buf, env);
+ serialized_buf = NULL;
+
+ /*Return success*/
+ return AXIS2_SUCCESS;
+}
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_enc_encrypt_data(const axutil_env_t *env,
+ oxs_ctx_t * enc_ctx,
+ oxs_buffer_t *content_buf,
+ axiom_node_t **enc_type_node)
+{
+ oxs_buffer_t *result_buf= NULL;
+ oxs_key_t *sym_key = NULL;
+ axis2_char_t *sym_algo = NULL;
+ axiom_node_t *enc_mtd_node = NULL;
+ axiom_node_t *cd_node = NULL;
+ axiom_node_t *cv_node = NULL;
+ axis2_status_t ret = AXIS2_FAILURE;
+
+ /*Determine the algorithm to be used*/
+ sym_algo = oxs_ctx_get_enc_mtd_algorithm(enc_ctx, env);
+
+ /*Determine the key to be used*/
+ sym_key = oxs_ctx_get_key(enc_ctx, env);
+
+ /*Set the operation to encrypt*/
+ oxs_ctx_set_operation(enc_ctx, env, OXS_CTX_OPERATION_ENCRYPT);
+
+ /*Create an empty buffer for encrypted data*/
+ result_buf = oxs_buffer_create(env);
+ /*Call encryption. Result should be base64 encoded*/
+ ret = oxs_encryption_symmetric_crypt(env, enc_ctx, content_buf, result_buf);
+
+ /*Create EncryptionMethod, CipherData element and populate*/
+ enc_mtd_node = oxs_token_build_encryption_method_element(env, *enc_type_node, sym_algo);
+ cd_node = oxs_token_build_cipher_data_element(env, *enc_type_node);
+ cv_node = oxs_token_build_cipher_value_element(env, cd_node, (axis2_char_t*)oxs_buffer_get_data(result_buf, env));
+
+ /*Free buffers*/
+ oxs_buffer_free(result_buf, env);
+ result_buf = NULL;
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_enc_decrypt_node(const axutil_env_t *env,
+ oxs_ctx_t * enc_ctx,
+ axiom_node_t *enc_type_node,
+ axiom_node_t **decrypted_node)
+{
+ axiom_node_t *deserialized_node = NULL;
+ axiom_node_t *parent_of_enc_node = NULL;
+ oxs_buffer_t *result_buf = NULL;
+ axis2_char_t *decrypted_data = NULL;/*Can be either am XML-Element or XML-Content*/
+ axis2_status_t status = AXIS2_FAILURE;
+
+ /*Create an empty buffer for results*/
+ result_buf = oxs_buffer_create(env);
+
+ /*Decrypt*/
+ status = oxs_xml_enc_decrypt_data(env, enc_ctx, enc_type_node, result_buf);
+ if(AXIS2_FAILURE == status){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
+ "Data encryption failed");
+ return AXIS2_FAILURE;
+ }
+ decrypted_data = axutil_strmemdup(oxs_buffer_get_data(result_buf, env), oxs_buffer_get_size(result_buf, env), env);
+ /*De-serialize the decrypted content to build the node*/
+ deserialized_node = (axiom_node_t*)oxs_axiom_deserialize_node(env, decrypted_data);
+ if(!deserialized_node){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,"Cannot deserialize a node from the content.\n%s", decrypted_data);
+ return AXIS2_FAILURE;
+ }
+ /*Assign deserialized_node to the reference passed*/
+ *decrypted_node = deserialized_node;
+
+ /*Replace the encrypted node with the de-serialized node*/
+ parent_of_enc_node = axiom_node_get_parent(enc_type_node, env);
+ axiom_node_add_child(parent_of_enc_node, env, deserialized_node);
+ axiom_node_detach(enc_type_node, env);
+
+ oxs_buffer_free(result_buf, env);
+ result_buf = NULL;
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_enc_decrypt_data(const axutil_env_t *env,
+ oxs_ctx_t * enc_ctx,
+ axiom_node_t *enc_type_node,
+ oxs_buffer_t *result_buf)
+{
+ axiom_node_t *enc_mtd_node = NULL;
+ axiom_node_t *cd_node = NULL;
+ axiom_node_t *cv_node = NULL;
+ axis2_char_t *cipher_val = NULL;
+ axis2_char_t *sym_algo = NULL;
+ axis2_char_t *type = NULL;
+ axis2_char_t *id = NULL;
+ oxs_buffer_t *input_buf = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ /*Get the symmetric encryption algorithm*/
+ enc_mtd_node = oxs_axiom_get_first_child_node_by_name(env, enc_type_node, OXS_NODE_ENCRYPTION_METHOD,OXS_ENC_NS,OXS_XENC);
+ sym_algo = oxs_token_get_encryption_method(env, enc_mtd_node);
+ if(!sym_algo){
+ return AXIS2_FAILURE;
+ }
+ /*Get ID, Type, MimeType attributes from the EncryptedDataNode*/
+ id = oxs_axiom_get_attribute_value_of_node_by_name(env, enc_type_node, OXS_ATTR_ID);
+ type = oxs_axiom_get_attribute_value_of_node_by_name(env, enc_type_node, OXS_ATTR_TYPE);
+
+ /*Populate the context for future use*/
+ oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, sym_algo);
+ oxs_ctx_set_id(enc_ctx, env, id);
+ oxs_ctx_set_id(enc_ctx, env, type);
+
+ /*Get the cipher value*/
+ cd_node = oxs_axiom_get_first_child_node_by_name(env, enc_type_node, OXS_NODE_CIPHER_DATA,OXS_ENC_NS,OXS_XENC);
+ cv_node = oxs_axiom_get_first_child_node_by_name(env, cd_node, OXS_NODE_CIPHER_VALUE,OXS_ENC_NS,OXS_XENC);
+ cipher_val = oxs_token_get_cipher_value(env, cv_node);
+
+ /*Create input buffer with cipher data obtained*/
+ input_buf = oxs_buffer_create(env);
+ oxs_buffer_populate(input_buf, env, (unsigned char*)cipher_val, axutil_strlen(cipher_val) );
+
+ /*Decrypt*/
+ oxs_ctx_set_operation(enc_ctx, env, OXS_CTX_OPERATION_DECRYPT);
+ status = oxs_encryption_symmetric_crypt(env, enc_ctx, input_buf, result_buf);
+
+ /*Free*/
+ oxs_buffer_free(input_buf, env);
+ input_buf = NULL;
+
+ return status;
+}
+
+/*For SOAP this parent is the wsse:Security node*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_enc_encrypt_key(const axutil_env_t *env,
+ oxs_asym_ctx_t * asym_ctx,
+ axiom_node_t *parent,
+ oxs_key_t *sym_key,
+ axutil_array_list_t *id_list)
+{
+ axis2_char_t *algorithm = NULL;
+ axis2_char_t *encrypted_key_data = NULL;
+ axis2_char_t *st_ref_pattern = NULL;
+ oxs_buffer_t *input = NULL;
+ oxs_buffer_t *result = NULL;
+ axiom_node_t *encrypted_key_node = NULL;
+ axiom_node_t *enc_mtd_node = NULL;
+ axiom_node_t *key_info_node = NULL;
+ axiom_node_t *stref_node = NULL;
+ axiom_node_t *cd_node = NULL;
+ axiom_node_t *cv_node = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ /*Create input buffer*/
+ input = oxs_buffer_create(env);
+ oxs_buffer_populate(input, env, oxs_key_get_data(sym_key, env), oxs_key_get_size(sym_key, env));
+
+ /*Create an empty buffer to collect results*/
+ result = oxs_buffer_create(env);
+
+ /*Call encryption*/
+ status = oxs_encryption_asymmetric_crypt(env, asym_ctx, input, result);
+ /*Free input*/
+ oxs_buffer_free(input, env);
+ input = NULL;
+
+ if(AXIS2_FAILURE == status){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
+ "Assymmetric key encryption failed");
+ return AXIS2_FAILURE;
+ }
+ /*Get the encrypted key*/
+ encrypted_key_data = (axis2_char_t *)oxs_buffer_get_data(result, env);
+
+ /*Build nodes*/
+ encrypted_key_node = oxs_token_build_encrypted_key_element(env, parent);
+ algorithm = oxs_asym_ctx_get_algorithm(asym_ctx, env);
+ enc_mtd_node = oxs_token_build_encryption_method_element(env, encrypted_key_node, algorithm);
+ key_info_node = oxs_token_build_key_info_element(env, encrypted_key_node);
+
+ stref_node = oxs_token_build_security_token_reference_element(env, key_info_node);
+ /*Get the ST REF pattern. If not set the default*/
+ st_ref_pattern = oxs_asym_ctx_get_st_ref_pattern(asym_ctx, env);
+ if((!st_ref_pattern) || (0 == axutil_strcmp(st_ref_pattern, ""))){
+ st_ref_pattern = OXS_STR_DEFAULT;
+ }
+
+ if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_ISSUER_SERIAL)){
+ status = oxs_xml_enc_populate_stref_with_issuer_serial(env, asym_ctx, stref_node);
+ }else if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_EMBEDDED)){
+ status = oxs_xml_enc_populate_stref_with_embedded(env, asym_ctx, stref_node);
+ }else if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_DIRECT_REFERENCE)){
+ status = oxs_xml_enc_populate_stref_with_bst(env, asym_ctx, stref_node, parent);
+ }else if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_KEY_IDENTIFIER)){
+ status = oxs_xml_enc_populate_stref_with_key_identifier(env, asym_ctx, stref_node);
+ }
+
+
+ cd_node = oxs_token_build_cipher_data_element(env, encrypted_key_node);
+ cv_node = oxs_token_build_cipher_value_element(env, cd_node, encrypted_key_data);
+ oxs_token_build_data_reference_list(env, encrypted_key_node, id_list);
+
+ /*Free*/
+ oxs_buffer_free(result, env);
+ result = NULL;
+
+ return AXIS2_SUCCESS;
+}
+
+/**
+* Inspect the key node. Then populate the sym_key
+*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_enc_decrypt_key(const axutil_env_t *env,
+ oxs_asym_ctx_t * asym_ctx,
+ axiom_node_t *parent,
+ axiom_node_t *encrypted_key_node,
+ oxs_key_t *key)
+{
+ axiom_node_t *enc_mtd_node = NULL;
+ axiom_node_t *key_info_node = NULL;
+ axiom_node_t *cd_node = NULL;
+ axis2_char_t *enc_mtd_algo = NULL;
+ axis2_char_t *cipher_val = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ oxs_buffer_t *input_buf = NULL;
+ oxs_buffer_t *result_buf = NULL;
+
+ /*Get encryption method algorithm*/
+ enc_mtd_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_ENCRYPTION_METHOD,OXS_ENC_NS,OXS_XENC);
+ enc_mtd_algo = oxs_token_get_encryption_method(env, enc_mtd_node);
+ if(!enc_mtd_algo){
+ return AXIS2_FAILURE;
+ }
+ /*Get cipher data*/
+ cd_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_CIPHER_DATA,OXS_ENC_NS,OXS_XENC);
+ cipher_val = oxs_token_get_cipher_value_from_cipher_data(env, cd_node);
+ if(!cipher_val){
+ return AXIS2_FAILURE;
+ }
+
+ /*Get key used to encrypt*/
+ key_info_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_KEY_INFO,OXS_DSIG_NS,OXS_DS);
+ status = oxs_xml_enc_process_key_info(env, asym_ctx, key_info_node, parent);
+ /*Right now we support KeyInfo -> SecurityTokenReference -> Reference
+ KeyInfo -> SecurityTokenReference -> X509IssuerSerial */
+
+
+ /*Get the pkey used to decrypt the session key. If found set it to the asym_ctx*/
+ /*Create the input buffer*/
+ input_buf = oxs_buffer_create(env);
+ oxs_buffer_populate(input_buf, env, (unsigned char*)cipher_val, axutil_strlen(cipher_val));
+
+ /*Create a results buffer*/
+ result_buf = oxs_buffer_create(env);
+
+ /*Call decryption*/
+ status = oxs_encryption_asymmetric_crypt(env, asym_ctx, input_buf, result_buf);
+ /*Free input*/
+ oxs_buffer_free(input_buf, env);
+ input_buf = NULL;
+
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
+
+ /*Populate the key with the data in the result buffer*/
+ oxs_key_populate(key, env,
+ oxs_buffer_get_data(result_buf, env),
+ "decrypted_session_key",
+ oxs_buffer_get_size(result_buf, env),
+ OXS_KEY_USAGE_DECRYPT );
+ /*Free*/
+ oxs_buffer_free(result_buf, env);
+ result_buf = NULL;
+
+ return AXIS2_SUCCESS;
+}
Added: webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_info_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_info_builder.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_info_builder.c (added)
+++ webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_info_builder.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axis2_util.h>
+#include <oxs_constants.h>
+#include <oxs_error.h>
+#include <oxs_buffer.h>
+#include <oxs_cipher.h>
+#include <oxs_c14n.h>
+#include <oxs_axiom.h>
+#include <oxs_utility.h>
+#include <openssl_rsa.h>
+#include <openssl_digest.h>
+#include <oxs_key_mgr.h>
+#include <oxs_tokens.h>
+#include <oxs_xml_key_info_builder.h>
+
+/*Private functions*/
+
+/*Public functions*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_info_build(const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert,
+ oxs_key_info_build_pattern_t pattern)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+ axiom_node_t *key_info_node = NULL;
+
+ /*Build the KeyInfo node*/
+ key_info_node = oxs_token_build_key_info_element(env, parent);
+
+ if(OXS_KIBP_X509DATA_X509CERTIFICATE == pattern){
+ status = oxs_xml_key_info_build_x509_data_x509_certificate(env, key_info_node, cert);
+ }else if(OXS_KIBP_X509DATA_ISSUER_SERIAL == pattern){
+ status = oxs_xml_key_info_build_x509_data_issuer_serial(env, key_info_node, cert);
+ }else{
+ /*We do not support*/
+ }
+ return status;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_info_build_x509_data_x509_certificate(const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert)
+{
+ axiom_node_t *x509_data_node = NULL;
+ axiom_node_t *x509_certificate_node = NULL;
+ axis2_char_t *cert_data = NULL;
+
+ /*Get certificate data*/
+ cert_data = oxs_x509_cert_get_data(cert, env);
+ /*Build the X509Data node*/
+ x509_data_node = oxs_token_build_x509_data_element(env, parent);
+
+ /*Now build the X509Certificate node*/
+ x509_certificate_node = oxs_token_build_x509_certificate_element(env, x509_data_node, cert_data);
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_info_build_x509_data_issuer_serial(const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_x509_cert_t *cert)
+{
+
+ axiom_node_t *x509_data_node = NULL;
+ axiom_node_t *x509_issuer_serial_node = NULL;
+
+ axis2_char_t *issuer = NULL;
+ axis2_char_t *serial_num = NULL;
+ int serial = -1;
+
+ issuer = oxs_x509_cert_get_issuer(cert, env);
+ serial = oxs_x509_cert_get_serial_number(cert, env);
+
+ if(!issuer || (serial_num <0)){
+ return AXIS2_FAILURE;
+ }
+ serial_num = AXIS2_MALLOC(env->allocator, 10);
+ sprintf(serial_num, "%d", serial);
+ /*Build tokens*/
+ x509_data_node = oxs_token_build_x509_data_element(env, parent);
+ x509_issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(env, x509_data_node, issuer, serial_num);
+
+ return AXIS2_SUCCESS;
+
+
+}
+
Added: webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_processor.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_processor.c (added)
+++ webservices/rampart/tags/c/0.90/src/omxmlsec/xml_key_processor.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,172 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axis2_util.h>
+#include <oxs_constants.h>
+#include <oxs_error.h>
+#include <oxs_buffer.h>
+#include <oxs_cipher.h>
+#include <oxs_c14n.h>
+#include <oxs_axiom.h>
+#include <oxs_utility.h>
+#include <openssl_rsa.h>
+#include <openssl_digest.h>
+#include <oxs_key_mgr.h>
+#include <oxs_tokens.h>
+#include <oxs_xml_key_processor.h>
+/*Private functions*/
+
+/*Public functions*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_process_X509SKI(const axutil_env_t *env,
+ axiom_node_t *X509SKI_node,
+ oxs_x509_cert_t *cert)
+{
+ axis2_char_t *ski = NULL;
+ axis2_char_t *node_name = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ node_name = axiom_util_get_localname(X509SKI_node, env);
+ if(0 != axutil_strcmp(node_name, OXS_NODE_X509_SKI)){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_SKI, node_name);
+ return AXIS2_FAILURE;
+ }
+
+ ski = oxs_axiom_get_node_content(env, X509SKI_node);
+ oxs_x509_cert_set_subject(cert, env, ski);
+
+ return status;
+
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_process_X509SubjectName(const axutil_env_t *env,
+ axiom_node_t *X509_subj_name_node,
+ oxs_x509_cert_t *cert)
+{
+ axis2_char_t *subj_name = NULL;
+ axis2_char_t *node_name = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ node_name = axiom_util_get_localname(X509_subj_name_node, env);
+ if(0 != axutil_strcmp(node_name, OXS_NODE_X509_SUBJECT_NAME)){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_SUBJECT_NAME, node_name);
+ return AXIS2_FAILURE;
+ }
+
+ subj_name = oxs_axiom_get_node_content(env, X509_subj_name_node);
+ oxs_x509_cert_set_subject(cert, env, subj_name);
+
+ return status;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_process_X509IssuerSerial(const axutil_env_t *env,
+ axiom_node_t *X509_issuer_serial_node,
+ oxs_x509_cert_t *cert)
+{
+ axiom_node_t *issuer_name_node = NULL;
+ axiom_node_t *serial_num_node = NULL;
+ axis2_char_t *node_name = NULL;
+ axis2_char_t *issuer_name = NULL;
+ axis2_char_t *serial_num_str = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ node_name = axiom_util_get_localname(X509_issuer_serial_node, env);
+ if(0 != axutil_strcmp(node_name, OXS_NODE_X509_ISSUER_SERIAL)){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_ISSUER_SERIAL, node_name);
+ return AXIS2_FAILURE;
+ }
+
+ issuer_name_node = axiom_node_get_first_element(X509_issuer_serial_node, env);
+ if(issuer_name_node){
+ issuer_name = oxs_axiom_get_node_content(env, issuer_name_node);
+ }
+
+ serial_num_node = axiom_node_get_next_sibling(issuer_name_node, env);
+ if(serial_num_node){
+ serial_num_str = oxs_axiom_get_node_content(env, serial_num_node);
+ }
+
+ /*we set the key issuername and the serial number*/
+ oxs_x509_cert_set_issuer(cert, env, issuer_name);
+ oxs_x509_cert_set_serial_number(cert, env, atoi(serial_num_str));
+
+ return status;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_process_X509Certificate(const axutil_env_t *env,
+ axiom_node_t *X509_cert_node,
+ oxs_x509_cert_t *cert)
+{
+ axis2_char_t *data = NULL;
+ axis2_char_t *node_name = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ oxs_x509_cert_t *_cert = NULL;
+ node_name = axiom_util_get_localname(X509_cert_node, env);
+ if(0 != axutil_strcmp(node_name, OXS_NODE_X509_CERTIFICATE)){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_CERTIFICATE, node_name);
+ return AXIS2_FAILURE;
+ }
+ /*Get contents*/
+ data = oxs_token_get_x509_certificate(env, X509_cert_node);
+ _cert = oxs_key_mgr_load_x509_cert_from_string(env, data);
+ if(_cert){
+ status = AXIS2_SUCCESS;
+ }else{
+ status = AXIS2_FAILURE;
+ }
+ oxs_x509_cert_copy_to(_cert, env, cert);
+ return status;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_key_process_X509Data(const axutil_env_t *env,
+ axiom_node_t *X509_data_node,
+ oxs_x509_cert_t *cert)
+{
+ axiom_node_t *child_node = NULL;
+ axis2_char_t *child_name = NULL;
+ axis2_char_t *node_name = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ node_name = axiom_util_get_localname(X509_data_node, env);
+ if(0 != axutil_strcmp(node_name, OXS_NODE_X509_DATA)){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA,"Invalid node. Expected %s. Found", OXS_NODE_X509_DATA, node_name);
+ return AXIS2_FAILURE;
+ }
+ child_node = axiom_node_get_first_element( X509_data_node, env);
+ child_name = axiom_util_get_localname(child_node, env);
+
+ /*Check wht's inside the <ds:X509Data>*/
+ if(0 == axutil_strcmp(child_name, OXS_NODE_X509_CERTIFICATE)){
+ status = oxs_xml_key_process_X509Certificate(env, child_node, cert);
+ }else if(0 == axutil_strcmp(child_name, OXS_NODE_X509_ISSUER_SERIAL)){
+ status = oxs_xml_key_process_X509IssuerSerial(env, child_node, cert);
+ }else if(0 == axutil_strcmp(child_name, OXS_NODE_X509_SUBJECT_NAME )){
+ status = oxs_xml_key_process_X509SubjectName(env, child_node, cert);
+ }else if(0 == axutil_strcmp(child_name, OXS_NODE_X509_SKI )){
+ status = oxs_xml_key_process_X509SKI(env, child_node, cert);
+ }else{
+ /*We do not support*/
+ }
+
+ return status;
+}
+
Added: webservices/rampart/tags/c/0.90/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/omxmlsec/xml_signature.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/omxmlsec/xml_signature.c (added)
+++ webservices/rampart/tags/c/0.90/src/omxmlsec/xml_signature.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,615 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axis2_util.h>
+#include <oxs_constants.h>
+#include <oxs_error.h>
+#include <oxs_buffer.h>
+#include <oxs_cipher.h>
+#include <oxs_c14n.h>
+#include <oxs_axiom.h>
+#include <oxs_utility.h>
+#include <openssl_rsa.h>
+#include <openssl_digest.h>
+#include <oxs_sign_ctx.h>
+#include <oxs_sign_part.h>
+#include <oxs_xml_signature.h>
+#include <oxs_signature.h>
+#include <oxs_transform.h>
+#include <oxs_transforms_factory.h>
+#include <oxs_tokens.h>
+/*Private functions*/
+
+
+/*This method is common for both signing and verification*/
+static axis2_char_t *
+oxs_xml_sig_transform_n_digest(const axutil_env_t *env,
+ axiom_node_t *node,
+ axutil_array_list_t *transforms,
+ axis2_char_t *digest_mtd)
+{
+ axis2_char_t *serialized_node = NULL;
+ axis2_char_t *digest = NULL;
+ int i = 0;
+
+ if((transforms) && (0 < axutil_array_list_size(transforms, env))){
+ oxs_tr_dtype_t output_dtype = OXS_TRANSFORM_TYPE_UNKNOWN;/*This will always be the current dtype*/
+ void *tr_output = NULL;
+ output_dtype = OXS_TRANSFORM_TYPE_NODE; /*We always begin with a node*/
+
+ tr_output = node; /*The first transformation is applied to the node*/
+
+ /*LOOP: Apply transforms. For example exclusive C14N*/
+ for (i = 0; i < axutil_array_list_size(transforms, env); i++){
+ oxs_transform_t *tr = NULL;
+ oxs_transform_tr_func tr_func = NULL;
+ oxs_tr_dtype_t input_dtype = OXS_TRANSFORM_TYPE_UNKNOWN;
+ void *tr_input = NULL;
+ axis2_char_t *tr_id = NULL;
+
+ /*Get the ith transform*/
+ tr = (oxs_transform_t*)axutil_array_list_get(transforms, env, i);
+ tr_id = oxs_transform_get_id(tr, env);
+ tr_func = oxs_transform_get_transform_function(tr, env);
+ input_dtype = oxs_transform_get_input_data_type(tr, env);
+
+ /*Prepare the input*/
+ /*If the required input type is CHAR and what we have is a NODE*/
+ if((input_dtype == OXS_TRANSFORM_TYPE_CHAR) && (output_dtype == OXS_TRANSFORM_TYPE_NODE)){
+ /*Serialize*/
+ tr_input = axiom_node_to_string((axiom_node_t*)tr_output, env);
+ /*If the required input type is NODE and what we have is a CHAR*/
+ }else if((input_dtype == OXS_TRANSFORM_TYPE_NODE) && (output_dtype == OXS_TRANSFORM_TYPE_CHAR)){
+ /*De-serialize*/
+ tr_input = oxs_axiom_deserialize_node(env, (axis2_char_t *)tr_output);
+ }else{
+ /*Let it go as it is. */
+ tr_input = tr_output;
+ }
+ /*Apply transform*/
+ if(tr_func){
+ output_dtype = (*tr_func)(env, tr_input, input_dtype, &tr_output);
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_TRANSFORM_FAILED,"Cannot get the transform implementation for %s", tr_id);
+ }
+ /*If the output data type is unknown OR the output is NULL its an error*/
+ if((output_dtype == OXS_TRANSFORM_TYPE_UNKNOWN) || (!tr_output)){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_TRANSFORM_FAILED,"Transform failed for %s", tr_id);
+ return NULL;
+ }
+ }/*eof for loop*/
+ /*We have applied all our transforms now*/
+ /*Serialize node*/
+ if(OXS_TRANSFORM_TYPE_NODE == output_dtype ){
+ serialized_node = axiom_node_to_string((axiom_node_t*)tr_output, env);
+ }else if(OXS_TRANSFORM_TYPE_CHAR == output_dtype){
+ serialized_node = (axis2_char_t*)tr_output;
+ }else{
+ /*Error*/
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_TRANSFORM_FAILED,"Unsupported transform data type %d", output_dtype);
+ }
+ }else{
+ /*No transforms defined. Thus we simply direct the node, to make the digest*/
+ serialized_node = axiom_node_to_string(node, env);
+ }
+
+ if(0 == axutil_strcmp( OXS_HREF_SHA1 , digest_mtd)){
+ digest = openssl_sha1(env, serialized_node, axutil_strlen(serialized_node));
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_TRANSFORM_FAILED,"Unsupported digest method %s", digest_mtd);
+ return NULL;
+ }
+ return digest;
+}
+
+/*parent is ds:SignedInfo*/
+static axis2_status_t
+oxs_xml_sig_build_reference(const axutil_env_t *env,
+ axiom_node_t *parent,
+ oxs_sign_part_t *sign_part)
+{
+ axis2_char_t *digest = NULL;
+ axis2_char_t *digest_mtd = NULL;
+ axis2_char_t *ref_id = NULL;
+ axis2_char_t *id = NULL;
+ axutil_array_list_t *transforms = NULL;
+ axiom_node_t *node = NULL;
+ axiom_node_t *reference_node = NULL;
+ axiom_node_t *digest_value_node = NULL;
+ axiom_node_t *digest_mtd_node = NULL;
+ int i=0;
+
+ /*Get the node to digest*/
+ node = oxs_sign_part_get_node(sign_part, env);
+
+ /*Get the reference ID from the node and hence to the ds:Reference node*/
+ id = oxs_axiom_get_attribute_value_of_node_by_name(env, node, "wsu:Id");
+
+ ref_id = axutil_stracat(env, "#", id);/* <ds:Reference URI="#id">*/
+ reference_node = oxs_token_build_ds_reference_element(env, parent ,NULL, ref_id, NULL);
+
+ /*Get transforms if any*/
+ transforms = oxs_sign_part_get_transforms(sign_part, env);
+ /*Get the digest method*/
+ digest_mtd = oxs_sign_part_get_digest_mtd(sign_part, env);
+
+ /*Transform and Digest*/
+ digest = oxs_xml_sig_transform_n_digest(env, node, transforms, digest_mtd);
+
+ /*Build ds:Transforms node and its children*/
+ if((transforms) && (0 < axutil_array_list_size(transforms, env))){
+ axiom_node_t *transforms_node = NULL;
+
+ transforms_node = oxs_token_build_transforms_element(env, reference_node);
+ for (i = 0; i < axutil_array_list_size(transforms, env); i++){
+ oxs_transform_t *tr = NULL;
+ axis2_char_t *tr_id = NULL;
+
+ /*Get the ith transform*/
+ tr = (oxs_transform_t*)axutil_array_list_get(transforms, env, i);
+ tr_id = oxs_transform_get_id(tr, env);
+ oxs_token_build_transform_element(env, transforms_node, tr_id);
+ }
+ }
+ /*Construct nodes*/
+ digest_mtd_node = oxs_token_build_digest_method_element(env, reference_node, digest_mtd);
+ digest_value_node = oxs_token_build_digest_value_element(env, reference_node, digest);
+
+ return AXIS2_SUCCESS;
+}
+/**
+ * C14N -> Serialize -> Sign the <SignedInfo> element
+ */
+static axis2_status_t
+oxs_xml_sig_sign_signed_info(const axutil_env_t *env,
+ axiom_node_t *signature_node,
+ axiom_node_t *signed_info_node,
+ oxs_sign_ctx_t *sign_ctx)
+{
+ axis2_char_t *signature_val = NULL;
+ axis2_char_t *serialized_signed_info = NULL;
+ axis2_char_t *c14n_algo = NULL;
+ axis2_char_t *c14nized = NULL;
+ axiom_node_t *signature_val_node = NULL;
+ axiom_document_t *doc = NULL;
+ oxs_buffer_t *input_buf = NULL;
+ oxs_buffer_t *output_buf = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ /*Cannonicalize <SignedInfo>*/
+ c14n_algo = oxs_sign_ctx_get_c14n_mtd(sign_ctx, env);
+ doc = axiom_node_get_document(signed_info_node, env);
+
+ /*oxs_c14n_apply(env, doc, AXIS2_FALSE, &c14nized, AXIS2_TRUE, NULL, signed_info_node); */
+ oxs_c14n_apply_algo(env, doc, &c14nized, NULL, signed_info_node, c14n_algo);
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] C14N (sig)= %s ", c14nized );
+
+ /*Then serialize <SignedInfo>*/
+ serialized_signed_info = c14nized; /*axiom_node_to_string(signed_info_node, env);*/
+
+ /*Make the input and out put buffers*/
+ input_buf = oxs_buffer_create(env);
+ output_buf = oxs_buffer_create(env);
+
+ oxs_buffer_populate(input_buf, env, (unsigned char *)serialized_signed_info, axutil_strlen(serialized_signed_info));
+ /*Then sign... NOTE: The signature process includes making the digest. e.g. rsa-sha1 => RSA(SHA-1(contents))*/
+ status = oxs_sig_sign(env, sign_ctx, input_buf, output_buf);
+
+ signature_val = (axis2_char_t*)oxs_buffer_get_data(output_buf, env);
+
+ /*Construct <SignatureValue>*/
+ signature_val_node = oxs_token_build_signature_value_element(env, signature_node, signature_val);
+
+ return status;
+}
+
+/*Public functions*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_sign(const axutil_env_t *env,
+ oxs_sign_ctx_t *sign_ctx,
+ axiom_node_t *parent,
+ axiom_node_t **sig_node)
+{
+ axiom_node_t *signed_info_node = NULL;
+ axiom_node_t *signature_node = NULL;
+ axiom_node_t *signature_mtd_node = NULL;
+ axiom_node_t *c14n_mtd_node = NULL;
+ axis2_char_t *sign_algo = NULL;
+ axis2_char_t *c14n_algo = NULL;
+ axutil_array_list_t *sign_parts = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ int i=0;
+
+ /*Construct the <Signature> element*/
+ signature_node = oxs_token_build_signature_element(env, parent, oxs_util_generate_id(env,OXS_SIG_ID));
+
+ /*Construct the <SignedInfo> */
+ signed_info_node = oxs_token_build_signed_info_element(env, signature_node);
+
+ /*Construct the <CanonicalizationMethod> */
+ c14n_algo = oxs_sign_ctx_get_c14n_mtd(sign_ctx, env);
+ c14n_mtd_node = oxs_token_build_c14n_method_element(env, signed_info_node, c14n_algo);
+
+ /*Construct the <SignatureMethod> */
+ sign_algo = oxs_sign_ctx_get_sign_mtd_algo(sign_ctx, env);
+ signature_mtd_node = oxs_token_build_signature_method_element(env, signed_info_node, sign_algo);
+
+ /*Look for signature parts*/
+ sign_parts = oxs_sign_ctx_get_sign_parts(sign_ctx , env);
+
+ /*For each and every signature part in sig ctx,*/
+ for (i = 0; i < axutil_array_list_size(sign_parts, env); i++){
+ oxs_sign_part_t *sign_part = NULL;
+
+ /*Get ith sign_part*/
+ sign_part = (oxs_sign_part_t*)axutil_array_list_get(sign_parts, env, i);
+ /*Create <ds:Reference> elements */
+ oxs_xml_sig_build_reference(env, signed_info_node, sign_part);
+
+ }
+ /*At this point we have a complete <SignedInfo> node. Now we need to sign it*/
+ status = oxs_xml_sig_sign_signed_info(env, signature_node, signed_info_node, sign_ctx);
+
+ *sig_node = signature_node;
+ return status;
+}
+
+/*******************************Verification specific*****************************/
+
+/*Populates a sign_part according to the <ds:Reference> node*/
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_process_ref_node(const axutil_env_t *env,
+ oxs_sign_part_t *sign_part,
+ axiom_node_t *ref_node,
+ axiom_node_t *scope_node)
+{
+ axis2_char_t *ref_id = NULL;
+ axis2_char_t *ref_id2 = NULL;
+ axis2_char_t *child_node_name = NULL;
+ axiom_node_t *reffed_node = NULL;
+ axiom_node_t *child_node = NULL;
+
+ ref_id = oxs_token_get_ds_reference(env, ref_node);
+ oxs_sign_part_set_id(sign_part, env, ref_id);
+
+ /*Remove the # from the id*/
+ ref_id2 = axutil_string_substring_starting_at(axutil_strdup(env, ref_id), 1);
+
+ /*Find the node refered by this ref_id2 and set to the sign part*/
+ reffed_node = oxs_axiom_get_node_by_id(env, scope_node, "wsu:Id", ref_id2 );
+ if(reffed_node){
+ oxs_sign_part_set_node(sign_part, env, reffed_node);
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot find node with Id=%s ", ref_id2 );
+ return AXIS2_FAILURE; /*No such node. Its an error*/
+ }
+
+ /*First child is optional Transforms element*/
+ child_node = axiom_node_get_first_element(ref_node, env);
+ child_node_name = axiom_util_get_localname(child_node, env);
+ if(0 == axutil_strcmp(child_node_name, OXS_NODE_TRANSFORMS)){
+ /*Transforms found*/
+ axiom_node_t *tr_node = NULL;
+ axutil_array_list_t *tr_list = NULL;
+
+ /*Create a list to hold transforms*/
+ tr_list = axutil_array_list_create(env, 1);
+ tr_node = axiom_node_get_first_element(child_node, env);
+ /*Iterate thru all the <ds:Transform> nodes in <ds:Transforms>*/
+ while(tr_node)
+ {
+ axis2_char_t *node_name = NULL;
+
+ node_name = axiom_util_get_localname(tr_node, env);
+ if( 0 == axutil_strcmp(OXS_NODE_TRANSFORM, node_name)){
+ axis2_char_t *tr_id = NULL;
+ oxs_transform_t *tr = NULL;
+
+ tr_id = oxs_token_get_transform(env, tr_node);
+ /*Get the transform given the id*/
+ tr = oxs_transforms_factory_produce_transform(env, tr_id);
+ if(!tr) {
+ /*The transform not supported*/
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_TRANSFORM_FAILED,"Cannot produce the transform for %s", tr_id);
+ return AXIS2_FAILURE;
+ }
+ /*Add the transform to the list*/
+ axutil_array_list_add(tr_list, env, tr);
+ }else{
+ /*<ds:Transforms> cant have any other element*/
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_TRANSFORM_FAILED,"<ds:Transforms> cannot have node %s ", node_name );
+ return AXIS2_FAILURE;
+ }
+ /*Set the next node to be precessed*/
+ tr_node = axiom_node_get_next_sibling(tr_node, env);
+ }/*eof while*/
+ /*Set transforms for this signature part*/
+ oxs_sign_part_set_transforms(sign_part, env, tr_list);
+
+ /*At the end, set the next node as the child node*/
+ child_node = axiom_node_get_next_sibling(child_node, env);
+ }else{
+ /*There are no transforms for this sign part*/
+ }
+
+ /* Process mandatory ds:DigestMethod*/
+ child_node_name = axiom_util_get_localname(child_node, env);
+ if(0 == axutil_strcmp(child_node_name, OXS_NODE_DIGEST_METHOD)){
+ axis2_char_t *digest_mtd = NULL;
+ /*ds:DigestMethod found*/
+ digest_mtd = oxs_token_get_digest_method(env, child_node);
+ oxs_sign_part_set_digest_mtd(sign_part, env, digest_mtd);
+
+ /*At the end, set the next node as the child node*/
+ child_node = axiom_node_get_next_sibling(child_node, env);
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot find <ds:DigestMethod> " );
+ return AXIS2_FAILURE;
+ }
+
+ /* Process mandatory ds:DigestValue*/
+ child_node_name = axiom_util_get_localname(child_node, env);
+ if(0 == axutil_strcmp(child_node_name, OXS_NODE_DIGEST_VALUE)){
+ /*ds:DigestValue found*/
+ axis2_char_t *digest_val = NULL;
+ digest_val = oxs_token_get_digest_value(env, child_node);
+ oxs_sign_part_set_digest_val(sign_part, env, digest_val);
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot find <ds:DigestValue> " );
+ return AXIS2_FAILURE;
+ }
+
+ return AXIS2_SUCCESS;
+
+}
+
+/*Process Signature Node along with its most loving child ds:SignedInfo.
+ * We need to populate
+ * 1. Sig_mtd
+ * 2. C14N Mtd
+ * 3. Sign parts
+ * 3.1. Id
+ * 3.2 Digest mtd
+ * 3.3. Transforms*/
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_process_signature_node(const axutil_env_t *env,
+ oxs_sign_ctx_t *sign_ctx,
+ axiom_node_t *signature_node,
+ axiom_node_t *scope_node)
+{
+ axiom_node_t *cur_node = NULL;
+ axiom_node_t *signed_info_node = NULL;
+ axiom_node_t *sig_val_node = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ axutil_array_list_t *sign_part_list = NULL;
+
+ signed_info_node = oxs_axiom_get_first_child_node_by_name(env, signature_node,
+ OXS_NODE_SIGNEDINFO, OXS_DSIG_NS, OXS_DS );
+
+ /*signed_info_node = oxs_axiom_get_first_child_node_by_name(env, signature_node,
+ OXS_NODE_SIGNEDINFO, NULL,NULL);*/
+
+ if(!signed_info_node){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot find <ds:SignedInfo> " );
+ return AXIS2_FAILURE;
+ }
+ /*Create the list for sign parts*/
+ sign_part_list = axutil_array_list_create(env,5);
+
+ /*Process signed info element*/
+ cur_node = axiom_node_get_first_element(signed_info_node, env);
+ /*Iterate thru children of <SignedInfo>*/
+ while(cur_node){
+ axis2_char_t *localname = NULL;
+
+ localname = axiom_util_get_localname(cur_node, env);
+
+ if(0 == axutil_strcmp(localname, OXS_NODE_CANONICALIZATION_METHOD)){
+ axis2_char_t *c14n_mtd = NULL;
+ c14n_mtd = oxs_token_get_c14n_method(env, cur_node);
+ oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, c14n_mtd);
+
+ }else if(0 == axutil_strcmp(localname, OXS_NODE_SIGNATURE_METHOD)){
+ axis2_char_t *sig_mtd = NULL;
+ sig_mtd = oxs_token_get_signature_method(env, cur_node);
+ oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, sig_mtd);
+
+ }else if(0 == axutil_strcmp(localname, OXS_NODE_REFERENCE)){
+ oxs_sign_part_t *sign_part = NULL;
+
+ /* There might be multiple references.
+ * For each create a sign_part and add to sign_part_list in the sign_ctx*/
+ sign_part = oxs_sign_part_create(env);
+ status = oxs_xml_sig_process_ref_node(env, sign_part, cur_node, scope_node);
+ if(status == AXIS2_FAILURE){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"<ds:Reference> node processing failed " );
+ return AXIS2_FAILURE;
+ }
+
+ /*Now we have a new sign_part. Add it to the list.*/
+ axutil_array_list_add(sign_part_list, env, sign_part);
+
+ }else{
+ /*We do not process*/
+ }
+ cur_node = axiom_node_get_next_sibling(cur_node, env);
+ }
+
+ oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_part_list);
+ /*Finished processing SignedInfo. Now we are processing the Signature Value element*/
+ /*The very next child of SignedInfo Should be the ds:SignatureValue*/
+ sig_val_node = axiom_node_get_next_sibling(signed_info_node, env);
+ if(0 == axutil_strcmp( OXS_NODE_SIGNATURE_VALUE, axiom_util_get_localname(sig_val_node, env))){
+ axis2_char_t *sig_val = NULL;
+ axis2_char_t *newline_removed = NULL;
+
+ sig_val = oxs_token_get_signature_value(env, sig_val_node);
+ if(!sig_val)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot find signature value. " );
+ return AXIS2_FAILURE;
+ }
+ /*We now remove \n in this text.Otherwise verifications failed.*/
+ newline_removed = oxs_util_get_newline_removed_string(env,sig_val);
+ if(!newline_removed)
+ {
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot Remove new lines. " );
+ return AXIS2_FAILURE;
+ }
+ oxs_sign_ctx_set_sig_val(sign_ctx, env, newline_removed);
+
+ }else{
+ /*Error the node should be the ds:SignatureValue*/
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot find <ds:SignatureValue> " );
+ return AXIS2_FAILURE;
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_verify_sign_part(const axutil_env_t *env,
+ oxs_sign_part_t *sign_part)
+{
+ axis2_char_t *id = NULL;
+ axis2_char_t *digest_mtd = NULL;
+ axis2_char_t *digest_val = NULL;
+ axis2_char_t *new_digest = NULL;
+ axiom_node_t *node = NULL;
+ axutil_array_list_t *transforms = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+
+ id = oxs_sign_part_get_id(sign_part, env);
+ digest_mtd = oxs_sign_part_get_digest_mtd(sign_part, env);
+ digest_val = oxs_sign_part_get_digest_val(sign_part, env);
+ node = oxs_sign_part_get_node(sign_part, env);
+ transforms = oxs_sign_part_get_transforms(sign_part, env);
+
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] Verifying signature part %s ", id );
+
+ /*Do transforms to the node*/
+ new_digest = oxs_xml_sig_transform_n_digest(env, node, transforms, digest_mtd);
+
+ /*Compare values*/
+ if(0 == axutil_strcmp(new_digest, digest_val)){
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] Digest verification success for node Id= %s ", id );
+ status = AXIS2_SUCCESS;
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Digest verification failed for node Id= %s ", id );
+ status = AXIS2_FAILURE;
+ }
+
+ return status;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_verify_digests(const axutil_env_t *env,
+ oxs_sign_ctx_t *sign_ctx)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+ axutil_array_list_t *sign_parts = NULL;
+ int i = 0 ;
+
+ /*Get the sign_part list*/
+ sign_parts = oxs_sign_ctx_get_sign_parts(sign_ctx, env);
+ /*For each and every signature part in sig ctx,*/
+ for (i = 0; i < axutil_array_list_size(sign_parts, env); i++){
+ oxs_sign_part_t *sign_part = NULL;
+
+ /*Get ith sign_part*/
+ sign_part = (oxs_sign_part_t*)axutil_array_list_get(sign_parts, env, i);
+ status = oxs_xml_sig_verify_sign_part(env, sign_part);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
+ }
+
+ return status;
+}
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_xml_sig_verify(const axutil_env_t *env,
+ oxs_sign_ctx_t *sign_ctx,
+ axiom_node_t *signature_node,
+ axiom_node_t *scope_node)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+ axiom_node_t *signed_info_node = NULL;
+ axiom_document_t *doc = NULL;
+ axis2_char_t *c14n_mtd = NULL;
+ axis2_char_t *content = NULL;
+ axis2_char_t *signature_val = NULL;
+
+ /*Set operation to verify*/
+ oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
+
+ /*Populate the sign_ctx by inspecting the ds:Signature node*/
+ status = oxs_xml_sig_process_signature_node(env, sign_ctx, signature_node, scope_node);
+ if(status != AXIS2_SUCCESS){
+ /*Something went wrong while processing the Signature node!!! :(*/
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"<ds:Signature> node processing failed " );
+ return AXIS2_FAILURE;
+ }
+
+ /*-----------------------------------------------------------------------------------------*/
+ /*At this point we have a ready to process signature context. So start verification process*/
+ /*-----------------------------------------------------------------------------------------*/
+
+ /*Verify the integrity of the signed parts by comparing the digest values of each and every reference.*/
+ status = oxs_xml_sig_verify_digests(env, sign_ctx);
+
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }else{
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] Digests verification SUCCESS " );
+ }
+
+ /*At this point we have compared the digest. Next step is to compare the Signature value */
+ /*First get the signature value from the context*/
+ signature_val = oxs_sign_ctx_get_sig_val(sign_ctx, env);
+
+ /*Then we apply the C14N for the ds:SignedInfo*/
+ signed_info_node = oxs_axiom_get_first_child_node_by_name(env, signature_node,
+ OXS_NODE_SIGNEDINFO, OXS_DSIG_NS, OXS_DS );
+
+ /*signed_info_node = oxs_axiom_get_first_child_node_by_name(env, signature_node,
+ OXS_NODE_SIGNEDINFO, NULL,NULL );*/
+
+ c14n_mtd = oxs_sign_ctx_get_c14n_mtd(sign_ctx, env);
+ doc = axiom_node_get_document(signed_info_node, env);
+
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] C14N (verif1)= %s ", axiom_node_to_string(signed_info_node, env) );
+ /* oxs_c14n_apply(env, doc, AXIS2_FALSE, &content, AXIS2_TRUE, NULL, signed_info_node);*/
+
+ oxs_c14n_apply_algo(env, doc, &content, NULL, signed_info_node, c14n_mtd);
+
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] C14N (verif2)=\n\n%s\n\n", content );
+
+ /*In the final step we Verify*/
+ status = oxs_sig_verify(env, sign_ctx, content , signature_val);
+ if(AXIS2_FAILURE == status){
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Signature is not valid " );
+ return AXIS2_FAILURE;
+ }else{
+ return AXIS2_SUCCESS;
+ }
+
+
+}
Added: webservices/rampart/tags/c/0.90/src/secpolicy/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/secpolicy/Makefile.am?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/secpolicy/Makefile.am (added)
+++ webservices/rampart/tags/c/0.90/src/secpolicy/Makefile.am Thu Sep 6 03:48:44 2007
@@ -0,0 +1 @@
+SUBDIRS = model builder
Added: webservices/rampart/tags/c/0.90/src/secpolicy/builder/Makefile.am
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/secpolicy/builder/Makefile.am?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/secpolicy/builder/Makefile.am (added)
+++ webservices/rampart/tags/c/0.90/src/secpolicy/builder/Makefile.am Thu Sep 6 03:48:44 2007
@@ -0,0 +1,19 @@
+TESTS =
+
+noinst_LTLIBRARIES = librp_builder.la
+
+librp_builder_la_SOURCES = algorithmsuite_builder.c asymmetric_binding_builder.c binding_commons_builder.c \
+ https_token_builder.c layout_builder.c qname_matcher.c rampart_config_builder.c secpolicy_builder.c \
+ security_context_token_builder.c signed_encrypted_elements_builder.c \
+ signed_encrypted_parts_builder.c signed_encrypted_items_builder.c \
+ supporting_tokens_builder.c symmetric_asymmetric_commons_builder.c \
+ symmetric_binding_builder.c token_builder.c transport_binding_builder.c username_token_builder.c \
+ wss10_builder.c wss11_builder.c x509_token_builder.c policy_creator.c
+
+
+librp_builder_la_LIBADD = ${AXIS2C_HOME}/lib
+
+
+INCLUDES = -I$(top_builddir)/include \
+ -I ../../../include \
+ @AXIS2INC@
Added: webservices/rampart/tags/c/0.90/src/secpolicy/builder/algorithmsuite_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/secpolicy/builder/algorithmsuite_builder.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/secpolicy/builder/algorithmsuite_builder.c (added)
+++ webservices/rampart/tags/c/0.90/src/secpolicy/builder/algorithmsuite_builder.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,294 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include <rp_algorithmsuite_builder.h>
+#include <rp_qname_matcher.h>
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rp_algorithmsuite_builder_set_algosuite(
+ axiom_node_t *node,
+ axiom_element_t *element,
+ axis2_char_t *algosuite_string,
+ rp_algorithmsuite_t *algorithmsuite,
+ const axutil_env_t *env);
+
+
+AXIS2_EXTERN rp_algorithmsuite_t *AXIS2_CALL
+rp_algorithmsuite_builder_build(
+ const axutil_env_t *env,
+ axiom_node_t *algorithmsuite)
+{
+ rp_algorithmsuite_t *algorithm_suite = NULL;
+ axiom_node_t *policy = NULL;
+ axiom_node_t *name = NULL;
+ axiom_element_t *name_ele = NULL;
+ axis2_char_t * algosuite_string = NULL;
+ axis2_status_t status = AXIS2_SUCCESS;
+
+ AXIS2_ENV_CHECK(env,NULL);
+ AXIS2_PARAM_CHECK(env->error,algorithmsuite,NULL);
+
+ if(algorithmsuite)
+ {
+ policy = axiom_node_get_first_element(algorithmsuite,env);
+ if(policy)
+ {
+ name = axiom_node_get_first_element(policy,env);
+ if(name)
+ {
+ if(axiom_node_get_node_type(name,env) == AXIOM_ELEMENT)
+ {
+ name_ele = (axiom_element_t*)axiom_node_get_data_element(name, env);
+ if(name_ele)
+ {
+ algosuite_string = axiom_element_get_localname(name_ele, env);
+ if(algosuite_string)
+ {
+ algorithm_suite = rp_algorithmsuite_create(env);
+ if(!algorithm_suite)
+ return NULL;
+
+ status = rp_algorithmsuite_builder_set_algosuite(name,name_ele,algosuite_string,algorithm_suite,env); if(status!=AXIS2_SUCCESS)
+ {
+ rp_algorithmsuite_free(algorithm_suite,env);
+ algorithm_suite = NULL;
+ }
+ }
+ }
+ }
+ }
+ }
+ }
+ return algorithm_suite;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rp_algorithmsuite_builder_set_algosuite(
+ axiom_node_t *node,
+ axiom_element_t *element,
+ axis2_char_t *algosuite_string,
+ rp_algorithmsuite_t *algorithmsuite,
+ const axutil_env_t *env)
+
+{
+ AXIS2_ENV_CHECK(env,AXIS2_FAILURE);
+
+ if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC256)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC256,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC192)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC192,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC128)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC128,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_TRIPLE_DES)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_TRIPLE_DES,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC256_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC256_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC192_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC192_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC128_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC128_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_TRIPLE_DES_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_TRIPLE_DES_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC256_SHA256)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC256_SHA256,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC192_SHA256)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC192_SHA256,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC128_SHA256)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC128_SHA256,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_TRIPLE_DES_SHA256)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_TRIPLE_DES_SHA256,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC256_SHA256_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC256_SHA256_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC192_SHA256_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC192_SHA256_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_BASIC128_SHA256_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC128_SHA256_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_ALGO_SUITE_TRIPLE_DES_SHA256_RSA15)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGO_SUITE_BASIC256_RSA15,node,element))
+ {
+ rp_algorithmsuite_set_algosuite(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_INCLUSIVE_C14N)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_INCLUSIVE_C14N,node,element))
+ {
+ rp_algorithmsuite_set_c14n(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_SOAP_NORMALIZATION_10)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_SOAP_NORMALIZATION_10,node,element))
+ {
+ rp_algorithmsuite_set_soap_normalization(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_STR_TRANSFORM_10)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_STR_TRANSFORM_10,node,element))
+ {
+ rp_algorithmsuite_set_str_transformation(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(strcmp(algosuite_string,RP_XPATH10)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_XPATH10,node,element))
+ {
+ rp_algorithmsuite_set_xpath(algorithmsuite,env,algosuite_string);
+ return AXIS2_SUCCESS;
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_FAILURE;
+}
Added: webservices/rampart/tags/c/0.90/src/secpolicy/builder/asymmetric_binding_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/secpolicy/builder/asymmetric_binding_builder.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/secpolicy/builder/asymmetric_binding_builder.c (added)
+++ webservices/rampart/tags/c/0.90/src/secpolicy/builder/asymmetric_binding_builder.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,151 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include <rp_asymmetric_binding_builder.h>
+#include <rp_qname_matcher.h>
+#include <rp_token_builder.h>
+
+AXIS2_EXTERN rp_asymmetric_binding_t *AXIS2_CALL
+rp_asymmetric_binding_builder_build(const axutil_env_t *env, axiom_node_t *asymmetric)
+{
+ rp_asymmetric_binding_t *asymmetric_binding = NULL;
+ rp_symmetric_asymmetric_binding_commons_t *as_commons = NULL;
+ rp_binding_commons_t *commons = NULL;
+ axiom_element_t *pol_ele = NULL;
+ axiom_node_t *policy = NULL;
+
+ AXIS2_ENV_CHECK(env, NULL);
+
+ if(asymmetric)
+ {
+ policy = axiom_node_get_first_element(asymmetric,env);
+
+ if(axiom_node_get_node_type(policy, env) == AXIOM_ELEMENT)
+ {
+ pol_ele = (axiom_element_t*)axiom_node_get_data_element(policy, env);
+
+ asymmetric_binding = rp_asymmetric_binding_create(env);
+ if(!asymmetric_binding)
+ return NULL;
+
+ as_commons = rp_symmetric_asymmetric_binding_commons_create(env);
+ if(!as_commons)
+ return NULL;
+
+ commons = rp_binding_commons_create(env);
+ if(!commons)
+ return NULL;
+
+ if(pol_ele)
+ {
+ axiom_children_iterator_t *children_iter = NULL;
+ children_iter = axiom_element_get_children(pol_ele, env, policy);
+ if(children_iter )
+ {
+ while(axiom_children_iterator_has_next(children_iter, env))
+ {
+ axiom_node_t *node = NULL;
+ axiom_element_t *ele = NULL;
+ axis2_char_t *local_name = NULL;
+ node = axiom_children_iterator_next(children_iter, env);
+ if(node)
+ {
+ if(axiom_node_get_node_type(node, env) == AXIOM_ELEMENT)
+ {
+ ele = (axiom_element_t*)axiom_node_get_data_element(node, env);
+ if(ele)
+ {
+ local_name = axiom_element_get_localname(ele,env);
+ if(local_name)
+ {
+ if(rp_asymmetric_binding_builder_istoken(env,local_name))
+ rp_asymmetric_binding_builder_set_token_type(env,asymmetric_binding,node,ele,local_name);
+ else
+ rp_symmetric_asymmetric_commons_builder_build(env,node,ele,local_name,as_commons,commons);
+ }
+ }
+ }
+ }
+ }
+ }
+ rp_symmetric_asymmetric_binding_commons_set_binding_commons(as_commons,env,commons);
+ rp_asymmetric_binding_set_symmetric_asymmetric_binding_commons(asymmetric_binding,env,as_commons);
+ }
+ }
+ }
+ return asymmetric_binding;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rp_asymmetric_binding_builder_set_token_type(
+ const axutil_env_t *env,
+ rp_asymmetric_binding_t *asymmetric_binding,
+ axiom_node_t *node,
+ axiom_element_t *element,
+ axis2_char_t *local_name)
+{
+ AXIS2_ENV_CHECK(env,AXIS2_FAILURE);
+
+ if(axutil_strcmp(local_name,RP_INITIATOR_TOKEN)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_INITIATOR_TOKEN,node,element))
+ {
+ rp_property_t *initiator_token = NULL;
+ initiator_token = rp_token_builder_build(env,node);
+ if(!initiator_token)
+ return AXIS2_FAILURE;
+
+ return rp_asymmetric_binding_set_initiator_token(asymmetric_binding,env,initiator_token);
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(axutil_strcmp(local_name,RP_RECIPIENT_TOKEN)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_RECIPIENT_TOKEN,node,element))
+ {
+ rp_property_t *recipient_token = NULL;
+ recipient_token = rp_token_builder_build(env,node);
+ if(!recipient_token)
+ return AXIS2_FAILURE;
+
+ return rp_asymmetric_binding_set_recipient_token(asymmetric_binding,env,recipient_token);
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_FAILURE;
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rp_asymmetric_binding_builder_istoken(
+ const axutil_env_t *env,
+ axis2_char_t *local_name)
+{
+ AXIS2_ENV_CHECK(env,AXIS2_FALSE);
+
+ if(axutil_strcmp(local_name,RP_INITIATOR_TOKEN)==0)
+ return AXIS2_TRUE;
+
+ else if(axutil_strcmp(local_name,RP_RECIPIENT_TOKEN)==0)
+ return AXIS2_TRUE;
+
+ else
+ return AXIS2_FALSE;
+}
Added: webservices/rampart/tags/c/0.90/src/secpolicy/builder/binding_commons_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/secpolicy/builder/binding_commons_builder.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/secpolicy/builder/binding_commons_builder.c (added)
+++ webservices/rampart/tags/c/0.90/src/secpolicy/builder/binding_commons_builder.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,148 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include <rp_binding_commons_builder.h>
+#include <rp_qname_matcher.h>
+#include <rp_supporting_tokens_builder.h>
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rp_binding_commons_builder_build(
+ const axutil_env_t *env,
+ axiom_node_t *node,
+ axiom_element_t *element,
+ axis2_char_t *local_name,
+ rp_binding_commons_t *commons)
+{
+ AXIS2_ENV_CHECK(env,AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,node,AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,element,AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,local_name,AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,commons,AXIS2_FAILURE);
+
+ if(axutil_strcmp(local_name,RP_ALGORITHM_SUITE)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ALGORITHM_SUITE,node,element))
+ {
+ rp_algorithmsuite_t *algo_suite = NULL;
+ algo_suite = rp_algorithmsuite_builder_build(env,node);
+ if(algo_suite)
+ {
+ rp_binding_commons_set_algorithmsuite(commons,env,algo_suite);
+ return AXIS2_SUCCESS;
+ }
+ else return AXIS2_FAILURE;
+ }
+ return AXIS2_FAILURE;
+ }
+ else if(axutil_strcmp(local_name,RP_LAYOUT)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_LAYOUT,node,element))
+ {
+ rp_layout_t *layout = NULL;
+ layout = rp_layout_builder_build(env,node);
+ if(layout)
+ {
+ rp_binding_commons_set_layout(commons,env,layout);
+ return AXIS2_SUCCESS;
+ }
+ else return AXIS2_FAILURE;
+ }
+ return AXIS2_FAILURE;
+ }
+ else if(axutil_strcmp(local_name,RP_INCLUDE_TIMESTAMP)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_INCLUDE_TIMESTAMP,node,element))
+ {
+ rp_binding_commons_set_include_timestamp(commons,env,AXIS2_TRUE);
+ return AXIS2_SUCCESS;
+ }
+ return AXIS2_FAILURE;
+ }
+ else if(axutil_strcmp(local_name,RP_SIGNED_SUPPORTING_TOKENS)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_SIGNED_SUPPORTING_TOKENS,node,element))
+ {
+ rp_supporting_tokens_t *signed_supporting_tokens = NULL;
+
+ signed_supporting_tokens = rp_supporting_tokens_builder_build(env,node);
+ if(!signed_supporting_tokens)
+ return AXIS2_FAILURE;
+
+ rp_supporting_tokens_set_type(signed_supporting_tokens,env,RP_SUPPORTING_SIGNED_SUPPORTING);
+
+ return rp_binding_commons_set_signed_supporting_tokens(commons,env,signed_supporting_tokens);
+ }
+ else
+ return AXIS2_FAILURE;
+
+ }
+ else if(axutil_strcmp(local_name,RP_SIGNED_ENDORSING_SUPPORTING_TOKENS)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_SIGNED_ENDORSING_SUPPORTING_TOKENS,node,element))
+ {
+ rp_supporting_tokens_t *signed_endorsing_supporting_tokens = NULL;
+
+ signed_endorsing_supporting_tokens = rp_supporting_tokens_builder_build(env,node);
+ if(!signed_endorsing_supporting_tokens)
+ return AXIS2_FAILURE;
+
+ rp_supporting_tokens_set_type(signed_endorsing_supporting_tokens,env,RP_SUPPORTING_SIGNED_ENDORSING_SUPPORTING);
+
+ return rp_binding_commons_set_signed_endorsing_supporting_tokens(commons,env,signed_endorsing_supporting_tokens);
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(axutil_strcmp(local_name,RP_ENDORSING_SUPPORTING_TOKENS)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_ENDORSING_SUPPORTING_TOKENS,node,element))
+ {
+ rp_supporting_tokens_t *endorsing_supporting_tokens = NULL;
+
+ endorsing_supporting_tokens = rp_supporting_tokens_builder_build(env,node);
+ if(!endorsing_supporting_tokens)
+ return AXIS2_FAILURE;
+
+ rp_supporting_tokens_set_type(endorsing_supporting_tokens,env,RP_SUPPORTING_ENDORSING_SUPPORTING);
+
+ return rp_binding_commons_set_endorsing_supporting_tokens(commons,env,endorsing_supporting_tokens);
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+ else if(axutil_strcmp(local_name,RP_SUPPORTING_TOKENS)==0)
+ {
+ if(rp_match_secpolicy_qname(env,RP_SUPPORTING_TOKENS,node,element))
+ {
+ rp_supporting_tokens_t *supporting_tokens = NULL;
+
+ supporting_tokens = rp_supporting_tokens_builder_build(env,node);
+ if(!supporting_tokens)
+ return AXIS2_FAILURE;
+
+ rp_supporting_tokens_set_type(supporting_tokens,env,RP_SUPPORTING_SUPPORTING);
+
+ return rp_binding_commons_set_supporting_tokens(commons,env,supporting_tokens);
+ }
+ else
+ return AXIS2_FAILURE;
+ }
+
+ else
+ return AXIS2_FAILURE;
+}