You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/05/16 07:54:07 UTC
svn commit: r538443 - in /webservices/rampart/trunk/c/src:
omxmlsec/xml_encryption.c util/rampart_replay_detector.c
util/rampart_sec_header_processor.c
Author: kaushalye
Date: Tue May 15 22:54:06 2007
New Revision: 538443
URL: http://svn.apache.org/viewvc?view=rev&rev=538443
Log:
Replay detection : Removing old records from the db
Modified:
webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c?view=diff&rev=538443&r1=538442&r2=538443
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c Tue May 15 22:54:06 2007
@@ -370,7 +370,7 @@
/*Populate the context for future use*/
oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, sym_algo);
oxs_ctx_set_id(enc_ctx, env, id);
- oxs_ctx_set_id(enc_ctx, env, type);
+ oxs_ctx_set_type(enc_ctx, env, type);
/*Get the cipher value*/
cd_node = oxs_axiom_get_first_child_node_by_name(env, enc_type_node, OXS_NODE_CIPHER_DATA,OXS_ENC_NS,OXS_XENC);
Modified: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?view=diff&rev=538443&r1=538442&r2=538443
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Tue May 15 22:54:06 2007
@@ -87,21 +87,25 @@
}
}
+/* ts= the timestamp of the current record
+ * val= the timestamp of the ith record of the database
+ * */
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_replay_detector_is_overdue(const axutil_env_t *env,
- const axis2_char_t *val,
- const axis2_char_t *ref)
+ const axis2_char_t *ts,
+ const axis2_char_t *val)
{
axutil_date_time_comp_result_t res = AXIS2_DATE_TIME_COMP_RES_UNKNOWN;
axutil_date_time_t *dt1 = NULL;
axutil_date_time_t *dt2 = NULL;
- dt1 = axutil_date_time_create(env);
+ /*dt1 = axutil_date_time_create(env);*/
+ dt1 = axutil_date_time_create_with_offset(env, 5*60); /*To delete records that are 5 mins old*/
dt2 = axutil_date_time_create(env);
- axutil_date_time_deserialize_time(dt1, env, val);
- axutil_date_time_deserialize_time(dt2, env, ref);
- /*If dt1(val) < dt2(ref) then its expired*/
+ /*axutil_date_time_deserialize_time(dt1, env, ts);*/
+ axutil_date_time_deserialize_time(dt2, env, val);
+
res = axutil_date_time_compare(dt2, env, dt1);
if(AXIS2_DATE_TIME_COMP_RES_EXPIRED == res){
return AXIS2_TRUE;
@@ -143,7 +147,7 @@
msg_id = axis2_msg_ctx_get_wsa_message_id(msg_ctx, env);
if(!msg_id){
- msg_id = "MSG-ID";/*This has to be changed*/
+ msg_id = "MSG-ID";/*This has to be changed to generate the hash*/
}
ts = rampart_replay_detector_get_ts( env, msg_ctx);
/*Get the DB*/
@@ -152,8 +156,8 @@
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the default database for replay detection from msg_ctx");
return AXIS2_FAILURE;
}else{
- void *id = NULL; /*Temp record id*/
- void *val = NULL; /*Temp time stamp*/
+ void *id = NULL; /*Temp record id (of i'th recored)*/
+ void *val = NULL; /*Temp time stamp (of i'th recored))*/
AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Number of records =%d", axutil_hash_count(hash));
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?view=diff&rev=538443&r1=538442&r2=538443
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Tue May 15 22:54:06 2007
@@ -105,8 +105,8 @@
}
static oxs_x509_cert_t *get_receiver_x509_cert(
- const axutil_env_t *env,
- rampart_context_t *rampart_context)
+ const axutil_env_t *env,
+ rampart_context_t *rampart_context)
{
axis2_char_t *file_name = NULL;
@@ -116,15 +116,15 @@
if(pem_buf)
{
return oxs_key_mgr_load_x509_cert_from_string(env,pem_buf);
- }
+ }
else
{
file_name = rampart_context_get_receiver_certificate_file(rampart_context,env);
if(!file_name)
return NULL;
else
- return oxs_key_mgr_load_x509_cert_from_pem_file(env,file_name);
- }
+ return oxs_key_mgr_load_x509_cert_from_pem_file(env,file_name);
+ }
}
@@ -586,7 +586,7 @@
/*str_node = oxs_axiom_get_first_child_node_by_name(env,key_info_node,
OXS_NODE_SECURITY_TOKEN_REFRENCE,NULL,NULL);*/
-
+
if(str_node)
{
str_child_node = axiom_node_get_first_element(str_node,env);
@@ -770,13 +770,13 @@
return AXIS2_FAILURE;
}
AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
-
+
status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
-
+
if(status!=AXIS2_SUCCESS){
- rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
return status;
- }
+ }
}
else
{
@@ -873,7 +873,7 @@
AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
if(status!=AXIS2_SUCCESS){
- rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
return status;
}
}
@@ -901,7 +901,11 @@
if(status!=AXIS2_SUCCESS)
return status;
}
-
+ if(NULL == rampart_context_get_rd_val(rampart_context, env)){
+ need_replay_detection = AXIS2_FALSE;
+ }else{
+ need_replay_detection = AXIS2_TRUE;
+ }
if(AXIS2_TRUE == need_replay_detection){/*TODO Chk for the policy configuration*/
rampart_is_replayed_fn rd_fn = NULL;
/*Is replayed*/