You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/05/16 07:54:07 UTC

svn commit: r538443 - in /webservices/rampart/trunk/c/src: omxmlsec/xml_encryption.c util/rampart_replay_detector.c util/rampart_sec_header_processor.c

Author: kaushalye
Date: Tue May 15 22:54:06 2007
New Revision: 538443

URL: http://svn.apache.org/viewvc?view=rev&rev=538443
Log:
Replay detection : Removing old records from the db

Modified:
    webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
    webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
    webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c

Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c?view=diff&rev=538443&r1=538442&r2=538443
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c Tue May 15 22:54:06 2007
@@ -370,7 +370,7 @@
     /*Populate the context for future use*/
     oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, sym_algo);
     oxs_ctx_set_id(enc_ctx, env, id);
-    oxs_ctx_set_id(enc_ctx, env, type);
+    oxs_ctx_set_type(enc_ctx, env, type);
 
     /*Get the cipher value*/
     cd_node = oxs_axiom_get_first_child_node_by_name(env, enc_type_node, OXS_NODE_CIPHER_DATA,OXS_ENC_NS,OXS_XENC);

Modified: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?view=diff&rev=538443&r1=538442&r2=538443
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Tue May 15 22:54:06 2007
@@ -87,21 +87,25 @@
     }        
 }
 
+/* ts= the timestamp of the current record
+ * val= the timestamp of the ith record of the database
+ * */
 AXIS2_EXTERN axis2_bool_t AXIS2_CALL
 rampart_replay_detector_is_overdue(const axutil_env_t *env,
-    const axis2_char_t *val,
-    const axis2_char_t *ref)
+    const axis2_char_t *ts,
+    const axis2_char_t *val)
 {
     axutil_date_time_comp_result_t res = AXIS2_DATE_TIME_COMP_RES_UNKNOWN;
     axutil_date_time_t *dt1 = NULL;
     axutil_date_time_t *dt2 = NULL;
 
-    dt1 = axutil_date_time_create(env);
+    /*dt1 = axutil_date_time_create(env);*/
+    dt1 = axutil_date_time_create_with_offset(env, 5*60); /*To delete records that are 5 mins old*/
     dt2 = axutil_date_time_create(env);
 
-    axutil_date_time_deserialize_time(dt1, env, val);
-    axutil_date_time_deserialize_time(dt2, env, ref);
-    /*If dt1(val) < dt2(ref) then its expired*/
+    /*axutil_date_time_deserialize_time(dt1, env, ts);*/
+    axutil_date_time_deserialize_time(dt2, env, val);
+
     res = axutil_date_time_compare(dt2, env, dt1);
     if(AXIS2_DATE_TIME_COMP_RES_EXPIRED == res){
         return AXIS2_TRUE;
@@ -143,7 +147,7 @@
    
     msg_id = axis2_msg_ctx_get_wsa_message_id(msg_ctx, env); 
     if(!msg_id){
-        msg_id = "MSG-ID";/*This has to be changed*/
+        msg_id = "MSG-ID";/*This has to be changed to generate the hash*/
     }
     ts = rampart_replay_detector_get_ts( env, msg_ctx); 
     /*Get the DB*/    
@@ -152,8 +156,8 @@
         AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the default database for replay detection from msg_ctx");
         return AXIS2_FAILURE;
     }else{
-        void *id = NULL; /*Temp record id*/
-        void *val = NULL; /*Temp time stamp*/
+        void *id = NULL; /*Temp record id (of i'th recored)*/
+        void *val = NULL; /*Temp time stamp (of i'th recored))*/
      
         AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Number of records =%d", axutil_hash_count(hash));
 

Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?view=diff&rev=538443&r1=538442&r2=538443
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Tue May 15 22:54:06 2007
@@ -105,8 +105,8 @@
 }
 
 static oxs_x509_cert_t *get_receiver_x509_cert(
-                        const axutil_env_t *env,
-                        rampart_context_t *rampart_context)
+    const axutil_env_t *env,
+    rampart_context_t *rampart_context)
 {
 
     axis2_char_t *file_name = NULL;
@@ -116,15 +116,15 @@
     if(pem_buf)
     {
         return oxs_key_mgr_load_x509_cert_from_string(env,pem_buf);
-    }        
+    }
     else
     {
         file_name = rampart_context_get_receiver_certificate_file(rampart_context,env);
         if(!file_name)
             return NULL;
         else
-            return oxs_key_mgr_load_x509_cert_from_pem_file(env,file_name);    
-    }        
+            return oxs_key_mgr_load_x509_cert_from_pem_file(env,file_name);
+    }
 }
 
 
@@ -586,7 +586,7 @@
 
     /*str_node = oxs_axiom_get_first_child_node_by_name(env,key_info_node,
                             OXS_NODE_SECURITY_TOKEN_REFRENCE,NULL,NULL);*/
-   
+
     if(str_node)
     {
         str_child_node = axiom_node_get_first_element(str_node,env);
@@ -770,13 +770,13 @@
                     return AXIS2_FAILURE;
                 }
                 AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
-                
+
                 status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
-                
+
                 if(status!=AXIS2_SUCCESS){
-                    rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx); 
+                    rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
                     return status;
-                }                    
+                }
             }
             else
             {
@@ -873,7 +873,7 @@
                 AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
                 status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
                 if(status!=AXIS2_SUCCESS){
-                    rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx); 
+                    rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
                     return status;
                 }
             }
@@ -901,7 +901,11 @@
             if(status!=AXIS2_SUCCESS)
                 return status;
         }
-
+        if(NULL == rampart_context_get_rd_val(rampart_context, env)){
+            need_replay_detection = AXIS2_FALSE;
+        }else{
+            need_replay_detection = AXIS2_TRUE;
+        }
         if(AXIS2_TRUE == need_replay_detection){/*TODO Chk for the policy configuration*/
             rampart_is_replayed_fn rd_fn = NULL;
             /*Is replayed*/