You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by pi...@apache.org on 2007/09/06 12:49:17 UTC
svn commit: r573215 [20/22] - in /webservices/rampart/tags/c/0.90: ./ build/
build/linux/ build/win32/ include/ samples/ samples/authn_provider/
samples/callback/ samples/callback/htpasswd_callback/ samples/client/
samples/client/sec_echo/ samples/clie...
Added: webservices/rampart/tags/c/0.90/src/util/rampart_engine.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/util/rampart_engine.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/util/rampart_engine.c (added)
+++ webservices/rampart/tags/c/0.90/src/util/rampart_engine.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,317 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+/*
+ *
+ */
+
+#include <rampart_engine.h>
+#include <axis2_ctx.h>
+#include <rampart_replay_detector.h>
+/*This method sets all the configurations
+ loads required modules and start rampart.*/
+
+rampart_context_t *AXIS2_CALL
+get_rampart_context_with_secpolicy_from_om(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+rampart_context_t *AXIS2_CALL
+build_rampart_context_from_file(
+ const axutil_env_t *env,
+ axis2_char_t *file_name);
+
+rampart_context_t *AXIS2_CALL
+get_rampart_context_in_server_side(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ const axis2_char_t *key);
+
+
+AXIS2_EXTERN rampart_context_t* AXIS2_CALL
+rampart_engine_init(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_bool_t is_inflow)
+{
+
+ axis2_char_t *file_name = NULL;
+ rampart_context_t *rampart_context = NULL;
+ void *value = NULL;
+
+ /*First we try to load the rampart_context*
+ *This can be set from an extension like PHP
+ So first extract it from such a scenario.*/
+
+ if(is_inflow)
+ {
+ value = rampart_get_rampart_configuration(env,msg_ctx,INFLOW_RAMPART_CONTEXT);
+ if(value)
+ {
+ /*We need a rampart_context*/
+ rampart_context = (rampart_context_t *)value;
+ if(!rampart_context)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Type in the parameter is not rampart_context");
+ return NULL;
+ }
+ /*We will build sec policy from the axiom representation of the policy. Used in PHP ext*/
+ rampart_context = get_rampart_context_with_secpolicy_from_om(rampart_context,env);
+
+ }else{
+ /*For the performance we will first chk if we have a saved configuration in the conf ctx.[else block]
+ *If not we will extract configurations from the descriptor files*/
+ if(axis2_msg_ctx_get_server_side(msg_ctx,env)) {
+ /*If the server side*/
+ rampart_context = get_rampart_context_in_server_side(env,msg_ctx,IN_MESSAGE_SECURITY);
+ }else{
+ value = rampart_get_rampart_configuration(env,msg_ctx,RAMPART_INFLOW_SECURITY_POLICY);
+ if(!value){
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Errors in the configurations");
+ return NULL;
+ }
+ file_name = (axis2_char_t *)value;
+ rampart_context = build_rampart_context_from_file(env,file_name);
+ }
+ }
+ /*We set our default impl of replay detection function*/
+ rampart_context_set_replay_detect_function(rampart_context, env, rampart_replay_detector_default);
+ }else{
+ /*Outflow*/
+ value = rampart_get_rampart_configuration(env,msg_ctx,OUTFLOW_RAMPART_CONTEXT);
+ if(value)
+ {
+ rampart_context = (rampart_context_t *)value;
+ if(!rampart_context)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Type in the parameter is not rampart_context");
+ return NULL;
+ }
+ rampart_context = get_rampart_context_with_secpolicy_from_om(rampart_context,env);
+ }else{
+ if(axis2_msg_ctx_get_server_side(msg_ctx,env))
+ {
+ rampart_context = get_rampart_context_in_server_side(env,msg_ctx,OUT_MESSAGE_SECURITY);
+ }
+ else
+ {
+ value = rampart_get_rampart_configuration(env,msg_ctx,RAMPART_OUTFLOW_SECURITY_POLICY);
+ if(!value)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Errors in the configurations");
+ return NULL;
+ }
+ file_name = (axis2_char_t *)value;
+ rampart_context = build_rampart_context_from_file(env,file_name);
+ }
+ }
+ }
+
+ return rampart_context;
+}
+
+rampart_context_t *AXIS2_CALL
+get_rampart_context_with_secpolicy_from_om(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ axiom_node_t *policy_node = NULL;
+ rp_secpolicy_t *secpolicy = NULL;
+
+ policy_node = rampart_context_get_policy_node(rampart_context,env);
+ if(!policy_node)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Policy node is null.");
+ return NULL;
+ }
+ secpolicy = rp_policy_create_from_om_node(env,policy_node);
+ if(!secpolicy)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Cannot create policy from the node");
+ return NULL;
+ }
+ rampart_context_set_secpolicy(rampart_context,env,secpolicy);
+ return rampart_context;
+}
+
+rampart_context_t *AXIS2_CALL
+build_rampart_context_from_file(
+ const axutil_env_t *env,
+ axis2_char_t *file_name)
+{
+ rp_secpolicy_t *secpolicy = NULL;
+ rampart_context_t *rampart_context = NULL;
+ rampart_callback_t* password_callback_module = NULL;
+ rampart_authn_provider_t *authn_provider = NULL;
+ axis2_char_t *pwcb_module_name = NULL;
+ axis2_char_t *authn_provider_name = NULL;
+ axis2_status_t status = AXIS2_SUCCESS;
+
+ if(!file_name)
+ {
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_Engine] No Security in the flow. So nothing to do");
+ return NULL;
+ }
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine] Trying to build rampart context from file %s ", file_name);
+
+ secpolicy = rp_policy_create_from_file(env,file_name);
+
+ if(!secpolicy)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine] Cannot get policy" );
+ /*No policy so we cant proceed.*/
+ return NULL;
+ }
+ rampart_context = rampart_context_create(env);
+
+ if(!rampart_context)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine]System is out of memory. Cannot get Rampart Context ");
+ /*No policy so we cant proceed.*/
+ return NULL;
+ }
+
+ rampart_context_set_secpolicy(rampart_context,env,secpolicy);
+
+ status = rampart_context_set_user_from_file(rampart_context,env);
+ if(status!=AXIS2_SUCCESS)
+ return NULL;
+
+ status = rampart_context_set_ttl_from_file(rampart_context,env);
+ if(status!=AXIS2_SUCCESS)
+ return NULL;
+
+ status = rampart_context_set_password_type_from_file(rampart_context,env);
+ if(status!=AXIS2_SUCCESS)
+ return NULL;
+
+ pwcb_module_name = rampart_context_get_password_callback_class(rampart_context,env);
+
+ if(pwcb_module_name)
+ {
+ password_callback_module = rampart_load_pwcb_module(env,pwcb_module_name);
+ if(password_callback_module)
+ rampart_context_set_password_callback(rampart_context,env,password_callback_module);
+ }
+ authn_provider_name = rampart_context_get_authn_module_name(rampart_context,env);
+
+ if(authn_provider_name)
+ {
+ authn_provider = rampart_load_auth_module(env,authn_provider_name);
+ if(authn_provider)
+ rampart_context_set_authn_provider(rampart_context,env,authn_provider);
+ }
+ return rampart_context;
+
+}
+
+rampart_context_t *AXIS2_CALL
+get_rampart_context_in_server_side(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ const axis2_char_t *key)
+{
+
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx,env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][engine] Conf context is NULL ");
+ return NULL;
+ }
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][engine] axis2 context is NULL ");
+ return NULL;
+ }
+ /*Possible Keys : IN_MESSAGE_SECURITY, OUT_MESSAGE_SECURITY*/
+ property = axis2_ctx_get_property(ctx,env,key);
+ if(property)
+ {
+ return (rampart_context_t *)axutil_property_get_value(property,env);
+ }else{
+ /*We cannot find the rampart_context as a property in axis2_ctx. Thus we need to create*/
+ axis2_char_t *file_name = NULL;
+ rampart_context_t *rampart_context = NULL;
+
+ if(axutil_strcmp(key, IN_MESSAGE_SECURITY)==0)
+ {
+ file_name =(axis2_char_t *)rampart_get_rampart_configuration(env,msg_ctx,RAMPART_INFLOW_SECURITY_POLICY);
+ if(file_name)
+ {
+ rampart_context = build_rampart_context_from_file(env,file_name);
+ /*
+ property = axutil_property_create(env);
+ axutil_property_set_value(property,env,rampart_context);
+ */
+
+ property = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_FALSE, (void *)rampart_engine_shutdown, rampart_context );
+
+ axis2_ctx_set_property(ctx, env, key, property);
+ return rampart_context;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Errors in the configurations");
+ return NULL;
+ }
+ }
+ else if(axutil_strcmp(key,OUT_MESSAGE_SECURITY)==0)
+ {
+ file_name =(axis2_char_t *)rampart_get_rampart_configuration(env,msg_ctx,RAMPART_OUTFLOW_SECURITY_POLICY);
+ if(file_name)
+ {
+ rampart_context = build_rampart_context_from_file(env,file_name);
+ /*property = axutil_property_create(env);
+ axutil_property_set_value(property,env,rampart_context);*/
+
+ property = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION,
+ AXIS2_FALSE, (void *)rampart_engine_shutdown, rampart_context );
+ axis2_ctx_set_property(ctx,env,key,property);
+ return rampart_context;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][rampart_engine] Errors in the configurations");
+ return NULL;
+ }
+ }
+ else return NULL;
+ }
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_engine_shutdown(const axutil_env_t *env,
+ rampart_context_t *rampart_context)
+{
+
+ /* rp_secpolicy_t *secpolicy = NULL;*/
+ axis2_status_t status = AXIS2_FAILURE;
+
+ /* secpolicy = rampart_context_get_secpolicy(rampart_context,env);
+ status = rp_secpolicy_free(secpolicy,env);
+ secpolicy = NULL;
+ */
+ status = rampart_context_free(rampart_context,env);
+ rampart_context = NULL;
+ return status;
+}
Added: webservices/rampart/tags/c/0.90/src/util/rampart_handler_util.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/util/rampart_handler_util.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/util/rampart_handler_util.c (added)
+++ webservices/rampart/tags/c/0.90/src/util/rampart_handler_util.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,291 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <rampart_handler_util.h>
+#include <axis2_handler_desc.h>
+#include <axutil_qname.h>
+#include <axis2_svc.h>
+#include <axiom_soap_header.h>
+#include <axiom_soap_body.h>
+#include <axiom_soap_header_block.h>
+#include <axis2_endpoint_ref.h>
+#include <axutil_property.h>
+#include <rampart_constants.h>
+#include <axutil_dll_desc.h>
+#include <axutil_class_loader.h>
+#include <axis2_conf_ctx.h>
+#include <oxs_axiom.h>
+
+
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
+rampart_get_property_from_ctx(const axutil_env_t *env,
+ axis2_ctx_t *ctx,
+ const axis2_char_t *key);
+
+AXIS2_EXTERN axutil_param_t* AXIS2_CALL
+rampart_get_security_param(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *parameter);
+
+AXIS2_EXTERN axiom_node_t *AXIS2_CALL
+rampart_get_security_token(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axiom_soap_header_t *soap_header);
+
+AXIS2_EXTERN void AXIS2_CALL
+rampart_create_fault_envelope(const axutil_env_t *env,
+ const axis2_char_t *sub_code,
+ const axis2_char_t *reason_text,
+ const axis2_char_t *detail_node_text,
+ axis2_msg_ctx_t *msg_ctx);
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_validate_security_token(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axiom_node_t *sec_node);
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_get_policy_location(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *param_name);
+
+/**********************end of header functions ****************************/
+
+
+axis2_char_t* AXIS2_CALL
+rampart_get_property_from_ctx(const axutil_env_t *env,
+ axis2_ctx_t *ctx,
+ const axis2_char_t *key)
+{
+ axutil_property_t* property = NULL;
+ axis2_char_t* str_property = NULL;
+
+ /*Get value from the dynamic settings*/
+
+ property = axis2_ctx_get_property(ctx, env, key);
+ if (property)
+ {
+ str_property = axutil_property_get_value(property, env);
+ property = NULL;
+ }
+
+ return str_property;
+}
+
+
+axutil_param_t* AXIS2_CALL
+rampart_get_security_param(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *parameter)
+{
+ /*parameter can be either RAMPART_OUTFLOW_SECURITY or RAMPART_INFLOW_SECURITY*/
+ axutil_param_t *param = NULL;
+ param = axis2_msg_ctx_get_parameter(msg_ctx, env, parameter);
+ return param;
+}
+
+
+
+axiom_node_t *AXIS2_CALL
+rampart_get_security_token(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axiom_soap_header_t *soap_header
+ )
+{
+ axutil_array_list_t *sec_headers = NULL;
+ axis2_char_t *sec_ns_str = NULL;
+ axutil_hash_index_t *hash_index = NULL;
+ axutil_hash_t *header_block_ht = NULL;
+ axiom_element_t *header_block_ele = NULL;
+ axiom_node_t *header_block_node = NULL;
+
+ sec_headers = axiom_soap_header_get_header_blocks_with_namespace_uri(soap_header, env, RAMPART_WSSE_XMLNS);
+ if (sec_headers)
+ {
+ sec_ns_str = axutil_strdup(env, RAMPART_WSSE_XMLNS);
+
+ header_block_ht = axiom_soap_header_get_all_header_blocks(soap_header, env);
+ if (!header_block_ht)
+ return AXIS2_FAILURE;
+
+ /*BETTER IF : If there are multiple security header elements, get the one with @role=rampart*/
+ for (hash_index = axutil_hash_first(header_block_ht, env); hash_index;
+ hash_index = axutil_hash_next(env, hash_index))
+ {
+
+ void *hb = NULL;
+ axiom_soap_header_block_t *header_block = NULL;
+ axis2_char_t *ele_localname = NULL;
+
+ axutil_hash_this(hash_index, NULL, NULL, &hb);
+ header_block = (axiom_soap_header_block_t *)hb;
+ header_block_node = axiom_soap_header_block_get_base_node(header_block, env);
+ header_block_ele = (axiom_element_t*)axiom_node_get_data_element(header_block_node, env);
+ ele_localname = axiom_element_get_localname(header_block_ele, env);
+
+ if (axutil_strcmp(ele_localname, RAMPART_SECURITY) == 0)
+ {
+ /*Set mustUnderstand = 0*/
+ axiom_soap_header_block_set_must_understand_with_bool(header_block, env, AXIS2_FALSE);
+ return header_block_node;
+ }
+
+ }/*End of for*/
+ }
+ return header_block_node;
+
+}
+
+AXIS2_EXTERN void AXIS2_CALL
+rampart_create_fault_envelope(const axutil_env_t *env,
+ const axis2_char_t *sub_code,
+ const axis2_char_t *reason_text,
+ const axis2_char_t *detail_node_text,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ axiom_soap_envelope_t *envelope = NULL;
+ int soap_version = AXIOM_SOAP12;
+ axiom_node_t* text_om_node = NULL;
+ axiom_element_t * text_om_ele = NULL;
+ axiom_namespace_t *ns1 = NULL;
+ axutil_array_list_t *sub_codes = NULL;
+
+ sub_codes = axutil_array_list_create(env, 1);
+ axutil_array_list_add(sub_codes, env, sub_code);
+
+ ns1 = axiom_namespace_create(env, RAMPART_WSSE_XMLNS, RAMPART_WSSE);
+ text_om_ele = axiom_element_create(env, NULL, "ProblemSecurityHeader", ns1, &text_om_node);
+ axiom_element_set_text(text_om_ele, env, detail_node_text, text_om_node);
+
+ envelope = axiom_soap_envelope_create_default_soap_fault_envelope(env,
+ "soapenv:Sender",
+ reason_text,
+ soap_version, sub_codes, text_om_node);
+
+ axis2_msg_ctx_set_fault_soap_envelope(msg_ctx, env, envelope);
+ /*free sub codes*/
+ return;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_validate_security_token(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axiom_node_t *sec_node)
+{
+ int num = 0;
+ /*Check if there are multiple timestamp tokens*/
+ num = oxs_axiom_get_number_of_children_with_qname(env, sec_node, RAMPART_SECURITY_TIMESTAMP, NULL, NULL);
+ if (num > 1)
+ {
+ return AXIS2_FAILURE;
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+
+AXIS2_EXTERN void *AXIS2_CALL
+rampart_get_rampart_configuration(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *param_name)
+
+{
+ axutil_param_t *param_x_flow_security = NULL;
+ void *value = NULL;
+
+ param_x_flow_security = rampart_get_security_param(env, msg_ctx,
+ param_name);
+
+ if (!param_x_flow_security)
+ {
+ AXIS2_LOG_INFO(env->log,
+ "[rampart][rampart_handler_utils] %s parameter is not set.",param_x_flow_security);
+ return NULL;
+ }
+ value = axutil_param_get_value(param_x_flow_security, env);
+ return value;
+}
+
+/*This method will check whether rampart should process the message*/
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_is_rampart_engaged(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ struct axis2_svc *svc = NULL;
+ axutil_array_list_t *engaged_modules = NULL;
+ int size = 0;
+ int i = 0;
+ const axutil_qname_t *qname = NULL;
+ axis2_char_t *local_name = NULL;
+ axis2_conf_t *conf = NULL;
+ struct axis2_conf_ctx *conf_ctx = NULL;
+
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx,env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rhu] Conf context is NULL ");
+ return AXIS2_FALSE;
+ }
+ conf = axis2_conf_ctx_get_conf(conf_ctx, env);
+ if(!conf)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rhu] Cannot get the axis2 conf from conf context. ");
+ return AXIS2_FALSE;
+ }
+
+ engaged_modules = axis2_conf_get_all_engaged_modules(conf, env);
+ if(engaged_modules)
+ {
+ size = axutil_array_list_size(engaged_modules,env);
+ for(i=0; i<size; i++)
+ {
+ qname = (axutil_qname_t *) axutil_array_list_get(engaged_modules,env,i);
+ local_name = axutil_qname_get_localpart(qname,env);
+ if(axutil_strcmp(local_name,RAMPART_RAMPART)==0)
+ return AXIS2_TRUE;
+ }
+ }
+ /*If not engaed gloabally check whether it is engaged at service level.
+ *And If service is not there check whether the rampart is enabled by
+ a previous invocation of a handler.*/
+
+ svc = axis2_msg_ctx_get_svc(msg_ctx,env);
+ if(!svc)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rhu] Service is NULL.");
+ return axis2_conf_get_enable_security(conf,env);
+ }
+
+ engaged_modules = axis2_svc_get_all_module_qnames(svc,env);
+ if(engaged_modules)
+ {
+ size = axutil_array_list_size(engaged_modules,env);
+ for(i=0; i<size; i++)
+ {
+ qname = (axutil_qname_t *) axutil_array_list_get(engaged_modules,env,i);
+ local_name = axutil_qname_get_localpart(qname,env);
+ if(axutil_strcmp(local_name,RAMPART_RAMPART)==0)
+ {
+ axis2_conf_set_enable_security(conf,env,AXIS2_TRUE);
+ return AXIS2_TRUE;
+ }
+ }
+ }
+ return AXIS2_FALSE;
+}
+
Added: webservices/rampart/tags/c/0.90/src/util/rampart_rd_record.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/util/rampart_rd_record.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/util/rampart_rd_record.c (added)
+++ webservices/rampart/tags/c/0.90/src/util/rampart_rd_record.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,120 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <rampart_rd_record.h>
+#include <rampart_constants.h>
+
+struct rampart_rd_record_t
+{
+ axis2_char_t *id;
+ axis2_char_t *timestamp;
+
+};
+/*Public functions*/
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_rd_record_get_id(
+ const rampart_rd_record_t *rd_record,
+ const axutil_env_t *env)
+{
+ return rd_record->id;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_rd_record_get_timestamp(
+ const rampart_rd_record_t *rd_record,
+ const axutil_env_t *env)
+{
+ return rd_record->timestamp;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_rd_record_set_id(
+ rampart_rd_record_t *rd_record,
+ const axutil_env_t *env,
+ axis2_char_t *id)
+{
+
+ if (rd_record->id)
+ {
+ AXIS2_FREE(env->allocator, rd_record->id );
+ rd_record->id = NULL;
+ }
+ rd_record->id = axutil_strdup(env, id);
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_rd_record_set_timestamp(
+ rampart_rd_record_t *rd_record,
+ const axutil_env_t *env,
+ axis2_char_t *timestamp)
+{
+
+ if (rd_record->timestamp)
+ {
+ AXIS2_FREE(env->allocator, rd_record->timestamp );
+ rd_record->timestamp = NULL;
+ }
+ rd_record->timestamp = axutil_strdup(env, timestamp);
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN rampart_rd_record_t *AXIS2_CALL
+rampart_rd_record_create(const axutil_env_t *env)
+{
+ rampart_rd_record_t *rd_record = NULL;
+
+ AXIS2_ENV_CHECK(env, NULL);
+
+ rd_record = AXIS2_MALLOC(env->allocator, sizeof(rampart_rd_record_t));
+ if (!rd_record)
+ {
+ AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE);
+ return NULL;
+ }
+
+ rd_record->id = NULL;
+ rd_record->timestamp = NULL;
+
+ return rd_record;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_rd_record_free(rampart_rd_record_t *rd_record,
+ const axutil_env_t *env)
+{
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ if (rd_record->id)
+ {
+ AXIS2_FREE(env->allocator, rd_record->id);
+ rd_record->id = NULL;
+ }
+
+ if (rd_record->timestamp)
+ {
+ AXIS2_FREE(env->allocator, rd_record->timestamp);
+ rd_record->timestamp = NULL;
+ }
+
+ AXIS2_FREE(env->allocator, rd_record);
+ rd_record = NULL;
+
+ return AXIS2_SUCCESS;
+}
Added: webservices/rampart/tags/c/0.90/src/util/rampart_replay_detector.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/util/rampart_replay_detector.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/util/rampart_replay_detector.c (added)
+++ webservices/rampart/tags/c/0.90/src/util/rampart_replay_detector.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,188 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axutil_utils.h>
+#include <rampart_replay_detector.h>
+#include <axutil_property.h>
+#include <rampart_constants.h>
+#include <rampart_sec_processed_result.h>
+#include <rampart_util.h>
+/*Private functions*/
+AXIS2_EXTERN axutil_hash_t *AXIS2_CALL
+rampart_replay_detector_get_default_db(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_conf_ctx_t *conf_ctx = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axutil_property_t *property = NULL;
+ axutil_hash_t *hash = NULL;
+ /*Get the conf ctx*/
+ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env);
+ if(!conf_ctx)
+ {
+ AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI, "[rampart][rrd] Conf context is NULL ");
+ return NULL;
+ }
+ ctx = axis2_conf_ctx_get_base(conf_ctx,env);
+ if(!ctx)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][rrd] axis2 context is NULL ");
+ return NULL;
+ }
+ /*Get the DB property*/
+ property = axis2_ctx_get_property(ctx, env, RAMPART_RD_DB_PROP);
+ if(property)
+ {
+ /*Get the DB*/
+ hash = (axutil_hash_t*)axutil_property_get_value(property, env);
+ return hash;
+ }else{
+ hash = rampart_replay_detector_set_default_db(env, ctx);
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the property %s from msg_ctx. Creating a new", RAMPART_RD_DB_PROP);
+ return hash;
+ }
+}
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+rampart_replay_detector_get_ts(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axis2_char_t *ts = NULL;
+ axutil_hash_t *hash = NULL;
+
+ /*Get timestamp from security processed results*/
+ hash = rampart_get_all_security_processed_results(env, msg_ctx);
+
+ ts = axutil_hash_get(hash, RAMPART_SPR_TS_CREATED, AXIS2_HASH_KEY_STRING);
+ return ts;
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_replay_detector_is_replayed(const axutil_env_t *env,
+ const axis2_char_t *msg_id,
+ const axis2_char_t *ts,
+ const axis2_char_t *id,
+ const axis2_char_t *val)
+{
+ /*If both has the same msg-id and the timestamp its a replay*/
+ if((0== axutil_strcmp(msg_id, id)) && (0== axutil_strcmp(ts, val))){
+ return AXIS2_SUCCESS;
+ }else{
+ return AXIS2_FALSE;
+ }
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_replay_detector_is_overdue(const axutil_env_t *env,
+ const axis2_char_t *val,
+ const axis2_char_t *ref)
+{
+ axutil_date_time_comp_result_t res = AXIS2_DATE_TIME_COMP_RES_UNKNOWN;
+ axutil_date_time_t *dt1 = NULL;
+ axutil_date_time_t *dt2 = NULL;
+
+ dt1 = axutil_date_time_create(env);
+ dt2 = axutil_date_time_create(env);
+
+ axutil_date_time_deserialize_time(dt1, env, val);
+ axutil_date_time_deserialize_time(dt2, env, ref);
+ /*If dt1(val) < dt2(ref) then its expired*/
+ res = axutil_date_time_compare(dt2, env, dt1);
+ if(AXIS2_DATE_TIME_COMP_RES_EXPIRED == res){
+ return AXIS2_TRUE;
+ }else{
+ return AXIS2_FALSE;
+ }
+}
+
+/*Public functions*/
+AXIS2_EXTERN axutil_hash_t *AXIS2_CALL
+rampart_replay_detector_set_default_db(const axutil_env_t *env,
+ axis2_ctx_t *ctx)
+{
+ axutil_hash_t *hash_db = NULL;
+ axutil_property_t *hash_db_prop = NULL;
+
+ if(!ctx){
+ return NULL;
+ }
+
+ hash_db = axutil_hash_make(env);
+ hash_db_prop = axutil_property_create(env);
+
+ axutil_property_set_value(hash_db_prop, env, hash_db);
+ axis2_ctx_set_property(ctx, env, RAMPART_RD_DB_PROP, hash_db_prop);
+
+ return hash_db;
+}
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_replay_detector_default(const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx)
+{
+ axutil_hash_t *hash = NULL;
+ axutil_hash_index_t *hi = NULL;
+ const axis2_char_t *msg_id = NULL;
+ const axis2_char_t *ts = NULL;
+
+ msg_id = axis2_msg_ctx_get_wsa_message_id(msg_ctx, env);
+ if(!msg_id){
+ msg_id = "MSG-ID";/*This has to be changed*/
+ }
+ ts = rampart_replay_detector_get_ts( env, msg_ctx);
+ /*Get the DB*/
+ hash = rampart_replay_detector_get_default_db(env, msg_ctx);
+ if(!hash){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] Cannot get the default database for replay detection from msg_ctx");
+ return AXIS2_FAILURE;
+ }else{
+ void *id = NULL; /*Temp record id*/
+ void *val = NULL; /*Temp time stamp*/
+
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Number of records =%d", axutil_hash_count(hash));
+
+ /*If matches ERROR*/
+ for (hi = axutil_hash_first(hash, env); hi; hi = axutil_hash_next(env, hi)) {
+ axutil_hash_this(hi, (const void**)&id, NULL, &val);
+ printf("[rampart][rrd] (id, val) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)val);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] (id, val) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)val);
+ /*If replayed, return a FAILRE*/
+ if(AXIS2_TRUE == rampart_replay_detector_is_replayed(env, msg_id, ts, id, val)){
+ return AXIS2_FAILURE;
+ }
+ /*Clean up old records*/
+ if(AXIS2_TRUE == rampart_replay_detector_is_overdue(env , ts, val)){
+ /*Remove the record*/
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] removing record (id, val) = (%s , %s)\n", (axis2_char_t*)id, (axis2_char_t*)val);
+ AXIS2_FREE(env->allocator, id);
+ id = NULL;
+ AXIS2_FREE(env->allocator, val);
+ ts = NULL;
+ }
+ }/*eof for loop*/
+ /*If not replayed then we will insert the new record to the DB*/
+ axutil_hash_set(hash, msg_id, AXIS2_HASH_KEY_STRING, ts);
+
+ return AXIS2_SUCCESS;
+ }
+}
+
+
+
+
Added: webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_builder.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_builder.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_builder.c (added)
+++ webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_builder.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,222 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <rampart_encryption.h>
+#include <rampart_constants.h>
+#include <rampart_sec_header_builder.h>
+#include <rampart_username_token.h>
+#include <rampart_timestamp_token.h>
+#include <rampart_util.h>
+#include <rampart_sec_processed_result.h>
+#include <rampart_handler_util.h>
+#include <oxs_error.h>
+#include <oxs_utility.h>
+#include <oxs_key.h>
+#include <oxs_axiom.h>
+#include <oxs_asym_ctx.h>
+#include <oxs_tokens.h>
+#include <axutil_utils.h>
+#include <axutil_array_list.h>
+#include <rampart_signature.h>
+
+/*Private functions*/
+axis2_status_t AXIS2_CALL
+rampart_interchange_nodes(const axutil_env_t *env,
+ axiom_node_t *node_to_move,
+ axiom_node_t *node_before)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+
+ axiom_node_t *temp_node = NULL;
+
+ temp_node = axiom_node_detach(node_to_move,env);
+ status = axiom_node_insert_sibling_before(node_before,env,temp_node);
+
+ return status;
+}
+
+
+
+/*Public functions*/
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_shb_build_message(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_soap_envelope_t *soap_envelope)
+{
+
+ axis2_status_t status = AXIS2_FAILURE;
+ axiom_soap_header_t *soap_header = NULL;
+ axiom_node_t *soap_header_node = NULL;
+ axiom_element_t *soap_header_ele = NULL;
+ axiom_soap_header_block_t *sec_header_block = NULL;
+ axiom_namespace_t *sec_ns_obj = NULL;
+ axiom_node_t *sec_node = NULL;
+ axiom_element_t *sec_ele = NULL;
+ axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
+ axiom_node_t *sig_node = NULL;
+ axiom_node_t *enc_key_node = NULL;
+
+ AXIS2_ENV_CHECK(env,AXIS2_FAILURE);
+ soap_header = axiom_soap_envelope_get_header(soap_envelope, env);
+ soap_header_node = axiom_soap_header_get_base_node(soap_header, env);
+ soap_header_ele = (axiom_element_t *)axiom_node_get_data_element(
+ soap_header_node, env);
+
+
+ sec_ns_obj = axiom_namespace_create(env, RAMPART_WSSE_XMLNS,
+ RAMPART_WSSE);
+
+ sec_header_block = axiom_soap_header_add_header_block(soap_header,
+ env, RAMPART_SECURITY, sec_ns_obj);
+
+ if(!sec_header_block)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Security header block is NULL");
+ return AXIS2_SUCCESS;
+ }
+
+ axiom_soap_header_block_set_must_understand_with_bool(sec_header_block,
+ env, AXIS2_TRUE);
+
+ sec_node = axiom_soap_header_block_get_base_node(sec_header_block, env);
+ sec_ele = (axiom_element_t *)
+ axiom_node_get_data_element(sec_node, env);
+
+ /*check the binding*/
+ if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_ASYMMETRIC)
+ {
+ /*Do Asymmetric Binding specific things*/
+
+ /*Timestamp Inclusion*/
+ if(rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ int ttl = -1;
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] building Timestamp Token");
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Using default timeToLive value %d",
+ RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE);
+ /*ttl = RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE;*/
+ ttl = rampart_context_get_ttl(rampart_context,env);
+
+ status = rampart_timestamp_token_build(env,
+ sec_node, sec_ns_obj, ttl);
+ if (status == AXIS2_FAILURE)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Timestamp Token build failed. ERROR");
+ return AXIS2_FAILURE;
+ }
+ }
+
+ /*Check whether we need username token*/
+ /*User name tokens includes in messages sent from client to server*/
+ if(!axis2_msg_ctx_get_server_side(msg_ctx,env))
+ {
+ if(rampart_context_is_include_username_token(rampart_context,env))
+ {
+
+ /*Now we are passing rampart_context here so inside this method
+ relevant parameters are extracted. */
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] building UsernmaeToken");
+ status =rampart_username_token_build(
+ env,
+ rampart_context,
+ sec_node,
+ sec_ns_obj);
+ if (status == AXIS2_FAILURE)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] UsernmaeToken build failed. ERROR");
+ return AXIS2_FAILURE;
+ }
+ }
+ }
+ /*Check the encryption and signature order*/
+ if(rampart_context_is_encrypt_before_sign(rampart_context,env))
+ {
+ is_encrypt_before_sign = AXIS2_TRUE;
+ /*Check what are the parts to encrypt and send them to the encrypt method*/
+ status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(status != AXIS2_SUCCESS)
+ return AXIS2_FAILURE;
+
+ /*Then do signature specific things*/
+ status = rampart_sig_sign_message(env,msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(status != AXIS2_SUCCESS)
+ return AXIS2_FAILURE;
+
+ /*Then Handle Supporting token stuff */
+ }
+ else
+ {
+ is_encrypt_before_sign = AXIS2_FALSE;
+ /*First do signature specific stuff*/
+ status = rampart_sig_sign_message(env,msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(status != AXIS2_SUCCESS)
+ return AXIS2_FAILURE;
+
+ /*Then Handle Encryption stuff*/
+
+ status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node);
+ if(status!=AXIS2_SUCCESS )
+ return AXIS2_FAILURE;
+ }
+
+ /*If both encryption and signature is done we should interchange them.
+ * because the a-ction done last should appear first in the header. */
+ sig_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
+ enc_key_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(sig_node && enc_key_node)
+ {
+ if(is_encrypt_before_sign)
+ {
+ status = rampart_interchange_nodes(env,sig_node,enc_key_node);
+ if(status!=AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shb]Node interchange failed.");
+ return status;
+ }
+ }
+ else
+ {
+ status = rampart_interchange_nodes(env,enc_key_node,sig_node);
+ if(status!=AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shb]Node interchange failed.");
+ return status;
+ }
+ }
+ }
+ return AXIS2_SUCCESS;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC)
+ {
+ /*Do Symmetric_binding specific things*/
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Symmetric Binding. We do not support yet");
+ return AXIS2_FAILURE;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_TRANSPORT)
+ {
+ /*Do Transport Binding specific things */
+ AXIS2_LOG_INFO(env->log, "[rampart][shb] Transport Binding. We do not support yet");
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_FAILURE;
+}
Added: webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_processor.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_processor.c (added)
+++ webservices/rampart/tags/c/0.90/src/util/rampart_sec_header_processor.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,944 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <rampart_encryption.h>
+#include <rampart_constants.h>
+#include <rampart_sec_header_processor.h>
+#include <rampart_username_token.h>
+#include <rampart_timestamp_token.h>
+#include <rampart_util.h>
+#include <rampart_sec_processed_result.h>
+#include <rampart_handler_util.h>
+#include <oxs_ctx.h>
+#include <oxs_error.h>
+#include <oxs_utility.h>
+#include <oxs_key.h>
+#include <oxs_axiom.h>
+#include <oxs_asym_ctx.h>
+#include <oxs_tokens.h>
+#include <axutil_utils.h>
+#include <axutil_array_list.h>
+#include <axis2_key_type.h>
+#include <rampart_token_processor.h>
+#include <oxs_sign_ctx.h>
+#include <oxs_xml_signature.h>
+#include <oxs_key_mgr.h>
+
+/*Private functions*/
+static axis2_bool_t
+rampart_shp_validate_qnames(const axutil_env_t *env,
+ axiom_node_t *node)
+
+{
+ axiom_element_t *node_ele = NULL;
+ axutil_qname_t *qname = NULL;
+ axutil_qname_t *node_qname = NULL;
+ axis2_char_t *local_name = NULL;
+
+ AXIS2_ENV_CHECK(env,AXIS2_FALSE);
+
+ node_ele = axiom_node_get_data_element(node, env);
+ if(!node_ele)
+ return AXIS2_FALSE;
+
+ local_name = axiom_element_get_localname(node_ele,env);
+ if(!local_name)
+ return AXIS2_FALSE;
+
+ if(axutil_strcmp(local_name,RAMPART_SECURITY_TIMESTAMP)==0)
+ qname = axutil_qname_create(env,local_name,RAMPART_WSU_XMLNS,RAMPART_WSU);
+
+ else if(axutil_strcmp(local_name,RAMPART_SECURITY_USERNAMETOKEN)==0)
+ qname = axutil_qname_create(env,local_name,RAMPART_WSSE_XMLNS,RAMPART_WSSE);
+
+ else if(axutil_strcmp(local_name,OXS_NODE_ENCRYPTED_KEY)==0)
+ qname = axutil_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+ else if(axutil_strcmp(local_name,OXS_NODE_ENCRYPTED_DATA)==0)
+ qname = axutil_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+ else if(axutil_strcmp(local_name,OXS_NODE_SIGNATURE)==0)
+ qname = axutil_qname_create(env,local_name,OXS_DSIG_NS,OXS_DS);
+
+ else if(axutil_strcmp(local_name,OXS_NODE_BINARY_SECURITY_TOKEN)==0)
+ return AXIS2_FALSE;
+
+ else if(axutil_strcmp(local_name,OXS_NODE_REFERENCE_LIST)==0)
+ return AXIS2_FALSE;
+
+ else return AXIS2_FALSE;
+
+ if(!qname)
+ return AXIS2_FALSE;
+
+ node_qname = axiom_element_get_qname(node_ele,env,node);
+
+ if(!node_qname)
+ {
+ axutil_qname_free(qname,env);
+ qname = NULL;
+ return AXIS2_FALSE;
+ }
+
+ if(axutil_qname_equals(qname,env,node_qname))
+ {
+ axutil_qname_free(qname,env);
+ qname = NULL;
+ return AXIS2_TRUE;
+ }
+ return AXIS2_FALSE;
+}
+
+static oxs_x509_cert_t *get_receiver_x509_cert(
+ const axutil_env_t *env,
+ rampart_context_t *rampart_context)
+{
+
+ axis2_char_t *file_name = NULL;
+ axis2_char_t *pem_buf = NULL;
+
+ pem_buf = (axis2_char_t *)rampart_context_get_receiver_certificate(rampart_context,env);
+ if(pem_buf)
+ {
+ return oxs_key_mgr_load_x509_cert_from_string(env,pem_buf);
+ }
+ else
+ {
+ file_name = rampart_context_get_receiver_certificate_file(rampart_context,env);
+ if(!file_name)
+ return NULL;
+ else
+ return oxs_key_mgr_load_x509_cert_from_pem_file(env,file_name);
+ }
+}
+
+
+static axis2_status_t
+rampart_shp_process_timestamptoken(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_node_t *sec_node)
+{
+ axis2_status_t valid_ts = AXIS2_FAILURE;
+ axiom_node_t *ts_node = NULL;
+
+ ts_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_TIMESTAMP);
+ if(!ts_node)
+ {
+ if(rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is not in the message");
+ return AXIS2_FAILURE;
+ }else{
+ return AXIS2_SUCCESS;
+ }
+ }
+ else if(!rampart_context_is_include_timestamp(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp should not be in the message.");
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ if(!rampart_shp_validate_qnames(env,ts_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+
+ valid_ts = rampart_timestamp_token_validate(env, msg_ctx, ts_node);
+
+ if (valid_ts)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][scp] Validating Timestamp is SUCCESS ");
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ }
+}
+
+static axis2_status_t
+rampart_shp_process_usernametoken(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_node_t *sec_node)
+{
+ axis2_status_t valid_user = AXIS2_FAILURE;
+ axiom_node_t *ut_node = NULL;
+
+ ut_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_USERNAMETOKEN);
+ if(!ut_node)
+ {
+ if(rampart_context_is_include_username_token(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token is not in the message");
+ return AXIS2_FAILURE;
+ }
+ else
+ return AXIS2_SUCCESS;
+ }
+ else if(!rampart_context_is_include_username_token(rampart_context,env))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token should not be in the message.");
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ if(!rampart_shp_validate_qnames(env,ut_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
+ valid_user = rampart_username_token_validate(env,
+ msg_ctx, ut_node, rampart_context);
+ }
+ if (valid_user)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken SUCCESS");
+ return AXIS2_SUCCESS;
+ }else{
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken FAILED");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "UsernameToken is not valid", RAMPART_FAULT_IN_USERNAMETOKEN, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+}
+
+static axis2_status_t
+rampart_shp_process_encrypted_key(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_soap_envelope_t *soap_envelope,
+ axiom_node_t *sec_node,
+ axiom_node_t *encrypted_key_node)
+{
+ axiom_node_t *ref_list_node = NULL;
+ axiom_node_t *enc_mtd_node = NULL;
+ axutil_array_list_t *reference_list = NULL;
+ axis2_char_t *enc_asym_algo = NULL;
+ axis2_char_t *prv_key_file = NULL;
+ axis2_char_t *password = NULL;
+ axis2_char_t *enc_user = NULL;
+ rampart_callback_t *password_callback = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ oxs_asym_ctx_t *asym_ctx = NULL;
+ oxs_key_t *decrypted_sym_key = NULL;
+ axis2_char_t *enc_asym_algo_in_pol = NULL;
+ axis2_char_t *enc_sym_algo_in_pol = NULL;
+ password_callback_fn password_function = NULL;
+ void *param = NULL;
+ int i = 0;
+ void *key_buf = NULL;
+
+ /*Get EncryptedData references */
+ ref_list_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_REFERENCE_LIST,OXS_ENC_NS,OXS_XENC);
+ reference_list = oxs_token_get_reference_list_data(env, ref_list_node);
+ /*If there are no references. Nothing to do. Return success*/
+ if((!reference_list) || (0 == axutil_array_list_size(reference_list, env))){
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Reference List is empty");
+ return AXIS2_SUCCESS;
+ }
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Reference List has %d node reference(s)", axutil_array_list_size(reference_list, env));
+
+ /*Get the algorithm to decrypt the sesison key*/
+ enc_mtd_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_ENCRYPTION_METHOD,OXS_ENC_NS,OXS_XENC);
+ enc_asym_algo = oxs_token_get_encryption_method(env, enc_mtd_node);
+ /*If the reference list > 0 then We have nodes to decrypt. Next step is to get the encrypted key*/
+ /*Obtain the session key which is encrypted*/
+ /*Create an asym_ctx*/
+ /*We should verify the algorithm with policy*/
+ enc_asym_algo_in_pol = rampart_context_get_enc_asym_algo(rampart_context,env);
+ if(!enc_asym_algo_in_pol)
+ return AXIS2_FAILURE;
+
+ if(axutil_strcmp(enc_asym_algo_in_pol,enc_asym_algo)!=0)
+ {
+ AXIS2_LOG_INFO(env->log, "The key is encrypted with the wrong algorithm");
+ return AXIS2_FAILURE;
+ }
+
+ asym_ctx = oxs_asym_ctx_create(env);
+
+ oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
+
+ key_buf = rampart_context_get_prv_key(rampart_context,env);
+ if(key_buf)
+ {
+ axis2_key_type_t type = 0;
+ type = rampart_context_get_prv_key_type(rampart_context,env);
+ if(type == AXIS2_KEY_TYPE_PEM)
+ {
+ oxs_asym_ctx_set_pem_buf(asym_ctx, env, (axis2_char_t *)key_buf);
+ oxs_asym_ctx_set_format(asym_ctx, env,OXS_ASYM_CTX_FORMAT_PEM);
+ }
+ }
+ else
+ {
+ prv_key_file = rampart_context_get_private_key_file(rampart_context,env);
+ if(!prv_key_file)
+ {
+ AXIS2_LOG_INFO(env->log, "Private Key is not specified.");
+ return AXIS2_FAILURE;
+ }
+ oxs_asym_ctx_set_file_name(asym_ctx, env, prv_key_file);
+ oxs_asym_ctx_set_format(asym_ctx, env, oxs_util_get_format_by_file_extension(env, prv_key_file));
+
+ /*Get the password to retrieve the key from key store*/
+ /* password = rampart_callback_encuser_password(env, actions, msg_ctx);*/
+
+ password = rampart_context_get_prv_key_password(rampart_context,env);
+
+ if(!password)
+ {
+ enc_user = rampart_context_get_encryption_user(rampart_context,env);
+
+ if(!enc_user)
+ enc_user = rampart_context_get_user(rampart_context,env);
+
+ if(enc_user)
+ {
+ password_function = rampart_context_get_pwcb_function(rampart_context,env);
+ if(password_function)
+ password = (*password_function)(env,enc_user,param);
+
+ else
+ {
+ password_callback = rampart_context_get_password_callback(rampart_context,env);
+ if(!password_callback)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Password call back module is not specified.");
+ return AXIS2_FAILURE;
+ }
+ password = rampart_callback_password(env, password_callback, enc_user);
+ }
+ }
+ }
+ oxs_asym_ctx_set_password(asym_ctx, env, password);
+ }
+ oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
+
+ /*oxs_asym_ctx_set_format(asym_ctx, env, OXS_ASYM_CTX_FORMAT_PKCS12);*/
+
+ /*Create an empty key*/
+ decrypted_sym_key = oxs_key_create(env);
+
+ /*Call decrypt for the EncryptedKey*/
+ status = oxs_xml_enc_decrypt_key(env, asym_ctx, sec_node, encrypted_key_node, decrypted_sym_key);
+ if(AXIS2_FAILURE == status){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] Cannot decrypt the EncryptedKey");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Key decryption failed", RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ /*Alright now we have the key used to encrypt the elements in the reference_list*/
+ /*Go thru each and every node in the list and decrypt them*/
+
+ /*Before decrypt we should get the symmetric algo from policy.
+ So for each encrypted element we can compare the algo. */
+
+ enc_sym_algo_in_pol = rampart_context_get_enc_sym_algo(rampart_context,env);
+ if(!enc_sym_algo_in_pol)
+ return AXIS2_FAILURE;
+
+ for(i=0 ; i < axutil_array_list_size(reference_list, env); i++ )
+ {
+ axis2_char_t *id = NULL;
+ axis2_char_t *id2 = NULL;
+ axiom_node_t *enc_data_node = NULL;
+ axiom_node_t *envelope_node = NULL;
+ oxs_ctx_t *ctx = NULL;
+ axiom_node_t *decrypted_node = NULL;
+ axiom_node_t *mtd_node = NULL;
+ axis2_char_t *sym_algo = NULL;
+ axiom_soap_body_t *soap_body = NULL;
+
+ /*This need to be done in order to build the soap body.Do not remove.*/
+
+ soap_body = axiom_soap_envelope_get_body(soap_envelope, env);
+
+ /*Get the i-th element and decrypt it */
+ id = (axis2_char_t*)axutil_array_list_get(reference_list, env, i);
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Decrypting node, ID=%s", id);
+
+ /*Need to remove # sign from the ID*/
+ id2 = axutil_string_substring_starting_at(id, 1);
+ envelope_node = axiom_soap_envelope_get_base_node(soap_envelope, env);
+
+ /*Search for the node by its ID*/
+ enc_data_node = oxs_axiom_get_node_by_id(env, envelope_node, OXS_ATTR_ID, id2);
+ if(!enc_data_node){
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Node with ID=%s cannot be found", id);
+ /*continue;*/
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Cannot find EncryptedData element", RAMPART_FAULT_IN_ENCRYPTED_DATA, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ /*Create an enc_ctx*/
+ mtd_node = oxs_axiom_get_first_child_node_by_name(env, enc_data_node, OXS_NODE_ENCRYPTION_METHOD,OXS_ENC_NS,OXS_XENC);
+ if(!mtd_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Node with ID=%s cannot be found", id);
+ /*continue;*/
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Cannot find EncryptionMethod Element", RAMPART_FAULT_IN_ENCRYPTED_DATA, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ sym_algo = oxs_token_get_encryption_method(env, mtd_node);
+ if(!sym_algo)
+ return AXIS2_FAILURE;
+
+ if(axutil_strcmp(sym_algo, enc_sym_algo_in_pol)!=0)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Sym algorithm is mismathced with policy.");
+ return AXIS2_FAILURE;
+ }
+
+ ctx = oxs_ctx_create(env);
+ oxs_ctx_set_key(ctx, env, decrypted_sym_key);
+
+ status = oxs_xml_enc_decrypt_node(env, ctx, enc_data_node, &decrypted_node);
+ if(AXIS2_FAILURE == status){
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+ "Data decryption failed", RAMPART_FAULT_IN_ENCRYPTED_DATA, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ /*Free*/
+ oxs_ctx_free(ctx, env);
+ ctx = NULL;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Node ID=%s decrypted successfuly", id);
+ }
+
+
+ /*Set the security processed result*/
+ rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_ENC_CHECKED, RAMPART_YES);
+
+ /*Free*/
+ oxs_asym_ctx_free(asym_ctx, env);
+ asym_ctx = NULL;
+ oxs_key_free(decrypted_sym_key, env);
+ decrypted_sym_key = NULL;
+
+ return AXIS2_SUCCESS;
+}
+
+
+static axis2_status_t
+rampart_shp_process_signature(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_soap_envelope_t *soap_envelope,
+ axiom_node_t *sec_node,
+ axiom_node_t *sig_node)
+{
+
+ oxs_sign_ctx_t *sign_ctx = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ axis2_char_t *digest_mtd_pol = NULL;
+ axis2_char_t *sig_mtd_pol = NULL;
+ axiom_node_t *sign_info_node = NULL;
+ axiom_node_t *cur_node = NULL;
+ rp_property_t *token = NULL;
+ axis2_bool_t server_side = AXIS2_FALSE;
+ axis2_char_t *eki = NULL;
+ int token_type = 0;
+ axiom_node_t *key_info_node = NULL;
+ axiom_node_t *str_node = NULL;
+ axiom_node_t *str_child_node = NULL;
+ axis2_char_t *str_child_name = NULL;
+ oxs_x509_cert_t *cert = NULL;
+ axiom_node_t *key_info_child_node = NULL;
+ axiom_node_t *envelope_node = NULL;
+ axis2_bool_t is_include_token = AXIS2_FALSE;
+
+ server_side = axis2_msg_ctx_get_server_side(msg_ctx,env);
+ sig_mtd_pol = rampart_context_get_asym_sig_algo(rampart_context,env);
+ digest_mtd_pol = rampart_context_get_digest_mtd(rampart_context,env);
+
+ if(!sig_mtd_pol || !digest_mtd_pol)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shp] Error in policy. Specifying signature algorithms.");
+ return AXIS2_FAILURE;
+ }
+
+ sign_info_node = oxs_axiom_get_first_child_node_by_name(env, sig_node,
+ OXS_NODE_SIGNEDINFO, OXS_DSIG_NS, OXS_DS );
+
+ /*sign_info_node = oxs_axiom_get_first_child_node_by_name(env, sig_node,
+ OXS_NODE_SIGNEDINFO, NULL, NULL);*/
+
+ if(!sign_info_node)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shp] Sign info cannot be found.Verifycation failed");
+ return AXIS2_FAILURE;
+ }
+
+ cur_node = axiom_node_get_first_element(sign_info_node, env);
+ while(cur_node)
+ {
+ axis2_char_t *localname = NULL;
+ localname = axiom_util_get_localname(cur_node, env);
+ if(axutil_strcmp(localname, OXS_NODE_SIGNATURE_METHOD)==0)
+ {
+ /*Verify the signature method with policy*/
+ axis2_char_t *sig_mtd = NULL;
+ sig_mtd = oxs_token_get_signature_method(env, cur_node);
+ if(sig_mtd)
+ {
+ if(axutil_strcmp(sig_mtd_pol,sig_mtd)!=0)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shp] Signature method in the message mismatch with policy.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else return AXIS2_FAILURE;
+ }
+ else if(axutil_strcmp(localname, OXS_NODE_REFERENCE)==0)
+ {
+ /*Verify each digest method with policy*/
+ axiom_node_t *digest_mtd_node = NULL;
+ axis2_char_t *digest_mtd = NULL;
+ digest_mtd_node = oxs_axiom_get_first_child_node_by_name(env,cur_node,
+ OXS_NODE_DIGEST_METHOD, OXS_DSIG_NS, OXS_DS);
+ /*digest_mtd_node = oxs_axiom_get_first_child_node_by_name(env,cur_node,
+ OXS_NODE_DIGEST_METHOD, NULL,NULL);*/
+ if(digest_mtd_node)
+ {
+ digest_mtd = oxs_token_get_digest_method(env, digest_mtd_node);
+ if(digest_mtd)
+ {
+ if(axutil_strcmp(digest_mtd_pol,digest_mtd)!=0)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shp]Digest method is mismatch with policy.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else return AXIS2_FAILURE;
+ }
+ else return AXIS2_FAILURE;
+ }
+ else
+ {
+ /*we do not need to process at this moment*/
+ }
+ cur_node = axiom_node_get_next_sibling(cur_node, env);
+ }
+
+ /*Get the key identifiers and build the certificate*/
+ /*First we should verify with policy*/
+
+ token = rampart_context_get_token(rampart_context,env,AXIS2_FALSE,server_side);
+
+ if(!token)
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shp] Signature Token is not specified");
+ return AXIS2_SUCCESS;
+ }
+ token_type = rp_property_get_type(token,env);
+
+ if(!rampart_context_is_token_type_supported(token_type,env))
+ {
+ return AXIS2_FAILURE;
+ }
+
+ if(rampart_context_check_is_derived_keys(env,token))
+ {
+ AXIS2_LOG_INFO(env->log,"[rampart][shp] We still do not support derived keys");
+ return AXIS2_FAILURE;
+ }
+ is_include_token = rampart_context_is_token_include(rampart_context,token,token_type,server_side,env);
+
+ key_info_node = oxs_axiom_get_first_child_node_by_name(env, sig_node,
+ OXS_NODE_KEY_INFO,OXS_DSIG_NS, OXS_DS );
+
+ /*key_info_node = oxs_axiom_get_first_child_node_by_name(env, sig_node,
+ OXS_NODE_KEY_INFO,NULL,NULL);*/
+
+ if(!key_info_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp]Verify failed. Key Info node is not in the message.");
+ return AXIS2_FAILURE;
+ }
+ str_node = oxs_axiom_get_first_child_node_by_name(env,key_info_node,
+ OXS_NODE_SECURITY_TOKEN_REFRENCE,OXS_WSSE_XMLNS,OXS_WSSE);
+
+ /*str_node = oxs_axiom_get_first_child_node_by_name(env,key_info_node,
+ OXS_NODE_SECURITY_TOKEN_REFRENCE,NULL,NULL);*/
+
+ if(str_node)
+ {
+ str_child_node = axiom_node_get_first_element(str_node,env);
+ if(str_child_node)
+ {
+ str_child_name = axiom_util_get_localname(str_child_node, env);
+ if(str_child_name)
+ {
+ if(is_include_token)
+ {
+ if(axutil_strcmp(str_child_name,OXS_NODE_REFERENCE)!=0)
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Token is not included in the message.");
+ return AXIS2_FAILURE;
+ }
+ cert = oxs_x509_cert_create(env);
+ status = rampart_token_process_direct_ref(env,str_child_node,sec_node,cert);
+ }
+ else
+ {
+ if(0 == axutil_strcmp(str_child_name,OXS_NODE_EMBEDDED))
+ {
+ if(!rampart_context_is_key_identifier_type_supported(rampart_context,token,RAMPART_STR_EMBEDDED,env))
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Key Reference Info is mismatch with policy");
+ return AXIS2_FAILURE;
+ }
+ cert = oxs_x509_cert_create(env);
+ status = rampart_token_process_embedded(env,str_child_node,cert);
+ }
+ else if(0 == axutil_strcmp(str_child_name,OXS_NODE_KEY_IDENTIFIER))
+ {
+ if(!rampart_context_is_key_identifier_type_supported(rampart_context,token,RAMPART_STR_KEY_IDENTIFIER,env))
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Key Reference Info is mismatch with policy");
+ return AXIS2_FAILURE;
+ }
+ cert = get_receiver_x509_cert(env,rampart_context);
+ status = AXIS2_SUCCESS;
+ }
+ else if(0 == axutil_strcmp(str_child_name,OXS_NODE_X509_DATA))
+ {
+ if(!rampart_context_is_key_identifier_type_supported(rampart_context,token,RAMPART_STR_ISSUER_SERIAL,env))
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Key Reference Info is mismatch with policy");
+ return AXIS2_FAILURE;
+ }
+ cert = get_receiver_x509_cert(env,rampart_context);
+ status = AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Key Reference Info is mismatch with policy");
+ return AXIS2_FAILURE;
+ }
+ }
+ if(status!=AXIS2_SUCCESS || !cert)
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Cannot load the key to verify the message.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Cannot get the key Reference Type from the message.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]No Child node in the Security Token Reference Element .");
+ return AXIS2_FAILURE;
+ }
+ }
+ /*So there may be scenarios where there is no Security Token Reference Element.*/
+ else
+ {
+ /*In such case policy support only Isssuer Serial scenario.*/
+ if(axutil_strcmp(eki,RAMPART_STR_ISSUER_SERIAL)==0)
+ {
+ key_info_child_node = axiom_node_get_first_element(key_info_node,env);
+ if(key_info_child_node)
+ {
+ axis2_char_t *key_info_child_name = NULL;
+ key_info_child_name = axiom_util_get_localname(key_info_child_node, env);
+ if(key_info_child_name)
+ {
+ if(0 == axutil_strcmp(key_info_child_name,OXS_NODE_X509_DATA))
+ {
+ status = rampart_token_process_x509_data(env,key_info_child_node,cert);
+ if(status!=AXIS2_SUCCESS || !cert)
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Cannot load the message to verify the message.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Cannot get the key Reference Type from the message.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Cannot get the key Reference Type from the message.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Cannot get the key Reference Type from the message.");
+ return AXIS2_FAILURE;
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Can't be used as a direct child of Key Info");
+ return AXIS2_FAILURE;
+ }
+ }
+ sign_ctx = oxs_sign_ctx_create(env);
+ if(!sign_ctx)
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Sign context creation failed. Out of Memeory.");
+ return AXIS2_FAILURE;
+ }
+ /*Set the required values in sig_ctx*/
+ oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
+ oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
+
+ envelope_node = axiom_soap_envelope_get_base_node(soap_envelope,env);
+ if(!envelope_node)
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Cannot get the node from envelope.");
+ return AXIS2_FAILURE;
+ }
+
+ /*Verify the signature*/
+ status = oxs_xml_sig_verify(env, sign_ctx, sig_node,envelope_node);
+ if(status!=AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_INFO(env->log,"[Rampart][shp]Signature Verification failed.");
+ return AXIS2_FAILURE;
+ }
+
+ return status;
+}
+
+
+/*Public functions*/
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_shp_process_message(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_soap_envelope_t *soap_envelope,
+ axiom_node_t *sec_node)
+{
+ axiom_node_t *cur_node = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ axis2_bool_t need_replay_detection = AXIS2_FALSE;
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process security header");
+
+ if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_ASYMMETRIC)
+ {
+ if(rampart_context_is_encrypt_before_sign(rampart_context,env))
+ {
+ /*First we should verify signature.*/
+ if(rampart_context_check_whether_to_sign(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Signature element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
+
+ status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
+
+ if(status!=AXIS2_SUCCESS){
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
+ return status;
+ }
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify signature.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;
+ }
+
+ /*This verification is a quick hack.This should be cganged in the future
+ with a proper verification method before message processing */
+ if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context, soap_envelope, sec_node, cur_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;
+ }
+ }
+ else
+ {
+ /*We should decrypt the message first*/
+ if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+ status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context, soap_envelope, sec_node, cur_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;;
+ }
+
+ /*After decrypting we may verify signature stuff.*/
+ if(rampart_context_check_whether_to_sign(rampart_context,env))
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
+ if(!cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No Signature element");
+ return AXIS2_FAILURE;
+ }
+ if(!rampart_shp_validate_qnames(env,cur_node))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+ return AXIS2_FAILURE;
+ }
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature element.");
+ status = rampart_shp_process_signature(env,msg_ctx,rampart_context,soap_envelope,sec_node,cur_node);
+ if(status!=AXIS2_SUCCESS){
+ rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Signature is not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
+ return status;
+ }
+ }
+ else
+ {
+ cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
+ if(cur_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify signature.");
+ return AXIS2_FAILURE;
+ }
+ else
+ status = AXIS2_SUCCESS;
+ }
+ }
+ /*Now we can process timestamp*/
+ status = rampart_shp_process_timestamptoken(env,msg_ctx,rampart_context,sec_node);
+ if(status!=AXIS2_SUCCESS){
+ return status;
+ }
+
+ if( axis2_msg_ctx_get_server_side(msg_ctx, env))
+ {
+ status = rampart_shp_process_usernametoken(env,msg_ctx,rampart_context,sec_node);
+ if(status!=AXIS2_SUCCESS)
+ return status;
+ }
+
+ if(AXIS2_TRUE == need_replay_detection){/*TODO Chk for the policy configuration*/
+ rampart_is_replayed_fn rd_fn = NULL;
+ /*Is replayed*/
+ rd_fn = rampart_context_get_replay_detect_function(rampart_context, env);
+ if(rd_fn){
+ status = (*rd_fn)(env, msg_ctx);
+ if(status != AXIS2_SUCCESS){
+ /*Scream .. replayed*/
+ return AXIS2_FAILURE;
+ }else{
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Checked message for replays. Not a replay.");
+ }
+ }else{
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] No replay detection function specified. Nothing to do. ");
+ }
+ }
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE ");
+ /*Do the action accordingly*/
+ return AXIS2_SUCCESS;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Symmetric binding.");
+ return AXIS2_FAILURE;
+ }
+ else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_TRANSPORT)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Transport binding.");
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Invalid binding type.");
+ return AXIS2_FAILURE;
+ }
+
+}
+
+
+
Added: webservices/rampart/tags/c/0.90/src/util/rampart_sec_processed_result.c
URL: http://svn.apache.org/viewvc/webservices/rampart/tags/c/0.90/src/util/rampart_sec_processed_result.c?rev=573215&view=auto
==============================================================================
--- webservices/rampart/tags/c/0.90/src/util/rampart_sec_processed_result.c (added)
+++ webservices/rampart/tags/c/0.90/src/util/rampart_sec_processed_result.c Thu Sep 6 03:48:44 2007
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+/*
+ *
+ */
+#include <rampart_util.h>
+#include <axis2_util.h>
+#include <axutil_property.h>
+#include <axis2_msg_ctx.h>
+#include <rampart_constants.h>
+#include <rampart_sec_processed_result.h>
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_set_security_processed_result(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *key,
+ void *value)
+{
+ axutil_hash_t *sec_processed_results = NULL;
+
+ sec_processed_results = rampart_get_all_security_processed_results(env, msg_ctx);
+ if(!sec_processed_results){
+ return AXIS2_FAILURE;
+ }
+ axutil_hash_set(sec_processed_results, key, AXIS2_HASH_KEY_STRING, value);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][spr] Set %s in Security Processed Results of message context ", key);
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN void *AXIS2_CALL
+rampart_get_security_processed_result(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ axis2_char_t *key)
+{
+ axutil_hash_t *sec_processed_results = NULL;
+
+ sec_processed_results = rampart_get_all_security_processed_results(env, msg_ctx);
+ if(!sec_processed_results){
+ return NULL;
+ }
+ return axutil_hash_get(sec_processed_results, key, AXIS2_HASH_KEY_STRING);
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_set_security_processed_results_property(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ axutil_hash_t *sec_processed_results = NULL;
+ axutil_property_t *sec_processed_results_prop = NULL;
+
+ if(!msg_ctx){
+ return AXIS2_FAILURE;
+ }
+
+ sec_processed_results = axutil_hash_make(env);
+ sec_processed_results_prop = axutil_property_create(env);
+
+ axutil_property_set_value(sec_processed_results_prop, env, sec_processed_results);
+ axis2_msg_ctx_set_property(msg_ctx, env, RAMPART_SECURITY_PROCESSED_RESULTS, sec_processed_results_prop);
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axutil_hash_t* AXIS2_CALL
+rampart_get_all_security_processed_results(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ axutil_property_t *sec_processed_results_prop = NULL;
+ axutil_hash_t *sec_processed_results = NULL;
+
+ sec_processed_results_prop = axis2_msg_ctx_get_property(msg_ctx, env, RAMPART_SECURITY_PROCESSED_RESULTS);
+ if(!sec_processed_results_prop){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][spr] Cannot get %s from msg ctx ", RAMPART_SECURITY_PROCESSED_RESULTS);
+ return NULL;
+ }
+
+ sec_processed_results = (axutil_hash_t*)axutil_property_get_value(sec_processed_results_prop, env);
+ if(!sec_processed_results){
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][spr] Cannot get Security Processed Results Hash table from the property");
+ return NULL;
+ }
+
+ return sec_processed_results;
+}
+
+AXIS2_EXTERN void AXIS2_CALL
+rampart_print_security_processed_results_set(const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ axutil_hash_t *sec_processed_results = NULL;
+ axutil_hash_index_t *hi = NULL;
+ const void *key = NULL;
+ void *val = NULL;
+
+ sec_processed_results = rampart_get_all_security_processed_results(env, msg_ctx);
+ if(!sec_processed_results){
+ return;
+ }
+
+ for (hi = axutil_hash_first(sec_processed_results, env); hi; hi = axutil_hash_next(env, hi)) {
+ axutil_hash_this(hi, &key, NULL, &val);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][spr] (key, val) %s = %s\n", (axis2_char_t*)key, (axis2_char_t*)val);
+ }
+
+}