You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/10/19 11:39:48 UTC
svn commit: r586348 - in /webservices/rampart/trunk/c/src/util:
rampart_encryption.c rampart_signature.c
Author: kaushalye
Date: Fri Oct 19 02:39:47 2007
New Revision: 586348
URL: http://svn.apache.org/viewvc?rev=586348&view=rev
Log:
Using the same session key for mutiple operations
Modified:
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=586348&r1=586347&r2=586348&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Fri Oct 19 02:39:47 2007
@@ -251,8 +251,13 @@
enc_sym_algo = OXS_DEFAULT_SYM_ALGO;
}
- /*Generate the session key*/
- session_key = oxs_key_create(env);
+ session_key = rampart_context_get_session_key(rampart_context, env);
+ if(!session_key){
+ /*Generate the session key*/
+ session_key = oxs_key_create(env);
+ rampart_context_set_session_key(rampart_context, env, session_key);
+ }
+
status = oxs_key_for_algo(session_key, env, enc_sym_algo);
if(AXIS2_FAILURE == status)
{
@@ -476,9 +481,13 @@
enc_sym_algo = OXS_DEFAULT_SYM_ALGO;
}
- /*Generate the session key*/
- session_key = oxs_key_create(env);
- status = oxs_key_for_algo(session_key, env, enc_sym_algo);
+ session_key = rampart_context_get_session_key(rampart_context, env);
+ if(!session_key){
+ /*Generate the session key*/
+ session_key = oxs_key_create(env);
+ status = oxs_key_for_algo(session_key, env, enc_sym_algo);
+ rampart_context_set_session_key(rampart_context, env, session_key);
+ }
if(AXIS2_FAILURE == status)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
@@ -574,8 +583,8 @@
- oxs_key_free(session_key, env);
- session_key = NULL;
+ /*oxs_key_free(session_key, env);
+ session_key = NULL;*/
return AXIS2_SUCCESS;
}
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=586348&r1=586347&r2=586348&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Fri Oct 19 02:39:47 2007
@@ -107,24 +107,37 @@
rampart_context_t *rampart_context,
oxs_sign_ctx_t *sign_ctx,
axiom_node_t *sig_node,
- oxs_key_t *key)
+ oxs_key_t *key,
+ axis2_char_t* encrypted_key_id)
{
axiom_node_t *key_info_node = NULL;
axiom_node_t *str_node = NULL;
axiom_node_t *reference_node = NULL;
axis2_char_t *id_ref = NULL;
axis2_char_t *key_id = NULL;
+ axis2_char_t *value_type = NULL;
/*Now we must build the Key Info element*/
key_info_node = oxs_token_build_key_info_element(env, sig_node);
str_node = oxs_token_build_security_token_reference_element(
env, key_info_node);
/*Create the reference Id*/
- key_id = oxs_key_get_name(key, env);
+ /*There are two ways the key info can be built
+ * 1. If the key used to sign is encrypted using an X509 Certificate, then that EncryptedKey's id will be used
+ * 2. If the key used to sign is derrived from the session key, then the Id of the derived key will be used
+ */
+ if(encrypted_key_id){
+ key_id = encrypted_key_id;
+ value_type = OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY;
+ }else{
+ key_id = oxs_key_get_name(key, env);
+ value_type = NULL;
+ }
+
id_ref = axutil_stracat(env, "#",key_id);
reference_node = oxs_token_build_reference_element(env, str_node,
- id_ref, OXS_ENCODING_BASE64BINARY );
+ id_ref, value_type );
return AXIS2_SUCCESS;
}
@@ -224,10 +237,14 @@
oxs_sign_ctx_t *sign_ctx)
{
oxs_key_t *secret = NULL;
-
- /*Create a key*/
- secret = oxs_key_create(env);
-
+
+ /*We are trying to reuse the same session key which is used for encryption*/
+ secret = rampart_context_get_session_key(rampart_context, env);
+ if(!secret){
+ /*Create a new key and set to the rampart_context. This usually happens when the SignBeforeEncrypt*/
+ secret = oxs_key_create(env);
+ rampart_context_set_session_key(rampart_context, env, secret);
+ }
oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_HMAC_SHA1);
oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
@@ -624,9 +641,12 @@
rampart_sig_prepare_key_info_for_asym_binding(env, rampart_context, sign_ctx, sig_node , cert_id, eki);
}else if(RP_PROPERTY_SYMMETRIC_BINDING == binding_type){
oxs_key_t *signed_key = NULL;
+ axis2_char_t *enc_key_id = NULL;
+
+ /*TODO get encrypted key id*/
signed_key = oxs_sign_ctx_get_secret(sign_ctx, env);
- rampart_sig_prepare_key_info_for_sym_binding(env, rampart_context, sign_ctx, sig_node, signed_key );
+ rampart_sig_prepare_key_info_for_sym_binding(env, rampart_context, sign_ctx, sig_node, signed_key, enc_key_id );
}
/*Free sig ctx*/