You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by ka...@apache.org on 2007/02/26 09:40:53 UTC
svn commit: r511752 - in /webservices/axis2/trunk/c/rampart:
include/oxs_xml_signature.h src/omxmlsec/xml_signature.c test/omxmlsec/test.c
Author: kaushalye
Date: Mon Feb 26 00:40:53 2007
New Revision: 511752
URL: http://svn.apache.org/viewvc?view=rev&rev=511752
Log:
Implemented digest comparison in signature parts: OMXMLSecurity
Modified:
webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h
webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
Modified: webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h?view=diff&rev=511752&r1=511751&r2=511752
==============================================================================
--- webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h (original)
+++ webservices/axis2/trunk/c/rampart/include/oxs_xml_signature.h Mon Feb 26 00:40:53 2007
@@ -50,27 +50,32 @@
/**
* Verify
*/
-
+/* Do transforms, Generate digest and compare with the digest in hand
+ * For a single signature part*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_sig_verify_sign_part(const axis2_env_t *env,
oxs_sign_part_t *sign_part);
+/*Verify all digests in signature parts*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_sig_verify_digests(const axis2_env_t *env,
oxs_sign_ctx_t *sign_ctx);
+/*Verify a complete xml document*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_sig_verify(const axis2_env_t *env,
oxs_sign_ctx_t *sign_ctx,
axiom_node_t *signature_node,
axiom_node_t *scope_node);
+/*Process the ds:Reference node. Populate a signature part*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_sig_process_ref_node(const axis2_env_t *env,
oxs_sign_part_t *sign_part,
axiom_node_t *ref_node,
axiom_node_t *scope_node);
+/*Process the ds:Signature node. Populate a signature context*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_sig_process_signature_node(const axis2_env_t *env,
oxs_sign_ctx_t *sign_ctx,
Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c?view=diff&rev=511752&r1=511751&r2=511752
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c Mon Feb 26 00:40:53 2007
@@ -81,46 +81,25 @@
return AXIS2_SUCCESS;
}
-/*parent is ds:SignedInfo*/
-static axis2_status_t
-oxs_xml_sig_build_reference(const axis2_env_t *env,
- axiom_node_t *parent,
- oxs_sign_part_t *sign_part)
+/*This method is common for both signing and verification*/
+static axis2_char_t *
+oxs_xml_sig_transform_n_digest(const axis2_env_t *env,
+ axiom_node_t *node,
+ axis2_array_list_t *transforms,
+ axis2_char_t *digest_mtd)
{
axis2_char_t *serialized_node = NULL;
axis2_char_t *digest = NULL;
- axis2_char_t *digest_mtd = NULL;
- axis2_char_t *ref_id = NULL;
- axis2_char_t *id = NULL;
- axis2_array_list_t *transforms = NULL;
- axiom_node_t *node = NULL;
- axiom_node_t *reference_node = NULL;
- axiom_node_t *digest_value_node = NULL;
- axiom_node_t *digest_mtd_node = NULL;
- int i=0;
-
- /*Get the node to digest*/
- node = oxs_sign_part_get_node(sign_part, env);
-
- /*Get the reference ID from the node and hence to the ds:Reference node*/
- id = oxs_axiom_get_attribute_value_of_node_by_name(env, node, "wsu:Id");
-
- ref_id = AXIS2_STRACAT("#", id, env);/* <ds:Reference URI="#id">*/
- reference_node = oxs_token_build_ds_reference_element(env, parent ,NULL, ref_id, NULL);
+ int i = 0;
- /*Get transforms if any*/
- transforms = oxs_sign_part_get_transforms(sign_part, env);
-
+ printf("oxs_xml_sig_transform_n_digest\n");
if((transforms) && (0 < AXIS2_ARRAY_LIST_SIZE(transforms, env))){
- axiom_node_t *transforms_node = NULL;
oxs_tr_dtype_t output_dtype = OXS_TRANSFORM_TYPE_UNKNOWN;/*This will always be the current dtype*/
void *tr_output = NULL;
output_dtype = OXS_TRANSFORM_TYPE_NODE; /*We always begin with a node*/
-
+
tr_output = node; /*The first transformation is applied to the node*/
- /*Add ds:Transforms element*/
- transforms_node = oxs_token_build_transforms_element(env, reference_node);
/*LOOP: Apply transforms. For example exclusive C14N*/
for (i = 0; i < AXIS2_ARRAY_LIST_SIZE(transforms, env); i++){
oxs_transform_t *tr = NULL;
@@ -134,7 +113,7 @@
tr_id = oxs_transform_get_id(tr, env);
tr_func = oxs_transform_get_transform_function(tr, env);
input_dtype = oxs_transform_get_input_data_type(tr, env);
-
+
printf("Transform required = %s", tr_id);
/*Prepare the input*/
/*If the required input type is CHAR and what we have is a NODE*/
@@ -148,7 +127,6 @@
/*Let it go as it is. */
tr_input = tr_output;
}
-
/*Apply transform*/
if(tr_func){
output_dtype = (*tr_func)(env, tr_input, input_dtype, &tr_output);
@@ -160,17 +138,75 @@
oxs_error(env, ERROR_LOCATION, OXS_ERROR_TRANSFORM_FAILED,"Transform failed for %s", tr_id);
/*return AXIS2_FAILURE*/
}
- /*Add to ds:Transforms element*/
- oxs_token_build_transform_element(env, transforms_node, tr_id);
+ }/*eof for loop*/
+ /*We have applied all our transforms now*/
+ /*Serialize node*/
+ if(OXS_TRANSFORM_TYPE_NODE == output_dtype ){
+ serialized_node = AXIOM_NODE_TO_STRING((axiom_node_t*)tr_output, env);
+ }else if(OXS_TRANSFORM_TYPE_CHAR == output_dtype){
+ serialized_node = (axis2_char_t*)tr_output;
+ }else{
+ /*Error*/
}
+ }else{
+ /*No transforms defined. Thus we simply direct the node, to make the digest*/
+ serialized_node = AXIOM_NODE_TO_STRING(node, env);
}
- /*Serialize node*/
- serialized_node = AXIOM_NODE_TO_STRING(node, env);
+ /*TODO Check digest type. We support SHA-1 only*/
+ digest = openssl_sha1(env, serialized_node, axis2_strlen(serialized_node));
+
+ return digest;
+}
+
+/*parent is ds:SignedInfo*/
+static axis2_status_t
+oxs_xml_sig_build_reference(const axis2_env_t *env,
+ axiom_node_t *parent,
+ oxs_sign_part_t *sign_part)
+{
+ axis2_char_t *digest = NULL;
+ axis2_char_t *digest_mtd = NULL;
+ axis2_char_t *ref_id = NULL;
+ axis2_char_t *id = NULL;
+ axis2_array_list_t *transforms = NULL;
+ axiom_node_t *node = NULL;
+ axiom_node_t *reference_node = NULL;
+ axiom_node_t *digest_value_node = NULL;
+ axiom_node_t *digest_mtd_node = NULL;
+ int i=0;
+
+ /*Get the node to digest*/
+ node = oxs_sign_part_get_node(sign_part, env);
+
+ /*Get the reference ID from the node and hence to the ds:Reference node*/
+ id = oxs_axiom_get_attribute_value_of_node_by_name(env, node, "wsu:Id");
- /*Make digest.*/
+ ref_id = AXIS2_STRACAT("#", id, env);/* <ds:Reference URI="#id">*/
+ reference_node = oxs_token_build_ds_reference_element(env, parent ,NULL, ref_id, NULL);
+
+ /*Get transforms if any*/
+ transforms = oxs_sign_part_get_transforms(sign_part, env);
+ /*Get the digest method*/
digest_mtd = oxs_sign_part_get_digest_mtd(sign_part, env);
- digest = openssl_sha1(env, serialized_node, axis2_strlen(serialized_node));
+ /*Transform and Digest*/
+ digest = oxs_xml_sig_transform_n_digest(env, node, transforms, digest_mtd);
+
+ /*Build ds:Transforms node and its children*/
+ if((transforms) && (0 < AXIS2_ARRAY_LIST_SIZE(transforms, env))){
+ axiom_node_t *transforms_node = NULL;
+
+ transforms_node = oxs_token_build_transforms_element(env, reference_node);
+ for (i = 0; i < AXIS2_ARRAY_LIST_SIZE(transforms, env); i++){
+ oxs_transform_t *tr = NULL;
+ axis2_char_t *tr_id = NULL;
+
+ /*Get the ith transform*/
+ tr = (oxs_transform_t*)AXIS2_ARRAY_LIST_GET(transforms, env, i);
+ tr_id = oxs_transform_get_id(tr, env);
+ oxs_token_build_transform_element(env, transforms_node, tr_id);
+ }
+ }
/*Construct nodes*/
digest_mtd_node = oxs_token_build_digest_method_element(env, reference_node, digest_mtd);
digest_value_node = oxs_token_build_digest_value_element(env, reference_node, digest);
@@ -478,6 +514,7 @@
axis2_char_t *id = NULL;
axis2_char_t *digest_mtd = NULL;
axis2_char_t *digest_val = NULL;
+ axis2_char_t *new_digest = NULL;
axiom_node_t *node = NULL;
axis2_array_list_t *transforms = NULL;
axis2_status_t status = AXIS2_FAILURE;
@@ -491,10 +528,16 @@
AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] Verifying signature part %s ", id );
/*Do transforms to the node*/
-
- /*Make the digest*/
+ new_digest = oxs_xml_sig_transform_n_digest(env, node, transforms, digest_mtd);
- /*Compare the value*/
+ /*Compare values*/
+ if(0 == axis2_strcmp(new_digest, digest_val)){
+ AXIS2_LOG_INFO(env->log, "[oxs][xml_sig] Digest verification success for node Id= %s ", id );
+ status = AXIS2_SUCCESS;
+ }else{
+ oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Digest verification failed for node Id= %s ", id );
+ status = AXIS2_FAILURE;
+ }
return status;
}
@@ -540,8 +583,15 @@
}
/*At this point we have a ready to process signature context. So why wait...? Verify*/
- /*First step is to Verify the integrity of the message by comparing the digest values of each and every reference.*/
+ /*First step is to Verify the integrity of the signed parts by comparing the digest values of each and every reference.*/
status = oxs_xml_sig_verify_digests(env, sign_ctx);
+ if(AXIS2_FAILURE == status){
+ return AXIS2_FAILURE;
+ }
+
+ /*At this point we have compared the digest. Next step is to compare the Signature value */
+ /*TODO*/
+
return AXIS2_SUCCESS;
}
Modified: webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c?view=diff&rev=511752&r1=511751&r2=511752
==============================================================================
--- webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c (original)
+++ webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c Mon Feb 26 00:40:53 2007
@@ -62,13 +62,6 @@
-axis2_env_t *test_init()
-{
- axis2_allocator_t *allocator = axis2_allocator_init(NULL);
- axis2_error_t *error = (axis2_error_t*)axis2_error_create(allocator);
- axis2_env_t *env = axis2_env_create_with_error(allocator, error);
- return env;
-}
axis2_status_t verify(axis2_env_t *env,
axis2_char_t *filename,
@@ -147,7 +140,7 @@
return -1;
}
- env = axis2_env_create_all("echo.log", AXIS2_LOG_LEVEL_TRACE);
+ env = axis2_env_create_all("./oxs.log", AXIS2_LOG_LEVEL_TRACE);
printf("--Testing started--------------------------------------------\n");
tmpl = load_sample_xml(env , tmpl, filename);
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org