You are viewing a plain text version of this content. The canonical link for it is here.
Posted to rampart-dev@ws.apache.org by ka...@apache.org on 2007/05/25 09:53:14 UTC
svn commit: r541577 - in /webservices/rampart/trunk/c: include/
samples/secpolicy/scenario9/ src/util/
Author: kaushalye
Date: Fri May 25 00:53:13 2007
New Revision: 541577
URL: http://svn.apache.org/viewvc?view=rev&rev=541577
Log:
Using valid duration specied in user policies for the Replay detection
Modified:
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/include/rampart_replay_detector.h
webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml
webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml
webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?view=diff&rev=541577&r1=541576&r2=541577
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Fri May 25 00:53:13 2007
@@ -115,7 +115,7 @@
#define RAMPART_STR_ENCRYPTED_KEY OXS_STR_ENCRYPTED_KEY
#define RAMPART_RD_DB_PROP "Rampart_RD_DB_Prop"
-
+#define RAMPART_RD_DEF_VALID_DURATION 60
#ifdef __cplusplus
}
#endif
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?view=diff&rev=541577&r1=541576&r2=541577
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Fri May 25 00:53:13 2007
@@ -37,6 +37,8 @@
{
#endif
+ typedef struct rampart_context_t rampart_context_t;
+
typedef axis2_char_t *(AXIS2_CALL*
password_callback_fn)(const axutil_env_t *env,
const axis2_char_t *username,
@@ -44,7 +46,8 @@
typedef axis2_status_t (AXIS2_CALL*
rampart_is_replayed_fn)(const axutil_env_t *env,
- axis2_msg_ctx_t* msg_ctx);
+ axis2_msg_ctx_t* msg_ctx,
+ rampart_context_t *rampart_context);
typedef rampart_authn_provider_status_t (AXIS2_CALL*
auth_password_func)(const axutil_env_t* env,
@@ -58,7 +61,6 @@
const axis2_char_t *created,
const char *digest);
- typedef struct rampart_context_t rampart_context_t;
/**
Modified: webservices/rampart/trunk/c/include/rampart_replay_detector.h
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_replay_detector.h?view=diff&rev=541577&r1=541576&r2=541577
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_replay_detector.h (original)
+++ webservices/rampart/trunk/c/include/rampart_replay_detector.h Fri May 25 00:53:13 2007
@@ -26,6 +26,7 @@
#include <axutil_env.h>
#include <axis2_msg_ctx.h>
#include <axis2_conf_ctx.h>
+#include <rampart_context.h>
#ifdef __cplusplus
extern "C"
{
@@ -78,7 +79,8 @@
/*The default impl for RRD*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_replay_detector_default(const axutil_env_t *env,
- axis2_msg_ctx_t* msg_ctx);
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context);
AXIS2_EXTERN axutil_hash_t *AXIS2_CALL
rampart_replay_detector_set_default_db(const axutil_env_t *env,
Modified: webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml?view=diff&rev=541577&r1=541576&r2=541577
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario9/client-outgoing-secpolicy.xml Fri May 25 00:53:13 2007
@@ -31,6 +31,7 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
Modified: webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml?view=diff&rev=541577&r1=541576&r2=541577
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario9/service-incoming-secpolicy.xml Fri May 25 00:53:13 2007
@@ -31,6 +31,7 @@
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
+ <sp:IncludeTimestamp/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
@@ -41,7 +42,7 @@
<rampc:Element Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
</rampc:SignedItems>
<rampc:RampartConfig xmlns:rampc="http://ws.apache.org/rampart/c/policy">
- <!--rampc:ReplayDetection>200</rampc:ReplayDetection-->
+ <rampc:ReplayDetection>60</rampc:ReplayDetection>
<rampc:EncryptionUser>b</rampc:EncryptionUser>
<rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
<rampc:Certificate>AXIS2C_HOME/bin/samples/rampart/keys/bhome/b_cert.cert</rampc:Certificate>
Modified: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?view=diff&rev=541577&r1=541576&r2=541577
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Fri May 25 00:53:13 2007
@@ -71,7 +71,7 @@
ts = axutil_hash_get(hash, RAMPART_SPR_TS_CREATED, AXIS2_HASH_KEY_STRING);
return ts;
}
-
+/*
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_replay_detector_is_replayed(const axutil_env_t *env,
const axis2_char_t *msg_id,
@@ -79,20 +79,20 @@
const axis2_char_t *id,
const axis2_char_t *val)
{
- /*If both has the same msg-id and the timestamp its a replay*/
if((0== axutil_strcmp(msg_id, id)) && (0== axutil_strcmp(ts, val))){
return AXIS2_SUCCESS;
}else{
return AXIS2_FALSE;
}
}
+*/
/* ts= the timestamp of the current record
* val= the timestamp of the ith record of the database
* */
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_replay_detector_is_overdue(const axutil_env_t *env,
- const axis2_char_t *ts,
+ int valid_duration,
const axis2_char_t *val)
{
axutil_date_time_comp_result_t res = AXIS2_DATE_TIME_COMP_RES_UNKNOWN;
@@ -100,7 +100,7 @@
axutil_date_time_t *dt2 = NULL;
/*dt1 = axutil_date_time_create(env);*/
- dt1 = axutil_date_time_create_with_offset(env, 5*60); /*To delete records that are 5 mins old*/
+ dt1 = axutil_date_time_create_with_offset(env, valid_duration);
dt2 = axutil_date_time_create(env);
/*axutil_date_time_deserialize_time(dt1, env, ts);*/
@@ -139,14 +139,16 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_replay_detector_default(const axutil_env_t *env,
- axis2_msg_ctx_t* msg_ctx)
+ axis2_msg_ctx_t* msg_ctx,
+ rampart_context_t *rampart_context)
{
axutil_hash_t *hash = NULL;
axutil_hash_index_t *hi = NULL;
const axis2_char_t *msg_id = NULL;
const axis2_char_t *ts = NULL;
const axis2_char_t *xxx = NULL;
-
+ int valid_duration = RAMPART_RD_DEF_VALID_DURATION;
+
msg_id = /*"ABCD"*/axis2_msg_ctx_get_wsa_message_id(msg_ctx, env);
if(!msg_id){
msg_id = "MSG-ID";/*This has to be changed to generate the hash*/
@@ -159,26 +161,34 @@
return AXIS2_FAILURE;
}else{
void *id = NULL; /*Temp record id (of i'th recored)*/
- void *val = NULL; /*Temp time stamp (of i'th recored))*/
+ void *tmp_ts = NULL; /*Temp time stamp (of i'th recored))*/
AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Number of records =%d", axutil_hash_count(hash));
/*If matches ERROR*/
for (hi = axutil_hash_first(hash, env); hi; hi = axutil_hash_next(env, hi)) {
- axutil_hash_this(hi, (const void**)&id, NULL, &val);
- printf("[rampart][rrd] (id, val) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)val);
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] (id, val) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)val);
- /*If replayed, return a FAILRE*/
- if(AXIS2_TRUE == rampart_replay_detector_is_replayed(env, msg_id, ts, id, val)){
+ axutil_hash_this(hi, (const void**)&id, NULL, &tmp_ts);
+ printf("[rampart][rrd] (id, tmp_ts) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)tmp_ts);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] (id, tmp_ts) %s = %s\n", (axis2_char_t*)id, (axis2_char_t*)tmp_ts);
+
+ /*If the table already have the same key it's a replay*/
+ if(AXIS2_TRUE == axutil_hash_contains_key(hash, env, msg_id)){
return AXIS2_FAILURE;
}
+
/*Clean up old records*/
- if(AXIS2_TRUE == rampart_replay_detector_is_overdue(env , ts, val)){
+ if(rampart_context_get_rd_val(rampart_context, env)){
+ valid_duration = axutil_atoi(rampart_context_get_rd_val(rampart_context, env));
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Using the specified valid duration %s\n", valid_duration );
+ }else{
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Using the default valid duration %s\n", valid_duration );
+ }
+ if(AXIS2_TRUE == rampart_replay_detector_is_overdue(env , valid_duration, tmp_ts)){
/*Remove the record*/
- AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] removing record (id, val) = (%s , %s)\n", (axis2_char_t*)id, (axis2_char_t*)val);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] removing record (id, tmp_ts) = (%s , %s)\n", (axis2_char_t*)id, (axis2_char_t*)tmp_ts);
AXIS2_FREE(env->allocator, id);
id = NULL;
- AXIS2_FREE(env->allocator, val);
+ AXIS2_FREE(env->allocator, tmp_ts);
ts = NULL;
}
}/*eof for loop*/
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?view=diff&rev=541577&r1=541576&r2=541577
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Fri May 25 00:53:13 2007
@@ -913,7 +913,7 @@
/*Is replayed*/
rd_fn = rampart_context_get_replay_detect_function(rampart_context, env);
if(rd_fn){
- status = (*rd_fn)(env, msg_ctx);
+ status = (*rd_fn)(env, msg_ctx, rampart_context);
if(status != AXIS2_SUCCESS){
/*Scream .. replayed*/
return AXIS2_FAILURE;