Excellent, the following code works fine. Thanks very much for your help. -----
rp_secpolicy_t* policy = rp_secpolicy_builder_build( axisEnv, policy ); rampart_context_t* context = rampart_context_create( axisEnv ); rampart_context_set_secpolicy( context, axisEnv, policy ); axis2_char_t* filename = rampart_context_get_certificate_file( context, axisEnv ); rampart_context_free( context, axisEnv ); X509* cert = NULL; openssl_x509_load_from_pem( axisEnv, filename, &cert ); ----- Cheers, Jamie > -----Original Message----- > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > Sent: 15 August 2007 10:16 > To: Apache AXIS C User List > Subject: RE: [Rampart/C | Neethi/C] Possible to get the > currentx509securitycertificate from a policy? > > Hi Jamie, > > See my comments in line. > > On Tue, 2007-08-14 at 12:38 +0100, Jamie Lyon wrote: > > Thanks, that part is fine -- there's some very useful helper functions > > there. > > > > My primary question however is that in my policy.xml I've got: > > <rampc:RampartConfig > > xmlns:rampc="http://ws.apache.org/rampart/c/policy"> > > <rampc:Certificate>/my/path/mycert.pem</rampc:Certificate> > > <rampc:PrivateKey>/my/path/mykey.pem</rampc:PrivateKey> > > </rampc:RampartConfig> > > > > This works fine, and the correct certificates/keys are included in > > rampart, but I can't work out how, in code, to get the filenames listed > > in policy.xml. This is why I mention neethi -- I want to be able to > > access some of the information in that loaded policy, but I can't seem > > to work out the correct way of doing so. > > > > In pseudo-code, this is what I'd like to be able to do: > > neethi_policy_t* policy = neethi_util_create_policy_from_file( axisEnv, > > filename ); > Security policy extension creates a secpolicy object from this policy > object using rp_secpolicy_builder_build() method in > neethi/secpolicy/builder/secpolicy_builder.c > > Then this secpolicy is stored in a struct called rampart_context which > keeps all the rampart configurations. > > > > > ///*************** This line is what I need to be able to do******** > > char* certFilename = get_certificate_filename_from_policy( policy ); > > ///***************************************************************** > So to get the certFilename you need to call the following function in > the rampart context.(rampart/src/util/rampart_context.c) > rampart_context_get_certificate_file() > > > > X509* cert; > > openssl_x509_load_from_pem( axisEnv, certFilename, &cert ); > > > > Thanks, > > Jamie > > > > > -----Original Message----- > > > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > > > Sent: 14 August 2007 12:21 > > > To: Apache AXIS C User List > > > Subject: RE: [Rampart/C | Neethi/C] Possible to get the > > > currentx509security certificate from a policy? > > > > > > On Tue, 2007-08-14 at 09:34 +0100, Jamie Lyon wrote: > > > > > > Hi Jamie, > > > > > > Neethi/C Security policy extension is for building and ordering the > > > security header. It has nothing to do with the content of the payload. > > > So in your requirement to include the security token in the payload > > You > > > need to do it in your own. You can use OpenSSL directly to read from > > > certficate or can use methods in rampart/src/omxmlsec/openssl > > > seperately. please see rampart/src/omxmlsec/openssl/x509.C to get an > > > idea of using openssl functions. > > > > > > Thanks > > > -Manjula. > > > > > > > > > > > > > Sorry for not being overly clear. > > > > > > > > Basically I've loaded a policy using: > > > > neethi_policy* policy = neethi_util_create_policy_from_file( > > axisEnv, > > > > fileName ); > > > > > > > > Then applied it to the service client using: > > > > axis2_svc_client_set_policy( svcClient, axisEnv, policy ); > > > > > > > > Now if possible I would like to be able to get the OpenSSL > > structures > > > > (i.e. the struct named 'X509'); or just some way of obtaining the > > > > subject DN and certificate string from the certificate in that > > policy. > > > > > > > > I suppose the filename of that certificate would also suffice, as I > > > > could then load it in manually, though a pre-loaded one would be > > > > preferable. > > > > > > > > The ultimate goal is to access the current security token to include > > it > > > > in my message payload (not as part of the security header, or > > > > ws-security, which is why I was wary about mentioning rampart). > > > > > > > > Hopefully that clears things up :) > > > > > > > > Cheers, > > > > Jamie > > > > > > > > > > > > > -----Original Message----- > > > > > From: Manjula Peiris [mailto:[EMAIL PROTECTED] > > > > > Sent: 14 August 2007 05:01 > > > > > To: Apache AXIS C User List > > > > > Subject: Re: [Rampart/C | Neethi/C] Possible to get the current > > > > > x509security certificate from a policy? > > > > > > > > > > Hi Jamie, > > > > > > > > > > Please see my comments inline. BTW Your requirement is not very > > clear. > > > > > Can you please emphasize more on this. > > > > > > > > > > > > > > > On Mon, 2007-08-13 at 16:51 +0100, Jamie Lyon wrote: > > > > > > Hi, > > > > > > > > > > > > > > > > > > > > > > > > Is it possible to get the OpenSSL construct (or some other form) > > of > > > > > > policy out of the current neethi policy? > > > > > OpenSSL functions are called from Rampart/C, not through Neethi. > > Here > > > > > what do You mean by OpenSSL construct of policy? > > > > > > > > > > > > > > > > I'm basically trying to get the subjectDN and base64 encoded > > cert to > > > > > > include in my message. I can encode the data to a base64 string > > from > > > > a > > > > > > char array, so no worries there, so long as I can somehow access > > the > > > > > > data. > > > > > If you have the buffer containing the base64 string of the key you > > can > > > > > attached it to the message by setting it in the rampart_context. > > You > > > > can > > > > > use the following functions, > > > > > > > > > > rampart_context_set_certificate() and > > > > > rampart_context_set_certificate_type. > > > > > > > > > > But to do this you need to create a rampart_context outside of > > rampart > > > > > and set it as a value in a axis2_parameter called > > > > RAMPART_CONFIGURATION. > > > > > Otherwise you need to change the code. > > > > > > > > > > -Manjula > > > > > > > > > > > > > > > > > > > > > > > > Any suggestions are highly welcome. > > > > > > > > > > > > > > > > > > > > > > > > Cheers, > > > > > > Jamie > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]