Author: kaushalye
Date: Mon Nov 19 01:51:10 2007
New Revision: 596238
URL: http://svn.apache.org/viewvc?rev=596238&view=rev
Log:
Symmetric binding, seacurity header processing
Modified:
webservices/rampart/trunk/c/include/oxs_axiom.h
webservices/rampart/trunk/c/include/oxs_tokens.h
webservices/rampart/trunk/c/src/omxmlsec/axiom.c
webservices/rampart/trunk/c/src/omxmlsec/derivation.c
webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c
webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference_list.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
Modified: webservices/rampart/trunk/c/include/oxs_axiom.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_axiom.h?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_axiom.h (original)
+++ webservices/rampart/trunk/c/include/oxs_axiom.h Mon Nov 19 01:51:10 2007
@@ -152,6 +152,12 @@
oxs_axiom_interchange_nodes(const axutil_env_t *env,
axiom_node_t *node_to_move,
axiom_node_t *node_before);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ oxs_axiom_add_as_the_first_child(const axutil_env_t *env,
+ axiom_node_t *parent,
+ axiom_node_t *child);
+
/** @} */
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/include/oxs_tokens.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_tokens.h?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_tokens.h (original)
+++ webservices/rampart/trunk/c/include/oxs_tokens.h Mon Nov 19 01:51:10 2007
@@ -291,7 +291,7 @@
/**
* Creates <xenc:DataReference> elements under <xenc:ReferenceList>
element
*/
- AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_token_build_data_reference_list(
const axutil_env_t * env,
axiom_node_t * parent,
Modified: webservices/rampart/trunk/c/src/omxmlsec/axiom.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/axiom.c?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/axiom.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/axiom.c Mon Nov 19 01:51:10 2007
@@ -425,3 +425,16 @@
return status;
}
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_axiom_add_as_the_first_child(const axutil_env_t *env,
+ axiom_node_t *parent,
+ axiom_node_t *child)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+ axiom_node_t *first_child = NULL;
+
+ first_child = axiom_node_get_first_child(parent, env);
+ status = axiom_node_insert_sibling_before(first_child, env, child);
+
+ return status;
+}
Modified: webservices/rampart/trunk/c/src/omxmlsec/derivation.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/derivation.c?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/derivation.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/derivation.c Mon Nov 19 01:51:10
2007
@@ -160,7 +160,7 @@
offset_token = oxs_token_build_offset_element(env, dk_token, offset);
}
/*Create length*/
- length = oxs_key_get_size(derived_key, env);
+ length = oxs_key_get_length(derived_key, env);
if(length > 0){
length_token = oxs_token_build_length_element(env, dk_token, length);
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/openssl/hmac.c Mon Nov 19 01:51:10
2007
@@ -182,6 +182,7 @@
if (!length)
{
length = OPENSSL_DEFAULT_KEY_LEN_FOR_PSHA1;
+ oxs_key_set_length(derived_key, env, length);
}
label_and_seed = oxs_buffer_create(env);
Modified: webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference_list.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference_list.c?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference_list.c
(original)
+++ webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference_list.c Mon
Nov 19 01:51:10 2007
@@ -47,18 +47,18 @@
return reference_list_node;
}
-AXIS2_EXTERN axis2_status_t AXIS2_CALL
+AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_token_build_data_reference_list(const axutil_env_t *env, axiom_node_t
*parent, axutil_array_list_t *id_list)
{
axiom_node_t *ref_list_node = NULL;
int i=0;
if(!id_list){
- return AXIS2_SUCCESS;
+ return NULL;
}
/*Build the ReferenceList element*/
ref_list_node = oxs_token_build_reference_list_element(env, parent);
- if(!ref_list_node) {return AXIS2_FAILURE;}
+ if(!ref_list_node) {return NULL;}
/*Build the list*/
for(i=0 ; i < axutil_array_list_size(id_list, env); i++){
@@ -70,11 +70,11 @@
data_ref_node = oxs_token_build_data_reference_element(env,
ref_list_node, id);
AXIS2_FREE(env->allocator, id);
- if(!data_ref_node) {return AXIS2_FAILURE;}
+ if(!data_ref_node) {return NULL;}
}
- return AXIS2_SUCCESS;
+ return ref_list_node;
}
AXIS2_EXTERN axutil_array_list_t *AXIS2_CALL
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Mon Nov 19
01:51:10 2007
@@ -224,6 +224,7 @@
axis2_char_t *asym_key_id = NULL;
axiom_node_t *encrypted_key_node = NULL;
axiom_node_t *sig_node = NULL;
+ axiom_node_t *data_ref_list_node = NULL;
axis2_bool_t use_derived_keys = AXIS2_TRUE;
axis2_bool_t server_side = AXIS2_FALSE;
rp_property_t *token = NULL;
@@ -397,6 +398,7 @@
/*OK Buddy we have already created EncryptedKey node. Get the Id */
asym_key_id = oxs_axiom_get_attribute_value_of_node_by_name(env,
encrypted_key_node, OXS_ATTR_ID, NULL);
}
+
/*Add used <wsc:DerivedKeyToken> elements to the header*/
for(j=0 ; j < axutil_array_list_size(dk_list, env); j++){
oxs_key_t *dk = NULL;
@@ -405,21 +407,23 @@
/*Build the <wsc:DerivedKeyToken> element*/
if(dk){
- oxs_derivation_build_derived_key_token(env, dk, sec_node,
asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
+ axiom_node_t *dk_node = NULL;
+ dk_node = oxs_derivation_build_derived_key_token(env, dk,
sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
}
- /*Do we need derived keys? Can we free 'em here?*/
+ /*We will free DK here*/
oxs_key_free(dk, env);
dk = NULL;
}/*End of For loop of dk_list iteration*/
+ /*Add ReferenceList element to the Security header*/
+ data_ref_list_node = oxs_token_build_data_reference_list(env, sec_node,
id_list);
+
/*Free derrived key list*/
axutil_array_list_free(dk_list, env);
dk_list = NULL;
- /*Add ReferenceList element to the Security header*/
- status = oxs_token_build_data_reference_list(env, sec_node, id_list);
-
+
return status;
}
@@ -759,6 +763,7 @@
axiom_node_t *encrypted_key_node = NULL;
axiom_node_t *temp_node = NULL;
axiom_node_t *node_to_move = NULL;
+ axiom_node_t *ref_list_node = NULL;
axis2_bool_t use_derived_keys = AXIS2_TRUE;
axis2_bool_t server_side = AXIS2_FALSE;
rp_property_t *token = NULL;
@@ -861,9 +866,9 @@
axutil_array_list_add(id_list, env, id);
- enc_status = oxs_token_build_data_reference_list(
+ ref_list_node = oxs_token_build_data_reference_list(
env, encrypted_key_node, id_list);
- if(enc_status != AXIS2_SUCCESS)
+ if(!ref_list_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][rampart_encryption]Encrypting
signature,Building reference list failed");
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=596238&r1=596237&r2=596238&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Mon Nov
19 01:51:10 2007
@@ -47,47 +47,6 @@
axis2_status_t status = AXIS2_FAILURE;
axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
-#if 0
- if(rampart_context_is_include_timestamp(rampart_context,env))
- {
- int ttl = -1;
- /*ttl = RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE;*/
- ttl = rampart_context_get_ttl(rampart_context,env);
- AXIS2_LOG_INFO(env->log, "[rampart][shb] Sym binding, building
Timestamp Token using timeToLive value %d", ttl);
-
- status = rampart_timestamp_token_build(env,
- sec_node, sec_ns_obj, ttl);
- if (status == AXIS2_FAILURE)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Sym
binding, Timestamp Token build failed. ERROR");
- return AXIS2_FAILURE;
- }
- }
-
- /*User name tokens includes in messages sent from client to server*/
- if(!axis2_msg_ctx_get_server_side(msg_ctx,env))
- {
- if(rampart_context_is_include_username_token(rampart_context,env))
- {
-
- /*Now we are passing rampart_context here so inside this method
- relevant parameters are extracted. */
-
- AXIS2_LOG_INFO(env->log, "[rampart][shb] Sym binding, building
UsernmaeToken");
- status =rampart_username_token_build(
- env,
- rampart_context,
- sec_node,
- sec_ns_obj);
- if (status == AXIS2_FAILURE)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shb] Sym binding, UsernmaeToken
build failed. ERROR");
- return AXIS2_FAILURE;
- }
- }
- }
-#endif
/*Check the encryption and signature order*/
if(rampart_context_is_encrypt_before_sign(rampart_context, env))
@@ -127,7 +86,7 @@
}else{ /*Sign before encrypt*/
is_encrypt_before_sign = AXIS2_FALSE;
- /*TODO First do signature specific stuff using Symmetric key*/
+ /*First do signature specific stuff using Symmetric key*/
status = rampart_sig_sign_message(env, msg_ctx, rampart_context,
soap_envelope, sec_node);
if(status != AXIS2_SUCCESS)
{
@@ -144,8 +103,6 @@
return AXIS2_FAILURE;
}
}
- /*If there is an EncryptedKey attache it as the first child*/
- /*status = rampart_shb_make_enc_key_the_first_child(env, sec_node);*/
status = AXIS2_SUCCESS;
