Author: kaushalye
Date: Tue Nov 20 04:05:11 2007
New Revision: 596638
URL: http://svn.apache.org/viewvc?rev=596638&view=rev
Log:
1. Removing the old sec header processor.
2. Updating the tun all script to include newly introduced scenarios.
Modified:
webservices/rampart/trunk/c/samples/secpolicy/run_all.sh
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
Modified: webservices/rampart/trunk/c/samples/secpolicy/run_all.sh
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/run_all.sh?rev=596638&r1=596637&r2=596638&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/run_all.sh (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/run_all.sh Tue Nov 20
04:05:11 2007
@@ -4,7 +4,7 @@
_PORT=9090
_SLEEP=3
#You may change these to scenarios u need to run
-_LST="1 2 3 4 5 6 7"
+_LST="1 2 3 4 5 6 7 8 9 10 11"
if [ $# -eq 1 ]
then
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=596638&r1=596637&r2=596638&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
(original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Tue Nov
20 04:05:11 2007
@@ -71,33 +71,6 @@
return id;
}
-/*Process a KeyInfo and return the referred node*/
-#if 0
-static axiom_node_t*
-rampart_shp_process_key_info_for_ref(const axutil_env_t *env,
- axiom_node_t *key_info_node,
- axiom_node_t *root_node)
-{
- axiom_node_t *refed_node = NULL;
- axis2_char_t *id = NULL;
-
- id = rampart_shp_process_key_info_for_ref_val(env, key_info_node);
- /*Search for an element with the val(@wsu:Id)[EMAIL PROTECTED]/
- refed_node = oxs_axiom_get_node_by_id(env, root_node, OXS_ATTR_ID, id,
OXS_WSU_XMLNS);
- if(!refed_node){
- /*Search for an element with the val(@Id)[EMAIL PROTECTED]/
- refed_node = oxs_axiom_get_node_by_id(env, root_node, OXS_ATTR_ID,
id, NULL);
- /*If we still cannot find its an error*/
- if(!refed_node){
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][shp] Node cannot
be found with the Id=%s.", id);
- return NULL;
- }
- }
-
- return refed_node;
-}
-#endif
-
static axis2_bool_t
rampart_shp_validate_qnames(const axutil_env_t *env,
axiom_node_t *node)
@@ -1448,395 +1421,4 @@
}
return AXIS2_SUCCESS;
}
-
-#if 0
-AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_shp_process_message(const axutil_env_t *env,
- axis2_msg_ctx_t *msg_ctx,
- rampart_context_t *rampart_context,
- axiom_soap_envelope_t *soap_envelope,
- axiom_node_t *sec_node)
-{
- axiom_node_t *cur_node = NULL;
- axis2_status_t status = AXIS2_FAILURE;
- axis2_bool_t signature_protection = AXIS2_FALSE;
-
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing security header");
-
- if(((rampart_context_get_binding_type(rampart_context, env)) ==
RP_PROPERTY_ASYMMETRIC_BINDING) ||
- ((rampart_context_get_binding_type(rampart_context, env)) ==
RP_PROPERTY_SYMMETRIC_BINDING) )
- {
- /*If the signature should be encrypted?*/
- signature_protection = rampart_context_is_encrypt_signature(
- rampart_context, env);
-
- /*If the encrypttion occured before the signature.
-----------------------------------------------------------------*/
- if(rampart_context_is_encrypt_before_sign(rampart_context, env))
- {
- /*If enc -> sig -> enc(sig)*/
- if(signature_protection)
- {
- axiom_node_t *ref_list_node = NULL;
- /*Get EncryptedKey node*/
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY, OXS_ENC_NS, NULL);
- if(!cur_node)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] No
Encrypted Key element.");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_FAILED_CHECK,
- "Signature is not
encrypted.", RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
- return AXIS2_FAILURE;
- }
-
- if(!rampart_shp_validate_qnames(env, cur_node))
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp]
Error in the Encrypted key element");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_FAILED_CHECK,
- "Error in the Encrypted key
element ", RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
- return AXIS2_FAILURE;
- }
- /*Process the EncryptedKey node*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process
EncryptedKey");
- status = rampart_shp_process_encrypted_key(env, msg_ctx,
rampart_context, soap_envelope, sec_node, cur_node);
- if(status != AXIS2_SUCCESS)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp]
Encrypted key processing failed.");
- return status;
- }
- /*Get the reference list node*/
- ref_list_node = oxs_axiom_get_first_child_node_by_name(
- env, cur_node, OXS_NODE_REFERENCE_LIST,
OXS_ENC_NS, NULL);
- axiom_node_detach(ref_list_node, env);
- axiom_node_free_tree(ref_list_node, env);
- ref_list_node = NULL;
- }
- /*If enc -> sig AND signature is not encrypted. First we should
verify signature.*/
- if(rampart_context_check_whether_to_sign(rampart_context, env))
- {
- /*Get the Signature node*/
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
- /*cur_node = oxs_axiom_get_node_by_local_name(env, sec_node,
OXS_NODE_SIGNATURE);*/
- if(!cur_node)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] No
Signature element");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY, "Message is not signed ",
- RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
- return AXIS2_FAILURE;
- }
-
- if(!rampart_shp_validate_qnames(env, cur_node))
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Error in the Signature
element");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_FAILED_CHECK,
- "Error in the Signature
element ", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
- return AXIS2_FAILURE;
- }
- /*Process Signature node*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature
element.");
- status = rampart_shp_process_signature(
- env, msg_ctx, rampart_context, soap_envelope,
sec_node, cur_node);
-
- if(status != AXIS2_SUCCESS)
- {
- if(!axis2_msg_ctx_get_fault_soap_envelope(msg_ctx, env))
- {
- rampart_create_fault_envelope(
- env, RAMPART_FAULT_INVALID_SECURITY, "Signature is
not valid", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
- return status;
- }else{
- return status;
- }
- }
- }else{
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
- /*cur_node = oxs_axiom_get_node_by_local_name(env, sec_node,
OXS_NODE_SIGNATURE);*/
- if(cur_node)
- {
- /*No need signature but somebody has signed. ERROR*/
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp]
policy does not specify signature");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY, "Policy does not specify signature ",
-
RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
- return AXIS2_FAILURE;
- }else{
- status = AXIS2_SUCCESS;
- }
- }
-
- /*Check if we need to decrypt*/
- if(rampart_context_check_whether_to_encrypt(rampart_context, env))
- {
- if(!signature_protection)
- {
-
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY, OXS_ENC_NS, NULL);
- if(!cur_node)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shp] No Encrypted Key element.");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_FAILED_CHECK,
- "Signature is not
encrypted.", RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
- return AXIS2_FAILURE;
- }
-
- if(!rampart_shp_validate_qnames(env, cur_node))
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shp] Error in the Encrypted key element");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_FAILED_CHECK,
- "Error in the Encrypted
key element ", RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
- return AXIS2_FAILURE;
- }
-
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process
EncryptedKey");
- status = rampart_shp_process_encrypted_key(env, msg_ctx,
rampart_context, soap_envelope, sec_node, cur_node);
-
- if(status != AXIS2_SUCCESS)
- {
- if(!axis2_msg_ctx_get_fault_soap_envelope(msg_ctx,
env))
- {
- rampart_create_fault_envelope(
- env, RAMPART_FAULT_INVALID_SECURITY,
"Encryption key processing failed.",
- RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
- }
- return status;
- }
- }else{
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL);
- if(!cur_node)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Protection order is
wrong or Signature not encrypted.");
- rampart_create_fault_envelope(
- env, RAMPART_FAULT_INVALID_SECURITY, "Protection
order is wrong or Signature is not encrypted. ",
- RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
-
- return AXIS2_FAILURE;
- }
- status = rampart_shp_process_reference_list(env, msg_ctx,
- rampart_context, soap_envelope, sec_node,
cur_node);
-
- if(status != AXIS2_SUCCESS)
- {
- rampart_create_fault_envelope(
- env, RAMPART_FAULT_INVALID_SECURITY, "Error in
processing ref list. ",
- RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
-
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Error in processing
ref list.");
- return status;
- }
- }
- }
- else
- {
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY, OXS_ENC_NS, NULL);
- if(cur_node)
- {
- AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not
specify encryption.");
- return AXIS2_FAILURE;
- }
- else
- status = AXIS2_SUCCESS;
- }
- }else /*Sign -> Enc. The easy
way------------------------------------------------------------------------------>-*/
- {
- /*We should decrypt the message first*/
- if(rampart_context_check_whether_to_encrypt(rampart_context,env))
- {
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY, OXS_ENC_NS, NULL);
- if(!cur_node)
- {
- AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key
element");
- return AXIS2_FAILURE;
- }
- if(!rampart_shp_validate_qnames(env,cur_node))
- {
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the
security header");
- return AXIS2_FAILURE;
- }
- /*If the signature is encrypted*/
- if(signature_protection)
- {
- if(oxs_axiom_get_first_child_node_by_name(env, sec_node,
OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL))
- /*if(oxs_axiom_get_node_by_local_name(env, sec_node,
OXS_NODE_SIGNATURE))*/
- {
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Signature is
not Encrypted.");
- return AXIS2_FAILURE;
- }
- }
-
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process
EncryptedKey");
- status = rampart_shp_process_encrypted_key(env,msg_ctx,
rampart_context, soap_envelope, sec_node, cur_node);
- if(status!=AXIS2_SUCCESS){
- return AXIS2_FAILURE;
- }
-
- /*Now process the Reference List. if any*/
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Process
ReferenceList");
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL);
- if(cur_node)
- {
- status = rampart_shp_process_reference_list(env, msg_ctx,
- rampart_context, soap_envelope, sec_node,
cur_node);
- if(status!=AXIS2_SUCCESS){
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shp] ReferenceList processing failed");
- return AXIS2_FAILURE;
- }
- }
-
- }else{/*No decryption needed*/
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY, OXS_ENC_NS, NULL);
- if(cur_node)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp]
policy does not specify Encryption");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY,
- "Policy does not specify
Encryption. ", RAMPART_FAULT_IN_ENCRYPTED_KEY, msg_ctx);
- }else{
- status = AXIS2_SUCCESS;;
- }
- }
-
- /*After decrypting we may verify signature stuff.*/
- if(rampart_context_check_whether_to_sign(rampart_context, env))
- {
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
- if(!cur_node)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] No Signature element");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY,
- "Message is not signed ",
RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
-
- return AXIS2_FAILURE;
- }
-
- if(!rampart_shp_validate_qnames(env, cur_node))
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Error in the Signature
element");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_FAILED_CHECK,
- "Error in the Signature
element ", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
- return AXIS2_FAILURE;
- }
-
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing Signature
element.");
-
- status = rampart_shp_process_signature(env, msg_ctx,
- rampart_context,
soap_envelope, sec_node, cur_node);
-
- if(status != AXIS2_SUCCESS)
- {
- if(!axis2_msg_ctx_get_fault_soap_envelope(msg_ctx, env))
- {
- rampart_create_fault_envelope(
- env, RAMPART_FAULT_INVALID_SECURITY, "Signature is
not valid",
- RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
- return status;
- }
- else
- {
- return status;
- }
- }
- }
-
- else
- {
- cur_node = oxs_axiom_get_first_child_node_by_name(env,
sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
- if(cur_node)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] policy does not specify
signature");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY,
- "Policy does not specify
signature ", RAMPART_FAULT_IN_SIGNATURE, msg_ctx);
- }
- else
- {
- status = AXIS2_SUCCESS;
- }
- }
- }
- /*Now we can process timestamp*/
-
- status = rampart_shp_process_timestamptoken(
- env, msg_ctx, rampart_context, sec_node);
-
- if(status != AXIS2_SUCCESS)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Timestamp Processing failed.");
- return status;
- }
-
- if(axis2_msg_ctx_get_server_side(msg_ctx, env))
- {
- status = rampart_shp_process_usernametoken(
- env, msg_ctx, rampart_context, sec_node);
-
- if(status != AXIS2_SUCCESS)
- {
- return status;
- }
- }
-
- /*Now detect replays*/
- status = rampart_shp_detect_replays(env, msg_ctx, rampart_context,
soap_envelope, sec_node);
-
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element
processing, DONE ");
- /*Do the action accordingly*/
- return AXIS2_SUCCESS;
- }
-/*
- else if((rampart_context_get_binding_type(rampart_context, env))
- == RP_PROPERTY_SYMMETRIC_BINDING)
- {
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
- "Symmetric binding is not supported.",
RAMPART_FAULT_IN_POLICY, msg_ctx);
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "Symmetric binding is not supported");
- return AXIS2_FAILURE;
- }
-*/
- else if((rampart_context_get_binding_type(rampart_context, env)) ==
- RP_PROPERTY_TRANSPORT_BINDING)
- {
- axis2_status_t status = AXIS2_FAILURE;
-
- status = rampart_shp_process_timestamptoken(
- env, msg_ctx, rampart_context, sec_node);
-
- if(status != AXIS2_SUCCESS)
- {
- return status;
- }
-
- if( axis2_msg_ctx_get_server_side(msg_ctx, env))
- {
- status = rampart_shp_process_usernametoken(
- env, msg_ctx, rampart_context, sec_node);
-
- if(status!=AXIS2_SUCCESS)
- {
- return status;
- }
- }
-
- /*Now detect replays*/
- status = rampart_shp_detect_replays(env, msg_ctx, rampart_context,
soap_envelope, sec_node);
-
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element
processing, DONE ");
- /*Do the action accordingly*/
- return AXIS2_SUCCESS;
-
- }
- else
- {
- rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
- "Unsupportive binding type.",
RAMPART_FAULT_IN_POLICY, msg_ctx);
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][shp] Unsupportive binding type.");
- return AXIS2_FAILURE;
- }
-
-}
-#endif
-
