Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=620722&r1=620721&r2=620722&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Tue Feb 12 00:21:23 2008 @@ -34,6 +34,7 @@ #include <axutil_array_list.h> #include <rampart_signature.h> #include <rampart_saml.h> +#include <rampart_issued.h> /*Private functions*/ axis2_status_t AXIS2_CALL @@ -42,7 +43,8 @@ rampart_context_t *rampart_context, axiom_soap_envelope_t *soap_envelope, axiom_node_t *sec_node, - axiom_namespace_t *sec_ns_obj) + axiom_namespace_t *sec_ns_obj, + axutil_array_list_t *sign_parts_list) { axis2_bool_t signature_protection = AXIS2_FALSE; axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE; @@ -81,7 +83,7 @@ return AXIS2_FAILURE; } /*Then Sign the message*/ - status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node); + status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list); if(status != AXIS2_SUCCESS) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -108,7 +110,7 @@ return AXIS2_FAILURE; } /*Then do signature specific things*/ - status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node); + status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list); if(status != AXIS2_SUCCESS){ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Signature failed. ERROR"); @@ -122,7 +124,7 @@ { is_encrypt_before_sign = AXIS2_FALSE; /*First do signature specific stuff*/ - status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node); + status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list); if(status != AXIS2_SUCCESS){ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Signing failed. ERROR"); @@ -194,7 +196,8 @@ rampart_context_t *rampart_context, axiom_soap_envelope_t *soap_envelope, axiom_node_t *sec_node, - axiom_namespace_t *sec_ns_obj) + axiom_namespace_t *sec_ns_obj, + axutil_array_list_t *sign_parts_list) { axis2_status_t status = AXIS2_FAILURE; @@ -218,7 +221,7 @@ } /*2. Sign*/ - status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node); + status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list); if(status != AXIS2_SUCCESS) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -240,7 +243,7 @@ { /*Sign before encrypt*/ /*First do signature specific stuff using Symmetric key*/ - status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node); + status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list); if(status != AXIS2_SUCCESS) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -407,6 +410,11 @@ axiom_node_t *sec_node = NULL; axiom_element_t *sec_ele = NULL; axis2_bool_t server_side = AXIS2_FALSE; + /* + * sign parts list. Moved this up the building process. This was originally + * in the rampart_sig_sign_message + */ + axutil_array_list_t *sign_parts_list = NULL; AXIS2_ENV_CHECK(env,AXIS2_FAILURE); soap_header = axiom_soap_envelope_get_header(soap_envelope, env); soap_header_node = axiom_soap_header_get_base_node(soap_header, env); @@ -435,7 +443,7 @@ sec_ele = (axiom_element_t *) axiom_node_get_data_element(sec_node, env); - + sign_parts_list = axutil_array_list_create(env, 4); /*Timestamp Inclusion*/ if(rampart_context_is_include_timestamp(rampart_context,env)) { @@ -482,9 +490,9 @@ } } - if (rampart_context_is_include_supporting_saml_token(rampart_context, server_side, AXIS2_FALSE, env)) + if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_SAML_TOKEN)) { - status = rampart_saml_supporting_token_build(env, rampart_context, sec_node); + status = rampart_saml_supporting_token_build(env, rampart_context, sec_node, sign_parts_list); if (status == AXIS2_FAILURE) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -494,6 +502,18 @@ } } + if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_ISSUED_TOKEN)) + { + status = rampart_issued_supporting_token_build(rampart_context, env, sec_node, sign_parts_list); + if (status == AXIS2_FAILURE) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][shb] Issued supporting token build failed. ERROR"); + axiom_namespace_free(sec_ns_obj, env); + return AXIS2_FAILURE; + } + } + /*Signature Confirmation support. Only in the server side*/ if(axis2_msg_ctx_get_server_side(msg_ctx,env)){ axis2_bool_t sign_conf_reqd = AXIS2_FALSE; @@ -511,7 +531,7 @@ axis2_status_t status = AXIS2_FAILURE; AXIS2_LOG_INFO(env->log, "[rampart][shb] Asymmetric Binding. "); - status = rampart_shb_do_asymmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj); + status = rampart_shb_do_asymmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj, sign_parts_list); axiom_namespace_free(sec_ns_obj, env); if(AXIS2_FAILURE == status){ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Asymmetric Binding failed"); @@ -533,7 +553,7 @@ /*Do Symmetric_binding specific things*/ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding. "); - status = rampart_shb_do_symmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj); + status = rampart_shb_do_symmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj, sign_parts_list); axiom_namespace_free(sec_ns_obj, env); if(AXIS2_FAILURE == status){ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding failed");
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=620722&r1=620721&r2=620722&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Tue Feb 12 00:21:23 2008 @@ -1562,8 +1562,10 @@ sub_conf = rampart_saml_token_get_subject_confirmation(env, saml_node); if (sub_conf && axutil_strcmp(sub_conf, SAML_SUB_CONFIRMATION_SENDER_VOUCHES) == 0) { - if (!rampart_context_is_include_supporting_saml_token(rampart_context, - !server_side, AXIS2_FALSE, env)) + if (!rampart_context_is_include_supporting_token(rampart_context, env, + !server_side, AXIS2_FALSE, RP_PROPERTY_SAML_TOKEN) && + !rampart_context_is_include_supporting_token(rampart_context, env, + !server_side, AXIS2_FALSE, RP_PROPERTY_ISSUED_TOKEN)) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[Rampart][shp] Unexpected SAML token."); Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=620722&r1=620721&r2=620722&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_signature.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_signature.c Tue Feb 12 00:21:23 2008 @@ -58,7 +58,8 @@ rampart_sig_create_sign_parts(const axutil_env_t *env, rampart_context_t *rampart_context, axutil_array_list_t *nodes_to_sign, - axis2_bool_t server_side); + axis2_bool_t server_side, + axutil_array_list_t *sign_parts_list); oxs_x509_cert_t *AXIS2_CALL @@ -481,7 +482,8 @@ axis2_msg_ctx_t *msg_ctx, rampart_context_t *rampart_context, axiom_soap_envelope_t *soap_envelope, - axiom_node_t *sec_node) + axiom_node_t *sec_node, + axutil_array_list_t *sign_parts_list) { axutil_array_list_t *nodes_to_sign = NULL; axis2_status_t status = AXIS2_FAILURE; @@ -641,9 +643,9 @@ sign_ctx = oxs_sign_ctx_create(env); /* Create the sign parts */ - sign_parts = rampart_sig_create_sign_parts(env, rampart_context, nodes_to_sign, server_side); + rampart_sig_create_sign_parts(env, rampart_context, nodes_to_sign, server_side, sign_parts_list); /* Set which parts to be signed*/ - oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts); + oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts_list); /*Get the binding type. Either symmetric or asymmetric for signature*/ binding_type = rampart_context_get_binding_type(rampart_context,env); @@ -863,11 +865,11 @@ rampart_sig_create_sign_parts(const axutil_env_t *env, rampart_context_t *rampart_context, axutil_array_list_t *nodes_to_sign, - axis2_bool_t server_side) + axis2_bool_t server_side, + axutil_array_list_t *sign_parts) { int i = 0; - axis2_char_t *digest_method = NULL; - axutil_array_list_t *sign_parts = NULL; + axis2_char_t *digest_method = NULL; axiom_node_t *node_to_sign = NULL; axis2_char_t *id = NULL; @@ -875,8 +877,7 @@ oxs_transform_t *tr = NULL; axutil_array_list_t *tr_list = NULL; - digest_method = rampart_context_get_digest_mtd(rampart_context, env); - sign_parts = axutil_array_list_create(env, 0); + digest_method = rampart_context_get_digest_mtd(rampart_context, env); /*Now we should create sign part for each node in the arraylist.*/ for (i=0 ; i < axutil_array_list_size(nodes_to_sign, env); i++) @@ -902,22 +903,22 @@ } } - if (rampart_context_is_include_supporting_saml_token(rampart_context, server_side, AXIS2_FALSE, env)) + /*if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_SAML_TOKEN)) { axiom_element_t *stre = NULL; axiom_node_t *strn = NULL, *assertion = NULL; - axutil_qname_t *qname = NULL; + axutil_qname_t *qname = NULL;*/ /* These properties are guaranteed to exsists. If not we cannot reach this point. */ - rampart_saml_token_t *saml = rampart_context_get_saml_token(rampart_context, env, RP_PROPERTY_SIGNED_SUPPORTING_TOKEN); + /*rampart_saml_token_t *saml = rampart_context_get_saml_token(rampart_context, env, RP_PROPERTY_SIGNED_SUPPORTING_TOKEN); strn = rampart_saml_token_get_str(saml, env); assertion = rampart_saml_token_get_assertion(saml, env); stre = axiom_node_get_data_element(strn, env); qname = axutil_qname_create(env, OXS_NODE_SECURITY_TOKEN_REFRENCE, OXS_WSSE_XMLNS, NULL); sign_part = oxs_sign_part_create(env); - tr_list = axutil_array_list_create(env, 0); + tr_list = axutil_array_list_create(env, 0);*/ /* If ID is not present we add it */ - id = axiom_element_get_attribute_value(stre, env, qname); + /*id = axiom_element_get_attribute_value(stre, env, qname); if (!id) { id = oxs_util_generate_id(env, (axis2_char_t*)OXS_SIG_ID); @@ -928,15 +929,15 @@ tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_STR_TRANSFORM); axutil_array_list_add(tr_list, env, tr); - oxs_sign_part_set_transforms(sign_part, env, tr_list); + oxs_sign_part_set_transforms(sign_part, env, tr_list); */ /* Sign the assertion, not the securitytokenreference */ - oxs_sign_part_set_node(sign_part, env, strn); + /* oxs_sign_part_set_node(sign_part, env, strn); oxs_sign_part_set_digest_mtd(sign_part, env, digest_method); axutil_array_list_add(sign_parts, env, sign_part); AXIS2_FREE(env->allocator, id); id = NULL; - } + }*/ /*Free array list*/ axutil_array_list_free(nodes_to_sign, env); nodes_to_sign = NULL;
