Author: shankar
Date: Thu Mar 6 04:28:21 2008
New Revision: 634243
URL: http://svn.apache.org/viewvc?rev=634243&view=rev
Log:
(1)bug fix in derived key derivation when offset is not given
(2)Endorsing support
(3)Signature confirmation support for endorsing signature
(4)client entropy, server entropy, and computed key generation
Modified:
webservices/rampart/trunk/c/include/oxs_constants.h
webservices/rampart/trunk/c/include/oxs_key.h
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/include/trust_constants.h
webservices/rampart/trunk/c/include/trust_rstr.h
webservices/rampart/trunk/c/include/trust_sts_client.h
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c
webservices/rampart/trunk/c/src/omxmlsec/c14n/c14n.c
webservices/rampart/trunk/c/src/omxmlsec/derivation.c
webservices/rampart/trunk/c/src/omxmlsec/key.c
webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c
webservices/rampart/trunk/c/src/trust/rstr.c
webservices/rampart/trunk/c/src/trust/sts_client.c
webservices/rampart/trunk/c/src/trust/trust_util.c
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_policy_validator.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
webservices/rampart/trunk/c/src/util/rampart_username_token.c
Modified: webservices/rampart/trunk/c/include/oxs_constants.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_constants.h?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_constants.h (original)
+++ webservices/rampart/trunk/c/include/oxs_constants.h Thu Mar 6 04:28:21 2008
@@ -54,7 +54,7 @@
#define OXS_WSU "wsu"
#define OXS_WSC "wsc"
#define OXS_WSSE_XMLNS
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
-#define OXS_WSSE_11_XMLNS
"http://docs.oasis-open.org/wss/2005/xx/oasis-2005xx-wss-wssecurity-secext-1.1.xsd";
+#define OXS_WSSE_11_XMLNS
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
#define OXS_WSU_XMLNS
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
/****************************************************************
ID Prefixes
Modified: webservices/rampart/trunk/c/include/oxs_key.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_key.h?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_key.h (original)
+++ webservices/rampart/trunk/c/include/oxs_key.h Thu Mar 6 04:28:21 2008
@@ -33,6 +33,7 @@
#include <oxs_constants.h>
#include <oxs_buffer.h>
#include <axutil_env.h>
+#include <rp_algorithmsuite.h>
#ifdef __cplusplus
extern "C"
@@ -248,7 +249,7 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_key_for_algo(oxs_key_t *key,
const axutil_env_t *env,
- axis2_char_t *key_algo);
+ rp_algorithmsuite_t *key_algo);
AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Thu Mar 6 04:28:21
2008
@@ -132,6 +132,7 @@
#define RAMPART_SPR_TS_CHECKED "SPR_TS_Checked"
#define RAMPART_SPR_ENC_CHECKED "SPR_ENC_Checked"
#define RAMPART_SPR_SIG_VALUE "SPR_Sig_Val"
+#define RAMPART_SPR_ENDORSED_VALUE "SPR_Endorsed_Value"
#define RAMPART_SPR_SIG_VERIFIED "SPR_Sig_Verified"
#define RAMPART_SPR_SIG_ENCRYPTED "SPR_Sig_Encrypted"
#define RAMPART_SPR_SIG_CONFIRM_FOUND "SPR_Sig_Confirmation_Found"
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Thu Mar 6 04:28:21
2008
@@ -491,6 +491,11 @@
axis2_bool_t server_side,
axis2_bool_t is_inpath);
+ AXIS2_EXTERN rp_property_t *AXIS2_CALL
+ rampart_context_get_endorsing_token(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_context_check_is_derived_keys(
const axutil_env_t *env,
@@ -688,6 +693,11 @@
AXIS2_EXTERN int AXIS2_CALL
rampart_context_get_signature_derived_key_len(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN rp_algorithmsuite_t *AXIS2_CALL
+ rampart_context_get_algorithmsuite(
rampart_context_t *rampart_context,
const axutil_env_t *env);
Modified: webservices/rampart/trunk/c/include/trust_constants.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/trust_constants.h?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/trust_constants.h (original)
+++ webservices/rampart/trunk/c/include/trust_constants.h Thu Mar 6 04:28:21
2008
@@ -143,6 +143,7 @@
#define TRUST_XS "xs"
#define TRUST_XS_XMLNS "http://www.w3.org/2001/XMLSchema";
+#define TRUST_COMPUTED_KEY_PSHA1
"http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1";
/* NS Versions */
#define TRUST_VERSION_05_02 1
Modified: webservices/rampart/trunk/c/include/trust_rstr.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/trust_rstr.h?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/trust_rstr.h (original)
+++ webservices/rampart/trunk/c/include/trust_rstr.h Thu Mar 6 04:28:21 2008
@@ -174,6 +174,17 @@
trust_rstr_t *rstr,
const axutil_env_t *env,
axis2_char_t *wst_ns_uri);
+
+ AXIS2_EXTERN int AXIS2_CALL
+ trust_rstr_get_key_size(
+ trust_rstr_t *rstr,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ trust_rstr_set_key_size(
+ trust_rstr_t *rstr,
+ const axutil_env_t *env,
+ int key_size);
Modified: webservices/rampart/trunk/c/include/trust_sts_client.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/trust_sts_client.h?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/trust_sts_client.h (original)
+++ webservices/rampart/trunk/c/include/trust_sts_client.h Thu Mar 6 04:28:21
2008
@@ -81,7 +81,8 @@
trust_sts_client_t * sts_client,
const axutil_env_t * env,
axis2_char_t * action,
- axis2_char_t * address_version);
+ axis2_char_t * address_version,
+ axis2_bool_t is_soap11);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
trust_sts_client_set_issuer_address(
@@ -101,7 +102,8 @@
const axutil_env_t * env,
trust_context_t *trust_context,
neethi_policy_t *issuer_policy,
- axis2_char_t *address_version);
+ axis2_char_t *address_version,
+ axis2_bool_t is_soap11);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
trust_sts_client_set_issuer_policy_location(
Modified:
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
(original)
+++ webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
Thu Mar 6 04:28:21 2008
@@ -224,6 +224,7 @@
axis2_char_t *addressing_version_from_msg_ctx = NULL;
axutil_property_t *property = NULL;
oxs_buffer_t *buffer = NULL;
+ axis2_bool_t is_soap11 = AXIS2_FALSE;
/*check whether rp_property is valid*/
rp_sct = (rp_security_context_token_t*)rp_property_get_value(token, env);
@@ -273,7 +274,9 @@
ctx = axis2_msg_ctx_get_base(msg_ctx, env);
property = axis2_ctx_get_property(ctx, env, AXIS2_WSA_VERSION);
if(property)
- addressing_version_from_msg_ctx = axutil_property_get_value(property,
env);
+ addressing_version_from_msg_ctx = axutil_property_get_value(property,
env);
+
+ is_soap11 = axis2_msg_ctx_get_is_soap_11(msg_ctx, env);
/*Create sts client and set the values*/
sts_client = trust_sts_client_create(env);
@@ -297,7 +300,8 @@
cloned_policy = neethi_engine_get_normalize(env, AXIS2_FALSE,
sts_policy);
}
- buffer = trust_sts_client_request_security_token_using_policy(sts_client,
env, trust_context, cloned_policy, addressing_version_from_msg_ctx);
+ buffer = trust_sts_client_request_security_token_using_policy(sts_client,
env,
+ trust_context, cloned_policy,
addressing_version_from_msg_ctx, is_soap11);
/*obtain the reply from sts*/
rstr = trust_context_get_rstr(trust_context, env);
Modified: webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c (original)
+++ webservices/rampart/trunk/c/samples/server/secconv_echo/echo.c Thu Mar 6
04:28:21 2008
@@ -29,10 +29,14 @@
#include <axutil_property.h>
#include <rampart_constants.h>
#include <rampart_sct_provider.h>
+#include <openssl_hmac.h>
axiom_node_t *
build_om_programatically(const axutil_env_t *env, axis2_char_t *text);
+axiom_node_t *
+build_om_payload_for_echo_svc_interop(const axutil_env_t *env, axis2_char_t
*text);
+
static axutil_hash_t *
secconv_echo_get_sct_db(const axutil_env_t *env, axis2_msg_ctx_t* msg_ctx);
@@ -54,7 +58,7 @@
printf("Username of the Token is = %s ", username);
}
*/
- ret_node = build_om_programatically(env, name);
+ ret_node = build_om_payload_for_echo_svc_interop(env, name);
return ret_node;
}
@@ -96,6 +100,7 @@
axiom_node_t* rstr_node = NULL;
int size = 32;
axutil_hash_t* db = NULL;
+ trust_entropy_t* requester_entropy = NULL;
/*create and populate rst using node given*/
rst = trust_rst_create(env);
@@ -121,18 +126,57 @@
return NULL;
}
+ requester_entropy = trust_rst_get_entropy(rst, env);;
+
/*create global id, local id, and shared secret*/
global_id = oxs_util_generate_id(env,"urn:uuid:");
local_id = axutil_stracat(env, "#", oxs_util_generate_id(env, "sctId"));
shared_secret = oxs_buffer_create(env);
+ if(requester_entropy)
+ {
+ size = trust_rst_get_key_size(rst, env)/16;
+ }
openssl_generate_random_data(env, shared_secret, size);
/*create security context token and populate it*/
sct = security_context_token_create(env);
- security_context_token_set_secret(sct, env, shared_secret);
security_context_token_set_global_identifier(sct, env, global_id);
security_context_token_set_local_identifier(sct, env, local_id);
+ if(requester_entropy)
+ {
+ oxs_buffer_t *buffer = NULL;
+ int requester_entropy_len = 0;
+ axis2_char_t *decoded_requester_entropy = NULL;
+ axis2_char_t *requester_nonce = NULL;
+ int issuer_entropy_len = 0;
+ axis2_char_t *decoded_issuer_entropy = NULL;
+ int key_size = 0;
+ axis2_char_t *output = NULL;
+
+ buffer = oxs_buffer_create(env);
+ requester_nonce = trust_entropy_get_binary_secret(requester_entropy,
env);
+ requester_entropy_len = axutil_base64_decode_len(requester_nonce);
+ decoded_requester_entropy = AXIS2_MALLOC(env->allocator,
requester_entropy_len);
+ axutil_base64_decode_binary((unsigned char*)decoded_requester_entropy,
requester_nonce);
+
+ issuer_entropy_len = oxs_buffer_get_size(shared_secret, env);
+ decoded_issuer_entropy = oxs_buffer_get_data(shared_secret, env);
+
+ key_size = size * 2;
+ output = AXIS2_MALLOC(env->allocator, key_size);
+
+ openssl_p_hash(env, (unsigned char*)decoded_requester_entropy,
requester_entropy_len,
+ (unsigned char*)decoded_issuer_entropy,
issuer_entropy_len,
+ (unsigned char*)output, key_size);
+ oxs_buffer_populate(buffer, env, (unsigned char*)output, key_size);
+ security_context_token_set_secret(sct, env, buffer);
+ }
+ else
+ {
+ security_context_token_set_secret(sct, env, shared_secret);
+ }
+
/*store SCT so that when server needs it, can be extracted*/
db = sct_provider_get_sct_db(env, msg_ctx);
if(!db)
@@ -149,8 +193,6 @@
trust_rstr_set_token_type(rstr, env, token_type);
trust_rstr_set_request_type(rstr, env, request_type);
trust_rstr_set_wst_ns_uri(rstr, env, TRUST_WST_XMLNS_05_02);
- trust_rstr_set_requested_proof_token(rstr, env,
- security_context_token_get_requested_proof_token(sct,
env));
trust_rstr_set_requested_unattached_reference(rstr, env,
security_context_token_get_unattached_reference(sct, env));
trust_rstr_set_requested_attached_reference(rstr, env,
@@ -158,6 +200,37 @@
trust_rstr_set_requested_security_token(rstr, env,
security_context_token_get_token(sct, env));
+ if(requester_entropy)
+ {
+ axis2_char_t *nonce = NULL;
+ trust_entropy_t* entropy = NULL;
+ axiom_node_t *computed_key = NULL;
+ axiom_element_t *computed_key_element = NULL;
+ axiom_node_t *requested_proof = NULL;
+
+ trust_rstr_set_key_size(rstr, env, size * 16);
+
+ nonce = AXIS2_MALLOC(env->allocator, sizeof(char) *
(axutil_base64_encode_len(size)+1));
+ axutil_base64_encode(nonce, (char*)oxs_buffer_get_data(shared_secret,
env), size);
+
+ entropy = trust_entropy_create(env);
+ trust_entropy_set_binary_secret(entropy, env, nonce);
+ trust_entropy_set_ns_uri(entropy, env, TRUST_WST_XMLNS_05_02);
+ trust_entropy_set_binary_secret_type(entropy, env, NONCE);
+ trust_rstr_set_entropy(rstr, env, entropy);
+
+ computed_key = trust_util_computed_key_element(env,
TRUST_WST_XMLNS_05_02, NULL);
+ computed_key_element = axiom_node_get_data_element(computed_key, env);
+ axiom_element_set_text(computed_key_element, env,
TRUST_COMPUTED_KEY_PSHA1, computed_key);
+ requested_proof = trust_util_create_requsted_proof_token_element(env,
TRUST_WST_XMLNS_05_02, NULL, computed_key);
+ trust_rstr_set_requested_proof_token(rstr, env, requested_proof);
+ }
+ else
+ {
+ trust_rstr_set_requested_proof_token(rstr, env,
+ security_context_token_get_requested_proof_token(sct,
env));
+ }
+
/*build the rstr node*/
rstr_node = trust_rstr_build_rstr(rstr, env, NULL);
@@ -214,3 +287,22 @@
return db;
}
+axiom_node_t *
+build_om_payload_for_echo_svc_interop(const axutil_env_t *env, axis2_char_t
*text)
+{
+ axiom_node_t *echo_om_node = NULL;
+ axiom_element_t* echo_om_ele = NULL;
+ axiom_node_t* text_om_node = NULL;
+ axiom_element_t * text_om_ele = NULL;
+ axiom_namespace_t *ns1 = NULL;
+
+ ns1 = axiom_namespace_create(env, "http://InteropBaseAddress/interop";,
"ns1");
+ echo_om_ele = axiom_element_create(env, NULL, "echoResponse", ns1,
&echo_om_node);
+
+ text_om_ele = axiom_element_create(env, echo_om_node, "LocalName", NULL,
&text_om_node);
+
+ axiom_element_set_text(text_om_ele, env, text, text_om_node);
+
+ return echo_om_node;
+
+}
Modified: webservices/rampart/trunk/c/src/omxmlsec/c14n/c14n.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/c14n/c14n.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/c14n/c14n.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/c14n/c14n.c Thu Mar 6 04:28:21
2008
@@ -1621,7 +1621,7 @@
* the following hack should work instead of a more
* general in_nodest()*/
- if (!in_nodeset(node, ctx))
+ if (!in_nodeset(parent_node, ctx))
{
/*we reached a node beyond the nodeset,
* so the prefix is not used*/
Modified: webservices/rampart/trunk/c/src/omxmlsec/derivation.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/derivation.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/derivation.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/derivation.c Thu Mar 6 04:28:21
2008
@@ -72,7 +72,7 @@
axis2_char_t *nonce = NULL;
axis2_char_t *id = NULL;
/*Default values*/
- int offset = -1;
+ int offset = 0;
int length = 0;
Modified: webservices/rampart/trunk/c/src/omxmlsec/key.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/key.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/key.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/key.c Thu Mar 6 04:28:21 2008
@@ -398,15 +398,17 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_key_for_algo(oxs_key_t *key,
const axutil_env_t *env,
- axis2_char_t *key_algo)
+ rp_algorithmsuite_t *key_algo)
{
oxs_buffer_t *key_buf = NULL;
openssl_cipher_property_t * cprop = NULL;
axis2_status_t ret = AXIS2_FAILURE;
int size;
- /*We need to make an special entry for the HMAC-Sha1 as we do not need a
cipher property for it.*/
+
+#if 0
if(0 == axutil_strcmp(key_algo, OXS_HREF_HMAC_SHA1)){
+ /*We need to make an special entry for the HMAC-Sha1 as we do not need
a cipher property for it.*/
size = OPENSSL_HMAC_SHA1_KEY_LEN;
}else{
@@ -422,6 +424,11 @@
openssl_cipher_property_free(cprop, env);
cprop = NULL;
}
+#endif
+ if(key_algo)
+ size = rp_algorithmsuite_get_min_symmetric_keylength(key_algo,env)/8;
+ else
+ size = OPENSSL_HMAC_SHA1_KEY_LEN;
key_buf = oxs_buffer_create(env);
/*The actual key generation happens here*/
Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_signature.c Thu Mar 6
04:28:21 2008
@@ -417,7 +417,12 @@
}
else
{
- reffed_node = oxs_axiom_get_node_by_id(env, scope_node, "Id",
ref_id2, OXS_WSU_XMLNS );
+ reffed_node = oxs_axiom_get_node_by_id(env, scope_node, "Id",
ref_id2, OXS_WSU_XMLNS );
+ /*for endorsing, we have to check "Id", not "wsu:Id"*/
+ if(!reffed_node)
+ {
+ reffed_node = oxs_axiom_get_node_by_id(env, scope_node, "Id",
ref_id2, NULL );
+ }
}
/*Find the node refered by this ref_id2 and set to the sign part*/
Modified: webservices/rampart/trunk/c/src/trust/rstr.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/trust/rstr.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/trust/rstr.c (original)
+++ webservices/rampart/trunk/c/src/trust/rstr.c Thu Mar 6 04:28:21 2008
@@ -662,3 +662,21 @@
return AXIS2_FAILURE;
}
+
+AXIS2_EXTERN int AXIS2_CALL
+trust_rstr_get_key_size(
+ trust_rstr_t *rstr,
+ const axutil_env_t *env)
+{
+ return rstr->key_size;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+trust_rstr_set_key_size(
+ trust_rstr_t *rstr,
+ const axutil_env_t *env,
+ int key_size)
+{
+ rstr->key_size = key_size;
+ return AXIS2_SUCCESS;
+}
Modified: webservices/rampart/trunk/c/src/trust/sts_client.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/trust/sts_client.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/trust/sts_client.c (original)
+++ webservices/rampart/trunk/c/src/trust/sts_client.c Thu Mar 6 04:28:21 2008
@@ -19,10 +19,6 @@
#include <axis2_op_client.h>
#include <openssl_hmac.h>
-#ifndef TRUST_COMPUTED_KEY_PSHA1
-#define TRUST_COMPUTED_KEY_PSHA1 "P-SHA1"
-#endif
-
static void
trust_sts_client_insert_entropy(
trust_sts_client_t *sts_client,
@@ -180,7 +176,7 @@
}
sts_client->svc_client =
- trust_sts_client_get_svc_client(sts_client, env, wsa_action, NULL);
+ trust_sts_client_get_svc_client(sts_client, env, wsa_action, NULL,
AXIS2_FALSE);
if (status == AXIS2_SUCCESS)
@@ -234,7 +230,8 @@
trust_sts_client_t * sts_client,
const axutil_env_t * env,
axis2_char_t * action,
- axis2_char_t *address_version)
+ axis2_char_t *address_version,
+ axis2_bool_t is_soap11)
{
axis2_endpoint_ref_t *endpoint_ref = NULL;
axis2_options_t *options = NULL;
@@ -245,6 +242,11 @@
options = axis2_options_create(env);
axis2_options_set_to(options, env, endpoint_ref);
axis2_options_set_action(options, env, action);
+ if(is_soap11)
+ {
+ axis2_options_set_soap_action(options, env, axutil_string_create(env,
action));
+ axis2_options_set_soap_version(options, env, AXIOM_SOAP11);
+ }
if(!(sts_client->svc_client))
{
@@ -408,7 +410,8 @@
const axutil_env_t * env,
trust_context_t *trust_context,
neethi_policy_t *issuer_policy,
- axis2_char_t *address_version)
+ axis2_char_t *address_version,
+ axis2_bool_t is_soap11)
{
axis2_status_t status = AXIS2_SUCCESS;
axiom_node_t *rst_node = NULL;
@@ -447,7 +450,7 @@
}
sts_client->svc_client =
- trust_sts_client_get_svc_client(sts_client, env, wsa_action,
address_version);
+ trust_sts_client_get_svc_client(sts_client, env, wsa_action,
address_version, is_soap11);
if (sts_client->svc_client)
{
Modified: webservices/rampart/trunk/c/src/trust/trust_util.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/trust/trust_util.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/trust/trust_util.c (original)
+++ webservices/rampart/trunk/c/src/trust/trust_util.c Thu Mar 6 04:28:21 2008
@@ -576,7 +576,7 @@
if (key_type)
{
- if (0 == axutil_strcmp(key_type, TRUST_KEY_TYPE_BEARER) ||
+ if (0 == axutil_strcmp(key_type, TRUST_KEY_TYPE_SYMM_KEY) ||
0 == axutil_strcmp(key_type, TRUST_KEY_TYPE_PUBLIC_KEY) ||
0 == axutil_strcmp(key_type, TRUST_KEY_TYPE_BEARER))
{
@@ -1401,7 +1401,7 @@
/*Generating Session key*/
session_key = oxs_key_create(env);
- oxs_key_for_algo(session_key, env, OXS_HREF_HMAC_SHA1);
+ oxs_key_for_algo(session_key, env, NULL);
if(oxs_key_get_data(session_key, env))
{
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Thu Mar 6 04:28:21
2008
@@ -1435,7 +1435,7 @@
return AXIS2_FAILURE;
}
-rp_algorithmsuite_t *AXIS2_CALL
+AXIS2_EXTERN rp_algorithmsuite_t *AXIS2_CALL
rampart_context_get_algorithmsuite(
rampart_context_t *rampart_context,
const axutil_env_t *env)
@@ -2898,3 +2898,41 @@
return rampart_context->aquire_issued_token;
}
+AXIS2_EXTERN rp_property_t *AXIS2_CALL
+rampart_context_get_endorsing_token(rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ axutil_array_list_t *array_list = NULL;
+ rp_supporting_tokens_t *endorsing_supporting = NULL;
+ /*First we should check in the direct policy members*/
+ endorsing_supporting =
rp_secpolicy_get_endorsing_supporting_tokens(rampart_context->secpolicy,env);
+ /*If not there then we should check in the binding*/
+ if (!endorsing_supporting)
+ {
+ rp_binding_commons_t *commons = NULL;
+ commons = rampart_context_get_binding_commons(rampart_context,env);
+ if(!commons)
+ return NULL;
+ endorsing_supporting =
rp_binding_commons_get_endorsing_supporting_tokens(commons,env);
+ if (!endorsing_supporting)
+ return NULL;
+ }
+ array_list = rp_supporting_tokens_get_tokens(endorsing_supporting, env);
+ if (!array_list)
+ return NULL;
+ else
+ {
+ int i = 0;
+ for (i = 0; i < axutil_array_list_size(array_list, env); i++)
+ {
+ rp_property_t *token = NULL;
+ token = (rp_property_t *)
+ axutil_array_list_get(array_list, env, i);
+ if (token)
+ {
+ return token;
+ }
+ }
+ }
+ return NULL;
+}
\ No newline at end of file
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Thu Mar 6
04:28:21 2008
@@ -283,6 +283,23 @@
return AXIS2_FAILURE;
}
axutil_array_list_add(nodes_to_encrypt, env, sig_node);
+
+ if(rampart_context_is_sig_confirmation_reqd(rampart_context, env))
+ {
+ axiom_node_t* cur_node = NULL;
+ cur_node = axiom_node_get_first_child(sec_node, env);
+ while(cur_node)
+ {
+ axis2_char_t *cur_local_name = NULL;
+ cur_local_name = axiom_util_get_localname(cur_node, env);
+
+ if(0 == axutil_strcmp(cur_local_name,
OXS_NODE_SIGNATURE_CONFIRMATION))
+ {
+ axutil_array_list_add(nodes_to_encrypt, env, cur_node);
+ }
+ cur_node = axiom_node_get_next_sibling(cur_node, env);
+ }
+ }
}
}
@@ -338,7 +355,7 @@
else
{
session_key = oxs_key_create(env);
- status = oxs_key_for_algo(session_key, env, enc_sym_algo);
+ status = oxs_key_for_algo(session_key, env,
rampart_context_get_algorithmsuite(rampart_context, env));
rampart_context_set_encryption_session_key(rampart_context,
env, session_key);
}
}
@@ -792,7 +809,7 @@
if(!session_key){
/*Generate the session key*/
session_key = oxs_key_create(env);
- status = oxs_key_for_algo(session_key, env, enc_sym_algo);
+ status = oxs_key_for_algo(session_key, env,
rampart_context_get_algorithmsuite(rampart_context, env));
rampart_context_set_encryption_session_key(rampart_context, env,
session_key);
}
if(AXIS2_FAILURE == status)
Modified: webservices/rampart/trunk/c/src/util/rampart_policy_validator.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_policy_validator.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_policy_validator.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_policy_validator.c Thu Mar 6
04:28:21 2008
@@ -84,7 +84,9 @@
axis2_msg_ctx_t *msg_ctx)
{
axis2_bool_t sig_conf_reqd = AXIS2_FALSE;
-
+ if(axis2_msg_ctx_get_server_side(msg_ctx,env))
+ return AXIS2_SUCCESS;
+
sig_conf_reqd = rampart_context_is_sig_confirmation_reqd(rampart_context,
env);
if(AXIS2_TRUE == sig_conf_reqd){
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Thu Mar
6 04:28:21 2008
@@ -303,7 +303,8 @@
h_node = axiom_node_get_first_child(sec_node, env);
while(h_node)
{
- if(0 == axutil_strcmp(OXS_NODE_DERIVED_KEY_TOKEN,
axiom_util_get_localname(h_node, env)))
+ if(0 == axutil_strcmp(OXS_NODE_DERIVED_KEY_TOKEN,
axiom_util_get_localname(h_node, env)) ||
+ (0 == axutil_strcmp(OXS_NODE_BINARY_SECURITY_TOKEN,
axiom_util_get_localname(h_node, env))))
{
axutil_array_list_add(dk_list, env, h_node);
}
@@ -323,9 +324,27 @@
{
if(is_encrypt_before_sign)
{
+ int no_of_sig_node = 0;
/*Encrypt->Sig <Sig><RefList>*/
oxs_axiom_interchange_nodes(env, sig_node, ref_list_node );
first_protection_item = sig_node;
+ no_of_sig_node = oxs_axiom_get_number_of_children_with_qname(env,
sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
+ if(no_of_sig_node > 1)
+ {
+ axiom_node_t* cur_node = NULL;
+ cur_node = axiom_node_get_first_child(sec_node, env);
+ while(cur_node)
+ {
+ axis2_char_t *cur_local_name = NULL;
+ cur_local_name = axiom_util_get_localname(cur_node, env);
+
+ if(0 == axutil_strcmp(cur_local_name, OXS_NODE_SIGNATURE))
+ {
+ oxs_axiom_interchange_nodes(env, cur_node,
ref_list_node);
+ }
+ cur_node = axiom_node_get_next_sibling(cur_node, env);
+ }
+ }
}
else
{
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
(original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Thu Mar
6 04:28:21 2008
@@ -1059,7 +1059,8 @@
rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node,
- axiom_node_t *sig_node)
+ axiom_node_t *sig_node,
+ axis2_bool_t *is_endorsing)
{
oxs_sign_ctx_t *sign_ctx = NULL;
@@ -1178,7 +1179,10 @@
/*Get the key identifiers and build the certificate*/
/*First we should verify with policy*/
- token = rampart_context_get_token(rampart_context, env,
+ if(is_endorsing)
+ token = rampart_context_get_endorsing_token(rampart_context, env);
+ else
+ token = rampart_context_get_token(rampart_context, env,
AXIS2_FALSE, server_side, AXIS2_TRUE);
if(!token)
@@ -1432,7 +1436,7 @@
axis2_status_t status = AXIS2_FAILURE;
if((rampart_context_get_binding_type(rampart_context,env)) ==
RP_PROPERTY_ASYMMETRIC_BINDING){
- status = rampart_shp_process_asym_binding_signature(env, msg_ctx,
rampart_context, soap_envelope, sec_node, sig_node);
+ status = rampart_shp_process_asym_binding_signature(env, msg_ctx,
rampart_context, soap_envelope, sec_node, sig_node, AXIS2_FALSE);
}else if ((rampart_context_get_binding_type(rampart_context,env)) ==
RP_PROPERTY_SYMMETRIC_BINDING){
status = rampart_shp_process_sym_binding_signature(env, msg_ctx,
rampart_context, soap_envelope, sec_node, sig_node);
}else if((rampart_context_get_binding_type(rampart_context,env)) ==
RP_PROPERTY_TRANSPORT_BINDING){
@@ -1632,6 +1636,7 @@
{
axiom_node_t *cur_node = NULL;
axis2_status_t status = AXIS2_FAILURE;
+ axis2_bool_t first_signature= AXIS2_TRUE;
AXIS2_LOG_INFO(env->log, "[rampart][shp] Processing security header in
Strict layout");
@@ -1664,7 +1669,23 @@
}
else if(0 == axutil_strcmp(cur_local_name, OXS_NODE_SIGNATURE))
{
- status = rampart_shp_process_signature(env, msg_ctx,
rampart_context, soap_envelope, sec_node, cur_node);
+ if(first_signature)
+ {
+ status = rampart_shp_process_signature(env, msg_ctx,
rampart_context, soap_envelope, sec_node, cur_node);
+ first_signature = AXIS2_FALSE;
+ }
+ else /*endorsing*/
+ {
+ status = rampart_shp_process_asym_binding_signature(env,
msg_ctx, rampart_context, soap_envelope, sec_node, cur_node, AXIS2_TRUE);
+ if(AXIS2_SUCCESS == status)
+ {
+ axis2_char_t *sig_val = NULL;
+ axiom_node_t *sig_val_node = NULL;
+ sig_val_node = oxs_axiom_get_first_child_node_by_name(env,
cur_node, OXS_NODE_SIGNATURE_VALUE, OXS_DSIG_NS, OXS_DS );
+ sig_val = oxs_token_get_signature_value(env, sig_val_node);
+ rampart_set_security_processed_result(env, msg_ctx,
RAMPART_SPR_ENDORSED_VALUE, sig_val);
+ }
+ }
}
else if(0 == axutil_strcmp(cur_local_name, OXS_NODE_REFERENCE_LIST))
{
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Thu Mar 6
04:28:21 2008
@@ -49,8 +49,6 @@
axis2_status_t AXIS2_CALL
rampart_sig_add_x509_token(const axutil_env_t *env,
rampart_context_t *rampart_context,
- axutil_array_list_t *nodes_to_sign,
- rp_property_t *token,
axiom_node_t *sec_node,
axis2_char_t *cert_id);
@@ -61,6 +59,14 @@
axis2_bool_t server_side,
axutil_array_list_t *sign_parts_list);
+static axis2_status_t
+rampart_sig_endorse_sign(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_soap_envelope_t *soap_envelope,
+ axiom_node_t *sec_node);
+
oxs_x509_cert_t *AXIS2_CALL
rampart_sig_get_cert(const axutil_env_t *env,
@@ -312,7 +318,7 @@
else
{
session_key = oxs_key_create(env);
- oxs_key_for_algo(session_key, env, OXS_HREF_HMAC_SHA1);
+ oxs_key_for_algo(session_key, env,
rampart_context_get_algorithmsuite(rampart_context, env));
rampart_context_set_signature_session_key(rampart_context,
env, session_key);
}
}
@@ -575,6 +581,25 @@
axutil_array_list_add(nodes_to_sign, env, ut_node);
}
}
+ else
+ {
+ if(rampart_context_is_sig_confirmation_reqd(rampart_context, env))
+ {
+ axiom_node_t* cur_node = NULL;
+ cur_node = axiom_node_get_first_child(sec_node, env);
+ while(cur_node)
+ {
+ axis2_char_t *cur_local_name = NULL;
+ cur_local_name = axiom_util_get_localname(cur_node, env);
+
+ if(0 == axutil_strcmp(cur_local_name,
OXS_NODE_SIGNATURE_CONFIRMATION))
+ {
+ axutil_array_list_add(nodes_to_sign, env, cur_node);
+ }
+ cur_node = axiom_node_get_next_sibling(cur_node, env);
+ }
+ }
+ }
/*Now we have to check whether a token is specified.*/
token = rampart_context_get_token(rampart_context, env, AXIS2_FALSE,
server_side, AXIS2_FALSE);
@@ -605,10 +630,10 @@
if (include)
{
cert_id = oxs_util_generate_id(env,(axis2_char_t*)OXS_CERT_ID);
- if (!rampart_sig_add_x509_token(env, rampart_context,
- nodes_to_sign, token,
- sec_node, cert_id))
+ if (!rampart_sig_add_x509_token(env, rampart_context,
sec_node, cert_id))
{
+ axutil_array_list_free(nodes_to_sign, env);
+ nodes_to_sign = NULL;
return AXIS2_FAILURE;
}
/*This flag will be useful when creating key Info
element.*/
@@ -826,6 +851,11 @@
oxs_sign_ctx_free(sign_ctx, env);
sign_ctx = NULL;
+ if(status)
+ {
+ return rampart_sig_endorse_sign(env, msg_ctx, rampart_context,
soap_envelope, sec_node);
+ }
+
return status;
}
@@ -844,16 +874,21 @@
/*If the request has signed, then the @Value = contents of
<ds:SignatureValue>*/
/*Generate an Id*/
- id = oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_CONF_ID);
-
- /*TODO: Get the SignatureValue from the request*/
-
+ /*id = oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_CONF_ID);*/
+
/*Get SPR*/
sig_val = (axis2_char_t*)rampart_get_security_processed_result(env,
msg_ctx, RAMPART_SPR_SIG_VALUE);
/*Build wsse11:SignatureConfirmation element */
oxs_token_build_signature_confirmation_element(env, sec_node, id, sig_val);
+ /*id = oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_CONF_ID);*/
+ sig_val = (axis2_char_t*)rampart_get_security_processed_result(env,
msg_ctx, RAMPART_SPR_ENDORSED_VALUE);
+ if(sig_val)
+ {
+ oxs_token_build_signature_confirmation_element(env, sec_node, id,
sig_val);
+ }
+
return AXIS2_SUCCESS;
}
@@ -862,8 +897,6 @@
axis2_status_t AXIS2_CALL
rampart_sig_add_x509_token(const axutil_env_t *env,
rampart_context_t *rampart_context,
- axutil_array_list_t *nodes_to_sign,
- rp_property_t *token,
axiom_node_t *sec_node,
axis2_char_t *cert_id)
{
@@ -880,8 +913,6 @@
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][rampart_signature] Cannot get certificate");
- axutil_array_list_free(nodes_to_sign, env);
- nodes_to_sign = NULL;
return AXIS2_FAILURE;
}
bst_data = oxs_x509_cert_get_data(cert, env);
@@ -889,8 +920,6 @@
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][rampart_signature] Certificate data cannot
be loaded from the cert.");
- axutil_array_list_free(nodes_to_sign, env);
- nodes_to_sign = NULL;
return AXIS2_FAILURE;
}
@@ -900,8 +929,6 @@
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][rampart_signature] Binary Security Token
creation failed.");
- axutil_array_list_free(nodes_to_sign, env);
- nodes_to_sign = NULL;
return AXIS2_FAILURE;
}
oxs_x509_cert_free(cert, env);
@@ -1009,3 +1036,142 @@
return new_sign_parts;
}
+
+static axis2_status_t
+rampart_sig_endorse_sign(
+ const axutil_env_t *env,
+ axis2_msg_ctx_t *msg_ctx,
+ rampart_context_t *rampart_context,
+ axiom_soap_envelope_t *soap_envelope,
+ axiom_node_t *sec_node)
+{
+ axis2_bool_t server_side = AXIS2_FALSE;
+ axiom_node_t *node_to_sign = NULL;
+ rp_property_t *token = NULL;
+ rp_property_type_t token_type;
+ axis2_bool_t include = AXIS2_FALSE;
+ axis2_bool_t is_direct_reference = AXIS2_TRUE;
+ oxs_sign_ctx_t *sign_ctx = NULL;
+ axutil_array_list_t *nodes_to_sign = NULL;
+ axis2_char_t *cert_id = NULL;
+ axis2_char_t *eki = NULL;
+ oxs_sign_part_t *sign_part = NULL;
+ axutil_array_list_t *tr_list = NULL;
+ oxs_transform_t *tr = NULL;
+ axis2_char_t *digest_method = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ axiom_node_t *sig_node = NULL;
+ axiom_namespace_t *sign_ns = NULL;
+
+ /*endorsing will be only for client*/
+ server_side = axis2_msg_ctx_get_server_side(msg_ctx, env);
+ if(server_side)
+ return AXIS2_SUCCESS;
+
+ /*if signature is not found, can't continue*/
+ node_to_sign = oxs_axiom_get_node_by_local_name(env, sec_node,
OXS_NODE_SIGNATURE);
+ if(!node_to_sign)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_signature]Endorsing signature,
Sigature Not found");
+ return AXIS2_FAILURE;
+ }
+
+ /*Now we have to check whether a token is specified. If not specified then
no need to endorse*/
+ token = rampart_context_get_endorsing_token(rampart_context, env);
+ if(!token)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_signature] Endorsing Token is not
specified. No need to endorse");
+ return AXIS2_SUCCESS;
+ }
+
+ token_type = rp_property_get_type(token, env);
+ if(!rampart_context_is_token_type_supported(token_type, env))
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_signature] Token type %d not
supported", token_type);
+ return AXIS2_FAILURE;
+ }
+
+ /*this implementaion supports only x509 to endorse signature*/
+ if(token_type != RP_PROPERTY_X509_TOKEN)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_signature] Token type %d not
supported for endorsing", token_type);
+ return AXIS2_FAILURE;
+ }
+
+ /* Determine weather we need to include the token */
+ include = rampart_context_is_token_include(rampart_context, token,
+ token_type, server_side,
+ AXIS2_FALSE, env);
+ if (token_type == RP_PROPERTY_X509_TOKEN)
+ {
+ if (include)
+ {
+ cert_id = oxs_util_generate_id(env,(axis2_char_t*)OXS_CERT_ID);
+ if (!rampart_sig_add_x509_token(env, rampart_context,
sec_node, cert_id))
+ {
+ return AXIS2_FAILURE;
+ }
+ /*This flag will be useful when creating key Info
element.*/
+ is_direct_reference = AXIS2_TRUE;
+ eki = RAMPART_STR_DIRECT_REFERENCE;
+ }
+ else
+ {
+ eki =
rampart_context_get_key_identifier(rampart_context, token, env);
+ if(!eki)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_signature] Cannot attach
the token.");
+ axutil_array_list_free(nodes_to_sign, env);
+ nodes_to_sign = NULL;
+ return AXIS2_FAILURE;
+ }
+ is_direct_reference = AXIS2_FALSE;
+ }
+ }
+
+ sign_ctx = oxs_sign_ctx_create(env);
+
+ /* Set signatures to be endorsed*/
+ nodes_to_sign = axutil_array_list_create(env, 0);
+ digest_method = rampart_context_get_digest_mtd(rampart_context, env);
+ sign_part = oxs_sign_part_create(env);
+ sign_ns = axiom_namespace_create(env, NULL, NULL); /*we have to get the id
from "Id" of signature, not from "wsu:Id"*/
+ oxs_sign_part_set_sign_namespace(sign_part, env, sign_ns);
+ tr_list = axutil_array_list_create(env, 0);
+ tr = oxs_transforms_factory_produce_transform(env,
+ OXS_HREF_TRANSFORM_XML_EXC_C14N);
+ axutil_array_list_add(tr_list, env, tr);
+ oxs_sign_part_set_transforms(sign_part, env, tr_list);
+ oxs_sign_part_set_node(sign_part, env, node_to_sign);
+ oxs_sign_part_set_digest_mtd(sign_part, env, digest_method);
+ axutil_array_list_add(nodes_to_sign, env, sign_part);
+
+ oxs_sign_ctx_set_sign_parts(sign_ctx, env, nodes_to_sign);
+
+ /* We support asymmetric endorsing only for this release. So, pack for
asymmetric signature*/
+ status = rampart_sig_pack_for_asym(env, rampart_context, sign_ctx);
+
+ /* All the things are ready for signing. So lets try signing*/
+ status = oxs_xml_sig_sign(env, sign_ctx, sec_node, &sig_node);
+ if(status!=AXIS2_SUCCESS)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_signature]
Message endorsing failed.");
+ return AXIS2_FAILURE;
+ }
+
+ /* We support asymmetric endorsing only for this release.
+ * So, build the key info inside signature node for asymmetric signature
+ */
+ rampart_sig_prepare_key_info_for_asym_binding(env, rampart_context,
sign_ctx, sig_node , cert_id, eki, is_direct_reference);
+
+ /*Free sig ctx*/
+ oxs_sign_ctx_free(sign_ctx, env);
+ sign_ctx = NULL;
+
+ return status;
+}
\ No newline at end of file
Modified: webservices/rampart/trunk/c/src/util/rampart_username_token.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_username_token.c?rev=634243&r1=634242&r2=634243&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_username_token.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_username_token.c Thu Mar 6
04:28:21 2008
@@ -306,9 +306,10 @@
if (!password_type)
{
/*ERROR: R4201 Any PASSWORD MUST specify a Type attribute
*/
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ /*AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][rampart_usernametoken] Password
Type is not specified in the password element");
- return AXIS2_FAILURE;
+ return AXIS2_FAILURE;*/
+ password_type = RAMPART_PASSWORD_TEXT_URI;
}
/*Then we must check the password type with policy*/
