Modified: webservices/rampart/trunk/c/src/secconv/sct_provider.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secconv/sct_provider.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/secconv/sct_provider.c (original) +++ webservices/rampart/trunk/c/src/secconv/sct_provider.c Sun Jun 22 21:30:03 2008 @@ -19,15 +19,30 @@ #include <oxs_buffer.h> #include <axiom_element.h> #include <rampart_constants.h> +#include <trust_sts_client.h> +#include <oxs_utility.h> -security_context_token_t* -sct_provider_get_sct(const axutil_env_t* env, rp_property_t *token, - axis2_bool_t server_side, axis2_bool_t is_encryption, axis2_char_t *sct_id, - rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx) +#define RAMPART_SCT_PROVIDER_HASH_PROB "Rampart_SCT_Prov_DB_Prop" + +static security_context_token_t* +sct_provider_obtain_token_from_sts( + const axutil_env_t* env, + rp_security_context_token_t* rp_sct, + axis2_msg_ctx_t* msg_ctx); + +static security_context_token_t* +sct_provider_get_sct( + const axutil_env_t* env, + rp_property_t *token, + axis2_bool_t is_encryption, + axis2_char_t *sct_id, + rampart_context_t* rampart_context, + axis2_msg_ctx_t* msg_ctx) { rampart_sct_provider_t* sct_provider = NULL; security_context_token_t* sct = NULL; + /* if sct id is not given, check whether it is stored in rampart context */ if(!sct_id) { if(is_encryption) @@ -36,34 +51,145 @@ sct_id = rampart_context_get_signature_token_id(rampart_context, env); } - sct_provider = (rampart_sct_provider_t*)rampart_context_get_sct_provider(rampart_context, env); - if(!sct_provider) + if(!sct_id) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider] Security context token provider module is not set"); - return NULL; + /* if sct id is not there in rampart context, then it is not created. + * (1) If it is secure conversation token + * (a) If server side, we can't do anything. We have to fail. + * (b) If client side, we can request from STS + * (2) If it is security context token - sct agreed by server and client offline + * (a) If server side, can call get_sct method and if returned successfully, store it + * (b) If client side, same as server_side + */ + void* user_params = NULL; + rp_security_context_token_t* rp_sct = NULL; + + /* to check whether security context token or secure conversation token, rp_property (token) + * should be valid. If valid, we can extract the security context token property */ + if(!token) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]rampart policy property 'token' is not valid. Could not find whether \ + token is SecureConversationToken or SecurityContextToken."); + return NULL; + } + + rp_sct = (rp_security_context_token_t*)rp_property_get_value(token, env); + if(!rp_sct) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]value of rampart policy property 'token' is not valid. Could not find \ + whether token is SecureConversationToken or SecurityContextToken."); + return NULL; + } + + user_params = rampart_context_get_security_context_token_user_params(rampart_context, env); + + if(rp_security_context_token_get_is_secure_conversation_token(rp_sct, env)) + { + /* this is a secure conversation token */ + + axis2_bool_t is_server_side = AXIS2_FALSE; + is_server_side = axis2_msg_ctx_get_server_side(msg_ctx, env); + if(!is_server_side) + { + /* we can request sct from sts */ + + sct = sct_provider_obtain_token_from_sts(env, rp_sct, msg_ctx); + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart] Secure conversation token is requested without giving ID of SCT. \ + This cannot be done in server side."); + } + } + else + { + /* this is a security context token */ + + obtain_security_context_token_fn fn_get_sct = NULL; + fn_get_sct = rampart_context_get_obtain_security_context_token_fn(rampart_context, env); + sct = (security_context_token_t*)fn_get_sct( + env, is_encryption, msg_ctx, sct_id, RAMPART_SCT_ID_TYPE_UNKNOWN, user_params); + } + + /* if valid sct, then we have to store it */ + if(sct) + { + axis2_char_t *local_id = NULL; + axis2_char_t *global_id = NULL; + store_security_context_token_fn fn_store_sct = NULL; + + local_id = security_context_token_get_local_identifier(sct, env); + global_id = security_context_token_get_global_identifier(sct, env); + fn_store_sct = rampart_context_get_store_security_context_token_fn( + rampart_context, env); + if(fn_store_sct(env, msg_ctx, global_id, local_id, (void*)sct, user_params) + != AXIS2_SUCCESS) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart] Cannot store newly created security context token."); + security_context_token_free(sct, env); + sct = NULL; + } + + /* store the global id as encryption/signature id. if same key is used for encryption + * and signature, then store it at both place*/ + if(is_different_session_key_for_encryption_and_signing(env, rampart_context)) + { + if(is_encryption) + rampart_context_set_encryption_token_id(rampart_context, env, global_id); + else + rampart_context_set_signature_token_id(rampart_context, env, global_id); + } + else + { + rampart_context_set_encryption_token_id(rampart_context, env, global_id); + rampart_context_set_signature_token_id(rampart_context, env, global_id); + } + } + } + else + { + /* sct_id is given. So get it from sct provider function. */ + + void* user_params = NULL; + obtain_security_context_token_fn fn_get_sct = NULL; + int id_type = RAMPART_SCT_ID_TYPE_GLOBAL; + + user_params = rampart_context_get_security_context_token_user_params(rampart_context, env); + fn_get_sct = rampart_context_get_obtain_security_context_token_fn(rampart_context, env); + + /* by looking at the first character of sct_id, we can say whether it is local id or global + * id. If first character is '#' then it is a local id */ + if(*sct_id == '#') + { + id_type = RAMPART_SCT_ID_TYPE_LOCAL; + } + sct = fn_get_sct(env, is_encryption, msg_ctx, sct_id, id_type, user_params); } - - sct = RAMPART_SCT_PROVIDER_GET_TOKEN(sct_provider, env, token, server_side, is_encryption, - sct_id, rampart_context, msg_ctx); if(!sct) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][sct_provider] Security context token is not valid"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart] Cannot find security context token for id [%s]", sct_id); } return sct; } AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL -sct_provider_get_secret(const axutil_env_t* env, rp_property_t *token, - axis2_bool_t server_side, axis2_bool_t is_encryption, - rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx) +sct_provider_get_secret( + const axutil_env_t* env, + rp_property_t *token, + axis2_bool_t is_encryption, + rampart_context_t* rampart_context, + axis2_msg_ctx_t* msg_ctx) { security_context_token_t* sct = NULL; - sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL, - rampart_context, msg_ctx); - + sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx); if(!sct) return NULL; @@ -71,13 +197,17 @@ } AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL -sct_provider_get_secret_using_id(const axutil_env_t* env, axis2_char_t* sct_id, - rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx) +sct_provider_get_secret_using_id( + const axutil_env_t* env, + axis2_char_t* sct_id, + rampart_context_t* rampart_context, + axis2_msg_ctx_t* msg_ctx) { security_context_token_t* sct = NULL; - sct = sct_provider_get_sct(env, NULL, axis2_msg_ctx_get_server_side(msg_ctx,env), AXIS2_TRUE, sct_id, - rampart_context, msg_ctx); + /* since we are getting secret using id, we don't need to specify whether encryption or + * signature. Also we don't need to care about policy property of token */ + sct = sct_provider_get_sct(env, NULL, AXIS2_TRUE, sct_id, rampart_context, msg_ctx); if(!sct) return NULL; @@ -86,15 +216,15 @@ } AXIS2_EXTERN axiom_node_t *AXIS2_CALL -sct_provider_get_token(const axutil_env_t* env, rp_property_t *token, - axis2_bool_t server_side, axis2_bool_t is_encryption, - rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx) +sct_provider_get_token( + const axutil_env_t* env, + rp_property_t *token, + axis2_bool_t is_encryption, + rampart_context_t* rampart_context, + axis2_msg_ctx_t* msg_ctx) { security_context_token_t* sct = NULL; - - sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL, - rampart_context, msg_ctx); - + sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx); if(!sct) return NULL; @@ -102,15 +232,15 @@ } AXIS2_EXTERN axiom_node_t* AXIS2_CALL -sct_provider_get_attached_reference(const axutil_env_t* env, rp_property_t *token, - axis2_bool_t server_side, axis2_bool_t is_encryption, - rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx) +sct_provider_get_attached_reference( + const axutil_env_t* env, + rp_property_t *token, + axis2_bool_t is_encryption, + rampart_context_t* rampart_context, + axis2_msg_ctx_t* msg_ctx) { security_context_token_t* sct = NULL; - - sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL, - rampart_context, msg_ctx); - + sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx); if(!sct) return NULL; @@ -118,29 +248,193 @@ } AXIS2_EXTERN axiom_node_t* AXIS2_CALL -sct_provider_get_unattached_reference(const axutil_env_t* env, rp_property_t *token, - axis2_bool_t server_side, axis2_bool_t is_encryption, - rampart_context_t* rampart_context, axis2_msg_ctx_t* msg_ctx) +sct_provider_get_unattached_reference( + const axutil_env_t* env, + rp_property_t *token, + axis2_bool_t is_encryption, + rampart_context_t* rampart_context, + axis2_msg_ctx_t* msg_ctx) { - security_context_token_t* sct = NULL; - - sct = sct_provider_get_sct(env, token, server_side, is_encryption, NULL, - rampart_context, msg_ctx); - + security_context_token_t* sct = NULL; + sct = sct_provider_get_sct(env, token, is_encryption, NULL, rampart_context, msg_ctx); if(!sct) return NULL; return security_context_token_get_unattached_reference(sct, env); } -AXIS2_EXTERN void AXIS2_CALL -sct_provider_sct_db_free(axutil_hash_t *sct_db, - const axutil_env_t *env) +AXIS2_EXTERN axis2_status_t AXIS2_CALL +sct_provider_validate_security_context_token( + const axutil_env_t *env, + axiom_node_t *sct_node, + rampart_context_t *rampart_context, + axis2_msg_ctx_t *msg_ctx) +{ + validate_security_context_token_fn validate_fn = NULL; + void *user_param = NULL; + + validate_fn = rampart_context_get_validate_security_context_token_fn(rampart_context, env); + user_param = rampart_context_get_security_context_token_user_params(rampart_context, env); + return validate_fn(env, sct_node, msg_ctx, user_param); +} + +static security_context_token_t* +sct_provider_obtain_token_from_sts( + const axutil_env_t* env, + rp_security_context_token_t* rp_sct, + axis2_msg_ctx_t* msg_ctx) +{ + axis2_char_t* issuer_address = NULL; + axis2_char_t* client_home = NULL; + axis2_conf_ctx_t* conf_ctx = NULL; + axis2_ctx_t *ctx = NULL; + axutil_property_t *property = NULL; + axis2_char_t *addressing_version_from_msg_ctx = NULL; + axis2_bool_t is_soap11 = AXIS2_FALSE; + trust_sts_client_t* sts_client = NULL; + trust_context_t* trust_context = NULL; + trust_rst_t* rst = NULL; + trust_rstr_t* rstr = NULL; + security_context_token_t *sct = NULL; + neethi_policy_t *sts_policy = NULL; + neethi_policy_t *cloned_policy = NULL; + oxs_buffer_t *buffer = NULL; + + /* Get the token issuer address. If the address is not valid, then issuer should be same as + the service. So get the service end point */ + issuer_address = rp_security_context_token_get_issuer(rp_sct, env); + if(!issuer_address) + { + axis2_endpoint_ref_t *endpoint = NULL; + endpoint = axis2_msg_ctx_get_to(msg_ctx, env); + + if(endpoint) + { + issuer_address = axis2_endpoint_ref_get_address(endpoint, env); + } + + if(!issuer_address) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Token issuer address is not valid."); + return NULL; + } + } + + /* Get the client home from msg_ctx */ + conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env); + if(conf_ctx) + { + axis2_conf_t *conf = NULL; + conf = axis2_conf_ctx_get_conf(conf_ctx, env); + if(conf) + { + client_home = axis2_conf_get_repo(conf, env); + } + } + + if(!client_home) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot get client home. Unable to send request to Security Token Service."); + return NULL; + } + + /* Get the addressing namespace to be used from msg_ctx */ + ctx = axis2_msg_ctx_get_base(msg_ctx, env); + property = axis2_ctx_get_property(ctx, env, AXIS2_WSA_VERSION); + if(property) + { + addressing_version_from_msg_ctx = axutil_property_get_value(property, env); + } + + /* get the soap version */ + is_soap11 = axis2_msg_ctx_get_is_soap_11(msg_ctx, env); + + /* Create sts client and set the values (client home, issuer_address, etc.) */ + sts_client = trust_sts_client_create(env); + if(!sts_client) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot create client to Security Token Service."); + return NULL; + } + + trust_sts_client_set_home_dir(sts_client, env, client_home); + trust_sts_client_set_issuer_address(sts_client, env, issuer_address); + + /* create trust context and populate it */ + trust_context = trust_context_create(env); + if(!trust_context) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot create trust context. Cannot communicate with Token Service."); + return NULL; + } + rst = trust_rst_create(env); + if(!trust_context) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot create token request. Cannot communicate with Token Service."); + return NULL; + } + trust_rst_set_request_type(rst, env, TRUST_REQ_TYPE_ISSUE); + trust_rst_set_token_type(rst, env, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN); + trust_rst_set_wst_ns_uri(rst, env, TRUST_WST_XMLNS_05_02); + trust_rst_set_wsa_action(rst, env, SECCONV_200502_REQUEST_ACTION); + trust_context_set_rst(trust_context, env, rst); + + /* call sts_client to get the token from sts. We should create a clone of that policy */ + sts_policy = rp_security_context_token_get_bootstrap_policy(rp_sct, env); + if(sts_policy) + { + cloned_policy = neethi_engine_get_normalize(env, AXIS2_FALSE, sts_policy); + } + + buffer = trust_sts_client_request_security_token_using_policy( + sts_client, env, trust_context, cloned_policy, addressing_version_from_msg_ctx, is_soap11); + + /* Obtain the reply from sts */ + rstr = trust_context_get_rstr(trust_context, env); + if(!rstr) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot get token response from Token Service. RSTR is invalid."); + return NULL; + } + + /* Create security context token and populate it with details given */ + sct = security_context_token_create(env); + security_context_token_set_token(sct, env, trust_rstr_get_requested_security_token(rstr, env)); + security_context_token_set_attached_reference( + sct, env, trust_rstr_get_requested_attached_reference(rstr, env)); + security_context_token_set_unattached_reference( + sct, env, trust_rstr_get_requested_unattached_reference(rstr, env)); + if(buffer) + { + security_context_token_set_secret(sct, env, buffer); + } + else + { + security_context_token_set_requested_proof_token( + sct, env, trust_rstr_get_requested_proof_token(rstr, env)); + } + + /* Now we can clear unwanted stuff */ + trust_context_free(trust_context, env); + trust_sts_client_free(sts_client, env); + + return sct; +} + + +static void +sct_provider_sct_hash_store_free( + axutil_hash_t *sct_hash_store, + const axutil_env_t *env) { - /*axutil_hash_t *attr_hash = NULL;*/ axutil_hash_index_t *hi = NULL; - for (hi = axutil_hash_first(sct_db, env); hi != NULL; hi = axutil_hash_next(env, hi)) + for (hi = axutil_hash_first(sct_hash_store, env); hi != NULL; hi = axutil_hash_next(env, hi)) { void *v = NULL; axutil_hash_this(hi, NULL, NULL, &v); @@ -150,49 +444,209 @@ } } - axutil_hash_free(sct_db, env); - + axutil_hash_free(sct_hash_store, env); } -AXIS2_EXTERN axutil_hash_t * AXIS2_CALL -sct_provider_get_sct_hash(const axutil_env_t *env, axis2_msg_ctx_t* msg_ctx) +static axutil_hash_t * +sct_provider_get_sct_hash_store( + const axutil_env_t *env, + axis2_msg_ctx_t* msg_ctx) { axis2_conf_ctx_t *conf_ctx = NULL; axis2_ctx_t *ctx = NULL; axutil_property_t *property = NULL; - axutil_hash_t *db = NULL; + axutil_hash_t *hash_store = NULL; - /*Get the conf ctx*/ + /* Get the conf ctx */ conf_ctx = axis2_msg_ctx_get_conf_ctx(msg_ctx, env); if(!conf_ctx) { - AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI, "[rampart][sct_provider_sample] Conf context is NULL "); + AXIS2_LOG_ERROR(env->log,AXIS2_LOG_SI, + "[rampart]Config context is NULL. Cannot get security context token hash store."); return NULL; } + ctx = axis2_conf_ctx_get_base(conf_ctx,env); if(!ctx) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][sct_provider_sample] axis2 context is NULL "); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Axis2 context is NULL. Cannot get security context token hash store."); return NULL; } - /*Get the DB property*/ - property = axis2_ctx_get_property(ctx, env, RAMPART_SCT_PROVIDER_DB_PROB); + /* Get the hash store property */ + property = axis2_ctx_get_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB); if(property) { - /*Get the DB*/ - db = (axutil_hash_t*)axutil_property_get_value(property, env); + /* Get the store */ + hash_store = (axutil_hash_t*)axutil_property_get_value(property, env); } else { - axutil_property_t *db_prop = NULL; + axutil_property_t *hash_store_prop = NULL; - db = axutil_hash_make(env); - db_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_SESSION , - AXIS2_TRUE, (void *)sct_provider_sct_db_free, db); - axis2_ctx_set_property(ctx, env, RAMPART_SCT_PROVIDER_DB_PROB, db_prop); + hash_store = axutil_hash_make(env); + hash_store_prop = axutil_property_create_with_args(env, AXIS2_SCOPE_APPLICATION, + AXIS2_TRUE, (void *)sct_provider_sct_hash_store_free, hash_store); + axis2_ctx_set_property(ctx, env, RAMPART_SCT_PROVIDER_HASH_PROB, hash_store_prop); } - return db; + return hash_store; } +AXIS2_EXTERN void* AXIS2_CALL +sct_provider_obtain_sct_default( + const axutil_env_t *env, + axis2_bool_t is_encryption, + axis2_msg_ctx_t* msg_ctx, + axis2_char_t *sct_id, + int sct_id_type, + void* user_params) +{ + axutil_hash_t *hash_store = NULL; + security_context_token_t *sct = NULL; + + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider obtain function."); + + /* sct should be get from global pool */ + axutil_allocator_switch_to_global_pool(env->allocator); + + /* Get sct hash store */ + hash_store = sct_provider_get_sct_hash_store(env, msg_ctx); + if(!hash_store) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find security context token storage."); + return NULL; + } + + /* get the sct if sct_id is given */ + if(sct_id) + { + sct = (security_context_token_t *)axutil_hash_get( + hash_store, sct_id, AXIS2_HASH_KEY_STRING); + } + else + { + /* we can create an sct and send it */ + + sct = security_context_token_create(env); + if(sct) + { + oxs_buffer_t* key_buffer = NULL; + key_buffer = oxs_buffer_create(env); + oxs_buffer_populate( + key_buffer, env, (unsigned char*)"01234567012345670123456701234567", 32); + security_context_token_set_secret(sct, env, key_buffer); + sct_id = oxs_util_generate_id(env,"urn:uuid:"); + security_context_token_set_global_identifier(sct, env, sct_id); + security_context_token_set_local_identifier( + sct, env, axutil_strdup(env, "#sctId-29530019")); + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot create security context token. Insufficient memory."); + } + } + axutil_allocator_switch_to_local_pool(env->allocator); + + return sct; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +sct_provider_store_sct_default( + const axutil_env_t *env, + axis2_msg_ctx_t* msg_ctx, + axis2_char_t *sct_global_id, + axis2_char_t *sct_local_id, + void *sct, + void *user_params) +{ + axutil_hash_t *hash_store = NULL; + axis2_status_t status = AXIS2_SUCCESS; + + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider store function."); + + /* if given sct is null, then we can't store it */ + if(!sct) + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Security context token to be stored in not valid."); + return AXIS2_FAILURE; + } + + /* sct should be stored in global pool */ + axutil_allocator_switch_to_global_pool(env->allocator); + + /* Get sct hash store */ + hash_store = sct_provider_get_sct_hash_store(env, msg_ctx); + if(hash_store) + { + /* store sct */ + if(sct_global_id) + { + axutil_hash_set(hash_store, sct_global_id, AXIS2_HASH_KEY_STRING, sct); + if(sct_local_id) + { + security_context_token_increment_ref(sct, env); + axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct); + } + } + else + { + if(sct_local_id) + { + axutil_hash_set(hash_store, sct_local_id, AXIS2_HASH_KEY_STRING, sct); + } + else + { + /* if both local_id and global_id are NULL, then we can't store it */ + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Security context token identifiers are not valid. \ + Cannot store security context token. "); + status = AXIS2_FAILURE; + } + } + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find security context token storage."); + status = AXIS2_FAILURE; + } + + axutil_allocator_switch_to_local_pool(env->allocator); + return status; + +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +sct_provider_delete_sct_default( + const axutil_env_t *env, + axis2_msg_ctx_t* msg_ctx, + axis2_char_t *sct_id, + int sct_id_type, + void* user_params) +{ + /* delete method is not implemented, because we are still not supporting sct cancel function */ + + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider delete function."); + + return AXIS2_SUCCESS; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +sct_provider_validate_sct_default( + const axutil_env_t *env, + axiom_node_t *sct_node, + axis2_msg_ctx_t *msg_ctx, + void *user_params) +{ + /* default implementation does not need to validate anything. We haven't extended the + * functionality of sct */ + + AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart]Using default sct provider validate function."); + + return AXIS2_SUCCESS; +} \ No newline at end of file
Modified: webservices/rampart/trunk/c/src/trust/rst.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/trust/rst.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/trust/rst.c (original) +++ webservices/rampart/trunk/c/src/trust/rst.c Sun Jun 22 21:30:03 2008 @@ -80,40 +80,42 @@ AXIS2_EXTERN trust_rst_t * AXIS2_CALL trust_rst_create( - const axutil_env_t *env) + const axutil_env_t *env) { trust_rst_t *rst = NULL; - rst = (trust_rst_t*)AXIS2_MALLOC(env->allocator, sizeof(trust_rst_t)); - rst->attr_context = NULL; - rst->token_type = NULL; - rst->request_type = NULL; - rst->wsa_action = NULL; - rst->applies_to_addr = NULL; - rst->claims = NULL; - rst->entropy = NULL; - rst->key_type = NULL; - rst->key_size = -1; - rst->allow_postdating = AXIS2_FALSE; - rst->renewing = AXIS2_FALSE; - rst->attr_allow = AXIS2_FALSE; - rst->attr_ok = AXIS2_FALSE; - rst->renew_target = NULL; - rst->cancel_target = NULL; - rst->wst_ns_uri = NULL; - rst->life_time = NULL; - rst->authentication_type = NULL; - rst->signature_algo = NULL; - rst->encryption_algo = NULL; - rst->canonicalization_algo = NULL; - rst->computed_key_algo = NULL; - rst->desired_encryption = NULL; - rst->proof_encryption = NULL; - rst->usekey = NULL; - rst->usekey_sig_attr = NULL; - rst->sign_with = NULL; - rst->encrypt_with = NULL; + if(rst) + { + rst->attr_context = NULL; + rst->token_type = NULL; + rst->request_type = NULL; + rst->wsa_action = NULL; + rst->applies_to_addr = NULL; + rst->claims = NULL; + rst->entropy = NULL; + rst->key_type = NULL; + rst->key_size = -1; + rst->allow_postdating = AXIS2_FALSE; + rst->renewing = AXIS2_FALSE; + rst->attr_allow = AXIS2_FALSE; + rst->attr_ok = AXIS2_FALSE; + rst->renew_target = NULL; + rst->cancel_target = NULL; + rst->wst_ns_uri = NULL; + rst->life_time = NULL; + rst->authentication_type = NULL; + rst->signature_algo = NULL; + rst->encryption_algo = NULL; + rst->canonicalization_algo = NULL; + rst->computed_key_algo = NULL; + rst->desired_encryption = NULL; + rst->proof_encryption = NULL; + rst->usekey = NULL; + rst->usekey_sig_attr = NULL; + rst->sign_with = NULL; + rst->encrypt_with = NULL; + } return rst; } Modified: webservices/rampart/trunk/c/src/util/rampart_context.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_context.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_context.c Sun Jun 22 21:30:03 2008 @@ -85,6 +85,13 @@ */ axis2_bool_t found_cert_in_shp; oxs_x509_cert_t *receiver_cert; + + /* Security Context token operation related objects */ + store_security_context_token_fn store_sct_funtion; + obtain_security_context_token_fn obtain_sct_function; + delete_security_context_token_fn delete_sct_function; + validate_security_context_token_fn validate_sct_function; + void *sct_user_params; }; /*void rampart_context_set_callback_fn(axutil_env_t *env, @@ -209,6 +216,12 @@ rampart_context->found_cert_in_shp = AXIS2_FALSE; rampart_context->receiver_cert = NULL; + + rampart_context->store_sct_funtion = NULL; + rampart_context->obtain_sct_function = NULL; + rampart_context->delete_sct_function = NULL; + rampart_context->validate_sct_function = NULL; + rampart_context->sct_user_params = NULL; return rampart_context; } @@ -3042,3 +3055,92 @@ } +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_store_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env, + store_security_context_token_fn store_fn) +{ + rampart_context->store_sct_funtion = store_fn; + return AXIS2_SUCCESS; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_obtain_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env, + obtain_security_context_token_fn get_fn) +{ + rampart_context->obtain_sct_function = get_fn; + return AXIS2_SUCCESS; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_delete_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env, + delete_security_context_token_fn delete_fn) +{ + rampart_context->delete_sct_function = delete_fn; + return AXIS2_SUCCESS; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_security_context_token_user_params( + rampart_context_t *rampart_context, + const axutil_env_t *env, + void* user_params) +{ + rampart_context->sct_user_params = user_params; + return AXIS2_SUCCESS; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_validate_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env, + validate_security_context_token_fn validate_fn) +{ + rampart_context->validate_sct_function = validate_fn; + return AXIS2_SUCCESS; +} + +AXIS2_EXTERN store_security_context_token_fn AXIS2_CALL +rampart_context_get_store_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env) +{ + return rampart_context->store_sct_funtion; +} + +AXIS2_EXTERN obtain_security_context_token_fn AXIS2_CALL +rampart_context_get_obtain_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env) +{ + return rampart_context->obtain_sct_function; +} + +AXIS2_EXTERN delete_security_context_token_fn AXIS2_CALL +rampart_context_get_delete_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env) +{ + return rampart_context->delete_sct_function; +} + +AXIS2_EXTERN void* AXIS2_CALL +rampart_context_get_security_context_token_user_params( + rampart_context_t *rampart_context, + const axutil_env_t *env) +{ + return rampart_context->sct_user_params; +} + +AXIS2_EXTERN validate_security_context_token_fn AXIS2_CALL +rampart_context_get_validate_security_context_token_fn( + rampart_context_t *rampart_context, + const axutil_env_t *env) +{ + return rampart_context->validate_sct_function; +} \ No newline at end of file Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Sun Jun 22 21:30:03 2008 @@ -293,7 +293,7 @@ { oxs_buffer_t *key_buf = NULL; session_key = oxs_key_create(env); - key_buf = sct_provider_get_secret(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + key_buf = sct_provider_get_secret(env, token, AXIS2_TRUE, rampart_context, msg_ctx); if(!key_buf) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -408,12 +408,12 @@ token, token_type, server_side, AXIS2_FALSE, env)) { /*set the AttachedReference to key_reference_node*/ - key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx); } else { /*get the unattachedReference and set to key_reference_node*/ - key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx); } } else if (token_type == RP_PROPERTY_SAML_TOKEN) @@ -507,7 +507,7 @@ security_context_token_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_SECURITY_CONTEXT_TOKEN); if((!security_context_token_node) || (is_different_session_key_for_encryption_and_signing(env, rampart_context))) { - security_context_token_node = sct_provider_get_token(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + security_context_token_node = sct_provider_get_token(env, token, AXIS2_TRUE, rampart_context, msg_ctx); if(!security_context_token_node) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -628,12 +628,12 @@ token, token_type, server_side, AXIS2_FALSE, env)) { /*set the AttachedReference to key_reference_node*/ - key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx); } else { /*get the unattachedReference and set to key_reference_node*/ - key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx); } dk_node = oxs_derivation_build_derived_key_token_with_stre(env, dk, sec_node, key_reference_node); } @@ -1099,12 +1099,12 @@ token, token_type, server_side, AXIS2_FALSE, env)) { /*set the AttachedReference to key_reference_node*/ - key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx); } else { /*get the unattachedReference and set to key_reference_node*/ - key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_TRUE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx); } } else if(token_type == RP_PROPERTY_SAML_TOKEN) Modified: webservices/rampart/trunk/c/src/util/rampart_engine.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_engine.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_engine.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_engine.c Sun Jun 22 21:30:03 2008 @@ -341,17 +341,6 @@ } } } - else - { /*Server side only*/ - /*We set our default impl of replay detection function. if the module is not set, then - * this function will be used*/ - if(is_inflow) - { - void *rd_param = NULL; - rd_param = rampart_context_get_rd_user_params(rampart_context, env); - rampart_context_set_replay_detect_function(rampart_context, env, rampart_replay_detector_with_linked_list, rd_param); - } - } return rampart_context; } @@ -362,27 +351,17 @@ axis2_msg_ctx_t *msg_ctx, axis2_bool_t is_inflow) { - - axis2_svc_t *svc = NULL; axis2_desc_t *desc = NULL; axis2_policy_include_t *policy_include = NULL; neethi_policy_t *service_policy = NULL; axis2_op_t *op = NULL; axis2_msg_t *msg = NULL; - svc = axis2_msg_ctx_get_svc(msg_ctx,env); - if(!svc) - { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_neethi] Service is NULL."); - return NULL; - } - op = axis2_msg_ctx_get_op(msg_ctx, env); if(!op) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_engine] Operation is NULL."); + "[rampart][rampart_engine] Cannot find policy. Operation is NULL."); return NULL; } @@ -398,17 +377,15 @@ if(!msg) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_engine] Message is NULL."); + "[rampart][rampart_engine] Cannot find policy. Message is NULL."); return NULL; } - /*desc = axis2_svc_get_base(svc, env);*/ - desc = axis2_msg_get_base(msg, env); if(!desc) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_engine] axis2 description is NULL."); + "[rampart][rampart_engine] Cannot find policy. Axis2 description is NULL."); return NULL; } @@ -416,22 +393,19 @@ if(!policy_include) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_engine] Policy include is NULL."); + "[rampart][rampart_engine] Policy include is NULL."); return NULL; } - /*service_policy = axis2_policy_include_get_policy(policy_include, env);*/ service_policy = axis2_policy_include_get_effective_policy(policy_include, env); - if(!service_policy) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, - "[rampart][rampart_engine] Policy is NULL."); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][rampart_engine] Policy is NULL."); return NULL; } return service_policy; - } @@ -449,28 +423,23 @@ axis2_char_t *authn_provider_name = NULL; axis2_char_t *replay_detector_name = NULL; axis2_char_t *sct_provider_name = NULL; - axis2_status_t status = AXIS2_SUCCESS; - status = rampart_context_set_user_from_file(rampart_context,env); - if(status!=AXIS2_SUCCESS) + if(rampart_context_set_user_from_file(rampart_context,env) != AXIS2_SUCCESS) { return AXIS2_FAILURE; } - status = rampart_context_set_ttl_from_file(rampart_context,env); - if(status!=AXIS2_SUCCESS) + if(rampart_context_set_ttl_from_file(rampart_context,env) != AXIS2_SUCCESS) { return AXIS2_FAILURE; } - status = rampart_context_set_rd_val_from_file(rampart_context,env); - if(status!=AXIS2_SUCCESS) + if(rampart_context_set_rd_val_from_file(rampart_context,env) != AXIS2_SUCCESS) { return AXIS2_FAILURE; } - status = rampart_context_set_password_type_from_file(rampart_context,env); - if(status!=AXIS2_SUCCESS) + if(rampart_context_set_password_type_from_file(rampart_context,env) != AXIS2_SUCCESS) { return AXIS2_FAILURE; } @@ -480,7 +449,13 @@ { password_callback_module = rampart_load_pwcb_module(env, pwcb_module_name); if(password_callback_module) + { rampart_context_set_password_callback(rampart_context,env,password_callback_module); + } + else + { + return AXIS2_FAILURE; + } } authn_provider_name = rampart_context_get_authn_module_name(rampart_context,env); @@ -488,7 +463,13 @@ { authn_provider = rampart_load_auth_module(env,authn_provider_name); if(authn_provider) + { rampart_context_set_authn_provider(rampart_context,env,authn_provider); + } + else + { + return AXIS2_FAILURE; + } } replay_detector_name = rampart_context_get_replay_detector_name(rampart_context,env); @@ -496,7 +477,23 @@ { replay_detector = rampart_load_replay_detector(env,replay_detector_name); if(replay_detector) + { rampart_context_set_replay_detector(rampart_context,env,(void*)replay_detector); + } + else + { + AXIS2_FAILURE; + } + } + else + { + /* if replay detector is not set, we can use replay detection function. We have to check + * whether user has already set it. If not, we can use default function */ + if(!rampart_context_get_replay_detect_function(rampart_context, env)) + { + rampart_context_set_replay_detect_function( + rampart_context, env, rampart_replay_detector_default, NULL); + } } sct_provider_name = rampart_context_get_sct_provider_name(rampart_context,env); @@ -504,9 +501,129 @@ { sct_provider = rampart_load_sct_provider(env,sct_provider_name); if(sct_provider) + { + rampart_sct_provider_ops_t *ops = NULL; rampart_context_set_sct_provider(rampart_context,env,(void*)sct_provider); + ops = sct_provider->ops; + + if(ops) + { + + void *user_param = NULL; + store_security_context_token_fn store_fn = NULL; + obtain_security_context_token_fn obtain_fn = NULL; + delete_security_context_token_fn delete_fn = NULL; + validate_security_context_token_fn validate_fn = NULL; + + /* we have to call sct_provider's get user param method */ + if(ops->get_user_params) + { + user_param = ops->get_user_params(env); + rampart_context_set_security_context_token_user_params( + rampart_context, env, user_param); + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find 'get user param' operation of secrutiy context token \ + provider."); + return AXIS2_FAILURE; + } + + /* get function pointers and set it to rampart context */ + store_fn = ops->store_security_context_token; + if(store_fn) + { + rampart_context_set_store_security_context_token_fn( + rampart_context, env, store_fn); + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find 'store' operation of secrutiy context token provider."); + return AXIS2_FAILURE; + } + + obtain_fn = ops->obtain_security_context_token; + if(obtain_fn) + { + rampart_context_set_obtain_security_context_token_fn( + rampart_context, env, obtain_fn); + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find 'obtain' operation of secrutiy context token provider."); + return AXIS2_FAILURE; + } + + delete_fn = ops->delete_security_context_token; + if(delete_fn) + { + rampart_context_set_delete_security_context_token_fn( + rampart_context, env, delete_fn); + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find 'delete' operation of secrutiy context token provider."); + return AXIS2_FAILURE; + } + + validate_fn = ops->validate_security_context_token; + if(validate_fn) + { + rampart_context_set_validate_security_context_token_fn( + rampart_context, env, validate_fn); + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find 'validate' operation of secrutiy context token provider."); + return AXIS2_FAILURE; + } + } + else + { + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Cannot find operations of secrutiy context token provider."); + return AXIS2_FAILURE; + } + } + else + { + return AXIS2_FAILURE; + } + } + else + { + /* If sct_provider is not set, we can use sct functions. We have to check whether user has + * already set it. If not, we can use default function */ + if(!rampart_context_get_obtain_security_context_token_fn(rampart_context, env)) + { + rampart_context_set_obtain_security_context_token_fn( + rampart_context, env, sct_provider_obtain_sct_default); + } + + if(!rampart_context_get_store_security_context_token_fn(rampart_context, env)) + { + rampart_context_set_store_security_context_token_fn( + rampart_context, env, sct_provider_store_sct_default); + } + + if(!rampart_context_get_delete_security_context_token_fn(rampart_context, env)) + { + rampart_context_set_delete_security_context_token_fn( + rampart_context, env, sct_provider_delete_sct_default); + } + + if(!rampart_context_get_validate_security_context_token_fn(rampart_context, env)) + { + rampart_context_set_validate_security_context_token_fn( + rampart_context, env, sct_provider_validate_sct_default); + } } - return status; + return AXIS2_SUCCESS; } axis2_status_t AXIS2_CALL Modified: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Sun Jun 22 21:30:03 2008 @@ -257,10 +257,11 @@ } AXIS2_EXTERN axis2_status_t AXIS2_CALL -rampart_replay_detector_with_linked_list(const axutil_env_t *env, - axis2_msg_ctx_t* msg_ctx, - rampart_context_t *rampart_context, - void *user_params) +rampart_replay_detector_default( + const axutil_env_t *env, + axis2_msg_ctx_t* msg_ctx, + rampart_context_t *rampart_context, + void *user_params) { axutil_linked_list_t *ll = NULL; const axis2_char_t *msg_id = NULL; Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Sun Jun 22 21:30:03 2008 @@ -685,36 +685,57 @@ } static axis2_status_t -rampart_shp_process_security_context_token(const axutil_env_t *env, - axiom_node_t *token_node, - rampart_context_t* rampart_context, - axis2_msg_ctx_t *msg_ctx) +rampart_shp_process_security_context_token( + const axutil_env_t *env, + axiom_node_t *token_node, + rampart_context_t* rampart_context, + axis2_msg_ctx_t *msg_ctx) { axiom_node_t *identifier_node = NULL; axis2_char_t *identifier = NULL; axis2_char_t *key_name = NULL; + /*Check whether security context token is valid */ + if(sct_provider_validate_security_context_token(env, token_node, rampart_context, msg_ctx) + != AXIS2_SUCCESS) + { + rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, + "Security context token validation failed.", + RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][shp] Security context token validation failed."); + return AXIS2_FAILURE; + } + /*Get the identifier node*/ identifier_node = oxs_axiom_get_first_child_node_by_name( env, token_node, OXS_NODE_IDENTIFIER, OXS_WSC_NS, NULL); if(!identifier_node) { - rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, "Cannot find identifier node in security context token", RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx); - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] Cannot find identifier node in security context token"); + rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, + "Cannot find identifier node in security context token", + RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][shp] Cannot find identifier node in security context token"); return AXIS2_FAILURE; } identifier = oxs_axiom_get_node_content(env, identifier_node); if(!identifier) { - rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, "Cannot find identifier content in security context token", RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx); - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] Cannot find identifier content in security context token"); + rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, + "Cannot find identifier content in security context token", + RAMPART_FAULT_INVALID_SECURITY_TOKEN, msg_ctx); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart][shp] Cannot find identifier content in security context token"); return AXIS2_FAILURE; } - key_name = oxs_axiom_get_attribute_value_of_node_by_name(env, token_node, OXS_ATTR_ID, OXS_WSU_XMLNS); - return rampart_shp_add_security_context_token(env, identifier, key_name, rampart_context, msg_ctx); + key_name = oxs_axiom_get_attribute_value_of_node_by_name( + env, token_node, OXS_ATTR_ID, OXS_WSU_XMLNS); + return rampart_shp_add_security_context_token( + env, identifier, key_name, rampart_context, msg_ctx); } static axis2_status_t Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=670443&r1=670442&r2=670443&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_signature.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_signature.c Sun Jun 22 21:30:03 2008 @@ -290,7 +290,7 @@ { oxs_buffer_t *key_buf = NULL; session_key = oxs_key_create(env); - key_buf = sct_provider_get_secret(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx); + key_buf = sct_provider_get_secret(env, token, AXIS2_FALSE, rampart_context, msg_ctx); if(!key_buf) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -593,7 +593,7 @@ security_context_token_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_SECURITY_CONTEXT_TOKEN); if((!security_context_token_node) || (is_different_session_key_for_encryption_and_signing(env, rampart_context))) { - security_context_token_node = sct_provider_get_token(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx); + security_context_token_node = sct_provider_get_token(env, token, AXIS2_FALSE, rampart_context, msg_ctx); if(!security_context_token_node) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, @@ -604,12 +604,12 @@ } axiom_node_add_child(sec_node, env, security_context_token_node); } - key_reference_node = sct_provider_get_attached_reference(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_attached_reference(env, token, AXIS2_FALSE, rampart_context, msg_ctx); } else { /*get the unattachedReference and set to key_reference_node*/ - key_reference_node = sct_provider_get_unattached_reference(env, token, server_side, AXIS2_FALSE, rampart_context, msg_ctx); + key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_FALSE, rampart_context, msg_ctx); } } else if (token_type == RP_PROPERTY_SAML_TOKEN)
