Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=687308&r1=687307&r2=687308&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Wed Aug 20 06:02:13 2008 @@ -178,6 +178,7 @@ axiom_node_t *sig_node = NULL; axiom_node_t *data_ref_list_node = NULL; axis2_bool_t use_derived_keys = AXIS2_TRUE; + axis2_char_t *derived_key_version = NULL; axis2_bool_t server_side = AXIS2_FALSE; rp_property_t *token = NULL; rp_property_type_t token_type; @@ -268,6 +269,7 @@ token = rampart_context_get_token(rampart_context, env, AXIS2_TRUE, server_side, AXIS2_FALSE); token_type = rp_property_get_type(token, env); use_derived_keys = rampart_context_check_is_derived_keys (env, token); + derived_key_version = rampart_context_get_derived_key_version(env, token); if(token_type == RP_PROPERTY_SAML_TOKEN) { @@ -635,7 +637,7 @@ /*get the unattachedReference and set to key_reference_node*/ key_reference_node = sct_provider_get_unattached_reference(env, token, AXIS2_TRUE, rampart_context, msg_ctx); } - dk_node = oxs_derivation_build_derived_key_token_with_stre(env, dk, sec_node, key_reference_node); + dk_node = oxs_derivation_build_derived_key_token_with_stre(env, dk, sec_node, key_reference_node, derived_key_version); } else { @@ -647,11 +649,11 @@ key_reference_node = oxs_token_build_security_token_reference_element(env, NULL); identifier_token = oxs_token_build_key_identifier_element(env, key_reference_node, OXS_ENCODING_BASE64BINARY, OXS_X509_ENCRYPTED_KEY_SHA1, encrypted_key_hash); - dk_node = oxs_derivation_build_derived_key_token_with_stre(env, dk, sec_node, key_reference_node); + dk_node = oxs_derivation_build_derived_key_token_with_stre(env, dk, sec_node, key_reference_node, derived_key_version); } else { - dk_node = oxs_derivation_build_derived_key_token(env, dk, sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY); + dk_node = oxs_derivation_build_derived_key_token(env, dk, sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY, derived_key_version); } } @@ -675,7 +677,7 @@ axis2_char_t *id = NULL; axis2_char_t* mod_id = NULL; id = (axis2_char_t *)axutil_array_list_get(id_list, env, j); - mod_id = axutil_stracat(env, "#",id); + mod_id = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX,id); oxs_token_build_data_reference_element(env, data_ref_list_node, mod_id); /*if x509 is used and no-derived keys, then we have to modify security token reference*/ if((token_type == RP_PROPERTY_X509_TOKEN) && (!use_derived_keys) && (asym_key_id)) @@ -693,7 +695,7 @@ reference_node = axiom_node_detach(reference_node, env); axiom_node_free_tree(reference_node, env); - id_ref = axutil_stracat(env, "#",asym_key_id); + id_ref = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX,asym_key_id); reference_node = oxs_token_build_reference_element(env, str_node, id_ref, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY); @@ -995,7 +997,7 @@ if(str_node) { axis2_char_t *key_id_ref = NULL; - key_id_ref = axutil_stracat(env, "#",key_id); + key_id_ref = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX,key_id); reference_node = oxs_token_build_reference_element( env, str_node, key_id_ref, NULL); AXIS2_FREE(env->allocator, key_id_ref); @@ -1062,6 +1064,7 @@ axiom_node_t *temp_node = NULL; axiom_node_t *node_to_move = NULL; axis2_bool_t use_derived_keys = AXIS2_TRUE; + axis2_char_t *derived_key_version = NULL; axis2_bool_t server_side = AXIS2_FALSE; rp_property_t *token = NULL; rp_property_type_t token_type; @@ -1162,6 +1165,7 @@ /*We need to take the decision whether to use derived keys or not*/ use_derived_keys = rampart_context_check_is_derived_keys (env, token); + derived_key_version = rampart_context_get_derived_key_version(env, token); if(AXIS2_TRUE == use_derived_keys) { /*Derive a new key*/ @@ -1230,7 +1234,7 @@ axis2_char_t *mod_id = NULL; /*We need to prepend # to the id in the list to create the reference*/ - mod_id = axutil_stracat(env, "#",id); + mod_id = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX,id); data_ref_node = oxs_token_build_data_reference_element(env, ref_list_node, mod_id); } @@ -1268,13 +1272,13 @@ if((token_type == RP_PROPERTY_SECURITY_CONTEXT_TOKEN) || token_type == RP_PROPERTY_SAML_TOKEN || (server_side && (rampart_context_get_binding_type(rampart_context,env) == RP_PROPERTY_SYMMETRIC_BINDING))) { - oxs_derivation_build_derived_key_token_with_stre(env, derived_key, sec_node, key_reference_node); + oxs_derivation_build_derived_key_token_with_stre(env, derived_key, sec_node, key_reference_node, derived_key_version); } else { axis2_char_t *asym_key_id = NULL; asym_key_id = oxs_axiom_get_attribute_value_of_node_by_name(env, encrypted_key_node, OXS_ATTR_ID, NULL); - oxs_derivation_build_derived_key_token(env, derived_key, sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY); + oxs_derivation_build_derived_key_token(env, derived_key, sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY, derived_key_version); } /*now we can free the derived key*/ oxs_key_free(derived_key, env);
Modified: webservices/rampart/trunk/c/src/util/rampart_handler_util.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_handler_util.c?rev=687308&r1=687307&r2=687308&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_handler_util.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_handler_util.c Wed Aug 20 06:02:13 2008 @@ -114,7 +114,7 @@ header_block_ht = axiom_soap_header_get_all_header_blocks(soap_header, env); if (!header_block_ht) - return AXIS2_FAILURE; + return NULL; /*BETTER IF : If there are multiple security header elements, get the one with @role=rampart*/ for (hash_index = axutil_hash_first(header_block_ht, env); hash_index; Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=687308&r1=687307&r2=687308&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Wed Aug 20 06:02:13 2008 @@ -211,6 +211,9 @@ axiom_node_t* key_node = NULL; rp_property_t *token = NULL; rp_property_type_t token_type; + rp_security_context_token_t *security_context_token = NULL; + axis2_char_t *needed_value_type = NULL; + axis2_char_t *wsc_ns_uri = NULL; if(is_encryption) token_id = rampart_context_get_encryption_token_id(rampart_context, env); @@ -236,6 +239,19 @@ if((token_type != RP_PROPERTY_SECURITY_CONTEXT_TOKEN) && (token_type != RP_PROPERTY_X509_TOKEN)) return; + /* Get the version of security context token */ + security_context_token = (rp_security_context_token_t *)rp_property_get_value(token, env); + if(rp_security_context_token_get_sc10_security_context_token(security_context_token, env)) + { + needed_value_type = OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN_05_02; + wsc_ns_uri = OXS_WSC_NS_05_02; + } + else + { + needed_value_type = OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN_05_12; + wsc_ns_uri = OXS_WSC_NS_05_12; + } + key_node = key_info_node; while(!token_id) @@ -268,7 +284,7 @@ { axis2_char_t* value_type = NULL; value_type = oxs_token_get_reference_value_type(env, ref_node); - if(0 == axutil_strcmp(value_type, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN)) + if(!axutil_strcmp(value_type, needed_value_type)) { token_id = axutil_strdup(env, ref_val); break; @@ -285,9 +301,10 @@ { axiom_node_t *identifier_node = NULL; + /*Get the identifier node*/ identifier_node = oxs_axiom_get_first_child_node_by_name( - env, key_node, OXS_NODE_IDENTIFIER, OXS_WSC_NS, NULL); + env, key_node, OXS_NODE_IDENTIFIER, wsc_ns_uri, NULL); if(!identifier_node) { @@ -451,7 +468,8 @@ { axis2_char_t* value_type = NULL; value_type = oxs_token_get_reference_value_type(env, ref_node); - if(0 == axutil_strcmp(value_type, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN)) + if((0 == axutil_strcmp(value_type, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN_05_02))|| + (0 == axutil_strcmp(value_type, OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN_05_12))) { rampart_shp_add_security_context_token(env, id, id, rampart_context, msg_ctx); } @@ -710,7 +728,14 @@ /*Get the identifier node*/ identifier_node = oxs_axiom_get_first_child_node_by_name( - env, token_node, OXS_NODE_IDENTIFIER, OXS_WSC_NS, NULL); + env, token_node, OXS_NODE_IDENTIFIER, OXS_WSC_NS_05_02, NULL); + + if(!identifier_node) + { + /* check other namespace as well */ + identifier_node = oxs_axiom_get_first_child_node_by_name( + env, token_node, OXS_NODE_IDENTIFIER, OXS_WSC_NS_05_12, NULL); + } if(!identifier_node) { @@ -1740,11 +1765,13 @@ oxs_key_t *session_key = NULL; oxs_key_t *derived_key = NULL; - /*Get the session key.*/ - session_key = rampart_shp_get_key_for_key_info(env, dk_node, rampart_context, msg_ctx, AXIS2_TRUE); + /* Get the session key. */ + session_key = rampart_shp_get_key_for_key_info( + env, dk_node, rampart_context, msg_ctx, AXIS2_TRUE); if(!session_key) { - AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] On processing derived key, failed to get the session key. Cannot derive the key"); + AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, + "[rampart]Failed to get the session key. Cannot derive the key"); return AXIS2_FAILURE; } Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c URL: http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=687308&r1=687307&r2=687308&view=diff ============================================================================== --- webservices/rampart/trunk/c/src/util/rampart_signature.c (original) +++ webservices/rampart/trunk/c/src/util/rampart_signature.c Wed Aug 20 06:02:13 2008 @@ -95,7 +95,7 @@ /*Session key in use. Which is encrypted and hidden in the EncryptedKey with Id=encrypted_key_id*/ key_id = encrypted_key_id; value_type = OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY; - id_ref = axutil_stracat(env, "#",key_id); + id_ref = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX,key_id); }else{ /*Derived Keys in use.*/ key_id = oxs_key_get_name(key, env); @@ -140,7 +140,7 @@ "[rampart][rampart_signature] Security Token element creation failed in Direct reference."); return AXIS2_FAILURE; } - cert_id_ref = axutil_stracat(env, "#",cert_id); + cert_id_ref = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX,cert_id); reference_node = oxs_token_build_reference_element( env, str_node, cert_id_ref, OXS_VALUE_X509V3); AXIS2_FREE(env->allocator, cert_id_ref); @@ -385,6 +385,7 @@ rp_property_type_t token_type; rp_property_type_t binding_type; rp_property_t *token = NULL; + axis2_char_t *derived_key_version = NULL; axiom_node_t *sig_node = NULL; axis2_char_t *eki = NULL; axis2_bool_t is_direct_reference = AXIS2_TRUE; @@ -493,6 +494,7 @@ include = rampart_context_is_token_include(rampart_context, token, token_type, server_side, AXIS2_FALSE, env); + derived_key_version = rampart_context_get_derived_key_version(env, token); if (token_type == RP_PROPERTY_X509_TOKEN) { if (include) @@ -654,7 +656,7 @@ /*We have used a derived key to sign. Note the NULL we pass for the enc_key_id*/ rampart_sig_prepare_key_info_for_sym_binding(env, rampart_context, sign_ctx, sig_node, signed_key, NULL); /*In addition we need to add a DerivedKeyToken*/ - dk_token = oxs_derivation_build_derived_key_token_with_stre(env, signed_key, sec_node, key_reference_node); + dk_token = oxs_derivation_build_derived_key_token_with_stre(env, signed_key, sec_node, key_reference_node, derived_key_version); /*We need to make DerivedKeyToken to appear before the sginature node*/ oxs_axiom_interchange_nodes(env, dk_token, sig_node); } @@ -674,7 +676,7 @@ /*We have used a derived key to sign. Note the NULL we pass for the enc_key_id*/ rampart_sig_prepare_key_info_for_sym_binding(env, rampart_context, sign_ctx, sig_node, signed_key, NULL); /*In addition we need to add a DerivedKeyToken*/ - dk_token = oxs_derivation_build_derived_key_token_with_stre(env, signed_key, sec_node, key_reference_node); + dk_token = oxs_derivation_build_derived_key_token_with_stre(env, signed_key, sec_node, key_reference_node, derived_key_version); /*We need to make DerivedKeyToken to appear before the sginature node*/ oxs_axiom_interchange_nodes(env, dk_token, sig_node); } @@ -704,7 +706,7 @@ /*We have used a derived key to sign. Note the NULL we pass for the enc_key_id*/ rampart_sig_prepare_key_info_for_sym_binding(env, rampart_context, sign_ctx, sig_node, signed_key, NULL); /*In addition we need to add a DerivedKeyToken*/ - dk_token = oxs_derivation_build_derived_key_token_with_stre(env, signed_key, sec_node, key_reference_node); + dk_token = oxs_derivation_build_derived_key_token_with_stre(env, signed_key, sec_node, key_reference_node, derived_key_version); /*We need to make DerivedKeyToken to appear before the sginature node*/ oxs_axiom_interchange_nodes(env, dk_token, sig_node); } @@ -753,7 +755,7 @@ /*We have used a derived key to sign. Note the NULL we pass for the enc_key_id*/ rampart_sig_prepare_key_info_for_sym_binding(env, rampart_context, sign_ctx, sig_node, signed_key, NULL ); /*In addition we need to add a DerivedKeyToken after the EncryptedKey*/ - dk_token = oxs_derivation_build_derived_key_token(env, signed_key, sec_node, enc_key_id ,OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY); + dk_token = oxs_derivation_build_derived_key_token(env, signed_key, sec_node, enc_key_id ,OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY, derived_key_version); /*We need to make DerivedKeyToken to appear before the sginature node*/ oxs_axiom_interchange_nodes(env, dk_token, sig_node); }
