svn commit: r547106 - in /webservices/rampart/trunk/c: include/ samples/client/sec_echo/ src/omxmlsec/tokens/ src/util/

manjula Wed, 13 Jun 2007 21:00:21 -0700

Author: manjula
Date: Wed Jun 13 20:59:57 2007
New Revision: 547106

URL: http://svn.apache.org/viewvc?view=rev&rev=547106
Log:
Encrypting the signature for policy assertion EncryptBeforeSign.


Modified:
    webservices/rampart/trunk/c/include/rampart_context.h
    webservices/rampart/trunk/c/include/rampart_encryption.h
    webservices/rampart/trunk/c/samples/client/sec_echo/echo_helper.c
    webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference.c
    webservices/rampart/trunk/c/src/util/rampart_context.c
    webservices/rampart/trunk/c/src/util/rampart_encryption.c
    webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c

Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?view=diff&rev=547106&r1=547105&r2=547106
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Wed Jun 13 20:59:57 
2007
@@ -32,6 +32,8 @@
 #include <rampart_authn_provider.h>
 #include <axis2_key_type.h>
 #include <axis2_msg_ctx.h>
+#include <oxs_key.h>
+
 #ifdef __cplusplus
 extern "C"
 {
@@ -359,6 +361,11 @@
         rampart_context_t *rampart_context,
         const axutil_env_t *env);
 
+    AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+    rampart_context_is_encrypt_signature(
+        rampart_context_t *rampart_context,
+        const axutil_env_t *env);
+    
     AXIS2_EXTERN axis2_status_t AXIS2_CALL
     rampart_context_get_nodes_to_encrypt(
         rampart_context_t *rampart_context,
@@ -509,6 +516,18 @@
         rampart_context_t *rampart_context,
         const axutil_env_t *env);
 
+    AXIS2_EXTERN oxs_key_t *AXIS2_CALL
+    rampart_context_get_session_key(
+        rampart_context_t *rampart_context,
+        const axutil_env_t *env);
+
+    AXIS2_EXTERN axis2_status_t AXIS2_CALL
+    rampart_context_set_session_key(
+        rampart_context_t *rampart_context,
+        const axutil_env_t *env,
+        oxs_key_t *session_key);
+
+    
 
 
 #ifdef __cplusplus

Modified: webservices/rampart/trunk/c/include/rampart_encryption.h
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_encryption.h?view=diff&rev=547106&r1=547105&r2=547106
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_encryption.h (original)
+++ webservices/rampart/trunk/c/include/rampart_encryption.h Wed Jun 13 
20:59:57 2007
@@ -48,6 +48,26 @@
                                 axiom_node_t *sec_node);
 
 
+    AXIS2_EXTERN axis2_status_t AXIS2_CALL
+    rampart_enc_add_key_info(
+            const axutil_env_t *env,
+            axis2_msg_ctx_t *msg_ctx,
+            rampart_context_t *rampart_context,
+            axiom_soap_envelope_t *soap_envelope,
+            axiom_node_t *sec_node);
+   
+   
+    AXIS2_EXTERN axis2_status_t AXIS2_CALL
+    rampart_enc_encrypt_signature(
+            const axutil_env_t *env,
+            axis2_msg_ctx_t *msg_ctx,
+            rampart_context_t *rampart_context,
+            axiom_soap_envelope_t *soap_envelope,
+            axiom_node_t *sec_node);
+ 
+
+    
+
     /* @} */
 #ifdef __cplusplus
 }

Modified: webservices/rampart/trunk/c/samples/client/sec_echo/echo_helper.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/client/sec_echo/echo_helper.c?view=diff&rev=547106&r1=547105&r2=547106
==============================================================================
--- webservices/rampart/trunk/c/samples/client/sec_echo/echo_helper.c (original)
+++ webservices/rampart/trunk/c/samples/client/sec_echo/echo_helper.c Wed Jun 
13 20:59:57 2007
@@ -101,6 +101,8 @@
             }
         }
     }
+    AXIS2_FREE(env->allocator ,file_name);
+    file_name = NULL;
     printf("Successful\n");
     return AXIS2_SUCCESS;
 }

Modified: webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference.c?view=diff&rev=547106&r1=547105&r2=547106
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/tokens/token_reference.c Wed Jun 
13 20:59:57 2007
@@ -53,11 +53,12 @@
     }
 
     ref_attr =  axiom_attribute_create(env, OXS_ATTR_URI , ref, NULL);
-    value_type_attr =  axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE , 
value_type, NULL);
 
     ret = axiom_element_add_attribute(reference_ele, env, ref_attr, 
reference_node);
-    ret = axiom_element_add_attribute(reference_ele, env, value_type_attr, 
reference_node);
-
+    if(value_type){
+        value_type_attr =  axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE , 
value_type, NULL);
+        ret = axiom_element_add_attribute(reference_ele, env, value_type_attr, 
reference_node);
+    }
     return reference_node;
 }
 

Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?view=diff&rev=547106&r1=547105&r2=547106
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Wed Jun 13 20:59:57 
2007
@@ -52,7 +52,7 @@
 
     /*This is used in callback functions.*/
     void *ctx;
-
+    oxs_key_t *session_key;
 
 };
 
@@ -676,6 +676,31 @@
     return AXIS2_SUCCESS;
 }
 
+
+AXIS2_EXTERN oxs_key_t *AXIS2_CALL
+rampart_context_get_session_key(
+    rampart_context_t *rampart_context,
+    const axutil_env_t *env)
+{
+    AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+    return rampart_context->session_key;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_session_key(rampart_context_t *rampart_context,
+                                   const axutil_env_t *env,
+                                   oxs_key_t *session_key)
+{
+    AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+    AXIS2_PARAM_CHECK(env->error, session_key, AXIS2_FAILURE);
+
+    rampart_context->session_key = session_key;
+    return AXIS2_SUCCESS;
+}
+
+
+
 AXIS2_EXTERN axis2_bool_t AXIS2_CALL
 rampart_context_get_require_timestamp(
     rampart_context_t *rampart_context,
@@ -1443,6 +1468,24 @@
             return AXIS2_TRUE;
     }
     return AXIS2_FALSE;
+}
+
+AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+rampart_context_is_encrypt_signature(
+    rampart_context_t *rampart_context,
+    const axutil_env_t *env)
+{
+
+    rp_symmetric_asymmetric_binding_commons_t *sym_asym_commons = NULL;
+    sym_asym_commons = 
rampart_context_get_symmetric_asymmetric_binding_commons(rampart_context, env);
+
+    if(!sym_asym_commons)
+        return AXIS2_FALSE;
+
+    else
+    {
+        return 
rp_symmetric_asymmetric_binding_commons_get_signature_protection(sym_asym_commons,
 env);
+    }
 }
 
 /*Following methods will return all the parts in the soap message

Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?view=diff&rev=547106&r1=547105&r2=547106
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Wed Jun 13 
20:59:57 2007
@@ -44,9 +44,9 @@
     axis2_status_t status1 = AXIS2_SUCCESS;
     axis2_status_t status2 = AXIS2_SUCCESS;
 
-    status1 = 
rampart_context_get_nodes_to_encrypt(rampart_context,env,soap_envelope,nodes_to_encrypt);
+    status1 = rampart_context_get_nodes_to_encrypt(rampart_context, env, 
soap_envelope, nodes_to_encrypt);
 
-    status2 = 
rampart_context_get_elements_to_encrypt(rampart_context,env,soap_envelope,nodes_to_encrypt);
+    status2 = rampart_context_get_elements_to_encrypt(rampart_context, env, 
soap_envelope, nodes_to_encrypt);
 
     if(status1 == AXIS2_SUCCESS || status2 == AXIS2_SUCCESS)
         return AXIS2_SUCCESS;
@@ -58,12 +58,14 @@
 
 /*Public functions*/
 AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_enc_encrypt_message(const axutil_env_t *env,
-                            axis2_msg_ctx_t *msg_ctx,
-                            rampart_context_t *rampart_context,
-                            axiom_soap_envelope_t *soap_envelope,
-                            axiom_node_t *sec_node)
+rampart_enc_encrypt_message(
+        const axutil_env_t *env,
+        axis2_msg_ctx_t *msg_ctx,
+        rampart_context_t *rampart_context,
+        axiom_soap_envelope_t *soap_envelope,
+        axiom_node_t *sec_node)
 {
+
     axutil_array_list_t *nodes_to_encrypt = NULL;
     axutil_array_list_t *id_list = NULL;
     axis2_status_t status = AXIS2_FAILURE;
@@ -127,6 +129,8 @@
         return AXIS2_FAILURE;
     }
 
+    rampart_context_set_session_key(rampart_context, env, session_key);
+
     /*Create a list to store EncDataIds. This will be used in building the 
ReferenceList*/
     id_list = axutil_array_list_create(env, 5);
 
@@ -247,5 +251,165 @@
 }
 
 
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_enc_add_key_info(
+        const axutil_env_t *env,
+        axis2_msg_ctx_t *msg_ctx,
+        rampart_context_t *rampart_context,
+        axiom_soap_envelope_t *soap_envelope,
+        axiom_node_t *sec_node)
+{
+
+    axis2_char_t *key_id = NULL;
+    axiom_node_t *key_info_node = NULL;
+    axiom_node_t *str_node = NULL;
+    axiom_node_t *reference_node = NULL;
+
+    axiom_node_t *encrypted_data_node = NULL;
+    axiom_node_t *encrypted_key_node = NULL;
+    axiom_node_t *body_node = NULL;
+    axiom_soap_body_t *body = NULL;
+
+    axiom_element_t *body_ele = NULL;
+    axiom_element_t *encrypted_data_ele = NULL;
+
+    encrypted_key_node = oxs_axiom_get_node_by_local_name(env, sec_node,  
OXS_NODE_ENCRYPTED_KEY); 
+    if(!encrypted_key_node)
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting 
signature, EncryptedKey Not found");
+        return AXIS2_FAILURE;
+    }    
+
+    key_id = oxs_util_generate_id(env,(axis2_char_t*)OXS_ENCKEY_ID);
+    oxs_axiom_add_attribute(env, encrypted_key_node, OXS_WSU, 
RAMPART_WSU_XMLNS, OXS_ATTR_ID, key_id);
+    
+    body = axiom_soap_envelope_get_body(soap_envelope, env);
+    body_node = axiom_soap_body_get_base_node(body, env);
+
+    body_ele = (axiom_element_t *)
+                            axiom_node_get_data_element(body_node, env);
+
+    encrypted_data_ele = axiom_util_get_first_child_element_with_localname(
+                            body_ele, env, body_node, OXS_NODE_ENCRYPTED_DATA, 
&encrypted_data_node); 
+
+    if(encrypted_data_ele)
+    {
+        key_info_node = oxs_token_build_key_info_element(env, 
encrypted_data_node);
+        if(key_info_node)
+        {
+            str_node = oxs_token_build_security_token_reference_element(env, 
key_info_node);
+            if(str_node)
+            {
+                axis2_char_t *key_id_ref = NULL;
+                key_id_ref = axutil_stracat(env, "#",key_id);
+                reference_node = oxs_token_build_reference_element(env, 
str_node, key_id_ref, NULL);
+                if(!reference_node)
+                {
+                    AXIS2_LOG_INFO(env->log, 
"[rampart][rampart_encryption]Encrypting signature, Reference Node build 
failed");
+                    return AXIS2_FAILURE;
+                }
+                else
+                    return AXIS2_SUCCESS;
+            }
+            else
+                return AXIS2_FAILURE;
+        }
+        else
+            return AXIS2_FAILURE;
+    }
+    else 
+        return AXIS2_FAILURE;
+}
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_enc_encrypt_signature(
+        const axutil_env_t *env,
+        axis2_msg_ctx_t *msg_ctx,
+        rampart_context_t *rampart_context,
+        axiom_soap_envelope_t *soap_envelope,
+        axiom_node_t *sec_node)
+{
+
+    oxs_key_t *session_key = NULL;
+    axiom_node_t *node_to_enc = NULL;
+    axiom_node_t *enc_data_node = NULL;
+    oxs_ctx_t *enc_ctx = NULL;
+    axis2_char_t *id = NULL;
+    axis2_status_t enc_status = AXIS2_FAILURE;
+    axis2_char_t *enc_sym_algo = NULL;
+    axutil_array_list_t *id_list = NULL;
+    axiom_node_t *encrypted_key_node = NULL;
+    axiom_node_t *temp_node = NULL;
+    axiom_node_t *node_to_move = NULL;
 
+    session_key = rampart_context_get_session_key(rampart_context, env);
 
+    if(!session_key)
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Encrypting 
Signature.Session key not found");
+        return AXIS2_FAILURE;
+    }
+
+    node_to_enc = oxs_axiom_get_node_by_local_name(env, sec_node, 
OXS_NODE_SIGNATURE); 
+
+    if(!node_to_enc)
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Encrypting 
Signature. Signature node not found");
+        return AXIS2_FAILURE;
+    }   
+
+    encrypted_key_node = oxs_axiom_get_node_by_local_name(env, sec_node,  
OXS_NODE_ENCRYPTED_KEY);
+    if(!encrypted_key_node)
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting 
signature, EncryptedKey Not found");
+        return AXIS2_FAILURE;
+    }
+    
+    enc_ctx = oxs_ctx_create(env);
+    oxs_ctx_set_key(enc_ctx, env, session_key);
+
+    enc_sym_algo = rampart_context_get_enc_sym_algo(rampart_context,env); 
+
+    oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, enc_sym_algo);
+   
+    id = oxs_util_generate_id(env,(axis2_char_t*)OXS_ENCDATA_ID);
+
+    enc_data_node = oxs_token_build_encrypted_data_element(env, sec_node, 
OXS_TYPE_ENC_ELEMENT, id );
+    enc_status = oxs_xml_enc_encrypt_node(env, enc_ctx, node_to_enc, 
&enc_data_node);
+
+    if(enc_status != AXIS2_SUCCESS)
+    {
+        return AXIS2_FAILURE;
+    }
+
+    node_to_move = oxs_axiom_get_node_by_local_name(env, sec_node,  
OXS_NODE_REFERENCE_LIST);
+
+    if(node_to_move)
+    {
+        temp_node = axiom_node_detach(node_to_move, env);
+        if(temp_node)
+        {
+            enc_status = axiom_node_insert_sibling_after(enc_data_node, env, 
temp_node);
+            if(enc_status != AXIS2_SUCCESS)
+            {
+                AXIS2_LOG_INFO(env->log, 
"[rampart][rampart_encryption]Encrypting signature, Node moving failed.");    
+                return AXIS2_FAILURE;
+            }    
+        }    
+    }    
+
+    id_list = axutil_array_list_create(env, 0);
+
+    axutil_array_list_add(id_list, env, id);
+
+    enc_status = oxs_token_build_data_reference_list(env, encrypted_key_node, 
id_list);    
+    if(enc_status != AXIS2_SUCCESS)
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption]Encrypting 
signature,Building reference list failed");
+        return AXIS2_FAILURE;
+    }
+        
+
+    return AXIS2_SUCCESS;
+}

Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?view=diff&rev=547106&r1=547105&r2=547106
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Wed Jun 
13 20:59:57 2007
@@ -56,10 +56,11 @@
 
 
 AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_shb_build_message(const axutil_env_t *env,
-                          axis2_msg_ctx_t *msg_ctx,
-                          rampart_context_t *rampart_context,
-                          axiom_soap_envelope_t *soap_envelope)
+rampart_shb_build_message(
+        const axutil_env_t *env,
+        axis2_msg_ctx_t *msg_ctx,
+        rampart_context_t *rampart_context,
+        axiom_soap_envelope_t *soap_envelope)
 {
 
     axis2_status_t status = AXIS2_SUCCESS;
@@ -71,6 +72,7 @@
     axiom_node_t *sec_node =  NULL;
     axiom_element_t *sec_ele = NULL;
     axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
+    axis2_bool_t signature_protection = AXIS2_FALSE;
     axiom_node_t *sig_node = NULL;
     axiom_node_t *enc_key_node = NULL;
 
@@ -147,19 +149,60 @@
                 }
             }
         }
+
+        signature_protection = 
rampart_context_is_encrypt_signature(rampart_context, env);
+
         /*Check the encryption and signature order*/
-        if(rampart_context_is_encrypt_before_sign(rampart_context,env))
+        if(rampart_context_is_encrypt_before_sign(rampart_context, env))
         {
             is_encrypt_before_sign = AXIS2_TRUE;
-            /*Check what are the parts to encrypt and send them to the encrypt 
method*/
-            status = rampart_enc_encrypt_message(env, 
msg_ctx,rampart_context,soap_envelope,sec_node);
-            if(status != AXIS2_SUCCESS)
-                return AXIS2_FAILURE;
+            
+            if(signature_protection)
+            {
+                /*First Encrypt the parts specified in encrypted parts*/
 
-            /*Then do signature specific things*/
-            status = 
rampart_sig_sign_message(env,msg_ctx,rampart_context,soap_envelope,sec_node);
-            if(status != AXIS2_SUCCESS)
-                return AXIS2_FAILURE;
+                status = rampart_enc_encrypt_message(env, msg_ctx, 
rampart_context, soap_envelope, sec_node);
+                if(status != AXIS2_SUCCESS)
+                {
+                    return AXIS2_FAILURE;
+                }    
+                
+                /*Add a key reference in Encrypted Data in the Body*/
+                
+                status = rampart_enc_add_key_info(env, msg_ctx, 
rampart_context, soap_envelope, sec_node);
+                if(status != AXIS2_SUCCESS)
+                {
+                    return AXIS2_FAILURE;
+                }
+                /*Then Sign the message*/
+
+                status = rampart_sig_sign_message(env, msg_ctx, 
rampart_context, soap_envelope, sec_node);
+                if(status != AXIS2_SUCCESS)
+                {    
+                    return AXIS2_FAILURE;
+                }
+
+                /*Then encrypt the signature */
+
+                status = rampart_enc_encrypt_signature(env, msg_ctx, 
rampart_context, soap_envelope, sec_node);
+                if(status != AXIS2_SUCCESS)
+                {
+                    return AXIS2_FAILURE;
+                }    
+            
+            }    
+            else
+            {    
+                status = rampart_enc_encrypt_message(env, msg_ctx, 
rampart_context, soap_envelope, sec_node);
+                if(status != AXIS2_SUCCESS)
+                    return AXIS2_FAILURE;
+
+                /*Then do signature specific things*/
+                status = rampart_sig_sign_message(env, msg_ctx, 
rampart_context, soap_envelope, sec_node);
+                if(status != AXIS2_SUCCESS)
+                    return AXIS2_FAILURE;
+
+            }    
 
             /*Then Handle Supporting token stuff  */
         }
@@ -167,19 +210,19 @@
         {
             is_encrypt_before_sign = AXIS2_FALSE;
             /*First do signature specific stuff*/
-            status = 
rampart_sig_sign_message(env,msg_ctx,rampart_context,soap_envelope,sec_node);
+            status = rampart_sig_sign_message(env, msg_ctx, rampart_context, 
soap_envelope, sec_node);
             if(status != AXIS2_SUCCESS)
                 return AXIS2_FAILURE;
 
             /*Then Handle Encryption stuff*/
 
-            status = rampart_enc_encrypt_message(env, 
msg_ctx,rampart_context,soap_envelope,sec_node);
+            status = rampart_enc_encrypt_message(env, msg_ctx, 
rampart_context, soap_envelope, sec_node);
             if(status!=AXIS2_SUCCESS )
                 return AXIS2_FAILURE;
         }
 
         /*If both encryption and signature is done we should interchange them.
-         * because the a-ction done last should appear first in the header. */
+         * because the action done last should appear first in the header. */
         sig_node = 
oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
         enc_key_node = 
oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
         if(sig_node && enc_key_node)

svn commit: r547106 - in /webservices/rampart/trunk/c: include/ samples/client/sec_echo/ src/omxmlsec/tokens/ src/util/

Reply via email to