Author: kaushalye
Date: Tue Oct 16 00:49:19 2007
New Revision: 585069
URL: http://svn.apache.org/viewvc?rev=585069&view=rev
Log:
replay detector module implementation (patch for RAMPARTC-35
https://issues.apache.org/jira/secure/attachment/12367801/replay_detector.patch)
Added:
webservices/rampart/trunk/c/samples/replay_detector/
webservices/rampart/trunk/c/samples/replay_detector/Makefile.am
webservices/rampart/trunk/c/samples/replay_detector/rampart_replay_detector_flat_file.c
webservices/rampart/trunk/c/samples/secpolicy/scenario6/
webservices/rampart/trunk/c/samples/secpolicy/scenario6/client-policy.xml
webservices/rampart/trunk/c/samples/secpolicy/scenario6/services.xml
Modified:
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/include/rampart_replay_detector.h
webservices/rampart/trunk/c/include/rampart_util.h
webservices/rampart/trunk/c/samples/Makefile.am
webservices/rampart/trunk/c/samples/configure.ac
webservices/rampart/trunk/c/samples/secpolicy/run_all.sh
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
webservices/rampart/trunk/c/src/util/rampart_util.c
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Tue Oct 16 00:49:19
2007
@@ -31,7 +31,6 @@
#include <rp_includes.h>
#include <rp_secpolicy.h>
#include <rampart_authn_provider.h>
-#include <rampart_util.h>
#include <axutil_property.h>
#include <rampart_constants.h>
#include <rampart_callback.h>
@@ -339,6 +338,11 @@
rampart_context_t *rampart_context,
const axutil_env_t *env);
+ AXIS2_EXTERN struct rampart_replay_detector_t *AXIS2_CALL
+ rampart_context_get_replay_detector(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_context_set_authn_provider(rampart_context_t *rampart_context,
const axutil_env_t *env,
@@ -376,6 +380,11 @@
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
rampart_context_get_authn_module_name(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env);
+
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ rampart_context_get_replay_detector_name(
rampart_context_t *rampart_context,
const axutil_env_t *env);
Modified: webservices/rampart/trunk/c/include/rampart_replay_detector.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_replay_detector.h?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_replay_detector.h (original)
+++ webservices/rampart/trunk/c/include/rampart_replay_detector.h Tue Oct 16
00:49:19 2007
@@ -58,13 +58,10 @@
struct rampart_replay_detector_ops
{
axis2_status_t (AXIS2_CALL*
- load)(rampart_replay_detector_t *replay_detector,
- const axutil_env_t *env);
-
- axis2_status_t (AXIS2_CALL*
is_replayed)(rampart_replay_detector_t *rrd,
const axutil_env_t* env,
- axis2_msg_ctx_t *msg_ctx);
+ axis2_msg_ctx_t *msg_ctx,
+
rampart_context_t *rampart_context);
axis2_status_t (AXIS2_CALL*
free)(rampart_replay_detector_t *rrd,
@@ -75,6 +72,7 @@
struct rampart_replay_detector
{
rampart_replay_detector_ops_t *ops;
+ axutil_param_t *param;
};
/*The default impl for RRD*/
@@ -101,12 +99,19 @@
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_replay_detector_final_cleanup(const axutil_env_t *env,
axis2_msg_ctx_t* msg_ctx);
- /*************************** Function macros
**********************************/
-#define RAMPART_REPLAY_DETECTOR_LOAD(replay_detector, env) \
- ((replay_detector)->ops->load(replay_detector, env))
-#define RAMPART_REPLAY_DETECTOR_IS_REPLAYED(replay_detector, env, msg_ctx) \
- ((replay_detector)->ops->replay_detector_is_replayed(replay_detector,
env, msg_ctx))
+ AXIS2_EXTERN axis2_bool_t AXIS2_CALL
+ rampart_replay_detector_linked_list_contains(axutil_linked_list_t
*linked_list,
+
const axutil_env_t *env,
+
axis2_char_t *id);
+
+ AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+ rampart_replay_detector_get_ts(const axutil_env_t *env,
+
axis2_msg_ctx_t* msg_ctx);
+
+ /*************************** Function macros
**********************************/
+#define RAMPART_REPLAY_DETECTOR_IS_REPLAYED(replay_detector, env, msg_ctx,
rampart_context) \
+ ((replay_detector)->ops->is_replayed(replay_detector, env, msg_ctx,
rampart_context))
#define RAMPART_REPLAY_DETECTOR_FREE(replay_detector, env) \
((replay_detector)->ops->free(replay_detector, env))
Modified: webservices/rampart/trunk/c/include/rampart_util.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_util.h?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_util.h (original)
+++ webservices/rampart/trunk/c/include/rampart_util.h Tue Oct 16 00:49:19 2007
@@ -25,6 +25,7 @@
#include <rampart_authn_provider.h>
#include <rampart_credentials.h>
#include <rampart_callback.h>
+#include <rampart_replay_detector.h>
/**
* @file rampart_util.h
* @brief Utilities of rampart
@@ -95,6 +96,16 @@
rampart_load_auth_module(const axutil_env_t *env,
axis2_char_t *auth_module_name);
+ /**
+ * Load replay detection module
+ * User MUST free memory
+ * @param env pointer to environment struct
+ * @param replay_detector_name name of the replay detection module
+ * @return creatd replay detection module
+ */
+ AXIS2_EXTERN rampart_replay_detector_t* AXIS2_CALL
+ rampart_load_replay_detector(const axutil_env_t *env,
+ axis2_char_t *replay_detector_name);
/**
* Call auth module
* @param env pointer to environment struct
Modified: webservices/rampart/trunk/c/samples/Makefile.am
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/Makefile.am?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/Makefile.am (original)
+++ webservices/rampart/trunk/c/samples/Makefile.am Tue Oct 16 00:49:19 2007
@@ -1,6 +1,6 @@
TESTS =
datadir=$(prefix)/bin/samples/rampart/secpolicy
-SUBDIRS = callback client server keys authn_provider credential_provider data
+SUBDIRS = callback client server keys authn_provider credential_provider data
replay_detector
data_DATA=
install-data-hook:
Modified: webservices/rampart/trunk/c/samples/configure.ac
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/configure.ac?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/configure.ac (original)
+++ webservices/rampart/trunk/c/samples/configure.ac Tue Oct 16 00:49:19 2007
@@ -108,6 +108,7 @@
callback/Makefile \
callback/htpasswd_callback/Makefile \
authn_provider/Makefile \
+ replay_detector/Makefile \
credential_provider/Makefile \
server/Makefile \
server/sec_echo/Makefile \
Added: webservices/rampart/trunk/c/samples/replay_detector/Makefile.am
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/replay_detector/Makefile.am?rev=585069&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/replay_detector/Makefile.am (added)
+++ webservices/rampart/trunk/c/samples/replay_detector/Makefile.am Tue Oct 16
00:49:19 2007
@@ -0,0 +1,9 @@
+prglibdir=$(prefix)/bin/samples/rampart/replay_detector
+prglib_LTLIBRARIES = librdflatfile.la
+librdflatfile_la_SOURCES = rampart_replay_detector_flat_file.c
+librdflatfile_la_LIBADD = $(LDFLAGS) \
+
-L$(AXIS2C_HOME)/lib \
+ -laxutil \
+
../../src/util/librampart_util.la
+INCLUDES = -I ../../include\
+ @AXIS2INC@
Added:
webservices/rampart/trunk/c/samples/replay_detector/rampart_replay_detector_flat_file.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/replay_detector/rampart_replay_detector_flat_file.c?rev=585069&view=auto
==============================================================================
---
webservices/rampart/trunk/c/samples/replay_detector/rampart_replay_detector_flat_file.c
(added)
+++
webservices/rampart/trunk/c/samples/replay_detector/rampart_replay_detector_flat_file.c
Tue Oct 16 00:49:19 2007
@@ -0,0 +1,368 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axutil_utils.h>
+#include <axutil_linked_list.h>
+#include <rampart_replay_detector.h>
+#include <axutil_property.h>
+#include <rampart_constants.h>
+#include <rampart_sec_processed_result.h>
+#include <rampart_util.h>
+#include <stdlib.h>
+
+#define BUFFER_LEN 10000
+#define DELIMIT 16
+#define INDICATOR_FILE "indicator"
+#define REPLAY_FILE "replay.content"
+
+AXIS2_EXTERN axis2_char_t * AXIS2_CALL
+rampart_replay_detector_file_dir(const axutil_env_t* env)
+{
+#ifdef WIN32
+ char* axis_home = getenv("AXIS2C_HOME");
+ if (axis_home)
+ return axutil_strdup(env, axis_home);
+ else
+ return axutil_strdup(env, "c:/");
+#else
+ return axutil_strdup(env, "/tmp/");
+#endif
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_replay_detector_free(rampart_replay_detector_t *rrd,
+ const
axutil_env_t* env)
+{
+ if (rrd)
+ {
+ if (rrd->ops)
+ {
+ AXIS2_FREE(env->allocator, rrd->ops);
+ }
+ AXIS2_FREE(env->allocator, rrd);
+ }
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_replay_detector_with_flat_file(rampart_replay_detector_t *rrd,
+ const axutil_env_t *env,
+ axis2_msg_ctx_t* msg_ctx,
+ rampart_context_t *rampart_context)
+{
+ axutil_linked_list_t *ll = NULL;
+ const axis2_char_t *msg_id = NULL;
+ const axis2_char_t *ts = NULL;
+ const axis2_char_t *addr_msg_id = NULL;
+ int max_rcds = RAMPART_RD_DEF_MAX_RCDS;
+ axis2_status_t status = AXIS2_FAILURE;
+
+
+ /* By using just Timestamps we dont need addressing. But there is a chance
that
+ * two messages might generated exactly at the same time*/
+ ts = rampart_replay_detector_get_ts( env, msg_ctx);
+ addr_msg_id = axis2_msg_ctx_get_wsa_message_id(msg_ctx, env);
+
+ if(!ts && addr_msg_id)
+ {
+ msg_id = addr_msg_id;
+ }
+ else if(ts && !addr_msg_id)
+ {
+ msg_id = ts;
+ }
+ else if(ts && addr_msg_id)
+ {
+ msg_id = axutil_strcat(env, addr_msg_id, ts, NULL);
+ }
+ else
+ {
+ msg_id = NULL;
+ }
+ if(!msg_id)
+ {
+ msg_id = "RAMPART-DEFAULT-TS";/*This has to be changed to generate the
hash???*/
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] NO msg_id
specified, using default = %s", msg_id);
+ }
+
+
+ ll = axutil_linked_list_create(env);
+ if(!ll)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rrd] linked list
creation failed");
+ return AXIS2_FAILURE;
+ }
+
+ status = rampart_replay_detector_read_file(env, ll);
+ if(AXIS2_FAILURE == status)
+ {
+ rampart_replay_detector_write_file(env, ll, AXIS2_FALSE);
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Number of
records =%d", axutil_linked_list_size(ll, env));
+ /*Get the valid duration for a record*/
+ if(rampart_context_get_rd_val(rampart_context, env))
+ {
+ max_rcds = axutil_atoi(rampart_context_get_rd_val(rampart_context,
env));
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Using the
specified max_rcds %d\n", max_rcds );
+ }
+ else
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Using the
default max_rcds %d\n", max_rcds );
+ }
+
+ /*If the table already have the same key it's a replay*/
+ if(AXIS2_TRUE == rampart_replay_detector_linked_list_contains(ll, env,
(void*)msg_id))
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][rrd] For ID=%s,
a replay detected", msg_id);
+ rampart_replay_detector_write_file(env, ll,
AXIS2_FALSE);
+ return AXIS2_FAILURE;
+ }
+
+ while(axutil_linked_list_size(ll, env) >= max_rcds)
+ {
+ axis2_char_t *tmp_msg_id = NULL;
+ tmp_msg_id = (axis2_char_t*)axutil_linked_list_remove_first(ll,
env);
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Deleting
record %s\n", tmp_msg_id );
+ AXIS2_FREE(env->allocator, tmp_msg_id);
+ tmp_msg_id = NULL;
+ }
+
+ /*Add current record*/
+ status = axutil_linked_list_add(ll, env,
(void*)axutil_strdup(env,msg_id));
+ if(AXIS2_SUCCESS == status)
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] Adding
record %s\n", msg_id );
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][rrd] Cannot add
record %s\n", msg_id);
+ rampart_replay_detector_write_file(env, ll,
AXIS2_FALSE);
+ return AXIS2_FAILURE;
+ }
+ status = rampart_replay_detector_write_file(env, ll,
AXIS2_TRUE);
+ axutil_linked_list_free(ll, env);
+ if(AXIS2_SUCCESS == status)
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd] writing to
file succeed" );
+ return AXIS2_SUCCESS;
+ }
+ else
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][rrd] writing to
file failed");
+ return AXIS2_FAILURE;
+ }
+ }
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_replay_detector_read_file(const axutil_env_t *env,
+
axutil_linked_list_t* ll)
+{
+ FILE* temp_file = NULL;
+ FILE* file = NULL;
+ axis2_char_t buffer[sizeof(axis2_char_t) * (BUFFER_LEN + 1)];
+ int ch_read = 0;
+ char* key = NULL;
+ char dilim[2];
+ dilim[0] = DELIMIT;
+ dilim[1] = 0;
+ axis2_char_t *file_dir = NULL;
+ axis2_char_t *file_name = NULL;
+
+ /*
+ * check whether some other threads are using the file. In that case,
the file will not be empty.
+ * If no other threads are using it, then the file will be empty
+ */
+
+ file_dir = rampart_replay_detector_file_dir(env);
+ file_name = axutil_stracat(env, file_dir, INDICATOR_FILE);
+ temp_file = fopen(file_name, "r");
+ while (temp_file)
+ {
+ fclose (temp_file);
+ sleep (5);
+ temp_file = fopen(file_name, "r");
+ }
+
+ temp_file = fopen(file_name, "w+");
+ AXIS2_FREE(env->allocator, file_name);
+ if (!temp_file)
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd]
creating indicator file failed" );
+ AXIS2_FREE(env->allocator, file_dir);
+ return AXIS2_FAILURE;
+ }
+ fclose (temp_file);
+
+ /*
+ * now we can safely read the actual replay content file
+ */
+ file_name = axutil_stracat(env, file_dir, REPLAY_FILE);
+ file = fopen (file_name, "r");
+ AXIS2_FREE(env->allocator, file_dir);
+ AXIS2_FREE(env->allocator, file_name);
+ if (file)
+ {
+ axis2_char_t* whole_buffer = NULL;
+ do
+ {
+ ch_read = fread (buffer, sizeof(axis2_char_t),
BUFFER_LEN, file);
+ buffer[ch_read] = 0;
+ if (!ch_read)
+ break;
+
+ if (whole_buffer)
+ {
+ axis2_char_t* temp_str = whole_buffer;
+ whole_buffer = axutil_stracat(env, temp_str,
buffer);
+ AXIS2_FREE(env->allocator, temp_str);
+ }
+ else
+ {
+ whole_buffer = axutil_strdup(env, buffer);
+ }
+ }while (!feof(file));
+ fclose(file);
+
+ if (whole_buffer)
+ {
+ key = strtok(whole_buffer, dilim);
+ while (key)
+ {
+ axutil_linked_list_add(ll, env,
(void*)axutil_strdup(env,key));
+ key = strtok(NULL, dilim);
+ }
+ AXIS2_FREE(env->allocator, whole_buffer);
+ }
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_replay_detector_write_file(const axutil_env_t *env,
+
axutil_linked_list_t* ll,
+ axis2_bool_t
write_content)
+{
+ FILE* file = NULL;
+ axis2_char_t *file_dir = NULL;
+ axis2_char_t *file_name = NULL;
+
+ file_dir = rampart_replay_detector_file_dir(env);
+ if (write_content == AXIS2_TRUE)
+ {
+ file_name = axutil_stracat(env, file_dir, REPLAY_FILE);
+ file = fopen (file_name, "w+");
+ if (!file)
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][rrd]
creating replay file failed" );
+ AXIS2_FREE(env->allocator, file_name);
+ file_name = axutil_stracat(env, file_dir,
INDICATOR_FILE);
+ remove(file_name);
+ AXIS2_FREE(env->allocator, file_name);
+ AXIS2_FREE(env->allocator, file_dir);
+ return AXIS2_FAILURE;
+ }
+#ifndef WIN32
+ else
+ {
+ axis2_char_t *command = NULL;
+ command = axutil_stracat(env, "chmod 666 ", file_name);
+ system(command);
+ AXIS2_FREE(env->allocator, command);
+ }
+#endif
+ AXIS2_FREE(env->allocator, file_name);
+
+ }
+
+ while(axutil_linked_list_size(ll, env) > 0)
+ {
+ axis2_char_t *tmp_msg_id = NULL;
+ tmp_msg_id = (axis2_char_t*)axutil_linked_list_remove_first(ll,
env);
+
+ if (file)
+ {
+ fwrite(tmp_msg_id, sizeof(axis2_char_t),
axutil_strlen(tmp_msg_id), file);
+ fputc(DELIMIT, file);
+ }
+
+ AXIS2_FREE(env->allocator, tmp_msg_id);
+ tmp_msg_id = NULL;
+ }
+
+ if (file)
+ {
+ fclose(file);
+ }
+
+ file_name = axutil_stracat(env, file_dir, INDICATOR_FILE);
+ remove(file_name);
+ AXIS2_FREE(env->allocator, file_name);
+ AXIS2_FREE(env->allocator, file_dir);
+ return AXIS2_SUCCESS;
+}
+
+
+/**
+ * Following block distinguish the exposed part of the dll.
+ */
+AXIS2_EXPORT int
+axis2_get_instance(rampart_replay_detector_t **inst,
+ const axutil_env_t *env)
+{
+ rampart_replay_detector_t* rd = NULL;
+
+ rd = AXIS2_MALLOC(env->allocator,
+ sizeof(rampart_replay_detector_t));
+
+ rd->ops = AXIS2_MALLOC(
+ env->allocator, sizeof(rampart_replay_detector_ops_t));
+
+ /*assign function pointers*/
+
+ rd->ops->is_replayed = rampart_replay_detector_with_flat_file;
+ rd->ops->free = rampart_replay_detector_free;
+
+ *inst = rd;
+
+ if (!(*inst))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rrd_sample] Cannot initialize the
replay detector module");
+ return AXIS2_FAILURE;
+ }
+
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXPORT int
+axis2_remove_instance(rampart_replay_detector_t *inst,
+ const axutil_env_t *env)
+{
+ axis2_status_t status = AXIS2_FAILURE;
+ if (inst)
+ {
+ status = RAMPART_REPLAY_DETECTOR_FREE(inst, env);
+ }
+ return status;
+}
+
Modified: webservices/rampart/trunk/c/samples/secpolicy/run_all.sh
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/run_all.sh?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/run_all.sh (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/run_all.sh Tue Oct 16
00:49:19 2007
@@ -4,7 +4,7 @@
_PORT=9090
_SLEEP=3
#You may change these to scenarios u need to run
-_LST="1 2 3 4 5"
+_LST="1 2 3 4 5 6"
if [ $# -eq 1 ]
then
Added: webservices/rampart/trunk/c/samples/secpolicy/scenario6/client-policy.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario6/client-policy.xml?rev=585069&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario6/client-policy.xml
(added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario6/client-policy.xml
Tue Oct 16 00:49:19 2007
@@ -0,0 +1,36 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/rampart/trunk/c/samples/secpolicy/scenario6/services.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario6/services.xml?rev=585069&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario6/services.xml (added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario6/services.xml Tue
Oct 16 00:49:19 2007
@@ -0,0 +1,52 @@
+<service name="sec_echo">
+ <parameter name="ServiceClass" locked="xsd:false">sec_echo</parameter>
+
+ <description>
+ This is a testing service , to test the system is working or not
+ </description>
+
+ <module ref="rampart"/>
+
+ <operation name="echoString">
+ <parameter
name="wsamapping">http://example.com/ws/2004/09/policy/Test/EchoRequest</parameter>
+ </operation>
+
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:AsymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:InitiatorToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:InitiatorToken>
+ <sp:RecipientToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:RecipientToken>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ </wsp:Policy>
+ </sp:AsymmetricBinding>
+ <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
+
<rampc:ReplayDetection>5</rampc:ReplayDetection>
+
<rampc:ReplayDetectionModule>AXIS2C_HOME/bin/samples/rampart/replay_detector/librdflatfile.so</rampc:ReplayDetectionModule>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Tue Oct 16 00:49:19
2007
@@ -19,6 +19,7 @@
#include <rampart_constants.h>
#include <oxs_axiom.h>
#include <oxs_x509_cert.h>
+#include <rampart_replay_detector.h>
struct rampart_context_t
{
@@ -49,6 +50,7 @@
rp_secpolicy_t *secpolicy;
rampart_callback_t *password_callback_module;
rampart_authn_provider_t *authn_provider;
+ rampart_replay_detector_t *replay_detector;
auth_password_func authenticate_with_password;
auth_digest_func authenticate_with_digest;
@@ -171,6 +173,7 @@
rampart_context->secpolicy = NULL;
rampart_context->password_callback_module = NULL;
rampart_context->authn_provider = NULL;
+ rampart_context->replay_detector = NULL;
rampart_context->authenticate_with_password = NULL;
rampart_context->authenticate_with_digest = NULL;
rampart_context->require_ut = AXIS2_FALSE;
@@ -776,6 +779,27 @@
return AXIS2_SUCCESS;
}
+AXIS2_EXTERN struct rampart_replay_detector_t *AXIS2_CALL
+rampart_context_get_replay_detector(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+
+ return (void*)rampart_context->replay_detector;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_replay_detector(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ rampart_replay_detector_t *replay_detector)
+{
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error,replay_detector,AXIS2_FAILURE);
+
+ rampart_context->replay_detector = replay_detector;
+ return AXIS2_SUCCESS;
+}
AXIS2_EXTERN oxs_key_t *AXIS2_CALL
rampart_context_get_session_key(
@@ -1504,6 +1528,19 @@
return NULL;
return rp_rampart_config_get_authenticate_module(config,env);
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+rampart_context_get_replay_detector_name(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ rp_rampart_config_t *config = NULL;
+ config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env);
+ if(!config)
+ return NULL;
+
+ return rp_rampart_config_get_replay_detector(config,env);
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
Modified: webservices/rampart/trunk/c/src/util/rampart_engine.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_engine.c?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_engine.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_engine.c Tue Oct 16 00:49:19
2007
@@ -30,7 +30,6 @@
#include <rampart_util.h>
#include <rampart_constants.h>
#include <rampart_callback.h>
-#include <rampart_replay_detector.h>
#include <axis2_msg.h>
#include <axis2_conf_ctx.h>
#include <rampart_handler_util.h>
@@ -190,7 +189,8 @@
}
else
{ /*Server side only*/
- /*We set our default impl of replay detection function*/
+ /*We set our default impl of replay detection function. if the module
is not set, then
+ * this function will be used*/
if(is_inflow)
{
rampart_context_set_replay_detect_function(rampart_context, env,
rampart_replay_detector_with_linked_list/*rampart_replay_detector_default*/);
@@ -287,8 +287,10 @@
rampart_callback_t* password_callback_module = NULL;
rampart_authn_provider_t *authn_provider = NULL;
+ rampart_replay_detector_t *replay_detector = NULL;
axis2_char_t *pwcb_module_name = NULL;
axis2_char_t *authn_provider_name = NULL;
+ axis2_char_t *replay_detector_name = NULL;
axis2_status_t status = AXIS2_SUCCESS;
status = rampart_context_set_user_from_file(rampart_context,env);
@@ -330,6 +332,15 @@
authn_provider = rampart_load_auth_module(env,authn_provider_name);
if(authn_provider)
rampart_context_set_authn_provider(rampart_context,env,authn_provider);
+ }
+
+ replay_detector_name =
rampart_context_get_replay_detector_name(rampart_context,env);
+
+ if(replay_detector_name)
+ {
+ replay_detector =
rampart_load_replay_detector(env,replay_detector_name);
+ if(replay_detector)
+
rampart_context_set_replay_detector(rampart_context,env,replay_detector);
}
return status;
}
Modified: webservices/rampart/trunk/c/src/util/rampart_replay_detector.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_replay_detector.c?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_replay_detector.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_replay_detector.c Tue Oct 16
00:49:19 2007
@@ -23,6 +23,7 @@
#include <rampart_constants.h>
#include <rampart_sec_processed_result.h>
#include <rampart_util.h>
+
/*Private functions*/
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_replay_detector_linked_list_contains(axutil_linked_list_t *linked_list,
@@ -423,7 +424,4 @@
return AXIS2_SUCCESS;
}
}
-
-
-
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
(original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Tue Oct
16 00:49:19 2007
@@ -38,6 +38,7 @@
#include <oxs_sign_ctx.h>
#include <oxs_xml_signature.h>
#include <oxs_key_mgr.h>
+#include <rampart_replay_detector.h>
/*Private functions*/
static axis2_bool_t
@@ -1441,30 +1442,62 @@
}
}
- if(NULL == rampart_context_get_rd_val(rampart_context, env)){
+ if((NULL == rampart_context_get_rd_val(rampart_context, env)) && (NULL
== rampart_context_get_replay_detector(rampart_context, env)))
+ {
AXIS2_LOG_INFO(env->log, "[rampart][shp] Replay detection is not
specified. Nothing to do");
need_replay_detection = AXIS2_FALSE;
- }else{
+ }
+ else
+ {
AXIS2_LOG_INFO(env->log, "[rampart][shp] Checking message for
replay.");
need_replay_detection = AXIS2_TRUE;
}
- if(AXIS2_TRUE == need_replay_detection){/*TODO Chk for the policy
configuration*/
- rampart_is_replayed_fn rd_fn = NULL;
- /*Is replayed*/
- rd_fn =
rampart_context_get_replay_detect_function(rampart_context, env);
- if(rd_fn){
- status = (*rd_fn)(env, msg_ctx, rampart_context);
- if(status != AXIS2_SUCCESS){
- /*Scream .. replayed*/
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][shp]
Message can be replayed");
- rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY, "Message is replayed",
RAMPART_FAULT_MSG_REPLAYED, msg_ctx);
- return AXIS2_FAILURE;
- }else{
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Checked message
for replays. Not a replay.");
- }
- }else{
- AXIS2_LOG_INFO(env->log, "[rampart][shp] No replay detection
function specified. Nothing to do. ");
- }
+ if(AXIS2_TRUE == need_replay_detection)
+ {/*TODO Chk for the policy configuration*/
+ rampart_replay_detector_t* replay_detector =
(rampart_replay_detector_t*)rampart_context_get_replay_detector(rampart_context,
env);
+ if (replay_detector)
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
"[rampart][shp] Using replay module.");
+ status =
RAMPART_REPLAY_DETECTOR_IS_REPLAYED(replay_detector, env, msg_ctx,
rampart_context);
+ if(status != AXIS2_SUCCESS)
+ {
+ /*Scream .. replayed*/
+ AXIS2_LOG_ERROR(env->log,
AXIS2_LOG_SI,"[rampart][shp] Message can be replayed");
+ rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY, "Message is replayed",
RAMPART_FAULT_MSG_REPLAYED, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,
"[rampart][shp] Checked message for replays. Not a replay.");
+ }
+ }
+ else
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
"[rampart][shp] Replay module not defined. Using replay function.");
+ rampart_is_replayed_fn rd_fn = NULL;
+
+ /*Is replayed*/
+ rd_fn =
rampart_context_get_replay_detect_function(rampart_context, env);
+ if(rd_fn)
+ {
+ status = (*rd_fn)(env, msg_ctx,
rampart_context);
+ if(status != AXIS2_SUCCESS)
+ {
+ /*Scream .. replayed*/
+ AXIS2_LOG_ERROR(env->log,
AXIS2_LOG_SI,"[rampart][shp] Message can be replayed");
+
rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Message is
replayed", RAMPART_FAULT_MSG_REPLAYED, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,
"[rampart][shp] Checked message for replays. Not a replay.");
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,
"[rampart][shp] No replay detection function specified. Nothing to do. ");
+ }
+ }
}
AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element
processing, DONE ");
/*Do the action accordingly*/
@@ -1505,22 +1538,65 @@
}
}
- if(AXIS2_TRUE == need_replay_detection){/*TODO Chk for the policy
configuration*/
- rampart_is_replayed_fn rd_fn = NULL;
- /*Is replayed*/
- rd_fn =
rampart_context_get_replay_detect_function(rampart_context, env);
- if(rd_fn){
- status = (*rd_fn)(env, msg_ctx, rampart_context);
- if(status != AXIS2_SUCCESS){
- /*Scream .. replayed*/
- return AXIS2_FAILURE;
- }else{
- AXIS2_LOG_INFO(env->log, "[rampart][shp] Checked message
for replays. Not a replay.");
- }
- }else{
- AXIS2_LOG_INFO(env->log, "[rampart][shp] No replay detection
function specified. Nothing to do. ");
- }
+ if((NULL == rampart_context_get_rd_val(rampart_context, env)) && (NULL
== rampart_context_get_replay_detector(rampart_context, env)))
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Replay detection is not
specified. Nothing to do");
+ need_replay_detection = AXIS2_FALSE;
}
+ else
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp] Checking message for
replay.");
+ need_replay_detection = AXIS2_TRUE;
+ }
+
+ if(AXIS2_TRUE == need_replay_detection)
+ {/*TODO Chk for the policy configuration*/
+ rampart_replay_detector_t* replay_detector =
(rampart_replay_detector_t*)rampart_context_get_replay_detector(rampart_context,
env);
+ if (replay_detector)
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
"[rampart][shp] Using replay module.");
+ status =
RAMPART_REPLAY_DETECTOR_IS_REPLAYED(replay_detector, env, msg_ctx,
rampart_context);
+ if(status != AXIS2_SUCCESS)
+ {
+ /*Scream .. replayed*/
+ AXIS2_LOG_ERROR(env->log,
AXIS2_LOG_SI,"[rampart][shp] Message can be replayed");
+ rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY, "Message is replayed",
RAMPART_FAULT_MSG_REPLAYED, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,
"[rampart][shp] Checked message for replays. Not a replay.");
+ }
+ }
+ else
+ {
+ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
"[rampart][shp] Replay module not defined. Using replay function.");
+ rampart_is_replayed_fn rd_fn = NULL;
+
+ /*Is replayed*/
+ rd_fn =
rampart_context_get_replay_detect_function(rampart_context, env);
+ if(rd_fn)
+ {
+ status = (*rd_fn)(env, msg_ctx,
rampart_context);
+ if(status != AXIS2_SUCCESS)
+ {
+ /*Scream .. replayed*/
+ AXIS2_LOG_ERROR(env->log,
AXIS2_LOG_SI,"[rampart][shp] Message can be replayed");
+
rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, "Message is
replayed", RAMPART_FAULT_MSG_REPLAYED, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,
"[rampart][shp] Checked message for replays. Not a replay.");
+ }
+ }
+ else
+ {
+ AXIS2_LOG_INFO(env->log,
"[rampart][shp] No replay detection function specified. Nothing to do. ");
+ }
+ }
+ }
+
AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element
processing, DONE ");
/*Do the action accordingly*/
return AXIS2_SUCCESS;
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Tue Oct 16
00:49:19 2007
@@ -37,6 +37,7 @@
#include <oxs_xml_signature.h>
#include <axis2_key_type.h>
#include <rampart_token_builder.h>
+#include <rampart_util.h>
/*Public functions*/
oxs_x509_cert_t *AXIS2_CALL
Modified: webservices/rampart/trunk/c/src/util/rampart_util.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_util.c?rev=585069&r1=585068&r2=585069&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_util.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_util.c Tue Oct 16 00:49:19 2007
@@ -30,6 +30,7 @@
#include <rampart_constants.h>
#include <rampart_callback.h>
#include <rampart_credentials.h>
+#include <rampart_replay_detector.h>
/*Calculate the hash of concatenated string of
* nonce, created and the password.
@@ -124,6 +125,25 @@
return authp;
}
+AXIS2_EXTERN rampart_replay_detector_t* AXIS2_CALL
+rampart_load_replay_detector(const axutil_env_t *env,
+ axis2_char_t *replay_detector_name)
+{
+ rampart_replay_detector_t *rd = NULL;
+ axutil_param_t *param = NULL;
+
+ rd = (rampart_replay_detector_t*)rampart_load_module(env,
replay_detector_name, ¶m);
+ if (!rd)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][rampart_util] Unable to identify
the replay detection module %s. ERROR", replay_detector_name);
+ return AXIS2_FAILURE;
+ }
+ if(param){
+ rd->param = param;
+ }
+
+ return rd;
+}
AXIS2_EXTERN rampart_callback_t* AXIS2_CALL
rampart_load_pwcb_module(const axutil_env_t *env,
