Author: kaushalye
Date: Mon Oct 29 04:08:25 2007
New Revision: 589581
URL: http://svn.apache.org/viewvc?rev=589581&view=rev
Log:
Extract derived keys from DerivedKeyToken elements
Modified:
webservices/rampart/trunk/c/include/oxs_derivation.h
webservices/rampart/trunk/c/src/omxmlsec/derivation.c
webservices/rampart/trunk/c/src/omxmlsec/key.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
Modified: webservices/rampart/trunk/c/include/oxs_derivation.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_derivation.h?rev=589581&r1=589580&r2=589581&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_derivation.h (original)
+++ webservices/rampart/trunk/c/include/oxs_derivation.h Mon Oct 29 04:08:25
2007
@@ -66,6 +66,14 @@
axis2_char_t *stref_uri,
axis2_char_t *stref_val_type);
+ /* If the (optional) session_key is NULL then extract it form the refered
EncryptedKey. Otherwise use it
+ * to Derive a new key using information available in the dk_token*/
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ oxs_derivation_extract_derived_key_from_token(const axutil_env_t *env,
+ axiom_node_t *dk_token,
+ axiom_node_t *root_node,
+ oxs_key_t *session_key,
+ oxs_key_t *derived_key);
/** @} */
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/derivation.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/derivation.c?rev=589581&r1=589580&r2=589581&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/derivation.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/derivation.c Mon Oct 29 04:08:25
2007
@@ -25,6 +25,54 @@
#include <oxs_tokens.h>
#include <openssl_hmac.h>
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_derivation_extract_derived_key_from_token(const axutil_env_t *env,
+ axiom_node_t *dk_token_node,
+ axiom_node_t *root_node,
+ oxs_key_t *session_key,
+ oxs_key_t *derived_key)
+{
+ oxs_key_t *base_key = NULL;
+ axiom_node_t *nonce_node = NULL;
+ axiom_node_t *length_node = NULL;
+ axiom_node_t *offset_node = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ axis2_char_t *nonce = NULL;
+ /*Default values*/
+ int offset = -1;
+ int length = 0;
+
+ /*If the session_key is NULL then extract it form the refered
EncryptedKey. Otherwise use it*/
+ if(!session_key){
+ /*TODO Lots of work including decrypting the EncryotedKey*/
+ }else{
+ base_key = session_key;
+ }
+
+ /*Get offset value*/
+ offset_node = oxs_axiom_get_first_child_node_by_name(env, dk_token_node,
OXS_NODE_OFFSET, OXS_WSC_NS, NULL);
+ if(offset_node){
+ offset = oxs_token_get_offset_value(env, offset_node);
+ }
+
+ /*Get length value*/
+ length_node = oxs_axiom_get_first_child_node_by_name(env, dk_token_node,
OXS_NODE_LENGTH, OXS_WSC_NS, NULL);
+ if(length_node){
+ length = oxs_token_get_length_value(env, length_node);
+ }
+
+ /*Get nonce value*/
+ nonce_node = oxs_axiom_get_first_child_node_by_name(env, dk_token_node,
OXS_NODE_NONCE, OXS_WSC_NS, NULL);
+ if(nonce_node){
+ nonce = oxs_token_get_nonce_value(env, nonce_node);
+ }
+
+ /*Now derive the key using the base_key and other parematers*/
+ status = oxs_derivation_derive_key(env, base_key, NULL, NULL,
derived_key);
+
+ return AXIS2_SUCCESS;
+}
+
AXIS2_EXTERN axiom_node_t * AXIS2_CALL
oxs_derivation_build_derived_key_token(const axutil_env_t *env,
oxs_key_t *derived_key,
@@ -38,7 +86,7 @@
axiom_node_t *nonce_token = NULL;
axiom_node_t *offset_token = NULL;
axiom_node_t *length_token = NULL;
- axiom_node_t *label_token = NULL;
+ /*axiom_node_t *label_token = NULL;*/
axis2_char_t *dk_id = NULL;
axis2_char_t *nonce = NULL;
@@ -67,11 +115,11 @@
if(nonce){
nonce_token = oxs_token_build_nonce_element(env, dk_token, nonce);
}
- /*Create label*/
+ /*Create label. Hmm we dont need to send the label. Use the default.*/
label = oxs_key_get_label(derived_key, env);
- if(label){
+ /*if(label){
label_token = oxs_token_build_label_element(env, dk_token, label);
- }
+ }*/
return dk_token;
}
Modified: webservices/rampart/trunk/c/src/omxmlsec/key.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/key.c?rev=589581&r1=589580&r2=589581&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/key.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/key.c Mon Oct 29 04:08:25 2007
@@ -242,6 +242,7 @@
key->buf = NULL;
key->name = NULL;
key->nonce = NULL;
+ key->label = NULL;
key->usage = -1;
key->offset = 0;
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=589581&r1=589580&r2=589581&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
(original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Mon Oct
29 04:08:25 2007
@@ -31,6 +31,7 @@
#include <oxs_axiom.h>
#include <oxs_asym_ctx.h>
#include <oxs_tokens.h>
+#include <oxs_derivation.h>
#include <axutil_utils.h>
#include <axutil_array_list.h>
#include <axis2_key_type.h>
@@ -575,13 +576,20 @@
key_info_node = oxs_axiom_get_first_child_node_by_name(env,
enc_data_node, OXS_NODE_KEY_INFO, OXS_DSIG_NS, NULL);
if(key_info_node){
axiom_node_t *ki_ref_node = NULL;
+ axis2_char_t *ki_ref_node_name = NULL;
+
/*We have KeyInfo node. Explore it and get the key*/
ki_ref_node = rampart_shp_process_key_info_for_ref(env,
key_info_node, envelope_node);
-
-
-
- /*Now derive the key to decrypt using information available in
the DerivedKeyToken*/
+ ki_ref_node_name = axiom_util_get_localname(ki_ref_node, env);
+ /*If the refered node is a DerivedKeyToken*/
+ if(0 == axutil_strcmp(ki_ref_node_name,
OXS_NODE_DERIVED_KEY_TOKEN)){
+ /*Now derive the key to decrypt using information
available in the DerivedKeyToken*/
+
+ }else{
+ /*Something that we do not process right now. Let the
key_to_decrypt==NULL so that the sesison key will be in use*/
+ key_to_decrypt = NULL;
+ }
}
if(!key_to_decrypt){
/*We have NO key information. Use the same session key for the
decryption*/
