rampart_signature.c

kaushalye Tue, 13 Nov 2007 02:30:46 -0800

Author: kaushalye
Date: Tue Nov 13 02:30:20 2007
New Revision: 594471

URL: http://svn.apache.org/viewvc?rev=594471&view=rev
Log:
Signature confirmation support


Modified:
    webservices/rampart/trunk/c/src/omxmlsec/derivation.c
    webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
    webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
    webservices/rampart/trunk/c/src/util/rampart_signature.c

Modified: webservices/rampart/trunk/c/src/omxmlsec/derivation.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/derivation.c?rev=594471&r1=594470&r2=594471&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/derivation.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/derivation.c Tue Nov 13 02:30:20 
2007
@@ -26,6 +26,37 @@
 #include <openssl_hmac.h>
 
 AXIS2_EXTERN oxs_key_t* AXIS2_CALL
+oxs_derivation_get_the_referenced_base_key(const axutil_env_t *env,
+    axiom_node_t *dk_token_node,
+        axiom_node_t *root_node)
+{
+    axiom_node_t *str_node = NULL;
+    axiom_node_t *ref_node = NULL;
+    axiom_node_t *refed_node = NULL;
+    axis2_char_t *ref_val = NULL;
+    axis2_char_t *id = NULL;
+
+    str_node = oxs_axiom_get_first_child_node_by_name(env, dk_token_node, 
OXS_NODE_SECURITY_TOKEN_REFRENCE, OXS_WSSE_XMLNS, NULL);
+    ref_node = oxs_axiom_get_first_child_node_by_name(env, str_node, 
OXS_NODE_REFERENCE, OXS_WSSE_XMLNS, NULL);
+    if(!ref_node) {return NULL ;}
+
+    ref_val  = oxs_token_get_reference(env, ref_node);
+    if(!ref_val) {return NULL ;}
+ 
+    /*Need to remove # sign from the ID*/
+    id = axutil_string_substring_starting_at(ref_val, 1);
+
+    /*Search for an element with the val(@Id)[EMAIL PROTECTED]/
+    refed_node =  oxs_axiom_get_node_by_id(env, root_node, OXS_ATTR_ID, id, 
NULL);
+    if(!refed_node){
+      oxs_error(env, ERROR_LOCATION, OXS_ERROR_INVALID_DATA, "Cannot find the 
referenced key for the derived key");    
+      return NULL;
+    }
+    
+    return NULL;
+}
+
+AXIS2_EXTERN oxs_key_t* AXIS2_CALL
 oxs_derivation_extract_derived_key_from_token(const axutil_env_t *env,
     axiom_node_t *dk_token_node,
     axiom_node_t *root_node,

Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=594471&r1=594470&r2=594471&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Tue Nov 
13 02:30:20 2007
@@ -252,7 +252,7 @@
 
     /*Signature Confirmation support. Only in the server side*/
     if(axis2_msg_ctx_get_server_side(msg_ctx,env)){
-        axis2_bool_t sign_conf_reqd = AXIS2_FALSE;
+        axis2_bool_t sign_conf_reqd = AXIS2_TRUE;
         /*TODO sign_conf_reqd <- Get from context <- policy*/
         if(sign_conf_reqd){
             status = rampart_sig_confirm_signature(env, msg_ctx, 
rampart_context, sec_node);

Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=594471&r1=594470&r2=594471&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c 
(original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Tue Nov 
13 02:30:20 2007
@@ -70,10 +70,10 @@
             /*Need to remove # sign from the ID*/
             id = axutil_string_substring_starting_at(ref_val, 1);
 
-            /*Search for an element with the val(@Id)[EMAIL PROTECTED]/
+            /*Search for an element with the val(@wsu:Id)[EMAIL PROTECTED]/
             refed_node =  oxs_axiom_get_node_by_id(env, root_node, 
OXS_ATTR_ID, id, OXS_WSU_XMLNS);
             if(!refed_node){
-                /*Search for an element with the val(@wsu:Id)[EMAIL PROTECTED]/
+                /*Search for an element with the val(@Id)[EMAIL PROTECTED]/
                 refed_node =  oxs_axiom_get_node_by_id(env, root_node, 
OXS_ATTR_ID, id, NULL);
                 /*If we still cannot find its an error*/
                 if(!refed_node){
@@ -354,18 +354,6 @@
                         env, encrypted_key_node, OXS_NODE_REFERENCE_LIST, 
OXS_ENC_NS, NULL);
     reference_list = oxs_token_get_reference_list_data(env, ref_list_node);
 
-    /*If there are no references. Nothing to do. Return success*/
-/* 
-    if((!reference_list) || (0 == axutil_array_list_size(reference_list, env)))
-    {
-        AXIS2_LOG_INFO(env->log, "[rampart][shp] Reference List is empty");
-        return AXIS2_SUCCESS;
-    }
-    
-    AXIS2_LOG_INFO(env->log,
-                   "[rampart][shp] Reference List has %d node reference(s)",
-                   axutil_array_list_size(reference_list, env));
-*/
     /*Get the algorithm to decrypt the sesison key*/
     enc_mtd_node = oxs_axiom_get_first_child_node_by_name(
                        env, encrypted_key_node, OXS_NODE_ENCRYPTION_METHOD, 
OXS_ENC_NS, NULL);
@@ -797,6 +785,15 @@
         axiom_node_t *reffed_node = NULL;
         axis2_char_t *reffed_node_name = NULL;
         
+        /*Now we need to decrypt the EncryptedKey if not done already*/
+        if(!session_key){
+            axiom_node_t *encrypted_key_node = NULL;
+
+            encrypted_key_node = oxs_axiom_get_first_child_node_by_name(env, 
sec_node, OXS_NODE_ENCRYPTED_KEY, OXS_ENC_NS, NULL);
+            status = rampart_shp_process_encrypted_key(env, msg_ctx, 
rampart_context, soap_envelope, sec_node, encrypted_key_node);                  
   
+            session_key = rampart_context_get_session_key(rampart_context, 
env);
+        }
+
         /*This can be a derrived key or an EncryptedKey. Whatever it is, it 
should be within the Security header*/
         reffed_node = rampart_shp_process_key_info_for_ref(env, key_info_node, 
sec_node);
         if(!reffed_node){
@@ -807,6 +804,7 @@
         reffed_node_name = axiom_util_get_localname(reffed_node, env);
         if(0 == axutil_strcmp(reffed_node_name, OXS_NODE_DERIVED_KEY_TOKEN)){  
    
             /*Signed by a DerivedKey*/
+
             key_to_verify = oxs_derivation_extract_derived_key_from_token(env, 
reffed_node, envelope_node, session_key);
             if(!key_to_verify){
                 AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] 
Derived key cannot be taken for the signature verification");

Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL: 
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=594471&r1=594470&r2=594471&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Tue Nov 13 
02:30:20 2007
@@ -731,7 +731,9 @@
     id = oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_CONF_ID);
  
     /*TODO: Get the SignatureValue from the request*/
-    sig_val = "FAKE-SIG-VAL==";    
+    
+    /*Get SPR*/
+    sig_val = (axis2_char_t*)rampart_get_security_processed_result(env, 
msg_ctx, RAMPART_SPR_SIG_VALUE);
 
     /*Build wsse11:SignatureConfirmation element */
     oxs_token_build_signature_confirmation_element(env, sec_node, id, sig_val);

svn commit: r594471 - in /webservices/rampart/trunk/c/src: omxmlsec/derivation.c util/rampart_sec_header_builder.c util/rampart_sec_header_processor.c util/rampart_signature.c

Reply via email to