Author: kaushalye
Date: Tue Nov 20 22:01:56 2007
New Revision: 596945
URL: http://svn.apache.org/viewvc?rev=596945&view=rev
Log:
1. A bug fix in Signature encryption
2. New scenario to demo
Symmetric binding. Both encryption and sign. The protection order is
Encrypt->Sign. And Signature is Encrypted
Added:
webservices/rampart/trunk/c/samples/secpolicy/scenario13/
webservices/rampart/trunk/c/samples/secpolicy/scenario13/client-policy.xml
webservices/rampart/trunk/c/samples/secpolicy/scenario13/services.xml
Modified:
webservices/rampart/trunk/c/samples/secpolicy/README.txt
webservices/rampart/trunk/c/src/util/rampart_encryption.c
Modified: webservices/rampart/trunk/c/samples/secpolicy/README.txt
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/README.txt?rev=596945&r1=596944&r2=596945&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/README.txt (original)
+++ webservices/rampart/trunk/c/samples/secpolicy/README.txt Tue Nov 20
22:01:56 2007
@@ -34,6 +34,9 @@
12. Symmetric binding. Both encryption and sign.
The protection order is Sign->Encrypt
Signature is Encrypted
+13. Symmetric binding. Both encryption and sign.
+ The protection order is Encrypt->Sign
+ Signature is Encrypted
FAQ:
---
Added:
webservices/rampart/trunk/c/samples/secpolicy/scenario13/client-policy.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario13/client-policy.xml?rev=596945&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario13/client-policy.xml
(added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario13/client-policy.xml
Tue Nov 20 22:01:56 2007
@@ -0,0 +1,69 @@
+<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptSignature/>
+ <sp:EncryptBeforeSigning/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <wsp:Policy>
+ <sp:WssUsernameToken10/>
+ </wsp:Policy>
+ </sp:UsernameToken>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss11
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ <sp:MustSupportRefThumbprint/>
+ <sp:MustSupportRefEncryptedKey/>
+ </wsp:Policy>
+ </sp:Wss11>
+ <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ <sp:Header Namespace="http://www.w3.org/2005/08/addressing"/>
+ </sp:SignedParts>
+ <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
+ <rampc:User>Alice</rampc:User>
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ <rampc:EncryptionUser>a</rampc:EncryptionUser>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+
<rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+
<rampc:ReceiverCertificate>AXIS2C_HOME/bin/samples/rampart/keys/ahome/bob_cert.cert</rampc:ReceiverCertificate>
+
<rampc:Certificate>AXIS2C_HOME/bin/samples/rampart/keys/ahome/alice_cert.cert</rampc:Certificate>
+
<rampc:PrivateKey>AXIS2C_HOME/bin/samples/rampart/keys/ahome/alice_key.pem</rampc:PrivateKey>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+</wsp:Policy>
Added: webservices/rampart/trunk/c/samples/secpolicy/scenario13/services.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/secpolicy/scenario13/services.xml?rev=596945&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/secpolicy/scenario13/services.xml
(added)
+++ webservices/rampart/trunk/c/samples/secpolicy/scenario13/services.xml Tue
Nov 20 22:01:56 2007
@@ -0,0 +1,75 @@
+<service name="sec_echo">
+ <parameter name="ServiceClass" locked="xsd:false">sec_echo</parameter>
+
+ <description>
+ This is a testing service , to test the system is working or not
+ </description>
+ <module ref="rampart"/>
+ <operation name="echoString">
+ <parameter
name="wsamapping">http://example.com/ws/2004/09/policy/Test/EchoRequest</parameter>
+ </operation>
+
+ <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+ <wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never";>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireThumbprintReference/>
+ <sp:WssX509V3Token10/>
+ </wsp:Policy>
+ </sp:X509Token>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Strict/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:EncryptBeforeSigning/>
+ <sp:EncryptSignature/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:SignedSupportingTokens
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:UsernameToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always"/>
+ </wsp:Policy>
+ </sp:SignedSupportingTokens>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefEmbeddedToken/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:EncryptedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:EncryptedParts>
+ <sp:SignedParts
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <sp:Body/>
+ </sp:SignedParts>
+ <rampc:RampartConfig
xmlns:rampc="http://ws.apache.org/rampart/c/policy";>
+ <rampc:User>Bob</rampc:User>
+ <rampc:TimeToLive>360</rampc:TimeToLive>
+ <rampc:EncryptionUser>b</rampc:EncryptionUser>
+ <rampc:PasswordType>Digest</rampc:PasswordType>
+
<rampc:PasswordCallbackClass>AXIS2C_HOME/bin/samples/rampart/callback/libpwcb.so</rampc:PasswordCallbackClass>
+
<rampc:ReceiverCertificate>AXIS2C_HOME/bin/samples/rampart/keys/bhome/alice_cert.cert</rampc:ReceiverCertificate>
+
<rampc:Certificate>AXIS2C_HOME/bin/samples/rampart/keys/bhome/bob_cert.cert</rampc:Certificate>
+
<rampc:PrivateKey>AXIS2C_HOME/bin/samples/rampart/keys/bhome/bob_key.pem</rampc:PrivateKey>
+ </rampc:RampartConfig>
+ </wsp:All>
+ </wsp:ExactlyOne>
+ </wsp:Policy>
+</service>
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=596945&r1=596944&r2=596945&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Tue Nov 20
22:01:56 2007
@@ -763,7 +763,6 @@
axiom_node_t *encrypted_key_node = NULL;
axiom_node_t *temp_node = NULL;
axiom_node_t *node_to_move = NULL;
- axiom_node_t *ref_list_node = NULL;
axis2_bool_t use_derived_keys = AXIS2_TRUE;
axis2_bool_t server_side = AXIS2_FALSE;
rp_property_t *token = NULL;
@@ -868,6 +867,7 @@
if(!use_derived_keys)
{
+ axiom_node_t *ref_list_node = NULL;
ref_list_node = oxs_token_build_data_reference_list(
env, encrypted_key_node,
id_list);
if(!ref_list_node)
@@ -876,10 +876,27 @@
"[rampart][rampart_encryption]Encrypting signature,Building reference list
failed");
return AXIS2_FAILURE;
}
- }
+ }else{
+ /*Now we are using derived keys*/
+ axiom_node_t *ref_list_node = NULL;
+
+ /*Check if the RefList is already exist*/
+ ref_list_node = oxs_axiom_get_first_child_node_by_name(env, sec_node,
OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL);
+ if(ref_list_node){
+ axis2_char_t *mod_id = NULL;
+ axiom_node_t *data_ref_node = NULL;
+
+ /*Append ID to the list*/
+ mod_id = axutil_stracat(env, "#",id);
+ data_ref_node = oxs_token_build_data_reference_element(env,
ref_list_node, mod_id);
+ }else{
+ /*Create a fresh node*/
+ ref_list_node = oxs_token_build_data_reference_list(env, sec_node,
id_list);
+ }
+ }
if(id_list){
- /*TODO need to free data of the list*/
+ /*Need to free data of the list*/
int size = 0;
int j = 0;
size = axutil_array_list_size(id_list, env);
