Author: kaushalye
Date: Thu Dec 13 01:00:03 2007
New Revision: 603858
URL: http://svn.apache.org/viewvc?rev=603858&view=rev
Log:
Adding a seperate module for rampart errors
Some minor modifications
Added:
webservices/rampart/trunk/c/include/rampart_error.h
webservices/rampart/trunk/c/src/util/rampart_error.c
Modified:
webservices/rampart/trunk/c/include/rampart_constants.h
webservices/rampart/trunk/c/src/core/mod_rampart.c
webservices/rampart/trunk/c/src/util/Makefile.am
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_policy_validator.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
Modified: webservices/rampart/trunk/c/include/rampart_constants.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_constants.h?rev=603858&r1=603857&r2=603858&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_constants.h (original)
+++ webservices/rampart/trunk/c/include/rampart_constants.h Thu Dec 13 01:00:03
2007
@@ -29,6 +29,7 @@
* @{
*/
#include <oxs_constants.h>
+#include <rampart_error.h>
#ifdef __cplusplus
extern "C"
@@ -133,6 +134,7 @@
#define RAMPART_SPR_SIG_VERIFIED "SPR_Sig_Verified"
#define RAMPART_SPR_SIG_ENCRYPTED "SPR_Sig_Encrypted"
#define RAMPART_SPR_SIG_CONFIRM_FOUND "SPR_Sig_Confirmation_Found"
+#define RAMPART_SPR_BODY_ENCRYPTED "SPR_Body_Encrypted"
#define RAMPART_YES "YES"
#define RAMPART_NO "NO"
@@ -148,6 +150,7 @@
#define RAMPART_RD_DB_PROP "Rampart_RD_DB_Prop"
#define RAMPART_RD_DEF_VALID_DURATION 60
#define RAMPART_RD_DEF_MAX_RCDS 5
+
#ifdef __cplusplus
}
#endif
Added: webservices/rampart/trunk/c/include/rampart_error.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_error.h?rev=603858&view=auto
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_error.h (added)
+++ webservices/rampart/trunk/c/include/rampart_error.h Thu Dec 13 01:00:03 2007
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License")
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef RAMPART_ERROR_H
+#define RAMPART_ERROR_H
+
+#include <axutil_error.h>
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/**
+ * @defgroup rampart_error
+ * @ingroup rampart Error
+ * @{
+ */
+ /**
+ * \brief rampart error codes
+ *
+ * Set of error codes for rampart
+ */
+ typedef enum rampart_error_codes rampart_error_codes_t;
+ enum rampart_error_codes
+ {
+ /* No error */
+ RAMPART_ERROR_NONE = RAMPART_ERROR_CODES_START,
+ RAMPART_ERROR_UNSUPPORTED_SECURITY_TOKEN,
+ RAMPART_ERROR_INVALID_SECURITY,
+ RAMPART_ERROR_INVALID_SECURITY_TOKEN,
+ RAMPART_ERROR_FAILED_AUTHENTICATION,
+ RAMPART_ERROR_FAILED_CHECK,
+ RAMPART_ERROR_SECURITY_TOKEN_UNAVAILABLE,
+ RAMPART_ERROR_RAMPART_ERROR_LAST,
+ RAMPART_ERROR_IN_TIMESTAMP,
+ RAMPART_ERROR_IN_USERNAMETOKEN ,
+ RAMPART_ERROR_IN_ENCRYPTED_KEY ,
+ RAMPART_ERROR_IN_ENCRYPTED_DATA ,
+ RAMPART_ERROR_IN_SIGNATURE ,
+ RAMPART_ERROR_MSG_REPLAYED ,
+ RAMPART_ERROR_IN_POLICY ,
+ RAMPART_ERROR_LAST
+ };
+
+axis2_status_t AXIS2_CALL
+rampart_error_init();
+
+/** @} */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /*RAMPART_ERROR_H*/
Modified: webservices/rampart/trunk/c/src/core/mod_rampart.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/core/mod_rampart.c?rev=603858&r1=603857&r2=603858&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/core/mod_rampart.c (original)
+++ webservices/rampart/trunk/c/src/core/mod_rampart.c Thu Dec 13 01:00:03 2007
@@ -61,6 +61,8 @@
/* Any initialization stuff of Rampart module goes here. At the moment we
have NONE.
* Intialization happens in handlers depending on the message flow and
policies
* */
+ rampart_error_init();
+
AXIS2_LOG_INFO(env->log,"[rampart][rampart_mod] rampart_mod initialized");
return AXIS2_SUCCESS;
}
Modified: webservices/rampart/trunk/c/src/util/Makefile.am
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/Makefile.am?rev=603858&r1=603857&r2=603858&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/Makefile.am (original)
+++ webservices/rampart/trunk/c/src/util/Makefile.am Thu Dec 13 01:00:03 2007
@@ -7,7 +7,7 @@
rampart_encryption.c
rampart_sec_header_processor.c rampart_sec_processed_result.c \
rampart_sec_header_builder.c rampart_context.c rampart_token_processor.c
rampart_signature.c \
rampart_token_builder.c
rampart_rd_record.c rampart_replay_detector.c rampart_engine.c \
-
rampart_policy_validator.c
+
rampart_policy_validator.c rampart_error.c
librampart_util_la_LIBADD = -lssl \
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=603858&r1=603857&r2=603858&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Thu Dec 13
01:00:03 2007
@@ -45,7 +45,7 @@
axis2_status_t status1 = AXIS2_SUCCESS;
axis2_status_t status2 = AXIS2_SUCCESS;
-
+
status1 = rampart_context_get_nodes_to_encrypt(
rampart_context, env, soap_envelope, nodes_to_encrypt);
Added: webservices/rampart/trunk/c/src/util/rampart_error.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_error.c?rev=603858&view=auto
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_error.c (added)
+++ webservices/rampart/trunk/c/src/util/rampart_error.c Thu Dec 13 01:00:03
2007
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include <rampart_error.h>
+#include <axutil_error_default.h>
+
+AXIS2_IMPORT extern const axis2_char_t* axutil_error_messages[];
+
+/**
+ * RAMPART_ERROR_NONE = RAMPART_ERROR_CODES_START,
+ RAMPART_ERROR_UNSUPPORTED_SECURITY_TOKEN,
+ RAMPART_ERROR_INVALID_SECURITY,
+ RAMPART_ERROR_INVALID_SECURITY_TOKEN,
+ RAMPART_ERROR_FAILED_AUTHENTICATION,
+ RAMPART_ERROR_FAILED_CHECK,
+ RAMPART_ERROR_SECURITY_TOKEN_UNAVAILABLE,
+ RAMPART_ERROR_IN_TIMESTAMP,
+ RAMPART_ERROR_IN_USERNAMETOKEN ,
+ RAMPART_ERROR_IN_ENCRYPTED_KEY ,
+ RAMPART_ERROR_IN_ENCRYPTED_DATA ,
+ RAMPART_ERROR_IN_SIGNATURE ,
+ RAMPART_ERROR_MSG_REPLAYED ,
+ RAMPART_ERROR_IN_POLICY ,
+ RAMPART_ERROR_LAST
+
+ */
+
+axis2_status_t AXIS2_CALL
+rampart_error_init()
+{
+ /* A namespace that is not supported by Sandesha2 */
+ axutil_error_messages[RAMPART_ERROR_NONE] =
+ "Unidentified error in Rampart";
+
+ axutil_error_messages[RAMPART_ERROR_UNSUPPORTED_SECURITY_TOKEN] =
+ "Unsupported security token";
+
+ axutil_error_messages[RAMPART_ERROR_INVALID_SECURITY]=
+ "Invalid security";
+
+ axutil_error_messages[RAMPART_ERROR_INVALID_SECURITY_TOKEN]=
+ "Invalid security token";
+
+ axutil_error_messages[RAMPART_ERROR_LAST]=
+ "Last error of the stack in rampart";
+
+ axutil_error_messages[RAMPART_ERROR_FAILED_AUTHENTICATION]=
+ "Failed authentication";
+
+ axutil_error_messages[RAMPART_ERROR_FAILED_CHECK]=
+ "Failed check";
+
+ axutil_error_messages[RAMPART_ERROR_SECURITY_TOKEN_UNAVAILABLE]=
+ "Security token unavailable";
+
+ axutil_error_messages[RAMPART_ERROR_IN_TIMESTAMP]=
+ "Error in timestamp";
+
+ axutil_error_messages[RAMPART_ERROR_IN_USERNAMETOKEN]=
+ "Error in username token";
+
+ axutil_error_messages[RAMPART_ERROR_IN_ENCRYPTED_KEY]=
+ "Error in Encrypted Key";
+
+ axutil_error_messages[RAMPART_ERROR_IN_ENCRYPTED_DATA]=
+ "Error in Encrypted Data";
+
+ axutil_error_messages[RAMPART_ERROR_IN_SIGNATURE]=
+ "Error in Signature";
+
+ axutil_error_messages[RAMPART_ERROR_MSG_REPLAYED]=
+ "Message probarbly be replayed";
+
+ axutil_error_messages[RAMPART_ERROR_IN_POLICY]=
+ "Error in security policy";
+
+ axutil_error_messages[RAMPART_ERROR_LAST]=
+ "Error last";
+
+ return AXIS2_SUCCESS;
+}
+
Modified: webservices/rampart/trunk/c/src/util/rampart_policy_validator.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_policy_validator.c?rev=603858&r1=603857&r2=603858&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_policy_validator.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_policy_validator.c Thu Dec 13
01:00:03 2007
@@ -65,6 +65,7 @@
}else{
/*Error*/
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][rpv] Username
token required. Not found");
+ AXIS2_ERROR_SET(env->error, RAMPART_ERROR_INVALID_SECURITY ,
AXIS2_FAILURE);
rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
"Username token required. Cannot find in the security header",
RAMPART_FAULT_INVALID_SECURITY, msg_ctx);
return AXIS2_FAILURE;
@@ -125,6 +126,65 @@
return AXIS2_SUCCESS;
}
}
+/*We validate only the body encryption*/
+static axis2_status_t
+rampart_pv_validate_encryption(const axutil_env_t *env,
+ rampart_context_t *rampart_context,
+ axis2_msg_ctx_t *msg_ctx)
+{
+ axis2_bool_t body_encryption = AXIS2_FALSE;
+ axis2_status_t status = AXIS2_SUCCESS;
+ axutil_array_list_t *nodes_to_encrypt = NULL;
+ axiom_soap_envelope_t *soap_envelope = NULL;
+ int i = 0;
+
+ nodes_to_encrypt = axutil_array_list_create(env, 0);
+ soap_envelope = axis2_msg_ctx_get_soap_envelope(msg_ctx, env);
+
+ status = rampart_context_get_nodes_to_encrypt(
+ rampart_context, env, soap_envelope, nodes_to_encrypt);
+
+ status = rampart_context_get_elements_to_encrypt(
+ rampart_context, env, soap_envelope, nodes_to_encrypt);
+
+ /*See if the body need to be encrypted*/
+ if(nodes_to_encrypt && (axutil_array_list_size(nodes_to_encrypt, env) >
0)){
+ for(i=0 ; i < axutil_array_list_size(nodes_to_encrypt, env); i++)
+ {
+ axiom_node_t *node_to_enc = NULL;
+
+ /*Get the node to be encrypted*/
+ node_to_enc = (axiom_node_t *)axutil_array_list_get
+ (nodes_to_encrypt, env, i);
+ if(node_to_enc){
+ if(0 == axutil_strcmp( OXS_NODE_BODY ,
axiom_util_get_localname(node_to_enc, env))){
+ body_encryption = AXIS2_TRUE;
+ break;
+ }
+ }
+ }/*Eof loop*/
+ }else{
+ return AXIS2_SUCCESS;
+ }
+
+ if(AXIS2_TRUE == body_encryption){
+ axis2_char_t* body_encrypted = NULL;
+ body_encrypted =
(axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx,
RAMPART_SPR_BODY_ENCRYPTED);
+ if(0 == axutil_strcmp(RAMPART_YES, body_encrypted)){
+ return AXIS2_SUCCESS;
+ }else{
+ /*Error*/
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][rpv] Body need
to be encrypted.");
+ rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
"Body need to be encrypted",
+ RAMPART_FAULT_INVALID_SECURITY, msg_ctx);
+ return AXIS2_FAILURE;
+ }
+ }else{
+ return AXIS2_SUCCESS;
+ }
+}
+
+
/*Public functions*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
@@ -148,6 +208,10 @@
}
/*Check if Timestamp found*/
if(!rampart_pv_validate_ts(env, rampart_context, msg_ctx)){
+ return AXIS2_FAILURE;
+ }
+ /*Check if encryption is valid found*/
+ if(!rampart_pv_validate_encryption(env, rampart_context, msg_ctx)){
return AXIS2_FAILURE;
}
/*All the policy reqmnts are met. We are good to go*/
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c?rev=603858&r1=603857&r2=603858&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_builder.c Thu Dec
13 01:00:03 2007
@@ -445,6 +445,7 @@
if(AXIS2_FAILURE == status){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Asymmetric
Binding failed");
if(axis2_msg_ctx_get_server_side(msg_ctx,env)){
+ AXIS2_ERROR_SET(env->error, RAMPART_ERROR_INVALID_SECURITY ,
AXIS2_FAILURE);
rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY,
" Asymmetric Binding failed. Check
configurations ", RAMPART_FAULT_IN_POLICY, msg_ctx);
}
@@ -465,6 +466,7 @@
if(AXIS2_FAILURE == status){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric
Binding failed");
if(axis2_msg_ctx_get_server_side(msg_ctx,env)){
+ AXIS2_ERROR_SET(env->error, RAMPART_ERROR_INVALID_SECURITY,
AXIS2_FAILURE);
rampart_create_fault_envelope(env,
RAMPART_FAULT_INVALID_SECURITY,
" Symmetric Binding failed. Check
configurations ", RAMPART_FAULT_IN_POLICY, msg_ctx);
}
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=603858&r1=603857&r2=603858&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
(original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Thu Dec
13 01:00:03 2007
@@ -584,6 +584,11 @@
if(0 == axutil_strcmp( OXS_NODE_SIGNATURE ,
axiom_util_get_localname(decrypted_node, env))){
rampart_set_security_processed_result(env, msg_ctx,
RAMPART_SPR_SIG_ENCRYPTED, RAMPART_YES);
}
+ /*Check if the body is encrypted*/
+ if(0 == axutil_strcmp(OXS_NODE_BODY ,
axiom_util_get_localname(decrypted_node, env))){
+ rampart_set_security_processed_result(env, msg_ctx,
RAMPART_SPR_BODY_ENCRYPTED, RAMPART_YES);
+ }
+
/*Free*/
oxs_ctx_free(ctx, env);
ctx = NULL;
@@ -719,6 +724,10 @@
/*Check if the signture is encrypted*/
if(0 == axutil_strcmp( OXS_NODE_SIGNATURE ,
axiom_util_get_localname(decrypted_node, env))){
rampart_set_security_processed_result(env, msg_ctx,
RAMPART_SPR_SIG_ENCRYPTED, RAMPART_YES);
+ }
+ /*Check if the body is encrypted*/
+ if(0 == axutil_strcmp(OXS_NODE_BODY ,
axiom_util_get_localname(decrypted_node, env))){
+ rampart_set_security_processed_result(env, msg_ctx,
RAMPART_SPR_BODY_ENCRYPTED, RAMPART_YES);
}
/*Free*/
