Author: shankar
Date: Sun Feb 24 21:38:52 2008
New Revision: 630736
URL: http://svn.apache.org/viewvc?rev=630736&view=rev
Log:
EncryptedKeySHA1 support
Modified:
webservices/rampart/trunk/c/include/oxs_constants.h
webservices/rampart/trunk/c/include/oxs_key.h
webservices/rampart/trunk/c/include/rampart_context.h
webservices/rampart/trunk/c/include/trust_sts_client.h
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
webservices/rampart/trunk/c/src/omxmlsec/key.c
webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
webservices/rampart/trunk/c/src/secconv/sct_provider.c
webservices/rampart/trunk/c/src/trust/sts_client.c
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_encryption.c
webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
webservices/rampart/trunk/c/src/util/rampart_signature.c
Modified: webservices/rampart/trunk/c/include/oxs_constants.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_constants.h?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_constants.h (original)
+++ webservices/rampart/trunk/c/include/oxs_constants.h Sun Feb 24 21:38:52 2008
@@ -72,7 +72,8 @@
****************************************************************/
#define OXS_DSIG_NS "http://www.w3.org/2000/09/xmldsig#";
#define OXS_ENC_NS "http://www.w3.org/2001/04/xmlenc#";
-#define OXS_WSSE_NS
"http://schemas.xmlsoap.org/ws/2002/04/secext";
+/*#define OXS_WSSE_NS
"http://schemas.xmlsoap.org/ws/2002/04/secext"*/
+#define OXS_WSSE_NS
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
#define OXS_WSC_NS "http://schemas.xmlsoap.org/ws/2005/02/sc";
/****************************************************************
@@ -379,6 +380,7 @@
#define OXS_VALUE_X509V3
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
#define OXS_X509_SUBJ_KI
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
#define OXS_X509_TUMBP_PRINT_SHA1
"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";
+#define OXS_X509_ENCRYPTED_KEY_SHA1
"http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1";
/****************************************************************
ST References
****************************************************************/
Modified: webservices/rampart/trunk/c/include/oxs_key.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/oxs_key.h?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/oxs_key.h (original)
+++ webservices/rampart/trunk/c/include/oxs_key.h Sun Feb 24 21:38:52 2008
@@ -262,6 +262,17 @@
AXIS2_EXTERN oxs_key_t *AXIS2_CALL
oxs_key_create(const axutil_env_t *env);
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ oxs_key_set_key_sha(
+ oxs_key_t *key,
+ const axutil_env_t *env,
+ axis2_char_t *key_sha);
+
+ AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+ oxs_key_get_key_sha(
+ const oxs_key_t *key,
+ const axutil_env_t *env);
+
#ifdef __cplusplus
}
Modified: webservices/rampart/trunk/c/include/rampart_context.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/rampart_context.h?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/rampart_context.h (original)
+++ webservices/rampart/trunk/c/include/rampart_context.h Sun Feb 24 21:38:52
2008
@@ -306,6 +306,11 @@
const axutil_env_t *env,
axis2_char_t* key_id);
+ AXIS2_EXTERN oxs_key_t* AXIS2_CALL
+ rampart_context_get_key_using_hash(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ axis2_char_t* hash);
+
/*End of Getters */
/*Rampart specific functions */
@@ -626,23 +631,23 @@
const axutil_env_t *env);
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
- rampart_context_get_encryption_sct_id(
+ rampart_context_get_encryption_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env);
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
- rampart_context_get_signature_sct_id(
+ rampart_context_get_signature_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
- rampart_context_set_encryption_sct_id(
+ rampart_context_set_encryption_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
axis2_char_t *sct_id);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
- rampart_context_set_signature_sct_id(
+ rampart_context_set_signature_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
axis2_char_t *sct_id);
Modified: webservices/rampart/trunk/c/include/trust_sts_client.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/trust_sts_client.h?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/trust_sts_client.h (original)
+++ webservices/rampart/trunk/c/include/trust_sts_client.h Sun Feb 24 21:38:52
2008
@@ -80,7 +80,8 @@
trust_sts_client_get_svc_client(
trust_sts_client_t * sts_client,
const axutil_env_t * env,
- axis2_char_t * action);
+ axis2_char_t * action,
+ axis2_char_t * address_version);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
trust_sts_client_set_issuer_address(
@@ -99,7 +100,8 @@
trust_sts_client_t * sts_client,
const axutil_env_t * env,
trust_context_t *trust_context,
- neethi_policy_t *issuer_policy);
+ neethi_policy_t *issuer_policy,
+ axis2_char_t *address_version);
AXIS2_EXTERN axis2_status_t AXIS2_CALL
trust_sts_client_set_issuer_policy_location(
Modified:
webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
(original)
+++ webservices/rampart/trunk/c/samples/sct_provider/sct_provider_hash_map.c
Sun Feb 24 21:38:52 2008
@@ -220,6 +220,9 @@
security_context_token_t *sct = NULL;
neethi_policy_t *sts_policy = NULL;
neethi_policy_t *cloned_policy = NULL;
+ axis2_ctx_t *ctx = NULL;
+ axis2_char_t *addressing_version_from_msg_ctx = NULL;
+ axutil_property_t *property = NULL;
/*check whether rp_property is valid*/
rp_sct = (rp_security_context_token_t*)rp_property_get_value(token, env);
@@ -265,6 +268,12 @@
return NULL;
}
+ /*get the addressing namespace to be used from msg_ctx*/
+ ctx = axis2_msg_ctx_get_base(msg_ctx, env);
+ property = axis2_ctx_get_property(ctx, env, AXIS2_WSA_VERSION);
+ if(property)
+ addressing_version_from_msg_ctx = axutil_property_get_value(property,
env);
+
/*Create sts client and set the values*/
sts_client = trust_sts_client_create(env);
trust_sts_client_set_home_dir(sts_client, env, client_home);
@@ -283,10 +292,11 @@
sts_policy = rp_security_context_token_get_bootstrap_policy(rp_sct,
env);
if(sts_policy)
{
- cloned_policy = clone_policy(sts_policy, env);
+ /*cloned_policy = clone_policy(sts_policy, env);*/
+ cloned_policy = neethi_engine_get_normalize(env, AXIS2_FALSE,
sts_policy);
}
- trust_sts_client_request_security_token_using_policy(sts_client, env,
trust_context, cloned_policy);
+ trust_sts_client_request_security_token_using_policy(sts_client, env,
trust_context, cloned_policy, addressing_version_from_msg_ctx);
/*obtain the reply from sts*/
rstr = trust_context_get_rstr(trust_context, env);
Modified: webservices/rampart/trunk/c/src/omxmlsec/key.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/key.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/key.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/key.c Sun Feb 24 21:38:52 2008
@@ -36,6 +36,8 @@
int offset; /*Specially added for WS-Secure Conversation*/
int length; /*Specially added for WS-Secure Conversation. used
to pass the derived key length for processing.*/
/*size is used when
building and length is used when processing*/
+
+ axis2_char_t *key_sha;
};
/******************** end of function headers *****************/
@@ -148,6 +150,34 @@
return AXIS2_SUCCESS;
}
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+oxs_key_set_key_sha(
+ oxs_key_t *key,
+ const axutil_env_t *env,
+ axis2_char_t *key_sha)
+{
+
+ AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
+ AXIS2_PARAM_CHECK(env->error, key_sha, AXIS2_FAILURE);
+
+ if (key->key_sha)
+ {
+ AXIS2_FREE(env->allocator, key->key_sha);
+ key->key_sha = NULL;
+ }
+ key->key_sha = axutil_strdup(env, key_sha);
+ return AXIS2_SUCCESS;
+}
+
+AXIS2_EXTERN axis2_char_t *AXIS2_CALL
+oxs_key_get_key_sha(
+ const oxs_key_t *key,
+ const axutil_env_t *env)
+{
+ AXIS2_ENV_CHECK(env, NULL);
+
+ return key->key_sha;
+}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_key_set_nonce(
@@ -247,6 +277,7 @@
oxs_key_get_buffer(key, env),
key->name,
key->usage);
+ new_key->key_sha = key->key_sha;
return new_key;
}
@@ -271,6 +302,7 @@
key->usage = -1;
key->offset = 0;
key->length = 0;
+ key->key_sha = NULL;
/*additionally we need to create a buffer to keep data*/
key->buf = oxs_buffer_create(env);
@@ -293,6 +325,9 @@
key->nonce = NULL;
AXIS2_FREE(env->allocator, key->label);
key->label = NULL;
+
+ if(key->key_sha)
+ AXIS2_FREE(env->allocator, key->key_sha);
AXIS2_FREE(env->allocator, key);
key = NULL;
Modified: webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/xml_encryption.c Sun Feb 24
21:38:52 2008
@@ -33,6 +33,8 @@
#include <oxs_utility.h>
#include <oxs_encryption.h>
#include <oxs_xml_encryption.h>
+#include <openssl_digest.h>
+
/*private functions*/
@@ -470,6 +472,9 @@
axiom_node_t *cd_node = NULL;
axiom_node_t *cv_node = NULL;
axis2_status_t status = AXIS2_FAILURE;
+ axis2_char_t* encrypted_key_hash = NULL;
+ int decoded_len = 0;
+ axis2_char_t *decoded_enc_sec = NULL;
/*Create input buffer*/
input = oxs_buffer_create(env);
@@ -523,6 +528,15 @@
if(id_list){
oxs_token_build_data_reference_list(env, encrypted_key_node, id_list);
}
+
+ /*calculate the EncryptedKeySHA1 and set as the key_sha*/
+ decoded_len = axutil_base64_decode_len(encrypted_key_data);
+ decoded_enc_sec = AXIS2_MALLOC(env->allocator, decoded_len);
+ axutil_base64_decode_binary((unsigned char*)decoded_enc_sec,
encrypted_key_data);
+ encrypted_key_hash = openssl_sha1(env, decoded_enc_sec, decoded_len);
+ oxs_key_set_key_sha(sym_key, env, encrypted_key_hash);
+ AXIS2_FREE(env->allocator, decoded_enc_sec);
+
/*Free*/
oxs_buffer_free(result, env);
result = NULL;
@@ -551,6 +565,10 @@
oxs_buffer_t *result_buf = NULL;
axis2_char_t *key_name = NULL;
+ axis2_char_t* encrypted_key_hash = NULL;
+ int decoded_len = 0;
+ axis2_char_t *decoded_enc_sec = NULL;
+
/*Get encryption method algorithm*/
enc_mtd_node = oxs_axiom_get_first_child_node_by_name(env,
encrypted_key_node, OXS_NODE_ENCRYPTION_METHOD,OXS_ENC_NS,OXS_XENC);
enc_mtd_algo = oxs_token_get_encryption_method(env, enc_mtd_node);
@@ -589,6 +607,13 @@
oxs_buffer_free(input_buf, env);
input_buf = NULL;
+ /*calculate the EncryptedKeySHA1 and set as the key_sha*/
+ decoded_len = axutil_base64_decode_len(new_cipher_val);
+ decoded_enc_sec = AXIS2_MALLOC(env->allocator, decoded_len);
+ axutil_base64_decode_binary((unsigned char*)decoded_enc_sec,
new_cipher_val);
+ encrypted_key_hash = openssl_sha1(env, decoded_enc_sec, decoded_len);
+ AXIS2_FREE(env->allocator, decoded_enc_sec);
+
AXIS2_FREE(env->allocator, new_cipher_val);
new_cipher_val = NULL;
@@ -604,6 +629,8 @@
key_name,
oxs_buffer_get_size(result_buf, env),
OXS_KEY_USAGE_SESSION );
+ oxs_key_set_key_sha(key, env, encrypted_key_hash);
+
/*Free*/
oxs_buffer_free(result_buf, env);
result_buf = NULL;
Modified: webservices/rampart/trunk/c/src/secconv/sct_provider.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/secconv/sct_provider.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/secconv/sct_provider.c (original)
+++ webservices/rampart/trunk/c/src/secconv/sct_provider.c Sun Feb 24 21:38:52
2008
@@ -31,9 +31,9 @@
if(!sct_id)
{
if(is_encryption)
- sct_id = rampart_context_get_encryption_sct_id(rampart_context,
env);
+ sct_id = rampart_context_get_encryption_token_id(rampart_context,
env);
else
- sct_id = rampart_context_get_signature_sct_id(rampart_context,
env);
+ sct_id = rampart_context_get_signature_token_id(rampart_context,
env);
}
sct_provider =
(rampart_sct_provider_t*)rampart_context_get_sct_provider(rampart_context, env);
Modified: webservices/rampart/trunk/c/src/trust/sts_client.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/trust/sts_client.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/trust/sts_client.c (original)
+++ webservices/rampart/trunk/c/src/trust/sts_client.c Sun Feb 24 21:38:52 2008
@@ -166,7 +166,7 @@
}
sts_client->svc_client =
- trust_sts_client_get_svc_client(sts_client, env, wsa_action);
+ trust_sts_client_get_svc_client(sts_client, env, wsa_action, NULL);
if (status == AXIS2_SUCCESS)
@@ -219,7 +219,8 @@
trust_sts_client_get_svc_client(
trust_sts_client_t * sts_client,
const axutil_env_t * env,
- axis2_char_t * action)
+ axis2_char_t * action,
+ axis2_char_t *address_version)
{
axis2_endpoint_ref_t *endpoint_ref = NULL;
axis2_options_t *options = NULL;
@@ -254,6 +255,17 @@
/* Engage addressing module */
axis2_svc_client_engage_module(svc_client, env, AXIS2_MODULE_ADDRESSING);
+ /*set the address version*/
+ if(address_version)
+ {
+ axutil_property_t *property = NULL;
+
+ property = axutil_property_create(env);
+ axutil_property_set_scope(property, env, AXIS2_SCOPE_APPLICATION);
+ axutil_property_set_value(property, env, axutil_strdup(env,
address_version));
+ axis2_options_set_property(options, env, AXIS2_WSA_VERSION, property);
+ }
+
return svc_client;
}
@@ -381,7 +393,8 @@
trust_sts_client_t * sts_client,
const axutil_env_t * env,
trust_context_t *trust_context,
- neethi_policy_t *issuer_policy)
+ neethi_policy_t *issuer_policy,
+ axis2_char_t *address_version)
{
axis2_status_t status = AXIS2_SUCCESS;
axiom_node_t *rst_node = NULL;
@@ -420,7 +433,7 @@
}
sts_client->svc_client =
- trust_sts_client_get_svc_client(sts_client, env, wsa_action);
+ trust_sts_client_get_svc_client(sts_client, env, wsa_action,
address_version);
if (sts_client->svc_client)
{
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Sun Feb 24 21:38:52
2008
@@ -65,8 +65,8 @@
auth_password_func authenticate_with_password;
auth_digest_func authenticate_with_digest;
- axis2_char_t *encryption_sct_id;
- axis2_char_t *signature_sct_id;
+ axis2_char_t *encryption_token_id;
+ axis2_char_t *signature_token_id;
axis2_bool_t require_timestamp;
axis2_bool_t require_ut;
@@ -198,8 +198,8 @@
rampart_context->ctx = NULL;
rampart_context->ref = 0;
- rampart_context->encryption_sct_id = NULL;
- rampart_context->signature_sct_id = NULL;
+ rampart_context->encryption_token_id = NULL;
+ rampart_context->signature_token_id = NULL;
rampart_context->key_list = axutil_array_list_create(env, 2);
@@ -1032,6 +1032,32 @@
return NULL;
}
+AXIS2_EXTERN oxs_key_t* AXIS2_CALL
+rampart_context_get_key_using_hash(rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ axis2_char_t* hash)
+{
+ oxs_key_t* key = NULL;
+ int i = 0;
+
+ AXIS2_ENV_CHECK(env, AXIS2_FALSE);
+
+ /*Repeat thru all the derived keys and find the matching one*/
+ for(i=0 ; i < axutil_array_list_size(rampart_context->key_list, env); i++)
+ {
+ axis2_char_t *key_hash = NULL;
+
+ key = (oxs_key_t*)axutil_array_list_get(rampart_context->key_list,
env, i);
+ key_hash = oxs_key_get_key_sha(key, env);
+ if(0 == axutil_strcmp(key_hash, hash))
+ {
+ return key;
+ }
+ }
+
+ return NULL;
+}
+
AXIS2_EXTERN axis2_bool_t AXIS2_CALL
rampart_context_get_require_timestamp(
@@ -2721,38 +2747,38 @@
}
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
-rampart_context_get_encryption_sct_id(
+rampart_context_get_encryption_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env)
{
- return rampart_context->encryption_sct_id;
+ return rampart_context->encryption_token_id;
}
AXIS2_EXTERN axis2_char_t *AXIS2_CALL
-rampart_context_get_signature_sct_id(
+rampart_context_get_signature_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env)
{
- return rampart_context->signature_sct_id;
+ return rampart_context->signature_token_id;
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_context_set_encryption_sct_id(
+rampart_context_set_encryption_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
axis2_char_t *sct_id)
{
- rampart_context->encryption_sct_id = sct_id;
+ rampart_context->encryption_token_id = sct_id;
return AXIS2_SUCCESS;
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
-rampart_context_set_signature_sct_id(
+rampart_context_set_signature_token_id(
rampart_context_t *rampart_context,
const axutil_env_t *env,
axis2_char_t *sct_id)
{
- rampart_context->signature_sct_id = sct_id;
+ rampart_context->signature_token_id = sct_id;
return AXIS2_SUCCESS;
}
Modified: webservices/rampart/trunk/c/src/util/rampart_encryption.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_encryption.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_encryption.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_encryption.c Sun Feb 24
21:38:52 2008
@@ -307,10 +307,10 @@
{
/*Generate the session key. if security context token, get the
shared secret and create the session key.*/
- session_key = oxs_key_create(env);
if(token_type == RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
{
oxs_buffer_t *key_buf = NULL;
+ session_key = oxs_key_create(env);
key_buf = sct_provider_get_secret(env, token, server_side,
AXIS2_TRUE, rampart_context, msg_ctx);
if(!key_buf)
{
@@ -322,12 +322,24 @@
oxs_key_populate(session_key, env,
oxs_buffer_get_data(key_buf, env), "for-algo",
oxs_buffer_get_size(key_buf, env), OXS_KEY_USAGE_NONE);
+ rampart_context_set_encryption_session_key(rampart_context, env,
session_key);
}
else
{
- status = oxs_key_for_algo(session_key, env, enc_sym_algo);
+ axis2_char_t *token_id = NULL;
+ token_id =
rampart_context_get_encryption_token_id(rampart_context, env);
+ if(token_id)
+ {
+ session_key = rampart_context_get_key(rampart_context, env,
token_id);
+ oxs_key_set_usage(session_key, env, OXS_KEY_USAGE_SESSION);
+ }
+ else
+ {
+ session_key = oxs_key_create(env);
+ status = oxs_key_for_algo(session_key, env, enc_sym_algo);
+ rampart_context_set_encryption_session_key(rampart_context,
env, session_key);
+ }
}
- rampart_context_set_encryption_session_key(rampart_context, env,
session_key);
}
id_list = axutil_array_list_create(env, 5);
@@ -395,7 +407,19 @@
}
else
{
- key_reference_node = NULL;
+ if(server_side)
+ {
+ axis2_char_t *encrypted_key_hash = NULL;
+ axiom_node_t *identifier_token = NULL;
+ encrypted_key_hash = oxs_key_get_key_sha(session_key, env);
+ key_reference_node =
oxs_token_build_security_token_reference_element(env, NULL);
+ identifier_token =
oxs_token_build_key_identifier_element(env, key_reference_node,
+ OXS_ENCODING_BASE64BINARY,
OXS_X509_ENCRYPTED_KEY_SHA1, encrypted_key_hash);
+ }
+ else
+ {
+ key_reference_node = NULL;
+ }
}
}
@@ -475,56 +499,59 @@
/* If not done already, Encrypt the session key using the Public Key
of the recipient*/
/* Note: Here we do not send the id_list to create a ReferenceList
inside the encrypted key. Instead we create the
* ReferenceList as a child of Security element */
- encrypted_key_node = oxs_axiom_get_node_by_local_name(env, sec_node,
OXS_NODE_ENCRYPTED_KEY);
- if(!encrypted_key_node)
+ if(!server_side)
{
- /*Create EncryptedKey element*/
- status = rampart_enc_encrypt_session_key(env, session_key,
msg_ctx, rampart_context, soap_envelope, sec_node, NULL );
- if(AXIS2_FAILURE == status)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_encryption] Cannot
encrypt the session key " );
- for(j=0 ; j < axutil_array_list_size(id_list, env);
j++)
- {
- axis2_char_t *id = NULL;
- id = (axis2_char_t
*)axutil_array_list_get(id_list, env, j);
- AXIS2_FREE(env->allocator, id);
- }
- axutil_array_list_free(id_list, env);
- id_list = NULL;
- return AXIS2_FAILURE;
- }
- /*Now we have en EncryptedKey Node*/
encrypted_key_node = oxs_axiom_get_node_by_local_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY);
-
- /*Get the asym key Id*/
if(!encrypted_key_node)
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_encryption]Encrypting
signature, EncryptedKey Not found");
- for(j=0 ; j < axutil_array_list_size(id_list, env);
j++)
- {
- axis2_char_t *id = NULL;
- id = (axis2_char_t
*)axutil_array_list_get(id_list, env, j);
- AXIS2_FREE(env->allocator, id);
- }
- axutil_array_list_free(id_list, env);
- id_list = NULL;
- return AXIS2_FAILURE;
+ /*Create EncryptedKey element*/
+ status = rampart_enc_encrypt_session_key(env, session_key,
msg_ctx, rampart_context, soap_envelope, sec_node, NULL );
+ if(AXIS2_FAILURE == status)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_encryption] Cannot
encrypt the session key " );
+ for(j=0 ; j < axutil_array_list_size(id_list,
env); j++)
+ {
+ axis2_char_t *id = NULL;
+ id = (axis2_char_t
*)axutil_array_list_get(id_list, env, j);
+ AXIS2_FREE(env->allocator, id);
+ }
+ axutil_array_list_free(id_list, env);
+ id_list = NULL;
+ return AXIS2_FAILURE;
+ }
+ /*Now we have en EncryptedKey Node*/
+ encrypted_key_node = oxs_axiom_get_node_by_local_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY);
+
+ /*Get the asym key Id*/
+ if(!encrypted_key_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_encryption]Encrypting
signature, EncryptedKey Not found");
+ for(j=0 ; j < axutil_array_list_size(id_list,
env); j++)
+ {
+ axis2_char_t *id = NULL;
+ id = (axis2_char_t
*)axutil_array_list_get(id_list, env, j);
+ AXIS2_FREE(env->allocator, id);
+ }
+ axutil_array_list_free(id_list, env);
+ id_list = NULL;
+ return AXIS2_FAILURE;
+ }
+ asym_key_id = oxs_util_generate_id(env,
(axis2_char_t*)OXS_ENCKEY_ID);
+ free_asym_key_id = AXIS2_TRUE;
+ if(asym_key_id)
+ {
+ oxs_axiom_add_attribute(env, encrypted_key_node, NULL,
+ NULL, OXS_ATTR_ID, asym_key_id);
+ }
}
- asym_key_id = oxs_util_generate_id(env,
(axis2_char_t*)OXS_ENCKEY_ID);
- free_asym_key_id = AXIS2_TRUE;
- if(asym_key_id)
+ else
{
- oxs_axiom_add_attribute(env, encrypted_key_node, NULL,
- NULL, OXS_ATTR_ID, asym_key_id);
+ /*OK Buddy we have already created EncryptedKey node. Get the
Id */
+ asym_key_id =
oxs_axiom_get_attribute_value_of_node_by_name(env, encrypted_key_node,
OXS_ATTR_ID, NULL);
}
}
- else
- {
- /*OK Buddy we have already created EncryptedKey node. Get the Id */
- asym_key_id = oxs_axiom_get_attribute_value_of_node_by_name(env,
encrypted_key_node, OXS_ATTR_ID, NULL);
- }
}
/*Add used <wsc:DerivedKeyToken> elements to the header*/
@@ -554,7 +581,20 @@
}
else
{
- dk_node = oxs_derivation_build_derived_key_token(env, dk,
sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
+ if(server_side)
+ {
+ axis2_char_t *encrypted_key_hash = NULL;
+ axiom_node_t *identifier_token = NULL;
+ encrypted_key_hash = oxs_key_get_key_sha(session_key, env);
+ key_reference_node =
oxs_token_build_security_token_reference_element(env, NULL);
+ identifier_token =
oxs_token_build_key_identifier_element(env, key_reference_node,
+ OXS_ENCODING_BASE64BINARY,
OXS_X509_ENCRYPTED_KEY_SHA1, encrypted_key_hash);
+ dk_node =
oxs_derivation_build_derived_key_token_with_stre(env, dk, sec_node,
key_reference_node);
+ }
+ else
+ {
+ dk_node = oxs_derivation_build_derived_key_token(env, dk,
sec_node, asym_key_id, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
+ }
}
/*derived key should appear before ReferenceList*/
@@ -579,6 +619,29 @@
id = (axis2_char_t *)axutil_array_list_get(id_list, env, j);
mod_id = axutil_stracat(env, "#",id);
oxs_token_build_data_reference_element(env, data_ref_list_node,
mod_id);
+ /*if x509 is used and no-derived keys, then we have to modify security
token reference*/
+ if((token_type == RP_PROPERTY_X509_TOKEN) && (!use_derived_keys) &&
(asym_key_id))
+ {
+ axiom_node_t *enc_data_node = NULL;
+ axiom_node_t *envelope_node = NULL;
+ axiom_node_t *str_node = NULL;
+ axiom_node_t *reference_node = NULL;
+ axis2_char_t *id_ref = NULL;
+
+ envelope_node = axiom_soap_envelope_get_base_node(soap_envelope,
env);
+ enc_data_node = oxs_axiom_get_node_by_id(env, envelope_node,
OXS_ATTR_ID, id, NULL);
+ str_node = oxs_axiom_get_node_by_local_name(env, enc_data_node,
OXS_NODE_SECURITY_TOKEN_REFRENCE);
+ reference_node = oxs_axiom_get_node_by_local_name(env, str_node,
OXS_NODE_REFERENCE);
+ reference_node = axiom_node_detach(reference_node, env);
+ axiom_node_free_tree(reference_node, env);
+
+ id_ref = axutil_stracat(env, "#",asym_key_id);
+ reference_node = oxs_token_build_reference_element(env, str_node,
+ id_ref, OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
+
+ AXIS2_FREE(env->allocator, id_ref);
+ }
+
AXIS2_FREE(env->allocator, id);
AXIS2_FREE(env->allocator, mod_id);
}
@@ -987,13 +1050,25 @@
}
else
{
- encrypted_key_node = oxs_axiom_get_node_by_local_name(
- env, sec_node, OXS_NODE_ENCRYPTED_KEY);
- if(!encrypted_key_node)
+ if((server_side) &&
(rampart_context_get_binding_type(rampart_context,env) ==
RP_PROPERTY_SYMMETRIC_BINDING))
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][rampart_encryption]Encrypting
signature, EncryptedKey Not found");
- return AXIS2_FAILURE;
+ axis2_char_t *encrypted_key_hash = NULL;
+ axiom_node_t *identifier_token = NULL;
+ encrypted_key_hash = oxs_key_get_key_sha(session_key, env);
+ key_reference_node =
oxs_token_build_security_token_reference_element(env, NULL);
+ identifier_token = oxs_token_build_key_identifier_element(env,
key_reference_node,
+ OXS_ENCODING_BASE64BINARY,
OXS_X509_ENCRYPTED_KEY_SHA1, encrypted_key_hash);
+ }
+ else
+ {
+ encrypted_key_node = oxs_axiom_get_node_by_local_name(
+ env, sec_node, OXS_NODE_ENCRYPTED_KEY);
+ if(!encrypted_key_node)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][rampart_encryption]Encrypting
signature, EncryptedKey Not found");
+ return AXIS2_FAILURE;
+ }
}
}
@@ -1041,7 +1116,7 @@
}
else if((rampart_context_get_binding_type(rampart_context,env)) ==
RP_PROPERTY_SYMMETRIC_BINDING)
{
- if((AXIS2_TRUE == use_derived_keys) || (token_type ==
RP_PROPERTY_SECURITY_CONTEXT_TOKEN))
+ if((AXIS2_TRUE == use_derived_keys) || (token_type ==
RP_PROPERTY_SECURITY_CONTEXT_TOKEN) || (server_side))
{
/*We need to create a new reference list and then attach it before
the EncryptedData(signature)*/
axiom_node_t *ref_list_node = NULL;
@@ -1102,7 +1177,8 @@
/*If we have used a derrived key, we need to attach it to the Securuty
Header*/
if(AXIS2_TRUE == use_derived_keys)
{
- if (token_type == RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
+ if((token_type == RP_PROPERTY_SECURITY_CONTEXT_TOKEN) ||
+ (server_side &&
(rampart_context_get_binding_type(rampart_context,env) ==
RP_PROPERTY_SYMMETRIC_BINDING)))
{
oxs_derivation_build_derived_key_token_with_stre(env, derived_key,
sec_node, key_reference_node);
}
Modified: webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c
(original)
+++ webservices/rampart/trunk/c/src/util/rampart_sec_header_processor.c Sun Feb
24 21:38:52 2008
@@ -42,7 +42,6 @@
#include <oxs_key_mgr.h>
#include <rampart_replay_detector.h>
#include <rampart_sct_provider.h>
-
#include <saml.h>
#include <rampart_saml.h>
#include <rampart_saml_token.h>
@@ -78,25 +77,25 @@
}
static void
-rampart_shp_store_sct_id(const axutil_env_t *env,
+rampart_shp_store_token_id(const axutil_env_t *env,
axiom_node_t *key_info_node,
rampart_context_t *rampart_context,
axiom_node_t *sec_node,
axis2_bool_t is_encryption,
axis2_msg_ctx_t* msg_ctx)
{
- axis2_char_t *sct_id = NULL;
+ axis2_char_t *token_id = NULL;
axiom_node_t* key_node = NULL;
rp_property_t *token = NULL;
rp_property_type_t token_type;
if(is_encryption)
- sct_id = rampart_context_get_encryption_sct_id(rampart_context, env);
+ token_id = rampart_context_get_encryption_token_id(rampart_context,
env);
else
- sct_id = rampart_context_get_signature_sct_id(rampart_context, env);
+ token_id = rampart_context_get_signature_token_id(rampart_context,
env);
/*if already stored, then can return*/
- if(sct_id)
+ if(token_id)
return;
/*if not symmetric binding, then return*/
@@ -111,12 +110,12 @@
token = rampart_context_get_token(rampart_context, env,
is_encryption, AXIS2_TRUE, AXIS2_TRUE);
token_type = rp_property_get_type(token, env);
- if(token_type != RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
+ if((token_type != RP_PROPERTY_SECURITY_CONTEXT_TOKEN) && (token_type !=
RP_PROPERTY_X509_TOKEN))
return;
key_node = key_info_node;
- while(!sct_id)
+ while(!token_id)
{
axis2_char_t* id = NULL;
axis2_char_t *cur_local_name = NULL;
@@ -148,7 +147,7 @@
value_type = oxs_token_get_reference_value_type(env, ref_node);
if(0 == axutil_strcmp(value_type,
OXS_VALUE_TYPE_SECURITY_CONTEXT_TOKEN))
{
- sct_id = axutil_strdup(env, ref_val);
+ token_id = axutil_strdup(env, ref_val);
break;
}
}
@@ -172,7 +171,12 @@
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shp] Cannot
find identifier node in security context token");
break;
}
- sct_id = oxs_axiom_get_node_content(env, identifier_node);
+ token_id = oxs_axiom_get_node_content(env, identifier_node);
+ break;
+ }
+ else if(0 == axutil_strcmp(cur_local_name, OXS_NODE_ENCRYPTED_KEY))
+ {
+ token_id = oxs_axiom_get_attribute_value_of_node_by_name(env,
key_node, OXS_ATTR_ID, NULL);
break;
}
}
@@ -181,14 +185,14 @@
if(is_different_session_key_for_encryption_and_signing(env,
rampart_context))
{
if(is_encryption)
- rampart_context_set_encryption_sct_id(rampart_context, env,
sct_id);
+ rampart_context_set_encryption_token_id(rampart_context, env,
token_id);
else
- rampart_context_set_signature_sct_id(rampart_context, env, sct_id);
+ rampart_context_set_signature_token_id(rampart_context, env,
token_id);
}
else
{
- rampart_context_set_encryption_sct_id(rampart_context, env, sct_id);
- rampart_context_set_signature_sct_id(rampart_context, env, sct_id);
+ rampart_context_set_encryption_token_id(rampart_context, env,
token_id);
+ rampart_context_set_signature_token_id(rampart_context, env, token_id);
}
}
@@ -218,22 +222,51 @@
ref_node = oxs_axiom_get_first_child_node_by_name(env, str_node,
OXS_NODE_REFERENCE, OXS_WSSE_XMLNS, NULL);
if(!ref_node)
{
- AXIS2_LOG_INFO(env->log, "[rampart][shp]Failed to get reference node
from security token reference");
- return NULL;
- }
+ axis2_char_t *value_type = NULL;
+ axis2_char_t *given_hash = NULL;
+ axis2_char_t *calculated_hash = NULL;
+ oxs_key_t *key = NULL;
- /*Get the reference value in the @URI*/
-
- ref_val = oxs_token_get_reference(env, ref_node);
- if(ref_val[0] == '#')
- {
- /*Need to remove # sign from the ID*/
- id = axutil_string_substring_starting_at(axutil_strdup(env, ref_val),
1);
- external_reference = AXIS2_FALSE;
+ ref_node = oxs_axiom_get_first_child_node_by_name(env, str_node,
OXS_NODE_KEY_IDENTIFIER, OXS_WSSE_XMLNS, NULL);
+ if(!ref_node)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp]Failed to get reference
node from security token reference");
+ return NULL;
+ }
+ value_type = oxs_axiom_get_attribute_value_of_node_by_name(env,
ref_node, OXS_ATTR_VALUE_TYPE, NULL);
+ if(axutil_strcmp(value_type, OXS_X509_ENCRYPTED_KEY_SHA1) != 0)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp]Failed to identify Key
Identifier %s", value_type);
+ return NULL;
+ }
+ given_hash = oxs_axiom_get_node_content(env, ref_node);
+ if(!given_hash)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp]Failed to get value of
EncryptedKeySHA1");
+ return NULL;
+ }
+
+ key = rampart_context_get_key_using_hash(rampart_context, env,
given_hash);
+ if(!key)
+ {
+ AXIS2_LOG_INFO(env->log, "[rampart][shp]Cannot get key
corresponding to EncryptedKeySHA1");
+ }
+ return key;
}
else
{
- id = axutil_strdup(env, ref_val);
+ /*Get the reference value in the @URI*/
+ ref_val = oxs_token_get_reference(env, ref_node);
+ if(ref_val[0] == '#')
+ {
+ /*Need to remove # sign from the ID*/
+ id = axutil_string_substring_starting_at(axutil_strdup(env,
ref_val), 1);
+ external_reference = AXIS2_FALSE;
+ }
+ else
+ {
+ id = axutil_strdup(env, ref_val);
+ }
}
if(!id)
@@ -911,7 +944,7 @@
key_to_decrypt = rampart_shp_get_key_for_key_info(env,
key_info_node, rampart_context, msg_ctx);
/*if security context token is used, then store it. It will be
used by the server to encrypt the message*/
- rampart_shp_store_sct_id(env, key_info_node, rampart_context,
sec_node, AXIS2_TRUE, msg_ctx);
+ rampart_shp_store_token_id(env, key_info_node, rampart_context,
sec_node, AXIS2_TRUE, msg_ctx);
if(key_to_decrypt)
{
@@ -994,7 +1027,7 @@
return AXIS2_FAILURE;
}
/*if security context token is used, then store it. It will be used by the
server to sign the message*/
- rampart_shp_store_sct_id(env, key_info_node, rampart_context, sec_node,
AXIS2_FALSE, msg_ctx);
+ rampart_shp_store_token_id(env, key_info_node, rampart_context, sec_node,
AXIS2_FALSE, msg_ctx);
/*Create sign context*/
sign_ctx = oxs_sign_ctx_create(env);
Modified: webservices/rampart/trunk/c/src/util/rampart_signature.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_signature.c?rev=630736&r1=630735&r2=630736&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_signature.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_signature.c Sun Feb 24
21:38:52 2008
@@ -279,10 +279,10 @@
/*Create a new key and set to the rampart_context. This usually
happens when the SignBeforeEncrypt*/
/*Generate the session key. if security context token, get the
shared secret and create the session key.*/
- session_key = oxs_key_create(env);
if(token_type == RP_PROPERTY_SECURITY_CONTEXT_TOKEN)
{
oxs_buffer_t *key_buf = NULL;
+ session_key = oxs_key_create(env);
key_buf = sct_provider_get_secret(env, token, server_side,
AXIS2_FALSE, rampart_context, msg_ctx);
if(!key_buf)
{
@@ -294,12 +294,29 @@
oxs_key_populate(session_key, env,
oxs_buffer_get_data(key_buf, env), "for-algo",
oxs_buffer_get_size(key_buf, env), OXS_KEY_USAGE_NONE);
+ rampart_context_set_signature_session_key(rampart_context, env,
session_key);
}
else
{
- oxs_key_for_algo(session_key, env, OXS_HREF_HMAC_SHA1);
+ axis2_char_t *token_id = NULL;
+ token_id = rampart_context_get_signature_token_id(rampart_context,
env);
+ if(token_id)
+ {
+ int key_usage = OXS_KEY_USAGE_SESSION;
+ if(is_different_session_key_for_encryption_and_signing(env,
rampart_context))
+ key_usage = OXS_KEY_USAGE_SIGNATURE_SESSION;
+
+ session_key = rampart_context_get_key(rampart_context, env,
token_id);
+ oxs_key_set_usage(session_key, env, key_usage);
+ }
+ else
+ {
+ session_key = oxs_key_create(env);
+ oxs_key_for_algo(session_key, env, OXS_HREF_HMAC_SHA1);
+ rampart_context_set_signature_session_key(rampart_context,
env, session_key);
+ }
}
- rampart_context_set_signature_session_key(rampart_context, env,
session_key);
+
}
/*If we need to use derrived keys, we must sign using a derived key of the
session key*/
@@ -709,56 +726,87 @@
}
else
{
- axiom_node_t *encrypted_key_node = NULL;
- axis2_char_t *enc_key_id = NULL;
- axis2_bool_t free_enc_key_id = AXIS2_FALSE;
-
- /*If there is an EncryptedKey element use the Id. If not, generate
an Id and use it*/
- encrypted_key_node = oxs_axiom_get_node_by_local_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY);
- if(!encrypted_key_node)
- {
- /*There is no EncryptedKey so generate one*/
- status = rampart_enc_encrypt_session_key(env, session_key,
msg_ctx, rampart_context, soap_envelope, sec_node, NULL );
- if(AXIS2_FAILURE == status)
+ if(server_side)
+ {
+ /*have to send EncryptedKeySHA1*/
+ axis2_char_t *encrypted_key_hash = NULL;
+ axiom_node_t *identifier_token = NULL;
+ encrypted_key_hash = oxs_key_get_key_sha(session_key, env);
+ key_reference_node =
oxs_token_build_security_token_reference_element(env, NULL);
+ identifier_token = oxs_token_build_key_identifier_element(env,
key_reference_node,
+ OXS_ENCODING_BASE64BINARY,
OXS_X509_ENCRYPTED_KEY_SHA1, encrypted_key_hash);
+
+ if(0 == axutil_strcmp(oxs_key_get_name(session_key, env),
oxs_key_get_name(signed_key, env)))
{
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][rampart_signature] Cannot encrypt the session key " );
- return AXIS2_FAILURE;
- }
- encrypted_key_node = oxs_axiom_get_node_by_local_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY);
- /*Add Id attribute*/
- enc_key_id = oxs_util_generate_id(env,
(axis2_char_t*)OXS_ENCKEY_ID);
- free_enc_key_id = AXIS2_TRUE;
- oxs_axiom_add_attribute(env, encrypted_key_node, NULL, NULL,
OXS_ATTR_ID, enc_key_id);
- /*And we have to make sure that we place this newly generated
EncryptedKey node above the Signature node*/
- oxs_axiom_interchange_nodes(env, encrypted_key_node, sig_node);
+ /*Now then... we have used the session key to sign*/
+ axiom_node_t* key_info_node = NULL;
+ key_info_node = oxs_token_build_key_info_element(env,
sig_node);
+ axiom_node_add_child(key_info_node, env,
key_reference_node);
+ }
+ else
+ {
+ axiom_node_t *dk_token = NULL;
+ /*We have used a derived key to sign. Note the NULL we
pass for the enc_key_id*/
+ rampart_sig_prepare_key_info_for_sym_binding(env,
rampart_context, sign_ctx, sig_node, signed_key, NULL);
+ /*In addition we need to add a DerivedKeyToken*/
+ dk_token =
oxs_derivation_build_derived_key_token_with_stre(env, signed_key, sec_node,
key_reference_node);
+ /*We need to make DerivedKeyToken to appear before the
sginature node*/
+ oxs_axiom_interchange_nodes(env, dk_token, sig_node);
+ }
}
else
{
- /*There is the encrypted key. May be used by the encryption
process. So get the Id and use it*/
- enc_key_id =
oxs_axiom_get_attribute_value_of_node_by_name(env, encrypted_key_node,
OXS_ATTR_ID, NULL);
- }
+ axiom_node_t *encrypted_key_node = NULL;
+ axis2_char_t *enc_key_id = NULL;
+ axis2_bool_t free_enc_key_id = AXIS2_FALSE;
+
+ /*If there is an EncryptedKey element use the Id. If not,
generate an Id and use it*/
+ encrypted_key_node = oxs_axiom_get_node_by_local_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY);
+ if(!encrypted_key_node)
+ {
+ /*There is no EncryptedKey so generate one*/
+ status = rampart_enc_encrypt_session_key(env, session_key,
msg_ctx, rampart_context, soap_envelope, sec_node, NULL );
+ if(AXIS2_FAILURE == status)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][rampart_signature] Cannot encrypt the session key " );
+ return AXIS2_FAILURE;
+ }
+ encrypted_key_node = oxs_axiom_get_node_by_local_name(env,
sec_node, OXS_NODE_ENCRYPTED_KEY);
+ /*Add Id attribute*/
+ enc_key_id = oxs_util_generate_id(env,
(axis2_char_t*)OXS_ENCKEY_ID);
+ free_enc_key_id = AXIS2_TRUE;
+ oxs_axiom_add_attribute(env, encrypted_key_node, NULL,
NULL, OXS_ATTR_ID, enc_key_id);
+ /*And we have to make sure that we place this newly
generated EncryptedKey node above the Signature node*/
+ oxs_axiom_interchange_nodes(env, encrypted_key_node,
sig_node);
+ }
+ else
+ {
+ /*There is the encrypted key. May be used by the
encryption process. So get the Id and use it*/
+ enc_key_id =
oxs_axiom_get_attribute_value_of_node_by_name(env, encrypted_key_node,
OXS_ATTR_ID, NULL);
+ }
- /* Now if the signed key is the session key. We need to Encrypt
it. If it's a derived key, we need to Attach a
- * DerivedKeyToken and encrypt the session key if not done already
*/
- if(0 == axutil_strcmp(oxs_key_get_name(session_key, env),
oxs_key_get_name(signed_key, env)))
- {
- /*Now then... we have used the session key to sign*/
- rampart_sig_prepare_key_info_for_sym_binding(env,
rampart_context, sign_ctx, sig_node, signed_key, enc_key_id);
- }
- else
- {
- axiom_node_t *dk_token = NULL;
- /*We have used a derived key to sign. Note the NULL we pass
for the enc_key_id*/
- rampart_sig_prepare_key_info_for_sym_binding(env,
rampart_context, sign_ctx, sig_node, signed_key, NULL );
- /*In addition we need to add a DerivedKeyToken after the
EncryptedKey*/
- dk_token = oxs_derivation_build_derived_key_token(env,
signed_key, sec_node, enc_key_id ,OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
- /*We need to make DerivedKeyToken to appear before the
sginature node*/
- oxs_axiom_interchange_nodes(env, dk_token, sig_node);
+ /* Now if the signed key is the session key. We need to
Encrypt it. If it's a derived key, we need to Attach a
+ * DerivedKeyToken and encrypt the session key if not done
already */
+ if(0 == axutil_strcmp(oxs_key_get_name(session_key, env),
oxs_key_get_name(signed_key, env)))
+ {
+ /*Now then... we have used the session key to sign*/
+ rampart_sig_prepare_key_info_for_sym_binding(env,
rampart_context, sign_ctx, sig_node, signed_key, enc_key_id);
+ }
+ else
+ {
+ axiom_node_t *dk_token = NULL;
+ /*We have used a derived key to sign. Note the NULL we
pass for the enc_key_id*/
+ rampart_sig_prepare_key_info_for_sym_binding(env,
rampart_context, sign_ctx, sig_node, signed_key, NULL );
+ /*In addition we need to add a DerivedKeyToken after the
EncryptedKey*/
+ dk_token = oxs_derivation_build_derived_key_token(env,
signed_key, sec_node, enc_key_id ,OXS_WSS_11_VALUE_TYPE_ENCRYPTED_KEY);
+ /*We need to make DerivedKeyToken to appear before the
sginature node*/
+ oxs_axiom_interchange_nodes(env, dk_token, sig_node);
+ }
+ if (free_enc_key_id)
+ {
+ AXIS2_FREE(env->allocator, enc_key_id);
+ }
}
- if (free_enc_key_id)
- {
- AXIS2_FREE(env->allocator, enc_key_id);
- }
}
}
