Author: supun
Date: Sun Jun 1 22:21:33 2008
New Revision: 662325
URL: http://svn.apache.org/viewvc?rev=662325&view=rev
Log:
Sample for scenario 24
Added:
webservices/rampart/trunk/c/samples/client/saml_protect/
webservices/rampart/trunk/c/samples/client/saml_protect/echo.c
Added: webservices/rampart/trunk/c/samples/client/saml_protect/echo.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/samples/client/saml_protect/echo.c?rev=662325&view=auto
==============================================================================
--- webservices/rampart/trunk/c/samples/client/saml_protect/echo.c (added)
+++ webservices/rampart/trunk/c/samples/client/saml_protect/echo.c Sun Jun 1
22:21:33 2008
@@ -0,0 +1,428 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <axiom.h>
+#include <axis2_util.h>
+#include <axiom_soap.h>
+#include <axis2_client.h>
+#include <rampart_constants.h>
+#include <neethi_util.h>
+#include <neethi_policy.h>
+#include <saml.h>
+#include <rampart_config.h>
+#include <rampart_saml_token.h>
+#include <oxs_saml_token.h>
+#include <oxs_sign_ctx.h>
+#include <oxs_tokens.h>
+#include <oxs_xml_encryption.h>
+
+axiom_node_t * AXIS2_CALL
+build_om_payload_for_echo_svc(const axutil_env_t *env);
+
+rampart_saml_token_t * AXIS2_CALL
+create_saml_token(const axutil_env_t *env);
+
+oxs_key_t * AXIS2_CALL
+get_session_key(const axutil_env_t *env, axiom_node_t *assertion);
+
+axiom_node_t * AXIS2_CALL
+create_key_info(const axutil_env_t *env, rampart_saml_token_t *saml);
+
+saml_subject_t * AXIS2_CALL
+create_subject(const axutil_env_t *env, rampart_saml_token_t *saml);
+
+saml_auth_binding_t * AXIS2_CALL
+create_autherity_binding(const axutil_env_t *env);
+
+saml_stmt_t * AXIS2_CALL
+create_auth_statement(const axutil_env_t *env, rampart_saml_token_t *saml);
+
+saml_condition_t * AXIS2_CALL
+create_condition(const axutil_env_t *env);
+
+#define PRIVATE_KEY_FILE
"/bin/samples/rampart/keys/ahome/alice_key.pem"
+#define PRIVATE_KEY_PASSWORD "password"
+#define CERTIFICATE_FILE
"/bin/samples/rampart/keys/ahome/alice_cert.cert"
+#define RECEIVER_CERTIFICATE_FILE
"/bin/samples/rampart/keys/ahome/bob_cert.cert"
+
+axis2_char_t *axis2c_home;
+
+int main(int argc, char** argv)
+{
+ const axutil_env_t *env = NULL;
+ const axis2_char_t *address = NULL;
+ const axis2_char_t *client_home = NULL;
+ axis2_char_t *file_name = NULL;
+ axis2_char_t *policy_file = NULL;
+ axis2_endpoint_ref_t* endpoint_ref = NULL;
+ axis2_options_t *options = NULL;
+ axis2_svc_client_t* svc_client = NULL;
+ axiom_node_t *payload = NULL;
+ axiom_node_t *ret_node = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ neethi_policy_t *policy = NULL;
+ rampart_config_t* client_config = NULL;
+ axutil_property_t *property = NULL;
+ rampart_saml_token_t *saml = NULL;
+ axiom_node_t *assertion = NULL;
+ /* Set up the environment */
+ env = axutil_env_create_all("echo.log", AXIS2_LOG_LEVEL_TRACE);
+
+ printf("SAML PROOF");
+ /* Set end-point-reference of echo service */
+ address = "http://localhost:9090/axis2/services/echo";;
+ if (argc > 2)
+ {
+ address = argv[1];
+ client_home = argv[2];
+ printf("Using endpoint : %s\n", address);
+ printf("Using client_home : %s\n", client_home);
+ }
+
+ if (axutil_strcmp(address, "-h") == 0)
+ {
+ printf("Usage : %s [endpoint_url] [client_home]\n", argv[0]);
+ printf("use -h for help\n");
+ return 0;
+ }
+
+ axis2c_home = AXIS2_GETENV("AXIS2C_HOME");
+ if (!axis2c_home)
+ {
+ printf("AXIS2C_HOME not set. Cannot find the key files");
+ return -1;
+ }
+ /* Create end-point-reference with given address */
+ endpoint_ref = axis2_endpoint_ref_create(env, address);
+
+ /* Setup options */
+ options = axis2_options_create(env);
+ axis2_options_set_to(options, env, endpoint_ref);
+ axis2_options_set_action(options, env,
+ "http://example.com/ws/2004/09/policy/Test/EchoRequest";);
+ /*axis2_options_set_action(options, env,
+ "urn:echo");*/
+
+
+ /*If the client home is not specified, use the AXIS2C_HOME*/
+ if (!client_home)
+ {
+ client_home = axutil_strdup(env, axis2c_home);
+ printf("\nNo client_home specified. Using default %s", client_home);
+ }
+
+ /* Create service client */
+ printf("client_home= %s", client_home);
+ svc_client = axis2_svc_client_create(env, client_home);
+ if (!svc_client)
+ {
+ printf("Error creating service client\n");
+ return -1;
+ }
+
+ client_config = rampart_config_create(env);
+ if(!client_config)
+ {
+ printf("Cannot create rampart config\n");
+ return 0;
+ }
+
+ saml = create_saml_token(env);
+ rampart_config_add_saml_token(client_config, env, saml);
+ property = axutil_property_create_with_args(env, AXIS2_SCOPE_REQUEST ,
+ AXIS2_TRUE, (void *)rampart_config_free, client_config);
+ axis2_options_set_property(options, env, RAMPART_CLIENT_CONFIGURATION,
property);
+
+ /* Set service client options */
+ axis2_svc_client_set_options(svc_client, env, options);
+
+ /*We need to specify the client's policy file location*/
+ if(client_home)
+ {
+ file_name = axutil_stracat(env, client_home, AXIS2_PATH_SEP_STR);
+ policy_file = axutil_stracat(env, file_name, "policy.xml" );
+ AXIS2_FREE(env->allocator, file_name);
+ file_name = NULL;
+ }else{
+ printf("Client Home not Specified\n");
+ printf("echo client invoke FAILED!\n");
+ return 0;
+ }
+ /*Create the policy, from file*/
+ policy = neethi_util_create_policy_from_file(env, policy_file);
+ if(!policy)
+ {
+ printf("\nPolicy creation failed from the file. %s\n", policy_file);
+ }
+ if(policy_file){
+ AXIS2_FREE(env->allocator, policy_file);
+ policy_file = NULL;
+ }
+
+ status = axis2_svc_client_set_policy(svc_client, env, policy);
+
+ if(status == AXIS2_FAILURE)
+ {
+ printf("Policy setting failed\n");
+ }
+
+ /* Build the SOAP request message payload using OM API.*/
+ payload = build_om_payload_for_echo_svc(env);
+
+ /*If not engaged in the client's axis2.xml, uncomment this line*/
+ /*axis2_svc_client_engage_module(svc_client, env, "rampart");*/
+
+ /* Send request */
+ ret_node = axis2_svc_client_send_receive(svc_client, env, payload);
+
+
+ if (axis2_svc_client_get_last_response_has_fault(svc_client, env))
+ {
+ axiom_soap_envelope_t *soap_envelope = NULL;
+ axiom_soap_body_t *soap_body = NULL;
+ axiom_soap_fault_t *soap_fault = NULL;
+
+ printf ("\nResponse has a SOAP fault\n");
+ soap_envelope =
+ axis2_svc_client_get_last_response_soap_envelope(svc_client, env);
+ if (soap_envelope)
+ soap_body = axiom_soap_envelope_get_body(soap_envelope, env);
+ if (soap_body)
+ soap_fault = axiom_soap_body_get_fault(soap_body, env);
+ if (soap_fault)
+ {
+ printf("\nReturned SOAP fault: %s\n",
+
axiom_node_to_string(axiom_soap_fault_get_base_node(soap_fault,env),
+ env));
+ }
+ printf("echo client invoke FAILED!\n");
+ return -1;
+ }
+
+ if (ret_node)
+ {
+ axis2_char_t *om_str = NULL;
+ om_str = axiom_node_to_string(ret_node, env);
+ if (om_str)
+ {
+ printf("\nReceived OM : %s\n", om_str);
+ }
+ printf("\necho client invoke SUCCESSFUL!\n");
+ AXIS2_FREE(env->allocator, om_str);
+ ret_node = NULL;
+ }
+ else
+ {
+ printf("echo client invoke FAILED!\n");
+ return -1;
+ }
+
+ if (svc_client)
+ {
+ axis2_svc_client_free(svc_client, env);
+ svc_client = NULL;
+ }
+ if (env)
+ {
+ axutil_env_free((axutil_env_t *) env);
+ env = NULL;
+ }
+
+ return 0;
+}
+
+axiom_node_t * AXIS2_CALL
+build_om_payload_for_echo_svc(const axutil_env_t *env)
+{
+ axiom_node_t *echo_om_node = NULL;
+ axiom_element_t* echo_om_ele = NULL;
+ axiom_node_t* text_om_node = NULL;
+ axiom_element_t * text_om_ele = NULL;
+ axiom_namespace_t *ns1 = NULL;
+ axis2_char_t *om_str = NULL;
+
+ ns1 = axiom_namespace_create(env,
"http://ws.apache.org/rampart/c/samples";, "ns1");
+ echo_om_ele = axiom_element_create(env, NULL, "echoIn", ns1,
&echo_om_node);
+
+
+ text_om_ele = axiom_element_create(env, echo_om_node, "text", NULL,
&text_om_node);
+ axiom_element_set_text(text_om_ele, env, "Hello", text_om_node);
+
+ om_str = axiom_node_to_string(echo_om_node, env);
+ if (om_str){
+ printf("\nSending OM : %s\n", om_str);
+ AXIS2_FREE(env->allocator, om_str);
+ om_str = NULL;
+ }
+ return echo_om_node;
+}
+
+rampart_saml_token_t * AXIS2_CALL
+create_saml_token(const axutil_env_t *env)
+{
+ oxs_sign_ctx_t *sign_ctx = NULL;
+ oxs_x509_cert_t *cert = NULL;
+ openssl_pkey_t *prv_key = NULL;
+ axiom_node_t *sig_node = NULL;
+ rampart_saml_token_t *saml = NULL;
+
+ axutil_date_time_t *time = NULL;
+ saml_assertion_t *assertion = NULL;
+ axiom_node_t *node = NULL;
+ axis2_char_t *prv_key_file = NULL;
+ axis2_char_t *certificate_file = NULL;
+ /*
+ * Create a rampart_saml_token_t to give to the Rampart/C
+ * Here the token type is protection token.
+ */
+ saml = rampart_saml_token_create(env, NULL,
RAMPART_ST_CONFIR_TYPE_HOLDER_OF_KEY);
+ time = axutil_date_time_create(env);
+ assertion = saml_assertion_create(env);
+ if (assertion)
+ {
+ saml_assertion_set_minor_version(assertion, env, 1);
+ saml_assertion_set_issue_instant(assertion, env, time);
+ saml_assertion_set_issuer(assertion, env,
"http://ws.apache.org/rampart/c";);
+ saml_assertion_add_condition(assertion, env,
create_condition(env));
+ saml_assertion_set_not_before(assertion, env,
axutil_date_time_create(env));
+ saml_assertion_add_statement(assertion, env,
create_auth_statement(env, saml));
+ }
+ /* Load the private key from file*/
+ prv_key_file = axutil_stracat(env, axis2c_home, PRIVATE_KEY_FILE);
+ certificate_file = axutil_stracat(env, axis2c_home, CERTIFICATE_FILE);
+ prv_key = oxs_key_mgr_load_private_key_from_pem_file(env, prv_key_file,
PRIVATE_KEY_PASSWORD);
+ cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
+
+ sign_ctx = oxs_sign_ctx_create(env);
+ saml_util_set_sig_ctx_defaults(sign_ctx, env, "AssertionID");
+ oxs_sign_ctx_set_private_key(sign_ctx, env, prv_key);
+ oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
+ saml_assertion_set_signature(assertion, env, sign_ctx);
+
+ node = saml_assertion_to_om(assertion, NULL, env);
+ rampart_saml_token_set_assertion(saml, env, node);
+ rampart_saml_token_set_token_type(saml, env,
RAMPART_ST_TYPE_PROTECTION_TOKEN);
+ saml_assertion_free(assertion, env);
+ return saml;
+}
+
+saml_condition_t * AXIS2_CALL
+create_condition(const axutil_env_t *env)
+{
+ saml_audi_restriction_cond_t *arc = NULL;
+ saml_condition_t *condition = AXIS2_MALLOC(env->allocator,
sizeof(saml_condition_t));
+ arc = saml_audi_restriction_cond_create(env);
+ saml_audi_restriction_cond_add_audience(arc, env, "www.samle.com");
+ return condition;
+}
+
+saml_stmt_t * AXIS2_CALL
+create_auth_statement(const axutil_env_t *env, rampart_saml_token_t *saml)
+{
+ saml_auth_stmt_t *a_stmt = NULL;
+ saml_stmt_t *stmt = saml_stmt_create(env);
+ a_stmt = saml_auth_stmt_create(env);
+ saml_stmt_set_stmt(stmt, env, a_stmt,
SAML_STMT_AUTHENTICATIONSTATEMENT);
+
+ saml_auth_stmt_set_auth_method(a_stmt, env,
SAML_AUTH_METHOD_URI_PASSWORD);
+ saml_auth_stmt_set_auth_instant(a_stmt, env,
axutil_date_time_create(env));
+
+ saml_auth_stmt_set_subject(a_stmt, env, create_subject(env, saml));
+ saml_auth_stmt_set_subject_dns(a_stmt, env, "192.148.5.8");
+ saml_auth_stmt_set_subject_ip(a_stmt, env, "128.5.6.4");
+ saml_auth_stmt_add_auth_binding(a_stmt, env,
create_autherity_binding(env));
+ return stmt;
+}
+
+saml_auth_binding_t * AXIS2_CALL
+create_autherity_binding(const axutil_env_t *env)
+{
+ saml_auth_binding_t *bind = NULL;
+ bind = saml_auth_binding_create(env);
+ saml_auth_binding_set_authority_kind(bind, env, "abc:aa:aa");
+ saml_auth_binding_set_binding(bind, env, "SOAP");
+ saml_auth_binding_set_location(bind, env,
"http://myhome.com/sevices/echo";);
+ return bind;
+}
+
+saml_subject_t * AXIS2_CALL
+create_subject(const axutil_env_t *env, rampart_saml_token_t *saml)
+{
+ saml_subject_t *subject = NULL;
+ saml_named_id_t *id = NULL;
+ axiom_node_t *key_info = NULL;
+ subject = saml_subject_create(env);
+
+
+ id = saml_named_id_create(env);
+ saml_named_id_set_name(id, env, "Computer Science & Engineering
Department");
+ saml_named_id_set_format(id, env, SAML_EMAIL_ADDRESS);
+ saml_named_id_set_name_qualifier(id, env, "University of Moratuwa");
+ saml_subject_set_named_id(subject, env, id);
+
+ saml_subject_add_confirmation(subject, env,
SAML_SUB_CONFIRMATION_HOLDER_OF_KEY);
+
+ key_info = create_key_info(env, saml);
+ saml_subject_set_key_info(subject, env, key_info);
+ return subject;
+}
+
+axiom_node_t * AXIS2_CALL
+create_key_info(const axutil_env_t *env, rampart_saml_token_t *saml)
+{
+ axiom_node_t *key_info = NULL;
+ oxs_key_t *session_key = NULL;
+ axis2_status_t status = AXIS2_FAILURE;
+ oxs_asym_ctx_t * asym_ctx = NULL;
+ axis2_char_t *key_info_str = NULL;
+ oxs_x509_cert_t *cert = NULL;
+ /* Set the receiver certificate file. This public key will be used to
encrypt the session key.*/
+ axis2_char_t *certificate_file = axutil_stracat(env, axis2c_home,
RECEIVER_CERTIFICATE_FILE);
+
+ session_key = oxs_key_create(env);
+ status = oxs_key_for_algo(session_key, env, NULL);
+
+ key_info = oxs_token_build_key_info_element(env, NULL);
+
+ /* Create the asym_ctx_t and populate it.*/
+ asym_ctx = oxs_asym_ctx_create(env);
+ oxs_asym_ctx_set_algorithm(asym_ctx, env, OXS_HREF_RSA_PKCS1);
+ oxs_asym_ctx_set_operation(asym_ctx, env,
+ OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
+
+ cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
+ if (!cert)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "Certificate cannot be loaded");
+ return NULL;
+ }
+ oxs_asym_ctx_set_certificate(asym_ctx, env, cert);
+ status = oxs_xml_enc_encrypt_key(env,
+ asym_ctx,
+ key_info,
+ session_key,
+ NULL);
+ rampart_saml_token_set_session_key(saml, env, session_key);
+ key_info_str = axiom_node_to_string(key_info, env);
+ return key_info;
+}
+
+
+
+
