Author: milinda
Date: Tue Jun 10 01:24:25 2008
New Revision: 666005
URL: http://svn.apache.org/viewvc?rev=666005&view=rev
Log:
Modifying PKCS12 Key Store creation logic and added support to load PKCS12 from
buffer.
Modified:
webservices/rampart/trunk/c/include/openssl_pkcs12.h
webservices/rampart/trunk/c/include/openssl_pkcs12_keystore.h
webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12.c
webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12_keystore.c
webservices/rampart/trunk/c/src/util/ (props changed)
webservices/rampart/trunk/c/src/util/rampart_context.c
webservices/rampart/trunk/c/src/util/rampart_engine.c
Modified: webservices/rampart/trunk/c/include/openssl_pkcs12.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/openssl_pkcs12.h?rev=666005&r1=666004&r2=666005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/openssl_pkcs12.h (original)
+++ webservices/rampart/trunk/c/include/openssl_pkcs12.h Tue Jun 10 01:24:25
2008
@@ -45,6 +45,11 @@
openssl_pkcs12_load(const axutil_env_t *env,
axis2_char_t *filename,
PKCS12 **p12);
+
+ AXIS2_EXTERN axis2_status_t AXIS2_CALL
+ openssl_pkcs12_load_from_buffer(const axutil_env_t *env,
+ axis2_char_t *buffer,
+ PKCS12 **p12);
/*Parse*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
Modified: webservices/rampart/trunk/c/include/openssl_pkcs12_keystore.h
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/include/openssl_pkcs12_keystore.h?rev=666005&r1=666004&r2=666005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/include/openssl_pkcs12_keystore.h (original)
+++ webservices/rampart/trunk/c/include/openssl_pkcs12_keystore.h Tue Jun 10
01:24:25 2008
@@ -50,6 +50,12 @@
axis2_char_t *filename,
axis2_char_t *password);
+ AXIS2_EXTERN pkcs12_keystore_t * AXIS2_CALL
+ pkcs12_keystore_create_from_buffer(
+ const axutil_env_t *env,
+ axis2_char_t *buffer,
+ axis2_char_t *password);
+
axutil_array_list_t * AXIS2_CALL pkcs12_keystore_populate_cert_array(
const axutil_env_t *env,
STACK_OF(X509) *other_certs);
Modified: webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12.c?rev=666005&r1=666004&r2=666005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12.c (original)
+++ webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12.c Tue Jun 10
01:24:25 2008
@@ -52,6 +52,55 @@
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
+openssl_pkcs12_load_from_buffer(const axutil_env_t *env,
+ axis2_char_t *buffer,
+ PKCS12 **p12)
+{
+ int len = 0;
+ BIO *in = NULL;
+ BUF_MEM* bm = NULL;
+
+ SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ len = axutil_strlen(buffer);
+
+ if (!(in = BIO_new(BIO_s_mem())))
+ {
+ oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_CREATION_FAILED, "Memory
allocation error!");
+ return AXIS2_FAILURE;
+ }
+ if (!(bm = BUF_MEM_new()))
+ {
+ oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_CREATION_FAILED, "Memory
allocation error!");
+ return AXIS2_FAILURE;
+ }
+ if (!BUF_MEM_grow(bm, len))
+ {
+ oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_CREATION_FAILED, "Memory
allocation error!");
+ return AXIS2_FAILURE;
+ }
+ memcpy(bm->data, buffer, len);
+ BIO_set_mem_buf(in, bm, 0 /*not used*/);
+ /*if (!(in = BIO_new_mem_buf((unsigned char*)buffer, len))) {
+ fprintf(stderr, "Error creating pkcs12 from buffer.");
+ return AXIS2_FAILURE;
+ }*/
+ /*Load pkcs store*/
+ *p12 = d2i_PKCS12_bio(in, NULL);
+
+
+ if (!p12) {
+ fprintf(stderr, "Error reading PKCS#12 from buffer: %s\n", buffer);
+ ERR_print_errors_fp(stderr);
+ return AXIS2_FAILURE;
+ }
+ BIO_free(in);
+ return AXIS2_SUCCESS;
+
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
openssl_pkcs12_parse(const axutil_env_t *env,
axis2_char_t *password ,
PKCS12 *p12,
Modified: webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12_keystore.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12_keystore.c?rev=666005&r1=666004&r2=666005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12_keystore.c
(original)
+++ webservices/rampart/trunk/c/src/omxmlsec/openssl/pkcs12_keystore.c Tue Jun
10 01:24:25 2008
@@ -27,7 +27,8 @@
openssl_pkey_t *pvt_key;
};
-AXIS2_EXTERN pkcs12_keystore_t * AXIS2_CALL pkcs12_keystore_create(
+AXIS2_EXTERN pkcs12_keystore_t * AXIS2_CALL
+pkcs12_keystore_create(
const axutil_env_t *env,
axis2_char_t *filename,
axis2_char_t *password)
@@ -75,6 +76,55 @@
return keystore;
}
+AXIS2_EXTERN pkcs12_keystore_t * AXIS2_CALL
+pkcs12_keystore_create_from_buffer(
+ const axutil_env_t *env,
+ axis2_char_t *buffer,
+ axis2_char_t *password)
+{
+ pkcs12_keystore_t *keystore = NULL;
+ EVP_PKEY *pvt_key = NULL;
+ SSLeay_add_all_algorithms();
+ ERR_load_crypto_strings();
+
+ keystore = (pkcs12_keystore_t*) AXIS2_MALLOC(env->allocator, sizeof
(pkcs12_keystore_t));
+ if (!keystore) {
+ oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_CREATION_FAILED, "Memory
allocation error!");
+ return NULL;
+ }
+
+ keystore->keystore_file = NULL;
+ keystore->keystore_password = password;
+ keystore->other_certs = NULL;
+ keystore->keystore = NULL;
+ keystore->cert = NULL;
+ keystore->pvt_key = NULL;
+
+ if (!openssl_pkcs12_load_from_buffer(env, buffer, &keystore->keystore)) {
+ oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_DEFAULT,
+ "Error loading pkcs12 keystore from file");
+ return NULL;
+ }
+
+ if (!openssl_pkcs12_parse(
+ env,
+ keystore->keystore_password,
+ keystore->keystore,
+ &pvt_key,
+ &keystore->cert,
+ &keystore->other_certs)) {
+ oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_CREATION_FAILED, "PKCS12
Key Store Parsing failed.");
+ AXIS2_FREE(env->allocator, keystore);
+ return NULL;
+ }
+ /* We only populate this since openssl_pkey_t is ref counted. */
+ if (pvt_key) {
+ keystore->pvt_key = openssl_pkey_create(env);
+ openssl_pkey_populate(keystore->pvt_key, env, pvt_key, (axis2_char_t*)
keystore->keystore_file, OPENSSL_PKEY_TYPE_PRIVATE_KEY);
+ }
+ return keystore;
+}
+
axutil_array_list_t * AXIS2_CALL pkcs12_keystore_populate_cert_array(
const axutil_env_t *env,
STACK_OF(X509) * other_certs)
Propchange: webservices/rampart/trunk/c/src/util/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Tue Jun 10 01:24:25 2008
@@ -0,0 +1,2 @@
+.deps
+.libs
Modified: webservices/rampart/trunk/c/src/util/rampart_context.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_context.c?rev=666005&r1=666004&r2=666005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_context.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_context.c Tue Jun 10 01:24:25
2008
@@ -40,7 +40,8 @@
int ttl;
axis2_char_t *rd_val;
int ref;
- oxs_key_mgr_t *key_mgr;
+ oxs_key_mgr_t *key_mgr;
+ void *key_store_buf;
/****************************/
/* Set true when the issued token is aquired and set to the rampart
conext*/
issued_token_callback_func aquire_issued_token;
@@ -189,7 +190,8 @@
rampart_context->signature_token_id = NULL;
rampart_context->key_list = axutil_array_list_create(env, 2);
- rampart_context->key_mgr = oxs_key_mgr_create(env);
+ rampart_context->key_mgr = oxs_key_mgr_create(env);
+ rampart_context->key_store_buf = NULL;
return rampart_context;
}
@@ -2939,3 +2941,22 @@
return rampart_context->key_mgr;
}
+AXIS2_EXTERN void * AXIS2_CALL
+rampart_context_get_key_store_buff(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env)
+{
+ return rampart_context->key_store_buf;
+}
+
+AXIS2_EXTERN axis2_status_t AXIS2_CALL
+rampart_context_set_key_store_buff(
+ rampart_context_t *rampart_context,
+ const axutil_env_t *env,
+ void *key_store_buf)
+{
+ AXIS2_PARAM_CHECK(env->error, key_store_buf, AXIS2_FAILURE);
+ AXIS2_LOG_INFO(env->log, AXIS2_LOG_SI, "[rampart][rampart_context] Seting
key store buff.");
+ rampart_context->key_store_buf = key_store_buf;
+ return AXIS2_SUCCESS;
+}
Modified: webservices/rampart/trunk/c/src/util/rampart_engine.c
URL:
http://svn.apache.org/viewvc/webservices/rampart/trunk/c/src/util/rampart_engine.c?rev=666005&r1=666004&r2=666005&view=diff
==============================================================================
--- webservices/rampart/trunk/c/src/util/rampart_engine.c (original)
+++ webservices/rampart/trunk/c/src/util/rampart_engine.c Tue Jun 10 01:24:25
2008
@@ -189,59 +189,71 @@
rampart_context_free(rampart_context, env);
rampart_context = NULL;
return NULL;
- }
- /* Retrieve the password for obtaining private keys */
- enc_user = rampart_context_get_encryption_user(rampart_context, env);
- if(!enc_user)
+ }
+
+ rampart_engine_retrieve_key_mgr_prop_from_policy(rampart_context, env);
+ }
+
+ key_mgr = rampart_context_get_key_mgr(rampart_context, env);
+ if (!key_mgr)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][engine] Key mgr creation
failed.");
+ return NULL;
+ }
+
+ /* Retrieve the password for obtaining private keys */
+ enc_user = rampart_context_get_encryption_user(rampart_context, env);
+ if(!enc_user)
+ {
+ enc_user = rampart_context_get_user(rampart_context, env);
+ }
+ if(enc_user)
+ {
+ password_function = rampart_context_get_pwcb_function(rampart_context,
env);
+ if(password_function)
{
- enc_user = rampart_context_get_user(rampart_context, env);
+ password = (*password_function)(env, enc_user, param);
+ pkcs12_password = password;
}
- if(enc_user)
+ else
{
- password_function =
rampart_context_get_pwcb_function(rampart_context, env);
- if(password_function)
+ password_callback = rampart_context_get_password_callback(
+ rampart_context, env);
+ if(password_callback)
{
- password = (*password_function)(env, enc_user, param);
+ password = rampart_callback_password(env, password_callback,
enc_user);
+ if((pkcs12_file =
rampart_context_get_pkcs12_file_name(rampart_context, env)))
+ {
+ pkcs12_password = rampart_callback_pkcs12_password(env,
password_callback, enc_user);
+ }
}
else
{
- password_callback = rampart_context_get_password_callback(
- rampart_context, env);
- if(password_callback)
- {
- password =
rampart_callback_password(env, password_callback, enc_user);
- if((pkcs12_file =
rampart_context_get_pkcs12_file_name(rampart_context, env)))
- {
- pkcs12_password =
rampart_callback_pkcs12_password(env, password_callback, enc_user);
- key_store =
pkcs12_keystore_create(env, pkcs12_file, pkcs12_password);
- if(!key_store)
- {
- AXIS2_LOG_ERROR(env->log,
AXIS2_LOG_SI,
-
"[rampart][engine] PKCS12 KeyStore creation failed.");
- return NULL;
- }
- }
- }
+ password = rampart_context_get_password(rampart_context, env);
+ pkcs12_password = password;
}
- }
-
- key_mgr = rampart_context_get_key_mgr(rampart_context, env);
- if (!key_mgr)
- {
- AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
- "[rampart][engine] Key mgr
creation failed.");
- return NULL;
- }
-
+ }
+ }
+
+ if(pkcs12_file)
+ {
+ key_store = pkcs12_keystore_create(env, pkcs12_file, pkcs12_password);
+ if(!key_store)
+ {
+ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
+ "[rampart][engine] PKCS12 KeyStore creation
failed.");
+ return NULL;
+ }
+
oxs_key_mgr_set_key_store(key_mgr, env, key_store);
-
- if (password)
- {
- oxs_key_mgr_set_prv_key_password(key_mgr, env,
password);
- }
-
rampart_engine_retrieve_key_mgr_prop_from_policy(rampart_context, env);
- }
+ if (password)
+ {
+ oxs_key_mgr_set_prv_key_password(key_mgr, env, password);
+ }
+ }
+
property = axutil_property_create_with_args(env, AXIS2_SCOPE_REQUEST ,
AXIS2_TRUE, (void *)rampart_context_free, rampart_context);
axis2_msg_ctx_set_property(msg_ctx, env, RAMPART_CONTEXT, property);
