axis-c-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manjula Peiris <manj...@wso2.com>
Subject RE: [Rampart/C | Neethi/C] Possible to get the currentx509security certificate from a policy?
Date Wed, 15 Aug 2007 09:15:39 GMT
Hi Jamie,

See my comments in line.

On Tue, 2007-08-14 at 12:38 +0100, Jamie Lyon wrote:
> Thanks, that part is fine -- there's some very useful helper functions
> there.
> 
> My primary question however is that in my policy.xml I've got:
> <rampc:RampartConfig
> xmlns:rampc="http://ws.apache.org/rampart/c/policy">
> <rampc:Certificate>/my/path/mycert.pem</rampc:Certificate>
> <rampc:PrivateKey>/my/path/mykey.pem</rampc:PrivateKey>
> </rampc:RampartConfig>
> 
> This works fine, and the correct certificates/keys are included in
> rampart, but I can't work out how, in code, to get the filenames listed
> in policy.xml. This is why I mention neethi -- I want to be able to
> access some of the information in that loaded policy, but I can't seem
> to work out the correct way of doing so.
> 
> In pseudo-code, this is what I'd like to be able to do:
> neethi_policy_t* policy = neethi_util_create_policy_from_file( axisEnv,
> filename );
Security policy extension creates a secpolicy object from this policy
object using rp_secpolicy_builder_build() method in
neethi/secpolicy/builder/secpolicy_builder.c

Then this secpolicy is stored in a struct called rampart_context which
keeps all the rampart configurations. 

> 
> ///*************** This line is what I need to be able to do********
> char* certFilename = get_certificate_filename_from_policy( policy );
> ///*****************************************************************
So to get the certFilename you need to call the following function in
the rampart context.(rampart/src/util/rampart_context.c)
rampart_context_get_certificate_file()


> X509* cert; 
> openssl_x509_load_from_pem( axisEnv, certFilename, &cert );
> 
> Thanks,
> Jamie
> 
> > -----Original Message-----
> > From: Manjula Peiris [mailto:manjula@wso2.com]
> > Sent: 14 August 2007 12:21
> > To: Apache AXIS C User List
> > Subject: RE: [Rampart/C | Neethi/C] Possible to get the
> > currentx509security certificate from a policy?
> > 
> > On Tue, 2007-08-14 at 09:34 +0100, Jamie Lyon wrote:
> > 
> > Hi Jamie,
> > 
> > Neethi/C Security policy extension is for building and ordering the
> > security header. It has nothing to do with the content of the payload.
> > So in your requirement to include the security token in the payload
> You
> > need to do it in your own. You can use OpenSSL directly to read from
> > certficate or can use methods in rampart/src/omxmlsec/openssl
> > seperately. please see  rampart/src/omxmlsec/openssl/x509.C to get an
> > idea of using openssl functions.
> > 
> > Thanks
> > -Manjula.
> > 
> > 
> > 
> > > Sorry for not being overly clear.
> > >
> > > Basically I've loaded a policy using:
> > > neethi_policy* policy = neethi_util_create_policy_from_file(
> axisEnv,
> > > fileName );
> > >
> > > Then applied it to the service client using:
> > > axis2_svc_client_set_policy( svcClient, axisEnv, policy );
> > >
> > > Now if possible I would like to be able to get the OpenSSL
> structures
> > > (i.e. the struct named 'X509'); or just some way of obtaining the
> > > subject DN and certificate string from the certificate in that
> policy.
> > >
> > > I suppose the filename of that certificate would also suffice, as I
> > > could then load it in manually, though a pre-loaded one would be
> > > preferable.
> > >
> > > The ultimate goal is to access the current security token to include
> it
> > > in my message payload (not as part of the security header, or
> > > ws-security, which is why I was wary about mentioning rampart).
> > >
> > > Hopefully that clears things up :)
> > >
> > > Cheers,
> > > Jamie
> > >
> > >
> > > > -----Original Message-----
> > > > From: Manjula Peiris [mailto:manjula@wso2.com]
> > > > Sent: 14 August 2007 05:01
> > > > To: Apache AXIS C User List
> > > > Subject: Re: [Rampart/C | Neethi/C] Possible to get the current
> > > > x509security certificate from a policy?
> > > >
> > > > Hi Jamie,
> > > >
> > > > Please see my comments inline. BTW Your requirement is not very
> clear.
> > > > Can you please emphasize more on this.
> > > >
> > > >
> > > > On Mon, 2007-08-13 at 16:51 +0100, Jamie Lyon wrote:
> > > > > Hi,
> > > > >
> > > > >
> > > > >
> > > > > Is it possible to get the OpenSSL construct (or some other form)
> of
> > > > > policy out of the current neethi policy?
> > > > OpenSSL functions are called from Rampart/C, not through Neethi.
> Here
> > > > what do You mean by OpenSSL construct of policy?
> > > >
> > > >
> > > > > I'm basically trying to get the subjectDN and base64 encoded
> cert to
> > > > > include in my message. I can encode the data to a base64 string
> from
> > > a
> > > > > char array, so no worries there, so long as I can somehow access
> the
> > > > > data.
> > > > If you have the buffer containing the base64 string of the key you
> can
> > > > attached it to the message by setting it in the rampart_context.
> You
> > > can
> > > > use the following functions,
> > > >
> > > > rampart_context_set_certificate() and
> > > > rampart_context_set_certificate_type.
> > > >
> > > > But to do this you need to create a rampart_context outside of
> rampart
> > > > and set it as a value in a axis2_parameter called
> > > RAMPART_CONFIGURATION.
> > > > Otherwise you need to change the code.
> > > >
> > > > -Manjula
> > > > >
> > > > >
> > > > >
> > > > > Any suggestions are highly welcome.
> > > > >
> > > > >
> > > > >
> > > > > Cheers,
> > > > > Jamie
> > > > >
> > > > >
> > > >
> > > >
> > > >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> > >
> > >
> > >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> > >
> > 
> > 
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org


Mime
View raw message