Mailing-List: contact axis-c-user-help@ws.apache.org; run by ezmlm
Precedence: bulk
Reply-To: "Apache AXIS C User List" <axis-c-user@ws.apache.org>
Received-SPF: pass (athena.apache.org: local policy)
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [Rampart/C | Neethi/C] Possible to get the
 currentx509securitycertificate from a policy?
Date: Wed, 15 Aug 2007 11:03:40 +0100
Message-ID: 
 <1F5A05DA40944243A29DC3C135A2E72FE840DA@mailserver-2.it-innovation.soton.ac.uk>
In-reply-to: <1187169339.4106.15.camel@localhost>
Thread-topic: [Rampart/C | Neethi/C] Possible to get the
 currentx509securitycertificate from a policy?
Thread-index: Acfe7p2JGImXgqmfQmam8nyyiCQyfwAMjanA
References: 
 <1F5A05DA40944243A29DC3C135A2E72FE84056@mailserver-2.it-innovation.soton.ac.uk>
 <1187064039.3977.25.camel@localhost>
 <1F5A05DA40944243A29DC3C135A2E72FE84070@mailserver-2.it-innovation.soton.ac.uk>
 <1187090430.28186.14.camel@localhost>
 <1F5A05DA40944243A29DC3C135A2E72FE8408C@mailserver-2.it-innovation.soton.ac.uk>
 <1187169339.4106.15.camel@localhost>
From: "Jamie Lyon" <jl@it-innovation.soton.ac.uk>
To: "Apache AXIS C User List" <axis-c-user@ws.apache.org>
X-it-innovation-centre-MailScanner-Information: Please contact the ISP for
 more information
X-it-innovation-centre-MailScanner: Found to be clean
X-it-innovation-centre-MailScanner-MCPCheck: 
X-it-innovation-centre-MailScanner-SpamCheck: not spam (whitelisted),
	SpamAssassin (not cached, score=-2.599, required 4,
	autolearn=not spam, BAYES_00 -2.60)
X-it-innovation-centre-MailScanner-From: jl@it-innovation.soton.ac.uk
X-Virus-Checked: Checked by ClamAV on apache.org
X-Old-Spam-Status: No

Excellent, the following code works fine. Thanks very much for your
help.

-----

rp_secpolicy_t* policy =3D rp_secpolicy_builder_build( axisEnv, policy =
);

rampart_context_t* context =3D rampart_context_create( axisEnv );
rampart_context_set_secpolicy( context, axisEnv, policy );
axis2_char_t* filename =3D rampart_context_get_certificate_file( =
context,
axisEnv );
rampart_context_free( context, axisEnv );

X509* cert =3D NULL;
openssl_x509_load_from_pem( axisEnv, filename, &cert );

-----

Cheers,
Jamie

> -----Original Message-----
> From: Manjula Peiris [mailto:manjula@wso2.com]
> Sent: 15 August 2007 10:16
> To: Apache AXIS C User List
> Subject: RE: [Rampart/C | Neethi/C] Possible to get the
> currentx509securitycertificate from a policy?
>=20
> Hi Jamie,
>=20
> See my comments in line.
>=20
> On Tue, 2007-08-14 at 12:38 +0100, Jamie Lyon wrote:
> > Thanks, that part is fine -- there's some very useful helper
functions
> > there.
> >
> > My primary question however is that in my policy.xml I've got:
> > <rampc:RampartConfig
> > xmlns:rampc=3D"http://ws.apache.org/rampart/c/policy">
> > <rampc:Certificate>/my/path/mycert.pem</rampc:Certificate>
> > <rampc:PrivateKey>/my/path/mykey.pem</rampc:PrivateKey>
> > </rampc:RampartConfig>
> >
> > This works fine, and the correct certificates/keys are included in
> > rampart, but I can't work out how, in code, to get the filenames
listed
> > in policy.xml. This is why I mention neethi -- I want to be able to
> > access some of the information in that loaded policy, but I can't
seem
> > to work out the correct way of doing so.
> >
> > In pseudo-code, this is what I'd like to be able to do:
> > neethi_policy_t* policy =3D neethi_util_create_policy_from_file(
axisEnv,
> > filename );
> Security policy extension creates a secpolicy object from this policy
> object using rp_secpolicy_builder_build() method in
> neethi/secpolicy/builder/secpolicy_builder.c
>=20
> Then this secpolicy is stored in a struct called rampart_context which
> keeps all the rampart configurations.
>=20
> >
> > ///*************** This line is what I need to be able to do********
> > char* certFilename =3D get_certificate_filename_from_policy( policy =
);
> > ///*****************************************************************
> So to get the certFilename you need to call the following function in
> the rampart context.(rampart/src/util/rampart_context.c)
> rampart_context_get_certificate_file()
>=20
>=20
> > X509* cert;
> > openssl_x509_load_from_pem( axisEnv, certFilename, &cert );
> >
> > Thanks,
> > Jamie
> >
> > > -----Original Message-----
> > > From: Manjula Peiris [mailto:manjula@wso2.com]
> > > Sent: 14 August 2007 12:21
> > > To: Apache AXIS C User List
> > > Subject: RE: [Rampart/C | Neethi/C] Possible to get the
> > > currentx509security certificate from a policy?
> > >
> > > On Tue, 2007-08-14 at 09:34 +0100, Jamie Lyon wrote:
> > >
> > > Hi Jamie,
> > >
> > > Neethi/C Security policy extension is for building and ordering
the
> > > security header. It has nothing to do with the content of the
payload.
> > > So in your requirement to include the security token in the
payload
> > You
> > > need to do it in your own. You can use OpenSSL directly to read
from
> > > certficate or can use methods in rampart/src/omxmlsec/openssl
> > > seperately. please see  rampart/src/omxmlsec/openssl/x509.C to get
an
> > > idea of using openssl functions.
> > >
> > > Thanks
> > > -Manjula.
> > >
> > >
> > >
> > > > Sorry for not being overly clear.
> > > >
> > > > Basically I've loaded a policy using:
> > > > neethi_policy* policy =3D neethi_util_create_policy_from_file(
> > axisEnv,
> > > > fileName );
> > > >
> > > > Then applied it to the service client using:
> > > > axis2_svc_client_set_policy( svcClient, axisEnv, policy );
> > > >
> > > > Now if possible I would like to be able to get the OpenSSL
> > structures
> > > > (i.e. the struct named 'X509'); or just some way of obtaining
the
> > > > subject DN and certificate string from the certificate in that
> > policy.
> > > >
> > > > I suppose the filename of that certificate would also suffice,
as I
> > > > could then load it in manually, though a pre-loaded one would be
> > > > preferable.
> > > >
> > > > The ultimate goal is to access the current security token to
include
> > it
> > > > in my message payload (not as part of the security header, or
> > > > ws-security, which is why I was wary about mentioning rampart).
> > > >
> > > > Hopefully that clears things up :)
> > > >
> > > > Cheers,
> > > > Jamie
> > > >
> > > >
> > > > > -----Original Message-----
> > > > > From: Manjula Peiris [mailto:manjula@wso2.com]
> > > > > Sent: 14 August 2007 05:01
> > > > > To: Apache AXIS C User List
> > > > > Subject: Re: [Rampart/C | Neethi/C] Possible to get the
current
> > > > > x509security certificate from a policy?
> > > > >
> > > > > Hi Jamie,
> > > > >
> > > > > Please see my comments inline. BTW Your requirement is not
very
> > clear.
> > > > > Can you please emphasize more on this.
> > > > >
> > > > >
> > > > > On Mon, 2007-08-13 at 16:51 +0100, Jamie Lyon wrote:
> > > > > > Hi,
> > > > > >
> > > > > >
> > > > > >
> > > > > > Is it possible to get the OpenSSL construct (or some other
form)
> > of
> > > > > > policy out of the current neethi policy?
> > > > > OpenSSL functions are called from Rampart/C, not through
Neethi.
> > Here
> > > > > what do You mean by OpenSSL construct of policy?
> > > > >
> > > > >
> > > > > > I'm basically trying to get the subjectDN and base64 encoded
> > cert to
> > > > > > include in my message. I can encode the data to a base64
string
> > from
> > > > a
> > > > > > char array, so no worries there, so long as I can somehow
access
> > the
> > > > > > data.
> > > > > If you have the buffer containing the base64 string of the key
you
> > can
> > > > > attached it to the message by setting it in the
rampart_context.
> > You
> > > > can
> > > > > use the following functions,
> > > > >
> > > > > rampart_context_set_certificate() and
> > > > > rampart_context_set_certificate_type.
> > > > >
> > > > > But to do this you need to create a rampart_context outside of
> > rampart
> > > > > and set it as a value in a axis2_parameter called
> > > > RAMPART_CONFIGURATION.
> > > > > Otherwise you need to change the code.
> > > > >
> > > > > -Manjula
> > > > > >
> > > > > >
> > > > > >
> > > > > > Any suggestions are highly welcome.
> > > > > >
> > > > > >
> > > > > >
> > > > > > Cheers,
> > > > > > Jamie
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > >
> >
---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > > > > For additional commands, e-mail:
axis-c-user-help@ws.apache.org
> > > >
> > > >
> > > >
> >
---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > > > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> > > >
> > >
> > >
> > >
---------------------------------------------------------------------
> > > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
> >
> >
---------------------------------------------------------------------
> > To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> > For additional commands, e-mail: axis-c-user-help@ws.apache.org
> >
>=20
>=20
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
> For additional commands, e-mail: axis-c-user-help@ws.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-user-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-user-help@ws.apache.org