axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kausha...@apache.org
Subject svn commit: r507411 [3/3] - in /webservices/axis2/trunk/c/rampart: include/ src/core/ src/handlers/ src/secpolicy/builder/ src/secpolicy/model/ src/secpolicy/test-resources/ src/util/
Date Wed, 14 Feb 2007 06:20:09 GMT
Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_processor.c Tue Feb 13 22:20:06
2007
@@ -44,50 +44,162 @@
 #include <axis2_array_list.h>
 
 /*Private functions*/
+static axis2_bool_t 
+rampart_shp_validate_qnames(const axis2_env_t *env,
+    axiom_node_t *node)
+    
+{
+    axiom_element_t *node_ele = NULL;
+    axis2_qname_t *qname = NULL;
+    axis2_qname_t *node_qname = NULL;
+    axis2_char_t *local_name = NULL;
+
+    AXIS2_ENV_CHECK(env,AXIS2_FALSE);
+
+    node_ele = AXIOM_NODE_GET_DATA_ELEMENT(node, env);
+    if(!node_ele)
+        return AXIS2_FALSE;
+
+    local_name = AXIOM_ELEMENT_GET_LOCALNAME(node_ele,env);
+    if(!local_name)
+        return AXIS2_FALSE;
+
+    if(AXIS2_STRCMP(local_name,RAMPART_SECURITY_TIMESTAMP)==0)
+        qname = axis2_qname_create(env,local_name,RAMPART_WSU_XMLNS,RAMPART_WSU);
+
+    else if(AXIS2_STRCMP(local_name,RAMPART_SECURITY_USERNAMETOKEN)==0)
+        qname = axis2_qname_create(env,local_name,RAMPART_WSSE_XMLNS,RAMPART_WSSE);    
+
+    else if(AXIS2_STRCMP(local_name,OXS_NODE_ENCRYPTED_KEY)==0)
+        qname = axis2_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+    else if(AXIS2_STRCMP(local_name,OXS_NODE_ENCRYPTED_DATA)==0)
+        qname = axis2_qname_create(env,local_name,OXS_ENC_NS,OXS_XENC);
+
+    else if(AXIS2_STRCMP(local_name,OXS_NODE_SIGNATURE)==0)
+        return AXIS2_FALSE;
+
+    else if(AXIS2_STRCMP(local_name,OXS_NODE_BINARY_SECURITY_TOKEN)==0)
+        return AXIS2_FALSE;
+    
+    else if(AXIS2_STRCMP(local_name,OXS_NODE_REFERENCE_LIST)==0)
+        return AXIS2_FALSE;
+    
+    else return AXIS2_FALSE;
+
+    if(!qname)
+        return AXIS2_FALSE;
+
+    node_qname = AXIOM_ELEMENT_GET_QNAME(node_ele,env,node);
+
+    if(!node_qname)
+    {
+        AXIS2_QNAME_FREE(qname,env);
+        qname = NULL;
+        return AXIS2_FALSE;
+    }
+
+    if(AXIS2_QNAME_EQUALS(qname,env,node_qname))
+    {
+        AXIS2_QNAME_FREE(qname,env);
+        qname = NULL;
+        return AXIS2_TRUE;
+    }
+    return AXIS2_FALSE;
+}
+
+
+
 static axis2_status_t 
 rampart_shp_process_timestamptoken(const axis2_env_t *env,
     axis2_msg_ctx_t *msg_ctx,
-    rampart_actions_t *actions,
-    axiom_soap_envelope_t *soap_envelope,
-    axiom_node_t *ts_node)
+    rampart_context_t *rampart_context,
+    axiom_node_t *sec_node)
 {
     rampart_timestamp_token_t *timestamp_token = NULL;
     axis2_status_t valid_ts = AXIS2_FAILURE;
-    
-    timestamp_token = rampart_timestamp_token_create(env);
-    valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node);
+    axiom_node_t *ts_node = NULL;
 
-    if (valid_ts)
+    ts_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_TIMESTAMP);
+    if(!ts_node)
     {
-        AXIS2_LOG_INFO(env->log, "[rampart][scp] Validating Timestamp is SUCCESS ");
-        return AXIS2_SUCCESS;
+        if(rampart_context_is_include_timestamp(rampart_context,env))
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is not in the message");

+            return AXIS2_FAILURE;
+        }
+        else
+            return AXIS2_SUCCESS;
+    }            
+    else if(!rampart_context_is_include_timestamp(rampart_context,env))
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp should not be in the message.");
+        return AXIS2_FAILURE;
     }
-    else
+    else      
     {
-        AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
-        rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp
is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
+        if(!rampart_shp_validate_qnames(env,ts_node))
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+            return AXIS2_FAILURE;
+        }
+        
+        timestamp_token = rampart_timestamp_token_create(env);
+        valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, msg_ctx, ts_node);
+
+        if (valid_ts)
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][scp] Validating Timestamp is SUCCESS ");
+            return AXIS2_SUCCESS;
+        }
+        else
+        {   
+            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][scp] Timestamp is not valid");
+            rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_AUTHENTICATION, "Timestamp
is not valid", RAMPART_FAULT_IN_TIMESTAMP, msg_ctx);
         return AXIS2_FAILURE;
+        }
     }
 }
 
 static axis2_status_t 
 rampart_shp_process_usernametoken(const axis2_env_t *env,
     axis2_msg_ctx_t *msg_ctx,
-    rampart_actions_t *actions,
-    axiom_soap_envelope_t *soap_envelope,
-    axiom_node_t *ut_node)
+    rampart_context_t *rampart_context,
+    axiom_node_t *sec_node)
 {
     rampart_username_token_t *username_token = NULL;
-    axiom_soap_header_t *soap_header = NULL;
     axis2_status_t valid_user = AXIS2_FAILURE;
+    axiom_node_t *ut_node = NULL;
 
-    soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
- 
-    username_token = rampart_username_token_create(env);
-    AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
-    valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
-                            msg_ctx, soap_header, actions);    
+    ut_node = oxs_axiom_get_node_by_local_name(env,sec_node,RAMPART_SECURITY_USERNAMETOKEN);
+    if(!ut_node)
+    {
+        if(rampart_context_is_include_username_token(rampart_context,env))
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token is not in the message");
+            return AXIS2_FAILURE;
+        }
+        else
+            return AXIS2_SUCCESS;
+    }
+    else if(!rampart_context_is_include_username_token(rampart_context,env))
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][shp] Username token should not be in the message.");
+        return AXIS2_FAILURE;
+    }
+    else
+    {
+        if(!rampart_shp_validate_qnames(env,ut_node))
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+            return AXIS2_FAILURE;
+        }
 
+        username_token = rampart_username_token_create(env);
+        AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken");
+        valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
+                            msg_ctx, ut_node, rampart_context);    
+    }
     if (valid_user)
     {
         AXIS2_LOG_INFO(env->log, "[rampart][shp] Validating UsernameToken SUCCESS");
@@ -102,7 +214,7 @@
 static axis2_status_t 
 rampart_shp_process_encrypted_key(const axis2_env_t *env,
     axis2_msg_ctx_t *msg_ctx,
-    rampart_actions_t *actions,
+    rampart_context_t *rampart_context,
     axiom_soap_envelope_t *soap_envelope,
     axiom_node_t *sec_node,
     axiom_node_t *encrypted_key_node)
@@ -113,9 +225,15 @@
     axis2_char_t *enc_asym_algo = NULL;
     axis2_char_t *dec_key_file = NULL;
     axis2_char_t *password = NULL;
+    axis2_char_t *enc_user = NULL;
+    rampart_callback_t *password_callback = NULL;
     axis2_status_t status = AXIS2_FAILURE;
     oxs_asym_ctx_t *asym_ctx = NULL;
     oxs_key_t *decrypted_sym_key = NULL;
+    axis2_char_t *enc_asym_algo_in_pol = NULL; 
+    axis2_char_t *enc_sym_algo_in_pol = NULL;
+    pfunc password_function = NULL;
+    void *param = NULL;
     int i = 0;
     
     /*Get EncryptedData references */
@@ -134,14 +252,54 @@
     /*If the reference list > 0 then We have nodes to decrypt. Next step is to get the
encrypted key*/
     /*Obtain the session key which is encrypted*/
     /*Create an asym_ctx*/
+    /*We should verify the algorithm with policy*/
+    enc_asym_algo_in_pol = rampart_context_get_enc_asym_algo(rampart_context,env);
+    if(!enc_asym_algo_in_pol)
+        return AXIS2_FAILURE;
+
+    if(AXIS2_STRCMP(enc_asym_algo_in_pol,enc_asym_algo)!=0)
+    {
+        AXIS2_LOG_INFO(env->log, "The key is encrypted with the wrong algorithm");
+        return AXIS2_FAILURE;
+    }
+                    
     asym_ctx = oxs_asym_ctx_create(env);
-    dec_key_file = RAMPART_ACTIONS_GET_DEC_KEY_FILE(actions, env);
+    dec_key_file = rampart_context_get_decryption_prop_file(rampart_context,env);
+    if(!dec_key_file)
+    {
+        AXIS2_LOG_INFO(env->log, "Decryption Profile is not specified.");
+        return AXIS2_FAILURE;
+    }
     /*Get the password to retrieve the key from key store*/
-    password = rampart_callback_encuser_password(env, actions, msg_ctx);
+/*  password = rampart_callback_encuser_password(env, actions, msg_ctx);*/
+
+    enc_user = rampart_context_get_encryption_user(rampart_context,env);
+
+    if(!enc_user)
+        enc_user = rampart_context_get_user(rampart_context,env);
+
+    if(!enc_user)
+        return AXIS2_FAILURE;
+
+    password_function = rampart_context_get_password_function(rampart_context,env);
+    if(password_function)
+        password = (*password_function)(env,enc_user,param);
+
+    else
+    {
+        password_callback = rampart_context_get_password_callback(rampart_context,env);
+        if(!password_callback)
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Password call back
module is not specified.");
+            return AXIS2_FAILURE;
+        }
+        password = rampart_callback_password(env, password_callback, enc_user);
+    }
+    
     oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
     oxs_asym_ctx_set_file_name(asym_ctx, env, dec_key_file);
     
-    oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));
+/*  oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));*/
     oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
     oxs_asym_ctx_set_password(asym_ctx, env, password);
     
@@ -161,15 +319,28 @@
     }
     /*Alright now we have the key used to encrypt the elements in the reference_list*/
     /*Go thru each and every node in the list and decrypt them*/
-    for(i=0 ; i < AXIS2_ARRAY_LIST_SIZE(reference_list, env); i++ ){
+
+    /*Before decrypt we should get the symmetric algo from policy. 
+      So for each encrypted element we can compare the algo. */
+    
+    enc_sym_algo_in_pol = rampart_context_get_enc_sym_algo(rampart_context,env);
+    if(!enc_sym_algo_in_pol)
+        return AXIS2_FAILURE;
+
+    for(i=0 ; i < AXIS2_ARRAY_LIST_SIZE(reference_list, env); i++ )
+    {
         axis2_char_t *id = NULL;
         axis2_char_t *id2 = NULL;
         axiom_node_t *enc_data_node = NULL;
         axiom_node_t *envelope_node = NULL;
         oxs_ctx_t *ctx = NULL;
         axiom_node_t *decrypted_node = NULL; 
+        axiom_node_t *mtd_node = NULL;
+        axis2_char_t *sym_algo = NULL;
         axiom_soap_body_t *soap_body = NULL;
-        /*This need to be called to build the SOAP Body. Not in use but DO NOT remove*/
+
+        /*This need to be done in order to build the soap body.Do not remove.*/
+
         soap_body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env);
 
         /*Get the i-th element and decrypt it */
@@ -190,9 +361,28 @@
             return AXIS2_FAILURE;
         }
         /*Create an enc_ctx*/    
+        mtd_node = oxs_axiom_get_first_child_node_by_name(env, enc_data_node, OXS_NODE_ENCRYPTION_METHOD,
NULL, NULL);
+        if(!mtd_node)
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][shp] Node with ID=%s cannot be found",
id);
+            /*continue;*/
+            rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
+                                "Cannot find EncryptionMethod Element", RAMPART_FAULT_IN_ENCRYPTED_DATA,
msg_ctx);
+            return AXIS2_FAILURE;
+        }
+        sym_algo = oxs_token_get_encryption_method(env, mtd_node);
+        if(!sym_algo)
+            return AXIS2_FAILURE;        
+
+        if(AXIS2_STRCMP(sym_algo, enc_sym_algo_in_pol)!=0)
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][shp] Sym algorithm is mismathced with
policy.");
+            return AXIS2_FAILURE;
+        }        
+
         ctx = oxs_ctx_create(env);
         OXS_CTX_SET_KEY(ctx, env, decrypted_sym_key);
-    
+        
         status = oxs_xml_enc_decrypt_node(env, ctx, enc_data_node, &decrypted_node);
         if(AXIS2_FAILURE == status){
             rampart_create_fault_envelope(env, RAMPART_FAULT_FAILED_CHECK,
@@ -218,7 +408,7 @@
 
     return AXIS2_SUCCESS;    
 }
-
+/*
 #ifdef PRE_CHECK    
 static axis2_status_t 
 rampart_shp_pre_security_check(const axis2_env_t *env,
@@ -239,18 +429,18 @@
         return AXIS2_SUCCESS;
     }
 
-    /*Get action items seperated by spaces*/
+  
     items_list = axis2_tokenize(env, items, ' ');
     size = AXIS2_ARRAY_LIST_SIZE(items_list, env);
 
-    /*Iterate thru items*/
+  
     for (i = 0; i < size; i++)
     {
         axis2_char_t *item = NULL;
         item = AXIS2_ARRAY_LIST_GET(items_list, env, i);    
         
         if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item,
NULL))){
-            /*UT is a MUST. So identify if the UT is available*/
+  
             int num_of_ut = 0;
             num_of_ut = oxs_axiom_get_number_of_children_with_qname(env, sec_node, 
                         RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE); 
@@ -261,7 +451,7 @@
                 return AXIS2_FAILURE;
             }
         }else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item,
NULL))){
-            /*TS is a MUST.*/      
+        
             int num_of_ts = 0;
             num_of_ts = oxs_axiom_get_number_of_children_with_qname(env, sec_node,
                         RAMPART_SECURITY_TIMESTAMP, RAMPART_WSU_XMLNS, RAMPART_WSSE);
@@ -278,8 +468,9 @@
     return AXIS2_SUCCESS;
 }
 #endif
-
+*/
 /*Compare security checked results with action items*/
+/*
 static axis2_status_t
 rampart_shp_post_security_check(const axis2_env_t *env,
     axis2_msg_ctx_t *msg_ctx,
@@ -297,11 +488,11 @@
         return AXIS2_SUCCESS;
     }
 
-    /*Get action items seperated by spaces*/
+
     items_list = axis2_tokenize(env, items, ' ');
     size = AXIS2_ARRAY_LIST_SIZE(items_list, env);
 
-    /*Iterate thru items*/
+
     for (i = 0; i < size; i++)
     {
         axis2_char_t *item = NULL;
@@ -309,7 +500,7 @@
         item = AXIS2_ARRAY_LIST_GET(items_list, env, i);
 
         if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item,
NULL))){
-            /*UT is a MUST. So identify if the UT is available*/
+
             result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_UT_CHECKED);
  
             if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
                 AXIS2_LOG_INFO(env->log, "[rampart][shp] UsernameToken is required. But
not available");
@@ -319,7 +510,7 @@
             }
             result = NULL;
         }else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item,
NULL))){
-            /*TS is a MUST.*/
+
             result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_TS_CHECKED);
             if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
                 AXIS2_LOG_INFO(env->log, "[rampart][shp] Timestamp is required. But not
available");
@@ -329,7 +520,7 @@
             }
             result = NULL;
         }else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_ENCRYPT, AXIS2_STRTRIM(env, item,
NULL))){
-            /*Encryption is a MUST*/
+
             result = (axis2_char_t*)rampart_get_security_processed_result(env, msg_ctx, RAMPART_SPR_ENC_CHECKED);
             if(!result || (0 != AXIS2_STRCMP(result, RAMPART_YES)) ){
                 AXIS2_LOG_INFO(env->log, "[rampart][shp] Encryption is required. But not
available");
@@ -339,94 +530,154 @@
             }
             result = NULL;
         }else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_SIGNATURE, AXIS2_STRTRIM(env, item,
NULL))){
-            /*Signature is a MUST*/
+
         }
 
     }
     return AXIS2_SUCCESS;
 }
-    
+*/
 
 /*Public functions*/
 
 AXIS2_EXTERN axis2_status_t AXIS2_CALL
 rampart_shp_process_message(const axis2_env_t *env,
     axis2_msg_ctx_t *msg_ctx,
-    rampart_actions_t *actions,
+    rampart_context_t *rampart_context,
     axiom_soap_envelope_t *soap_envelope,
     axiom_node_t *sec_node)
 {
     axiom_node_t *cur_node = NULL;
-    axiom_element_t *cur_ele = NULL;
-    axis2_char_t *cur_node_name = NULL;
-    axis2_qname_t *cur_qname = NULL;
     axis2_status_t status = AXIS2_FAILURE;
 
     /*If certian security elements are expected by the reciever, rampart should check for
those */
     /*This should be removed once header encryption is introduced. But this pre-check avoids
further processing of headers.*/
+/*    
 #ifdef PRE_CHECK    
     status =  rampart_shp_pre_security_check(env, msg_ctx, actions,  soap_envelope, sec_node);
     if(AXIS2_FAILURE == status){
         return AXIS2_FAILURE;
     }
 #endif
+*/
+    /*TO DO*/
+    /*There should be method to verify the security header before processing*/
+
     AXIS2_LOG_INFO(env->log, "[rampart][shp] Process security header");
-    /*Get the first token of the security header element*/
-    cur_node = AXIOM_NODE_GET_FIRST_CHILD(sec_node, env);
-    
-    while(cur_node){
-        cur_ele = AXIOM_NODE_GET_DATA_ELEMENT(cur_node, env);
-        cur_qname = AXIOM_ELEMENT_GET_QNAME(cur_ele, env, cur_node);
-        cur_node_name  = AXIS2_QNAME_GET_LOCALPART(cur_qname, env);
-        
-        /*Check For following types, Username token, EncryptedKey, EncryptedData, ReferenceList,
Signature*/
-        if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_USERNAMETOKEN) ){
-            /*Process UT*/
-            AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Usernametoken");
-            status = rampart_shp_process_usernametoken(env,msg_ctx, actions, soap_envelope,
cur_node);
-        }else if(0 == AXIS2_STRCMP(cur_node_name , RAMPART_SECURITY_TIMESTAMP)){
-            /*Verify TS*/
-            AXIS2_LOG_INFO(env->log, "[rampart][shp] Process Timestamptoken");
-            status = rampart_shp_process_timestamptoken(env,msg_ctx, actions, soap_envelope,
cur_node);
-        }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_KEY)){
-            /*Process EncryptedKey*/
-            AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
-            status = rampart_shp_process_encrypted_key(env,msg_ctx, actions, soap_envelope,
sec_node,  cur_node);
-        }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_ENCRYPTED_DATA)){
-            /*Process Encrypteddata*/
-            AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedData");
-            /*TODO We need to support this scenario as well*/
-
-        }else if(0 == AXIS2_STRCMP(cur_node_name , OXS_NODE_BINARY_SECURITY_TOKEN)){
-             /*Process BinarySecurityToken*/
-             AXIS2_LOG_INFO(env->log, "[rampart][shp] Process BinarySecurityToken");
-             status = AXIS2_SUCCESS;
-        }else if(0 == AXIS2_STRCMP(cur_node_name ,OXS_NODE_REFERENCE_LIST)){
-            /*List is placed Out side of the EncryptedKey*/
-            AXIS2_LOG_INFO(env->log, "[rampart][shp] Process ReferenceList");
-        }else{
-             AXIS2_LOG_INFO(env->log, "[rampart][shp] Unknown token %s", cur_node_name);
-             rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY_TOKEN, 
-                        "Invalid security token found", cur_node_name, msg_ctx);
-             return AXIS2_FAILURE;
-        }
 
-        /*Retuen failure on error*/
-        if(AXIS2_FAILURE == status){
-            AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header processing failure");
-            return AXIS2_FAILURE;
+    if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_ASYMMETRIC)
+    {
+        if(rampart_context_is_encrypt_before_sign(rampart_context,env))
+        {
+            /*First we should verify signature, When  signature is supported.*/
+
+            /*This verification is a quick hack.This should be cganged in the future
+              with a proper verification method before message processing */
+            if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+            {
+                cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+                if(!cur_node)
+                {
+                    AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+                    return AXIS2_FAILURE;
+                }
+                if(!rampart_shp_validate_qnames(env,cur_node))             
+                {
+                    AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+                    return AXIS2_FAILURE;
+                }                   
+   
+                AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+                status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context,
soap_envelope, sec_node, cur_node);
+                if(status!=AXIS2_SUCCESS)
+                    return status;
+            }
+            else
+            {
+                cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+                if(cur_node)
+                {
+                    AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+                    return AXIS2_FAILURE;
+                }
+                else
+                    status = AXIS2_SUCCESS;
+            }
+            
         }
-        /*Proceed to next node*/
-        cur_node = AXIOM_NODE_GET_NEXT_SIBLING(cur_node, env);
-    }/*End of while*/
-    
+        else 
+        {
+           /*We should decrypt the message first*/
+            if(rampart_context_check_whether_to_encrypt(rampart_context,env))
+            {
+                cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+                if(!cur_node)
+                {
+                    AXIS2_LOG_INFO(env->log, "[rampart][shp] No Encrypted Key element");
+                    return AXIS2_FAILURE;
+                }
+                if(!rampart_shp_validate_qnames(env,cur_node))
+                {
+                    AXIS2_LOG_INFO(env->log, "[rampart][shp] Error in the security header");
+                    return AXIS2_FAILURE;
+                }
+
+                AXIS2_LOG_INFO(env->log, "[rampart][shp] Process EncryptedKey");
+                status = rampart_shp_process_encrypted_key(env,msg_ctx, rampart_context,
soap_envelope, sec_node, cur_node);
+                if(status!=AXIS2_SUCCESS)
+                    return status;
+            }
+            else
+            {
+                cur_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
+                if(cur_node)
+                {
+                    AXIS2_LOG_INFO(env->log, "[rampart][shp] policy does not specify encryption.");
+                    return AXIS2_FAILURE;
+                }
+                else
+                    status = AXIS2_SUCCESS;;
+            }
+            /*After decrypting we may verify signature stuff.*/
+        }
+        /*Now we can process timestamp*/   
+        status = rampart_shp_process_timestamptoken(env,msg_ctx,rampart_context,sec_node);
+        if(status!=AXIS2_SUCCESS)
+            return status; 
+
+        status = rampart_shp_process_usernametoken(env,msg_ctx,rampart_context,sec_node);
     
+        if(status!=AXIS2_SUCCESS)
+            return status;
+
+        AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE
");
+        /*Do the action accordingly*/
+        return AXIS2_SUCCESS;
+
+         
+    }            
+    else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC)
  
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Symmetric binding.");
+        return AXIS2_FAILURE;
+    }        
+    else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_TRANSPORT)
       
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][shp] We still not support Transport binding.");
+        return AXIS2_FAILURE;
+    }
+    else
+    {
+       AXIS2_LOG_INFO(env->log, "[rampart][shp] Invalid binding type.");
+       return AXIS2_FAILURE;
+    }        
+    /*
     status = rampart_shp_post_security_check(env, msg_ctx, actions); 
     if(AXIS2_FAILURE == status){
         AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header doesn't confirms reciever's
policy");
         return AXIS2_FAILURE;
-    }
-    AXIS2_LOG_INFO(env->log, "[rampart][shp] Security header element processing, DONE
");
-    /*Do the action accordingly*/
-    return AXIS2_SUCCESS;
+    }*/
+
 }
+
+
 

Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_util.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_util.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/rampart_util.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/rampart_util.c Tue Feb 13 22:20:06 2007
@@ -61,7 +61,7 @@
     {
         AXIS2_LOG_INFO(env->log, "[rampart][rampart_util] Unable to load the module %s.
ERROR", module_name);
         return NULL;
-    } 
+    }
 
     return ptr;
 }
@@ -74,7 +74,7 @@
     axis2_char_t **password)
 {
     rampart_credentials_status_t cred_status = RAMPART_CREDENTIALS_GENERAL_ERROR;
-    
+
     cred_status = RAMPART_CREDENTIALS_USERNAME_GET(cred_module, env, msg_ctx, username, password);
     return cred_status;
 }
@@ -84,7 +84,7 @@
     axis2_char_t *cred_module_name)
 {
     rampart_credentials_t *cred = NULL;
-    
+
     cred = (rampart_credentials_t*)rampart_load_module(env, cred_module_name);
     if (!cred)
     {
@@ -95,7 +95,7 @@
     return cred;
 }
 
-AXIS2_EXTERN void* AXIS2_CALL
+AXIS2_EXTERN rampart_authn_provider_t* AXIS2_CALL
 rampart_load_auth_module(const axis2_env_t *env,
     axis2_char_t *auth_module_name)
 {
@@ -131,7 +131,7 @@
     if(0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI)){
         auth_status = RAMPART_AUTHN_PROVIDER_CHECK_PASSWORD_DIGEST(authp, env, msg_ctx, username,
nonce, created, password);
     }else{
-        auth_status = RAMPART_AUTHN_PROVIDER_CHECK_PASSWORD(authp, env, msg_ctx, username,
password);    
+        auth_status = RAMPART_AUTHN_PROVIDER_CHECK_PASSWORD(authp, env, msg_ctx, username,
password);
     }
 
     return auth_status;
@@ -151,43 +151,26 @@
     }
 
     return cb;
- 
+
 }
 
+
 AXIS2_EXTERN axis2_char_t* AXIS2_CALL
 rampart_callback_password(const axis2_env_t *env,
         rampart_callback_t *callback_module,
-        const axis2_char_t *username,
-        axis2_ctx_t *ctx)
+        const axis2_char_t *username)
 {
     axis2_char_t *password = NULL;
-    axis2_property_t* property = NULL; 
     void *cb_prop_val= NULL;
 
-    /*Get callback specific property if any from the ctx. This is specially done for PHP
folks to send the htpassword file location.
-     */
-    property = AXIS2_CTX_GET_PROPERTY(ctx, env, RAMPART_CALLBACK_SPECIFIC_PROPERTY, AXIS2_FALSE);
-    if (property)
-    {
-        cb_prop_val = AXIS2_PROPERTY_GET_VALUE(property, env);
-        property = NULL;
-    }
-
-    if (!callback_module)
-    {
-        AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Cannot callback password.
PWCB module is NULL. ERROR");
-        return NULL;
-    }
-
     /*Get the password thru the callback*/
     password = RAMPART_CALLBACK_CALLBACK_PASSWORD(callback_module, env, username, cb_prop_val);
 
-    AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password taken from the
callback module. SUCCESS");
+    AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password taken from the
callback module . SUCCESS");
     return password;
-    
 }
 
-AXIS2_EXTERN axis2_char_t* AXIS2_CALL 
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
 rampart_generate_nonce(const axis2_env_t *env)
 {
     oxs_buffer_t *buffer = NULL;
@@ -206,7 +189,7 @@
 }
 
 
-AXIS2_EXTERN axis2_char_t* AXIS2_CALL 
+AXIS2_EXTERN axis2_char_t* AXIS2_CALL
 rampart_generate_time(const axis2_env_t *env, int ttl)
 {
     axis2_date_time_t *dt = NULL;
@@ -218,9 +201,7 @@
     return dt_str;
 }
 
-/**
-    We expect dt1_str < dt2_str/ Otherwise FAILURE
-*/
+
 AXIS2_EXTERN axis2_status_t AXIS2_CALL
 rampart_compare_date_time(const axis2_env_t *env, axis2_char_t *dt1_str, axis2_char_t *dt2_str)
 {
@@ -262,7 +243,7 @@
     ss2 = AXIS2_DATE_TIME_GET_SECOND(dt2, env);
     ml2 = AXIS2_DATE_TIME_GET_MSEC(dt2, env);
     /**
-    Comparison. 
+    Comparison.
     We expect dt1_str < dt2_str/ Otherwise FAILURE
     */
     if (yyyy1 < yyyy2)
@@ -300,8 +281,7 @@
     {
         return AXIS2_FAILURE;
     }
-
-    if (mi1 < mi2)
+     if (mi1 < mi2)
     {
         return AXIS2_SUCCESS;
     }
@@ -326,7 +306,7 @@
     else if (ml1 > ml2)
     {
         return AXIS2_FAILURE;
-    } 
+    }
 
     /*AXIS2_DATE_TIME_FREE(dt1, env);
     AXIS2_DATE_TIME_FREE(dt2, env);*/
@@ -342,3 +322,6 @@
 #endif
     return AXIS2_SUCCESS;
 }
+
+
+

Modified: webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/timestamp_token.c Tue Feb 13 22:20:06 2007
@@ -53,7 +53,6 @@
 axis2_status_t AXIS2_CALL
 rampart_timestamp_token_build(rampart_timestamp_token_t *timestamp_token,
         const axis2_env_t *env,
-        const axis2_ctx_t *ctx,
         axiom_node_t *sec_node,
         const  axiom_namespace_t *sec_ns_obj,
         int ttl);
@@ -131,7 +130,6 @@
 axis2_status_t AXIS2_CALL
 rampart_timestamp_token_build(rampart_timestamp_token_t *timestamp_token,
         const axis2_env_t *env,
-        const axis2_ctx_t *ctx,
         axiom_node_t *sec_node,
         const  axiom_namespace_t *sec_ns_obj,
         int ttl)

Modified: webservices/axis2/trunk/c/rampart/src/util/username_token.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/username_token.c?view=diff&rev=507411&r1=507410&r2=507411
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/util/username_token.c (original)
+++ webservices/axis2/trunk/c/rampart/src/util/username_token.c Tue Feb 13 22:20:06 2007
@@ -52,16 +52,12 @@
  * @param Outflow security parameter
  * @return password
  */
-static axis2_char_t*
-rampart_get_password(const axis2_env_t *env,
-        axis2_ctx_t *ctx,
-        rampart_actions_t *actions);
 
 /** public functions*/
 axis2_status_t AXIS2_CALL
 rampart_username_token_free(rampart_username_token_t *username_token,
         const axis2_env_t *env);
-
+/*
 axis2_status_t AXIS2_CALL
 rampart_username_token_build(rampart_username_token_t *username_token,
         const axis2_env_t *env,
@@ -69,14 +65,23 @@
         rampart_actions_t *actions,
         axiom_node_t *sec_node,
         axiom_namespace_t *sec_ns_obj);
+*/
+
+axis2_status_t AXIS2_CALL
+rampart_username_token_build(rampart_username_token_t *username_token,
+        const axis2_env_t *env,
+        rampart_context_t *rampart_context,
+        axiom_node_t *sec_node,
+        axiom_namespace_t *sec_ns_obj);
+
 
 
 axis2_status_t AXIS2_CALL
 rampart_username_token_validate(rampart_username_token_t *username_token,
         const axis2_env_t *env,
         axis2_msg_ctx_t *msg_ctx,
-        axiom_soap_header_t *soap_header,
-        rampart_actions_t *actions);
+        axiom_node_t *ut_node,
+        rampart_context_t *rampart_context);
 
 /************************* End of function headers ****************************/
 static void
@@ -89,42 +94,6 @@
 }
 
 
-static axis2_char_t *
-rampart_get_password(const axis2_env_t *env,
-        axis2_ctx_t *ctx,
-        rampart_actions_t *actions)
-{
-    axis2_char_t *password = NULL;
-    axis2_char_t *username = NULL;
-    axis2_char_t *pw_callback_module_name = NULL;
-
-    /*Check if password is in the context.
-     i.e.In any context in the cotext hierarchy starting from msg, op, svc, etc.*/
-    password = rampart_get_property_from_ctx(env, ctx,  RAMPART_ACTION_PASSWORD);
-    if (password)
-    {
-        return password;
-    }
-
-    /*TODO: If not in the context, get the password+username from the credentials module*/
-
-    /*If not check whether there is a callback class specified*/
-    pw_callback_module_name = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
-    if (pw_callback_module_name)
-    {
-        rampart_callback_t *pwcb = NULL;
-
-        pwcb = rampart_load_pwcb_module(env, pw_callback_module_name);
-        if(!pwcb){
-            AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] Password callback
module %s is NULL", pw_callback_module_name);
-            return NULL;
-        }
-        username = RAMPART_ACTIONS_GET_USER(actions, env);
-        password = rampart_callback_password(env, pwcb, username, ctx);
-    }
-    return password;
-}
-
 rampart_username_token_t *AXIS2_CALL
 rampart_username_token_create(
     const axis2_env_t *env)
@@ -183,8 +152,7 @@
 axis2_status_t AXIS2_CALL
 rampart_username_token_build(rampart_username_token_t *username_token,
         const axis2_env_t *env,
-        axis2_ctx_t *ctx,
-        rampart_actions_t *actions,
+        rampart_context_t *rampart_context,
         axiom_node_t *sec_node,
         axiom_namespace_t *sec_ns_obj
                             )
@@ -200,22 +168,43 @@
     axiom_element_t *pw_ele = NULL;
     axiom_element_t *nonce_ele = NULL;
     axiom_element_t *created_ele = NULL;
-    axis2_char_t *username = NULL;
-    axis2_char_t *password = NULL;
-    axis2_char_t *password_type = NULL;
     axiom_namespace_t *wsu_ns_obj = NULL;
     axiom_attribute_t *om_attr = NULL;
+    axis2_char_t *password = NULL;
     rampart_username_token_impl_t *username_token_impl = NULL;
+    axis2_char_t *username = NULL;
+    rampart_callback_t *password_callback = NULL;
+    axis2_bool_t isdigest = AXIS2_FALSE;
+    pfunc password_function = NULL;
+    void *param = NULL;
+    
 
     AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
     username_token_impl = AXIS2_INTF_TO_IMPL(username_token);
 
-    /*Get values from outflow security*/
+    /*Directly call the password from callback module*/
+
+    username = rampart_context_get_user(rampart_context,env);
+    if(!username)
+    {
+        AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] User is not specified.");
+        return AXIS2_FAILURE;
+    }
+    password_function = rampart_context_get_password_function(rampart_context,env);
+    if(password_function)
+        password = (*password_function)(env,username,param);
 
-    username = RAMPART_ACTIONS_GET_USER(actions, env);
-    password_type = RAMPART_ACTIONS_GET_PASSWORD_TYPE(actions, env);
+    else
+    {
+        password_callback = rampart_context_get_password_callback(rampart_context,env);
+        if(!password_callback)
+        {
+            AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] password callback
module is not loaded. ERROR");
+            return AXIS2_FAILURE;
+        }
 
-    password = rampart_get_password(env, ctx, actions);
+        password = rampart_callback_password(env, password_callback,username);
+    }
 
     if (!password)
     {
@@ -250,8 +239,10 @@
             AXIOM_ELEMENT_SET_NAMESPACE(un_ele, env, sec_ns_obj, un_node);
 
         }
-
-        if (0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST))
+        /*From policy we can get this as a bool */
+/*      if (0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST))*/
+        isdigest = rampart_context_get_password_type(rampart_context,env);
+        if(isdigest)
         {
             axis2_char_t *nonce_val = NULL;
             axis2_char_t *created_val = NULL;
@@ -348,58 +339,34 @@
 rampart_username_token_validate(rampart_username_token_t *username_token,
         const axis2_env_t *env,
         axis2_msg_ctx_t *msg_ctx,
-        axiom_soap_header_t *soap_header,
-        rampart_actions_t *actions)
+        axiom_node_t *ut_node,
+        rampart_context_t *rampart_context)
 {
-    axiom_element_t *sec_ele = NULL;
-    axiom_element_t *ut_ele = NULL;
-    axiom_node_t *sec_node = NULL;
-    axiom_node_t *ut_node = NULL;
     axiom_child_element_iterator_t *children = NULL;
     axis2_char_t *username = NULL;
     axis2_char_t *password = NULL;
     axis2_char_t *nonce = NULL;
     axis2_char_t *created = NULL;
     axis2_char_t *password_type = NULL;
-    axis2_char_t *pw_callback_module_name = NULL;
-    axis2_char_t *authn_module_name = NULL;
+    rampart_callback_t *password_callback = NULL;
+    rampart_authn_provider_t *authn_provider = NULL;
     axis2_char_t *password_from_svr = NULL;
     axis2_char_t *password_to_compare = NULL;
     axis2_ctx_t *ctx = NULL;
-    axis2_qname_t *qname = NULL;
     rampart_username_token_impl_t *username_token_impl = NULL;
     rampart_authn_provider_status_t auth_status= RAMPART_AUTHN_PROVIDER_GENERAL_ERROR ;
+    axiom_element_t *ut_ele = NULL;
+    pfunc password_function = NULL;
+    void *param = NULL;
+    auth_password_func authenticate_with_password = NULL;
+    auth_digest_func authenticate_with_digest = NULL;
 
     AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
     username_token_impl = AXIS2_INTF_TO_IMPL(username_token);
 
-    sec_node = rampart_get_security_token(env, msg_ctx, soap_header);
-    if (!sec_node)
-    {
-        AXIS2_LOG_INFO(env->log, " [rampart][rampart_usernametoken] Cannot find security
header element");
+    ut_ele = AXIOM_NODE_GET_DATA_ELEMENT(ut_node, env);
+    if(!ut_ele)
         return AXIS2_FAILURE;
-    }
-
-
-    sec_ele = AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env);
-    if (!sec_ele)
-    {
-        return AXIS2_FAILURE;
-    }
-
-    qname = axis2_qname_create(env,
-            RAMPART_SECURITY_USERNAMETOKEN,
-            RAMPART_WSSE_XMLNS,
-            RAMPART_WSSE);
-    if (qname)
-    {
-        ut_ele = AXIOM_ELEMENT_GET_FIRST_CHILD_WITH_QNAME(sec_ele, env, qname, sec_node,
&ut_node);
-        if (!ut_ele)
-        {
-            AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Cannot find UsernameToken
in Security header element...");
-            return AXIS2_FAILURE;
-        }
-    }
 
     /*Check: Any USERNAME_TOKEN MUST NOT have more than one PASSWORD*/
     if (1 <  oxs_axiom_get_number_of_children_with_qname(env, ut_node, RAMPART_SECURITY_USERNAMETOKEN_PASSWORD,
NULL, NULL))
@@ -454,7 +421,24 @@
                     AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password
Type is not specified in the password element");
                     return AXIS2_FAILURE;
                 }
-
+                /*Then we must check the password type with policy*/
+                else if(rampart_context_get_password_type(rampart_context,env))
+                {
+                    if(0 != AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI))
+                    {
+                        AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password
Type is Wrong");
+                        return AXIS2_FAILURE;
+                    }                        
+                
+                }   
+                else if(!rampart_context_get_password_type(rampart_context,env))     
+                {
+                    if(0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI))
+                    {
+                        AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password
Type is Wrong");
+                        return AXIS2_FAILURE;
+                    }            
+                }
                 password = AXIOM_ELEMENT_GET_TEXT(element, env, node);
 
             }
@@ -503,14 +487,53 @@
      * If authentication module is defined use it. 
      * Else try the usual approach to get password from the callback and compare
      * */
+    /*In both authentication and password callback methods we should first try to
+     *use function pointers. */    
 
     /*authn_module_name = "/home/kau/axis2/c/deploy/bin/samples/rampart/authn_provider/libauthn.so";*/
-    authn_module_name = RAMPART_ACTIONS_GET_AUTHN_MODULE_NAME(actions, env);
-    if(authn_module_name){
-        rampart_authn_provider_t *authp = NULL;
-        AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] Password authentication
using AUTH MODULE %s", authn_module_name);
-        authp = rampart_load_auth_module(env, authn_module_name);
-        auth_status = rampart_authenticate_un_pw(env, authp, username, password, nonce, created,
password_type, msg_ctx);
+    if (0 == AXIS2_STRCMP(password_type, RAMPART_PASSWORD_DIGEST_URI)) 
+    {
+        authenticate_with_digest = rampart_context_get_auth_digest_function(rampart_context,env);
+        if(authenticate_with_digest)
+        {
+            auth_status = authenticate_with_digest(env,username,nonce,created,password);
+            if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status)
+            {
+                AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] User authenticated");
+                rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_UT_CHECKED,
RAMPART_YES);
+                return AXIS2_SUCCESS;
+            }
+            else
+            {
+                AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password is
not valid for user %s : status %d", username, auth_status);
+                return AXIS2_FAILURE;
+            }
+        }
+    }   
+    else
+    {
+        authenticate_with_password = rampart_context_get_auth_password_function(rampart_context,env);
+        if(authenticate_with_password)
+        {
+            auth_status = authenticate_with_password(env,username,password);
+            if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status)
+            {
+                AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] User authenticated");
+                rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_UT_CHECKED,
RAMPART_YES);
+                return AXIS2_SUCCESS;
+            }
+            else
+            {
+                AXIS2_LOG_INFO(env->log, "[rampart][rampart_usernametoken] Password is
not valid for user %s : status %d", username, auth_status);
+                return AXIS2_FAILURE;
+            }
+        }
+    }
+    authn_provider = rampart_context_get_authn_provider(rampart_context,env);
+    /*printf("AUTHN_MODULE_NAME =%s", authn_module_name);*/
+    if(authn_provider){
+        AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] Password authentication
using AUTH MODULE");
+        auth_status = rampart_authenticate_un_pw(env, authn_provider, username, password,
nonce, created, password_type, msg_ctx);
         if(RAMPART_AUTHN_PROVIDER_GRANTED == auth_status){
             AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] User authenticated");
             rampart_set_security_processed_result(env, msg_ctx,RAMPART_SPR_UT_CHECKED, RAMPART_YES);
@@ -521,22 +544,26 @@
         }
         
     }else{
-        rampart_callback_t *pwcb = NULL;
-
         /*Auth module is NULL. Use Callback password*/
-        pw_callback_module_name = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env);
-        if(!pw_callback_module_name){
-            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken]
Password callback module is not specified");
-            return AXIS2_FAILURE;
-        }
         
-        AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] Password authentication
using CALLBACK MODULE %s", pw_callback_module_name);
-        pwcb = rampart_load_pwcb_module(env, pw_callback_module_name);
-        if(!pwcb){
-            AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] Password callback
module %s is NULL", pw_callback_module_name);
-            return AXIS2_FAILURE;
+        /*First we must check whether the password get function pointer is set.(eg:from php)*/
+        password_function = rampart_context_get_password_function(rampart_context,env);
+        if(password_function)
+            password_from_svr = (*password_function)(env,username,param);
+
+        else
+        {    
+            password_callback = rampart_context_get_password_callback(rampart_context,env);
+            if(!password_callback){
+                AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken]
Password callback module is not specified");
+                return AXIS2_FAILURE;
+            }
+        
+            AXIS2_LOG_INFO(env->log,  "[rampart][rampart_usernametoken] Password authentication
using CALLBACK MODULE ");
+           /*password_from_svr = rampart_callback_password(env, pw_callback_module, username,
ctx);*/
+            password_from_svr = rampart_callback_password(env, password_callback, username);
         }
-        password_from_svr = rampart_callback_password(env, pwcb, username, ctx);
+
         if (!password_from_svr)
         {
             AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][rampart_usernametoken]
Cannot get the password for user %s", username);



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message