axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From kausha...@apache.org
Subject svn commit: r512242 - in /webservices/axis2/trunk/c/rampart: src/omxmlsec/openssl/sign.c src/omxmlsec/xml_signature.c test/omxmlsec/test.c
Date Tue, 27 Feb 2007 12:55:03 GMT
Author: kaushalye
Date: Tue Feb 27 04:55:03 2007
New Revision: 512242

URL: http://svn.apache.org/viewvc?view=rev&rev=512242
Log:
XML Signature in OMXMLSecurity

Modified:
    webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
    webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
    webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c

Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c?view=diff&rev=512242&r1=512241&r2=512242
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/openssl/sign.c Tue Feb 27 04:55:03 2007
@@ -32,6 +32,50 @@
 
 #define BUFSIZE 64
 
+AXIS2_EXTERN int AXIS2_CALL
+openssl_sign(const axis2_env_t *env,
+        oxs_sign_ctx_t *sign_ctx,
+        oxs_buffer_t *input_buf,
+        oxs_buffer_t *output_buf)
+{
+    openssl_pkey_t *open_pkey = NULL;
+    unsigned char sig_buf[4096]; /*Enough for the signature*/
+    unsigned int sig_len;
+    const EVP_MD*   digest;
+    EVP_MD_CTX      md_ctx;
+    EVP_PKEY*       pkey = NULL;
+    int err, ret;
+    /*Get the key*/
+    open_pkey = oxs_sign_ctx_get_private_key(sign_ctx, env);
+    pkey = OPENSSL_PKEY_GET_KEY(open_pkey, env);
+    if(!pkey){
+         oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIGN_FAILED,"Cannot load the private key"
);
+    }
+
+    /*TODO: Set the digest according to the signature method*/
+    digest = EVP_sha1();
+
+    /*MD Ctx init*/
+    EVP_MD_CTX_init(&md_ctx);
+
+    /*Sign init*/
+    ret = EVP_SignInit(&md_ctx, digest);
+    AXIS2_LOG_INFO(env->log, "[openssl][sig] Signing content %s", OXS_BUFFER_GET_DATA(input_buf,
env) );    
+    EVP_SignUpdate (&md_ctx, OXS_BUFFER_GET_DATA(input_buf, env), OXS_BUFFER_GET_SIZE(input_buf,
env));
+    sig_len = sizeof(sig_buf);
+    err = EVP_SignFinal (&md_ctx,
+               sig_buf,
+               &sig_len,
+               pkey);
+    if (err != 1) {  
+        ERR_print_errors_fp (stderr);     
+    }
+    /*Fill the output buffer*/
+    OXS_BUFFER_POPULATE(output_buf, env, sig_buf, sig_len);
+
+    return sig_len;
+}
+
 AXIS2_EXTERN axis2_status_t AXIS2_CALL
 openssl_sig_verify(const axis2_env_t *env,
     oxs_sign_ctx_t *sign_ctx,
@@ -43,15 +87,17 @@
     oxs_x509_cert_t *cert = NULL;
     const EVP_MD*   digest;
     EVP_MD_CTX      md_ctx;
-    EVP_PKEY*       pkey;
+    EVP_PKEY*       pkey = NULL;
     int  ret;
 
     /*Get the publickey*/
     cert = oxs_sign_ctx_get_certificate(sign_ctx, env);
     open_pubkey = oxs_x509_cert_get_public_key(cert, env);
     pkey = OPENSSL_PKEY_GET_KEY(open_pubkey, env);
-
-    /*Set the digest according to the signature method*/
+    if(!pkey){
+         oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Cannot load the
public key" );
+    }
+    /*TODO Set the digest according to the signature method*/
     digest = EVP_sha1();
 
     /*Init MD Ctx*/
@@ -90,46 +136,5 @@
 
     return status;    
     
-}
-
-AXIS2_EXTERN int AXIS2_CALL
-openssl_sign(const axis2_env_t *env,
-        oxs_sign_ctx_t *sign_ctx,
-        oxs_buffer_t *input_buf,
-        oxs_buffer_t *output_buf)
-{
-    openssl_pkey_t *open_pkey = NULL;
-    unsigned char sig_buf[4096]; /*Allocate enough memory dynamically*/
-    unsigned int sig_len;
-    const EVP_MD*   digest;
-    EVP_MD_CTX      md_ctx;
-    EVP_PKEY*       pkey;
-    int err, ret;
-    /*Get the key*/
-    open_pkey = oxs_sign_ctx_get_private_key(sign_ctx, env);
-    pkey = OPENSSL_PKEY_GET_KEY(open_pkey, env);
-
-    /*Set the digest according to the signature method*/
-    digest = EVP_sha1();
-
-    /*MD Ctx init*/
-    EVP_MD_CTX_init(&md_ctx);
-
-    /*Sign init*/
-    ret = EVP_SignInit(&md_ctx, digest);
-    
-    EVP_SignUpdate (&md_ctx, OXS_BUFFER_GET_DATA(input_buf, env), OXS_BUFFER_GET_SIZE(input_buf,
env));
-    sig_len = sizeof(sig_buf);
-    err = EVP_SignFinal (&md_ctx,
-               sig_buf,
-               &sig_len,
-               pkey);
-    if (err != 1) {  
-        ERR_print_errors_fp (stderr);     
-    }
-    /*Fill the output buffer*/
-    OXS_BUFFER_POPULATE(output_buf, env, sig_buf, sig_len);
-
-    return sig_len;
 }
 

Modified: webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c?view=diff&rev=512242&r1=512241&r2=512242
==============================================================================
--- webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c (original)
+++ webservices/axis2/trunk/c/rampart/src/omxmlsec/xml_signature.c Tue Feb 27 04:55:03 2007
@@ -610,9 +610,11 @@
     /*In the final step we Verify*/ 
     status = oxs_sig_verify(env, sign_ctx, content , signature_val);
     if(AXIS2_FAILURE == status){
+        oxs_error(env, ERROR_LOCATION, OXS_ERROR_SIG_VERIFICATION_FAILED,"Signature is not
valid " );        
         return AXIS2_FAILURE;
+    }else{
+        return AXIS2_SUCCESS;
     }
 
 
-    return AXIS2_SUCCESS;
 }

Modified: webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c?view=diff&rev=512242&r1=512241&r2=512242
==============================================================================
--- webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c (original)
+++ webservices/axis2/trunk/c/rampart/test/omxmlsec/test.c Tue Feb 27 04:55:03 2007
@@ -151,7 +151,7 @@
         oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
         oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
         /*Set the operation*/
-        oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
+        oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
         
         sig_node = oxs_axiom_get_first_child_node_by_name(env, tmpl,
                                     OXS_NODE_SIGNATURE, OXS_DSIG_NS, OXS_DS );
@@ -161,7 +161,11 @@
         }
         /*Verify*/
         status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
-        status = AXIS2_SUCCESS;    
+        if(AXIS2_SUCCESS != status){
+            printf("Signature Failed :-(\n");
+        }else{
+            printf("Signature Verified :-)\n");
+        }
     }
 
     return status;
@@ -173,17 +177,7 @@
     axis2_char_t *filename = "input.xml";
     axis2_char_t *certfile = "rsacert.pem";
     axis2_char_t *prvkeyfile = "rsakey.pem";
-    axis2_char_t *operation = "S";
-#if 0
-    axis2_char_t *signed_result = NULL;
-    axiom_node_t *node = NULL;
-    oxs_sign_part_t *sign_part = NULL;
-    oxs_sign_ctx_t *sign_ctx = NULL;
-    oxs_transform_t *tr = NULL;
-    axis2_array_list_t *sign_parts = NULL;
-    axis2_array_list_t *tr_list = NULL;
-    axis2_char_t *id = NULL;
-#endif
+    axis2_char_t *operation = "SIGN";
     openssl_pkey_t *prvkey = NULL;
     oxs_x509_cert_t *cert = NULL;
 
@@ -212,49 +206,6 @@
     if(!cert){
          printf("Cannot load certificate");
     }
-#if 0
-    /*Sign specific*/
-    sign_part = oxs_sign_part_create(env);
-    status = AXIS2_FAILURE;
-
-    tr_list = axis2_array_list_create(env, 1);
-    /*We need C14N transform*/
-    tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
-    axis2_array_list_add(tr_list, env, tr);
-    oxs_sign_part_set_transforms(sign_part, env, tr_list);
-    
-    /*We need to sign this node add an ID to it*/
-    node = axiom_node_get_first_element(tmpl, env);
-    id = "Sig-ID-EFG";  /*oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID);*/
-    oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS,  OXS_ATTR_ID, id);
-    status = oxs_sign_part_set_node(sign_part, env,node);
-
-
-    sign_parts = axis2_array_list_create(env, 1);
-    axis2_array_list_add(sign_parts, env, sign_part);
-    sign_ctx = oxs_sign_ctx_create(env);
-    if(sign_ctx){
-        oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
-        oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
-        /*Set sig algo*/
-        oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
-        /*Set C14N method*/
-        oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
-        /*Set sig parts*/
-        oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
-        /*Set the operation*/
-        oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
-        /*Sign*/
-        oxs_xml_sig_sign(env, sign_ctx, tmpl);
-    }else{
-        printf("Sign ctx creation failed");
-    }
-    signed_result = AXIOM_NODE_TO_STRING(tmpl, env) ;
-
-    outf = fopen("result-sign.xml", "wb");
-    fwrite(signed_result, 1, AXIS2_STRLEN(signed_result), outf);
-    fclose(outf);
-#endif
     
     if(0 == axis2_strcmp(operation, "SIGN")){
         sign(env, filename, prvkey, cert);



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org


Mime
View raw message