Return-Path: Delivered-To: apmail-ws-axis-dev-archive@www.apache.org Received: (qmail 45986 invoked from network); 14 Feb 2007 06:20:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Feb 2007 06:20:42 -0000 Received: (qmail 41972 invoked by uid 500); 14 Feb 2007 06:20:47 -0000 Delivered-To: apmail-ws-axis-dev-archive@ws.apache.org Received: (qmail 41826 invoked by uid 500); 14 Feb 2007 06:20:46 -0000 Mailing-List: contact axis-cvs-help@ws.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list axis-cvs@ws.apache.org Received: (qmail 41773 invoked by uid 500); 14 Feb 2007 06:20:46 -0000 Delivered-To: apmail-ws-axis2-cvs@ws.apache.org Received: (qmail 41717 invoked by uid 99); 14 Feb 2007 06:20:45 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Feb 2007 22:20:45 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Feb 2007 22:20:32 -0800 Received: by eris.apache.org (Postfix, from userid 65534) id A83471A981D; Tue, 13 Feb 2007 22:20:12 -0800 (PST) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r507411 [2/3] - in /webservices/axis2/trunk/c/rampart: include/ src/core/ src/handlers/ src/secpolicy/builder/ src/secpolicy/model/ src/secpolicy/test-resources/ src/util/ Date: Wed, 14 Feb 2007 06:20:09 -0000 To: axis2-cvs@ws.apache.org From: kaushalye@apache.org X-Mailer: svnmailer-1.1.0 Message-Id: <20070214062012.A83471A981D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/builder/wss11_builder.c Tue Feb 13 22:20:06 2007 @@ -96,7 +96,6 @@ if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_KEY_IDENTIFIER,node,element)) { rp_wss11_set_must_support_ref_key_identifier(wss11,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -107,7 +106,6 @@ if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_ISSUER_SERIAL,node,element)) { rp_wss11_set_must_support_ref_issuer_serial(wss11,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -118,7 +116,6 @@ if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_EXTERNAL_URI,node,element)) { rp_wss11_set_must_support_ref_external_uri(wss11,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -129,7 +126,6 @@ if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_EMBEDDED_TOKEN,node,element)) { rp_wss11_set_must_support_ref_embedded_token(wss11,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -140,7 +136,6 @@ if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_THUMBPRINT,node,element)) { rp_wss11_set_must_support_ref_thumbprint(wss11,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -151,7 +146,6 @@ if(rp_match_secpolicy_qname(env,RP_MUST_SUPPORT_REF_ENCRYPTED_KEY,node,element)) { rp_wss11_set_must_support_ref_encryptedkey(wss11,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -162,7 +156,6 @@ if(rp_match_secpolicy_qname(env,RP_REQUIRE_SIGNATURE_CONFIRMATION,node,element)) { rp_wss11_set_require_signature_confirmation(wss11,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/builder/x509_token_builder.c Tue Feb 13 22:20:06 2007 @@ -126,7 +126,6 @@ if(rp_match_secpolicy_qname(env,RP_REQUIRE_KEY_IDENTIFIRE_REFERENCE,node,element)) { rp_x509_token_set_require_key_identifier_reference(x509_token,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -137,7 +136,6 @@ if(rp_match_secpolicy_qname(env,RP_REQUIRE_ISSUER_SERIAL_REFERENCE,node,element)) { rp_x509_token_set_require_issuer_serial_reference(x509_token,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -148,7 +146,6 @@ if(rp_match_secpolicy_qname(env,RP_REQUIRE_EMBEDDED_TOKEN_REFERENCE,node,element)) { rp_x509_token_set_require_embedded_token_reference(x509_token,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -159,7 +156,6 @@ if(rp_match_secpolicy_qname(env,RP_REQUIRE_THUMBPRINT_REFERENCE,node,element)) { rp_x509_token_set_require_thumb_print_reference(x509_token,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -170,7 +166,6 @@ if(rp_match_secpolicy_qname(env,RP_REQUIRE_DERIVED_KEYS,node,element)) { rp_x509_token_set_derivedkeys(x509_token,env,AXIS2_TRUE); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -181,7 +176,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_V1_TOKEN_10,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -192,7 +186,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_V3_TOKEN_10,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -203,7 +196,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKCS7_TOKEN_10,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -214,7 +206,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKI_PATH_V1_TOKEN_10,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -225,7 +216,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_V1_TOKEN_11,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -236,7 +226,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_V3_TOKEN_11,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -247,7 +236,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKCS7_TOKEN_11,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else @@ -258,7 +246,6 @@ if(rp_match_secpolicy_qname(env,RP_WSS_X509_PKI_PATH_V1_TOKEN_11,node,element)) { rp_x509_token_set_token_version_and_type(x509_token,env,local_name); - printf("%s\n",local_name); return AXIS2_SUCCESS; } else Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/asymmetric_binding.c Tue Feb 13 22:20:06 2007 @@ -126,14 +126,9 @@ { AXIS2_ENV_CHECK(env, AXIS2_FAILURE); AXIS2_PARAM_CHECK(env->error,initiator_token,AXIS2_FAILURE); - if(!asymmetric_binding->initiator_token) - { - return AXIS2_FAILURE; - } asymmetric_binding->initiator_token =initiator_token; - return AXIS2_SUCCESS; - + } AXIS2_EXTERN axis2_status_t AXIS2_CALL @@ -144,12 +139,8 @@ { AXIS2_ENV_CHECK(env, AXIS2_FAILURE); AXIS2_PARAM_CHECK(env->error,recipient_token,AXIS2_FAILURE); - if(!asymmetric_binding->recipient_token) - { - return AXIS2_FAILURE; - } + asymmetric_binding->recipient_token = recipient_token; - return AXIS2_SUCCESS; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/header.c Tue Feb 13 22:20:06 2007 @@ -54,16 +54,6 @@ if(header) { - if(header->name) - { - AXIS2_FREE(env->allocator, header->name); - header->name = NULL; - } - if(header->namespace) - { - AXIS2_FREE(env->allocator, header->namespace); - header->namespace = NULL; - } AXIS2_FREE(env->allocator, header); header = NULL; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/https_token.c Tue Feb 13 22:20:06 2007 @@ -83,7 +83,6 @@ AXIS2_PARAM_CHECK(env->error,inclusion,AXIS2_FAILURE); https_token->inclusion = inclusion; - printf("%s\n",https_token->inclusion); return AXIS2_SUCCESS; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/layout.c Tue Feb 13 22:20:06 2007 @@ -37,7 +37,7 @@ AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE); return NULL; } - layout->value = RP_LAYOUT_LAX; + layout->value = RP_LAYOUT_STRICT; return layout; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/rampart_config.c Tue Feb 13 22:20:06 2007 @@ -24,6 +24,7 @@ axis2_char_t *encryption_user; axis2_char_t *password_callback_class; axis2_char_t *authenticate_module; + axis2_char_t *password_type; rp_signature_crypto_t *signature_crypto; rp_encryption_crypto_t *encryption_crypto; }; @@ -49,7 +50,7 @@ rampart_config->signature_crypto = NULL; rampart_config->encryption_crypto = NULL; rampart_config->authenticate_module = NULL; - + rampart_config->password_type = NULL; return rampart_config; } @@ -168,6 +169,29 @@ rampart_config->authenticate_module = authenticate_module; return AXIS2_SUCCESS; } + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rp_rampart_config_get_password_type( + rp_rampart_config_t *rampart_config, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + return rampart_config->password_type; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rp_rampart_config_set_password_type(rp_rampart_config_t *rampart_config, + const axis2_env_t *env, + axis2_char_t *password_type) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + AXIS2_PARAM_CHECK(env->error,password_type,AXIS2_FAILURE); + + rampart_config->password_type = password_type; + return AXIS2_SUCCESS; +} + AXIS2_EXTERN rp_signature_crypto_t *AXIS2_CALL rp_rampart_config_get_signature_crypto( Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/ut.c Tue Feb 13 22:20:06 2007 @@ -70,7 +70,7 @@ /* Implementations */ AXIS2_EXTERN axis2_char_t *AXIS2_CALL -rp_username_token_get_inclsion( +rp_username_token_get_inclusion( rp_username_token_t *username_token, const axis2_env_t *env) { @@ -89,7 +89,6 @@ AXIS2_PARAM_CHECK(env->error,inclusion,AXIS2_FAILURE); username_token->inclusion = inclusion; - printf("%s\n",username_token->inclusion); return AXIS2_SUCCESS; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss10.c Tue Feb 13 22:20:06 2007 @@ -25,6 +25,7 @@ axis2_bool_t must_support_ref_issuer_serial; axis2_bool_t must_support_ref_external_uri; axis2_bool_t must_support_ref_embedded_token; + axis2_bool_t must_support_direct_reference; }; AXIS2_EXTERN rp_wss10_t *AXIS2_CALL @@ -46,7 +47,8 @@ wss10->must_support_ref_issuer_serial = AXIS2_FALSE; wss10->must_support_ref_external_uri = AXIS2_FALSE; wss10->must_support_ref_embedded_token = AXIS2_FALSE; - + wss10->must_support_direct_reference = AXIS2_TRUE; + return wss10; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/wss11.c Tue Feb 13 22:20:06 2007 @@ -28,6 +28,7 @@ axis2_bool_t must_support_ref_thumbprint; axis2_bool_t must_support_ref_encryptedkey; axis2_bool_t require_signature_confirmation; + axis2_bool_t must_support_direct_reference; }; AXIS2_EXTERN rp_wss11_t *AXIS2_CALL @@ -52,6 +53,8 @@ wss11->must_support_ref_thumbprint = AXIS2_FALSE; wss11->must_support_ref_encryptedkey = AXIS2_FALSE; wss11->require_signature_confirmation = AXIS2_FALSE; + wss11->must_support_direct_reference = AXIS2_TRUE; + return wss11; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/model/x509_token.c Tue Feb 13 22:20:06 2007 @@ -74,7 +74,7 @@ /* Implementations */ AXIS2_EXTERN axis2_char_t *AXIS2_CALL -rp_x509_token_get_inclsion(rp_x509_token_t *x509_token, +rp_x509_token_get_inclusion(rp_x509_token_t *x509_token, const axis2_env_t *env) { AXIS2_ENV_CHECK(env, NULL); @@ -91,7 +91,6 @@ AXIS2_PARAM_CHECK(env->error,inclusion,AXIS2_FAILURE); x509_token->inclusion = inclusion; - printf("%s\n",x509_token->inclusion); return AXIS2_SUCCESS; } Modified: webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml (original) +++ webservices/axis2/trunk/c/rampart/src/secpolicy/test-resources/2.xml Tue Feb 13 22:20:06 2007 @@ -5,7 +5,7 @@ - + @@ -14,7 +14,7 @@ - + @@ -23,7 +23,7 @@ - + @@ -31,29 +31,35 @@ - + + - + + + + + + - - + - + - alice - bob - /home/manjula/axis2/c/deploy/bin/samples/rampart/callback/libpwcb.so + Gampola + b + Digest + /home/manjula/axis2/scratch/security-policy/c/deploy/bin/samples/rampart/callback/libpwcb.so /home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert - /home/manjula/axis2/c/rampart/samples/keys/ahome/b_cert.cert - /home/manjula/axis2/c/rampart/samples/keys/ahome/a_store.pfx + /home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/ahome/b_cert.cert + /home/manjula/axis2/scratch/security-policy/c/rampart/samples/keys/bhome/b_store.pfx Modified: webservices/axis2/trunk/c/rampart/src/util/Makefile.am URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/Makefile.am?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/util/Makefile.am (original) +++ webservices/axis2/trunk/c/rampart/src/util/Makefile.am Tue Feb 13 22:20:06 2007 @@ -5,7 +5,7 @@ librampart_util_la_SOURCES = rampart_action.c rampart_crypto_util.c \ rampart_util.c rampart_handler_util.c username_token.c timestamp_token.c \ rampart_encryption.c rampart_sec_header_processor.c rampart_sec_processed_result.c \ - rampart_sec_header_builder.c + rampart_sec_header_builder.c rampart_context.c rampart_engine.c librampart_util_la_LIBADD = -lssl \ @@ -15,4 +15,5 @@ INCLUDES = -I$(top_builddir)/include \ -I ../../../include \ -I ../../../util/include \ + -I ../../../xml_schema/include \ -I ../../../axiom/include Added: webservices/axis2/trunk/c/rampart/src/util/rampart_context.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_context.c?view=auto&rev=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/util/rampart_context.c (added) +++ webservices/axis2/trunk/c/rampart/src/util/rampart_context.c Tue Feb 13 22:20:06 2007 @@ -0,0 +1,1089 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include + + + + +struct rampart_context_t +{ + rp_secpolicy_t *secpolicy; + rampart_callback_t* password_callback_module; + rampart_authn_provider_t *authn_provider; + + /*Function pointers for php extension to assign*/ + pfunc password_func; + auth_password_func authenticate_with_password; + auth_digest_func authenticate_with_digest; +}; + + +/*private functions*/ + +rp_symmetric_asymmetric_binding_commons_t +*rampart_context_get_symmetric_asymmetric_binding_commons( + rampart_context_t *rampart_context, + const axis2_env_t *env); + +rp_binding_commons_t *rampart_context_get_binding_commons( + rampart_context_t *rampart_context, + const axis2_env_t *env); + +axis2_bool_t rampart_context_use_username_token( + rp_supporting_tokens_t *signed_supporting, + const axis2_env_t *env); + +axis2_bool_t rampart_context_validate_ut( + rp_username_token_t *username_token, + const axis2_env_t *env); + +rp_supporting_tokens_t +*rampart_context_get_signed_supporting_from_binding( + rampart_context_t *rampart_context, + const axis2_env_t *env); + +axis2_status_t rampart_context_set_nodes_to_encrypt( + rp_header_t *header, + const axis2_env_t *env, + axiom_soap_envelope_t *soap_envelope, + axis2_array_list_t *nodes_to_encrypt); + +axis2_char_t *AXIS2_CALL +rampart_context_get_key_identifier_from_wss( + rampart_context_t *rampart_context, + const axis2_env_t *env); + + + +AXIS2_EXTERN rampart_context_t *AXIS2_CALL +rampart_context_create(const axis2_env_t *env) +{ + rampart_context_t *rampart_context = NULL; + + AXIS2_ENV_CHECK(env, NULL); + + rampart_context = (rampart_context_t *) AXIS2_MALLOC (env->allocator, + sizeof (rampart_context_t)); + + if(rampart_context == NULL) + { + AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE); + return NULL; + } + rampart_context->secpolicy = NULL; + rampart_context->password_callback_module = NULL; + rampart_context->authn_provider = NULL; + rampart_context->password_func = NULL; + rampart_context->authenticate_with_password = NULL; + rampart_context->authenticate_with_digest = NULL; + + return rampart_context; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_free(rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + if(rampart_context) + { + if(rampart_context->secpolicy) + { + rp_secpolicy_free(rampart_context->secpolicy,env); + rampart_context->secpolicy = NULL; + } + AXIS2_FREE(env->allocator,rampart_context); + rampart_context = NULL; + } + return AXIS2_SUCCESS; +} + + +/* Implementations */ + +AXIS2_EXTERN rp_secpolicy_t *AXIS2_CALL +rampart_context_get_secpolicy( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + return rampart_context->secpolicy; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_secpolicy(rampart_context_t *rampart_context, + const axis2_env_t *env, + rp_secpolicy_t *secpolicy) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + AXIS2_PARAM_CHECK(env->error,secpolicy,AXIS2_FAILURE); + + rampart_context->secpolicy = secpolicy; + return AXIS2_SUCCESS; +} + + +AXIS2_EXTERN rampart_callback_t *AXIS2_CALL +rampart_context_get_password_callback( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + return rampart_context->password_callback_module; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_password_callback(rampart_context_t *rampart_context, + const axis2_env_t *env, + rampart_callback_t *password_callback_module) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + AXIS2_PARAM_CHECK(env->error,password_callback_module,AXIS2_FAILURE); + + rampart_context->password_callback_module = password_callback_module; + return AXIS2_SUCCESS; +} + +/*This function get the function pointer of the password callback function*/ + +AXIS2_EXTERN pfunc AXIS2_CALL +rampart_context_get_password_function( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + return rampart_context->password_func; +} + +/*set the password callback function*/ + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_password_function(rampart_context_t *rampart_context, + const axis2_env_t *env, + pfunc password_func) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + AXIS2_PARAM_CHECK(env->error,password_func,AXIS2_FAILURE); + + rampart_context->password_func = password_func; + return AXIS2_SUCCESS; +} + +/*The 4 functions below deals with setting and getting authentication + *module function pointers */ + +AXIS2_EXTERN auth_password_func AXIS2_CALL +rampart_context_get_auth_password_function( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + return rampart_context->authenticate_with_password; +} + + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_auth_password_function(rampart_context_t *rampart_context, + const axis2_env_t *env, + auth_password_func authenticate_with_password) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + AXIS2_PARAM_CHECK(env->error,authenticate_with_password,AXIS2_FAILURE); + + rampart_context->authenticate_with_password = authenticate_with_password; + return AXIS2_SUCCESS; +} + + + +AXIS2_EXTERN auth_digest_func AXIS2_CALL +rampart_context_get_auth_digest_function( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + return rampart_context->authenticate_with_digest; +} + + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_auth_digest_function(rampart_context_t *rampart_context, + const axis2_env_t *env, + auth_digest_func authenticate_with_digest) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + AXIS2_PARAM_CHECK(env->error,authenticate_with_digest,AXIS2_FAILURE); + + rampart_context->authenticate_with_digest = authenticate_with_digest; + return AXIS2_SUCCESS; +} + +AXIS2_EXTERN rampart_authn_provider_t *AXIS2_CALL +rampart_context_get_authn_provider( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + return rampart_context->authn_provider; +} + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_set_authn_provider(rampart_context_t *rampart_context, + const axis2_env_t *env, + rampart_authn_provider_t *authn_provider) +{ + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + AXIS2_PARAM_CHECK(env->error,authn_provider,AXIS2_FAILURE); + + rampart_context->authn_provider = authn_provider; + return AXIS2_SUCCESS; +} + + + +AXIS2_EXTERN int AXIS2_CALL +rampart_context_get_binding_type( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_property_t *property = NULL; + + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + property = rp_secpolicy_get_binding(rampart_context->secpolicy,env); + if(!property) + return -1; + + return rp_property_get_type(property,env); +} + +rp_symmetric_asymmetric_binding_commons_t +*rampart_context_get_symmetric_asymmetric_binding_commons( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_property_t *property = NULL; + property = rp_secpolicy_get_binding(rampart_context->secpolicy,env); + if(!property) + return NULL; + + if(rp_property_get_type(property,env)==RP_BINDING_ASYMMETRIC) + { + rp_asymmetric_binding_t *asymmetric_binding = NULL; + asymmetric_binding = (rp_asymmetric_binding_t*)rp_property_get_value(property,env); + if(!asymmetric_binding) + return NULL; + + return rp_asymmetric_binding_get_symmetric_asymmetric_binding_commons(asymmetric_binding,env); + } + else if(rp_property_get_type(property,env)==RP_BINDING_SYMMETRIC) + { + rp_symmetric_binding_t *symmetric_binding = NULL; + symmetric_binding = (rp_symmetric_binding_t*)rp_property_get_value(property,env); + if(!symmetric_binding) + return NULL; + + return rp_symmetric_binding_get_symmetric_asymmetric_binding_commons(symmetric_binding,env); + } + else + return NULL; +} + +rp_binding_commons_t +*rampart_context_get_binding_commons( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_property_t *property = NULL; + property = rp_secpolicy_get_binding(rampart_context->secpolicy,env); + if(!property) + return NULL; + + if(rp_property_get_type(property,env)==RP_BINDING_ASYMMETRIC) + { + rp_asymmetric_binding_t *asymmetric_binding = NULL; + rp_symmetric_asymmetric_binding_commons_t *sym_asym_commons = NULL; + asymmetric_binding = (rp_asymmetric_binding_t*)rp_property_get_value(property,env); + if(!asymmetric_binding) + return NULL; + + sym_asym_commons = rp_asymmetric_binding_get_symmetric_asymmetric_binding_commons(asymmetric_binding,env); + if(!sym_asym_commons) + return NULL; + + return rp_symmetric_asymmetric_binding_commons_get_binding_commons(sym_asym_commons,env); + } + else if(rp_property_get_type(property,env)==RP_BINDING_SYMMETRIC) + { + rp_symmetric_binding_t *symmetric_binding = NULL; + rp_symmetric_asymmetric_binding_commons_t *sym_asym_commons = NULL; + symmetric_binding = (rp_symmetric_binding_t*)rp_property_get_value(property,env); + if(!symmetric_binding) + return NULL; + + sym_asym_commons = rp_symmetric_binding_get_symmetric_asymmetric_binding_commons(symmetric_binding,env); + if(!sym_asym_commons) + return NULL; + + return rp_symmetric_asymmetric_binding_commons_get_binding_commons(sym_asym_commons,env); + + } + else if(rp_property_get_type(property,env)==RP_BINDING_TRANSPORT) + { + rp_transport_binding_t *transport_binding = NULL; + transport_binding = (rp_transport_binding_t*)rp_property_get_value(property,env); + if(!transport_binding) + return NULL; + + return rp_transport_binding_get_binding_commons(transport_binding,env); + } + else + return NULL; +} +/*supporting tokens may contain under binding*/ + +rp_supporting_tokens_t +*rampart_context_get_signed_supporting_from_binding( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_binding_commons_t *commons = NULL; + commons = rampart_context_get_binding_commons(rampart_context,env); + if(!commons) + return NULL; + return rp_binding_commons_get_signed_supporting_tokens(commons,env); +} + +axis2_bool_t +rampart_context_validate_ut( + rp_username_token_t *username_token, + const axis2_env_t *env) +{ + axis2_char_t *inclusion = NULL; + axis2_bool_t bval = AXIS2_FALSE; + + bval = rp_username_token_get_useUTprofile10(username_token,env); + if(bval) + { + inclusion = rp_username_token_get_inclusion(username_token,env); + if((AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS)==0)|| + (AXIS2_STRCMP(inclusion,RP_INCLUDE_ONCE)==0)|| + (AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS_TO_RECIPIENT)==0)) + return bval; + else + bval = AXIS2_FALSE; + } + return bval; +} + + + +axis2_bool_t +rampart_context_use_username_token( + rp_supporting_tokens_t *signed_supporting, + const axis2_env_t *env) +{ + axis2_array_list_t *array_list = NULL; + axis2_bool_t bvalidate = AXIS2_FALSE; + array_list = rp_supporting_tokens_get_tokens(signed_supporting,env); + if(!array_list) + return AXIS2_FALSE; + + else + { + int i = 0; + for (i = 0; i < AXIS2_ARRAY_LIST_SIZE(array_list,env); i++) + { + rp_property_t *token = NULL; + token = (rp_property_t *) + AXIS2_ARRAY_LIST_GET(array_list,env, i); + if (token) + { + if(rp_property_get_type(token,env)==RP_TOKEN_USERNAME) + { + rp_username_token_t *username_token = + (rp_username_token_t *)rp_property_get_value(token,env); + bvalidate = rampart_context_validate_ut(username_token,env); + break; + } + } + } + } + return bvalidate; +} + +axis2_status_t rampart_context_set_nodes_to_encrypt( + rp_header_t *header, + const axis2_env_t *env, + axiom_soap_envelope_t *soap_envelope, + axis2_array_list_t *nodes_to_encrypt) +{ + axis2_char_t *namespace = NULL; + axis2_char_t *local_name = NULL; + axiom_soap_header_t *soap_header = NULL; + axiom_node_t *header_node = NULL; + + soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope,env); + if(!soap_header) + return AXIS2_FAILURE; + + namespace = (axis2_char_t *) rp_header_get_namespace(header,env); + if(!namespace) + return AXIS2_FAILURE; + + if(AXIS2_STRCMP(namespace,RP_SECURITY_NS)==0) + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] We do not encrypt security namespace headers"); + return AXIS2_FAILURE; + } + + local_name = (axis2_char_t*) rp_header_get_name(header,env); + if(!local_name) + { + axis2_array_list_t *soap_header_blocks = NULL; + int i = 0; + soap_header_blocks = AXIOM_SOAP_HEADER_GET_HEADER_BLOCKS_WITH_NAMESPACE_URI(soap_header,env,namespace); + if(!soap_header_blocks) + return AXIS2_FAILURE; + + for(i=0 ; ilog, "[rampart][rampart_context] We do not encrypt %s", local_name); + return AXIS2_FAILURE; + } + else + { + axiom_node_t *ret_node = NULL; + header_node = AXIOM_SOAP_HEADER_GET_BASE_NODE(soap_header,env); + if(header_node) + { + ret_node = oxs_axiom_get_node_by_local_name(env,header_node,local_name); + if(ret_node) + { + axiom_element_t *ret_node_ele = NULL; + ret_node_ele = (axiom_element_t *) + AXIOM_NODE_GET_DATA_ELEMENT(ret_node, env); + if(ret_node_ele) + { + axiom_namespace_t *ns = NULL; + axis2_char_t *namespace_uri = NULL; + ns = AXIOM_ELEMENT_GET_NAMESPACE(ret_node_ele, env,ret_node); + if(ns) + { + namespace_uri = AXIOM_NAMESPACE_GET_URI(ns, env); + if (AXIS2_STRCMP(namespace_uri,namespace) == 0) + { + AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt,env,ret_node); + return AXIS2_SUCCESS; + } + + } + + } + + } + } + } + return AXIS2_FAILURE; +} + +rp_algorithmsuite_t *AXIS2_CALL +rampart_context_get_algorithmsuite( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_binding_commons_t *binding_commons = NULL; + + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + binding_commons = rampart_context_get_binding_commons(rampart_context,env); + + if(!binding_commons) + return AXIS2_FALSE; + + return rp_binding_commons_get_algorithmsuite(binding_commons,env); +} + +axis2_char_t *AXIS2_CALL +rampart_context_get_key_identifier_from_wss( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_property_t *wss = NULL; + axis2_char_t *identifier = NULL; + + wss = rp_secpolicy_get_wss(rampart_context->secpolicy,env); + if(!wss) + { + identifier = RAMPART_STR_DIRECT_REFERENCE; + return identifier; + } + + if(rp_property_get_type(wss,env)==RP_WSS_WSS10) + { + rp_wss10_t *wss10 = NULL; + wss10 = rp_property_get_value(wss,env); + if(!wss10) + return NULL; + + if(rp_wss10_get_must_support_ref_key_identifier(wss10,env)) + identifier = RAMPART_STR_KEY_IDENTIFIER; + else if(rp_wss10_get_must_support_ref_issuer_serial(wss10,env)) + identifier = RAMPART_STR_ISSUER_SERIAL; + else if(rp_wss10_get_must_support_ref_external_uri(wss10,env)) + identifier = RAMPART_STR_EXTERNAL_URI; + else if(rp_wss10_get_must_support_ref_embedded_token(wss10,env)) + identifier = RAMPART_STR_EMBEDDED; + else + identifier = RAMPART_STR_DIRECT_REFERENCE; + + return identifier; + } + else if(rp_property_get_type(wss,env)==RP_WSS_WSS11) + { + rp_wss11_t *wss11 = NULL; + wss11 = rp_property_get_value(wss,env); + if(!wss11) + return NULL; + + if(rp_wss11_get_must_support_ref_key_identifier(wss11,env)) + identifier = RAMPART_STR_KEY_IDENTIFIER; + else if(rp_wss11_get_must_support_ref_issuer_serial(wss11,env)) + identifier = RAMPART_STR_ISSUER_SERIAL; + else if(rp_wss11_get_must_support_ref_external_uri(wss11,env)) + identifier = RAMPART_STR_EXTERNAL_URI; + else if(rp_wss11_get_must_support_ref_embedded_token(wss11,env)) + identifier = RAMPART_STR_EMBEDDED; + else if(rp_wss11_get_must_support_ref_thumbprint(wss11,env)) + identifier = RAMPART_STR_THUMB_PRINT; + else if(rp_wss11_get_must_support_ref_encryptedkey(wss11,env)) + identifier = RAMPART_STR_ENCRYPTED_KEY; + else + identifier = RAMPART_STR_DIRECT_REFERENCE; + + return identifier; + } + else return NULL; +} + + +AXIS2_EXTERN axis2_bool_t AXIS2_CALL +rampart_context_is_include_timestamp( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_binding_commons_t *binding_commons = NULL; + + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + binding_commons = rampart_context_get_binding_commons(rampart_context,env); + + if(!binding_commons) + return AXIS2_FALSE; + + return rp_binding_commons_get_include_timestamp(binding_commons,env); +} + +AXIS2_EXTERN axis2_bool_t AXIS2_CALL +rampart_context_is_include_username_token( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + /*Username tokens should be in signed supporting tikens. + Otherwise no meaning */ + + rp_supporting_tokens_t *signed_supporting = NULL; + + /*First we should check in the direct policy members*/ + signed_supporting = rp_secpolicy_get_signed_supporting_tokens(rampart_context->secpolicy,env); + /*If not there then we should ckeck in the binding*/ + if(!signed_supporting) + { + signed_supporting = rampart_context_get_signed_supporting_from_binding(rampart_context,env); + if(!signed_supporting) + return AXIS2_FALSE; + } + /*Now we have signed supporting tokens*/ + /*Get the user name token if available and check the validity*/ + return rampart_context_use_username_token(signed_supporting,env); +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_user( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + + rp_rampart_config_t *config = NULL; + config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env); + if(!config) + return NULL; + + return rp_rampart_config_get_user(config,env); +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_password_callback_class( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_rampart_config_t *config = NULL; + config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env); + if(!config) + return NULL; + + return rp_rampart_config_get_password_callback_class(config,env); +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_authn_module_name( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_rampart_config_t *config = NULL; + config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env); + if(!config) + return NULL; + + return rp_rampart_config_get_authenticate_module(config,env); +} + +AXIS2_EXTERN axis2_bool_t AXIS2_CALL +rampart_context_get_password_type( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + axis2_bool_t digest = AXIS2_FALSE; + axis2_char_t *type = NULL; + rp_rampart_config_t *config = NULL; + + config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env); + if(!config) + return AXIS2_FALSE; + + type = rp_rampart_config_get_password_type(config,env); + if(AXIS2_STRCMP(type,RP_DIGEST)==0) + { + digest = AXIS2_TRUE; + return digest; + } + else + return digest; +} + +AXIS2_EXTERN axis2_bool_t AXIS2_CALL +rampart_context_is_encrypt_before_sign( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + axis2_char_t *protection_order = NULL; + rp_symmetric_asymmetric_binding_commons_t *sym_asym_commons = NULL; + sym_asym_commons = rampart_context_get_symmetric_asymmetric_binding_commons(rampart_context,env); + + if(!sym_asym_commons) + return AXIS2_FALSE; + else + { + protection_order = rp_symmetric_asymmetric_binding_commons_get_protection_order(sym_asym_commons,env); + if(!protection_order || AXIS2_STRCMP(protection_order,RP_SIGN_BEFORE_ENCRYPTING)==0) + return AXIS2_FALSE; + + else if(AXIS2_STRCMP(protection_order,RP_ENCRYPT_BEFORE_SIGNING)==0) + return AXIS2_TRUE; + } + return AXIS2_FALSE; +} + +/*This method will return all the parts in the soap message +outside the security header which needs to be encrypted.*/ + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_context_get_nodes_to_encrypt( + rampart_context_t *rampart_context, + const axis2_env_t *env, + axiom_soap_envelope_t *soap_envelope, + axis2_array_list_t *nodes_to_encrypt) +{ + rp_signed_encrypted_parts_t *encrypted_parts = NULL; + axis2_array_list_t *parts = NULL; + axis2_status_t status = AXIS2_FAILURE; + + encrypted_parts = rp_secpolicy_get_encrypted_parts(rampart_context->secpolicy,env); + if(!encrypted_parts) + return AXIS2_FAILURE; + + parts = rp_signed_encrypted_parts_get_headers(encrypted_parts,env); + if(!parts || (AXIS2_ARRAY_LIST_SIZE(parts,env)==0)) + { + if(rp_signed_encrypted_parts_get_body(encrypted_parts,env)) + { + axiom_soap_body_t *body = NULL; + axiom_node_t *body_node = NULL; + axiom_node_t *body_child_node = NULL; + + AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] No encryption parts specified. Using the body."); + body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env); + body_node = AXIOM_SOAP_BODY_GET_BASE_NODE(body, env); + body_child_node = AXIOM_NODE_GET_FIRST_CHILD(body_node, env); + AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt, env, body_child_node); + return AXIS2_SUCCESS; + } + else + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_context] Nothing to encrypt"); + return AXIS2_FAILURE; + } + } + else + { + int i = 0; + for(i=0; ilog, "[rampart][rampart_context] Including the body the body."); + body = AXIOM_SOAP_ENVELOPE_GET_BODY(soap_envelope, env); + body_node = AXIOM_SOAP_BODY_GET_BASE_NODE(body, env); + body_child_node = AXIOM_NODE_GET_FIRST_CHILD(body_node, env); + AXIS2_ARRAY_LIST_ADD(nodes_to_encrypt, env, body_child_node); + return AXIS2_SUCCESS; + } + + } + return AXIS2_FAILURE; +} + + +AXIS2_EXTERN axis2_bool_t AXIS2_CALL +rampart_context_check_whether_to_encrypt( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_signed_encrypted_parts_t *encrypted_parts = NULL; + axis2_array_list_t *parts = NULL; + + encrypted_parts = rp_secpolicy_get_encrypted_parts(rampart_context->secpolicy,env); + if(!encrypted_parts) + return AXIS2_FALSE; + + parts = rp_signed_encrypted_parts_get_headers(encrypted_parts,env); + if(!parts || (AXIS2_ARRAY_LIST_SIZE(parts,env)==0)) + { + if(rp_signed_encrypted_parts_get_body(encrypted_parts,env)) + return AXIS2_TRUE; + + else + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_context]No encryption parts specified Nothing to decrypt"); + return AXIS2_FALSE; + } + } + return AXIS2_TRUE; +} + +AXIS2_EXTERN rp_property_t *AXIS2_CALL +rampart_context_get_token( + rampart_context_t *rampart_context, + const axis2_env_t *env, + axis2_bool_t for_encryption, + axis2_bool_t server_side) +{ + rp_property_t *binding = NULL; + binding = rp_secpolicy_get_binding(rampart_context->secpolicy,env); + if(!binding) + return NULL; + + if(rp_property_get_type(binding,env)==RP_BINDING_ASYMMETRIC) + { + rp_asymmetric_binding_t *asym_binding = NULL; + asym_binding = (rp_asymmetric_binding_t *)rp_property_get_value(binding,env); + if(asym_binding) + { + if((for_encryption && server_side) || (!for_encryption && !server_side)) + { + return rp_asymmetric_binding_get_initiator_token(asym_binding,env); + } + else if((for_encryption && !server_side) || (!for_encryption && server_side)) + { + return rp_asymmetric_binding_get_recipient_token(asym_binding,env); + } + else return NULL; + } + else + return NULL; + } + /*In symmetric binding same tokens are used in the client and server sides.*/ + else if(rp_property_get_type(binding,env)==RP_BINDING_SYMMETRIC) + { + rp_symmetric_binding_t *sym_binding = NULL; + rp_property_t *token = NULL; + sym_binding = (rp_symmetric_binding_t *)rp_property_get_value(binding,env); + if(sym_binding) + { + /*First check protection tokens have being specified.*/ + token = rp_symmetric_binding_get_protection_token(sym_binding,env); + if(token) + return token; + + else + { + if(for_encryption) + { + return rp_symmetric_binding_get_encryption_token(sym_binding,env); + } + else + { + return rp_symmetric_binding_get_signature_token(sym_binding,env); + } + } + } + else + return NULL; + } + else if(rp_property_get_type(binding,env)==RP_BINDING_TRANSPORT) + { + rp_transport_binding_t *transport_binding = NULL; + transport_binding = (rp_transport_binding_t *)rp_property_get_value(binding,env); + if(transport_binding) + { + return rp_transport_binding_get_transport_token(transport_binding,env); + } + else return NULL; + } + else return NULL; +} + +AXIS2_EXTERN axis2_bool_t AXIS2_CALL +rampart_context_check_is_derived_keys( + const axis2_env_t *env, + rp_property_t *token) +{ + if(rp_property_get_type(token,env)==RP_TOKEN_X509) + { + rp_x509_token_t *x509_token = NULL; + x509_token = (rp_x509_token_t *)rp_property_get_value(token,env); + return rp_x509_token_get_derivedkeys(x509_token,env); + } + /*This can be extended when we are supporting other token types.*/ + else + return AXIS2_FALSE; +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_enc_sym_algo( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_algorithmsuite_t *algosuite = NULL; + + algosuite = rampart_context_get_algorithmsuite(rampart_context,env); + if(algosuite) + { + return rp_algorithmsuite_get_encryption(algosuite,env); + } + else + return NULL; +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_enc_asym_algo( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_algorithmsuite_t *algosuite = NULL; + + algosuite = rampart_context_get_algorithmsuite(rampart_context,env); + if(algosuite) + { + return rp_algorithmsuite_get_asymmetrickeywrap(algosuite,env); + } + else + return NULL; +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_encryption_prop_file( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_rampart_config_t *rampart_config = NULL; + rp_encryption_crypto_t *enc_crypto = NULL; + + rampart_config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env); + if(rampart_config) + { + enc_crypto = rp_rampart_config_get_encryption_crypto(rampart_config,env); + if(enc_crypto) + { + return rp_encryption_crypto_get_encryption_prop_file(enc_crypto,env); + } + else + return NULL; + } + else + return NULL; +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_decryption_prop_file( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_rampart_config_t *rampart_config = NULL; + rp_encryption_crypto_t *enc_crypto = NULL; + + rampart_config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env); + if(rampart_config) + { + enc_crypto = rp_rampart_config_get_encryption_crypto(rampart_config,env); + if(enc_crypto) + { + return rp_encryption_crypto_get_decryption_prop_file(enc_crypto,env); + } + else + return NULL; + } + else + return NULL; +} + + + + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_encryption_user( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_rampart_config_t *config = NULL; + config = rp_secpolicy_get_rampart_config(rampart_context->secpolicy,env); + if(!config) + return NULL; + + return rp_rampart_config_get_encryption_user(config,env); + +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_enc_key_identifier( + rampart_context_t *rampart_context, + rp_property_t *token, + axis2_bool_t server_side, + const axis2_env_t *env) +{ + axis2_char_t *inclusion = NULL; + axis2_bool_t include = AXIS2_TRUE; + axis2_char_t *identifier = NULL; + + if(rp_property_get_type(token,env)==RP_TOKEN_X509) + { + rp_x509_token_t *x509_token = NULL; + x509_token = (rp_x509_token_t *)rp_property_get_value(token,env); + inclusion = rp_x509_token_get_inclusion(x509_token,env); + + if(server_side) + include = ((AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS)==0)|| + (AXIS2_STRCMP(inclusion,RP_INCLUDE_ONCE)==0)); + else + include = ((AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS)==0)|| + (AXIS2_STRCMP(inclusion,RP_INCLUDE_ONCE)==0)|| + (AXIS2_STRCMP(inclusion,RP_INCLUDE_ALWAYS_TO_RECIPIENT)==0)); + + if(include) + { + if(rp_x509_token_get_require_key_identifier_reference(x509_token,env)) + identifier = RAMPART_STR_KEY_IDENTIFIER; + else if(rp_x509_token_get_require_issuer_serial_reference(x509_token,env)) + identifier = RAMPART_STR_ISSUER_SERIAL; + else if(rp_x509_token_get_require_embedded_token_reference(x509_token,env)) + identifier = RAMPART_STR_EMBEDDED; + else if(rp_x509_token_get_require_thumb_print_reference(x509_token,env)) + identifier = RAMPART_STR_THUMB_PRINT; + else + return rampart_context_get_key_identifier_from_wss(rampart_context,env); + + return identifier; + } + else return NULL; + + } + /*This can be extended when we are supporting other token types.*/ + else return NULL; +} + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_context_get_layout( + rampart_context_t *rampart_context, + const axis2_env_t *env) +{ + rp_binding_commons_t *binding_commons = NULL; + rp_layout_t *layout = NULL; + + AXIS2_ENV_CHECK(env, AXIS2_FAILURE); + + binding_commons = rampart_context_get_binding_commons(rampart_context,env); + + if(!binding_commons) + return NULL; + + layout = rp_binding_commons_get_layout(binding_commons,env); + if(!layout) + return RP_LAYOUT_STRICT; + + return rp_layout_get_value(layout,env); +} Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c (original) +++ webservices/axis2/trunk/c/rampart/src/util/rampart_encryption.c Tue Feb 13 22:20:06 2007 @@ -46,7 +46,7 @@ **/ /*Private function implementations*/ - +/* static axis2_status_t rampart_enc_get_nodes_to_encrypt(const axis2_env_t *env, rampart_actions_t *actions, @@ -55,10 +55,7 @@ { axis2_char_t *encryption_parts = NULL; - /*Get encryption parts*/ encryption_parts = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ENCRYPTION_PARTS(actions, env), env); - /*If no encryption parts are specified use body as default... - * Well...hmmm.. the child of the body infact*/ if((!encryption_parts) || (0 == AXIS2_STRCMP(encryption_parts, "") || (0 == AXIS2_STRCMP(encryption_parts, "Body")))){ axiom_soap_body_t *body = NULL; axiom_node_t *body_node = NULL; @@ -82,12 +79,10 @@ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] EncryptionParts specified = %s", encryption_parts); envelope_node = AXIOM_SOAP_ENVELOPE_GET_BASE_NODE(soap_envelope, env); - /*Tokenize*/ str_list = axis2_tokenize(env, encryption_parts, ' '); size = AXIS2_ARRAY_LIST_SIZE(str_list, env); for(i=0 ; i < size ; i++ ){ local_name = AXIS2_ARRAY_LIST_GET(str_list, env, i); - /*We do not encrypt the security header*/ if(0 == AXIS2_STRCMP(local_name, "Security")){ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] We do not encrypt %s", local_name); continue; @@ -100,7 +95,7 @@ return AXIS2_SUCCESS; } - +*/ @@ -108,7 +103,7 @@ AXIS2_EXTERN axis2_status_t AXIS2_CALL rampart_enc_encrypt_message(const axis2_env_t *env, axis2_msg_ctx_t *msg_ctx, - rampart_actions_t *actions, + rampart_context_t *rampart_context, axiom_soap_envelope_t *soap_envelope, axiom_node_t *sec_node) { @@ -122,14 +117,46 @@ axis2_char_t *password = NULL; oxs_key_t *session_key = NULL; oxs_asym_ctx_t *asym_ctx = NULL; + axis2_bool_t server_side = AXIS2_FALSE; + int token_type = 0; + rp_property_t *token = NULL; + axis2_char_t *enc_user = NULL; + rampart_callback_t *password_callback = NULL; + pfunc password_function = NULL; + void *param = NULL; int i = 0; /*Get nodes to be encrypted*/ - nodes_to_encrypt = axis2_array_list_create(env, 5); - status = rampart_enc_get_nodes_to_encrypt(env, actions, soap_envelope, nodes_to_encrypt); + server_side = axis2_msg_ctx_get_server_side(msg_ctx,env); + nodes_to_encrypt = axis2_array_list_create(env,0); + status = rampart_context_get_nodes_to_encrypt(rampart_context,env,soap_envelope,nodes_to_encrypt); + + if((status!=AXIS2_SUCCESS)||(AXIS2_ARRAY_LIST_SIZE(nodes_to_encrypt,env)==0)) + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No parts specified or specified parts can't be found for encryprion."); + return AXIS2_SUCCESS; + } + /*Now we have to check whether a token is specified.*/ + token = rampart_context_get_token(rampart_context,env,AXIS2_TRUE,server_side); + if(!token) + { + AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] Encryption Token is not specified"); + return AXIS2_SUCCESS; + } + token_type = rp_property_get_type(token,env); + if(token_type != RP_TOKEN_X509) + { + AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] We only support X509 tokens"); + return AXIS2_SUCCESS; + } + if(rampart_context_check_is_derived_keys(env,token)) + { + AXIS2_LOG_INFO(env->log,"[rampart][rampart_encryption] We still do not support derived keys"); + return AXIS2_FAILURE; + } /*Get the symmetric encryption algorithm*/ - enc_sym_algo = RAMPART_ACTIONS_GET_ENC_SYM_ALGO(actions, env); + enc_sym_algo = rampart_context_get_enc_sym_algo(rampart_context,env); /*If not specified set the default*/ if(!enc_sym_algo || (0 == AXIS2_STRCMP(enc_sym_algo, ""))){ AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] No symmetric algorithm is specified for encryption. Using the default"); @@ -176,19 +203,48 @@ } } /*Get the asymmetric key encryption algorithm*/ - enc_asym_algo = RAMPART_ACTIONS_GET_ENC_KT_ALGO(actions, env); + enc_asym_algo = rampart_context_get_enc_asym_algo(rampart_context,env); /*Get the certificate file name*/ - certificate_file = RAMPART_ACTIONS_GET_ENC_KEY_FILE(actions, env); + certificate_file = rampart_context_get_encryption_prop_file(rampart_context,env); + + /*Get the password to retrieve the key from key store*/ - password = rampart_callback_encuser_password(env, actions, msg_ctx); + enc_user = rampart_context_get_encryption_user(rampart_context,env); + + if(!enc_user) + enc_user = rampart_context_get_user(rampart_context,env); + + if(!enc_user) + return AXIS2_FAILURE; + + password_function = rampart_context_get_password_function(rampart_context,env); + if(password_function) + password = (*password_function)(env,enc_user,param); + + else + { + password_callback = rampart_context_get_password_callback(rampart_context,env); + if(!password_callback) + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] Password call back module is not loaded."); + return AXIS2_FAILURE; + } + password = rampart_callback_password(env, password_callback, enc_user); + } +/* password = rampart_callback_encuser_password(env, actions, msg_ctx);*/ /*Get encryption key identifier*/ - eki = RAMPART_ACTIONS_GET_ENC_KEY_IDENTIFIER(actions, env); + eki = rampart_context_get_enc_key_identifier(rampart_context,token,server_side,env); + if(!eki) + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_encryption] The token is not needed for inclusion."); + return AXIS2_SUCCESS; + } /*Create asymmetric encryption context*/ asym_ctx = oxs_asym_ctx_create(env); oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo); oxs_asym_ctx_set_file_name(asym_ctx, env, certificate_file); - oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env)); +/* oxs_asym_ctx_set_pem_buf(asym_ctx, env, RAMPART_ACTIONS_GET_KEY_BUF(actions, env));*/ oxs_asym_ctx_set_password(asym_ctx, env, password); oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT); oxs_asym_ctx_set_st_ref_pattern(asym_ctx, env, eki); Added: webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c?view=auto&rev=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c (added) +++ webservices/axis2/trunk/c/rampart/src/util/rampart_engine.c Tue Feb 13 22:20:06 2007 @@ -0,0 +1,86 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* + * + */ + +#include + +/*This method sets all the configurations + loads required modules and start rampart.*/ + + +AXIS2_EXTERN rampart_context_t* AXIS2_CALL +rampart_engine_init(const axis2_env_t *env, + axis2_msg_ctx_t *msg_ctx, + axis2_char_t *x_flow_policy) +{ + + axis2_char_t *file_name = NULL; + rampart_context_t *rampart_context = NULL; + rp_secpolicy_t *secpolicy = NULL; + rampart_callback_t* password_callback_module = NULL; + rampart_authn_provider_t *authn_provider = NULL; + axis2_char_t *pwcb_module_name = NULL; + axis2_char_t *authn_provider_name = NULL; + + file_name = rampart_get_policy_location(env,msg_ctx,x_flow_policy); + if(!file_name) + { + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_Engine] No Security in the flow. So nothing to do"); + return NULL; + } + + secpolicy = rp_policy_create_from_file(env,file_name); + + if(!secpolicy) + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine] Cannot get policy" ); + /*No policy so we cant proceed.*/ + return NULL; + } + rampart_context = rampart_context_create(env); + + if(!rampart_context) + { + AXIS2_LOG_INFO(env->log, "[rampart][rampart_Engine] Cannot get Rampart Context " ); + /*No policy so we cant proceed.*/ + return NULL; + } + + rampart_context_set_secpolicy(rampart_context,env,secpolicy); + + pwcb_module_name = rampart_context_get_password_callback_class(rampart_context,env); + + if(pwcb_module_name) + { + password_callback_module = rampart_load_pwcb_module(env,pwcb_module_name); + if(password_callback_module) + rampart_context_set_password_callback(rampart_context,env,password_callback_module); + } + authn_provider_name = rampart_context_get_authn_module_name(rampart_context,env); + + if(authn_provider_name) + { + authn_provider = rampart_load_auth_module(env,authn_provider_name); + if(authn_provider) + rampart_context_set_authn_provider(rampart_context,env,authn_provider); + } + return rampart_context; +} Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c (original) +++ webservices/axis2/trunk/c/rampart/src/util/rampart_handler_util.c Tue Feb 13 22:20:06 2007 @@ -72,6 +72,11 @@ axis2_msg_ctx_t *msg_ctx, axiom_node_t *sec_node); +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_get_policy_location(const axis2_env_t *env, + axis2_msg_ctx_t *msg_ctx, + axis2_char_t *param_name); + /**********************end of header functions ****************************/ axis2_char_t* AXIS2_CALL @@ -80,10 +85,9 @@ axis2_msg_ctx_t *msg_ctx) { axis2_char_t *enc_user = NULL; - axis2_char_t *pw_callback_module_name = NULL; + axis2_char_t *pw_callback_module = NULL; axis2_char_t *password = NULL; axis2_ctx_t *ctx = NULL; - rampart_callback_t *pwcb = NULL; /*Check if encUserPassword is in the context. This is designed specially for PHP i.e.In any context in the context hierarchy starting from msg, op, svc, etc.*/ @@ -96,8 +100,8 @@ /*If not found then callback the password*/ enc_user = RAMPART_ACTIONS_GET_ENC_USER(actions, env); - pw_callback_module_name = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env); - if(!pw_callback_module_name){ + pw_callback_module = RAMPART_ACTIONS_GET_PW_CB_CLASS(actions, env); + if(!pw_callback_module){ return NULL; } if(!enc_user){ @@ -109,18 +113,13 @@ } } /*Get axis2_ctx_t. This is designed specially for PHP*/ - pwcb = rampart_load_pwcb_module(env, pw_callback_module_name); - if(!pwcb){ - AXIS2_LOG_INFO(env->log, "[rampart][rhu] Password callback module %s is NULL", pw_callback_module_name); - return NULL; - }else{ - password = rampart_callback_password(env, pwcb, enc_user, ctx); - } + +/* password = rampart_callback_password(env, pw_callback_module, enc_user, ctx);*/ +/* password = rampart_callback_password(env, pw_callback_module, enc_user);*/ return password; } - axis2_char_t* AXIS2_CALL rampart_get_property_from_ctx(const axis2_env_t *env, axis2_ctx_t *ctx, @@ -320,5 +319,28 @@ } return AXIS2_SUCCESS; +} + + +AXIS2_EXTERN axis2_char_t *AXIS2_CALL +rampart_get_policy_location(const axis2_env_t *env, + axis2_msg_ctx_t *msg_ctx, + axis2_char_t *param_name) + +{ + axis2_param_t *param_x_flow_security = NULL; + axis2_char_t *value = NULL; + + param_x_flow_security = rampart_get_security_param(env, msg_ctx, + param_name); + + if (!param_x_flow_security) + { + AXIS2_LOG_INFO(env->log, + "[rampart][rampart_handler_utils] some error in the configurations"); + return NULL; + } + value = AXIS2_PARAM_GET_VALUE(param_x_flow_security, env); + return value; } Modified: webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c?view=diff&rev=507411&r1=507410&r2=507411 ============================================================================== --- webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c (original) +++ webservices/axis2/trunk/c/rampart/src/util/rampart_sec_header_builder.c Tue Feb 13 22:20:06 2007 @@ -17,7 +17,6 @@ #include #include -#include #include #include #include @@ -48,17 +47,158 @@ /*Public functions*/ + +AXIS2_EXTERN axis2_status_t AXIS2_CALL +rampart_shb_build_message(const axis2_env_t *env, + axis2_msg_ctx_t *msg_ctx, + rampart_context_t *rampart_context, + axiom_soap_envelope_t *soap_envelope) +{ + + axis2_status_t status = AXIS2_FAILURE; + axiom_soap_header_t *soap_header = NULL; + axiom_node_t *soap_header_node = NULL; + axiom_element_t *soap_header_ele = NULL; + axiom_soap_header_block_t *sec_header_block = NULL; + axiom_namespace_t *sec_ns_obj = NULL; + axiom_node_t *sec_node = NULL; + axiom_element_t *sec_ele = NULL; + + AXIS2_ENV_CHECK(env,AXIS2_FAILURE); + soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env); + soap_header_node = AXIOM_SOAP_HEADER_GET_BASE_NODE(soap_header, env); + soap_header_ele = (axiom_element_t *)AXIOM_NODE_GET_DATA_ELEMENT( + soap_header_node, env); + + + sec_ns_obj = axiom_namespace_create(env, RAMPART_WSSE_XMLNS, + RAMPART_WSSE); + + sec_header_block = AXIOM_SOAP_HEADER_ADD_HEADER_BLOCK(soap_header, + env, RAMPART_SECURITY, sec_ns_obj); + + if(!sec_header_block) + { + AXIS2_LOG_INFO(env->log, "[rampart][shb] Security header block is NULL"); + return AXIS2_SUCCESS; + } + + AXIOM_SOAP_HEADER_BLOCK_SET_MUST_UNDERSTAND_WITH_BOOL(sec_header_block, + env, AXIS2_TRUE); + + sec_node = AXIOM_SOAP_HEADER_BLOCK_GET_BASE_NODE(sec_header_block, env); + sec_ele = (axiom_element_t *) + AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env); + + /*check the binding*/ + if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_ASYMMETRIC) + { + /*Do Asymmetric Binding specific things*/ + + /*Timestamp Inclusion*/ + if(rampart_context_is_include_timestamp(rampart_context,env)) + { + rampart_timestamp_token_t *timestamp_token = NULL; + int ttl = -1; + AXIS2_LOG_INFO(env->log, "[rampart][shb] building Timestamp Token"); + AXIS2_LOG_INFO(env->log, "[rampart][shb] Using default timeToLive value %d", + RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE); + ttl = RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE; + + timestamp_token = rampart_timestamp_token_create(env); + status = RAMPART_TIMESTAMP_TOKEN_BUILD(timestamp_token, env, + sec_node, sec_ns_obj, ttl); + if (status == AXIS2_FAILURE) + { + AXIS2_LOG_INFO(env->log, "[rampart][shb] Timestamp Token build failed. ERROR"); + return AXIS2_FAILURE; + } + } + + /*Check whether we need username token*/ + /*User name tokens includes in messages sent from client to server*/ + if(!axis2_msg_ctx_get_server_side(msg_ctx,env)) + { + if(rampart_context_is_include_username_token(rampart_context,env)) + { + rampart_username_token_t *username_token = NULL; + + username_token = rampart_username_token_create(env); + /*Now we are passing rampart_context here so inside this method user can + relevant parameters are extracted. */ + + AXIS2_LOG_INFO(env->log, "[rampart][shb] building UsernmaeToken"); + status = RAMPART_USERNAME_TOKEN_BUILD(username_token, + env, + rampart_context, + sec_node, + sec_ns_obj); + if (status == AXIS2_FAILURE) + { + AXIS2_LOG_INFO(env->log, "[rampart][shb] UsernmaeToken build failed. ERROR"); + return AXIS2_FAILURE; + } + } + } + /*Check the encryption and signature order*/ + if(rampart_context_is_encrypt_before_sign(rampart_context,env)) + { + /*Check what are the parts to encrypt and send them to the encrypt method*/ + status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node); + if(!status) + return AXIS2_FAILURE; + + + /*Then do signature specific things*/ + /*Then Handle Supporting token stuff */ + } + else + { + /*First do signature specific stuff*/ + + /*Then Handle Encryption stuff*/ + + status = rampart_enc_encrypt_message(env, msg_ctx,rampart_context,soap_envelope,sec_node); + if(!status) + return AXIS2_FAILURE; + + } + + return AXIS2_SUCCESS; + } + else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_SYMMETRIC) + { + /*Do Symmetric_binding specific things*/ + AXIS2_LOG_INFO(env->log, "[rampart][shb] Symmetric Binding. We do not support yet"); + return AXIS2_FAILURE; + } + else if((rampart_context_get_binding_type(rampart_context,env)) == RP_BINDING_TRANSPORT) + { + /*Do Transport Binding specific things */ + AXIS2_LOG_INFO(env->log, "[rampart][shb] Transport Binding. We do not support yet"); + return AXIS2_FAILURE; + } + else + return AXIS2_FAILURE; + /*Timestamp Inclusion*/ + + /*username Token inclusion*/ + + /*check the protection order*/ + + +} +/* AXIS2_EXTERN axis2_status_t AXIS2_CALL rampart_shb_build_message(const axis2_env_t *env, axis2_msg_ctx_t *msg_ctx, - rampart_actions_t *actions, + rampart_context_t *rampart_context, axiom_soap_envelope_t *soap_envelope) { axis2_status_t status = AXIS2_FAILURE; AXIS2_ENV_CHECK(env, AXIS2_FAILURE); AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE); - /*We need a SOAP envelope.*/ if(soap_envelope){ axis2_ctx_t *ctx = NULL; axiom_soap_header_t *soap_header = NULL; @@ -68,7 +208,6 @@ axiom_soap_header_block_t *sec_header_block = NULL; axiom_namespace_t *sec_ns_obj = NULL; - /*We are checking for the soap header element*/ soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env); soap_header_node = AXIOM_SOAP_HEADER_GET_BASE_NODE(soap_header, env); soap_header_ele = (axiom_element_t *)AXIOM_NODE_GET_DATA_ELEMENT( @@ -89,7 +228,6 @@ sec_header_block = AXIOM_SOAP_HEADER_ADD_HEADER_BLOCK(soap_header, env, RAMPART_SECURITY, sec_ns_obj); - /*Set mustUnderstand=1*/ AXIOM_SOAP_HEADER_BLOCK_SET_MUST_UNDERSTAND_WITH_BOOL(sec_header_block, env, AXIS2_TRUE); @@ -105,7 +243,6 @@ sec_ele = (axiom_element_t *) AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env); - /*Get action items seperated by spaces*/ string_list = axis2_tokenize(env, items, ' '); if (string_list) { @@ -113,11 +250,9 @@ } ctx = AXIS2_MSG_CTX_GET_BASE(msg_ctx, env); - /*Iterate thru items. Eg. Usernmaetoken, Timestamp, Encrypt, Signature*/ for (i = 0; i < size; i++) { item = AXIS2_ARRAY_LIST_GET(string_list, env, i); - /*Username token*/ if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN , AXIS2_STRTRIM(env, item, NULL))) { @@ -136,8 +271,6 @@ AXIS2_LOG_INFO(env->log, "[rampart][shb] UsernmaeToken build failed. ERROR"); return AXIS2_FAILURE; } - /*TODO free*/ - /*Timestamp token*/ } else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))) @@ -148,7 +281,6 @@ AXIS2_LOG_INFO(env->log, "[rampart][shb] building Timestamp Token"); ttl_str = RAMPART_ACTIONS_GET_TIME_TO_LIVE(actions, env); - /*Check for the ttl. If not specified use the default*/ if(!ttl_str){ AXIS2_LOG_INFO(env->log, "[rampart][shb] Using default timeToLive value %d", RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE); @@ -164,7 +296,6 @@ AXIS2_LOG_INFO(env->log, "[rampart][shb] Timestamp Token build failed. ERROR"); return AXIS2_FAILURE; } - /*Encrypt*/ } else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_ENCRYPT, AXIS2_STRTRIM(env, item, NULL))) @@ -178,31 +309,29 @@ return AXIS2_FAILURE; } - /*Signature*/ } else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_SIGNATURE, AXIS2_STRTRIM(env, item, NULL))) { AXIS2_LOG_INFO(env->log, "[rampart][shb] Signing message. We do not support yet"); - /*Any other type of action*/ } else { AXIS2_LOG_INFO(env->log, "[rampart][shb] We do not support %s item yet" , item); } - }/*End of for*/ + } } else { AXIS2_LOG_INFO(env->log, "[rampart][shb] Security header block is NULL"); } - }else{/*No SOAP message*/ + }else{ return AXIS2_FAILURE; } return AXIS2_SUCCESS; } - +*/ --------------------------------------------------------------------- To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org For additional commands, e-mail: axis-cvs-help@ws.apache.org