Skip to content
Permalink
Browse files
Committing changes made in Username token and Timestamp token validat…
…ion precedures.
  • Loading branch information
Malinda Kaushalye Kapuruge committed Aug 28, 2006
1 parent e510fdb commit e314e8ead2b9bb694025e5cea01ac78a1fe8b9f9
Showing 18 changed files with 838 additions and 261 deletions.
@@ -1,4 +1,4 @@
SUBDIRS = src
SUBDIRS = src test samples
include_HEADERS=$(top_builddir)/include/*.h
EXTRA_DIST = LICENSE build.sh autogen.sh

2 NEWS
@@ -1,6 +1,6 @@
We are happy to announce the first release of Rampart/C which is the security module for Apache Axis2/C

You can get the lates version from https://svn.apache.org/repos/asf/webservices/axis2/trunk/c/rampart
You can get the latest svn checkout from https://svn.apache.org/repos/asf/webservices/axis2/trunk/c/rampart

Key features
-------------
@@ -22,7 +22,8 @@ AC_CHECK_LIB(dl, dlopen)

CFLAGS="$CFLAGS -D_LARGEFILE64_SOURCE"
if test "$GCC" = "yes"; then
CFLAGS="$CFLAGS -ansi -Wall -Wno-implicit-function-declaration -Werror"
CFLAGS="$CFLAGS -ansi -Werror -Wall -Wno-implicit-function-declaration"
#CFLAGS="$CFLAGS -ansi -Wall -Wno-implicit-function-declaration"
fi
LDFLAGS="-lpthread"

@@ -95,6 +96,8 @@ AC_SUBST(XMLSCHEMAINC)

AC_CONFIG_FILES([Makefile \
src/Makefile \
src/omxmlsec/Makefile\
src/omxmlsec/openssl/Makefile\
src/data/Makefile \
src/handlers/Makefile \
src/core/Makefile\
@@ -103,7 +106,12 @@ AC_CONFIG_FILES([Makefile \
samples/callback/Makefile \
samples/client/Makefile \
samples/client/echo/Makefile \
samples/client/echo/data/Makefile
samples/client/echo/data/Makefile \
test/Makefile \
test/omxmlsec/Makefile \
test/util/Makefile \
test/openssl/Makefile \
test/openssl/rsa/Makefile
])

AC_OUTPUT
@@ -42,7 +42,7 @@ axis2_get_instance(rampart_callback_t **inst,

/*assign function pointers*/

rcb->ops->get_password = get_sample_password;
rcb->ops->callback_password = get_sample_password;

*inst = rcb;

@@ -21,6 +21,7 @@ echo_LDADD = $(LDFLAGS) \
$(LIBXML2_LIBS)

INCLUDES = -I$(AXIS2C_HOME)/include \
-I$(top_builddir)/include \
@UTILINC@ \
@AXIOMINC@

@@ -26,6 +26,7 @@
<passwordType>passwordText</passwordType>
<!--Following shoud change with your DLL or SO path-->
<passwordCallbackClass>/home/kau/axis2/c/deploy/rampart/samples/callback/libpwcb.so</passwordCallbackClass>
<timeToLive>360</timeToLive>
</action>
</parameter>

@@ -19,6 +19,9 @@
#include <axis2_util.h>
#include <axiom_soap.h>
#include <axis2_client.h>
#include <rampart_constants.h>

#define DYN_SETTINGS 1

axiom_node_t *
build_om_payload_for_echo_svc(const axis2_env_t *env);
@@ -34,7 +37,14 @@ int main(int argc, char** argv)
axis2_svc_client_t* svc_client = NULL;
axiom_node_t *payload = NULL;
axiom_node_t *ret_node = NULL;

#ifdef DYN_SETTINGS
axis2_property_t *un_property = NULL;
axis2_property_t *pw_property = NULL;
axis2_property_t *pw_type_property = NULL;
axis2_property_t *items_property = NULL;
axis2_property_t *pw_cb_property = NULL;
axis2_property_t *time_to_live_property = NULL;
#endif
/* Set up the environment */
env = axis2_env_create_all("echo.log", AXIS2_LOG_LEVEL_TRACE);

@@ -72,16 +82,33 @@ int main(int argc, char** argv)
* following code section.
*/

/*
#ifdef DYN_SETTINGS
un_property = axis2_property_create(env);
AXIS2_PROPERTY_SET_VALUE(un_property, env, "Raigama");
AXIS2_OPTIONS_SET_PROPERTY(options, env, "user", un_property);
AXIS2_PROPERTY_SET_VALUE(un_property, env, "Raigama");
AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_USER, un_property);

pw_property = axis2_property_create(env);
AXIS2_PROPERTY_SET_VALUE(pw_property, env, "RaigamaPW");
AXIS2_OPTIONS_SET_PROPERTY(options, env, "password", pw_property);
*/
AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_PASSWORD, pw_property);

pw_type_property = axis2_property_create(env);
AXIS2_PROPERTY_SET_VALUE(pw_type_property, env, RAMPART_PASSWORD_DIGEST);
AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_PASSWORD_TYPE, pw_type_property);

/*Make sure these action itmes are validated by the server side. Otherwise error*/
items_property = axis2_property_create(env);
AXIS2_PROPERTY_SET_VALUE(items_property, env, "UsernameToken Timestamp" );
AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_ITEMS, items_property);

/*Make sure this is the correct path for the callback module*/
pw_cb_property = axis2_property_create(env);
AXIS2_PROPERTY_SET_VALUE(pw_cb_property, env, "/home/kau/axis2/c/deploy/rampart/samples/callback/libpwcb.so");
AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_PW_CALLBACK_CLASS , pw_cb_property);

time_to_live_property = axis2_property_create(env);
AXIS2_PROPERTY_SET_VALUE(time_to_live_property, env, "420");
AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_TIME_TO_LIVE, time_to_live_property);
#endif

if(!client_home)
{
@@ -25,9 +25,9 @@
#include <axis2_msg_info_headers.h>
#include <axis2_property.h>
#include <rampart_constants.h>
#include <username_token.h>
#include <rampart_username_token.h>
#include <rampart_handler_util.h>
#include <timestamp_token.h>
#include <rampart_timestamp_token.h>
#include <rampart_util.h>
#include <rampart_crypto_engine.h>

@@ -75,21 +75,23 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
axiom_node_t *sec_node, *ts_node = NULL;
axiom_element_t *sec_ele, *ts_ele = NULL;
axis2_status_t enc_status = AXIS2_FAILURE;
rampart_actions_t *actions = NULL;

AXIS2_ENV_CHECK( env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);

rampart_print_info(env," Starting rampart in handler ");

/*Get SOAP envelope*/
soap_envelope = AXIS2_MSG_CTX_GET_SOAP_ENVELOPE(msg_ctx, env);

if (soap_envelope)
{
/*Get SOAP header*/
soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
if (soap_header)
{
axis2_char_t* item = NULL;
rampart_print_info(env,"soap header found");
AXIS2_LOG_TRACE(env->log, AXIS2_LOG_SI, "SOAP header found");
/*Check InFlowSecurity parameters*/

ctx = AXIS2_MSG_CTX_GET_BASE (msg_ctx, env);
@@ -129,8 +131,14 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
rampart_print_info(env,"Cannot find first action element");
return AXIS2_FAILURE;
}

items= rampart_get_action_params(env, param_action,RAMPART_ACTION_ITEMS);
/*Create and populate rampart actions*/
actions = rampart_actions_create(env);
status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions, env, param_action);
/*Then re-populate using the axis2_ctx*/
status = RAMPART_ACTIONS_POPULATE_FROM_CTX(actions, env, ctx);

/*items = RAMPART_ACTIONS_GET_ITEMS(actions, env);*/
items = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ITEMS(actions, env), env);

if(!items)
{
@@ -158,13 +166,16 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
sec_ele = AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env);

if( 0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item, NULL)) )
{
{ rampart_username_token_t *username_token = NULL;
axis2_status_t valid_user = AXIS2_FAILURE;

username_token = rampart_username_token_create(env);
rampart_print_info(env,"Validate usernametoken ");
valid_user = rampart_validate_username_token(env, msg_ctx,soap_header, param_action);
valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env,
msg_ctx,soap_header, actions);
if(valid_user)
{
rampart_print_info(env,"I know this user ");
rampart_print_info(env,"User validation success ");
status = AXIS2_SUCCESS;
}else{
axis2_array_list_t *sub_codes = NULL;
@@ -184,7 +195,7 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
rampart_crypto_engine_t *engine = NULL;
printf("InHandler : Decrypt..............................\n");
engine = rampart_crypto_engine_create(env);
enc_status = RAMPART_CRYPTO_ENGINE_DECRYPT_MESSAGE(engine, env, msg_ctx, param_action, soap_envelope, sec_node);
enc_status = RAMPART_CRYPTO_ENGINE_DECRYPT_MESSAGE(engine, env, msg_ctx, actions, soap_envelope, sec_node);

RAMPART_CRYPTO_ENGINE_FREE(engine, env);
if(enc_status != AXIS2_SUCCESS){
@@ -203,6 +214,7 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
}else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
axis2_qname_t *qname = NULL;
axis2_status_t valid_ts = AXIS2_FAILURE;
rampart_timestamp_token_t *timestamp_token = NULL;
rampart_print_info(env,"Validate timestamp ");


@@ -219,13 +231,17 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
return AXIS2_FAILURE;
}
}
valid_ts = rampart_validate_timestamp(env, ts_node);
timestamp_token = rampart_timestamp_token_create(env);
valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, ts_node);
/*TODO free*/
if(valid_ts)
{
AXIS2_LOG_INFO(env->log,"Timestamp is valid ");
rampart_print_info(env,"Timestamp is valid ");
status = AXIS2_SUCCESS;
}else{
/*TODO return a fault*/
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart] Timestamp is not valid");
rampart_print_info(env,"Timestamp is not valid");
axis2_array_list_t *sub_codes = NULL;
sub_codes = axis2_array_list_create(env, 1);
@@ -239,7 +255,6 @@ rampart_in_handler_invoke(struct axis2_handler *handler,

}
}else{
rampart_print_info(env," Rampart validates UsernameTokensOnly");
return AXIS2_SUCCESS;
}

@@ -23,10 +23,11 @@
#include <axis2_endpoint_ref.h>
#include <axis2_property.h>
#include <rampart_constants.h>
#include <username_token.h>
#include <rampart_username_token.h>
#include <rampart_handler_util.h>
#include <timestamp_token.h>
#include <rampart_timestamp_token.h>
#include <rampart_crypto_engine.h>
#include <rampart_action.h>

/*********************** Function headers *********************************/

@@ -101,6 +102,8 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
axis2_param_t *param_action = NULL;
axis2_char_t *items = NULL;
axis2_status_t enc_status = AXIS2_FAILURE;
rampart_actions_t *actions = NULL;
axis2_status_t status = AXIS2_FAILURE;

AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
AXIS2_PARAM_CHECK (env->error, msg_ctx, AXIS2_FAILURE);
@@ -163,8 +166,16 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
rampart_print_info(env,"Cannot find first action element");
return AXIS2_FAILURE;
}

items= rampart_get_action_params(env,param_action,RAMPART_ACTION_ITEMS);

/*Create and populate rampart actions*/
actions = rampart_actions_create(env);
status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions, env, param_action);

/*Then re-populate using the axis2_ctx*/
status = RAMPART_ACTIONS_POPULATE_FROM_CTX(actions, env, ctx);

/*items = RAMPART_ACTIONS_GET_ITEMS(actions, env);*/
items = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ITEMS(actions, env), env);

if(!items)
{
@@ -199,17 +210,35 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN ,
AXIS2_STRTRIM(env, item, NULL)))
{
sec_node = rampart_build_username_token(env,
ctx, param_action, sec_node, sec_ns_obj);
rampart_username_token_t *username_token = NULL;
username_token = rampart_username_token_create(env);

sec_node = RAMPART_USERNAME_TOKEN_BUILD(username_token,
env,
ctx,
actions,
sec_node,
sec_ns_obj);
if(!sec_node){
return AXIS2_FAILURE;
}
/*TODO free*/
/*Timestamp token*/
}else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP,
AXIS2_STRTRIM(env, item, NULL)))
{
sec_node = rampart_build_timestamp_token(env,
ctx, sec_node, sec_ns_obj, 300);
rampart_timestamp_token_t *timestamp_token = NULL;
axis2_char_t *ttl_str = NULL;
int ttl = -1;

ttl_str = RAMPART_ACTIONS_GET_TIME_TO_LIVE(actions, env);
ttl = atoi(RAMPART_ACTIONS_GET_TIME_TO_LIVE(actions, env));
if(ttl <= 0){
ttl = RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE;
}
timestamp_token = rampart_timestamp_token_create(env);
sec_node = RAMPART_TIMESTAMP_TOKEN_BUILD(timestamp_token, env,
ctx, sec_node, sec_ns_obj, ttl);
if(!sec_node){
return AXIS2_FAILURE;
}
@@ -221,7 +250,7 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
printf("OUtHandler : Item is Encrypt\n");
engine = rampart_crypto_engine_create(env);

enc_status = RAMPART_CRYPTO_ENGINE_ENCRYPT_MESSAGE(engine, env, msg_ctx, param_action, soap_envelope, sec_node);
enc_status = RAMPART_CRYPTO_ENGINE_ENCRYPT_MESSAGE(engine, env, msg_ctx, actions, soap_envelope, sec_node);

RAMPART_CRYPTO_ENGINE_FREE(engine, env);

@@ -245,11 +274,14 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
" Rampart happy to see usernametokens and timestamps at the moment");
}
item = strtok (NULL, " ");
}
}/*End if while*/
/*Reset items*/
items = NULL;

}else{
rampart_print_info(env,"security header block is NULL");
}

}
return AXIS2_SUCCESS;
}

0 comments on commit e314e8e

Please sign in to comment.