Committing changes made in Username token and Timestamp token validat…

…ion precedures.

Makefile.am

@@ -1,4 +1,4 @@
-SUBDIRS = src
+SUBDIRS = src test samples
 include_HEADERS=$(top_builddir)/include/*.h
 EXTRA_DIST = LICENSE build.sh autogen.sh
 

NEWS

@@ -1,6 +1,6 @@
 We are happy to announce the first release of Rampart/C which is the security module for Apache Axis2/C
 
-You can get the lates version from https://svn.apache.org/repos/asf/webservices/axis2/trunk/c/rampart
+You can get the latest svn checkout from https://svn.apache.org/repos/asf/webservices/axis2/trunk/c/rampart
 
 Key features
 -------------

configure.ac

@@ -22,7 +22,8 @@ AC_CHECK_LIB(dl, dlopen)
 
 CFLAGS="$CFLAGS -D_LARGEFILE64_SOURCE"
 if test "$GCC" = "yes"; then
-    CFLAGS="$CFLAGS -ansi -Wall -Wno-implicit-function-declaration -Werror"
+    CFLAGS="$CFLAGS -ansi -Werror -Wall -Wno-implicit-function-declaration"
+    #CFLAGS="$CFLAGS -ansi -Wall -Wno-implicit-function-declaration"
 fi
 LDFLAGS="-lpthread"
 
@@ -95,6 +96,8 @@ AC_SUBST(XMLSCHEMAINC)
 
 AC_CONFIG_FILES([Makefile \
     src/Makefile \
+    src/omxmlsec/Makefile\
+    src/omxmlsec/openssl/Makefile\
     src/data/Makefile \
     src/handlers/Makefile \
     src/core/Makefile\
@@ -103,7 +106,12 @@ AC_CONFIG_FILES([Makefile \
     samples/callback/Makefile \
     samples/client/Makefile \
     samples/client/echo/Makefile \
-    samples/client/echo/data/Makefile
+    samples/client/echo/data/Makefile \
+    test/Makefile \
+    test/omxmlsec/Makefile \
+    test/util/Makefile \
+    test/openssl/Makefile  \
+    test/openssl/rsa/Makefile 
     ])
 
 AC_OUTPUT

samples/callback/pwcb.c

@@ -42,7 +42,7 @@ axis2_get_instance(rampart_callback_t **inst,
 
     /*assign function pointers*/
 
-    rcb->ops->get_password = get_sample_password;
+    rcb->ops->callback_password = get_sample_password;
 
     *inst = rcb;
 

samples/client/echo/Makefile.am

@@ -21,6 +21,7 @@ echo_LDADD   = $(LDFLAGS) \
                     $(LIBXML2_LIBS)
 
 INCLUDES = -I$(AXIS2C_HOME)/include \
+            -I$(top_builddir)/include \
 			@UTILINC@ \
 			@AXIOMINC@
 

samples/client/echo/data/server.axis2.xml

@@ -26,6 +26,7 @@
         <passwordType>passwordText</passwordType>
         <!--Following shoud change with your DLL or SO path-->
         <passwordCallbackClass>/home/kau/axis2/c/deploy/rampart/samples/callback/libpwcb.so</passwordCallbackClass>
+        <timeToLive>360</timeToLive>
       </action>
     </parameter>
 

samples/client/echo/echo.c

@@ -19,6 +19,9 @@
 #include <axis2_util.h>
 #include <axiom_soap.h>
 #include <axis2_client.h>
+#include <rampart_constants.h>
+
+#define DYN_SETTINGS 1
 
 axiom_node_t *
 build_om_payload_for_echo_svc(const axis2_env_t *env);
@@ -34,7 +37,14 @@ int main(int argc, char** argv)
     axis2_svc_client_t* svc_client = NULL;
     axiom_node_t *payload = NULL;
     axiom_node_t *ret_node = NULL;
-
+#ifdef DYN_SETTINGS
+    axis2_property_t *un_property = NULL;
+    axis2_property_t *pw_property = NULL;
+    axis2_property_t *pw_type_property = NULL;
+    axis2_property_t *items_property = NULL;
+    axis2_property_t *pw_cb_property = NULL;
+    axis2_property_t *time_to_live_property = NULL;
+#endif
     /* Set up the environment */
     env = axis2_env_create_all("echo.log", AXIS2_LOG_LEVEL_TRACE);
 
@@ -72,16 +82,33 @@ int main(int argc, char** argv)
     * following code section.
     */
 
-    /*
+#ifdef DYN_SETTINGS    
    un_property = axis2_property_create(env);
-    AXIS2_PROPERTY_SET_VALUE(un_property, env, "Raigama");
-   AXIS2_OPTIONS_SET_PROPERTY(options, env, "user", un_property);
+   AXIS2_PROPERTY_SET_VALUE(un_property, env, "Raigama");
+   AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_USER, un_property);
 
    pw_property = axis2_property_create(env);
    AXIS2_PROPERTY_SET_VALUE(pw_property, env, "RaigamaPW");
-   AXIS2_OPTIONS_SET_PROPERTY(options, env, "password", pw_property);
-    
-    */
+   AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_PASSWORD,  pw_property);
+
+   pw_type_property = axis2_property_create(env);
+   AXIS2_PROPERTY_SET_VALUE(pw_type_property, env, RAMPART_PASSWORD_DIGEST);
+   AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_PASSWORD_TYPE, pw_type_property);
+
+   /*Make sure these action itmes are validated by the server side. Otherwise error*/
+   items_property = axis2_property_create(env);
+   AXIS2_PROPERTY_SET_VALUE(items_property, env, "UsernameToken Timestamp" );
+   AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_ITEMS, items_property);
+
+   /*Make sure this is the correct path for the callback module*/
+   pw_cb_property = axis2_property_create(env);
+   AXIS2_PROPERTY_SET_VALUE(pw_cb_property, env, "/home/kau/axis2/c/deploy/rampart/samples/callback/libpwcb.so");
+   AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_PW_CALLBACK_CLASS , pw_cb_property);
+
+   time_to_live_property = axis2_property_create(env);
+   AXIS2_PROPERTY_SET_VALUE(time_to_live_property, env, "420");
+   AXIS2_OPTIONS_SET_PROPERTY(options, env, RAMPART_ACTION_TIME_TO_LIVE, time_to_live_property);
+#endif    
 
     if(!client_home)
     {

src/handlers/rampart_in_handler.c

@@ -25,9 +25,9 @@
 #include <axis2_msg_info_headers.h>
 #include <axis2_property.h>
 #include <rampart_constants.h>
-#include <username_token.h>
+#include <rampart_username_token.h>
 #include <rampart_handler_util.h>
-#include <timestamp_token.h>
+#include <rampart_timestamp_token.h>
 #include <rampart_util.h>
 #include <rampart_crypto_engine.h>
 
@@ -75,21 +75,23 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
     axiom_node_t *sec_node, *ts_node = NULL;
     axiom_element_t *sec_ele, *ts_ele = NULL;
     axis2_status_t enc_status = AXIS2_FAILURE;
+    rampart_actions_t *actions = NULL;
 
     AXIS2_ENV_CHECK( env, AXIS2_FAILURE);
     AXIS2_PARAM_CHECK(env->error, msg_ctx, AXIS2_FAILURE);
-
+     
     rampart_print_info(env," Starting rampart in handler ");    
-
+    /*Get SOAP envelope*/ 
     soap_envelope = AXIS2_MSG_CTX_GET_SOAP_ENVELOPE(msg_ctx, env);
 
     if (soap_envelope)
     {
+        /*Get SOAP header*/
         soap_header = AXIOM_SOAP_ENVELOPE_GET_HEADER(soap_envelope, env);
         if (soap_header)
         { 
             axis2_char_t* item = NULL;
-            rampart_print_info(env,"soap header found");
+            AXIS2_LOG_TRACE(env->log, AXIS2_LOG_SI, "SOAP header found");
             /*Check InFlowSecurity parameters*/
 
             ctx = AXIS2_MSG_CTX_GET_BASE (msg_ctx, env);
@@ -129,8 +131,14 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
                 rampart_print_info(env,"Cannot find first action element");
                 return AXIS2_FAILURE;
             }
-
-            items= rampart_get_action_params(env, param_action,RAMPART_ACTION_ITEMS);
+            /*Create and populate rampart actions*/
+            actions = rampart_actions_create(env);
+            status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions, env, param_action);
+            /*Then re-populate using the axis2_ctx*/
+            status = RAMPART_ACTIONS_POPULATE_FROM_CTX(actions, env, ctx);
+
+            /*items = RAMPART_ACTIONS_GET_ITEMS(actions, env);*/
+            items = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ITEMS(actions, env), env);
 
             if(!items)
             {
@@ -158,13 +166,16 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
                 sec_ele = AXIOM_NODE_GET_DATA_ELEMENT(sec_node, env);
 
                 if( 0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN, AXIS2_STRTRIM(env, item, NULL)) )
-                {
+                {       rampart_username_token_t *username_token = NULL;
                         axis2_status_t valid_user = AXIS2_FAILURE;
+
+                        username_token = rampart_username_token_create(env);
                         rampart_print_info(env,"Validate usernametoken ");
-                        valid_user = rampart_validate_username_token(env, msg_ctx,soap_header, param_action);
+                        valid_user = RAMPART_USERNAME_TOKEN_VALIDATE(username_token, env, 
+                                                        msg_ctx,soap_header, actions);
                         if(valid_user)
                         {
-                            rampart_print_info(env,"I know this user ");
+                            rampart_print_info(env,"User validation success ");
                             status = AXIS2_SUCCESS;
                         }else{
                             axis2_array_list_t *sub_codes = NULL;
@@ -184,7 +195,7 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
                         rampart_crypto_engine_t *engine = NULL;
                         printf("InHandler : Decrypt..............................\n"); 
                         engine = rampart_crypto_engine_create(env);
-                        enc_status = RAMPART_CRYPTO_ENGINE_DECRYPT_MESSAGE(engine, env, msg_ctx, param_action, soap_envelope, sec_node);
+                        enc_status = RAMPART_CRYPTO_ENGINE_DECRYPT_MESSAGE(engine, env, msg_ctx, actions, soap_envelope, sec_node);
 
                         RAMPART_CRYPTO_ENGINE_FREE(engine, env);   
                         if(enc_status != AXIS2_SUCCESS){
@@ -203,6 +214,7 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
                 }else if (0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, AXIS2_STRTRIM(env, item, NULL))){
                          axis2_qname_t *qname = NULL;
                          axis2_status_t valid_ts = AXIS2_FAILURE;
+                         rampart_timestamp_token_t *timestamp_token = NULL;
                          rampart_print_info(env,"Validate timestamp ");
 
 
@@ -219,13 +231,17 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
                                  return AXIS2_FAILURE;
                              }
                          }
-                         valid_ts = rampart_validate_timestamp(env, ts_node);               
+                         timestamp_token = rampart_timestamp_token_create(env);
+                         valid_ts = RAMPART_TIMESTAMP_TOKEN_VALIDATE(timestamp_token, env, ts_node);               
+                         /*TODO free*/
                          if(valid_ts)
                         {
+                            AXIS2_LOG_INFO(env->log,"Timestamp is valid ");
                             rampart_print_info(env,"Timestamp is valid ");
                             status = AXIS2_SUCCESS;
                         }else{
                             /*TODO return a fault*/
+                            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart] Timestamp is not valid");
                             rampart_print_info(env,"Timestamp is not valid");
                             axis2_array_list_t *sub_codes = NULL;
                             sub_codes = axis2_array_list_create(env, 1);
@@ -239,7 +255,6 @@ rampart_in_handler_invoke(struct axis2_handler *handler,
 
                         }   
                 }else{
-                    rampart_print_info(env," Rampart validates UsernameTokensOnly");
                     return AXIS2_SUCCESS;
                 }
 

src/handlers/rampart_out_handler.c

@@ -23,10 +23,11 @@
 #include <axis2_endpoint_ref.h>
 #include <axis2_property.h>
 #include <rampart_constants.h>
-#include <username_token.h>
+#include <rampart_username_token.h>
 #include <rampart_handler_util.h>
-#include <timestamp_token.h>
+#include <rampart_timestamp_token.h>
 #include <rampart_crypto_engine.h>
+#include <rampart_action.h>
 
 /*********************** Function headers *********************************/
 
@@ -101,6 +102,8 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
     axis2_param_t *param_action = NULL;
     axis2_char_t *items = NULL;
     axis2_status_t enc_status = AXIS2_FAILURE;
+    rampart_actions_t *actions = NULL;
+    axis2_status_t status = AXIS2_FAILURE;
 
     AXIS2_ENV_CHECK(env, AXIS2_FAILURE);
     AXIS2_PARAM_CHECK (env->error, msg_ctx, AXIS2_FAILURE);
@@ -163,8 +166,16 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
             rampart_print_info(env,"Cannot find first action element");
             return AXIS2_FAILURE;
         }
-
-        items= rampart_get_action_params(env,param_action,RAMPART_ACTION_ITEMS);
+
+        /*Create and populate rampart actions*/
+        actions = rampart_actions_create(env);     
+        status = RAMPART_ACTIONS_POPULATE_FROM_PARAMS(actions, env, param_action);
+
+        /*Then re-populate using the axis2_ctx*/
+        status = RAMPART_ACTIONS_POPULATE_FROM_CTX(actions, env, ctx);
+
+        /*items = RAMPART_ACTIONS_GET_ITEMS(actions, env);*/
+        items = AXIS2_STRDUP(RAMPART_ACTIONS_GET_ITEMS(actions, env), env);
 
         if(!items)
         {
@@ -199,17 +210,35 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
                 if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_USERNAMETOKEN , 
                         AXIS2_STRTRIM(env, item, NULL)))
                 {
-                    sec_node = rampart_build_username_token(env, 
-                        ctx, param_action,  sec_node, sec_ns_obj);
+                    rampart_username_token_t *username_token = NULL;
+                    username_token = rampart_username_token_create(env);
+
+                    sec_node = RAMPART_USERNAME_TOKEN_BUILD(username_token,
+                                        env, 
+                                        ctx, 
+                                        actions,  
+                                        sec_node, 
+                                        sec_ns_obj);
                     if(!sec_node){
                           return AXIS2_FAILURE;
                     }
+                    /*TODO free*/
                 /*Timestamp token*/
                 }else if(0 == AXIS2_STRCMP(RAMPART_ACTION_ITEMS_TIMESTAMP, 
                     AXIS2_STRTRIM(env, item, NULL)))
                 {
-                    sec_node = rampart_build_timestamp_token(env, 
-                        ctx, sec_node, sec_ns_obj, 300);
+                    rampart_timestamp_token_t *timestamp_token = NULL;
+                    axis2_char_t *ttl_str = NULL;
+                    int ttl = -1;
+
+                    ttl_str = RAMPART_ACTIONS_GET_TIME_TO_LIVE(actions, env);
+                    ttl = atoi(RAMPART_ACTIONS_GET_TIME_TO_LIVE(actions, env));
+                    if(ttl <= 0){
+                        ttl = RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE;
+                    } 
+                    timestamp_token = rampart_timestamp_token_create(env);
+                    sec_node = RAMPART_TIMESTAMP_TOKEN_BUILD(timestamp_token, env, 
+                        ctx, sec_node, sec_ns_obj, ttl);
                     if(!sec_node){
                           return AXIS2_FAILURE;
                     }
@@ -221,7 +250,7 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
                     printf("OUtHandler : Item is Encrypt\n"); 
                     engine = rampart_crypto_engine_create(env);
 
-                    enc_status = RAMPART_CRYPTO_ENGINE_ENCRYPT_MESSAGE(engine, env, msg_ctx, param_action, soap_envelope, sec_node);
+                    enc_status = RAMPART_CRYPTO_ENGINE_ENCRYPT_MESSAGE(engine, env, msg_ctx, actions, soap_envelope, sec_node);
 
                     RAMPART_CRYPTO_ENGINE_FREE(engine, env);
 
@@ -245,11 +274,14 @@ rampart_out_handler_invoke (struct axis2_handler * handler,
                         " Rampart happy to see usernametokens and timestamps at the moment");
                 }
                 item = strtok (NULL, " ");
-           }     
+           }/*End if while*/
+           /*Reset items*/
+           items = NULL;
+
         }else{
             rampart_print_info(env,"security header block is NULL");
         }
-
+         
     }
     return AXIS2_SUCCESS;
 }