AXIS2_EXTERN axis2_status_t AXIS2_CALL rampart_issued_supporting_token_build(rampart_context_t *rampart_context, const axutil_env_t *env, axiom_node_t *sec_node, axutil_array_list_t *sign_parts) { rp_property_t *token = NULL; issued_token_callback_func issued_func = NULL; rampart_issued_token_t *issued_token = NULL; void *tok_val = NULL; token = rampart_context_get_supporting_token(rampart_context, env, RP_PROPERTY_ISSUED_TOKEN); if (!token) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][issued] Issued token not specified. ERROR"); return AXIS2_FAILURE; } issued_func = rampart_context_get_issued_token_aquire_function(rampart_context, env); if (!issued_func) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][issued] Issued token call back function not set. ERROR"); return AXIS2_FAILURE; } issued_token = issued_func(env, token, rampart_context); if (!issued_token) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][issued] Issued token call back returned NULL. ERROR"); return AXIS2_FAILURE; } tok_val = rampart_issued_token_get_token(issued_token, env); if (!tok_val) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][issued] Issued token call back returned NULL token value. ERROR"); return AXIS2_FAILURE; } if (rampart_issued_token_get_token_type(issued_token, env) == RP_PROPERTY_SAML_TOKEN) { rampart_context_add_saml_token(rampart_context, env, tok_val); if (rampart_saml_supporting_token_build(env, rampart_context, sec_node, sign_parts)) { return AXIS2_SUCCESS; } } AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][issued] Not supported token type. ERROR"); return AXIS2_FAILURE; }
AXIS2_EXTERN axis2_status_t AXIS2_CALL rampart_shb_build_message( const axutil_env_t *env, axis2_msg_ctx_t *msg_ctx, rampart_context_t *rampart_context, axiom_soap_envelope_t *soap_envelope) { axis2_status_t status = AXIS2_SUCCESS; axiom_soap_header_t *soap_header = NULL; axiom_node_t *soap_header_node = NULL; axiom_element_t *soap_header_ele = NULL; axiom_soap_header_block_t *sec_header_block = NULL; axiom_namespace_t *sec_ns_obj = NULL; axiom_node_t *sec_node = NULL; axiom_element_t *sec_ele = NULL; axis2_bool_t server_side = AXIS2_FALSE; /* * sign parts list. Moved this up the building process. This was originally * in the rampart_sig_sign_message */ axutil_array_list_t *sign_parts_list = NULL; AXIS2_ENV_CHECK(env,AXIS2_FAILURE); soap_header = axiom_soap_envelope_get_header(soap_envelope, env); soap_header_node = axiom_soap_header_get_base_node(soap_header, env); soap_header_ele = (axiom_element_t *)axiom_node_get_data_element( soap_header_node, env); sec_ns_obj = axiom_namespace_create(env, RAMPART_WSSE_XMLNS, RAMPART_WSSE); sec_header_block = axiom_soap_header_add_header_block(soap_header, env, RAMPART_SECURITY, sec_ns_obj); /* sec_ns_obj is cloned there */ server_side = axis2_msg_ctx_get_server_side(msg_ctx, env); if(!sec_header_block) { AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Security header block is NULL"); axiom_namespace_free(sec_ns_obj, env); return AXIS2_SUCCESS; } axiom_soap_header_block_set_must_understand_with_bool(sec_header_block, env, AXIS2_TRUE); sec_node = axiom_soap_header_block_get_base_node(sec_header_block, env); sec_ele = (axiom_element_t *) axiom_node_get_data_element(sec_node, env); sign_parts_list = axutil_array_list_create(env, 4); /*Timestamp Inclusion*/ if(rampart_context_is_include_timestamp(rampart_context,env)) { int ttl = -1; axis2_bool_t need_millisecond = AXIS2_TRUE; AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Building Timestamp Token"); AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Using default timeToLive value %d", RAMPART_TIMESTAMP_TOKEN_DEFAULT_TIME_TO_LIVE); ttl = rampart_context_get_ttl(rampart_context,env); need_millisecond = rampart_context_get_need_millisecond_precision(rampart_context, env); status = rampart_timestamp_token_build(env, sec_node, ttl, need_millisecond); if (status == AXIS2_FAILURE) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Timestamp Token build failed. ERROR"); axiom_namespace_free(sec_ns_obj, env); return AXIS2_FAILURE; } } /*Check whether we need username token*/ /*User name tokens includes in messages sent from client to server*/ if(!axis2_msg_ctx_get_server_side(msg_ctx,env)) { if(rampart_context_is_include_username_token(rampart_context,env)) { /*Now we are passing rampart_context here so inside this method relevant parameters are extracted. */ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Building UsernameToken"); status = rampart_username_token_build( env, rampart_context, sec_node, sec_ns_obj); if (status == AXIS2_FAILURE) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] UsernameToken build failed. ERROR"); axiom_namespace_free(sec_ns_obj, env); return AXIS2_FAILURE; } } } /*Custom tokens are included if its available in the rampart context*/ if(!axis2_msg_ctx_get_server_side(msg_ctx,env)) { axutil_array_list_t *token_list = NULL; token_list = rampart_context_get_custom_tokens(rampart_context, env); if(token_list){ int size = 0, i = 0; size = axutil_array_list_size(token_list, env); for (i = 0; i < size; i++){ axiom_node_t *token_node = NULL; token_node = (axiom_node_t*)axutil_array_list_get(token_list, env, i); if(token_node){ axis2_status_t status = AXIS2_FAILURE; status = axiom_node_add_child(sec_node, env, token_node); if(status != AXIS2_SUCCESS){ return AXIS2_FAILURE; } } } } } if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_SAML_TOKEN)) { status = rampart_saml_supporting_token_build(env, rampart_context, sec_node, sign_parts_list); if (status == AXIS2_FAILURE) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] SAML Supporting token build failed. ERROR"); axutil_array_list_free(sign_parts_list, env); axiom_namespace_free(sec_ns_obj, env); return AXIS2_FAILURE; } } if (rampart_context_is_include_supporting_token(rampart_context, env, server_side, AXIS2_FALSE, RP_PROPERTY_ISSUED_TOKEN)) { status = rampart_issued_supporting_token_build(rampart_context, env, sec_node, sign_parts_list); if (status == AXIS2_FAILURE) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Issued supporting token build failed. ERROR"); axutil_array_list_free(sign_parts_list, env); axiom_namespace_free(sec_ns_obj, env); return AXIS2_FAILURE; } } /*Signature Confirmation support. Only in the server side*/ if(axis2_msg_ctx_get_server_side(msg_ctx,env)){ axis2_bool_t sign_conf_reqd = AXIS2_FALSE; /*Sign_conf_reqd <- Get from context <- policy*/ sign_conf_reqd = rampart_context_is_sig_confirmation_reqd(rampart_context, env); if(sign_conf_reqd){ status = rampart_sig_confirm_signature(env, msg_ctx, rampart_context, sec_node); } } /*check the binding*/ if((rampart_context_get_binding_type(rampart_context,env)) == RP_PROPERTY_ASYMMETRIC_BINDING) { axis2_status_t status = AXIS2_FAILURE; AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Asymmetric Binding. "); status = rampart_shb_do_asymmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj, sign_parts_list); axiom_namespace_free(sec_ns_obj, env); if(AXIS2_FAILURE == status){ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Asymmetric Binding failed"); if(axis2_msg_ctx_get_server_side(msg_ctx,env)){ AXIS2_ERROR_SET(env->error, RAMPART_ERROR_INVALID_SECURITY , AXIS2_FAILURE); AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] %s", AXIS2_ERROR_GET_MESSAGE(env->error)); rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, " Asymmetric Binding failed. Check configurations ", RAMPART_FAULT_IN_POLICY, msg_ctx); } axutil_array_list_free(sign_parts_list, env); return AXIS2_FAILURE; }else{ axutil_array_list_free(sign_parts_list, env); return AXIS2_SUCCESS; } } else if((rampart_context_get_binding_type(rampart_context,env)) == RP_PROPERTY_SYMMETRIC_BINDING) { axis2_status_t status = AXIS2_FAILURE; /*Do Symmetric_binding specific things*/ AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding. "); status = rampart_shb_do_symmetric_binding(env, msg_ctx, rampart_context, soap_envelope, sec_node, sec_ns_obj, sign_parts_list); axiom_namespace_free(sec_ns_obj, env); if(AXIS2_FAILURE == status){ AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Symmetric Binding failed"); if(axis2_msg_ctx_get_server_side(msg_ctx,env)){ AXIS2_ERROR_SET(env->error, RAMPART_ERROR_INVALID_SECURITY, AXIS2_FAILURE); rampart_create_fault_envelope(env, RAMPART_FAULT_INVALID_SECURITY, " Symmetric Binding failed. Check configurations ", RAMPART_FAULT_IN_POLICY, msg_ctx); } axutil_array_list_free(sign_parts_list, env); return AXIS2_FAILURE; }else{ axutil_array_list_free(sign_parts_list, env); return AXIS2_SUCCESS; } } else if((rampart_context_get_binding_type(rampart_context,env)) == RP_PROPERTY_TRANSPORT_BINDING) { AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI, "[rampart][shb] Using transport binding"); axiom_namespace_free(sec_ns_obj, env); axutil_array_list_free(sign_parts_list, env); return AXIS2_SUCCESS; }else{ axutil_array_list_free(sign_parts_list, env); axiom_namespace_free(sec_ns_obj, env); return AXIS2_FAILURE; } }