rampart_saml_token_t * AXIS2_CALL
create_saml_token(const axutil_env_t *env)
{
oxs_sign_ctx_t *sign_ctx = NULL;
oxs_x509_cert_t *cert = NULL;
openssl_pkey_t *prv_key = NULL;
rampart_saml_token_t *saml = NULL;
axutil_date_time_t *time = NULL;
saml_assertion_t *assertion = NULL;
axiom_node_t *node = NULL;
axis2_char_t *prv_key_file = NULL;
axis2_char_t *certificate_file = NULL;
/*
* Create a rampart_saml_token_t to give to the Rampart/C
* Here the token type is protection token.
*/
saml = rampart_saml_token_create(env, NULL, RAMPART_ST_CONFIR_TYPE_HOLDER_OF_KEY);
time = axutil_date_time_create(env);
assertion = saml_assertion_create(env);
if (assertion)
{
saml_assertion_set_minor_version(assertion, env, 1);
saml_assertion_set_issue_instant(assertion, env, time);
saml_assertion_set_issuer(assertion, env, "http://ws.apache.org/rampart/c");
saml_assertion_add_condition(assertion, env, create_condition(env));
saml_assertion_set_not_before(assertion, env, axutil_date_time_create(env));
saml_assertion_add_statement(assertion, env, create_auth_statement(env, saml));
}
/* Load the private key from file*/
prv_key_file = axutil_stracat(env, axis2c_home, PRIVATE_KEY_FILE);
certificate_file = axutil_stracat(env, axis2c_home, CERTIFICATE_FILE);
prv_key = oxs_key_mgr_load_private_key_from_pem_file(env, prv_key_file, PRIVATE_KEY_PASSWORD);
cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
sign_ctx = oxs_sign_ctx_create(env);
saml_util_set_sig_ctx_defaults(sign_ctx, env, "AssertionID");
oxs_sign_ctx_set_private_key(sign_ctx, env, prv_key);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
saml_assertion_set_signature(assertion, env, sign_ctx);
node = saml_assertion_to_om(assertion, NULL, env);
rampart_saml_token_set_assertion(saml, env, node);
rampart_saml_token_set_token_type(saml, env, RAMPART_ST_TYPE_PROTECTION_TOKEN);
saml_assertion_free(assertion, env);
return saml;
}
int main(int argc, char** argv)
{
const axutil_env_t *env = NULL;
const axis2_char_t *address = NULL;
const axis2_char_t *client_home = NULL;
axis2_char_t *file_name = NULL;
axis2_char_t *policy_file = NULL;
axis2_endpoint_ref_t* endpoint_ref = NULL;
axis2_options_t *options = NULL;
axis2_svc_client_t* svc_client = NULL;
axiom_node_t *payload = NULL;
axiom_node_t *ret_node = NULL;
axis2_status_t status = AXIS2_FAILURE;
neethi_policy_t *policy = NULL;
rampart_config_t* client_config = NULL;
axutil_property_t *property = NULL;
rampart_saml_token_t *saml = NULL;
axiom_node_t *assertion = NULL;
/* Set up the environment */
env = axutil_env_create_all("echo.log", AXIS2_LOG_LEVEL_TRACE);
/* Set end-point-reference of echo service */
address = "http://localhost:9090/axis2/services/echo";
if (argc > 2)
{
address = argv[1];
client_home = argv[2];
printf("Using endpoint : %s\n", address);
printf("Using client_home : %s\n", client_home);
}
if ((axutil_strcmp(argv[1], "-h") == 0) || (axutil_strcmp(argv[1], "--help") == 0))
{
printf("Usage : %s [endpoint_url] [client_home]\n", argv[0]);
printf("use -h for help\n");
return 0;
}
/* Create end-point-reference with given address */
endpoint_ref = axis2_endpoint_ref_create(env, address);
/* Setup options */
options = axis2_options_create(env);
axis2_options_set_to(options, env, endpoint_ref);
axis2_options_set_action(options, env,
"http://example.com/ws/2004/09/policy/Test/EchoRequest");
/*axis2_options_set_action(options, env,
"urn:echo");*/
/*If the client home is not specified, use the AXIS2C_HOME*/
if (!client_home)
{
client_home = AXIS2_GETENV("AXIS2C_HOME");
printf("\nNo client_home specified. Using default %s", client_home);
}
/* Create service client */
printf("client_home= %s", client_home);
svc_client = axis2_svc_client_create(env, client_home);
if (!svc_client)
{
printf("Error creating service client\n");
return -1;
}
client_config = rampart_config_create(env);
if(!client_config)
{
printf("Cannot create rampart config\n");
return 0;
}
assertion = create_saml_assertion(env);
saml = rampart_saml_token_create(env, assertion, RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
rampart_saml_token_set_token_type(saml, env, RAMPART_ST_TYPE_SIGNED_SUPPORTING_TOKEN);
rampart_config_add_saml_token(client_config, env, saml);
property = axutil_property_create_with_args(env, AXIS2_SCOPE_REQUEST ,
AXIS2_TRUE, (void *)rampart_config_free, client_config);
axis2_options_set_property(options, env, RAMPART_CLIENT_CONFIGURATION, property);
/* Set service client options */
axis2_svc_client_set_options(svc_client, env, options);
/*We need to specify the client's policy file location*/
if(client_home)
{
file_name = axutil_stracat(env, client_home, AXIS2_PATH_SEP_STR);
policy_file = axutil_stracat(env, file_name, "policy.xml" );
AXIS2_FREE(env->allocator, file_name);
file_name = NULL;
}else{
printf("Client Home not Specified\n");
printf("echo client invoke FAILED!\n");
return 0;
}
/*Create the policy, from file*/
policy = neethi_util_create_policy_from_file(env, policy_file);
if(!policy)
{
printf("\nPolicy creation failed from the file. %s\n", policy_file);
}
if(policy_file){
AXIS2_FREE(env->allocator, policy_file);
policy_file = NULL;
}
status = axis2_svc_client_set_policy(svc_client, env, policy);
if(status == AXIS2_FAILURE)
{
printf("Policy setting failed\n");
}
/* Build the SOAP request message payload using OM API.*/
payload = build_om_payload_for_echo_svc(env);
/*If not engaged in the client's axis2.xml, uncomment this line*/
axis2_svc_client_engage_module(svc_client, env, "rampart");
/* Send request */
ret_node = axis2_svc_client_send_receive(svc_client, env, payload);
if (axis2_svc_client_get_last_response_has_fault(svc_client, env))
{
axiom_soap_envelope_t *soap_envelope = NULL;
axiom_soap_body_t *soap_body = NULL;
axiom_soap_fault_t *soap_fault = NULL;
printf ("\nResponse has a SOAP fault\n");
soap_envelope =
axis2_svc_client_get_last_response_soap_envelope(svc_client, env);
if (soap_envelope)
soap_body = axiom_soap_envelope_get_body(soap_envelope, env);
if (soap_body)
soap_fault = axiom_soap_body_get_fault(soap_body, env);
if (soap_fault)
{
printf("\nReturned SOAP fault: %s\n",
axiom_node_to_string(axiom_soap_fault_get_base_node(soap_fault,env),
env));
}
printf("echo client invoke FAILED!\n");
return -1;
}
if (ret_node)
{
axis2_char_t *om_str = NULL;
om_str = axiom_node_to_string(ret_node, env);
if (om_str)
{
printf("\nReceived OM : %s\n", om_str);
}
printf("\necho client invoke SUCCESSFUL!\n");
AXIS2_FREE(env->allocator, om_str);
ret_node = NULL;
}
else
{
printf("echo client invoke FAILED!\n");
return -1;
}
if (svc_client)
{
axis2_svc_client_free(svc_client, env);
svc_client = NULL;
}
if (env)
{
axutil_env_free((axutil_env_t *) env);
env = NULL;
}
return 0;
}
rampart_issued_token_t * AXIS2_CALL
get_issued_token(const axutil_env_t *env, rp_property_t *issued_token, rampart_context_t *rampart_context)
{
axis2_endpoint_ref_t *endpoint_ref = NULL;
axis2_options_t *options = NULL;
axis2_svc_client_t *svc_client = NULL;
axiom_node_t *rst_node = NULL;
axiom_node_t *return_rstr_node = NULL;
trust_rstr_t *rstr = NULL;
axiom_node_t *assertion = NULL;
rampart_saml_token_t *saml = NULL;
rampart_issued_token_t *token = NULL;
axis2_op_client_t* op_client = NULL;
axis2_msg_ctx_t *in_msg_ctx = NULL;
axis2_status_t status = AXIS2_SUCCESS;
neethi_policy_t *issuer_policy = NULL;
trust_rst_t *rst = NULL;
rp_issued_token_t *it = (rp_issued_token_t *)rp_property_get_value(issued_token, env);
/*Setting Issuer's EPR*/
endpoint_ref = endpoint_ref = axis2_endpoint_ref_create(env, "http://127.0.0.1:9090/axis2/services/saml_sts");
options = axis2_options_create(env);
axis2_options_set_to(options, env, endpoint_ref);
/*Create the policy, from file*/
issuer_policy = neethi_util_create_policy_from_file(env, sts_ploicy);
if(!issuer_policy)
{
printf("\nPolicy creation failed from the file. %s\n", policy_file);
}
/*axis2_options_set_action(options, env, action); WSA Action*/
svc_client = axis2_svc_client_create(env, client_home);
if (!svc_client)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Stub invoke FAILED: Error code:" " %d :: %s",
env->error->error_number, AXIS2_ERROR_GET_MESSAGE(env->error));
return NULL;
}
axis2_options_set_action(options, env, "http://example.com/ws/2004/09/policy/Test/EchoRequest");
/* Set service client options */
axis2_svc_client_set_options(svc_client, env, options);
rst = trust_rst_create(env);
trust_rst_set_wst_ns_uri(rst, env, "http://schemas.xmlsoap.org/ws/2005/02/trust");
rst_node = trust_rst_build_rst_with_issued_token_assertion(rst, env, it);
if (status == AXIS2_SUCCESS)
{
status = axis2_svc_client_set_policy(svc_client, env, issuer_policy);
if (status == AXIS2_FAILURE)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Policy setting failed.");
}
/*Building the RST */
if(rst_node)
{
return_rstr_node = axis2_svc_client_send_receive(svc_client, env, rst_node);
rstr = trust_rstr_create(env);
trust_rstr_set_wst_ns_uri(rstr, env, "http://schemas.xmlsoap.org/ws/2005/02/trust");
trust_rstr_populate_rstr(rstr, env, return_rstr_node);
assertion = trust_rstr_get_requested_security_token(rstr, env);
}
}
saml = rampart_saml_token_create(env, assertion, RAMPART_ST_CONFIR_TYPE_SENDER_VOUCHES);
rampart_saml_token_set_token_type(saml, env, RAMPART_ST_TYPE_SIGNED_SUPPORTING_TOKEN);
token = rampart_issued_token_create(env);
rampart_issued_token_set_token(token, env, saml, RP_PROPERTY_SAML_TOKEN);
return token;
}
