Ejemplo n.º 1
0
axis2_status_t verify(axutil_env_t *env,
        axis2_char_t *filename,
        openssl_pkey_t *prvkey ,
        oxs_x509_cert_t *cert)
{
    oxs_sign_ctx_t *sign_ctx = NULL;
    axiom_node_t *tmpl = NULL;
    axis2_status_t status = AXIS2_FAILURE;

    tmpl = load_sample_xml(env , tmpl, filename);
    printf("File : \n%s\n", axiom_node_to_string(tmpl, env));
    sign_ctx = oxs_sign_ctx_create(env);
    if(sign_ctx){
        axiom_node_t *sig_node = NULL;
        /*Set the operation*/
        oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
        
        sig_node = oxs_axiom_get_first_child_node_by_name(env, tmpl,
                                    OXS_NODE_SIGNATURE, OXS_DSIG_NS, OXS_DS );
        if(!sig_node){
            printf("Verification : Cannot find ds:Signature node\n");
            return AXIS2_FAILURE;
        }
       
        /**If the certificate is not given check key information*/
        if(!cert){
            axiom_node_t *ki_node = NULL;
            axiom_node_t *x509_node = NULL;
            ki_node = oxs_axiom_get_first_child_node_by_name(env, sig_node, OXS_NODE_KEY_INFO, OXS_DSIG_NS, OXS_DS);
            x509_node = oxs_axiom_get_first_child_node_by_name(env, ki_node, OXS_NODE_X509_DATA, OXS_DSIG_NS, OXS_DS);
           
            cert = oxs_x509_cert_create(env);
            printf("No certificate is given. Fetching certificate from the KeyInfo\n");
            status =  oxs_xml_key_process_X509Data(env, x509_node, cert);
            if(AXIS2_FAILURE == status){
                printf("Error reading KeyInfo\n");
                return AXIS2_FAILURE;
            }
        }            

        
        /*Set certificate*/
        if(cert){
            oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
        }else{
            printf("Certificate is NULL\n");
            return AXIS2_FAILURE;
        }
        /*Verify*/
        status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
        if(AXIS2_SUCCESS != status){
            printf("\nSignature Failed :-(\n");
        }else{
            printf("\nSignature Verified :-)\n");
        }
    }

    return status;
}
Ejemplo n.º 2
0
rampart_saml_token_t * AXIS2_CALL
create_saml_token(const axutil_env_t *env)
{
    oxs_sign_ctx_t *sign_ctx = NULL;
	oxs_x509_cert_t *cert = NULL;
	openssl_pkey_t *prv_key = NULL;
	rampart_saml_token_t *saml = NULL;

	axutil_date_time_t *time = NULL;
	saml_assertion_t *assertion = NULL;
	axiom_node_t *node = NULL;
    axis2_char_t *prv_key_file = NULL;
    axis2_char_t *certificate_file = NULL;
    /* 
     * Create a rampart_saml_token_t to give to the Rampart/C 
     * Here the token type is protection token.
     */    
	saml = rampart_saml_token_create(env, NULL, RAMPART_ST_CONFIR_TYPE_HOLDER_OF_KEY);
	time = axutil_date_time_create(env);
	assertion = saml_assertion_create(env);
	if (assertion)	
	{
		saml_assertion_set_minor_version(assertion, env, 1);		
		saml_assertion_set_issue_instant(assertion, env, time);
		saml_assertion_set_issuer(assertion, env, "http://ws.apache.org/rampart/c");	
		saml_assertion_add_condition(assertion, env, create_condition(env));
		saml_assertion_set_not_before(assertion, env, axutil_date_time_create(env));
		saml_assertion_add_statement(assertion, env, create_auth_statement(env, saml));
	}
    /* Load the private key from file*/
    prv_key_file = axutil_stracat(env, axis2c_home, PRIVATE_KEY_FILE);  
    certificate_file = axutil_stracat(env, axis2c_home, CERTIFICATE_FILE);
    prv_key = oxs_key_mgr_load_private_key_from_pem_file(env, prv_key_file, PRIVATE_KEY_PASSWORD);
    cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);

	sign_ctx = oxs_sign_ctx_create(env);
	saml_util_set_sig_ctx_defaults(sign_ctx, env, "AssertionID");
	oxs_sign_ctx_set_private_key(sign_ctx, env, prv_key);
    oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
    saml_assertion_set_signature(assertion, env, sign_ctx);

	node = saml_assertion_to_om(assertion, NULL, env);	 
	rampart_saml_token_set_assertion(saml, env, node);
    rampart_saml_token_set_token_type(saml, env, RAMPART_ST_TYPE_PROTECTION_TOKEN);
	saml_assertion_free(assertion, env);
	return saml;
}
Ejemplo n.º 3
0
axis2_status_t sign(axutil_env_t *env,
    axis2_char_t *filename,
    openssl_pkey_t *prvkey ,
    oxs_x509_cert_t *cert)
{
    axis2_char_t *signed_result = NULL;
    axis2_char_t *signed_filename = "result-sign.xml";
    axiom_node_t *node = NULL;
    axiom_node_t *tmpl = NULL;
    oxs_sign_part_t *sign_part = NULL;
    oxs_sign_ctx_t *sign_ctx = NULL;
    oxs_transform_t *tr = NULL;
    axutil_array_list_t *sign_parts = NULL;
    axutil_array_list_t *tr_list = NULL;
    axis2_char_t *id = NULL;
    axis2_status_t status = AXIS2_FAILURE;
    FILE *outf;
    
    tmpl = load_sample_xml(env , tmpl, filename);

    if (tmpl)
    {
        printf("load_sample_xml SUCCESS\n");
    }
    else
    {
        printf("load_sample_xml FAILED");
        return -1;
    }
    
     /*Sign specific*/
    sign_part = oxs_sign_part_create(env);

    tr_list = axutil_array_list_create(env, 1);
    /*We need C14N transform*/
    tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
    axutil_array_list_add(tr_list, env, tr);
    oxs_sign_part_set_transforms(sign_part, env, tr_list);

    /*We need to sign this node add an ID to it*/
    node = axiom_node_get_first_element(tmpl, env);
    id = /*"Sig-ID-EFG";*/  oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID);
    oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS,  OXS_ATTR_ID, id);
    status = oxs_sign_part_set_node(sign_part, env,node);

    status = oxs_sign_part_set_digest_mtd(sign_part, env, OXS_HREF_SHA1);

    sign_parts = axutil_array_list_create(env, 1);
    axutil_array_list_add(sign_parts, env, sign_part);
    sign_ctx = oxs_sign_ctx_create(env);
    if(sign_ctx){
        axiom_node_t *sig_node = NULL;

        oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
        oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
        /*Set sig algo*/
        oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
        /*Set C14N method*/
        oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
        /*Set sig parts*/
        oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
        /*Set the operation*/
        oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
        /*Sign*/
        oxs_xml_sig_sign(env, sign_ctx, tmpl, &sig_node);
        /*Finally build KeyInfo*/
        oxs_xml_key_info_build(env, sig_node, cert, OXS_KIBP_X509DATA_X509CERTIFICATE);
    }else{
        printf("Sign ctx creation failed");
    }
    signed_result = axiom_node_to_string(tmpl, env) ;

    outf = fopen(signed_filename, "wb");
    fwrite(signed_result, 1, axutil_strlen(signed_result), outf);

    return AXIS2_SUCCESS;

}