AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_decrypt_node(
const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
axiom_node_t *enc_type_node,
axiom_node_t **decrypted_node)
{
axiom_node_t *deserialized_node = NULL;
axiom_node_t *parent_of_enc_node = NULL;
oxs_buffer_t *result_buf = NULL;
axis2_char_t *decrypted_data = NULL;/*Can be either am XML-Element or XML-Content*/
axis2_status_t status = AXIS2_FAILURE;
/*Create an empty buffer for results*/
result_buf = oxs_buffer_create(env);
/*Decrypt*/
status = oxs_xml_enc_decrypt_data(env, enc_ctx, enc_type_node, result_buf);
if(AXIS2_FAILURE == status)
{
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED, "Data encryption failed");
return AXIS2_FAILURE;
}
decrypted_data = axutil_strmemdup(oxs_buffer_get_data(result_buf, env), oxs_buffer_get_size(
result_buf, env), env);
/*De-serialize the decrypted content to build the node*/
deserialized_node = (axiom_node_t*)oxs_axiom_deserialize_node(env, decrypted_data);
if(!deserialized_node)
{
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
"Cannot deserialize a node from the content.\n%s", decrypted_data);
return AXIS2_FAILURE;
}
/*Assign deserialized_node to the reference passed*/
*decrypted_node = deserialized_node;
/*Replace the encrypted node with the de-serialized node*/
parent_of_enc_node = axiom_node_get_parent(enc_type_node, env);
axiom_node_insert_sibling_after(enc_type_node, env, deserialized_node);
axiom_node_free_tree(enc_type_node, env);
enc_type_node = NULL;
/*Free result buf*/
oxs_buffer_free(result_buf, env);
result_buf = NULL;
AXIS2_FREE(env->allocator, decrypted_data);
decrypted_data = NULL;
return AXIS2_SUCCESS;
}
/** Add a node with an element to root_node, either as child or as sibling.
* The element name is in the same namespace as the root node's name.
* The element may optionally include one attribute; if no attribute
* is desired then pass 'NULL'.
*
* Example with attribute:
* node_id.name="foo"; node.value="bar";
* attribute.name="attr"; attribute.value="Zar";
* Result : <ns:foo attr="Zar">bar</ns:foo>
*
* @param env
* @param root_node
* @param node_id
* node_id.name: name of element to be added,
* node_id.value: text of element
* @param attribute optional Name_value pair for setting an attribute,
* may be NULL.
* @param sibling 1: add as sibling, 0: add as child.
* @param whitespace: whitespace added before the newly added element (the
* newly added element is indented by this space.
* @return ptr to the the newly added node.
*/
static axiom_node_t *rp_add_node(
const axutil_env_t *env,
axiom_node_t *root_node,
Name_value *node_id,
Name_value *attribute,
int sibling,
const axis2_char_t *whitespace
)
{
sp_add_whspace(env, root_node, whitespace);
axiom_namespace_t * ns = rp_get_namespace (env, root_node);
axiom_node_t *new_node = axiom_node_create(env);
axiom_element_t *new_ele =
axiom_element_create(env, NULL, node_id->name, ns, &new_node);
if (NULL != node_id->value)
{
axiom_element_set_text(new_ele, env, node_id->value, new_node);
}
if (NULL != attribute)
{
axiom_attribute_t *attr =
axiom_attribute_create (env, attribute->name, attribute->value, NULL);
axiom_element_add_attribute (new_ele, env, attr, new_node);
}
axis2_status_t success = (
sibling ?
axiom_node_insert_sibling_after (root_node, env, new_node) :
axiom_node_add_child (root_node, env, new_node)
);
if (AXIS2_SUCCESS != success)
{
rp_log_error(env, "*** S2P(%s:%d): Failed to add node name='%s'\n",
__FILE__, __LINE__, node_id->name);
}
return new_node;
}
/*Public functions*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_shb_ensure_sec_header_order(const axutil_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_context_t *rampart_context,
axiom_node_t* sec_node)
{
axis2_bool_t signature_protection = AXIS2_FALSE;
axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
axiom_node_t *sig_node = NULL;
axiom_node_t *enc_key_node = NULL;
axiom_node_t *ref_list_node = NULL;
axiom_node_t *h_node = NULL;
axutil_array_list_t *dk_list = NULL;
axutil_array_list_t *enc_key_list = NULL;
axiom_node_t* first_protection_item = NULL;
int i = 0;
signature_protection = rampart_context_is_encrypt_signature(rampart_context, env);
is_encrypt_before_sign = rampart_context_is_encrypt_before_sign(rampart_context, env);
dk_list = axutil_array_list_create(env, 5);
enc_key_list = axutil_array_list_create(env, 2);
h_node = axiom_node_get_first_child(sec_node, env);
while(h_node)
{
if(0 == axutil_strcmp(OXS_NODE_DERIVED_KEY_TOKEN, axiom_util_get_localname(h_node, env)) ||
(0 == axutil_strcmp(OXS_NODE_BINARY_SECURITY_TOKEN, axiom_util_get_localname(h_node, env))))
{
axutil_array_list_add(dk_list, env, h_node);
}
else if((0 == axutil_strcmp(OXS_NODE_ENCRYPTED_KEY, axiom_util_get_localname(h_node, env))) ||
(0 == axutil_strcmp(OXS_NODE_SECURITY_CONTEXT_TOKEN, axiom_util_get_localname(h_node, env))))
{
axutil_array_list_add(enc_key_list, env, h_node);
}
h_node = axiom_node_get_next_sibling(h_node, env);
}
ref_list_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL);
sig_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
/*Ensure the protection order in the header*/
if(sig_node && ref_list_node)
{
if(is_encrypt_before_sign)
{
int no_of_sig_node = 0;
/*Encrypt->Sig <Sig><RefList>*/
oxs_axiom_interchange_nodes(env, sig_node, ref_list_node );
first_protection_item = sig_node;
no_of_sig_node = oxs_axiom_get_number_of_children_with_qname(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
if(no_of_sig_node > 1)
{
axiom_node_t* cur_node = NULL;
cur_node = axiom_node_get_first_child(sec_node, env);
while(cur_node)
{
axis2_char_t *cur_local_name = NULL;
cur_local_name = axiom_util_get_localname(cur_node, env);
if(0 == axutil_strcmp(cur_local_name, OXS_NODE_SIGNATURE))
{
oxs_axiom_interchange_nodes(env, cur_node, ref_list_node);
}
cur_node = axiom_node_get_next_sibling(cur_node, env);
}
}
}
else
{
/*Sig->Encrypt <RefList> <Sig>*/
oxs_axiom_interchange_nodes(env, ref_list_node, sig_node );
first_protection_item = ref_list_node;
}
}
else if(sig_node)
{
first_protection_item = sig_node;
}
else
{
first_protection_item = ref_list_node;
}
/*makesure enc_key_node is appearing before first protection item*/
if(first_protection_item)
{
for(i = 0; i < axutil_array_list_size(enc_key_list, env); i++)
{
axiom_node_t *tmp_node = NULL;
tmp_node = (axiom_node_t*)axutil_array_list_get(enc_key_list, env, i);
enc_key_node = axiom_node_detach_without_namespaces(tmp_node, env);
axiom_node_insert_sibling_before(first_protection_item, env, enc_key_node);
}
}
/*
* If there are derived keys, make sure they come after the EncryptedKey/security context token
1. First we get all the derived keys
2. Then we attach after the EncryptedKey(hidden sessionkey)/security context token
3. If key is not available, then attach derived keys before sig_node and ref_list_node (whichever is first)
*/
if(enc_key_node)
{
for(i = 0; i < axutil_array_list_size(dk_list, env); i++)
{
axiom_node_t *dk_node = NULL;
axiom_node_t *tmp_node = NULL;
dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i);
tmp_node = axiom_node_detach(dk_node, env);
axiom_node_insert_sibling_after(enc_key_node, env, tmp_node);
}
}
else
{
if(first_protection_item)
{
for(i = 0; i < axutil_array_list_size(dk_list, env); i++)
{
axiom_node_t *dk_node = NULL;
axiom_node_t *tmp_node = NULL;
dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i);
tmp_node = axiom_node_detach(dk_node, env);
axiom_node_insert_sibling_before(first_protection_item, env, tmp_node);
}
}
}
axutil_array_list_free(dk_list, env);
axutil_array_list_free(enc_key_list, env);
return AXIS2_SUCCESS;
}
