AXIS2_EXTERN axis2_status_t AXIS2_CALL oxs_xml_enc_decrypt_node( const axutil_env_t *env, oxs_ctx_t * enc_ctx, axiom_node_t *enc_type_node, axiom_node_t **decrypted_node) { axiom_node_t *deserialized_node = NULL; axiom_node_t *parent_of_enc_node = NULL; oxs_buffer_t *result_buf = NULL; axis2_char_t *decrypted_data = NULL;/*Can be either am XML-Element or XML-Content*/ axis2_status_t status = AXIS2_FAILURE; /*Create an empty buffer for results*/ result_buf = oxs_buffer_create(env); /*Decrypt*/ status = oxs_xml_enc_decrypt_data(env, enc_ctx, enc_type_node, result_buf); if(AXIS2_FAILURE == status) { oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED, "Data encryption failed"); return AXIS2_FAILURE; } decrypted_data = axutil_strmemdup(oxs_buffer_get_data(result_buf, env), oxs_buffer_get_size( result_buf, env), env); /*De-serialize the decrypted content to build the node*/ deserialized_node = (axiom_node_t*)oxs_axiom_deserialize_node(env, decrypted_data); if(!deserialized_node) { oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED, "Cannot deserialize a node from the content.\n%s", decrypted_data); return AXIS2_FAILURE; } /*Assign deserialized_node to the reference passed*/ *decrypted_node = deserialized_node; /*Replace the encrypted node with the de-serialized node*/ parent_of_enc_node = axiom_node_get_parent(enc_type_node, env); axiom_node_insert_sibling_after(enc_type_node, env, deserialized_node); axiom_node_free_tree(enc_type_node, env); enc_type_node = NULL; /*Free result buf*/ oxs_buffer_free(result_buf, env); result_buf = NULL; AXIS2_FREE(env->allocator, decrypted_data); decrypted_data = NULL; return AXIS2_SUCCESS; }
/** Add a node with an element to root_node, either as child or as sibling. * The element name is in the same namespace as the root node's name. * The element may optionally include one attribute; if no attribute * is desired then pass 'NULL'. * * Example with attribute: * node_id.name="foo"; node.value="bar"; * attribute.name="attr"; attribute.value="Zar"; * Result : <ns:foo attr="Zar">bar</ns:foo> * * @param env * @param root_node * @param node_id * node_id.name: name of element to be added, * node_id.value: text of element * @param attribute optional Name_value pair for setting an attribute, * may be NULL. * @param sibling 1: add as sibling, 0: add as child. * @param whitespace: whitespace added before the newly added element (the * newly added element is indented by this space. * @return ptr to the the newly added node. */ static axiom_node_t *rp_add_node( const axutil_env_t *env, axiom_node_t *root_node, Name_value *node_id, Name_value *attribute, int sibling, const axis2_char_t *whitespace ) { sp_add_whspace(env, root_node, whitespace); axiom_namespace_t * ns = rp_get_namespace (env, root_node); axiom_node_t *new_node = axiom_node_create(env); axiom_element_t *new_ele = axiom_element_create(env, NULL, node_id->name, ns, &new_node); if (NULL != node_id->value) { axiom_element_set_text(new_ele, env, node_id->value, new_node); } if (NULL != attribute) { axiom_attribute_t *attr = axiom_attribute_create (env, attribute->name, attribute->value, NULL); axiom_element_add_attribute (new_ele, env, attr, new_node); } axis2_status_t success = ( sibling ? axiom_node_insert_sibling_after (root_node, env, new_node) : axiom_node_add_child (root_node, env, new_node) ); if (AXIS2_SUCCESS != success) { rp_log_error(env, "*** S2P(%s:%d): Failed to add node name='%s'\n", __FILE__, __LINE__, node_id->name); } return new_node; }
/*Public functions*/ AXIS2_EXTERN axis2_status_t AXIS2_CALL rampart_shb_ensure_sec_header_order(const axutil_env_t *env, axis2_msg_ctx_t *msg_ctx, rampart_context_t *rampart_context, axiom_node_t* sec_node) { axis2_bool_t signature_protection = AXIS2_FALSE; axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE; axiom_node_t *sig_node = NULL; axiom_node_t *enc_key_node = NULL; axiom_node_t *ref_list_node = NULL; axiom_node_t *h_node = NULL; axutil_array_list_t *dk_list = NULL; axutil_array_list_t *enc_key_list = NULL; axiom_node_t* first_protection_item = NULL; int i = 0; signature_protection = rampart_context_is_encrypt_signature(rampart_context, env); is_encrypt_before_sign = rampart_context_is_encrypt_before_sign(rampart_context, env); dk_list = axutil_array_list_create(env, 5); enc_key_list = axutil_array_list_create(env, 2); h_node = axiom_node_get_first_child(sec_node, env); while(h_node) { if(0 == axutil_strcmp(OXS_NODE_DERIVED_KEY_TOKEN, axiom_util_get_localname(h_node, env)) || (0 == axutil_strcmp(OXS_NODE_BINARY_SECURITY_TOKEN, axiom_util_get_localname(h_node, env)))) { axutil_array_list_add(dk_list, env, h_node); } else if((0 == axutil_strcmp(OXS_NODE_ENCRYPTED_KEY, axiom_util_get_localname(h_node, env))) || (0 == axutil_strcmp(OXS_NODE_SECURITY_CONTEXT_TOKEN, axiom_util_get_localname(h_node, env)))) { axutil_array_list_add(enc_key_list, env, h_node); } h_node = axiom_node_get_next_sibling(h_node, env); } ref_list_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL); sig_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL); /*Ensure the protection order in the header*/ if(sig_node && ref_list_node) { if(is_encrypt_before_sign) { int no_of_sig_node = 0; /*Encrypt->Sig <Sig><RefList>*/ oxs_axiom_interchange_nodes(env, sig_node, ref_list_node ); first_protection_item = sig_node; no_of_sig_node = oxs_axiom_get_number_of_children_with_qname(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL); if(no_of_sig_node > 1) { axiom_node_t* cur_node = NULL; cur_node = axiom_node_get_first_child(sec_node, env); while(cur_node) { axis2_char_t *cur_local_name = NULL; cur_local_name = axiom_util_get_localname(cur_node, env); if(0 == axutil_strcmp(cur_local_name, OXS_NODE_SIGNATURE)) { oxs_axiom_interchange_nodes(env, cur_node, ref_list_node); } cur_node = axiom_node_get_next_sibling(cur_node, env); } } } else { /*Sig->Encrypt <RefList> <Sig>*/ oxs_axiom_interchange_nodes(env, ref_list_node, sig_node ); first_protection_item = ref_list_node; } } else if(sig_node) { first_protection_item = sig_node; } else { first_protection_item = ref_list_node; } /*makesure enc_key_node is appearing before first protection item*/ if(first_protection_item) { for(i = 0; i < axutil_array_list_size(enc_key_list, env); i++) { axiom_node_t *tmp_node = NULL; tmp_node = (axiom_node_t*)axutil_array_list_get(enc_key_list, env, i); enc_key_node = axiom_node_detach_without_namespaces(tmp_node, env); axiom_node_insert_sibling_before(first_protection_item, env, enc_key_node); } } /* * If there are derived keys, make sure they come after the EncryptedKey/security context token 1. First we get all the derived keys 2. Then we attach after the EncryptedKey(hidden sessionkey)/security context token 3. If key is not available, then attach derived keys before sig_node and ref_list_node (whichever is first) */ if(enc_key_node) { for(i = 0; i < axutil_array_list_size(dk_list, env); i++) { axiom_node_t *dk_node = NULL; axiom_node_t *tmp_node = NULL; dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i); tmp_node = axiom_node_detach(dk_node, env); axiom_node_insert_sibling_after(enc_key_node, env, tmp_node); } } else { if(first_protection_item) { for(i = 0; i < axutil_array_list_size(dk_list, env); i++) { axiom_node_t *dk_node = NULL; axiom_node_t *tmp_node = NULL; dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i); tmp_node = axiom_node_detach(dk_node, env); axiom_node_insert_sibling_before(first_protection_item, env, tmp_node); } } } axutil_array_list_free(dk_list, env); axutil_array_list_free(enc_key_list, env); return AXIS2_SUCCESS; }