/** * moves the given node before second node. * @param env Environment. Must not be null * @param node_to_move node to be moved * @param node_before node_to_move will be moved before this node * @return status of the operation */ AXIS2_EXTERN axis2_status_t AXIS2_CALL oxs_axiom_interchange_nodes( const axutil_env_t *env, axiom_node_t *node_to_move, axiom_node_t *node_before) { axis2_status_t status = AXIS2_FAILURE; axiom_node_t *temp_node = NULL; temp_node = axiom_node_detach_without_namespaces(node_to_move,env); status = axiom_node_insert_sibling_before(node_before, env, temp_node); return status; }
/** * Creates <wsse:BinarySecurityToken> element */ AXIS2_EXTERN axiom_node_t* AXIS2_CALL oxs_token_build_binary_security_token_element( const axutil_env_t *env, axiom_node_t *parent, axis2_char_t* id, axis2_char_t* encoding_type, axis2_char_t* value_type, axis2_char_t* data) { axiom_node_t *binary_sec_token_node = NULL; axiom_node_t *first_child_of_parent = NULL; axiom_element_t *binary_security_token_ele = NULL; axiom_attribute_t *encoding_type_att = NULL; axiom_attribute_t *value_type_att = NULL; axiom_attribute_t *id_attr = NULL; axiom_namespace_t *ns_obj = NULL; axiom_namespace_t *ns = NULL; ns_obj = axiom_namespace_create(env, OXS_WSSE_NS, OXS_WSSE); ns = axiom_namespace_create(env, RAMPART_WSU_XMLNS, OXS_WSU); binary_security_token_ele = axiom_element_create(env, parent, OXS_NODE_BINARY_SECURITY_TOKEN, ns_obj, &binary_sec_token_node); if(!binary_security_token_ele) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating %s element.", OXS_NODE_BINARY_SECURITY_TOKEN); axiom_namespace_free(ns_obj, env); axiom_namespace_free(ns, env); return NULL; } /* Binary security token must be added as the first child of the paretn */ binary_sec_token_node = axiom_node_detach_without_namespaces(binary_sec_token_node, env); first_child_of_parent = axiom_node_get_first_element(parent, env); if(first_child_of_parent) { /* If there is a child add bst before it */ axiom_node_insert_sibling_before(first_child_of_parent, env, binary_sec_token_node); } else { /* If there are no children just add the bst */ axiom_node_add_child(parent, env, binary_sec_token_node); } if(!id) { id = oxs_util_generate_id(env, (axis2_char_t*)OXS_CERT_ID); } id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, ns); encoding_type_att = axiom_attribute_create(env, OXS_ATTR_ENCODING_TYPE, encoding_type, NULL); value_type_att = axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE, value_type, NULL); axiom_element_add_attribute(binary_security_token_ele, env, id_attr, binary_sec_token_node); axiom_element_add_attribute(binary_security_token_ele, env, encoding_type_att, binary_sec_token_node); axiom_element_add_attribute(binary_security_token_ele, env, value_type_att, binary_sec_token_node); if(data) { axiom_element_set_text(binary_security_token_ele, env, data, binary_sec_token_node); } return binary_sec_token_node; }
/*Public functions*/ AXIS2_EXTERN axis2_status_t AXIS2_CALL rampart_shb_ensure_sec_header_order(const axutil_env_t *env, axis2_msg_ctx_t *msg_ctx, rampart_context_t *rampart_context, axiom_node_t* sec_node) { axis2_bool_t signature_protection = AXIS2_FALSE; axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE; axiom_node_t *sig_node = NULL; axiom_node_t *enc_key_node = NULL; axiom_node_t *ref_list_node = NULL; axiom_node_t *h_node = NULL; axutil_array_list_t *dk_list = NULL; axutil_array_list_t *enc_key_list = NULL; axiom_node_t* first_protection_item = NULL; int i = 0; signature_protection = rampart_context_is_encrypt_signature(rampart_context, env); is_encrypt_before_sign = rampart_context_is_encrypt_before_sign(rampart_context, env); dk_list = axutil_array_list_create(env, 5); enc_key_list = axutil_array_list_create(env, 2); h_node = axiom_node_get_first_child(sec_node, env); while(h_node) { if(0 == axutil_strcmp(OXS_NODE_DERIVED_KEY_TOKEN, axiom_util_get_localname(h_node, env)) || (0 == axutil_strcmp(OXS_NODE_BINARY_SECURITY_TOKEN, axiom_util_get_localname(h_node, env)))) { axutil_array_list_add(dk_list, env, h_node); } else if((0 == axutil_strcmp(OXS_NODE_ENCRYPTED_KEY, axiom_util_get_localname(h_node, env))) || (0 == axutil_strcmp(OXS_NODE_SECURITY_CONTEXT_TOKEN, axiom_util_get_localname(h_node, env)))) { axutil_array_list_add(enc_key_list, env, h_node); } h_node = axiom_node_get_next_sibling(h_node, env); } ref_list_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL); sig_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL); /*Ensure the protection order in the header*/ if(sig_node && ref_list_node) { if(is_encrypt_before_sign) { int no_of_sig_node = 0; /*Encrypt->Sig <Sig><RefList>*/ oxs_axiom_interchange_nodes(env, sig_node, ref_list_node ); first_protection_item = sig_node; no_of_sig_node = oxs_axiom_get_number_of_children_with_qname(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL); if(no_of_sig_node > 1) { axiom_node_t* cur_node = NULL; cur_node = axiom_node_get_first_child(sec_node, env); while(cur_node) { axis2_char_t *cur_local_name = NULL; cur_local_name = axiom_util_get_localname(cur_node, env); if(0 == axutil_strcmp(cur_local_name, OXS_NODE_SIGNATURE)) { oxs_axiom_interchange_nodes(env, cur_node, ref_list_node); } cur_node = axiom_node_get_next_sibling(cur_node, env); } } } else { /*Sig->Encrypt <RefList> <Sig>*/ oxs_axiom_interchange_nodes(env, ref_list_node, sig_node ); first_protection_item = ref_list_node; } } else if(sig_node) { first_protection_item = sig_node; } else { first_protection_item = ref_list_node; } /*makesure enc_key_node is appearing before first protection item*/ if(first_protection_item) { for(i = 0; i < axutil_array_list_size(enc_key_list, env); i++) { axiom_node_t *tmp_node = NULL; tmp_node = (axiom_node_t*)axutil_array_list_get(enc_key_list, env, i); enc_key_node = axiom_node_detach_without_namespaces(tmp_node, env); axiom_node_insert_sibling_before(first_protection_item, env, enc_key_node); } } /* * If there are derived keys, make sure they come after the EncryptedKey/security context token 1. First we get all the derived keys 2. Then we attach after the EncryptedKey(hidden sessionkey)/security context token 3. If key is not available, then attach derived keys before sig_node and ref_list_node (whichever is first) */ if(enc_key_node) { for(i = 0; i < axutil_array_list_size(dk_list, env); i++) { axiom_node_t *dk_node = NULL; axiom_node_t *tmp_node = NULL; dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i); tmp_node = axiom_node_detach(dk_node, env); axiom_node_insert_sibling_after(enc_key_node, env, tmp_node); } } else { if(first_protection_item) { for(i = 0; i < axutil_array_list_size(dk_list, env); i++) { axiom_node_t *dk_node = NULL; axiom_node_t *tmp_node = NULL; dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i); tmp_node = axiom_node_detach(dk_node, env); axiom_node_insert_sibling_before(first_protection_item, env, tmp_node); } } } axutil_array_list_free(dk_list, env); axutil_array_list_free(enc_key_list, env); return AXIS2_SUCCESS; }