/**
* Traverse thru the node and its descendents. Check if the localname is equal to the given name
* @param env Environment. MUST NOT be NULL,
* @param node the node to be searched
* @param localname the local name of the node to be searched
* @return the node if found, else NULL
*/
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_axiom_get_node_by_local_name(
const axutil_env_t *env,
axiom_node_t *node,
axis2_char_t *local_name)
{
axis2_char_t *temp_name = NULL;
if(!node)
{
return NULL;
}
if(axiom_node_get_node_type(node, env) != AXIOM_ELEMENT)
{
return NULL;
}
temp_name = axiom_util_get_localname(node, env);
AXIS2_LOG_DEBUG(env->log, AXIS2_LOG_SI,
"[rampart]Checking node %s for %s", temp_name, local_name );
if(!axutil_strcmp(temp_name, local_name))
{
/* Gottcha.. return this node */
return node;
}
else
{
/* Doesn't match? Get the children and search for them */
axiom_node_t *temp_node = NULL;
temp_node = axiom_node_get_first_element(node, env);
while(temp_node)
{
axiom_node_t *res_node = NULL;
res_node = oxs_axiom_get_node_by_local_name(env, temp_node, local_name);
if(res_node)
{
return res_node;
}
temp_node = axiom_node_get_next_sibling(temp_node, env);
}
}
return NULL;
}
axis2_status_t AXIS2_CALL
rampart_shb_do_asymmetric_binding( const axutil_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_context_t *rampart_context,
axiom_soap_envelope_t *soap_envelope,
axiom_node_t *sec_node,
axiom_namespace_t *sec_ns_obj,
axutil_array_list_t *sign_parts_list)
{
axis2_bool_t signature_protection = AXIS2_FALSE;
axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
axis2_status_t status = AXIS2_SUCCESS;
axiom_node_t *sig_node = NULL;
axiom_node_t *enc_key_node = NULL;
/*Do Asymmetric Binding specific things*/
signature_protection = rampart_context_is_encrypt_signature(rampart_context, env);
/*Check the encryption and signature order*/
if(rampart_context_is_encrypt_before_sign(rampart_context, env))
{
is_encrypt_before_sign = AXIS2_TRUE;
/*If signature_protection=> <sp:EncryptSignature/> is ON*/
if(signature_protection)
{
/*First Encrypt the parts specified in encrypted parts*/
status = rampart_enc_encrypt_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Encryption failed. ERROR");
return AXIS2_FAILURE;
}
/*Add a key reference in Encrypted Data in the Body*/
status = rampart_enc_add_key_info(env, msg_ctx, rampart_context, soap_envelope, sec_node);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Cannot add Key information");
return AXIS2_FAILURE;
}
/*Then Sign the message*/
status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Signing failed. ERROR");
return AXIS2_FAILURE;
}
/*Then encrypt the signature */
status = rampart_enc_encrypt_signature(env, msg_ctx, rampart_context, soap_envelope, sec_node);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Encrypt signature failed. ERROR");
return AXIS2_FAILURE;
}
}
else /*No Signature protection*/
{
status = rampart_enc_encrypt_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
if(status != AXIS2_SUCCESS){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Encryption failed. ERROR");
return AXIS2_FAILURE;
}
/*Then do signature specific things*/
status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Signature failed. ERROR");
return AXIS2_FAILURE;
}
}
/*Then Handle Supporting token stuff */
}
else /*Sign before encrypt*/
{
is_encrypt_before_sign = AXIS2_FALSE;
/*First do signature specific stuff*/
status = rampart_sig_sign_message(env, msg_ctx, rampart_context, soap_envelope, sec_node, sign_parts_list);
if(status != AXIS2_SUCCESS){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Signing failed. ERROR");
return AXIS2_FAILURE;
}
/*Then Handle Encryption stuff*/
status = rampart_enc_encrypt_message(env, msg_ctx, rampart_context, soap_envelope, sec_node);
if(status!=AXIS2_SUCCESS ){
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart][shb] Encryption failed. ERROR");
return AXIS2_FAILURE;
}
}
/*If both encryption and signature is done we should interchange them.
* because the action done last should appear first in the header. */
sig_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_SIGNATURE);
enc_key_node = oxs_axiom_get_node_by_local_name(env,sec_node,OXS_NODE_ENCRYPTED_KEY);
if(sig_node && enc_key_node)
{
if(is_encrypt_before_sign)
{
status = oxs_axiom_interchange_nodes(env, sig_node, enc_key_node);
if(status!=AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Node interchange failed.");
return status;
}
}
else /*Sign before encryption*/
{
status = oxs_axiom_interchange_nodes(env, enc_key_node, sig_node);
if(status!=AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart][shb] Node interchange failed.");
return status;
}
}
}else if(enc_key_node && signature_protection)
{
if(!is_encrypt_before_sign)
{
axiom_node_t *enc_data_node = NULL;
enc_data_node = oxs_axiom_get_node_by_local_name(env, sec_node, OXS_NODE_ENCRYPTED_DATA);
if(!enc_data_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][shb]Signature is not encrypted,");
return AXIS2_FAILURE;
}
else
{
status = oxs_axiom_interchange_nodes(env, enc_key_node, enc_data_node);
if(status != AXIS2_SUCCESS)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,"[rampart][shb]Cannot interchange enc_key and enc_data nodes");
return AXIS2_FAILURE;
}
}
}
}
return AXIS2_SUCCESS;
}
AXIS2_EXTERN oxs_key_t * AXIS2_CALL
saml_assertion_get_session_key(const axutil_env_t *env, axiom_node_t *assertion,
openssl_pkey_t *pvt_key)
{
axiom_node_t *encrypted_key_node = NULL;
axiom_node_t *enc_mtd_node = NULL;
axis2_char_t *enc_asym_algo = NULL;
oxs_asym_ctx_t *asym_ctx = NULL;
oxs_key_t *decrypted_sym_key = NULL;
axis2_status_t status = AXIS2_FAILURE;
if (!pvt_key)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[oxs][saml] Private key not specified");
return NULL;
}
encrypted_key_node = oxs_axiom_get_node_by_local_name(env, assertion, OXS_NODE_ENCRYPTED_KEY);
if (!encrypted_key_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[oxs][saml] Encrypted key cannot be found");
return NULL;
}
enc_mtd_node = oxs_axiom_get_first_child_node_by_name(
env, encrypted_key_node, OXS_NODE_ENCRYPTION_METHOD, OXS_ENC_NS, NULL);
if (!enc_mtd_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[oxs][saml] EncryptedKey node cannot be found");
return NULL;
}
enc_asym_algo = oxs_token_get_encryption_method(env, enc_mtd_node);
if (!enc_asym_algo)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[oxs][saml] Encryption Algorithm cannot be found");
return NULL;
}
asym_ctx = oxs_asym_ctx_create(env);
oxs_asym_ctx_set_algorithm(asym_ctx, env, enc_asym_algo);
oxs_asym_ctx_set_private_key(asym_ctx, env, pvt_key);
oxs_asym_ctx_set_operation(asym_ctx, env, OXS_ASYM_CTX_OPERATION_PRV_DECRYPT);
decrypted_sym_key = oxs_key_create(env);
/*Call decrypt for the EncryptedKey*/
status = oxs_xml_enc_decrypt_key(env, asym_ctx,
NULL, encrypted_key_node, decrypted_sym_key);
if (status == AXIS2_FAILURE)
{
oxs_key_free(decrypted_sym_key, env);
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[oxs][saml] Decryption failed in SAML encrypted key");
return NULL;
}
return decrypted_sym_key;
}
