Esempi in C++ (Cpp) per rampart_saml_token_set_session_key

Esempio n. 1

File: echo.c Progetto: MI-LA01/kt_wso2-php5.3

axiom_node_t *  AXIS2_CALL
create_key_info(const axutil_env_t *env, rampart_saml_token_t *saml)
{
    axiom_node_t *key_info = NULL;
    oxs_key_t *session_key = NULL;
    axis2_status_t status = AXIS2_FAILURE;
    oxs_asym_ctx_t * asym_ctx = NULL;
    axis2_char_t *key_info_str = NULL;
	oxs_x509_cert_t *cert = NULL;
    /* Set the receiver certificate file. This public key will be used to encrypt the session key.*/
    axis2_char_t *certificate_file = axutil_stracat(env, axis2c_home, RECEIVER_CERTIFICATE_FILE);

    session_key = oxs_key_create(env);
    status = oxs_key_for_algo(session_key, env, NULL);    

    key_info = oxs_token_build_key_info_element(env, NULL);

    /* Create the asym_ctx_t and populate it.*/
    asym_ctx = oxs_asym_ctx_create(env);
    oxs_asym_ctx_set_algorithm(asym_ctx, env, OXS_HREF_RSA_PKCS1);
    oxs_asym_ctx_set_operation(asym_ctx, env,
                               OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);

	cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
	if (!cert)
	{
		AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
                            "Certificate cannot be loaded");
		return NULL;
	}
	oxs_asym_ctx_set_certificate(asym_ctx, env, cert);
    status = oxs_xml_enc_encrypt_key(env,
                            asym_ctx,
                            key_info,
                            session_key,
                            NULL);
	rampart_saml_token_set_session_key(saml, env, session_key);
    key_info_str = axiom_node_to_string(key_info, env);
    return key_info;
}

Esempio n. 2

File: rampart_token_processor.c Progetto: alexis-gruet/kt_rampart

/**
 * extract certificate/key using key identifier
 */
static axis2_status_t
rampart_token_process_key_identifier(
    const axutil_env_t *env,
    axiom_node_t *key_identifier_node,
    axiom_node_t *scope_node,
    axiom_node_t *str_node,
    rampart_context_t *rampart_context,
    axis2_bool_t is_signature,
    oxs_x509_cert_t **cert,
    oxs_key_t **key,
    axis2_char_t **token_type)
{
    axis2_char_t *value_type = NULL;
    value_type = oxs_axiom_get_attribute_value_of_node_by_name(env, key_identifier_node,
        OXS_ATTR_VALUE_TYPE, NULL);

    if(axutil_strcmp(value_type, OXS_X509_SUBJ_KI) == 0)/* X509 Token */
    {
        /* In the client side, it is preferred to use certificate files instead of key store,
         * because one client normally interact with only one service. To handle this scenario,
         * if we found receiver certificate file specified in rampart_context we directly call the
         * get_reciever_certificate.
         */
        *cert = rampart_context_get_receiver_certificate(rampart_context, env);
        if(!*cert)
        {
            axis2_char_t *ski = NULL;
            oxs_key_mgr_t *key_mgr = NULL;
            key_mgr = rampart_context_get_key_mgr(rampart_context, env);
            ski = oxs_axiom_get_node_content(env, key_identifier_node);
            *cert = oxs_key_mgr_get_receiver_certificate_from_ski(key_mgr, env, ski);
            if(!*cert)
            {
                AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
                    "Cannot retrieve certificate using key identifier");
                return AXIS2_FAILURE;
            }
        }
    }
    else if(axutil_strcmp(value_type, OXS_X509_ENCRYPTED_KEY_SHA1) == 0) /* EncryptedKey */
    {
        axis2_char_t *hash_value = NULL;
        hash_value = oxs_axiom_get_node_content(env, key_identifier_node);
        if(!hash_value)
        {
            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Failed to get value of EncryptedKeySHA1");
            return AXIS2_FAILURE;
        }

        *key = rampart_context_get_key_using_hash(rampart_context, env, hash_value);
        if(!*key)
        {
            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
                "Cannot get key corresponding to EncryptedKeySHA1");
            return AXIS2_FAILURE;
        }
    }
    else if(axutil_strcmp(value_type, OXS_ST_KEY_ID_VALUE_TYPE) == 0) /* SAML token reference */
    {
        axiom_node_t *assertion = NULL;
        rampart_saml_token_t *saml = NULL;
        rampart_st_type_t tok_type;
        oxs_key_mgr_t *key_mgr = NULL;
        openssl_pkey_t *pvt_key = NULL;

        key_mgr = rampart_context_get_key_mgr(rampart_context, env);
        pvt_key = oxs_key_mgr_get_prv_key(key_mgr, env);
        if(!pvt_key)
        {
            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Cannot load private key");
            return AXIS2_FAILURE;
        }

        assertion = oxs_saml_token_get_from_key_identifer_reference(env, key_identifier_node, NULL);
        if(!assertion)
        {
            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Cannot get key SAML Assertion");
            return AXIS2_FAILURE;
        }
        if(is_signature)
        {
            tok_type = RAMPART_ST_TYPE_SIGNATURE_TOKEN;
        }
        else
        {
            tok_type = RAMPART_ST_TYPE_ENCRYPTION_TOKEN;
        }
        saml = rampart_saml_add_token(rampart_context, env, assertion, str_node, tok_type);
        *key = rampart_saml_token_get_session_key(saml, env);
        if(!*key)
        {
            *key = saml_assertion_get_session_key(env, assertion, pvt_key);
            rampart_saml_token_set_session_key(saml, env, *key);
            oxs_key_set_name(*key, env, "for-algo");
        }

        if(!*key)
        {
            AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Cannot get key corresponding to SAML Token");
            return AXIS2_FAILURE;
        }
    }
    else
    {
        AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "Failed to identify Key Identifier %s", value_type);
        return AXIS2_FAILURE;
    }

    return AXIS2_SUCCESS;
}