axis2_status_t verify(axutil_env_t *env,
axis2_char_t *filename,
openssl_pkey_t *prvkey ,
oxs_x509_cert_t *cert)
{
oxs_sign_ctx_t *sign_ctx = NULL;
axiom_node_t *tmpl = NULL;
axis2_status_t status = AXIS2_FAILURE;
tmpl = load_sample_xml(env , tmpl, filename);
printf("File : \n%s\n", axiom_node_to_string(tmpl, env));
sign_ctx = oxs_sign_ctx_create(env);
if(sign_ctx){
axiom_node_t *sig_node = NULL;
/*Set the operation*/
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_VERIFY);
sig_node = oxs_axiom_get_first_child_node_by_name(env, tmpl,
OXS_NODE_SIGNATURE, OXS_DSIG_NS, OXS_DS );
if(!sig_node){
printf("Verification : Cannot find ds:Signature node\n");
return AXIS2_FAILURE;
}
/**If the certificate is not given check key information*/
if(!cert){
axiom_node_t *ki_node = NULL;
axiom_node_t *x509_node = NULL;
ki_node = oxs_axiom_get_first_child_node_by_name(env, sig_node, OXS_NODE_KEY_INFO, OXS_DSIG_NS, OXS_DS);
x509_node = oxs_axiom_get_first_child_node_by_name(env, ki_node, OXS_NODE_X509_DATA, OXS_DSIG_NS, OXS_DS);
cert = oxs_x509_cert_create(env);
printf("No certificate is given. Fetching certificate from the KeyInfo\n");
status = oxs_xml_key_process_X509Data(env, x509_node, cert);
if(AXIS2_FAILURE == status){
printf("Error reading KeyInfo\n");
return AXIS2_FAILURE;
}
}
/*Set certificate*/
if(cert){
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
}else{
printf("Certificate is NULL\n");
return AXIS2_FAILURE;
}
/*Verify*/
status = oxs_xml_sig_verify(env, sign_ctx, sig_node, tmpl);
if(AXIS2_SUCCESS != status){
printf("\nSignature Failed :-(\n");
}else{
printf("\nSignature Verified :-)\n");
}
}
return status;
}
rampart_saml_token_t * AXIS2_CALL
create_saml_token(const axutil_env_t *env)
{
oxs_sign_ctx_t *sign_ctx = NULL;
oxs_x509_cert_t *cert = NULL;
openssl_pkey_t *prv_key = NULL;
rampart_saml_token_t *saml = NULL;
axutil_date_time_t *time = NULL;
saml_assertion_t *assertion = NULL;
axiom_node_t *node = NULL;
axis2_char_t *prv_key_file = NULL;
axis2_char_t *certificate_file = NULL;
/*
* Create a rampart_saml_token_t to give to the Rampart/C
* Here the token type is protection token.
*/
saml = rampart_saml_token_create(env, NULL, RAMPART_ST_CONFIR_TYPE_HOLDER_OF_KEY);
time = axutil_date_time_create(env);
assertion = saml_assertion_create(env);
if (assertion)
{
saml_assertion_set_minor_version(assertion, env, 1);
saml_assertion_set_issue_instant(assertion, env, time);
saml_assertion_set_issuer(assertion, env, "http://ws.apache.org/rampart/c");
saml_assertion_add_condition(assertion, env, create_condition(env));
saml_assertion_set_not_before(assertion, env, axutil_date_time_create(env));
saml_assertion_add_statement(assertion, env, create_auth_statement(env, saml));
}
/* Load the private key from file*/
prv_key_file = axutil_stracat(env, axis2c_home, PRIVATE_KEY_FILE);
certificate_file = axutil_stracat(env, axis2c_home, CERTIFICATE_FILE);
prv_key = oxs_key_mgr_load_private_key_from_pem_file(env, prv_key_file, PRIVATE_KEY_PASSWORD);
cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
sign_ctx = oxs_sign_ctx_create(env);
saml_util_set_sig_ctx_defaults(sign_ctx, env, "AssertionID");
oxs_sign_ctx_set_private_key(sign_ctx, env, prv_key);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
saml_assertion_set_signature(assertion, env, sign_ctx);
node = saml_assertion_to_om(assertion, NULL, env);
rampart_saml_token_set_assertion(saml, env, node);
rampart_saml_token_set_token_type(saml, env, RAMPART_ST_TYPE_PROTECTION_TOKEN);
saml_assertion_free(assertion, env);
return saml;
}
axis2_status_t sign(axutil_env_t *env,
axis2_char_t *filename,
openssl_pkey_t *prvkey ,
oxs_x509_cert_t *cert)
{
axis2_char_t *signed_result = NULL;
axis2_char_t *signed_filename = "result-sign.xml";
axiom_node_t *node = NULL;
axiom_node_t *tmpl = NULL;
oxs_sign_part_t *sign_part = NULL;
oxs_sign_ctx_t *sign_ctx = NULL;
oxs_transform_t *tr = NULL;
axutil_array_list_t *sign_parts = NULL;
axutil_array_list_t *tr_list = NULL;
axis2_char_t *id = NULL;
axis2_status_t status = AXIS2_FAILURE;
FILE *outf;
tmpl = load_sample_xml(env , tmpl, filename);
if (tmpl)
{
printf("load_sample_xml SUCCESS\n");
}
else
{
printf("load_sample_xml FAILED");
return -1;
}
/*Sign specific*/
sign_part = oxs_sign_part_create(env);
tr_list = axutil_array_list_create(env, 1);
/*We need C14N transform*/
tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
axutil_array_list_add(tr_list, env, tr);
oxs_sign_part_set_transforms(sign_part, env, tr_list);
/*We need to sign this node add an ID to it*/
node = axiom_node_get_first_element(tmpl, env);
id = /*"Sig-ID-EFG";*/ oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID);
oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS, OXS_ATTR_ID, id);
status = oxs_sign_part_set_node(sign_part, env,node);
status = oxs_sign_part_set_digest_mtd(sign_part, env, OXS_HREF_SHA1);
sign_parts = axutil_array_list_create(env, 1);
axutil_array_list_add(sign_parts, env, sign_part);
sign_ctx = oxs_sign_ctx_create(env);
if(sign_ctx){
axiom_node_t *sig_node = NULL;
oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
/*Set sig algo*/
oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
/*Set C14N method*/
oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
/*Set sig parts*/
oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
/*Set the operation*/
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
/*Sign*/
oxs_xml_sig_sign(env, sign_ctx, tmpl, &sig_node);
/*Finally build KeyInfo*/
oxs_xml_key_info_build(env, sig_node, cert, OXS_KIBP_X509DATA_X509CERTIFICATE);
}else{
printf("Sign ctx creation failed");
}
signed_result = axiom_node_to_string(tmpl, env) ;
outf = fopen(signed_filename, "wb");
fwrite(signed_result, 1, axutil_strlen(signed_result), outf);
return AXIS2_SUCCESS;
}