/**
* Creates <wsse:Embedded> element
*/
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_token_build_embedded_element(
const axutil_env_t *env,
axiom_node_t *parent,
axis2_char_t* id)
{
axiom_node_t *embedded_node = NULL;
axiom_element_t *embedded_ele = NULL;
axiom_attribute_t *id_attr = NULL;
int ret;
axiom_namespace_t *ns_obj = NULL;
ns_obj = axiom_namespace_create(env, OXS_WSSE_NS, OXS_WSSE);
embedded_ele = axiom_element_create(env, parent, OXS_NODE_EMBEDDED, ns_obj, &embedded_node);
if(!embedded_ele)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating embedded element.");
axiom_namespace_free(ns_obj, env);
return NULL;
}
if(!id)
{
id = oxs_util_generate_id(env,(axis2_char_t*)OXS_EMBEDDED_ID);
}
id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, NULL);
ret = axiom_element_add_attribute(embedded_ele, env, id_attr, embedded_node);
return embedded_node;
}
/**
*
* <BinarySecurityToken ID="CertID">KJDSsdlDJjsd=</BinarySecurityToken>
* <KeyInfo>
* <SecurityTokenReference>
* <Reference URI="CertID"/>
* </SecurityTokenReference>
* </KeyInfo>
*/
static axis2_status_t
oxs_xml_enc_populate_stref_with_bst(
const axutil_env_t *env,
oxs_asym_ctx_t *asym_ctx,
axiom_node_t *stref_node,
axiom_node_t *parent)
{
axiom_node_t *ref_node = NULL;
axiom_node_t *bst_node = NULL;
axis2_char_t *bst_data = NULL;
axis2_char_t *id = NULL;
axis2_char_t *ref_id = NULL;
oxs_x509_cert_t *cert = NULL;
cert = oxs_asym_ctx_get_certificate(asym_ctx, env);
bst_data = oxs_x509_cert_get_data(cert, env);
if(!bst_data)
{
return AXIS2_FAILURE;
}
/*Generate an ID for BST*/
id = oxs_util_generate_id(env, (axis2_char_t*)OXS_CERT_ID);
/*Build BinarySecurityToken as a child of parent(wsse:Security)*/
bst_node = oxs_token_build_binary_security_token_element(env, parent, id,
OXS_ENCODING_BASE64BINARY, OXS_VALUE_X509V3, bst_data);
/*Build a Reference to above BST*/
ref_id = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX, id);
ref_node = oxs_token_build_reference_element(env, stref_node, ref_id, OXS_VALUE_X509V3);
return AXIS2_SUCCESS;
}
/**
* Creates <wsc:DerivedKeyToken> element
*/
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_token_build_derived_key_token_element(
const axutil_env_t *env,
axiom_node_t *parent,
axis2_char_t* id,
axis2_char_t* algo,
axis2_char_t* wsc_ns_uri)
{
axiom_node_t *derived_key_token_node = NULL;
axiom_element_t *derived_key_token_ele = NULL;
axiom_attribute_t *algo_att = NULL;
axiom_attribute_t *id_attr = NULL;
int ret;
axiom_namespace_t *ns_obj = NULL;
axiom_namespace_t *ns = NULL;
if(!wsc_ns_uri)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Error creating %s Token element. SecConv namespace uri is not valid.",
OXS_NODE_DERIVED_KEY_TOKEN);
return NULL;
}
ns_obj = axiom_namespace_create(env, wsc_ns_uri, OXS_WSC);
ns = axiom_namespace_create(env, RAMPART_WSU_XMLNS, OXS_WSU);
derived_key_token_ele = axiom_element_create(
env, parent, OXS_NODE_DERIVED_KEY_TOKEN, ns_obj, &derived_key_token_node);
if (!derived_key_token_ele)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Error creating %s Token element", OXS_NODE_DERIVED_KEY_TOKEN);
axiom_namespace_free(ns_obj, env);
axiom_namespace_free(ns, env);
return NULL;
}
if(algo)
{
algo_att = axiom_attribute_create(env, OXS_ATTR_ALGORITHM, algo, NULL);
ret = axiom_element_add_attribute(
derived_key_token_ele, env, algo_att, derived_key_token_node);
}
if (!id)
{
id = oxs_util_generate_id(env,(axis2_char_t*)OXS_DERIVED_ID);
}
id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id,ns);
ret = axiom_element_add_attribute(derived_key_token_ele, env, id_attr, derived_key_token_node);
return derived_key_token_node;
}
/**
* Creates <xenc:EncryptedData> element
*/
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_token_build_encrypted_data_element(
const axutil_env_t *env,
axiom_node_t *parent,
axis2_char_t* type_attribute,
axis2_char_t* id)
{
axiom_node_t *encrypted_data_node = NULL;
axiom_element_t *encrypted_data_ele = NULL;
axiom_attribute_t *type_attr = NULL;
axiom_attribute_t *id_attr = NULL;
axiom_namespace_t *ns_obj = NULL;
ns_obj = axiom_namespace_create(env, OXS_ENC_NS, OXS_XENC);
encrypted_data_ele = axiom_element_create(
env, parent, OXS_NODE_ENCRYPTED_DATA, ns_obj, &encrypted_data_node);
if(!encrypted_data_ele)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating encrypted data element.");
axiom_namespace_free(ns_obj, env);
return NULL;
}
if (type_attribute)
{
type_attr = axiom_attribute_create(env, OXS_ATTR_TYPE, type_attribute, NULL);
axiom_element_add_attribute(encrypted_data_ele, env, type_attr, encrypted_data_node);
}
if(!id)
{
id = oxs_util_generate_id(env, (axis2_char_t*)OXS_ENCDATA_ID);
}
id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, NULL );
axiom_element_add_attribute(encrypted_data_ele, env, id_attr, encrypted_data_node);
return encrypted_data_node;
}
/**
* Creates <wsse:BinarySecurityToken> element
*/
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_token_build_binary_security_token_element(
const axutil_env_t *env,
axiom_node_t *parent,
axis2_char_t* id,
axis2_char_t* encoding_type,
axis2_char_t* value_type,
axis2_char_t* data)
{
axiom_node_t *binary_sec_token_node = NULL;
axiom_node_t *first_child_of_parent = NULL;
axiom_element_t *binary_security_token_ele = NULL;
axiom_attribute_t *encoding_type_att = NULL;
axiom_attribute_t *value_type_att = NULL;
axiom_attribute_t *id_attr = NULL;
axiom_namespace_t *ns_obj = NULL;
axiom_namespace_t *ns = NULL;
ns_obj = axiom_namespace_create(env, OXS_WSSE_NS, OXS_WSSE);
ns = axiom_namespace_create(env, RAMPART_WSU_XMLNS, OXS_WSU);
binary_security_token_ele = axiom_element_create(env, parent, OXS_NODE_BINARY_SECURITY_TOKEN,
ns_obj, &binary_sec_token_node);
if(!binary_security_token_ele)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating %s element.",
OXS_NODE_BINARY_SECURITY_TOKEN);
axiom_namespace_free(ns_obj, env);
axiom_namespace_free(ns, env);
return NULL;
}
/* Binary security token must be added as the first child of the paretn */
binary_sec_token_node = axiom_node_detach_without_namespaces(binary_sec_token_node, env);
first_child_of_parent = axiom_node_get_first_element(parent, env);
if(first_child_of_parent)
{
/* If there is a child add bst before it */
axiom_node_insert_sibling_before(first_child_of_parent, env, binary_sec_token_node);
}
else
{
/* If there are no children just add the bst */
axiom_node_add_child(parent, env, binary_sec_token_node);
}
if(!id)
{
id = oxs_util_generate_id(env, (axis2_char_t*)OXS_CERT_ID);
}
id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, ns);
encoding_type_att = axiom_attribute_create(env, OXS_ATTR_ENCODING_TYPE, encoding_type, NULL);
value_type_att = axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE, value_type, NULL);
axiom_element_add_attribute(binary_security_token_ele, env, id_attr,
binary_sec_token_node);
axiom_element_add_attribute(binary_security_token_ele, env, encoding_type_att,
binary_sec_token_node);
axiom_element_add_attribute(binary_security_token_ele, env, value_type_att,
binary_sec_token_node);
if(data)
{
axiom_element_set_text(binary_security_token_ele, env, data,
binary_sec_token_node);
}
return binary_sec_token_node;
}
axis2_status_t sign(axutil_env_t *env,
axis2_char_t *filename,
openssl_pkey_t *prvkey ,
oxs_x509_cert_t *cert)
{
axis2_char_t *signed_result = NULL;
axis2_char_t *signed_filename = "result-sign.xml";
axiom_node_t *node = NULL;
axiom_node_t *tmpl = NULL;
oxs_sign_part_t *sign_part = NULL;
oxs_sign_ctx_t *sign_ctx = NULL;
oxs_transform_t *tr = NULL;
axutil_array_list_t *sign_parts = NULL;
axutil_array_list_t *tr_list = NULL;
axis2_char_t *id = NULL;
axis2_status_t status = AXIS2_FAILURE;
FILE *outf;
tmpl = load_sample_xml(env , tmpl, filename);
if (tmpl)
{
printf("load_sample_xml SUCCESS\n");
}
else
{
printf("load_sample_xml FAILED");
return -1;
}
/*Sign specific*/
sign_part = oxs_sign_part_create(env);
tr_list = axutil_array_list_create(env, 1);
/*We need C14N transform*/
tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N);
axutil_array_list_add(tr_list, env, tr);
oxs_sign_part_set_transforms(sign_part, env, tr_list);
/*We need to sign this node add an ID to it*/
node = axiom_node_get_first_element(tmpl, env);
id = /*"Sig-ID-EFG";*/ oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID);
oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS, OXS_ATTR_ID, id);
status = oxs_sign_part_set_node(sign_part, env,node);
status = oxs_sign_part_set_digest_mtd(sign_part, env, OXS_HREF_SHA1);
sign_parts = axutil_array_list_create(env, 1);
axutil_array_list_add(sign_parts, env, sign_part);
sign_ctx = oxs_sign_ctx_create(env);
if(sign_ctx){
axiom_node_t *sig_node = NULL;
oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
/*Set sig algo*/
oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1);
/*Set C14N method*/
oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N);
/*Set sig parts*/
oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts);
/*Set the operation*/
oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN);
/*Sign*/
oxs_xml_sig_sign(env, sign_ctx, tmpl, &sig_node);
/*Finally build KeyInfo*/
oxs_xml_key_info_build(env, sig_node, cert, OXS_KIBP_X509DATA_X509CERTIFICATE);
}else{
printf("Sign ctx creation failed");
}
signed_result = axiom_node_to_string(tmpl, env) ;
outf = fopen(signed_filename, "wb");
fwrite(signed_result, 1, axutil_strlen(signed_result), outf);
return AXIS2_SUCCESS;
}
