/** * Creates <wsse:Embedded> element */ AXIS2_EXTERN axiom_node_t* AXIS2_CALL oxs_token_build_embedded_element( const axutil_env_t *env, axiom_node_t *parent, axis2_char_t* id) { axiom_node_t *embedded_node = NULL; axiom_element_t *embedded_ele = NULL; axiom_attribute_t *id_attr = NULL; int ret; axiom_namespace_t *ns_obj = NULL; ns_obj = axiom_namespace_create(env, OXS_WSSE_NS, OXS_WSSE); embedded_ele = axiom_element_create(env, parent, OXS_NODE_EMBEDDED, ns_obj, &embedded_node); if(!embedded_ele) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating embedded element."); axiom_namespace_free(ns_obj, env); return NULL; } if(!id) { id = oxs_util_generate_id(env,(axis2_char_t*)OXS_EMBEDDED_ID); } id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, NULL); ret = axiom_element_add_attribute(embedded_ele, env, id_attr, embedded_node); return embedded_node; }
/** * * <BinarySecurityToken ID="CertID">KJDSsdlDJjsd=</BinarySecurityToken> * <KeyInfo> * <SecurityTokenReference> * <Reference URI="CertID"/> * </SecurityTokenReference> * </KeyInfo> */ static axis2_status_t oxs_xml_enc_populate_stref_with_bst( const axutil_env_t *env, oxs_asym_ctx_t *asym_ctx, axiom_node_t *stref_node, axiom_node_t *parent) { axiom_node_t *ref_node = NULL; axiom_node_t *bst_node = NULL; axis2_char_t *bst_data = NULL; axis2_char_t *id = NULL; axis2_char_t *ref_id = NULL; oxs_x509_cert_t *cert = NULL; cert = oxs_asym_ctx_get_certificate(asym_ctx, env); bst_data = oxs_x509_cert_get_data(cert, env); if(!bst_data) { return AXIS2_FAILURE; } /*Generate an ID for BST*/ id = oxs_util_generate_id(env, (axis2_char_t*)OXS_CERT_ID); /*Build BinarySecurityToken as a child of parent(wsse:Security)*/ bst_node = oxs_token_build_binary_security_token_element(env, parent, id, OXS_ENCODING_BASE64BINARY, OXS_VALUE_X509V3, bst_data); /*Build a Reference to above BST*/ ref_id = axutil_stracat(env, OXS_LOCAL_REFERENCE_PREFIX, id); ref_node = oxs_token_build_reference_element(env, stref_node, ref_id, OXS_VALUE_X509V3); return AXIS2_SUCCESS; }
/** * Creates <wsc:DerivedKeyToken> element */ AXIS2_EXTERN axiom_node_t* AXIS2_CALL oxs_token_build_derived_key_token_element( const axutil_env_t *env, axiom_node_t *parent, axis2_char_t* id, axis2_char_t* algo, axis2_char_t* wsc_ns_uri) { axiom_node_t *derived_key_token_node = NULL; axiom_element_t *derived_key_token_ele = NULL; axiom_attribute_t *algo_att = NULL; axiom_attribute_t *id_attr = NULL; int ret; axiom_namespace_t *ns_obj = NULL; axiom_namespace_t *ns = NULL; if(!wsc_ns_uri) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating %s Token element. SecConv namespace uri is not valid.", OXS_NODE_DERIVED_KEY_TOKEN); return NULL; } ns_obj = axiom_namespace_create(env, wsc_ns_uri, OXS_WSC); ns = axiom_namespace_create(env, RAMPART_WSU_XMLNS, OXS_WSU); derived_key_token_ele = axiom_element_create( env, parent, OXS_NODE_DERIVED_KEY_TOKEN, ns_obj, &derived_key_token_node); if (!derived_key_token_ele) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating %s Token element", OXS_NODE_DERIVED_KEY_TOKEN); axiom_namespace_free(ns_obj, env); axiom_namespace_free(ns, env); return NULL; } if(algo) { algo_att = axiom_attribute_create(env, OXS_ATTR_ALGORITHM, algo, NULL); ret = axiom_element_add_attribute( derived_key_token_ele, env, algo_att, derived_key_token_node); } if (!id) { id = oxs_util_generate_id(env,(axis2_char_t*)OXS_DERIVED_ID); } id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id,ns); ret = axiom_element_add_attribute(derived_key_token_ele, env, id_attr, derived_key_token_node); return derived_key_token_node; }
/** * Creates <xenc:EncryptedData> element */ AXIS2_EXTERN axiom_node_t* AXIS2_CALL oxs_token_build_encrypted_data_element( const axutil_env_t *env, axiom_node_t *parent, axis2_char_t* type_attribute, axis2_char_t* id) { axiom_node_t *encrypted_data_node = NULL; axiom_element_t *encrypted_data_ele = NULL; axiom_attribute_t *type_attr = NULL; axiom_attribute_t *id_attr = NULL; axiom_namespace_t *ns_obj = NULL; ns_obj = axiom_namespace_create(env, OXS_ENC_NS, OXS_XENC); encrypted_data_ele = axiom_element_create( env, parent, OXS_NODE_ENCRYPTED_DATA, ns_obj, &encrypted_data_node); if(!encrypted_data_ele) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating encrypted data element."); axiom_namespace_free(ns_obj, env); return NULL; } if (type_attribute) { type_attr = axiom_attribute_create(env, OXS_ATTR_TYPE, type_attribute, NULL); axiom_element_add_attribute(encrypted_data_ele, env, type_attr, encrypted_data_node); } if(!id) { id = oxs_util_generate_id(env, (axis2_char_t*)OXS_ENCDATA_ID); } id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, NULL ); axiom_element_add_attribute(encrypted_data_ele, env, id_attr, encrypted_data_node); return encrypted_data_node; }
/** * Creates <wsse:BinarySecurityToken> element */ AXIS2_EXTERN axiom_node_t* AXIS2_CALL oxs_token_build_binary_security_token_element( const axutil_env_t *env, axiom_node_t *parent, axis2_char_t* id, axis2_char_t* encoding_type, axis2_char_t* value_type, axis2_char_t* data) { axiom_node_t *binary_sec_token_node = NULL; axiom_node_t *first_child_of_parent = NULL; axiom_element_t *binary_security_token_ele = NULL; axiom_attribute_t *encoding_type_att = NULL; axiom_attribute_t *value_type_att = NULL; axiom_attribute_t *id_attr = NULL; axiom_namespace_t *ns_obj = NULL; axiom_namespace_t *ns = NULL; ns_obj = axiom_namespace_create(env, OXS_WSSE_NS, OXS_WSSE); ns = axiom_namespace_create(env, RAMPART_WSU_XMLNS, OXS_WSU); binary_security_token_ele = axiom_element_create(env, parent, OXS_NODE_BINARY_SECURITY_TOKEN, ns_obj, &binary_sec_token_node); if(!binary_security_token_ele) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating %s element.", OXS_NODE_BINARY_SECURITY_TOKEN); axiom_namespace_free(ns_obj, env); axiom_namespace_free(ns, env); return NULL; } /* Binary security token must be added as the first child of the paretn */ binary_sec_token_node = axiom_node_detach_without_namespaces(binary_sec_token_node, env); first_child_of_parent = axiom_node_get_first_element(parent, env); if(first_child_of_parent) { /* If there is a child add bst before it */ axiom_node_insert_sibling_before(first_child_of_parent, env, binary_sec_token_node); } else { /* If there are no children just add the bst */ axiom_node_add_child(parent, env, binary_sec_token_node); } if(!id) { id = oxs_util_generate_id(env, (axis2_char_t*)OXS_CERT_ID); } id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, ns); encoding_type_att = axiom_attribute_create(env, OXS_ATTR_ENCODING_TYPE, encoding_type, NULL); value_type_att = axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE, value_type, NULL); axiom_element_add_attribute(binary_security_token_ele, env, id_attr, binary_sec_token_node); axiom_element_add_attribute(binary_security_token_ele, env, encoding_type_att, binary_sec_token_node); axiom_element_add_attribute(binary_security_token_ele, env, value_type_att, binary_sec_token_node); if(data) { axiom_element_set_text(binary_security_token_ele, env, data, binary_sec_token_node); } return binary_sec_token_node; }
axis2_status_t sign(axutil_env_t *env, axis2_char_t *filename, openssl_pkey_t *prvkey , oxs_x509_cert_t *cert) { axis2_char_t *signed_result = NULL; axis2_char_t *signed_filename = "result-sign.xml"; axiom_node_t *node = NULL; axiom_node_t *tmpl = NULL; oxs_sign_part_t *sign_part = NULL; oxs_sign_ctx_t *sign_ctx = NULL; oxs_transform_t *tr = NULL; axutil_array_list_t *sign_parts = NULL; axutil_array_list_t *tr_list = NULL; axis2_char_t *id = NULL; axis2_status_t status = AXIS2_FAILURE; FILE *outf; tmpl = load_sample_xml(env , tmpl, filename); if (tmpl) { printf("load_sample_xml SUCCESS\n"); } else { printf("load_sample_xml FAILED"); return -1; } /*Sign specific*/ sign_part = oxs_sign_part_create(env); tr_list = axutil_array_list_create(env, 1); /*We need C14N transform*/ tr = oxs_transforms_factory_produce_transform(env, OXS_HREF_TRANSFORM_XML_EXC_C14N); axutil_array_list_add(tr_list, env, tr); oxs_sign_part_set_transforms(sign_part, env, tr_list); /*We need to sign this node add an ID to it*/ node = axiom_node_get_first_element(tmpl, env); id = /*"Sig-ID-EFG";*/ oxs_util_generate_id(env,(axis2_char_t*)OXS_SIG_ID); oxs_axiom_add_attribute(env, node, OXS_WSU, OXS_WSSE_XMLNS, OXS_ATTR_ID, id); status = oxs_sign_part_set_node(sign_part, env,node); status = oxs_sign_part_set_digest_mtd(sign_part, env, OXS_HREF_SHA1); sign_parts = axutil_array_list_create(env, 1); axutil_array_list_add(sign_parts, env, sign_part); sign_ctx = oxs_sign_ctx_create(env); if(sign_ctx){ axiom_node_t *sig_node = NULL; oxs_sign_ctx_set_private_key(sign_ctx, env, prvkey); oxs_sign_ctx_set_certificate(sign_ctx, env, cert); /*Set sig algo*/ oxs_sign_ctx_set_sign_mtd_algo(sign_ctx, env, OXS_HREF_RSA_SHA1); /*Set C14N method*/ oxs_sign_ctx_set_c14n_mtd(sign_ctx, env, OXS_HREF_XML_EXC_C14N); /*Set sig parts*/ oxs_sign_ctx_set_sign_parts(sign_ctx, env, sign_parts); /*Set the operation*/ oxs_sign_ctx_set_operation(sign_ctx, env, OXS_SIGN_OPERATION_SIGN); /*Sign*/ oxs_xml_sig_sign(env, sign_ctx, tmpl, &sig_node); /*Finally build KeyInfo*/ oxs_xml_key_info_build(env, sig_node, cert, OXS_KIBP_X509DATA_X509CERTIFICATE); }else{ printf("Sign ctx creation failed"); } signed_result = axiom_node_to_string(tmpl, env) ; outf = fopen(signed_filename, "wb"); fwrite(signed_result, 1, axutil_strlen(signed_result), outf); return AXIS2_SUCCESS; }