AXIS2_EXTERN axiom_node_t *AXIS2_CALL axiom_soap_header_get_base_node( axiom_soap_header_t * soap_header, const axutil_env_t * env) { if(!soap_header->om_ele_node) { axiom_node_t *parent_node = NULL; axiom_element_t *parent_ele = NULL; axiom_namespace_t *parent_ns = NULL; axiom_element_t *this_ele = NULL; axiom_node_t *this_node = NULL; axiom_soap_body_t *soap_body = NULL; axiom_node_t *body_node = NULL; parent_node = axiom_soap_envelope_get_base_node(soap_header->soap_envelope, env); if(!parent_node || axiom_node_get_node_type(parent_node, env) != AXIOM_ELEMENT) { axiom_soap_header_free(soap_header, env); return NULL; } parent_ele = (axiom_element_t *)axiom_node_get_data_element(parent_node, env); if(!parent_ele) { axiom_soap_header_free(soap_header, env); return NULL; } parent_ns = axiom_element_get_namespace(parent_ele, env, parent_node); this_ele = axiom_element_create(env, NULL, AXIOM_SOAP_HEADER_LOCAL_NAME, parent_ns, &this_node); if(!this_ele) { axiom_soap_header_free(soap_header, env); return NULL; } soap_body = axiom_soap_envelope_get_body(soap_header->soap_envelope, env); if(soap_body) { body_node = axiom_soap_body_get_base_node(soap_body, env); axiom_node_insert_sibling_before(body_node, env, this_node); } else { axiom_node_add_child(parent_node, env, this_node); } soap_header->om_ele_node = this_node; } return soap_header->om_ele_node; }
/** * Adds @child as the first child of @parent * @param env Environment. Must not be null * @param parent parent node * @param child child node which has to be the first child of parent * @return status of the operation */ AXIS2_EXTERN axis2_status_t AXIS2_CALL oxs_axiom_add_as_the_first_child( const axutil_env_t *env, axiom_node_t *parent, axiom_node_t *child) { axis2_status_t status = AXIS2_FAILURE; axiom_node_t *first_child = NULL; first_child = axiom_node_get_first_child(parent, env); status = axiom_node_insert_sibling_before(first_child, env, child); return status; }
/** * moves the given node before second node. * @param env Environment. Must not be null * @param node_to_move node to be moved * @param node_before node_to_move will be moved before this node * @return status of the operation */ AXIS2_EXTERN axis2_status_t AXIS2_CALL oxs_axiom_interchange_nodes( const axutil_env_t *env, axiom_node_t *node_to_move, axiom_node_t *node_before) { axis2_status_t status = AXIS2_FAILURE; axiom_node_t *temp_node = NULL; temp_node = axiom_node_detach_without_namespaces(node_to_move,env); status = axiom_node_insert_sibling_before(node_before, env, temp_node); return status; }
/** * Creates <wsse:BinarySecurityToken> element */ AXIS2_EXTERN axiom_node_t* AXIS2_CALL oxs_token_build_binary_security_token_element( const axutil_env_t *env, axiom_node_t *parent, axis2_char_t* id, axis2_char_t* encoding_type, axis2_char_t* value_type, axis2_char_t* data) { axiom_node_t *binary_sec_token_node = NULL; axiom_node_t *first_child_of_parent = NULL; axiom_element_t *binary_security_token_ele = NULL; axiom_attribute_t *encoding_type_att = NULL; axiom_attribute_t *value_type_att = NULL; axiom_attribute_t *id_attr = NULL; axiom_namespace_t *ns_obj = NULL; axiom_namespace_t *ns = NULL; ns_obj = axiom_namespace_create(env, OXS_WSSE_NS, OXS_WSSE); ns = axiom_namespace_create(env, RAMPART_WSU_XMLNS, OXS_WSU); binary_security_token_ele = axiom_element_create(env, parent, OXS_NODE_BINARY_SECURITY_TOKEN, ns_obj, &binary_sec_token_node); if(!binary_security_token_ele) { AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating %s element.", OXS_NODE_BINARY_SECURITY_TOKEN); axiom_namespace_free(ns_obj, env); axiom_namespace_free(ns, env); return NULL; } /* Binary security token must be added as the first child of the paretn */ binary_sec_token_node = axiom_node_detach_without_namespaces(binary_sec_token_node, env); first_child_of_parent = axiom_node_get_first_element(parent, env); if(first_child_of_parent) { /* If there is a child add bst before it */ axiom_node_insert_sibling_before(first_child_of_parent, env, binary_sec_token_node); } else { /* If there are no children just add the bst */ axiom_node_add_child(parent, env, binary_sec_token_node); } if(!id) { id = oxs_util_generate_id(env, (axis2_char_t*)OXS_CERT_ID); } id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, ns); encoding_type_att = axiom_attribute_create(env, OXS_ATTR_ENCODING_TYPE, encoding_type, NULL); value_type_att = axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE, value_type, NULL); axiom_element_add_attribute(binary_security_token_ele, env, id_attr, binary_sec_token_node); axiom_element_add_attribute(binary_security_token_ele, env, encoding_type_att, binary_sec_token_node); axiom_element_add_attribute(binary_security_token_ele, env, value_type_att, binary_sec_token_node); if(data) { axiom_element_set_text(binary_security_token_ele, env, data, binary_sec_token_node); } return binary_sec_token_node; }
/*Public functions*/ AXIS2_EXTERN axis2_status_t AXIS2_CALL rampart_shb_ensure_sec_header_order(const axutil_env_t *env, axis2_msg_ctx_t *msg_ctx, rampart_context_t *rampart_context, axiom_node_t* sec_node) { axis2_bool_t signature_protection = AXIS2_FALSE; axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE; axiom_node_t *sig_node = NULL; axiom_node_t *enc_key_node = NULL; axiom_node_t *ref_list_node = NULL; axiom_node_t *h_node = NULL; axutil_array_list_t *dk_list = NULL; axutil_array_list_t *enc_key_list = NULL; axiom_node_t* first_protection_item = NULL; int i = 0; signature_protection = rampart_context_is_encrypt_signature(rampart_context, env); is_encrypt_before_sign = rampart_context_is_encrypt_before_sign(rampart_context, env); dk_list = axutil_array_list_create(env, 5); enc_key_list = axutil_array_list_create(env, 2); h_node = axiom_node_get_first_child(sec_node, env); while(h_node) { if(0 == axutil_strcmp(OXS_NODE_DERIVED_KEY_TOKEN, axiom_util_get_localname(h_node, env)) || (0 == axutil_strcmp(OXS_NODE_BINARY_SECURITY_TOKEN, axiom_util_get_localname(h_node, env)))) { axutil_array_list_add(dk_list, env, h_node); } else if((0 == axutil_strcmp(OXS_NODE_ENCRYPTED_KEY, axiom_util_get_localname(h_node, env))) || (0 == axutil_strcmp(OXS_NODE_SECURITY_CONTEXT_TOKEN, axiom_util_get_localname(h_node, env)))) { axutil_array_list_add(enc_key_list, env, h_node); } h_node = axiom_node_get_next_sibling(h_node, env); } ref_list_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL); sig_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL); /*Ensure the protection order in the header*/ if(sig_node && ref_list_node) { if(is_encrypt_before_sign) { int no_of_sig_node = 0; /*Encrypt->Sig <Sig><RefList>*/ oxs_axiom_interchange_nodes(env, sig_node, ref_list_node ); first_protection_item = sig_node; no_of_sig_node = oxs_axiom_get_number_of_children_with_qname(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL); if(no_of_sig_node > 1) { axiom_node_t* cur_node = NULL; cur_node = axiom_node_get_first_child(sec_node, env); while(cur_node) { axis2_char_t *cur_local_name = NULL; cur_local_name = axiom_util_get_localname(cur_node, env); if(0 == axutil_strcmp(cur_local_name, OXS_NODE_SIGNATURE)) { oxs_axiom_interchange_nodes(env, cur_node, ref_list_node); } cur_node = axiom_node_get_next_sibling(cur_node, env); } } } else { /*Sig->Encrypt <RefList> <Sig>*/ oxs_axiom_interchange_nodes(env, ref_list_node, sig_node ); first_protection_item = ref_list_node; } } else if(sig_node) { first_protection_item = sig_node; } else { first_protection_item = ref_list_node; } /*makesure enc_key_node is appearing before first protection item*/ if(first_protection_item) { for(i = 0; i < axutil_array_list_size(enc_key_list, env); i++) { axiom_node_t *tmp_node = NULL; tmp_node = (axiom_node_t*)axutil_array_list_get(enc_key_list, env, i); enc_key_node = axiom_node_detach_without_namespaces(tmp_node, env); axiom_node_insert_sibling_before(first_protection_item, env, enc_key_node); } } /* * If there are derived keys, make sure they come after the EncryptedKey/security context token 1. First we get all the derived keys 2. Then we attach after the EncryptedKey(hidden sessionkey)/security context token 3. If key is not available, then attach derived keys before sig_node and ref_list_node (whichever is first) */ if(enc_key_node) { for(i = 0; i < axutil_array_list_size(dk_list, env); i++) { axiom_node_t *dk_node = NULL; axiom_node_t *tmp_node = NULL; dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i); tmp_node = axiom_node_detach(dk_node, env); axiom_node_insert_sibling_after(enc_key_node, env, tmp_node); } } else { if(first_protection_item) { for(i = 0; i < axutil_array_list_size(dk_list, env); i++) { axiom_node_t *dk_node = NULL; axiom_node_t *tmp_node = NULL; dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i); tmp_node = axiom_node_detach(dk_node, env); axiom_node_insert_sibling_before(first_protection_item, env, tmp_node); } } } axutil_array_list_free(dk_list, env); axutil_array_list_free(enc_key_list, env); return AXIS2_SUCCESS; }