AXIS2_EXTERN axiom_node_t *AXIS2_CALL
axiom_soap_header_get_base_node(
axiom_soap_header_t * soap_header,
const axutil_env_t * env)
{
if(!soap_header->om_ele_node)
{
axiom_node_t *parent_node = NULL;
axiom_element_t *parent_ele = NULL;
axiom_namespace_t *parent_ns = NULL;
axiom_element_t *this_ele = NULL;
axiom_node_t *this_node = NULL;
axiom_soap_body_t *soap_body = NULL;
axiom_node_t *body_node = NULL;
parent_node = axiom_soap_envelope_get_base_node(soap_header->soap_envelope, env);
if(!parent_node || axiom_node_get_node_type(parent_node, env) != AXIOM_ELEMENT)
{
axiom_soap_header_free(soap_header, env);
return NULL;
}
parent_ele = (axiom_element_t *)axiom_node_get_data_element(parent_node, env);
if(!parent_ele)
{
axiom_soap_header_free(soap_header, env);
return NULL;
}
parent_ns = axiom_element_get_namespace(parent_ele, env, parent_node);
this_ele = axiom_element_create(env, NULL, AXIOM_SOAP_HEADER_LOCAL_NAME, parent_ns,
&this_node);
if(!this_ele)
{
axiom_soap_header_free(soap_header, env);
return NULL;
}
soap_body = axiom_soap_envelope_get_body(soap_header->soap_envelope, env);
if(soap_body)
{
body_node = axiom_soap_body_get_base_node(soap_body, env);
axiom_node_insert_sibling_before(body_node, env, this_node);
}
else
{
axiom_node_add_child(parent_node, env, this_node);
}
soap_header->om_ele_node = this_node;
}
return soap_header->om_ele_node;
}
/**
* Adds @child as the first child of @parent
* @param env Environment. Must not be null
* @param parent parent node
* @param child child node which has to be the first child of parent
* @return status of the operation
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_axiom_add_as_the_first_child(
const axutil_env_t *env,
axiom_node_t *parent,
axiom_node_t *child)
{
axis2_status_t status = AXIS2_FAILURE;
axiom_node_t *first_child = NULL;
first_child = axiom_node_get_first_child(parent, env);
status = axiom_node_insert_sibling_before(first_child, env, child);
return status;
}
/**
* moves the given node before second node.
* @param env Environment. Must not be null
* @param node_to_move node to be moved
* @param node_before node_to_move will be moved before this node
* @return status of the operation
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_axiom_interchange_nodes(
const axutil_env_t *env,
axiom_node_t *node_to_move,
axiom_node_t *node_before)
{
axis2_status_t status = AXIS2_FAILURE;
axiom_node_t *temp_node = NULL;
temp_node = axiom_node_detach_without_namespaces(node_to_move,env);
status = axiom_node_insert_sibling_before(node_before, env, temp_node);
return status;
}
/**
* Creates <wsse:BinarySecurityToken> element
*/
AXIS2_EXTERN axiom_node_t* AXIS2_CALL
oxs_token_build_binary_security_token_element(
const axutil_env_t *env,
axiom_node_t *parent,
axis2_char_t* id,
axis2_char_t* encoding_type,
axis2_char_t* value_type,
axis2_char_t* data)
{
axiom_node_t *binary_sec_token_node = NULL;
axiom_node_t *first_child_of_parent = NULL;
axiom_element_t *binary_security_token_ele = NULL;
axiom_attribute_t *encoding_type_att = NULL;
axiom_attribute_t *value_type_att = NULL;
axiom_attribute_t *id_attr = NULL;
axiom_namespace_t *ns_obj = NULL;
axiom_namespace_t *ns = NULL;
ns_obj = axiom_namespace_create(env, OXS_WSSE_NS, OXS_WSSE);
ns = axiom_namespace_create(env, RAMPART_WSU_XMLNS, OXS_WSU);
binary_security_token_ele = axiom_element_create(env, parent, OXS_NODE_BINARY_SECURITY_TOKEN,
ns_obj, &binary_sec_token_node);
if(!binary_security_token_ele)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Error creating %s element.",
OXS_NODE_BINARY_SECURITY_TOKEN);
axiom_namespace_free(ns_obj, env);
axiom_namespace_free(ns, env);
return NULL;
}
/* Binary security token must be added as the first child of the paretn */
binary_sec_token_node = axiom_node_detach_without_namespaces(binary_sec_token_node, env);
first_child_of_parent = axiom_node_get_first_element(parent, env);
if(first_child_of_parent)
{
/* If there is a child add bst before it */
axiom_node_insert_sibling_before(first_child_of_parent, env, binary_sec_token_node);
}
else
{
/* If there are no children just add the bst */
axiom_node_add_child(parent, env, binary_sec_token_node);
}
if(!id)
{
id = oxs_util_generate_id(env, (axis2_char_t*)OXS_CERT_ID);
}
id_attr = axiom_attribute_create(env, OXS_ATTR_ID, id, ns);
encoding_type_att = axiom_attribute_create(env, OXS_ATTR_ENCODING_TYPE, encoding_type, NULL);
value_type_att = axiom_attribute_create(env, OXS_ATTR_VALUE_TYPE, value_type, NULL);
axiom_element_add_attribute(binary_security_token_ele, env, id_attr,
binary_sec_token_node);
axiom_element_add_attribute(binary_security_token_ele, env, encoding_type_att,
binary_sec_token_node);
axiom_element_add_attribute(binary_security_token_ele, env, value_type_att,
binary_sec_token_node);
if(data)
{
axiom_element_set_text(binary_security_token_ele, env, data,
binary_sec_token_node);
}
return binary_sec_token_node;
}
/*Public functions*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_shb_ensure_sec_header_order(const axutil_env_t *env,
axis2_msg_ctx_t *msg_ctx,
rampart_context_t *rampart_context,
axiom_node_t* sec_node)
{
axis2_bool_t signature_protection = AXIS2_FALSE;
axis2_bool_t is_encrypt_before_sign = AXIS2_FALSE;
axiom_node_t *sig_node = NULL;
axiom_node_t *enc_key_node = NULL;
axiom_node_t *ref_list_node = NULL;
axiom_node_t *h_node = NULL;
axutil_array_list_t *dk_list = NULL;
axutil_array_list_t *enc_key_list = NULL;
axiom_node_t* first_protection_item = NULL;
int i = 0;
signature_protection = rampart_context_is_encrypt_signature(rampart_context, env);
is_encrypt_before_sign = rampart_context_is_encrypt_before_sign(rampart_context, env);
dk_list = axutil_array_list_create(env, 5);
enc_key_list = axutil_array_list_create(env, 2);
h_node = axiom_node_get_first_child(sec_node, env);
while(h_node)
{
if(0 == axutil_strcmp(OXS_NODE_DERIVED_KEY_TOKEN, axiom_util_get_localname(h_node, env)) ||
(0 == axutil_strcmp(OXS_NODE_BINARY_SECURITY_TOKEN, axiom_util_get_localname(h_node, env))))
{
axutil_array_list_add(dk_list, env, h_node);
}
else if((0 == axutil_strcmp(OXS_NODE_ENCRYPTED_KEY, axiom_util_get_localname(h_node, env))) ||
(0 == axutil_strcmp(OXS_NODE_SECURITY_CONTEXT_TOKEN, axiom_util_get_localname(h_node, env))))
{
axutil_array_list_add(enc_key_list, env, h_node);
}
h_node = axiom_node_get_next_sibling(h_node, env);
}
ref_list_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_REFERENCE_LIST, OXS_ENC_NS, NULL);
sig_node = oxs_axiom_get_first_child_node_by_name(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
/*Ensure the protection order in the header*/
if(sig_node && ref_list_node)
{
if(is_encrypt_before_sign)
{
int no_of_sig_node = 0;
/*Encrypt->Sig <Sig><RefList>*/
oxs_axiom_interchange_nodes(env, sig_node, ref_list_node );
first_protection_item = sig_node;
no_of_sig_node = oxs_axiom_get_number_of_children_with_qname(env, sec_node, OXS_NODE_SIGNATURE, OXS_DSIG_NS, NULL);
if(no_of_sig_node > 1)
{
axiom_node_t* cur_node = NULL;
cur_node = axiom_node_get_first_child(sec_node, env);
while(cur_node)
{
axis2_char_t *cur_local_name = NULL;
cur_local_name = axiom_util_get_localname(cur_node, env);
if(0 == axutil_strcmp(cur_local_name, OXS_NODE_SIGNATURE))
{
oxs_axiom_interchange_nodes(env, cur_node, ref_list_node);
}
cur_node = axiom_node_get_next_sibling(cur_node, env);
}
}
}
else
{
/*Sig->Encrypt <RefList> <Sig>*/
oxs_axiom_interchange_nodes(env, ref_list_node, sig_node );
first_protection_item = ref_list_node;
}
}
else if(sig_node)
{
first_protection_item = sig_node;
}
else
{
first_protection_item = ref_list_node;
}
/*makesure enc_key_node is appearing before first protection item*/
if(first_protection_item)
{
for(i = 0; i < axutil_array_list_size(enc_key_list, env); i++)
{
axiom_node_t *tmp_node = NULL;
tmp_node = (axiom_node_t*)axutil_array_list_get(enc_key_list, env, i);
enc_key_node = axiom_node_detach_without_namespaces(tmp_node, env);
axiom_node_insert_sibling_before(first_protection_item, env, enc_key_node);
}
}
/*
* If there are derived keys, make sure they come after the EncryptedKey/security context token
1. First we get all the derived keys
2. Then we attach after the EncryptedKey(hidden sessionkey)/security context token
3. If key is not available, then attach derived keys before sig_node and ref_list_node (whichever is first)
*/
if(enc_key_node)
{
for(i = 0; i < axutil_array_list_size(dk_list, env); i++)
{
axiom_node_t *dk_node = NULL;
axiom_node_t *tmp_node = NULL;
dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i);
tmp_node = axiom_node_detach(dk_node, env);
axiom_node_insert_sibling_after(enc_key_node, env, tmp_node);
}
}
else
{
if(first_protection_item)
{
for(i = 0; i < axutil_array_list_size(dk_list, env); i++)
{
axiom_node_t *dk_node = NULL;
axiom_node_t *tmp_node = NULL;
dk_node = (axiom_node_t*)axutil_array_list_get(dk_list, env, i);
tmp_node = axiom_node_detach(dk_node, env);
axiom_node_insert_sibling_before(first_protection_item, env, tmp_node);
}
}
}
axutil_array_list_free(dk_list, env);
axutil_array_list_free(enc_key_list, env);
return AXIS2_SUCCESS;
}
