AXIS2_EXTERN oxs_buffer_t *AXIS2_CALL
oxs_buffer_dup(oxs_buffer_t *buffer, const axutil_env_t *env)
{
oxs_buffer_t *buf = NULL;
axis2_status_t status = AXIS2_FAILURE;
AXIS2_ENV_CHECK(env, NULL);
buf = oxs_buffer_create(env);
status = oxs_buffer_populate(buf, env, oxs_buffer_get_data(buffer, env), oxs_buffer_get_size(buffer, env));
return buf;
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_decrypt_node(
const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
axiom_node_t *enc_type_node,
axiom_node_t **decrypted_node)
{
axiom_node_t *deserialized_node = NULL;
axiom_node_t *parent_of_enc_node = NULL;
oxs_buffer_t *result_buf = NULL;
axis2_char_t *decrypted_data = NULL;/*Can be either am XML-Element or XML-Content*/
axis2_status_t status = AXIS2_FAILURE;
/*Create an empty buffer for results*/
result_buf = oxs_buffer_create(env);
/*Decrypt*/
status = oxs_xml_enc_decrypt_data(env, enc_ctx, enc_type_node, result_buf);
if(AXIS2_FAILURE == status)
{
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED, "Data encryption failed");
return AXIS2_FAILURE;
}
decrypted_data = axutil_strmemdup(oxs_buffer_get_data(result_buf, env), oxs_buffer_get_size(
result_buf, env), env);
/*De-serialize the decrypted content to build the node*/
deserialized_node = (axiom_node_t*)oxs_axiom_deserialize_node(env, decrypted_data);
if(!deserialized_node)
{
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
"Cannot deserialize a node from the content.\n%s", decrypted_data);
return AXIS2_FAILURE;
}
/*Assign deserialized_node to the reference passed*/
*decrypted_node = deserialized_node;
/*Replace the encrypted node with the de-serialized node*/
parent_of_enc_node = axiom_node_get_parent(enc_type_node, env);
axiom_node_insert_sibling_after(enc_type_node, env, deserialized_node);
axiom_node_free_tree(enc_type_node, env);
enc_type_node = NULL;
/*Free result buf*/
oxs_buffer_free(result_buf, env);
result_buf = NULL;
AXIS2_FREE(env->allocator, decrypted_data);
decrypted_data = NULL;
return AXIS2_SUCCESS;
}
AXIS2_EXTERN axis2_char_t* AXIS2_CALL
oxs_util_generate_nonce(const axutil_env_t *env, int length)
{
oxs_buffer_t *buffer = NULL;
axis2_status_t status = AXIS2_FAILURE;
char *rand_str = NULL;
axis2_char_t* encoded_str = NULL;
buffer = oxs_buffer_create(env);
status = openssl_generate_random_data(env, buffer, length);
rand_str = (char*)oxs_buffer_get_data(buffer, env);
encoded_str = AXIS2_MALLOC(env->allocator, sizeof(char) * (axutil_base64_encode_len(length)+1));
axutil_base64_encode(encoded_str, rand_str, oxs_buffer_get_size(buffer, env));
oxs_buffer_free(buffer, env);
return encoded_str;
}
/*public functions*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_encrypt_node(
const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
axiom_node_t *node,
axiom_node_t **enc_type_node,
axiom_node_t *security_token_reference)
{
axis2_char_t *serialized_data = NULL;
oxs_buffer_t *serialized_buf = NULL;
axis2_status_t ret = AXIS2_FAILURE;
/*Serialize node*/
/*serialized_data = axiom_node_to_string(node, env);*/
serialized_data = axiom_node_to_string_non_optimized(node, env);
serialized_buf = oxs_buffer_create(env);
ret = oxs_buffer_populate(serialized_buf, env, (unsigned char *)serialized_data, axutil_strlen(
serialized_data));
/*We call encrypt_data*/
ret = oxs_xml_enc_encrypt_data(env, enc_ctx, serialized_buf, enc_type_node,
security_token_reference);
/*Remove the node from the parent*/
if(AXIS2_SUCCESS == ret)
{
axiom_node_free_tree(node, env);
node = NULL;
}
/*Free*/
oxs_buffer_free(serialized_buf, env);
serialized_buf = NULL;
AXIS2_FREE(env->allocator, serialized_data);
serialized_data = NULL;
/*Return success*/
return AXIS2_SUCCESS;
}
/**
* Inspect the key node. Then populate the sym_key
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_decrypt_key(
const axutil_env_t *env,
oxs_asym_ctx_t * asym_ctx,
axiom_node_t *parent,
axiom_node_t *encrypted_key_node,
oxs_key_t *key)
{
axiom_node_t *enc_mtd_node = NULL;
axiom_node_t *key_info_node = NULL;
axiom_node_t *cd_node = NULL;
axis2_char_t *enc_mtd_algo = NULL;
axis2_char_t *cipher_val = NULL;
axis2_char_t *new_cipher_val = NULL;
axis2_status_t status = AXIS2_FAILURE;
oxs_buffer_t *input_buf = NULL;
oxs_buffer_t *result_buf = NULL;
axis2_char_t *key_name = NULL;
axis2_char_t* encrypted_key_hash = NULL;
int decoded_len = 0;
axis2_char_t *decoded_enc_sec = NULL;
/*Get encryption method algorithm*/
enc_mtd_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node,
OXS_NODE_ENCRYPTION_METHOD, OXS_ENC_NS, OXS_XENC);
enc_mtd_algo = oxs_token_get_encryption_method(env, enc_mtd_node);
if(!enc_mtd_algo)
{
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
"Cannot find the Encryption method");
return AXIS2_FAILURE;
}
/*Get cipher data*/
cd_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node, OXS_NODE_CIPHER_DATA,
OXS_ENC_NS, OXS_XENC);
cipher_val = oxs_token_get_cipher_value_from_cipher_data(env, cd_node);
if(!cipher_val)
{
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
"Cannot find the cipher value for key decryption");
return AXIS2_FAILURE;
}
new_cipher_val = oxs_util_get_newline_removed_string(env, cipher_val);
/*Get key used to encrypt*/
key_info_node = oxs_axiom_get_first_child_node_by_name(env, encrypted_key_node,
OXS_NODE_KEY_INFO, OXS_DSIG_NS, OXS_DS);
status = oxs_xml_enc_process_key_info(env, asym_ctx, key_info_node, parent);
/*Right now we support KeyInfo -> SecurityTokenReference -> Reference
KeyInfo -> SecurityTokenReference -> X509IssuerSerial */
/*Get the pkey used to decrypt the session key. If found set it to the asym_ctx*/
/*Create the input buffer*/
input_buf = oxs_buffer_create(env);
oxs_buffer_populate(input_buf, env, (unsigned char*)new_cipher_val, axutil_strlen(
new_cipher_val));
/*Create a results buffer*/
result_buf = oxs_buffer_create(env);
/*Call decryption*/
status = oxs_encryption_asymmetric_crypt(env, asym_ctx, input_buf, result_buf);
/*Free input*/
oxs_buffer_free(input_buf, env);
input_buf = NULL;
/*calculate the EncryptedKeySHA1 and set as the key_sha*/
decoded_len = axutil_base64_decode_len(new_cipher_val);
decoded_enc_sec = AXIS2_MALLOC(env->allocator, decoded_len);
axutil_base64_decode_binary((unsigned char*)decoded_enc_sec, new_cipher_val);
encrypted_key_hash = openssl_sha1(env, decoded_enc_sec, decoded_len);
AXIS2_FREE(env->allocator, decoded_enc_sec);
AXIS2_FREE(env->allocator, new_cipher_val);
new_cipher_val = NULL;
if(AXIS2_FAILURE == status)
{
return AXIS2_FAILURE;
}
key_name = oxs_axiom_get_attribute_value_of_node_by_name(env, encrypted_key_node, OXS_ATTR_ID,
NULL);
/*Populate the key with the data in the result buffer*/
oxs_key_populate(key, env, oxs_buffer_get_data(result_buf, env), key_name, oxs_buffer_get_size(
result_buf, env), OXS_KEY_USAGE_SESSION);
oxs_key_set_key_sha(key, env, encrypted_key_hash);
/*Free*/
oxs_buffer_free(result_buf, env);
result_buf = NULL;
return AXIS2_SUCCESS;
}
/*For SOAP this parent is the wsse:Security node*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_encrypt_key(
const axutil_env_t *env,
oxs_asym_ctx_t * asym_ctx,
axiom_node_t *parent,
oxs_key_t *sym_key,
axutil_array_list_t *id_list)
{
axis2_char_t *algorithm = NULL;
axis2_char_t *encrypted_key_data = NULL;
axis2_char_t *st_ref_pattern = NULL;
oxs_buffer_t *input = NULL;
oxs_buffer_t *result = NULL;
axiom_node_t *encrypted_key_node = NULL;
axiom_node_t *enc_mtd_node = NULL;
axiom_node_t *key_info_node = NULL;
axiom_node_t *stref_node = NULL;
axiom_node_t *cd_node = NULL;
axiom_node_t *cv_node = NULL;
axis2_status_t status = AXIS2_FAILURE;
axis2_char_t* encrypted_key_hash = NULL;
int decoded_len = 0;
axis2_char_t *decoded_enc_sec = NULL;
/*Create input buffer*/
input = oxs_buffer_create(env);
oxs_buffer_populate(input, env, oxs_key_get_data(sym_key, env), oxs_key_get_size(sym_key, env));
/*Create an empty buffer to collect results*/
result = oxs_buffer_create(env);
/*Call encryption*/
status = oxs_encryption_asymmetric_crypt(env, asym_ctx, input, result);
/*Free input*/
oxs_buffer_free(input, env);
input = NULL;
if(AXIS2_FAILURE == status)
{
oxs_error(env, OXS_ERROR_LOCATION, OXS_ERROR_ENCRYPT_FAILED,
"Assymmetric key encryption failed");
return AXIS2_FAILURE;
}
/*Get the encrypted key*/
encrypted_key_data = (axis2_char_t *)oxs_buffer_get_data(result, env);
/*Build nodes*/
encrypted_key_node = oxs_token_build_encrypted_key_element(env, parent);
algorithm = oxs_asym_ctx_get_algorithm(asym_ctx, env);
enc_mtd_node = oxs_token_build_encryption_method_element(env, encrypted_key_node, algorithm);
key_info_node = oxs_token_build_key_info_element(env, encrypted_key_node);
stref_node = oxs_token_build_security_token_reference_element(env, key_info_node);
/*Get the ST REF pattern. If not set the default*/
st_ref_pattern = oxs_asym_ctx_get_st_ref_pattern(asym_ctx, env);
if((!st_ref_pattern) || (0 == axutil_strcmp(st_ref_pattern, "")))
{
st_ref_pattern = OXS_STR_DEFAULT;
}
if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_ISSUER_SERIAL))
{
status = oxs_xml_enc_populate_stref_with_issuer_serial(env, asym_ctx, stref_node);
}
else if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_EMBEDDED))
{
status = oxs_xml_enc_populate_stref_with_embedded(env, asym_ctx, stref_node);
}
else if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_DIRECT_REFERENCE))
{
status = oxs_xml_enc_populate_stref_with_bst(env, asym_ctx, stref_node, parent);
}
else if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_KEY_IDENTIFIER))
{
status = oxs_xml_enc_populate_stref_with_key_identifier(env, asym_ctx, stref_node,
AXIS2_FALSE);
}
else if(0 == axutil_strcmp(st_ref_pattern, OXS_STR_THUMB_PRINT))
{
/*TODO: Need to support Thumbprint Ref*/
status = oxs_xml_enc_populate_stref_with_key_identifier(env, asym_ctx, stref_node,
AXIS2_TRUE);
}
cd_node = oxs_token_build_cipher_data_element(env, encrypted_key_node);
cv_node = oxs_token_build_cipher_value_element(env, cd_node, encrypted_key_data);
/*If and only if the id_list the present, we create the reference list*/
if(id_list)
{
oxs_token_build_data_reference_list(env, encrypted_key_node, id_list);
}
/*calculate the EncryptedKeySHA1 and set as the key_sha*/
decoded_len = axutil_base64_decode_len(encrypted_key_data);
decoded_enc_sec = AXIS2_MALLOC(env->allocator, decoded_len);
axutil_base64_decode_binary((unsigned char*)decoded_enc_sec, encrypted_key_data);
encrypted_key_hash = openssl_sha1(env, decoded_enc_sec, decoded_len);
oxs_key_set_key_sha(sym_key, env, encrypted_key_hash);
AXIS2_FREE(env->allocator, decoded_enc_sec);
/*Free*/
oxs_buffer_free(result, env);
result = NULL;
return AXIS2_SUCCESS;
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_decrypt_data(
const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
axiom_node_t *enc_type_node,
oxs_buffer_t *result_buf)
{
axiom_node_t *enc_mtd_node = NULL;
axiom_node_t *cd_node = NULL;
axiom_node_t *cv_node = NULL;
axis2_char_t *cipher_val = NULL;
axis2_char_t *new_cipher_val = NULL;
axis2_char_t *sym_algo = NULL;
axis2_char_t *type = NULL;
axis2_char_t *id = NULL;
oxs_buffer_t *input_buf = NULL;
axis2_status_t status = AXIS2_FAILURE;
/* Get the symmetric encryption algorithm */
enc_mtd_node = oxs_axiom_get_first_child_node_by_name(env, enc_type_node,
OXS_NODE_ENCRYPTION_METHOD, OXS_ENC_NS, OXS_XENC);
if(!enc_mtd_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Cannot find encryption method node");
return AXIS2_FAILURE;
}
sym_algo = oxs_token_get_encryption_method(env, enc_mtd_node);
if(!sym_algo)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Cannot find encryption method");
return AXIS2_FAILURE;
}
/* Get ID, Type, MimeType attributes from the EncryptedDataNode */
id = oxs_axiom_get_attribute_value_of_node_by_name(env, enc_type_node, OXS_ATTR_ID, NULL);
type = oxs_axiom_get_attribute_value_of_node_by_name(env, enc_type_node, OXS_ATTR_TYPE, NULL);
/* Populate the context for future use */
oxs_ctx_set_enc_mtd_algorithm(enc_ctx, env, sym_algo);
oxs_ctx_set_id(enc_ctx, env, id);
oxs_ctx_set_type(enc_ctx, env, type);
/* Get the cipher value */
cd_node = oxs_axiom_get_first_child_node_by_name(env, enc_type_node, OXS_NODE_CIPHER_DATA,
OXS_ENC_NS, OXS_XENC);
if(!cd_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Cannot find cipher data node");
return AXIS2_FAILURE;
}
cv_node = oxs_axiom_get_first_child_node_by_name(env, cd_node, OXS_NODE_CIPHER_VALUE,
OXS_ENC_NS, OXS_XENC);
if(!cv_node)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Cannot find cipher value node");
return AXIS2_FAILURE;
}
cipher_val = oxs_token_get_cipher_value(env, cv_node);
if(!cipher_val)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI, "[rampart]Cannot find cipher value");
return AXIS2_FAILURE;
}
/* We need to remove new lines if any */
new_cipher_val = oxs_util_get_newline_removed_string(env, cipher_val);
/* Create input buffer with cipher data obtained */
input_buf = oxs_buffer_create(env);
oxs_buffer_populate(input_buf, env, (unsigned char*)new_cipher_val,
axutil_strlen(new_cipher_val));
/* Decrypt */
oxs_ctx_set_operation(enc_ctx, env, OXS_CTX_OPERATION_DECRYPT);
status = oxs_encryption_symmetric_crypt(env, enc_ctx, input_buf, result_buf);
/*Free*/
oxs_buffer_free(input_buf, env);
input_buf = NULL;
AXIS2_FREE(env->allocator, new_cipher_val);
new_cipher_val = NULL;
return status;
}
AXIS2_EXTERN axis2_status_t AXIS2_CALL
oxs_xml_enc_encrypt_data(
const axutil_env_t *env,
oxs_ctx_t * enc_ctx,
oxs_buffer_t *content_buf,
axiom_node_t **enc_type_node,
axiom_node_t *security_token_reference_node)
{
oxs_buffer_t *result_buf = NULL;
oxs_key_t *sym_key = NULL;
axis2_char_t *sym_algo = NULL;
axiom_node_t *enc_mtd_node = NULL;
axiom_node_t *cd_node = NULL;
axiom_node_t *cv_node = NULL;
axis2_status_t ret = AXIS2_FAILURE;
/*Determine the algorithm to be used*/
sym_algo = oxs_ctx_get_enc_mtd_algorithm(enc_ctx, env);
/*Determine the key to be used*/
sym_key = oxs_ctx_get_key(enc_ctx, env);
/*Set the operation to encrypt*/
oxs_ctx_set_operation(enc_ctx, env, OXS_CTX_OPERATION_ENCRYPT);
/*Create an empty buffer for encrypted data*/
result_buf = oxs_buffer_create(env);
/*Call encryption. Result should be base64 encoded*/
ret = oxs_encryption_symmetric_crypt(env, enc_ctx, content_buf, result_buf);
/*Create EncryptionMethod*/
enc_mtd_node = oxs_token_build_encryption_method_element(env, *enc_type_node, sym_algo);
/*If security_token_reference_node is given, then use it to build the key info*/
/*if we are using any trust/sct related token, then the key reference is given with the token
*and we are suppose to use it */
if(security_token_reference_node)
{
axiom_node_t *key_info_node = NULL;
key_info_node = oxs_token_build_key_info_element(env, *enc_type_node);
axiom_node_add_child(key_info_node, env, security_token_reference_node);
}
/*If the enc_ctx has a key name, then build the KeyInfo element using key name*/
else if(oxs_ctx_get_ref_key_name(enc_ctx, env))
{
axiom_node_t *key_info_node = NULL;
axiom_node_t *str_node = NULL;
axiom_node_t *ref_node = NULL;
key_info_node = oxs_token_build_key_info_element(env, *enc_type_node);
str_node = oxs_token_build_security_token_reference_element(env, key_info_node);
ref_node = oxs_token_build_reference_element(env, str_node, oxs_ctx_get_ref_key_name(
enc_ctx, env), NULL);
}
/*Create CipherData element and populate*/
cd_node = oxs_token_build_cipher_data_element(env, *enc_type_node);
cv_node = oxs_token_build_cipher_value_element(env, cd_node,
(axis2_char_t*)oxs_buffer_get_data(result_buf, env));
/*Free buffers*/
oxs_buffer_free(result_buf, env);
result_buf = NULL;
return AXIS2_SUCCESS;
}