const char *soap_xsd__duration2s(struct soap *soap, LONG64 a)
{ LONG64 d;
int k, h, m, s, f;
if (a < 0)
{ soap_strcpy(soap->tmpbuf, sizeof(soap->tmpbuf), "-P");
k = 2;
a = -a;
}
else
{ soap_strcpy(soap->tmpbuf, sizeof(soap->tmpbuf), "P");
k = 1;
}
f = a % 1000;
a /= 1000;
s = a % 60;
a /= 60;
m = a % 60;
a /= 60;
h = a % 24;
d = a / 24;
if (d)
(SOAP_SNPRINTF(soap->tmpbuf + k, sizeof(soap->tmpbuf) - k, 21), SOAP_LONG_FORMAT "D", d);
if (h || m || s || f)
{ if (d)
k = strlen(soap->tmpbuf);
if (f)
(SOAP_SNPRINTF(soap->tmpbuf + k, sizeof(soap->tmpbuf) - k, 14), "T%02dH%02dM%02d.%03dS", h, m, s, f);
else
(SOAP_SNPRINTF(soap->tmpbuf + k, sizeof(soap->tmpbuf) - k, 10), "T%02dH%02dM%02dS", h, m, s);
}
else if (!d)
soap_strcpy(soap->tmpbuf + k, sizeof(soap->tmpbuf) - k, "T0S");
return soap->tmpbuf;
}
int main(int argc, char **argv)
{ struct soap *soap;
int server = 0;
int text = 0;
int port = 0;
FILE *fd;
double result;
char *user;
int runs = 1;
/* create context */
soap = soap_new();
/* register wsse plugin */
soap_register_plugin_arg(soap, soap_wsse, (void*)token_handler);
/* options */
if (argc >= 2)
{ if (strchr(argv[1], 'c'))
soap_set_omode(soap, SOAP_IO_CHUNK);
else if (strchr(argv[1], 'y'))
soap_set_omode(soap, SOAP_IO_STORE);
if (strchr(argv[1], 'i'))
soap_set_omode(soap, SOAP_XML_INDENT);
if (strchr(argv[1], 'n'))
soap_set_omode(soap, SOAP_XML_CANONICAL);
if (strchr(argv[1], 'a'))
aes = 1;
if (strchr(argv[1], 'o'))
oaep = 1;
if (strchr(argv[1], 'd'))
sym = 1;
if (strchr(argv[1], 'e'))
enc = 1;
if (strchr(argv[1], 'f'))
addenc = 1;
/* if (strchr(argv[1], 'F'))
addenca = 1; */
if (strchr(argv[1], 'h'))
hmac = 1;
if (strchr(argv[1], 'k'))
nokey = 1;
if (strchr(argv[1], 's'))
server = 1;
if (strchr(argv[1], 't'))
text = 1;
if (strchr(argv[1], 'g'))
addsig = 1;
if (strchr(argv[1], 'b'))
nobody = 1;
if (strchr(argv[1], 'x'))
nohttp = 1;
if (strchr(argv[1], 'z'))
soap_set_mode(soap, SOAP_ENC_ZLIB);
if (isdigit(argv[1][strlen(argv[1])-1]))
{ runs = argv[1][strlen(argv[1])-1] - '0';
soap_set_mode(soap, SOAP_IO_KEEPALIVE);
}
}
/* soap->actor = "..."; */ /* set only when required */
user = getenv("USER");
if (!user)
user = "******";
/* read RSA private key for signing */
if ((fd = fopen("server.pem", "r")))
{ rsa_privk = PEM_read_PrivateKey(fd, NULL, NULL, (void*)"password");
fclose(fd);
if (!rsa_privk)
{ fprintf(stderr, "Could not read private RSA key from server.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
/* read certificate (more efficient is to keep certificate in memory)
to obtain public key for encryption and signature verification */
if ((fd = fopen("servercert.pem", "r")))
{ cert = PEM_read_X509(fd, NULL, NULL, NULL);
fclose(fd);
if (!cert)
{ fprintf(stderr, "Could not read certificate from servercert.pem\n");
exit(1);
}
}
else
fprintf(stderr, "Could not read server.pem\n");
rsa_pubk = X509_get_pubkey(cert);
if (!rsa_pubk)
{ fprintf(stderr, "Could not get public key from certificate\n");
exit(1);
}
/* port argument */
if (argc >= 3)
port = atoi(argv[2]);
/* need cacert to verify certificates with CA (cacert.pem for testing and
cacerts.pem for production, which contains the trusted CA certificates) */
soap->cafile = "cacert.pem";
/* server or client/ */
if (server)
{ if (port)
{ /* stand-alone server serving messages over port */
if (!soap_valid_socket(soap_bind(soap, NULL, port, 100)))
{ soap_print_fault(soap, stderr);
exit(1);
}
printf("Server started at port %d\n", port);
while (soap_valid_socket(soap_accept(soap)))
{ if (hmac)
soap_wsse_verify_auto(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else if (nokey)
soap_wsse_verify_auto(soap, SOAP_SMD_VRFY_RSA_SHA1, rsa_pubk, 0);
else
soap_wsse_verify_auto(soap, SOAP_SMD_NONE, NULL, 0);
if (sym)
{ if (aes)
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_AES256_CBC, aes_key, sizeof(aes_key));
else
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_DES_CBC, des_key, sizeof(des_key));
}
else if (enc)
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
if (soap_serve(soap))
{ soap_wsse_delete_Security(soap);
soap_print_fault(soap, stderr);
soap_print_fault_location(soap, stderr);
}
soap_destroy(soap);
soap_end(soap);
}
soap_print_fault(soap, stderr);
exit(1);
}
else
{ /* CGI-style server serving messages over stdin/out */
if (hmac)
soap_wsse_verify_auto(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else if (nokey)
soap_wsse_verify_auto(soap, SOAP_SMD_VRFY_RSA_SHA1, rsa_pubk, 0);
else
soap_wsse_verify_auto(soap, SOAP_SMD_NONE, NULL, 0);
if (sym)
{ if (aes)
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_AES256_CBC, aes_key, sizeof(aes_key));
else
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_DES_CBC, des_key, sizeof(des_key));
}
else if (enc)
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
if (soap_serve(soap))
{ soap_wsse_delete_Security(soap);
soap_print_fault(soap, stderr);
soap_print_fault_location(soap, stderr);
}
soap_destroy(soap);
soap_end(soap);
}
}
else /* client */
{ int run;
char endpoint[80];
/* ns1:test data */
struct ns1__add a;
struct ns1__sub b;
a.a = 123;
a.b = 456;
b.a = 789;
b.b = -99999;
/* client sending messages to stdout or over port */
if (port)
(SOAP_SNPRINTF(endpoint, sizeof(endpoint), 37), "http://localhost:%d", port);
else if (nohttp)
soap_strcpy(endpoint, sizeof(endpoint), "");
else
soap_strcpy(endpoint, sizeof(endpoint), "http://");
for (run = 0; run < runs; run++)
{
/* message lifetime of 60 seconds */
soap_wsse_add_Timestamp(soap, "Time", 60);
/* add user name with text or digest password */
if (text)
soap_wsse_add_UsernameTokenText(soap, "User", user, "userPass");
else
soap_wsse_add_UsernameTokenDigest(soap, "User", user, "userPass");
if (sym)
{ if (aes)
{ /* symmetric encryption with AES */
soap_wsse_add_EncryptedData_KeyInfo_KeyName(soap, "My AES Key");
if (soap_wsse_encrypt_body(soap, SOAP_MEC_ENC_AES256_CBC, aes_key, sizeof(aes_key)))
soap_print_fault(soap, stderr);
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_AES256_CBC, aes_key, sizeof(aes_key));
}
else
{ /* symmetric encryption with DES */
soap_wsse_add_EncryptedData_KeyInfo_KeyName(soap, "My DES Key");
if (soap_wsse_encrypt_body(soap, SOAP_MEC_ENC_DES_CBC, des_key, sizeof(des_key)))
soap_print_fault(soap, stderr);
soap_wsse_decrypt_auto(soap, SOAP_MEC_DEC_DES_CBC, des_key, sizeof(des_key));
}
}
else if (addenc || addenca)
{ /* RSA encryption of the <ns1:add> element */
const char *SubjectKeyId = NULL; /* set to non-NULL to use SubjectKeyIdentifier in Header rather than a full cert key */
/* MUST set wsu:Id of the elements to encrypt */
if (addenc) /* encrypt element <ns1:add> */
{ soap_wsse_set_wsu_id(soap, "ns1:add");
if (soap_wsse_add_EncryptedKey_encrypt_only(soap, SOAP_MEC_ENV_ENC_DES_CBC, "Cert", cert, SubjectKeyId, NULL, NULL, "ns1:add"))
soap_print_fault(soap, stderr);
}
else /* encrypt element <a> */
{ soap_wsse_set_wsu_id(soap, "a");
if (soap_wsse_add_EncryptedKey_encrypt_only(soap, SOAP_MEC_ENV_ENC_DES_CBC, "Cert", cert, SubjectKeyId, NULL, NULL, "a"))
soap_print_fault(soap, stderr);
}
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
}
else if (enc)
{ /* RSA encryption of the SOAP Body */
const char *SubjectKeyId = NULL; /* set to non-NULL to use SubjectKeyIdentifier in Header rather than a full cert key */
if (oaep)
{ if (soap_wsse_add_EncryptedKey(soap, SOAP_MEC_ENV_ENC_AES256_CBC | SOAP_MEC_OAEP, "Cert", cert, SubjectKeyId, NULL, NULL))
soap_print_fault(soap, stderr);
}
else if (aes)
{ if (soap_wsse_add_EncryptedKey(soap, SOAP_MEC_ENV_ENC_AES256_CBC, "Cert", cert, SubjectKeyId, NULL, NULL))
soap_print_fault(soap, stderr);
}
else
{ if (soap_wsse_add_EncryptedKey(soap, SOAP_MEC_ENV_ENC_DES_CBC, "Cert", cert, SubjectKeyId, NULL, NULL))
soap_print_fault(soap, stderr);
}
soap_wsse_decrypt_auto(soap, SOAP_MEC_ENV_DEC_DES_CBC, rsa_privk, 0);
}
if (hmac)
{ /* symmetric signature */
if (nobody)
soap_wsse_sign(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else
soap_wsse_sign_body(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
/* WS-SecureConversation contect token */
soap_wsse_add_SecurityContextToken(soap, "SCT", contextId);
}
else
{ if (nokey)
soap_wsse_add_KeyInfo_KeyName(soap, "MyKey");
else
{ soap_wsse_add_BinarySecurityTokenX509(soap, "X509Token", cert);
soap_wsse_add_KeyInfo_SecurityTokenReferenceX509(soap, "#X509Token");
}
if (nobody || addsig) /* do not sign body */
soap_wsse_sign(soap, SOAP_SMD_SIGN_RSA_SHA1, rsa_privk, 0);
else
soap_wsse_sign_body(soap, SOAP_SMD_SIGN_RSA_SHA256, rsa_privk, 0);
}
/* enable automatic signature verification of server responses */
if (hmac)
soap_wsse_verify_auto(soap, SOAP_SMD_HMAC_SHA1, hmac_key, sizeof(hmac_key));
else if (nokey)
soap_wsse_verify_auto(soap, SOAP_SMD_VRFY_RSA_SHA1, rsa_pubk, 0);
else
soap_wsse_verify_auto(soap, SOAP_SMD_NONE, NULL, 0);
/* sign the response message in unsigned body? If so, set wsu:Id */
if (addsig)
{ soap_wsse_set_wsu_id(soap, "ns1:add");
soap_wsse_sign_only(soap, "User ns1:add");
}
/* invoke the server. You can choose add, sub, mul, or div operations
* that show different security aspects (intentional message rejections)
* for demonstration purposes (see server operations below) */
if (!soap_call_ns1__add(soap, endpoint, NULL, 1.0, 2.0, &result))
{ if (!soap_wsse_verify_Timestamp(soap))
{ const char *servername = soap_wsse_get_Username(soap);
if (servername
&& !strcmp(servername, "server")
&& !soap_wsse_verify_Password(soap, "serverPass"))
printf("Result = %g\n", result);
else
{ fprintf(stderr, "Server authentication failed\n");
soap_print_fault(soap, stderr);
}
}
else
{ fprintf(stderr, "Server response expired\n");
soap_print_fault(soap, stderr);
}
}
else
{ soap_print_fault(soap, stderr);
soap_print_fault_location(soap, stderr);
}
/* clean up security header */
soap_wsse_delete_Security(soap);
/* disable soap_wsse_verify_auto */
soap_wsse_verify_done(soap);
} /* run */
}
/* clean up keys */
if (rsa_privk)
EVP_PKEY_free(rsa_privk);
if (rsa_pubk)
EVP_PKEY_free(rsa_pubk);
if (cert)
X509_free(cert);
/* clean up gSOAP engine */
soap_destroy(soap);
soap_end(soap);
soap_done(soap);
free(soap);
/* done */
return 0;
}
