blob: 6789e41db238bcaa32a3b85207fd2d548f814fd0 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <axis2_util.h>
#include <rampart_token_builder.h>
#include <oxs_tokens.h>
#include <rampart_constants.h>
/**
* Build a SecurityTokenReference element according to the pattern specified in @pattern.
* The token will be attached to the node @parent and relavent data will be extracted from
* certificate @cert.
* @param env pointer to environment struct
* @param parent The parent node
* @param cert The X509 certificate
* @param pattern The build pattern
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_token_build_security_token_reference(
const axutil_env_t *env,
axiom_node_t *parent,
oxs_x509_cert_t *cert,
rampart_token_build_pattern_t pattern)
{
axis2_status_t status = AXIS2_FAILURE;
axiom_node_t *stref_node = NULL;
stref_node = oxs_token_build_security_token_reference_element(env, parent);
if(RTBP_EMBEDDED == pattern)
{
status = rampart_token_build_embedded(env, stref_node, cert);
}
else if(RTBP_KEY_IDENTIFIER == pattern)
{
status = rampart_token_build_key_identifier(env, stref_node, cert);
}
else if(RTBP_X509DATA_X509CERTIFICATE == pattern)
{
status = rampart_token_build_x509_data_x509_certificate(env, stref_node, cert);
}
else if(RTBP_X509DATA_ISSUER_SERIAL == pattern)
{
status = rampart_token_build_x509_data_issuer_serial(env, stref_node, cert);
}
else if(RTBP_THUMBPRINT == pattern)
{
status = rampart_token_build_thumbprint_reference(env, stref_node, cert);
}
else
{
/* reference method is not supported */
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Unsupported pattern %d to build wsse:SecurityTokenReference ", pattern);
return AXIS2_FAILURE;
}
return status;
}
/**
* Build an Embedded token with data available in the certificate.
* <SecurityTokenReference>
* <Embedded>
* <BinarySecurityToken>UYISDjsdaousdWEqswOIUsd</BinarySecurityToken>
* </Embedded>
* </SecurityTokenReference>
* @param env pointer to environment struct
* @param parent The parent node
* @param cert The X509 certificate
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_token_build_embedded(
const axutil_env_t *env,
axiom_node_t *parent,
oxs_x509_cert_t *cert)
{
axis2_char_t *data = NULL;
axis2_char_t *bst_id = NULL;
axiom_node_t *embedded_node = NULL;
axiom_node_t *bst_node = NULL;
/* Get data from the certificate */
data = oxs_x509_cert_get_data(cert, env);
if(!data)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Cannot get data from the x509 certificate.");
return AXIS2_FAILURE;
}
embedded_node = oxs_token_build_embedded_element(env, parent, RAMPART_EMBED_TOKEN_ID);
bst_id = oxs_util_generate_id(env, RAMPART_BST_ID_PREFIX);
bst_node = oxs_token_build_binary_security_token_element(
env, embedded_node, bst_id ,OXS_ENCODING_BASE64BINARY, OXS_VALUE_X509V3, data);
return AXIS2_SUCCESS;
}
/**
* Build a KeyIndentifer token with data available in the certificate.
* <SecurityTokenReference>
* <KeyIdentifier>WEqswOIUsd</KeyIdentifier>
* </SecurityTokenReference>
* @param env pointer to environment struct
* @param parent The parent node
* @param cert The X509 certificate
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_token_build_key_identifier(
const axutil_env_t *env,
axiom_node_t *parent,
oxs_x509_cert_t *cert)
{
axiom_node_t *ki_node = NULL;
axis2_char_t *ki = NULL;
ki = oxs_x509_cert_get_key_identifier(cert, env);
if(!ki)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Cannot get key identifier from the x509 certificate.");
return AXIS2_FAILURE;
}
ki_node = oxs_token_build_key_identifier_element(
env, parent, OXS_ENCODING_BASE64BINARY, OXS_X509_SUBJ_KI, ki);
return AXIS2_SUCCESS;
}
/*
* Build an X509Certificate token with data available in the certificate.
* <SecurityTokenReference>
* <ds:X509Data>
* <ds:X509Certificate>
* MIICzjCCAjegAwIBAgIJANyD+jwekxGuMA......
* </ds:X509Certificate>
* <ds:X509Data>
* </SecurityTokenReference>
* @param env pointer to environment struct
* @param parent The parent node
* @param cert The X509 certificate
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_token_build_x509_data_x509_certificate(
const axutil_env_t *env,
axiom_node_t *parent,
oxs_x509_cert_t *cert)
{
axiom_node_t *x509_data_node = NULL;
axiom_node_t *x509_cert_node = NULL;
axis2_char_t *data = NULL;
data = oxs_x509_cert_get_data(cert, env);
if(!data)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Cannot get data from the x509 certificate.");
return AXIS2_FAILURE;
}
x509_data_node = oxs_token_build_x509_data_element(env, parent);
x509_cert_node = oxs_token_build_x509_certificate_element(env, x509_data_node, data);
return AXIS2_SUCCESS;
}
/**
* Build an X509IssuerSerial token with data available in the certificate.
* <SecurityTokenReference>
* <x509Data>
* <X509IssuerSerial>
* <X509IssuerName>C=US, O=VeriSign, Inc.,</X509IssuerName>
* <X509SerialNumber>93243297328</X509SerialNumber>
* </X509IssuerSerial>
* </x509Data>
* </SecurityTokenReference>
* @param env pointer to environment struct
* @param parent The parent node
* @param cert The X509 certificate
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_token_build_x509_data_issuer_serial(
const axutil_env_t *env,
axiom_node_t *parent,
oxs_x509_cert_t *cert)
{
axiom_node_t *x509_data_node = NULL;
axiom_node_t *x509_issuer_serial_node = NULL;
axis2_char_t *issuer = NULL;
int serial = -1;
axis2_char_t serial_no[20];
issuer = oxs_x509_cert_get_issuer(cert, env);
serial = oxs_x509_cert_get_serial_number(cert, env);
if(!issuer)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Cannot get issuer from the x509 certificate.");
return AXIS2_FAILURE;
}
if(serial == -1)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart]Cannot get serial from the x509 certificate.");
return AXIS2_FAILURE;
}
sprintf(serial_no, "%d", serial);
/* Build tokens */
x509_data_node = oxs_token_build_x509_data_element(env, parent);
x509_issuer_serial_node = oxs_token_build_x509_issuer_serial_with_data(
env, x509_data_node, issuer, serial_no);
return AXIS2_SUCCESS;
}
/**
* Build a Thumbprint Reference of the certificate.
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier EncodingType="..." ValueType="...#
ThumbprintSHA1">bg6I8267h0TUcPYvYE0D6k6+UJQ=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
* @param env pointer to environment struct
* @param parent The parent node
* @param cert The X509 certificate
* @return AXIS2_SUCCESS on success, else AXIS2_FAILURE
*/
AXIS2_EXTERN axis2_status_t AXIS2_CALL
rampart_token_build_thumbprint_reference(
const axutil_env_t *env,
axiom_node_t *parent,
oxs_x509_cert_t *cert)
{
axiom_node_t *key_identifier_node = NULL;
axis2_char_t *key_identifier = NULL;
axis2_char_t *val_type = NULL;
key_identifier = oxs_x509_cert_get_fingerprint(cert, env);
val_type = OXS_X509_TUMBP_PRINT_SHA1;
if(!key_identifier)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"[rampart] Cannot create the Thumpprint from Cert.");
return AXIS2_FAILURE;
}
/*Build KeyIdentifier node*/
key_identifier_node = oxs_token_build_key_identifier_element(
env, parent, OXS_ENCODING_BASE64BINARY,
val_type, key_identifier);
if(key_identifier_node)
{
return AXIS2_SUCCESS;
}
else
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"Thumbpring node creation failed");
return AXIS2_FAILURE;
}
}