Google Git
Sign in
apache / axis-axis2-c-rampart / 1605f6e380b734623c4a6b03801797c9cc929e8b / . / samples / client / saml_protect / echo.c
blob: 85bf6f5b3c6d70dcbe45764b7f8e1ab7d08d99c2 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <stdio.h>
#include <axiom.h>
#include <axis2_util.h>
#include <axiom_soap.h>
#include <axis2_client.h>
#include <rampart_constants.h>
#include <neethi_util.h>
#include <neethi_policy.h>
#include <saml.h>
#include <rampart_config.h>
#include <rampart_saml_token.h>
#include <oxs_saml_token.h>
#include <oxs_sign_ctx.h>
#include <oxs_tokens.h>
#include <oxs_xml_encryption.h>
axiom_node_t * AXIS2_CALL
build_om_payload_for_echo_svc(const axutil_env_t *env);
rampart_saml_token_t * AXIS2_CALL
create_saml_token(const axutil_env_t *env);
oxs_key_t * AXIS2_CALL
get_session_key(const axutil_env_t *env, axiom_node_t *assertion);
axiom_node_t * AXIS2_CALL
create_key_info(const axutil_env_t *env, rampart_saml_token_t *saml);
saml_subject_t * AXIS2_CALL
create_subject(const axutil_env_t *env, rampart_saml_token_t *saml);
saml_auth_binding_t * AXIS2_CALL
create_autherity_binding(const axutil_env_t *env);
saml_stmt_t * AXIS2_CALL
create_auth_statement(const axutil_env_t *env, rampart_saml_token_t *saml);
saml_condition_t * AXIS2_CALL
create_condition(const axutil_env_t *env);
#define PRIVATE_KEY_FILE "/bin/samples/rampart/keys/ahome/alice_key.pem"
#define PRIVATE_KEY_PASSWORD "password"
#define CERTIFICATE_FILE "/bin/samples/rampart/keys/ahome/alice_cert.cert"
#define RECEIVER_CERTIFICATE_FILE "/bin/samples/rampart/keys/ahome/bob_cert.cert"
axis2_char_t *axis2c_home;
int main(int argc, char** argv)
{
const axutil_env_t *env = NULL;
const axis2_char_t *address = NULL;
const axis2_char_t *client_home = NULL;
axis2_char_t *file_name = NULL;
axis2_char_t *policy_file = NULL;
axis2_endpoint_ref_t* endpoint_ref = NULL;
axis2_options_t *options = NULL;
axis2_svc_client_t* svc_client = NULL;
axiom_node_t *payload = NULL;
axiom_node_t *ret_node = NULL;
axis2_status_t status = AXIS2_FAILURE;
neethi_policy_t *policy = NULL;
rampart_config_t* client_config = NULL;
axutil_property_t *property = NULL;
rampart_saml_token_t *saml = NULL;
/* Set up the environment */
env = axutil_env_create_all("echo.log", AXIS2_LOG_LEVEL_TRACE);
printf("SAML PROOF");
/* Set end-point-reference of echo service */
address = "http://localhost:9090/axis2/services/echo";
if (argc > 2)
{
address = argv[1];
client_home = argv[2];
printf("Using endpoint : %s\n", address);
printf("Using client_home : %s\n", client_home);
}
if (axutil_strcmp(address, "-h") == 0)
{
printf("Usage : %s [endpoint_url] [client_home]\n", argv[0]);
printf("use -h for help\n");
return 0;
}
axis2c_home = AXIS2_GETENV("AXIS2C_HOME");
if (!axis2c_home)
{
printf("AXIS2C_HOME not set. Cannot find the key files");
return -1;
}
/* Create end-point-reference with given address */
endpoint_ref = axis2_endpoint_ref_create(env, address);
/* Setup options */
options = axis2_options_create(env);
axis2_options_set_to(options, env, endpoint_ref);
axis2_options_set_action(options, env,
"http://example.com/ws/2004/09/policy/Test/EchoRequest");
/*axis2_options_set_action(options, env,
"urn:echo");*/
/*If the client home is not specified, use the AXIS2C_HOME*/
if (!client_home)
{
client_home = axutil_strdup(env, axis2c_home);
printf("\nNo client_home specified. Using default %s", client_home);
}
/* Create service client */
printf("client_home= %s", client_home);
svc_client = axis2_svc_client_create(env, client_home);
if (!svc_client)
{
printf("Error creating service client\n");
return -1;
}
client_config = rampart_config_create(env);
if(!client_config)
{
printf("Cannot create rampart config\n");
return 0;
}
saml = create_saml_token(env);
rampart_config_add_saml_token(client_config, env, saml);
property = axutil_property_create_with_args(env, AXIS2_SCOPE_REQUEST ,
AXIS2_TRUE, (void *)rampart_config_free, client_config);
axis2_options_set_property(options, env, RAMPART_CLIENT_CONFIGURATION, property);
/* Set service client options */
axis2_svc_client_set_options(svc_client, env, options);
/*We need to specify the client's policy file location*/
if(client_home)
{
file_name = axutil_stracat(env, client_home, AXIS2_PATH_SEP_STR);
policy_file = axutil_stracat(env, file_name, "policy.xml" );
AXIS2_FREE(env->allocator, file_name);
file_name = NULL;
}else{
printf("Client Home not Specified\n");
printf("echo client invoke FAILED!\n");
return 0;
}
/*Create the policy, from file*/
policy = neethi_util_create_policy_from_file(env, policy_file);
if(!policy)
{
printf("\nPolicy creation failed from the file. %s\n", policy_file);
}
if(policy_file){
AXIS2_FREE(env->allocator, policy_file);
policy_file = NULL;
}
status = axis2_svc_client_set_policy(svc_client, env, policy);
if(status == AXIS2_FAILURE)
{
printf("Policy setting failed\n");
}
/* Build the SOAP request message payload using OM API.*/
payload = build_om_payload_for_echo_svc(env);
/*If not engaged in the client's axis2.xml, uncomment this line*/
axis2_svc_client_engage_module(svc_client, env, "rampart");
/* Send request */
ret_node = axis2_svc_client_send_receive(svc_client, env, payload);
if (axis2_svc_client_get_last_response_has_fault(svc_client, env))
{
axiom_soap_envelope_t *soap_envelope = NULL;
axiom_soap_body_t *soap_body = NULL;
axiom_soap_fault_t *soap_fault = NULL;
printf ("\nResponse has a SOAP fault\n");
soap_envelope =
axis2_svc_client_get_last_response_soap_envelope(svc_client, env);
if (soap_envelope)
soap_body = axiom_soap_envelope_get_body(soap_envelope, env);
if (soap_body)
soap_fault = axiom_soap_body_get_fault(soap_body, env);
if (soap_fault)
{
printf("\nReturned SOAP fault: %s\n",
axiom_node_to_string(axiom_soap_fault_get_base_node(soap_fault,env),
env));
}
printf("echo client invoke FAILED!\n");
return -1;
}
if (ret_node)
{
axis2_char_t *om_str = NULL;
om_str = axiom_node_to_string(ret_node, env);
if (om_str)
{
printf("\nReceived OM : %s\n", om_str);
}
printf("\necho client invoke SUCCESSFUL!\n");
AXIS2_FREE(env->allocator, om_str);
ret_node = NULL;
}
else
{
printf("echo client invoke FAILED!\n");
return -1;
}
if (svc_client)
{
axis2_svc_client_free(svc_client, env);
svc_client = NULL;
}
if (env)
{
axutil_env_free((axutil_env_t *) env);
env = NULL;
}
return 0;
}
axiom_node_t * AXIS2_CALL
build_om_payload_for_echo_svc(const axutil_env_t *env)
{
axiom_node_t *echo_om_node = NULL;
axiom_element_t* echo_om_ele = NULL;
axiom_node_t* text_om_node = NULL;
axiom_element_t * text_om_ele = NULL;
axiom_namespace_t *ns1 = NULL;
axis2_char_t *om_str = NULL;
ns1 = axiom_namespace_create(env, "http://ws.apache.org/rampart/c/samples", "ns1");
echo_om_ele = axiom_element_create(env, NULL, "echoIn", ns1, &echo_om_node);
text_om_ele = axiom_element_create(env, echo_om_node, "text", NULL, &text_om_node);
axiom_element_set_text(text_om_ele, env, "Hello", text_om_node);
om_str = axiom_node_to_string(echo_om_node, env);
if (om_str){
printf("\nSending OM : %s\n", om_str);
AXIS2_FREE(env->allocator, om_str);
om_str = NULL;
}
return echo_om_node;
}
rampart_saml_token_t * AXIS2_CALL
create_saml_token(const axutil_env_t *env)
{
oxs_sign_ctx_t *sign_ctx = NULL;
oxs_x509_cert_t *cert = NULL;
openssl_pkey_t *prv_key = NULL;
rampart_saml_token_t *saml = NULL;
axutil_date_time_t *time = NULL;
saml_assertion_t *assertion = NULL;
axiom_node_t *node = NULL;
axis2_char_t *prv_key_file = NULL;
axis2_char_t *certificate_file = NULL;
/*
* Create a rampart_saml_token_t to give to the Rampart/C
* Here the token type is protection token.
*/
saml = rampart_saml_token_create(env, NULL, RAMPART_ST_CONFIR_TYPE_HOLDER_OF_KEY);
time = axutil_date_time_create(env);
assertion = saml_assertion_create(env);
if (assertion)
{
saml_assertion_set_minor_version(assertion, env, 1);
saml_assertion_set_issue_instant(assertion, env, time);
saml_assertion_set_issuer(assertion, env, "http://ws.apache.org/rampart/c");
saml_assertion_add_condition(assertion, env, create_condition(env));
saml_assertion_set_not_before(assertion, env, axutil_date_time_create(env));
saml_assertion_add_statement(assertion, env, create_auth_statement(env, saml));
}
/* Load the private key from file*/
prv_key_file = axutil_stracat(env, axis2c_home, PRIVATE_KEY_FILE);
certificate_file = axutil_stracat(env, axis2c_home, CERTIFICATE_FILE);
prv_key = oxs_key_mgr_load_private_key_from_pem_file(env, prv_key_file, PRIVATE_KEY_PASSWORD);
cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
sign_ctx = oxs_sign_ctx_create(env);
saml_util_set_sig_ctx_defaults(sign_ctx, env, "AssertionID");
oxs_sign_ctx_set_private_key(sign_ctx, env, prv_key);
oxs_sign_ctx_set_certificate(sign_ctx, env, cert);
saml_assertion_set_signature(assertion, env, sign_ctx);
node = saml_assertion_to_om(assertion, NULL, env);
rampart_saml_token_set_assertion(saml, env, node);
rampart_saml_token_set_token_type(saml, env, RAMPART_ST_TYPE_PROTECTION_TOKEN);
saml_assertion_free(assertion, env);
return saml;
}
saml_condition_t * AXIS2_CALL
create_condition(const axutil_env_t *env)
{
saml_audi_restriction_cond_t *arc = NULL;
saml_condition_t *condition = AXIS2_MALLOC(env->allocator, sizeof(saml_condition_t));
arc = saml_audi_restriction_cond_create(env);
saml_audi_restriction_cond_add_audience(arc, env, "www.samle.com");
return condition;
}
saml_stmt_t * AXIS2_CALL
create_auth_statement(const axutil_env_t *env, rampart_saml_token_t *saml)
{
saml_auth_stmt_t *a_stmt = NULL;
saml_stmt_t *stmt = saml_stmt_create(env);
a_stmt = saml_auth_stmt_create(env);
saml_stmt_set_stmt(stmt, env, a_stmt, SAML_STMT_AUTHENTICATIONSTATEMENT);
saml_auth_stmt_set_auth_method(a_stmt, env, SAML_AUTH_METHOD_URI_PASSWORD);
saml_auth_stmt_set_auth_instant(a_stmt, env, axutil_date_time_create(env));
saml_auth_stmt_set_subject(a_stmt, env, create_subject(env, saml));
saml_auth_stmt_set_subject_dns(a_stmt, env, "192.148.5.8");
saml_auth_stmt_set_subject_ip(a_stmt, env, "128.5.6.4");
saml_auth_stmt_add_auth_binding(a_stmt, env, create_autherity_binding(env));
return stmt;
}
saml_auth_binding_t * AXIS2_CALL
create_autherity_binding(const axutil_env_t *env)
{
saml_auth_binding_t *bind = NULL;
bind = saml_auth_binding_create(env);
saml_auth_binding_set_authority_kind(bind, env, "abc:aa:aa");
saml_auth_binding_set_binding(bind, env, "SOAP");
saml_auth_binding_set_location(bind, env, "http://myhome.com/sevices/echo");
return bind;
}
saml_subject_t * AXIS2_CALL
create_subject(const axutil_env_t *env, rampart_saml_token_t *saml)
{
saml_subject_t *subject = NULL;
saml_named_id_t *id = NULL;
axiom_node_t *key_info = NULL;
subject = saml_subject_create(env);
id = saml_named_id_create(env);
saml_named_id_set_name(id, env, "Computer Science & Engineering Department");
saml_named_id_set_format(id, env, SAML_EMAIL_ADDRESS);
saml_named_id_set_name_qualifier(id, env, "University of Moratuwa");
saml_subject_set_named_id(subject, env, id);
saml_subject_add_confirmation(subject, env, SAML_SUB_CONFIRMATION_HOLDER_OF_KEY);
key_info = create_key_info(env, saml);
saml_subject_set_key_info(subject, env, key_info);
return subject;
}
axiom_node_t * AXIS2_CALL
create_key_info(const axutil_env_t *env, rampart_saml_token_t *saml)
{
axiom_node_t *key_info = NULL;
oxs_key_t *session_key = NULL;
axis2_status_t status = AXIS2_FAILURE;
oxs_asym_ctx_t * asym_ctx = NULL;
axis2_char_t *key_info_str = NULL;
oxs_x509_cert_t *cert = NULL;
/* Set the receiver certificate file. This public key will be used to encrypt the session key.*/
axis2_char_t *certificate_file = axutil_stracat(env, axis2c_home, RECEIVER_CERTIFICATE_FILE);
session_key = oxs_key_create(env);
status = oxs_key_for_algo(session_key, env, NULL);
key_info = oxs_token_build_key_info_element(env, NULL);
/* Create the asym_ctx_t and populate it.*/
asym_ctx = oxs_asym_ctx_create(env);
oxs_asym_ctx_set_algorithm(asym_ctx, env, OXS_HREF_RSA_PKCS1);
oxs_asym_ctx_set_operation(asym_ctx, env,
OXS_ASYM_CTX_OPERATION_PUB_ENCRYPT);
cert = oxs_key_mgr_load_x509_cert_from_pem_file(env, certificate_file);
if (!cert)
{
AXIS2_LOG_ERROR(env->log, AXIS2_LOG_SI,
"Certificate cannot be loaded");
return NULL;
}
oxs_asym_ctx_set_certificate(asym_ctx, env, cert);
status = oxs_xml_enc_encrypt_key(env,
asym_ctx,
key_info,
session_key,
NULL);
rampart_saml_token_set_session_key(saml, env, session_key);
key_info_str = axiom_node_to_string(key_info, env);
return key_info;
}