soap-xmlsec.c File Reference

#include <libxml/tree.h>
#include <libxml/uri.h>
#include <libxml/parser.h>
#include <libxml/xmlmemory.h>
#include <libxml/xmlstring.h>
#include <libxml/xpath.h>
#include <libxml/xpathInternals.h>
#include <libxslt/xslt.h>
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/xmlenc.h>
#include <xmlsec/xmldsig.h>
#include <xmlsec/templates.h>
#include <xmlsec/crypto.h>
#include <xmlsec/errors.h>
#include <nanohttp/nanohttp-logging.h>
#include <nanohttp/nanohttp-error.h>
#include <nanohttp/nanohttp-common.h>
#include <nanohttp/nanohttp-stream.h>
#include <nanohttp/nanohttp-request.h>
#include <nanohttp/nanohttp-response.h>
#include <nanohttp/nanohttp-client.h>
#include <nanohttp/nanohttp-server.h>
#include "soap-env.h"
#include "soap-ctx.h"
#include "soap-service.h"
#include "soap-router.h"
#include "soap-server.h"
#include "soap-transport.h"
#include "soap-addressing.h"
#include "soap-xmlsec.h"

Go to the source code of this file.

Functions

herror_t _soap_xmlsec_init (void)
herror_t soap_xmlsec_client_init_args (int argc, char **argv)
herror_t soap_xmlsec_server_init_args (int argc, char **argv)
herror_t soap_xmlsec_sign (struct SoapCtx *context)
herror_t soap_xmlsec_encrypt (struct SoapCtx *context)
herror_t soap_xmlsec_decrypt (struct SoapCtx *context)
herror_t soap_xmlsec_verify (struct SoapCtx *context)
void soap_xmlsec_destroy (void)


Function Documentation

herror_t _soap_xmlsec_init void   ) 
 

Definition at line 435 of file soap-xmlsec.c.

References H_OK, herror_message(), herror_new(), log_error1, log_error2, log_info1, log_verbose2, XMLSEC_ERROR_DLLOAD, XMLSEC_ERROR_INIT, and XMLSEC_ERROR_VERSION.

Referenced by soap_xmlsec_client_init_args(), and soap_xmlsec_server_init_args().

herror_t soap_xmlsec_client_init_args int  argc,
char **  argv
 

Initializes the WS-Security subsystem.

Parameters:
argc commandline arg count
argv commandline arg vector
Returns:
H_OK on success

Definition at line 506 of file soap-xmlsec.c.

References _soap_xmlsec_init(), and H_OK.

Referenced by soap_client_init_args().

herror_t soap_xmlsec_decrypt struct SoapCtx context  ) 
 

Decrupt a XML document contained in a SOAP envelope.

Parameters:
context The SOAP context to be decrypted.
Returns:
H_OK on success

Definition at line 757 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, herror_new(), log_error1, log_error2, SoapEnv::root, and soap_env_get_method().

Referenced by soap_client_invoke(), and soap_server_process().

void soap_xmlsec_destroy void   ) 
 

Frees the resources needed by the XML security subsystem.

Definition at line 914 of file soap-xmlsec.c.

herror_t soap_xmlsec_encrypt struct SoapCtx context  ) 
 

Encrypt a XML document contained in a SOAP envelope.

Parameters:
context The SOAP context to be encrypted.
Returns:
H_OK on success

Definition at line 623 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, herror_new(), log_error1, log_error2, SoapEnv::root, soap_addressing_get_to_address(), soap_env_get_method(), XMLSEC_ERROR_ENCRYPT, and XMLSEC_ERROR_ENCRYPT_INIT.

Referenced by soap_client_invoke(), and soap_server_process().

herror_t soap_xmlsec_server_init_args int  argc,
char **  argv
 

Initializes the WS-Security subsystem.

Parameters:
argc commandline arg count
argv commandline arg vector
Returns:
H_OK on success

Definition at line 517 of file soap-xmlsec.c.

References _soap_xmlsec_init(), H_OK, herror_message(), and log_error2.

Referenced by soap_server_init_args().

herror_t soap_xmlsec_sign struct SoapCtx context  ) 
 

Sign a XML document contained in a SOAP Envelope with the key specified on the commandline. Our way to create a <SOAP-SEC:Signature> header entry is as follows:

  • Prepare the target SOAP Envelope with the body and necessary headers.
  • Create a template of a <ds:Signature> element. The template is assumed to contain empty contents for <ds:DigestValue> or <ds:SignatureValue> elements, but contains appropriate values for the elements such as <ds:SignatureMethod> and <ds:Reference> required to calculate them.
  • Create a new header entry <SOAP-SEC:Signature> and add the template to this entry.
  • Add the header entry <SOAP-SEC:Signature> to the SOAP Header.
  • Add the SOAP "actor" and "mustUnderstand" attributes to the entry, if necessary.
  • Calculate the <ds:DigestValue> and <ds:SignatureValue> elements according to the core generation of the XML-Signature specification.

XPath filtering can be used to specify objects to be signed, as described in the XML-Signature specification. However, since the SOAP message exchange model allows intermediate applications to modify the Envelope (add or delete a header entry, for example), XPath filtering does not always result in the same objects after message delivery. Care should be taken in using XPath filtering so that there is no subsequent validation failure due to such modifications.

The transform http://www.w3.org/2000/09/xmldsig#enveloped-signature defined in the XML-Signature specification may be useful when signing the entire Envelope including other header entries, if any.

Parameters:
context The SOAP context to be signed.
Returns:
H_OK on success
See also:
http://www.w3.org/TR/SOAP-dsig/

http://www.w3.org/TR/xmldsig-core/

Definition at line 541 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, SoapEnv::header, herror_new(), log_error1, SoapEnv::root, SOAP_SECURITY_NAMESPACE, SOAP_SECURITY_PREFIX, soap_server_get_name(), soap_transport_get_name(), XMLSEC_ERROR_SIGN, and XMLSEC_ERROR_SIGN_INIT.

Referenced by soap_client_invoke(), and soap_server_process().

herror_t soap_xmlsec_verify struct SoapCtx context  ) 
 

Verify a XML documents signature contained in a SOAP Envelope. The validation of a <SOAP-SEC:Signature> header entry fails if:

  • The syntax of the content of the header entry does not conform to SOAP Security Extensions: Digital Signature specification, or
  • The validation of the signature contained in the header entry fails according to the core validation of the XML-Signature specification, or
  • The receiving application program rejects the signature for some reason (e.g., the signature is created by an untrusted key).

If the validation of the signature header entry fails, applications MAY report the failure to the sender. It is out of the scope of this library how to deal with it.

Parameters:
context The SOAP context to be verified.
Returns:
H_OK on success
See also:
http://www.w3.org/TR/SOAP-dsig/

http://www.w3.org/TR/xmldsig-core/

Definition at line 846 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, SoapEnv::header, herror_new(), log_error1, log_error2, SoapEnv::root, and SOAP_SECURITY_NAMESPACE.

Referenced by soap_client_invoke(), and soap_server_process().


Generated on Thu Jan 25 23:36:04 2007 for csoap by  doxygen 1.4.6