soap-xmlsec.h File Reference

Go to the source code of this file.

Defines

#define SOAP_SECURITY_NAMESPACE   "http://schemas.xmlsoap.org/soap/security/2000-12"
#define SOAP_SECURITY_PREFIX   "SOAP-SEC"
#define CSOAP_ENABLE_XMLSEC   "-CSOAPxmlsec"
#define CSOAP_XMLSEC_KEYFILE   "-CSOAPkeyfile"
#define CSOAP_XMLSEC_PASSWORD   "-CSOAPpassword"
#define CSOAP_XMLSEC_CERTFILE   "-CSOAPcertfile"
#define XMLSEC_ERROR   5100
#define XMLSEC_ERROR_GENERIC   (XMLSEC_ERROR + 0)
#define XMLSEC_ERROR_KEYSTORE   (XMLSEC_ERROR + 10)
#define XMLSEC_ERROR_KEYMANAGER   (XMLSEC_ERROR + 20)
#define XMLSEC_ERROR_KEY   (XMLSEC_ERROR + 30)
#define XMLSEC_ERROR_CERTIFICATE   (XMLSEC_ERROR + 40)
#define XMLSEC_ERROR_INIT   (XMLSEC_ERROR + 50)
#define XMLSEC_ERROR_VERSION   (XMLSEC_ERROR + 60)
#define XMLSEC_ERROR_DLLOAD   (XMLSEC_ERROR + 70)
#define XMLSEC_ERROR_SIGN   (XMLSEC_ERROR + 80)
#define XMLSEC_ERROR_SIGN_INIT   (XMLSEC_ERROR + 90)
#define XMLSEC_ERROR_ENCRYPT   (XMLSEC_ERROR + 100)
#define XMLSEC_ERROR_ENCRYPT_INIT   (XMLSEC_ERROR + 110)

Functions

herror_t soap_xmlsec_server_init_args (int argc, char **argv)
herror_t soap_xmlsec_client_init_args (int argc, char **argv)
herror_t soap_xmlsec_sign (struct SoapCtx *context)
herror_t soap_xmlsec_verify (struct SoapCtx *context)
herror_t soap_xmlsec_encrypt (struct SoapCtx *context)
herror_t soap_xmlsec_decrypt (struct SoapCtx *context)
void soap_xmlsec_destroy (void)


Detailed Description

Web Services Security

This module is implemented using the xmlsec1 library.

Author:
H. Ronsdorf
Version:
Revision
1.9
See also:
http://www.w3.org/TR/SOAP-dsig/

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

http://www.aleksey.com/xmlsec/

Definition in file soap-xmlsec.h.


Define Documentation

#define CSOAP_ENABLE_XMLSEC   "-CSOAPxmlsec"
 

Commandline argument to enable WS-Security.

Definition at line 78 of file soap-xmlsec.h.

#define CSOAP_XMLSEC_CERTFILE   "-CSOAPcertfile"
 

Commandline argument to set a file of certificates.

Definition at line 100 of file soap-xmlsec.h.

#define CSOAP_XMLSEC_KEYFILE   "-CSOAPkeyfile"
 

Commandline argument to set the keyfile. If this argument is not specified, a random key will be used.

Definition at line 86 of file soap-xmlsec.h.

#define CSOAP_XMLSEC_PASSWORD   "-CSOAPpassword"
 

Commandline argument to set the password of the key.

Definition at line 93 of file soap-xmlsec.h.

#define SOAP_SECURITY_NAMESPACE   "http://schemas.xmlsoap.org/soap/security/2000-12"
 

Definition at line 70 of file soap-xmlsec.h.

Referenced by soap_xmlsec_sign(), and soap_xmlsec_verify().

#define SOAP_SECURITY_PREFIX   "SOAP-SEC"
 

Definition at line 71 of file soap-xmlsec.h.

Referenced by soap_xmlsec_sign().


Function Documentation

herror_t soap_xmlsec_client_init_args int  argc,
char **  argv
 

Initializes the WS-Security subsystem.

Parameters:
argc commandline arg count
argv commandline arg vector
Returns:
H_OK on success

Definition at line 506 of file soap-xmlsec.c.

References _soap_xmlsec_init(), and H_OK.

Referenced by soap_client_init_args().

herror_t soap_xmlsec_decrypt struct SoapCtx context  ) 
 

Decrupt a XML document contained in a SOAP envelope.

Parameters:
context The SOAP context to be decrypted.
Returns:
H_OK on success

Definition at line 757 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, herror_new(), log_error1, log_error2, SoapEnv::root, and soap_env_get_method().

Referenced by soap_client_invoke(), and soap_server_process().

void soap_xmlsec_destroy void   ) 
 

Frees the resources needed by the XML security subsystem.

Definition at line 914 of file soap-xmlsec.c.

herror_t soap_xmlsec_encrypt struct SoapCtx context  ) 
 

Encrypt a XML document contained in a SOAP envelope.

Parameters:
context The SOAP context to be encrypted.
Returns:
H_OK on success

Definition at line 623 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, herror_new(), log_error1, log_error2, SoapEnv::root, soap_addressing_get_to_address(), soap_env_get_method(), XMLSEC_ERROR_ENCRYPT, and XMLSEC_ERROR_ENCRYPT_INIT.

Referenced by soap_client_invoke(), and soap_server_process().

herror_t soap_xmlsec_server_init_args int  argc,
char **  argv
 

Initializes the WS-Security subsystem.

Parameters:
argc commandline arg count
argv commandline arg vector
Returns:
H_OK on success

Definition at line 517 of file soap-xmlsec.c.

References _soap_xmlsec_init(), H_OK, herror_message(), and log_error2.

Referenced by soap_server_init_args().

herror_t soap_xmlsec_sign struct SoapCtx context  ) 
 

Sign a XML document contained in a SOAP Envelope with the key specified on the commandline. Our way to create a <SOAP-SEC:Signature> header entry is as follows:

  • Prepare the target SOAP Envelope with the body and necessary headers.
  • Create a template of a <ds:Signature> element. The template is assumed to contain empty contents for <ds:DigestValue> or <ds:SignatureValue> elements, but contains appropriate values for the elements such as <ds:SignatureMethod> and <ds:Reference> required to calculate them.
  • Create a new header entry <SOAP-SEC:Signature> and add the template to this entry.
  • Add the header entry <SOAP-SEC:Signature> to the SOAP Header.
  • Add the SOAP "actor" and "mustUnderstand" attributes to the entry, if necessary.
  • Calculate the <ds:DigestValue> and <ds:SignatureValue> elements according to the core generation of the XML-Signature specification.

XPath filtering can be used to specify objects to be signed, as described in the XML-Signature specification. However, since the SOAP message exchange model allows intermediate applications to modify the Envelope (add or delete a header entry, for example), XPath filtering does not always result in the same objects after message delivery. Care should be taken in using XPath filtering so that there is no subsequent validation failure due to such modifications.

The transform http://www.w3.org/2000/09/xmldsig#enveloped-signature defined in the XML-Signature specification may be useful when signing the entire Envelope including other header entries, if any.

Parameters:
context The SOAP context to be signed.
Returns:
H_OK on success
See also:
http://www.w3.org/TR/SOAP-dsig/

http://www.w3.org/TR/xmldsig-core/

Definition at line 541 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, SoapEnv::header, herror_new(), log_error1, SoapEnv::root, SOAP_SECURITY_NAMESPACE, SOAP_SECURITY_PREFIX, soap_server_get_name(), soap_transport_get_name(), XMLSEC_ERROR_SIGN, and XMLSEC_ERROR_SIGN_INIT.

Referenced by soap_client_invoke(), and soap_server_process().

herror_t soap_xmlsec_verify struct SoapCtx context  ) 
 

Verify a XML documents signature contained in a SOAP Envelope. The validation of a <SOAP-SEC:Signature> header entry fails if:

  • The syntax of the content of the header entry does not conform to SOAP Security Extensions: Digital Signature specification, or
  • The validation of the signature contained in the header entry fails according to the core validation of the XML-Signature specification, or
  • The receiving application program rejects the signature for some reason (e.g., the signature is created by an untrusted key).

If the validation of the signature header entry fails, applications MAY report the failure to the sender. It is out of the scope of this library how to deal with it.

Parameters:
context The SOAP context to be verified.
Returns:
H_OK on success
See also:
http://www.w3.org/TR/SOAP-dsig/

http://www.w3.org/TR/xmldsig-core/

Definition at line 846 of file soap-xmlsec.c.

References SoapCtx::env, H_OK, SoapEnv::header, herror_new(), log_error1, log_error2, SoapEnv::root, and SOAP_SECURITY_NAMESPACE.

Referenced by soap_client_invoke(), and soap_server_process().


Generated on Thu Jan 25 23:36:04 2007 for csoap by  doxygen 1.4.6