|
Classes |
struct | soap_wsse_session |
| Digest authentication session data. More...
|
Defines |
#define | SOAP_WSSE_MAX_REF (100) |
#define | SOAP_WSSE_CLKSKEW (300) |
#define | SOAP_WSSE_NONCELEN (20) |
#define | SOAP_WSSE_NONCETIME (SOAP_WSSE_CLKSKEW + 240) |
Functions |
int | soap_wsse_session_verify (struct soap *soap, const char hash[SOAP_SMD_SHA1_SIZE], const char *created, const char *nonce) |
| Verifies and updates the digest, nonce, and creation time against the digest authentication session database to prevent replay attacks.
|
void | soap_wsse_session_cleanup (struct soap *soap) |
| Removes expired authentication data from the digest authentication session database.
|
void | calc_digest (struct soap *soap, const char *created, const char *nonce, int noncelen, const char *password, char hash[SOAP_SMD_SHA1_SIZE]) |
| Calculates digest value SHA1(created, nonce, password).
|
void | calc_nonce (struct soap *soap, char nonce[SOAP_WSSE_NONCELEN]) |
| Calculates randomized nonce (also uses time() in case a poorly seeded PRNG is used).
|
int | soap_wsse_init (struct soap *soap, struct soap_wsse_data *data, const void *(*arg)(struct soap *, int, const char *, int *)) |
| Initializes plugin data.
|
int | soap_wsse_copy (struct soap *soap, struct soap_plugin *dst, struct soap_plugin *src) |
| Copies plugin data to localize plugin data for threads.
|
void | soap_wsse_delete (struct soap *soap, struct soap_plugin *p) |
| Deletes plugin data.
|
int | soap_wsse_preparesend (struct soap *soap, const char *buf, size_t len) |
| Takes a piece of the XML message (tokenized) to compute digest.
|
int | soap_wsse_preparefinalsend (struct soap *soap) |
| Collects the digests of all the wsu:Id elements and populates the SignedInfo.
|
void | soap_wsse_preparecleanup (struct soap *soap, struct soap_wsse_data *data) |
| Restores engine state.
|
int | soap_wsse_preparefinalrecv (struct soap *soap) |
| Verify signature and SignedInfo digests initiated with soap_wsse_verify_auto.
|
int | soap_wsse_header (struct soap *soap) |
| This callback is invoked as soon as the SOAP Header is received, we need to obtain the encrypted key when the message is encrypted to start decryption.
|
int | soap_wsse_element_begin_in (struct soap *soap, const char *tag) |
| This callback is invoked as soon as a starting tag of an element is received by the XML parser.
|
int | soap_wsse_element_end_in (struct soap *soap, const char *tag1, const char *tag2) |
| This callback is invoked as soon as an ending tag of an element is received by the XML parser.
|
int | soap_wsse_element_begin_out (struct soap *soap, const char *tag) |
| This callback is invoked as soon as a starting tag of an element is to be sent by the XML generator.
|
int | soap_wsse_element_end_out (struct soap *soap, const char *tag) |
| This callback is invoked as soon as an ending tag of an element is to be sent by the XML generator.
|
size_t | soap_wsse_verify_nested (struct soap *soap, struct soap_dom_element *dom, const char *URI, const char *tag) |
| Counts signed matching elements from the dom node and down.
|
_wsse__Security * | soap_wsse_add_Security (struct soap *soap) |
| Adds Security header element.
|
_wsse__Security * | soap_wsse_add_Security_actor (struct soap *soap, const char *actor) |
| Adds Security header element with actor or role attribute.
|
void | soap_wsse_delete_Security (struct soap *soap) |
| Deletes Security header element.
|
_wsse__Security * | soap_wsse_Security (struct soap *soap) |
| Returns Security header element if present.
|
ds__SignatureType * | soap_wsse_add_Signature (struct soap *soap) |
| Adds Signature header element.
|
void | soap_wsse_delete_Signature (struct soap *soap) |
| Deletes Signature header element.
|
ds__SignatureType * | soap_wsse_Signature (struct soap *soap) |
| Returns Signature header element if present.
|
int | soap_wsse_add_Timestamp (struct soap *soap, const char *id, time_t lifetime) |
| Adds Timestamp element with optional expiration date+time (lifetime).
|
_wsu__Timestamp * | soap_wsse_Timestamp (struct soap *soap) |
| Returns Timestamp element if present.
|
int | soap_wsse_verify_Timestamp (struct soap *soap) |
| Verifies the Timestamp/Expires element against the current time.
|
int | soap_wsse_add_UsernameTokenText (struct soap *soap, const char *id, const char *username, const char *password) |
| Adds UsernameToken element with optional clear-text password.
|
int | soap_wsse_add_UsernameTokenDigest (struct soap *soap, const char *id, const char *username, const char *password) |
| Adds UsernameToken element for digest authentication.
|
_wsse__UsernameToken * | soap_wsse_UsernameToken (struct soap *soap, const char *id) |
| Returns UsernameToken element if present.
|
const char * | soap_wsse_get_Username (struct soap *soap) |
| Returns UsernameToken/username string or wsse:FailedAuthentication fault.
|
int | soap_wsse_verify_Password (struct soap *soap, const char *password) |
| Verifies the supplied password or sets wsse:FailedAuthentication fault.
|
int | soap_wsse_add_BinarySecurityToken (struct soap *soap, const char *id, const char *valueType, const unsigned char *data, int size) |
| Adds BinarySecurityToken element.
|
int | soap_wsse_add_BinarySecurityTokenX509 (struct soap *soap, const char *id, X509 *cert) |
| Adds BinarySecurityToken element with X509 certificate.
|
int | soap_wsse_add_BinarySecurityTokenPEM (struct soap *soap, const char *id, const char *filename) |
| Adds BinarySecurityToken element from a PEM file.
|
_wsse__BinarySecurityToken * | soap_wsse_BinarySecurityToken (struct soap *soap, const char *id) |
| Returns BinarySecurityToken element if present.
|
int | soap_wsse_get_BinarySecurityToken (struct soap *soap, const char *id, char **valueType, unsigned char **data, int *size) |
| Get wsse:BinarySecurityToken element token data in binary form.
|
X509 * | soap_wsse_get_BinarySecurityTokenX509 (struct soap *soap, const char *id) |
| Get X509 wsse:BinarySecurityToken certificate and verify its content.
|
int | soap_wsse_verify_X509 (struct soap *soap, X509 *cert) |
| Verifies X509 certificate against soap->cafile, soap->capath, and soap->crlfile.
|
ds__SignedInfoType * | soap_wsse_add_SignedInfo (struct soap *soap) |
| Adds SignedInfo element.
|
int | soap_wsse_add_SignedInfo_Reference (struct soap *soap, const char *URI, const char *transform, const char *inclusiveNamespaces, const char *HA) |
| Adds SignedInfo element with Reference URI, transform algorithm used, and digest value.
|
int | soap_wsse_add_SignedInfo_SignatureMethod (struct soap *soap, const char *method, int canonical) |
| Adds SignedInfo element with SignatureMethod.
|
ds__SignedInfoType * | soap_wsse_SignedInfo (struct soap *soap) |
| Returns SignedInfo element if present.
|
int | soap_wsse_get_SignedInfo_SignatureMethod (struct soap *soap, int *alg) |
| Get SignatureMethod algorithm.
|
int | soap_wsse_add_SignatureValue (struct soap *soap, int alg, const void *key, int keylen) |
| Adds SignedInfo/SignatureMethod element, signs the SignedInfo element, and adds the resulting SignatureValue element.
|
int | soap_wsse_verify_SignatureValue (struct soap *soap, int alg, const void *key, int keylen) |
| Verifies the SignatureValue of a SignedInfo element.
|
int | soap_wsse_verify_SignedInfo (struct soap *soap) |
| Verifies the digest values of the XML elements referenced by the SignedInfo References.
|
int | soap_wsse_verify_digest (struct soap *soap, int alg, int canonical, const char *id, unsigned char hash[SOAP_SMD_MAX_SIZE]) |
| Verifies the digest value of an XML element referenced by id against the hash.
|
ds__KeyInfoType * | soap_wsse_add_KeyInfo (struct soap *soap) |
| Adds KeyInfo element.
|
ds__KeyInfoType * | soap_wsse_KeyInfo (struct soap *soap) |
| Returns KeyInfo element if present.
|
int | soap_wsse_add_KeyInfo_KeyName (struct soap *soap, const char *name) |
| Adds KeyName element.
|
const char * | soap_wsse_get_KeyInfo_KeyName (struct soap *soap) |
| Returns KeyName element if present.
|
int | soap_wsse_add_KeyInfo_SecurityTokenReferenceURI (struct soap *soap, const char *URI, const char *valueType) |
| Adds KeyInfo element with SecurityTokenReference URI.
|
int | soap_wsse_add_KeyInfo_SecurityTokenReferenceX509 (struct soap *soap, const char *URI) |
| Adds KeyInfo element with SecurityTokenReference URI to an X509 cert.
|
const char * | soap_wsse_get_KeyInfo_SecurityTokenReferenceURI (struct soap *soap) |
| Returns a SecurityTokenReference URI if present.
|
const char * | soap_wsse_get_KeyInfo_SecurityTokenReferenceValueType (struct soap *soap) |
| Returns a SecurityTokenReference ValueType if present.
|
X509 * | soap_wsse_get_KeyInfo_SecurityTokenReferenceX509 (struct soap *soap) |
| Returns a X509 certificate if present as a BinarySecurity token.
|
int | soap_wsse_add_KeyInfo_SecurityTokenReferenceKeyIdentifier (struct soap *soap, const char *id, const char *valueType, unsigned char *data, int size) |
| Adds KeyInfo element with SecurityTokenReference/KeyIdentifier binary data.
|
const char * | soap_wsse_get_KeyInfo_SecurityTokenReferenceKeyIdentifierValueType (struct soap *soap) |
| Returns KeyInfo/SecurityTokenReference/KeyIdentifier/ValueType if present.
|
const unsigned char * | soap_wsse_get_KeyInfo_SecurityTokenReferenceKeyIdentifier (struct soap *soap, int *size) |
| Returns KeyInfo/SecurityTokenReference/KeyIdentifier binary data.
|
int | soap_wsse_add_KeyInfo_SecurityTokenReferenceEmbedded (struct soap *soap, const char *id, const char *valueType) |
| Adds KeyInfo element with Embedded SecurityTokenReference.
|
int | soap_wsse_add_EncryptedKey (struct soap *soap, const char *URI, X509 *cert, const char *subjectkeyid) |
| Adds EncryptedKey header element.
|
int | soap_wsse_verify_EncryptedKey (struct soap *soap) |
| Verifies the EncryptedKey header information (certificate validity requires soap->cacert to be set). Retrieves the decryption key from the token handler callback to decrypt the decryption key.
|
void | soap_wsse_delete_EncryptedKey (struct soap *soap) |
| Deletes EncryptedKey header element.
|
xenc__EncryptedKeyType * | soap_wsse_EncryptedKey (struct soap *soap) |
| Returns EncryptedKey header element if present.
|
int | soap_wsse_add_EncryptedKey_DataReferenceURI (struct soap *soap, const char *URI) |
| Adds a DataReference URI to the EncryptedKey header element.
|
int | soap_wsse_add_DataReferenceURI (struct soap *soap, const char *URI) |
| Adds a DataReference URI to the WS-Security header element.
|
int | soap_wsse_sender_fault_subcode (struct soap *soap, const char *faultsubcode, const char *faultstring, const char *faultdetail) |
| Sets sender SOAP Fault (sub)code for server fault response.
|
int | soap_wsse_receiver_fault_subcode (struct soap *soap, const char *faultsubcode, const char *faultstring, const char *faultdetail) |
| Sets receiver SOAP Fault (sub)code for server fault response.
|
int | soap_wsse_sender_fault (struct soap *soap, const char *faultstring, const char *faultdetail) |
| Sets sender SOAP Fault for server fault response.
|
int | soap_wsse_receiver_fault (struct soap *soap, const char *faultstring, const char *faultdetail) |
| Sets receiver SOAP Fault for server fault response.
|
int | soap_wsse_fault (struct soap *soap, wsse__FaultcodeEnum fault, const char *detail) |
| Sets SOAP Fault (sub)code for server response.
|
int | soap_wsse (struct soap *soap, struct soap_plugin *p, void *arg) |
| Plugin registry function, used with soap_register_plugin.
|
int | soap_wsse_init (struct soap *soap, struct soap_wsse_data *data, const void *(*arg)(struct soap *, int alg, const char *keyname, int *keylen)) |
int | soap_wsse_set_wsu_id (struct soap *soap, const char *tags) |
| Sets the elements that are to be extended with wsu:Id attributes. The wsu:Id attribute values are set to the string value of the tag's QName by replacing colons with hyphens to produce an xsd:ID value.
|
int | soap_wsse_sign_only (struct soap *soap, const char *ids) |
| Filters only the specified wsu:Id names for signing. Can be used with soap_wsse_set_wsu_id() and if so should use the element tag names.
|
int | soap_wsse_sign (struct soap *soap, int alg, const void *key, int keylen) |
| Uses the wsse plugin to sign all wsu:Id attributed elements.
|
int | soap_wsse_sign_body (struct soap *soap, int alg, const void *key, int keylen) |
| Uses the wsse plugin to sign all wsu:Id attributed elements, including the SOAP Body (by adding a wsu:Id="Body" attribute).
|
int | soap_wsse_verify_init (struct soap *soap) |
| Uses the wsse plugin to initiate the verification of the signature and SignedInfo Reference digests.
|
int | soap_wsse_verify_auto (struct soap *soap, int alg, const void *key, size_t keylen) |
| Uses the wsse plugin to initiate the automatic verification of the signature and SignedInfo Reference digests.
|
int | soap_wsse_verify_done (struct soap *soap) |
| Terminates the automatic verification of signatures.
|
size_t | soap_wsse_verify_element (struct soap *soap, const char *URI, const char *tag) |
| Post-checks the presence of signed element(s). Does not verify the signature of these elements, which is done with soap_wsse_verify_auto.
|
int | soap_wsse_verify_body (struct soap *soap) |
| Post-checks the presence of signed SOAP Body. Does not verify the signature of the Body, which is done with soap_wsse_verify_auto.
|
int | soap_wsse_encrypt_body (struct soap *soap, int alg, const void *key, int keylen) |
| Initiates the encryption of the SOAP Body. The algorithm should be SOAP_MEC_ENC_DES_CBC for symmetric encryption. Use soap_wsse_add_EncryptedKey for public key encryption.
|
int | soap_wsse_encrypt (struct soap *soap, int alg, const void *key, int keylen) |
| Start encryption. This function is supposed to be used internally only. The algorithm should be SOAP_MEC_ENC_DES_CBC for symmetric encryption. Use soap_wsse_add_EncryptedKey for public key encryption.
|
int | soap_wsse_decrypt_auto (struct soap *soap, int alg, const void *key, int keylen) |
| Start automatic decryption when needed using the specified key. This function should be used just once. The algorithm should be SOAP_MEC_ENV_DEC_DES_CBC for public key encryption/decryption and SOAP_MEC_DEC_DES_CBC for symmetric shared secret keys.
|
int | soap_wsse_encrypt_begin (struct soap *soap, const char *id, const char *URI, const char *keyname, const unsigned char *key) |
| Emit XML encryption tags and start encryption of the XML element content.
|
int | soap_wsse_encrypt_end (struct soap *soap) |
| Emit XML encryption end tags and stop encryption of the XML element content.
|
int | soap_wsse_decrypt_begin (struct soap *soap, const unsigned char *key) |
| Check for XML encryption tags and start decryption of the XML element content. If the KeyInfo element is present, the security_token_handler callback will be used to obtain a decryption key based on the key name. Otherwise the current decryption key will be used.
|
int | soap_wsse_decrypt_end (struct soap *soap) |
| Check for XML encryption ending tags and stop decryption of the XML element content.
|
Variables |
const char | soap_wsse_id [14] = SOAP_WSSE_ID |
const char * | wsse_PasswordTextURI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText" |
const char * | wsse_PasswordDigestURI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest" |
const char * | wsse_Base64BinaryURI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" |
const char * | wsse_X509v3URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" |
const char * | wsse_X509v3SubjectKeyIdentifierURI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" |
const char * | ds_sha1URI = "http://www.w3.org/2000/09/xmldsig#sha1" |
const char * | ds_hmac_sha1URI = "http://www.w3.org/2000/09/xmldsig#hmac-sha1" |
const char * | ds_dsa_sha1URI = "http://www.w3.org/2000/09/xmldsig#dsa-sha1" |
const char * | ds_rsa_sha1URI = "http://www.w3.org/2000/09/xmldsig#rsa-sha1" |
const char * | xenc_rsa15URI = "http://www.w3.org/2001/04/xmlenc#rsa-1_5" |
const char * | xenc_3desURI = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" |
const char * | ds_URI = "http://www.w3.org/2000/09/xmldsig#" |
const char * | c14n_URI = "http://www.w3.org/2001/10/xml-exc-c14n#" |
const char * | wsu_URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" |
soap_wsse_session * | soap_wsse_session = NULL |
MUTEX_TYPE | soap_wsse_session_lock = MUTEX_INITIALIZER |