网站模板 红色,服务器可以做网站,北京网站seo,oppo手机网站建设需求分析文章目录 第三十三章 使用派生密钥令牌进行加密和签名 - 使用 DerivedKeyToken 第三十三章 使用派生密钥令牌进行加密和签名 - 使用
进行加密#xff08;一#xff09;
如果加密了任何安全标头元素#xff0c;请将它们添加到 WS-Security 标头元素中。为此#… 文章目录 第三十三章 使用派生密钥令牌进行加密和签名 - 使用 DerivedKeyToken 第三十三章 使用派生密钥令牌进行加密和签名 - 使用
进行加密一
如果加密了任何安全标头元素请将它们添加到 WS-Security 标头元素中。为此请调用 Web 客户端或 Web 服务的 SecurityOut 属性的 AddSecurityElement() 方法。在这种情况下需要两个参数
a. 安全标头元素而不是从中生成的的 %XML.Security.EncryptedData。
b. 引用列表实例。第二个参数指定将第一个参数指定的项目放在何处。如果参数是 A、B则 IRIS 确保 A 在 B 之后。指定此项以便收件人首先处理引用列表然后再处理依赖于它的加密安全标头元素。 do client.SecurityOut.AddSecurityElement(userToken,reflist)如果仅加密了 SOAP 主体系统会自动将 EncryptedData 元素作为 Body的子元素。
发送 SOAP 消息。请参阅添加安全标头元素中的一般注释。
例如以下客户端代码对 SOAP 主体和 UsernameToken进行加密 // Create UsernameTokenset userToken##class(%SOAP.Security.UsernameToken).Create(_SYSTEM,SYS)// get credentials for encryptionset cred ##class(%SYS.X509Credentials).GetByAlias(servercred) // get EncryptedKey element to encrypt UsernameToken)// $$$SOAPWSEncryptNone means that this key does not encrypt the bodyset enckey##class(%XML.Security.EncryptedKey).CreateX509(cred,$$$SOAPWSEncryptNone)//add to WS-Security Headerdo client.SecurityOut.AddSecurityElement(enckey)// get derived key to use for encryption// second argument specifies how the derived key // refers to the key on which it is basedset dkenc##class(%SOAP.WSSC.DerivedKeyToken).Create(enckey,$$$SOAPWSReferenceEncryptedKey)//add to WS-Security Headerdo client.SecurityOut.AddSecurityElement(dkenc)// create EncryptedData element to contain UserTokenset encdata##class(%XML.Security.EncryptedData).Create(dkenc,userToken,$$$SOAPWSReferenceDerivedKey)// create EncryptedData element to contain SOAP bodyset encdata2##class(%XML.Security.EncryptedData).Create(dkenc,,$$$SOAPWSReferenceDerivedKey)// create ReferenceList with DataReference elements that// point to these two EncryptedData elementsset reflist##class(%XML.Security.ReferenceList).%New()set dataref##class(%XML.Security.DataReference).Create(encdata)do reflist.AddReference(dataref)set dataref2##class(%XML.Security.DataReference).Create(encdata2)do reflist.AddReference(dataref2)// add ReferenceList to WS-Security headerdo client.SecurityOut.AddSecurityElement(reflist)// add encrypted UserName to security header;// 2nd argument specifies positiondo client.SecurityOut.AddSecurityElement(userToken,reflist)// encrypted SOAP body is handled automatically客户端发送如下消息
?xml version1.0 encodingUTF-8 ?
SOAP-ENV:Envelope [parts omitted]SOAP-ENV:HeaderSecurity xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsdEncryptedKey xmlnshttp://www.w3.org/2001/04/xmlenc# IdId-658202BF-239A-4A8C-A100-BB25579F366BEncryptionMethod Algorithm[parts omitted]#rsa-oaep-mgf1pDigestMethod xmlnshttp://www.w3.org/2000/09/xmldsig# Algorithmhttp://www.w3.org/2000/09/xmldsig#sha1/DigestMethod/EncryptionMethodKeyInfo xmlnshttp://www.w3.org/2000/09/xmldsig#SecurityTokenReference xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsdKeyIdentifier EncodingType[parts omitted]#Base64Binary ValueType[parts omitted]#ThumbprintSHA15afOHv1w7WSXwDyz6F3WdM1r6cM/KeyIdentifier/SecurityTokenReference/KeyInfoCipherDataCipherValuetFeKrZKw[parts omitted]rbx7KQ/CipherValue/CipherData/EncryptedKeyDerivedKeyToken xmlns[parts omitted]ws-secureconversation/200512 xmlns:wsc[parts omitted]ws-secureconversation/200512 wsu:IdEnc-943C6673-E3F3-48E4-AA24-A7F82CCF6511SecurityTokenReference xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsdReference URI#Id-658202BF-239A-4A8C-A100-BB25579F366B/Reference/SecurityTokenReferenceNonceGbjRvVNrPtHs0zo/w9Ne0w/Nonce/DerivedKeyTokenReferenceList xmlnshttp://www.w3.org/2001/04/xmlenc#DataReference URI#Enc-358FB189-81B3-465D-AFEC-BC28A92B179C/DataReferenceDataReference URI#Enc-9EF5CCE4-CF43-407F-921D-931B5159672D/DataReference/ReferenceListEncryptedData xmlnshttp://www.w3.org/2001/04/xmlenc# IdEnc-358FB189-81B3-465D-AFEC-BC28A92B179C Typehttp://www.w3.org/2001/04/xmlenc#ElementEncryptionMethod Algorithm[parts omitted]#aes256-cbc/EncryptionMethodKeyInfo xmlnshttp://www.w3.org/2000/09/xmldsig#SecurityTokenReference xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsdReference URI#Enc-943C6673-E3F3-48E4-AA24-A7F82CCF6511/Reference/SecurityTokenReference/KeyInfoCipherDataCipherValuee4//6aWGqo1dIQ7ZAF[parts omitted]KZcj99N78A/CipherValue/CipherData/EncryptedData/Security/SOAP-ENV:HeaderSOAP-ENV:BodyEncryptedData xmlnshttp://www.w3.org/2001/04/xmlenc# IdEnc-9EF5CCE4-CF43-407F-921D-931B5159672D Typehttp://www.w3.org/2001/04/xmlenc#ContentEncryptionMethod Algorithmhttp://www.w3.org/2001/04/xmlenc#aes256-cbc/EncryptionMethodKeyInfo xmlnshttp://www.w3.org/2000/09/xmldsig#SecurityTokenReference xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsdReference URI#Enc-943C6673-E3F3-48E4-AA24-A7F82CCF6511/Reference/SecurityTokenReference/KeyInfoCipherDataCipherValueQ3XxuNjSan[parts omitted]x9AD7brM4/CipherValue/CipherData/EncryptedData/SOAP-ENV:Body
/SOAP-ENV:Envelope再举一个例子以下 Web 服务在入站消息中接收 EncryptedKey 并使用它来生成 DerivedKeyToken 用于加密响应的各个部分 // create DerivedKeyToken based on first EncryptedKey in inbound message;// refer to it with SHA1 thumbprintset refopt$$$SOAPWSReferenceEncryptedKeySHA1set dkenc##class(%SOAP.WSSC.DerivedKeyToken).Create(,refopt)do ..SecurityOut.AddSecurityElement(dkenc)// create EncryptedData element to contain SOAP bodyset encdata##class(%XML.Security.EncryptedData).Create(dkenc,,$$$SOAPWSReferenceDerivedKey)// create ReferenceList with DataReference elements that// point to the EncryptedData elementsset reflist##class(%XML.Security.ReferenceList).%New()set dataref##class(%XML.Security.DataReference).Create(encdata)do reflist.AddReference(dataref)// add ReferenceList to WS-Security headerdo ..SecurityOut.AddSecurityElement(reflist)该 Web 服务发送如下消息
SOAP-ENV:Envelope [parts omitted] SOAP-ENV:HeaderSecurity xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsdDerivedKeyToken xmlns[parts omitted]ws-secureconversation/200512 xmlns:wsc[parts omitted]ws-secureconversation/200512 wsu:IdEnc-D69085A9-9608-472D-85F3-44031586AB35SecurityTokenReference xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsd s01:TokenType[parts omitted]#EncryptedKey xmlns:s01h[parts omitted]oasis-wss-wssecurity-secext-1.1.xsdKeyIdentifier EncodingType[parts omitted]#Base64Binary [parts omitted]#EncryptedKeySHA1U8CEWXdUPsIk/r8JT2KdwU/gSw/KeyIdentifier/SecurityTokenReferenceNoncenJWyIJUcXXLd4k1tbNg10w/Nonce/DerivedKeyTokenReferenceList xmlnshttp://www.w3.org/2001/04/xmlenc#DataReference URI#Enc-0FF09175-B594-4198-9850-57D40EB66DC3/DataReference/ReferenceList/Security /SOAP-ENV:Header SOAP-ENV:BodyEncryptedData xmlnshttp://www.w3.org/2001/04/xmlenc# IdEnc-0FF09175-B594-4198-9850-57D40EB66DC3 Typehttp://www.w3.org/2001/04/xmlenc#ContentEncryptionMethod Algorithmhttp://www.w3.org/2001/04/xmlenc#aes256-cbc/EncryptionMethodKeyInfo xmlnshttp://www.w3.org/2000/09/xmldsig#SecurityTokenReference xmlns[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsdReference URI#Enc-D69085A9-9608-472D-85F3-44031586AB35/Reference/SecurityTokenReference/KeyInfoCipherDataCipherValueNzI94WnuQU4uBO[parts omitted]xHZpJSA/CipherValue/CipherData/EncryptedData/SOAP-ENV:Body
/SOAP-ENV:Envelope
