- 浏览: 144608 次
- 性别:
- 来自: 北京
文章分类
最新评论
-
august_000:
很有道理,我已经亲自测试过了:
public class ...
单例模式之线程安全解析 -
Chris_bing:
一个单例有这么多名堂,最后那个内部类的解决方案很有创意啊,受教 ...
单例模式之线程安全解析
(转)对SCA中WS Policy的理解
原文链接:http://gocom.primeton.com/modules/newbb/item57151_57151.htm
在SCA规范中提供了关于安全的一套FrameWork(SCA_Policy_Framework),对服务调用过程中的数据传递进行了约束。下面针对其中的WebService Policy,结合自己的实践,对其实现方式进行详解。
在Policy FrameWork中,定义安全分为两部分:Intent和PolicySet。Intent以抽象的方式定义Policy,仅声明存在这样的约束,对于具体的内容而不指定。PolicySet定义的策略的详细实现方式,与Intent相结合,提供了Intent的详细策略定义。
Intent的指定方式:
<intent name="Intent名称" constrains="使用约束"/>
eg:
<intent name="RequiredTransaction" constrains="sca:binding"/>
PolicySet的指定方式:
<policySet name="Policyset名称" provides="实现的Intent" appliesTo="约束" >
Policy的具体定义
</policySet>
eg:
<policySet name="RequiredTransactionPolicy" provides="RequiredTransaction" appliesTo="sca:binding.sca">
<transactionPolicy action="REQUIRES_NEW" />
</policySet>
针对WebService,规范中定义了三个固定的Intent,分别为:authentication,integrity,confidentiality。
authentication根据用户提供的用户名和口令对传递的数据进行校验,integrity根据传递的证书(X509V3)来校验数据,confidentiality对传递的数据进行加密,解析并根据数据的散列值判断传递的数据是否被修改。
下面对三种分别说明(以axis2为例,在axis2中采用rampart来完成安全的验证):
(注:因WS 安全牵扯到的内容比较多,请大家自行复习,相关内容有:axis2,rampart,ws policy,sca policy,ws spec等)
1、authentication
对于Server端,需要根据传入的SOAP Header数据判断用户名和口令是否正确,这通过指定相应的CallbackHandler 来实现。
Policy定义:
parameter name="InflowSecurity">
<action>
<items>UsernameToken</items>
<passwordCallbackClass>helloworld.ServerPWCBHandler</passwordCallbackClass>
</action>
</parameter>
CallbackHandler 实现代码,在此判断用户名和口令的正确性:
public class ServerPWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks)
throws IOException,UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if ( pwcb.getUsage() == WSPasswordCallback.USERNAME_TOKEN ) {
if ( pwcb.getIdentifer().equals("wangfeng") && pwcb.getPassword().equals("Passwd") ){
return;
} else {
throw new UnsupportedCallbackException(pwcb,
"Authentication Failed : UserId - Password mismatch");
}
}
}
}
}
对于Client端,需要对输出的数据添加用户名和口令,用户名在Policy定义文件中指定,口令也是通过CallbackHandler 来进行设定的。
Policy定义:
<parameter name="OutflowSecurity">
<action>
<items>UsernameToken</items>
<user>wangfeng</user>
<passwordCallbackClass>helloworld.ClientPWCBHandler</passwordCallbackClass>" +
<passwordType>PasswordText</passwordType>
</action>
</parameter>
在Policy中定义了passwordType为PasswordText,则说明口令是以明文方式进行传递的。
CallbackHandler 实现代码,在其中设置调用用户的口令:
public class ClientPWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks)
throws IOException,UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
System.out.println("User Id = " + pwcb.getIdentifer());
pwcb.setPassword("Passwd");
}
}
}
当执行方法getGreetings,并传递字符器World时,传递的SOAP如下:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
soapenv:mustUnderstand="1">
<wsse:UsernameToken
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="UsernameToken-13482579">
<wsse:Username>wangfeng</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">
Passwd</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<ns:getGreetings xmlns:ns="http://helloworld">
<ns3:name xmlns:ns3="http://helloworld" xmlns:ns2="http://helloworld/" xmlns:xs=http://www.w3.org/2001/XMLSchema
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">World</ns3:name>
</ns:getGreetings>
</soapenv:Body>
</soapenv:Envelope>
从传递的SOAP Head可以看到,在Header中包含了传递的用户名和口令供Server端进行校验。
2、integrity
在Server端,需要指定integrity对应的具体的WebService Policy,需要指定证书的加密算法,证书中的别名以用证书的保存口令,证书位置等与证书有关的信息,在传递的过程中通过证书的验证来保证调用的正确性。
<wsp:Policy wsu:Id="SignOnly"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:WssX509V3Token10/>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15/> <!-- 说明证书采用RSA加密 -->
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp/>
<sp:OnlySignEntireHeadersAndBody/>
</wsp:Policy>
</sp:AsymmetricBinding>
<sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:MustSupportRefKeyIdentifier/>
<sp:MustSupportRefIssuerSerial/>
</wsp:Policy>
</sp:Wss10>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body/>
</sp:SignedParts>
<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>wangfeng</ramp:user>
<ramp:encryptionUser>wangfeng</ramp:encryptionUser>
<ramp:passwordCallbackClass>helloworld.ServerPWCBHandler</ramp:passwordCallbackClass>
<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">key.jks</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">passwd</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
在Policy的后面部分,通过对rampart的配置来指定证书的信息。
对以上配置如不清楚,请参照WebService Policy的规范及Rampart实现的相关文档。
在CallbackHandler中需要指定相应的用户名口令,以完成对证书的校验。
public class ServerPWCBHandler implements CallbackHandler { public void handle(Callback[] callbacks)
throws IOException,UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
if ( pwcb.getUsage() == WSPasswordCallback.SIGNATURE ) {
pwcb.setPassword("Passwd");
}
}
}
}
在client端,同样也要指定相应的Policy和CallbackHandler,在此可与Server端的指定保持一致就可以了。
证书可以用Java工具keytool来进行生成。
对于上述示例,传递的SOAP和返回的SOAP如下:
发送SOAP:
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security
xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
soapenv:mustUnderstand="1">
<wsu:Timestamp
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="Timestamp-9550256">
<wsu:Created>2008-08-28T03:04:45.734Z</wsu:Created>
<wsu:Expires>2008-08-28T03:09:45.734Z</wsu:Expires>
</wsu:Timestamp>
<wsse:BinarySecurityToken
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
wsu:Id="CertId-1436578">MIICSjCCAbMCBEePj2cwDQYJKoZIhvcNAQEEBQAwbDEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW
5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEQMA4GA1UEAxMHVW5rbm
93bjAeFw0wODAxMTcxNzI0NTVaFw0xODEyMzAxNzI0NTVaMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgTB1Vua25vd24xEDAOBgN
VBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xEDAOBgNVBAMTB1Vua25vd24wgZ8wDQYJKoZIhvcN
AQEBBQADgY0AMIGJAoGBAIsUK0NiI6DnMP/3XBKeSUJ1F15uJ2IcmJVDq3BVd/EHDVU9IEq+g95mpX99mAXQVVwV98PDxEKdQ0C+KNa
ku9XndBCu9IURUYtQk7Rgl0vMN+hEHvzPvMJ2NT/61/y22cAiLZF9k4fQxcxF6IX8EMWk439RBQZ2og7ZV2UUHxrzAgMBAAEwDQYJKoZIh
vcNAQEEBQADgYEAe55/HZRUFG3QjpbiTCgwoWZKsYzfYJSnQrO8rewGdFKf4SwhOGbmf3s9iKO6xdLz+5hnrZ3ySv28g1GwsUt4GMUHYi/jn
7p+Vmot10h1/yL/p06IEiTzkj1Dluq4tJW2KPCagQZqoJ5SEcoimnvkjD5ZoFqGwyJ0DoDk3BP907c=</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-3790865">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-10013687">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>xf0YRx+TekKz/7e8pRVpQekBPVQ=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-9550256">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>mo2eoha6ygEvERYuxcxhhdadLD8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
cMyhvlnQAJ1RvlrdSTC6pic5JRr6nWX0D2DlPBQ+FVHMNrLwMfp35Rxj2NZiMF+HCo4g3LUvEeTk
hTAfIrTE48uVpvc7VyqgZPqxvX5f1Ks3XmAXqgGlNMVCZqOK4mSqdrLATOeuGWFzkuOzsajqkL//
/SXBiMuq6A96dshj0UU=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-9089012">
<wsse:SecurityTokenReference
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="STRId-30729370">
<wsse:Reference URI="#CertId-1436578"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="Id-10013687">
<_ns_:getGreetings xmlns:_ns_="http://helloworld">
<ns3:name xmlns:ns3=http://helloworld
xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:ns2=http://helloworld/
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">World</ns3:name>
</_ns_:getGreetings>
</soapenv:Body>
</soapenv:Envelope>
返回SOAP:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Header>
<wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
soapenv:mustUnderstand="1">
<wsu:Timestamp xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="Timestamp-12372212">
<wsu:Created>2008-08-28T03:04:47.187Z</wsu:Created>
<wsu:Expires>2008-08-28T03:09:47.187Z</wsu:Expires>
</wsu:Timestamp>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-9805729">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#Id-2954177">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>AvpChhWzYb6Hl8Xuc8WnZKsClpA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#Timestamp-12372212">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>Qtj/n4wiHPzih8rcyvLwnek7TcE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Omtf8ktomHmBzvYrnJy0thbyOE1exvjXIsHVDhcQtt4zXXKXCU4EmF4ipHDrSrjsIN5uwb0pWvvf
z7oebDx6k2IBin1/O5+Sj48VhUkIJXRr6ehrZlvhRAfv/KZrdf7dfpXUGl3caQ1i4gqV2KVc06QG
QHK/iCqJSiK2JMOXR1g=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-33486858">
<wsse:SecurityTokenReference
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="STRId-5142872">
<wsse:KeyIdentifier
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#
Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
X509SubjectKeyIdentifier">7n1V7BAAn28161h3Jn7JZkY1HfA=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="Id-2954177">
<_ns_:getGreetingsResponse xmlns:_ns_="http://helloworld">
<ns3:getGreetingsReturn xmlns:ns3="http://helloworld" xmlns:xs=http://www.w3.org/2001/XMLSchema
xmlns:ns2="http://helloworld/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">
Hello World</ns3:getGreetingsReturn>
</_ns_:getGreetingsResponse>
</soapenv:Body>
</soapenv:Envelope>
从传递的SOAP我们可以看到SOAP Head的内容根据传递的证书进行了加密处理。
3、confidentiality
对于输入,输出数据根据指定的算法进行加密,解密处理,并根据证书的内容进行校验,完成合法性判断。
Server端指定输入输出数据的加密方式,通过InflowSecurity指定输入数据的处理方式,通过OutflowSecurity指定输出数据的处理方式。
如:
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<passwordCallbackClass>helloworld.ServerPWCBHandler</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>wangfeng</user>
<encryptionUser>wangfeng</encryptionUser>
<passwordCallbackClass>helloworld.ServerPWCBHandler</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
<!-- 公钥证书 SKIKeyIdentifier或者IssuerSerial -->
</action>
</parameter>
属性encryptionKeyIdentifier指定了证书的方式,有两种: SKIKeyIdentifier或者IssuerSerial ,通常的SKIKeyIdentifier。
在CallbackHandler 中指定证书的口令。
public class ServerPWCBHandler implements CallbackHandler {
public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
WSPasswordCallback pwcb = (WSPasswordCallback)callbacks[i];
pwcb.setPassword("Passwd");
}
}
}
在配置文件security.properties中指定相应的证书及相关的信息,在axis中指定rampart的相应信息。
org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=Passwd
org.apache.ws.security.crypto.merlin.file=key.jks
在Client端,需要指定与Server相对应的处理方式,Server端的InflowSecurity对应Client的的OutflowSecurity,Server端的OutflowSecurity对应Client端的InflowSecurity,相应的配置如下:
<parameter name="InflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<passwordCallbackClass>helloworld.ClientPWCBHandler</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
</action>
</parameter>
<parameter name="OutflowSecurity">
<action>
<items>Timestamp Signature Encrypt</items>
<user>wangfeng</user>
<encryptionUser>wangfeng</encryptionUser>
<passwordCallbackClass>helloworld.ClientPWCBHandler</passwordCallbackClass>
<signaturePropFile>security.properties</signaturePropFile>
<signatureKeyIdentifier>DirectReference</signatureKeyIdentifier>
<encryptionKeyIdentifier>SKIKeyIdentifier</encryptionKeyIdentifier>
</action>
</parameter>
传输的SOAP如下:
发送SOAP
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soapenv:Header>
<wsse:Security xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
soapenv:mustUnderstand="1">
<xenc:EncryptedKey Id="EncKeyId-12890052">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
X509SubjectKeyIdentifier">MDMfMNMO10+i/kdPBYb9rJop9Eg=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>oeFjdDJeIpm55UretATfaiiXK+mbmNtracz4rIsSfboNXO04HYFRAH9u7jYLg4d49mqm4LZEHQS2pw
XYI/SJi4B2x1PNjIlMOv8iuRpHe3RXgFQiVoWNYxgyK9q/GAdzIKzah5VSOUy0ez2hqVpctAJqayZ1iNhJqNk9XBHNGpc=
</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-15868406"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
wsu:Id="CertId-2120440">MIICVjCCAb8CBEddgt8wDQYJKoZIhvcNAQEEBQAwcjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA
1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEWM
BQGA1UEAxMNVHVzY2FueVdzVXNlcjAeFw0wNzEyMTAxODE4MDdaFw0wOTAxMTMxODE4MDdaMHIxEDAOBgNVBAYTB1Vua25vd2
4xEDAOBgNVBAgTB1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24x
FjAUBgNVBAMTDVR1c2NhbnlXc1VzZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMT6zc0gqdlNVXNfLBqc7TiegqDcLyvjT3M
mpU7dAIpsDB1+3oWDU+0tTHBKu/KYap9Zwp+/xrqtCVNNg4eDWqW88Z51lhJwq5Dn9zadnBfPEPB5c6gZVTd8ouZFd/ZCGpiktx4
54iA2TAnuLLJt306SFqC5XKD5SDUZvmtMpQeRAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAB72+v2ajRs1Oy7D6D4lDoXN90ZuMC3
CjZm6M871eu9Kk74AFc/dMfBoj5b5H4367DZrMz47/yFcU8N5QFq6inx+8RU0XDwuGYTIbXv7es9BcqG2/um86V10N30Ep2HfTm
6Ag3zkpfvk8/K/YUBZ8WJWLbGxbZDpRzzEEpxfOCY8=</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-32653965">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-15868406">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>8IdqFtLVMouLQ8WijhNUPMH+xx4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
t6PSuLaynhSsuXRBlbO5dqKXScHKCgeheLvriD9aD9nIOeQM+grMIXJQh9sKvSdnDIVh+Fh7NpiQ
AY/TzLCxb01+W2lbZ8XzGAsIty8geHmz1I0YKr05mp9halywVR0ACsKLzcF/ToMpeO5dISFb6ZMx
b8XXFo33rCy6HxANuek=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-26533782">
<wsse:SecurityTokenReference
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsu:Id="STRId-602878">
<wsse:Reference URI="#CertId-2120440"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="Timestamp-4368107">
<wsu:Created>2008-10-22T05:16:04.953Z</wsu:Created>
<wsu:Expires>2008-10-22T05:21:04.953Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="id-15868406">
<xenc:EncryptedData Id="EncDataId-15868406" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-12890052"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>oslygTCQMQx1IcFIe62I8adMBM1n7AcU/J9h+lzJfIatelbzOFeqMi9KpNMglJQnIdmCtZRIxleq
pZ3ZYSH70zewqCcCw/PfiIFcXSF0WGYEynyEPC/5W8mNWAk7XSR7bZ+o1qUTh0JywQ8OE5agHVYC
4UXjHVzdritVTrv+1t0J+z3RSygcUVGJ5yblUwFXrCTTDIB90XZVhGJZuwa1wp/3/iJNCEZ1fJ6n
DvMPDzIMjAKBplwuaHlXkwlUJzsQGz1IpKFpXqOd+AVg9mjQoNaZjsxb/ceG93XdoQvNFkQzGzdF
XOqr4ThCg383ilaDjyytQQPc+d3ynZGqmYhaNP9RnP8H0SPX3NtZEiEVu/I8Sws8baN4BCuAEJrB
MeDF4Xmbg6+oywuRt0pwvmkKtj7KDlb9n6wzWoHSZevWKhuxNTBCmyBcy6joGIvW8A1CVMWonQ52
6GJCaLJb1Gvq9iUtACPCk2AYDp9jvmvNt60=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
接收SOAP
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv=http://schemas.xmlsoap.org/soap/envelope/
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<soapenv:Header>
<wsse:Security
xmlns:wsse=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
soapenv:mustUnderstand="1">
<xenc:EncryptedKey Id="EncKeyId-26127350">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier
EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
X509SubjectKeyIdentifier">MDMfMNMO10+i/kdPBYb9rJop9Eg=</wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>W14JvuGArIZoJNQKmlnK+q9CjPUI64wAesye0zu6Vcxwqgbm3tpYUn02AbFrdr3C50GTydDyKp0TIhxxwVp+
18cOydXTH6pixUO5DKE+G3HEYr2Jn5Dc4Y6D/PTh61aH6LfF5BVbQTUviEiRkAve8MVAuBikukaJbkd41+fg4Fw=</xenc:CipherValue>
</xenc:CipherData>
<xenc:ReferenceList>
<xenc:DataReference URI="#EncDataId-15736146"/>
</xenc:ReferenceList>
</xenc:EncryptedKey>
<wsse:BinarySecurityToken
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
EncodingType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
ValueType=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
wsu:Id="CertId-2120440">MIICVjCCAb8CBEddgt8wDQYJKoZIhvcNAQEEBQAwcjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMH
VW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEWMBQGA1UEAxMNV
VzY2FueVdzVXNlcjAeFw0wNzEyMTAxODE4MDdaFw0wOTAxMTMxODE4MDdaMHIxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgT
B1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vua25vd24xFjAUBgNVBAMTDVR
1c2NhbnlXc1VzZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMT6zc0gqdlNVXNfLBqc7TiegqDcLyvjT3MmpU7dAIpsDB1+3o
WDU+0tTHBKu/KYap9Zwp+/xrqtCVNNg4eDWqW88Z51lhJwq5Dn9zadnBfPEPB5c6gZVTd8ouZFd/ZCGpiktx454iA2TAnuLLJt306SF
qC5XKD5SDUZvmtMpQeRAgMBAAEwDQYJKoZIhvcNAQEEBQADgYEAB72+v2ajRs1Oy7D6D4lDoXN90ZuMC3CjZm6M871eu9Kk7
4AFc/dMfBoj5b5H4367DZrMz47/yFcU8N5QFq6inx+8RU0XDwuGYTIbXv7es9BcqG2/um86V10N30Ep2HfTm6Ag3zkpfvk8/K/YUB
Z8WJWLbGxbZDpRzzEEpxfOCY8=</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-9531264">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#id-15736146">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>r3GJPoQlKifjL2t+/7yq9z4FdKA=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#SigConf-26469">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>gRWUodHEbu+3iQzPyX4/S3YiDvU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
eW11PF0/cMT0Nn2oR8huk6Dcvn3Rl+DA5y+VvPLm7VaA7AVnSeTh1O99aeTBv2gZlJ/6/+q0RIfC
fTDGCIWYELICdFanzvMphP9uJo94t+y/Y5+8ejFcmfHHTSDxGJNL5ruZbNa79uxs/sCGmfB9qiBb
D+2vKoP9/PeUOQYCy4E=
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-2419450">
<wsse:SecurityTokenReference
xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd wsu:Id="STRId-29292935">
<wsse:Reference URI="#CertId-2120440"
ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature>
<wsu:Timestamp xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="Timestamp-6109888">
<wsu:Created>2008-10-22T05:16:09.062Z</wsu:Created>
<wsu:Expires>2008-10-22T05:21:09.062Z</wsu:Expires>
</wsu:Timestamp>
<wsse11:SignatureConfirmation xmlns:wsse11=http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Value="t6PSuLaynhSsuXR
BlbO5dqKXScHKCgeheLvriD9aD9nIOeQM+grMIXJQh9sKvSdnDIVh+Fh7NpiQAY/TzLCxb01+W2lbZ8XzGAsIty8geHmz1I0YKr05
mp9halywVR0ACsKLzcF/ToMpeO5dISFb6ZMxb8XXFo33rCy6HxANuek=" wsu:Id="SigConf-26469"/>
</wsse:Security>
</soapenv:Header>
<soapenv:Body xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
wsu:Id="id-15736146">
<xenc:EncryptedData Id="EncDataId-15736146" Type="http://www.w3.org/2001/04/xmlenc#Content">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:Reference URI="#EncKeyId-26127350"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>+SiSCzCdloFxPc3+Sb6HveZSLlkP6gGceTSNfaEKVR6YGb/mbkupz3I0exu+duxvVWApmNuWNzeB
vkEB/uMInp1+3SqC94tqizLx0vtiWuthF9S0hdYUqFWDYe4WadLhjcinjv5XcfK1XvQnD2KxB9Bn
jpg1qprFc8LSzB3NtoiLetSDcl7aRfv7GQ9kTfc+He8dY1cSteWoZ/0D5Ix6W4lK+exUbqpIEpWK
sUwzznKFMhgFPMhpUwJFyLPoJzt+zrjp0ERh4PBIuNQKwObdlJjfcWMoMbJ20fuK5m6+z1X6sL3N
tbB2ly6HYHzz/itfwoP7C0VLQGaY0SJbfBTrFLz3n2DNEZmEF0zRMPchxd//7kfD4MM0mdWWs0sE
9ecAWklC0xrb0PRFz5CbuNZvHi1CUs8EE1i0FAIY7XharUoXVW+AOIst4h90TBBRrryi</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soapenv:Body>
</soapenv:Envelope>
从传递的数据可以看到,对于传输的Body数据同样采用了加密的方式进行传递了。
综上,authentication定义了简单的校验方式,integrity提供了传输的完整性校验,confidentiality定义了数据的最严格校验,包括对数据体的加密处理。
相关推荐
SCA_EJB会话bean绑定规范,SCA_Java EE集成规范,SCA_JAVA构件实现规范,SCA_JAVA通用注解和API规范,SCA_JCA绑定规范,SCA_JMS绑定规范,SCA_SCA策略框架,SCA_Spring构件实现规范,SCA_Web服务绑定规范,SCA_WS-...
SCA100T中文资料 特征 Features • Dual axis inclination measurement (X and Y) • Measuring ranges ±30° SCA100T-D01 and± 90° SCA100T-D02 • 0.0025° resolution (10 Hz BW, 模拟输出) • Sensing ...
SCA算法实现,主要针对凸优化问题进行求解,可以在其他地方使用。
BEA, Cape Clear, IBM, Interface21, IONA, Oracle, Primeton, Progress Software, Red Hat, Rogue Wave, SAP,Siemens AG.,Software AG., Sun, Sybase, TIBCO (collectively, the “Authors”) agree to ...
sca的源程序代码,原始代码能够较好的学习sca算法。
SCA100T中英文资料 倾角 角度 加速度
Java-SDO-Spec-v2.1.0-...SCA_AssemblyModel_V100中文版.pdf SCA_JavaAnnotationsAndAPIs中文版.pdf SCA_JavaComponentImplementation_V100中文版.pdf SCA_JAVA构件实现规范_中文版.pdf SCA_Java通用注解和API规范.pdf
SCA100T加速度计中文详细使用说明书
VTI SCA60 SCA60C 单轴倾角传感器 90度量程,0.5-4.5V模拟输出 特点: 1.单轴倾角传感器 2.测量范围1g(±90度) 3.单极5V供电,比例电压输出
单轴倾角传感器SCA60C的中文资料,内容不是很多,但是这个芯片很简单,够用了
正弦余弦算法(SCA)代码以及详解 。正弦余弦算法(SCA)是 Mirjalili于2016年提出的一种新型的群体智能优化算法,该算法结构简单、参数较少且易于实现,它的搜索过程主要受正弦和余弦函数的影响。
sca知识体系了解,面向服务组件的架构(Service Component Architecture,SCA)
中文SCA103T 数据手册,包含集中芯片的资料。两种输出接口,带温度测量
SCA编程模型入门.doc,WebSphere Integration Developer,WebSphere Integration Developer,SCA编程模型入门,SCA编程模型入门,SCA编程模型入门
利用连续凸逼近(SCA)优化D2D对和CU用户的功率,使得D2D对的速率和最大,同时满足CU的速率要求
datasheet_sca3300-d01.pdf
Fortify SCA 代码规则库-支持Java,静态代码扫描 Fortify在线规则库网址,符合代码安全的编码参考 Fortify SCA Java
本课程主要针对主流的SOA核心思想、融合WebService、JAX-WS、SCA、 Tuscany及开源产品技术CXF完成了从思想到技术,从技术到项目的课程体系.本课程主要是针对复杂的SOA 思想,通过项目开发的形式融会贯通给学员进行...
sca是实现soa思想的系统架构规范1.0,最权威的中文翻译版本,英文不好的同志们的福音奥!!