第二十四章加密安全标头元素

文章目录

第二十四章加密安全标头元素 - 基本示例

第二十四章加密安全标头元素 - 基本示例

以下示例调用 Web 客户端并发送已加密的 <UsernameToken>。在此示例中，正文未加密。

  Set client=##class(XMLEncrSecHeader.Client.XMLEncrSecHeaderSoap).%New()// Create UsernameTokenset user="_SYSTEM"set pwd="SYS"set userToken=##class(%SOAP.Security.UsernameToken).Create(user,pwd)//get credentials for encryptionset cred = ##class(%SYS.X509Credentials).GetByAlias("servernopassword") //get EncryptedKey element and add itset encropt=$$$SOAPWSEncryptNone   ; means do not encrypt bodyset enckey=##class(%XML.Security.EncryptedKey).CreateX509(cred,encropt)//create EncryptedData and add a reference to it from EncryptedKeyset encdata=##class(%XML.Security.EncryptedData).Create(,userToken)set dataref=##class(%XML.Security.DataReference).Create(encdata)do enckey.AddReference(dataref)//add EncryptedKey to security headerdo client.SecurityOut.AddSecurityElement(enckey) //add UsernameToken and place it after EncryptedKeydo client.SecurityOut.AddSecurityElement(userToken,enckey) Quit client.Divide(1,2)

该客户端发送如下消息：

<?xml version="1.0" encoding="UTF-8" ?><SOAP-ENV:Envelope [parts omitted]>  <SOAP-ENV:Header><Security xmlns="[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsd"><EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#"Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod></EncryptionMethod><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><SecurityTokenReference xmlns="[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsd"><KeyIdentifier EncodingType="[parts omitted]#Base64Binary"    ValueType="[parts omitted]#ThumbprintSHA1">[omitted]</KeyIdentifier></SecurityTokenReference></KeyInfo><CipherData><CipherValue>pftET8jFDEjNC2x[parts omitted]xEjNC2==</CipherValue></CipherData><ReferenceList><DataReference URI="#Enc-61000920-44DE-471E-B39C-6D08CB17FDC2"></DataReference></ReferenceList></EncryptedKey><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="Enc-61000920-44DE-471E-B39C-6D08CB17FDC2" Type="http://www.w3.org/2001/04/xmlenc#Element"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"></EncryptionMethod><CipherData><CipherValue>wW3ZM5tgPD[parts omitted]tgPD==</CipherValue></CipherData></EncryptedData></Security>  </SOAP-ENV:Header>  <SOAP-ENV:Body>[omitted]</SOAP-ENV:Body></SOAP-ENV:Envelope>

作为一个简单的变化，请考虑上一节中的过程。假设我们在步骤 4 中执行以下操作，并且不做其他更改：

 set enckey=##class(%XML.Security.EncryptedKey).CreateX509(credset)

在这种情况下，来自客户端的消息包括加密正文和加密的：

<?xml version="1.0" encoding="UTF-8" ?><SOAP-ENV:Envelope [parts omitted]>  <SOAP-ENV:Header><Security xmlns="[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsd"><EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"><DigestMethod xmlns="http://www.w3.org/2000/09/xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod></EncryptionMethod><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><SecurityTokenReference xmlns="[parts omitted]oasis-200401-wss-wssecurity-secext-1.0.xsd"><KeyIdentifier EncodingType="[parts omitted]#Base64Binary" ValueType="[parts omitted]#ThumbprintSHA1">5a[parts omitted]dM1r6cM=</KeyIdentifier></SecurityTokenReference></KeyInfo><CipherData><CipherValue>TB8uavpr[parts omitted]nZBiMCcg==</CipherValue></CipherData><ReferenceList><DataReference URI="#Enc-43FE435F-D1D5-4088-A343-0E76D154615A"></DataReference><DataReference URI="#Enc-55FE109A-3C14-42EB-822B-539E380EDE48"></DataReference></ReferenceList></EncryptedKey><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="Enc-43FE435F-D1D5-4088-A343-0E76D154615A" Type="http://www.w3.org/2001/04/xmlenc#Element"><EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"></EncryptionMethod><CipherData><CipherValue>G+X7dqI[parts omitted]nojroQ==</CipherValue></CipherData></EncryptedData></Security>  </SOAP-ENV:Header>  <SOAP-ENV:Body><EncryptedData xmlns="http://www.w3.org/2001/04/xmlenc#" Id="Enc-55FE109A-3C14-42EB-822B-539E380EDE48" Type="http://www.w3.org/2001/04/xmlenc#Content"><EncryptionMethod Algorithm="[parts omitted]aes128-cbc"></EncryptionMethod><CipherData><CipherValue>YJbzyi[parts omitted]NhJoln==</CipherValue></CipherData></EncryptedData></SOAP-ENV:Body></SOAP-ENV:Envelope>

与上一个示例相比，在本例中 <EncryptedKey> 元素包含对两个 <EncryptedData> 元素的引用。一个是安全标头中的 <EncryptedData> 元素，其中包含 <UsernameToken>；此引用是手动创建和添加的。另一个是 SOAP 主体中的 <EncryptedData> 元素；此引用是自动添加的。