利用WSE 加密SOAP报文(8)

2022-07-15 80酷酷网 80kuku.com

　　加密下面是被WSE在运行时序列化后产生的报文加密后的结果

<?xml version="1.0" encoding="utf-8"?>

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<soap:Header>

<wsu:Timestamp

xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">

<wsu:Created>2003-02-11T20:21:52Z</wsu:Created>

<wsu:Expires>2003-02-11T20:26:52Z</wsu:Expires>

</wsu:Timestamp>

<wsse:Security soap:mustUnderstand="1"

xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">

<xenc:EncryptedKey

Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"

xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod

Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<wsse:SecurityTokenReference>

<wsse:KeyIdentifier ValueType="wsse:X509v3">

YmlKVwXYD8vuGuYliuIOXOY7ZYN9PwHbfAhCiYOV0aYdEAQQPw=

</wsse:KeyIdentifier>

</wsse:SecurityTokenReference>

</KeyInfo>

<xenc:CipherData>

<xenc:CipherValue>

UyKGBEXdY8lYSzqgdgxOXOY7ZYN9PwHbfAhCiYOV0...bwRnWk=

</xenc:CipherValue>

</xenc:CipherData>

<xenc:ReferenceList>

<xenc:DataReference URI=

"#EncryptedContent-cf014249-0e2a-4f8b-9002-13a7de916be0" />

</xenc:ReferenceList>

</xenc:EncryptedKey>

<xenc:EncryptedKey

Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey"

xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod

Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

<wsse:SecurityTokenReference>

<wsse:KeyIdentifier ValueType="wsse:X509v3">

YmlKVwXYD8vuGuYliuIYdEAQQPw=

</wsse:KeyIdentifier>

</wsse:SecurityTokenReference>

</KeyInfo>

<xenc:CipherData>

<xenc:CipherValue>

In8Kf1cIdiJJJXCLZ+... wMqBEevXmzk=

</xenc:CipherValue>

</xenc:CipherData>

<xenc:ReferenceList>

<xenc:DataReference URI=

"#EncryptedContent-0744279a-02bf-4ad1-998e-622208eded0e" />

</xenc:ReferenceList>

</xenc:EncryptedKey>

</wsse:Security>

</soap:Header>

<soap:Body>

<GetXmlDocumentResponse xmlns="http://example.com/dime/">

<GetXmlDocumentResult>

<Response>

<NotEncrypted>

This part of the response does not need encryption

</NotEncrypted>

<EncryptedResponse

wsu:Id="Id:e5e8d792-abe7-4476-91d0-856fbdf4a958"

xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">

<xenc:EncryptedData

Id=

"EncryptedContent-cf014249-0e2a-4f8b-9002-13a7de916be0"

Type="http://www.w3.org/2001/04/xmlenc#Content"

xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod

Algorithm=

"http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />

<xenc:CipherData>

<xenc:CipherValue>

2MNHCkGVH/5jb0pF4pCh3u2VaUKsWSA...AfEvJZT=

</xenc:CipherValue>

</xenc:CipherData>

</xenc:EncryptedData>

</EncryptedResponse>

</Response>

</GetXmlDocumentResult>

</GetXmlDocumentResponse>

</soap:Body>

</soap:Envelope>

注意，在这个加密后的报文里，这里有一个用于表示X.509证书的BinarySecurityToken元素，但有两个分开的EncryptedKey元素，每个EncryptedData元素都被添加到SoapContext，在最外面的被加密的元素中（EncryptedResponse），你只能看到EncryptedData元素，当EncryptedResponse被加密后，表示EncryptedSub元素的EncryptedData元素也随之转换为密文了。当这个报文在客户端被收到时，SecurityInputFilter使用来自记号的信息来得到曾给两个EncryptedKey元素解密过的私有密钥。