第三十三章 使用派生密钥令牌进行加密和签名 - 使用 DerivedKeyToken _进行加密（一）

8. 发送 SOAP 消息。请参阅添加安全标头元素中的一般注释。

例如，以下客户端代码对 SOAP 主体和 进行加密：

  // Create UsernameToken
  set userToken=##class(%SOAP.Security.UsernameToken).Create("_SYSTEM","SYS")
 
  // get credentials for encryption
  set cred = ##class(%SYS.X509Credentials).GetByAlias("servercred") 

  // get EncryptedKey element to encrypt  element to contain 
  set encdata=##class(%XML.Security.EncryptedData).Create(dkenc,userToken,
     $$$SOAPWSReferenceDerivedKey)
  
  // create  element to contain SOAP body
  set encdata2=##class(%XML.Security.EncryptedData).Create(dkenc,"",
     $$$SOAPWSReferenceDerivedKey)

  // create  with  elements that
  // point to these two  elements
  set reflist=##class(%XML.Security.ReferenceList).%New()
  set dataref=##class(%XML.Security.DataReference).Create(encdata)
  do reflist.AddReference(dataref)
  set dataref2=##class(%XML.Security.DataReference).Create(encdata2)
  do reflist.AddReference(dataref2)

  // add  to WS-Security header
  do client.SecurityOut.AddSecurityElement(reflist)
  // add encrypted  to security header;
  // 2nd argument specifies position
  do client.SecurityOut.AddSecurityElement(userToken,reflist)

  // encrypted SOAP body is handled automatically

客户端发送如下消息：

  

    
      
        
          
          
        
        
          
            5afOHv1w7WSXwDyz6F3WdM1r6cM=
            
          
        
        
          tFeKrZKw[parts omitted]r+bx7KQ==
        
      
      
        
           
        
        GbjRvVNrPtHs0zo/w9Ne0w==
      
      
        
        
      
      
        
        
           
            
           
        
        
          e4//6aWGqo1dIQ7ZAF[parts omitted]KZcj99N78A==
        
      
    
  
  
    
        
        
        
          
            
          
        
        
          Q3XxuNjSan[parts omitted]x9AD7brM4
        
    
  

再举一个例子，以下 Web 服务在入站消息中接收 ，并使用它来生成 ，用于加密响应的各个部分：

  // create  based on first  in inbound message;
  // refer to it with SHA1 thumbprint
  set refopt=$$$SOAPWSReferenceEncryptedKeySHA1
  set dkenc=##class(%SOAP.WSSC.DerivedKeyToken).Create(,refopt)
  do ..SecurityOut.AddSecurityElement(dkenc)
  
  // create  element to contain SOAP body
  set encdata=##class(%XML.Security.EncryptedData).Create(dkenc,"",
     $$$SOAPWSReferenceDerivedKey)
  
  // create  with  elements that
  // point to the  elements
  set reflist=##class(%XML.Security.ReferenceList).%New()
  set dataref=##class(%XML.Security.DataReference).Create(encdata)
  do reflist.AddReference(dataref)

  // add  to WS-Security header
  do ..SecurityOut.AddSecurityElement(reflist)

该 Web 服务发送如下消息：

  
   

      
         
            
               
                     U8CEWXdUPsIk/r8JT+2KdwU/gSw=
               
            
            nJWyIJUcXXLd4k1tbNg10w==
         
         
            
         
        
   
  
   
      
         
         
         
            
               
            
         
         
            NzI94WnuQU4uBO[parts omitted]xHZpJSA==