Certificate 为什么CXF使用WS-Security将证书附加到支持MTOM的端点请求
我有一个使用WS-security的启用MTOM的端点:Certificate 为什么CXF使用WS-Security将证书附加到支持MTOM的端点请求,certificate,cxf,attachment,ws-security,mtom,Certificate,Cxf,Attachment,Ws Security,Mtom,我有一个使用WS-security的启用MTOM的端点: <jaxws:client id="Service" serviceClass="MyClass" address="http://myserver:8888/Service"> <jaxws:features> <p:policies> <wsp:PolicyR
<jaxws:client id="Service"
serviceClass="MyClass" address="http://myserver:8888/Service">
<jaxws:features>
<p:policies>
<wsp:PolicyReference xmlns:wsp="http://www.w3.org/ns/ws-policy" URI="#SignatureRequired"/>
</p:policies>
</jaxws:features>
<jaxws:properties>
<entry key="mtom-enabled" value="true"/>
<entry key="ws-security.callback-handler" value-ref="clientPasswordCallback" />
<entry key="ws-security.signature.properties" value-ref="signatureKeystoreProperties" />
<entry key="ws-security.signature.username" value="myuser" />
<entry key="ws-security.encryption.properties" value-ref="encryptionKeystoreProperties" />
<entry key="ws-security.encryption.username" value="myserver" />
<entry key="ws-security.timestamp.timeToLive" value="3600" />
</jaxws:properties>
</jaxws:client>
Outbound Message
---------------------------
ID: 1
Address: http://myserver:8888/Service
Encoding: UTF-8
Http-Method: POST
Content-Type: multipart/related; type="application/xop+xml"; boundary="uuid:19df84f4-b529-4451-b001-1286da9054f1"; start="<root.message@cxf.apache.org>"; start-info="text/xml"
Headers: {Accept=[*/*], Connection=[close], SOAPAction=["http://myserver:8888/Service/ServiceAction"]}
Payload:
--uuid:19df84f4-b529-4451-b001-1286da9054f1
Content-Type: application/xop+xml; charset=UTF-8; type="text/xml"
Content-Transfer-Encoding: binary
Content-ID: <root.message@cxf.apache.org>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="TS-b8e2c055-a68e-4fcb-b656-7efbee1c9488"><wsu:Created>2020-10-05T07:56:29.303Z</wsu:Created><wsu:Expires>2020-10-05T08:56:29.303Z</wsu:Expires></wsu:Timestamp><wsse:BinarySecurityToken xmlns:xop="http://www.w3.org/2004/08/xop/include" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-5342ff77-664a-4938-912e-407084e45cb8"><xop:Include href="cid:1ef91a48-8459-4c10-9a0e-e5934b730ab3"/></wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-bf7cb028-23ab-475c-ac00-2c6864c62d38"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="soap"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#TS-b8e2c055-a68e-4fcb-b656-7efbee1c9488"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse soap"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>fYgMsX9FPdN0G1sUXV8r9s1eaYg=</ds:DigestValue></ds:Reference><ds:Reference URI="#_94891144-bc63-48cf-9b16-577a24a74256"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>anB/rWJ4uw4J5i2zzypMo7ZIU88=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>izkzxIuHRqOx1A0Yvybu/NKcIdKUqAQ1LhCOtZTS794lzRZq5pYoCOWoSLX3C8BHlmXW0/QlB4+bDLdN9u0optp0YoNw2R/j5A/hL7Oz4RdarE5M2pF5EyCPzZDz7Z4bRlLmTVNyRB7SKoKRyksBo3q+Fb0EHS+7NpsIACkFPuc=</ds:SignatureValue><ds:KeyInfo Id="KI-fce4210a-a866-4048-8288-bc420fc6f212"><wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STR-99b1145c-87ce-410d-b178-61646e40daad"><wsse:Reference URI="#X509-5342ff77-664a-4938-912e-407084e45cb8" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/></wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature></wsse:Security></soap:Header><soap:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="_94891144-bc63-48cf-9b16-577a24a74256"><documentId xmlns="http://www.myserver.com/ws/myns" xmlns:ns2="http://www.w3.org/2004/08/xop/include">400000000432316</documentId></soap:Body></soap:Envelope>
--uuid:19df84f4-b529-4451-b001-1286da9054f1
Content-Type: application/ciphervalue
Content-Transfer-Encoding: binary
Content-ID: <1ef91a48-8459-4c10-9a0e-e5934b730ab3>
BINARY CONTENT OF THE CERTIFICATE
--uuid:19df84f4-b529-4451-b001-1286da9054f1--
出站消息
---------------------------
身份证号码:1
地址:http://myserver:8888/Service
编码:UTF-8
Http方法:POST
内容类型:多部分/相关;type=“应用程序/xop+xml”;边界=“uuid:19df84f4-b529-4451-b001-1286da9054f1”;start=“”;start info=“text/xml”
标题:{Accept=[*/*],Connection=[close],SOAPAction=[“http://myserver:8888/Service/ServiceAction"]}
有效载荷:
--uuid:19df84f4-b529-4451-b001-1286da9054f1
内容类型:应用程序/xop+xml;字符集=UTF-8;type=“text/xml”
内容传输编码:二进制
内容ID:
2020-10-05T07:56:29.303ZYG2020-10-05T08:56:29.303ZFYGMS9FPDN0G1SUXV8R9S1EAYG=anB/RWJ4UW4J5I2ZYPMO7ZIU88=IZZZYHRQOX1A0YVYBU/NKCIDKUQQ1LHCOTS794LZRZQ5YOCOWSLX3C8BHLMXW0/QlB4+BDLdn9UZ0OPTP0YONW2R/j5A/H7OZL7OZR4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4R4F52P4F2E2E2E2EYYY
--uuid:19df84f4-b529-4451-b001-1286da9054f1
内容类型:应用程序/密码值
内容传输编码:二进制
内容ID:
证书的二进制内容
--uuid:19df84f4-b529-4451-b001-1286da9054f1--