SECCIÓN DE ESTUDIOS DE POSGRADO E INVESTIGACIÓN.
IMPLEMENTACIÓN DE CONTROLES DE SEGURIDAD EN ARQUITECTURAS ORIENTADAS A SERVICIOS (SOA)
PARA SERVICIOS WEB 
T E S I S
QUE PARA OBTENER EL GRADO DE: MAESTRO EN CIENCIAS CON ESPECIALIDAD EN
INFORMÁTICA
EMILIO ANAYA LOPEZ.
8/19/2019 1313442753812TesisEmilioAn (1).pdf
A mi hermano por ser un ejemplo a seguir.
8/19/2019 1313442753812TesisEmilioAn (1).pdf
T XML W
INODCCIN ......................................................................................................................................... 12 
CAPILO 1:  EICIO EB DEFINICIN DEL POBLEMA ................................................................. 14 
1.1.  EICIO EB ................................................................................................................................... 14 
1.1.1.   
1.1.2.   
1.2.  DELIMIACIN JIFICACIN DEL POBLEMA ........................................................................................ 17 
1.2.1.    
1.2.2.      
1.2.3.     
1.2.4. 
  CAPILO 2:  PLAAFOMA OA EGIDAD EN EICIO EB ....................................................... 19 
2.1.  AQIECA OIENADA A EICIO ................................................................................................ 19 
2.1.1.   
2.2.  IMPLEMENACIN DE EGIDAD EN OAP ............................................................................................ 30 
2.2.1.   
2.2.2.   
2.2.3.     
2.3.  EQIIO DE EGIDAD DE LO EICIO EB ................................................................................... 31 
2.3.1.     
2.3.2.     
2.3.3.     
2.3.4.     
2.3.5.    2.3.6.     
2.4.  ENDAE DE EGIDAD EN EICIO EB ....................................................................................... 33 
2.4.1.     
2.4.2.     
2.4.3.    ( )  
2.4.4.  ()  
9
CAPILO 3:  DIEO CONCEPAL FICO ......................................................................................... 48 
3.1.  CAO PCICO 1 ............................................................................................................................... 48 
3.2.  CAO PCICO 2 ............................................................................................................................... 49 
3.3.  POPEA DE OLCIN ..................................................................................................................... 52 
3.4.  DIEO CONCEPAL ........................................................................................................................... 54 
3.4.1.    3.4.2.    
3.5.1.   
3.5.2.   
3.5.3.   
3.5.4.     
3.5.5.   
3.6.1.   
3.6.2.     
4.1.  IMPLEMENACIN ............................................................................................................................... 70 
4.1.1.     
4.1.2.   
4.1.3.   
4.1.4.   
4.1.5.   
4.1.6.     
4.1.7.     
4.2.  CONFIGACIN DE AMBIENE DE PEBA ............................................................................................ 76  4.2.2.     
4.2.3.    
4.2.4.      
BIBLIOGAFA ............................................................................................................................................ 94 
APNDICE 1 ................................................................................................................................................ 95 
APNDICE 2 .............................................................................................................................................. 102 
F 3: D ......................................................................................... 52
F 4: P ........................................................................................................ 52
F 5: D ................................................................. 57
F 8: I . ....................................................................... 73
F 9: I . ................................................................................. 74
F 10: D ..................................................................... 79
F 11: P ......................................................................... 79
F 12: P ......................................................................... 80
F 13: P ...................................................................................... 81
F 14: D ............................................. 82
F 15: P .................................................................... 83
F 16: D ............................................. 84
F 17: P ............................................... 84
F 19: T ........................................................................................................... 98
F 20: R ........................................................................................................... 98
F 21: H .......................................................................................... 99
F 23: H U G ................................................................................ 101
F 24: P TM ......................................................................... 104
8/19/2019 1313442753812TesisEmilioAn (1).pdf
T 4: D A .................................................................................................. 51
T 5: D ............................................................... 53
T 7: D ............................................................................ 55
T 8: A ........................................................................................................... 56
T 9: C ....................................................................................... 56
T 10: S ................................................................................................... 57
T 12: E CTP ............................................................. 58
T 13: C .................................................................................................. 58
T 16: P ...................................................... 63
T 19: C ............................................................................................ 76
T 20: P ....................................................................................... 77
T 22: B P ............................................................................................................ 78
T 23: R XML ................................................ 86
8/19/2019 1313442753812TesisEmilioAn (1).pdf
1 D C, J W S, OR, 2002, .227 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
•  S G.
2  M O'N, , W S S, MGH/O, 2003, . 4
3  R N, R S, R P S, D J W S, W P I., 2003, . 22 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
.
4  A G, W S: T P, D P, 2004, . 9
5 R N, R S, R P S, D J W S, W P I., 2003, . 22 6 E N, U W S, P E C S D, 2002, . 3 7 B H, D J. F, K B, S K, M W S S, W P I., 2003, .29 8 B H, D J. F, K B, S K, M W S S, W P I., 2003, .30 9 D C, J W S, OR, 2002, .186
8/19/2019 1313442753812TesisEmilioAn (1).pdf
12.
10  B H, D J. F, K B, S K, M W S S, W P I.,
2003, .350 
11  B H, D J. F, K B, S K, M W S S, W P I.,
2003, .351 
12 D C, J W S, OR, 2002, .227 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
E Simple Object Access Protocol  (SOAP) E M
L (XML)
R TCP/IP
2.
C
F I
(PKI) A .
13 D T, J S, P K, P W S SOAP, O'R, 2001, . 10 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
:
14  D K, K B, D S, E SOA: SO A B P, P H PTR, 2004, .78 
15 [10] T E., SOA: , P H, 2008, .38  
8/19/2019 1313442753812TesisEmilioAn (1).pdf
L
. E
. E
, 16.
16  D K, K B, D S, E SOA: SO A B P, P H PTR, 2004, .81 
8/19/2019 1313442753812TesisEmilioAn (1).pdf

.
17  D K, K B, D S, E SOA: SO A B P, P H PTR, 2004, .81 
18  D K, K B, D S, E SOA: SO A B P, P H PTR, 2004, .81 
19 T E., SOA: , P H, 2008, .52 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
S
S SOA
L
. S
P
. E
WSDL.
S 4 :
S
L
P
S 4 :
L
E
. P ,
L
. E ,
S 4 :
P ,
. E
20  T E., SO A: C, T, D P H, 2005, 449 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
21 T E., SOA: , P H, 2008, .50 
22  B H, D J. F, K B, S K, M W S S, W
P I., 2003, .4 
 
. A
.
23 R K, P C, SOA S, M P C., 2008, .89.
8/19/2019 1313442753812TesisEmilioAn (1).pdf
?" E ,
28.
24 M O'N, , W S S, MGH/O, 2003, .23
25 D K, K B, D S, E SOA: SO A B P, P H PTR, 2004, .23  26  B H, D J. F, K B, S K, M W S S, W P I.,
2003, .402 
27 M O'N, , W S S, MGH/O, 2003, .27
28 M O'N, , W S S, MGH/O, 2003, .35
8/19/2019 1313442753812TesisEmilioAn (1).pdf
31.
2.4.  
E
G
XML.
29  M O'N, , W S S, MGH/O, 2003, .29
30  B H, D J. F, K B, S K, M W S S, W P I.,
2003, .396 
31 M O'N, , W S S, MGH/O, 2003, .36 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
2.4.1.   
33.
32  M O'N, , W S S, MGH/O, 2003, 621 
33  W S S: SOAP M S 1.1 (WSS 2004), 7 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
<EncryptionMethod/>?
<ds:KeyInfo>
<EncryptedKey>?
<AgreementMethod>?
<ds:KeyName>?
<ds:RetrievalMethod>?
<ds:*>?
</ds:KeyInfo>?
<CipherData>
<CipherValue>?
34  ://.3./TR// 
:
<sequence>
minOccurs='0'/> <element ref='ds:KeyInfo' minOccurs='0'/>
<element ref='xenc:CipherData'/>
</sequence>
</complexType> 35 
<sequence>
<any namespace='##other' minOccurs='0' maxOccurs='unbounded'/>
</sequence>
</complexType>
<complexType name='CipherDataType'>
<element ref='xenc:CipherReference'/>
<complexType name='CipherReferenceType'>
minOccurs='0'/>
</complexType>
</sequence>
<complexType name='EncryptedDataType'>
E :KI.
2.  U :KI EK CKN
(R)
E <EK>
:KI. E ,
<complexType name='EncryptedKeyType'> <complexContent>
<element name='CarriedKeyName' type='string' minOccurs='0'/>
39  ://.3./TR// 
</extension>
</complexContent>
fixed='http://www.w3.org/2001/04/xmlenc#EncryptedKey' />
</choice>
</complexType>
</element>
</sequence>
</complexType> 42 
40  ://.3./TR// 
41  ://.3./TR// 
42  ://.3./TR// 
. E T ET
</sequence>
</complexType>
<choice maxOccurs='unbounded'>
</choice>
<anyAttribute namespace="http://www.w3.org/XML/1998/namespace"/>
<complexType name="SignatureType">
<element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/> </sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType> 44 
44  M O'N, , W S S, MGH/O, 2003, 650 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
<complexType name="SignedInfoType">
</sequence>
</complexType> 45 
<complexType name="SignatureValueType">
</extension>
</simpleContent>
<sequence>
<!-- (0,unbounded) elements from (1,1) namespace -->
</sequence>
</complexType>
47 
<sequence>
type="ds:HMACOutputLengthType"/>
<!-- (0,unbounded) elements from (1,1) external namespace -->
</sequence>
</complexType> 48 
<complexType name="ReferenceType">
<element ref="ds:DigestMethod"/>
<element ref="ds:DigestValue"/>
<attribute name="URI" type="anyURI" use="optional"/> <attribute name="Type" type="anyURI" use="optional"/>
</complexType> 49 
<complexType name="TransformsType">
48  ://.3./TR/2008/REC20080610/ 
49  ://.3./TR/2008/REC20080610/ 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
</sequence>
</complexType>
</choice>
</complexType> 50 
<sequence>
maxOccurs="unbounded"/>
</complexType> 51 
E <D>
<simpleType name="DigestValueType">
<restriction base="base64Binary"/>
<choice maxOccurs="unbounded">
<element ref="ds:KeyName"/>
<element ref="ds:KeyValue"/>
<element ref="ds:RetrievalMethod"/>
<element ref="ds:X509Data"/>
<element ref="ds:PGPData"/>
<element ref="ds:SPKIData"/>
<element ref="ds:MgmtData"/>
</choice>
</complexType> 53 
<choice>
</choice>
<sequence maxOccurs="unbounded">
53  ://.3./TR/2008/REC20080610/ 
54  ://.3./TR/2008/REC20080610/ 
8/19/2019 1313442753812TesisEmilioAn (1).pdf
</choice>
</sequence>
</complexType>
</sequence>
</sequence>
</complexType> 56 

://..//.?=58.
SAML ,
55  ://.3./TR/2008/REC20080610/ 
56  ://.3./TR/2008/REC20080610/ 
57  M O'N, , W S S, MGH/O, 2003 685  
58  M O'N, , W S S, MGH/O, 2003 685  
8/19/2019 1313442753812TesisEmilioAn (1).pdf
XACML OASIS (://.
A C L (ACL)
D
, SOA,
XML, ,
S 2007
•  L P: E
L
2 C R .
3 B R .
4 E R .
4: D A
8/19/2019 1313442753812TesisEmilioAn (1).pdf
C E F
S JAXWS D P WSSP D C SOAP WSS F
I XML S F
N XML S F
C XML E F
5: D
.
B)
F
F
C N
9: C
11: F P
8/19/2019 1313442753812TesisEmilioAn (1).pdf
D: E .
P: L D E: B, S, C, F , R, I, F
, F , A. D S: L .
P : L . C E:
3.4.3.  
13: C
C C H
S 1 AMD A X2 7750 B E 2.7 GH, 4G RAM,
250 , T R , T R
S 2 S V 1 AMD A 7750 B E 2.7
GH, 1G RAM, 120G
S W 11G R 4P 10/100M
E C I C 2 D 2.4 GH, 2G RAM, 150G
14: C H
V S V 86 L : ://..//4.0.4/VB4.0
E D I  J2EE. L : ://.// 
M 2.1
L : ://..//F/14/ 
•  NB 6.9.1
•  K
•  J R E (JRE )
E: SKI 16: P
L C O. A
:
openssl req -x509 -days 3650 -md5 -newkey rsa:1024 -keyout empresakey.pem -out empresacert.pem -passout
pass:changeit
openssl req -x509 -days 3650 -md5 -newkey rsa:1024 -keyout bancokey.pem -out bancocert.pem -passout pass:changeit
P 3: D , 12
pass:changeit -passout pass:changeit
pass:changeit
3.6.  
P 3: C O CTP
.
public String Recepcion(@WebParam(name = "Banco")
String Banco, @WebParam(name = "Sucursal")
String Sucursal, @WebParam(name = "Cuenta")
String Cuenta, @WebParam(name = "Formapago")
String Formapago, @WebParam(name = "Referencia")
String Referencia, @WebParam(name = "Importe")
double Importe, @WebParam(name = "FechaPago")
String FechaPago, @WebParam(name = "FechaAplica")
String FechaAplica, @WebParam(name = "Autorizacion")
:
•  E <:OSEHAB/>
, .
•  E <:ST> SAML.
1.1.
 java.lang.String result = port.crearTransaccionPago(banco, sucursal, cuenta, formapago, referencia, importe,
fechaPago, fechaAplica, autorizacion);
for (int i=0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
try{
}
<sc:TrustStore wspp:visibility="private" location="glassfish/domains/domain1/config/cacerts.jks" type="JKS"
storepass="changeit" peeralias="empresa"/>
srcstorepass changeit -srcstoretype pkcs12
srcstorepass changeit -srcstoretype pkcs12
8/19/2019 1313442753812TesisEmilioAn (1).pdf
keytool -import -noprompt -trustcacerts -alias banco -fi le banco.cer -keystore cacerts.jks -storepass changeit
keytool -import -noprompt -trustcacerts -alias empresa -file empresa.cer -keystore cacerts.jks -storepass changeit
P
A . D
Certificado[1]:
Propietario: O=Internet Widgits Pty Ltd, ST=Some-State, C=AU
Emisor: O=Internet Widgits Pty Ltd, ST=Some-State, C=AU
Número de serie: a4c5edb34ab27361
Válido desde: Sat Mar 26 23:57:34 CST 2011 hasta: Sun Mar 25 23:57:34 CST 2012
Huellas digitales del certificado:
Versión: 3
SubjectKeyIdentifier [
KeyIdentifier [
0000: FE FA CC 47 8A E3 79 34 DC CA B5 63 33 62 62 46 ...G..y4...c3bbF
0010: 0E B6 4E A8 ..N.
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
8/19/2019 1313442753812TesisEmilioAn (1).pdf
73
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FE FA CC 47 8A E3 79 34 DC CA B5 63 33 62 62 46 ...G..y4...c3bbF
0010: 0E B6 4E A8 ..N.
4.1.3.  
I  
P
WSDL: /AEM/WPS?
N : WPP
N : P.WP
URL : ://192.168.0.101:8080/
URL : :// 192.168.0.106:8080/
WSPS C P S 2 S 2
CB. JSP S 2 C
ED.JSP JSP S 2 C
19: C
S 1 . 8080 8081
S 2 . 8080 8081
F 11: P
8/19/2019 1313442753812TesisEmilioAn (1).pdf
.
</head>
<body>WsPagosService is a secured web service; Tester feature is not supported for secured services</body></html>
E 2
<head>
<title>Envio de Transaccion</title>
<link rel=stylesheet href="style.css" type="text/css">
</head>
</html>
C :
P
. . . E
<sc:TrustStore wspp:visibility="private" location="glassfish/domains/domain1/config/cacerts.jks" type="JKS"
storepass="changeit" peeralias="empresa"/>
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
XML S. L
</ds:Reference>
</ds:Transform>
</ds:Transforms>
<ds:Reference URI="#uuid_cf2b316d-2e02-4a37-9723-18ea1ae5e7f6">
.

,
.  
.
.
C , ,
. P ,
,
.
N S A. S
I. S .
, XML
SOAP
WSDL.
. WSDL
SGML (ISO 8879). O
XML. 
[1] A G, W S: T P, D P, 2004
[2] B H, D J. F, K B, S K, M W
S S, W P I., 2003
[3] D, T SOA US W E E
(C F), 2006.
[4] D C, J W S, OR, 2002
[5] D K, K B, D S, E SOA: SO A B
P, P H PTR, 2004
[6] D T, J S, P K, P W S SOAP,
O'R, 2001
[7] E N, U W S, P E C S
D, 2002
[8] M O'N, , W S S, MGH/O, 2003
[9] R K, P C, SOA S, M P C.,
2008.
[10] R N, R S, R P S, D J W
S, W P I., 2003
[11] T E., SO A: C, T, D
P H, 2005
[12] T E., SOA: , P H, 2008
[13] W S S: SOAP M S 1.1 (WSS 2004)
[14] ://..//.?=
P J D K L F 14,
:
://../////. 
[root@empresa Descargas]#cp jdk-6u24-linux-i586.bin /opt
P 4: E :
P 5: E JDK:
P $JAVAHOME
8/19/2019 1313442753812TesisEmilioAn (1).pdf
:
://../////. 
P 4: E JRE:
:
P 4: E G:
P 2: E :
P 2: C . !=
F
TCP M 8080