INSTITUTO POLITÉCNICO NACIONAL UNIDAD PROFESIONAL INTERDISCIPLINARIA DE INGENIERÍA Y CIENCIAS SOCIALES Y ADMINISTRATIVAS SECCIÓN DE ESTUDIOS DE POSGRADO E INVESTIGACIÓN. IMPLEMENTACIÓN DE CONTROLES DE SEGURIDAD EN ARQUITECTURAS ORIENTADAS A SERVICIOS (SOA) PARA SERVICIOS WEBMÉXICO, D.F AÑO 2011 T E S I S QUE PARA OBTENER EL GRADO DE: MAESTRO EN CIENCIAS CON ESPECIALIDAD EN INFORMÁTICA P R E S E N T A: EMILIO ANAYA LOPEZ. DIRECTOR M. EN C. RAFAEL IBAÑEZ CASTAÑEDA
SECCIÓN DE ESTUDIOS DE POSGRADO E INVESTIGACIÓN.
IMPLEMENTACIÓN DE CONTROLES DE SEGURIDAD EN ARQUITECTURAS
ORIENTADAS A SERVICIOS (SOA)
PARA SERVICIOS WEB
T E S I S
QUE PARA OBTENER EL GRADO DE: MAESTRO EN CIENCIAS CON ESPECIALIDAD
EN
INFORMÁTICA
EMILIO ANAYA LOPEZ.
8/19/2019 1313442753812TesisEmilioAn (1).pdf
A mi hermano por ser un ejemplo a seguir.
8/19/2019 1313442753812TesisEmilioAn (1).pdf
T XML W
INODCCIN
.........................................................................................................................................
12
CAPILO 1: EICIO EB DEFINICIN DEL POBLEMA
.................................................................
14
1.1. EICIO EB
...................................................................................................................................
14
1.1.1.
1.1.2.
1.2. DELIMIACIN JIFICACIN DEL POBLEMA
........................................................................................
17
1.2.1.
1.2.2.
1.2.3.
1.2.4.
CAPILO 2: PLAAFOMA OA EGIDAD EN EICIO EB
.......................................................
19
2.1. AQIECA OIENADA A EICIO
................................................................................................
19
2.1.1.
2.2. IMPLEMENACIN DE EGIDAD EN OAP
............................................................................................
30
2.2.1.
2.2.2.
2.2.3.
2.3. EQIIO DE EGIDAD DE LO EICIO EB
...................................................................................
31
2.3.1.
2.3.2.
2.3.3.
2.3.4.
2.3.5. 2.3.6.
2.4. ENDAE DE EGIDAD EN EICIO EB
.......................................................................................
33
2.4.1.
2.4.2.
2.4.3. ( )
2.4.4. ()
9
CAPILO 3: DIEO CONCEPAL FICO
.........................................................................................
48
3.1. CAO PCICO 1
...............................................................................................................................
48
3.2. CAO PCICO 2
...............................................................................................................................
49
3.3. POPEA DE OLCIN
.....................................................................................................................
52
3.4. DIEO CONCEPAL
...........................................................................................................................
54
3.4.1. 3.4.2.
3.5.1.
3.5.2.
3.5.3.
3.5.4.
3.5.5.
3.6.1.
3.6.2.
4.1. IMPLEMENACIN
...............................................................................................................................
70
4.1.1.
4.1.2.
4.1.3.
4.1.4.
4.1.5.
4.1.6.
4.1.7.
4.2. CONFIGACIN DE AMBIENE DE PEBA
............................................................................................
76 4.2.2.
4.2.3.
4.2.4.
BIBLIOGAFA
............................................................................................................................................
94
APNDICE 1
................................................................................................................................................
95
APNDICE 2
..............................................................................................................................................
102
F 3: D
.........................................................................................
52
F 4: P
........................................................................................................
52
F 5: D
.................................................................
57
F 8: I .
.......................................................................
73
F 9: I .
.................................................................................
74
F 10: D
.....................................................................
79
F 11: P
.........................................................................
79
F 12: P
.........................................................................
80
F 13: P
......................................................................................
81
F 14: D ............................................. 82
F 15: P
....................................................................
83
F 16: D ............................................. 84
F 17: P ............................................... 84
F 19: T
...........................................................................................................
98
F 20: R
...........................................................................................................
98
F 21: H
..........................................................................................
99
F 23: H U G
................................................................................
101
F 24: P TM
.........................................................................
104
8/19/2019 1313442753812TesisEmilioAn (1).pdf
T 4: D A
..................................................................................................
51
T 5: D
...............................................................
53
T 7: D
............................................................................
55
T 8: A
...........................................................................................................
56
T 9: C
.......................................................................................
56
T 10: S
...................................................................................................
57
T 12: E CTP
.............................................................
58
T 13: C
..................................................................................................
58
T 16: P ......................................................
63
T 19: C
............................................................................................
76
T 20: P
.......................................................................................
77
T 22: B P
............................................................................................................
78
T 23: R XML ................................................
86
8/19/2019 1313442753812TesisEmilioAn (1).pdf
1 D C, J W S, OR, 2002, .227
8/19/2019 1313442753812TesisEmilioAn (1).pdf
• S G.
2 M O'N, , W S S, MGH/O, 2003, . 4
3 R N, R S, R P S, D J W S, W P I., 2003, . 22
8/19/2019 1313442753812TesisEmilioAn (1).pdf
.
4 A G, W S: T P, D P, 2004, . 9
5 R N, R S, R P S, D J W S, W P I., 2003, . 22 6 E N, U W S, P E C
S D, 2002, . 3 7 B H, D J. F, K B, S K, M W S S, W P I., 2003, .29
8 B H, D J. F, K B, S K, M W S S, W P I., 2003, .30 9 D C, J W S,
OR, 2002, .186
8/19/2019 1313442753812TesisEmilioAn (1).pdf
12.
10 B H, D J. F, K B, S K, M W S S, W P I.,
2003, .350
11 B H, D J. F, K B, S K, M W S S, W P I.,
2003, .351
12 D C, J W S, OR, 2002, .227
8/19/2019 1313442753812TesisEmilioAn (1).pdf
E Simple Object Access Protocol (SOAP) E M
L (XML)
R TCP/IP
2.
C
F I
(PKI) A .
13 D T, J S, P K, P W S SOAP, O'R, 2001, . 10
8/19/2019 1313442753812TesisEmilioAn (1).pdf
:
14 D K, K B, D S, E SOA: SO A B P, P H PTR, 2004,
.78
15 [10] T E., SOA: , P H, 2008, .38
8/19/2019 1313442753812TesisEmilioAn (1).pdf
L
. E
. E
, 16.
16 D K, K B, D S, E SOA: SO A B P, P H PTR, 2004,
.81
8/19/2019 1313442753812TesisEmilioAn (1).pdf
.
17 D K, K B, D S, E SOA: SO A B P, P H PTR, 2004,
.81
18 D K, K B, D S, E SOA: SO A B P, P H PTR, 2004,
.81
19 T E., SOA: , P H, 2008, .52
8/19/2019 1313442753812TesisEmilioAn (1).pdf
S
S SOA
L
. S
P
. E
WSDL.
S 4 :
S
L
P
S 4 :
L
E
. P ,
L
. E ,
S 4 :
P ,
. E
20 T E., SO A: C, T, D P H, 2005, 449
8/19/2019 1313442753812TesisEmilioAn (1).pdf
21 T E., SOA: , P H, 2008, .50
22 B H, D J. F, K B, S K, M W S S, W
P I., 2003, .4
. A
.
23 R K, P C, SOA S, M P C., 2008, .89.
8/19/2019 1313442753812TesisEmilioAn (1).pdf
?" E ,
28.
24 M O'N, , W S S, MGH/O, 2003, .23
25 D K, K B, D S, E SOA: SO A B P, P H PTR, 2004, .23
26 B H, D J. F, K B, S K, M W S S, W P I.,
2003, .402
27 M O'N, , W S S, MGH/O, 2003, .27
28 M O'N, , W S S, MGH/O, 2003, .35
8/19/2019 1313442753812TesisEmilioAn (1).pdf
31.
2.4.
E
G
XML.
29 M O'N, , W S S, MGH/O, 2003, .29
30 B H, D J. F, K B, S K, M W S S, W P I.,
2003, .396
31 M O'N, , W S S, MGH/O, 2003, .36
8/19/2019 1313442753812TesisEmilioAn (1).pdf
2.4.1.
33.
32 M O'N, , W S S, MGH/O, 2003, 621
33 W S S: SOAP M S 1.1 (WSS 2004), 7
8/19/2019 1313442753812TesisEmilioAn (1).pdf
<EncryptionMethod/>?
<ds:KeyInfo>
<EncryptedKey>?
<AgreementMethod>?
<ds:KeyName>?
<ds:RetrievalMethod>?
<ds:*>?
</ds:KeyInfo>?
<CipherData>
<CipherValue>?
34 ://.3./TR//
:
<sequence>
minOccurs='0'/> <element ref='ds:KeyInfo'
minOccurs='0'/>
<element ref='xenc:CipherData'/>
</sequence>
</complexType> 35
<sequence>
<any namespace='##other' minOccurs='0'
maxOccurs='unbounded'/>
</sequence>
</complexType>
<complexType name='CipherDataType'>
<element ref='xenc:CipherReference'/>
<complexType name='CipherReferenceType'>
minOccurs='0'/>
</complexType>
</sequence>
<complexType name='EncryptedDataType'>
E :KI.
2. U :KI EK CKN
(R)
E <EK>
:KI. E ,
<complexType name='EncryptedKeyType'>
<complexContent>
<element name='CarriedKeyName' type='string'
minOccurs='0'/>
39 ://.3./TR//
</extension>
</complexContent>
fixed='http://www.w3.org/2001/04/xmlenc#EncryptedKey' />
</choice>
</complexType>
</element>
</sequence>
</complexType> 42
40 ://.3./TR//
41 ://.3./TR//
42 ://.3./TR//
. E T ET
</sequence>
</complexType>
<choice maxOccurs='unbounded'>
</choice>
<anyAttribute
namespace="http://www.w3.org/XML/1998/namespace"/>
<complexType name="SignatureType">
<element ref="ds:Object" minOccurs="0"
maxOccurs="unbounded"/> </sequence>
<attribute name="Id" type="ID" use="optional"/>
</complexType> 44
44 M O'N, , W S S, MGH/O, 2003, 650
8/19/2019 1313442753812TesisEmilioAn (1).pdf
<complexType name="SignedInfoType">
</sequence>
</complexType> 45
<complexType name="SignatureValueType">
</extension>
</simpleContent>
<sequence>
<!-- (0,unbounded) elements from (1,1) namespace -->
</sequence>
</complexType>
47
<sequence>
type="ds:HMACOutputLengthType"/>
<!-- (0,unbounded) elements from (1,1) external namespace
-->
</sequence>
</complexType> 48
<complexType name="ReferenceType">
<element ref="ds:DigestMethod"/>
<element ref="ds:DigestValue"/>
<attribute name="URI" type="anyURI" use="optional"/>
<attribute name="Type" type="anyURI" use="optional"/>
</complexType> 49
<complexType name="TransformsType">
48 ://.3./TR/2008/REC20080610/
49 ://.3./TR/2008/REC20080610/
8/19/2019 1313442753812TesisEmilioAn (1).pdf
</sequence>
</complexType>
</choice>
</complexType> 50
<sequence>
maxOccurs="unbounded"/>
</complexType> 51
E <D>
<simpleType name="DigestValueType">
<restriction base="base64Binary"/>
<choice maxOccurs="unbounded">
<element ref="ds:KeyName"/>
<element ref="ds:KeyValue"/>
<element ref="ds:RetrievalMethod"/>
<element ref="ds:X509Data"/>
<element ref="ds:PGPData"/>
<element ref="ds:SPKIData"/>
<element ref="ds:MgmtData"/>
</choice>
</complexType> 53
<choice>
</choice>
<sequence maxOccurs="unbounded">
53 ://.3./TR/2008/REC20080610/
54 ://.3./TR/2008/REC20080610/
8/19/2019 1313442753812TesisEmilioAn (1).pdf
</choice>
</sequence>
</complexType>
</sequence>
</sequence>
</complexType> 56
://..//.?=58.
SAML ,
55 ://.3./TR/2008/REC20080610/
56 ://.3./TR/2008/REC20080610/
57 M O'N, , W S S, MGH/O, 2003 685
58 M O'N, , W S S, MGH/O, 2003 685
8/19/2019 1313442753812TesisEmilioAn (1).pdf
XACML OASIS (://.
A C L (ACL)
D
, SOA,
XML, ,
S 2007
• L P: E
L
2 C R .
3 B R .
4 E R .
4: D A
8/19/2019 1313442753812TesisEmilioAn (1).pdf
C E F
S JAXWS D P WSSP D C SOAP WSS F
I XML S F
N XML S F
C XML E F
5: D
.
B)
F
F
C N
9: C
11: F P
8/19/2019 1313442753812TesisEmilioAn (1).pdf
D: E .
P: L D E: B, S, C, F , R, I, F
, F , A. D S: L .
P : L . C E:
3.4.3.
13: C
C C H
S 1 AMD A X2 7750 B E 2.7 GH, 4G RAM,
250 , T R , T R
S 2 S V 1 AMD A 7750 B E 2.7
GH, 1G RAM, 120G
S W 11G R 4P 10/100M
E C I C 2 D 2.4 GH, 2G RAM, 150G
14: C H
V S V 86 L : ://..//4.0.4/VB4.0
E D I J2EE. L : ://.//
M 2.1
L : ://..//F/14/
• NB 6.9.1
• K
• J R E (JRE )
E: SKI 16: P
L C O. A
:
openssl req -x509 -days 3650 -md5 -newkey rsa:1024 -keyout
empresakey.pem -out empresacert.pem -passout
pass:changeit
openssl req -x509 -days 3650 -md5 -newkey rsa:1024 -keyout
bancokey.pem -out bancocert.pem -passout pass:changeit
P 3: D , 12
pass:changeit -passout pass:changeit
pass:changeit
3.6.
P 3: C O CTP
.
public String Recepcion(@WebParam(name = "Banco")
String Banco, @WebParam(name = "Sucursal")
String Sucursal, @WebParam(name = "Cuenta")
String Cuenta, @WebParam(name = "Formapago")
String Formapago, @WebParam(name = "Referencia")
String Referencia, @WebParam(name = "Importe")
double Importe, @WebParam(name = "FechaPago")
String FechaPago, @WebParam(name = "FechaAplica")
String FechaAplica, @WebParam(name = "Autorizacion")
:
• E <:OSEHAB/>
, .
• E <:ST> SAML.
1.1.
java.lang.String result = port.crearTransaccionPago(banco,
sucursal, cuenta, formapago, referencia, importe,
fechaPago, fechaAplica, autorizacion);
for (int i=0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
try{
}
<sc:TrustStore wspp:visibility="private"
location="glassfish/domains/domain1/config/cacerts.jks"
type="JKS"
storepass="changeit" peeralias="empresa"/>
srcstorepass changeit -srcstoretype pkcs12
srcstorepass changeit -srcstoretype pkcs12
8/19/2019 1313442753812TesisEmilioAn (1).pdf
keytool -import -noprompt -trustcacerts -alias banco -fi le
banco.cer -keystore cacerts.jks -storepass changeit
keytool -import -noprompt -trustcacerts -alias empresa -file
empresa.cer -keystore cacerts.jks -storepass changeit
P
A . D
Certificado[1]:
Propietario: O=Internet Widgits Pty Ltd, ST=Some-State, C=AU
Emisor: O=Internet Widgits Pty Ltd, ST=Some-State, C=AU
Número de serie: a4c5edb34ab27361
Válido desde: Sat Mar 26 23:57:34 CST 2011 hasta: Sun Mar 25
23:57:34 CST 2012
Huellas digitales del certificado:
Versión: 3
SubjectKeyIdentifier [
KeyIdentifier [
0000: FE FA CC 47 8A E3 79 34 DC CA B5 63 33 62 62 46
...G..y4...c3bbF
0010: 0E B6 4E A8 ..N.
#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
8/19/2019 1313442753812TesisEmilioAn (1).pdf
73
AuthorityKeyIdentifier [
KeyIdentifier [
0000: FE FA CC 47 8A E3 79 34 DC CA B5 63 33 62 62 46
...G..y4...c3bbF
0010: 0E B6 4E A8 ..N.
4.1.3.
I
P
WSDL: /AEM/WPS?
N : WPP
N : P.WP
URL : ://192.168.0.101:8080/
URL : :// 192.168.0.106:8080/
WSPS C P S 2 S 2
CB. JSP S 2 C
ED.JSP JSP S 2 C
19: C
S 1 . 8080 8081
S 2 . 8080 8081
F 11: P
8/19/2019 1313442753812TesisEmilioAn (1).pdf
.
</head>
<body>WsPagosService is a secured web service; Tester feature
is not supported for secured
services</body></html>
E 2
<head>
<title>Envio de Transaccion</title>
<link rel=stylesheet href="style.css" type="text/css">
</head>
</html>
C :
P
. . . E
<sc:TrustStore wspp:visibility="private"
location="glassfish/domains/domain1/config/cacerts.jks"
type="JKS"
storepass="changeit" peeralias="empresa"/>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" />
XML S. L
</ds:Reference>
</ds:Transform>
</ds:Transforms>
<ds:Reference
URI="#uuid_cf2b316d-2e02-4a37-9723-18ea1ae5e7f6">
.
,
.
.
.
C , ,
. P ,
,
.
N S A. S
I. S .
, XML
SOAP
WSDL.
. WSDL
SGML (ISO 8879). O
XML.
[1] A G, W S: T P, D P, 2004
[2] B H, D J. F, K B, S K, M W
S S, W P I., 2003
[3] D, T SOA US W E E
(C F), 2006.
[4] D C, J W S, OR, 2002
[5] D K, K B, D S, E SOA: SO A B
P, P H PTR, 2004
[6] D T, J S, P K, P W S SOAP,
O'R, 2001
[7] E N, U W S, P E C S
D, 2002
[8] M O'N, , W S S, MGH/O, 2003
[9] R K, P C, SOA S, M P C.,
2008.
[10] R N, R S, R P S, D J W
S, W P I., 2003
[11] T E., SO A: C, T, D
P H, 2005
[12] T E., SOA: , P H, 2008
[13] W S S: SOAP M S 1.1 (WSS 2004)
[14] ://..//.?=
P J D K L F 14,
:
://../////.
[root@empresa Descargas]#cp jdk-6u24-linux-i586.bin /opt
P 4: E :
P 5: E JDK:
P $JAVAHOME
8/19/2019 1313442753812TesisEmilioAn (1).pdf
:
://../////.
P 4: E JRE:
:
P 4: E G:
P 2: E :
P 2: C . !=
F
TCP M 8080