S1,AS2,AS3协议中消息都是先通过MIME或S/MIME打包,然后通过相关底层传输协议(SMTP,HTTP,FTP)发送。三种协议打包方式上差不多,区别只是传输协议(包括HTTP头)不同.
在RFC 4130 (http://www.ietf.org/rfc/rfc4130.txt)中对打包定义如下
No encryption, no signature
-RFC2616/2045
-RFC1767/RFC3023 (application/EDIxxxx or /xml)
No encryption, signature
-RFC2616/2045
-RFC1847 (multipart/signed)
-RFC1767/RFC3023 (application/EDIxxxx or /xml)
-RFC3851 (application/pkcs7-signature)
Encryption, no signature
-RFC2616/2045
-RFC3851 (application/pkcs7-mime)
-RFC1767/RFC3023 (application/EDIxxxx or /xml)(encrypted)
Encryption, signature
-RFC2616/2045
-RFC3851 (application/pkcs7-mime)
-RFC1847 (multipart/signed)(encrypted)
-RFC1767/RFC3023 (application/EDIxxxx or /xml)(encrypted)
-RFC3851 (application/pkcs7-signature)(encrypted)
MDN over HTTP, no signature
-RFC2616/2045
-RFC3798 (message/disposition-notification)
MDN over HTTP, signature
-RFC2616/2045
-RFC1847 (multipart/signed)
-RFC3798 (message/disposition-notification)
-RFC3851 (application/pkcs7-signature)
写得非常清楚,但是基本上没人看的明白 :p
前面四个是关于要传递的EDI,XML或其他类型报文如何打包(以后简称报文打包);后面两个是介绍MDN(消息回执)的打包方式(以后简称回执打包)。
在具体介绍前,先简要解释上面提到的RFC
RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1 (地球人都知道)
RFC 2045: Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies
简单的说,就是如何把多个部门打包在一个数据流里面。譬如写一个邮件,有正文还有附件,为了把所有主体(正文+附件)在网络上传递,需要打包在一个数据流里面。这就是MIME的设计目的。具体实现就是有一个全局的头(头可以有多行,每行是键: 值的格式;定义了分割符)+分割符号(+2个CRLF)+第一主体+分割符号(+2个CRLF)+第二主体+分割符号(+2个CRLF)+第三主体...+分割符号
RFC 1767: MIME Encapsulation of EDI Objects
RFC 3023: XML Media Types
定义了EDI(EDIFACT和ANSI X12)和XML相关的Content Type,如application/xml等等. 实际上application/octet-stream之类的也是AS2协议可以支持的content type.
RFC 3851: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 3.1 Message Specification
RFC 1847: Security Multiparts for MIME: Multipart/Signed and Multipart/Encrypted
S/MIME是在MIME基础上增加了安全性。主要用数字签名解决authentication(认证,消息发送方确实是声明的消息发送方),消息完整性和发送方的不可否认性;用加密保证数据的保密性。
RFC 3798: Message Disposition Notification,定义MDN的MIME格式
报文打包包括如下四种情况(注意AS2 1.1支持对报文进行压缩传输,和上面四种情况稍微有点不同)
情景1( No encryption, no signature)没有加密,没有数字签名
MIME只有一个主体:传递报文的明文,如下 (两条线之间,实际打包中线不存在)
application/xxxx根据报文格式不同而不同,如application/octet-stream,application/xml,application/edifact.下同
--------------------------------------------------------
AS2头
content-type: application/xxxx
AS2头
报文明文
--------------------------------------------------------
情景2 (No encryption, signature)没有加密,有数字签名
MIME包括两个并列的主题
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz指分割符,不同实现不同但是往往比较长和复杂。
--------------------------------------------------------
AS2头
content-type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
AS2头
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Content-Type: application/octet-stream
主体相关的头
报文明文
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data\
主体相关的头
数字签名(签名算法在AS2头中给出,本例子使用sha1)
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
--------------------------------------------------------
情景3 (Encryption, no signature)加密没有签名
MIME外层只有一个主体
--------------------------------------------------------
AS2头
content-type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
AS2头
加密后的报文 (加密前是一个仅仅包含报文,content type为 application/xxxx的MIME包)
--------------------------------------------------------
情景4 Encryption, signature(加密,数字签名)
MIME外层只有一个主体
--------------------------------------------------------
AS2头
content-type: application/pkcs7-mime; name="smime.p7m"; smime-type=enveloped-data
AS2头
加密后的报文(是与情景2类似的MIME包-不包含AS2头)
--------------------------------------------------------
回执有不签名和签名两种情景
情景1 MDN over HTTP, no signature(不签名)
--------------------------------------------------------
AS2头
Content-Type: multipart/report; report-type=disposition-notification; boundary="----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
AS2头
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: binary
The message you sent on "Tue, 26 Oct 2010 04:32:24 GMT" from "xxxxxx" to
"yyyyyyyy" with subject "AS2 test message" has been received successfully on 26
Oct 2010 04:32:24 GMT and this is no guarantee that the message has been read or understood.
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Content-Type: message/disposition-notification
Content-Transfer-Encoding: binary
Reporting-UA: 223.1.1.128; XXXXXXXXXXXXXXXXXXXXX
Original-Recipient: yyyyyyyyyyy
Final-Recipient: yyyyyyyyyy
Original-Message-ID: <1295227776399941288067544796>
Disposition: automatic-action/MDN-sent-automatically; processed
Received-content-MIC: poaQNS6MuGVvDwqONFw9L8Ng6jk=, sha1
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
情景2 MDN over HTTP, signature(签名)
-----yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy:指另外一个分割符
--------------------------------------------------------
AS2头
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"
AS2头
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Content-Type: multipart/report; report-type=disposition-notification;boundary="-----yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"
-----yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: binary
The message you sent on "Tue, 26 Oct 2010 04:32:24 GMT" from "xxxxxx" to
"yyyyyyyy" with subject "AS2 test message" has been received successfully on 26
Oct 2010 04:32:24 GMT and this is no guarantee that the message has been read or understood.
-----yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
Content-Type: message/disposition-notification
Content-Transfer-Encoding: binary
Reporting-UA: 223.1.1.128
Original-Recipient: yyyyyy
Final-Recipient: yyyyyyy
Original-Message-ID: <2575437176399941288067570296>
Disposition: automatic-action/MDN-sent-automatically; processed
Received-content-MIC: SNQ7jE8yo/nTyI4AKOKlNQlkQc4=, sha1
-----yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Content-Type: application/pkcs7-signature; name=smime.p7s; smime-type=signed-data
Content-Transfer-Encoding: binary
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
数字签名
----zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz