使用X509证书实现WSSecurity npm'Soap'

时间:2016-05-01 15:56:45

标签: node.js soap ws-security node-soap

问题的第1部分:

使用npm soap,我正在尝试对下面的端点var url进行肥皂调用。

var sslRootCAs = require('ssl-root-cas/latest')
sslRootCAs.inject();


var soap = require('soap');
  var url = 'https://ws.conf.ebs.health.gov.on.ca:1440/HCVService/HCValidationService?wsdl';
  var args = {name: 'value'};
  soap.createClient(url, function(err, client) {
      if (err) {
        console.log(err);
      }
      else console.log(client);
  });

我收到回调错误:

{ [Error: unable to verify the first certificate] code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }

虽然我有Certs,但上述错误发生了什么。

问题的第2部分:

我收到了以下信息:

***信息开始

  1. 点击WSDL链接:https://ws.conf.ebs.health.gov.on.ca:1440/HCVService/HCValidationService?wsdl

  2. 点击地址栏附近的安全报告图标

  3. 点击查看证书

  4. 安装证书

    5. 您需要获得自己的OWN安全证书。 对于IDP模型,MOH将接受自签名证书或证书颁发机构颁发的证书。

    a)您将使用证书的私钥签署HCV请求;

    b)我们将收到请求并进行处理;

    c)我们将发回由我们的证书私钥签名的回复(go-pki_cacert.arm)。这就是为什么你必须在你的信任库中拥有go-pki_cacert.arm证书。(以及之前的电子邮件中提到的其他两个)。

    d)响应中的密钥将使用您随请求发送的证书中检索到的公钥进行加密。那么,你对应的私人

    必须使用

    密钥对其进行解密。使用公钥的所有位。然后,您可以使用提供的密钥解密正文/邮件内容。

    信息结束***

    我提供了所有凭据,也发送了一些示例请求。

    以下是XML请求示例:

    <soapenv:Envelope xmlns:ebs="http://ebs.health.ontario.ca/" xmlns:hcv="http://hcv.health.ontario.ca/" xmlns:idp="http://idp.ebs.health.ontario.ca/" xmlns:msa="http://msa.ebs.health.ontario.ca/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-FF9156B4BEE23716A1142978895556413">MIIGQzC..truncated..CPo=</wsse:BinarySecurityToken>
   <ds:Signature Id="SIG-30" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ebs hcv idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#UsernameToken-26"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ebs hcv idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>nuqM1lGK6rOVruau3woc66AsvIs=</ds:DigestValue></ds:Reference><ds:Reference URI="#TS-25"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="wsse ebs hcv idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>YHFurnR786jGnU0dmhB6AuZMWf0=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-27"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="hcv idp msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>4HrW5GODU3lE87D24YfwxjGwgCo=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-28"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ebs hcv msa soapenv" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
   <ds:DigestValue>mfmdQegqmjMNvXyV0FYGiJwqrwc=</ds:DigestValue></ds:Reference><ds:Reference URI="#id-29">
   <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="ebs hcv idp msa" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>HiE8JaUo37dckfkchYYve9S6LuQ=</ds:DigestValue></ds:Reference></ds:SignedInfo>
   <ds:SignatureValue>tAb..truncated..Q==</ds:SignatureValue>
   <ds:KeyInfo Id="KI-FF9156B4BEE23716A1142978895556414"><wsse:SecurityTokenReference wsu:Id="STR-FF9156B4BEE23716A1142978895556415">
<wsse:Reference URI="#X509-FF9156B4BEE23716A1142978895556413" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
</wsse:SecurityTokenReference></ds:KeyInfo></ds:Signature>
<wsse:UsernameToken wsu:Id="UsernameToken-26">
<wsse:Username>confsu141@gmail.com</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Your_Password</wsse:Password></wsse:UsernameToken>
<wsu:Timestamp wsu:Id="TS-25"><wsu:Created>2015-04-23T11:35:55Z</wsu:Created>
<wsu:Expires>2015-04-23T11:45:55Z</wsu:Expires></wsu:Timestamp></wsse:Security>
      <idp:IDP wsu:Id="id-28" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <ServiceUserMUID>011210</ServiceUserMUID>
      </idp:IDP>
      <ebs:EBS wsu:Id="id-27" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <SoftwareConformanceKey>b832708a-52a7-45bc-a221-7930267617db</SoftwareConformanceKey>
         <AuditId>Your_UniqueAuditID</AuditId>
      </ebs:EBS>
  </soapenv:Header>
   <soapenv:Body wsu:Id="id-29" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <hcv:validate>
         <requests>
           <hcvRequest>
               <healthNumber>1216070563</healthNumber>
               <versionCode>ML</versionCode>
               <feeServiceCodes>A110</feeServiceCodes>                 
               </hcvRequest>  
           </requests>
         <locale>en</locale>
      </hcv:validate>
   </soapenv:Body>
</soapenv:Envelope>

    我们如何使用Node.js实现这一点?我已经阅读了SOAP WS-security,但我不知道!在node.js中实现

1 个答案:

答案 0 :(得分:0)

安装证书并不会有帮助,因为它只是将证书保存到您的操作系统的可信存储中,但您的节点程序无法从中读取,因此您需要使用ssl-root-cas模块来构建信任存储进入内存,以便您的程序可以读取。对于通用https请求,您将需要使用require('ssl-root-cas/latest').inject()加载受信任存储所具有的所有证书,但由于您的端点需要特定证书,因此您需要手动添加它们:

require('ssl-root-cas')
  .addFile('[phyical path to root cert]')
  .addFile('[phyical path to chain cert]')
  .addFile('[phyical path to signing cert]'); //This one you don't need to read its wsdl.
相关问题
最新问题