Question

我正在尝试使用Node使用SOAP WS-Security服务，并且请求必须具有类似以下的摘要结构：

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:v1="http://ws.hc2.dc.com/v1">

    <soapenv:Header>
        <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-F9932E49C67837D88415342820380929"><!--DATA--></wsse:BinarySecurityToken>

            <ds:Signature Id="SIG-F9932E49C67837D884153428203810212" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            </ds:Signature>

            <wsse:UsernameToken wsu:Id="UsernameToken-F9932E49C67837D88415342820380868">
                <wsse:Username><!--DATA--></wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><!--DATA--></wsse:Password>
                <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"><!--DATA--></wsse:Nonce>
                <wsu:Created>2018-08-14T21:27:18.086Z</wsu:Created>
            </wsse:UsernameToken>

            <wsu:Timestamp wsu:Id="TS-F9932E49C67837D88415342820380867">
                <wsu:Created>2018-08-14T21:27:18.086Z</wsu:Created>
                <wsu:Expires>2018-08-14T21:28:18.086Z</wsu:Expires>
            </wsu:Timestamp>

        </wsse:Security>
    </soapenv:Header>

    <soapenv:Body wsu:Id="id-E40CE4DF6628FFDAE615320042127276" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <!--BODY-->
    </soapenv:Body>
</soapenv:Envelope>

请注意，标头仅包含security标记，该标记包含4个元素：

BinarySecurityToken
Signature
UsernameToken
Timestamp

使用节点soap模块，我只能使用以下命令生成标头：

UsernameToken和Timestamp
BinarySecurityToken，Signature，Timestamp（而且我不确定这些是否正确）

但是我无法使用4个安全元素生成标头。

那么，如何在Node中使用具有这四个限制的SOAP WS-Security Service？还是使用PHP？

我已经读过Java和C＃可以轻松生成此标头，但是我没有机会（知识和经验）在服务器中使用它们。

PS：我有一个密码和四个扩展名为.p12 / .cer的文件，名称分别为：

[domain] .crt
[domain] .p12
[company] .sign.crt
[company] .sign.p12

我不确定我是否正确使用了这些文件。

其他

我的代码：

const soap = require('soap');
const fs = require('fs');
const url = 'https://example.com?WSDL';
let request = require('request');
const options = {
    headers: {
        "content-type": "application/json",
    },
    agentOptions: {
        pfx: fs.readFileSync(__dirname + '/certs/domain.p12'),
        passphrase: 'pass',
        securityOptions: 'SSL_OP_NO_SSLv2'
    }
};
request = request.defaults(options);
soap.createClient(url, {
    request: request
}, function(err, client) {
    if (err) throw err;
    client.setEndpoint('https://example-endpoint.com');

    // SSL securty PFX
    client.setSecurity(new soap.ClientSSLSecurityPFX(
        __dirname + '/certs/cert.p12',
        'password',
        {
            strictSSL: false,
            secureOptions: 'SSL_OP_NO_TLSv1_2'
        },
    ));
    // WS Security
    var wsSecurity = new soap.WSSecurity('user', 'password', {
        hasNonce: true,
        hasTokenCreated: true,
        passwordType: 'PasswordText',
        hasTimeStamp: true,
        mustUnderstand: false
    });
    client.setSecurity(wsSecurity);
    // WS Security Cert
    const privateKey = fs.readFileSync(__dirname + '/certs/domain.p12'); //I also convert this file to .pem
    const publicKey = fs.readFileSync(__dirname + '/certs/domain.crt');
    const password = 'experian'; // optional password
    const wsSecurity2 = new soap.WSSecurityCert(privateKey, publicKey, password);
    client.setSecurity(wsSecurity2);
    const args = {
        //DATA
    };
    client.ServicioHistoriaCreditoPlus.other.consultarHC2(args, function(err, result){
        if (err) console.log(err);;
        console.log(result);
    });
});

我需要的最完整的标题：

<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-F9932E49C67837D88415342820380929"><!--DATA--></wsse:BinarySecurityToken>
    <ds:Signature Id="SIG-F9932E49C67837D884153428203810212" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
           <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
              <ec:InclusiveNamespaces PrefixList="soapenv v1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
           </ds:CanonicalizationMethod>
           <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
           <ds:Reference URI="#id-E40CE4DF6628FFDAE615320042127276">
              <ds:Transforms>
                 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces PrefixList="v1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                 </ds:Transform>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue><!--DATA--></ds:DigestValue>
           </ds:Reference>
           <ds:Reference URI="#UsernameToken-F9932E49C67837D88415342820380868">
              <ds:Transforms>
                 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces PrefixList="soapenv v1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                 </ds:Transform>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue><!--DATA--></ds:DigestValue>
           </ds:Reference>
           <ds:Reference URI="#TS-F9932E49C67837D88415342820380867">
              <ds:Transforms>
                 <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                    <ec:InclusiveNamespaces PrefixList="wsse soapenv v1" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                 </ds:Transform>
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
              <ds:DigestValue><!--DATA--></ds:DigestValue>
           </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue><!--DATA--></ds:SignatureValue>
        <ds:KeyInfo Id="KI-F9932E49C67837D884153428203809210">
           <wsse:SecurityTokenReference wsu:Id="STR-F9932E49C67837D884153428203809211">
              <wsse:Reference URI="#X509-F9932E49C67837D88415342820380929" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
           </wsse:SecurityTokenReference>
        </ds:KeyInfo>
    </ds:Signature>
    <wsse:UsernameToken wsu:Id="UsernameToken-F9932E49C67837D88415342820380868">
        <wsse:Username><!--DATA--></wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText"><!--DATA--></wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"><!--DATA--></wsse:Nonce>
        <wsu:Created>2018-08-14T21:27:18.086Z</wsu:Created>
    </wsse:UsernameToken>
    <wsu:Timestamp wsu:Id="TS-F9932E49C67837D88415342820380867">
        <wsu:Created>2018-08-14T21:27:18.086Z</wsu:Created>
        <wsu:Expires>2018-08-14T21:28:18.086Z</wsu:Expires>
    </wsu:Timestamp>
  </wsse:Security>

通过Node或PHP使用SOAP WS-Security

0 个答案: