Soap Saml ws-trust在没有证书的情况下使用Node.js签署Soap请求

时间:2019-04-22 13:01:03

标签: node.js soap saml ws-security xml-encryption

我正在尝试向SOAP Web服务进行身份验证并签署我的请求。

仅向我提供WSDL URL,用户名和密码。从我可以从WSDL文件中收集到的信息来看,该服务使用了ws-security和wstrust 1.3。 我得到的唯一文档是2个请求和2个响应。一种是请求安全令牌,另一种是实际签名的服务功能调用。

我做了第一个请求并得到了响应(这是他们发送的示例响应):

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</a:Action>
    <a:RelatesTo>urn:uuid:68b5bc02-46e6-4771-b2f9-96876e0f2477</a:RelatesTo>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2011-04-25T19:43:20.666Z</u:Created>
        <u:Expires>2011-04-25T19:48:20.666Z</u:Expires>
      </u:Timestamp>
    </o:Security>
  </s:Header>
  <s:Body>
    <trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
      <trust:RequestSecurityTokenResponse>
        <trust:KeySize>256</trust:KeySize>
        <trust:Lifetime>
          <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-04-25T19:43:20.660Z</wsu:Created>
          <wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2011-04-25T20:43:20.660Z</wsu:Expires>
        </trust:Lifetime>
        <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
          <a:EndpointReference>
            <a:Address>https://kpsv2.nvi.gov.tr/services/RoutingService.svc</a:Address>
          </a:EndpointReference>
        </wsp:AppliesTo>
        <trust:RequestedSecurityToken>
          <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
            <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
              <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
                <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
                  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                </e:EncryptionMethod>
                <KeyInfo>
                  <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <X509Data>
                      <X509IssuerSerial>
                        <X509IssuerName>C=TR, L=Ankara, O=Kale Yazilim San. ve Tic. Ltd. Sti., CN=Kale Yazilim Elektronik Sertifika Hizmetleri</X509IssuerName>
                        <X509SerialNumber>1033461495358811184</X509SerialNumber>
                      </X509IssuerSerial>
                    </X509Data>
                  </o:SecurityTokenReference>
                </KeyInfo>
                <e:CipherData>
                  <e:CipherValue>LQA6LWtMsv76J98uoAzTxmjit0ktn19+xsgQaTrtMrycxcP/VRIkPpMV/L0dzZha3R8wRjEtO4xQtWGZUnwDTwrqqWp6MhR8MXU87jE9nxGr5ZkFsLGAYJqEPfkARG0eiaIkKcOfQsVk4DlvMKc/sFUUFyg0oehVG+pKhRRVeNQ=</e:CipherValue>
                </e:CipherData>
              </e:EncryptedKey>
            </KeyInfo>
            <xenc:CipherData>
              <xenc:CipherValue>REALLY LONG BASE64 VALUE</xenc:CipherValue>
            </xenc:CipherData>
          </xenc:EncryptedData>
        </trust:RequestedSecurityToken>
        <trust:RequestedProofToken>
          <trust:BinarySecret>VNKPrHDUdNl8dtBCLmmTDCbhd8zNzHOKSoGi2dlZm9I=</trust:BinarySecret>
        </trust:RequestedProofToken>
        <trust:RequestedAttachedReference>
          <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
            <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_c7fc78ef-0305-49cf-b680-24d520a11d81</o:KeyIdentifier>
          </o:SecurityTokenReference>
        </trust:RequestedAttachedReference>
        <trust:RequestedUnattachedReference>
          <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
            <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_c7fc78ef-0305-49cf-b680-24d520a11d81</o:KeyIdentifier>
          </o:SecurityTokenReference>
        </trust:RequestedUnattachedReference>
        <trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
        <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
        <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
      </trust:RequestSecurityTokenResponse>
    </trust:RequestSecurityTokenResponseCollection>
  </s:Body>
</s:Envelope>

现在我应该执行实际的服务请求,这是他们的示例请求:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://kps.nvi.gov.tr/2011/01/01/AksOkuTumIleBagliIlceServis/Listele</a:Action>
    <a:MessageID>urn:uuid:754effc7-2d18-4206-a9e3-813ffde6c0f5</a:MessageID>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo9D/QwnIomtOnyjAZSLlXM4AAAAAzAilkr+5tU+O0GSvus7imiA2R3fSG9JKp+jKtBb5PT0ACQAA</VsDebuggerCausalityData>
    <a:To s:mustUnderstand="1">https://kpsv2.nvi.gov.tr/services/RoutingService.svc</a:To>
    <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
      <u:Timestamp u:Id="_0">
        <u:Created>2011-04-25T19:44:47.777Z</u:Created>
        <u:Expires>2011-04-25T19:49:47.777Z</u:Expires>
      </u:Timestamp>
      <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
        <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
        <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
          <e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
            <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
              <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            </e:EncryptionMethod>
            <KeyInfo>
              <o:SecurityTokenReference>
                <X509Data>
                  <X509IssuerSerial>
                    <X509IssuerName>C=TR, L=Ankara, O=Kale Yazilim San. ve Tic. Ltd. Sti., CN=Kale Yazilim Elektronik Sertifika Hizmetleri</X509IssuerName>
                    <X509SerialNumber>1033461495358811184</X509SerialNumber>
                  </X509IssuerSerial>
                </X509Data>
              </o:SecurityTokenReference>
            </KeyInfo>
            <e:CipherData>
              <e:CipherValue>LQA6LWtMsv76J98uoAzTxmjit0ktn19+xsgQaTrtMrycxcP/VRIkPpMV/L0dzZha3R8wRjEtO4xQtWGZUnwDTwrqqWp6MhR8MXU87jE9nxGr5ZkFsLGAYJqEPfkARG0eiaIkKcOfQsVk4DlvMKc/sFUUFyg0oehVG+pKhRRVeNQ=</e:CipherValue>
            </e:CipherData>
          </e:EncryptedKey>
        </KeyInfo>
        <xenc:CipherData>
          <xenc:CipherValue>REALLY LONG BASE 64 VALUE (SAME VALUE AS ABOVE)</xenc:CipherValue>
        </xenc:CipherData>
      </xenc:EncryptedData>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        <SignedInfo>
          <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
          <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
          <Reference URI="#_0">
            <Transforms>
              <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <DigestValue>XD2Q/UIavQ4ZLOsiHKdba4YG0OQ=</DigestValue>
          </Reference>
        </SignedInfo>
        <SignatureValue>l4TpFXhwwKBgFAjB11NfJ9nAwXU=</SignatureValue>
        <KeyInfo>
          <o:SecurityTokenReference k:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" xmlns:k="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
            <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_c7fc78ef-0305-49cf-b680-24d520a11d81</o:KeyIdentifier>
          </o:SecurityTokenReference>
        </KeyInfo>
      </Signature>
    </o:Security>
  </s:Header>
  <s:Body>
    <Listele xmlns="http://kps.nvi.gov.tr/2011/01/01">
      <kriter xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
        <IlKodu>6</IlKodu>
      </kriter>
    </Listele>
  </s:Body>
</s:Envelope>

o:Securtiy标签中,xenc:EncryptedData部分与响应的trust:RequestedSecurtiyToken中的部分相同(上面的第一个代码块)。

但是我不知道如何生成请求的签名部分,我应该使用哪个密钥/令牌?我在npm中找到的所有xmlenc模块都使用公用/专用密钥对,而我却没有。当要求提供证书/密钥对时,他们只向我提供了一个ssl证书和其域的根ca,这对我没有用?

如何创建请求XML的安全性部分?

0 个答案:

没有答案
相关问题
最新问题