我正在尝试请求此内部服务,负责它的团队表示它需要用户名 密码并使用证书加密。
我想到了使用此模块node-soap
,我在文档中找到了这一点:
1- https://github.com/vpulim/node-soap#wssecurity
2- https://github.com/vpulim/node-soap#wssecuritycert
它解释了如何实现WSSECURITY,但一个规则覆盖另一个规则。因此,此代码无法正常工作:
var wsSecurity = new soap.WSSecurity('username', 'password', options)
client.setSecurity(wsSecurity);
var wsSecurity = new soap.WSSecurityCert(privateKey, publicKey, password);
client.setSecurity(wsSecurity);
使用这两种策略的正确方法是什么?
我是肥皂上的新手,任何帮助都将不胜感激
我遇到了相同的要求。我正在构建一个自定义的WSSECURTYCERTSSL安全模块,这不是很棒,而是可以正常工作。最好的事情是修改Node-soap,以便您可以堆叠多个证券,因为某些(即:SSL(仅处理连接,而其他通过信封操作(即:WSSSSECURITY(。
我完全反对修改任何第三方依赖的来源。它通常会导致未来的问题(更新,兼容性,未使用的错误等(这是我尝试堆叠证券的尝试。
import { IHeaders, ISecurity } from "soap";
export class SecurityStack implements ISecurity {
private stack: ISecurity[];
public constructor(...security: ISecurity[]) {
this.stack = security;
const hasPostProcessMethod = this.stack.some(s => s["postProcess"]);
const hasToXmlMethod = this.stack.some(s => s["toXML"]);
if(hasPostProcessMethod && hasToXmlMethod)
throw new Error("Security with `postProcess` and those with `toXml` methods cannot be used together");
if(!hasPostProcessMethod)
this.postProcess = undefined;
}
public addOptions(options: any): void {
this.stack.forEach(security => {
if(security["addOptions"])
security.addOptions(options);
});
}
public toXML(): string {
let result = "";
this.stack.forEach(security => {
if(security["toXML"])
result += security.toXML();
});
return result;
}
public addHeaders(headers: IHeaders): void {
this.stack.forEach(security => {
if(security["addHeaders"])
security.addHeaders(headers);
});
}
public postProcess?(xml: any, envelopeKey: any): string {
let result = xml;
this.stack.forEach(security => {
if(security["postProcess"])
result = security.postProcess(xml, envelopeKey);
});
return result;
}
}
然后用法:
const client = await soap.createClientAsync(wsdl);
const sslSecurity = new soap.ClientSSLSecurity(xxx, xxx);
const wsSecurity = new soap.WSSecurity("xxx","xxx");
const securityStack = new SecurityStack(sslSecurity, wsSecurity);
client.setSecurity(securityStack);
请记住,并非所有安全方法都可以组合。