我正在尝试使用 node-soap 使用
WSSecurityCert
来使用 SOAP 服务。该服务要求我设置时间戳,使 SOAP 请求的有效期为 5 分钟并带有 wsu
前缀。 node-soap
库的“硬编码”有效期为 10 分钟,没有明显的方法可以覆盖它。我不知道如何或是否可以在发送之前修改时间戳,因为 WSSecurityCert
签名可能会失效。
我的代码:
const client = await soap.createClientAsync(url);
const securityOptions = {
hasTimeStamp: true,
}
const wsSecurity = new soap.WSSecurityCert(PRIVATE_KEY, PUBLIC_CERT, '', securityOptions);
client.setSecurity(wsSecurity);
const result = await client.method(args);
生成的时间戳如下所示:
<Timestamp
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
Id="_1">
<Created>2024-05-08T13:20:09Z</Created>
<Expires>2024-05-08T13:30:09Z</Expires>
</Timestamp>
我需要使时间戳看起来像这样:
<wsu:Timestamp wsu:Id="TS-7C14BF4AA3E26845E015637928928701">
<wsu:Created>2024-05-08T13:20:09Z</wsu:Created>
<wsu:Expires>2024-05-08T13:25:09Z</wsu:Expires>
</wsu:Timestamp>
我尝试将
created
和 expires
添加到 securityOptions
,但无济于事。
是否可以使用node-soap库来实现这一点而不需要分叉它?
我仍在评估这一点,如果我得出更确定的结论,我会稍后更新答案。
soap
不提供任何自定义时间戳标头的方法,请参阅硬编码行:https://github.com/vpulim/node-soap/blob/master/src/security/WSSecurityCert.ts#L124 .
但是您可以做的一件事是将
hasTimestamp
设置为 false,并使用您自己对 wsu:Timestamp
的签名引用:
const options: IWSSecurityCertOptions = {
hasTimeStamp: false,
additionalReferences: [
'wsu:Timestamp',
'wsa:To',
],
signerOptions: {
prefix: 'ds',
attrs: { Id: 'Signature' },
existingPrefixes: {
wsse11: 'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd',
},
},
};
const wsSecurity = new WSSecurityCert(privateKey, publicKey, password, options);
soapClient.setSecurity(wsSecurity);
然后,添加您自己的时间戳:
const expiry = '2100-05-08T00:00:00Z'; // TODO: compute this
soapClient.addSoapHeader((methodName, location, soapAction, args) => {
return `<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" soap:mustUnderstand="1">
<wsu:Timestamp>
<wsu:Created>${new Date().toISOString()}</wsu:Created>
<wsu:Expires>${expiry}</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
`;
});
请注意,此处包含安全标头。这是有效的,因为
soap
中有逻辑可以进行相应调整,请参阅 https://github.com/vpulim/node-soap/blob/master/src/security/WSSecurityCert.ts#L141。
旁注:我必须为安全类编写如下所示的导入语句,不确定是否有更好的方法:
import { IWSSecurityCertOptions, WSSecurityCert } from 'soap/lib/security/WSSecurityCert';