如何在节点js中使用随机数，时间戳和密码创建摘要密码 [英] How to create digest password using nonce, timestamp and password in node js

问题描述

我正在使用Express创建一个应用程序.我有一个SOAP API请求.在此SOAP API中，我必须发送随机数，时间戳和摘要密码.首先，我使用PHP进行了尝试，并成功发送了请求并获得了响应.现在，我也想用Node Js做到这一点.然后，我尝试了wsse npm软件包.但是，这没有创建正确的密码.这是我尝试过的.

I am creating an app using express. And I have a SOAP API request. In this SOAP API, I have to send nonce, timestamp and digest password. First of all I tried this with PHP and I sent the request successfully and got the response. Now I would like to do this with also Node Js. Then I tried wsse npm package. But, this didn't create the correct password. Here is what I tried.

const wsse = require('wsse');

const token2 = new wsse.UsernameToken({
      username: 'hdfhrhe',                           // (required)
      password: 'ergerherh',                // (required)
      created: Timestamp,           // (optional) you can specify `craeted`.
      nonce: NonceWithEncode, // (optional) you can specify `nonce`.
      sha1encoding: 'hex'                        // (optional) you can specify `sha1encoding` for wrong WSSE Username Token implementation.
    });
console.log(token2.getWSSEHeader());

我需要做的.

digest_pw = Base64 ( SHA-1 ( nonce + timestamp+ SHA-1 ( password ) ) );

我该怎么做?有什么方法吗?

How can I do this ?? Are there any method ??

推荐答案

首先，您需要加密库:

const crypto = require('crypto');

然后，定义一些功能:

function someId() {
  // function taken from https://stackoverflow.com/questions/105034/how-to-create-a-guid-uuid
  // creates a random 20 characters hex string
  return 'xxxxxxxxxxxxxxxxxxxx'.replace(/x/g, function(c) {
    var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
    return v.toString(16);
  });
}

function md5(str, encoding) {
  return crypto.createHash('md5').update(str).digest(encoding);
}

function passwordDigest(created, nonce, pass) {
  // Password_Digest = Base64 ( SHA-1 ( bytes(decode64(nonce)) + bytes(created) + bytes(password) ) )
  let pd = Int8Array.from([...Int8Array.from(Buffer.from(nonce, 'base64')),
                           ...Int8Array.from(Buffer.from(created)),
                           ...Int8Array.from(Buffer.from(pass))]);
  pd = crypto.createHash('sha1').update(pd).digest('base64');
  return pd;
}

// for example
// console.log(passwordDigest('2006-07-26T15:16:00.925Z', 'lckJBnhGHAj4EGG3YuGXmg==', '1111'));
// must print 'LiP3J84wKHpA6sMOu2BVVZRGYSY='

现在，您可以计算变量以将其嵌入标头中

Now you can calculate variables to embed them in the header:

const usernametoken = `UsernameToken-${Math.round(Math.random()*10000000).toString()}`;
const username = 'myUserName';
const passwd = 'myPassword'; // this will not be sent
const created = (new Date).toISOString();
const nonce = md5(someId().substr(0,16), 'base64'); // Only 16 characters length before md5!
const passworddigest = passwordDigest(created, nonce, passwd);

然后替换在soap标头中计算出的变量:

Then you replace the variables you have calculated in a soap header:

const header = `<soapenv:Header>
      <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
        <wsse:UsernameToken wsu:Id="${usernametoken}" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
          <wsse:Username>${username}</wsse:Username>
          <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">${passworddigest}</wsse:Password>
          <wsse:Nonce>${nonce}</wsse:Nonce>
          <wsu:Created>${created}</wsu:Created>
        </wsse:UsernameToken>
      </wsse:Security>
    </soapenv:Header>`;

因此，最后，您必须将此标头嵌入到< soapenv:Envelope>在< soapenv:Body>之前.

So, finally, you must embed this header in your <soapenv:Envelope> before the <soapenv:Body>.

这篇关于如何在节点js中使用随机数，时间戳和密码创建摘要密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！