如何在节点js中使用随机数,时间戳和密码创建摘要密码 [英] How to create digest password using nonce, timestamp and password in node js
问题描述
我正在使用Express创建一个应用程序.我有一个SOAP API请求.在此SOAP API中,我必须发送随机数,时间戳和摘要密码.首先,我使用PHP进行了尝试,并成功发送了请求并获得了响应.现在,我也想用Node Js做到这一点.然后,我尝试了wsse npm软件包.但是,这没有创建正确的密码.这是我尝试过的.
I am creating an app using express. And I have a SOAP API request. In this SOAP API, I have to send nonce, timestamp and digest password. First of all I tried this with PHP and I sent the request successfully and got the response. Now I would like to do this with also Node Js. Then I tried wsse npm package. But, this didn't create the correct password. Here is what I tried.
const wsse = require('wsse');
const token2 = new wsse.UsernameToken({
username: 'hdfhrhe', // (required)
password: 'ergerherh', // (required)
created: Timestamp, // (optional) you can specify `craeted`.
nonce: NonceWithEncode, // (optional) you can specify `nonce`.
sha1encoding: 'hex' // (optional) you can specify `sha1encoding` for wrong WSSE Username Token implementation.
});
console.log(token2.getWSSEHeader());
我需要做的.
digest_pw = Base64 ( SHA-1 ( nonce + timestamp+ SHA-1 ( password ) ) );
我该怎么做?有什么方法吗?
How can I do this ?? Are there any method ??
推荐答案
首先,您需要加密库:
const crypto = require('crypto');
然后,定义一些功能:
function someId() {
// function taken from https://stackoverflow.com/questions/105034/how-to-create-a-guid-uuid
// creates a random 20 characters hex string
return 'xxxxxxxxxxxxxxxxxxxx'.replace(/x/g, function(c) {
var r = Math.random() * 16 | 0, v = c == 'x' ? r : (r & 0x3 | 0x8);
return v.toString(16);
});
}
function md5(str, encoding) {
return crypto.createHash('md5').update(str).digest(encoding);
}
function passwordDigest(created, nonce, pass) {
// Password_Digest = Base64 ( SHA-1 ( bytes(decode64(nonce)) + bytes(created) + bytes(password) ) )
let pd = Int8Array.from([...Int8Array.from(Buffer.from(nonce, 'base64')),
...Int8Array.from(Buffer.from(created)),
...Int8Array.from(Buffer.from(pass))]);
pd = crypto.createHash('sha1').update(pd).digest('base64');
return pd;
}
// for example
// console.log(passwordDigest('2006-07-26T15:16:00.925Z', 'lckJBnhGHAj4EGG3YuGXmg==', '1111'));
// must print 'LiP3J84wKHpA6sMOu2BVVZRGYSY='
现在,您可以计算变量以将其嵌入标头中
Now you can calculate variables to embed them in the header:
const usernametoken = `UsernameToken-${Math.round(Math.random()*10000000).toString()}`;
const username = 'myUserName';
const passwd = 'myPassword'; // this will not be sent
const created = (new Date).toISOString();
const nonce = md5(someId().substr(0,16), 'base64'); // Only 16 characters length before md5!
const passworddigest = passwordDigest(created, nonce, passwd);
然后替换在soap标头中计算出的变量:
Then you replace the variables you have calculated in a soap header:
const header = `<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="${usernametoken}" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>${username}</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">${passworddigest}</wsse:Password>
<wsse:Nonce>${nonce}</wsse:Nonce>
<wsu:Created>${created}</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>`;
因此,最后,您必须将此标头嵌入到< soapenv:Envelope>在< soapenv:Body>之前.
So, finally, you must embed this header in your <soapenv:Envelope> before the <soapenv:Body>.
这篇关于如何在节点js中使用随机数,时间戳和密码创建摘要密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!