Add support for WS-Security password digests and timestamps.

Proful · Sep 23, 2011 · a02ab73 · a02ab73
1 parent 4e89bc6
commit a02ab73
Showing 1 changed file with 35 additions and 3 deletions.
diff --git a/lib/soap.js b/lib/soap.js
@@ -7,7 +7,8 @@ var Client = require('./client').Client,
     Server = require('./server').Server,
     WSDL = require('./wsdl').WSDL,
     http = require('./http'),
-    fs = require('fs');
+    fs = require('fs'),
+    crypto = require('crypto');
 
 var _wsdlCache = {};
 
@@ -62,10 +63,41 @@ function WSSecurity(username, password) {
 }
 
 WSSecurity.prototype.toXML = function() {
-    return  "<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">" +
+    // avoid dependency on date formatting libraries
+    function getDate(d) {
+        function pad(n){return n<10 ? '0'+n : n}
+        return d.getUTCFullYear()+'-'
+            + pad(d.getUTCMonth()+1)+'-'
+            + pad(d.getUTCDate())+'T'
+            + pad(d.getUTCHours())+':'
+            + pad(d.getUTCMinutes())+':'
+            + pad(d.getUTCSeconds())+'Z';
+    }
+    var now = new Date();
+    var created = getDate( now );
+    var expires = getDate( new Date(now.getMilliseconds() + (1000 * 600)) );
+
+    // nonce = base64 ( sha1 ( created + random ) )
+    var nHash = crypto.createHash('sha1');
+    nHash.update(created + Math.random());
+    var nonce = nHash.digest('base64');
+
+    // digest = base64 ( sha1 ( nonce + created + password ) )
+    var pwHash = crypto.createHash('sha1');
+    var rawNonce = new Buffer(nonce || '', 'base64').toString('utf8');
+    pwHash.update( rawNonce + created + this._password );
+    var passwordDigest = pwHash.digest('base64');
+
+    return  "<wsse:Security xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" soap:mustUnderstand=\"1\">" +
+            "<wsu:Timestamp wsu:Id=\"Timestamp-"+created+"\">" +
+            "<wsu:Created>"+created+"</wsu:Created>" +
+            "<wsu:Expires>"+expires+"</wsu:Expires>" +
+            "</wsu:Timestamp>"
             "<wsse:UsernameToken>" +
             "<wsse:Username>"+this._username+"</wsse:Username>" +
-            "<wsse:Password>"+this._password+"</wsse:Password>" +
+            "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">"+passwordDigest+"</wsse:Password>" +
+            "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">"+nonce+"</wsse:Nonce>" +
+            "<wsu:Created>"+created+"</wsu:Created>" +
             "</wsse:UsernameToken>" +
             "</wsse:Security>"
 }