3

I am using node-soap lib for SOAP services and using it for first time. I am having requirement that I need to pass both Certificates and Basic Authorization header with every request compulsory.

I have implemented my code as follow : 

var options = {
    wsdl_options: {
        key: fs.readFileSync(path.resolve("./xxx.key")),
        cert: fs.readFileSync(path.resolve("./xxx.crt")),
        ca: fs.readFileSync(path.resolve("./xxx.pem")),
    },
    wsdl_headers : {    
     Authorization : 'Basic ' + new Buffer(username +':'+ password ).toString('base64')
    },
    "overrideRootElement": {
        "namespace": "con",
    },
    envelopeKey : 'soapenv'
};



soap.createClient(url, options, function(err, client) {
    if(err){
        console.log("Error ::: >",err);
        res.json({message : err});
    }


    if(client){
        console.log(JSON.stringify(client.describe()));
        var data = actualRequestObject  

        client.setSecurity(new soap.ClientSSLSecurity(
            fs.readFileSync(path.resolve("./XXX.key")), 
            fs.readFileSync(path.resolve("./XXX.crt")),
            fs.readFileSync(path.resolve("./XXX.pem"))
        ));

        client.setSecurity(new soap.BasicAuthSecurity(username, password));
        client.IndicativeEnrichment(data, function(err, result){
            console.log("lastRequest :::: >>>>> ",client.lastRequest);
            if(err){
                console.log("ERROR Enrichment :::: >>> ", err);
            }

            if(result){
                console.log("RESULT ::: >>>>", result);
            }
        })
    }
});

When I am trying to set Basic auth and Certs both using setSecurity() method. It overrides the first thing that I've set using setSecurity(). I am getting unauthorized error if I don't pass any one of these.

Please help me with providing the solution the solution.

Rahul Jadav
  • 51
  • 2
  • 4
  • 1
    I have resolved the issue by overriding request module. `request : request.defaults({ headers : { Authorization : 'Basic XXXXXXXXX' } })` But I'm not sure if it is right approach or not. If any one have an idea about it please help me. – Rahul Jadav Jul 10 '17 at 12:24

1 Answers1

3

A good way to get both client certificates and basic authentication would be to implement your own node-soap security protocol. You can either get inspired by the existing node-soap security protocols and combine them, or write one which is generic enough to chain two (or more) existing security protocols. It would of course be even better to create a pull request with the solution, so it can be considered for inclusion directly in node-soap.

Personally ended up passing additional options with a configured https.Agent(...) to the BasicAuthSecurity constructor/class.

var https = require('https');

var options = {
  // https://nodejs.org/api/https.html#https_class_https_agent
  agent: new https.Agent({
    key: someKeyBuffer,
    cert: someCertBuffer,
    ca: [
      someCACertBuffer,
    ]
  });
}

client.setSecurity(new soap.BasicAuthSecurity('username', 'password', options));

This way can also be used to combine basic authentication with .pfx or .p12 files used in ClientSSLSecurityPFX

Joel Purra
  • 24,294
  • 8
  • 60
  • 60