currently i am working on my services to send TLS certificates with each soap services, i have created the client and server side which accepts soap request with certificate(JKS) in java... But i am not able to find any examples that client side nodejs to send soap request with JKS or PEM files.
Could you please help me on this, if you have any link where i can get information about nodejs example to send soap request to server with TLS certificates.
Thanks in advance.
For the self-signed certificate pinning. I only find out a way to do that one by https module. For example below:
const fs = require('fs');
const https = require('https');
const options = {
hostname: 'localhost',
port: 8080,
path: '/',
method: 'POST',
ca: fs.readFileSync('ca-crt.pem')
};
const req = https.request(options, function(res) {
res.on('data', function(data) {
process.stdout.write(data);
});
});
req.end();
!Noted: when you send to soap you have to check carefully the header and body like.
+ 'cache-control': 'no-cache',
+ 'soapaction': actionName,
+ 'content-type': 'text/xml;charset=UTF-8',
Related
Let's say I have this simple code:
const https = require('https')
const agent = new https.Agent({ keepAlive: true })
const request = https
.request({ agent, host: 'example.com' }, (response) => {
response.pipe(process.stdout)
})
.end()
How do I modify it to retrieve which client and/or server certificate this code uses?
Or do I misunderstand how HTTPS works?
this is the request i want to perform:
POST /v1/oauth2/token HTTP/1.1
Host: api.sandbox.paypal.com
Accept: application/json
Accept-Language: en_US
Authorization: Basic cGF5cGFsaWQ6c2VjcmV0
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
I tried it in nodejs using this code:
paypalSignIn = function(){
var username = process.env.PAYPALID;
var password = process.env.PAYPALSECRET;
var auth = 'Basic ' + Buffer.from(username + ':' + password).toString('base64');
// new Buffer() is deprecated from v6
// auth is: 'Basic VGVzdDoxMjM='
var post_data = querystring.stringify({
'grant_type' : 'client_credentials',
});
var header = {'Accept': 'application/json', 'Authorization': auth, 'Accept-Language': 'en_US'};
const options = {
hostname: 'api.sandbox.paypal.com',
port: 443,
path: '/v1/oauth2/token',
method: 'POST',
headers: header,
}
var post_req = http.request(options, function(res) {
res.setEncoding('utf8');
res.on('data', function (chunk) {
console.log('Response: ' + chunk);
});
});
post_req.write(post_data);
post_req.end();
}
Unfortunately i'm getting the following error:
Error: socket hang up
Try using the https module (it's not enough to set port 443, you have to use the HTTPS protocol to connect to an HTTPS endpoint).
I also noticed you didn't set the Content-Type header. It depends on the API, but that may cause problems for you too.
Finally, I'd consider using a library that wraps http/https like node-fetch, bent, or axios for this rather than the standard library directly. It can handle things like writing to the socket, setting the Content-Length header, etc.
When using node new http2 server, I encountered this error when attempting to call it from the browser: ERR_INVALID_HTTP_RESPONSE.
The code:
const http2 = require('http2');
// Create a plain-text HTTP/2 server
const server = http2.createServer();
server.on('stream', (stream, headers) => {
console.log('headers: ', headers);
stream.respond({
'content-type': 'text/html',
':status': 200
});
stream.end('<h1>Hello World</h1>');
});
server.listen(80);
Turns out, chrome won't allow you to access insecure http2 servers, I had to change the code to:
const server = http2.createSecureServer({
key,
cert
});
and then it worked.
Example Program:
Server:
var fs = require('fs');
var https = require('https');
var options = {
key: fs.readFileSync('server-key.pem'),
cert: fs.readFileSync('server-crt.pem'),
ca: fs.readFileSync('ca-crt.pem'),
};
https.createServer(options, function (req, res) {
console.log(new Date()+' '+
req.connection.remoteAddress+' '+
req.method+' '+req.url);
res.writeHead(200);
res.end("hello world\n");
}).listen(4433);
Client:
var fs = require('fs');
var https = require('https');
var options = {
hostname: 'localhost',
port: 4433,
path: '/',
method: 'GET',
ca: fs.readFileSync('ca-crt.pem')
};
var req = https.request(options, function(res) {
res.on('data', function(data) {
process.stdout.write(data);
});
});
req.end();
I have generated the Keys and certificate using openssl in my Linux server.
But while running client program its showing as Error: self signed certificate . By referring some websites and even stack overflow discussions some have mentioned that using a option called rejectUnauthorized: false even though there is no use in using this parameter while using certificates for secure transfer of data.
Is there any way to trust the certificates in Linux server?
Any example program with certificates and node JS Program ?
Node JS Client to connect to server?
Without Using rejectUnauthorized: false?
I am using an API and I want to make only https requests to the endpoint.
The endpoint however doesn't mandate https, it would respond on http as well.
The following is the code that I use to make https requests to the API:
var options = {
url: "https://something.com",
method: "POST",
headers: {
'Content-Type': 'application/json'
},
agentOptions: {
cert: fs.readFileSync(certFile),
key: fs.readFileSync(keyFile),
rejectUnauthorized: true
}
};
var fetchToken = function(options) {
request({
url: options.url,
method: options.method,
headers: options.headers,
body: body,
agentOptions: options.agentOptions
},function(err,res){
});
}
I am using request module in sending the request to the endpoint. Now how can I be sure that the response I received from the endpoint is infact sent via https, not http.
If you sent your request to https endpoint, and the server doesn't redirect https request to http, then you communicate to the server through https.