Fatal编程技术网
  • node.js/
  • 无法使用Firebase functions node.js和证书(pfx)验证来自请求的\u LEAF\u签名

无法使用Firebase functions node.js和证书(pfx)验证来自请求的\u LEAF\u签名

node.js certificate

无法使用Firebase functions node.js和证书(pfx)验证来自请求的\u LEAF\u签名,node.js,google-cloud-functions,certificate,node-request,bankid,Node.js,Google Cloud Functions,Certificate,Node Request,Bankid,我正试图从Firebase函数向需要证书(.pfx)的自定义服务器发出请求。根据这一回答: 我的代码如下: const functions = require('firebase-functions'); const request = require('request'); var fs = require('fs'); // The Firebase Admin SDK to access the Firebase Realtime Database. const admin = re

我正试图从Firebase函数向需要证书(.pfx)的自定义服务器发出请求。根据这一回答:

我的代码如下:

const functions = require('firebase-functions');
const request = require('request');

var fs = require('fs');

// The Firebase Admin SDK to access the Firebase Realtime Database.
const admin = require('firebase-admin');
admin.initializeApp();

exports.postBankId = functions.https.onRequest(async (req, res) => {
  console.log('PostBankId');
  const ipAddress = req.query.ipAddress;
  const requestBody = '{ "endUserIp": "' + ipAddress +'" }';
  console.log('requestBody:', requestBody); 
  const options = {
      url: 'https://appapi2.test.bankid.com/rp/v5/auth',
      json: true,
      pfx: fs.readFileSync('bankidtest.pfx'),
      passphrase: 'myPassPhraseHere',
      body: requestBody
  }

  request.post(options, (err, response) => {
      if (err) {
            console.log('bankid creation error: ' + JSON.stringify(err))
            res.status(500).send('Failed with error: ' + JSON.stringify(err));
      }
      if (response) {
          res.status(200).send('Success');
          console.log('Succes body: ' + response.body)
      }
  });
});
我得到的答案是:

{"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE"}
我将bankidtest.pfx与index.js放在同一个文件夹中。它似乎被上传了,因为如果删除它会产生另一个错误:

Error: could not handle the request
Edit1:

在agentOptions中放置证书的路径也不起作用。给出相同的
无法\u验证\u叶子\u签名
错误

var options = {
    url: 'https://appapi2.test.bankid.com/rp/v5/auth',
    headers: {
        "content-type": "application/json",
    },
    agentOptions: {
        pfx: fs.readFileSync('bankidtest.pfx'),
        passphrase: '********'
    }
};
Edit2: 让它半工作。将请求参数“rejectUnauthorized”设置为“false”,使请求生效。但根据BankId的说法,这不是一种安全或推荐的方法。半工作代码为:

  request({
    url: "https://appapi2.test.bankid.com/rp/v5/auth",
    host: "appapi2.test.bankid.com",
    rejectUnauthorized: false, // This like makes it work
    requestCert: true,
    method: "POST",
    headers: {
        "content-type": "application/json", 
        'Connection': "Keep-Alive"
    },

    body: requestBody,
    agentOptions: {
        pfx: fs.readFileSync('bankidtest.pfx'),
        passphrase: '*****'
    },
Edit3: 已尝试
npm安装ssl根CA
,然后将其添加到my index.js的顶部:

var sslRootCAs = require('ssl-root-cas/latest')
sslRootCAs.inject()
但后来我犯了一个错误:

Error: EROFS: read-only file system, open '/srv/node_modules/ssl-root-cas/pems/mozilla-certdata.txt'
   at Object.fs.openSync (fs.js:646:18)
   at Object.fs.writeFileSync (fs.js:1299:33)
   at /srv/node_modules/ssl-root-cas/ca-store-generator.js:219:10
   at IncomingMessage.<anonymous> 
     (/srv/node_modules/@coolaj86/urequest/index.js:154:9)
Edit5解决了它

似乎需要一个不是从pfx文件派生的CA

银行ID在其文档中提供了CA作为文本。以“----开始证书”开头。。。我将文本复制到pem文件中,并从index.js文件中引用它,如下所示:

agentOptions: {
    pfx: fs.readFileSync('bankidtest.pfx'),
    passphrase: '*****',
    ca: fs.readFileSync('certificate.pem')
},
选中此选项。“此包包含许多浏览器信任但节点不信任的中间证书。”您认为此url包含使请求工作的证书。听起来很奇怪。我把证书存档了。那个链接听起来好像不起作用。试过了。请参阅上面的编辑3。可能您的CA不在此库中。尝试解决编辑4中的问题,您使用的是“请求”模块,我认为您应该这样添加它:
agentOptions:{…,ca:rootCas}
agentOptions: {
    pfx: fs.readFileSync('bankidtest.pfx'),
    passphrase: '*****',
    ca: fs.readFileSync('certificate.pem')
},