I'm trying to send a SOAP request via Node, talking to a service which is secured with WSS.

I need to sign the XML response with a SignedInfo element which requires me combining a Nonce Binary secret I generated, with a Nonce binary secret returned from the initial token request - PSHA1 format.

I've been able to validate this using Java, by utilising the following class (Where the secret is my client nonce and the seed is the server nonce):

https://github.com/apache/wss4j/blob/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/derivedKey/P_SHA1.java#L57

With the following Java code:

Mac mac = Mac.getInstance("HmacSHA1");
SecretKeySpec key = new SecretKeySpec(getSharedKey(), "HmacSHA1");
mac.init(key);

String bytesToSign = "<XML_TO_SIGN_GOES_HERE>";

String signature = Base64.encodeBytes(mac.doFinal(bytesToSign.getBytes())); 

I need to do this in a Node project though, I've looked at the Crypto API and numerous plugins but I'm unable to generate the same signature.

How do I specify a seed for a HmacSHA1 using node?

I managed to get there in the end, there's an NPM module called psha1 (https://www.npmjs.com/package/psha1).

Using that library I created the following a generateSignature module which looks as follows:

const crypto = require('crypto');
const psha1 = require('psha1');

export const generateSignatureValue = ({
  clientSecret,
  serverSecret,
  messageToSign,
}) => {

  const secretKey =
    psha1(clientSecret, serverSecret, 256);

  const hash =
    crypto
      .createHmac('sha1', Buffer.from(secretKey, 'base64'))
      .update(messageToSign)
      .digest('binary');

  return Buffer
    .from(hash, 'binary')
    .toString('base64');
};

export default generateSignatureValue;

This gives me the desired output :)