The backend receives a JSON object from the front-end containing a Vet's 1010ez request and sends it to an ES endpoint. The ES endpoint response is then returned to the front-end.
The backend uses Express/Strongloop/loopback and the associated loopback-soap-connector
to serve the REST API to the front-end, convert JSON structures into SOAP-friendly XML, and manage
connections and responses from end endpoint.
You should use Node Version Manager (nvm) to manage the versions of node.js on your local machine. To install please visit: If you are on a mac and use homebrew, you can install nvm by typing: brew update && brew install nvm
Once you have nvm installed you should now install node.js version 4.4.4 by running:
nvm install 4.4.4
Once you have node.js version 4.4.4 installed install npm version 3.8.9 by running:
npm i -g npm@3.8.9
node --version // 4.4.4
npm --version // 3.8.9
Checkout the repository:
git clone
Install the node.js project dependencies:
npm install
To start a local development server:
npm run watch
View your local server at http://localhost:3000/
There are multiple environments for the ES servers. To use any of them, you must be on a machine that can access the VA internal network. Without this, the UI will work but all submissions will end in a failure at the SOAP layer.
The 4 environments used are dev
, sqa
, preProd
, and prod
. For preProd
and prod
you will need a certificate/key that has been registered by the ES team
for each of those environments. As a developer YOU WILL NOT LIKELY BE GIVEN ACCESS
and prod
endpoints are used on the deployed
staging and production servers. During normal development, test against dev
or sqa
The server endpoints are configured in config.json
via the
and config.soap.wsdl
keys. See the endpoint
for a list of the common server endpoints to use.
The configuration default is https SOAP requests sent to esDev
. This should
just work when you are on the VA network.
You can either submit a form via the UI or by using CURL.
For the UI, visit:
and then complete the form like a normal user. The SOAP request is sent when the final "submit" is clicked.
Alternately, in development environments, you can enable the development
panel by adding ?devPanel=1
that adds some widgets for auto-populating
fields and jumping around the navigation flow.
For pure server development, it is often easier to write directly to the REST API using curl. This can be done with
scripts/ test/data/fake-application.json
If the submit succeeds, you should see a section a log line similar to:
node-soap Http response body: "<?xml version='1.0' encoding='UTF-8'?><S:Envelope xmlns:S=\"\"><S:Body><submitFormResponse xmlns:ns2=\"\" xmlns=\"\"><status>100</status><formSubmissionId>40124668140</formSubmissionId><message><type>Form successfully received for EE processing</type></message><timeStamp>2016-05-25T04:59:39.345-05:00</timeStamp></submitFormResponse></S:Body></S:Envelope>"
Note that per WSDL spec, the WSDL file actually specifies the endpoint to use
so having the wsdl
file location be a separete config from endpoint
actually overriding the normal behavior.
In the current configuraiton, a snapshot of the WSDL config from the ES development server has been committed into the codebase and modified such that all remote resources are stored locally.
This is done intentionally because reading the wsdl file and then the associated schema from the server is really slow. Also, in the absence of a network connection, failure to read this file leads to an inability to create the soap client object which makes many parts of the server code inaccessible.
On the down side, it means that when the server updates their WSDL our code will not see the change.
To use the server WSDL, remove the config.soap.wsdl
key. If config.soap.wsdl
is not defined, then the server will try to fetch the latest WSDL from the endpoint
using a GET request with a query string of ?wsdl
Status can be retrieved from the commandline using
scripts/ [submisison number]
Trust stores come into play in 2 situations:
- Our server's validation of the ES SOAP endpoint server TLS certificate
- [in preProd/prod] the ES SOAP endpoint's validation of our client certificate
For (1), the ES SOAP endpoint, for various reasons, sometimes presents a non-standard
trust chain where the end server certificate is signed by an issuer that is NOT
in the chain. In this situation, the config.soap.serverCA
variable MUST
contain the issuer that immediately preceeds the end server certificate, and
it must also contain all certificates in the chain presented by the server
terminating in a self-signed CA certificate.
VA has 2 such chains, one rooted off the VA Internal Root CA
and one rooted
off of Federal Common Policy CA
. A different combination of these must be
used depending on the presented certificate.
Failing to present the right combination will either yield a get local issuer certificate
warning (means one of the certificates in the chain that is NOT the end certificate has
an issuer which is not specified in config.soap.serverCA
) or
unable to verify first certificate
which occurs if the first issuer is both not inside
the trust chain presented by the server and is not provided inside config.soap.serverCA
If the server is correctly configured, config.soap.serverCA
should really only contain
one entry for the last self-signed CA certificate that roots the whole chain, but that
is not how these servers are currently set up.
For (2), the ES system must to the equivalent of the above for us. On our side, we
must present a end certificate with the full trust chain up to our root certificate.
An example of this can be found in certs/VA Healthcare Application - chain.pem
. Note
that the associated key is NOT commited into source control so this certificate is
not usable by itself. Without access to the server key, it is mostly interesting as a
format reference.
The common trust chain configurations can be found in config.js under the
and vaFederalCommonPolicyChain
constants. The ca
maps envrionments to the needed chains to validate a SERVER (scenario #1 above).
The ES system validates data fields in addition to the validation done by our own logic. Ideally the two should be in sync, but in the even they are not, the ES system will respond with a soap error that lists a fault code and a (generally correct) test description of the problem.
Fault codes can be found in the spreadsheet: docs/VOA Data Elements and Validations.xlsx
This is a javascript mapping of a snapshot of the fault codes from the given spreadsheet.
