Create WS security headers for REST web service in

2020-08-09 05:53发布

We are developing a REST web service with the WS security headers to be passed through as header parameters in the REST request. I am testing this in SoapUI Pro and want to create a groovy script to generate these and then use them in the REST request.

These parameters include the password digest, encoded nonce and created dateTime and password digest which is created from encoding the nonce, hashed password and created date and time, i.e. the code should be the same as that which generates these from using the Outgoing WS Security configurations in SoapUI Pro.

I have created a groovy test script in Soap UI Pro (below). However when I supply the created values to the headers I get authorisation errors.

I am able to hash the password correctly and get the same result a my python script.

Groovy code for this is ..

MessageDigest cript = MessageDigest.getInstance("SHA-1");
        cript.reset();
        cript.update(userPass.getBytes("UTF-8"));
        hashedpw = new String(cript.digest());

This correctly hashes the text 'Password2451!' to í¦è~µ”t5Sl•Vž³t;$.

The next step is to create a password digest of the nonce the created time stamp and the hashed pasword. I have the following code for this ...

MessageDigest cript2 = MessageDigest.getInstance("SHA-1");
        cript2.reset();
        cript2.update((nonce+created+hashedpw).getBytes("UTF-8"));
        PasswordDigest = new String(cript2.digest());
        PasswordDigest = PasswordDigest.getBytes("UTF-8").encodeBase64()

This converts '69999998992017-03-06T16:19:28Zí¦è~µ”t5Sl•Vž³t;$' into w6YA4oCUw6nDicucw6RqxZMIbcKze+KAmsOvBA4oYu+/vQ==.

However the correct value should be 01hCcFQRjDKMT6daqncqhN2Vd2Y=.

The following python code correctly achieves this conversion ...

hashedpassword = sha.new(password).digest()
digest = sha.new(nonce + CREATIONDATE + hashedpassword).digest()

Can anyone tell me where I am going wrong with the groovy code?

Thanks.

1条回答
贼婆χ
2楼-- · 2020-08-09 06:41

changing my answer slightly as in original I was converting the pasword digest to a string value which caused the request to not validate some of the time as certain bytes did not get converted into the correct string value.

import java.security.MessageDigest;

int a = 9
nonce = ""
for(i = 0; i < 10; i++)
{
 random = new Random()
 randomInteger= random.nextInt(a)
 nonce = nonce + randomInteger
}

Byte[] nonceBytes = nonce.getBytes()

def XRMGDateTime =  new Date().format("yyyy-MM-dd'T'HH:mm:ss",     TimeZone.getTimeZone( 'BTC' ));

Byte[] creationBytes = XRMGDateTime.getBytes()

def password = testRunner.testCase.testSuite.getPropertyValue(     "XRMGPassword" )

EncodedNonce = nonce.getBytes("UTF-8").encodeBase64()

MessageDigest cript = MessageDigest.getInstance("SHA-1");
        cript.reset();
        cript.update(password.getBytes());
        hashedpw = cript.digest();

MessageDigest cript2 = MessageDigest.getInstance("SHA-1");
        cript2.update(nonce.getBytes());;
        cript2.update(XRMGDateTime.getBytes());
        cript2.update(hashedpw);

PasswordDigest = cript2.digest()

EncodedPasswordDigest = PasswordDigest.encodeBase64();


def StringPasswordDigest = EncodedPasswordDigest.toString()
def encodedNonceString = EncodedNonce.toString()

testRunner.testCase.setPropertyValue( "passwordDigest", StringPasswordDigest    )  
testRunner.testCase.setPropertyValue( "XRMGDateTime", XRMGDateTime ) 
testRunner.testCase.setPropertyValue( "XRMGNonce", encodedNonceString )   
testRunner.testCase.setPropertyValue( "Nonce", nonce ) 
查看更多
登录 后发表回答