java - Groovy Digest authentication -
i trying write groovy script (java code welcome ;)) should allow me perform digest authentication. need being able use digest auth in soapui becauer soap doesn't support native kind of authentication.
to test script used url: https://postman-echo.com/digest-auth
first access page via web browser www-authenticate header. digest realm="users", nonce="81leqmjgxrb3us9jvjpyldpjw11on7zw", qop="auth"
then type correct user+password , check authorization header computed web browser. here result:
digest username="postman", realm="users", nonce="81leqmjgxrb3us9jvjpyldpjw11on7zw", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"
then used same data perform computation of response data using script. here result:
digest username="postman", realm="users", nonce="81leqmjgxrb3us9jvjpyldpjw11on7zw", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"
my response differen response computed web browser.
what do wrong?
here script:
import org.apache.commons.codec.digest.digestutils import com.eviware.soapui.impl.wsdl.actions.teststep.runfromteststepaction // url: https://postman-echo.com/digest-auth wwwauthheader = "digest realm=\"users\", nonce=\"81leqmjgxrb3us9jvjpyldpjw11on7zw\", qop=\"auth\"" def realmarray = wwwauthheader.split(",") def realm = realmarray[0].split("=")[1] def nonce = realmarray[1].split("=")[1] def qop = realmarray[2].split("=")[1] def uri = "/digest-auth" def user = "postman" def pass = "password" def method ="get" def resp = md5(user,realm,pass,method,uri,nonce) log.info "resp: "+resp def cnonce = digestutils.md5hex(user) def authorizationstring = "digest username=\"$user\", realm=$realm, nonce=$nonce, uri=\"$uri\", response=\"$resp\", qop=auth,nc=\"00000001\",cnonce=\"$cnonce\"" log.info "authorizationstring: " + authorizationstring // methods def md5(user, realm, pass, method, string uri, nonce) { def a1 = digestutils.md5hex ("$user:$realm:$pass") def a2 = digestutils.md5hex ("$method:$uri") return digestutils.md5hex ("$a1:$nonce:$a2") }
Comments
Post a Comment