在SoapUI Pro中为REST Web服务创建WS安全标头 [英] Create WS security headers for REST web service in SoapUI Pro
问题描述
我们正在开发一个REST Web服务,使WS安全头部作为REST请求中的头部参数传递。
我正在SoapUI Pro中测试它,并且想创建一个groovy脚本来生成这些脚本,然后在REST请求中使用它们。
这些参数包括密码摘要,编码的nonce和创建的dateTime和密码摘要,它是通过编码nonce,散列密码和创建的日期和时间创建的,即代码应该与使用SoapUI Pro中的Outgoing WS Security配置生成的代码相同。 / p>
我在Soap UI Pro(下面)中创建了一个groovy测试脚本。但是,当我将创建的值提供给标题时,我收到了授权错误。
我能够正确地散列密码并获得与我的python脚本相同的结果。
Groovy代码因为这是..
MessageDigest cript = MessageDigest.getInstance(SHA-1);
cript.reset();
cript.update(userPass.getBytes(UTF-8));
hashedpw = new String(cript.digest());
这正确地将文本'Password2451!'变为í|è〜μt5Sl•Vž³t; $ 。
下一步是创建创建时间戳和散列密码的nonce的密码摘要。我有以下代码...
MessageDigest cript2 = MessageDigest.getInstance(SHA-1);
cript2.reset();
cript2.update((nonce + created + hashedpw).getBytes(UTF-8));
PasswordDigest = new String(cript2.digest());
PasswordDigest = PasswordDigest.getBytes(UTF-8)。encodeBase64()
将'69999998992017-03-06T16:19:28Zí|〜μt5Sl•Vž³t; $'转换为w6YA4oCUw6nDicucw6RqxZMIbcKze + KAmsOvBA4oYu + / vQ ==。然而,正确的值应该是01hCcFQRjDKMT6daqncqhN2Vd2Y =。
$ b
下面的python代码正确地实现了这种转换......
hashedpassword = sha.new(password).digest()
digest = sha.new(nonce + CREATIONDATE + hashedpassword).digest()
任何人都可以告诉我哪里出问题了吗?
谢谢。
稍微改变我的答案,原因是我将pasword摘要转换为一个字符串值,导致请求无法验证某些时间因为某些字节没有转换为正确的字符串值。
import java.securi ty.MessageDigest;
int a = 9
nonce =
for(i = 0; i <10; i ++)
{
random = new Random ()
randomInteger = random.nextInt(a)
nonce = nonce + randomInteger
}
字节[] nonceBytes = nonce.getBytes()
def XRMGDateTime = new Date()。format(yyyy-MM-dd'T'HH:mm:ss,TimeZone.getTimeZone('BTC'));
Byte [] creationBytes = XRMGDateTime.getBytes()
def password = testRunner.testCase.testSuite.getPropertyValue(XRMGPassword)
EncodedNonce = nonce.getBytes(UTF-8)。encodeBase64()
MessageDigest cript = MessageDigest.getInstance(SHA-1);
cript.reset();
cript.update(password.getBytes());
hashedpw = cript.digest();
MessageDigest cript2 = MessageDigest.getInstance(SHA-1);
cript2.update(nonce.getBytes());;
cript2.update(XRMGDateTime.getBytes());
cript2.update(hashedpw);
PasswordDigest = cript2.digest()
EncodedPasswordDigest = PasswordDigest.encodeBase64();
$ b def StringPasswordDigest = EncodedPasswordDigest.toString()
def encodedNonceString = EncodedNonce.toString()
testRunner.testCase.setPropertyValue(passwordDigest, StringPasswordDigest)
testRunner.testCase.setPropertyValue(XRMGDateTime,XRMGDateTime)
testRunner.testCase.setPropertyValue(XRMGNonce,encodedNonceString)
testRunner.testCase.setPropertyValue(Nonce,nonce)
We are developing a REST web service with the WS security headers to be passed through as header parameters in the REST request. I am testing this in SoapUI Pro and want to create a groovy script to generate these and then use them in the REST request.
These parameters include the password digest, encoded nonce and created dateTime and password digest which is created from encoding the nonce, hashed password and created date and time, i.e. the code should be the same as that which generates these from using the Outgoing WS Security configurations in SoapUI Pro.
I have created a groovy test script in Soap UI Pro (below). However when I supply the created values to the headers I get authorisation errors.
I am able to hash the password correctly and get the same result a my python script.
Groovy code for this is ..
MessageDigest cript = MessageDigest.getInstance("SHA-1");
cript.reset();
cript.update(userPass.getBytes("UTF-8"));
hashedpw = new String(cript.digest());
This correctly hashes the text 'Password2451!' to í¦è~µ"t5Sl•Vž³t;$.
The next step is to create a password digest of the nonce the created time stamp and the hashed pasword. I have the following code for this ...
MessageDigest cript2 = MessageDigest.getInstance("SHA-1");
cript2.reset();
cript2.update((nonce+created+hashedpw).getBytes("UTF-8"));
PasswordDigest = new String(cript2.digest());
PasswordDigest = PasswordDigest.getBytes("UTF-8").encodeBase64()
This converts '69999998992017-03-06T16:19:28Zí¦è~µ"t5Sl•Vž³t;$' into w6YA4oCUw6nDicucw6RqxZMIbcKze+KAmsOvBA4oYu+/vQ==.
However the correct value should be 01hCcFQRjDKMT6daqncqhN2Vd2Y=.
The following python code correctly achieves this conversion ...
hashedpassword = sha.new(password).digest()
digest = sha.new(nonce + CREATIONDATE + hashedpassword).digest()
Can anyone tell me where I am going wrong with the groovy code?
Thanks.
changing my answer slightly as in original I was converting the pasword digest to a string value which caused the request to not validate some of the time as certain bytes did not get converted into the correct string value.
import java.security.MessageDigest;
int a = 9
nonce = ""
for(i = 0; i < 10; i++)
{
random = new Random()
randomInteger= random.nextInt(a)
nonce = nonce + randomInteger
}
Byte[] nonceBytes = nonce.getBytes()
def XRMGDateTime = new Date().format("yyyy-MM-dd'T'HH:mm:ss", TimeZone.getTimeZone( 'BTC' ));
Byte[] creationBytes = XRMGDateTime.getBytes()
def password = testRunner.testCase.testSuite.getPropertyValue( "XRMGPassword" )
EncodedNonce = nonce.getBytes("UTF-8").encodeBase64()
MessageDigest cript = MessageDigest.getInstance("SHA-1");
cript.reset();
cript.update(password.getBytes());
hashedpw = cript.digest();
MessageDigest cript2 = MessageDigest.getInstance("SHA-1");
cript2.update(nonce.getBytes());;
cript2.update(XRMGDateTime.getBytes());
cript2.update(hashedpw);
PasswordDigest = cript2.digest()
EncodedPasswordDigest = PasswordDigest.encodeBase64();
def StringPasswordDigest = EncodedPasswordDigest.toString()
def encodedNonceString = EncodedNonce.toString()
testRunner.testCase.setPropertyValue( "passwordDigest", StringPasswordDigest )
testRunner.testCase.setPropertyValue( "XRMGDateTime", XRMGDateTime )
testRunner.testCase.setPropertyValue( "XRMGNonce", encodedNonceString )
testRunner.testCase.setPropertyValue( "Nonce", nonce )
这篇关于在SoapUI Pro中为REST Web服务创建WS安全标头的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
