I am trying to write a groovy script (java code is welcome as well ;)) which should allow me to perform the Digest authentication. The need being it is to be able to use Digest auth in SOAPUI becauer SOAP doesn't support native this kind of authentication.
To test my script I used an URL: https://postman-echo.com/digest-auth
First I access the page via web browser to get the WWW-Authenticate header. Digest realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", qop="auth"
Then I type the correct user+password and check the Authorization header computed by the web browser. Here is the result:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"
Then I used the same data to perform the computation of the response data using my script. Here is the result:
Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"
My response is differen than the response computed by the web browser.
What do I do wrong?
Here is my script:
import org.apache.commons.codec.digest.DigestUtils
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction
// URL: https://postman-echo.com/digest-auth
wwwAuthHeader = "Digest realm=\"Users\", nonce=\"81lEQmJGxRb3Us9jVJPYlDpjw11On7zW\", qop=\"auth\""
def realmArray = wwwAuthHeader.split(",")
def realm = realmArray[0].split("=")[1]
def nonce = realmArray[1].split("=")[1]
def qop = realmArray[2].split("=")[1]
def uri = "/digest-auth"
def user = "postman"
def pass = "password"
def method ="GET"
def resp = md5(user,realm,pass,method,uri,nonce)
log.info "resp: "+resp
def cnonce = DigestUtils.md5Hex(user)
def authorizationString = "Digest username=\"$user\", realm=$realm, nonce=$nonce, uri=\"$uri\", response=\"$resp\", qop=auth,nc=\"00000001\",cnonce=\"$cnonce\""
log.info "authorizationString: " + authorizationString
// methods
def md5(user, realm, pass, method, String uri, nonce) {
def A1 = DigestUtils.md5Hex ("$user:$realm:$pass")
def A2 = DigestUtils.md5Hex ("$method:$uri")
return DigestUtils.md5Hex ("$A1:$nonce:$A2")
}
Authenticator
for Digest authentication: stackoverflow.com/a/61179764/2073804 – ron190