Forum Discussion

tamnor's avatar
Occasional Contributor
8 years ago

Hashing password for outgoing WS-Security header parameters in REST web service request



We are developing a REST web service based on an existing SOAP service that uses Outgoing WS-security authentication.


We want to add the nonce and password digest to the REST request as header parameters.


I am using SoapUI NG to create my test cases.


I can't see a way of applying these from the WS-Config like you can in a Soap request so I want to create a Groovy script to generate these.


My code below doesn't work, due to the line where it creates the hashedPW.


    String  password = "DUMMYPW"
    created = "2017-02-27T16:28:49Z"
    nonce = "368664078"

    HashedPassword = MessageDigest.getInstance("SHA-1").digest(password.getBytes("UTF-8")).encodeBase64().toString()

    PasswordDigest = MessageDigest.getInstance("SHA-1").digest((nonce+created+HashedPassword).getBytes("UTF-    8")).encodeBase64().toString()
    EncodedNonce = nonce.getBytes("UTF-8").encodeBase64() "PasswordDigest is " +PasswordDigest "Encoded Nonce is " +EncodedNonce


I have the equivalent code in Python which when I apply the values to the REST request result in successful authentication.


So basically I want to know what the groovy equivalent to this Python code would be ..


    hashedpassword =


This causes the password string 'Password1*' to be hashed as ±w”=¶witØÿÒꀣñµ¨¥.


Any help would be greatly appreciated.



No RepliesBe the first to reply