Hashing password for outgoing WS-Security header parameters in REST web service request

Hi,

We are developing a REST web service based on an existing SOAP service that uses Outgoing WS-security authentication.

We want to add the nonce and password digest to the REST request as header parameters.

I am using SoapUI NG to create my test cases.

I can't see a way of applying these from the WS-Config like you can in a Soap request so I want to create a Groovy script to generate these.

My code below doesn't work, due to the line where it creates the hashedPW.

    import java.security.*
    String  password = "DUMMYPW"
    created = "2017-02-27T16:28:49Z"
    nonce = "368664078"

    HashedPassword = MessageDigest.getInstance("SHA-1").digest(password.getBytes("UTF-8")).encodeBase64().toString()

    PasswordDigest = MessageDigest.getInstance("SHA-1").digest((nonce+created+HashedPassword).getBytes("UTF-    8")).encodeBase64().toString()
    EncodedNonce = nonce.getBytes("UTF-8").encodeBase64()

    log.info "PasswordDigest is " +PasswordDigest
    log.info "Encoded Nonce is " +EncodedNonce

I have the equivalent code in Python which when I apply the values to the REST request result in successful authentication.

So basically I want to know what the groovy equivalent to this Python code would be ..

    hashedpassword = sha.new(password).digest()

This causes the password string 'Password1*' to be hashed as ±w”=¶witØÿÒꀣñµ¨¥.

Any help would be greatly appreciated.