Forum Discussion

New Contributor

8 years ago

Retrieve HTTP Digest Data from WWW-Authenticate header in 401 Response from Server

Hi Everyone, I'm trying to build a test case to test HTTP digest authentication. The basic idea is to send an HTTP GET request without Authorization header first and calculate the digest response...

bgafg01-ts_soapui_171027_2.pcap860 KB

Serbija-Telekom-AFG-Test-Project-PA2-soapui-project.xml7 KB

HTTP digest

SoapUI

PaulMS

Super Contributor

8 years ago

Based on some stackoverflow answers a possible solution is splitting the WWW-Authenticate header by comma, then put each key value pair in a map collection.

https://stackoverflow.com/questions/45361721/groovy-digest-authentication

https://stackoverflow.com/questions/1757065/java-splitting-a-comma-separated-string-but-ignoring-commas-in-quotes

See if this groovy script sets the property values that you want.

import org.apache.commons.codec.digest.DigestUtils

def user = "sip:381117508016@ims.telekomsrbija.com";
def pass = "bzlops16";
def request = testRunner.testCase.testSteps["HTTP_Get_FirstHit"].testRequest;
def headerauth = request.response.responseHeaders["WWW-Authenticate"][0];

def values = headerauth.split(',(?=(?:[^\"]*\"[^\"]*\")*[^\"]*$)', 0);
def map = [:];
values.eachWithIndex {it, index ->
	def pair = values[index].tokenize('=')
	map.put(pair[0].trim(), pair[1].trim().replace('"',''))
}

def realm = map["Digest realm"];
def qop = map["qop"];
def nonce = map["nonce"];
def opaque = map["opaque"];

def method = request.getMethod()
def uri = request.getEndpoint();
def response = md5(user, realm, pass, method, uri, nonce);
log.info response

def md5(user, realm, pass, method, String uri, nonce) {
def A1 = DigestUtils.md5Hex ("$user:$realm:$pass")
def A2 = DigestUtils.md5Hex ("$method:$uri")
DigestUtils.md5Hex ("$A1:$nonce:$A2")
}

def init = testRunner.testCase.getTestStepByName( "Properties" );
 init.setPropertyValue( "realm", realm);
 init.setPropertyValue( "nonce", nonce);
 init.setPropertyValue( "opaque", opaque);
 init.setPropertyValue( "response", response);
 init.setPropertyValue( "uri", uri);

asherhancong
New Contributor
8 years ago
Hi Paul,

Thx a lot for your kind and detailed reply. The groovy script your shared is working fine and digest response is successfully calculated.

But when it comes to send the request again with Authorization Header, the server keeps replying 401 with new nonce challenge. the updated project and Wireshark trace are as attached.
bgafg01-ts_soapui_171101_3.pcap367 KB
Serbija-Telekom-AFG-Test-Project-PA5-soapui-project.xml7 KB
- PaulMS
  Super Contributor
  8 years ago
  A couple of things to add.
  
  One property value was missing in the groovy script
  
  init.setPropertyValue( "qop", qop);
  
  Close bracket was missing after ${Properties#opaque" in the request Authorization header
  
  The request Raw tab is an easy way to check the header to see if anything is missing

Recent Discussions

How do I change password and Username on every call in a Test Case in SoapUI?
3 days ago
Gonzarelli
Content-Length calculation wrong when posting UTF-8 content
3 days ago
smallfreak
Error exception in phase 'semantic analysis' with java 21
5 days ago
nttung
Generate positive long integer?
15 years ago
ikerstges
How to test gi forms used in Intalio BPM process.
14 years ago
kmehersantosh

Forum Discussion

Retrieve HTTP Digest Data from WWW-Authenticate header in 401 Response from Server

Related Content

Retrieving a cookie from response header using Groovy

Digest Authentication with X-WWW-Authenticate

Need to retrieve the TestedApp version

How to retrieve object Namemapping selectors for debugging

automating OAuth2 token retrieval

Recent Discussions

How do I change password and Username on every call in a Test Case in SoapUI?

Content-Length calculation wrong when posting UTF-8 content

Error exception in phase 'semantic analysis' with java 21

Generate positive long integer?

How to test gi forms used in Intalio BPM process.