Groovy Digest authentication

Question

I am trying to write a groovy script (java code is welcome as well ;)) which should allow me to perform the Digest authentication. The need being it is to be able to use Digest auth in SOAPUI becauer SOAP doesn't support native this kind of authentication.

To test my script I used an URL: https://postman-echo.com/digest-auth

First I access the page via web browser to get the WWW-Authenticate header. Digest realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", qop="auth"

Then I type the correct user+password and check the Authorization header computed by the web browser. Here is the result:

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="82884fe7c55a19e80e8c8dea7ba1aece", qop=auth, nc=00000001, cnonce="89aa538367b9069a"

Then I used the same data to perform the computation of the response data using my script. Here is the result:

Digest username="postman", realm="Users", nonce="81lEQmJGxRb3Us9jVJPYlDpjw11On7zW", uri="/digest-auth", response="a6767f0a78d17e0cab90df65ec2ace5c", qop=auth,nc="00000001",cnonce="03d476861afd384510f2cb80ccfa8511"

My response is differen than the response computed by the web browser.

What do I do wrong?

Here is my script:

import org.apache.commons.codec.digest.DigestUtils
import com.eviware.soapui.impl.wsdl.actions.teststep.RunFromTestStepAction


// URL: https://postman-echo.com/digest-auth

wwwAuthHeader = "Digest realm=\"Users\",    nonce=\"81lEQmJGxRb3Us9jVJPYlDpjw11On7zW\", qop=\"auth\""

def realmArray = wwwAuthHeader.split(",")

def realm = realmArray[0].split("=")[1]
def nonce = realmArray[1].split("=")[1]
def qop = realmArray[2].split("=")[1]

def uri = "/digest-auth"
def user = "postman"
def pass = "password"
def method ="GET"



def resp = md5(user,realm,pass,method,uri,nonce)

log.info "resp: "+resp

def cnonce = DigestUtils.md5Hex(user)

def authorizationString = "Digest username=\"$user\", realm=$realm,         nonce=$nonce, uri=\"$uri\", response=\"$resp\", qop=auth,nc=\"00000001\",cnonce=\"$cnonce\""

log.info "authorizationString: " + authorizationString

// methods

def md5(user, realm, pass, method, String uri, nonce) {

    def A1 = DigestUtils.md5Hex ("$user:$realm:$pass")
    def A2 = DigestUtils.md5Hex ("$method:$uri")

    return DigestUtils.md5Hex ("$A1:$nonce:$A2")
}

Answer 1

If you just would like to write a groovy script (java code is welcome as well, as your question reads) which allows you to perform the Digest authentication, here is something for your reference:

@Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.3')

import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.auth.AuthScope;
import org.apache.http.HttpResponse;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.util.EntityUtils;

CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(
        new AuthScope(AuthScope.ANY_HOST, AuthScope.ANY_PORT),
        new UsernamePasswordCredentials("postman", "password"));

CloseableHttpClient httpClient = HttpClients.custom()
        .setDefaultCredentialsProvider(credsProvider)
        .build();

HttpGet httpGet = new HttpGet("https://postman-echo.com/digest-auth");
HttpResponse httpResponse = httpClient.execute(httpGet);
String content = EntityUtils.toString(httpResponse.getEntity());
println content;

Run it and the output looks like this:

{"authenticated":true}