Smart Bear Ready API: Custom headers per request

I recently had a problem where our test analysts use Ready API software from Smart bear but our API authentication does a custom hashing function on the content. For tests to work we had to hash the entire request and apply headers for each test step.

There is an events hook in Ready API where you can add Java code to be run for event triggers. Unwrapping the content in the available request context API was difficult to figure out.

First open the Events dialog. Add a new event for RequestFilter.filterRequest to do something for every test step with a request.

Ready api event entry window

Here is the script.


import java.nio.charset.StandardCharsets;
import java.security.SignatureException;
import java.security.spec.EncodedKeySpec;
import com.eviware.soapui.support.types.StringToStringMap;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.io.UnsupportedEncodingException;   
import java.security.MessageDigest;
import javax.xml.bind.DatatypeConverter;
import java.sql.Date.*;
 
log.info "=============================";
 
// CHANGE THESE
//====================================================================
String apiUsername = "someApiUser";
String mySiteUsername = "readyAPI@nowhere.co.nz";
String secret = "my special secret";
//====================================================================
// DON'T CHANGE BELOW HERE
//====================================================================

// set up some header names we will add to the request
String AUTH_HEADER_NAME = "X-mySite-Authorization";
String TIMESTAMP_HEADER_NAME = "X-mySite-Timestamp";
 
SecretKeySpec signingKey = new SecretKeySpec(secret.getBytes("UTF-8"), "HmacSHA1");
String timestamp = new Date().format("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", TimeZone.getTimeZone("UTC"));
log.info "TimeZone.getTimeZone(UTC); " + TimeZone.getTimeZone("UTC").toString();
 
String requestResource = context.httpMethod.getURI();
String requestMethod = request.method;

// This is how you get access to the request content!
String requestContent = context.expand(request.requestContent);
log.info 'requestContent: ' + requestContent;

// AWS hashing algo start here
byte[] b = requestContent.getBytes("US-ASCII");
log.info b.toString();
 
String signature="";
String bodyDigest = ""; 
 
try {
// Generate a body digest if there is content in the request
if (requestContent != null && requestContent.length() != 0){
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(requestContent.getBytes("UTF-8"));
        byte[] digest = md.digest();
        bodyDigest = DatatypeConverter.printBase64Binary(digest);             
}          
 
// Create a concatenated message string to sign
String message = new StringBuilder().append(requestMethod).append(requestResource).append(timestamp).append(bodyDigest).toString();
log.info "Message: " + message;
// Get an instance of an HmacSHA256 hash and hash the message use the signing key
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(signingKey);
 
byte [] signatureBytes = mac.doFinal(message.getBytes(StandardCharsets.UTF_8));
 
signature =  DatatypeConverter.printBase64Binary(signatureBytes);
 
} catch (Exception e) {
    throw new SignatureException("Failed to generate HMAC : " + e.getMessage());
}


//log all the things for debug!
 
log.info "requestMethod: " + requestMethod;
log.info "requestResource: " + requestResource;
log.info "timestamp: " + timestamp;
log.info "requestContent: >" + requestContent + "<";
log.info "apiUsername: " + apiUsername;
log.info "secretKey: " + secret;
log.info "=============================";
log.info "=====     HEADERS     =======";
log.info "=============================";
log.info TIMESTAMP_HEADER_NAME + ": "+ timestamp;
log.info AUTH_HEADER_NAME + ": "+ apiUsername + ":"+signature;
log.info "=============================";

// Write out all the headers to the request context
// and add them to the test step
def headers = new StringToStringMap();
headers.put(AUTH_HEADER_NAME,apiUsername + ":"+signature);
headers.put(TIMESTAMP_HEADER_NAME,timestamp);
 
request.setRequestHeaders(headers);

Leave a Reply

Your email address will not be published. Required fields are marked *