Forked from DinoChiesa/httpsig-in-postman-pre-request-script.js
Last active
May 6, 2020 14:29
-
-
Save astaykov/7673da3b1a45af8cf249d186a2d33c53 to your computer and use it in GitHub Desktop.
pre-request script for Postman, to perform HttpSignature calculation. Also SHA-256 message digest.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function computeHttpSignature(config, headerHash) { | |
var template = 'keyId="${keyId}",algorithm="${algorithm}",headers="${headers}",signature="${signature}"', | |
sig = template; | |
// compute sig here | |
var signingBase = ''; | |
config.headers.forEach(function(h){ | |
if (signingBase !== '') { signingBase += '\n'; } | |
signingBase += h.toLowerCase() + ": " + headerHash[h]; | |
}); | |
var hashf = (function() { | |
switch (config.algorithm) { | |
case 'hmac-sha1': return CryptoJS.HmacSHA1; | |
case 'hmac-sha256': return CryptoJS.HmacSHA256; | |
case 'hmac-sha512': return CryptoJS.HmacSHA512; | |
default : return null; | |
} | |
}()); | |
var hash = hashf(signingBase, config.secretkey); | |
var signatureOptions = { | |
keyId : config.keyId, | |
algorithm: config.algorithm, | |
headers: config.headers, | |
signature : CryptoJS.enc.Base64.stringify(hash) | |
}; | |
// build sig string here | |
Object.keys(signatureOptions).forEach(function(key) { | |
var pattern = "${" + key + "}", | |
value = (typeof signatureOptions[key] != 'string') ? signatureOptions[key].join(' ') : signatureOptions[key]; | |
sig = sig.replace(pattern, value); | |
}); | |
return sig; | |
} | |
var curDate = new Date().toGMTString(); | |
var targetUrl = request.url.trim(); // there may be surrounding ws | |
targetUrl = targetUrl.replace(new RegExp('^https?://[^/]+/'),'/'); // strip hostname | |
var method = request.method.toLowerCase(); | |
var sha256digest = CryptoJS.SHA256(request.data); | |
var base64sha256 = CryptoJS.enc.Base64.stringify(sha256digest); | |
var computedDigest = 'sha-256=' + base64sha256; | |
var headerHash = { | |
date : curDate, | |
digest : computedDigest, | |
'(request-target)' : method + ' ' + targetUrl | |
}; | |
var config = { | |
algorithm : 'hmac-sha256', | |
keyId : environment['key-id'], | |
secretkey : environment['shared-secret'], | |
headers : [ '(request-target)', 'date', 'digest' ] | |
}; | |
var sig = computeHttpSignature(config, headerHash); | |
postman.setEnvironmentVariable('httpsig', sig); | |
postman.setEnvironmentVariable('computed-digest', computedDigest); | |
postman.setEnvironmentVariable("current-date", curDate); | |
postman.setEnvironmentVariable("target-url", targetUrl); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment