Skip to content

Instantly share code, notes, and snippets.

@astaykov

astaykov/httpsig-in-postman-pre-request-script.js

Forked from DinoChiesa/httpsig-in-postman-pre-request-script.js
Last active May 6, 2020 14:29
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save astaykov/7673da3b1a45af8cf249d186a2d33c53 to your computer and use it in GitHub Desktop.
Save astaykov/7673da3b1a45af8cf249d186a2d33c53 to your computer and use it in GitHub Desktop.
Download ZIP
pre-request script for Postman, to perform HttpSignature calculation. Also SHA-256 message digest.
Raw
httpsig-in-postman-pre-request-script.js
function computeHttpSignature(config, headerHash) {
var template = 'keyId="${keyId}",algorithm="${algorithm}",headers="${headers}",signature="${signature}"',
sig = template;
// compute sig here
var signingBase = '';
config.headers.forEach(function(h){
if (signingBase !== '') { signingBase += '\n'; }
signingBase += h.toLowerCase() + ": " + headerHash[h];
});
var hashf = (function() {
switch (config.algorithm) {
case 'hmac-sha1': return CryptoJS.HmacSHA1;
case 'hmac-sha256': return CryptoJS.HmacSHA256;
case 'hmac-sha512': return CryptoJS.HmacSHA512;
default : return null;
}
}());
var hash = hashf(signingBase, config.secretkey);
var signatureOptions = {
keyId : config.keyId,
algorithm: config.algorithm,
headers: config.headers,
signature : CryptoJS.enc.Base64.stringify(hash)
};
// build sig string here
Object.keys(signatureOptions).forEach(function(key) {
var pattern = "${" + key + "}",
value = (typeof signatureOptions[key] != 'string') ? signatureOptions[key].join(' ') : signatureOptions[key];
sig = sig.replace(pattern, value);
});
return sig;
}
var curDate = new Date().toGMTString();
var targetUrl = request.url.trim(); // there may be surrounding ws
targetUrl = targetUrl.replace(new RegExp('^https?://[^/]+/'),'/'); // strip hostname
var method = request.method.toLowerCase();
var sha256digest = CryptoJS.SHA256(request.data);
var base64sha256 = CryptoJS.enc.Base64.stringify(sha256digest);
var computedDigest = 'sha-256=' + base64sha256;
var headerHash = {
date : curDate,
digest : computedDigest,
'(request-target)' : method + ' ' + targetUrl
};
var config = {
algorithm : 'hmac-sha256',
keyId : environment['key-id'],
secretkey : environment['shared-secret'],
headers : [ '(request-target)', 'date', 'digest' ]
};
var sig = computeHttpSignature(config, headerHash);
postman.setEnvironmentVariable('httpsig', sig);
postman.setEnvironmentVariable('computed-digest', computedDigest);
postman.setEnvironmentVariable("current-date", curDate);
postman.setEnvironmentVariable("target-url", targetUrl);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment