Last active
May 3, 2022 17:49
-
-
Save tjarrettveracode/62fbfff2f1271b92fb37c4d02303a339 to your computer and use it in GitHub Desktop.
This gist is deprecated. Please use the pre-request script found at https://github.com/veracode/veracode-postman.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var url = require('url'); | |
const id = 'YOUR_VERACODE_API_KEY_ID'; | |
const key = 'YOUR_VERACODE_API_KEY_SECRET'; | |
const authorizationScheme = 'VERACODE-HMAC-SHA-256'; | |
const requestVersion = "vcode_request_version_1"; | |
const nonceSize = 16; | |
function computeHashHex(message, key_hex) { | |
return CryptoJS.HmacSHA256(message, CryptoJS.enc.Hex.parse(key_hex)).toString(CryptoJS.enc.Hex); | |
} | |
function calculateDataSignature(key, nonceBytes, dateStamp, data) { | |
let kNonce = computeHashHex(nonceBytes, key); | |
let kDate = computeHashHex(dateStamp, kNonce); | |
let kSig = computeHashHex(requestVersion, kDate); | |
let kFinal = computeHashHex(data, kSig); | |
return kFinal; | |
} | |
function newNonce() { | |
return CryptoJS.lib.WordArray.random(nonceSize).toString().toUpperCase(); | |
} | |
function toHexBinary(input) { | |
return CryptoJS.enc.Hex.stringify(CryptoJS.enc.Utf8.parse(input)); | |
} | |
function calculateVeracodeAuthHeader(httpMethod, requestUrl) { | |
let parsedUrl = url.parse(requestUrl); | |
let data = `id=${id}&host=${parsedUrl.hostname}&url=${parsedUrl.path}&method=${httpMethod}`; | |
let dateStamp = Date.now().toString(); | |
let nonceBytes = newNonce(nonceSize); | |
let dataSignature = calculateDataSignature(key, nonceBytes, dateStamp, data); | |
let authorizationParam = `id=${id},ts=${dateStamp},nonce=${toHexBinary(nonceBytes)},sig=${dataSignature}`; | |
let header = authorizationScheme + " " + authorizationParam; | |
return header; | |
} | |
var {Property} = require('postman-collection'); | |
const substitutedUrl = Property.replaceSubstitutions(request.url, pm.variables.toObject()); | |
postman.setEnvironmentVariable('hmacAuthHeader', calculateVeracodeAuthHeader(request.method, substitutedUrl)); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This gist is deprecated. Please use the pre-request script found at https://github.com/veracode/veracode-postman.