Forked from DinoChiesa/httpsig-in-postman-pre-request-script.js
Created
September 22, 2020 13:24
-
-
Save alexpritchard-sonin/8d718e4b4d61076858b7995361f4b5b7 to your computer and use it in GitHub Desktop.
pre-request script for Postman, to perform HttpSignature calculation. Also SHA-256 message digest.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function computeHttpSignature(config, headerHash) { | |
| var template = 'keyId="${keyId}",algorithm="${algorithm}",headers="${headers}",signature="${signature}"', | |
| sig = template; | |
| // compute sig here | |
| var signingBase = ''; | |
| config.headers.forEach(function(h){ | |
| if (signingBase !== '') { signingBase += '\n'; } | |
| signingBase += h.toLowerCase() + ": " + headerHash[h]; | |
| }); | |
| var hashf = (function() { | |
| switch (config.algorithm) { | |
| case 'hmac-sha1': return CryptoJS.HmacSHA1; | |
| case 'hmac-sha256': return CryptoJS.HmacSHA256; | |
| case 'hmac-sha512': return CryptoJS.HmacSHA512; | |
| default : return null; | |
| } | |
| }()); | |
| var hash = hashf(signingBase, config.secretkey); | |
| var signatureOptions = { | |
| keyId : config.keyId, | |
| algorithm: config.algorithm, | |
| headers: config.headers, | |
| signature : CryptoJS.enc.Base64.stringify(hash) | |
| }; | |
| // build sig string here | |
| Object.keys(signatureOptions).forEach(function(key) { | |
| var pattern = "${" + key + "}", | |
| value = (typeof signatureOptions[key] != 'string') ? signatureOptions[key].join(' ') : signatureOptions[key]; | |
| sig = sig.replace(pattern, value); | |
| }); | |
| return sig; | |
| } | |
| var curDate = new Date().toGMTString(); | |
| var targetUrl = request.url.trim(); // there may be surrounding ws | |
| targetUrl = targetUrl.replace(new RegExp('^https?://[^/]+/'),'/'); // strip hostname | |
| var method = request.method.toLowerCase(); | |
| var sha256digest = CryptoJS.SHA256(request.data); | |
| var base64sha256 = CryptoJS.enc.Base64.stringify(sha256digest); | |
| var computedDigest = 'sha-256=' + base64sha256; | |
| var headerHash = { | |
| date : curDate, | |
| digest : computedDigest, | |
| '(request-target)' : method + ' ' + targetUrl | |
| }; | |
| var config = { | |
| algorithm : 'hmac-sha256', | |
| keyId : environment['key-id'], | |
| secretkey : environment['shared-secret'], | |
| headers : [ '(request-target)', 'date', 'digest' ] | |
| }; | |
| var sig = computeHttpSignature(config, headerHash); | |
| postman.setEnvironmentVariable('httpsig', sig); | |
| postman.setEnvironmentVariable('computed-digest', computedDigest); | |
| postman.setEnvironmentVariable("current-date", curDate); | |
| postman.setEnvironmentVariable("target-url", targetUrl); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment