如何在Runscope测试中使用私钥签名?
我正在尝试添加Runscope测试,以验证我发送的请求的签名。在第一步中,我想签署此请求,然后将其发送到将要验证它的服务。
我知道我可以在Runscope中添加脚本,并且可以使用Cryptojs签署请求。但是,Cryptojs的文档不是很有帮助,我没有签署我的请求;
我在Postman中使用了Crypto Postman Lib进行了类似的操作,并且代码是:
function encryptSignature(signingMetadata) {
eval(pm.globals.get('pmlib_code'));
var encryptedSignature = new pmlib.rs.KJUR.crypto.Signature({ "alg": "SHA256withRSA" });
encryptedSignature.init(config.privateKey)
var hash2 = encryptedSignature.signString(signingMetadata)
const signedEncoded = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Hex.parse(hash2));
return signedEncoded;
}
尝试在Runscope中做类似的事情,我想到了此代码:
function encryptSignature(signingMetadata) {
var hash = CryptoJS.SHA256withRSA(signingMetadata, config.privateKey);
var signedEncoded = hash.toString(CryptoJS.enc.Base64);
return signedEncoded;
}
但是我认为不确定的错误,我认为这是Cryptojs;
我使用了一些在线JS编译器,当我将其导入
import sha256 from 'crypto-js/sha256';
import Base64 from 'crypto-js/enc-base64';
和重构代码到:
var signedEncoded = Base64.stringify(sha256(signingMetadata, config.privateKey));
它编译并进行了某种签名时,但是签名看起来不正确(太短了)
任何人在Runscope中都成功完成了此操作吗?感谢一些建议;
谢谢你,
I am trying to add Runscope test to verify signature of the request I am sending. In first step I want to sign this request, and then send it to the service which is going to verify it.
I know I can add script in Runscope and that I can use CryptoJS for signing the request. However documentation for CryptoJS is not very helpful and I fail to sign my request;
I have something similar done in Postman using Crypto Postman lib, and the code is:
function encryptSignature(signingMetadata) {
eval(pm.globals.get('pmlib_code'));
var encryptedSignature = new pmlib.rs.KJUR.crypto.Signature({ "alg": "SHA256withRSA" });
encryptedSignature.init(config.privateKey)
var hash2 = encryptedSignature.signString(signingMetadata)
const signedEncoded = CryptoJS.enc.Base64.stringify(CryptoJS.enc.Hex.parse(hash2));
return signedEncoded;
}
trying to do something similar in Runscope I came up with this code:
function encryptSignature(signingMetadata) {
var hash = CryptoJS.SHA256withRSA(signingMetadata, config.privateKey);
var signedEncoded = hash.toString(CryptoJS.enc.Base64);
return signedEncoded;
}
but got error for undefined which I assume is CryptoJS;
I used some online JS compilers and when I import
import sha256 from 'crypto-js/sha256';
import Base64 from 'crypto-js/enc-base64';
and refactor code to:
var signedEncoded = Base64.stringify(sha256(signingMetadata, config.privateKey));
it compiles and does some kind of signing, but signature does not look right (it is way too short)
Anyone done this successfully before in Runscope? I would appreciate some advice;
Thank you,
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
正如@topaco提到的那样,Cryptojs不支持RSA密码学。
您可以使用 jsrsasign 和cryptojs库来生成签名。
以下代码段是生成签名:
但是要获得此工作,请执行以下操作:
jsrsasignrepo中,导入jsrsasign-rsa-rsa-min.js和keyutil-1.0.js作为 RunScope脚本库 /代码片段(可选将这些文件合并在一起)窗口参考(Runscope Limitation)。 JSRSASIGN使用此操作来检测较旧的浏览器 - 在这种情况下,不需要在Runscope环境中运行此脚本。jsrsasign-rsa-min.js文件中删除加密j,因为它已经在Runscope环境中可用。As @Topaco mentioned, CryptoJS doesn't support RSA cryptography.
You can generate signature using jsrsasign and CryptoJS library however it's tricky to get this working due to Runscope limitations.
The following code snippet is generating signature:
but in order to get this working do the following:
jsrsasignrepo, importjsrsasign-rsa-min.jsandkeyutil-1.0.jsas a Runscope script library / code snippet (optionally merge these files together)windowreferences (Runscope limitation). jsrsasign uses this to detect older browsers - not necessary in this case as we run this script only in the Runscope environment.jsrsasign-rsa-min.jsfile as it's already available in the Runscope environment.