This method allow to automate the Postman test, by the execution of the collection file, using a tool provided by Postman (command line integration with newman)

More info on how to deploy it in your workspace and how to run it, here: installing running newman

As the collection is executed locally, the following scripts can be used to download the collection and environment from Postman web, generate the jwt assertion, update the environment with the jwt-assertion and then executing newman to run the test on the collection:

Generating the jwt-assertion and executing the newman script:

jwt-generate.sh
#!/bin/bash
PRIVATE_KEY_ES256=$2
CLIENT_ID=$1
ISSUER="https://logindev.wipo.int/am/oauth2"
 
# https://logindev.wipo.int/am/oauth2/.well-known/openid-configuration
OIDC_CONFIG_JSON=$(curl -k "${ISSUER}/.well-known/openid-configuration")

# Generic way to obtain the token endpoint
TOKEN_ENDPOINT=$(printf '%s' ${OIDC_CONFIG_JSON} | jq -r ".token_endpoint")
 
echo $TOKEN_ENDPOINT

UTC_TIME=$(date -u +%s)
EXP_TIME=$(expr "$UTC_TIME" + 1000)

JSON='{'
JSON=${JSON}$(printf '"iss":"%s"' ${CLIENT_ID})
JSON=${JSON}$(printf ',"sub":"%s"' ${CLIENT_ID})
JSON=${JSON}$(printf ',"aud":"%s"' ${TOKEN_ENDPOINT})
JSON=${JSON}$(printf ',"exp":%s' ${EXP_TIME})
JSON=${JSON}'}'
 
JSON_HEADER_B64=$(printf '{"alg":"ES256","typ":"JWT"}' | jq . -cj | base64 -w0 | tr -d '\n=' | tr '+/' '-_')
# echo $JSON_HEADER_B64
JSON_PAYLOAD_B64=$(printf $JSON | jq . -cj | base64 -w0 | tr -d '\n=' | tr '+/' '-_')
JSON_SIGNATURE_ASN1_B64=$(printf '%s.%s' $JSON_HEADER_B64 $JSON_PAYLOAD_B64 | openssl dgst -sha256 -sign "${PRIVATE_KEY_ES256}" | openssl asn1parse -inform DER | base64 -w0)
JSON_SIGNATURE_HEX=$(printf $JSON_SIGNATURE_ASN1_B64 | base64 -d | sed -n '/INTEGER/p' | sed 's/.*INTEGER\s*://g' | sed -z 's/[^0-9A-F]//g')
JSON_SIGNATURE_B64=$(printf $JSON_SIGNATURE_HEX | xxd -p -r | base64 -w0 | tr -d '\n=' | tr '+/' '-_')
 
JWT_ASSERTION=$(printf '%s.%s.%s' $JSON_HEADER_B64 $JSON_PAYLOAD_B64 $JSON_SIGNATURE_B64)
echo
echo $JWT_ASSERTION
sed 's/\"key\"\:\"client\-assertion\"\,\"value\"\:\"[^"]*\"/\"key\"\:\"client\-assertion\"\,\"value\"\:\"'${JWT_ASSERTION}'\"/g' config/environment.json > ./config/updated_environment.json

sed 's/\"src\"\:\"\/home\/berlicki\/Github\/workspaceAngular\/das_initial\/api-test\/US17088314A1\.zip\"\}\}/\"src\"\:\".\/config\/US17088314A1.zip\"}}/g' config/collection.json > ./config/updated_collection.json

echo "going to execute Newman now with the new values"
#set HTTP_PROXY=127.0.0.1:443

newman run ./config/updated_collection.json --folder "1.1.0.0.- Registration of a priority document" -e ./config/updated_environment.json --insecure --verbose


#docker run --network host -v ${PWD}/config:/etc/newman  -t postman/newman run /etc/newman/collection.json --folder "1.1.1.0.- getToken" -e /etc/newman/updated_environment.json --insecure --verbose

Newman execution options:

If newman is installed, it can be executed directly as this:

newman run <<collection-file-location>> --folder "<<folder of the collection to execute>>" -e <<environment-file-location>> --insecure --verbose

Newman options

Options:

--folder: this option can be used to

limit the execution of the test to an specific folder, subfolder or file of the collection.  If is not present, newman will execute the whole collection test.

--insecure: this to avoid problems due to overly restrictive proxy and firewall at WIPO

--verbose: just to get more info in the output of the test (optional)

newman can be also executed using a docker container (newman with docker).

and can be executed as:

docker run --network host -v ${PWD}/config:/etc/newman  -t postman/newman run /etc/newman/collection.json --folder "1.1.1.0.- getToken" -e /etc/newman/updated_environment.json --insecure --verbose
  • No labels