Jmeter接口加密测试小结
最近,公司做接口测试,但是发送请求前需要对个别参数做加密处理。之前一直没做过这种,于是在网上查了很多资料,但是千篇一律,都是讲的把加密工具类打成jar包导入JMeter。因为我写的工具类引入了很多第三方jar包,所以引入到JMeter里总是报错(额,具体错误没记等之后复现再贴)。
(本人小白,第一次写 0.0)
我的解决方法:把工具类里所有涉及到的第三方包全都找出来,我涉及的有jce.jar,local_policy.jar,rt.jar,sunjce_provider.jar,US_export_policy.jar导入到测试计划中如图:
然后在HTTP请求下面添加前置处理器BeanShell PreProcessor,
之后在BeanShell PreProcessor的Script中进行加密逻辑的代码编写,代码如下:
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import com.sun.org.apache.xml.internal.security.utils.Base64;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
//-------------------------------------------------RSA加密-------------------------------------------------------
String mingKey="MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvyhMMmQTsZYpQX1iLM1QPWT+hD0Y/Z1wNvvxvavDLBQN9vASkjRnR8S4rlQBHAM/WbC+KC14KJcHTydYjmAIwREux20WxxbrdZZXey/BTv9MRHs2rhckYpGRaVGfpsFVDTFq2468i50xqcraYxcpPxpeohZMxKeixzMbnp/cf4UJiQJ0w0ARQyLJhgenA0hOJ3iGm8JRKxtxmZ6nA6oStV9VrtcUAm2N5F/Oiu5eMQIeWpuYkfMhplqU+/fr7Zx6hBAR/VVvsiGD/PMCYk4nKVKZ1hCCZCz+zBusonRobx+93wu0V7j11xJiC1gTUhRSa60Ox4OlQGXB0A3zxNSh4wIDAQAB";//公钥
String miKey="MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/KEwyZBOxlilBfWIszVA9ZP6EPRj9nXA2+/G9q8MsFA328BKSNGdHxLiuVAEcAz9ZsL4oLXgolwdPJ1iOYAjBES7HbRbHFut1lld7L8FO/0xEezauFyRikZFpUZ+mwVUNMWrbjryLnTGpytpjFyk/Gl6iFkzEp6LHMxuen9x/hQmJAnTDQBFDIsmGB6cDSE4neIabwlErG3GZnqcDqhK1X1Wu1xQCbY3kX86K7l4xAh5am5iR8yGmWpT79+vtnHqEEBH9VW+yIYP88wJiTicpUpnWEIJkLP7MG6yidGhvH73fC7RXuPXXEmILWBNSFFJrrQ7Hg6VAZcHQDfPE1KHjAgMBAAECggEAF0CrpCWQT7XYZuL9oj2HWTCD1UopVBBmqgmTqmLOZvo5iKRDXg2J0q0XWf1V9TZf6mUZfIGrcCSO+w3qM8dyySlx60hV0Pn0wmT7VzzD4vwjJuFmEV83SdYzPgBzzzENS4GLYhHG1aTVebX3Qr56gfaPNGBKDlHl9x08ats/UzOB126jom5K2Nn2rRjc5CL2Z8/Nfd++gQBIWmfi/S86uiH55HmW9tvz8/P1+TughdAJ3b6c0dM5LRR5KAGMdmF+5DX+2wHrQO61wFCf0wCC+FwHcsKOEBWEw5IwcMcGSP1MTZsyTxAaofTF9CNTVoaUAlmFJo52IvOH9tPFwF90wQKBgQDe8DpCW9QfS3Myc8YZTj5TcdOF/HRlCkFTDztJJwFfFmr7NAPQVkSk+B0CT683Pz4RLSdxkXZ9DuZ3Wik39vIu5RFrx5ajXc3woUZpb98LTbZEh1n6oLLRx3qVMty9XnQ1jgd6cxS1ch2Us2ZjLKFi8qddALBbLvPf2NOjboXXewKBgQDbgYRnzf2xxS3fCII6cJR+qqfJVcqigLbhcNGo+HYYaPusm9p5vEAyhwuhjD85ZRh0AiadaxlBSlSzxjNDkopFRbGcB7xI9l3k05HgHr0Drm22U2a8mZ26qbh4ECvt28MgLdZfU+4OO51UszsMsvBZafHNAWkq8B9z7+okh/qeuQKBgQCJoG+2y422DBP/j2057g2X4esdCe6o+Z2+Mub8j/HOy74bec7o7HjQBsORy7N1PbuJSwDQoWYuaeZow+YyQGbeAFey27HpBF3AMS+Qo5lkFwNwZsZrbI036BeKx61x0j+XWCjRtP2RzfLo+583ljPDK92aEnTMtb2j8O0mNXK2xQKBgQDBFTyS0u/F39xpw+JJ5Z25jgPpZj3Ik9BKniLOrz+yWSaIvs9/JciSqZfhkqxKoFLSONIexoaAmBHJ0R5m4hAevx9sUKGezJfrIO/AZUl+Y4C+UL6eR8Im4AQUGKWLpTQOqkNXt0w/2NCcIMxgb0ZcYIUB/6uyyWXhZbhgSfx6gQKBgByJ1+ecDO3huojtyX+HLEQ1yTHy+4on9l29uB6ZKSXjj7nvaoypqX428sBOVUGwydVtXAbbxMSJn4NbPo97QK6CJXbLP8i4Xl5bykzBbYLyLnbkUu0J5GWeghTjS1SIKZ6mc91eAh9N6K2+EopeKpcVWEe8d0XMdJR67X4Qd8UZ";//私钥
String threeDesKey="ThisMy3DesKey";
String phonenum="17600662928";
String password="111111";
Cipher cipher=Cipher.getInstance("RSA");
//GetPublicKey
byte[] keyBytesPu;
keyBytesPu = (new BASE64Decoder()).decodeBuffer(mingKey);
X509EncodedKeySpec keySpecPu = new X509EncodedKeySpec(keyBytesPu);
KeyFactory keyFactoryPu = KeyFactory.getInstance("RSA");
PublicKey publicKey = keyFactoryPu.generatePublic(keySpecPu);
//GetPrivateKey
byte[] keyBytesPv;
keyBytesPv = (new BASE64Decoder()).decodeBuffer(miKey);
PKCS8EncodedKeySpec keySpecPv = new PKCS8EncodedKeySpec(keyBytesPv);
KeyFactory keyFactoryPv = KeyFactory.getInstance("RSA");
PrivateKey privateKey = keyFactoryPv.generatePrivate(keySpecPv);
//公钥加密
cipher.init(Cipher.ENCRYPT_MODE, publicKey);
byte[] enBytes = cipher.doFinal(threeDesKey.getBytes());
String myKey= (new BASE64Encoder()).encode(enBytes);
//私钥解密
cipher.init(Cipher.DECRYPT_MODE, privateKey);
byte[] deBytes = cipher.doFinal((new BASE64Decoder()).decodeBuffer(myKey));
String myKeyJ=new String(deBytes);
//-------------------------------------------------RSA加密-------------------------------------------------------
//-------------------------------------------------3DES加密-------------------------------------------------------
Cipher encryptCipher = null;
Cipher decryptCipher = null;
Security.addProvider(new com.sun.crypto.provider.SunJCE());
byte[] array=threeDesKey.getBytes();
// 创建一个空的8位字节数组
byte[] arrayTemp = new byte[8];
int length = array.length;
// 长度是否大于8
if (length > 8) {
System.arraycopy(array, 0, arrayTemp, 0, 8);
} else {
System.arraycopy(array, 0, arrayTemp, 0, length);
}
// 生成密钥
Key key = new javax.crypto.spec.SecretKeySpec(arrayTemp, "DES");
encryptCipher = Cipher.getInstance("DES");
encryptCipher.init(Cipher.ENCRYPT_MODE, key);
decryptCipher = Cipher.getInstance("DES");
decryptCipher.init(Cipher.DECRYPT_MODE, key);
//3DES加密 threeDesKey="ThisMy3DesKey";
String content = "{\"telNum\":\"17600662928\",\"password\":\"111111\","
+ "\"blackBox\":\"63ABCFB379461777733FFB402B5A3CA5\","
+ "\"client\":\"H5\",\"version\":\"3.9.0\","
+ "\"decodeNum\":\"d1ad62b5a1f9200c8a03c5df77d10910\"}";
//String content="111111";
byte[] byteMi = null;
byte[] byteMing = null;
// 加密后的字符串
String strEncrypt = "";
byteMing = content.getBytes("UTF8");
byteMi = encryptCipher.doFinal(byteMing);
strEncrypt = Base64.encode(byteMi);
//3DES解密
byte[] byteMingJ = null;
byte[] byteMiJ = null;
//解密后的字符串
String strMing = "";
byteMiJ = Base64.decode(strEncrypt);
byteMingJ = decryptCipher.doFinal(byteMiJ);
strMing = new String(byteMingJ, "UTF8");
log.info("3DES秘钥:"+threeDesKey);
log.info("公钥加密:"+myKey);
log.info("私钥解密:"+myKeyJ);
log.info("加密前的content:"+content);
log.info("加密后的content:"+strEncrypt);
log.info("解密后的content:"+strMing);
vars.put("telNum",myKey);
vars.put("password",strEncrypt);
我代码里面分别用到了RSA加密和3DES加密,vars.put()这个方法可以对请求中的指定参数进行传参,且HTTP请求中的参数要进行引用,如图:
处理完这些点击运行查看结果:
从上图可以看出请求中的"telNum"与"password"参数已经经过加密了。
以上就是我的初步解决方法,第一次写果然语无伦次0.0 。