秒懂HTTPS接口(接口测试篇)

文章目录

    • 前言
    • 具体实现
      • 引包
      • 采用绕过证书验证测试HTTPS接口
      • 采用设置信任自签名证书测试HTTPS接口
      • 验证数据库
      • 完整项目结构

前言

下面我们来测试下我们秒懂HTTPS接口(实现篇)写的HTTPS接口(Java版)

技术选型:

  • HTTP工具包:HttpClient 4.5.5
  • 测试框架:TestNG
  • Json序列化库:fastjson

具体实现

引包

引入相关包


        <dependency>
            <groupId>org.apache.httpcomponentsgroupId>
            <artifactId>httpclientartifactId>
            <version>4.5.5version>
        dependency>
        <dependency>
            <groupId>org.testnggroupId>
            <artifactId>testngartifactId>
            <version>6.14.3version>
        dependency>
        <dependency>
            <groupId>com.alibabagroupId>
            <artifactId>fastjsonartifactId>
            <version>1.2.47version>
        dependency>
        <dependency>
            <groupId>org.springframework.bootgroupId>
            <artifactId>spring-boot-configuration-processorartifactId>
            <optional>trueoptional>
        dependency>

测试HTTPS接口可以通过以下两种方式:

  • 采用绕过证书验证实现HTTPS
  • 采用设置信任自签名证书实现HTTPS

采用绕过证书验证测试HTTPS接口

src/test/util下创建HttpUtil工具类

实现绕过SSL验证方法

/**
	 * 绕过SSL验证
	 *
	 * @return
	 * @throws NoSuchAlgorithmException
	 * @throws KeyManagementException
	 */
	public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
		SSLContext sslContext = SSLContext.getInstance("SSLv3");

		// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
		X509TrustManager trustManager = new X509TrustManager() {
			@Override
			public void checkClientTrusted(
					java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
					String paramString) throws CertificateException {
			}

			@Override
			public void checkServerTrusted(
					java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
					String paramString) throws CertificateException {
			}

			@Override
			public java.security.cert.X509Certificate[] getAcceptedIssuers() {
				return null;
			}
		};

		sslContext.init(null, new TrustManager[] { trustManager }, null);
		return sslContext;
	}

实现绕过SSL证书,发送Get请求方法

/**
	 * 绕过SSL证书,发送Get请求
	 * @param url
	 * @param params
	 * @return
	 * @throws IOException
	 * @throws KeyManagementException
	 * @throws NoSuchAlgorithmException
	 */
	public static String doIgnoreVerifySSLGet(String url, Map<String,Object> params)
			throws IOException, KeyManagementException, NoSuchAlgorithmException {
		//采用绕过验证的方式处理https请求
		SSLContext sslContext = createIgnoreVerifySSL();
		final SSLConnectionSocketFactory sslsf;

		//设置协议http和https对应的处理socket链接工厂的对象
		sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
		final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
				.register("http", new PlainConnectionSocketFactory())
				.register("https", sslsf)
				.build();

		final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
		cm.setMaxTotal(100);

		//创建自定义的httpclient对象
		CloseableHttpClient httpClient = HttpClients.custom()
				.setSSLSocketFactory(sslsf)
				.setConnectionManager(cm)
				.build();

		String result = null;
		//装填参数
		StringBuffer param = new StringBuffer();
		if (params != null && !params.isEmpty()) {
			int i = 0;
			for (String key : params.keySet()) {
				if (i == 0) {
					param.append("?");
				} else {
					param.append("&");
				}
				param.append(key).append("=").append(params.get(key));
				i++;
			}
			url += param;
		}
		//创建get方式请求对象
		HttpGet httpGet = new HttpGet(url);
		//执行请求操作,并拿到结果(同步阻塞)
		CloseableHttpResponse response = httpClient.execute(httpGet);
		if (response.getStatusLine().getStatusCode() == 200){
			//获取结果实体
			HttpEntity httpEntity = response.getEntity();
			//按指定编码转换结果实体为String类型
			result = EntityUtils.toString(httpEntity,"UTF-8");
		}

		//释放链接
		response.close();

		return result;
	}

实现绕过SSL证书,发送Post请求(Json形式)方法

/**
	 * 绕过SSL证书,发送Post请求(Json形式)
	 * @param url
	 * @param param
	 * @return
	 * @throws IOException
	 * @throws KeyManagementException
	 * @throws NoSuchAlgorithmException
	 */
	public static String doIgnoreVerifySSLPost(String url, JSONObject param)
			throws IOException, KeyManagementException, NoSuchAlgorithmException {
		//采用绕过验证的方式处理https请求
		SSLContext sslContext = createIgnoreVerifySSL();
		final SSLConnectionSocketFactory sslsf;

		//设置协议http和https对应的处理socket链接工厂的对象
		sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
		final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
				.register("http", new PlainConnectionSocketFactory())
				.register("https", sslsf)
				.build();

		final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
		cm.setMaxTotal(100);

		//创建自定义的httpclient对象
		CloseableHttpClient httpClient = HttpClients.custom()
				.setSSLSocketFactory(sslsf)
				.setConnectionManager(cm)
				.build();

		String result = null;
		//创建post方式请求对象
		HttpPost httpPost = new HttpPost(url);
		//装填参数
		StringEntity entity = new StringEntity(param.toString(),"utf-8");
		entity.setContentEncoding("UTF-8");
		entity.setContentType("application/json");
		//设置参数到请求对象中
		httpPost.setEntity(entity);

		//执行请求操作,并拿到结果(同步阻塞)
		CloseableHttpResponse response = httpClient.execute(httpPost);
		if (response.getStatusLine().getStatusCode() == 200){
			//获取结果实体
			HttpEntity httpEntity = response.getEntity();
			//按指定编码转换结果实体为String类型
			result = EntityUtils.toString(httpEntity,"UTF-8");
		}

		//释放链接
		response.close();

		return result;
	}

src/test/cases下创建HttpTest测试类
实现测试方法

@Test(enabled = true,description = "测试绕过SSL证书Post方法")
	public void doIgnoreVerifySSLPostTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
		String url = "https://localhost/springboot/person";
		//装填参数
		JSONObject param = new JSONObject();
		param.put("name","doIgnoreVerifySSLPost");
		param.put("age",20);
		//调用方法
		String response = HttpUtil.doIgnoreVerifySSLPost(url,param);
		//断言返回结果是否为空
		Assert.assertNotNull(response);
		System.out.println("【doIgnoreVerifySSLPost】"+response);
	}

	@Test(enabled = true,description = "测试绕过SSL证书Get方法")
	public void doIgnoreVerifySSLGetTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
		String url = "https://localhost/springboot/person";
		//调用方法
		String response = HttpUtil.doIgnoreVerifySSLGet(url,null);
		//断言返回结果是否为空
		Assert.assertNotNull(response);
		System.out.println("【doIgnoreVerifySSLGet】"+response);
	}

运行测试结果
秒懂HTTPS接口(接口测试篇)_第1张图片

采用设置信任自签名证书测试HTTPS接口

在HttpUtil工具类实现验证SSL证书,发送Get请求方法

/**
	 * 验证SSL证书,发送Get请求
	 * @param url
	 * @param params
	 * @return
	 * @throws IOException
	 */
	public static String doVerifySSLGet(String url, Map<String,Object> params) throws IOException {
		//采用验证的SSL证书方式处理https请求
		SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
		final SSLConnectionSocketFactory sslsf;

		// 设置协议http和https对应的处理socket链接工厂的对象
		sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
		final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
				.register("http", new PlainConnectionSocketFactory())
				.register("https", sslsf)
				.build();

		final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
		cm.setMaxTotal(100);

		//创建自定义的httpclient对象
		CloseableHttpClient httpClient = HttpClients.custom()
				.setSSLSocketFactory(sslsf)
				.setConnectionManager(cm)
				.build();

		String result = null;
		//装填参数
		StringBuffer param = new StringBuffer();
		if (params != null && !params.isEmpty()) {
			int i = 0;
			for (String key : params.keySet()) {
				if (i == 0) {
					param.append("?");
				} else {
					param.append("&");
				}
				param.append(key).append("=").append(params.get(key));
				i++;
			}
			url += param;
		}

		//创建get方式请求对象
		HttpGet httpGet = new HttpGet(url);
		//执行请求操作,并拿到结果(同步阻塞)
		CloseableHttpResponse response = httpClient.execute(httpGet);
		if (response.getStatusLine().getStatusCode() == 200){
			//获取结果实体
			HttpEntity httpEntity = response.getEntity();
			//按指定编码转换结果实体为String类型
			result = EntityUtils.toString(httpEntity,"UTF-8");
		}

		//释放链接
		response.close();

		return result;
	}

实现验证SSL证书,发送Post请求(Json形式)方法

/**
	 * 验证SSL证书,发送Post请求(Json形式)
	 * @param url
	 * @param param
	 * @return
	 * @throws IOException
	 */
	public static String doVerifySSLPost(String url, JSONObject param) throws IOException {
		//采用验证的SSL证书方式处理https请求
		SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
		final SSLConnectionSocketFactory sslsf;

		//设置协议http和https对应的处理socket链接工厂的对象
		sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
		final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
				.register("http", new PlainConnectionSocketFactory())
				.register("https", sslsf)
				.build();

		final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
		cm.setMaxTotal(100);

		//创建自定义的httpclient对象
		CloseableHttpClient httpClient = HttpClients.custom()
				.setSSLSocketFactory(sslsf)
				.setConnectionManager(cm)
				.build();

		String result = null;

		//创建post方式请求对象
		HttpPost httpPost = new HttpPost(url);
		//装填参数
		StringEntity entity = new StringEntity(param.toString(),"utf-8");
		entity.setContentEncoding("UTF-8");
		entity.setContentType("application/json");
		//设置参数到请求对象中
		httpPost.setEntity(entity);
		//执行请求操作,并拿到结果(同步阻塞)
		CloseableHttpResponse response = httpClient.execute(httpPost);
		if (response.getStatusLine().getStatusCode() == 200){
			//获取结果实体
			HttpEntity httpEntity = response.getEntity();
			//按指定编码转换结果实体为String类型
			result = EntityUtils.toString(httpEntity,"UTF-8");
		}
		//释放链接
		response.close();

		return result;
	}

在HttpTest测试类,实现测试方法

@Test(enabled = true,description = "测试验证SSL证书Post方法")
	public void doVerifySSLPostTest() throws IOException {
		String url = "https://localhost/springboot/person";
		//装填参数
		JSONObject param = new JSONObject();
		param.put("name","doVerifySSLPost");
		param.put("age",20);
		//调用方法
		String response = HttpUtil.doVerifySSLPost(url,param);
		//断言返回结果是否为空
		Assert.assertNotNull(response);
		System.out.println("【doVerifySSLPost】"+response);
	}

	@Test(enabled = true,description = "测试验证SSL证书Get方法")
	public void doVerifySSLGetTest() throws IOException {
		String url = "https://localhost/springboot/person";
		//调用方法
		String response = HttpUtil.doVerifySSLGet(url,null);
		//断言返回结果是否为空
		Assert.assertNotNull(response);
		System.out.println("【doVerifySSLGet】"+response);
	}

运行测试结果
秒懂HTTPS接口(接口测试篇)_第2张图片

验证数据库

查询数据库结果
秒懂HTTPS接口(接口测试篇)_第3张图片

完整项目结构

秒懂HTTPS接口(接口测试篇)_第4张图片

秒懂HTTPS接口系列源码:
https://github.com/zuozewei/Java-API-Test-Examples

相关系列:
秒懂HTTPS接口(原理篇)
秒懂HTTPS接口(实现篇)
秒懂HTTPS接口(JMeter压测篇)

你可能感兴趣的:(接口自动化,#,Java接口自动化)