1.使用这个项目实现加密:https://github.com/digitalbazaar/forge
2.编译好的js文件:下载
3.把js文件放到自己项目里面,保证通过http能访问到,cdn min.js的不好使,我已经试过了
4.请求参数:{{password}}为postman的特殊语法,会被变量替换,password为需要加密的字段
{
"base": {},
"params": {
"phone": "15012341234",
"msgCode": "{{msgCode}}",
"password": "{{password}}",
"rsaKeyID": "{{rsaKeyID}}"
}
}
5.在Pre-request Script中设置password
var password = '123456';
var public_key = '-----BEGIN PUBLIC KEY-----\n' +
pm.environment.get("rsaKey") + '\n' + // 事先获取的key
'-----END PUBLIC KEY-----';
var jsscript = pm.environment.get("forgeJS"); // 这个就是我们的脚本
eval(jsscript);
// console.info(public_key)
var publicKey = forge.pki.publicKeyFromPem(public_key);
var buffer = forge.util.createBuffer(password, 'utf8');
var bytes = buffer.getBytes();
var encryptedText = forge.util.encode64(publicKey.encrypt(password, 'RSAES-PKCS1-V1_5', {
md: forge.md.sha256.create(),
mgf1: {
md: forge.md.sha1.create()
}
}));;
postman.setEnvironmentVariable("password", encryptedText); // 设置password环境变量,让{{password}}表达式取值
6.pm.environment.get("forgeJS");的来源
事先跑一个请求获取脚本内容放到postman环境变量中去
参考项目:https://github.com/loveiset/RSAForPostman
Java 关键代码(注意)
public static final String CHARSET = "UTF-8";
public static final String RSA_ALGORITHM = "RSA";
public static final String CIPHER_RSA_ALGORITHM = "RSA/ECB/PKCS1Padding";
KeyPairGenerator kpg;
try {
kpg = KeyPairGenerator.getInstance(RSA_ALGORITHM);
} catch (NoSuchAlgorithmException e) {
throw new IllegalArgumentException("No such algorithm-->[" + RSA_ALGORITHM + "]");
}
Cipher cipher = Cipher.getInstance(CIPHER_RSA_ALGORITHM);
kpg和cipher getInstanc参数值不一样