foreword
Generally, the company's external interfaces will use sign signatures, and provide different apikeys for different customers, which can improve the security of interface requests and avoid random requests after being captured.
I talked about using python code to implement sign signatures before. This time I will introduce how to implement sign signatures on jmeter. The ideas are similar.
1. sign signature
The method of signature parameter sign generation
Step 1: Sort all parameters (note that all parameters), except sign itself, and parameters whose values are empty, in ascending alphabetical order of parameter names
Step 2: Then sort the sorted parameters according to parameter 1 value 1 parameter 2 value 2...parameter n value n (the parameters and values here must be the original values of the transmission parameters, and cannot be processed, such as " cannot be converted into " and then splicing) into a string
Step 3: Concatenate the verification key key assigned to the access party with the string key obtained in step 2
Step 2: Add the verification key key after the string obtained in the previous step (the key key here is assigned by the interface provider to the interface access party), and then calculate the md5 value to obtain a 32-bit string, and then transfer into uppercase
Step 4: Calculate the md5 value (32 bits) obtained after converting the string to lowercase in step 3, and use the obtained string as the value of sign
Assume that the transmitted data is: http://www.xxx.com/interface.aspx?sign=sign_value&p2=v2&p1=v1&method=cancel&p3=&pn=vn
(actually it is best to send by post), where the sign parameter corresponds to sign_value is the value of the signature
The first step is to concatenate the string, first remove the sign parameter itself, and then remove the parameter p3 whose value is empty, leaving p2=v2&p1=v1&method=cancel&pn=vn, and then sort in ascending order of the parameter name characters, method=cancel&p1=v1&p2=v2&pn =vn
The second step is to splice the parameter name and value, and finally get methodcancelp1v1p2v2pnvn
The third step is to add the verification key key after the above concatenated string, we assume it is abc, and get a new string methodcancelp1v1p2v2pnvnabc
The fourth step, and then replace the string with lowercase for md5 calculation, assuming that the result is abcdef, this value is the signature value of sign
Note, before calculating md5, please ensure that the string encoding of the interface is consistent with that of the access party. For example, utf-8 encoding or GBK encoding is used uniformly. If the encoding methods are inconsistent, the calculated signature will fail to verify
Two, python implements sign signature
First, understand the signature rules according to the signature document, and carefully read the above signature rules (not every interface has the same signature rules, here is just an example)
We assume that the apikey provided is 12345678, and the body parameter of the request is
body = {
"username": "test",
"password": "123456",
"mail": "",
"sign": "签名后的值"
}
Use python to implement signature
import hashlib
apikey = "12345678" # 验证密钥,由开发提供
body = {
"username": "test",
"password": "123456",
"mail": ""
}
# 列表生成式,生成key=value格式
a = ["".join(i) for i in body.items() if i[1] and i[0] != "sign"]
print(a)
# 参数名ASCII码从小到大排序
strA = "".join(sorted(a))
print(strA)
# 在strA后面拼接上apiKey得到striSignTemp字符串
striSignTemp = strA+apikey
# 将strSignTemp字符串转换为小写字符串后进行MD5运算
# MD5加密
def jiamimd5(src):
m = hashlib.md5()
m.update(src.encode('UTF-8'))
return m.hexdigest()
sign = jiamimd5(striSignTemp.lower())
print(sign)
# 得到sign签名后新的body值
body["sign"] = sign
print(body)
operation result
['usernametest', 'password123456']
password123456usernametest
1aca01806e93bb408041965a817666af
{'username': 'test', 'password': '123456', 'mail': '', 'sign': '1aca01806e93bb408041965a817666af'}
3. jmeter adds BeanShell preprocessor
First define global variables, user name and password, ignore the mail parameter, set it to empty
Request Parameters Reference Variables 
Add BeanShell Preprocessors
Four, sign signature
Add sign signature code in BeanShell preprocessing program, java code level is limited, no non-empty judgment and sorting, manually read the values of the two variables of user name and password
After manual sorting, splice the signed key, and finally encrypt it with md5
import org.apache.commons.codec.digest.DigestUtils; //导入md5加密的包
String a = "username" + vars.get("user");
log.info(a);
String b = "password" + vars.get("password");
log.info(b);
String key = "12345678";
log.info(key);
// 排序后拼接字符串
c = b+a+key;
log.info(c);
// md5加密
String md5_after = DigestUtils.md5Hex(c); // md5加密
log.info(md5_after);
// 添加到变量sign
vars.put("sign", md5_after)
After running, check the log signature value: 1aca01806e93bb408041965a817666af
Use the vars.put(varname, value) method to add the signed value to the sign variable
5. Quote the sign variable
The BeanShell preprocessor will execute the request before sending the request, and the request parameter has been signed before the request, just get the value of the sign variable
After running, you can see that the request parameter signature is successful
[The following is the most complete software test engineer learning knowledge architecture system diagram in 2023 that I compiled]
1. From entry to mastery of Python programming
2. Interface automation project actual combat
3. Actual Combat of Web Automation Project
4. Actual Combat of App Automation Project
5. Resume of first-tier manufacturers
6. Test and develop DevOps system
7. Commonly used automated testing tools
Eight, JMeter performance test
9. Summary (little surprise at the end)
life is long so add oil. Every effort will not be let down, as long as you persevere, there will be rewards in the end. Cherish your time and pursue your dreams. Don't forget the original intention, forge ahead. Your future is in your hands!
Life is short, time is precious, we cannot predict what will happen in the future, but we can grasp the present moment. Cherish every day and work hard to make yourself stronger and better. Firm belief, persistent pursuit, success will eventually belong to you!
Only by constantly challenging yourself can you constantly surpass yourself. Persist in pursuing your dreams and move forward bravely, and you will find that the process of struggle is so beautiful and worthwhile. Believe in yourself, you can do it!