When performance testing, it is possible to encounter a scenario: interface request due to security concerns need to be sent encrypted.
In this scenario, the performance achieved using Jmeter testing is also required sends the request message using the same encoding rule.
To achieve these performance tests There are several strategies:
- Direct removal of ciphertext rule - not because the message encryption key performance, then simplicity, direct test to some extent expressly request is acceptable.
- Using the same encryption rule to send an encrypted message - this process is clearly closer to the actual scene, it is generally more recommended.
This article discusses the use of encryption Jmeter transmission request for performance testing.
Jar package 1. Package encryption method, introduced Jmeter
First, make sure the products tested encryption policy.
This process should by reading interface definition document, ask developers, combined with packet capture resolution.
For example, an interface for creating an order of capture results:
Request packet:
POST https://ops.********.cn/***-api/member/system/login HTTP/1.1
Accept-Language: zh-CN,zh;q=0.8
User-Agent: Mozilla/5.0 (Linux; U; Android 6.0.1; zh-cn; Redmi 4A Build/MMB29M) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
token: 90e76710e105b217d185832057220cdd
appCode: ******
compCode: ****
Content-Type: application/x-www-form-urlencoded
Content-Length: 99
Host: ops.********.cn
Connection: Keep-Alive
Accept-Encoding: gzip
account=*********&password=2ac9cb7dc02b3c0083eb70898e549b63&sign=4b9932154067b4a35bd4c2e9eba8036f
The request may be the above analysis, the main part of the encrypted password check code inspection parameter and the sign (in this case a request for a partial encryption parameter, in fact, the entire encrypted message may be more common).
Then, we need to prepare the appropriate encryption method.
It is recommended that allow developers to directly give the original product encryption method, to be exported form jar package, to ensure that the encryption method to test the performance of products in line with the original encryption rules.
Or if the clear encryption, encryption can also use third-party jar package, or write your own. Here is more recommend the first, made the development of coordination.
Finally, the prepared jar package, import Jmeter test plan.
2. encryption parameters
Use BeanShellPreProcessor, encryption of the request.
The idea is:
- Introducing the first step using a jar as Encryption Library
- Using a specific key, needs to be encrypted is encrypted fields
- The field is stored encrypted as variables for use interface calls.
BeanShell code is as follows:
Import cn.hutool.json.JSONUtil; Import COM *** controller.HttpClientUtil;.. Import COM *** encrypt.EncryptUtil;.. Import COM *** encrypt.gmhelper.MD5Util;.. Import java.util.HashMap ; // set the key String signkey = "47fbbbd 0b8d7378 ********" ; // read user account variables String UserAccount = vars.get ( "user" ); String Pass = vars.get ( "Pass " ); // encryption process paramMap = new new the HashMap (); String password = MD5Util.encrypt (Pass); paramMap.put ( " Account " , UserAccount); paramMap.put ( "password" , password); String Sign = EncryptUtil.md5sign1 (paramMap, signkey) .toLowerCase (); // The parameters are stored encrypted variable vars.put ( "password" , password); VARS. PUT ( "Sign", Sign)
Subsequently, as long as the interface requests among variables used in the form of transmission parameters, to achieve a transmission request encrypted message part.
Call interface sends a request to verify that the message encryption is implemented:
Similarly requests an encryption process may be implemented in a number of different interfaces, the overall project Jmeter configured as follows:
