JMeter参数签名——Groovy脚本形式---八音弦

发现JMeter系列写了不少文章，干脆整个全套加强版，把剩下的Demo也发一下，旧文如下：

用Groovy处理JMeter断言和日志用Groovy处理JMeter变量用Groovy在JMeter中执行命令行用Groovy处理JMeter中的请求参数用Groovy在JMeter中使用正则提取赋值JMeter吞吐量误差分析Groovy在JMeter中处理cookieGroovy在JMeter中处理header

本期继续Groovy在JMeter中应用的话题。如何在JMeter中对参数进行签名？

相比这个情况接口测试中是经常遇到的，接口的某个参数是由其他参数（包括校验token）决定的，在我的经验中，常见于PHP后端服务中。下面分享一下如何用Groovy脚本处理这种情况。大部分的代码都是开发提供的，只是做了一些调整。有兴趣的可以翻看以前的文章：从Java到Groovy的八级进化论。

首先新建一个简单的线程组和一个简单的请求：添加JSR223 预处理程序

脚本内容：

import org.apache.commons.codec.binary.Base64; import javax.crypto.Cipher; import java.io.ByteArrayOutputStream; import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Map; import java.util.TreeMap; /** * RSA最大加密明文大小 */ int MAX_ENCRYPT_BLOCK = 117; /** * RSA最大解密密文大小 */ int MAX_DECRYPT_BLOCK = 128; /** * RSA私钥 */ String RSA_PRIVATE_KEY = "保密信息"; /** * RSA公钥 */ String RSA_PUBLIC_KEY = "保密信息"; /** * 不参与签名参数 */ String excludeKey = "sign"; /** * 获取私钥 * * @param privateKey 私钥字符串 * @return */ public PrivateKey getPrivateKey(String privateKey) throws Exception { KeyFactory keyFactory = KeyFactory.getInstance("RSA"); byte[] decodedKey = Base64.decodeBase64(privateKey.getBytes()); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(decodedKey); return keyFactory.generatePrivate(keySpec); } /** * 获取公钥 * * @param publicKey 公钥字符串 * @return */ public PublicKey getPublicKey(String publicKey) throws Exception { KeyFactory keyFactory = KeyFactory.getInstance("RSA"); byte[] decodedKey = Base64.decodeBase64(publicKey.getBytes()); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(decodedKey); return keyFactory.generatePublic(keySpec); } /** * RSA加密 * * @param data 待加密数据 * @param publicKey 公钥 * @return */ String encrypt(String data, PublicKey publicKey) throws Exception { Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.ENCRYPT_MODE, publicKey); int inputLen = data.getBytes().length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offset = 0; byte[] cache; int i = 0; // 对数据分段加密 while (inputLen - offset > 0) { if (inputLen - offset > MAX_ENCRYPT_BLOCK) { cache = cipher.doFinal(data.getBytes(), offset, MAX_ENCRYPT_BLOCK); } else { cache = cipher.doFinal(data.getBytes(), offset, inputLen - offset); } out.write(cache, 0, cache.length); i++; offset = i * MAX_ENCRYPT_BLOCK; } byte[] encryptedData = out.toByteArray(); out.close(); // 获取加密内容使用base64进行编码,并以UTF-8为标准转化成字符串 // 加密后的字符串 return new String(Base64.encodeBase64String(encryptedData)); } /** * RSA解密 * * @param data 待解密数据 * @param privateKey 私钥 * @return */ public String decrypt(String data, PrivateKey privateKey) throws Exception { Cipher cipher = Cipher.getInstance("RSA"); cipher.init(Cipher.DECRYPT_MODE, privateKey); byte[] dataBytes = Base64.decodeBase64(data); int inputLen = dataBytes.length; ByteArrayOutputStream out = new ByteArrayOutputStream(); int offset = 0; byte[] cache; int i = 0; // 对数据分段解密 while (inputLen - offset > 0) { if (inputLen - offset > MAX_DECRYPT_BLOCK) { cache = cipher.doFinal(dataBytes, offset, MAX_DECRYPT_BLOCK); } else { cache = cipher.doFinal(dataBytes, offset, inputLen - offset); } out.write(cache, 0, cache.length); i++; offset = i * MAX_DECRYPT_BLOCK; } byte[] decryptedData = out.toByteArray(); out.close(); // 解密后的内容 return new String(decryptedData, "UTF-8"); } /** * 签名 * * @param data 待签名数据 * @param privateKey 私钥 * @return 签名 */ public String sign(String data, PrivateKey privateKey) throws Exception { byte[] keyBytes = privateKey.getEncoded(); PKCS8EncodedKeySpec keySpec = new PKCS8EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PrivateKey key = keyFactory.generatePrivate(keySpec); Signature signature = Signature.getInstance("MD5withRSA"); signature.initSign(key); signature.update(data.getBytes()); return new String(Base64.encodeBase64(signature.sign())); } /** * 验签 * * @param srcData 原始字符串 * @param publicKey 公钥 * @param sign 签名 * @return 是否验签通过 */ public boolean verify(String srcData, PublicKey publicKey, String sign) throws Exception { byte[] keyBytes = publicKey.getEncoded(); X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey key = keyFactory.generatePublic(keySpec); Signature signature = Signature.getInstance("MD5withRSA"); signature.initVerify(key); signature.update(srcData.getBytes()); return signature.verify(Base64.decodeBase64(sign.getBytes())); } /** * 对map进行签名 * @param mapData * @param privateKey * @return * @throws Exception */ public String sign(Map<String, String> mapData, PrivateKey privateKey) throws Exception { return sign(getStr(mapData), privateKey); } /** * 签名验证 * @param mapData 参数map * @param publicKey 公钥 * @return * @throws Exception */ public static boolean verify(Map<String, String> mapData, PublicKey publicKey) throws Exception { String sign = mapData.remove("sign"); if (sign == null || sign.length() < 1) { throw new RuntimeException("参数缺少签名"); } return verify(getStr(mapData), publicKey, sign); } /** * 接口请求参数转字符串 * @param parms * @return */ public String getStr(Map<String, String> parms) { parms.remove("sign"); TreeMap<String, String> sortParms = new TreeMap<>(); sortParms.putAll(parms); StringBuilder builder = new StringBuilder(); for (Map.Entry<String, String> entry : parms.entrySet()) { builder.append(entry.getKey()); builder.append("="); builder.append(String.valueOf(entry.getValue())); builder.append("&"); } if (builder.length() > 1) { builder.setLength(builder.length() - 1); } return builder.toString(); } vars.put("MY1","flow") props.put("MY","ewewewerr") log.info(props.get("MY")) sampler.addArgument("name","funteddster") sampler.addArgument("pwd","funtddester") def args = sampler.getArguments() def ss = [:] log.info(sampler.getArguments().toString()) args.getArgumentCount().times{ def a = args.getArgument(it) ss.put(a.ARG_NAME,a.VALUE) } def my_var = sign(ss,getPrivateKey(RSA_PRIVATE_KEY)) as String; log.warn "输出参数-------- ${vars} console" log.info("222222 " + my_var); sampler.addArgument("sign", my_var)控制台输出：2020-04-16 23:01:28,653 INFO o.a.j.e.StandardJMeterEngine: Running the test! 2020-04-16 23:01:28,654 INFO o.a.j.s.SampleEvent: List of sample_variables: [] 2020-04-16 23:01:28,655 INFO o.a.j.g.u.JMeterMenuBar: setRunning(true, *local*) 2020-04-16 23:01:28,774 INFO o.a.j.e.StandardJMeterEngine: Starting ThreadGroup: 1 : 线程组 2020-04-16 23:01:28,774 INFO o.a.j.e.StandardJMeterEngine: Starting 1 threads for group 线程组. 2020-04-16 23:01:28,774 INFO o.a.j.e.StandardJMeterEngine: Thread will continue on error 2020-04-16 23:01:28,774 INFO o.a.j.t.ThreadGroup: Starting thread group... number=1 threads=1 ramp-up=0 perThread=0.0 delayedStart=false 2020-04-16 23:01:28,775 INFO o.a.j.t.ThreadGroup: Started thread group number 1 2020-04-16 23:01:28,775 INFO o.a.j.e.StandardJMeterEngine: All thread groups have been started 2020-04-16 23:01:28,775 INFO o.a.j.t.JMeterThread: Thread started: 线程组 1-1 2020-04-16 23:01:28,867 INFO o.a.j.m.J.JSR223 参数签名 groovy脚本: ewewewerr 2020-04-16 23:01:28,867 INFO o.a.j.m.J.JSR223 参数签名 groovy脚本: t=flow()&s=ewewewerr()&name=funteddster()&pwd=funtddester() 2020-04-16 23:01:28,871 WARN o.a.j.m.J.JSR223 参数签名 groovy脚本: 输出参数-------- org.apache.jmeter.threads.JMeterVariables@43b2b076 console 2020-04-16 23:01:28,871 INFO o.a.j.m.J.JSR223 参数签名 groovy脚本: 222222 DV1UC0RF7y7FWArtYJP8LaUYwWZm7Mc5P8vmx5e4cGqQstaW3LlfR+o5mSiBTTxLY3NSvsr5EHLkLzPcfJ3YCmjJnneZj+lCb7fR7XA5snwGHJNbeDejn6x3oNVEZF8i4MR/vPO9I1lawA6pEuO5t7kW21IizQdEyxAc2pxLcj8= 2020-04-16 23:01:29,034 INFO o.a.j.t.JMeterThread: Thread is done: 线程组 1-1 2020-04-16 23:01:29,035 INFO o.a.j.t.JMeterThread: Thread finished: 线程组 1-1 2020-04-16 23:01:29,035 INFO o.a.j.e.StandardJMeterEngine: Notifying test listeners of end of test 2020-04-16 23:01:29,035 INFO o.a.j.g.u.JMeterMenuBar: setRunning(false, *local*)查看结果树可以清楚看到，签名字段sign已经写到参数里面了。 ---来自腾讯云社区的---八音弦