0
点赞
收藏
分享

微信扫一扫

秒懂HTTPS接口(接口测试篇)

秒懂HTTPS接口(接口测试篇)_spring

前言

在秒懂HTTPS接口(实现篇)中我们通过Java实现了一个简单的HTTPS项目示例,下面我们来测试下我们上面这个HTTPS接口(Java版)

技术选型:

  • HTTP工具包:HttpClient 4.5.5
  • 测试框架:TestNG
  • Json序列化库:fastjson

具体实现

引包

引入相关包


1. <!--引入接口测试相关包-->
2.         <dependency>
3.             <groupId>org.apache.httpcomponents</groupId>
4.             <artifactId>httpclient</artifactId>
5.             <version>4.5.5</version>
6.         </dependency>
7.         <dependency>
8.             <groupId>org.testng</groupId>
9.             <artifactId>testng</artifactId>
10.             <version>6.14.3</version>
11.         </dependency>
12.         <dependency>
13.             <groupId>com.alibaba</groupId>
14.             <artifactId>fastjson</artifactId>
15.             <version>1.2.47</version>
16.         </dependency>
17.         <dependency>
18.             <groupId>org.springframework.boot</groupId>
19.             <artifactId>spring-boot-configuration-processor</artifactId>
20.             <optional>true</optional>
21.         </dependency>

测试该HTTPS接口可以通过以下两种方式:

  • 采用绕过证书验证实现HTTPS
  • 采用设置信任自签名证书实现HTTPS

采用绕过证书验证测试HTTPS接口

在 src/test/util下创建HttpUtil工具类

实现绕过SSL验证方法


1. /**
2.      * 绕过SSL验证
3.      *
4.      * @return
5.      * @throws NoSuchAlgorithmException
6.      * @throws KeyManagementException
7.      */
8.     public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
9.         SSLContext sslContext = SSLContext.getInstance("SSLv3");
10. 
11.         // 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
12.         X509TrustManager trustManager = new X509TrustManager() {
13.             @Override
14.             public void checkClientTrusted(
15.                     java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
16.                     String paramString) throws CertificateException {
17.             }
18. 
19.             @Override
20.             public void checkServerTrusted(
21.                     java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
22.                     String paramString) throws CertificateException {
23.             }
24. 
25.             @Override
26.             public java.security.cert.X509Certificate[] getAcceptedIssuers() {
27.                 return null;
28.             }
29.         };
30. 
31.         sslContext.init(null, new TrustManager[] { trustManager }, null);
32.         return sslContext;
33.     }

实现绕过SSL证书,发送Get请求方法


1. /**
2.      * 绕过SSL证书,发送Get请求
3.      * @param url
4.      * @param params
5.      * @return
6.      * @throws IOException
7.      * @throws KeyManagementException
8.      * @throws NoSuchAlgorithmException
9.      */
10.     public static String doIgnoreVerifySSLGet(String url, Map<String,Object> params)
11.             throws IOException, KeyManagementException, NoSuchAlgorithmException {
12.         //采用绕过验证的方式处理https请求
13.         SSLContext sslContext = createIgnoreVerifySSL();
14.         final SSLConnectionSocketFactory sslsf;
15. 
16.         //设置协议http和https对应的处理socket链接工厂的对象
17.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
18.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
19.                 .register("http", new PlainConnectionSocketFactory())
20.                 .register("https", sslsf)
21.                 .build();
22. 
23.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
24.         cm.setMaxTotal(100);
25. 
26.         //创建自定义的httpclient对象
27.         CloseableHttpClient httpClient = HttpClients.custom()
28.                 .setSSLSocketFactory(sslsf)
29.                 .setConnectionManager(cm)
30.                 .build();
31. 
32.         String result = null;
33.         //装填参数
34.         StringBuffer param = new StringBuffer();
35.         if (params != null && !params.isEmpty()) {
36.             int i = 0;
37.             for (String key : params.keySet()) {
38.                 if (i == 0) {
39.                     param.append("?");
40.                 } else {
41.                     param.append("&");
42.                 }
43.                 param.append(key).append("=").append(params.get(key));
44.                 i++;
45.             }
46.             url += param;
47.         }
48.         //创建get方式请求对象
49.         HttpGet httpGet = new HttpGet(url);
50.         //执行请求操作,并拿到结果(同步阻塞)
51.         CloseableHttpResponse response = httpClient.execute(httpGet);
52.         if (response.getStatusLine().getStatusCode() == 200){
53.             //获取结果实体
54.             HttpEntity httpEntity = response.getEntity();
55.             //按指定编码转换结果实体为String类型
56.             result = EntityUtils.toString(httpEntity,"UTF-8");
57.         }
58. 
59.         //释放链接
60.         response.close();
61. 
62.         return result;
63.     }

实现绕过SSL证书,发送Post请求(Json形式)方法


1. /**
2.      * 绕过SSL证书,发送Post请求(Json形式)
3.      * @param url
4.      * @param param
5.      * @return
6.      * @throws IOException
7.      * @throws KeyManagementException
8.      * @throws NoSuchAlgorithmException
9.      */
10.     public static String doIgnoreVerifySSLPost(String url, JSONObject param)
11.             throws IOException, KeyManagementException, NoSuchAlgorithmException {
12.         //采用绕过验证的方式处理https请求
13.         SSLContext sslContext = createIgnoreVerifySSL();
14.         final SSLConnectionSocketFactory sslsf;
15. 
16.         //设置协议http和https对应的处理socket链接工厂的对象
17.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
18.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
19.                 .register("http", new PlainConnectionSocketFactory())
20.                 .register("https", sslsf)
21.                 .build();
22. 
23.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
24.         cm.setMaxTotal(100);
25. 
26.         //创建自定义的httpclient对象
27.         CloseableHttpClient httpClient = HttpClients.custom()
28.                 .setSSLSocketFactory(sslsf)
29.                 .setConnectionManager(cm)
30.                 .build();
31. 
32.         String result = null;
33.         //创建post方式请求对象
34.         HttpPost httpPost = new HttpPost(url);
35.         //装填参数
36.         StringEntity entity = new StringEntity(param.toString(),"utf-8");
37.         entity.setContentEncoding("UTF-8");
38.         entity.setContentType("application/json");
39.         //设置参数到请求对象中
40.         httpPost.setEntity(entity);
41. 
42.         //执行请求操作,并拿到结果(同步阻塞)
43.         CloseableHttpResponse response = httpClient.execute(httpPost);
44.         if (response.getStatusLine().getStatusCode() == 200){
45.             //获取结果实体
46.             HttpEntity httpEntity = response.getEntity();
47.             //按指定编码转换结果实体为String类型
48.             result = EntityUtils.toString(httpEntity,"UTF-8");
49.         }
50. 
51.         //释放链接
52.         response.close();
53. 
54.         return result;
55.     }

在 src/test/cases下创建HttpTest测试类 实现测试方法


1. @Test(enabled = true,description = "测试绕过SSL证书Post方法")
2.     public void doIgnoreVerifySSLPostTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
3.         String url = "https://localhost/springboot/person";
4.         //装填参数
5.         JSONObject param = new JSONObject();
6.         param.put("name","doIgnoreVerifySSLPost");
7.         param.put("age",20);
8.         //调用方法
9.         String response = HttpUtil.doIgnoreVerifySSLPost(url,param);
10.         //断言返回结果是否为空
11.         Assert.assertNotNull(response);
12.         System.out.println("【doIgnoreVerifySSLPost】"+response);
13.     }
14. 
15.     @Test(enabled = true,description = "测试绕过SSL证书Get方法")
16.     public void doIgnoreVerifySSLGetTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
17.         String url = "https://localhost/springboot/person";
18.         //调用方法
19.         String response = HttpUtil.doIgnoreVerifySSLGet(url,null);
20.         //断言返回结果是否为空
21.         Assert.assertNotNull(response);
22.         System.out.println("【doIgnoreVerifySSLGet】"+response);
23.     }

运行测试结果

秒懂HTTPS接口(接口测试篇)_spring_02

采用设置信任自签名证书测试HTTPS接口

在HttpUtil工具类实现验证SSL证书,发送Get请求方法


1. /**
2.      * 验证SSL证书,发送Get请求
3.      * @param url
4.      * @param params
5.      * @return
6.      * @throws IOException
7.      */
8.     public static String doVerifySSLGet(String url, Map<String,Object> params) throws IOException {
9.         //采用验证的SSL证书方式处理https请求
10.         SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
11.         final SSLConnectionSocketFactory sslsf;
12. 
13.         // 设置协议http和https对应的处理socket链接工厂的对象
14.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
15.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
16.                 .register("http", new PlainConnectionSocketFactory())
17.                 .register("https", sslsf)
18.                 .build();
19. 
20.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
21.         cm.setMaxTotal(100);
22. 
23.         //创建自定义的httpclient对象
24.         CloseableHttpClient httpClient = HttpClients.custom()
25.                 .setSSLSocketFactory(sslsf)
26.                 .setConnectionManager(cm)
27.                 .build();
28. 
29.         String result = null;
30.         //装填参数
31.         StringBuffer param = new StringBuffer();
32.         if (params != null && !params.isEmpty()) {
33.             int i = 0;
34.             for (String key : params.keySet()) {
35.                 if (i == 0) {
36.                     param.append("?");
37.                 } else {
38.                     param.append("&");
39.                 }
40.                 param.append(key).append("=").append(params.get(key));
41.                 i++;
42.             }
43.             url += param;
44.         }
45. 
46.         //创建get方式请求对象
47.         HttpGet httpGet = new HttpGet(url);
48.         //执行请求操作,并拿到结果(同步阻塞)
49.         CloseableHttpResponse response = httpClient.execute(httpGet);
50.         if (response.getStatusLine().getStatusCode() == 200){
51.             //获取结果实体
52.             HttpEntity httpEntity = response.getEntity();
53.             //按指定编码转换结果实体为String类型
54.             result = EntityUtils.toString(httpEntity,"UTF-8");
55.         }
56. 
57.         //释放链接
58.         response.close();
59. 
60.         return result;
61.     }

实现验证SSL证书,发送Post请求(Json形式)方法

    1. /**
    2.      * 验证SSL证书,发送Post请求(Json形式)
    3.      * @param url
    4.      * @param param
    5.      * @return
    6.      * @throws IOException
    7.      */
    8.     public static String doVerifySSLPost(String url, JSONObject param) throws IOException {
    9.         //采用验证的SSL证书方式处理https请求
    10.         SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
    11.         final SSLConnectionSocketFactory sslsf;
    12. 
    13.         //设置协议http和https对应的处理socket链接工厂的对象
    14.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
    15.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
    16.                 .register("http", new PlainConnectionSocketFactory())
    17.                 .register("https", sslsf)
    18.                 .build();
    19. 
    20.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
    21.         cm.setMaxTotal(100);
    22. 
    23.         //创建自定义的httpclient对象
    24.         CloseableHttpClient httpClient = HttpClients.custom()
    25.                 .setSSLSocketFactory(sslsf)
    26.                 .setConnectionManager(cm)
    27.                 .build();
    28. 
    29.         String result = null;
    30. 
    31.         //创建post方式请求对象
    32.         HttpPost httpPost = new HttpPost(url);
    33.         //装填参数
    34.         StringEntity entity = new StringEntity(param.toString(),"utf-8");
    35.         entity.setContentEncoding("UTF-8");
    36.         entity.setContentType("application/json");
    37.         //设置参数到请求对象中
    38.         httpPost.setEntity(entity);
    39.         //执行请求操作,并拿到结果(同步阻塞)
    40.         CloseableHttpResponse response = httpClient.execute(httpPost);
    41.         if (response.getStatusLine().getStatusCode() == 200){
    42.             //获取结果实体
    43.             HttpEntity httpEntity = response.getEntity();
    44.             //按指定编码转换结果实体为String类型
    45.             result = EntityUtils.toString(httpEntity,"UTF-8");
    46.         }
    47.         //释放链接
    48.         response.close();
    49. 
    50.         return result;
    51.     }

    在HttpTest测试类,实现测试方法


    1. @Test(enabled = true,description = "测试验证SSL证书Post方法")
    2.     public void doVerifySSLPostTest() throws IOException {
    3.         String url = "https://localhost/springboot/person";
    4.         //装填参数
    5.         JSONObject param = new JSONObject();
    6.         param.put("name","doVerifySSLPost");
    7.         param.put("age",20);
    8.         //调用方法
    9.         String response = HttpUtil.doVerifySSLPost(url,param);
    10.         //断言返回结果是否为空
    11.         Assert.assertNotNull(response);
    12.         System.out.println("【doVerifySSLPost】"+response);
    13.     }
    14. 
    15.     @Test(enabled = true,description = "测试验证SSL证书Get方法")
    16.     public void doVerifySSLGetTest() throws IOException {
    17.         String url = "https://localhost/springboot/person";
    18.         //调用方法
    19.         String response = HttpUtil.doVerifySSLGet(url,null);
    20.         //断言返回结果是否为空
    21.         Assert.assertNotNull(response);
    22.         System.out.println("【doVerifySSLGet】"+response);
    23.     }

    运行测试结果 

    秒懂HTTPS接口(接口测试篇)_spring_03

    验证数据库

    查询数据库结果 

    秒懂HTTPS接口(接口测试篇)_SSL_04

    完整项目结构


    相关系列:

    秒懂HTTPS接口(原理篇)

    秒懂HTTPS接口(实现篇)


    举报

    相关推荐

    0 条评论