秒懂HTTPS接口（接口测试篇）-CFANZ编程社区

秒懂HTTPS接口（接口测试篇）_spring

前言

在秒懂HTTPS接口（实现篇）中我们通过Java实现了一个简单的HTTPS项目示例，下面我们来测试下我们上面这个HTTPS接口（Java版）

技术选型：

HTTP工具包：HttpClient 4.5.5
测试框架：TestNG
Json序列化库：fastjson

具体实现

引包

引入相关包

1. <!--引入接口测试相关包-->
2.         <dependency>
3.             <groupId>org.apache.httpcomponents</groupId>
4.             <artifactId>httpclient</artifactId>
5.             <version>4.5.5</version>
6.         </dependency>
7.         <dependency>
8.             <groupId>org.testng</groupId>
9.             <artifactId>testng</artifactId>
10.             <version>6.14.3</version>
11.         </dependency>
12.         <dependency>
13.             <groupId>com.alibaba</groupId>
14.             <artifactId>fastjson</artifactId>
15.             <version>1.2.47</version>
16.         </dependency>
17.         <dependency>
18.             <groupId>org.springframework.boot</groupId>
19.             <artifactId>spring-boot-configuration-processor</artifactId>
20.             <optional>true</optional>
21.         </dependency>

测试该HTTPS接口可以通过以下两种方式：

采用绕过证书验证实现HTTPS
采用设置信任自签名证书实现HTTPS

采用绕过证书验证测试HTTPS接口

在 src/test/util下创建HttpUtil工具类

实现绕过SSL验证方法

1. /**
2.      * 绕过SSL验证
3.      *
4.      * @return
5.      * @throws NoSuchAlgorithmException
6.      * @throws KeyManagementException
7.      */
8.     public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
9.         SSLContext sslContext = SSLContext.getInstance("SSLv3");
10. 
11.         // 实现一个X509TrustManager接口，用于绕过验证，不用修改里面的方法
12.         X509TrustManager trustManager = new X509TrustManager() {
13.             @Override
14.             public void checkClientTrusted(
15.                     java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
16.                     String paramString) throws CertificateException {
17.             }
18. 
19.             @Override
20.             public void checkServerTrusted(
21.                     java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
22.                     String paramString) throws CertificateException {
23.             }
24. 
25.             @Override
26.             public java.security.cert.X509Certificate[] getAcceptedIssuers() {
27.                 return null;
28.             }
29.         };
30. 
31.         sslContext.init(null, new TrustManager[] { trustManager }, null);
32.         return sslContext;
33.     }

实现绕过SSL证书，发送Get请求方法

1. /**
2.      * 绕过SSL证书，发送Get请求
3.      * @param url
4.      * @param params
5.      * @return
6.      * @throws IOException
7.      * @throws KeyManagementException
8.      * @throws NoSuchAlgorithmException
9.      */
10.     public static String doIgnoreVerifySSLGet(String url, Map<String,Object> params)
11.             throws IOException, KeyManagementException, NoSuchAlgorithmException {
12.         //采用绕过验证的方式处理https请求
13.         SSLContext sslContext = createIgnoreVerifySSL();
14.         final SSLConnectionSocketFactory sslsf;
15. 
16.         //设置协议http和https对应的处理socket链接工厂的对象
17.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
18.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
19.                 .register("http", new PlainConnectionSocketFactory())
20.                 .register("https", sslsf)
21.                 .build();
22. 
23.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
24.         cm.setMaxTotal(100);
25. 
26.         //创建自定义的httpclient对象
27.         CloseableHttpClient httpClient = HttpClients.custom()
28.                 .setSSLSocketFactory(sslsf)
29.                 .setConnectionManager(cm)
30.                 .build();
31. 
32.         String result = null;
33.         //装填参数
34.         StringBuffer param = new StringBuffer();
35.         if (params != null && !params.isEmpty()) {
36.             int i = 0;
37.             for (String key : params.keySet()) {
38.                 if (i == 0) {
39.                     param.append("?");
40.                 } else {
41.                     param.append("&");
42.                 }
43.                 param.append(key).append("=").append(params.get(key));
44.                 i++;
45.             }
46.             url += param;
47.         }
48.         //创建get方式请求对象
49.         HttpGet httpGet = new HttpGet(url);
50.         //执行请求操作，并拿到结果（同步阻塞）
51.         CloseableHttpResponse response = httpClient.execute(httpGet);
52.         if (response.getStatusLine().getStatusCode() == 200){
53.             //获取结果实体
54.             HttpEntity httpEntity = response.getEntity();
55.             //按指定编码转换结果实体为String类型
56.             result = EntityUtils.toString(httpEntity,"UTF-8");
57.         }
58. 
59.         //释放链接
60.         response.close();
61. 
62.         return result;
63.     }

实现绕过SSL证书，发送Post请求（Json形式）方法

1. /**
2.      * 绕过SSL证书，发送Post请求（Json形式）
3.      * @param url
4.      * @param param
5.      * @return
6.      * @throws IOException
7.      * @throws KeyManagementException
8.      * @throws NoSuchAlgorithmException
9.      */
10.     public static String doIgnoreVerifySSLPost(String url, JSONObject param)
11.             throws IOException, KeyManagementException, NoSuchAlgorithmException {
12.         //采用绕过验证的方式处理https请求
13.         SSLContext sslContext = createIgnoreVerifySSL();
14.         final SSLConnectionSocketFactory sslsf;
15. 
16.         //设置协议http和https对应的处理socket链接工厂的对象
17.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
18.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
19.                 .register("http", new PlainConnectionSocketFactory())
20.                 .register("https", sslsf)
21.                 .build();
22. 
23.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
24.         cm.setMaxTotal(100);
25. 
26.         //创建自定义的httpclient对象
27.         CloseableHttpClient httpClient = HttpClients.custom()
28.                 .setSSLSocketFactory(sslsf)
29.                 .setConnectionManager(cm)
30.                 .build();
31. 
32.         String result = null;
33.         //创建post方式请求对象
34.         HttpPost httpPost = new HttpPost(url);
35.         //装填参数
36.         StringEntity entity = new StringEntity(param.toString(),"utf-8");
37.         entity.setContentEncoding("UTF-8");
38.         entity.setContentType("application/json");
39.         //设置参数到请求对象中
40.         httpPost.setEntity(entity);
41. 
42.         //执行请求操作，并拿到结果（同步阻塞）
43.         CloseableHttpResponse response = httpClient.execute(httpPost);
44.         if (response.getStatusLine().getStatusCode() == 200){
45.             //获取结果实体
46.             HttpEntity httpEntity = response.getEntity();
47.             //按指定编码转换结果实体为String类型
48.             result = EntityUtils.toString(httpEntity,"UTF-8");
49.         }
50. 
51.         //释放链接
52.         response.close();
53. 
54.         return result;
55.     }

在 src/test/cases下创建HttpTest测试类实现测试方法

1. @Test(enabled = true,description = "测试绕过SSL证书Post方法")
2.     public void doIgnoreVerifySSLPostTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
3.         String url = "https://localhost/springboot/person";
4.         //装填参数
5.         JSONObject param = new JSONObject();
6.         param.put("name","doIgnoreVerifySSLPost");
7.         param.put("age",20);
8.         //调用方法
9.         String response = HttpUtil.doIgnoreVerifySSLPost(url,param);
10.         //断言返回结果是否为空
11.         Assert.assertNotNull(response);
12.         System.out.println("【doIgnoreVerifySSLPost】"+response);
13.     }
14. 
15.     @Test(enabled = true,description = "测试绕过SSL证书Get方法")
16.     public void doIgnoreVerifySSLGetTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
17.         String url = "https://localhost/springboot/person";
18.         //调用方法
19.         String response = HttpUtil.doIgnoreVerifySSLGet(url,null);
20.         //断言返回结果是否为空
21.         Assert.assertNotNull(response);
22.         System.out.println("【doIgnoreVerifySSLGet】"+response);
23.     }

运行测试结果

秒懂HTTPS接口（接口测试篇）_spring_02

采用设置信任自签名证书测试HTTPS接口

在HttpUtil工具类实现验证SSL证书，发送Get请求方法

1. /**
2.      * 验证SSL证书，发送Get请求
3.      * @param url
4.      * @param params
5.      * @return
6.      * @throws IOException
7.      */
8.     public static String doVerifySSLGet(String url, Map<String,Object> params) throws IOException {
9.         //采用验证的SSL证书方式处理https请求
10.         SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
11.         final SSLConnectionSocketFactory sslsf;
12. 
13.         // 设置协议http和https对应的处理socket链接工厂的对象
14.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
15.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
16.                 .register("http", new PlainConnectionSocketFactory())
17.                 .register("https", sslsf)
18.                 .build();
19. 
20.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
21.         cm.setMaxTotal(100);
22. 
23.         //创建自定义的httpclient对象
24.         CloseableHttpClient httpClient = HttpClients.custom()
25.                 .setSSLSocketFactory(sslsf)
26.                 .setConnectionManager(cm)
27.                 .build();
28. 
29.         String result = null;
30.         //装填参数
31.         StringBuffer param = new StringBuffer();
32.         if (params != null && !params.isEmpty()) {
33.             int i = 0;
34.             for (String key : params.keySet()) {
35.                 if (i == 0) {
36.                     param.append("?");
37.                 } else {
38.                     param.append("&");
39.                 }
40.                 param.append(key).append("=").append(params.get(key));
41.                 i++;
42.             }
43.             url += param;
44.         }
45. 
46.         //创建get方式请求对象
47.         HttpGet httpGet = new HttpGet(url);
48.         //执行请求操作，并拿到结果（同步阻塞）
49.         CloseableHttpResponse response = httpClient.execute(httpGet);
50.         if (response.getStatusLine().getStatusCode() == 200){
51.             //获取结果实体
52.             HttpEntity httpEntity = response.getEntity();
53.             //按指定编码转换结果实体为String类型
54.             result = EntityUtils.toString(httpEntity,"UTF-8");
55.         }
56. 
57.         //释放链接
58.         response.close();
59. 
60.         return result;
61.     }

实现验证SSL证书，发送Post请求（Json形式）方法

1. /**
2.      * 验证SSL证书，发送Post请求（Json形式）
3.      * @param url
4.      * @param param
5.      * @return
6.      * @throws IOException
7.      */
8.     public static String doVerifySSLPost(String url, JSONObject param) throws IOException {
9.         //采用验证的SSL证书方式处理https请求
10.         SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
11.         final SSLConnectionSocketFactory sslsf;
12. 
13.         //设置协议http和https对应的处理socket链接工厂的对象
14.         sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
15.         final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
16.                 .register("http", new PlainConnectionSocketFactory())
17.                 .register("https", sslsf)
18.                 .build();
19. 
20.         final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
21.         cm.setMaxTotal(100);
22. 
23.         //创建自定义的httpclient对象
24.         CloseableHttpClient httpClient = HttpClients.custom()
25.                 .setSSLSocketFactory(sslsf)
26.                 .setConnectionManager(cm)
27.                 .build();
28. 
29.         String result = null;
30. 
31.         //创建post方式请求对象
32.         HttpPost httpPost = new HttpPost(url);
33.         //装填参数
34.         StringEntity entity = new StringEntity(param.toString(),"utf-8");
35.         entity.setContentEncoding("UTF-8");
36.         entity.setContentType("application/json");
37.         //设置参数到请求对象中
38.         httpPost.setEntity(entity);
39.         //执行请求操作，并拿到结果（同步阻塞）
40.         CloseableHttpResponse response = httpClient.execute(httpPost);
41.         if (response.getStatusLine().getStatusCode() == 200){
42.             //获取结果实体
43.             HttpEntity httpEntity = response.getEntity();
44.             //按指定编码转换结果实体为String类型
45.             result = EntityUtils.toString(httpEntity,"UTF-8");
46.         }
47.         //释放链接
48.         response.close();
49. 
50.         return result;
51.     }

在HttpTest测试类，实现测试方法

1. @Test(enabled = true,description = "测试验证SSL证书Post方法")
2.     public void doVerifySSLPostTest() throws IOException {
3.         String url = "https://localhost/springboot/person";
4.         //装填参数
5.         JSONObject param = new JSONObject();
6.         param.put("name","doVerifySSLPost");
7.         param.put("age",20);
8.         //调用方法
9.         String response = HttpUtil.doVerifySSLPost(url,param);
10.         //断言返回结果是否为空
11.         Assert.assertNotNull(response);
12.         System.out.println("【doVerifySSLPost】"+response);
13.     }
14. 
15.     @Test(enabled = true,description = "测试验证SSL证书Get方法")
16.     public void doVerifySSLGetTest() throws IOException {
17.         String url = "https://localhost/springboot/person";
18.         //调用方法
19.         String response = HttpUtil.doVerifySSLGet(url,null);
20.         //断言返回结果是否为空
21.         Assert.assertNotNull(response);
22.         System.out.println("【doVerifySSLGet】"+response);
23.     }

运行测试结果

秒懂HTTPS接口（接口测试篇）_spring_03