前言
在秒懂HTTPS接口(实现篇)中我们通过Java实现了一个简单的HTTPS项目示例,下面我们来测试下我们上面这个HTTPS接口(Java版)
技术选型:
- HTTP工具包:HttpClient 4.5.5
- 测试框架:TestNG
- Json序列化库:fastjson
具体实现
引包
引入相关包
1. <!--引入接口测试相关包-->
2. <dependency>
3. <groupId>org.apache.httpcomponents</groupId>
4. <artifactId>httpclient</artifactId>
5. <version>4.5.5</version>
6. </dependency>
7. <dependency>
8. <groupId>org.testng</groupId>
9. <artifactId>testng</artifactId>
10. <version>6.14.3</version>
11. </dependency>
12. <dependency>
13. <groupId>com.alibaba</groupId>
14. <artifactId>fastjson</artifactId>
15. <version>1.2.47</version>
16. </dependency>
17. <dependency>
18. <groupId>org.springframework.boot</groupId>
19. <artifactId>spring-boot-configuration-processor</artifactId>
20. <optional>true</optional>
21. </dependency>
测试该HTTPS接口可以通过以下两种方式:
- 采用绕过证书验证实现HTTPS
- 采用设置信任自签名证书实现HTTPS
采用绕过证书验证测试HTTPS接口
在 src/test/util
下创建HttpUtil工具类
实现绕过SSL验证方法
1. /**
2. * 绕过SSL验证
3. *
4. * @return
5. * @throws NoSuchAlgorithmException
6. * @throws KeyManagementException
7. */
8. public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
9. SSLContext sslContext = SSLContext.getInstance("SSLv3");
10.
11. // 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
12. X509TrustManager trustManager = new X509TrustManager() {
13. @Override
14. public void checkClientTrusted(
15. java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
16. String paramString) throws CertificateException {
17. }
18.
19. @Override
20. public void checkServerTrusted(
21. java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
22. String paramString) throws CertificateException {
23. }
24.
25. @Override
26. public java.security.cert.X509Certificate[] getAcceptedIssuers() {
27. return null;
28. }
29. };
30.
31. sslContext.init(null, new TrustManager[] { trustManager }, null);
32. return sslContext;
33. }
实现绕过SSL证书,发送Get请求方法
1. /**
2. * 绕过SSL证书,发送Get请求
3. * @param url
4. * @param params
5. * @return
6. * @throws IOException
7. * @throws KeyManagementException
8. * @throws NoSuchAlgorithmException
9. */
10. public static String doIgnoreVerifySSLGet(String url, Map<String,Object> params)
11. throws IOException, KeyManagementException, NoSuchAlgorithmException {
12. //采用绕过验证的方式处理https请求
13. SSLContext sslContext = createIgnoreVerifySSL();
14. final SSLConnectionSocketFactory sslsf;
15.
16. //设置协议http和https对应的处理socket链接工厂的对象
17. sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
18. final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
19. .register("http", new PlainConnectionSocketFactory())
20. .register("https", sslsf)
21. .build();
22.
23. final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
24. cm.setMaxTotal(100);
25.
26. //创建自定义的httpclient对象
27. CloseableHttpClient httpClient = HttpClients.custom()
28. .setSSLSocketFactory(sslsf)
29. .setConnectionManager(cm)
30. .build();
31.
32. String result = null;
33. //装填参数
34. StringBuffer param = new StringBuffer();
35. if (params != null && !params.isEmpty()) {
36. int i = 0;
37. for (String key : params.keySet()) {
38. if (i == 0) {
39. param.append("?");
40. } else {
41. param.append("&");
42. }
43. param.append(key).append("=").append(params.get(key));
44. i++;
45. }
46. url += param;
47. }
48. //创建get方式请求对象
49. HttpGet httpGet = new HttpGet(url);
50. //执行请求操作,并拿到结果(同步阻塞)
51. CloseableHttpResponse response = httpClient.execute(httpGet);
52. if (response.getStatusLine().getStatusCode() == 200){
53. //获取结果实体
54. HttpEntity httpEntity = response.getEntity();
55. //按指定编码转换结果实体为String类型
56. result = EntityUtils.toString(httpEntity,"UTF-8");
57. }
58.
59. //释放链接
60. response.close();
61.
62. return result;
63. }
实现绕过SSL证书,发送Post请求(Json形式)方法
1. /**
2. * 绕过SSL证书,发送Post请求(Json形式)
3. * @param url
4. * @param param
5. * @return
6. * @throws IOException
7. * @throws KeyManagementException
8. * @throws NoSuchAlgorithmException
9. */
10. public static String doIgnoreVerifySSLPost(String url, JSONObject param)
11. throws IOException, KeyManagementException, NoSuchAlgorithmException {
12. //采用绕过验证的方式处理https请求
13. SSLContext sslContext = createIgnoreVerifySSL();
14. final SSLConnectionSocketFactory sslsf;
15.
16. //设置协议http和https对应的处理socket链接工厂的对象
17. sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
18. final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
19. .register("http", new PlainConnectionSocketFactory())
20. .register("https", sslsf)
21. .build();
22.
23. final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
24. cm.setMaxTotal(100);
25.
26. //创建自定义的httpclient对象
27. CloseableHttpClient httpClient = HttpClients.custom()
28. .setSSLSocketFactory(sslsf)
29. .setConnectionManager(cm)
30. .build();
31.
32. String result = null;
33. //创建post方式请求对象
34. HttpPost httpPost = new HttpPost(url);
35. //装填参数
36. StringEntity entity = new StringEntity(param.toString(),"utf-8");
37. entity.setContentEncoding("UTF-8");
38. entity.setContentType("application/json");
39. //设置参数到请求对象中
40. httpPost.setEntity(entity);
41.
42. //执行请求操作,并拿到结果(同步阻塞)
43. CloseableHttpResponse response = httpClient.execute(httpPost);
44. if (response.getStatusLine().getStatusCode() == 200){
45. //获取结果实体
46. HttpEntity httpEntity = response.getEntity();
47. //按指定编码转换结果实体为String类型
48. result = EntityUtils.toString(httpEntity,"UTF-8");
49. }
50.
51. //释放链接
52. response.close();
53.
54. return result;
55. }
在 src/test/cases
下创建HttpTest测试类 实现测试方法
1. @Test(enabled = true,description = "测试绕过SSL证书Post方法")
2. public void doIgnoreVerifySSLPostTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
3. String url = "https://localhost/springboot/person";
4. //装填参数
5. JSONObject param = new JSONObject();
6. param.put("name","doIgnoreVerifySSLPost");
7. param.put("age",20);
8. //调用方法
9. String response = HttpUtil.doIgnoreVerifySSLPost(url,param);
10. //断言返回结果是否为空
11. Assert.assertNotNull(response);
12. System.out.println("【doIgnoreVerifySSLPost】"+response);
13. }
14.
15. @Test(enabled = true,description = "测试绕过SSL证书Get方法")
16. public void doIgnoreVerifySSLGetTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
17. String url = "https://localhost/springboot/person";
18. //调用方法
19. String response = HttpUtil.doIgnoreVerifySSLGet(url,null);
20. //断言返回结果是否为空
21. Assert.assertNotNull(response);
22. System.out.println("【doIgnoreVerifySSLGet】"+response);
23. }
运行测试结果
采用设置信任自签名证书测试HTTPS接口
在HttpUtil工具类实现验证SSL证书,发送Get请求方法
1. /**
2. * 验证SSL证书,发送Get请求
3. * @param url
4. * @param params
5. * @return
6. * @throws IOException
7. */
8. public static String doVerifySSLGet(String url, Map<String,Object> params) throws IOException {
9. //采用验证的SSL证书方式处理https请求
10. SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
11. final SSLConnectionSocketFactory sslsf;
12.
13. // 设置协议http和https对应的处理socket链接工厂的对象
14. sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
15. final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
16. .register("http", new PlainConnectionSocketFactory())
17. .register("https", sslsf)
18. .build();
19.
20. final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
21. cm.setMaxTotal(100);
22.
23. //创建自定义的httpclient对象
24. CloseableHttpClient httpClient = HttpClients.custom()
25. .setSSLSocketFactory(sslsf)
26. .setConnectionManager(cm)
27. .build();
28.
29. String result = null;
30. //装填参数
31. StringBuffer param = new StringBuffer();
32. if (params != null && !params.isEmpty()) {
33. int i = 0;
34. for (String key : params.keySet()) {
35. if (i == 0) {
36. param.append("?");
37. } else {
38. param.append("&");
39. }
40. param.append(key).append("=").append(params.get(key));
41. i++;
42. }
43. url += param;
44. }
45.
46. //创建get方式请求对象
47. HttpGet httpGet = new HttpGet(url);
48. //执行请求操作,并拿到结果(同步阻塞)
49. CloseableHttpResponse response = httpClient.execute(httpGet);
50. if (response.getStatusLine().getStatusCode() == 200){
51. //获取结果实体
52. HttpEntity httpEntity = response.getEntity();
53. //按指定编码转换结果实体为String类型
54. result = EntityUtils.toString(httpEntity,"UTF-8");
55. }
56.
57. //释放链接
58. response.close();
59.
60. return result;
61. }
实现验证SSL证书,发送Post请求(Json形式)方法
1. /**
2. * 验证SSL证书,发送Post请求(Json形式)
3. * @param url
4. * @param param
5. * @return
6. * @throws IOException
7. */
8. public static String doVerifySSLPost(String url, JSONObject param) throws IOException {
9. //采用验证的SSL证书方式处理https请求
10. SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
11. final SSLConnectionSocketFactory sslsf;
12.
13. //设置协议http和https对应的处理socket链接工厂的对象
14. sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
15. final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
16. .register("http", new PlainConnectionSocketFactory())
17. .register("https", sslsf)
18. .build();
19.
20. final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
21. cm.setMaxTotal(100);
22.
23. //创建自定义的httpclient对象
24. CloseableHttpClient httpClient = HttpClients.custom()
25. .setSSLSocketFactory(sslsf)
26. .setConnectionManager(cm)
27. .build();
28.
29. String result = null;
30.
31. //创建post方式请求对象
32. HttpPost httpPost = new HttpPost(url);
33. //装填参数
34. StringEntity entity = new StringEntity(param.toString(),"utf-8");
35. entity.setContentEncoding("UTF-8");
36. entity.setContentType("application/json");
37. //设置参数到请求对象中
38. httpPost.setEntity(entity);
39. //执行请求操作,并拿到结果(同步阻塞)
40. CloseableHttpResponse response = httpClient.execute(httpPost);
41. if (response.getStatusLine().getStatusCode() == 200){
42. //获取结果实体
43. HttpEntity httpEntity = response.getEntity();
44. //按指定编码转换结果实体为String类型
45. result = EntityUtils.toString(httpEntity,"UTF-8");
46. }
47. //释放链接
48. response.close();
49.
50. return result;
51. }
在HttpTest测试类,实现测试方法
1. @Test(enabled = true,description = "测试验证SSL证书Post方法")
2. public void doVerifySSLPostTest() throws IOException {
3. String url = "https://localhost/springboot/person";
4. //装填参数
5. JSONObject param = new JSONObject();
6. param.put("name","doVerifySSLPost");
7. param.put("age",20);
8. //调用方法
9. String response = HttpUtil.doVerifySSLPost(url,param);
10. //断言返回结果是否为空
11. Assert.assertNotNull(response);
12. System.out.println("【doVerifySSLPost】"+response);
13. }
14.
15. @Test(enabled = true,description = "测试验证SSL证书Get方法")
16. public void doVerifySSLGetTest() throws IOException {
17. String url = "https://localhost/springboot/person";
18. //调用方法
19. String response = HttpUtil.doVerifySSLGet(url,null);
20. //断言返回结果是否为空
21. Assert.assertNotNull(response);
22. System.out.println("【doVerifySSLGet】"+response);
23. }
运行测试结果
验证数据库
查询数据库结果
完整项目结构
相关系列:
秒懂HTTPS接口(原理篇)
秒懂HTTPS接口(实现篇)