文章目录
- 一、前言
- 二、具体实现
- 1、引包
- 2、采用绕过证书验证测试HTTPS接口
- 3、采用设置信任自签名证书测试HTTPS接口
- 4、验证数据库
- 三、完整项目结构
一、前言
下面我们来测试下我们秒懂HTTPS接口(实现篇)写的HTTPS接口(Java版)
技术选型:
- HTTP工具包:HttpClient 4.5.5
- 测试框架:TestNG
- Json序列化库:fastjson
二、具体实现
1、引包
引入相关包
<!--引入接口测试相关包--><dependency><groupId>org.apache.httpcomponents</groupId><artifactId>httpclient</artifactId><version>4.5.5</version></dependency><dependency><groupId>org.testng</groupId><artifactId>testng</artifactId><version>6.14.3</version></dependency><dependency><groupId>com.alibaba</groupId><artifactId>fastjson</artifactId><version>1.2.47</version></dependency><dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-configuration-processor</artifactId><optional>true</optional></dependency>
测试HTTPS接口可以通过以下两种方式:
- 采用绕过证书验证实现HTTPS
- 采用设置信任自签名证书实现HTTPS
2、采用绕过证书验证测试HTTPS接口
在src/test/util下创建HttpUtil工具类
实现绕过SSL验证方法
/*** 绕过SSL验证** @return* @throws NoSuchAlgorithmException* @throws KeyManagementException*/public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {SSLContext sslContext = SSLContext.getInstance("SSLv3");// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法X509TrustManager trustManager = new X509TrustManager() {@Overridepublic void checkClientTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,String paramString) throws CertificateException {}@Overridepublic void checkServerTrusted(java.security.cert.X509Certificate[] paramArrayOfX509Certificate,String paramString) throws CertificateException {}@Overridepublic java.security.cert.X509Certificate[] getAcceptedIssuers() {return null;}};sslContext.init(null, new TrustManager[] { trustManager }, null);return sslContext;}
实现绕过SSL证书,发送Get请求方法
/*** 绕过SSL证书,发送Get请求* @param url* @param params* @return* @throws IOException* @throws KeyManagementException* @throws NoSuchAlgorithmException*/public static String doIgnoreVerifySSLGet(String url, Map<String,Object> params)throws IOException, KeyManagementException, NoSuchAlgorithmException {//采用绕过验证的方式处理https请求SSLContext sslContext = createIgnoreVerifySSL();final SSLConnectionSocketFactory sslsf;//设置协议http和https对应的处理socket链接工厂的对象sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", new PlainConnectionSocketFactory()).register("https", sslsf).build();final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);cm.setMaxTotal(100);//创建自定义的httpclient对象CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(cm).build();String result = null;//装填参数StringBuffer param = new StringBuffer();if (params != null && !params.isEmpty()) {int i = 0;for (String key : params.keySet()) {if (i == 0) {param.append("?");} else {param.append("&");}param.append(key).append("=").append(params.get(key));i++;}url += param;}//创建get方式请求对象HttpGet httpGet = new HttpGet(url);//执行请求操作,并拿到结果(同步阻塞)CloseableHttpResponse response = httpClient.execute(httpGet);if (response.getStatusLine().getStatusCode() == 200){//获取结果实体HttpEntity httpEntity = response.getEntity();//按指定编码转换结果实体为String类型result = EntityUtils.toString(httpEntity,"UTF-8");}//释放链接response.close();return result;}
实现绕过SSL证书,发送Post请求(Json形式)方法
/*** 绕过SSL证书,发送Post请求(Json形式)* @param url* @param param* @return* @throws IOException* @throws KeyManagementException* @throws NoSuchAlgorithmException*/public static String doIgnoreVerifySSLPost(String url, JSONObject param)throws IOException, KeyManagementException, NoSuchAlgorithmException {//采用绕过验证的方式处理https请求SSLContext sslContext = createIgnoreVerifySSL();final SSLConnectionSocketFactory sslsf;//设置协议http和https对应的处理socket链接工厂的对象sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", new PlainConnectionSocketFactory()).register("https", sslsf).build();final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);cm.setMaxTotal(100);//创建自定义的httpclient对象CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(cm).build();String result = null;//创建post方式请求对象HttpPost httpPost = new HttpPost(url);//装填参数StringEntity entity = new StringEntity(param.toString(),"utf-8");entity.setContentEncoding("UTF-8");entity.setContentType("application/json");//设置参数到请求对象中httpPost.setEntity(entity);//执行请求操作,并拿到结果(同步阻塞)CloseableHttpResponse response = httpClient.execute(httpPost);if (response.getStatusLine().getStatusCode() == 200){//获取结果实体HttpEntity httpEntity = response.getEntity();//按指定编码转换结果实体为String类型result = EntityUtils.toString(httpEntity,"UTF-8");}//释放链接response.close();return result;}
在src/test/cases下创建HttpTest测试类
实现测试方法
@Test(enabled = true,description = "测试绕过SSL证书Post方法")public void doIgnoreVerifySSLPostTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {String url = "https://localhost/springboot/person";//装填参数JSONObject param = new JSONObject();param.put("name","doIgnoreVerifySSLPost");param.put("age",20);//调用方法String response = HttpUtil.doIgnoreVerifySSLPost(url,param);//断言返回结果是否为空Assert.assertNotNull(response);System.out.println("【doIgnoreVerifySSLPost】"+response);}@Test(enabled = true,description = "测试绕过SSL证书Get方法")public void doIgnoreVerifySSLGetTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {String url = "https://localhost/springboot/person";//调用方法String response = HttpUtil.doIgnoreVerifySSLGet(url,null);//断言返回结果是否为空Assert.assertNotNull(response);System.out.println("【doIgnoreVerifySSLGet】"+response);}
运行测试结果
3、采用设置信任自签名证书测试HTTPS接口
在HttpUtil工具类实现验证SSL证书,发送Get请求方法
/*** 验证SSL证书,发送Get请求* @param url* @param params* @return* @throws IOException*/public static String doVerifySSLGet(String url, Map<String,Object> params) throws IOException {//采用验证的SSL证书方式处理https请求SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");final SSLConnectionSocketFactory sslsf;// 设置协议http和https对应的处理socket链接工厂的对象sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", new PlainConnectionSocketFactory()).register("https", sslsf).build();final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);cm.setMaxTotal(100);//创建自定义的httpclient对象CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(cm).build();String result = null;//装填参数StringBuffer param = new StringBuffer();if (params != null && !params.isEmpty()) {int i = 0;for (String key : params.keySet()) {if (i == 0) {param.append("?");} else {param.append("&");}param.append(key).append("=").append(params.get(key));i++;}url += param;}//创建get方式请求对象HttpGet httpGet = new HttpGet(url);//执行请求操作,并拿到结果(同步阻塞)CloseableHttpResponse response = httpClient.execute(httpGet);if (response.getStatusLine().getStatusCode() == 200){//获取结果实体HttpEntity httpEntity = response.getEntity();//按指定编码转换结果实体为String类型result = EntityUtils.toString(httpEntity,"UTF-8");}//释放链接response.close();return result;}
实现验证SSL证书,发送Post请求(Json形式)方法
/*** 验证SSL证书,发送Post请求(Json形式)* @param url* @param param* @return* @throws IOException*/public static String doVerifySSLPost(String url, JSONObject param) throws IOException {//采用验证的SSL证书方式处理https请求SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");final SSLConnectionSocketFactory sslsf;//设置协议http和https对应的处理socket链接工厂的对象sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", new PlainConnectionSocketFactory()).register("https", sslsf).build();final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);cm.setMaxTotal(100);//创建自定义的httpclient对象CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslsf).setConnectionManager(cm).build();String result = null;//创建post方式请求对象HttpPost httpPost = new HttpPost(url);//装填参数StringEntity entity = new StringEntity(param.toString(),"utf-8");entity.setContentEncoding("UTF-8");entity.setContentType("application/json");//设置参数到请求对象中httpPost.setEntity(entity);//执行请求操作,并拿到结果(同步阻塞)CloseableHttpResponse response = httpClient.execute(httpPost);if (response.getStatusLine().getStatusCode() == 200){//获取结果实体HttpEntity httpEntity = response.getEntity();//按指定编码转换结果实体为String类型result = EntityUtils.toString(httpEntity,"UTF-8");}//释放链接response.close();return result;}
在HttpTest测试类,实现测试方法
@Test(enabled = true,description = "测试验证SSL证书Post方法")public void doVerifySSLPostTest() throws IOException {String url = "https://localhost/springboot/person";//装填参数JSONObject param = new JSONObject();param.put("name","doVerifySSLPost");param.put("age",20);//调用方法String response = HttpUtil.doVerifySSLPost(url,param);//断言返回结果是否为空Assert.assertNotNull(response);System.out.println("【doVerifySSLPost】"+response);}@Test(enabled = true,description = "测试验证SSL证书Get方法")public void doVerifySSLGetTest() throws IOException {String url = "https://localhost/springboot/person";//调用方法String response = HttpUtil.doVerifySSLGet(url,null);//断言返回结果是否为空Assert.assertNotNull(response);System.out.println("【doVerifySSLGet】"+response);}
运行测试结果
4、验证数据库
查询数据库结果
三、完整项目结构
秒懂HTTPS接口系列源码:
- https://github.com/zuozewei/blog-example/tree/master/Java-api-test
相关系列:
- 秒懂HTTPS接口(原理篇)
- 秒懂HTTPS接口(实现篇)
- 秒懂HTTPS接口(JMeter压测篇)
