秒懂HTTPS接口(接口测试篇)
在秒懂HTTPS接口(实现篇)中我们通过Java实现了一个简单的HTTPS项目示例,下面我们来测试下我们上面这个HTTPS接口(Java版)
技术选型:
- HTTP工具包:HttpClient 4.5.5
- 测试框架:TestNG
- Json序列化库:fastjson
具体实现
引包
引入相关包
<!--引入接口测试相关包-->
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.5.5</version>
</dependency>
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
<version>6.14.3</version>
</dependency>
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>fastjson</artifactId>
<version>1.2.47</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>测试该HTTPS接口可以通过以下两种方式:
- 采用绕过证书验证实现HTTPS
- 采用设置信任自签名证书实现HTTPS
采用绕过证书验证测试HTTPS接口
在 src/test/util下创建HttpUtil工具类
实现绕过SSL验证方法
/**
* 绕过SSL验证
*
* @return
* @throws NoSuchAlgorithmException
* @throws KeyManagementException
*/
public static SSLContext createIgnoreVerifySSL() throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = SSLContext.getInstance("SSLv3");
// 实现一个X509TrustManager接口,用于绕过验证,不用修改里面的方法
X509TrustManager trustManager = new X509TrustManager() {
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] paramArrayOfX509Certificate,
String paramString) throws CertificateException {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
};
sslContext.init(null, new TrustManager[] { trustManager }, null);
return sslContext;
}实现绕过SSL证书,发送Get请求方法
/**
* 绕过SSL证书,发送Get请求
* @param url
* @param params
* @return
* @throws IOException
* @throws KeyManagementException
* @throws NoSuchAlgorithmException
*/
public static String doIgnoreVerifySSLGet(String url, Map<String,Object> params)
throws IOException, KeyManagementException, NoSuchAlgorithmException {
//采用绕过验证的方式处理https请求
SSLContext sslContext = createIgnoreVerifySSL();
final SSLConnectionSocketFactory sslsf;
//设置协议http和https对应的处理socket链接工厂的对象
sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(100);
//创建自定义的httpclient对象
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
String result = null;
//装填参数
StringBuffer param = new StringBuffer();
if (params != null && !params.isEmpty()) {
int i = 0;
for (String key : params.keySet()) {
if (i == 0) {
param.append("?");
} else {
param.append("&");
}
param.append(key).append("=").append(params.get(key));
i++;
}
url += param;
}
//创建get方式请求对象
HttpGet httpGet = new HttpGet(url);
//执行请求操作,并拿到结果(同步阻塞)
CloseableHttpResponse response = httpClient.execute(httpGet);
if (response.getStatusLine().getStatusCode() == 200){
//获取结果实体
HttpEntity httpEntity = response.getEntity();
//按指定编码转换结果实体为String类型
result = EntityUtils.toString(httpEntity,"UTF-8");
}
//释放链接
response.close();
return result;
}实现绕过SSL证书,发送Post请求(Json形式)方法
/**
* 绕过SSL证书,发送Post请求(Json形式)
* @param url
* @param param
* @return
* @throws IOException
* @throws KeyManagementException
* @throws NoSuchAlgorithmException
*/
public static String doIgnoreVerifySSLPost(String url, JSONObject param)
throws IOException, KeyManagementException, NoSuchAlgorithmException {
//采用绕过验证的方式处理https请求
SSLContext sslContext = createIgnoreVerifySSL();
final SSLConnectionSocketFactory sslsf;
//设置协议http和https对应的处理socket链接工厂的对象
sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(100);
//创建自定义的httpclient对象
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
String result = null;
//创建post方式请求对象
HttpPost httpPost = new HttpPost(url);
//装填参数
StringEntity entity = new StringEntity(param.toString(),"utf-8");
entity.setContentEncoding("UTF-8");
entity.setContentType("application/json");
//设置参数到请求对象中
httpPost.setEntity(entity);
//执行请求操作,并拿到结果(同步阻塞)
CloseableHttpResponse response = httpClient.execute(httpPost);
if (response.getStatusLine().getStatusCode() == 200){
//获取结果实体
HttpEntity httpEntity = response.getEntity();
//按指定编码转换结果实体为String类型
result = EntityUtils.toString(httpEntity,"UTF-8");
}
//释放链接
response.close();
return result;
}在 src/test/cases下创建HttpTest测试类 实现测试方法
@Test(enabled = true,description = "测试绕过SSL证书Post方法")
public void doIgnoreVerifySSLPostTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
String url = "https://localhost/springboot/person";
//装填参数
JSONObject param = new JSONObject();
param.put("name","doIgnoreVerifySSLPost");
param.put("age",20);
//调用方法
String response = HttpUtil.doIgnoreVerifySSLPost(url,param);
//断言返回结果是否为空
Assert.assertNotNull(response);
System.out.println("【doIgnoreVerifySSLPost】"+response);
}
@Test(enabled = true,description = "测试绕过SSL证书Get方法")
public void doIgnoreVerifySSLGetTest() throws IOException, NoSuchAlgorithmException, KeyManagementException {
String url = "https://localhost/springboot/person";
//调用方法
String response = HttpUtil.doIgnoreVerifySSLGet(url,null);
//断言返回结果是否为空
Assert.assertNotNull(response);
System.out.println("【doIgnoreVerifySSLGet】"+response);
}运行测试结果
采用设置信任自签名证书测试HTTPS接口
在HttpUtil工具类实现验证SSL证书,发送Get请求方法
/**
* 验证SSL证书,发送Get请求
* @param url
* @param params
* @return
* @throws IOException
*/
public static String doVerifySSLGet(String url, Map<String,Object> params) throws IOException {
//采用验证的SSL证书方式处理https请求
SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
final SSLConnectionSocketFactory sslsf;
// 设置协议http和https对应的处理socket链接工厂的对象
sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(100);
//创建自定义的httpclient对象
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
String result = null;
//装填参数
StringBuffer param = new StringBuffer();
if (params != null && !params.isEmpty()) {
int i = 0;
for (String key : params.keySet()) {
if (i == 0) {
param.append("?");
} else {
param.append("&");
}
param.append(key).append("=").append(params.get(key));
i++;
}
url += param;
}
//创建get方式请求对象
HttpGet httpGet = new HttpGet(url);
//执行请求操作,并拿到结果(同步阻塞)
CloseableHttpResponse response = httpClient.execute(httpGet);
if (response.getStatusLine().getStatusCode() == 200){
//获取结果实体
HttpEntity httpEntity = response.getEntity();
//按指定编码转换结果实体为String类型
result = EntityUtils.toString(httpEntity,"UTF-8");
}
//释放链接
response.close();
return result;
}实现验证SSL证书,发送Post请求(Json形式)方法
/**
* 验证SSL证书,发送Post请求(Json形式)
* @param url
* @param param
* @return
* @throws IOException
*/
public static String doVerifySSLPost(String url, JSONObject param) throws IOException {
//采用验证的SSL证书方式处理https请求
SSLContext sslContext = SSLCustom("./src/main/resources/keystore.p12","zuozewei");
final SSLConnectionSocketFactory sslsf;
//设置协议http和https对应的处理socket链接工厂的对象
sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
final Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", new PlainConnectionSocketFactory())
.register("https", sslsf)
.build();
final PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(registry);
cm.setMaxTotal(100);
//创建自定义的httpclient对象
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(sslsf)
.setConnectionManager(cm)
.build();
String result = null;
//创建post方式请求对象
HttpPost httpPost = new HttpPost(url);
//装填参数
StringEntity entity = new StringEntity(param.toString(),"utf-8");
entity.setContentEncoding("UTF-8");
entity.setContentType("application/json");
//设置参数到请求对象中
httpPost.setEntity(entity);
//执行请求操作,并拿到结果(同步阻塞)
CloseableHttpResponse response = httpClient.execute(httpPost);
if (response.getStatusLine().getStatusCode() == 200){
//获取结果实体
HttpEntity httpEntity = response.getEntity();
//按指定编码转换结果实体为String类型
result = EntityUtils.toString(httpEntity,"UTF-8");
}
//释放链接
response.close();
return result;
}在HttpTest测试类,实现测试方法
@Test(enabled = true,description = "测试验证SSL证书Post方法")
public void doVerifySSLPostTest() throws IOException {
String url = "https://localhost/springboot/person";
//装填参数
JSONObject param = new JSONObject();
param.put("name","doVerifySSLPost");
param.put("age",20);
//调用方法
String response = HttpUtil.doVerifySSLPost(url,param);
//断言返回结果是否为空
Assert.assertNotNull(response);
System.out.println("【doVerifySSLPost】"+response);
}
@Test(enabled = true,description = "测试验证SSL证书Get方法")
public void doVerifySSLGetTest() throws IOException {
String url = "https://localhost/springboot/person";
//调用方法
String response = HttpUtil.doVerifySSLGet(url,null);
//断言返回结果是否为空
Assert.assertNotNull(response);
System.out.println("【doVerifySSLGet】"+response);
}运行测试结果
验证数据库
查询数据库结果
完整项目结构
相关系列:
本文参与 腾讯云自媒体分享计划,分享自微信公众号。
原始发表:2018-12-03,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读