JMeter學習筆記3:JSR223 PreProcessor前置處理器對密碼進行RSA加密
阿新 • • 發佈:2018-12-04
在網站中密碼往往不是明文傳送的,其中RSA加密方式,前臺Javascript指令碼對密碼進行加密,然後傳送加密後密碼進行伺服器驗證。
1、首先明白網站加密邏輯
網站部分程式碼如下:
//與後臺互動獲取公鑰 function getPublicKey() { var pubKey = ''; //if ($.cookie('publicKey') == null) { $.ajax({ url: "/Home/GetRsaPublicKey", type: "get", contentType: "application/x-www-form-urlencoded; charset=utf-8", async: false, cache: false, data: {}, dataType: "json", success: function (data) { if (data.Code == 0) { pubKey = data.RsaPublicKey + "," + data.Key; //$.cookie('publicKey', pubKey, { expires: 1 / 1440 }); } else { Config.Method.JudgeCode(data, 1); } } }); //} else { // pubKey = $.cookie('publicKey'); //} return pubKey; } //公鑰加密使用者密碼Pwd為RSA加密後引數 function rsaEncrypt(pwd) { var publicKey = getPublicKey(); setMaxDigits(129); var rsaKey = new RSAKeyPair(publicKey.split(",")[0], "", publicKey.split(",")[1]); var pwdRtn = encryptedString(rsaKey, pwd); return pwdRtn + "," + publicKey.split(",")[2]; } var flag = true; oLoginIn.onclick = function () { if (flag == false) return; flag = false; var strUsername = $("#username").val(); var strPassword = $("#password").val(); //var remflag = document.getElementById("RememberMe").checked; //Save(strUsername, remflag); //var postData = { // username: strUsername, // password: strPassword,//strPassword, // key: strPassword //} var strUsername = $("#username").val(); var strPassword = $("#password").val(); var enPwd = rsaEncrypt(strPassword); var remflag = document.getElementById("RememberMe").checked; Save(strUsername, remflag); var postData = { username: strUsername, password: enPwd.split(",")[0],//strPassword, key: enPwd.split(",")[1] } $.ajax({ url: "/Home/UserLogin", type: "POST", async: false, //dataType:'text', data: JSON.stringify(postData),//要傳遞的引數 contentType: "application/json", ...........略........
通過檢視Js程式碼瞭解到:
a、getPublicKey()作用:通過get請求/Home/GetRsaPublicKey,獲取RsaPublicKey和Key
b、rsaEncrypt(pwd)作用:對pwd和a步驟獲取的key進行加密
c、進行引數傳遞:
var postData = { username: strUsername, password: enPwd.split(",")[0],//strPassword, key: enPwd.split(",")[1] }
2、編寫JSR223 PreProcessor
請注意load js指令碼,否則提示變數或者方法未定義
vars.put("key",value):將value存到jmeter變數key中,在後續請求中使用${“key”}進行引用。
load("BigInt.js"); load("Barrett.js"); load("RSA.js"); function rsaEncrypt(pwd) { // 訪問/Home/GetRsaPublicKey,並通過正則表達提取RsaPublicKey和Key,在JS中直接使用 var publicKey = "${RsaPublicKey}"+","+"${GetKey}"; log.info(publicKey); setMaxDigits(129); var rsaKey = new RSAKeyPair(publicKey.split(",")[0], "", publicKey.split(",")[1]); var pwdRtn = encryptedString(rsaKey, pwd); return pwdRtn + "," + publicKey.split(",")[2]; } var enPwd = rsaEncrypt("hisense"); var password = enPwd.split(",")[0]; log.info(password); vars.put("Password",password); var key = enPwd.split(",")[1]; log.info(key); vars.put("Key",key);
3、Jmeter整個計劃如圖