我正在尝试通过JMeter进行登录测试。我被告知,他们正在使用SHA 256哈希和AES加密的安全。SHA用于前端,我希望将其与密码的db端进行比较,然后我需要对散列的passwrod进行AES加密
我通过CSV文件传递我的用户信息(用户名,密码)。我可以毫无问题地取回它们。
我的剧本有问题。我对自己的写作能力没有信心。所以我需要你帮我写剧本。
我尝试了以下脚本:
import java.security.MessageDigest;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;
String plaintextPassword = vars.get("PASSWORD");
try {
// Step 1: SHA-256 Hashing
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(plaintextPassword.getBytes());
byte[] digest = md.digest();
StringBuilder sha256Hash = new StringBuilder();
for (byte b : digest) {
** sha256Hash.append(String.format("%02x", b));** **Line 17**
}
String _Key = "____"; // I came to conclusion that I need random key to be able to perform my AES encryption. That's why "_Key" is here...
// Step 2: AES Encryption
Cipher _Cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
// Generate SecretKeySpec from Base64 encoded key
SecretKeySpec secretKey = new SecretKeySpec(Base64.decodeBase64(_Key), "AES");
_Cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedBytes = _Cipher.doFinal(sha256Hash.toString().getBytes());
// Convert the encrypted bytes to a Base64-encoded string
String encryptedPassword = Base64.encodeBase64String(encryptedBytes);
vars.put("encryptedPassword", encryptedPassword);
} catch (Exception e) {
log.error("Error occurred: " + e.getMessage());
throw new RuntimeException(e);
}并期望同时执行SHA和AES。然而,当我运行脚本时,我在JMeter上得到以下错误
ERROR o.a.j.m.JSR223PreProcessor: Problem in JSR223 script, JSR223 PreProcessor
javax.script.ScriptException: Sourced file: inline evaluation of: ``import java.security.MessageDigest; import javax.crypto.Cipher; import javax.cry . . . '' : Error in method invocation: Static method format( java.lang.String, byte ) not found in class'java.lang.String' : at **Line: 17** : in file: inline evaluation of: ``import java.security.MessageDigest; import javax.crypto.Cipher; import javax.cry . . . '' : String .format ( "%02x" , b )
in inline evaluation of: ``import java.security.MessageDigest; import javax.crypto.Cipher; import javax.cry . . . '' at line number 17
at bsh.engine.BshScriptEngine.evalSource(BshScriptEngine.java:93) ~[bsh-2.0b6.jar:2.0b6 2016-02-05 05:16:19]
at bsh.engine.BshScriptEngine.eval(BshScriptEngine.java:46) ~[bsh-2.0b6.jar:2.0b6 2016-02-05 05:16:19]
at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:231) ~[java.scripting:?]
at org.apache.jmeter.util.JSR223TestElement.processFileOrScript(JSR223TestElement.java:232) ~[ApacheJMeter_core.jar:5.6.2]
at org.apache.jmeter.modifiers.JSR223PreProcessor.process(JSR223PreProcessor.java:45) ~[ApacheJMeter_components.jar:5.6.2]
at org.apache.jmeter.threads.JMeterThread.runPreProcessors(JMeterThread.java:983) ~[ApacheJMeter_core.jar:5.6.2]
at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:561) ~[ApacheJMeter_core.jar:5.6.2]
at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:501) ~[ApacheJMeter_core.jar:5.6.2]
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:268) ~[ApacheJMeter_core.jar:5.6.2]
at java.lang.Thread.run(Thread.java:1623) [?:?]我似乎找不到我得到的错误的确切解决方案。老实说,我不知道我的剧本是否正确。* 我的脚本是Java脚本 *
1条答案
按热度按时间qlvxas9a1#
1.不要使用Beanshell,因为它与Java不完全兼容,并且它有性能问题,特别是在加密操作方面。更多信息请参阅:Beanshell vs. JSR223 vs. Java For JMeter: Complete Showdown
1.您的代码可以修改为:
更多信息请参阅:Encryption and decryption with Groovy