JMETER,JSR223脚本中的问题,JSR223预处理器javax.script.ScriptException

sg2wtvxw  于 2023-10-20  发布在  Java
关注(0)|答案(1)|浏览(409)

我正在尝试通过JMeter进行登录测试。我被告知,他们正在使用SHA 256哈希和AES加密的安全。SHA用于前端,我希望将其与密码的db端进行比较,然后我需要对散列的passwrod进行AES加密
我通过CSV文件传递我的用户信息(用户名,密码)。我可以毫无问题地取回它们。
我的剧本有问题。我对自己的写作能力没有信心。所以我需要你帮我写剧本。
我尝试了以下脚本:

import java.security.MessageDigest;
    import javax.crypto.Cipher;
    import javax.crypto.spec.SecretKeySpec;
    import org.apache.commons.codec.binary.Base64;


    String plaintextPassword = vars.get("PASSWORD");

    try {
        // Step 1: SHA-256 Hashing
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(plaintextPassword.getBytes());
        byte[] digest = md.digest();

        StringBuilder sha256Hash = new StringBuilder();
        for (byte b : digest) {
        ** sha256Hash.append(String.format("%02x", b));** **Line 17**
        }

        String _Key = "____"; // I came to conclusion that I need random key to be able to perform my AES       encryption. That's why "_Key" is here...

        // Step 2: AES Encryption
        Cipher _Cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
  
        // Generate SecretKeySpec from Base64 encoded key
        SecretKeySpec secretKey = new SecretKeySpec(Base64.decodeBase64(_Key), "AES");

        _Cipher.init(Cipher.ENCRYPT_MODE, secretKey);

       byte[] encryptedBytes = _Cipher.doFinal(sha256Hash.toString().getBytes());

       // Convert the encrypted bytes to a Base64-encoded string
       String encryptedPassword = Base64.encodeBase64String(encryptedBytes);

       vars.put("encryptedPassword", encryptedPassword);

    } catch (Exception e) {
        log.error("Error occurred: " + e.getMessage());
        throw new RuntimeException(e);
    }

并期望同时执行SHA和AES。然而,当我运行脚本时,我在JMeter上得到以下错误

ERROR o.a.j.m.JSR223PreProcessor: Problem in JSR223 script, JSR223 PreProcessor
javax.script.ScriptException: Sourced file: inline evaluation of: ``import java.security.MessageDigest; import javax.crypto.Cipher; import javax.cry . . . '' : Error in method invocation: Static method format( java.lang.String, byte ) not found in class'java.lang.String' : at **Line: 17** : in file: inline evaluation of: ``import java.security.MessageDigest; import javax.crypto.Cipher; import javax.cry . . . '' : String .format ( "%02x" , b ) 
 in inline evaluation of: ``import java.security.MessageDigest; import javax.crypto.Cipher; import javax.cry . . . '' at line number 17
    at bsh.engine.BshScriptEngine.evalSource(BshScriptEngine.java:93) ~[bsh-2.0b6.jar:2.0b6 2016-02-05 05:16:19]
    at bsh.engine.BshScriptEngine.eval(BshScriptEngine.java:46) ~[bsh-2.0b6.jar:2.0b6 2016-02-05 05:16:19]
    at javax.script.AbstractScriptEngine.eval(AbstractScriptEngine.java:231) ~[java.scripting:?]
    at org.apache.jmeter.util.JSR223TestElement.processFileOrScript(JSR223TestElement.java:232) ~[ApacheJMeter_core.jar:5.6.2]
    at org.apache.jmeter.modifiers.JSR223PreProcessor.process(JSR223PreProcessor.java:45) ~[ApacheJMeter_components.jar:5.6.2]
    at org.apache.jmeter.threads.JMeterThread.runPreProcessors(JMeterThread.java:983) ~[ApacheJMeter_core.jar:5.6.2]
    at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:561) ~[ApacheJMeter_core.jar:5.6.2]
    at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:501) ~[ApacheJMeter_core.jar:5.6.2]
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:268) ~[ApacheJMeter_core.jar:5.6.2]
    at java.lang.Thread.run(Thread.java:1623) [?:?]

我似乎找不到我得到的错误的确切解决方案。老实说,我不知道我的剧本是否正确。* 我的脚本是Java脚本 *

qlvxas9a

qlvxas9a1#

1.不要使用Beanshell,因为它与Java不完全兼容,并且它有性能问题,特别是在加密操作方面。更多信息请参阅:Beanshell vs. JSR223 vs. Java For JMeter: Complete Showdown
1.您的代码可以修改为:

def secretKey = 'your-secret-key-here'

def plaintextPassword = vars.get("PASSWORD");

def sha = MessageDigest.getInstance("SHA-256")
byte[] keyBytes = secretKey.getBytes("UTF-8")
keyBytes = sha.digest(keyBytes)

def key = Arrays.copyOf(keyBytes, 16)
def secretKeySpec = new SecretKeySpec(key, "AES")

def cipher = Cipher.getInstance("AES/CBC/PKCS5Padding")
cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec)

def encrypted = cipher.doFinal(plaintextPassword.getBytes("UTF-8"))

def encryptedPassword = new String(encrypted.encodeBase64().toString())

vars.put("encryptedPassword", encryptedPassword)

更多信息请参阅:Encryption and decryption with Groovy

相关问题