This is what I am using/trying in the Beanshell preprocessor:
import java.io.*;import java.math.BigInteger;import java.util.*;import
org.bouncycastle.cert.*;import org.bouncycastle.cert.ocsp.CertificateID;import
org.bouncycastle.cert.ocsp.OCSPReq;import
org.bouncycastle.cert.ocsp.OCSPReqBuilder;import org.bouncycastle.asn1.*;import
org.bouncycastle.openssl.*;import org.bouncycastle.openssl.PEMParser;import
org.bouncycastle.util.io.pem.*;import org.bouncycastle.pkcs.*;import
org.bouncycastle.operator.DigestCalculatorProvider;import
org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import java.security.Security;
String BC = "${securityProvider}";String fName = "${certpath}";
Reader fR = new BufferedReader(new FileReader(fName));PEMParser pPar = new
PEMParser(fR);
X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
DigestCalculatorProvider dCP = new
JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj,
obj.getSerialNumber());
OCSPReqBuilder oRB = new OCSPReqBuilder();oRB.addRequest(cId);OCSPReq oReq =
oRB.build();
byte[] asn1seq = oReq.getEncoded();
String sb = new String(asn1seq);
sampler.getArguments().getArgument(0).setValue(sb);
But when I run the Jmeter test, I am getting the following on the OCSP
responder (the server side):
2019-07-01 17:20:25,625 DEBUG
[org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1)
Reading Configuration: AVAILABLE_PROTOCOLS2019-07-01 17:20:25,633 DEBUG
[org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1) No
default GlobalConfiguration exists. Creating a new one.2019-07-01 17:20:25,633
DEBUG [org.ejbca.util.ServiceControlFilter] (default task-1) Access to service
OCSP is allowed. HTTP request http://127.0.0.1:8080/ejbca/publicweb/status/ocsp
is let through.2019-07-01 17:20:25,634 DEBUG
[org.ejbca.ui.web.protocol.OCSPServlet] (default task-1)
>checkAndGetRequestBytes. Received POST request with content length: 0 from
127.0.0.12019-07-01 17:20:25,634 INFO [org.ejbca.ui.web.LimitLengthASN1Reader]
(default task-1) Not a sequence on top level. Tag was 31.2019-07-01
17:20:25,635 INFO [org.ejbca.ui.web.protocol.OCSPServlet] (default task-1)
Error processing OCSP request. Message: Not a sequence on top level. Tag was
31.2019-07-01 17:20:25,635 DEBUG [org.ejbca.ui.web.protocol.OCSPServlet]
(default task-1) Error processing OCSP request. Message: Not a sequence on top
level. Tag was 31.:
org.cesecore.certificates.ocsp.exception.MalformedRequestException: Not a
sequence on top level. Tag was 31. at
org.ejbca.ui.web.LimitLengthASN1Reader.readFirstASN1Object(LimitLengthASN1Reader.java:109)
at
org.ejbca.ui.web.protocol.OCSPServlet.checkAndGetRequestBytes(OCSPServlet.java:428)
at
org.ejbca.ui.web.protocol.OCSPServlet.processOcspRequest(OCSPServlet.java:251)
at org.ejbca.ui.web.protocol.OCSPServlet.doPost(OCSPServlet.java:191)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:706)
So, it looks like Jmeter is not sending the BODY (the contents of "sb" from the
Preprocessor?)?
Is there something else that I am missing to cause the output from the
preprocessor to be used as the POST BODY?
Thanks,Jim
On Monday, July 1, 2019, 08:59:45 PM UTC, Sergio Boso
<ser...@bosoconsulting.it> wrote:
Hi Ohaya,
I did such a test few years ago, unfortunately I do not have the script at hand.
Also, probably most releases have changed in the meantime.
What I remember is that I needed to get understanding of the bouncy castle
libraries, AND an extensive rewriting of the script, even
of the general setup was useful as a guidance.
Especially, the result checking was quite bugged.
HTH
Sergio
Il 01/07/2019 21:49, oh...@yahoo.com.INVALID ha scritto:
> Hi,
>
> Hmm. It seems like the example test plan isn't as complete as I had hoped
> :(....
>
> FYI, I think the reference to "the public key infrastructure" is to another
> bouncycastle package, "bcpkix-jdk15on-162.jar".
>
> FYI, I am going to try to get this working/debug this as a Java app first,
> and then I can try to make a groovy version after that, once it is clean. I'm
> hoping that that makes it easier for me, initially.
>
>
> I will post back in a bit...
>
> Jim
>
>
>
> On Monday, July 1, 2019, 2:46:59 PM EDT, Felix Schumacher
><felix.schumac...@internetallee.de> wrote:
>
>
> Am 01.07.19 um 19:16 schrieb oh...@yahoo.com.INVALID:
>> Hi,
>>
>> I am trying to implement a Jmeter load test for an OCSP responder, and I
>> found this page, but haven't been able to get it working:
>>
>> https://www.blazemeter.com/blog/how-load-test-ocsp-jmeter/
>>
>> - The first problem that I ran into is where it says "2. Download the public
>> key infrastructure and provider ". The link for the "provider" works and
>> allows me to download "bcprov-jdk15on-156.jar", but I am not sure what the
>> "the public key infrastructure" is supposed to download?
> I think that the "public key infrastructure" means your certificates. If
> you download the bouncycastle provider, you probably should take the
> newest version of it: https://bouncycastle.org/latest_releases.html
>> - Also, for the HTTP Request element, it says "The URL of the responder is
>> defined in the variable section of the script.", but I am not sure what it
>> is referring to when it says "the variable section of the script"?
> I guess that the "user defined variables" table on the test plan (root)
> element is meant. But on the other hand, the text misses to add a
> variable reference on the http sampler (my guess is, that it is hidden
> in the http defaults element, that are not described further in the
> text), so you are free to add your URL to the http sampler yourself.
>
> And now to a few things you haven't asked :)
>
> * Use groovy instead of beanshell whenever possible.
>
> * Don't use ${...} inside JSR223 or other Shell Samplers. Use
> vars.get("...") instead
>
> * Instead of
>
> Failure = false;
> if (oResp.getStatus() != 0) {
> Failure = true;
>
> }
>
> you could use
>
> Failure = oResp.getStatus() != 0;
>
> or if you feel groovy: Failure = oResp.status != 0
>
>
>> Is anyone familiar with this test plan, and gotten it working?
> Note, that I have no OCSP server and thus have not tried to get it
> really working.
>
> Felix
>
>> Thanks,
>> Jim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
>> For additional commands, e-mail: user-h...@jmeter.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
> For additional commands, e-mail: user-h...@jmeter.apache.org
>
>
--
Ing. Sergio Boso
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
For additional commands, e-mail: user-h...@jmeter.apache.org
