You may need to install and use Wireshark to debug the packet exchange:
https://www.wireshark.org/#download
I'm very sorry, but I have no time to debug your script (and this would be a
huge task, anyway)
regards
Sergio
Il 01/07/2019 23:22, o haya ha scritto:
This is what I am using/trying in the Beanshell preprocessor:
import java.io.*;import java.math.BigInteger;import java.util.*;import
org.bouncycastle.cert.*;import org.bouncycastle.cert.ocsp.CertificateID;import
org.bouncycastle.cert.ocsp.OCSPReq;import
org.bouncycastle.cert.ocsp.OCSPReqBuilder;import org.bouncycastle.asn1.*;import
org.bouncycastle.openssl.*;import org.bouncycastle.openssl.PEMParser;import
org.bouncycastle.util.io.pem.*;import org.bouncycastle.pkcs.*;import
org.bouncycastle.operator.DigestCalculatorProvider;import
org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import java.security.Security;
String BC = "${securityProvider}";String fName = "${certpath}";
Reader fR = new BufferedReader(new FileReader(fName));PEMParser pPar = new
PEMParser(fR);
X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
DigestCalculatorProvider dCP = new
JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj,
obj.getSerialNumber());
OCSPReqBuilder oRB = new OCSPReqBuilder();oRB.addRequest(cId);OCSPReq oReq =
oRB.build();
byte[] asn1seq = oReq.getEncoded();
String sb = new String(asn1seq);
sampler.getArguments().getArgument(0).setValue(sb);
But when I run the Jmeter test, I am getting the following on the OCSP
responder (the server side):
2019-07-01 17:20:25,625 DEBUG
[org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1)
Reading Configuration: AVAILABLE_PROTOCOLS2019-07-01 17:20:25,633 DEBUG
[org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1) No
default GlobalConfiguration exists. Creating a new one.2019-07-01 17:20:25,633
DEBUG [org.ejbca.util.ServiceControlFilter] (default task-1) Access to service
OCSP is allowed. HTTP request http://127.0.0.1:8080/ejbca/publicweb/status/ocsp is
let through.2019-07-01 17:20:25,634 DEBUG [org.ejbca.ui.web.protocol.OCSPServlet]
(default task-1) >checkAndGetRequestBytes. Received POST request with content
length: 0 from 127.0.0.12019-07-01 17:20:25,634 INFO
[org.ejbca.ui.web.LimitLengthASN1Reader] (default task-1) Not a sequence on top
level. Tag was 31.2019-07-01 17:20:25,635 INFO
[org.ejbca.ui.web.protocol.OCSPServlet] (default task-1) Error processing OCSP
request. Message: Not a sequence on top level. Tag was 31.2019-07-01 17:20:25,635
DEBUG [org.ejbca.ui.web.protocol.OCSPServlet] (default task-1) Error processing
OCSP request. Message: Not a sequence on top level. Tag was 31.:
org.cesecore.certificates.ocsp.exception.MalformedRequestException: Not a sequence
on top level. Tag was 31. at
org.ejbca.ui.web.LimitLengthASN1Reader.readFirstASN1Object(LimitLengthASN1Reader.java:109)
at
org.ejbca.ui.web.protocol.OCSPServlet.checkAndGetRequestBytes(OCSPServlet.java:428)
at
org.ejbca.ui.web.protocol.OCSPServlet.processOcspRequest(OCSPServlet.java:251)
at org.ejbca.ui.web.protocol.OCSPServlet.doPost(OCSPServlet.java:191) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:706)
So, it looks like Jmeter is not sending the BODY (the contents of "sb" from the
Preprocessor?)?
Is there something else that I am missing to cause the output from the
preprocessor to be used as the POST BODY?
Thanks,Jim
On Monday, July 1, 2019, 08:59:45 PM UTC, Sergio Boso
<ser...@bosoconsulting.it> wrote:
Hi Ohaya,
I did such a test few years ago, unfortunately I do not have the script at hand.
Also, probably most releases have changed in the meantime.
What I remember is that I needed to get understanding of the bouncy castle
libraries, AND an extensive rewriting of the script, even
of the general setup was useful as a guidance.
Especially, the result checking was quite bugged.
HTH
Sergio
Il 01/07/2019 21:49, oh...@yahoo.com.INVALID ha scritto:
Hi,
Hmm. It seems like the example test plan isn't as complete as I had hoped :(....
FYI, I think the reference to "the public key infrastructure" is to another bouncycastle
package, "bcpkix-jdk15on-162.jar".
FYI, I am going to try to get this working/debug this as a Java app first, and
then I can try to make a groovy version after that, once it is clean. I'm
hoping that that makes it easier for me, initially.
I will post back in a bit...
Jim
On Monday, July 1, 2019, 2:46:59 PM EDT, Felix Schumacher
<felix.schumac...@internetallee.de> wrote:
Am 01.07.19 um 19:16 schrieb oh...@yahoo.com.INVALID:
Hi,
I am trying to implement a Jmeter load test for an OCSP responder, and I found
this page, but haven't been able to get it working:
https://www.blazemeter.com/blog/how-load-test-ocsp-jmeter/
- The first problem that I ran into is where it says "2. Download the public key infrastructure and provider
". The link for the "provider" works and allows me to download "bcprov-jdk15on-156.jar", but
I am not sure what the "the public key infrastructure" is supposed to download?
I think that the "public key infrastructure" means your certificates. If
you download the bouncycastle provider, you probably should take the
newest version of it: https://bouncycastle.org/latest_releases.html
- Also, for the HTTP Request element, it says "The URL of the responder is defined in the
variable section of the script.", but I am not sure what it is referring to when it says
"the variable section of the script"?
I guess that the "user defined variables" table on the test plan (root)
element is meant. But on the other hand, the text misses to add a
variable reference on the http sampler (my guess is, that it is hidden
in the http defaults element, that are not described further in the
text), so you are free to add your URL to the http sampler yourself.
And now to a few things you haven't asked :)
* Use groovy instead of beanshell whenever possible.
* Don't use ${...} inside JSR223 or other Shell Samplers. Use
vars.get("...") instead
* Instead of
Failure = false;
if (oResp.getStatus() != 0) {
Failure = true;
}
you could use
Failure = oResp.getStatus() != 0;
or if you feel groovy: Failure = oResp.status != 0
Is anyone familiar with this test plan, and gotten it working?
Note, that I have no OCSP server and thus have not tried to get it
really working.
Felix
Thanks,
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
For additional commands, e-mail: user-h...@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
For additional commands, e-mail: user-h...@jmeter.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
For additional commands, e-mail: user-h...@jmeter.apache.org
