I think I have got the example working. I attached a jmx file and a cert to this mail and maybe we are lucky and the mailing list doesn't strip it from the mail.
In case it does:
Add the variable "certpath" to your testplan (either by a cvs datasource
for more than one cert, or via the test plan root element). It should
point to your x509 certificates path.
Add a HTTP Sampler with method POST, the "Body Data" tab selected and
filled with "${ocspReq}".
Add a JSR223 PreProcessor to the sampler (set to groovy -- the default)
with the following content:
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.Reader;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
String fName = vars.get("certpath");
Reader fR = new BufferedReader(new FileReader(fName));
PEMParser pPar = new PEMParser(fR);
X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
DigestCalculatorProvider dCP = new
JcaDigestCalculatorProviderBuilder().build();
CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1),
obj, obj.getSerialNumber());
OCSPReq oReq = new OCSPReqBuilder().addRequest(cId).build();
byte[] asn1seq = oReq.getEncoded();
String sb = new String(asn1seq, "ISO-8859-1");
vars.put("ocspReq", sb);
Add a JSR223 Assertion to the sampler (set to groovy, again) containing:
import org.bouncycastle.cert.ocsp.OCSPResp;
def sR = ctx.getPreviousResult();
byte[] instream = sR.getResponseData();
OCSPResp oResp = new OCSPResp(instream);
assert oResp.getStatus() ==0
Add a Header Manager to the sampler with the following set:
Content-Type application/ocsp-request
Accept application/ocsp-response
It seemed to work for me (famous last words)
One important change was to use "ISO-8859-1" for the encoding of the string.
Felix
Am 01.07.19 um 22:42 schrieb oh...@yahoo.com.INVALID:
> Hi,
>
> This Java app:
>
> import java.io.*;
> import java.math.BigInteger;
> import java.security.Security;
> import java.util.*;
> import org.bouncycastle.cert.*;
> import org.bouncycastle.cert.ocsp.CertificateID;
> import org.bouncycastle.cert.ocsp.OCSPReq;
> import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
> import org.bouncycastle.asn1.*;
> import org.bouncycastle.openssl.*;
> import org.bouncycastle.openssl.PEMParser;
> import org.bouncycastle.util.io.pem.*;
> import org.bouncycastle.pkcs.*;
> import org.bouncycastle.operator.DigestCalculatorProvider;
> import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
>
>
> public class jmeterdebug1 {
>
> public static void main(String[] args) {
> // TODO Auto-generated method stub
>
>
> String BC = "BC"; //"${securityProvider}";
> String fName = "E:\\Ziptemp\\CRL-DOWNLOADER\\certs\\orc_eca_sw_5.pem";
> //"${certpath}
> try {
> Reader fR = new BufferedReader(new FileReader(fName));
> PEMParser pPar = new PEMParser(fR);
>
> X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
>
> Security.addProvider(new
> org.bouncycastle.jce.provider.BouncyCastleProvider());
>
> DigestCalculatorProvider dCP = new
> JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
>
> CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj,
> obj.getSerialNumber());
>
> OCSPReqBuilder oRB = new OCSPReqBuilder();
> oRB.addRequest(cId);
> OCSPReq oReq = oRB.build();
>
> byte[] asn1seq = oReq.getEncoded();
>
> String sb = new String(asn1seq);
>
> System.out.println("sb=[" + sb + "]");
>
> } catch (Exception e) {
> System.out.println("*** ERROR ** [" + e + "]");
> e.printStackTrace();
> }
>
> //sampler.getArguments().getArgument(0).setValue(sb);
>
>
>
> }
>
> }
>
>
> Outputs:
>
> sb=[0B0@0>0<0:0 +
>
>
> So I am guessing that the 'sb' is supposed to be used to populate the POST
> body via the line that I have commented out above
> ("sampler.getArguments().getArgument(0).setValue(sb);")??
>
>
> So if I just uncomment that line in the equivalent code in the Jmeter
> Beanshell Preprocessor code, is there something additional that I need to do
> to get the HTTP request to use that for the BODY?
>
> Also, FYI, I added several Debug listeners, but I don't see any variable
> named "sb" in their output? What do I need to do so that I can see the
> contents of that var in the Debug?
>
>
>
> Thanks,
> Jim
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Monday, July 1, 2019, 4:01:41 PM EDT, Felix Schumacher
> <felix.schumac...@internetallee.de> wrote:
>
>
>
> Am 1. Juli 2019 21:49:37 MESZ schrieb oh...@yahoo.com.INVALID:
>> Hi,
>>
>> Hmm. It seems like the example test plan isn't as complete as I had
>> hoped :(....
>>
>> FYI, I think the reference to "the public key infrastructure" is to
>> another bouncycastle package, "bcpkix-jdk15on-162.jar".
> Seems sensible.
>
>> FYI, I am going to try to get this working/debug this as a Java app
>> first, and then I can try to make a groovy version after that, once it
>> is clean. I'm hoping that that makes it easier for me, initially.
> Small steps is a good way to go.
>
>>
>> I will post back in a bit...
> Great
> Felix
>
>> Jim
>>
>>
>>
>> On Monday, July 1, 2019, 2:46:59 PM EDT, Felix Schumacher
>> <felix.schumac...@internetallee.de> wrote:
>>
>>
>> Am 01.07.19 um 19:16 schrieb oh...@yahoo.com.INVALID:
>>> Hi,
>>>
>>> I am trying to implement a Jmeter load test for an OCSP responder,
>> and I found this page, but haven't been able to get it working:
>>> https://www.blazemeter.com/blog/how-load-test-ocsp-jmeter/
>>>
>>> - The first problem that I ran into is where it says "2. Download the
>> public key infrastructure and provider ". The link for the "provider"
>> works and allows me to download "bcprov-jdk15on-156.jar", but I am not
>> sure what the "the public key infrastructure" is supposed to download?
>> I think that the "public key infrastructure" means your certificates.
>> If
>> you download the bouncycastle provider, you probably should take the
>> newest version of it: https://bouncycastle.org/latest_releases.html
>>> - Also, for the HTTP Request element, it says "The URL of the
>> responder is defined in the variable section of the script.", but I am
>> not sure what it is referring to when it says "the variable section of
>> the script"?
>>
>> I guess that the "user defined variables" table on the test plan (root)
>> element is meant. But on the other hand, the text misses to add a
>> variable reference on the http sampler (my guess is, that it is hidden
>> in the http defaults element, that are not described further in the
>> text), so you are free to add your URL to the http sampler yourself.
>>
>> And now to a few things you haven't asked :)
>>
>> * Use groovy instead of beanshell whenever possible.
>>
>> * Don't use ${...} inside JSR223 or other Shell Samplers. Use
>> vars.get("...") instead
>>
>> * Instead of
>>
>> Failure = false;
>> if (oResp.getStatus() != 0) {
>> Failure = true;
>>
>> }
>>
>> you could use
>>
>> Failure = oResp.getStatus() != 0;
>>
>> or if you feel groovy: Failure = oResp.status != 0
>>
>>
>>> Is anyone familiar with this test plan, and gotten it working?
>> Note, that I have no OCSP server and thus have not tried to get it
>> really working.
>>
>> Felix
>>
>>> Thanks,
>>> Jim
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
>>> For additional commands, e-mail: user-h...@jmeter.apache.org
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
>> For additional commands, e-mail: user-h...@jmeter.apache.org
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
> For additional commands, e-mail: user-h...@jmeter.apache.org
>
www_digicert_com.crt
Description: application/pkix-cert
<?xml version="1.0" encoding="UTF-8"?>
<jmeterTestPlan version="1.2" properties="5.0" jmeter="5.2-SNAPSHOT.20190616">
<hashTree>
<TestPlan guiclass="TestPlanGui" testclass="TestPlan" testname="Test Plan" enabled="true">
<stringProp name="TestPlan.comments"></stringProp>
<boolProp name="TestPlan.functional_mode">false</boolProp>
<boolProp name="TestPlan.tearDown_on_shutdown">true</boolProp>
<boolProp name="TestPlan.serialize_threadgroups">false</boolProp>
<elementProp name="TestPlan.user_defined_variables" elementType="Arguments" guiclass="ArgumentsPanel" testclass="Arguments" testname="User Defined Variables" enabled="true">
<collectionProp name="Arguments.arguments">
<elementProp name="certpath" elementType="Argument">
<stringProp name="Argument.name">certpath</stringProp>
<stringProp name="Argument.value">/home/felix/www_digicert_com.crt</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
</elementProp>
<elementProp name="securityProvider" elementType="Argument">
<stringProp name="Argument.name">securityProvider</stringProp>
<stringProp name="Argument.value">BC</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
</elementProp>
</collectionProp>
</elementProp>
<stringProp name="TestPlan.user_define_classpath"></stringProp>
</TestPlan>
<hashTree>
<ThreadGroup guiclass="ThreadGroupGui" testclass="ThreadGroup" testname="Thread Group" enabled="true">
<stringProp name="ThreadGroup.on_sample_error">continue</stringProp>
<elementProp name="ThreadGroup.main_controller" elementType="LoopController" guiclass="LoopControlPanel" testclass="LoopController" testname="Loop Controller" enabled="true">
<boolProp name="LoopController.continue_forever">false</boolProp>
<stringProp name="LoopController.loops">1</stringProp>
</elementProp>
<stringProp name="ThreadGroup.num_threads">1</stringProp>
<stringProp name="ThreadGroup.ramp_time">1</stringProp>
<boolProp name="ThreadGroup.scheduler">false</boolProp>
<stringProp name="ThreadGroup.duration"></stringProp>
<stringProp name="ThreadGroup.delay"></stringProp>
</ThreadGroup>
<hashTree>
<ResultCollector guiclass="ViewResultsFullVisualizer" testclass="ResultCollector" testname="View Results Tree" enabled="true">
<boolProp name="ResultCollector.error_logging">false</boolProp>
<objProp>
<name>saveConfig</name>
<value class="SampleSaveConfiguration">
<time>true</time>
<latency>true</latency>
<timestamp>true</timestamp>
<success>true</success>
<label>true</label>
<code>true</code>
<message>true</message>
<threadName>true</threadName>
<dataType>true</dataType>
<encoding>false</encoding>
<assertions>true</assertions>
<subresults>true</subresults>
<responseData>false</responseData>
<samplerData>false</samplerData>
<xml>false</xml>
<fieldNames>true</fieldNames>
<responseHeaders>false</responseHeaders>
<requestHeaders>false</requestHeaders>
<responseDataOnError>false</responseDataOnError>
<saveAssertionResultsFailureMessage>true</saveAssertionResultsFailureMessage>
<assertionsResultsToSave>0</assertionsResultsToSave>
<bytes>true</bytes>
<sentBytes>true</sentBytes>
<url>true</url>
<threadCounts>true</threadCounts>
<idleTime>true</idleTime>
<connectTime>true</connectTime>
</value>
</objProp>
<stringProp name="filename"></stringProp>
</ResultCollector>
<hashTree/>
<JSR223Sampler guiclass="TestBeanGUI" testclass="JSR223Sampler" testname="JSR223 Sampler" enabled="false">
<stringProp name="scriptLanguage">groovy</stringProp>
<stringProp name="parameters"></stringProp>
<stringProp name="filename"></stringProp>
<stringProp name="cacheKey">true</stringProp>
<stringProp name="script"></stringProp>
</JSR223Sampler>
<hashTree/>
<HTTPSamplerProxy guiclass="HttpTestSampleGui" testclass="HTTPSamplerProxy" testname="HTTP Request" enabled="true">
<boolProp name="HTTPSampler.postBodyRaw">true</boolProp>
<elementProp name="HTTPsampler.Arguments" elementType="Arguments">
<collectionProp name="Arguments.arguments">
<elementProp name="" elementType="HTTPArgument">
<boolProp name="HTTPArgument.always_encode">false</boolProp>
<stringProp name="Argument.value">${ocspReq}</stringProp>
<stringProp name="Argument.metadata">=</stringProp>
</elementProp>
</collectionProp>
</elementProp>
<stringProp name="HTTPSampler.domain">ocsp.digicert.com</stringProp>
<stringProp name="HTTPSampler.port"></stringProp>
<stringProp name="HTTPSampler.protocol"></stringProp>
<stringProp name="HTTPSampler.contentEncoding"></stringProp>
<stringProp name="HTTPSampler.path"></stringProp>
<stringProp name="HTTPSampler.method">POST</stringProp>
<boolProp name="HTTPSampler.follow_redirects">true</boolProp>
<boolProp name="HTTPSampler.auto_redirects">false</boolProp>
<boolProp name="HTTPSampler.use_keepalive">true</boolProp>
<boolProp name="HTTPSampler.DO_MULTIPART_POST">false</boolProp>
<stringProp name="HTTPSampler.embedded_url_re"></stringProp>
<stringProp name="HTTPSampler.connect_timeout"></stringProp>
<stringProp name="HTTPSampler.response_timeout"></stringProp>
</HTTPSamplerProxy>
<hashTree>
<JSR223PreProcessor guiclass="TestBeanGUI" testclass="JSR223PreProcessor" testname="JSR223 PreProcessor" enabled="true">
<stringProp name="cacheKey">true</stringProp>
<stringProp name="filename"></stringProp>
<stringProp name="parameters"></stringProp>
<stringProp name="script">import java.io.BufferedReader;
import java.io.FileReader;
import java.io.Reader;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
String fName = vars.get("certpath");
Reader fR = new BufferedReader(new FileReader(fName));
PEMParser pPar = new PEMParser(fR);
X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
DigestCalculatorProvider dCP = new JcaDigestCalculatorProviderBuilder().build();
CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj, obj.getSerialNumber());
OCSPReq oReq = new OCSPReqBuilder().addRequest(cId).build();
byte[] asn1seq = oReq.getEncoded();
String sb = new String(asn1seq, "ISO-8859-1");
vars.put("ocspReq", sb);</stringProp>
<stringProp name="scriptLanguage">groovy</stringProp>
</JSR223PreProcessor>
<hashTree/>
<HeaderManager guiclass="HeaderPanel" testclass="HeaderManager" testname="HTTP Header Manager" enabled="true">
<collectionProp name="HeaderManager.headers">
<elementProp name="" elementType="Header">
<stringProp name="Header.name">Content-Type</stringProp>
<stringProp name="Header.value">application/ocsp-request</stringProp>
</elementProp>
<elementProp name="" elementType="Header">
<stringProp name="Header.name">Accept</stringProp>
<stringProp name="Header.value">application/ocsp-response</stringProp>
</elementProp>
</collectionProp>
</HeaderManager>
<hashTree/>
<JSR223Assertion guiclass="TestBeanGUI" testclass="JSR223Assertion" testname="JSR223 Assertion" enabled="true">
<stringProp name="cacheKey">true</stringProp>
<stringProp name="filename"></stringProp>
<stringProp name="parameters"></stringProp>
<stringProp name="script">import org.bouncycastle.cert.ocsp.OCSPResp;
def sR = ctx.getPreviousResult();
byte[] instream = sR.getResponseData();
OCSPResp oResp = new OCSPResp(instream);
assert oResp.getStatus() ==0
</stringProp>
<stringProp name="scriptLanguage">groovy</stringProp>
</JSR223Assertion>
<hashTree/>
</hashTree>
</hashTree>
</hashTree>
</hashTree>
</jmeterTestPlan>
--------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org For additional commands, e-mail: user-h...@jmeter.apache.org
