Hi,
Wow! Thanks! I will give this a try a little later and post back.
Thanks,
Jim
On Tuesday, July 2, 2019, 2:55:17 PM EDT, Felix Schumacher
<[email protected]> wrote:
I think I have got the example working. I attached a jmx file and a cert
to this mail and maybe we are lucky and the mailing list doesn't strip
it from the mail.
In case it does:
Add the variable "certpath" to your testplan (either by a cvs datasource
for more than one cert, or via the test plan root element). It should
point to your x509 certificates path.
Add a HTTP Sampler with method POST, the "Body Data" tab selected and
filled with "${ocspReq}".
Add a JSR223 PreProcessor to the sampler (set to groovy -- the default)
with the following content:
import java.io.BufferedReader;
import java.io.FileReader;
import java.io.Reader;
import org.bouncycastle.cert.ocsp.CertificateID;
import org.bouncycastle.cert.ocsp.OCSPReq;
import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.operator.DigestCalculatorProvider;
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
String fName = vars.get("certpath");
Reader fR = new BufferedReader(new FileReader(fName));
PEMParser pPar = new PEMParser(fR);
X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
DigestCalculatorProvider dCP = new
JcaDigestCalculatorProviderBuilder().build();
CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1),
obj, obj.getSerialNumber());
OCSPReq oReq = new OCSPReqBuilder().addRequest(cId).build();
byte[] asn1seq = oReq.getEncoded();
String sb = new String(asn1seq, "ISO-8859-1");
vars.put("ocspReq", sb);
Add a JSR223 Assertion to the sampler (set to groovy, again) containing:
import org.bouncycastle.cert.ocsp.OCSPResp;
def sR = ctx.getPreviousResult();
byte[] instream = sR.getResponseData();
OCSPResp oResp = new OCSPResp(instream);
assert oResp.getStatus() ==0
Add a Header Manager to the sampler with the following set:
Content-Type application/ocsp-request
Accept application/ocsp-response
It seemed to work for me (famous last words)
One important change was to use "ISO-8859-1" for the encoding of the string.
Felix
Am 01.07.19 um 22:42 schrieb [email protected]:
> Hi,
>
> This Java app:
>
> import java.io.*;
> import java.math.BigInteger;
> import java.security.Security;
> import java.util.*;
> import org.bouncycastle.cert.*;
> import org.bouncycastle.cert.ocsp.CertificateID;
> import org.bouncycastle.cert.ocsp.OCSPReq;
> import org.bouncycastle.cert.ocsp.OCSPReqBuilder;
> import org.bouncycastle.asn1.*;
> import org.bouncycastle.openssl.*;
> import org.bouncycastle.openssl.PEMParser;
> import org.bouncycastle.util.io.pem.*;
> import org.bouncycastle.pkcs.*;
> import org.bouncycastle.operator.DigestCalculatorProvider;
> import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
>
>
> public class jmeterdebug1 {
>
> public static void main(String[] args) {
> // TODO Auto-generated method stub
>
>
> String BC = "BC"; //"${securityProvider}";
> String fName = "E:\\Ziptemp\\CRL-DOWNLOADER\\certs\\orc_eca_sw_5.pem";
>//"${certpath}
> try {
> Reader fR = new BufferedReader(new FileReader(fName));
> PEMParser pPar = new PEMParser(fR);
>
> X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
>
> Security.addProvider(new
>org.bouncycastle.jce.provider.BouncyCastleProvider());
>
> DigestCalculatorProvider dCP = new
>JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
>
> CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj,
>obj.getSerialNumber());
>
> OCSPReqBuilder oRB = new OCSPReqBuilder();
> oRB.addRequest(cId);
> OCSPReq oReq = oRB.build();
>
> byte[] asn1seq = oReq.getEncoded();
>
> String sb = new String(asn1seq);
>
> System.out.println("sb=[" + sb + "]");
>
> } catch (Exception e) {
> System.out.println("*** ERROR ** [" + e + "]");
> e.printStackTrace();
> }
>
> //sampler.getArguments().getArgument(0).setValue(sb);
>
>
>
> }
>
> }
>
>
> Outputs:
>
> sb=[0B0@0>0<0:0 +
>
>
> So I am guessing that the 'sb' is supposed to be used to populate the POST
> body via the line that I have commented out above
> ("sampler.getArguments().getArgument(0).setValue(sb);")??
>
>
> So if I just uncomment that line in the equivalent code in the Jmeter
> Beanshell Preprocessor code, is there something additional that I need to do
> to get the HTTP request to use that for the BODY?
>
> Also, FYI, I added several Debug listeners, but I don't see any variable
> named "sb" in their output? What do I need to do so that I can see the
> contents of that var in the Debug?
>
>
>
> Thanks,
> Jim
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> On Monday, July 1, 2019, 4:01:41 PM EDT, Felix Schumacher
><[email protected]> wrote:
>
>
>
> Am 1. Juli 2019 21:49:37 MESZ schrieb [email protected]:
>> Hi,
>>
>> Hmm. It seems like the example test plan isn't as complete as I had
>> hoped :(....
>>
>> FYI, I think the reference to "the public key infrastructure" is to
>> another bouncycastle package, "bcpkix-jdk15on-162.jar".
> Seems sensible.
>
>> FYI, I am going to try to get this working/debug this as a Java app
>> first, and then I can try to make a groovy version after that, once it
>> is clean. I'm hoping that that makes it easier for me, initially.
> Small steps is a good way to go.
>
>>
>> I will post back in a bit...
> Great
> Felix
>
>> Jim
>>
>>
>>
>> On Monday, July 1, 2019, 2:46:59 PM EDT, Felix Schumacher
>> <[email protected]> wrote:
>>
>>
>> Am 01.07.19 um 19:16 schrieb [email protected]:
>>> Hi,
>>>
>>> I am trying to implement a Jmeter load test for an OCSP responder,
>> and I found this page, but haven't been able to get it working:
>>> https://www.blazemeter.com/blog/how-load-test-ocsp-jmeter/
>>>
>>> - The first problem that I ran into is where it says "2. Download the
>> public key infrastructure and provider ". The link for the "provider"
>> works and allows me to download "bcprov-jdk15on-156.jar", but I am not
>> sure what the "the public key infrastructure" is supposed to download?
>> I think that the "public key infrastructure" means your certificates.
>> If
>> you download the bouncycastle provider, you probably should take the
>> newest version of it: https://bouncycastle.org/latest_releases.html
>>> - Also, for the HTTP Request element, it says "The URL of the
>> responder is defined in the variable section of the script.", but I am
>> not sure what it is referring to when it says "the variable section of
>> the script"?
>>
>> I guess that the "user defined variables" table on the test plan (root)
>> element is meant. But on the other hand, the text misses to add a
>> variable reference on the http sampler (my guess is, that it is hidden
>> in the http defaults element, that are not described further in the
>> text), so you are free to add your URL to the http sampler yourself.
>>
>> And now to a few things you haven't asked :)
>>
>> * Use groovy instead of beanshell whenever possible.
>>
>> * Don't use ${...} inside JSR223 or other Shell Samplers. Use
>> vars.get("...") instead
>>
>> * Instead of
>>
>> Failure = false;
>> if (oResp.getStatus() != 0) {
>> Failure = true;
>>
>> }
>>
>> you could use
>>
>> Failure = oResp.getStatus() != 0;
>>
>> or if you feel groovy: Failure = oResp.status != 0
>>
>>
>>> Is anyone familiar with this test plan, and gotten it working?
>> Note, that I have no OCSP server and thus have not tried to get it
>> really working.
>>
>> Felix
>>
>>> Thanks,
>>> Jim
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
