前言:
在当前开放互联的大环境下,接口互通成了最最普通常见数据通讯与交互的一种方式;接口测试的重要性也是不言而喻,但却成了普通功能测试人员的一道屏障;特别是服务端的接口验证更是麻烦;这里抛砖引玉希望更多童鞋参与多多讨论。
场景&描述:
c1->s1->s2
s1 <-s2
协议:http
c端,发起c1(pay)请求,服务端处理完毕,通过s1接口把(pay)请求支付接口告诉指定s2服务地址;s2服务地址解析s1接口内容,正常返回SUCCESS,异常返回FAILURE;s1收到s2返回内容做对应业务处理。
接口消息格式:json,签名验签rsa标准算法,消息体url编码。
请求方式:post
测试对象:
s1接口
测试范围:
接口测试之常规测试维度,从宏观到微观一一细分拆借大概思路:消息发送方式、消息体是否为null、消息体格式是否正确、消息解密是否正确、消息体中json体key键检查(必填值是否缺省、缺省值是否存在、是否多多余key键)、消息体中json体values值检查(必填值检查是否缺省、缺省值是否存在、值类型检查,特别是数字类型的,比如交易金额啥的)。
接口测试之安全维度,ip黑白名单,消息体参数注入,摘要解密算法研究等。
1.消息发送方式
2.消息体是否为null和格式检查
3.json,key键必填字检查
4.json,values值检查
5.业务数据检查,比如收到SUCCESS检查。
6.其它
实现技术分析:
如果只要验证第5点,简单的只要模拟s2,最快速高效的方法,直接在tomcat下,新建一个工程,创建一个html文件,内容为SUCCESS或FAILURE;然后s1接口直接往这个地址发送就好(http协议)。
http协议,后台实现,最方便的还是java,也有python的,依赖的包太多,看个人条件选择;如果是soket套接字,建议与加密解密类语言保持一致比较好,因为解密太折腾人了,哎。
这里选择了一个java,servlet来实现。
再回头看s1接口,所以的参数都不是固定的,每次发生请求的参数都是动态的,这样的话,自己去实现这个servlet的时候,参数化的部分,就直接考虑连接db,这样就不需要考虑s1接口传入固定的值,动态的去db查询s1接口参数相关数据信息(特别是解密,与json,values值验证,和功能业务特性,每次填写固定参数值肯定不靠谱)。
-- jdbc
package com.iapppay.jdbc;
import java.sql.*;
import java.util.ArrayList;
import java.util.List;
public class mysqljdbc {
public Connection conn;
public Statement st;
public ResultSet rs;
public Connection getConn() {
try {
Class.forName("com.mysql.jdbc.Driver");
conn = DriverManager.getConnection("jdbc:mysql://192.168.0.151/iapppay?useUnicode=true&characterEncoding=utf-8","root","aibei1010");
} catch (Exception e) {
e.printStackTrace();
}
return conn;
}
public String getappkey(String appid,String key){
String appkey =null;
//String sql = "select waresid,platpkey,platvkey,cppkey,cpvkey from wares where waresid = ‘3000713545‘;";
String sql = "select waresid,platpkey,platvkey,cppkey,cpvkey from wares where waresid = "+appid+"";
conn = getConn();
try{
st = conn.createStatement();
rs = st.executeQuery(sql);
while(rs.next()){
appkey = rs.getString(key);
}
}catch(SQLException e)
{
e.printStackTrace();
}
return appkey;
}
public void insertData(String data,String rmark,String status){
int r = 0;
String sql = "insert into cptest values(null,"+"‘"+data+"‘,"+"‘"+rmark+"‘," +"‘"+status+ "‘);";
conn = getConn();
try{
st = conn.createStatement();
r = st.executeUpdate(sql);
if(r != ‘0‘){
System.out.println("新增数据成功过");
}else
{
System.out.println("新增数据成失败");
}
}catch(SQLException e)
{
e.printStackTrace();
}
}
public String getStringData(String data)
{
String dataString = null;
for (int i = 0;i<data.length();i++)
{
dataString += data.charAt(i);
dataString = data.replace("\"","\\‘");
}
return dataString;
}
}
--servlet
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>CpDataTest</servlet-name>
<servlet-class>
com.iapppay.service.CpDataService
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CpDataTest</servlet-name>
<url-pattern>/CpDataTest</url-pattern>
</servlet-mapping>
</web-app>
package com.iapppay.service;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.sql.SQLException;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.iapppay.jdbc.mysqljdbc;
import net.sf.json.JSONObject;
public class CpDataService extends HttpServlet{
private String getData(boolean i){
if (i){
StringBuffer sb = new StringBuffer();
sb.append("SUCCESS");
return sb.toString();
}else
{
StringBuffer sb = new StringBuffer();
sb.append("FAILURE");
return sb.toString();
}
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
// TODO Auto-generated method stub
String rmark = "cp交易结果通知测试地址,请用post方式请求!";
resp.setContentType("text/html;charset=utf-8");
resp.getOutputStream().write(rmark.getBytes("utf-8"));
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp){
// TODO Auto-generated method stub
// super.doPost(req, resp);
CpDataService cp = new CpDataService();
mysqljdbc db = new mysqljdbc();
HttpServletRequestTest reqTest = new HttpServletRequestTest();
//接受HttpServletRequest发送消息体内容
Map<String, String[]> params = req.getParameterMap();
String queryString = "";
for (String key : params.keySet()) {
String[] values = params.get(key);
for (int i = 0; i < values.length; i++) {
String value = values[i];
queryString += key + "=" + value + "&";
}
}
try{
if(queryString != null && reqTest.httpReqTest(req)){
String transdata = req.getParameter("transdata");
//密钥验签验证,消息体验证,消息体必填字验证
String data = cp.getData(reqTest.rsaTest(req)&&reqTest.httpReqTest(req)&&reqTest.httpReqJsonTest(transdata));
//
String rmark = "rsa密钥签名验证结果:"+reqTest.rsaTest(req)+"\\n"
+reqTest.httpReqTest(req, "test")+"\\n"
+reqTest.httpReqJsonTest(transdata, "test")+"\\n";
db.insertData(queryString, rmark, data);
resp.setContentType("text/html;charset=utf-8");
resp.getOutputStream().write(data.getBytes("utf-8"));
}else{
String data = cp.getData(false);
db.insertData(queryString, "发送消息体为NULL或transdata为NULL,密钥验证失败", data);
resp.setContentType("text/html;charset=utf-8");
resp.getOutputStream().write(data.getBytes("utf-8"));
}
}
catch (Exception e)
{
String data = cp.getData(false);
resp.setContentType("text/html;charset=utf-8");
try {
resp.getOutputStream().write(data.getBytes("utf-8"));
} catch (UnsupportedEncodingException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
} catch (IOException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
}
}
// public static void main(String[] args) {
//
// jsonAction jc = new jsonAction();
// CpDataService cp = new CpDataService();
// mysqljdbc db = new mysqljdbc();
// HttpServletRequestTest reqTest = new HttpServletRequestTest();
// String transdata = "{\"appid\":\"3000128894\",\"appuserid\":\"abc\",\"cporderid\":\"598989898986563333\",\"cpprivateinfo\":\"3333Test\",\"currency\":\"RMB\",\"notifyurl\":\"http://192.168.0.157:9888/Test/CpDataTest\",\"price\":300,\"waresid\":1,\"waresname\":\"test\"}";
// String sign = "f5eKXIS6EF3Ey2M2pAG3gJyjWRGCkkwYfHpq16X+jiQ2bbnq6wMD3g41koA9UL2SwvgYVeBpCYUeGLZITs0vVQePmpcKxsg4qqnC711bchqnfaHGDgr0QUHoYYwjfl6PPN+/hlTvHukmRNLUq/xV32Cl0QidMRj9FOWm1OxRK70=";
// String signtype = "RSA";
// String dataTest = null;
// JSONObject jo = JSONObject.fromObject(transdata);
// String appid = jo.getString("appid");
// String data = cp.getData(jc.cpsignTest(appid, sign, transdata));
// System.out.println(reqTest.httpReqJsonTest(transdata,"Test"));
// System.out.println(reqTest.httpReqJsonTest(transdata));
// db.insertData(transdata+sign+signtype, "sign解密验签验证", data);
// System.out.println(appid);
// System.out.println(data);
// }
}
--jsp监控界面
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" import="java.sql.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<%
String path = request.getContextPath();
int recordCount=0;
String stat = request.getParameter("stat") == null ? "" : request.getParameter("stat");
Class.forName("com.mysql.jdbc.Driver").newInstance();
Connection con=java.sql.DriverManager.getConnection("jdbc:mysql://192.168.0.151/iapppay?useUnicode=true&characterEncoding=utf-8","root","aibei1010");
Statement stmt=con.createStatement();
String sql = "";
if(!stat.equals("")){
sql = "select id,data,rmark,status from cptest where status=‘" + stat + "‘ order by id desc";
}else{
sql = "select id,data,rmark,status from cptest order by id desc";
}
ResultSet rst=stmt.executeQuery(sql);
String sums = "select count(*) from cptest";
Statement stmt2 = con.createStatement();
ResultSet rst2 = stmt2.executeQuery(sums);
if(rst2.next()){
recordCount = rst2.getInt(1);
}
%>
<style media="screen" type="text/css">
body { font-family: verdana, arial, helvetica, sans-serif; font-size: 80%; }
table { font-size: 100%; }
pre { }
/* -- heading ---------------------------------------------------------------------- */
h1 {
font-size: 16pt;
color: gray;
}
.heading {
margin-top: 0ex;
margin-bottom: 1ex;
}
.heading .attribute {
margin-top: 1ex;
margin-bottom: 0;
}
.heading .description {
margin-top: 4ex;
margin-bottom: 6ex;
}
.overflow{
overflow:auto;
}
#show_detail_line {
margin-top: 3ex;
margin-bottom: 1ex;
}
</style>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>交易结果通知测试监控</title>
</head>
<body>
<div class=‘heading‘>
<h1>爱贝交易结果通知监控</h1>
<a href=‘index.jsp?stat=SUCCESS‘>SUCCESS</a>
<a href=‘index.jsp?stat=FAILURE‘>FAILURE</a>
<a href=‘index.jsp‘>All</a>
</div>
<div class = ‘heading‘>
<table border=1 style="table-layout:fixed;word-wrap:break-word;" width="100%" id = ‘overflow‘ >
<tr>
<td width ="3%">ID</td>
<td width ="20%">接受报体内容</td>
<td width ="20%">验证点</td>
<td width ="5%">返回结果</td>
</tr>
<%
while(rst.next())
{
out.println("<tr>");
out.println("<td>"+rst.getString("id")+"</td>");
out.println("<td>"+rst.getString("data")+"</td>");
out.println("<td>"+rst.getString("rmark")+"</td>");
out.println("<td>"+rst.getString("status")+"</td>");
out.println("</tr>");
}
//关闭连接、释放资源
//<a href="http://www.w3chtml.com/" target="_blank">
//+" "+"width=50"+"height=50"
%>
</table>
</div>
</body>
</html>
<%
rst.close();
rst2.close();
stmt.close();
stmt2.close();
con.close();
%>
--效果图
后续:
抛砖引玉,欢迎探讨~
时间: 2024-08-02 22:36:23