需要在 JMeter 中同时使用客户端和服务器端证书来命中 SSL 连接的 POST 请求

Posted

技术标签:

【中文标题】需要在 JMeter 中同时使用客户端和服务器端证书来命中 SSL 连接的 POST 请求【英文标题】:Need to use both client and server side certificates in JMeter to hit a POST request for SSL Connection 【发布时间】:2021-04-19 10:52:29 【问题描述】:

我有一个场景,我需要在 JMEter 中使用服务器端证书 (certificate.ca.crt) 和客户端证书 (client.pem 和 private.key) 进行 SSL 连接。

我已经用 POSTMAN 配置了这些证书,它工作正常,但在 JMeter 中我是新手,我不知道该怎么做?

经过一些研究,到目前为止我在 JMeter 中做了一件事。我已执行以下命令来制作 .p12 格式文件

openssl pkcs12 -export -out certificates.p12 -inkey private.key -in certificate.ca.crt -in client.pem

然后我将certificates.p12放在JMeter的bin目录下,并在JMeter的bin目录下的system.properties中添加以下属性

javax.net.ssl.keyStoreType=pkcs12    
javax.net.ssl.keyStore=certificates.p12
javax.net.ssl.keyStorePassword=password

https.keyStoreStartIndex=0
https.keyStoreEndIndex=1

当我从 JMeter 执行我的 API 后,我收到以下错误,

ava.lang.IllegalArgumentException: Could not create keystore: pkcs12     not found
    at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:126)
    at org.apache.jmeter.util.JsseSSLManager.createContext(JsseSSLManager.java:214)
    at org.apache.jmeter.util.JsseSSLManager.getContext(JsseSSLManager.java:176)
    at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.getSSLSocketFactory(HttpSSLProtocolSocketFactory.java:113)
    at org.apache.jmeter.util.HttpSSLProtocolSocketFactory.createSocket(HttpSSLProtocolSocketFactory.java:180)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:393)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
    at org.apache.jmeter.protocol.http.sampler.hc.LazyLayeredConnectionSocketFactory.connectSocket(LazyLayeredConnectionSocketFactory.java:92)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl$JMeterDefaultHttpClientConnectionOperator.connect(HTTPHC4Impl.java:326)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:850)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:561)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:67)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1282)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1271)
    at org.apache.jmeter.threads.JMeterThread.doSampling(JMeterThread.java:627)
    at org.apache.jmeter.threads.JMeterThread.executeSamplePackage(JMeterThread.java:551)
    at org.apache.jmeter.threads.JMeterThread.processSampler(JMeterThread.java:490)
    at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:257)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.security.KeyStoreException: pkcs12     not found
    at java.security.KeyStore.getInstance(KeyStore.java:851)
    at org.apache.jmeter.util.keystore.JmeterKeyStore.<init>(JmeterKeyStore.java:85)
    at org.apache.jmeter.util.keystore.JmeterKeyStore.getInstance(JmeterKeyStore.java:255)
    at org.apache.jmeter.util.SSLManager.getKeyStore(SSLManager.java:122)
    ... 27 more
Caused by: java.security.NoSuchAlgorithmException: pkcs12     KeyStore not available
    at sun.security.jca.GetInstance.getInstance(GetInstance.java:159)
    at java.security.Security.getImpl(Security.java:695)
    at java.security.KeyStore.getInstance(KeyStore.java:848)
    ... 30 more

期待您的回答。谢谢!

【问题讨论】:

【参考方案1】:

看起来pkcs12 后面有很多空格,所以它是pkcs12

如果您删除尾随空格,它应该可以正常工作。

我也认为不必将此javax.net.ssl.keyStoreType 属性指定为JMeter will guess it from the file name 和功能is there for years

更多信息:How to Set Your JMeter Load Test to Use Client Side Certificates

关于服务器端证书,您 don't have to do anything at all

JMeter HTTP 采样器被配置为接受所有证书,无论是否受信任,无论有效期等。这是为了在测试服务器时提供最大的灵活性。

【讨论】:

非常感谢。你的解决方案对我有用。 pkcs12 之后的空格是我的 system.properties 文件中的问题。所以它是pkcs12

以上是关于需要在 JMeter 中同时使用客户端和服务器端证书来命中 SSL 连接的 POST 请求的主要内容,如果未能解决你的问题,请参考以下文章

jmeter并发数和线程数的区别

Jmeter4.0接口测试之案例实战

JMeter远程分布式联机性能测试

性能测试-JMeter参数化CSV Data Set Config

Jmeter安装与使用(压测)

记一次 JMeter 压测 HTTPS 性能问题