Re: Help get OCSP responder load test working?

[o haya]

  This is what I am using/trying in the Beanshell preprocessor:
import java.io.*;import java.math.BigInteger;import java.util.*;import 
org.bouncycastle.cert.*;import org.bouncycastle.cert.ocsp.CertificateID;import 
org.bouncycastle.cert.ocsp.OCSPReq;import 
org.bouncycastle.cert.ocsp.OCSPReqBuilder;import org.bouncycastle.asn1.*;import 
org.bouncycastle.openssl.*;import org.bouncycastle.openssl.PEMParser;import 
org.bouncycastle.util.io.pem.*;import org.bouncycastle.pkcs.*;import 
org.bouncycastle.operator.DigestCalculatorProvider;import 
org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
import java.security.Security;
String BC = "${securityProvider}";String fName = "${certpath}";
Reader fR = new BufferedReader(new FileReader(fName));PEMParser pPar = new 
PEMParser(fR);
X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
DigestCalculatorProvider dCP = new 
JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj, 
obj.getSerialNumber());
OCSPReqBuilder oRB = new OCSPReqBuilder();oRB.addRequest(cId);OCSPReq oReq = 
oRB.build();
byte[] asn1seq = oReq.getEncoded();
String sb = new String(asn1seq);
sampler.getArguments().getArgument(0).setValue(sb);

But when I run the Jmeter test, I am getting the following on the OCSP 
responder (the server side):

2019-07-01 17:20:25,625 DEBUG 
[org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1) 
Reading Configuration: AVAILABLE_PROTOCOLS2019-07-01 17:20:25,633 DEBUG 
[org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1) No 
default GlobalConfiguration exists. Creating a new one.2019-07-01 17:20:25,633 
DEBUG [org.ejbca.util.ServiceControlFilter] (default task-1) Access to service 
OCSP is allowed. HTTP request http://127.0.0.1:8080/ejbca/publicweb/status/ocsp 
is let through.2019-07-01 17:20:25,634 DEBUG 
[org.ejbca.ui.web.protocol.OCSPServlet] (default task-1) 
>checkAndGetRequestBytes. Received POST request with content length: 0 from 
127.0.0.12019-07-01 17:20:25,634 INFO  [org.ejbca.ui.web.LimitLengthASN1Reader] 
(default task-1) Not a sequence on top level. Tag was 31.2019-07-01 
17:20:25,635 INFO  [org.ejbca.ui.web.protocol.OCSPServlet] (default task-1) 
Error processing OCSP request. Message: Not a sequence on top level. Tag was 
31.2019-07-01 17:20:25,635 DEBUG [org.ejbca.ui.web.protocol.OCSPServlet] 
(default task-1) Error processing OCSP request. Message: Not a sequence on top 
level. Tag was 31.: 
org.cesecore.certificates.ocsp.exception.MalformedRequestException: Not a 
sequence on top level. Tag was 31.        at 
org.ejbca.ui.web.LimitLengthASN1Reader.readFirstASN1Object(LimitLengthASN1Reader.java:109)
        at 
org.ejbca.ui.web.protocol.OCSPServlet.checkAndGetRequestBytes(OCSPServlet.java:428)
        at 
org.ejbca.ui.web.protocol.OCSPServlet.processOcspRequest(OCSPServlet.java:251)  
      at org.ejbca.ui.web.protocol.OCSPServlet.doPost(OCSPServlet.java:191)     
   at javax.servlet.http.HttpServlet.service(HttpServlet.java:706)


So, it looks like Jmeter is not sending the BODY (the contents of "sb" from the 
Preprocessor?)?

Is there something else that I am missing to cause the output from the 
preprocessor to be used as the POST BODY?
Thanks,Jim 





    On Monday, July 1, 2019, 08:59:45 PM UTC, Sergio Boso 
<ser...@bosoconsulting.it> wrote:  
 
 Hi Ohaya,

I did such a test few years ago, unfortunately I do not have the script at hand.
Also, probably most releases have changed in the meantime.

What I remember is that I needed to get understanding of the bouncy castle 
libraries, AND an extensive rewriting of the script, even 
of the general setup was useful as a guidance.

Especially, the result checking was quite bugged.

HTH
Sergio

Il 01/07/2019 21:49, oh...@yahoo.com.INVALID ha scritto:
>  Hi,
>
> Hmm. It seems like the example test plan isn't as complete as I had hoped 
> :(....
>
> FYI, I think the reference to "the public key infrastructure" is to another 
> bouncycastle package, "bcpkix-jdk15on-162.jar".
>
> FYI, I am going to try to get this working/debug this as a Java app first, 
> and then I can try to make a groovy version after that, once it is clean. I'm 
> hoping that that makes it easier for me, initially.
>
>
> I will post back in a bit...
>
> Jim
>
>
>
>      On Monday, July 1, 2019, 2:46:59 PM EDT, Felix Schumacher 
><felix.schumac...@internetallee.de> wrote:
>  
>  
> Am 01.07.19 um 19:16 schrieb oh...@yahoo.com.INVALID:
>> Hi,
>>
>> I am trying to implement a Jmeter load test for an OCSP responder, and I 
>> found this page, but haven't been able to get it working:
>>
>> https://www.blazemeter.com/blog/how-load-test-ocsp-jmeter/
>>
>> - The first problem that I ran into is where it says "2. Download the public 
>> key infrastructure and provider ".  The link for the "provider" works and 
>> allows me to download "bcprov-jdk15on-156.jar", but I am not sure what the 
>> "the public key infrastructure" is supposed to download?
> I think that the "public key infrastructure" means your certificates. If
> you download the bouncycastle provider, you probably should take the
> newest version of it: https://bouncycastle.org/latest_releases.html
>> - Also, for the HTTP Request element, it says "The URL of the responder is 
>> defined in the variable section of the script.", but I am not sure what it 
>> is referring to when it says "the variable section of the script"?
> I guess that the "user defined variables" table on the test plan (root)
> element is meant. But on the other hand, the text misses to add a
> variable reference on the http sampler (my guess is, that it is hidden
> in the http defaults element, that are not described further in the
> text), so you are free to add your URL to the http sampler yourself.
>
> And now to a few things you haven't asked :)
>
> * Use groovy instead of beanshell whenever possible.
>
> * Don't use ${...} inside JSR223 or other Shell Samplers. Use
> vars.get("...") instead
>
> * Instead of
>
>      Failure = false;
>      if (oResp.getStatus() != 0) {
>          Failure = true;
>
>      }
>
>   you could use
>
>      Failure = oResp.getStatus() != 0;
>
> or if you feel groovy: Failure = oResp.status != 0
>
>
>> Is anyone familiar with this test plan, and gotten it working?
> Note, that I have no OCSP server and thus have not tried to get it
> really working.
>
> Felix
>
>> Thanks,
>> Jim
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
>> For additional commands, e-mail: user-h...@jmeter.apache.org
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
> For additional commands, e-mail: user-h...@jmeter.apache.org
>
>    


-- 

Ing. Sergio Boso




---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org
For additional commands, e-mail: user-h...@jmeter.apache.org