Sergio,
No problem! I will struggle through this, hopefully :)...
Actually, I may try to switch to a different approach, like maybe have the
Jmeter test run an "openssl ocsp..." command line instead of doing this in
code. This is supposed to be a "quicky", but it seems like it is not turning
out that way.
Thanks again!
Jim
On Monday, July 1, 2019, 5:31:05 PM EDT, Sergio Boso
<[email protected]> wrote:
You may need to install and use Wireshark to debug the packet exchange:
https://www.wireshark.org/#download
I'm very sorry, but I have no time to debug your script (and this would be a
huge task, anyway)
regards
Sergio
Il 01/07/2019 23:22, o haya ha scritto:
> This is what I am using/trying in the Beanshell preprocessor:
> import java.io.*;import java.math.BigInteger;import java.util.*;import
> org.bouncycastle.cert.*;import
> org.bouncycastle.cert.ocsp.CertificateID;import
> org.bouncycastle.cert.ocsp.OCSPReq;import
> org.bouncycastle.cert.ocsp.OCSPReqBuilder;import
> org.bouncycastle.asn1.*;import org.bouncycastle.openssl.*;import
> org.bouncycastle.openssl.PEMParser;import
> org.bouncycastle.util.io.pem.*;import org.bouncycastle.pkcs.*;import
> org.bouncycastle.operator.DigestCalculatorProvider;import
> org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
> import java.security.Security;
> String BC = "${securityProvider}";String fName = "${certpath}";
> Reader fR = new BufferedReader(new FileReader(fName));PEMParser pPar = new
> PEMParser(fR);
> X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject();
> DigestCalculatorProvider dCP = new
> JcaDigestCalculatorProviderBuilder().setProvider(BC).build();
> Security.addProvider(new
> org.bouncycastle.jce.provider.BouncyCastleProvider());
> CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj,
> obj.getSerialNumber());
> OCSPReqBuilder oRB = new OCSPReqBuilder();oRB.addRequest(cId);OCSPReq oReq =
> oRB.build();
> byte[] asn1seq = oReq.getEncoded();
> String sb = new String(asn1seq);
> sampler.getArguments().getArgument(0).setValue(sb);
>
> But when I run the Jmeter test, I am getting the following on the OCSP
> responder (the server side):
>
> 2019-07-01 17:20:25,625 DEBUG
> [org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1)
> Reading Configuration: AVAILABLE_PROTOCOLS2019-07-01 17:20:25,633 DEBUG
> [org.cesecore.configuration.GlobalConfigurationSessionBean] (default task-1)
> No default GlobalConfiguration exists. Creating a new one.2019-07-01
> 17:20:25,633 DEBUG [org.ejbca.util.ServiceControlFilter] (default task-1)
> Access to service OCSP is allowed. HTTP request
> http://127.0.0.1:8080/ejbca/publicweb/status/ocsp is let through.2019-07-01
> 17:20:25,634 DEBUG [org.ejbca.ui.web.protocol.OCSPServlet] (default task-1)
> >checkAndGetRequestBytes. Received POST request with content length: 0 from
> 127.0.0.12019-07-01 17:20:25,634 INFO
> [org.ejbca.ui.web.LimitLengthASN1Reader] (default task-1) Not a sequence on
> top level. Tag was 31.2019-07-01 17:20:25,635 INFO
> [org.ejbca.ui.web.protocol.OCSPServlet] (default task-1) Error processing
> OCSP request. Message: Not a sequence on top level. Tag was 31.2019-07-01
> 17:20:25,635 DEBUG [org.ejbca.ui.web.protocol.OCSPServlet] (default task-1)
> Error processing OCSP request. Message: Not a sequence on top level. Tag was
> 31.: org.cesecore.certificates.ocsp.exception.MalformedRequestException: Not
> a sequence on top level. Tag was 31. at
> org.ejbca.ui.web.LimitLengthASN1Reader.readFirstASN1Object(LimitLengthASN1Reader.java:109)
> at
> org.ejbca.ui.web.protocol.OCSPServlet.checkAndGetRequestBytes(OCSPServlet.java:428)
> at
> org.ejbca.ui.web.protocol.OCSPServlet.processOcspRequest(OCSPServlet.java:251)
> at org.ejbca.ui.web.protocol.OCSPServlet.doPost(OCSPServlet.java:191)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:706)
>
>
> So, it looks like Jmeter is not sending the BODY (the contents of "sb" from
> the Preprocessor?)?
>
> Is there something else that I am missing to cause the output from the
> preprocessor to be used as the POST BODY?
> Thanks,Jim
>
>
>
>
>
> On Monday, July 1, 2019, 08:59:45 PM UTC, Sergio Boso
><[email protected]> wrote:
>
> Hi Ohaya,
>
> I did such a test few years ago, unfortunately I do not have the script at
> hand.
> Also, probably most releases have changed in the meantime.
>
> What I remember is that I needed to get understanding of the bouncy castle
> libraries, AND an extensive rewriting of the script, even
> of the general setup was useful as a guidance.
>
> Especially, the result checking was quite bugged.
>
> HTH
> Sergio
>
> Il 01/07/2019 21:49, [email protected] ha scritto:
>> Hi,
>>
>> Hmm. It seems like the example test plan isn't as complete as I had hoped
>> :(....
>>
>> FYI, I think the reference to "the public key infrastructure" is to another
>> bouncycastle package, "bcpkix-jdk15on-162.jar".
>>
>> FYI, I am going to try to get this working/debug this as a Java app first,
>> and then I can try to make a groovy version after that, once it is clean.
>> I'm hoping that that makes it easier for me, initially.
>>
>>
>> I will post back in a bit...
>>
>> Jim
>>
>>
>>
>> On Monday, July 1, 2019, 2:46:59 PM EDT, Felix Schumacher
>><[email protected]> wrote:
>>
>>
>> Am 01.07.19 um 19:16 schrieb [email protected]:
>>> Hi,
>>>
>>> I am trying to implement a Jmeter load test for an OCSP responder, and I
>>> found this page, but haven't been able to get it working:
>>>
>>> https://www.blazemeter.com/blog/how-load-test-ocsp-jmeter/
>>>
>>> - The first problem that I ran into is where it says "2. Download the
>>> public key infrastructure and provider ". The link for the "provider"
>>> works and allows me to download "bcprov-jdk15on-156.jar", but I am not sure
>>> what the "the public key infrastructure" is supposed to download?
>> I think that the "public key infrastructure" means your certificates. If
>> you download the bouncycastle provider, you probably should take the
>> newest version of it: https://bouncycastle.org/latest_releases.html
>>> - Also, for the HTTP Request element, it says "The URL of the responder is
>>> defined in the variable section of the script.", but I am not sure what it
>>> is referring to when it says "the variable section of the script"?
>> I guess that the "user defined variables" table on the test plan (root)
>> element is meant. But on the other hand, the text misses to add a
>> variable reference on the http sampler (my guess is, that it is hidden
>> in the http defaults element, that are not described further in the
>> text), so you are free to add your URL to the http sampler yourself.
>>
>> And now to a few things you haven't asked :)
>>
>> * Use groovy instead of beanshell whenever possible.
>>
>> * Don't use ${...} inside JSR223 or other Shell Samplers. Use
>> vars.get("...") instead
>>
>> * Instead of
>>
>> Failure = false;
>> if (oResp.getStatus() != 0) {
>> Failure = true;
>>
>> }
>>
>> you could use
>>
>> Failure = oResp.getStatus() != 0;
>>
>> or if you feel groovy: Failure = oResp.status != 0
>>
>>
>>> Is anyone familiar with this test plan, and gotten it working?
>> Note, that I have no OCSP server and thus have not tried to get it
>> really working.
>>
>> Felix
>>
>>> Thanks,
>>> Jim
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [email protected]
>> For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
