Hi, Wow! Thanks! I will give this a try a little later and post back.
Thanks, Jim On Tuesday, July 2, 2019, 2:55:17 PM EDT, Felix Schumacher <felix.schumac...@internetallee.de> wrote: I think I have got the example working. I attached a jmx file and a cert to this mail and maybe we are lucky and the mailing list doesn't strip it from the mail. In case it does: Add the variable "certpath" to your testplan (either by a cvs datasource for more than one cert, or via the test plan root element). It should point to your x509 certificates path. Add a HTTP Sampler with method POST, the "Body Data" tab selected and filled with "${ocspReq}". Add a JSR223 PreProcessor to the sampler (set to groovy -- the default) with the following content: import java.io.BufferedReader; import java.io.FileReader; import java.io.Reader; import org.bouncycastle.cert.ocsp.CertificateID; import org.bouncycastle.cert.ocsp.OCSPReq; import org.bouncycastle.cert.ocsp.OCSPReqBuilder; import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.operator.DigestCalculatorProvider; import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; String fName = vars.get("certpath"); Reader fR = new BufferedReader(new FileReader(fName)); PEMParser pPar = new PEMParser(fR); X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject(); DigestCalculatorProvider dCP = new JcaDigestCalculatorProviderBuilder().build(); CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj, obj.getSerialNumber()); OCSPReq oReq = new OCSPReqBuilder().addRequest(cId).build(); byte[] asn1seq = oReq.getEncoded(); String sb = new String(asn1seq, "ISO-8859-1"); vars.put("ocspReq", sb); Add a JSR223 Assertion to the sampler (set to groovy, again) containing: import org.bouncycastle.cert.ocsp.OCSPResp; def sR = ctx.getPreviousResult(); byte[] instream = sR.getResponseData(); OCSPResp oResp = new OCSPResp(instream); assert oResp.getStatus() ==0 Add a Header Manager to the sampler with the following set: Content-Type application/ocsp-request Accept application/ocsp-response It seemed to work for me (famous last words) One important change was to use "ISO-8859-1" for the encoding of the string. Felix Am 01.07.19 um 22:42 schrieb oh...@yahoo.com.INVALID: > Hi, > > This Java app: > > import java.io.*; > import java.math.BigInteger; > import java.security.Security; > import java.util.*; > import org.bouncycastle.cert.*; > import org.bouncycastle.cert.ocsp.CertificateID; > import org.bouncycastle.cert.ocsp.OCSPReq; > import org.bouncycastle.cert.ocsp.OCSPReqBuilder; > import org.bouncycastle.asn1.*; > import org.bouncycastle.openssl.*; > import org.bouncycastle.openssl.PEMParser; > import org.bouncycastle.util.io.pem.*; > import org.bouncycastle.pkcs.*; > import org.bouncycastle.operator.DigestCalculatorProvider; > import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder; > > > public class jmeterdebug1 { > > public static void main(String[] args) { > // TODO Auto-generated method stub > > > String BC = "BC"; //"${securityProvider}"; > String fName = "E:\\Ziptemp\\CRL-DOWNLOADER\\certs\\orc_eca_sw_5.pem"; >//"${certpath} > try { > Reader fR = new BufferedReader(new FileReader(fName)); > PEMParser pPar = new PEMParser(fR); > > X509CertificateHolder obj = (X509CertificateHolder)pPar.readObject(); > > Security.addProvider(new >org.bouncycastle.jce.provider.BouncyCastleProvider()); > > DigestCalculatorProvider dCP = new >JcaDigestCalculatorProviderBuilder().setProvider(BC).build(); > > CertificateID cId = new CertificateID(dCP.get(CertificateID.HASH_SHA1), obj, >obj.getSerialNumber()); > > OCSPReqBuilder oRB = new OCSPReqBuilder(); > oRB.addRequest(cId); > OCSPReq oReq = oRB.build(); > > byte[] asn1seq = oReq.getEncoded(); > > String sb = new String(asn1seq); > > System.out.println("sb=[" + sb + "]"); > > } catch (Exception e) { > System.out.println("*** ERROR ** [" + e + "]"); > e.printStackTrace(); > } > > //sampler.getArguments().getArgument(0).setValue(sb); > > > > } > > } > > > Outputs: > > sb=[0B0@0>0<0:0 + > > > So I am guessing that the 'sb' is supposed to be used to populate the POST > body via the line that I have commented out above > ("sampler.getArguments().getArgument(0).setValue(sb);")?? > > > So if I just uncomment that line in the equivalent code in the Jmeter > Beanshell Preprocessor code, is there something additional that I need to do > to get the HTTP request to use that for the BODY? > > Also, FYI, I added several Debug listeners, but I don't see any variable > named "sb" in their output? What do I need to do so that I can see the > contents of that var in the Debug? > > > > Thanks, > Jim > > > > > > > > > > > > > > > > > > > > > On Monday, July 1, 2019, 4:01:41 PM EDT, Felix Schumacher ><felix.schumac...@internetallee.de> wrote: > > > > Am 1. Juli 2019 21:49:37 MESZ schrieb oh...@yahoo.com.INVALID: >> Hi, >> >> Hmm. It seems like the example test plan isn't as complete as I had >> hoped :(.... >> >> FYI, I think the reference to "the public key infrastructure" is to >> another bouncycastle package, "bcpkix-jdk15on-162.jar". > Seems sensible. > >> FYI, I am going to try to get this working/debug this as a Java app >> first, and then I can try to make a groovy version after that, once it >> is clean. I'm hoping that that makes it easier for me, initially. > Small steps is a good way to go. > >> >> I will post back in a bit... > Great > Felix > >> Jim >> >> >> >> On Monday, July 1, 2019, 2:46:59 PM EDT, Felix Schumacher >> <felix.schumac...@internetallee.de> wrote: >> >> >> Am 01.07.19 um 19:16 schrieb oh...@yahoo.com.INVALID: >>> Hi, >>> >>> I am trying to implement a Jmeter load test for an OCSP responder, >> and I found this page, but haven't been able to get it working: >>> https://www.blazemeter.com/blog/how-load-test-ocsp-jmeter/ >>> >>> - The first problem that I ran into is where it says "2. Download the >> public key infrastructure and provider ". The link for the "provider" >> works and allows me to download "bcprov-jdk15on-156.jar", but I am not >> sure what the "the public key infrastructure" is supposed to download? >> I think that the "public key infrastructure" means your certificates. >> If >> you download the bouncycastle provider, you probably should take the >> newest version of it: https://bouncycastle.org/latest_releases.html >>> - Also, for the HTTP Request element, it says "The URL of the >> responder is defined in the variable section of the script.", but I am >> not sure what it is referring to when it says "the variable section of >> the script"? >> >> I guess that the "user defined variables" table on the test plan (root) >> element is meant. But on the other hand, the text misses to add a >> variable reference on the http sampler (my guess is, that it is hidden >> in the http defaults element, that are not described further in the >> text), so you are free to add your URL to the http sampler yourself. >> >> And now to a few things you haven't asked :) >> >> * Use groovy instead of beanshell whenever possible. >> >> * Don't use ${...} inside JSR223 or other Shell Samplers. Use >> vars.get("...") instead >> >> * Instead of >> >> Failure = false; >> if (oResp.getStatus() != 0) { >> Failure = true; >> >> } >> >> you could use >> >> Failure = oResp.getStatus() != 0; >> >> or if you feel groovy: Failure = oResp.status != 0 >> >> >>> Is anyone familiar with this test plan, and gotten it working? >> Note, that I have no OCSP server and thus have not tried to get it >> really working. >> >> Felix >> >>> Thanks, >>> Jim >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org >>> For additional commands, e-mail: user-h...@jmeter.apache.org >>> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org >> For additional commands, e-mail: user-h...@jmeter.apache.org >> >> > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org > For additional commands, e-mail: user-h...@jmeter.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@jmeter.apache.org For additional commands, e-mail: user-h...@jmeter.apache.org