首页 > 代码库 > 后台服务端接口验证项目实例~~
后台服务端接口验证项目实例~~
前言:
在当前开放互联的大环境下,接口互通成了最最普通常见数据通讯与交互的一种方式;接口测试的重要性也是不言而喻,但却成了普通功能测试人员的一道屏障;特别是服务端的接口验证更是麻烦;这里抛砖引玉希望更多童鞋参与多多讨论。
场景&描述:
c1->s1->s2
s1 <-s2
协议:http
c端,发起c1(pay)请求,服务端处理完毕,通过s1接口把(pay)请求支付接口告诉指定s2服务地址;s2服务地址解析s1接口内容,正常返回SUCCESS,异常返回FAILURE;s1收到s2返回内容做对应业务处理。
接口消息格式:json,签名验签rsa标准算法,消息体url编码。
请求方式:post
测试对象:
s1接口
测试范围:
接口测试之常规测试维度,从宏观到微观一一细分拆借大概思路:消息发送方式、消息体是否为null、消息体格式是否正确、消息解密是否正确、消息体中json体key键检查(必填值是否缺省、缺省值是否存在、是否多多余key键)、消息体中json体values值检查(必填值检查是否缺省、缺省值是否存在、值类型检查,特别是数字类型的,比如交易金额啥的)。
接口测试之安全维度,ip黑白名单,消息体参数注入,摘要解密算法研究等。
1.消息发送方式
2.消息体是否为null和格式检查
3.json,key键必填字检查
4.json,values值检查
5.业务数据检查,比如收到SUCCESS检查。
6.其它
实现技术分析:
如果只要验证第5点,简单的只要模拟s2,最快速高效的方法,直接在tomcat下,新建一个工程,创建一个html文件,内容为SUCCESS或FAILURE;然后s1接口直接往这个地址发送就好(http协议)。
http协议,后台实现,最方便的还是java,也有python的,依赖的包太多,看个人条件选择;如果是soket套接字,建议与加密解密类语言保持一致比较好,因为解密太折腾人了,哎。
这里选择了一个java,servlet来实现。
再回头看s1接口,所以的参数都不是固定的,每次发生请求的参数都是动态的,这样的话,自己去实现这个servlet的时候,参数化的部分,就直接考虑连接db,这样就不需要考虑s1接口传入固定的值,动态的去db查询s1接口参数相关数据信息(特别是解密,与json,values值验证,和功能业务特性,每次填写固定参数值肯定不靠谱)。
-- jdbc
package com.iapppay.jdbc;import java.sql.*;import java.util.ArrayList;import java.util.List;public class mysqljdbc { public Connection conn; public Statement st; public ResultSet rs; public Connection getConn() { try { Class.forName("com.mysql.jdbc.Driver"); conn = DriverManager.getConnection("jdbc:mysql://192.168.0.151/iapppay?useUnicode=true&characterEncoding=utf-8","root","aibei1010"); } catch (Exception e) { e.printStackTrace(); } return conn; } public String getappkey(String appid,String key){ String appkey =null; //String sql = "select waresid,platpkey,platvkey,cppkey,cpvkey from wares where waresid = ‘3000713545‘;"; String sql = "select waresid,platpkey,platvkey,cppkey,cpvkey from wares where waresid = "+appid+""; conn = getConn(); try{ st = conn.createStatement(); rs = st.executeQuery(sql); while(rs.next()){ appkey = rs.getString(key); } }catch(SQLException e) { e.printStackTrace(); } return appkey; } public void insertData(String data,String rmark,String status){ int r = 0; String sql = "insert into cptest values(null,"+"‘"+data+"‘,"+"‘"+rmark+"‘," +"‘"+status+ "‘);"; conn = getConn(); try{ st = conn.createStatement(); r = st.executeUpdate(sql); if(r != ‘0‘){ System.out.println("新增数据成功过"); }else { System.out.println("新增数据成失败"); } }catch(SQLException e) { e.printStackTrace(); } } public String getStringData(String data) { String dataString = null; for (int i = 0;i<data.length();i++) { dataString += data.charAt(i); dataString = data.replace("\"","\\‘"); } return dataString; } }
--servlet
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <servlet> <servlet-name>CpDataTest</servlet-name> <servlet-class> com.iapppay.service.CpDataService </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>CpDataTest</servlet-name> <url-pattern>/CpDataTest</url-pattern> </servlet-mapping> </web-app>
package com.iapppay.service;import java.io.IOException; import java.io.UnsupportedEncodingException;import java.sql.SQLException;import java.util.Map;import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.iapppay.jdbc.mysqljdbc;import net.sf.json.JSONObject; public class CpDataService extends HttpServlet{ private String getData(boolean i){ if (i){ StringBuffer sb = new StringBuffer(); sb.append("SUCCESS"); return sb.toString(); }else { StringBuffer sb = new StringBuffer(); sb.append("FAILURE"); return sb.toString(); } } @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { // TODO Auto-generated method stub String rmark = "cp交易结果通知测试地址,请用post方式请求!"; resp.setContentType("text/html;charset=utf-8"); resp.getOutputStream().write(rmark.getBytes("utf-8")); } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp){ // TODO Auto-generated method stub // super.doPost(req, resp); CpDataService cp = new CpDataService(); mysqljdbc db = new mysqljdbc(); HttpServletRequestTest reqTest = new HttpServletRequestTest(); //接受HttpServletRequest发送消息体内容 Map<String, String[]> params = req.getParameterMap(); String queryString = ""; for (String key : params.keySet()) { String[] values = params.get(key); for (int i = 0; i < values.length; i++) { String value = values[i]; queryString += key + "=" + value + "&"; } } try{ if(queryString != null && reqTest.httpReqTest(req)){ String transdata = req.getParameter("transdata"); //密钥验签验证,消息体验证,消息体必填字验证 String data = http://www.mamicode.com/cp.getData(reqTest.rsaTest(req)&&reqTest.httpReqTest(req)&&reqTest.httpReqJsonTest(transdata)); // String rmark = "rsa密钥签名验证结果:"+reqTest.rsaTest(req)+"\\n" +reqTest.httpReqTest(req, "test")+"\\n" +reqTest.httpReqJsonTest(transdata, "test")+"\\n"; db.insertData(queryString, rmark, data); resp.setContentType("text/html;charset=utf-8"); resp.getOutputStream().write(data.getBytes("utf-8")); }else{ String data = cp.getData(false); db.insertData(queryString, "发送消息体为NULL或transdata为NULL,密钥验证失败", data); resp.setContentType("text/html;charset=utf-8"); resp.getOutputStream().write(data.getBytes("utf-8")); } } catch (Exception e) { String data = cp.getData(false); resp.setContentType("text/html;charset=utf-8"); try { resp.getOutputStream().write(data.getBytes("utf-8")); } catch (UnsupportedEncodingException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } catch (IOException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } } } // public static void main(String[] args) {// // jsonAction jc = new jsonAction();// CpDataService cp = new CpDataService();// mysqljdbc db = new mysqljdbc();// HttpServletRequestTest reqTest = new HttpServletRequestTest();// String transdata = "http://www.mamicode.com/{/"appid\":\"3000128894\",\"appuserid\":\"abc\",\"cporderid\":\"598989898986563333\",\"cpprivateinfo\":\"3333Test\",\"currency\":\"RMB\",\"notifyurl\":\"http://192.168.0.157:9888/Test/CpDataTest\",\"price\":300,\"waresid\":1,\"waresname\":\"test\"}";// String sign = "f5eKXIS6EF3Ey2M2pAG3gJyjWRGCkkwYfHpq16X+jiQ2bbnq6wMD3g41koA9UL2SwvgYVeBpCYUeGLZITs0vVQePmpcKxsg4qqnC711bchqnfaHGDgr0QUHoYYwjfl6PPN+/hlTvHukmRNLUq/xV32Cl0QidMRj9FOWm1OxRK70=";// String signtype = "RSA";// String dataTest = null;// JSONObject jo = JSONObject.fromObject(transdata);// String appid = jo.getString("appid");// String data = http://www.mamicode.com/cp.getData(jc.cpsignTest(appid, sign, transdata));>// System.out.println(reqTest.httpReqJsonTest(transdata,"Test"));// System.out.println(reqTest.httpReqJsonTest(transdata));// db.insertData(transdata+sign+signtype, "sign解密验签验证", data);// System.out.println(appid);// System.out.println(data);// }}
--jsp监控界面
<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" import="java.sql.*" %><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><% String path = request.getContextPath(); int recordCount=0; String stat = request.getParameter("stat") == null ? "" : request.getParameter("stat"); Class.forName("com.mysql.jdbc.Driver").newInstance(); Connection con=java.sql.DriverManager.getConnection("jdbc:mysql://192.168.0.151/iapppay?useUnicode=true&characterEncoding=utf-8","root","aibei1010"); Statement stmt=con.createStatement(); String sql = ""; if(!stat.equals("")){ sql = "select id,data,rmark,status from cptest where status=‘" + stat + "‘ order by id desc"; }else{ sql = "select id,data,rmark,status from cptest order by id desc"; } ResultSet rst=stmt.executeQuery(sql); String sums = "select count(*) from cptest"; Statement stmt2 = con.createStatement(); ResultSet rst2 = stmt2.executeQuery(sums); if(rst2.next()){ recordCount = rst2.getInt(1); }%><style media="screen" type="text/css">body { font-family: verdana, arial, helvetica, sans-serif; font-size: 80%; }table { font-size: 100%; }pre { }/* -- heading ---------------------------------------------------------------------- */h1 {font-size: 16pt;color: gray;}.heading {margin-top: 0ex;margin-bottom: 1ex;}.heading .attribute {margin-top: 1ex;margin-bottom: 0;}.heading .description {margin-top: 4ex;margin-bottom: 6ex;}.overflow{overflow:auto;} #show_detail_line { margin-top: 3ex; margin-bottom: 1ex;}</style><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>交易结果通知测试监控</title></head><body><div class=‘heading‘><h1>爱贝交易结果通知监控</h1><a href=http://www.mamicode.com/‘index.jsp?stat=SUCCESS‘>SUCCESS"color: #0000ff;">class = ‘heading‘><table border=1 style="table-layout:fixed;word-wrap:break-word;" width="100%" id = ‘overflow‘ ><tr><td width ="3%">ID</td><td width ="20%">接受报体内容</td><td width ="20%">验证点</td><td width ="5%">返回结果</td></tr><% while(rst.next()) { out.println("<tr>"); out.println("<td>"+rst.getString("id")+"</td>"); out.println("<td>"+rst.getString("data")+"</td>"); out.println("<td>"+rst.getString("rmark")+"</td>"); out.println("<td>"+rst.getString("status")+"</td>"); out.println("</tr>"); } //关闭连接、释放资源 //<a href="http://www.mamicode.com/http://www.w3chtml.com/" target="_blank"> //+" "+"width=50"+"height=50" %></table></div></body></html><% rst.close();rst2.close();stmt.close();stmt2.close();con.close(); %>
--效果图
后续:
抛砖引玉,欢迎探讨~
后台服务端接口验证项目实例~~
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。