Recently, postman has been used in the project interface test, which can be very convenient and direct test for general non-encrypted HTTP requests. However, some packets requiring signature verification need to be encrypted and decrypted. In the actual work process, referring to the shared resources on the network, the following is a record of my own working process. And their own problems to supplement.
To outline the process:
The parameters (except sign) in the source packet must be sorted alphabetically from A to Z.
Concatenate the sorted parameter value into a string to form the source string.
The RSA algorithm is used to encrypt the production signature value of the source string with the RSA private key of the other party.
This value is passed to parameter sign, and AES signature is performed on the new message to obtain the value as the value of parameter EncData in the formal message.
The RSA algorithm is used to sign AES passwords using the own RSA public key. The value obtained is used as the encKey value of formal packets. After new packets are produced, HTTP requests are sent.
Final message structure:
“{{encData}}”, “{{enckey}}” need to define variables in postman, variable definition Settings are not detailed here.
The introduction of forge. Js
Postman’s built-in cryptoJS encryption function cannot meet the requirements of digital RSA-SHA1 signature, namely SHA1WithRSA in Java. Therefore, it is necessary to access the third-party library, which can be found here. Forge’s GitHub address github.com/digitalbaza…
There are two ways to use forger. js. The first way is to download forger. js and build the service locally.
Used in the pre-request Script:
The second use is to copy all the contents of the forge. Js file and add the forgeJS variable to postman with the value set to all the contents of the forge.
The first method used here to set up the service is too large for the second method, forg.js, which causes the variable setup to freeze.
Sign the source string with RSA
Detailed description of packet stitching is no longer here, if after joining together the source string as the “15547905120004109231993051800161200155235582900015011385365”, then use RSA private key signature,
Here’s the encrypt_key private key, which you’ll need to replace with your own project’s private key.
Encryption function to implement the private key signature, using the Forge project
The acquired signature sign needs to be Bate64 encoded and implemented using forg.util.encode64 (SIG).
In our project, the actual obtained sText signature needs to be passed to the source message parameter sign for AES encryption.
var signText = ‘{“endDate”:1554790512000,”pageNo”:1,”Id”:”410923199305180016″,”userPhone”:”15011385365″,”sign”:”‘+sText+'”,”pageSize”:2 00,”startDate”:1552355829000}’;
RSA signature write these, next write AES encryption.
If you don’t want to experience the feeling of giving up after a few days when you can’t find the materials and no one answers the questions, you can follow me to discuss with you.
To recommend a software testing technology exchange group: 1079636098 group benefits free
Summary of Software Test Flow chart
Public account [Programmer Yifan]
Come on, tester! Road in the foot, success in tomorrow!
The future of you will certainly thank now desperately own!
I wish you and I meet, both gain! Welcome to wechat public account: Programmer Yifan
1. Receive a free 216-page software test engineer interview guide.
2. Software test learning route and corresponding video learning tutorial free to share!