CN101572632B - Method for testing management end interface of information security management system - Google Patents
Method for testing management end interface of information security management system Download PDFInfo
- Publication number
- CN101572632B CN101572632B CN2009100469850A CN200910046985A CN101572632B CN 101572632 B CN101572632 B CN 101572632B CN 2009100469850 A CN2009100469850 A CN 2009100469850A CN 200910046985 A CN200910046985 A CN 200910046985A CN 101572632 B CN101572632 B CN 101572632B
- Authority
- CN
- China
- Prior art keywords
- function
- call
- management end
- interface
- place
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention discloses a method for testing a management end interface of an information security management system, which comprises the following steps: (1) constructing a testing environment; (2) setting parameters of a server; (3) according to the set related parameters, calling related interface functions of a management end; (4) if the calling is successful, returning results obtained by theoperation of the interface functions according to the related parameters by the management end; and (5) comparing the returned results by using related standards to judge whether the related interface functions of the management end accord with the requirement. The method can ensure the high efficiency, consistency, reproducibility and comparability of the testing.
Description
Technical field:
The present invention relates to a kind of inspection technology of internet access service providing site connecting internet system, particularly a kind of method of testing of internet service business place information safety management system management end interface.
Background technology:
Because the networking is in vogue, the quantity in service on net place, the Internet increases rapidly, increase online place of business, the Internet, the performance of its connecting internet system is very different, the defective that the existence that has is very big brings very big inconvenience for the online consumer.
Simultaneously to also there being very big deficiency on the detection technique of connecting internet system; Particularly to the test of the data-interface of system; The method of testing of existing internet service business place information safety management system management end interface can't well be directed against test environment, method of testing, test case and the testing apparatus that relevant internet service business place information safety management system management end interface is formulated in industry standards of public safety GA557-2005 internet service business place information safety management code, GA558-2005 internet service business place information safety management system data DIF, the functional requirement of GA561-2005 internet service business place information safety management system management end and the specification requirement of GA562-2005 internet service business place information safety management system management end interface.
Summary of the invention:
The present invention is directed to the existing problem of method of above-mentioned internet access service providing site connecting internet system service check, and a kind of method of testing that can comparatively comprehensively check internet service business place information safety management system management end interface is provided.
For achieving the above object the technical scheme that the present invention adopts:
The method of testing of management end interface of information security management system, the enforcement of this method is carried out based on detection platform, and this method may further comprise the steps:
(1) structure test environment, and between simulation management end server and simulation upper management Platform Server, set up WEB SERVICE service, make two-server that service externally is provided respectively;
(2) server is carried out the parameter setting;
(3) according to the relevant parameter that is provided with, call management end relevant interface function;
(4) if call success, management end returns the interface function result that operation obtains according to relevant parameter;
(5) judge with relevant criterion contrast return results whether the relevant interface function of management end meets the requirements.
Interface function in the said step (3) comprises the downstream interface function of synchronization call function and the upstream Interface function of asynchronous call function.
The detection of said downstream interface function realizes through following steps:
(A1) place of business management end server Callback URL and identifying code are set;
(A2) report attribute through the correlation function setting, server URL and authorization code are sent to the place of business management end, setting simultaneously reports the time interval and reports function whether to call call back function;
(A3) call place of business management end corresponding interface function through corresponding URL and identifying code;
(A4) test calling the interface function that obtains through corresponding test case, the result who obtains returned.
The result that said step (A4) is returned directly returns after divide receiving with inside at 1000, then returns through calling call back function greater than 1000 parts.
Said test case is as in the parameter input call function, and it is a principle with the Black-box Testing principle, and the output result of regulation input data and expection is through comparing the test that actual output result and expected results have judged whether to reach the requirement of standard.
The detection of said upstream Interface function realizes through following steps:
(B1) report attribute through the correlation function setting, server URL and authorization code are sent to the place of business management end, setting simultaneously reports the time interval and reports function whether to call call back function;
(B2) accept upstream Interface data transmission request of data in the management end server;
(B3) identifying code of request is discerned, if Cheng Ze does not return;
(B4) after the identifying code of request is differentiated successfully, with obtaining the data that management end server upstream Interface data are sent;
(B5) data that receive are carried out verification;
(B6) data that receive are stored, and show assay.
The structure of the data that said step (B5) receives through contrast judges whether it satisfies defined data structure.
When making up testing environment in the said step (1), because the difference of access mechanism, system under test (SUT) place of business end equipment generally has the form of two kinds of connecting systems, and mode one is a series form, and place of business end equipment is connected to network exit with the form of gateway/bridge; Mode two is parallel form, and place of business end equipment operates on hub/switch with listen mode.
This method according to technique scheme obtains can be evaluated and tested and check internet service business place information safety management system management end interface.
The combine closely demand of Ministry of Public Security regulation internet access service providing site of this detection method is followed function and the performance requirement of the Ministry of Public Security to the internet service business place information safety management system technically fully.The high efficiency of the test that this method can guarantee, consistency, reproducibility and comparativity.High efficiency: since detailed regulation method of testing and test case, the time of testing shortens greatly, efficient improves greatly; Consistency: each test result of identical product is consistent; Reproducibility: certain test result of certain product can accessiblely be reproduced; Comparativity: the test request of different product is identical with input, so the result has comparativity.
Description of drawings:
Further specify the present invention below in conjunction with accompanying drawing and embodiment.
Fig. 1 is the topological diagram of test environment of the present invention.
Fig. 2 is a flow chart of steps of the present invention.
Fig. 3 is the topological diagram of test environment among the present invention.
Fig. 4 is the testing process figure of GetDateTime function.
Fig. 5 is the testing process figure of SetDateTime function.
Fig. 6 is the testing process figure of SetUpStatusProperty function.
Fig. 7 is the testing process figure of QueryStatus function.
Fig. 8 is the testing process figure of CommitMessage function.
Fig. 9 is the testing process figure of SelectMessage function.
Figure 10 is the testing process figure of SelectDailyStat function.
Figure 11 is the testing process figure of SelectStat function.
Figure 12 is the testing process figure of UpdateData function.
Figure 13 is the testing process figure of SelectData function.
Figure 14 is the testing process figure of DeleteData function.
Figure 15 is the testing process figure of last line function.
Embodiment:
For technological means, creation characteristic that the present invention is realized, reach purpose and effect and be easy to understand and understand, further set forth the present invention below in conjunction with concrete diagram and embodiment.
This detection method is practical implementation on detection platform, and concrete steps are (as shown in Figure 1) as follows:
The first step, platform user are according to the requirement of " internet service business place information safety management system test detailed rules for the implementation "; Make up test environment (as shown in Figure 2), be included as test required software and hardware configuration and network configuration and installation internet service business place information safety management system management end interface test module.
As shown in Figure 1, two kinds of access waies can be arranged among the present invention: gateway is connected in series or is installed on same main frame with system under test (SUT) place of business end during a mode; Gateway connecting hub during the b mode.
From the difference of access mechanism, system under test (SUT) place of business end equipment generally has the form of two kinds of connecting systems, and a mode is a series form, and place of business end equipment is connected to network exit with the form of gateway/bridge; The b mode is parallel form, and place of business end equipment operates on hub/switch with listen mode.For other access waies, should adjust testing environment according to himself characteristic.
Each system's place of business end uses an Internet outlet simultaneously, but can should on internal server, realize the application of this service in the Internet of its application of internal simulation service for some as far as possible, as: WEB, FTP, Mail etc.Topological diagram according to shown in Figure 1 builds testing environment, and each test suite is as shown in table 1 among Fig. 2:
The explanation of table 1 test suite
Obtain in the test environment that constitutes by step 1; Test topology figure as shown in Figure 3; It is mainly by place of business end, simulation management end server, simulation upper management Platform Server; Between simulation management end server and simulation upper management Platform Server, set up WEB SERVICE service, make two-server that service externally is provided respectively.
The detection method that provides among the present invention is based on that the interface testing instrument carries out.
The platform interface testing tool partly uses the JAVA exploitation, and editing environment is JBuilderX;
Instrument operation system environments is Windows2000_XP_2003;
The JDK version is j2sdk-1_4_2_08-windows-i586-p;
The TOMCAT version is jakarta-tomcat-5.0.28.
In second step, after accomplishing erection stage, then enter into the input phase of data.
At first, sign in to relevant system, accomplish the setting of parameter, select the relevant function that needs test again.According to the requirement of interface standard, interface testing comprises 2 major parts totally 14 functions (wherein the UpdataData function is included in respectively in the up-downgoing function) altogether.
Interface to be tested is described in detail as follows: following line function: GetDateTime; SetDateTime; SetUpStatusProperty; QueryStatus; CommitMessage; SelectMessage; SelectDailyStat; SelectStat; UpdateData; SelectData; DeleteData;
Last line function: CommitStatus; UpdateDailyStat; SendSMS; UpdateData.
The 3rd step is after the test of accomplishing above-mentioned steps, with the Qualify Phase that enters into testing result.Mainly accomplish the reception of return results, readjustment result's reception and readjustment result's verification in this stage.
In order to accomplish the DCO of docking port, the test of interface function is following:
Descending function G etDateTime: this function is used for query time (as shown in Figure 4).
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) call " GetDateTime " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(4) test calling the interface function that obtains through corresponding test case, the result who obtains is returned.The concrete function of the test case here is the principle according to Black-box Testing; Stipulated the output result of input data and expection; Through comparing the requirement that actual output result and expected results have judged whether to reach standard, test case is as in the parameter input call function.
To call this function again if the result of test is undesirable, and the processing of being correlated with again.
Whether last test person satisfies the requirement of GA562-2005 with time format in discriminant function " GetDateTime " the test return value, and whether acquisition time is consistent with current management end system time in the return value.SetDateTime: this function is used to be provided with the time.Be mainly used in the other system retention time synchronous.The testing procedure of this function such as Fig. 5:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, the corresponding time that needs modification is set.
(4) call " SetDateTime " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the result of test is undesirable, and the processing of being correlated with again.
After " SetDateTime " function of management end interface is tested, whether meet the requirements for confirming this interface function, also carry out following detection: the inspection other system time is changed into the set time really; The reporting information relevant with the other system current time, like the message of new transmission, whether its time value also makes corresponding change; Change response whether in rational time range.
SetUpStatusProperty: this function is used to be provided with the attribute of reporting information.The testing procedure of this function such as Fig. 6:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, corresponding interface testing tool server URL is set: inform the address that system under test (SUT) should report; Identifying code: inform that system under test (SUT) connects needed identifying code when reporting the address; Report the time interval:, inform that system under test (SUT) reports the time interval for the function that regularly reports; Call back function type: inform that which call back function of system under test (SUT) need report through upstream Interface.
(4) call " SetUpStatusProperty " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
The test result verification method:
Detect whether requirement of return results at first, earlier;
Then,, server verifies whether CommitStatus, AlarmLog, TUDLog, OnlineLog, RealIdentity, VirtualIdentity, VirtualIdTrack, PunishResult, DayStat, each table of SendSms can be uploaded on request under uploading catalogue.Upload principle for newly-generated data were uploaded by the time interval of setting, the data of having uploaded are no longer uploaded.
At last, contrast each time upload file rise time, its time difference should be the value of setting among the IntervalFig.
QueryStatus: this function is used to inquire about current state information.The method of testing of this function is as shown in Figure 7:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) call " QueryStatus " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(4) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.The concrete function of test case is the principle according to Black-box Testing, has stipulated the output result of input data and expection, and through comparing the requirement that actual output result and expected results have judged whether to reach standard, test case is as in the parameter input call function.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
The test result verification method:
Whether the detection of desired return value meets the requirements.
Whether Service_code, Status, Activity_number form satisfy the requirement of GA562-2005 in the return value.
Whether the other system state is consistent with reported data with the actual conditions of mobile host computers number.
Change place of business end state, behind the reasonable time interval of default, inquire about the other system state once more, whether return value has corresponding change and conforms to actual conditions.
Change place of business end mobile host computers number, behind the reasonable time interval of default, inquire about the other system state once more, whether return value has corresponding change and conforms to actual conditions.
CommitMessage: this function is used to issue word content information.The method of testing of this function is as shown in Figure 8:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, corresponding Receiver Service_code is set: the receiving target code; Message_code: message numbering; Send_time: transmitting time; Object: message header; Message: message content; Flag: message identifier).
(4) call " CommitMessage " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
The test result verification method:
Whether the detection of desired return value meets the requirements.
If send object is empty, then whether receive this message at other system, and whether the place of business end is not received.
If sending object Receiver Service_code is 4 administrative divisions, then satisfies place of business, the whole city end of this zoning and whether all receive this message.
If sending object Receiver Service_code is 6 administrative divisions, then satisfies the whole district/place of business, the county end of this zoning and whether all receive this message.
If sending object Receiver Service_code is 14, then satisfies the place of business end of this coding and whether receive this message.
In the reasonable scope whether the time interval of sending and receiving.
Whether the message content that receives should in full accord with the transmission content.
SelectMessage: this function is used for query messages.The method of testing of this function is as shown in Figure 9:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, corresponding D ataItem is set: the inquiry field; Matching: match-type; Content: field value.
(4) call " SelectMessage " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
If dividing with inside at 1000, the result that returns returns after receiving; If greater than 1000, then 1000 are divided with inside and to return after receiving, and then return through calling call back function " UpdateData " greater than 1000 parts, the call back function result deposits in/the testing/upload/test catalogue under.
The test result verification method:
Whether check expection return value meets related request.
Check Service_code in the return value, Message_code, Send_time, Object, Message, Flag form whether to satisfy the requirement of GA562-2005 simultaneously.
Querying condition is provided with item by item, and is provided with according to the reasonability demand combinations.
If can not all satisfy matching way, then answer at least: time value is generally got “>=" or “≤"; Title, content keyword, place of business coding etc. are generally got " like "; Message numbering is generally got "="
Whether return messages satisfy querying condition.
All message of inspection in message library, whether return messages have omission.
SelectDailyStat: this function is used for inquiry day statistics.The test of this function is shown in figure 10:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, relevant parameters is set: Start_date: Start Date; End_date: Close Date; Service_code: place code.
(4) call " SelectDailyStat " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
If dividing with inside at 1000, the result that returns returns after receiving; If greater than 1000, then 1000 are divided with inside and to return after receiving, and then return through calling call back function " UpdateData " greater than 1000 parts, the call back function result deposits in/the testing/upload/test catalogue under.
The test result verification method:
Whether check expection return value meets related request.
Whether Date, Service_code, Service_online, Host_online form satisfy the requirement of GA562-2005 in the check return value.
The online rate in check place of business, the online rate of main frame should conform to actual conditions.Wherein, the online rate in place of business on the same day is meant that place of business once online in a day accounts for the percentage of whole places of business sum; The online rate of main frame on the same day is meant that (minimum is 1 hour) interior online host of all unit interval on the same day accounts for the mean value of total main frame sum percentage.
SelectStat: the method for testing of this interface function is shown in figure 11:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, relevant parameters is set: TimeStat: add up on a time period; PolicyStat: by triggering frequency statistics; AreaStat: press regional statistics; DailyAlert: per diem add up; TermAlert: rank statistics.
(4) call " SelectStat " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
If dividing with inside at 1000, the result that returns returns after receiving; If greater than 1000, then 1000 are divided with inside and to return after receiving, and, return then through calling call back function " UpdateData " greater than 1000 parts, the call back function result deposits in/the testing/upload/test catalogue under.
The test result verification method:
Utilize TimeStat functional query TimeStat report data structure.
Whether Service_code, Online_number, Alert_number, Host_online form satisfy the requirement of GA562-2005 in the check return value.
Whether check audit quantity, the online rate of main frame is consistent with reported data with the actual conditions of number of netizens.
The new triggering of check audited, behind the reasonable time interval of default, and inquiry once more, whether return value has corresponding change and conforms to actual conditions.
Check changes the online rate of main frame, behind the reasonable time interval of default, and inquiry once more, whether return value should have corresponding change and conform to actual conditions.
Check changes number of netizens, behind the reasonable time interval of default, and inquiry once more, whether return value should have corresponding change and conform to actual conditions.
Check each item requirement of PolicyStat function in the SelectStat interface, DailyAlert function, TermAlert function respectively successively through above method.
UpdateData: this interface function is used for upgrading or increasing data record.The test of this interface function is shown in figure 12:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, relevant parameters is set, and it comprises PolicyList: update strategy; CriminalList: renewal personnel.
(4) call " UpdateData " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
Based on the method for above-mentioned test, " PolicyList " in this interface detects: this function is used to upgrade or increase the setting of data record-audit strategy
Whether really increase this strategy, and each data item is consistent with input if detecting the other system policy library.
Whether detection should strategy can be issued to the place of business end and end comes into force in the place of business.
By this strategy of requirement test of functional test, whether strategy can meet the demands fully.
Based on the method for above-mentioned test, " CriminalList " in this interface detects: this function is used to upgrade or increase data record-personnel's setting
Detect whether increase this strategy, and each data item is consistent with input.
Whether detection should strategy can be issued to the place of business end and end comes into force in the place of business.
By this strategy of requirement test of functional test, whether strategy can meet the demands fully.
SelectData: the method for testing of this interface function is shown in figure 13:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, relevant parameters is set, it comprises AlertList: the inquiry reported result; AccessList: inquiry log; NetIDBasicList: inquiry identity 1; NetIDTrackList: inquiry track; NetIDList: inquiry identity 2; ClintList: on the daily record of rolling off the production line; ISBSList: place information; PunishmentList: inquiry punishment data; Punishment: inquiry punishment result; PolicyList: query strategy; CriminalList: personnel query.
(4) call " SelectData " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
If dividing with inside at 1000, the result that returns returns after receiving; If greater than 1000, then 1000 are divided with inside and to return after receiving, and then return through calling call back function " UpdateData " greater than 1000 parts, the call back function result deposits in/the testing/upload/test catalogue under.
The test result verification method:
Utilize said method to detect data query AlertList function:
Whether detect the above-mentioned detection method of this this function detects the result who obtains and meets the requirements;
Return value return value result should be consistent with actual conditions, should not exist and report more, fail to report phenomenon.
Detect data query AccessList function according to above-mentioned detection method, and detect it and whether meet following requirement:
Each numeric format of expection return value satisfies the requirement of GA562-2005.
Return value result should be consistent with actual conditions, should not exist and report more, fail to report phenomenon.
Detect data query NetIDBasicList function according to above-mentioned detection method, and detect it and whether meet following requirement:
Each numeric format of expection return value satisfies the requirement of GA562-2005.
Return value result should be consistent with actual conditions, should not exist and report more, fail to report phenomenon.
Utilize above-mentioned verification method to verify NetIDTrackList function, RealIDList function, ClientList function, ISBSList function, PunishmentList function, Punishment respectively: function, PolicyList function, CriminalList function.
DeleteData: the method for inspection of this interface function is shown in figure 14:
(1) this method of testing is that initialization from system begins, and carries out the login and the checking of identity.
(2) server that relates to is carried out the setting of parameter, it mainly comprised for two steps: 1, place of business management end server Callback URL and identifying code are set; 2, report attribute through the correlation function setting; It comprises interface testing tool server URL, identifying code, reports the time interval, call back function type etc.; Server URL and authorization code are sent to the place of business management end, and setting simultaneously reports the time interval and reports function whether to call call back function.
(3) test case is provided with, relevant parameters is set, it comprises User_name: personnel's title; Certificate_type: type of credential; Certificate_code: passport NO..
(4) call " DeleteData " function in the management end of place of business through corresponding URL and identifying code.If do not call success, continue to call this function; If call success, then enter into next step.
(5) handle calling the interface function that obtains through corresponding test case, the result who obtains is returned.
To call this function again if the return results of test is undesirable, and the processing of being correlated with again.
If dividing with inside at 1000, the result that returns returns after receiving; If greater than 1000, then 1000 are divided with inside and to return after receiving, and then return through calling call back function " UpdateData " greater than 1000 parts, the call back function result deposits in/the testing/upload/test catalogue under.
The test result verification method:
Detect the CriminalList function in this interface: this function is used for the deletion personnel.Whether the return value of detection function meets following requirement:
Record is deletion really.
The deletion result should be consistent with initial conditions, should not exist and delete more, leak and delete phenomenon.
The value of ItemSum is deletion bar number really.
For last line function: CommitStatus; UpdateDailyStat; SendSMS; The detection method of UpdateData is shown in figure 15:
(1) report attribute through the correlation function setting, server URL and authorization code are sent to the place of business management end, setting simultaneously reports the time interval and reports function whether to call call back function;
(2) accept upstream Interface data transmission request of data in the management end server;
(3) identifying code of request is discerned, if Cheng Ze does not return;
(4) after the identifying code of request is differentiated successfully, with obtaining the data that upstream Interface data relevant on the management end server are sent;
(5) data that receive are carried out verification; It realizes it mainly being in the pairing Schema definition of function, stipulated this reported result the field type and the field name that should possess, the data structure that receives data through contrast judges whether to make mistakes; If reported result does not satisfy the defined data structure of this Schema, then tell the user that reported data is made mistakes, the details of having made mistakes) through the miscue on administration page.
(6) data that receive are stored, and show assay.
The test result verification method:
The detection of up function C ommitStatus: this function is used to report current state.After this function detects through said method, detect its relevant value of reporting and whether meet following requirement:
Service_code, Status, Activity_number form satisfy the requirement of GA562-2005 in the value of reporting.
The actual conditions of management end state and mobile host computers number should be consistent with reported data.
Change place of business end state, behind the reasonable time interval of default, report the management end state once more, return value should have corresponding change and conform to actual conditions.
Change place of business end mobile host computers number, behind the reasonable time interval of default, report the management end state once more, return value should have corresponding change and conform to actual conditions.
The detection of up function U pdateDailyStat: this function is used to upload a day statistic record.After this function detects through said method, detect its relevant value of reporting and whether meet following requirement:
Date, Service_code, Service_online, Host_online form satisfy the requirement of GA562-2005 in the value of reporting.
The online rate in place of business, the online rate of main frame should conform to actual conditions.Wherein, the online rate in place of business on the same day is meant that the place of business line duration accounted for the time on the same day percentage of (24 hours); The online rate of main frame on the same day is meant that (minimum is 1 hour) interior online host of all unit interval on the same day accounts for the mean value of total main frame sum percentage.
The detection of up function S endSMS: this function is used for a generation SMS notice.After this function detects through said method, detect its relevant value of reporting and whether meet following requirement:
Information, Mobile_card form satisfy the requirement of GA562-2005 in the value of reporting.
UpdateData: upgrade or the increase data record
In conjunction with the test of SetUpStatusProperty function, this function calls must strictly observe the setting of each parameter value in the SetUpStatusProperty.
, server verifies whether CommitStatus, AlarmLog, TUDLog, OnlineLog, RealIdentity, VirtualIdentity, VirtualIdTrack, PunishResult, DayStat, each table of SendSms can be uploaded by the SetUpStatusProperty requirement under uploading catalogue.Upload principle for newly-generated data were uploaded by the time interval of setting, the data of having uploaded are no longer uploaded.
Contrast each time upload file rise time, its time difference should be the value that IntervalFig sets among the SetUpStatusProperty.
Respectively be worth the requirement that form satisfies GA562-2005 in the value of reporting.
Report each table to conform to actual conditions.
More than show and described basic principle of the present invention and principal character and advantage of the present invention.The technical staff of the industry should understand; The present invention is not restricted to the described embodiments; That describes in the foregoing description and the specification just explains principle of the present invention; Under the prerequisite that does not break away from spirit and scope of the invention, the present invention also has various changes and modifications, and these variations and improvement all fall in the scope of the invention that requires protection.The present invention requires protection range to be defined by appending claims and equivalent thereof.
Claims (5)
1. the method for testing of management end interface of information security management system is characterized in that, this method may further comprise the steps:
(1) structure test environment is included as test required software and hardware configuration and network configuration and installation internet service business place information safety management system management end interface test module; And between simulation management end server and simulation upper management Platform Server, set up WEB SERVICE service, make two-server that service externally is provided respectively;
(2) simulation management end server and simulation upper management Platform Server are carried out the parameter setting;
(3) according to the relevant parameter that is provided with, call management end relevant interface function; Said interface function comprises the downstream interface function of synchronization call function and the upstream Interface function of asynchronous call function;
The detection of said downstream interface function realizes through following steps:
(A1) place of business management end server Callback URL and identifying code are set;
(A2) report attribute that server URL and authorization code are sent to the place of business management end through the correlation function setting, setting simultaneously reports the time interval and reports function whether to call call back function;
(A3) call place of business management end corresponding interface function through corresponding URL and identifying code;
(A4) test calling the interface function that obtains through corresponding test case, the result who obtains is returned;
The detection of said upstream Interface function realizes through following steps:
(B1) report attribute through the correlation function setting, server URL and authorization code are sent to the place of business management end, setting simultaneously reports the time interval and reports function whether to call call back function;
(B2) accept upstream Interface data transmission request of data in the management end server;
(B3) identifying code of request is discerned, if Cheng Ze does not return;
(B4) after the identifying code of request is differentiated successfully, with obtaining the data that management end server upstream Interface data are sent;
(B5) data that receive are carried out verification;
(B6) data that receive are stored, and show assay;
(4) if call success, management end returns the interface function result that operation obtains according to relevant parameter;
(5) judge with relevant criterion contrast return results whether the relevant interface function of management end meets the requirements.
2. the method for testing of management end interface of information security management system according to claim 1; It is characterized in that; The result that said step (A4) is returned directly returns after divide receiving with inside at 1000, then returns through calling call back function greater than 1000 parts.
3. the method for testing of management end interface of information security management system according to claim 1; It is characterized in that; Said test case is as in the parameter input call function; It is a principle with the Black-box Testing principle, and the output result of regulation input data and expection is through comparing the test that actual output result and expected results have judged whether to reach the requirement of standard.
4. the method for testing of management end interface of information security management system according to claim 1 is characterized in that, the structure of the data that said step (B5) receives through contrast judges whether it satisfies defined data structure.
5. the method for testing of management end interface of information security management system according to claim 1; It is characterized in that; When making up testing environment in the said step (1), because the difference of access mechanism, system under test (SUT) place of business end equipment generally has the form of two kinds of connecting systems; Mode one is a series form, and place of business end equipment is connected to network exit with the form of gateway/bridge; Mode two is parallel form, and place of business end equipment operates on hub/switch with listen mode.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100469850A CN101572632B (en) | 2009-03-04 | 2009-03-04 | Method for testing management end interface of information security management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100469850A CN101572632B (en) | 2009-03-04 | 2009-03-04 | Method for testing management end interface of information security management system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101572632A CN101572632A (en) | 2009-11-04 |
| CN101572632B true CN101572632B (en) | 2012-02-01 |
Family
ID=41231871
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100469850A Expired - Fee Related CN101572632B (en) | 2009-03-04 | 2009-03-04 | Method for testing management end interface of information security management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101572632B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051467A (en) * | 2011-10-17 | 2013-04-17 | 中兴通讯股份有限公司 | Automatic detecting method and device of northbound interface |
| CN102833365A (en) * | 2012-08-23 | 2012-12-19 | Tcl集团股份有限公司 | File playing method and system based on DLNA (Digital Living Network Alliance) and driving and driven DLNA equipment |
| CN104639400A (en) * | 2015-02-13 | 2015-05-20 | 盛科网络(苏州)有限公司 | Automatic detection method and device of network packet processing chip |
| US10592228B2 (en) * | 2016-02-12 | 2020-03-17 | Microsoft Technology Licensing, Llc | Stylus firmware updates |
| CN107070735B (en) * | 2016-12-30 | 2018-04-20 | 上海壹账通金融科技有限公司 | Method, test terminal and the system of asynchronous interface test |
| CN108399120B (en) * | 2017-02-06 | 2021-01-29 | 腾讯科技(深圳)有限公司 | Asynchronous message monitoring method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101001182A (en) * | 2007-01-12 | 2007-07-18 | 中国电信股份有限公司 | Adaptive test method and system of network management interface test |
-
2009
- 2009-03-04 CN CN2009100469850A patent/CN101572632B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101001182A (en) * | 2007-01-12 | 2007-07-18 | 中国电信股份有限公司 | Adaptive test method and system of network management interface test |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101572632A (en) | 2009-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101572632B (en) | Method for testing management end interface of information security management system | |
| CN208227074U (en) | Electric power monitoring system network security monitors terminal | |
| US7457869B2 (en) | System and method for monitoring management | |
| CN105159964A (en) | Log monitoring method and system | |
| CN103530226B (en) | Electronic equipment peripheral hardware compatibility test method and device | |
| CN109120464A (en) | Secondary equipment of intelligent converting station configuration information remote online control device | |
| CN201508555U (en) | Internet bar management system based on face recognition | |
| JP6160064B2 (en) | Application determination program, failure detection apparatus, and application determination method | |
| CN112134762B (en) | Testing method, device, terminal and storage medium for block chain network structure | |
| CN103718170A (en) | Systems and methods for distributed rule-based correlation of events | |
| CN103402195B (en) | The application processing method and enterprise-level mobile solution platform of enterprise-level mobile terminal | |
| CN102204193B (en) | A communication device | |
| CN102412998A (en) | Operation service system and maintenance method and device thereof | |
| CN104268173A (en) | Centralized data monitoring method, device and system | |
| CN110880146A (en) | Block chain chaining method, device, electronic equipment and storage medium | |
| CN110716932A (en) | Data processing method, system, device and storage medium | |
| CN102271331B (en) | Method and system for detecting reliability of service provider (SP) site | |
| CN103258389A (en) | Method and system for self-service terminals to upload files and self-service terminals | |
| CN105139599A (en) | Community alarm method and system | |
| CN112737124A (en) | Method and device for constructing power equipment monitoring terminal | |
| CN101453388B (en) | Inspection method for Internet service operation field terminal safety | |
| CN101094490A (en) | Alarm treatment device and method | |
| CN113743813A (en) | Performance monitoring and assessment method, system, computer equipment and storage medium | |
| CN102843258B (en) | Business operation fault determination method and business operation fault determination device | |
| CN112688818A (en) | Data transmission method and device, electronic equipment and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120201 Termination date: 20180304 |