CN104426719A - Data transfer method and device based on OAUTH (open authorization) protocol testing - Google Patents
Data transfer method and device based on OAUTH (open authorization) protocol testing Download PDFInfo
- Publication number
- CN104426719A CN104426719A CN201310412481.2A CN201310412481A CN104426719A CN 104426719 A CN104426719 A CN 104426719A CN 201310412481 A CN201310412481 A CN 201310412481A CN 104426719 A CN104426719 A CN 104426719A
- Authority
- CN
- China
- Prior art keywords
- user authentication
- enciphered data
- time
- data
- web page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention discloses a data transfer method and device based on OAUTH (open authorization) protocol testing for performing safe transfer on data when the OAUTH protocol testing is performed. The data transfer method comprises the following steps: obtaining a user authentication code and a user authentication mark; encrypting the user authentication code and the user authentication mark to obtain encrypted data; and sending the encrypted data to a website testing end. By adopting the technical scheme of the invention, the OAUTH protocol testing can be performed smoothly, and the safety of the data can be further ensured.
Description
Technical field
The present invention relates to the Internet field tests, more specifically, relate to a kind of data transferring method based on OAUTH protocol test and device.
Background technology
OAUTH agreement is that the mandate of user resources provides a safety, open and easy standard.The mandate being OAUTH with authorization difference in the past can not make third party touch the account information of user, the i.e. mandate of third party without the need to using the user name of user and password just can apply for obtaining these user resources, therefore OAUTH is safe, the Large-Scale Interconnected net website of current home and overseas both provides OAUTH authentication service, a lot of internet site adopts the account of major company to carry out logining and Gains resources in the market, what this process adopted is exactly OAUTH agreement, ensure that the fail safe of user profile, when doing performance test to website, due to enciphered message during OAUTH communication, existing performance testing tool (as: the loadrunner in current market, jmeter), do not support OAUTH protocol test.
Therefore, in prior art, exist because of enciphered message during OAUTH protocol, cause when doing web site performance test, the testing tool of main flow cannot be tested.
Summary of the invention
The invention provides a kind of website test data transmission method based on OAUTH agreement and device, for solving in prior art, existing because of enciphered message during OAUTH protocol, causing when doing web site performance test, the problem that the testing tool of main flow cannot be tested OAUTH agreement.
For achieving the above object, according to an aspect of the present invention, a kind of data transferring method based on OAUTH protocol test is provided, and by the following technical solutions:
Data transferring method based on OAUTH protocol test comprises: acquisition user authentication code and user authentication indicate; Described user authentication code and described user authentication are indicated and is encrypted, obtain enciphered data; Described enciphered data is sent to website test lead.
Further, described indicate to be encrypted to described user authentication code and described user authentication according to preset algorithm comprise: described user authentication code and described user authentication are indicated and carry out first time and encrypt, obtain the first enciphered data; Carry out second time to the parameter of described first enciphered data and goal-selling web page address to encrypt, obtain described enciphered data.
Further, described sign described user authentication code and described user authentication is carried out first time and is encrypted and comprise: construct a key according to the described user authentication code of presetting method; According to preset algorithm, calculating encryption is carried out to described key and described user authentication sign, generate described first enciphered data.
Further, the described parameter to described first enciphered data and goal-selling web page address is carried out second time and is encrypted and comprise: carry out third time to the parameter of described first enciphered data and described goal-selling web page address and encrypt, obtain the second enciphered data; According to the first predetermined encryption method, the 4th encryption is carried out to described second enciphered data, obtain described enciphered data.
Further, the described parameter to described first enciphered data and described goal-selling web page address carries out encrypting for the third time comprising: the HTTP mode and the numerical value that obtain described goal-selling web page address; Calculate described HTTP mode according to default computational methods, remove the character string of the described goal-selling web page address of described numerical value and described numerical value three combination, and obtain a result of calculation; The second predetermined encryption method is adopted to carry out described third time encryption to described result of calculation.
According to another aspect of the present invention, a kind of data transfer device based on OAUTH protocol test is provided, and adopts following technical scheme:
Data transfer device based on OAUTH protocol test comprises: the first acquisition module, for obtaining user authentication code and user authentication indicates; Encrypting module, being encrypted for indicating described user authentication code and described user authentication, obtaining enciphered data; Sending module, for being sent to website test lead by described enciphered data.
Further, described encrypting module comprises: first time encrypting module, carry out first time encrypt for indicating described user authentication code and described user authentication, obtain the first enciphered data; Second time encrypting module, encrypting for carrying out second time to the parameter of described first enciphered data and goal-selling web page address, obtaining described enciphered data.
Further, described first time encrypting module comprise: constructing module, for constructing a key according to the described user authentication code of presetting method; First computing module, for carrying out calculating encryption according to preset algorithm to described key and described user authentication sign, generates described first enciphered data.
Further, described second time encrypting module comprises: encrypting module for the third time, encrypting, obtaining the second enciphered data for carrying out third time to the parameter of described first enciphered data and described goal-selling web page address; 4th encrypting module, for carrying out the 4th encryption according to the first predetermined encryption method to described second enciphered data, obtains described enciphered data.
Further, described third time encrypting module comprise: the second acquisition module, for obtaining HTTP mode and the numerical value of described goal-selling web page address; Second computing module, for calculating described HTTP mode according to default computational methods, removing the character string of the described goal-selling web page address of described numerical value and described numerical value three combination, and obtains a result of calculation; Third time encrypts submodule, carries out described third time encryption for adopting the second predetermined encryption method to described result of calculation.
The present invention proposes a kind of data transferring method based on OAUTH protocol test and device, make the complicated agreement of OAUTH this kind of encryption to carry out performance test; Secondly, achieve a set of general DEA in the present invention, ensure that the fail safe of data in test process.
Accompanying drawing explanation
Accompanying drawing is used to provide a further understanding of the present invention, and form a application's part, schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 represents the data transferring method main flow figure based on OAUTH protocol test described in the embodiment of the present invention;
Fig. 2 represents the data transferring method particular flow sheet based on OAUTH protocol test described in the embodiment of the present invention;
Fig. 3 represents the structural representation of the data transfer device based on OAUTH protocol test described in the embodiment of the present invention;
Fig. 4 represents the structural representation of the encrypting module described in the embodiment of the present invention;
Fig. 5 represent described in the embodiment of the present invention first time encrypting module structural representation;
Fig. 6 represents the structural representation of the second time encrypting module described in the embodiment of the present invention;
Fig. 7 represent described in the embodiment of the present invention third time encrypting module structural representation.
Embodiment
Below in conjunction with accompanying drawing, embodiments of the invention are described in detail, but the multitude of different ways that the present invention can be defined by the claims and cover is implemented.
Fig. 1 represents the data transferring method main flow figure based on OAUTH protocol test described in the embodiment of the present invention.
Shown in Figure 1, the data transferring method based on OAUTH protocol test comprises:
S101: acquisition user authentication code and user authentication indicate;
S103: described user authentication code and described user authentication are indicated and is encrypted, obtain enciphered data;
S105: described enciphered data is sent to website test lead.
User authentication code ClientID in step S101 and user authentication indicate ConsumerKey, and these two data are provided by OAUTH service orientation user, only have and obtain these two data, authentication when could obtain communication from OAUTH service side; In step s 103, ClientID and ConsumerKey is encrypted; In step S105, send the data of encryption to oauth service provider.Reception returns results: in the process, uses HttpClient to receive oauth service provider and provides content.
In the technique scheme of the present embodiment, by first obtaining user authentication code ClientID that OAUTH agreement side provides and user authentication indicates ConsumerKey, and rear transmission is encrypted to these two data, the OAUTH protocol test flow process that current performance testing tool is not supported can carry out performance test, and in data transfer, carry out data encryption, ensure that the fail safe of data.
Preferably, described indicate to be encrypted to described user authentication code and described user authentication according to preset algorithm comprise: described user authentication code and described user authentication are indicated and carry out first time and encrypt, obtain the first enciphered data; Carry out second time to the parameter of described first enciphered data and goal-selling web page address to encrypt, obtain described enciphered data.
For this embodiment, more specifically, be namely encrypted ClientID and ConsumerKey: in the process, the mode of encryption can be: the SecretKeySpec method using java to carry constructs a key to ClientID.HmacSHA1 algorithm in the MAC method using java to carry carries out computing to the key generated and ConsumerKey, obtains the encryption code code after generating.This encryption code code is used for carrying out further cryptographic calculation with the parameter of goal-selling web page address url;
What above-described embodiment provided is the concrete encryption method of one be encrypted ClientID and ConsumerKey, but the present invention is not limited to this kind of encryption method.ClientID and ConsumerKey is encrypted, improves user data in test process, the fail safe of transmission.
Preferably, the described parameter to described first enciphered data and goal-selling web page address is carried out second time and is encrypted and comprise: carry out third time to the parameter of described first enciphered data and described goal-selling web page address and encrypt, obtain the second enciphered data; According to the first predetermined encryption method, the 4th encryption is carried out to described second enciphered data, obtain described enciphered data.
For the present embodiment, the parameter of goal-selling web page address comprises: http method, as: get, post, delete etc., naked url and the concrete numerical value that may exist; Example: a http://www.test.com/index.html a=1, then the form of the parameter existed in url comprises: naked url is: http://www.test.com/index.html, and concrete numerical value is: a=1.
Calculate the character string of http method, naked url, concrete numerical value three combination, suppose that the character string after combining is result:
Result=http method+&+naked url+ &+parameter.
Suppose that http method is post, naked url is http://www.test.com/index.html, and parameter is a=1:
result=post&http://www.test.com/index.html&a=1。
The MAC.doFinal method using java to carry carries out combined ciphering to the character string of combinations thereof and above-mentioned encryption code5;
After the encryption of the present embodiment, use base64 to carry out second time encryption to the encrypted result in the present embodiment, form the data after final encryption.
Through achieving a set of general DEA in the present invention, ensure that the fail safe of data in test process.
Fig. 2 represents the data transferring method main flow figure based on OAUTH protocol test described in the embodiment of the present invention.
Shown in Figure 2, the data transferring method based on OAUTH protocol test can be:
Step 201: to clientID and Consumekey cryptographic algorithm;
Step 203: the parameter of url, http method and transmission is encrypted;
Step 205: send the data after encryption to oauth service provider;
Step 207: receive and return results.
Concrete encryption method in the present embodiment can be participated in described in above-described embodiment, and this gives the technical scheme that data are transmitted, the OAUTH protocol test flow process that current performance testing tool is not supported can carry out performance test; And in data transfer, ensure that the fail safe of data in test process.
Fig. 3 represents the structural representation of the data transfer device based on OAUTH protocol test described in the embodiment of the present invention.
Shown in Figure 3, based on the data transfer device of OAUTH protocol test
Comprise: the first acquisition module 30, for obtaining user authentication code and user authentication indicates; Encrypting module 32, being encrypted for indicating described user authentication code and described user authentication, obtaining enciphered data; Sending module 34, for being sent to the service provider of OAUTH agreement by described enciphered data.
Fig. 4 represents the structural representation of the encrypting module described in the embodiment of the present invention.
Alternatively, shown in Figure 4, described encrypting module 32 comprises: first time encrypting module 3201, carry out first time encrypt for indicating described user authentication code and described user authentication, obtain the first enciphered data; Second time encrypting module 3203, encrypting for carrying out second time to the parameter of described first enciphered data and goal-selling web page address, obtaining described enciphered data.
Fig. 5 represent described in the embodiment of the present invention first time encrypting module structural representation.
Alternatively, shown in Figure 5, described first time encrypting module 3201 to comprise: constructing module 3202, for constructing a key according to the described user authentication code of presetting method; First computing module 3204, for carrying out calculating encryption according to preset algorithm to described key and described user authentication sign, generates described first enciphered data.
Fig. 6 represents the structural representation of the second time encrypting module described in the embodiment of the present invention.
Alternatively, shown in Figure 6, described second time encrypting module 3203 comprises: encrypting module 3205 for the third time, encrypting, obtaining the second enciphered data for carrying out third time to the parameter of described first enciphered data and described goal-selling web page address; 4th encrypting module 3207, for carrying out the 4th encryption according to the first predetermined encryption method to described second enciphered data, obtains described enciphered data.
Fig. 7 represent described in the embodiment of the present invention third time encrypting module structural representation.
Alternatively, shown in Figure 7, described third time encrypting module 3205 to comprise: the second acquisition module 3208, for obtaining HTTP mode and the numerical value of described goal-selling web page address; Second computing module 3209, for calculating described HTTP mode according to default computational methods, removing the character string of the described goal-selling web page address of described numerical value and described numerical value three combination, and obtains a result of calculation; Third time encryption submodule 3210, carries out described third time encryption for adopting the second predetermined encryption method to described result of calculation.
The present invention proposes a kind of data transferring method and device of OAUTH protocol test, make the agreement of this kind of encryption complexity to carry out performance test; Secondly, achieve a set of general DEA in the present invention, ensure that the fail safe of data in test process.
The above is the preferred embodiment of the present invention; it should be pointed out that for those skilled in the art, under the prerequisite not departing from principle of the present invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (10)
1. based on a data transferring method for OAUTH protocol test, it is characterized in that, comprising:
Acquisition user authentication code and user authentication indicate;
Described user authentication code and described user authentication are indicated and is encrypted, obtain enciphered data;
Described enciphered data is sent to website test lead.
2. data transferring method as claimed in claim 1, is characterized in that, described indicate to be encrypted to described user authentication code and described user authentication comprise:
Described user authentication code and described user authentication are indicated and carries out first time and encrypt, obtain the first enciphered data;
Carry out second time to the parameter of described first enciphered data and goal-selling web page address to encrypt, obtain described enciphered data.
3. data transferring method as claimed in claim 2, is characterized in that, described sign described user authentication code and described user authentication is carried out first time and encrypted and comprise:
A key is constructed according to the described user authentication code of presetting method;
According to preset algorithm, calculating encryption is carried out to described key and described user authentication sign, generate described first enciphered data.
4. data transferring method as claimed in claim 2, is characterized in that, it is characterized in that, the described parameter to described first enciphered data and goal-selling web page address is carried out second time and encrypted and comprise:
Carry out third time to the parameter of described first enciphered data and described goal-selling web page address to encrypt, obtain the second enciphered data;
According to the first predetermined encryption method, the 4th encryption is carried out to described second enciphered data, obtain described enciphered data.
5. data transferring method as claimed in claim 4, is characterized in that, the described parameter to described first enciphered data and described goal-selling web page address is carried out third time and encrypted and comprise:
Obtain HTTP mode and the numerical value of described goal-selling web page address;
Calculate described HTTP mode according to default computational methods, remove the character string of the described goal-selling web page address of described numbered and described numerical value three combination, and obtain a result of calculation;
The second predetermined encryption method is adopted to carry out described third time encryption to described result of calculation.
6. based on a data transfer device for OAUTH protocol test, it is characterized in that, comprising:
First acquisition module, for obtaining user authentication code and user authentication indicates;
Encrypting module, being encrypted for indicating described user authentication code and described user authentication, obtaining enciphered data;
Sending module, for being sent to the website test lead of OAUTH agreement by described enciphered data.
7. data transfer device as claimed in claim 6, it is characterized in that, described encrypting module comprises:
First time encrypting module, carry out first time encrypt for indicating described user authentication code and described user authentication, obtain the first enciphered data;
Second time encrypting module, encrypting for carrying out second time to the parameter of described first enciphered data and goal-selling web page address, obtaining described enciphered data.
8. data transfer device as claimed in claim 7, is characterized in that, described first time encrypting module comprise:
Constructing module, for constructing a key according to the described user authentication code of presetting method;
First computing module, for carrying out calculating encryption according to preset algorithm to described key and described user authentication sign, generates described first enciphered data.
9. data transfer device as claimed in claim 7, it is characterized in that, described second time encrypting module comprises:
Encrypting module, encrypting for carrying out third time to the parameter of described first enciphered data and described goal-selling web page address, obtaining the second enciphered data for the third time;
4th encrypting module, for carrying out the 4th encryption according to the first predetermined encryption method to described second enciphered data, obtains described enciphered data.
10. data transfer device as claimed in claim 9, is characterized in that, described third time encrypting module comprise:
Second acquisition module, for obtaining HTTP mode and the numerical value of described goal-selling web page address;
Second computing module, for calculating described HTTP mode according to default computational methods, removing the character string of the described goal-selling web page address of described numerical value and described numerical value three combination, and obtains a result of calculation;
Third time encrypts submodule, carries out described third time encryption for adopting the second predetermined encryption method to described result of calculation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310412481.2A CN104426719A (en) | 2013-09-11 | 2013-09-11 | Data transfer method and device based on OAUTH (open authorization) protocol testing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310412481.2A CN104426719A (en) | 2013-09-11 | 2013-09-11 | Data transfer method and device based on OAUTH (open authorization) protocol testing |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104426719A true CN104426719A (en) | 2015-03-18 |
Family
ID=52974731
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310412481.2A Pending CN104426719A (en) | 2013-09-11 | 2013-09-11 | Data transfer method and device based on OAUTH (open authorization) protocol testing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104426719A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107632927A (en) * | 2017-07-28 | 2018-01-26 | 北京北信源软件股份有限公司 | A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
US20120117626A1 (en) * | 2010-11-10 | 2012-05-10 | International Business Machines Corporation | Business pre-permissioning in delegated third party authorization |
WO2012119620A1 (en) * | 2011-03-08 | 2012-09-13 | Telefonica S.A. | A method for providing authorized access to a service application in order to use a protected resource of an end user |
CN103179099A (en) * | 2011-12-23 | 2013-06-26 | 北京新媒传信科技有限公司 | Unified certification method for accessing to open website platforms and website platform |
CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
-
2013
- 2013-09-11 CN CN201310412481.2A patent/CN104426719A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120117626A1 (en) * | 2010-11-10 | 2012-05-10 | International Business Machines Corporation | Business pre-permissioning in delegated third party authorization |
WO2012119620A1 (en) * | 2011-03-08 | 2012-09-13 | Telefonica S.A. | A method for providing authorized access to a service application in order to use a protected resource of an end user |
CN102394887A (en) * | 2011-11-10 | 2012-03-28 | 杭州东信北邮信息技术有限公司 | OAuth protocol-based safety certificate method of open platform and system thereof |
CN103179099A (en) * | 2011-12-23 | 2013-06-26 | 北京新媒传信科技有限公司 | Unified certification method for accessing to open website platforms and website platform |
CN103220259A (en) * | 2012-01-20 | 2013-07-24 | 华为技术有限公司 | Using method, call method, device and system of Oauth application programming interface (API) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107632927A (en) * | 2017-07-28 | 2018-01-26 | 北京北信源软件股份有限公司 | A kind of method for testing pressure and device of the encryption of the analogue data in C/S frameworks |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107659397B (en) | Sensitive information transmission method and system | |
CN101247232B (en) | Encryption technique method based on digital signature in data communication transmission | |
JP5411204B2 (en) | Information processing apparatus and information processing method | |
CN102685108B (en) | The interpolation of encrypting web data, decryption method and device | |
CN103428221A (en) | Safety logging method, system and device of mobile application | |
CN104463040A (en) | Secure input method and system for password | |
CN104219041A (en) | Data transmission encryption method applicable for mobile internet | |
CN104219228A (en) | User registration and user identification method and user registration and user identification system | |
CN104394172A (en) | Single sign-on device and method | |
CN105162599A (en) | Data transmission system and data transmission method | |
US20120023326A1 (en) | Automated provisioning of a network appliance | |
WO2015003503A1 (en) | Network device, terminal device and information security improving method | |
CN104901935A (en) | Bilateral authentication and data interaction security protection method based on CPK (Combined Public Key Cryptosystem) | |
CN105025019A (en) | Data safety sharing method | |
CN104660397A (en) | Secret key managing method and system | |
CN103327034A (en) | Safe login method, system and device | |
CN105577377A (en) | Identity-based authentication method and identity-based authentication system with secret key negotiation | |
CN103414727A (en) | Encryption protection system for input password input box and using method thereof | |
CN104283680A (en) | Data transmission method, client side, server and system | |
CN108900301A (en) | The certification of restful interface security and message mixed encryption method based on .NET MVC | |
CN106936759A (en) | A kind of single-point logging method, server and client | |
CN105281902A (en) | Web system safety login method based on mobile terminal | |
CN104200154A (en) | Identity based installation package signing method and identity based installation package signing device | |
US20140237239A1 (en) | Techniques for validating cryptographic applications | |
CN106161363B (en) | SSL connection establishment method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150318 |
|
WD01 | Invention patent application deemed withdrawn after publication |