jmeter3.0 源码分析之：对HTTPS协议的支持

最新推荐文章于 2024-03-22 15:44:40 发布

一泓澄碧

最新推荐文章于 2024-03-22 15:44:40 发布

阅读量801

点赞数 1

CC 4.0 BY-SA版权

分类专栏： jmeter https

本文链接：https://blog.youkuaiyun.com/u013933870/article/details/51520366

jmeter 同时被 2 个专栏收录

3 篇文章

订阅专栏

https

2 篇文章

订阅专栏

本文通过分析jmeter 3.0的源码，探讨了其对HTTPS协议的支持方式，主要从HTTPHC4Impl类的sample方法入手，揭示了jmeter采用JSSE API，并通过LazySchemeSocketFactory和HC4TrustAllSSLSocketFactory类实现，默认信任所有证书的功能。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

jmeter 3.0 的readme里有这样一句话：

Apache JMeter interfaces with the
Java Secure Socket Extension (JSSE) API to provide
- HTTPS support

于是查看了jmeter源码，想看看jmeter是如何对https做支持的。

首先从 org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl类入手：

重点关注sample方法，截取代码如下：

 public class HTTPHC4Impl extends HTTPHCAbstractImpl {

 @Override
    protected HTTPSampleResult sample(URL url, String method,
            boolean areFollowingRedirect, int frameDepth) {
            //...
            HttpClient httpClient = setupClient(url, res);          
            }

    private HttpClient setupClient(URL url, SampleResult res) {
        //...
        MeasuringConnectionManager connManager = new MeasuringConnectionManager(
                    createSchemeRegistry(), 
                    resolver, 
                    TIME_TO_LIVE,
                    VALIDITY_AFTER_INACTIVITY_TIMEOUT);

    }
    /**
     * Setup LazySchemeSocketFactory
     * @see "https://bz.apache.org/bugzilla/show_bug.cgi?id=58099"
     */
    private static SchemeRegistry createSchemeRegistry() {
        final SchemeRegistry registry = new SchemeRegistry();
        registry.register(
                new Scheme("http", 80, PlainSocketFactory.getSocketFactory())); //$NON-NLS-1$
        registry.register(
                new Scheme("https", 443, new LazySchemeSocketFactory())); //$NON-NLS-1$
        return registry;
    }
 }

接着我们看看LazySchemeSocketFactory类

public final class LazySchemeSocketFactory implements SchemeLayeredSocketFactory{

     /**
         * @throws SSLInitializationException
         */
        private static SchemeLayeredSocketFactory checkAndInit() throws SSLInitializationException {
            LOG.info("Setting up HTTPS TrustAll Socket Factory");
            try {
                return new HC4TrustAllSSLSocketFactory();
            } catch (GeneralSecurityException e) {
                LOG.warn("Failed to initialise HTTPS HC4TrustAllSSLSocketFactory", e);
                return SSLSocketFactory.getSocketFactory();
            }
        }
 }

这里又使用了HC4TrustAllSSLSocketFactory类：

public class HC4TrustAllSSLSocketFactory extends SSLSocketFactory {

     private static final TrustStrategy TRUSTALL = new TrustStrategy(){
        @Override
        public boolean isTrusted(X509Certificate[] chain, String authType) {
            return true;
        }
    };
    private javax.net.ssl.SSLSocketFactory factory;

    /**
     * Create an SSL factory which trusts all certificates and hosts.
     * {@link SSLSocketFactory#SSLSocketFactory(TrustStrategy, org.apache.http.conn.ssl.X509HostnameVerifier)} 
     * @throws GeneralSecurityException if there's a problem setting up the security
     */
    public HC4TrustAllSSLSocketFactory() throws GeneralSecurityException {
        this(new HttpSSLProtocolSocketFactory((JsseSSLManager)JsseSSLManager.getInstance(), JsseSSLManager.CPS));
    }

    /**
     * Create an SSL factory which trusts all certificates and hosts.
     * {@link SSLSocketFactory#SSLSocketFactory(TrustStrategy, org.apache.http.conn.ssl.X509HostnameVerifier)} 
     * @param factory javax.net.ssl.SSLSocketFactory 
     * @throws GeneralSecurityException if there's a problem setting up the security
     */
    protected HC4TrustAllSSLSocketFactory(javax.net.ssl.SSLSocketFactory factory) throws GeneralSecurityException {
        super(TRUSTALL, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
        this.factory = factory;
    }
 }