Wednesday, 19 December 2018

OAuth Signature Generation Using LoadRunner

OAuth Signature Generation steps

Step1: All text parameters are UTF-8 encoded. Binary data is not directly handled by the OAuth specification but is assumed to be stored in an 8 bit array which is not UTF-8 encoded. This step may not have any effect if the parameters are only using the ASCII character set.
Step2: After UTF-8 encoding, the parameters are URL-encoded in a specific way that is often not fully compatible with existing URL-encoding libraries. 
All the unreserved characters (letters, numbers, '-', '_', '.', '~') must not be encoded.
Step3: The parameters are sorted first based on their encoded names, and if equal, based on their encoded values. Sort order is lexicographical byte value ordering which is the default string sort method in most languages, and means comparing the byte value of each character and sorting in an ascending order (which results in a case sensitive sort).
Step4: Once encoded and sorted, the parameters are concatenated together into a single string. . Each parameter's name is separated from the corresponding value by an '=' character (even if the value is empty), and each name-value pair is separated by an '&' character.
Step5: After the parameters have been normalized, the other request elements are processed. 
URL is built using this standard scheme://authority:port/path  ('80' is omitted when the scheme is 'http' and '443' is omitted when the scheme is 'https').
Step 6: To complete the creation of the Signature Base String the input to the signature algorithm all the request pieces must be put together into a single string. The HTTP method (such as GET, POST, etc.) which is a critical part of HTTP requests is concatenated together with the normalized URL and normalized parameters. The HTTP method must be in uppercase and each of these three pieces is URL-encoded (as defined above) and separated by an '&'.
Note: When appending all 3 pieces are encoded again and concatenated. '&' which is used for concatenation is not encoded.

Note: client/identifier is required for building signature base string

OAuth Signature Generation steps - Example

Raw values below

Step1: UTF encoded below (values are UTF encoded but the raw values and values in step1 are same as we had all ASCII characters.)
Step2URL Encoded below

Step3: Sorted in alphabetical order below









































Step4: Conctenated to a single string, below

Step5: Normalized URL




Step6Signature Base String


































OAuth Signature Generation using LoadRunner

OAuth signature is generated using Javascript .
Approach
  1. The function GenerateOauthSignature is defined in oauth.js and is called in {Action}.c using web_js_run.
          
2. In oauth.js we have 4 functions defined.
Function1: OAUTH Nonce is generated using below javascript function
function generateNonce(){
                                      var text = "";                               var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
                                      for(var i = 0; i < 25; i++) {
                                              text += possible.charAt(Math.floor(Math.random() * possible.length));
                                      }
                                      return text;
                                      }
Function2: Timestamp is generated using below javascript function
function unixts(){
              var timeStamp = Math.floor(Date.now() / 1000);
              return timeStamp;
}
               
Function3: Signature is generated using the below function. source
                         
Note: client/identifier is required for building signature base string.

3. Function GenerateOauthSignature generates values and returns to the main C script.
4. Since values are returned in an array as below, they have to be sliced and the leading and trailing chacraters, spaces have to be removed.
["PEOQ8RaEpeuqraybxHlAexmlN+0=", "dxNO0fKf06kG2RmoH4oJF6bkd", 1518811507]
Slicing is done using strtok and characters are removed using custom c function. 
5. Fnable the below from RTS > Preferences in vugen, to execute the javascript code.

Stormrunner-load and Git Integration

Introduction

This page details the software required and steps involved for Stormrunner-load integration using Git.

Setup Required

  1. Install Git Desktop client
  2. Install StormRunner Load Git Agent










3. Git public/ private Repository

    Configure Git Local Repository 

    1. In Git Desktop Client, File> New Repository
    2. Provide Name and path to local folder, this serves as local repository and will contain all the scripts. Ensure that Name of folder and repository name are same.
    3. Hit Create Repository
    4. File > Options and enter the Git account details to configure the remote repository
    5. To Mirror the folder in the Git account, enter comments in the highlighted field and Hit Commit to Master. (To commit to master, comments are necessary)
      and hit Publish Repository.
















    6. Login to Git account and confirm that the folder is created



    Configure SRL Git Agent

    Launch the SRL Git agent and enter the details.
    Leave the key field empty.
    Enter the credentials used to log into SRL and fill the Tenant and project Id.
    Provide proxy details with authentication parameters as required. In this case we left proxy field blank.


    Click + in Git tab to launch Repository Configuration window
    Enter repository URL to which scripts will be uploaded.
    Provide repository credentials in Advanced field.
    Click Retrieve, to retrieve remote repository branch.
    Click Ok.
    Click Save & Test and ensure that connection is successful.







    Launching SRL agent

    Launch Start SRL Git Agent, as root user/ local admin.
    This should launch a command prompt


    In SRL > Assets > Agents. You should see something as highlighted
    In SRL > Assets > Scripts. Click Caret, next to Upload and you should see
    Upload & Upload from Git.

    Upload the scripts to SRL


    Save the scripts to local repository in the desktop. (Always delete the results folder from scripts before commit)
    In Git hub Desktop Client, commit to Master and Push to Origin.
    (optional - In GitHub on web, check to see if scripts are updated with your commit comments.)
    (wait for few minutes)
    In SRL Assets > Scripts > Upload from Git 
    You should see a pop up like this.
    Select Script and click Add.
    Configure script to a scenario and apply RTS as required.


    Sync the scripts to SRL

    Save the modified scripts to local repository in the desktop. (Always delete the results folder from scripts before commit)
    In Git hub Desktop Client, commit to Master and Push to Origin.
    (optional - In GitHub on web, check to see if scripts are updated with your commit comments. )
    (wait for few minutes)
    In SRL Assets > Scripts, search for script that you want to sync.
    Select script and Hit Sync Selected. Hit Sync in the popup.
    Page refreshes and now select script to check the Last update time.
    This should reflect the latest time as there are code changes
    *if no code changes are published to Git, then the Last update time, will not change.


    Note: Always delete the results folder from scripts before commit.The files types that are to be excluded to commit can be configured in the Git Desktop client.

    AWS4 Signature generation using LoadRunner

    AWS4 Signature Generation steps

    Steps for AWS4 signature generation is documented in detail here https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.htm

    Here are the 4 steps at high level
    Step1: Create a Canonical Request for Signature Version 4
    Step2 : Create a String to Sign for Signature Version 4
    Step 3: Calculate the Signature for AWS Signature Version 4
    Step 4: Add the Signing Information to the Request

    AWS4 Signature Generation using LoadRunner

    AWS4 signature is generated using Javascript .

    AWS4 Signature Generation steps

    Steps for AWS4 signature generation is documented in detail here https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.htm

    Here are the 4 steps at high level
    Step1: Create a Canonical Request for Signature Version 4
    Step2 : Create a String to Sign for Signature Version 4
    Step 3: Calculate the Signature for AWS Signature Version 4
    Step 4: Add the Signing Information to the Request

    AWS4 Signature Generation using LoadRunner

    AWS4 signature is generated using Javascript .















    2. In awsSignature.js we have 4 functions defined.
      Function1: Generates required date and time stamps using below javascript function
         function unixts(){
                  var now = new Date();
                  var isoString = now.toISOString();
                      var newIsoString = now.toISOString().slice(0,19).replace(/-/g,"").replace(/:/g,"");
                      var finIsoString = newIsoString.concat("Z");
                      var DateStamp = now.toISOString().slice(0,10).replace(/-/g,"");
                      var values=[DateStamp,finIsoString];
                      return values;
                  }
               Function2: Generates canonical request                                  
    Function3: Generates string to sign
    Function4: Generates AWS signature and returns  to the main C script along with other required values .
























    Note: Also the below files are required for signature generation. These can be pulled from node.js libraries

    3. Since values are returned as a string, they have to be sliced and the leading and trailing characters, spaces have to be removed.
    Slicing is done using strtok and characters are removed using custom c function. Please refer the script for details.

    4. Enable the below from RTS > Preferences in vugen, to execute the javascript code. 

    How to create multiple client certificates and use them in JMeter script

    Client authentication/ mutual authentication / Two-way SSL are typically implemented when the client device is expected to authenticate to ...