Last active
October 9, 2022 19:15
-
-
Save aliesbelik/10095effb071935c158c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.util.*; | |
import java.text.*; | |
import org.json.*; | |
import io.jsonwebtoken.* | |
import org.apache.commons.codec.binary.Base64; | |
// get JWT secret key and response value (to check response against it) from params | |
String [] params = Parameters.split(","); | |
String secret_key = params[0]; | |
String status = params[1]; | |
byte[] bytesEncoded = Base64.encodeBase64(secret_key.getBytes()); | |
String secret = new String(bytesEncoded); | |
try { | |
// access response data | |
String response = ctx.getPreviousResult().getResponseDataAsString(); | |
if (response.equals("")) { | |
prev.setSuccessful(false); | |
Failure = true; | |
FailureMessage = "ERROR : Response is EMPTY."; | |
throw new Exception("ERROR : Response is EMPTY."); | |
} else { | |
// perform decoding of JWT-signed response | |
Claims claims = Jwts.parser().setSigningKey(secret).parseClaimsJws(response).getBody(); // base64EncodedSecretKey | |
JwsHeader header = Jwts.parser().setSigningKey(secret).parseClaimsJws(response).getHeader(); // base64EncodedSecretKey | |
String jwtResponse = claims.toString(); | |
// OPTIONALLY: check any value against decoded response | |
if (!jwtResponse.contains(status)) { | |
prev.setSuccessful(false); | |
Failure = true; | |
FailureMessage = "ERROR: response doesn't contain " + status.toUpperCase(); | |
} | |
// OPTIONALLY: add to sampler's repsonse decoded equivalent of JWT-signed response data as well - | |
// to display in JMeter UI or to apply any assertions; | |
StringBuilder fullResponse = new StringBuilder(); | |
fullResponse.append(prev.getResponseDataAsString()); | |
fullResponse.append("\n\n").append(jwtResponse); | |
prev.setResponseData(fullResponse.toString()); | |
} | |
} catch (SignatureException e) { | |
// don't trust the JWT! | |
e.printStackTrace(); | |
prev.setSuccessful(false); | |
log.error(e.getMessage()); | |
System.err.println(e.getMessage()); | |
} catch (MalformedJwtException ex) { | |
ex.printStackTrace(); | |
prev.setSuccessful(false); | |
log.error(ex.getMessage()); | |
System.err.println(ex.getMessage()); | |
} |
Go the below from SO, this will work with Java/Groovy (make sure you have apache codec in JMeter libs) in JSR223:
import org.apache.commons.codec.binary.Base64;
String jwtToken = "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0ZXN0Iiwicm9sZXMiOiJST0xFX0FETUlOIiwiaXNzIjoibXlzZWxmIiwiZXhwIjoxNDcxMDg2MzgxfQ.1EI2haSz9aMsHjFUXNVz2Z4mtC0nMdZo6bo3-x-aRpw";
log.info("------------ Decode JWT ------------");
String[] split_string = jwtToken.split("\\.");
String base64EncodedHeader = split_string[0];
String base64EncodedBody = split_string[1];
String base64EncodedSignature = split_string[2];
log.info("~~~~~~~~~ JWT Header ~~~~~~~");
Base64 base64Url = new Base64(true);
String header = new String(base64Url.decode(base64EncodedHeader));
log.info("JWT Header : " + header);
log.info("~~~~~~~~~ JWT Body ~~~~~~~");
String body = new String(base64Url.decode(base64EncodedBody));
log.info("JWT Body : "+body);
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have the same problem as @arsieorgano
HELP!