Selenium Grid 4 - Security(Enable Https)

最新推荐文章于 2024-09-14 17:37:59 发布
最新推荐文章于 2024-09-14 17:37:59 发布
阅读量172 收藏
点赞数
分类专栏: Selenium 文章标签: selenium 测试工具 https
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/clj901018/article/details/130791833
版权

1.官方文档

java -jar selenium-server-4.8.1.jar info security

 

About Security
==============

Selenium 4 has a number of changes aimed at improving the security posture
of running your own infrastructure. The ability to communicate to a Selenium
Server (whether it is acting as a Standalone or Grid) is discussed in `Secure
Communication` and restricting Grid Nodes to only those you trust is covered
in `Node Registration.`

1. Secure Communication

=======================

Selenium Grid by default communicates over HTTP. This is fine for a lot of
use cases, especially if everything is contained within the firewall and against
test sites with testing data. However, if your server is exposed to the Internet
or is being used in environments with production data (or that which has PII)
then you should secure it.

Standalone

In order to run the server using HTTPS instead of HTTP you need to start it
with the `--https-private-key` and `--https-certificate` flags to provide
it the certificate and private key (as a PKCS8 file).

  java -jar selenium.jar \
       hub \
       --https-private-key /path/to/key.pkcs8 \
       --https-certificate /path/to/cert.pem


Distributed

Alternatively, if you are starting things individually you would also specify
https when telling where to find things.

  java -jar selenium.jar \
       sessions \
       --https-private-key /path/to/key.pkcs8 \
       --https-certificate /path/to/cert.pem


  java -jar selenium.jar \
       distributor \
       --https-private-key /path/to/key.pkcs8 \
       --https-certificate /path/to/cert.pem \
       -s https://sessions.grid.com:5556


  java -jar selenium.jar \
       router \
       --https-private-key /path/to/key.pkcs8 \
       --https-certificate /path/to/cert.pem \
       -s https://sessions.grid.com:5556 \
       -d https://distributor.grid.com:5553 \


Certificates

The Selenium Grid will not operate with self-signed certificates, as a result
you will need to have some provisioned to you from a Certificate Authority
of some sort. For experimentation purposes you can use MiniCA to create and
sign your certificates.

  minica --domains sessions.grid.com,distributor.grid.com,router.grid.com


This will create minica.pem and minica.key in the current directory as well
as cert.pem and key.pem in a directory `sessions.grid.com` which will have
both distributor.grid.com and router.grid.com as alternative names. Because
Selenium Grid requires the key to be in PKCS8, you have to convert it.

  openssl pkcs8 \
    -in sessions.grid.com/key.pem \
    -topk8 \
    -out sessions.grid.com/key.pkcs8 \
    -nocrypt


And since we are using a non-standard CA, we have to teach Java about it.
To do that you add it to the cacert truststore which is by default, $JAVA_HOME/jre/lib/security/cacerts


  sudo keytool \
      -import \
      -file /path/to/minica.pem \
      -alias minica \
      -keystore $JAVA_HOME/jre/lib/security/cacerts \
      -storepass changeit \
      -cacerts


More information can be found at:

* MiniCA: https://github.com/jsha/minica


2. Node Registration

====================

Selenium Grid distributes script execution to worker nodes. Those nodes self-register
with the Grid Distributor process when they start and the Distributor trusts
that they should be getting work. This is fine in highly secured networks
where everything is trusted, but aside from that you really want to make sure
that the node is one you control and not a rouge node. In order to do this,
you start the Distributor, Router and Node servers with the new `--registration-secret`
command-line argument.

Using the same examples as above, they become the following with this additional
layer of security.

  java -jar selenium.jar \
       distributor \
       --https-private-key /path/to/key.pkcs8 \
       --https-certificate /path/to/cert.pem \
       -s https://sessions.grid.com:5556 \
       --registration-secret cheese \


  java -jar selenium.jar \
       router \
       --https-private-key /path/to/key.pkcs8 \
       --https-certificate /path/to/cert.pem \
       -s https://sessions.grid.com:5556 \
       -d https://distributor.grid.com:5553 \
       --registration-secret cheese


  java -jar selenium.jar \
       node \
       --https-private-key /path/to/key.pkcs8 \
       --https-certificate /path/to/cert.pem \
       --detect-drivers \
       --registration-secret cheese


Note: If the registration-secret from the Node to the Distributor (or Router)
is incorrect, there is nothing to indicate that returned to the Node. There
is an ERROR level log entry produced on the servers. You should be monitoring
the logs for that and raise alarms as deemed appropriate.

 2.如何生成https-private-key 和 https-certificate

1)首先下载minica(Release 1.0.2 · jsha/minica · GitHub)

 

官方介绍

Minica is a simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used. It automatically generates both a key and a certificate when asked to produce a certificate. It does not offer OCSP or CRL services. Minica is appropriate, for instance, for generating certificates for RPC systems or microservices.

On first run, minica will generate a keypair and a root certificate in the current directory, and will reuse that same keypair and root certificate unless they are deleted.

On each run, minica will generate a new keypair and sign an end-entity (leaf) certificate for that keypair. The certificate will contain a list of DNS names and/or IP addresses from the command line flags. The key and certificate are placed in a new directory whose name is chosen as the first domain name from the certificate, or the first IP address if no domain names are present. It will not overwrite existing keys or certificates.

The certificate will have a validity of 2 years and 30 days.

 

2)安装golang(All releases - The Go Programming Language)

3)使用go 安装minica

cd /ANY/PATH
git clone https://github.com/jsha/minica.git
go build
## or
# go install

 

 

4)执行如下几个命令

minica --domains sessions.grid.com,distributor.grid.com,router.grid.com

 

 

 

openssl pkcs8 -in sessions.grid.com/key.pem -topk8 -out sessions.grid.com/key.pkcs8 -nocrypt

 

keytool -import -file C:\Users\chenl\Documents\Repo\minica.pem -alias minica -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit

 

5)启动Hub 和 Node

java -jar selenium-server-4.9.0.jar hub --https-private-key sessions.grid.com/key.pkcs8 --https-certificate sessions.grid.com/cert.pem --registration-secret cheese

java -jar selenium-server-4.9.0.jar node --https-private-key sessions.grid.com/key.pkcs8 --https-certificate sessions.grid.com/cert.pem --registration-secret cheese --config .\config.toml

 

BruceChen2023
关注
专栏目录
selenium-server-4.1.1.jar
12-31
Selenium 服务器(selenium-server-4.1.1.jar
Selenium 自动化测试(七)
Lan34098703的博客
03-28 262
2.下载 selenium server 对应版本,以当前最新 selenium-server-4.8.2.jar 为例,将下载文件放到C:\selenium。如果用的不是默认端口,则需用 --publish-events 和 --subscribe-events 来指定。打开本地页面 http://localhost:4444 查看server已正常启动。可在同一机器上启动多个端点,通过指定不同的port以区分。可在同一机器上启动多个端点,通过指定不同的port以区分。3.运行命令开始server
Selenium Grid分布式测试
XGZ2IT的博客
02-25 382
Selenium Grid 允许通过将客户端发送的命令路由到远程浏览器实例来在远程计算机上执行 WebDriver 脚本。然后打开浏览器,输入http://localhost:4444。下载下来是一个jar包,通过命令启动。2.下载Selenium Grid
Selenium Grid 简易安装--(selenium-server-standalone-*.jar
monster
11-12 1321
Selenium Grid允许同时并行的,
SeleniumGrid 4 - Jaeger(Enable Tracing)
clj901018的博客
05-21 267
Selenium Grid 4 Enable Jaeger
selenium-4-grid-k8s-docker:使用Kubernetes,Docker和Selenium 4 Grid进行并行分布式测试
04-19
Selenium 4 Grid&K8s和Docker 作为模板创建的此演示演示了如何使用Kubernetes和Docker对Chrome ve Firefox Web驱动程序进行设置,以使用Selenium 4 Grid进行分布式并行测试。要求该项目需要 。 安装 。 安装 ,...
selenium-selenium-4.5.0.zip源码
10-24
在 `selenium-selenium-4.5.0.zip` 源码中,我们可以深入理解 Selenium 的内部实现,包括以下关键部分: 1. **WebDriver**: 这部分包含了各个浏览器驱动(如 ChromeDriver、GeckoDriver)的实现,它们作为桥梁,...
selenium-server-4.8.3.jar
04-16
Selenium Server (Grid) The Selenium Server is needed in order to run Remote Selenium WebDriver (Grid).
selenium-java-3.141.59.zip
09-08
通常,这包括如 selenium-server-standalone-3.141.59.jarselenium-java-3.141.59.jar 等文件,它们包含了执行自动化测试所需的所有依赖。 在使用 Selenium WebDriver 进行测试时,首先需要选择一个浏览器驱动...
推荐项目:Minica - 简单易用的证书颁发机构(CA)
gitblog_00091的博客
05-11 402
推荐项目:Minica - 简单易用的证书颁发机构(CA) minicaminica is a small, simple CA intended for use in situations where the CA operator also operates each host where a certificate will be used.项目地址:https://gitcode.com...
selenium+ChromeDriver测试网站
weixin_52719777的博客
05-24 533
selenium+ChromeDriver测试网站 配置: 1.chromdriver.exe 2.chrome.exe 3.selenium-serverjar包(我这里用的是selenium-server-4.1.4.jar) import org.openqa.selenium.Alert; import org.openqa.selenium.By; import org.openqa.selenium.WebElement; import org.openqa.selenium.chrome.C
selenium jar包 的下载地址,各版本都有,包括selenium-server-standalone.jarseleniumselenium-server
qq_16638717的博客
11-25 1080
http://selenium-release.storage.googleapis.com/index.html
selenium + grid + 各种浏览器踩坑记录
小桔的博客
10-24 2751
Selenium:python,selenium 3.14.1 Seleniumstandalone:v3.11.1 操作系统 浏览器 浏览器版本 webdriver名称 webdriver版本 Windows10 IE 10 IEdriver 3.14.0 Windows10 IE 11 3.14.0 3.14.0 Windows10 Edge Edgedriver ...
干货 | Selenium+chrome自动批量下载地理空间数据云影像
gisDuo的博客
09-10 1438
由中国科学院计算机网络信息中心科学数据中心成立的地理空间数据云平台是常见的下载空间数据的平台之一。其提供了较为完善的公开数据,如LANDSAT系列数据,MODIS的标准产品及其合成产品,DEM数据(SRTM 90M,ASTER GDEM 30M),EO-1数据,大气污染插值数据,Sentinel数据,高分一号WFV数据产品,NOAA VHRR 数据产品等。地理空间数据云提供高级检索功能,能够根据数据集、空间位置、时间范围、月份、云量、数据有无进行检索,如图1所示。图1 地理空间云高级检索功能。
不废话简单易懂的Selenium 页面操作与切换
qq_74177889的博客
09-14 399
按钮可以通过xpath定位获取,driver.find_element是定位一个元素,driver.find_elements是定位多个元素。Selenium基础包安装,注意版本不同,语法也会有所变化,我使用的python版本是3.19。句柄代表的是一个页面,切换句柄来获取每个页面的信息进行操作。注意,获得的数字的值可能是string类型,要手动转int。此时被关闭的是当前选中的句柄,就自然关闭了标签页。当一般的点击操作无法生效的时候可以使用js单击法。获取到的是句柄的数组列表。切换回一开始保存的句柄。
Selenium打开浏览器后闪退问题解决
eyelike的专栏
09-14 312
恍然醒悟之前,其实笔者也去核对了浏览器版本、也去Chrome和Edge开发者官网下载了对应版本的msedgedriver.exe和chromedriver.exe并将其保存路径加入了系统Path环境变量。就是这个小小的差异,而对于笔者这个日常将火狐浏览器作为默认浏览器,并只在火狐浏览器做了大量自动化工作的人来说,对于浏览器的默认行为潜移默化认可了,误以为Chrome和Edge的自动关闭是“闪退”。然而问题来了,笔者在进行Selenium打开Edge浏览器测试时,发现网页刚被打开后,就闪退了!
(java+Seleniums3)自动化测试实战2
2301_79144798的博客
09-12 283
1.环境问题点 此时,可以成功打开浏览器 此时,selenium可以控制浏览器 get--就是访问的意思 将驱动复制在当前项目之下 复制驱动的路径 2.基本元素定位 使用id来定位: 使用Name来定位: 成功: 使用id是唯一的,name可能会重复 使用tag来定位,这个是元素的标签名字,用的比较少,因为找到的元素是会有多个 使用class来定位 百度账号登录前后可能会有区别,class的个数: 去点击搜
Python中 BeautifulSoup和Selenium 定位元素和获取元素值的方法
最新发布
Gochan_Tao的博客
09-14 339
更适合用于静态页面的解析和数据提取,简单、快速。Selenium适用于处理动态页面,能够模拟用户行为,但相对较慢。根据你的需求选择合适的工具和方法即可!
为什么docker运行不了docker run -d --net grid -e SE_EVENT_BUS_HOST =selenium-hub --shm-size= " 2g " -e SE_EVENT_BUS_PUBLISH_PORT=4442 -e SE_EVENT_BUS_SUBSCRIBE_PORT=4443 --name selenium-node-chrme1 selenium/node-chrome
06-03
可能是因为 `SE_EVENT_BUS_HOST =selenium-hub` 这个参数的格式不正确,等号两边有空格,应该去掉空格,正确的格式应该是 `SE_EVENT_BUS_HOST=selenium-hub`。请尝试以下命令: ``` docker run -d --net grid -e SE_EVENT_BUS_HOST=selenium-hub --shm-size="2g" -e SE_EVENT_BUS_PUBLISH_PORT=4442 -e SE_EVENT_BUS_SUBSCRIBE_PORT=4443 --name selenium-node-chrme1 selenium/node-chrome ``` 另外,如果命令仍然无法执行,可以尝试重新拉取 `selenium/node-chrome` 镜像,命令为: ``` docker pull selenium/node-chrome ``` 如果还有其他错误信息,请提供详细信息以便更好地帮助你解决问题。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值