Mule soft Custom code invoke to change HTTPSURLConnection for SSL by pass
Question
We have self signed certificate using which mule is making HTTPS connection. In order to make it work I tried to custom bean to customize HTTPSURLConnection to not allow allHostVerification.
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SelfSignSSLProcessor {
public void workAroundSelfSignedCerts() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}
};
// Install the all-trusting trust manager
System.out.println("Allow Self Signed Certificates");
try {
SSLContext sc = SSLContext.getInstance("SSL");
System.out.println("SSL Context Object" + sc.toString());
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
System.out.println("Host Name to Verify" + hostname);
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
// System.out.println("HTTP URL Connection for all SSL" + HttpsURLConnection.getDefaultHostnameVerifier());
}
catch (Exception e) {
// do something here please!
e.printStackTrace();
}
}
}
I am trying to invoke this by putting invoke function right before the HTTPS call in mule flow as below.
<flow name="cprimeFlow">
<poll doc:name="Poll">
<fixed-frequency-scheduler frequency="2" timeUnit="SECONDS"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/java
---
{
}]]></dw:set-payload>
</dw:transform-message>
</poll>
<invoke object-ref="SelfSignSSLProcessor" method="workAroundSelfSignedCerts" doc:name="Invoke"/>
<http:request config-ref="CPRIME_HTTPS" path="Devices" method="GET" doc:name="HTTP">
<http:request-builder>
<http:query-param paramName=".full" value="true"/>
<http:header headerName="Connection" value="close"/>
<http:header headerName="max-age" value="0"/>
<http:header headerName="Cache-Control" value="no-cache,no-store,must-revalidate"/>
<http:header headerName="Expires" value="0"/>
</http:request-builder>
</http:request>
<logger message="CPRIME OUT Call Logs - [#[message.payloadAs(java.lang.String)]" level="INFO" doc:name="Logger"/>
</flow>
</mule>
However this does not seem to be in effect, meaning I don't think the HTTPSURLConnection in htttps connector configuration is modified for this behavior.
Let me know if I am suppose to use some other component in mule or what is the right way to put the custom HTTPSURLConnection in mule.
1 answers
solution1
1 2016-11-03 16:22:09
This won't work for the HTTP connector. If you are using Mule 3.8.0 or above you can achieve the desired outcome (no validations) by having your request configuration use a TLS context with an "insecure" trust store. You can read more about that here (in the "Insecure option" section). HTH
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.