1
我們擁有使用哪個mule進行HTTPS連接的自簽名證書。爲了使它工作,我試圖定製bean來定製HTTPSURLConnection,以不允許allHostVerification。Mule soft自定義代碼調用以通過更改SSL的HTTPSURLConnection
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSession;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
public class SelfSignSSLProcessor {
public void workAroundSelfSignedCerts() {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] {
new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) { }
public void checkServerTrusted(X509Certificate[] certs, String authType) { }
}
};
// Install the all-trusting trust manager
System.out.println("Allow Self Signed Certificates");
try {
SSLContext sc = SSLContext.getInstance("SSL");
System.out.println("SSL Context Object" + sc.toString());
sc.init(null, trustAllCerts, new SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
System.out.println("Host Name to Verify" + hostname);
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
// System.out.println("HTTP URL Connection for all SSL" + HttpsURLConnection.getDefaultHostnameVerifier());
}
catch (Exception e) {
// do something here please!
e.printStackTrace();
}
}
}
我試圖通過把調用函數權之前騾子HTTPS調用下面流調用此方法。
<flow name="cprimeFlow">
<poll doc:name="Poll">
<fixed-frequency-scheduler frequency="2" timeUnit="SECONDS"/>
<dw:transform-message doc:name="Transform Message">
<dw:set-payload><![CDATA[%dw 1.0
%output application/java
---
{
}]]></dw:set-payload>
</dw:transform-message>
</poll>
<invoke object-ref="SelfSignSSLProcessor" method="workAroundSelfSignedCerts" doc:name="Invoke"/>
<http:request config-ref="CPRIME_HTTPS" path="Devices" method="GET" doc:name="HTTP">
<http:request-builder>
<http:query-param paramName=".full" value="true"/>
<http:header headerName="Connection" value="close"/>
<http:header headerName="max-age" value="0"/>
<http:header headerName="Cache-Control" value="no-cache,no-store,must-revalidate"/>
<http:header headerName="Expires" value="0"/>
</http:request-builder>
</http:request>
<logger message="CPRIME OUT Call Logs - [#[message.payloadAs(java.lang.String)]" level="INFO" doc:name="Logger"/>
</flow>
</mule>
然而,這似乎並沒有生效,這意味着我不認爲在htttps連接器配置的HttpsURLConnection的被修改此行爲。
讓我知道如果我想用mule中的某個其他組件或將自定義HTTPSURLConnection放在mule中的正確方法是什麼。
我知道騾子3.8有這個選項。而且能夠在3.8上完成,但是基礎架構團隊尚未準備好升級。除了設置JVM以允許任何證書之外,是否有任何方法可以使其在3.7上工作。 – skumar
不是我所知道的。當時我們意識到您可以使用系統屬性「-Dcom.ning.http.client.AsyncHttpClientConfig.acceptAnyCertificate = true」來禁用主機名驗證,但不是所有的驗證。此外,這將影響所有應用程序中的所有請求者組件。 – afelisatti
好吧,那不好。順便說一下,我使用的連接器是HTTPS