SSL身份验证在Mule ESB项目中不起作用（illegal_parameter） [英] SSL authentication not works in Mule ESB project (illegal_parameter)

问题描述

我写了一些代码，通过SSL在HTTPS服务器上进行身份验证。它工作正常。

I wrote some code which authenticates in HTTPS server over SSL. It working fine.

现在我必须把这个部分移到我的Mule ESB项目。

Now I have to move this part to my Mule ESB project.

这是我的工作方法：

public boolean authenticate() {
    try {
        System.setProperty("jsse.enableSNIExtension", "false");
        System.setProperty("com.sun.net.ssl.enableECC", "false");

        CookieManager manager = new CookieManager();
        manager.setCookiePolicy(CookiePolicy.ACCEPT_ALL);
        CookieHandler.setDefault(manager);

        URL url = new URL("https://...");
        HttpsURLConnection con = (HttpsURLConnection) url.openConnection();

        con.setRequestMethod("GET");
        con.setUseCaches(false);
        con.setInstanceFollowRedirects(true);
        con.setConnectTimeout(5000);
        con.setReadTimeout(5000);

        // KeyStore
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(new FileInputStream("PATH/TO/.P12/file"), "P12password".toCharArray());
        keyManagerFactory.init(keyStore, "P12password".toCharArray());
        // ---

        // TrustStore
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        KeyStore trustStore = KeyStore.getInstance("JKS");
        trustStore.load(new FileInputStream("PATH/TO/.JKS/file"), "JKSpassword".toCharArray());
        trustManagerFactory.init(trustStore);
        // ---

        SSLContext context = SSLContext.getInstance("SSLv3");
        context.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());

        con.setSSLSocketFactory(context.getSocketFactory());

        con.getContent();
        CookieStore cookieJar =  manager.getCookieStore();
        List<HttpCookie> cookies = cookieJar.getCookies();
        for (HttpCookie cookie: cookies) {
            if (COOKIE_NAME.equals(cookie.getName())) {
                COOKIE_VALUE = cookie.getValue();
                return true;
            }
        }
        return false;
    } catch (Exception e) {
        e.printStackTrace();
        return false;
    }
}

在Mule ESB项目中，我调用 authenticate 处理器中：

In Mule ESB project I call authenticate in processor:

@Override
public MuleEvent process(MuleEvent event) throws MuleException {
    MuleMessage message = event.getMessage();

    try {
        String payloadString = new String(message.getPayloadAsBytes());
        LOGGER.info("\nMessage payload:\n" + payloadString + "\n\n");

        String xml = extractXMLFromSOAPMessage(payloadString);
        LOGGER.info("\nXML: " + xml + "\n\n");

        if (authenticate()) {
            //send request to server
        }
    } catch (Exception e) {
        LOGGER.error("EXCEPTION: " + e.getMessage());
        e.printStackTrace();
    }

    return event;
}

在这一行 con.getContent（）; 引发异常： SSLException：收到致命警报：illegal_parameter

此错误也出现在我的JAVA项目中。但添加这些参数有帮助：

This error also appeared in my JAVA project. But adding these parameters helped:

System.setProperty("jsse.enableSNIExtension", "false");
System.setProperty("com.sun.net.ssl.enableECC", "false");

JAVA和Mule都在同一台机器上。

Both JAVA and Mule are on the same machine.

提前致谢！

P.S。对不起我的英语（：

P.S. Sorry for my english (:

解决方案非常简单。

System.setProperty 无法在Mule项目中工作。

System.setProperty not working in Mule project.

所以所有JVM参数都可以在MULE_HOME / conf / wrapper.conf中配置。

So all JVM parameters can be configured in MULE_HOME/conf/wrapper.conf.

这是我的解决方案：

wrapper.java.additional.16=-Djsse.enableSNIExtension=FALSE
wrapper.java.additional.17=-Dcom.sun.net.ssl.enableECC=FALSE

感谢 Vijay Pande 。

推荐答案

您是否尝试过按照 mule documentation 。

这篇关于SSL身份验证在Mule ESB项目中不起作用（illegal_parameter）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！