信任所有证书的Mule HTTPS连接器 [英] Mule HTTPS connector that trusts all certificates
问题描述
我正在为Mule ESB应用程序编写集成测试。 Mule应用程序通过HTTPS连接到第三方API。当我尝试针对第三方测试API端点运行我的应用程序时,一切正常,我不必将任何客户端特定的SSL配置添加到HTTPS连接器。我相信这是因为他们的服务器具有CA签名证书,因此他们可以立即受到信任,例如像这样的HTTP连接器
I'm writing integration tests for a Mule ESB application. The Mule application connects to a third-party API via HTTPS. When I try to run my application against the third-party testing API endpoint, everything works fine and I don't have to add any client specific SSL configuration to the HTTPS connector. I believe this is due to the fact their server has CA signed certificates, hence they're trusted straight away and e.g. an HTTP connector like this
<https:connector
name="my.https.connector"
cookieSpec="netscape"
validateConnections="true"
sendBufferSize="0"
receiveBufferSize="0"
receiveBacklog="0"
clientSoTimeout="10000"
serverSoTimeout="10000"
socketSoLinger="0"
doc:name="HTTPS">
<service-overrides sessionHandler="org.mule.session.NullSessionHandler"/>
</https:connector>
开箱即用。
在编写集成测试时,我会存根(或者如果您愿意,可以模拟)第三方API。但是,为了使SSL工作,我必须为嵌入式HTTPS服务器生成密钥库,并通过添加
When writing the integration test, I stub (or mock if you prefer) the third-party API. However, in order to make SSL work I have to generate a keystore for the embedded HTTPS server and modify the client HTTPS connector by adding
<https:tls-client path="keystore" storePassword="psw" />
<https:tls-key-store path="keystore" storePassword="psw" keyPassword="psw" />
如上所述。
我可以在单独的XML文件中定义测试HTTPS连接器,并将其加载到 FunctionalTestCase.getConfigResources()方法中。然而,这并不理想:我真正想要的是让HTTPS连接器(客户端)信任一切的一种方式 - 但仅在运行集成测试时 - 即在执行时Maven 构建。这必须以编程方式发生,以便保持Mule应用程序代码不变。
I could define the testing HTTPS connector in a separated XML file and load it in the FunctionalTestCase.getConfigResources() method. However this is not ideal: what I'm really after is a way of making the HTTPS connector (the client) to trust everything - but only when running the integration test - i.e. when doing a Maven build. This has to happen programmatically in order to leave the Mule application code untouched.
我试图将以下代码添加到 @BeforeClass 带注释的方法
I've tried to add the following code into a @BeforeClass annotated method
http://www.rgagnon.com/javadetails/java-fix-certificate-problem-in-HTTPS.html
但没有运气。运行集成测试时我仍然遇到以下异常
but had no luck. I'm still getting the following exception when running the integration tests
Exception stack is:
1. unable to find valid certification path to requested target (sun.security.provider.certpath.SunCertPathBuilderException)
sun.security.provider.certpath.SunCertPathBuilder:196 (null)
2. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (sun.security.validator.ValidatorException)
sun.security.validator.PKIXValidator:385 (null)
3. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (javax.net.ssl.SSLHandshakeException)
sun.security.ssl.Alerts:192 (http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/net/ssl/SSLHandshakeException.html)
任何有工作解决方案的人n? :)
Anyone with a working solution ? :)
推荐答案
在运行时管理器的属性中设置它:com.ning.http.client.AsyncHttpClientConfig.acceptAnyCertificate = true
Set this in your properties in runtime manager: com.ning.http.client.AsyncHttpClientConfig.acceptAnyCertificate=true
根据需要配置pom.xml文件,使其在部署之间保持不变。
Configure your pom.xml file as necessary so that it sticks between deploys.
这篇关于信任所有证书的Mule HTTPS连接器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
