3

I need to write my own class to tell mule that https connection to service (wsdl) is verified. I already have mule project nearly finnished but last piece is missing, sending file at specific url.

What I want to achieve:

  1. establish connection and send xml to target url

  2. read response that is also in xml

Server uses security with self signed certificate. What I did so far was that I got cert from that link and imported it in .jks. Then I followed probably all "tutorials" how to connect to server in mule with https connector but nothing worked in my case.

I think that the best thing would be if someone can help me create java class to bypass key checking and return true (as verified). Something like:

URL url = new URL("https://www.google.com");
HttpsURLConnection conn= (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier(new HostnameVerifier() {
    @Override
    public boolean verify(String arg0, SSLSession arg1) {
        return true;
    }
});

How can I do that in mule? I expect that it would be something like this.

I am using current mule version (3.5.0)

Thank you!

EDIT:

My configuration:

<https:connector name="HttpsConnector" cookieSpec="netscape" validateConnections="true" sendBufferSize="0" receiveBufferSize="0" receiveBacklog="0" clientSoTimeout="10000" serverSoTimeout="10000" socketSoLinger="0" doc:name="HTTP\HTTPS" dynamicNotification="true" >
    <https:tls-server path="${keystore.path}" storePassword="${keystore.pass}" />
</https:connector>

<sub-flow name="toSOAP" doc:name="toSOAP">
    <cxf:proxy-client payload="body" doc:name="SOAP" enableMuleSoapHeaders="false">
        <cxf:outInterceptors>
            <spring:ref bean="WSS4JOutInterceptorBean"/>
        </cxf:outInterceptors>
    </cxf:proxy-client>
    <https:outbound-endpoint exchange-pattern="one-way" host="${pref.host}" port="${pref.port}" path="${pref.path}" method="POST" connector-ref="HttpsConnector" doc:name="HTTP"/>
</sub-flow>
Matjaz
  • 468
  • 5
  • 21
  • 2
    "I think that the best thing would be if someone can help me create java class to bypass key checking and return true (as verified)". Why? If you don't want security why are you using SSL at all? – user207421 Jan 16 '14 at 09:57
  • Simply because I cannot connect to service using tutorials provided elsewhere. I tried with inserting certificate to keystore and then setting that keystore in https connector but nothing worked. – Matjaz Jan 16 '14 at 10:08
  • 1
    That doesn't answer the question. It's pointless to 'trust everybody' if you are trying to deploy a secure solution. The idea is to solve the problem, not break your security. – user207421 Jan 16 '14 at 10:25
  • Goal is to send file and test whole process then, when I'll have more time on hand, I'll search for sollutions how to solve this security issue. – Matjaz Jan 16 '14 at 10:35
  • Actually if the url you are using needs ssl authentication the you will not be able to bypass it (You cannot bye pass and that is what is security). If you need to solve it the please provide the error you are getting while connecting, then we may be able to solve the problem .It could be that the url might require two way ssl and you are using only one way ssl and it might me that you are giving the ".jks" path in the wrong text box of the http connector. – Naveen Raj Jan 16 '14 at 11:28
  • 1
    Share your configuration. – Seba Jan 16 '14 at 12:37
  • Importing the self signed cert in your app's JKS is the way to go. Both importing the cert and configuring Mule can go wrong so explain exactly what you did for both. – David Dossot Jan 16 '14 at 15:11
  • First I got cert from web page (export in browser), then I transformed it with openssl command: openssl x509 -outform der -in certificate -out transformedCert.der. After that, I imported it with keytool: keytool -import -alias alias -keystore sslkeys.jks -file transformedCert.der. I've set absolute path to that file and set password that I provided on import. No big science there tbh. In Mule, I've put path into https connector under trust store area (https:tls-server tag). I now got it to work so I'll post configuration in edit what is my final configuration. – Matjaz Jan 17 '14 at 07:55
  • @Ryan Hoegg answer was what I was looking for exactly but you guys helped me even with questions that I should ask myself but didn't. :) Thanks all! – Matjaz Jan 17 '14 at 07:55
  • It's not pointless to 'trust everybody' in some cases http://stackoverflow.com/questions/27255015/mule-https-connectors-that-trust-all-certificates – Guido Dec 02 '14 at 17:08

1 Answers1

3

What worked for me is to set the TrustManagerFactory on the HTTPS connector. Here's how I did it.

First, create a keystore that contains the certificate of the SSL server you want to trust. You can create the keystore using the tools included with the JDK (here's an example).

Then, create a FactoryBean that gives you a TrustManagerFactory given a JKS keystore and password. Here's one I made that uses a Spring resource, so that I can provide the keystore from the classpath or from the filesystem:

public class ExampleFactoryBean implements FactoryBean<TrustManagerFactory> {

    private Resource keystore;
    private String password;

    @Override
    public TrustManagerFactory getObject() throws Exception {
            KeyStore truststore = KeyStore.getInstance("JKS");
            truststore.load(keystore.getInputStream(), password.toCharArray());
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
            tmf.init(truststore);
            return tmf;
    }

    @Override
    public Class<?> getObjectType() {
        return TrustManagerFactory.class;
    }

    @Override
    public boolean isSingleton() {
        return true;
    }

    public void setKeystore(Resource keystore) {
        this.keystore = keystore;
    }

    public void setPassword(String password) {
        this.password = password;
    }
}

Finally, set the TrustManagerFactory on the HTTP connector like so:

<https:connector name="myHttpsConnector">
    <spring:property name="trustManagerFactory">
        <spring:bean class="com.mycompany.ssl.ExampleFactoryBean">
            <spring:property name="keystore" value="classpath:mykeystore.keystore" />
            <spring:property name="password" value="mypassword" />
        </spring:bean>
    </spring:property>
</https:connector>
Ryan Hoegg
  • 2,415
  • 2
  • 14
  • 15