问题
I'm writing integration tests for a Mule ESB application. The Mule application connects to a third-party API via HTTPS. When I try to run my application against the third-party testing API endpoint, everything works fine and I don't have to add any client specific SSL configuration to the HTTPS connector. I believe this is due to the fact their server has CA signed certificates, hence they're trusted straight away and e.g. an HTTP connector like this
<https:connector
name="my.https.connector"
cookieSpec="netscape"
validateConnections="true"
sendBufferSize="0"
receiveBufferSize="0"
receiveBacklog="0"
clientSoTimeout="10000"
serverSoTimeout="10000"
socketSoLinger="0"
doc:name="HTTPS">
<service-overrides sessionHandler="org.mule.session.NullSessionHandler"/>
</https:connector>
will work out of the box.
When writing the integration test, I stub (or mock if you prefer) the third-party API. However, in order to make SSL work I have to generate a keystore for the embedded HTTPS server and modify the client HTTPS connector by adding
<https:tls-client path="keystore" storePassword="psw" />
<https:tls-key-store path="keystore" storePassword="psw" keyPassword="psw" />
as mentioned all over the internet.
I could define the testing HTTPS connector in a separated XML file and load it in the FunctionalTestCase.getConfigResources() method. However this is not ideal: what I'm really after is a way of making the HTTPS connector (the client) to trust everything - but only when running the integration test - i.e. when doing a Maven build. This has to happen programmatically in order to leave the Mule application code untouched.
I've tried to add the following code into a @BeforeClass annotated method
http://www.rgagnon.com/javadetails/java-fix-certificate-problem-in-HTTPS.html
but had no luck. I'm still getting the following exception when running the integration tests
Exception stack is:
1. unable to find valid certification path to requested target (sun.security.provider.certpath.SunCertPathBuilderException)
sun.security.provider.certpath.SunCertPathBuilder:196 (null)
2. PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (sun.security.validator.ValidatorException)
sun.security.validator.PKIXValidator:385 (null)
3. sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (javax.net.ssl.SSLHandshakeException)
sun.security.ssl.Alerts:192 (http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/net/ssl/SSLHandshakeException.html)
Anyone with a working solution ? :)
回答1:
Is there a particular reason why you can not just create a test jks file to import into the ESB ecosystem for testing? I'm assuming that the ESB has a test environment from which you run your test cases against.
回答2:
Set this in your properties in runtime manager: com.ning.http.client.AsyncHttpClientConfig.acceptAnyCertificate=true
Configure your pom.xml file as necessary so that it sticks between deploys.
来源:https://stackoverflow.com/questions/27255015/mule-https-connector-that-trusts-all-certificates