使用 mule 使用 HTTPS

【问题标题】:Consume HTTPS using mule使用 mule 使用 HTTPS
【发布时间】:2023-10-25 07:43:01
【问题描述】:

我正在尝试配置一个简单的 esb 配置,它公开一个 http 端点,但在内部调用一个 https 服务。

下面是我的配置:

<?xml version="1.0" encoding="UTF-8"?>

<mule xmlns:ws="http://www.mulesoft.org/schema/mule/ws" xmlns:tls="http://www.mulesoft.org/schema/mule/tls" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
    xmlns:spring="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/tls http://www.mulesoft.org/schema/mule/tls/current/mule-tls.xsd
http://www.mulesoft.org/schema/mule/ws http://www.mulesoft.org/schema/mule/ws/current/mule-ws.xsd">


 <http:listener-config name="HTTP_Listener_Configuration" host="0.0.0.0" port="8096" doc:name="HTTP Listener Configuration"/>

<http:request-config name="HTTP_Request_Configuration" protocol="HTTPS" doc:name="HTTP Request Configuration">

--> 

</http:request-config>

<flow name="secureddemoFlow">
    <http:listener config-ref="HTTP_Listener_Configuration" path="/" doc:name="HTTP"/>
    <logger message="Inside---" level="INFO" doc:name="Logger"/>
    <http:request config-ref="HTTP_Request_Configuration" path="/secureservice/esb" host="10.208.18.246" port="8443" method="GET" doc:name="HTTP"/>

    <logger message="done---" level="INFO" doc:name="Logger"/>
</flow>
</mule>

这已成功部署,但是当访问端点时出现以下异常:

 INFO  2016-03-30 12:08:01,443 [[secureddemo].HTTP_Listener_Configuration.worker.01] org.mule.api.processor.LoggerMessageProcessor: Inside---
ERROR 2016-03-30 12:08:01,531 [[secureddemo].HTTP_Listener_Configuration.worker.01] org.mule.exception.DefaultMessagingExceptionStrategy: 
********************************************************************************
Message               : Error sending HTTP request. Message payload is of type: NullPayload
Type                  : org.mule.api.MessagingException
Code                  : MULE_ERROR--2
Payload               : {NullPayload}
JavaDoc               : http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MessagingException.html
********************************************************************************
Exception stack is:
1. No subject alternative names present (java.security.cert.CertificateException)
  sun.security.util.HostnameChecker:142 (null)
2. General SSLEngine problem (javax.net.ssl.SSLHandshakeException)
  sun.security.ssl.Alerts:192 (http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/net/ssl/SSLHandshakeException.html)
3. General SSLEngine problem (javax.net.ssl.SSLHandshakeException)
  sun.security.ssl.Handshaker:1362 (http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/net/ssl/SSLHandshakeException.html)
4. javax.net.ssl.SSLHandshakeException: General SSLEngine problem (java.util.concurrent.ExecutionException)
  org.glassfish.grizzly.impl.SafeFutureImpl$Sync:349 (null)
5. java.util.concurrent.ExecutionException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem (java.io.IOException)
  org.mule.module.http.internal.request.grizzly.GrizzlyHttpClient:245 (null)
6. Error sending HTTP request. Message payload is of type: NullPayload (org.mule.api.MessagingException)
  org.mule.module.http.internal.request.DefaultHttpRequester:287 (http://www.mulesoft.org/docs/site/current3/apidocs/org/mule/api/MessagingException.html)
********************************************************************************
Root Exception stack trace:
java.security.cert.CertificateException: No subject alternative names present
    at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142)
    at sun.security.util.HostnameChecker.match(HostnameChecker.java:91)
    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:347)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:255)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1328)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:153)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:808)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:806)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1299)
    at org.glassfish.grizzly.ssl.SSLUtils.executeDelegatedTask(SSLUtils.java:247)
    at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:669)
    at org.glassfish.grizzly.ssl.SSLFilter.doHandshakeStep(SSLFilter.java:330)
    at org.glassfish.grizzly.ssl.SSLBaseFilter.doHandshakeStep(SSLBaseFilter.java:583)
    at org.glassfish.grizzly.ssl.SSLBaseFilter.handleRead(SSLBaseFilter.java:304)
    at com.ning.http.client.providers.grizzly.SwitchingSSLFilter.handleRead(SwitchingSSLFilter.java:74)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:283)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:200)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:132)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:111)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:536)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:112)
    at org.mule.module.http.internal.request.grizzly.FlowWorkManagerIOStrategy.run0(FlowWorkManagerIOStrategy.java:134)
    at org.mule.module.http.internal.request.grizzly.FlowWorkManagerIOStrategy.access$100(FlowWorkManagerIOStrategy.java:31)
    at org.mule.module.http.internal.request.grizzly.FlowWorkManagerIOStrategy$WorkerThreadRunnable.run(FlowWorkManagerIOStrategy.java:157)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:591)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:571)
    at java.lang.Thread.run(Thread.java:722)

********************************************************************************

请帮忙。

【问题讨论】:

    标签: ssl https mule ssl-certificate esb


    【解决方案1】:

    当您尝试通过未在服务器证书中指定为 SubjectAlternativeName (SAN) 的主机名访问服务时,就会出现此类问题。由于您正在向 116.202.169.182 发送请求,因此当该服务器将其证书返回给客户端以便对其进行验证时,执行的检查之一是“主机名验证”(基本上:这真的是我想与之通信的人吗?)期待查找列出的 116.202.169.182。

    问题不在您正在配置的信任库或密钥库中(实际上,您只是在定义它,但实际上并未在 request-config 中引用它,所以我认为它没有被使用),而是您使用的服务器正在发送请求。您可以使用它在证书中定义的主机名发送请求。

    HTH

    【讨论】:

    • 我已根据您的建议更新了代码,现在遇到握手异常,请您帮忙
    • 你能分享一下代码更新吗?如果您现在不直接使用 IP,那么握手错误可能是因为我提到的 tls-context 没有被实际引用。我需要查看代码和异常以确定。
    • 我已经用我现在使用的代码更新了代码(包括你的 cmets)
    • 我没有看到任何变化。您仍在使用 IP 作为主机,现在您没有定义 tls:context 元素,也没有在 request-config 中引用它。但是,该错误表明服务器没有在其证书中定义任何 SAN。你有控制权吗?原因是它使用的证书设置不正确。
    猜你喜欢
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript C# Mysql Docker 算法 前端 SpringBoot Redis Vue spring .net 设计模式 .net core c++ kubernetes 数据库 机器学习 大数据 数据结构 微服务 js 人工智能 Go Android 面试 程序员 JVM 云原生 后端 ASP.net core 深度学习 CSS k8s git golang PHP devops Nginx Django React mybatis 架构 多线程 Spring Boot 云计算 LeetCode 分布式