java class to trust all for sending file to https web service

Question

I need to write my own class to tell mule that https connection to service (wsdl) is verified. I already have mule project nearly finnished but last piece is missing, sending file at specific url.

What I want to achieve:

1. establish connection and send xml to target url

2. read response that is also in xml

Server uses security with self signed certificate. What I did so far was that I got cert from that link and imported it in .jks. Then I followed probably all "tutorials" how to connect to server in mule with https connector but nothing worked in my case.

I think that the best thing would be if someone can help me create java class to bypass key checking and return true (as verified). Something like:

URL url = new URL("https://www.google.com");
HttpsURLConnection conn= (HttpsURLConnection) url.openConnection();
conn.setHostnameVerifier(new HostnameVerifier() {
    @Override
    public boolean verify(String arg0, SSLSession arg1) {
        return true;
    }
});

How can I do that in mule? I expect that it would be something like this.

I am using current mule version (3.5.0)

Thank you!

EDIT:

My configuration:

<https:connector name="HttpsConnector" cookieSpec="netscape" validateConnections="true" sendBufferSize="0" receiveBufferSize="0" receiveBacklog="0" clientSoTimeout="10000" serverSoTimeout="10000" socketSoLinger="0" doc:name="HTTP\HTTPS" dynamicNotification="true" >
    <https:tls-server path="${keystore.path}" storePassword="${keystore.pass}" />
</https:connector>

<sub-flow name="toSOAP" doc:name="toSOAP">
    <cxf:proxy-client payload="body" doc:name="SOAP" enableMuleSoapHeaders="false">
        <cxf:outInterceptors>
            <spring:ref bean="WSS4JOutInterceptorBean"/>
        </cxf:outInterceptors>
    </cxf:proxy-client>
    <https:outbound-endpoint exchange-pattern="one-way" host="${pref.host}" port="${pref.port}" path="${pref.path}" method="POST" connector-ref="HttpsConnector" doc:name="HTTP"/>
</sub-flow>

Answer 1

What worked for me is to set the TrustManagerFactory on the HTTPS connector. Here's how I did it.

First, create a keystore that contains the certificate of the SSL server you want to trust. You can create the keystore using the tools included with the JDK (here's an example).

Then, create a FactoryBean that gives you a TrustManagerFactory given a JKS keystore and password. Here's one I made that uses a Spring resource, so that I can provide the keystore from the classpath or from the filesystem:

public class ExampleFactoryBean implements FactoryBean<TrustManagerFactory> {

    private Resource keystore;
    private String password;

    @Override
    public TrustManagerFactory getObject() throws Exception {
            KeyStore truststore = KeyStore.getInstance("JKS");
            truststore.load(keystore.getInputStream(), password.toCharArray());
            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
            tmf.init(truststore);
            return tmf;
    }

    @Override
    public Class<?> getObjectType() {
        return TrustManagerFactory.class;
    }

    @Override
    public boolean isSingleton() {
        return true;
    }

    public void setKeystore(Resource keystore) {
        this.keystore = keystore;
    }

    public void setPassword(String password) {
        this.password = password;
    }
}

Finally, set the TrustManagerFactory on the HTTP connector like so:

<https:connector name="myHttpsConnector">
    <spring:property name="trustManagerFactory">
        <spring:bean class="com.mycompany.ssl.ExampleFactoryBean">
            <spring:property name="keystore" value="classpath:mykeystore.keystore" />
            <spring:property name="password" value="mypassword" />
        </spring:bean>
    </spring:property>
</https:connector>