Metro, wsimport, Maven and WSDL on self-signed certified server

Sometimes you need to generate Java sources from WSDL that is published on the HTTPS server with selfsigned certificate. Using Maven prevents us to fiddle with wsimport command line parameters, we just need to pick one of the two plugins.

The most simple declaration binds the source generation (provided by wsimport goal) to the generate-sources phase. Then, issuing the mvn package will download the WSDL, parse, compile and put the result .class files are put into target/class.

<plugin>
    <groupId>org.jvnet.jax-ws-commons</groupId>
    <artifactId>jaxws-maven-plugin</artifactId>
    <version>2.3</version>
    <executions>
        <execution>
            <phase>generate-sources</phase>
            <goals>
                <goal>wsimport</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <wsdlUrls>
            <wsdlUrl>https://some-wsdl.com</wsdlUrl>
        </wsdlUrls>
    </configuration>
</plugin>

However, the first run won’t be that happy. Maven coughs up with:

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

With a simple investigation, we’ll find the culprit: it’s the self-signed SSL certificate on server.

Maybe the simplest option is to create Java truststore that will contain the SSL certificate. Then, we point wsimport to this truststore and everything will be fine. (And no, the xnoverifySSLhosts option isn’t enough.)

In Linux shell:

echo | openssl s_client -connect serverik.sk:443 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'

Save the result into a .pem file.

Then, we’ll convert the PEM into Java keystore format:

keytool -importcert -file serverik.sk.pem -keystore serverik.sk.jks 

Java keytool will ask for alias (required) and a keystore password (set this for empty). Put the created keystore into a convenient location: for example into src/ssl. Then, we need to customize the truststore path. Put the following element into <configuration>:

<vmArgs>
    <vmArg>-Djavax.net.ssl.trustStore=src/ssl/serverik.sk.jks</vmArg>
</vmArgs>

This option corresponds to setting System property javax.net.ssl.trustStore that contains a path to SSL truststore.

The whole plugin configuration will look like this:

<plugin>
    <groupId>org.jvnet.jax-ws-commons</groupId>
    <artifactId>jaxws-maven-plugin</artifactId>
    <version>2.3</version>
    <executions>
        <execution>
            <phase>generate-sources</phase>
            <goals>
                <goal>wsimport</goal>
            </goals>
        </execution>
    </executions>
    <configuration>
        <vmArgs>
            <vmArg>-Djavax.net.ssl.trustStore=src/ssl/serverik.sk.jks</vmArg>
        </vmArgs>
        <wsdlUrls>
            <wsdlUrl>https://some-wsdl.com</wsdlUrl>
        </wsdlUrls>
    </configuration>
</plugin>

Pridaj komentár

Vaša e-mailová adresa nebude zverejnená. Vyžadované polia sú označené *