Sometimes you need to generate Java sources from WSDL that is published on the HTTPS server with selfsigned certificate. Using Maven prevents us to fiddle with wsimport
command line parameters, we just need to pick one of the two plugins.
The most simple declaration binds the source generation (provided by wsimport
goal) to the generate-sources
phase. Then, issuing the mvn package
will download the WSDL, parse, compile and put the result .class
files are put into target/class
.
<plugin>
<groupId>org.jvnet.jax-ws-commons</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>2.3</version>
<executions>
<execution>
<phase>generate-sources</phase>
<goals>
<goal>wsimport</goal>
</goals>
</execution>
</executions>
<configuration>
<wsdlUrls>
<wsdlUrl>https://some-wsdl.com</wsdlUrl>
</wsdlUrls>
</configuration>
</plugin>
However, the first run won’t be that happy. Maven coughs up with:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
With a simple investigation, we’ll find the culprit: it’s the self-signed SSL certificate on server.
Maybe the simplest option is to create Java truststore that will contain the SSL certificate. Then, we point wsimport
to this truststore and everything will be fine. (And no, the xnoverifySSLhosts
option isn’t enough.)
In Linux shell:
echo | openssl s_client -connect serverik.sk:443 2>&1 |sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
Save the result into a .pem
file.
Then, we’ll convert the PEM into Java keystore format:
keytool -importcert -file serverik.sk.pem -keystore serverik.sk.jks
Java keytool
will ask for alias (required) and a keystore password (set this for empty). Put the created keystore into a convenient location: for example into src/ssl
. Then, we need to customize the truststore path. Put the following element into <configuration>
:
<vmArgs>
<vmArg>-Djavax.net.ssl.trustStore=src/ssl/serverik.sk.jks</vmArg>
</vmArgs>
This option corresponds to setting System property javax.net.ssl.trustStore
that contains a path to SSL truststore.
The whole plugin configuration will look like this:
<plugin>
<groupId>org.jvnet.jax-ws-commons</groupId>
<artifactId>jaxws-maven-plugin</artifactId>
<version>2.3</version>
<executions>
<execution>
<phase>generate-sources</phase>
<goals>
<goal>wsimport</goal>
</goals>
</execution>
</executions>
<configuration>
<vmArgs>
<vmArg>-Djavax.net.ssl.trustStore=src/ssl/serverik.sk.jks</vmArg>
</vmArgs>
<wsdlUrls>
<wsdlUrl>https://some-wsdl.com</wsdlUrl>
</wsdlUrls>
</configuration>
</plugin>