Configuring the maven plugin cxf-codegen-plugin to ignore security concerns

1
votes

I am currently trying to set up a maven project that generates some Java code based on some WSDL files.

Unfortunately I am having some problems because my test environment doesn't have a valid SSL certificate (I have confirmed this by using chrome). Because this is happening in a test environment I am not concerned about security. I just want my code generation to work.

The following shows how I currently use the plugin cxf-codegen-plugin

        <plugin>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-codegen-plugin</artifactId>
            <version>3.1.8</version>
            <executions>
                <execution>
                    <id>generate-sources</id>
                    <phase>generate-sources</phase>
                    <configuration>
                        <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot>
                        <defaultOptions>
                            <bindingFiles>
                                <bindingFile>${basedir}/src/main/jaxb/jaxb.bindings.xml</bindingFile>
                            </bindingFiles>
                            <packagenames>
                                <packagename>foo.bar</packagename>
                            </packagenames>
                            <extraargs>  
                                <extraarg>-client</extraarg>
                            </extraargs>  

                        </defaultOptions>
                        <wsdlOptions>
                            <wsdlOption>
                                <wsdl>[Removed URL]</wsdl>
                            </wsdlOption>

                        </wsdlOptions>
                    </configuration>
                    <goals>
                        <goal>wsdl2java</goal>
                    </goals>
                </execution>
                </executions>
        </plugin>

When i run mvn clean install maven outputs the following error

[ERROR] Failed to execute goal org.apache.cxf:cxf-codegen-plugin:3.1.8:wsdl2java (generate-sources) on project TestClient: Execution generate-sources of goal org.apache.cxf:cxf-codegen-plugin:3.1.8:wsdl2java failed: org.apache.cxf.wsdl11.WSDLRuntimeException: Fail to create wsdl definition [Removed URL] WSDLException: faultCode=PARSER_ERROR: Problem parsing [Removed URL].: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative DNS name matching .... found. -> [Help 1]

So my question is basically if there is some way to configure the cxf-codegen-plugin s.t. it just ignores all security concerns and continues generating the Java code?

1
javamavencxf-codegen-plugin

1 Answers

0
votes

Do not know if it is possible to ignore but you can add the certificate to your local certificate store which also seems to solve your problem.

Without knowing any further details about your development environment these instructions might apply directly or at least with a little modifications.

I found help from this blog post of Ishwara Varnasi:

http://ibswings.blogspot.fi/2008/12/running-axis-wsdl2java-on-https-wsdl.html

Steps shortly:

  1. Download the certificate to %JAVA_HOME%/jre/lib/security . The directory may vary but there should be java jre cacert certificate store.
  2. Import downloaded certificate to cacerts file in the same directory. It is a good idea to make a backup copy of original cacerts file before import.

Steps more detailed:

  1. Fetching the certificate can be done with browser by confirming security exception and storing certificate permanently and then exporting it from the browser to desired directory. Exporting in format X.509 should work fine do not know about other formats. Also tools like openssl can be used to download certificate, see Using openssl to get the certificate from a server

  2. Use appropriate tool to import certificate, for example:

    keytool -importcert -trustcacerts -keystore cacerts -storepass changeit -alias aliasname -file cert_to_import_file_name

    More infromation about importing: How to properly import a selfsigned certificate into Java keystore that is available to all Java applications by default?

At least in my case the storepass really was 'changeit'. So not meaning to change it to any 'real' storepass as i first figured it out.

Be sure to import certificate to a correct JRE if using more than one java version or add it to all versions.