0

I'm trying to create web service client using jaxws-maven-plugin with the wsimport goal, with this pom:

<plugin>
        <groupId>org.jvnet.jax-ws-commons</groupId>
        <artifactId>jaxws-maven-plugin</artifactId>
        <version>2.2</version>
        <executions>
            <execution>
                <goals>
                    <goal>wsimport</goal>
                </goals>
            </execution>
        </executions>
        <configuration>
            <wsdlUrls>
                <wsdlUrl>
                    https://test.test/WSTtest?wsdl
                </wsdlUrl>
            </wsdlUrls>
            <verbose>true</verbose>
        </configuration>

        <dependencies>
            <dependency>
                <groupId>javax.xml</groupId>
                <artifactId>webservices-api</artifactId>
                <version>1.4</version>
            </dependency>
        </dependencies>
    </plugin>

But I get the error

[ERROR] java.security.cert.CertificateException: No subject alternative names matching IP address 93.92.169.114 found

because I need a certificate. As I read at SSL client certificate in Maven I have add in my POM the propertie related with the location of the certification file:

<plugin> 
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>properties-maven-plugin</artifactId>
    <version>1.0-alpha-2</version>
    <executions>
      <execution>
        <goals>
          <goal>set-system-properties</goal>
        </goals>
        <configuration>
          <properties>
            <property>
              <name>javax.net.ssl.trustStore</name>
              <value>c:\certificate.crt</value>
            </property>
          </properties>
        </configuration>
      </execution>
    </executions>
    </plugin>

But now I get other error:

[ERROR] java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

As I read in at Java Exception on SSLSocket creation seems to be related with the format of the certificated file. I have tried to indicate the kind of file by adding the propertie in the POM with the same result.

<properties>
             <property>
              <name>javax.net.ssl.trustStoreType</name>
              <value>JCEKS</value>
            </property>
            <property>
              <name>javax.net.ssl.trustStore</name>
              <value>c:\certificate.crt</value>
            </property>

          </properties>

Any idea how can I solve this? what I'm doing wrong? is this the properr way to indicate where is the certificate file?

thanks

Community
  • 1
  • 1
Xavi
  • 87
  • 2
  • 10

1 Answers1

0

Well, you can try to disable all SSL trust checks:

import java.security.AccessController;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivilegedAction;
import java.security.Security;
import java.security.cert.X509Certificate;  
import javax.net.ssl.ManagerFactoryParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactorySpi;
import javax.net.ssl.X509TrustManager;

public final class XTrustProvider extends java.security.Provider {

        private final static String NAME = "XTrustJSSE";
        private final static String INFO = "XTrust JSSE Provider (implements trust factory with truststore validation disabled)";
        private final static double VERSION = 1.0D;

        public XTrustProvider() {
                super(NAME, VERSION, INFO);

                AccessController.doPrivileged(new PrivilegedAction() {
                        public Object run() {
                                put("TrustManagerFactory." + TrustManagerFactoryImpl.getAlgorithm(), TrustManagerFactoryImpl.class.getName());
                                return null;
                        }
                });
        }

        public static void install() {
                if(Security.getProvider(NAME) == null) {
                        Security.insertProviderAt(new XTrustProvider(), 2);
                        Security.setProperty("ssl.TrustManagerFactory.algorithm", TrustManagerFactoryImpl.getAlgorithm());
                }
        }

        public final static class TrustManagerFactoryImpl extends TrustManagerFactorySpi {
                public TrustManagerFactoryImpl() { }
                public static String getAlgorithm() { return "XTrust509"; }
                protected void engineInit(KeyStore keystore) throws KeyStoreException { }
                protected void engineInit(ManagerFactoryParameters mgrparams) throws InvalidAlgorithmParameterException {
                        throw new InvalidAlgorithmParameterException( XTrustProvider.NAME + " does not use ManagerFactoryParameters");
                }

                protected TrustManager[] engineGetTrustManagers() {
                        return new TrustManager[] {
                                new X509TrustManager() {
                                        public X509Certificate[] getAcceptedIssuers() { return null; }
                                        public void checkClientTrusted(X509Certificate[] certs, String authType) { }
                                        public void checkServerTrusted(X509Certificate[] certs, String authType) { }
                                }
                        };
                }
        }
}

Simple call XTrustProvider.install(); to disable all certificate checks. Maybe this workaround also solves your issue. But keep in mind that this is ONLY a workaround.

sk2212
  • 1,688
  • 4
  • 23
  • 43