Uploaded image for project: 'Axis2'
  1. Axis2
  2. AXIS2-5432

add command-line option to wsdl2java.sh to connect to arbitrary https sites (dummy trust stores)

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.6.2
    • Fix Version/s: None
    • Component/s: wsdl
    • Labels:
      None
    • Environment:
      debian stable, java 6

      Description

      axis2-1.6.2/bin/wsdl2java.sh -uri https://services.sealsignportal.com:18443/sealsign/ws/BrokerClient?wsdl -p org.apache.axis2.axis2userguide -d adb -s

      not surprisingly results in

      Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
      at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
      at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
      at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
      at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
      at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
      at org.apache.axis2.wsdl.codegen.CodeGenerationEngine.<init>(CodeGenerationEngine.java:99)
      ... 2 more

      along the ideas in http://mail-archives.apache.org/mod_mbox/axis-java-user/200811.mbox/%3C60708f4b0811052140x617e58dbybf7018c9129532f0@mail.gmail.com%3E , I amended
      axis2-1.6.2/bin/axis2.sh with
      "$JAVA_HOME"/bin/java -classpath "$AXIS2_CLASSPATH" \
      -Daxis2.xml="$AXIS2_HOME/conf/axis2.xml" -Daxis2.repo="$AXIS2_HOME/repository" -Djavax.net.ssl.trustStore="~/sealSigPortal.jks" $USER_COMMANDS

      Unfortunately, this resulted in
      Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
      at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1612)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1595)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1172)
      at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
      at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
      at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
      at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
      at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
      at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:318)
      at org.apache.axis2.wsdl.codegen.CodeGenerationEngine.<init>(CodeGenerationEngine.java:99)
      ... 2 more

      so, in most cases, instead of assembling your own ~/sealSigPortal.jks , a dummy trust store would even be more effective

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              hauser@acm.org Ralf Hauser
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: