Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Web Tools Project (WTP) » Trying to build stub code for a WSDL that forces SSL and uses a self-signed cert
Trying to build stub code for a WSDL that forces SSL and uses a self-signed cert [message #693968] Thu, 07 July 2011 14:53 Go to next message
ben may is currently offline ben may
Messages: 12
Registered: July 2011
Junior Member
Hey all! I am trying to generate stub code in eclipse for the following WSDL:

https://ctms-services-pa-3-3.nci.nih.gov:1523/wsrf/services/cagrid/TrialRegistrationService?wsdl

This server forces https and uses a self-signed cert. The WSDL itself is basically just a reference to two other WSDL's on the same server:

<wsdl:definitions xmlns:binding="http://enterpriseservices.nci.nih.gov/PAServices/TrialRegistrationService/bindings" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" name="TrialRegistrationService" targetNamespace="http://enterpriseservices.nci.nih.gov/PAServices/TrialRegistrationService/service">
<wsdl:import location="https://ctms-services-pa-3-3.nci.nih.gov:1523/wsrf/share/schema/PAServices/TrialRegistrationService_bindings.wsdl" namespace="http://enterpriseservices.nci.nih.gov/PAServices/TrialRegistrationService/bindings"/>
<wsdl:service name="TrialRegistrationService">
<wsdl:port binding="binding:TrialRegistrationServicePortTypeSOAPBinding" name="TrialRegistrationServicePortTypePort">
<soap:address location="https://ctms-services-pa-3-3.nci.nih.gov:1523/wsrf/services/cagrid/TrialRegistrationService"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>


I've tried saving the code above locally and adding that as a WSDL file to my project, but then I get this error:

IWAB0399E Error in generating Java from WSDL: javax.wsdl.WSDLException: WSDLException (at /wsdl:definitions/wsdl:import): faultCode=OTHER_ERROR: Unable to resolve imported document at 'https://ctms-services-pa-3-3.nci.nih.gov:1523/wsrf/share/schema/PAServices/TrialRegistrationService_bindings.wsdl', relative to 'file:/C:/Documents and Settings/ben/workspace/CTRP project/NewWSDLFile.wsdl': javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Is there any way to instruct eclipse to "trust" this cert even though it's self-signed?

Thanks!

[Updated on: Thu, 07 July 2011 15:26]

Report message to a moderator

Re: Trying to build stub code for a WSDL that forces SSL and uses a self-signed cert [message #697135 is a reply to message #693968] Fri, 15 July 2011 15:57 Go to previous messageGo to next message
ben may is currently offline ben may
Messages: 12
Registered: July 2011
Junior Member
Anyone? Please help! Smile
Re: Trying to build stub code for a WSDL that forces SSL and uses a self-signed cert [message #697144 is a reply to message #697135] Fri, 15 July 2011 16:09 Go to previous messageGo to next message
Ed Merks is currently offline Ed Merks
Messages: 26089
Registered: July 2009
Senior Member
I don't know the answer of how to convince eclipse just to load those
resources. But I suppose you could copy the referenced WSDLs too and
change the one you show to refer to those copies instead of via https.
If you put then all in the same folder, you could use a relative path to
reference those other WSDLs...


On 15/07/2011 8:57 AM, ben may wrote:
> Anyone? Please help! :)
Re: Trying to build stub code for a WSDL that forces SSL and uses a self-signed cert [message #698088 is a reply to message #697144] Mon, 18 July 2011 18:30 Go to previous message
ben may is currently offline ben may
Messages: 12
Registered: July 2011
Junior Member
Ok, so I solved this problem and I want to put the solution up here for anyone who encounters it in the future. I downloaded a java tool called InstallCert.java, which I quote here


/*
 * Copyright 2006 Sun Microsystems, Inc.  All Rights Reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   - Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *
 *   - Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in the
 *     documentation and/or other materials provided with the distribution.
 *
 *   - Neither the name of Sun Microsystems nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR
 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

import java.io.*;
import java.net.URL;

import java.security.*;
import java.security.cert.*;

import javax.net.ssl.*;

public class InstallCert {

    public static void main(String[] args) throws Exception {
	String host;
	int port;
	char[] passphrase;
	if ((args.length == 1) || (args.length == 2)) {
	    String[] c = args[0].split(":");
	    host = c[0];
	    port = (c.length == 1) ? 443 : Integer.parseInt(c[1]);
	    String p = (args.length == 1) ? "changeit" : args[1];
	    passphrase = p.toCharArray();
	} else {
	    System.out.println("Usage: java InstallCert <host>[:port] [passphrase]");
	    return;
	}

	File file = new File("jssecacerts");
	if (file.isFile() == false) {
	    char SEP = File.separatorChar;
	    File dir = new File(System.getProperty("java.home") + SEP
		    + "lib" + SEP + "security");
	    file = new File(dir, "jssecacerts");
	    if (file.isFile() == false) {
		file = new File(dir, "cacerts");
	    }
	}
	System.out.println("Loading KeyStore " + file + "...");
	InputStream in = new FileInputStream(file);
	KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
	ks.load(in, passphrase);
	in.close();

	SSLContext context = SSLContext.getInstance("TLS");
	TrustManagerFactory tmf =
	    TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
	tmf.init(ks);
	X509TrustManager defaultTrustManager = (X509TrustManager)tmf.getTrustManagers()[0];
	SavingTrustManager tm = new SavingTrustManager(defaultTrustManager);
	context.init(null, new TrustManager[] {tm}, null);
	SSLSocketFactory factory = context.getSocketFactory();

	System.out.println("Opening connection to " + host + ":" + port + "...");
	SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
	socket.setSoTimeout(10000);
	try {
	    System.out.println("Starting SSL handshake...");
	    socket.startHandshake();
	    socket.close();
	    System.out.println();
	    System.out.println("No errors, certificate is already trusted");
	} catch (SSLException e) {
	    System.out.println();
	    e.printStackTrace(System.out);
	}

	X509Certificate[] chain = tm.chain;
	if (chain == null) {
	    System.out.println("Could not obtain server certificate chain");
	    return;
	}

	BufferedReader reader =
		new BufferedReader(new InputStreamReader(System.in));

	System.out.println();
	System.out.println("Server sent " + chain.length + " certificate(s):");
	System.out.println();
	MessageDigest sha1 = MessageDigest.getInstance("SHA1");
	MessageDigest md5 = MessageDigest.getInstance("MD5");
	for (int i = 0; i < chain.length; i++) {
	    X509Certificate cert = chain[i];
	    System.out.println
	    	(" " + (i + 1) + " Subject " + cert.getSubjectDN());
	    System.out.println("   Issuer  " + cert.getIssuerDN());
	    sha1.update(cert.getEncoded());
	    System.out.println("   sha1    " + toHexString(sha1.digest()));
	    md5.update(cert.getEncoded());
	    System.out.println("   md5     " + toHexString(md5.digest()));
	    System.out.println();
	}

	System.out.println("Enter certificate to add to trusted keystore or 'q' to quit: [1]");
	String line = reader.readLine().trim();
	int k;
	try {
	    k = (line.length() == 0) ? 0 : Integer.parseInt(line) - 1;
	} catch (NumberFormatException e) {
	    System.out.println("KeyStore not changed");
	    return;
	}

	X509Certificate cert = chain[k];
	String alias = host + "-" + (k + 1);
	ks.setCertificateEntry(alias, cert);

	OutputStream out = new FileOutputStream("jssecacerts");
	ks.store(out, passphrase);
	out.close();

	System.out.println();
	System.out.println(cert);
	System.out.println();
	System.out.println
		("Added certificate to keystore 'jssecacerts' using alias '"
		+ alias + "'");
    }

    private static final char[] HEXDIGITS = "0123456789abcdef".toCharArray();

    private static String toHexString(byte[] bytes) {
	StringBuilder sb = new StringBuilder(bytes.length * 3);
	for (int b : bytes) {
	    b &= 0xff;
	    sb.append(HEXDIGITS[b >> 4]);
	    sb.append(HEXDIGITS[b & 15]);
	    sb.append(' ');
	}
	return sb.toString();
    }

    private static class SavingTrustManager implements X509TrustManager {

	private final X509TrustManager tm;
	private X509Certificate[] chain;

	SavingTrustManager(X509TrustManager tm) {
	    this.tm = tm;
	}

	public X509Certificate[] getAcceptedIssuers() {
	    throw new UnsupportedOperationException();
	}

	public void checkClientTrusted(X509Certificate[] chain, String authType)
		throws CertificateException {
	    throw new UnsupportedOperationException();
	}

	public void checkServerTrusted(X509Certificate[] chain, String authType)
		throws CertificateException {
	    this.chain = chain;
	    tm.checkServerTrusted(chain, authType);
	}
    }

}


You pass it the server name and optional port and passphrase and it downloads and creates a cert store file for you called jssecacerts. If you copy this file into $JAVA_HOME/lib/security for the JRE that eclipse is using for its runtime, it will trust that cert and you can access the WSDL. But now I am having a different problem, for which I will create a new thread. Hopefully someone else will find this solution useful in the future. Smile
Previous Topic:new context to template editor
Next Topic:Deploy plugin project classes to tomcat
Goto Forum:
  


Current Time: Thu Oct 02 14:29:12 GMT 2014

Powered by FUDForum. Page generated in 0.02699 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software