使用 wsimport 时出现安全异常

Question

我想从 wsdl 文件生成存根文件，该文件可通过带有自签名证书的 ssl 连接访问。

<exec executable="wsimport">
<arg value="-d" />
<arg value="${absolute.path.to.project}/gen" />
<arg value="-s" />
<arg value="${absolute.path.to.project}/src" />
<arg value="https://host:8443/wsrf/services/WS?wsdl" />
</exec>

当我在 ant 中执行此操作时，我收到此错误：

generate-from-wsdl:
     [exec] parsing WSDL...
     [exec] [ERROR] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
     [exec] Failed to read the WSDL document: https://192.168.56.101:8443/wsrf/services/KnowledgebaseWebservice?wsdl, because 1) could not find the document; /2) the document could not be read; 3) the root element of the document is not <wsdl:definitions>.
     [exec] [ERROR] failed.noservice=Could not find wsdl:service in the provided WSDL(s): 
     [exec]  At least one WSDL with at least one service definition needs to be provided.
     [exec]     Failed to parse the WSDL.
     [exec] Result: 1

为了避免这种情况，我尝试了

• 用keytool -importcert -file ~/path/server.crt导入server.crt文件
• 将 server.crt 复制到 $JAVA_HOME/lib/security

更新

我还尝试了以下方法：

<wsimport wsdl="https://host:8443/Webservice?wsdl" destdir="gen"
              sourcedestdir="src"
              verbose="true">
    <jvmarg value="-Djavax.net.ssl.trustStore=/path/host.cer" />
    <jvmarg value="-Djavax.net.ssl.trustStorePassword=changeit" />
</wsimport>

我仍然收到此错误。我能做什么？

Answer 1

我认为您需要通过指定 -keystore <path_to>/jre/lib/security/cacerts 将服务器证书导入 JRE 的密钥库。如果您坚持使用以前的命令行，我认为您需要为执行 Ant 的同一用户执行该命令。

Answer 2

我无法将证书导入我的 /jre/lib/security/cacerts。

所以我最终得到了以下解决方法：

<target name="main" >
    <exec executable="java">
        <arg line="-Djavax.net.ssl.trustStore=c:\jdk160_29\.mykeystore  -classpath C:\jdk160_29\lib\tools.jar com.sun.tools.internal.ws.WsImport https://host:8443/Webservice?wsdl -p com.test -s ./src"/>
    </exec>
</target>