SSL client certificate in Maven

2019-01-09 16:58发布

问题:

I use the "maven-jaxb22-plugin" to generate classes so I can call a web service written in .Net. Usually it works fine but this time, I can only access the WSDL using a client certificate through HTTPS (not available through HTTP).

I was able to make it work with SoapUI. I added the client certificate into a JKS keystore and added it to the SoapUI preferences. Then I created a new project by specifying the URL which looks like this: https://server.com/Service?wsdl. SoapUI generated the request template. I was easily able to query the web service and get a response. So this prove that the WSDL is available and the web service is working.

Now, in my pom file, I am using this plugin:

<build>
    <finalName>MyService</finalName>
    <plugins>
        <plugin>
            <groupId>org.apache.maven.plugins</groupId>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>3.1</version>
            <configuration>
              <source>1.7</source>
              <target>1.7</target>
            </configuration>
        </plugin>           
        <plugin>
            <groupId>org.jvnet.jaxb2.maven2</groupId>
            <artifactId>maven-jaxb22-plugin</artifactId>
            <version>0.8.3</version>
            <configuration>
                <extension>true</extension>
                <removeOldOutput>true</removeOldOutput>
                <schemaLanguage>WSDL</schemaLanguage>
                <verbose>true</verbose>
                <schemaIncludes>
                    <includeSchema>https://server.com/Service?wsdl</includeSchema>
                </schemaIncludes>
            </configuration>
            <executions>
                <execution>
                    <goals>
                        <goal>generate</goal>
                    </goals>
                </execution>
            </executions>
        </plugin>  
    </plugins>
</build>

How can I tell Maven where my client certificate is?

Thanks

回答1:

You could use the Maven properties plugin or use a JVM property to provide the trust store location.

In your POM build/plugins section, add a new plugin entry, where the keystore would be YourKeyStore.jks for this example:

..
<plugin>
        <groupId>org.codehaus.mojo</groupId>
        <artifactId>properties-maven-plugin</artifactId>
        <version>1.0-alpha-2</version>
        <executions>
          <execution>
            <goals>
              <goal>set-system-properties</goal>
            </goals>
            <configuration>
              <properties>
                <property>
                  <name>javax.net.ssl.trustStore</name>
                  <value>${basedir}/src/test/jmeter/jmeterTrustedKeystore.jks</value>
                </property>
                <property>
                  <name>javax.net.ssl.keyStorePassword</name>
                  <value>changeit</value>
                </property>
              </properties>
            </configuration>
          </execution>
        </executions>
</plugin>
...


回答2:

You could use maven propety configuration to setup Java System properties. Be careful to set "keyStore" not "trustStore".

Also, if you are using a certificate that it's not from a valid CA you have to configure maven.wagon.http.ssl.insecure=true and maven.wagon.http.ssl.allowall=true

In your case use:

..
<executions>
    <execution>
        <goals>
            <goal>generate</goal>
        </goals>
        <configuration>
            <properties>
                <property>
                    <name>javax.net.ssl.keyStore</name>
                    <value>yourks.jks</value>
                </property>
                <property>
                    <name>javax.net.ssl.keyStoreType</name>
                    <value>jks</value>
                </property>
                <property>
                    <name>javax.net.ssl.keyStorePassword</name>
                    <value>changeit</value>
                </property>
                <property>
                    <name>maven.wagon.http.ssl.insecure</name>
                    <value>true</value>
                </property>
                <property>
                    <name>maven.wagon.http.ssl.allowall</name>
                    <value>true</value>
                </property>
            </properties>
        </configuration>
    </execution>
</executions>
..