wsdl2java stop using proxy in the middle of the execution

Wed, 17 Apr 2013 19:35:21 -0700 

Hi! Short version: I've found that wsdl2java at some point ignores
configuration and stop using the proxy. Any way to work-around this problem?

Long version and justification:

I've configured CXF with a custom XML: proxy settings, custom
certificates and disabled CN check. I can see the logs in the proxy (Squid
on my PC), but after some request I get:

WSDLToJava Error: org.apache.cxf.tools.common.ToolException: \
 javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: \
 PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: \
 unable to find valid certification path to requested target

BTW, this is NOT the same message that 'disableCNCheck' fixes. The message that
'disableCNCheck' fixes was:

Caused by : WSDLException (at /wsdl:definitions/wsdl:types/xsd:schema):
    faultCode=PARSER_ERROR: Problem parsing
'https://xxxxxxxxxxx/xxxxxxx?xsd=xsd1'.: \
    javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: \
    PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException:
    \unable to find valid certification path to requested target

AND, to confirm this, using iptables (Linux firewall), I've allowed
the proxy user to send
packet, but disable my user to send packget (using REJECT on the OUTPUT chain):
when running wsdl2java (with my user) I see the request on the proxy, and then:

WSDLToJava Error: org.apache.cxf.tools.common.ToolException: \
    java.net.UnknownHostException: xxx.xxxxxxxxxxxx.com

This tell me that wsdl2java is trying to resolv a host! This SOULDN'T happend
when using a proxy! And after allowing my user to send packets to
UDP/TCP 53 (DNS) I get:

WSDLToJava Error: org.apache.cxf.tools.common.ToolException: \
    java.net.ConnectException: Connection refused

So, I can confirm that wsdl2java use the proxy for some request, but
at some point,
starts to create requests ignoring the configuration (no proxy, does CN checks).

FYI, I've used '<http:conduit name="*.http-conduit">' in the configuration file.

Any way to work-around this problem? I've tested this in CXF 2.7.4.

Many thanks in advance!
Horacio

Reply via email to