Can't generate a java client from a secure (SSL) swagger definition

[keithchong]

See related, #102 I am using v2.1.5.

I tried to configure -Dheader and -a but can't seem to get this to work.

I always get the message:

Server returned HTTP response code: 401 for URL

when I try to generate a java client.

[fehguy]

Please share the entire command that you're using to generate the client.

[keithchong]

I tried various combinations, the difference is just tweaking the options -a and -Dhead:

java -jar C:\swagger\swagger-codegen-cli.jar generate -l java -a "Authorization: Basic {xor}KD4sPjsyNjE=" -t C:\mytemplates\jaxrsClient" -i https://abc.com/wp/swagger.json -o C:\out

java -jar C:\swagger\swagger-codegen-cli.jar generate -l java -a "Authorization: Basic {xor}KD4sPjsyNjE=" -t C:\mytemplates\jaxrsClient" -i https://abc.com/wp/swagger.json -o C:\out -Dhead=Authorization: Basic {xor}KD4sPjsyNjE="

I set -a because I think that is how RemoteURL and AuthParser works:

conn.setRequestProperty(item.getKeyName(), item.getValue());

ie. conn.setRequestProperty("Authorization", "Basic " + encodedValue);

[abderrazak-bouadma]

It's a an SSL issue SSLHandshakeException with a detailMessage 'java.security.cert.CertificateException: No name matching localhost found`.

which means that there's a hostname verifier that returns false and the invokation fails.

there's a work around by implementing a hostname verifier that returns true for localhost but it's fare to be a solution.

the solution we adopted is to consider that the /swagger.json uri isn't https.

[abderrazak-bouadma]

here's what I used to disable hostname verifier

   private static void disableSSLVerification() {

        TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
            public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                return null;
            }

            public void checkClientTrusted(X509Certificate[] certs, String authType) {
            }

            public void checkServerTrusted(X509Certificate[] certs, String authType) {
            }

        }};

        SSLContext sc;
        try {
            sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
            HostnameVerifier allHostsValid = (hostname, session) -> true;
            HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            logger.error("[SSL] Error by passing hostname verifier", e);
        }

    }

[wing328]

@jpuzzler thanks for sharing your solution.

[chenrui333]

So we have to manually change the source code to disable the hostname verifier? Is there any flag that we can use?

[wing328]

@chenrui333 would the following help?

https://github.com/swagger-api/swagger-codegen/wiki/FAQ#is-there-a-way-to-disable-certificate-verification

[chenrui333]

@wing328 Yeah, that works, thanks for the link ref!

[chenrui333]

@wing328 is there anyway that we can stuff in the X-Xsrf-Header header or other HTTP headers?

[wing328]

@wing328 is there anyway that we can stuff in the X-Xsrf-Header header or other HTTP headers?

Please open a new issue so that the community can help you out.

[chenrui333]

Sure!

[hyankov]

@chenrui333 would the following help?

https://github.com/swagger-api/swagger-codegen/wiki/FAQ#is-there-a-way-to-disable-certificate-verification

This doesn't work (anymore?)

java -jar swagger-codegen-cli.jar generate -Dio.swagger.parser.util.RemoteUrl.trustAll=true -i https://localhost:5001/swagger/v1/swagger.json -l csharp -o Temp -c config.json
15:33:27.169 [main] DEBUG io.swagger.codegen.v3.cli.SwaggerCodegen - there are not options for command 'langs'
15:33:27.171 [main] DEBUG io.swagger.codegen.v3.cli.SwaggerCodegen - there are not options for command 'version'
15:33:27.635 [Thread-1] ERROR io.swagger.v3.parser.util.RemoteUrl - unable to read
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Edit:
This worked:
java -jar swagger-codegen-cli.jar generate -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true -i https://localhost:5001/swagger/v1/swagger.json -l csharp -o Temp -c config.json

The important difference here being the v3