openapi-generator: Problems with SSL certificate

Hi,

I try to use this CLI in my project to generate my API typescript client. But my swagger.yaml file is on a https url and I have errors because of SSL certificate.

I added the following script to my package.json :

"swagger": "./node_modules/.bin/openapi-generator generate -i https://myserver/api-docs -g typescript-fetch -o src/services/Api/swagger"

But when I run npm swagger I have the following stack trace :

[main] ERROR i.s.parser.SwaggerCompatConverter - failed to read resource listing                                                                                                                                                                                                javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target                                                      at sun.security.ssl.Alerts.getSSLException(Unknown Source)                                                                                                                                                                                                                      
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)                                                                                                                                                                                                                         
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)                                                                                                                                                                                                                          
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)                                                                                                                                                                                                                          
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)                                                                                                                                                                                                          
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)                                                                                                                                                                                                             
at sun.security.ssl.Handshaker.processLoop(Unknown Source)                                                                                                                                                                                                                      
at sun.security.ssl.Handshaker.process_record(Unknown Source)                                                                                                                                                                                                                   
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)                                                                                                                                                                                                                    
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)                                                                                                                                                                                                       
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)                                                                                                                                                                                                                
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)                                                                                                                                                                                                                
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)                                                                                                                                                                                                          
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)                                                                                                                                                                                        
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)                                                                                                                                                                                                    
at io.swagger.parser.util.RemoteUrl.urlToString(RemoteUrl.java:134)                                                                                                                                                                                                             
at io.swagger.parser.SwaggerCompatConverter.readResourceListing(SwaggerCompatConverter.java:193)                                                                                                                                                                                
at io.swagger.parser.SwaggerCompatConverter.read(SwaggerCompatConverter.java:123)                                                                                                                                                                                               
at io.swagger.parser.SwaggerCompatConverter.readWithInfo(SwaggerCompatConverter.java:94)                                                                                                                                                                                        
at io.swagger.parser.SwaggerParser.readWithInfo(SwaggerParser.java:42)                                                                                                                                                                                                          
at io.swagger.v3.parser.converter.SwaggerConverter.readLocation(SwaggerConverter.java:92)                                                                                                                                                                                       
at io.swagger.parser.OpenAPIParser.readLocation(OpenAPIParser.java:19)                                                                                                                                                                                                          
at org.openapitools.codegen.config.CodegenConfigurator.toClientOptInput(CodegenConfigurator.java:606)                                                                                                                                                                           
at org.openapitools.codegen.cmd.Generate.run(Generate.java:367)                                                                                                                                                                                                                 
at org.openapitools.codegen.OpenAPIGenerator.main(OpenAPIGenerator.java:60)                                                                                                                                                                                             Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target                                                                                at sun.security.validator.PKIXValidator.doBuild(Unknown Source)                                                                                                                                                                                                                 
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)                                                                                                                                                                                                          
at sun.security.validator.Validator.validate(Unknown Source)                                                                                                                                                                                                                    
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)                                                                                                                                                                                                               
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)                                                                                                                                                                                                           
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)                                                                                                                                                                                                     ... 21 common frames omitted                                                                                                                                                                                                                                            
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target                                                                                                                                                      
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)                                                                                                                                                                                                      
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)                                                                                                                                                                                                
at java.security.cert.CertPathBuilder.build(Unknown Source)                                                                                                                                                                                                                     
... 27 common frames omitted                                                                                                                                                                                                                                            
Exception in thread "main" java.lang.NullPointerException                                                                                                                                                                                                                               
at java.util.HashSet.(Unknown Source)                                                                                                                                                                                                                                     
at org.openapitools.codegen.config.CodegenConfigurator.toClientOptInput(CodegenConfigurator.java:608)                                                                                                                                                                           
at org.openapitools.codegen.cmd.Generate.run(Generate.java:367)                                                                                                                                                                                                                 
at org.openapitools.codegen.OpenAPIGenerator.main(OpenAPIGenerator.java:60)
--

Any idea how I could solve this ?

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Reactions: 3
  • Comments: 20 (5 by maintainers)

Most upvoted comments

So it looks like another version swagger parser util got referenced else where in the code. I finally got it to work after running with these 2 flags -Dio.swagger.parser.util.RemoteUrl.trustAll=true -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true

+11
StrictlyDPBlaine on Jul 24, 2019

Running

> npx openapi-generator generate -Dio.swagger.parser.util.RemoteUrl.trustAll=true -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true -g typescript-angular -i …

Throws this error

[DEPRECATED] -D arguments after 'generate' are application arguments and not Java System Properties, please consider changing to -p, or apply your options to JAVA_OPTS, or move the -D arguments before the jar option.
Exception in thread "main" java.lang.UnsupportedOperationException
        at com.google.common.collect.ImmutableMap.put(ImmutableMap.java:529)
        at org.openapitools.codegen.config.WorkflowSettings$Builder.withSystemProperty(WorkflowSettings.java:465)
        at org.openapitools.codegen.config.CodegenConfigurator.addSystemProperty(CodegenConfigurator.java:141)
        at org.openapitools.codegen.config.CodegenConfiguratorUtils.applySystemPropertiesKvp(CodegenConfiguratorUtils.java:54)
        at org.openapitools.codegen.config.CodegenConfiguratorUtils.applySystemPropertiesKvpList(CodegenConfiguratorUtils.java:47)
        at org.openapitools.codegen.cmd.Generate.run(Generate.java:404)
        at org.openapitools.codegen.OpenAPIGenerator.main(OpenAPIGenerator.java:60)

Version

@openapitools/openapi-generator-cli”: “^1.0.1-4.1.3”

+10
snebjorn on Oct 9, 2019

When targeting a server with self-signed certificate, this worked for executing using npx on macOS:

$ export JAVA_OPTS="-Dio.swagger.parser.util.RemoteUrl.trustAll=true -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true"
$ npx @openapitools/openapi-generator-cli generate ...
+9
johnthagen on Apr 14, 2021

Running

npx openapi-generator generate -Dio.swagger.parser.util.RemoteUrl.trustAll=true -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true -g typescript-angular -i …

Throws this error

[DEPRECATED] -D arguments after 'generate' are application arguments and not Java System Properties, please consider changing to -p, or apply your options to JAVA_OPTS, or move the -D arguments before the jar option.
Exception in thread "main" java.lang.UnsupportedOperationException
        at com.google.common.collect.ImmutableMap.put(ImmutableMap.java:529)
        at org.openapitools.codegen.config.WorkflowSettings$Builder.withSystemProperty(WorkflowSettings.java:465)
        at org.openapitools.codegen.config.CodegenConfigurator.addSystemProperty(CodegenConfigurator.java:141)
        at org.openapitools.codegen.config.CodegenConfiguratorUtils.applySystemPropertiesKvp(CodegenConfiguratorUtils.java:54)
        at org.openapitools.codegen.config.CodegenConfiguratorUtils.applySystemPropertiesKvpList(CodegenConfiguratorUtils.java:47)
        at org.openapitools.codegen.cmd.Generate.run(Generate.java:404)
        at org.openapitools.codegen.OpenAPIGenerator.main(OpenAPIGenerator.java:60)

Version

@openapitools/openapi-generator-cli”: “^1.0.1-4.1.3”

I’m having this issue as well. I have an npm script I run from package.json and I don’t know how to disable the ssl check from there:

  "scripts": {
     ...
    "swagger:generate": "openapi-generator generate -i https://xxxxxx/swagger/1.0/swagger.json -g typescript-angular -o ./src/code-gen",
  },

Hi Mario, you can define the script like this

"scripts": {
  ...
  "swagger:generate": "SET JAVA_OPTS=-Dio.swagger.parser.util.RemoteUrl.trustAll=true -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true && openapi-generator generate -i https://xxxxxx/swagger/1.0/swagger.json -g typescript-angular -o ./src/code-gen"
}
+7
kherP on Apr 30, 2020

If for whatever reason you are trying to do this with Powershell you can do the following:

[System.Environment]::SetEnvironmentVariable('JAVA_OPTS','-Dio.swagger.parser.util.RemoteUrl.trustAll=true -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true') 

openapi-generator generate -i https://xxxxxx/swagger/1.0/swagger.json -g typescript-angular -o ./src/code-gen
+6
conjurer-rich on Feb 8, 2021

-Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true is not working for me as mentioned in here https://github.com/OpenAPITools/openapi-generator/blob/master/docs/faq-extending.md

+6
sashaaro on Jul 3, 2019

how about downloading the api definition before generating e.g. with curl?

+5
macjohnny on May 21, 2019

Running

npx openapi-generator generate -Dio.swagger.parser.util.RemoteUrl.trustAll=true -Dio.swagger.v3.parser.util.RemoteUrl.trustAll=true -g typescript-angular -i …

Throws this error

[DEPRECATED] -D arguments after 'generate' are application arguments and not Java System Properties, please consider changing to -p, or apply your options to JAVA_OPTS, or move the -D arguments before the jar option.
Exception in thread "main" java.lang.UnsupportedOperationException
        at com.google.common.collect.ImmutableMap.put(ImmutableMap.java:529)
        at org.openapitools.codegen.config.WorkflowSettings$Builder.withSystemProperty(WorkflowSettings.java:465)
        at org.openapitools.codegen.config.CodegenConfigurator.addSystemProperty(CodegenConfigurator.java:141)
        at org.openapitools.codegen.config.CodegenConfiguratorUtils.applySystemPropertiesKvp(CodegenConfiguratorUtils.java:54)
        at org.openapitools.codegen.config.CodegenConfiguratorUtils.applySystemPropertiesKvpList(CodegenConfiguratorUtils.java:47)
        at org.openapitools.codegen.cmd.Generate.run(Generate.java:404)
        at org.openapitools.codegen.OpenAPIGenerator.main(OpenAPIGenerator.java:60)

Version

@openapitools/openapi-generator-cli”: “^1.0.1-4.1.3”

I’m having this issue as well. I have an npm script I run from package.json and I don’t know how to disable the ssl check from there:

  "scripts": {
     ...
    "swagger:generate": "openapi-generator generate -i https://xxxxxx/swagger/1.0/swagger.json -g typescript-angular -o ./src/code-gen",
  },
+4
mario-subo on Mar 9, 2020

@StrictlyDPBlaine thanks. I’ve updated the FAQ: https://github.com/OpenAPITools/openapi-generator/wiki/FAQ#is-there-a-way-to-disable-certificate-verification

+2
wing328 on Jul 24, 2019
Read more comments on GitHub
← openapi-generator: [Node.js] server doesn't work
openapi-generator: Springboot codegen : Compilation error in generated controllers if the skipDefaultInterface tag is set to true →