Skip to first unread message
Franz van Betteraey
Jan 18, 2016, 5:35:12 AM1/18/16
to SonarQube
Hi,
we are runnig a SonarQube 4.5.6 system and access it only via https.
<sonar.host.url>https://sonar.xxx.yyy</sonar.host.url>
Until sonar-maven-plugin version 2.7.1 running a Sonar analysis was no problem. Since plugin version 3.0 (and 3.0.1) the build fails with a SunCertPathBuilderException exception.
Is this an expected behaviour after an intended plugin change or a bug? What do I need to do to make the build possible with the plugin version 3.x?
To be clear
Thanks and kind regards,
Franz
SonarQube version: 4.5.6
Language: Java
[DEBUG] Download: https://sonar.xxx.yyy/batch_bootstrap/index
[ERROR] SonarQube server [https://sonar.xxx.yyyy] can not be reached
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.941 s
[INFO] Finished at: 2016-01-18T11:23:41+01:00
[INFO] Final Memory: 25M/495M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.1:sonar (default-cli) on project jhb
Base: Fail to download libraries from server: sun.security.validator.ValidatorException: PKIX path building failed: sun.
security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [
Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven
-plugin:3.0.1:sonar (default-cli) on project jhbBase: Fail to download libraries from server
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.
java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Fail to download libraries from server
at org.sonarsource.scanner.maven.bootstrap.ExceptionHandling.handle(ExceptionHandling.java:36)
at org.sonarsource.scanner.maven.bootstrap.RunnerBootstrapper.execute(RunnerBootstrapper.java:81)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute(SonarQubeMojo.java:112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
... 20 more
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:93)
at org.sonar.runner.impl.Jars.download(Jars.java:70)
at org.sonar.runner.impl.JarDownloader.download(JarDownloader.java:40)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:91)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:87)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:83)
at org.sonar.runner.api.EmbeddedRunner.doStart(EmbeddedRunner.java:249)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:187)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:182)
at org.sonarsource.scanner.maven.bootstrap.RunnerBootstrapper.execute(RunnerBootstrapper.java:60)
... 23 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: su
n.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.sonar.runner.okhttp.Connection.connectTls(Connection.java:239)
at org.sonar.runner.okhttp.Connection.connectSocket(Connection.java:201)
at org.sonar.runner.okhttp.Connection.connect(Connection.java:172)
at org.sonar.runner.okhttp.Connection.connectAndSetOwner(Connection.java:358)
at org.sonar.runner.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:117)
at org.sonar.runner.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
at org.sonar.runner.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
at org.sonar.runner.okhttp.Call.getResponse(Call.java:276)
at org.sonar.runner.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:234)
at org.sonar.runner.okhttp.Call.getResponseWithInterceptorChain(Call.java:196)
at org.sonar.runner.okhttp.Call.execute(Call.java:79)
at org.sonar.runner.impl.ServerConnection.callUrl(ServerConnection.java:184)
at org.sonar.runner.impl.ServerConnection.downloadString(ServerConnection.java:121)
at org.sonar.runner.impl.ServerConnection.tryServerFirst(ServerConnection.java:148)
at org.sonar.runner.impl.ServerConnection.download(ServerConnection.java:112)
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:78)
... 34 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 57 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to reques
ted target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 63 more
)
we are runnig a SonarQube 4.5.6 system and access it only via https.
<sonar.host.url>https://sonar.xxx.yyy</sonar.host.url>
Until sonar-maven-plugin version 2.7.1 running a Sonar analysis was no problem. Since plugin version 3.0 (and 3.0.1) the build fails with a SunCertPathBuilderException exception.
Is this an expected behaviour after an intended plugin change or a bug? What do I need to do to make the build possible with the plugin version 3.x?
To be clear
- works: mvn org.codehaus.mojo:sonar-maven-plugin:2.7.1:sonar
- fails: mvn org.codehaus.mojo:sonar-maven-plugin:3.0:sonar
- fails: mvn org.codehaus.mojo:sonar-maven-plugin:3.0.1:sonar
Thanks and kind regards,
Franz
SonarQube version: 4.5.6
Language: Java
[DEBUG] Download: https://sonar.xxx.yyy/batch_bootstrap/index
[ERROR] SonarQube server [https://sonar.xxx.yyyy] can not be reached
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.941 s
[INFO] Finished at: 2016-01-18T11:23:41+01:00
[INFO] Final Memory: 25M/495M
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.0.1:sonar (default-cli) on project jhb
Base: Fail to download libraries from server: sun.security.validator.ValidatorException: PKIX path building failed: sun.
security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target -> [
Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal org.sonarsource.scanner.maven:sonar-maven
-plugin:3.0.1:sonar (default-cli) on project jhbBase: Fail to download libraries from server
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:212)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.
java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)
Caused by: org.apache.maven.plugin.MojoExecutionException: Fail to download libraries from server
at org.sonarsource.scanner.maven.bootstrap.ExceptionHandling.handle(ExceptionHandling.java:36)
at org.sonarsource.scanner.maven.bootstrap.RunnerBootstrapper.execute(RunnerBootstrapper.java:81)
at org.sonarsource.scanner.maven.SonarQubeMojo.execute(SonarQubeMojo.java:112)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
... 20 more
Caused by: java.lang.IllegalStateException: Fail to download libraries from server
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:93)
at org.sonar.runner.impl.Jars.download(Jars.java:70)
at org.sonar.runner.impl.JarDownloader.download(JarDownloader.java:40)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:91)
at org.sonar.runner.impl.IsolatedLauncherFactory$1.run(IsolatedLauncherFactory.java:87)
at java.security.AccessController.doPrivileged(Native Method)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:87)
at org.sonar.runner.impl.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:83)
at org.sonar.runner.api.EmbeddedRunner.doStart(EmbeddedRunner.java:249)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:187)
at org.sonar.runner.api.EmbeddedRunner.start(EmbeddedRunner.java:182)
at org.sonarsource.scanner.maven.bootstrap.RunnerBootstrapper.execute(RunnerBootstrapper.java:60)
... 23 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: su
n.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.sonar.runner.okhttp.Connection.connectTls(Connection.java:239)
at org.sonar.runner.okhttp.Connection.connectSocket(Connection.java:201)
at org.sonar.runner.okhttp.Connection.connect(Connection.java:172)
at org.sonar.runner.okhttp.Connection.connectAndSetOwner(Connection.java:358)
at org.sonar.runner.okhttp.OkHttpClient$1.connectAndSetOwner(OkHttpClient.java:117)
at org.sonar.runner.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:329)
at org.sonar.runner.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:246)
at org.sonar.runner.okhttp.Call.getResponse(Call.java:276)
at org.sonar.runner.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:234)
at org.sonar.runner.okhttp.Call.getResponseWithInterceptorChain(Call.java:196)
at org.sonar.runner.okhttp.Call.execute(Call.java:79)
at org.sonar.runner.impl.ServerConnection.callUrl(ServerConnection.java:184)
at org.sonar.runner.impl.ServerConnection.downloadString(ServerConnection.java:121)
at org.sonar.runner.impl.ServerConnection.tryServerFirst(ServerConnection.java:148)
at org.sonar.runner.impl.ServerConnection.download(ServerConnection.java:112)
at org.sonar.runner.impl.Jars.downloadFiles(Jars.java:78)
... 34 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertP
athBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 57 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to reques
ted target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 63 more
)
Julien HENRY
Jan 18, 2016, 8:51:39 AM1/18/16
to SonarQube
Hi Franz,
Indeed the main change of this 3.0 release was to fix HTTPs support. In previous version there was an hardcoded "trust all certs" flag that:
1) was a big security hole (what the point to use HTTPs if you don't check certificate?)
2) was preventing people to use client certificates for server side authentication
So here it is very likely your TLS configuration has some issue (maybe a missing certificate in your JVM truststore). You can get more details by enabling JVM net logs:
mvn sonar:sonar -Djavax.net.debug=all
++
Julien
Franz van Betteraey
Jan 18, 2016, 10:20:59 AM1/18/16
to SonarQube
Hi Julien,
thanks for that extra information.
Kind regards,
Franz
thanks for that extra information.
Kind regards,
Franz
Reply all
Reply to author
Forward
0 new messages