I'm trying to use the eGerrit Eclipse Plugin (https://www.eclipse.org/egerrit/) for connecting to my gerrit server out of Eclipse. Everytime I try to connect I get an error that my URL (https://gerrit.isys-software.de) is not valid. But I'm quite sure that the URL is valid, because I can call it in the browser without problems. Does someone use the eGerrit Plugin an can give me some advice?
Thanks in advance :)
I've solved the problem. The certificate couldn't be verified, following error was found in Eclipse-Log:
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at
sun.security.validator.PKIXValidator.doBuild(Unknown Source) at
sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at
sun.security.validator.Validator.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at
org.apache.http.conn.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:190) at
sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)
... 84 more
Next step: Added the server certificate to a custom truststore via console:
keytool.exe -import -alias <alias> -file <path-to-certificate> -keystore <path-to-truststore>
After I started Eclipse with 2 truststore parameters, the connection could be established without problems.
-Djavax.net.ssl.trustStore=<path-to-truststore>
-Djavax.net.ssl.trustStorePassword=<password>
Related
In Charles proxy unable to start/stop recording using web interface. I have enabled the web interface and transparent ssl proxy option. I am able to navigate one level from the home page http://control.charles/ like http://control.charles/recording/ . However, I'm not able to access anything further like http://control.charles/recording/start
It is giving HTTP 404 error message in the browser response. Same thing I tried using curl and found that Charles proxy is throwing out of memory error. I have increased the -Xmx to 2GB in info.plist file and still facing the same.
Exception in thread "com.xk72.proxy.ssl.vTMQ.LajB" java.lang.OutOfMemoryError:
unable to create new native thread at java.lang.Thread.start0(Native Method) at
java.lang.Thread.start(Thread.java:717) at
java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:957) at
java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1378) at
com.xk72.proxy.sJmZ.wIxc.run(Unknown Source) at
java.lang.Thread.run(Thread.java:748) SEVERE
com.xk72.proxy.server.SocketProxyServer SocketProxyServer.run
java.lang.OutOfMemoryError: unable to create new native thread at
java.lang.Thread.start0(Native Method) at java.lang.Thread.start(Thread.java:717)
at java.util.concurrent.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:957)
at java.util.concurrent.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1378) at
com.xk72.util.LajB.DdNM(Unknown Source) at com.xk72.throttle.AqRW.(Unknown Source)
at com.xk72.throttle.WSQr.getInputStream(Unknown Source) at
com.xk72.proxy.http.wDPH.DdNM(Unknown Source) at
com.xk72.proxy.http.CLFr.twLa(Unknown Source) at
com.xk72.proxy.http.CLFr.DdNM(Unknown Source) at
com.xk72.proxy.http.CLFr.DdNM(Unknown Source) at
com.xk72.proxy.sJmZ.wDPH.run(Unknown Source) at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at
java.lang.Thread.run(Thread.java:748)
Details: Mac High Sierra - 10.13.6 Jre - 1.8.163 Charles - 4.2.8
BACKGROUND
I am using play 2.4 with scala. I am trying to enable Https for play. I have generated a keystore test.jks and placed it inside /conf of my play application. And I have following settings inside application.conf:
play.crypto.secret= "my application secret"
play.server.https.keyStore.path = "conf/test.jks"
play.server.https.keyStore.type = "JKS"
play.server.https.keyStore.password = "my keystore password"
Then, when I start my application using following command, https is successfully enabled:
sbt "start -Dhttps.port=9001"
That means, I can now access https://localhost:9001 and also access http://localhost:9000.
PROBLEM
For my requirement, I am using sbt dist to deploy my application. As we know, dist produces a ZIP file containing all JAR files and also a script needed to run the application in the target/universal folder of our application.
So, I am trying to enable https while using the generated script from dist task as follow:
bin/my-app -Dconfig.resource=application.conf -Dhttp.port=9000 -Dhttps.port=9001
Now,I can access my app at http://localhost:9000 but I can't access https://localhost:9001. Below is the contents of my application log:
[[37minfo[0m] p.c.s.NettyServer - Listening for HTTP on /0:0:0:0:0:0:0:0:9000
[[37minfo[0m] p.c.s.NettyServer - Listening for HTTPS on port /0:0:0:0:0:0:0:0:9001
[[31merror[0m] p.c.s.NettyServer$PlayPipelineFactory - cannot load SSL context
java.lang.reflect.InvocationTargetException: null
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_151]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_151]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_151]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[na:1.8.0_151]
at play.core.server.ssl.ServerSSLEngine$.createScalaSSLEngineProvider(ServerSSLEngine.scala:96) ~[com.typesafe.play.play-server_2.11-2.4.6.jar:2.4.6]
Caused by: java.lang.Exception: Unable to find HTTPS keystore at "/my_path_to_project/target/universal/my-app-1.0/my-app/conf/test.jks"
at play.core.server.ssl.DefaultSSLEngineProvider.createSSLContext(DefaultSSLEngineProvider.scala:53) ~[com.typesafe.play.play-server_2.11-2.4.6.jar:2.4.6]
at play.core.server.ssl.DefaultSSLEngineProvider.<init>(DefaultSSLEngineProvider.scala:21) ~[com.typesafe.play.play-server_2.11-2.4.6.jar:2.4.6]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[na:1.8.0_151]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[na:1.8.0_151]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[na:1.8.0_151]
[[31merror[0m] p.c.s.n.PlayDefaultUpstreamHandler - Exception caught in Netty
java.lang.IllegalArgumentException: empty text
at org.jboss.netty.handler.codec.http.HttpVersion.<init>(HttpVersion.java:89) ~[io.netty.netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.codec.http.HttpVersion.valueOf(HttpVersion.java:62) ~[io.netty.netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.codec.http.HttpRequestDecoder.createMessage(HttpRequestDecoder.java:75) ~[io.netty.netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.codec.http.HttpMessageDecoder.decode(HttpMessageDecoder.java:191) ~[io.netty.netty-3.10.4.Final.jar:na]
at org.jboss.netty.handler.codec.http.HttpMessageDecoder.decode(HttpMessageDecoder.java:102) ~[io.netty.netty-3.10.4.Final.jar:na]
[[31merror[0m] p.c.s.n.PlayDefaultUpstreamHandler - Exception caught in Netty
The funny thing from above log is this part: Unable to find HTTPS keystore at "/my_path_to_project/target/universal/my-app-1.0/my-app/conf/test.jks"
But, when I checked, I do have test.jks created inside /target/universal/my-app-1.0/my-app/conf/.
QUESTION
Why is play unable to find HTTPS keystore(test.jks) while using sbt dist?
This worked for me for production using dist
Put your jks file in /home/ubuntu/ folder and try giving absolute path /home/ubuntu/test.jks in application.conf.
Note: edit application.conf file from /path/to/application/target/universal/app-1.0-SNAPSHOT/conf/application.conf
It should work.
Steps to reproduce:
Key store generation
keytool -genkey -alias MyKey -keyalg RSA -keysize 2048 -keystore conf/store.jks
(then during interactive Q/A session use the same password for store and key, e.g. "blablastore")
application.conf
play.crypto.secret= "just secret"
play.server.https.keyStore.path = "conf/store.jks"
play.server.https.keyStore.type = "JKS"
play.server.https.keyStore.password = "blablastore"
Deployment
sbt dist
cd target/universal/
unzip *.zip
cd <project-name-1.0-SNAPSHOT>
Running
bin/<project-name> -Dconfig.resource=application.conf -Dhttp.port=9000 -Dhttps.port=9001
Since you use config.resource, it means that Play will look for the files in the resource JAR. That also implies that your keystore needs to be inside the jar.
You need to check if that is the case.
I am in a company, and need set proxy to connect to the Internet. The proxy setting is ok, because I can connect to other website, e.g. Neon - http://download.eclipse.org/releases/neon, but not for http://aws.amazon.com/eclipse.
The error message is:
Unable to read repository at
https://aws.amazon.com/eclipse/content.xml. Unable to read repository
at https://aws.amazon.com/eclipse/content.xml.
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target.
The specific stack is:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:554)
at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:435)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:216)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:394)
at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:814)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:615)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.eclipse.ecf.provider.filetransfer.httpclient4.HttpClientFileSystemBrowser.runRequest(HttpClientFileSystemBrowser.java:263)
at org.eclipse.ecf.provider.filetransfer.browse.AbstractFileSystemBrowser$DirectoryJob.run(AbstractFileSystemBrowser.java:69)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
... 20 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown
Source)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 26 more
This is because java is not recognizing root certificate authority (CA) SSL certificate of https://aws.amazon.com.
Solution is to add that certificate to java cacerts file so that it got permanently accepted.
Step 1 : Get root certificate of https://aws.amazon.com
CHROME BROWSER
Open https://aws.amazon.com
Select Inspect from context menu(right clicking on page) and navigate to security tab
Click on view certificates
Click on top most certificate on hierarchy and confirm it is tailed with Root CA phrase.
drag and drop that image which you saw written certificate on desktop.
FIREFOX BROWSER
Open https://aws.amazon.com
click on the green lock button "show certificate"
tab "details", "export"
Thats it! you got your root certificate!
Step 2 : Get that certificate added to java cacerts file.
use keytool.exe inside your jre bin folder.
fire following command to place your certificate inside cacerts file
keytool –import –noprompt –trustcacerts –alias ALIASNAME -file
/PATH/TO/YOUR/DESKTOP/CertificateName.cer -keystore
/PATH/TO/YOUR/JDK/jre/lib/security/cacerts -storepass changeit
That is it! you got your problem resolved.
PLEASE NOTE
Do confirm that the jre which is giving you this PKIX error(JRE used by eclipse or your app after deployment) that is where you are performing STEP 2. If you would try with another jre problem would be as it is.
Go to Eclipse -> Window -> Preferences -> Network Settings
Change Active Provider to Direct
Save
Go back to Install Software
Try again to pull from AWS Repo
This time it will work
Just flow the below steps in eclipse,
1) go to windows -> preference - > search for network connections
2) Change the active provider to direct.
Then try install software in eclipse and search for http://aws.amazon.com/eclipse.
It will work.
Try changing the Window/Preferences/Network settings from Native to Direct.
Launch eclipse from CLI using "eclipse.exe -clean"
Retry the update
My company upgraded to SonarQube 5.3. This requires changing from the SonarQube plugin for Eclipse to SonarLint. I regret that upgrade because my project quality profile contains 494 rules and only 12 are from Squid, so we have a massive project to make SonarLint in Eclipse at all useful. But I'm trying to install SonarLint 2.0.2 on my PC anyway. When I try to test the connection to the SQ server I get an error in the SonarLint Console. What's the problem?
No storage for server 'sonar'. Please update.
Fail to request https://sonar.forge.mycompany.com:9000/api/system/status
java.lang.IllegalStateException: Fail to request https://sonar.forge.mycompany.com:9000/api/system/status
at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:202)
at org.sonarqube.ws.client.HttpConnector.get(HttpConnector.java:144)
at org.sonarqube.ws.client.HttpConnector.call(HttpConnector.java:133)
at org.sonarsource.sonarlint.core.container.connected.SonarLintWsClient.rawGet(SonarLintWsClient.java:98)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.fetchServerInfos(ServerVersionAndStatusChecker.java:97)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:61)
at org.sonarsource.sonarlint.core.container.connected.validate.ServerVersionAndStatusChecker.checkVersionAndStatus(ServerVersionAndStatusChecker.java:51)
at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:50)
at org.sonarsource.sonarlint.core.WsHelperImpl.validateConnection(WsHelperImpl.java:45)
at org.sonarlint.eclipse.core.internal.server.Server.testConnection(Server.java:244)
at org.sonarlint.eclipse.ui.internal.server.wizard.ServerConnectionTestJob.run(ServerConnectionTestJob.java:44)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:122)
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
at sun.security.ssl.InputRecord.handleUnknownRecord(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at com.squareup.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:192)
at com.squareup.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
at com.squareup.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
at com.squareup.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
at com.squareup.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
at com.squareup.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
at com.squareup.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
at com.squareup.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
at com.squareup.okhttp.Call.getResponse(Call.java:286)
at com.squareup.okhttp.Call$ApplicationInterceptorChain.proceed(Call.java:243)
at com.squareup.okhttp.Call.getResponseWithInterceptorChain(Call.java:205)
at com.squareup.okhttp.Call.execute(Call.java:80)
at org.sonarqube.ws.client.HttpConnector.doCall(HttpConnector.java:199)
... 11 more
Port 9000 is the default HTTP-Port for SonarQube. SonarLint proposes https:// when configuring a new server connection.
So, if you just change
https://sonar.forge.mycompany.com:9000
to
http://sonar.forge.mycompany.com:9000
and you probably can connect SonarLint with SonarQube.
You're focused on the wrong thing. The "No Storage..." message won't stop it from working, I get that all the time with the latest sonar/sonar lint.
Have a look at your server configuration. It looks like there's a protocol mismatch...
java.lang.IllegalStateException: Fail to request https://sonar.forge.mycompany.com:9000/api/system/status
.
.
.
Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
WSO2ESB: Unable To Start WSO2esb on CentOS
Got following Exception while tried to start
[root#node2500 bin]# sh wso2server.sh
JAVA_HOME environment variable is set to /usr/java/jdk1.7.0_65
CARBON_HOME environment variable is set to /usr/wso2esb-4.8.1
Exception in thread "Refresh Packages" java.lang.SecurityException: SHA1 digest error for org/eclipse/osgi/internal/loader/FilteredSourcePackage.class
at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:220)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:241)
at java.util.jar.JarVerifier.update(JarVerifier.java:228)
at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:483)
at sun.misc.Resource.getBytes(Resource.java:124)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:444)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at org.wso2.carbon.server.ChildFirstURLClassLoader.loadClass(ChildFirstURLClassLoader.java:62)
at java.lang.ClassLoader.loadClass(ClassLoader.java:358)
at org.eclipse.osgi.framework.internal.core.BundleHost.getLoaderProxy(BundleHost.java:662)
at org.eclipse.osgi.framework.internal.core.BundleHost.getBundleLoader(BundleHost.java:652)
at org.eclipse.osgi.framework.internal.core.PackageAdminImpl.populateLoaders(PackageAdminImpl.java:281)
at org.eclipse.osgi.framework.internal.core.PackageAdminImpl.doResolveBundles(PackageAdminImpl.java:223)
at org.eclipse.osgi.framework.internal.core.PackageAdminImpl$1.run(PackageAdminImpl.java:174)
at java.lang.Thread.run(Thread.java:745)
Please help me
Thanks
JDK-5078608 : Digital signatures are invalid after unpacking
can it be a JDK bug?
The procedure to pack and signing a jar is broken. Specifically if the jar
is a large one. One will get an error as
jarsigner -verify ./out/foo.jar
jarsigner: java.lang.SecurityException: SHA1 digest error for original/org/jfree/chart/axis/Axis.class