Java Maven 项目在 VSCode 中:无法找到到请求目标的有效证书路径

huangapple go评论87阅读模式
英文:

Java Maven project in VSCode: unable to find valid certification path to requested target

问题

完整的免责声明:我不是Java专家

我的工作小组开发了一个Java项目,由maven管理,应该针对jdk-11进行编译。他们都使用IntelliJ,我已经在这个平台上设置好了。我现在正在尝试在VSCode上进行相同的设置,因为我对它更熟悉。

我安装了openjdk-11,在/Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/lib/security中添加了相关的cacerts,将VSCode指向了这个版本,并指向了与IntelliJ用于编译相同的maven可执行文件。

我可以通过执行mvn clean install正确编译项目,并在Run/Debug窗口中运行应用程序的一部分(只需手动添加所有在launch.json中的classPaths)。然而,“Language Support for Java”选项卡在输出窗口中仍然显示这个错误

无法下载已发布的Gradle版本。
org.gradle.api.UncheckedIOException: 无法下载已发布的Gradle版本。
....
由于: javax.net.ssl.SSLHandshakeException: PKIX路径构建失败: sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效证书路径
...
由于: sun.security.provider.certpath.SunCertPathBuilderException: 无法找到请求目标的有效证书路径
...
[Error - 10:18:41] 2023年2月27日,10:18:41 构建工作区时发生错误。详情:
消息: 在解决构建路径错误之前,无法构建项目;

似乎“Language Support for Java”正在使用一个没有安装cacerts的不同jdk,但我无论如何都找不到这个版本的位置。我尝试在VSCode中的任何地方(还包括Gradle)指定正确的java_home,但是我无论如何都摆脱不了这个错误。我不知道这到底是不是个问题,因为当我启动maven时项目是在编译,但是修复它可能会很好。目前对我来说还不太清楚在VSCode中打开这样一个Java项目时使用了多少不同的“层”。

英文:

Full disclaimer: I'm not a Java expert.

My work group developed a Java project, managed by maven, which should be compiled against jdk-11. They all use IntelliJ and I was able to set it up on this platform. I'm now trying to do the same setup on VSCode, because I'm more familiar with it.

I installed openjdk-11, added the relevant cacerts in /Library/Java/JavaVirtualMachines/adoptopenjdk-11.jdk/Contents/Home/lib/security, pointed VSCode to this version and to the same maven executable used by IntelliJ for compiling.

I can correctly compile the project by doing mvn clean install and run part of the application in the Run/Debug window (only had to manually add all the classPaths in launch.json). However the "Language Support for Java" tab in the Output window still shows me this error

Cannot download published Gradle versions.
org.gradle.api.UncheckedIOException: Cannot download published Gradle versions.
....
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
...
[Error - 10:18:41] 27 Feb 2023, 10:18:41 Error occured while building workspace. Details: 
 message: The project cannot be built until build path errors are resolved;

It seems that the "Language Support for Java" is using a different jdk with no cacerts installed, but somehow I cannot figure out where this version is located. I tried to specify the right java_home wherever I could in VSCode (also in Gradle) but somehow I cannot get rid of this error.
I don't know if this is really a problem or not, as the project is compiling when I launch maven, but it would be good to fix it. To me it is not really clear at the moment how many different "layers" are used when opening a java project like this in VSCode.

答案1

得分: 1

尝试解决我的环境问题时,我发现你的评论

> 似乎“Java语言支持”(VSCode插件)正在使用不同的jdk...

是我发现解决方法的关键。

这个链接 解释了该扩展确实使用了嵌入式JRE,并提供了解决问题的方法。

嵌入式JRE位于(取决于扩展版本和操作系统):

.vscode/extensions/redhat.java-1.15.0-linux-x64/jre 

通常直接位于Linux和MacOS上的$HOME,或者Windows上的%USERPROFILE%下。嵌入式JRE有一个cacerts文件,例如:

.vscode/extensions/redhat.java-1.15.0-linux-x64/jre/17.0.6-linux-x86_64/lib/security/cacerts 

要解决问题,你可以选择:

  1. 将所需的证书添加到嵌入式JRE的cacerts文件中,但是,每次扩展更新时都需要重复此操作,或者

  2. 通过修改VSCode用户设置(settings.xml文件)的"java.jdt.ls.vmargs"条目来附加属性,配置嵌入式JRE使用包含所需证书的其他证书存储文件:

    "-Djavax.net.ssl.trustStore=path/to/other/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
    

    替换正确的证书存储路径和密码。

对于选项2,你可以简单地使用你已经修改过的Open JDK 11 cacerts文件的路径。

英文:

Trying to resolve this problem for my environment, I found your comment
> It seems that the "Language Support for Java" (VSCode plugin) is using a different jdk ...

was the key to discovering a fix in my case.
This link explains that the extension does use an embedded JRE and also provides a resolution to the problem.

The embedded JRE is located at (depending on extension version and operating system):

.vscode/extensions/redhat.java-1.15.0-linux-x64/jre

which is usually located directly under $HOME on Linux and MacOS or %USERPROFILE% on Windows. The embedded JRE has a cacerts file, for example:

.vscode/extensions/redhat.java-1.15.0-linux-x64/jre/17.0.6-linux-x86_64/lib/security/cacerts

To resolve the problem you can either:

  1. add the required certificates to the embedded JRE cacerts file, however, you will need to repeat this every time the extension is updated, or
  2. configure the embedded JRE to use another certificate store file that contains the required certificates by modifying the VSCode user settings (settings.xml file) "java.jdt.ls.vmargs" entry to append the properties:
    "-Djavax.net.ssl.trustStore=path/to/other/cacerts -Djavax.net.ssl.trustStorePassword=changeit"
    

    substituting the correct certificate store path and password.

In the case of option 2 you can simply use the path to the Open JDK 11 cacerts file that you have already modified.

答案2

得分: 0

从Maven 3.9开始,他们将默认的传输实现更改为native

尝试使用此选项禁用SSL验证:

mvn compile -Daether.connector.https.securityMode=insecure

背景:
https://maven.apache.org/resolver/configuration.html

英文:

Starting with Maven 3.9 they changed the default Transport implementation to native.

Try with this option to disable SSL verifications:

mvn compile -Daether.connector.https.securityMode=insecure

Background:
https://maven.apache.org/resolver/configuration.html

huangapple
  • 本文由 发表于 2023年2月27日 17:26:19
  • 转载请务必保留本文链接:https://go.coder-hub.com/75578686.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定