I did eventually figure this out by locating OpenJDK’s own conversion command that makes the trust store unprotected. It only exists for the length of the build so that’s fine IMO.
mkdir -p $(dirname "$PKCS12_TRUST_STORE")
keytool \
-J-Dkeystore.pkcs12.certProtectionAlgorithm=NONE \
-J-Dkeystore.pkcs12.macAlgorithm=NONE \
-importkeystore \
-srckeystore "$JKS_TRUST_STORE" \
-srcstorepass changeit \
-deststoretype pkcs12 \
-destkeystore "$PKCS12_TRUST_STORE" \
-noprompt
That fixes the trust store issue, but I immediately ran into another issue. I seem to be hitting a classpath issue with the scanner. It’s using an embedded Eclipse compiler, and that’s causing a package conflict? Is there a way for me to tell the scanner to use the same JDK as the project?
Status ERROR: org.eclipse.jdt.core code=4 Could not retrieve interfaces org.eclipse.jdt.internal.compiler.problem.AbortCompilation: Pb(347) The type java.lang.String cannot be resolved. It is indirectly referenced from required type android.view.Window
Status ERROR: org.eclipse.jdt.core code=4 Could not retrieve declared methods org.eclipse.jdt.internal.compiler.problem.AbortCompilation: Pb(347) The type java.lang.String cannot be resolved. It is indirectly referenced from required type android.content.SharedPreferences.OnSharedPreferenceChangeListener
ECJ Unable to resolve type android.content.ContentProvider
org.eclipse.jdt.internal.compiler.problem.AbortCompilation: Pb(347) The type java.lang.String cannot be resolved. It is indirectly referenced from required type android.content.ContentProvider
at org.eclipse.jdt.internal.compiler.problem.ProblemHandler.handle(ProblemHandler.java:162)
at org.eclipse.jdt.internal.compiler.problem.ProblemHandler.handle(ProblemHandler.java:229)
at org.eclipse.jdt.internal.compiler.problem.ProblemReporter.handle(ProblemReporter.java:2679)
ECJ Unable to resolve type org.apache.commons.lang3.RandomStringUtils
org.eclipse.jdt.internal.compiler.problem.AbortCompilation: Pb(347) The type java.lang.String cannot be resolved. It is indirectly referenced from required type org.apache.commons.lang3.RandomStringUtils
at org.eclipse.jdt.internal.compiler.problem.ProblemHandler.handle(ProblemHandler.java:162)
at org.eclipse.jdt.internal.compiler.problem.ProblemHandler.handle(ProblemHandler.java:229)
I did see this thread with the same issue, but the related issue appears to be fixed. I’m not entirely sure why Sonar would be compiling anything at all, as the build was already done by Gradle/AGP, and the Sonar Scanner lists Java 17 as a pre-requisite.