Sonarlint eclipse cant connect to sonarqube secured with client certificate

Please provide

  • Operating system: Linux
  • IDE name and flavor/env: Eclipse Version: 2022-03 (4.23.0) with OpenJDK 17 (tried 11 too)
  • SonarLint plugin version: SonarSource SonarLint for Eclipse 7.4.0.46482
  • Is connected mode used:
    • SonarQube Version 9.4 (build 54424)

Hello,

My SonarQube test setup required a client certificate issued by private ca.
I specified keystore and truststore as vmargs (works fine with other plugins) and enabled verbose logs as mentioned in Frequently asked questions

I tried to connect to my SonarQube instance inside Eclipse. After entering the token an error appears:

org.sonarsource.sonarlint.shaded.com.google.gson.stream.MalformedJsonException: Use JsonReader.setLenient(true) to accept malformed JSON at line 2 column 2 path $

There is NO output in console log nor in error log and nothing in eclipse log.

What can I do to get around this?

Thanks in advance

1 Like

Hi @thmarkus

Out of curiosity, do you manage to trigger analysis with a SonarScanner in this setup?

SonarLint for Eclipse is using okhttp library to perform HTTP requests, and to my knowledge it should use platform certificates by default.

Can you share the vmargs you used to pass keystore and truststore? I will try to reproduce.

Hi @Julien_HENRY

sure:

        -vmargs -Xmx12G \
        -Djava.net.preferIPv4Stack=true \
        -Djavax.net.ssl.keyStore=filename.p12 \
        -Djavax.net.ssl.keyStorePassword=password \
        -Djavax.net.ssl.keyStoreType=pkcs12 \
        -Djavax.net.ssl.trustStore=/usr/lib64/jvm/java-11-openjdk-11/lib/security/cacerts \
        -Djavax.net.ssl.trustStorePassword=changeit

I trigger analysis using maven plugin. This works as expected

export MAVEN_OPTS="$MAVEN_OPTS -Djavax.net.ssl.keyStorePassword=changeit -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStore=filename.p12 -Djavax.net.ssl.keyStorePassword=password"
mvn ...

Checked access log (ingress-nginx), entry is

"GET /api/system/status HTTP/2.0" 400 230 "-" "SonarLint Eclipse 7.4.0.46482"

but SonarQube container (image sonarqube:9-community on kubernetes) shows no output.
Access log in SonarQube does NOT contain an entry (but ingress-nginx shows, curious)

But SonarQube access log contains

"GET /api/system/status HTTP/1.1" 200 76 "-" "SonarLint IntelliJ 6.7.0.45926"

so IntelliJ plugin is functional

So there’s no tls problem. The request is forwared to sonarqube but does not show in access log

any idea?

Hi @thmarkus

I think I have identified the root cause. The okhttp client library we are using is not honoring those JVM properties. I created a ticket:
https://jira.sonarsource.com/browse/SLE-529

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.