SonarLint Server RPC sequential executor

cmei84 · March 14, 2024, 5:47am

I updated my eclipse today to version 2024-03 and with it came SonarLint-Plugin version 10.0
The java-runtime of the plugin is Java 17.09 under C:_Programme\eclipse.2022-12.rcp\plugins\org.sonarlint.eclipse.sloop.windows.x64_10.0.0.81687\sloop\jre\bin. I think the version 9.3 had the same java version.

Reading in the description of 1. JDK-8313367 there is mention of certain certificates that can cause this error.
We did change code-signing certificates from Keystore to USB-Token at the beginning of 2024.
Maybe in this process new certificates were also installed in Windows certificate store.

SonarLint still hangs exactly on:

"SonarLint Server RPC sequential executor" #18 prio=5 os_prio=0 cpu=593.75ms elapsed=68.62s tid=0x0000021260a73a40 nid=0x1fc0 runnable  [0x0000005151bfc000]
   java.lang.Thread.State: RUNNABLE
        at sun.security.mscapi.CKeyStore.loadKeysOrCertificateChains(jdk.crypto.mscapi@17.0.9/Native Method)
        at sun.security.mscapi.CKeyStore.engineLoad(jdk.crypto.mscapi@17.0.9/Unknown Source)
        at sun.security.mscapi.CKeyStore$MY.engineLoad(jdk.crypto.mscapi@17.0.9/Unknown Source)
        at java.security.KeyStore.load(java.base@17.0.9/Unknown Source)
        at nl.altindag.ssl.util.KeyStoreUtils.createKeyStore(KeyStoreUtils.java:150)
        at nl.altindag.ssl.util.KeyStoreUtils.createKeyStoreIfAvailable(KeyStoreUtils.java:260)
        at nl.altindag.ssl.util.KeyStoreUtils.lambda$loadSystemKeyStores$1(KeyStoreUtils.java:233)
        at nl.altindag.ssl.util.KeyStoreUtils$$Lambda$177/0x00000212201ce630.apply(Unknown Source)

So i really don’t understand why this is still not working.

tobias.hahnen · March 14, 2024, 4:23pm

Hi @cmei84,

just a few minutes ago a new version of SonarLint for Eclipse (10.0.1) was released fixing a handful of bugs.

Could you give it a try and check if the issues still persist? If so please ping me back and I will see how we can fix this

Best,
Tobias

cmei84 · March 15, 2024, 6:23am

tried version 10.0.1 but sadly it does not fix the problem

cmei84 · March 15, 2024, 8:54am

I figured out what the cause of the issue is.
we recently renewed our Code Signing Certificates and the new ones recuire the usage of USB-Tokens and the related Software.

Uninstalling this software solves the problem.
We use SafeNet Authentication Client (link)

I don’t usually have to sing code locally so i can leave it removed for now.
i raised an issue on Guthub Hakky54/sslcontext-kickstart)
link

tobias.hahnen · March 15, 2024, 9:02am

Hi @cmei84,

thanks for getting back to me. This is great news, that the issue was due to external software.

I think I can also provide you with some information here to sort out misconceptions:

SonarLint for Eclipse coming bundled with its own Java 17 JRE is only been done since version 10.0, therefore you might not have faced any issues regarding certificates with previous versions
Since SonarLint for Eclipse 10.0 the embedded JRE is used to run parts of the plug-in out of process any certificates required to your “normal” Java installation have to also apply to the certificate store of this JRE. But …
… we also give you the option to instead of using the embedded JRE, you can just provide your own one that you have full control over. Please see my answer to a different post where similar environments required such changes.
The documentation for this can be found HERE as well. This will also enable you to use your Java 17+ runtime while jumping between SonarLint versions if you want to update often but don’t want to configure the certificates every time. Or if it is managed by your organization.

If you encounter anything else that is not working, don’t hesitate to reach out in a new thread.

All the best,
Tobias