SSL error after updating to version 10.1.0.81817 when using Windows keystore

Environment:

  • Operating system: Windows 10
  • SonarLint plugin version: 10.1.0.81817
  • Eclipse version: 2024-03 (4.31.0)
  • Programming language you’re coding in: Java
  • Connected to: SonarQube 9.9.3 (using https://)

Description of the problem / question:
After updating SonarLint Eclipse plugin to version 10.1.0.81817, I now receive errors related to the SSL connexion:

Using JRE from C:\dev\eclipse\plugins\org.sonarlint.eclipse.sloop.windows.x64_10.1.0.81817\sloop\jre
Starting SonarLint for Eclipse 10.1.0.81817
SonarLint backend started, instance=org.sonarsource.sonarlint.core.rpc.impl.SonarLintRpcServerImpl@2a7f1f10
Started embedded server on port 64120
Can't open directory channel. Log directory fsync won't be performed.
Error during synchronization

java.util.concurrent.CompletionException: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
	at java.base/java.util.concurrent.CompletableFuture.reportJoin(Unknown Source)
	at java.base/java.util.concurrent.CompletableFuture.join(Unknown Source)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processResponse(ServerApiHelper.java:110)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.rawGet(ServerApiHelper.java:95)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.get(ServerApiHelper.java:72)
	at org.sonarsource.sonarlint.core.serverapi.system.SystemApi.lambda$getStatus$0(SystemApi.java:38)
	at org.sonarsource.sonarlint.core.serverapi.ServerApiHelper.processTimed(ServerApiHelper.java:243)
	at org.sonarsource.sonarlint.core.serverapi.system.SystemApi.getStatus(SystemApi.java:37)
	at org.sonarsource.sonarlint.core.serverconnection.ServerInfoSynchronizer.synchronize(ServerInfoSynchronizer.java:41)
	at org.sonarsource.sonarlint.core.serverconnection.LocalStorageSynchronizer.synchronizeServerInfosAndPlugins(LocalStorageSynchronizer.java:53)
	at org.sonarsource.sonarlint.core.serverconnection.ServerConnection.sync(ServerConnection.java:57)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.synchronizeConnectionAndProjectsIfNeededSync(SynchronizationService.java:305)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$12(SynchronizationService.java:291)
	at java.base/java.util.Optional.ifPresent(Unknown Source)
	at org.sonarsource.sonarlint.core.sync.SynchronizationService.lambda$synchronizeConnectionAndProjectsIfNeededAsync$13(SynchronizationService.java:291)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
	at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:339)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:410)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession.access$100(SSLIOSession.java:74)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:201)
	at org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:142)
	at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51)
	at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:178)
	at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:127)
	at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:86)
	at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
	... 1 more
Caused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
	at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:61)
	at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.checkServerTrusted(CompositeX509ExtendedTrustManager.java:91)
	... 20 more
	Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
		at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
		at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
		at java.base/sun.security.validator.Validator.validate(Unknown Source)
		at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
		at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
		at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:53)
		at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$5(CompositeX509ExtendedTrustManager.java:91)
		at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
		... 21 more
	Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
		at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
		at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
		at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
		... 29 more
	Suppressed: java.security.cert.CertificateException: No X509ExtendedTrustManager implementation available
		at nl.altindag.ssl.trustmanager.DummyX509ExtendedTrustManager.checkServerTrusted(DummyX509ExtendedTrustManager.java:69)
		at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:53)
		at nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager.lambda$checkServerTrusted$2(HotSwappableX509ExtendedTrustManager.java:71)
		at nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager.checkTrusted(HotSwappableX509ExtendedTrustManager.java:92)
		at nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager.checkServerTrusted(HotSwappableX509ExtendedTrustManager.java:71)
		at nl.altindag.ssl.trustmanager.InflatableX509ExtendedTrustManager.lambda$checkServerTrusted$4(InflatableX509ExtendedTrustManager.java:119)
		at nl.altindag.ssl.trustmanager.InflatableX509ExtendedTrustManager.checkTrusted(InflatableX509ExtendedTrustManager.java:150)
		at nl.altindag.ssl.trustmanager.InflatableX509ExtendedTrustManager.checkServerTrusted(InflatableX509ExtendedTrustManager.java:119)
		at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$5(CompositeX509ExtendedTrustManager.java:91)
		at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
		... 21 more

Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ClassRealm{javascript}-org.sonar.plugins.javascript.bridge.BridgeServerImpl': Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.plugins.javascript.bridge.BridgeServerImpl]: Constructor threw exception; nested exception is java.io.UncheckedIOException: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
Unexpected error occurred in scheduled task

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ClassRealm{javascript}-org.sonar.plugins.javascript.bridge.BridgeServerImpl': Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.plugins.javascript.bridge.BridgeServerImpl]: Constructor threw exception; nested exception is java.io.UncheckedIOException: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:310)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:291)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1372)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1228)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:582)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:542)
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:335)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:333)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:208)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:955)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:921)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:583)
	at org.sonarsource.sonarlint.core.plugin.commons.container.SpringComponentContainer.startComponents(SpringComponentContainer.java:181)
	at org.sonarsource.sonarlint.core.analysis.container.global.GlobalAnalysisContainer.doAfterStart(GlobalAnalysisContainer.java:70)
	at org.sonarsource.sonarlint.core.plugin.commons.container.SpringComponentContainer.startComponents(SpringComponentContainer.java:182)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngine.start(AnalysisEngine.java:58)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngine.<init>(AnalysisEngine.java:53)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngineCache.createEngine(AnalysisEngineCache.java:100)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngineCache.lambda$getOrCreateConnectedEngine$1(AnalysisEngineCache.java:80)
	at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(Unknown Source)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngineCache.getOrCreateConnectedEngine(AnalysisEngineCache.java:80)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngineCache.lambda$getOrCreateAnalysisEngine$0(AnalysisEngineCache.java:75)
	at java.base/java.util.Optional.map(Unknown Source)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngineCache.getOrCreateAnalysisEngine(AnalysisEngineCache.java:75)
	at org.sonarsource.sonarlint.core.analysis.AnalysisEngineCache.registerModuleIfLeafConfigScope(AnalysisEngineCache.java:149)
	at java.base/java.lang.Iterable.forEach(Unknown Source)
	at org.sonarsource.sonarlint.core.analysis.AnalysisService.onConfigurationScopeAdded(AnalysisService.java:451)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at org.springframework.context.event.ApplicationListenerMethodAdapter.doInvoke(ApplicationListenerMethodAdapter.java:344)
	at org.springframework.context.event.ApplicationListenerMethodAdapter.processEvent(ApplicationListenerMethodAdapter.java:229)
	at org.springframework.context.event.ApplicationListenerMethodAdapter.onApplicationEvent(ApplicationListenerMethodAdapter.java:166)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:178)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:164)
	at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:145)
	at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:421)
	at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:391)
	at org.sonarsource.sonarlint.core.ConfigurationService.didAddConfigurationScopes(ConfigurationService.java:65)
	at org.sonarsource.sonarlint.core.rpc.impl.ConfigurationRpcServiceDelegate.lambda$didAddConfigurationScopes$0(ConfigurationRpcServiceDelegate.java:36)
	at org.sonarsource.sonarlint.core.rpc.impl.AbstractRpcServiceDelegate.withLogger(AbstractRpcServiceDelegate.java:120)
	at org.sonarsource.sonarlint.core.rpc.impl.AbstractRpcServiceDelegate.lambda$notify$6(AbstractRpcServiceDelegate.java:112)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.plugins.javascript.bridge.BridgeServerImpl]: Constructor threw exception; nested exception is java.io.UncheckedIOException: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:224)
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:117)
	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:306)
	... 48 common frames omitted
Caused by: java.io.UncheckedIOException: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
	at java.net.http/jdk.internal.net.http.HttpClientImpl.<init>(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientImpl.create(Unknown Source)
	at java.net.http/jdk.internal.net.http.HttpClientBuilderImpl.build(Unknown Source)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.<init>(BridgeServerImpl.java:128)
	at org.sonar.plugins.javascript.bridge.BridgeServerImpl.<init>(BridgeServerImpl.java:104)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Unknown Source)
	at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
	at org.springframework.beans.BeanUtils.instantiateClass(BeanUtils.java:211)
	... 50 common frames omitted
Caused by: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
	... 61 common frames omitted
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)
	at java.base/java.security.Provider$Service.newInstance(Unknown Source)
	at java.base/sun.security.jca.GetInstance.getInstance(Unknown Source)
	at java.base/sun.security.jca.GetInstance.getInstance(Unknown Source)
	at java.base/javax.net.ssl.SSLContext.getInstance(Unknown Source)
	at java.base/javax.net.ssl.SSLContext.getDefault(Unknown Source)
	... 61 common frames omitted
Caused by: java.security.KeyManagementException: null
	at java.base/sun.security.ssl.SSLContextImpl$DefaultManagersHolder.<clinit>(Unknown Source)
	at java.base/sun.security.ssl.SSLContextImpl$DefaultSSLContext.<init>(Unknown Source)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
	at java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Unknown Source)
	at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source)
	at java.base/java.security.Provider$Service.newInstanceOf(Unknown Source)
	at java.base/java.security.Provider$Service.newInstanceUtil(Unknown Source)
	... 66 common frames omitted

Stream failed

javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain
	at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(Unknown Source)
	at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(Unknown Source)
	at java.base/sun.security.ssl.SSLHandshake.consume(Unknown Source)
	at java.base/sun.security.ssl.HandshakeContext.dispatch(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)
	at java.base/java.security.AccessController.doPrivileged(Unknown Source)
	at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:339)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:410)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession.access$100(SSLIOSession.java:74)
	at org.apache.hc.core5.reactor.ssl.SSLIOSession$1.inputReady(SSLIOSession.java:201)
	at org.apache.hc.core5.reactor.InternalDataChannel.onIOEvent(InternalDataChannel.java:142)
	at org.apache.hc.core5.reactor.InternalChannel.handleIOEvent(InternalChannel.java:51)
	at org.apache.hc.core5.reactor.SingleCoreIOReactor.processEvents(SingleCoreIOReactor.java:178)
	at org.apache.hc.core5.reactor.SingleCoreIOReactor.doExecute(SingleCoreIOReactor.java:127)
	at org.apache.hc.core5.reactor.AbstractSingleCoreIOReactor.execute(AbstractSingleCoreIOReactor.java:86)
	at org.apache.hc.core5.reactor.IOReactorWorker.run(IOReactorWorker.java:44)
	at java.base/java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertificateException: None of the TrustManagers trust this certificate chain
	at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:61)
	at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.checkServerTrusted(CompositeX509ExtendedTrustManager.java:91)
	... 20 more
	Suppressed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
		at java.base/sun.security.validator.PKIXValidator.doBuild(Unknown Source)
		at java.base/sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
		at java.base/sun.security.validator.Validator.validate(Unknown Source)
		at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
		at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
		at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:53)
		at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$5(CompositeX509ExtendedTrustManager.java:91)
		at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
		... 21 more
	Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
		at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source)
		at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
		at java.base/java.security.cert.CertPathBuilder.build(Unknown Source)
		... 29 more
	Suppressed: java.security.cert.CertificateException: No X509ExtendedTrustManager implementation available
		at nl.altindag.ssl.trustmanager.DummyX509ExtendedTrustManager.checkServerTrusted(DummyX509ExtendedTrustManager.java:69)
		at nl.altindag.ssl.trustmanager.DelegatingX509ExtendedTrustManager.checkServerTrusted(DelegatingX509ExtendedTrustManager.java:53)
		at nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager.lambda$checkServerTrusted$2(HotSwappableX509ExtendedTrustManager.java:71)
		at nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager.checkTrusted(HotSwappableX509ExtendedTrustManager.java:92)
		at nl.altindag.ssl.trustmanager.HotSwappableX509ExtendedTrustManager.checkServerTrusted(HotSwappableX509ExtendedTrustManager.java:71)
		at nl.altindag.ssl.trustmanager.InflatableX509ExtendedTrustManager.lambda$checkServerTrusted$4(InflatableX509ExtendedTrustManager.java:119)
		at nl.altindag.ssl.trustmanager.InflatableX509ExtendedTrustManager.checkTrusted(InflatableX509ExtendedTrustManager.java:150)
		at nl.altindag.ssl.trustmanager.InflatableX509ExtendedTrustManager.checkServerTrusted(InflatableX509ExtendedTrustManager.java:119)
		at nl.altindag.ssl.trustmanager.CompositeX509ExtendedTrustManager.lambda$checkServerTrusted$5(CompositeX509ExtendedTrustManager.java:91)
		at nl.altindag.ssl.trustmanager.CombinableX509TrustManager.checkTrusted(CombinableX509TrustManager.java:41)
		... 21 more

Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'ClassRealm{javascript}-org.sonar.plugins.javascript.bridge.BridgeServerImpl': Bean instantiation via constructor failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.sonar.plugins.javascript.bridge.BridgeServerImpl]: Constructor threw exception; nested exception is java.io.UncheckedIOException: java.io.IOException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

The SSL certificate used by the SonarQube server is not trusted in the JDK truststore/keystore, but is trusted at the OS (Windows) level. To trust it in Eclipse, I have the following configuration in eclipse.ini:

-vmargs
-Djavax.net.ssl.keyStore=NONE
-Djavax.net.ssl.keyStoreType=Windows-my
-Djavax.net.ssl.trustStore=NONE
-Djavax.net.ssl.trustStoreType=Windows-ROOT

With this configuration, I never encountered an exception with the previous version of the plugin (10.0.1.81733), an I was able to correctly synchronize the bindings with the SonarQube server over HTTPS.
I think that this error may now be present due to the changes related to [SLE-843] - Jira.

To resolve this problem, I have tried to add the following vmargs to my eclipse.ini (according to https://docs.sonarsource.com/sonarlint/eclipse/team-features/advanced-configuration/#client-ssl-certificates):

-Dsonarlint.ssl.keyStorePassword=
-Dsonarlint.ssl.keyStore=NONE
-Dsonarlint.ssl.keyStoreType=Windows-my
-Dsonarlint.ssl.trustStorePassword=
-Dsonarlint.ssl.trustStore=NONE
-Dsonarlint.ssl.trustStoreType=Windows-ROOT

I have also tried to add a global environment variable called SONARLINT_JVM_OPTS to Windows, with the following content:

-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=Windows-my -Djavax.net.ssl.trustStore=NONE -Djavax.net.ssl.trustStoreType=Windows-ROOT -Dsonarlint.ssl.keyStore=NONE -Dsonarlint.ssl.keyStoreType=Windows-my -Dsonarlint.ssl.trustStore=NONE -Dsonarlint.ssl.trustStoreType=Windows-ROOT -Dsonarlint.ssl.keyStorePassword= -Dsonarlint.ssl.trustStorePassword=

But none of these solutions seems to fix the problem.

Hi @FlorentB,

This is indeed a breaking change we introduced in the latest release. Searching certificates at the OS level was causing too many problems on Windows, so we decided to stop doing that (see this ticket for more details).

And you are right, SonarLint now expects users to provide a few system properties, as described in the link you shared.

One thing that you missed is that SonarLint expects a separate trust store file to exist on disk, containing your certificate. You can find instructions on how to create a trust store and add your certificate to it on the web, there are a lot of tutorials. The following command should do the trick:

keytool -import -keystore C:/path/to/your/truststore -storepass password -noprompt -alias sonarqube-ssl -file your_certificate.cer

Then the last step is to provide the required system properties (the eclipse.ini method should work):

-Dsonarlint.ssl.trustStorePath=C:/path/to/your/truststore
-Dsonarlint.ssl.trustStorePassword=password
-Dsonarlint.ssl.trustStoreType=PKCS12

Please note that the first property differs from what you shared earlier: sonarlint.ssl.trustStorePath.
Please also note this is assuming the SSL certificate you mention is a server certificate and not a client certificate. If it’s a client certificate, what you need to create and configure is a key store.

Hope this helps

1 Like

Is there an official document somewhere explaining this breaking change and the new process for importing certficates? Placing the certificates in the cacerts file in the JDK does not appear to work either.

Hello @lweitzel,

There is no documentation on that yet. I can bring the topic to the team.

SonarLint bundles its own JDK, is it the one you modified? I would suggest to create a “standalone” trust store file and not use the cacerts file, since you would have to re-do it again after a SonarLint update.

Sorry for this tedious process

No, we pointed to our own JDK cacerts that Eclipse was using or OS. If I point the truststorePath to the cacerts in my JDK, wouldn’t that prevent me from having to redo every time there is a plugin update?

Hi @lweitzel,

just to be sure: As @Damien_Urruty said SonarLint itself is coming with its own JRE that is independent from the one coming bundled in Eclipse or what you have configured Eclipse to use (e.g. via the eclipse.ini file).
If you have your own managed JDK (or JRE) for Eclipse to rely on instead of the bundled one, we have documentation in place to do the same for SonarLint to pick up yours instead of using “ours”.

If your JDK contains all the certificates and configurations and you configured Eclipse to use it, when configuring SonarLint to use it (requiring a restart afterward), it should work. If not, then we can try to find the actual core of the issue.

Best,
Tobias

Thanks very much! Updating the JDK17 path in the SonarLint properties in Eclipse to point to the JDK already installed with the certificates fixed the issue.

1 Like

Hello Damien,

Thanks for your answer, I took the time to create a custom truststore containing the certificates I needed, and added the properties to eclipse.ini and it’s working.

But it would be nice to have a way to use the OS truststore to avoid having to add new certificates when the organisation I work for is making changes to the trusted certificates.

Damien,

In older versions we were able to use the parameter below in eclipse.ini to have the JDK load the certificates from the OS trust store:

-Djavax.net.ssl.trustStoreType=Windows-ROOT

Can we use the new parameter to do the same thing with the new plugin:

-Dsonarlint.ssl.trustStoreType=Windows-ROOT

We have done, what is marked as solution here and it indeed works. Thanks!

Would you mind, changing the code, so that it accepts relative paths (relative to eclipse installation) for the separate keystore?

It’s definitively a disadvantage compared to how it used to work before. But you’ll have your good reasons for this change. It needs to be documented at a prominent place though.

Hello guys,

Glad you managed to make this work again :slight_smile:

We know this configuration is not easy and involves a few manual steps. We are discussing documentation and product changes to improve the experience, hope we can make it simpler in the future

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.