Background: In my company, we use a Nexus Maven repository hosted on a HTTPS server with company certificates. We provide Eclipse installations as chocolatey packages for developer machines.
An existing Eclipse 2023-03 package (as well as previous ones) is fine, but starting with 2023-06 I have a seemingly unfixable issue with the UI spitting a lot of errors on Maven dependency resolution (certificate related, "PKIX path building failed").
What I have tried:
eclipse.ini use a JDK installation that uses company certificates (-vm option; "normally" this works fine, but not for above case)cacerts in the JRE shipping with the Eclipse installation ("normally" this works fine, but not for above case)MAVEN_OPTS or in eclipse.ini - no effect, still seeing the error)I see in the Eclipse Preferences UI that "Maven dependency resolution will always be performed with the embedded Maven installation". It just appears to me I cannot convince it to use my companies' certificates. Has something changed in this Eclipse version? Is this potentially a bug? Does anyone have a suggestion as to how to convince (this part of) Eclipse to use my certificates for Maven dependency resolution?
Thanks!
Update: Additional information, based on comments to the question:
I have verified that the certificates are not expired; I have a small Java test application to access the HTTPS URL, and tried with various JVMs - all good (can be run from inside Eclipse too):
public class Demo {
public static void main(final String[] args) throws Throwable {
final String url = "https://COMPANYURL/";
System.out.printf("trying to read from %s%n%n", url);
final var target = new URL(url);
try (final var in = new BufferedReader(new InputStreamReader(target.openStream()))) {
String inputLine;
while ((inputLine = in.readLine()) != null) {
System.out.println(inputLine);
}
}
}
}
I tried to add the repository host to "Preferences > Install/Update > Trust > Authorities" and also tried with the "Trust all content" checkbox (since the problem is not with updating Eclipse plugins, I wonder if this is relevant in any case). The same error occurs.
I will try to give a minimal reproducible example on GitHub, but that is non-trivial and will take time (several day). This will involve
Finally, here is a log excerpt. All I can tell from it is that DefaultUpdateCheckManager seems unable to communicate with the repository, despite the certificates being present on JVM level:
!SESSION 2023-06-20 08:06:52.786 -----------------------------------------------
eclipse.buildId=4.28.0.20230608-1200
java.version=17.0.7
java.vendor=Eclipse Adoptium
BootLoader constants: OS=win32, ARCH=x86_64, WS=win32, NL=en_US
Framework arguments: -product org.eclipse.epp.package.jee.product
Command-line arguments: -os win32 -ws win32 -arch x86_64 -product org.eclipse.epp.package.jee.product
!SUBENTRY 1 org.eclipse.m2e.core 4 0 2023-06-20 08:10:17.701
!MESSAGE Could not calculate build plan: Plugin org.apache.maven.plugins:maven-resources-plugin:3.3.0 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-resources-plugin:jar:3.3.0
!STACK 0
org.apache.maven.plugin.PluginResolutionException: Plugin org.apache.maven.plugins:maven-resources-plugin:3.3.0 or one of its dependencies could not be resolved: Failed to read artifact descriptor for org.apache.maven.plugins:maven-resources-plugin:jar:3.3.0
at org.apache.maven.plugin.internal.DefaultPluginDependenciesResolver.resolve(DefaultPluginDependenciesResolver.java:125)
at org.eclipse.m2e.core.internal.project.registry.EclipsePluginDependenciesResolver.resolve(EclipsePluginDependenciesResolver.java:47)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.lambda$getPluginDescriptor$0(DefaultMavenPluginManager.java:178)
at org.apache.maven.plugin.DefaultPluginDescriptorCache.lambda$get$0(DefaultPluginDescriptorCache.java:72)
at java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1708)
at org.apache.maven.plugin.DefaultPluginDescriptorCache.get(DefaultPluginDescriptorCache.java:70)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.getPluginDescriptor(DefaultMavenPluginManager.java:176)
at org.apache.maven.plugin.internal.DefaultMavenPluginManager.getMojoDescriptor(DefaultMavenPluginManager.java:266)
at org.apache.maven.plugin.DefaultBuildPluginManager.getMojoDescriptor(DefaultBuildPluginManager.java:214)
at org.apache.maven.lifecycle.internal.DefaultLifecycleExecutionPlanCalculator.setupMojoExecution(DefaultLifecycleExecutionPlanCalculator.java:155)
at org.eclipse.m2e.core.internal.project.registry.MavenProjectFacade.lambda$5(MavenProjectFacade.java:547)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.executeBare(MavenExecutionContext.java:394)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:275)
at org.eclipse.m2e.core.internal.project.registry.MavenProjectFacade.setupMojoExecution(MavenProjectFacade.java:543)
at org.eclipse.m2e.core.internal.project.registry.MavenProjectFacade.getMojoExecution(MavenProjectFacade.java:525)
at org.eclipse.m2e.core.project.configurator.AbstractCustomizableLifecycleMapping.getBuildParticipants(AbstractCustomizableLifecycleMapping.java:71)
at org.eclipse.m2e.core.internal.builder.MavenBuilder$BuildMethod.lambda$1(MavenBuilder.java:107)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.executeBare(MavenExecutionContext.java:394)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:228)
at org.eclipse.m2e.core.internal.builder.MavenBuilder$BuildMethod.lambda$0(MavenBuilder.java:100)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.executeBare(MavenExecutionContext.java:394)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:275)
at org.eclipse.m2e.core.internal.embedder.MavenExecutionContext.execute(MavenExecutionContext.java:214)
at org.eclipse.m2e.core.internal.builder.MavenBuilder$BuildMethod.execute(MavenBuilder.java:83)
at org.eclipse.m2e.core.internal.builder.MavenBuilder.build(MavenBuilder.java:192)
at org.eclipse.core.internal.events.BuildManager$2.run(BuildManager.java:1020)
at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
at org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:247)
at org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:303)
at org.eclipse.core.internal.events.BuildManager$1.run(BuildManager.java:392)
at org.eclipse.core.runtime.SafeRunner.run(SafeRunner.java:45)
at org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.java:395)
at org.eclipse.core.internal.events.BuildManager.basicBuildLoop(BuildManager.java:506)
at org.eclipse.core.internal.events.BuildManager.basicBuildLoop(BuildManager.java:454)
at org.eclipse.core.internal.events.BuildManager.build(BuildManager.java:536)
at org.eclipse.core.internal.events.AutoBuildJob.doBuild(AutoBuildJob.java:196)
at org.eclipse.core.internal.events.AutoBuildJob.run(AutoBuildJob.java:289)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to read artifact descriptor for org.apache.maven.plugins:maven-resources-plugin:jar:3.3.0
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:242)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.readArtifactDescriptor(DefaultArtifactDescriptorReader.java:172)
at org.eclipse.aether.internal.impl.DefaultRepositorySystem.readArtifactDescriptor(DefaultRepositorySystem.java:268)
at org.apache.maven.plugin.internal.DefaultPluginDependenciesResolver.resolve(DefaultPluginDependenciesResolver.java:104)
... 37 more
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: The following artifacts could not be resolved: org.apache.maven.plugins:maven-resources-plugin:pom:3.3.0 (absent): org.apache.maven.plugins:maven-resources-plugin:pom:3.3.0 failed to transfer from https://COMPANYURL/repository/public-maven during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of UBSMavenRepository has elapsed or updates are forced. Original error: Could not transfer artifact org.apache.maven.plugins:maven-resources-plugin:pom:3.3.0 from/to UBSMavenRepository (https://COMPANYURL/repository/public-maven): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:456)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifacts(DefaultArtifactResolver.java:261)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolveArtifact(DefaultArtifactResolver.java:242)
at org.apache.maven.repository.internal.DefaultArtifactDescriptorReader.loadPom(DefaultArtifactDescriptorReader.java:231)
... 40 more
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: org.apache.maven.plugins:maven-resources-plugin:pom:3.3.0 failed to transfer from https://COMPANYURL/repository/public-maven during a previous attempt. This failure was cached in the local repository and resolution is not reattempted until the update interval of UBSMavenRepository has elapsed or updates are forced. Original error: Could not transfer artifact org.apache.maven.plugins:maven-resources-plugin:pom:3.3.0 from/to UBSMavenRepository (https://COMPANYURL/repository/public-maven): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at org.eclipse.aether.internal.impl.DefaultUpdateCheckManager.newException(DefaultUpdateCheckManager.java:214)
at org.eclipse.aether.internal.impl.DefaultUpdateCheckManager.checkArtifact(DefaultUpdateCheckManager.java:180)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.gatherDownloads(DefaultArtifactResolver.java:565)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.performDownloads(DefaultArtifactResolver.java:504)
at org.eclipse.aether.internal.impl.DefaultArtifactResolver.resolve(DefaultArtifactResolver.java:433)
... 43 more
Well, that is a bit curious. Thank you howlger for your assistance!
Indeed, it turns out that the "failed resolution" was cached in my local repository. Starting from an empty repository works. I also verified that after deleting the following files from my local repository the resolution works as well:
find ${localrepo} -type f -name m2e-lastUpdated.properties -exec rm {} \;
find ${localrepo} -type f -name "*.lastUpdated" -exec rm {} \;
So, the failed resolution probably came from a time when the JVM did not have the required certificates. It is a bit unfortunate that this turned out to be persistent (I would have expected the last update "cache" to expire, especially for failed resolution attempts).