PKIX path building failed: ... unable to find valid certification path to requested targetSo it was clear that maven was not passing the SSL system properties from my .mavenrc file:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| MAVEN_OPTS="-Djavax.net.ssl.keyStore=<YOU KEYSTORE FILE> \ | |
| -Djavax.net.ssl.keyStorePassword=<YOUR KEYSTORE PASSWORD> \ | |
| -Djavax.net.ssl.keyStoreType=JKS \ | |
| -Djavax.net.ssl.trustStore=<YOUR TRUSTSTORE FILE> \ | |
| -Djavax.net.ssl.trustStorePassword=<YOUR TRUSTSTORE PASSWORD> \ | |
| -Djavax.net.ssl.trustStoreType=JKS" |
This is what I discovered as I read more the documentation.
As it turns out, since the 2.1 release both "surefire" and "failsafe" maven plugins introduced the "optional" parameter to specify the "jvm" for a given test. I can see why it's a useful idea, but I missed to read the "small" foot print:
Option to specify the jvm (or path to the java executable) to use with the forking options. For the default, the jvm will be a new instance of the same VM as the one used to run Maven. JVM settings are not inherited from MAVEN_OPTS.This means that based on the "forkMode" option, a new VM will (potentially) be started. I tested this by trying the "forkMode=never" configuration. This made my test successfully call the secured web service. As I didn't like that approach, I opted for the plugin configuration approach using the "systemPropertiesVariables" configuration:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ... | |
| <plugin> | |
| <artifactId>maven-surefire-plugin</artifactId> | |
| <configuration> | |
| <systemPropertiesVariables> | |
| <property> | |
| <name>ssl.debug</name> | |
| <value>true</value> | |
| </property> | |
| <property> | |
| <name>javax.net.debug</name> | |
| <value>ssl,handshake,verbose</value> | |
| </property> | |
| <property> | |
| <name>javax.net.ssl.keyStore</name> | |
| <value>YOUR_KEYSTORE_FILE</value> | |
| </property> | |
| <property> | |
| <name>javax.net.ssl.keyStorePassword</name> | |
| <value>YOUR_KEYSTORE_PASSWORD</value> | |
| </property> | |
| <property> | |
| <name>javax.net.ssl.keyStoreType</name> | |
| <value>YOUR_KEYSTORE_TYPE</value> | |
| </property> | |
| <property> | |
| <name>javax.net.ssl.trustStore</name> | |
| <value>YOUR_TRUSTSTORE_FILE</value> | |
| </property> | |
| <property> | |
| <name>javax.net.ssl.trustStorePassword</name> | |
| <value>YOUR_TRUSTSTORE_PASSWORD</value> | |
| </property> | |
| <property> | |
| <name>javax.net.ssl.trustStoreType</name> | |
| <value>YOUR_TRUSTSTORE_TYPE</value> | |
| </property> | |
| </systemPropertiesVariables> | |
| </configuration> | |
| </plugin> | |
| ... |
Notice that I also added SSL debug flags to see more verbose logging. This configuration ensured that my test was getting the SSL flags needed to enable 2-way SSL and continue operations. This was a small "gotcha" of the "surefire" and "failsafe" plugins. I'm glad they actually documented this feature.
1 comment:
Thanks a lot for this codes. I was looking from last 20day and today got it.
Post a Comment