I am using gradle to build an Android project. When I try to run the build task, I get the following exception:
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Digging a little bit into it, I discovered that the problem is that I can't authenticate the site because I don't have the certificate in my cacerts file.
For some reason, the gradle wrapper can't GET this particular xml file. However, when I run:
curl https://jitpack.io/com/github/afollestad/material-dialogs/core/0.8.5.7/core-0.8.5.7.pom
I get a response with the XML content. If I open google chrome, I can also access the content and I can even check out the certificate.
I downloaded the certificate from jitpack.io and added to my cacerts file using this tutorial:
http://nerd-ability.blogspot.com.es/2013/01/tech-how-to-fix-sslpeerunverifiedexcept.html
For some reason, it looks like my JVM is not recognizing it.
For testing purposes, I even used the groovy task described in the tutorial to retrieve the xml, but it didn't work, I get the same error.
Can you help me to debug this?
Thank you.
PS: I checked the expiration date of the certificate it is still valid (I downloaded it today)
A little worried your being MITM'd but if you don't care then you could just download using http instead of https
$ curl http://jitpack.io/com/github/afollestad/material-dialogs/core/0.8.5.7/core-0.8.5.7.pom
Related
I am unable to create Maven projects and none of the dependencies are getting downloaded. Whenever I am creating new project, I am receiving below error screenshot:
Eclipse Error
Also, none of the maven commands are working, like mvn clean. Getting below error:
Maven Error
Unable to find valid certification path to requested target
This is usually a sign that someone or something is intercepting HTTPS traffic, and is messing with the certification path.
I have this problem with my company's network because our Cyber team use a magic HTTPS sniffing tool that replaces the certificate of the site you're trying to access with the company's certificate so that traffic can be monitored. (Forgive my noddy explanation)
If you're not behind a corporate proxy or a proxy owned by someone who you know manages your internet connection, then you may have security issues that are way beyond the scope of what I'm explaining here!
Anyway, the solution for me was to go to the URL maven is trying to download from (in your case, https://repo.spring.io ) and download the certificate from your web browser (this varies by browser type, but you can google 'how to download certificate from mybrowser.
You can then add that certificate to your local JDK certificate store. Here are the Oracle instructions for installing a root CA in your truststore: https://docs.oracle.com/cd/E19906-01/820-4916/geygn/index.html
jarsigner is not working in java , therefor the build fails
[signjar] jarsigner: unable to sign jar: no response from the Timestamping Authority. When connecting from behind a firewall an HTTP or HTTPS proxy may need to be specified. Supply the following options to jarsigner:
[signjar] -J-Dhttp.proxyHost=<hostname>
[signjar] -J-Dhttp.proxyPort=<portnumber>
[signjar] or
[signjar] -J-Dhttps.proxyHost=<hostname>
[signjar] -J-Dhttps.proxyPort=<portnumber>
There is no error in the project build path. All the dependencies are imported in the build path.
Here's the problem as I understand it:
Your are attempting to build a project with an Ant "build.xml" file.
You are running the build from within Eclipse.
You are running Eclipse in a VM that has no internet access.
The build fails during JAR signing when jarsigner attempts to talk to a time stamp authority (TSA). Internet access is required to talk to a TSA.
Also I am not sure why is this error encountered.
It is because you are trying to use signature timestamps, and your build system doen't have direct internet access, and you haven't provided a http or https proxy in the appropriate fashion for jarsigner to use.
There are a couple of ways to solve this. (The following is based on the documentation. I haven't tested this.)
If you have an internet proxy available:
The simplest way is to edit the "signjar" task in your "build.xml" and add "tsaproxyhost" and "tsaproxyport" attributes as described in the Ant manual.
If you are building on the command line1, you should just be able to follow Ant instructions for Proxy Configuration. (There are two approaches ...)
If you are running the build using Eclipse, then you could find the Eclipse "runner" configuration that is used to run Ant, and then add command line as per the previous bullet.
(I think that the error message that talks about -J-D... options is coming from the jarsigner utility itself. That advice is only directly applicable if you are running jarsigner directly from the command line. That is, of course, another option.)
If you don't have a working proxy (or you are just fed up) the other alternative is to edit the "signjar" task to disable signing. Removing the "tsaurl" and "tsacert" attributes should do it.
Disabling timestamps will give you a signed JAR without signature timestamps. The significance is explained by the Oracle Signature Timestamp Support documentation:
"Prior to J2SE 5.0, the signature generated by jarsigner contained no information about w hen the signature was generated. With no other information available, systems/deployers (including users of the Java Plug-in) often based their validity assessment of a signed JAR file on the validity of the signing certificate. When the signing certificate expires, systems/deployers conclude that the signature, and hence, the JAR file, has expired. Because signing certificates typically expire annually, this caused customers significant problems by forcing them to re-sign deployed JAR files annually.
Starting in J2SE 5.0, jarsigner can generate signatures that include a timestamp, thus enabling systems/deployer (including Java Plug-in) to check whether the JAR file was signed while the signing certificate was still valid. In addition, APIs were added in J2SE 5.0 to allow applications to obtain the timestamp information."
1 - I recommend you download and install a free-standing Ant, so that you can run builds from command line.
I am using Intelliji Idea. When I try to push my project to github repository I getting this message for 2 times:
And then I get this message:
What I need to do to push my project?
Such issues usually occur when there is no SSH-key configured, or IDE could not find it. AS a test, check push from command line to make sure SSH access is configured correctly. Make sure you have the ssh key and it is added to GitHub. See https://help.github.com/articles/connecting-to-github-with-ssh/
The error is rather generic, unfortunately. There are request to show more details and improve error reporting - see https://youtrack.jetbrains.com/issue/IDEA-72176 and https://youtrack.jetbrains.com/issue/IDEA-168179
At the moment, when some git operation fails, you could always check a more detailed output of the git command using the Console tab of the Version Control toolwindow.
I've been trying to solve this problem for 3 days now and I simply can't find a solution.
So, I have downloaded the Jruby-complete-1.7.3 jar. After which, I have attempted to install the gem 'nokogiri' using the basic method:
java -jar jruby-complete-1.7.3 -S gem install nokogiri
In addition, I have a separate jar which was created using the Gem-In-A-Jar method. Note that this extra jar is only a result of trying to fix the problem below.
In both cases, when I test it out via the irb, it shows me the following:
require 'nokogiri'
=> true
Now, the problem arises when I try to use the jruby jar in an applet within my web application. To be specific, I'll mention that I can load the jar itself and interact with it from my applet, if I don't try to access any gem files (specifically nokogiri in this case). However, to make this happen, I am required to sign the jar.
If the jar is unsigned, it fails to work, as my Ruby instance fails to be created. When it is signed, it works fine.
The issue is that once the jar is signed, I attempt to call the same command I did before, and I get the following error:
require 'nokogiri'
LoadError: load error: nokogiri/nokogiri -- java.lang.RuntimeException:
(LoadError) class "nokogiri.EncodingHandler$INVOKDER$s$1$0$get"'s signer
information does not match signer information of other classes in the same
package.
I've been searching around quite a bit in regards to the cause and potential solutions to this error, but I am unable to figure out why the gem itself is causing it. While using the Gem-In-A-Jar method, I did use the same key to sign the gem_jar.
UPDATE: Turns out I was wrong. Each gem installed comes with its own jar file within the lib directory. These jars need to be signed with the same key. After doing so, the above issue was resolved. However, the one below remains.
Additionally, when I attempt to run it in my web-application, I get the following message:
classpath:/META-INF/jruby.home/lib/ruby/shared/rubygems.rb:396 warning:
can't canonicalize loaded names due to security restrictions; disabling
I assume this is the exception thrown when the error mentioned above occurs, but I can't say for sure.
I would sincerely appreciate anyone that can tell me what I've done wrong, or provide suggestions on how to fix it. If I have phrased the question wrong or have not provided enough information, do let me know.
Thanks
One solution is to use the SDK tools to strip the signatures from every Jar and digitally sign them all freshly.
I am trying to create a Confluence plugin. I have been following theses instructions.
However when I run the atlas-create-confluence-plugin command maven throws SSL errors trying to get resource from https://m2proxy.atlassian.com/repository/public/.
alt text http://img46.imageshack.us/img46/6281/mavenssl.jpg
Do I need to change a setting in my configuration?
System setup: Windows Vista, with Apache Maven 2.1.0 (r755702; 2009-03-18 19:10:27+0000)
Accessing a repository over SSL is not really a Maven issue (which uses HttpClient under the hood and at the end classes from the java.net package), this is a pure Java issue: the certificate of the remote repository has to be trusted i.e. the CA root certificate for this certificate has to be in the cacerts file bundled in the JRE or you need to establish a chain of trust manually.
In the particular case of https://m2proxy.atlassian.com/, the certificate has been issued by DigiCert CA.
The odd part is that recent JDKs (Java 5u15 or later or Java 6u5 or later, see Bug ID:6647251) have a CA root certificate for DigiCert. So, with a recent JDK, things should just work (unless you have a proxy doing some black magic like in this issue).
If you are using an older JDK and can't upgrade, export the certificate from your browser, use keytool to add it to a trust store and setup Java to use this trust store (using the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword system properties). See the Maven mini guide and/or this blog post for more details on how to do this.
But the easiest way would be to use a recent JDK.
OK this looks like I got the question wrong.
For some reason maven was not downloading the maven-confluence-plugin-3.0.5.jar file. I had to manually download this file from the URL and add it in the correct location .m2 directory.
After that the whole process worked fine.
In most cases, Pascal's answer is the way to go. However, if you're building Maven itself, it doesn't work (as of Maven 3.2.3, at least), because ant fails to pass the necessary javax.net properties when it calls the MavenCli class to let Maven build the remainder of Maven.
The solution to this problem is to modify the build.xml file in the root of the maven source directory, and add these lines to the maven-compile target:
<arg value="-Djavax.net.ssl.trustStore=/path/to/trustStore" />
<arg value="-Djavax.net.ssl.trustStorePassword=TrustStorePassword" />
in windows doing the following helped with command line execution
SET MAVEN_OPTS=-Djavax.net.ssl.trustStore="C:\Program Files\Java\jdk1.8.0_201
jre\lib\security\cacerts"
the error I got was as follows
Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
(one could also adjust mvn.cmd...)
hope this hepls