社内のPCに導入したEclipseから、gradleプロジェクトを作成しようとしたが、証明書エラーが出て、試行錯誤したので、メモ。
1. エラー内容
gradleプロジェクトを作成しようとした際に、HTTPS通信を行い、そこで「PKIX path building failed(PKIパスの構築に失敗)」とエラーになっていた。
最近、社内でWebプロキシの強化が行われ、CA証明書とWebproxy証明書を持ってないと、通信できなくなった影響と思われる。
Loading Gradle project preview failed due to an error connecting to the Gradle build.
Could not install Gradle distribution from 'https://services.gradle.org/distributions/gradle-3.5-bin.zip'.
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
unable to find valid certification path to requested target
org.gradle.tooling.GradleConnectionException: Could not install Gradle distribution from 'https://services.gradle.org/distributions/gradle-3.5-bin.zip'.
at org.gradle.tooling.internal.consumer.DistributionFactory$ZippedDistribution.getToolingImplementationClasspath(DistributionFactory.java:129)
at org.gradle.tooling.internal.consumer.loader.CachingToolingImplementationLoader.create(CachingToolingImplementationLoader.java:40)
at org.gradle.tooling.internal.consumer.loader.SynchronizedToolingImplementationLoader.create(SynchronizedToolingImplementationLoader.java:43)
at org.gradle.tooling.internal.consumer.connection.LazyConsumerActionExecutor.onStartAction(LazyConsumerActionExecutor.java:101)
at org.gradle.tooling.internal.consumer.connection.LazyConsumerActionExecutor.run(LazyConsumerActionExecutor.java:83)
at org.gradle.tooling.internal.consumer.connection.CancellableConsumerActionExecutor.run(CancellableConsumerActionExecutor.java:45)
at org.gradle.tooling.internal.consumer.connection.ProgressLoggingConsumerActionExecutor.run(ProgressLoggingConsumerActionExecutor.java:58)
at org.gradle.tooling.internal.consumer.connection.RethrowingErrorsConsumerActionExecutor.run(RethrowingErrorsConsumerActionExecutor.java:38)
at org.gradle.tooling.internal.consumer.async.DefaultAsyncConsumerActionExecutor$1$1.run(DefaultAsyncConsumerActionExecutor.java:55)
at org.gradle.internal.concurrent.ExecutorPolicy$CatchAndRecordFailures.onExecute(ExecutorPolicy.java:63)
at org.gradle.internal.concurrent.StoppableExecutorImpl$1.run(StoppableExecutorImpl.java:46)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
at org.gradle.tooling.internal.consumer.BlockingResultHandler.getResult(BlockingResultHandler.java:46)
at org.gradle.tooling.internal.consumer.DefaultModelBuilder.get(DefaultModelBuilder.java:50)
at org.gradle.tooling.internal.consumer.DefaultProjectConnection.getModel(DefaultProjectConnection.java:41)
at org.eclipse.buildship.core.workspace.internal.ConnectionAwareLauncherProxy.newBuildLauncher(ConnectionAwareLauncherProxy.java:79)
at org.eclipse.buildship.core.workspace.internal.DefaultGradleBuild.newBuildLauncher(DefaultGradleBuild.java:89)
at org.eclipse.buildship.ui.wizard.project.ProjectCreationWizard$NewGradleProjectInitializer.run(ProjectCreationWizard.java:284)
at org.eclipse.buildship.core.projectimport.ProjectPreviewJob.runToolingApiJobInWorkspace(ProjectPreviewJob.java:73)
at org.eclipse.buildship.core.util.progress.ToolingApiWorkspaceJob$1.run(ToolingApiWorkspaceJob.java:79)
at org.eclipse.buildship.core.util.progress.ToolingApiInvoker.invoke(ToolingApiInvoker.java:62)
at org.eclipse.buildship.core.util.progress.ToolingApiWorkspaceJob.runInWorkspace(ToolingApiWorkspaceJob.java:76)
at org.eclipse.core.internal.resources.InternalWorkspaceJob.run(InternalWorkspaceJob.java:39)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:56)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1546)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1474)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at org.gradle.wrapper.Download.downloadInternal(Download.java:66)
at org.gradle.wrapper.Download.download(Download.java:51)
at org.gradle.tooling.internal.consumer.DistributionInstaller$1.run(DistributionInstaller.java:129)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
... 15 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 21 more
2. 解決方法
あれこれ試したが、最終的には「Eclipse自身が用いているjavaのkeystoreにCA証明書とWebproxy証明書を導入する」で落ち着いた。
※Eclipse内のJavaが用いているkeystoreとは別物なので要注意。
(これで数時間ハマりました…)
2.1. CA証明書の導入
<Eclipseのパス>\eclipse\jre\bin>keytool -import -keystore <Eclipseのパス>\eclipse\jre\jre\lib\security\cacerts -alias CA -file <CA証明書までのパス>\ca.cer
2.2. Webproxy証明書の導入
<Eclipseのパス>\eclipse\jre\bin>keytool -import -keystore <Eclipseのパス>\eclipse\jre\jre\lib\security\cacerts -alias Webproxy -file <Webproxy証明書までのパス>\webproxy.cer
3. プロジェクト作成成功
:wrapper
:init
BUILD SUCCESSFUL
Total time: 10.028 secs
CONFIGURE SUCCESSFUL
Total time: 2.807 secs
CONFIGURE SUCCESSFUL
Total time: 4.953 secs
Download https://jcenter.bintray.com/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.pom
Download https://jcenter.bintray.com/org/apache/commons/commons-parent/39/commons-parent-39.pom
Download https://jcenter.bintray.com/org/apache/apache/16/apache-16.pom
Download https://jcenter.bintray.com/com/google/guava/guava/21.0/guava-21.0.pom
Download https://jcenter.bintray.com/com/google/guava/guava-parent/21.0/guava-parent-21.0.pom
Download https://jcenter.bintray.com/org/sonatype/oss/oss-parent/7/oss-parent-7.pom
Download https://jcenter.bintray.com/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1.jar
Download https://jcenter.bintray.com/com/google/guava/guava/21.0/guava-21.0.jar
Download https://jcenter.bintray.com/org/apache/commons/commons-math3/3.6.1/commons-math3-3.6.1-sources.jar
Download https://jcenter.bintray.com/com/google/guava/guava/21.0/guava-21.0-sources.jar
CONFIGURE SUCCESSFUL
Total time: 0.184 secs
:wrapper
:init
BUILD SUCCESSFUL
Total time: 0.327 secs
CONFIGURE SUCCESSFUL
Total time: 0.279 secs