Apache Maven and keyStore/trustStore/X509Certificate

相關resource來源或位置

//maven設定查找
https://search.maven.org/artifact

//maven下載來源
https://repo.maven.apache.org/maven2/
https://repo1.maven.org/maven2/
//maven下載local位置
default:	C:\Users\XXX\.m2\repository

//環境變數
M2_HOME:	D:\apache-maven-3.8.4-bin\apache-maven-3.8.4\
MAVEN_HOME:	%M2_HOME%

//查看maven使用java
mvn --version

pom.xml設定

//Properties
They come in five different styles:
${env.PATH} 		contains the PATH environment variable.
${project.version}	<project><version>1.0</version></project> in pom.xml
${settings.offline}	<settings><offline>false</offline></settings> in settings.xml
${java.home}		All properties accessible via java.lang.System.getProperties() are available
${someVar}			<properties><someVar>value</someVar></properties> Set within a <properties /> element in the POM

maven問題排除

//eclipse
pom.xml會出現紅叉, 查看下方tab-Markers會出現"Maven Dependency Problem"字眼
可能出現Missing artifact XXX.jar.X.X.X, 可確認M2環境下是否有正確下載jar檔
若有正確下載, project explorer>Maven Dependencies下會出現jar檔
local repo設定: window>preferences>Maven>User Setting>Local Repository
update maven project:	alt+F5

//intellij
project>Maven>reload prject:update maven project
tab-Dependencies: check現行maven moudles使用的版本, 並各別指定版本upgrade
若有正確下載, project explorer>External Libraries>Maven:下會出現jar檔
local repo設定: window>preferences>Maven>User Setting>Local Repository
update maven project:	project右鍵>Maven>upload project
//有出現版本folder, 但沒有jar檔
刪除副檔名lastUpdated的檔案, 重新下載
確認有沒有ssl憑證問題

repo.maven.apach.org SSL憑證下載問題

確認使用的jre版本及位置

eclipse>window>preferences>java>installed JREs
project explorer>External Libraries

create maven project時, 跳出錯誤訊息, 內容有PKIX字樣: 可能因環境問題(公司), 導致repo.maven.apach.org的ssl憑證沒有下載儲存到java環境的certs檔, 需手動新增https://repo.maven.apache.org的ssl憑證

...This failure was cached in the local repository and resolution is not reattempted until the update interval of central has elapsed or updates are forced. Original error: Could not transfer artifact junit:junit:pom:3.8.2 from/to central (https://repo.maven.apache.org/maven2): PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to…

KeyStore 瀏覽工具

自動新增ssl憑證到keyStore工具

cd d:\tool\InstallCert-master

//compile
javac InstallCert.java

//run
java InstallCert repo.maven.apache.org:443

Loading KeyStore C:\Program Files\Zulu\zulu-11\lib\security\cacerts...	//確認是JAVA_HOME的路徑
Opening connection to repo.maven.apache.org:443 ...
Starting SSL handshake...	//曾有用工具, 但實際只有新增其中一項憑證, SSL handshake檢查確有過, 另外手動加入

//情境A:憑證不存在
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to...
...
Enter certificate to add to trusted keystore or 'q' to quit: [1]
-->直接 enter
...
將d:\installcert_tool\jssecacerts copy到java_home的lib\security下並RENAME

//情境B:憑證已存在
No errors, certificate is already trusted

Server sent 3 certificate(s):..

手動新增ssl憑證到keyStore

keytool -import -alias testcacerts -keystore d:\cacerts -file d:\testcacerts.cer

eclipse 預設cacerts 環境

D:\Tool\eclipse\eclipse-jee-2021-12-R-win32-x86_64\eclipse\eclipse.ini
...
-vm
plugins/org.eclipse.justj.openjdk.hotspot.jre.full.win32.x86_64_17.0.1.v20211116-1657/jre/bin
//cacerts要更新到這裡, marketplace才會過
...

不使用java cacerts, 改用windows trusted certs  參考

D:\Tool\eclipse\eclipse-jee-2021-12-R-win32-x86_64\eclipse\eclipse.ini
...
-vmargs
-Djavax.net.ssl.trustStore=NUL
-Djavax.net.ssl.trustStoreType=WINDOWS-ROOT
...

如何在JVM指定keyStore or trustStore?

//ToDo...

似乎可用windows或java cacerts的信任憑證檔?

https://stackoverflow.com/questions/17712417/how-to-configure-truststore-for-javax-net-ssl-truststore-on-windows
https://stackoverflow.com/questions/21833732/configure-truststore-in-tomcat
//程式寫死可過
	@Test
	void HttpsURLConnection_try_OK() throws IOException {
		System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Zulu\\zulu-11\\lib\\security\\cacerts");
		System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
		URL serverUrl = new URL("https://www.twblogs.net/");
		HttpURLConnection conn = (HttpURLConnection) serverUrl.openConnection();
		conn.setRequestMethod("GET");
		//conn.setRequestProperty("Content-type", "application/json");
		//必須設置false,否則會自動redirect到重定向後的地址
		conn.setInstanceFollowRedirects(false);
		conn.connect();
		//String result = getReturn(conn);
		
		StringBuffer buffer = new StringBuffer();
		//將返回的輸入流轉換成字符串
		try(
					InputStream inputStream = conn.getInputStream();
					InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "UTF-8");
					BufferedReader bufferedReader = new BufferedReader(inputStreamReader); ){
			String str = null;
			while ((str = bufferedReader.readLine()) != null) {
				buffer.append(str);
			}
			String result = buffer.toString();
			System.out.println(result);
		}
	}

關於JAVA發送Https請求(HttpsURLConnection和HttpURLConnection)