All geek questions in one place

How to add HTTPS certificates for Java application inside docker?

I have a Java application that makes an HTTP protected API POST request. When I ran it locally, the first time I got the following exception:

I/O error on POST request for "https://...
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

To fix this, I exported the certificate from Firefox and did the following:

sudo keytool -import -alias example -keystore  /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -file /path/to/certificate.der

Reboot and then it will work.

Now I want the application to run on Docker. So, as I already did, I am using the docker-maven-plugin from Spotify with openjdk as the base image. The first error appears again, so I'm trying to fix it the same way.

Using plugins:

<plugin>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.4.13</version>
<configuration>
    <useConfigFile>true</useConfigFile>
    <imageName>${project.artifactId}:${project.version}</imageName>
    <baseImage>openjdk:latest</baseImage>
    <imageTags>
        <imageTag>latest</imageTag>
        <imageTag>${project.version}</imageTag>
    </imageTags>
    <resources>
        <resource>
            <targetPath>/path/${project.artifactId}</targetPath>
            <directory>${project.build.directory}</directory>
            <include>${project.build.finalName}-jar-with-dependencies.jar</include>
        </resource>
        <resource>
            <targetPath>/path/${project.artifactId}</targetPath>
            <directory>${project.basedir}</directory>
            <include>certificate.der</include>
        </resource>
    </resources>
    <runs>
        <run>$JAVA_HOME/bin/keytool -import -noprompt -trustcacerts -alias example -file /path/certificate.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit</run>
        <run>chmod 555 /path</run>
        <run>chmod 444 /path/${project.build.finalName}-jar-with-dependencies.jar</run>
    </runs>
    <entryPoint>
        ["java", "-jar", "/path/${project.build.finalName}-jar-with-dependencies.jar"]
    </entryPoint>
</configuration>

Generated Docker File:

FROM openjdk:latest
ADD /path/application.jar /path/
ADD /path/certificate.der /path/
RUN $JAVA_HOME/bin/keytool -import -noprompt -trustcacerts -alias example -file /path/certificate.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
RUN chmod 555 /path
RUN chmod 444 /path/application.jar
ENTRYPOINT ["java", "-jar", "/path/application.jar"]

. , , , , . , , .

?

:)

+4

:

3324
Java?
3073
Java?

Source: https://habr.com/ru/post/1660409/

More articles:


All Articles