Gradle build fails due to sun.security.validator.ValidatorException despite installing certificates

Question

I'm trying to run lenskit-hello according to their instructions. When I run ./gradlew build, I receive the error

(base) Briennas-MBP:lenskit-hello-master briennakh$ ./gradlew build
:compileJava

FAILURE: Build failed with an exception.

* What went wrong:
Could not resolve all dependencies for configuration ':compileClasspath'.
> Could not resolve org.lenskit:lenskit-all:3.0-M3.
  Required by:
      :lenskit-hello-master 4.50.57 AM:unspecified
   > Could not resolve org.lenskit:lenskit-all:3.0-M3.
      > Could not get resource 'https://repo1.maven.org/maven2/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
         > Could not GET 'https://repo1.maven.org/maven2/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
            > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
   > Could not resolve org.lenskit:lenskit-all:3.0-M3.
      > Could not get resource 'https://jcenter.bintray.com/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
         > Could not GET 'https://jcenter.bintray.com/org/lenskit/lenskit-all/3.0-M3/lenskit-all-3.0-M3.pom'.
            > sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

* Try:
Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output.

BUILD FAILED

Total time: 4.009 secs

I am using Java 1.8.0_241 (and only that one is installed) on MacOS Mojave 10.14.6. I've installed the most recent security updates, then restarted my computer. I have attempted this on my regular wifi and on my phone's hotspot.

I followed instructions in the accepted answer here, downloading the security certificates from both https://repo1.maven.org/maven2/org/lenskit/lenskit-all/3.0-M2/lenskit-all-3.0-M2.pom and https://oss.sonatype.org/content/repositories/snapshots/org/lenskit/lenskit-all/3.0-M2/lenskit-all-3.0-M2.pom and adding them to the keystore via the following command (only showing one of two):

keytool -import -alias maven -file /Users/briennakh/Downloads/maven.cer -keystore 
/Library/Java/JavaVirtualMachines/jdk1.8.0_241.jdk/Contents/Home/jre/lib/security/cacerts

Then if I check

keytool -list -keystore /Library/Java/JavaVirtualMachines/jdk1.8.0_241.jdk/Contents/Home/jre/lib/security/cacerts | grep maven

it shows that my certificate has been added, maven, Mar 17, 2020, trustedCertEntry, yet I'm still getting the same error when running ./gradlew build?

I also checked openssl x509 -in /Users/briennakh/Downloads/maven.pem -text to make sure that the certificate looks all right.

Answer 1

That SSL certificate is not self-signed to begin with, therefore it does not require manual adding. Try re-installing Java or set an alternate install location as $JAVA_HOME, with a default cacerts file. Something seems to be broken, as it should not reject the certificate for repo1.maven.org. ls -la $JAVA_HOME/jre/lib/security/cacerts says cacerts should have about 114757 bytes. If you're behind a firewall, you might need to configure a proxy for Gradle.

This should attempt an SSL session (not through Java):

$ openssl s_client -connect repo1.maven.org:443

---

This project also uses a rather outdated version of Gradle, eg:

distributionUrl=https\://services.gradle.org/distributions/gradle-5.6.4-all.zip