gradle jenkins the trustAnchors parameter must be non-empty

環境：gradle6.2.2 + jdk9 + jenkins2.204.5 + docker19.03.8

服務器：aliyun ecs centos8

核心錯誤：the trustAnchors parameter must be non-empty

jenkins服務器invoke gradle script報錯如下：

Caused by: org.gradle.internal.resource.transport.http.HttpRequestException: Could not HEAD 'https://maven.aliyun.com/repository/spring-plugin/org/springframework/boot/spring-boot-dependencies/2.2.5.RELEASE/spring-boot-dependencies-2.2.5.RELEASE.pom'.
	at org.gradle.internal.resource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:101)
	at org.gradle.internal.resource.transport.http.HttpClientHelper.performRawHead(HttpClientHelper.java:76)
	at org.gradle.internal.resource.transport.http.HttpClientHelper.performHead(HttpClientHelper.java:80)
	at org.gradle.internal.resource.transport.http.HttpResourceAccessor.getMetaData(HttpResourceAccessor.java:66)
	at org.gradle.internal.resource.transfer.DefaultExternalResourceConnector.getMetaData(DefaultExternalResourceConnector.java:63)
	at org.gradle.internal.resource.transfer.AccessorBackedExternalResource.getMetaData(AccessorBackedExternalResource.java:201)
	at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator$1.call(BuildOperationFiringExternalResourceDecorator.java:61)
	at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator$1.call(BuildOperationFiringExternalResourceDecorator.java:58)
	at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:416)
	at org.gradle.internal.operations.DefaultBuildOperationExecutor$CallableBuildOperationWorker.execute(DefaultBuildOperationExecutor.java:406)
	at org.gradle.internal.operations.DefaultBuildOperationExecutor$1.execute(DefaultBuildOperationExecutor.java:165)
	at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:250)
	at org.gradle.internal.operations.DefaultBuildOperationExecutor.execute(DefaultBuildOperationExecutor.java:158)
	at org.gradle.internal.operations.DefaultBuildOperationExecutor.call(DefaultBuildOperationExecutor.java:102)
	at org.gradle.internal.operations.DelegatingBuildOperationExecutor.call(DelegatingBuildOperationExecutor.java:36)
	at org.gradle.internal.resource.BuildOperationFiringExternalResourceDecorator.getMetaData(BuildOperationFiringExternalResourceDecorator.java:58)
	at org.gradle.internal.resource.transfer.DefaultCacheAwareExternalResourceAccessor.lambda$getResource$1(DefaultCacheAwareExternalResourceAccessor.java:104)
	at org.gradle.cache.internal.ProducerGuard$AdaptiveProducerGuard.guardByKey(ProducerGuard.java:97)
	at org.gradle.internal.resource.transfer.DefaultCacheAwareExternalResourceAccessor.getResource(DefaultCacheAwareExternalResourceAccessor.java:86)
	at org.gradle.api.internal.artifacts.repositories.resolver.DefaultExternalResourceArtifactResolver.downloadByCoords(DefaultExternalResourceArtifactResolver.java:139)
	... 316 more
Caused by: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.base/sun.security.ssl.Alerts.getSSLException(Alerts.java:214)
	at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1969)
	at java.base/sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1921)
	at java.base/sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1904)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1436)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:436)
	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:384)
	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:374)
	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:393)
	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:186)
	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
	at org.gradle.internal.resource.transport.http.HttpClientHelper.performHttpRequest(HttpClientHelper.java:141)
	at org.gradle.internal.resource.transport.http.HttpClientHelper.performHttpRequest(HttpClientHelper.java:117)
	at org.gradle.internal.resource.transport.http.HttpClientHelper.executeGetOrHead(HttpClientHelper.java:106)
	at org.gradle.internal.resource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:97)
	... 335 more
Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:89)
	at java.base/sun.security.validator.Validator.getInstance(Validator.java:181)
	at java.base/sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:330)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:180)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:192)
	at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:133)
	at java.base/sun.security.ssl.ClientHandshaker.checkServerCerts(ClientHandshaker.java:1825)
	at java.base/sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1655)
	at java.base/sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:260)
	at java.base/sun.security.ssl.Handshaker.processLoop(Handshaker.java:1086)
	at java.base/sun.security.ssl.Handshaker.processRecord(Handshaker.java:1020)
	at java.base/sun.security.ssl.SSLSocketImpl.processInputRecord(SSLSocketImpl.java:1137)
	at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1074)
	at java.base/sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
	at java.base/sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1402)
	at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1429)
	... 351 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.base/java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200)
	at java.base/java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120)
	at java.base/java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104)
	at java.base/sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:86)
	... 366 more

idea報錯報錯如下：

FAILURE: Build failed with an exception.

* What went wrong:
A problem occurred configuring root project 'jdk9gradle'.
> Could not resolve all artifacts for configuration ':classpath'.
   > Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
     Required by:
         project :
      > Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
         > Could not get resource 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
            > Could not GET 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
               > java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
      > Could not resolve com.bmuschko:gradle-docker-plugin:6.4.0.
         > Could not get resource 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
            > Could not GET 'https://plugins.gradle.org/m2/com/bmuschko/gradle-docker-plugin/6.4.0/gradle-docker-plugin-6.4.0.pom'.
               > java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

出現該錯誤主要是因爲使用jdk9導致，jdk9之前默認在安裝目錄/lib/security/cacerts包含證書信息，centos6.5上是指向/etc/pki/java/cacerts的軟連接, 訪問https時，使用裏面的證書訪問https網站。

jdk9 安裝方式採用的壓縮包解壓安裝，jdk9安裝目錄/lib/security/cacerts文件內不包含證書信息，所以在jdk9環境下訪問https網站出現：the trustAnchors parameter must be non-empty

可以通過：keytool -list -keystore cacerts -storepass changeit 查看cacerts內包含的證書，jdk9的cacerts包含0個證書

在使用gradle構建過程中，默認使用JAVA_HOME的jdk內的cacerts，在jenkins環境上掛載的宿主機jdk9爲壓縮包形式安裝，當使用jenkins + jdk9 + gradle6構建java項目時，由於證書問題，在從倉庫(https://maven.aliyun.com/nexus/content/groups/public/ 、https://repo.maven.apache.org/maven2/)上下載依賴包時出現上述錯誤。

解決方法：

     centos8 的cacerts在：/etc/pki/ca-trust/extracted/java/cacerts , 可以將該cacert拷貝到jdk9/lib/security/內，也可以創建一個軟連接，這樣方式只能解決在宿主機上訪問https的問題，在docker上訪問jdk9內創建的軟連接無法使用，所以可以創建一個硬鏈接，ln /etc/pki/ca-trust/extracted/java/cacerts /usr/local/jdk9/lib/security/cacerts , 然後在invoke gradle script的task輸入框填寫參數： -Djavax.net.ssl.trustStore=/usr/local/jdk9/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.trustStoreType=jks 保存， 再次執行jenkins的gradle構建即可成功。

 

構建過程中還出現無法訪問或者訪問超時現象，因爲mavenCentral()默認地址爲：https://repo.maven.apache.org/maven2/

經常出現超時或者依賴下載失敗問題，可以使用阿里雲的倉庫解決訪問失敗問題：替換默認倉庫

repositories {
	mavenCentral name: "MavenRepo", artifactUrls: [
			"https://maven.aliyun.com/nexus/content/groups/public/",
			"https://maven.aliyun.com/repository/central",
			"https://maven.aliyun.com/repository/public",
	]
	jcenter {
		artifactUrls = ["https://maven.aliyun.com/repository/jcenter"]
	}
	maven { url "https://maven.aliyun.com/repository/spring-plugin"}
	maven { url 'https://maven.aliyun.com/repository/gradle-plugin'}
}