Quarkus tests fails mTLS authentication against internal Maven repository #15461

tveon · 2021-03-04T08:52:29Z

Describe the bug
Our internal Maven repository is using mTLS as part of the authentication, which requires a bit additional configuration of Maven. This configuration is, however, not picked up by the Quarkus bootstrapper, which then throws an exception when running test.

Expected behavior
The javax.net.ssl.* properties from MAVEN_OPTS are successfully used to configure the HTTPS connection.

Actual behavior
I hope, this is "clear and concise". 🙂

[INFO] -------------------------------------------------------
[INFO]  T E S T S
[INFO] -------------------------------------------------------
[INFO] Running org.acme.getting.started.GreetingResourceTest
Downloading from tradeshift-public: https://maven.tradeshift.net/content/repositories/tradeshift-public/org/glassfish/jakarta.json/1.1.6/jakarta.json-1.1.6.pom
[ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 2.131 s <<< FAILURE! - in org.acme.getting.started.GreetingResourceTest
[ERROR] org.acme.getting.started.GreetingResourceTest.testHelloEndpoint  Time elapsed: 0.003 s  <<< ERROR!
java.lang.RuntimeException: io.quarkus.bootstrap.BootstrapException: Failed to create the application model for org.acme:getting-started::jar:1.0.0-SNAPSHOT
Caused by: io.quarkus.bootstrap.BootstrapException: Failed to create the application model for org.acme:getting-started::jar:1.0.0-SNAPSHOT
Caused by: io.quarkus.bootstrap.resolver.maven.BootstrapMavenException: Failed to resolve dependencies for org.acme:getting-started:jar:1.0.0-SNAPSHOT
Caused by: org.eclipse.aether.resolution.DependencyResolutionException: Failed to collect dependencies at io.quarkus:quarkus-junit5:jar:1.12.1.Final -> io.quarkus:quarkus-test-common:jar:1.12.1.Final -> io.quarkus:quarkus-jsonp-deployment:jar:1.12.1.Final -> io.quarkus:quarkus-jsonp:jar:1.12.1.Final -> org.glassfish:jakarta.json:jar:1.1.6
Caused by: org.eclipse.aether.collection.DependencyCollectionException: Failed to collect dependencies at io.quarkus:quarkus-junit5:jar:1.12.1.Final -> io.quarkus:quarkus-test-common:jar:1.12.1.Final -> io.quarkus:quarkus-jsonp-deployment:jar:1.12.1.Final -> io.quarkus:quarkus-jsonp:jar:1.12.1.Final -> org.glassfish:jakarta.json:jar:1.1.6
Caused by: org.eclipse.aether.resolution.ArtifactDescriptorException: Failed to read artifact descriptor for org.glassfish:jakarta.json:jar:1.1.6
Caused by: org.eclipse.aether.resolution.ArtifactResolutionException: Could not transfer artifact org.glassfish:jakarta.json:pom:1.1.6 from/to tradeshift-public (https://maven.tradeshift.net/content/repositories/tradeshift-public): Transfer failed for https://maven.tradeshift.net/content/repositories/tradeshift-public/org/glassfish/jakarta.json/1.1.6/jakarta.json-1.1.6.pom
Caused by: org.eclipse.aether.transfer.ArtifactTransferException: Could not transfer artifact org.glassfish:jakarta.json:pom:1.1.6 from/to tradeshift-public (https://maven.tradeshift.net/content/repositories/tradeshift-public): Transfer failed for https://maven.tradeshift.net/content/repositories/tradeshift-public/org/glassfish/jakarta.json/1.1.6/jakarta.json-1.1.6.pom
Caused by: org.apache.maven.wagon.TransferFailedException: Transfer failed for https://maven.tradeshift.net/content/repositories/tradeshift-public/org/glassfish/jakarta.json/1.1.6/jakarta.json-1.1.6.pom
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Notice, that all dependencies to this point have been downloaded successfully, and it is also possible to run mvn quarkus:dev.

To Reproduce

Steps to reproduce the behavior:

Configure Maven to use a repository using mTLS authentication
Bootstrap any Quarkus project
Run mvn test

Configuration
N/A

Screenshots
N/A - but see the stacktrace above.

Environment (please complete the following information):

Output of uname -a or ver: Darwin c02z707plvdv-c 19.6.0 Darwin Kernel Version 19.6.0: Tue Jan 12 22:13:05 PST 2021; root:xnu-6153.141.16~1/RELEASE_X86_64 x86_64
Output of java -version:

openjdk version "1.8.0_282"
OpenJDK Runtime Environment (Zulu 8.52.0.23-CA-macosx) (build 1.8.0_282-b08)
OpenJDK 64-Bit Server VM (Zulu 8.52.0.23-CA-macosx) (build 25.282-b08, mixed mode)

GraalVM version (if different from Java): Not used
Quarkus version or git rev: 1.12.1.Final
Build tool (ie. output of mvnw --version or gradlew --version):

Apache Maven 3.6.3 (cecedd343002696d0abb50b32b541b8a6ba2883f)
Maven home: /Users/thomasvestergaardtrolle/.asdf/installs/maven/3.6.3
Java version: 1.8.0_282, vendor: Azul Systems, Inc., runtime: /Users/thomasvestergaardtrolle/.asdf/installs/java/zulu-8.52.0.23/zulu-8.jdk/Contents/Home/jre
Default locale: da_DK, platform encoding: UTF-8
OS name: "mac os x", version: "10.15.7", arch: "x86_64", family: "mac"

Additional context
🤔

The text was updated successfully, but these errors were encountered:

quarkus-bot · 2021-03-04T08:52:31Z

/cc @quarkusio/devtools

rquinio · 2021-03-05T10:12:08Z

You might try passing the javax.net.ssl.* system properties via Maven surefire plugin <systemPropertyVariables> ?
Since QuarkusTests do a Maven resolution (directly using Aether, not via Maven CLI) of the augmentation classpath, I'd imagine surefire JVM settings are taken into account.

tveon · 2021-03-05T10:43:48Z

Nice, that actually "just worked". 👍

If anyone comes accros this later, then I add the following lines:

            <javax.net.ssl.keyStoreType>${javax.net.ssl.keyStoreType}</javax.net.ssl.keyStoreType>
            <javax.net.ssl.keyStore>${javax.net.ssl.keyStore}</javax.net.ssl.keyStore>
            <javax.net.ssl.keyStorePassword>${javax.net.ssl.keyStorePassword}</javax.net.ssl.keyStorePassword>

Depending on your exact setup, you might also need to add a trustStore...

famod · 2021-03-05T10:52:27Z

Great to hear to you could solve this via configuration!

@aloubyansky WDYT, should we add a hint to the documentation or just close this right away?

aloubyansky · 2021-03-05T11:14:41Z

It's worth to mention this in the docs. Not sure whether we can add support for it propagating these automatically.

famod · 2021-03-05T19:51:46Z

Not sure whether we can add support for it propagating these automatically.

I don't think so, unless we create a mojo that runs before surefire and somehow "injects" certain properties into it. But I think only Maven extensions can do that.
${maven.home} was added to the project generation etc. for the same reason.

aloubyansky · 2021-03-05T20:11:09Z

That's kind of what I was thinking about. Perhaps it doesn't have to be even a mojo. Extensions are enabled for quarkus-maven-plugin.

famod · 2021-03-05T21:40:48Z

I see one problem for multi-module projects in which you typically only have the quarkus-plugin in one (aggregating) module, but @QuarkusTest classes can exist in every module. You'd need to add the quarkus-plugin there as well (or in a common parent).

aloubyansky · 2021-03-05T22:10:22Z

Right. It should be documented first. Would you like to do that?

geoand · 2023-07-25T14:15:42Z

Is this still relevant?

This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [flow-bin](https://github.com/flowtype/flow-bin) ([changelog](https://github.com/facebook/flow/blob/master/Changelog.md)) | devDependencies | minor | [`^0.214.0` -> `^0.215.0`](https://renovatebot.com/diffs/npm/flow-bin/0.214.0/0.215.1) | | [org.liquibase:liquibase-maven-plugin](http://www.liquibase.org/liquibase-maven-plugin) ([source](https://github.com/liquibase/liquibase)) | build | patch | `4.23.0` -> `4.23.1` | | [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.2.3.Final` -> `3.3.0` | | [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | minor | `3.2.3.Final` -> `3.3.0` | | [org.apache.maven.plugins:maven-enforcer-plugin](https://maven.apache.org/enforcer/) | build | minor | `3.3.0` -> `3.4.0` | --- ### Release Notes <details> <summary>flowtype/flow-bin</summary> ### [`v0.215.1`](flow/flow-bin@a92ce80...cbb038f) [Compare Source](flow/flow-bin@a92ce80...cbb038f) ### [`v0.215.0`](flow/flow-bin@ca11e28...a92ce80) [Compare Source](flow/flow-bin@ca11e28...a92ce80) </details> <details> <summary>liquibase/liquibase</summary> ### [`v4.23.1`](https://github.com/liquibase/liquibase/blob/HEAD/changelog.txt#Liquibase-4231-is-a-patch-release) [Compare Source](liquibase/liquibase@v4.23.0...v4.23.1) </details> <details> <summary>quarkusio/quarkus</summary> ### [`v3.3.0`](https://github.com/quarkusio/quarkus/releases/tag/3.3.0) [Compare Source](quarkusio/quarkus@3.2.4.Final...3.3.0) ##### Complete changelog - [#35350](quarkusio/quarkus#35350) - Fix package type system property clearing - [#35348](quarkusio/quarkus#35348) - quarkus-maven-plugin runs native building even if the profile is commented out - [#35343](quarkusio/quarkus#35343) - ArC: fix StackOverflowError in AutoAddScopeBuildItem - [#35319](quarkusio/quarkus#35319) - Register arrays of Hibernate ORM's JDBC basic types for reflection - [#35315](quarkusio/quarkus#35315) - Fix Datasource timing issues with Liquibase / Flyway and OpenTelemetry - [#35314](quarkusio/quarkus#35314) - Regression in 3.3.0.CR1: Synthetic bean instance for io.opentelemetry.api.OpenTelemetry not initialized yet - [#35312](quarkusio/quarkus#35312) - Updates Infinispan to 14.0.13.Final - [#35308](quarkusio/quarkus#35308) - Lock jib execution to avoid OverlappingFileLockException in parallel builds - [#35305](quarkusio/quarkus#35305) - Fix the titles of the tables in RESTEasy Reactive doc - [#35302](quarkusio/quarkus#35302) - Docs: Mention wilcard support in resteasy reactive XML serialisation exclude classes configuration - [#35301](quarkusio/quarkus#35301) - Fix potential NPE in quarkus-csrf-reactive when no MediaType is found - [#35299](quarkusio/quarkus#35299) - Output build graph using `quarkus.builder.graph-output` property - [#35285](quarkusio/quarkus#35285) - NullPointerException during http post request when quarkus-csrf-reactive extension is added to a project - [#35283](quarkusio/quarkus#35283) - Upgrade proto-google-common-protos to 2.23.0 - [#35282](quarkusio/quarkus#35282) - Avoid keeping references to BytecodeRecorderImpl - [#35276](quarkusio/quarkus#35276) - Reinstate DevModeTestUtil to avoid breaking other projects that depend on it - [#35273](quarkusio/quarkus#35273) - Fix small typo in comment - [#35263](quarkusio/quarkus#35263) - Stop the recovery service while ArC is still around - [#35245](quarkusio/quarkus#35245) - Add missing info to init Jobs - [#35244](quarkusio/quarkus#35244) - Init Jobs are missing ServiceAccount and Image Pull Secrets - [#35240](quarkusio/quarkus#35240) - Update SmallRye Health to 4.0.4 - [#34071](quarkusio/quarkus#34071) - 3.1.1 Final - java.lang.IllegalArgumentException: Class java.util.UUID\[] is instantiated reflectively but was never registered - [#32800](quarkusio/quarkus#32800) - Duplicated checks in health check response - [#11903](quarkusio/quarkus#11903) - Gradle multimodule project + quarkus-container-image-jib: OverlappingFileLockException ### [`v3.2.4.Final`](https://github.com/quarkusio/quarkus/releases/tag/3.2.4.Final) [Compare Source](quarkusio/quarkus@3.2.3.Final...3.2.4.Final) ##### Complete changelog - [#35300](quarkusio/quarkus#35300) - Fix `jandex-gradle-plugin-version` in CDI Reference - [#35296](quarkusio/quarkus#35296) - Upgrade H2 to 2.2.220 - [#35258](quarkusio/quarkus#35258) - CDI Reference 1.1 has incomplete information for gradle - [#35255](quarkusio/quarkus#35255) - Quartz: QuarkusMSSQLDelegate should extends MSSQLDelegate - [#35211](quarkusio/quarkus#35211) - Document Maven config options that may be relevant when running tests - [#35203](quarkusio/quarkus#35203) - Pass Maven user settings when initializing artifact resolver - [#35193](quarkusio/quarkus#35193) - OpenTelemetry service name should have higher priority than app name when no resource attributes are set - [#35189](quarkusio/quarkus#35189) - Quarkus CLI fixes - [#35188](quarkusio/quarkus#35188) - SmallRyeGraphQLOverWebSocketHandler: use order value > Integer.MIN_VALUE - [#35181](quarkusio/quarkus#35181) - REST Data with Panache should not produce links when hal is disabled - [#35174](quarkusio/quarkus#35174) - Ensure the narayana-jta extension fully shuts down the recovery manager - [#35172](quarkusio/quarkus#35172) - Kafka Streams: restore the feature name at Quarkus startup - [#35171](quarkusio/quarkus#35171) - kafka-streams: feature not listed on startup - [#35165](quarkusio/quarkus#35165) - Propagate all user methods in REST Data with Panache - [#35160](quarkusio/quarkus#35160) - Properly use internal links to point to other guides - [#35140](quarkusio/quarkus#35140) - ArC: fix deadlock when calling guarded methods on the same thread - [#35136](quarkusio/quarkus#35136) - Deadlock while calling write-locked method from read-locked method - [#34908](quarkusio/quarkus#34908) - `@RouteFilter` stopped working with WebSocket requests Quarkus 3.2.0.Final - [#34875](quarkusio/quarkus#34875) - Quarkus build does not work since 3.2.0 with teamcity/plexus launcher - [#34713](quarkusio/quarkus#34713) - Option to track build configuration for changes between builds - [#34576](quarkusio/quarkus#34576) - Live reload stopped working on 3.2 when using XA transactions - [#34514](quarkusio/quarkus#34514) - Support `@WithUnnamedKey` in documentation - [#34065](quarkusio/quarkus#34065) - Add support for project Java version update based on extensions - [#33317](quarkusio/quarkus#33317) - OpenTelemetry SDK autoconfiguration ignores OTEL service name in favor of Quarkus app name - [#15461](quarkusio/quarkus#15461) - Quarkus tests fails mTLS authentication against internal Maven repository </details> <details> <summary>quarkusio/quarkus-platform</summary> ### [`v3.3.0`](quarkusio/quarkus-platform@3.2.4.Final...3.3.0) [Compare Source](quarkusio/quarkus-platform@3.2.4.Final...3.3.0) ### [`v3.2.4.Final`](quarkusio/quarkus-platform@3.2.3.Final...3.2.4.Final) [Compare Source](quarkusio/quarkus-platform@3.2.3.Final...3.2.4.Final) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [x] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

…s-googlecloud-jsonlogging!17) This MR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [io.quarkus:quarkus-extension-processor](https://github.com/quarkusio/quarkus) | | minor | `3.2.3.Final` -> `3.3.0` | | [io.quarkus:quarkus-extension-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.2.3.Final` -> `3.3.0` | | [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | minor | `3.2.3.Final` -> `3.3.0` | | [io.quarkus:quarkus-bom](https://github.com/quarkusio/quarkus) | import | minor | `3.2.3.Final` -> `3.3.0` | --- ### Release Notes <details> <summary>quarkusio/quarkus</summary> ### [`v3.3.0`](quarkusio/quarkus@3.2.4.Final...3.3.0) [Compare Source](quarkusio/quarkus@3.2.4.Final...3.3.0) ### [`v3.2.4.Final`](https://github.com/quarkusio/quarkus/releases/tag/3.2.4.Final) [Compare Source](quarkusio/quarkus@3.2.3.Final...3.2.4.Final) ##### Complete changelog - [#35300](quarkusio/quarkus#35300) - Fix `jandex-gradle-plugin-version` in CDI Reference - [#35296](quarkusio/quarkus#35296) - Upgrade H2 to 2.2.220 - [#35258](quarkusio/quarkus#35258) - CDI Reference 1.1 has incomplete information for gradle - [#35255](quarkusio/quarkus#35255) - Quartz: QuarkusMSSQLDelegate should extends MSSQLDelegate - [#35211](quarkusio/quarkus#35211) - Document Maven config options that may be relevant when running tests - [#35203](quarkusio/quarkus#35203) - Pass Maven user settings when initializing artifact resolver - [#35193](quarkusio/quarkus#35193) - OpenTelemetry service name should have higher priority than app name when no resource attributes are set - [#35189](quarkusio/quarkus#35189) - Quarkus CLI fixes - [#35188](quarkusio/quarkus#35188) - SmallRyeGraphQLOverWebSocketHandler: use order value > Integer.MIN_VALUE - [#35181](quarkusio/quarkus#35181) - REST Data with Panache should not produce links when hal is disabled - [#35174](quarkusio/quarkus#35174) - Ensure the narayana-jta extension fully shuts down the recovery manager - [#35172](quarkusio/quarkus#35172) - Kafka Streams: restore the feature name at Quarkus startup - [#35171](quarkusio/quarkus#35171) - kafka-streams: feature not listed on startup - [#35165](quarkusio/quarkus#35165) - Propagate all user methods in REST Data with Panache - [#35160](quarkusio/quarkus#35160) - Properly use internal links to point to other guides - [#35140](quarkusio/quarkus#35140) - ArC: fix deadlock when calling guarded methods on the same thread - [#35136](quarkusio/quarkus#35136) - Deadlock while calling write-locked method from read-locked method - [#34908](quarkusio/quarkus#34908) - `@RouteFilter` stopped working with WebSocket requests Quarkus 3.2.0.Final - [#34875](quarkusio/quarkus#34875) - Quarkus build does not work since 3.2.0 with teamcity/plexus launcher - [#34713](quarkusio/quarkus#34713) - Option to track build configuration for changes between builds - [#34576](quarkusio/quarkus#34576) - Live reload stopped working on 3.2 when using XA transactions - [#34514](quarkusio/quarkus#34514) - Support `@WithUnnamedKey` in documentation - [#34065](quarkusio/quarkus#34065) - Add support for project Java version update based on extensions - [#33317](quarkusio/quarkus#33317) - OpenTelemetry SDK autoconfiguration ignores OTEL service name in favor of Quarkus app name - [#15461](quarkusio/quarkus#15461) - Quarkus tests fails mTLS authentication against internal Maven repository </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this MR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this MR, check this box --- This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

tveon added the kind/bug Something isn't working label Mar 4, 2021

quarkus-bot bot added the area/maven label Mar 4, 2021

aloubyansky mentioned this issue Aug 4, 2023

Document Maven config options that may be relevant when running tests #35211

Merged

geoand closed this as completed in #35211 Aug 7, 2023

quarkus-bot bot added this to the 3.3 - main milestone Aug 7, 2023

gsmet modified the milestones: 3.3.0.CR1, 3.2.4.Final Aug 9, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Quarkus tests fails mTLS authentication against internal Maven repository #15461

Quarkus tests fails mTLS authentication against internal Maven repository #15461

tveon commented Mar 4, 2021

quarkus-bot bot commented Mar 4, 2021

rquinio commented Mar 5, 2021

tveon commented Mar 5, 2021

famod commented Mar 5, 2021

aloubyansky commented Mar 5, 2021

famod commented Mar 5, 2021

aloubyansky commented Mar 5, 2021

famod commented Mar 5, 2021 •

edited

aloubyansky commented Mar 5, 2021

geoand commented Jul 25, 2023

Quarkus tests fails mTLS authentication against internal Maven repository #15461

Quarkus tests fails mTLS authentication against internal Maven repository #15461

Comments

tveon commented Mar 4, 2021

quarkus-bot bot commented Mar 4, 2021

rquinio commented Mar 5, 2021

tveon commented Mar 5, 2021

famod commented Mar 5, 2021

aloubyansky commented Mar 5, 2021

famod commented Mar 5, 2021

aloubyansky commented Mar 5, 2021

famod commented Mar 5, 2021 • edited

aloubyansky commented Mar 5, 2021

geoand commented Jul 25, 2023

famod commented Mar 5, 2021 •

edited