0

I have a sonarQube running over https. In order to reach it I have been provided two file( both .pem), one is having certificate and other is having private key.

    -----BEGIN CERTIFICATE-----
MIIF0zCCA7ugAwIBAgIUX1ki3XRjzEnEDZxsnZ9ENjcDFDIwDQYJKoZIhvcNAQEN
BQAwfjELMAkGA1UEBhMCU0UxEjAQBgNVBAgTCVN0b2NraG9sbTESMBAGA1UEBxMJ
-----END CERTIFICATE-----

    -----BEGIN RSA PRIVATE KEY-----
MIIJKAIBAAKCAgEArnFpeCXhMqUHZ6c7dDN8zfsEzQNHpsM37hu4soqRwhGFIpr+
U4ZGgXol0UtRtfXte9sEEJAUhfuWqpCIBx6Ps2NFc4DA47axzEvLEu8nWHxQzTJE
-----END RSA PRIVATE KEY-----

I have created a .p12 file using above .pem files

openssl pkcs12 -in mycertkey.p12 -out mycerts.crt -nokeys -clcerts

Then I created a .cer file using the above .p12 file

openssl x509 -inform pem -in mycerts.crt -outform der -out mycerts.cer

Once I received this .cer file I added it to the keystore of sonar-cli docker image’s java

keytool -keystore /opt/java/openjdk/lib/security/cacerts -storepass changeit -noprompt -trustcacerts -importcert -alias mycert2 -file mycerts.cer

It got added succesfully.

Then I ran sonar-scanner command over my ant project

sonar-scanner -DskipTests -Dsonar.projectKey=ant_test -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_KEY

Upon doing this I am getting below output.

    INFO: Scanner configuration file: /opt/sonar-scanner/conf/sonar-scanner.properties
INFO: Project root configuration file: NONE
INFO: SonarScanner 4.6.2.2472
INFO: Java 11.0.11 AdoptOpenJDK (64-bit)
INFO: Linux 4.18.0-305.el8.x86_64 amd64
INFO: User cache: /opt/sonar-scanner/.sonar/cache
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 2.054s
INFO: Final Memory: 4M/13M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarScanner analysis
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
        at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:185)
        at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:123)
        at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
        at org.sonarsource.scanner.cli.Main.main(Main.java:61)
Caused by: java.lang.IllegalStateException: Fail to parse entry in bootstrap index: <!DOCTYPE html>
        at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.parse(BootstrapIndexDownloader.java:59)
        at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:44)
        at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
        at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
        at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
        ... 7 more
ERROR:
ERROR: Re-run SonarScanner using the -X switch to enable full debug logging.

Can someone help me with it? I am not sure what wrong I am doing here.

Lakshay Jain
  • 1
  • 1
  • It's not an SSL problem. Sonar-scanner is requesting URL which should return json perhaps, but it received an HTML, like there was an error on the server side. Try to add -Dsonar.verbose=true to see the exact URL it requests. – raspy Jul 20 '21 at 07:56
  • Using -Dsonar.verbose=ture I can see correct url it is trying to download batch index from. 12:32:27.546 DEBUG: keyStore is : 12:32:27.546 DEBUG: keyStore type is : pkcs12 12:32:27.547 DEBUG: keyStore provider is : 12:32:27.547 DEBUG: init keystore 12:32:27.547 DEBUG: init keymanager of type SunX509 12:32:27.852 DEBUG: Get bootstrap index... 12:32:27.852 DEBUG: Download: https://sonarqube.generic.com/batch/index 12:32:28.937 DEBUG: Get bootstrap completed 12:32:28.952 INFO: EXECUTION FAILURE – Lakshay Jain Jul 21 '21 at 12:33
  • Try to reach that API from e.g. curl and inspect the output, maybe it will point you towards root cause of the issue. – raspy Jul 23 '21 at 19:42
  • I did a curl and found that Cert verification is not happening. * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Request CERT (13): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (OUT), TLS handshake, Certificate (11): * TLSv1.3 (OUT), TLS handshake, Finished (20): – Lakshay Jain Jul 25 '21 at 11:24

0 Answers0