Every time I run VSCode, an error message appears: [the trustAnchors parameter must be non-empty]. about sts4 HOT 9 CLOSED

Thanks @Elyasin for the detailed analysis and description here, much appreciated. @jackcomtw Does that help and allows you to fix the issue on your side as well?

I apologize for the late response, but unfortunately, this issue has not been resolved yet. 🙇‍♂️

No worries about the late response, but I am quite puzzled by this. The steps you described sound all correct, the settings in your settings.json file look good as well. You probably don't need the jvmargs pointing to the keystone, since the JDK should lookup that location automatically, but that is more cosmetics here than an attempt at solving the underlying issue.

jconsole comes with the JDK, you in case you have your JDK on the path, you can execute jconsole, which brings up a simple application that lets you connect to a running JVM and see what is going on inside (in a very simple way). You could do this to see if the process behind the scenes that seems to throw this problem is indeed using the right JVM. You could run jconsole, then select the process that is called org.springframework.ide.....BootLanguageServerBootApp, press connect, use the insecure connection, etc. But given the output that you pasted here, it looks like the Spring Boot tooling is using the JDK that you configured.

Maybe it is worth to create a simple Spring Boot application that accesses the URL in question here (as a small reproducer) and run that using your JDK - at least to see where the problem could be. WDYT?

from sts4.

Never seen this error yet... Looks like it has to do more with the JVM running the the Boot Language Server rather than with the Boot tooling. What's the JVM running the Boot LS? If you launch jconsole, connect to a java process with label org.springframework.ide.vscode.boot.app.BootLanguageServerBootApp, switch to VM Summary tab then in the table you should find the VM details, vendor version, somewhere below you should find the VM path...
I'd suggest try a different JVM for the Boot Language Server... Go to settings Extensions -> Spring Boot Tools -> Language Server, enter java home setting: the path to JVM to use to launch Boot LS. Hopefully better luck with a different JVM...

from sts4.

I got a similar error recently. The error suggests that the SSL handshake fails, which may be a problem with the usage of certificates.

Java has its own certiciate store, which you can manage with the keytool.

I work in an environment where the customer has restrictions on their systems such that we have to deal with certificates.

I had installed and set up a JDK and imported the necessary certificates. That works fine.

The Spring Boot Tools did not use the JDK that I set up. Instead it used the JRE that comes with the Red Hat Languages Server; this one does not have the certificates and fails for some connections.

My solution was, as BoykoAlex suggested, to use the "spring-boot.ls.java.home" setting to tell the Spring Boot Tools extension to use the JDK I had set up.

Alternatively, I could have imported the certificates into the JRE of the language server. But I did not want that because it is not a JRE under my control really, and I would have to maintain two Java keystores.

from sts4.

Thanks @Elyasin for the detailed analysis and description here, much appreciated.
@jackcomtw Does that help and allows you to fix the issue on your side as well?

from sts4.

Alternatively, I could have imported the certificates into the JRE of the language server. But I did not want that because it is not a JRE under my control really, and I would have to maintain two Java keystores.

In my problem description related to 'Settings.json', there are two parameters: spring-boot.ls.java.home and spring-boot.ls.java.vmargs. Both of them explicitly point to my JVM, so I have configured them correctly. However, I am still encountering the error message [the trustAnchors parameter must be non-empty] .

Additionally, your response contains a string of messages that I don’t understand. Could you please explain what a language server is? 🤔

How to correctly set the language server in VSCode

from sts4.

Never seen this error yet... Looks like it has to do more with the JVM running the the Boot Language Server rather than with the ...

I apologize, but I am not familiar with what jconsole is. However, in the vscode-spring-boot-debuglog for VSCode, the following message appears, indicating that openjdk-21 has been correctly loaded. Additionally, here are the commands I used to demonstrate that I have indeed imported the certificate into openjdk-21.

img1

keytool -delete -keystore "c:\tools\openjdk-21.0.1_windows-x64_bin\lib\security\cacerts" -alias repo_spring -storepass changeit
keytool -trustcacerts keystore "c:\tools\openjdk-21.0.1_windows-x64_bin\lib\security\cacerts" -storepass changeit -importcert  -file "C:\tools\_.spring.io.crt" -alias repo_spring

img2

from sts4.

Thanks @Elyasin for the detailed analysis and description here, much appreciated. @jackcomtw Does that help and allows you to fix the issue on your side as well?

I apologize for the late response, but unfortunately, this issue has not been resolved yet. 🙇‍♂️

from sts4.

Following your method, I attempted to connect to spring.io. As expected, I encountered the error message "[the trustAnchors parameter must be non-empty]." I meticulously inspected the sun.security.ssl.X509TrustManagerImpl class line by line. It correctly loaded the certificate file, but the TrustCacertsList had a length of zero. Consequently, I suspected an incorrect password. However, when I added the following configuration to settings.json, all issues were resolved:

{
“spring-boot.ls.java.home”: “C:/tools/openjdk-21.0.1_windows-x64_bin”, 
“spring-boot.ls.java.vmargs”: [ “-Djavax.net.ssl.trustStorePassword=changeit” ]
}

I had always believed that the default password for Java's trust store file was "changeit."
It appears I was mistaken. In reality, I am unsure whether the JDK adds a password to the certificate file or if it uses a default password.

thank you , and close the issue

from sts4.

@jackcomtw Glad to hear that you found the solution to this and shared this with the broader community here. Much appreciated.

from sts4.