I'm using Google DLP through the Google Cloud Java client library, and when I upgraded to the latest version, 0.44.0-beta, I started getting the CertificateException shown below. This runs fine when I run it on my Mac with the Oracle JDK 8, but when run in OpenJDK 8 in a Docker instance, I'm seeing the exception. I have to have this running on OpenJDK. I'm guessing that the certificate is signed by a CA that is unknown to OpenJDK. What's the easiest solution to this? Do I have to install a custom CA for OpenJDK? What's interesting is that the OverOps snapshot contains a call to this method:
public io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate(String fqdn, SecureRandom random, int bits, Date notBefore, Date notAfter)
and the fqdn parameter is actually set to example.com. The stack trace is as follows:
CertificateException: Issuer class type invalid.
at sun.security.x509.X509CertInfo.setIssuer(Object)
at sun.security.x509.X509CertInfo.set(String, Object)
at io.grpc.netty.shaded.io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator.generate(String, KeyPair, SecureRandom, Date, Date)
at io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate.<init>(String, SecureRandom, int, Date, Date)
at io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate.<init>(String, Date, Date)
at io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate.<init>(Date, Date)
at io.grpc.netty.shaded.io.netty.handler.ssl.util.SelfSignedCertificate.<init>()
at io.grpc.netty.shaded.io.netty.handler.ssl.OpenSsl.<clinit>()
at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts.defaultSslProvider()
at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts.configure(SslContextBuilder)
at io.grpc.netty.shaded.io.grpc.netty.GrpcSslContexts.forClient()
at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder$NettyTransportFactory$DefaultNettyTransportCreationParamsFilterFactory.<init>(NettyChannelBuilder$NettyTransportFactory, SslContext)
at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder$NettyTransportFactory$DefaultNettyTransportCreationParamsFilterFactory.<init>(NettyChannelBuilder$NettyTransportFactory, SslContext, NettyChannelBuilder$1)
at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder$NettyTransportFactory.<init>(NettyChannelBuilder$TransportCreationParamsFilterFactory, Class, Map, NegotiationType, SslContext, EventLoopGroup, int, int, int, long, long, boolean, TransportTracer)
at io.grpc.netty.shaded.io.grpc.netty.NettyChannelBuilder.buildTransportFactory()
at io.grpc.internal.AbstractManagedChannelImplBuilder.build()
at com.google.api.gax.grpc.InstantiatingGrpcChannelProvider.createSingleChannel()
at com.google.api.gax.grpc.InstantiatingGrpcChannelProvider.createChannel()
at com.google.api.gax.grpc.InstantiatingGrpcChannelProvider.getTransportChannel()
at com.google.api.gax.rpc.ClientContext.create(StubSettings)
at com.google.cloud.dlp.v2beta1.stub.GrpcDlpServiceStub.create(DlpServiceStubSettings)
at com.google.cloud.dlp.v2beta1.stub.DlpServiceStubSettings.createStub()
at com.google.cloud.dlp.v2beta1.DlpServiceClient.<init>(DlpServiceSettings)
at com.google.cloud.dlp.v2beta1.DlpServiceClient.create(DlpServiceSettings)
at XXXXXXXX.redactContent(Collection, String, Likelihood, List)
at XXXXXXXX.lambda$redact$0(Collection, String, Likelihood, List)
at java.util.concurrent.CompletableFuture$AsyncSupply.run()
at java.lang.Thread.run()
