`carts` service is failing on `unable to find valid certification path to requested target`

[pgressa]

➜  carts git:(master) ✗ kl mushop-carts-5b8c7455dd-zprwj -f
 __  __ _                                  _
|  \/  (_) ___ _ __ ___  _ __   __ _ _   _| |_
| |\/| | |/ __| '__/ _ \| '_ \ / _` | | | | __|
| |  | | | (__| | | (_) | | | | (_| | |_| | |_
|_|  |_|_|\___|_|  \___/|_| |_|\__,_|\__,_|\__|
  Micronaut (v2.5.4)

08:04:26.573 [main] INFO  i.m.context.env.DefaultEnvironment - Established active environments: [k8s, cloud, oraclecloud]
08:04:28.181 [main] INFO  com.oracle.bmc.Services - Registering new service: Services.BasicService(serviceName=DATABASE, serviceEndpointPrefix=database, serviceEndpointTemplate=https://database.{region}.{secondLevelDomain})
08:04:28.196 [main] INFO  com.oracle.bmc.Services - Registering new service: Services.BasicService(serviceName=AUTH, serviceEndpointPrefix=auth, serviceEndpointTemplate=null)
08:04:28.683 [main] INFO  c.o.b.a.AbstractFederationClientAuthenticationDetailsProviderBuilder - Rest call to verify if v2 endpoint exists, response from v2 was 200
08:04:28.683 [main] INFO  c.o.b.a.AbstractFederationClientAuthenticationDetailsProviderBuilder -  Metadata base url on executing instance fallback is http://169.254.169.254/opc/v2/
08:04:28.726 [main] INFO  c.o.b.a.AbstractFederationClientAuthenticationDetailsProviderBuilder - Looking up region for iad
08:04:28.730 [main] INFO  c.o.b.a.AbstractFederationClientAuthenticationDetailsProviderBuilder - Using region us-ashburn-1
08:04:28.732 [main] INFO  com.oracle.bmc.Region - Loaded service 'AUTH' endpoint mappings: {US_ASHBURN_1=https://auth.us-ashburn-1.oraclecloud.com}
08:04:28.734 [main] INFO  c.o.b.a.URLBasedX509CertificateSupplier - suppressX509Workaround flag set to false
08:04:29.040 [main] INFO  com.oracle.bmc.util.JavaRuntimeUtils - Determined JRE version as Unknown
08:04:29.040 [main] WARN  c.o.bmc.http.DefaultConfigurator - Using an unknown runtime, calls may not work
08:04:29.040 [main] INFO  c.o.bmc.http.DefaultConfigurator - Setting connector provider to HttpUrlConnectorProvider
08:04:29.050 [main] WARN  c.o.bmc.http.DefaultConfigurator - Using an unknown runtime, calls may not work
08:04:29.050 [main] INFO  c.o.bmc.http.DefaultConfigurator - Setting connector provider to HttpUrlConnectorProvider
08:04:29.059 [main] INFO  com.oracle.bmc.Region - Loaded service 'DATABASE' endpoint mappings: {US_ASHBURN_1=https://database.us-ashburn-1.oraclecloud.com}
08:04:29.059 [main] INFO  c.oracle.bmc.database.DatabaseClient - Setting endpoint to https://database.us-ashburn-1.oraclecloud.com
08:04:29.311 [main] INFO  c.o.b.a.i.X509FederationClient - Refreshing session keys.
08:04:29.407 [main] INFO  c.o.b.a.i.X509FederationClient - Getting security token from the auth server
08:04:29.450 [main] INFO  com.oracle.bmc.ClientRuntime - Using SDK: Oracle-JavaSDK/1.34.0
08:04:29.450 [main] INFO  com.oracle.bmc.ClientRuntime - User agent set to: Oracle-JavaSDK/1.34.0 (Linux/5.4.17-2102.200.13.el7uek.x86_64; Java/11.0.11; OpenJDK 64-Bit Server VM/11.0.11+8-jvmci-21.1-b05)
08:04:34.849 [main] INFO  i.m.o.a.j.OracleWalletArchiveProvider - Using default serviceAlias: MuShopR8Mm_high
08:05:39.936 [main] ERROR io.micronaut.runtime.Micronaut - Error starting Micronaut server: Bean definition [oracle.soda.rdbms.OracleRDBMSClient] could not be loaded: Error instantiating bean of type [oracle.soda.rdbms.OracleRDBMSClient]: Error initializing SODA: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
io.micronaut.context.exceptions.BeanInstantiationException: Bean definition [oracle.soda.rdbms.OracleRDBMSClient] could not be loaded: Error instantiating bean of type [oracle.soda.rdbms.OracleRDBMSClient]: Error initializing SODA: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at io.micronaut.context.DefaultBeanContext.initializeContext(DefaultBeanContext.java:1568)
    at io.micronaut.context.DefaultApplicationContext.initializeContext(DefaultApplicationContext.java:234)
    at io.micronaut.context.DefaultBeanContext.readAllBeanDefinitionClasses(DefaultBeanContext.java:2907)
    at io.micronaut.context.DefaultBeanContext.start(DefaultBeanContext.java:231)
    at io.micronaut.context.DefaultApplicationContext.start(DefaultApplicationContext.java:180)
    at io.micronaut.runtime.Micronaut.start(Micronaut.java:71)
    at io.micronaut.runtime.Micronaut.run(Micronaut.java:311)
    at io.micronaut.runtime.Micronaut.run(Micronaut.java:297)
    at mushop.carts.Application.main(Application.java:16)
Caused by: io.micronaut.context.exceptions.BeanInstantiationException: Error instantiating bean of type [oracle.soda.rdbms.OracleRDBMSClient]: Error initializing SODA: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at io.micronaut.context.DefaultBeanContext.doCreateBean(DefaultBeanContext.java:2008)
    at io.micronaut.context.DefaultBeanContext.createAndRegisterSingletonInternal(DefaultBeanContext.java:2770)
    at io.micronaut.context.DefaultBeanContext.createAndRegisterSingleton(DefaultBeanContext.java:2756)
    at io.micronaut.context.DefaultBeanContext.loadContextScopeBean(DefaultBeanContext.java:2294)
    at io.micronaut.context.DefaultBeanContext.initializeContext(DefaultBeanContext.java:1562)
    ... 8 common frames omitted
Caused by: io.micronaut.context.exceptions.ConfigurationException: Error initializing SODA: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at mushop.carts.soda.OracleSodaClientFactory.sodaClient(OracleSodaClientFactory.java:103)
    at mushop.carts.soda.$OracleSodaClientFactory$SodaClient0Definition.doBuild(Unknown Source)
    at io.micronaut.context.AbstractParametrizedBeanDefinition.build(AbstractParametrizedBeanDefinition.java:118)
    at io.micronaut.context.BeanDefinitionDelegate.build(BeanDefinitionDelegate.java:149)
    at io.micronaut.context.DefaultBeanContext.doCreateBean(DefaultBeanContext.java:1979)
    ... 12 common frames omitted
Caused by: java.sql.SQLException: Unable to start the Universal Connection Pool: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at oracle.ucp.util.UCPErrorHandler.newSQLException(UCPErrorHandler.java:489)
    at oracle.ucp.util.UCPErrorHandler.throwSQLException(UCPErrorHandler.java:166)
    at oracle.ucp.jdbc.PoolDataSourceImpl.startPool(PoolDataSourceImpl.java:784)
    at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:1817)
    at oracle.ucp.jdbc.PoolDataSourceImpl.access$300(PoolDataSourceImpl.java:220)
    at oracle.ucp.jdbc.PoolDataSourceImpl$3.build(PoolDataSourceImpl.java:3976)
    at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:1784)
    at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:1739)
    at oracle.ucp.jdbc.PoolDataSourceImpl.getConnection(PoolDataSourceImpl.java:1725)
    at mushop.carts.soda.OracleSodaClientFactory.sodaClient(OracleSodaClientFactory.java:72)
    ... 16 common frames omitted
Caused by: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:369)
    at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:59)
    at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:82)
    at oracle.ucp.jdbc.oracle.OracleDriverConnectionFactoryAdapter.createConnection(OracleDriverConnectionFactoryAdapter.java:116)
    at oracle.ucp.common.Database.createPooledConnection(Database.java:283)
    at oracle.ucp.common.Topology.start(Topology.java:270)
    at oracle.ucp.common.Core.start(Core.java:2671)
    at oracle.ucp.common.UniversalConnectionPoolBase.start(UniversalConnectionPoolBase.java:728)
    at oracle.ucp.jdbc.oracle.OracleJDBCConnectionPool.start(OracleJDBCConnectionPool.java:124)
    at oracle.ucp.jdbc.PoolDataSourceImpl.startPool(PoolDataSourceImpl.java:780)
    ... 23 common frames omitted
Caused by: oracle.ucp.UniversalConnectionPoolException: Cannot get Connection from Datasource: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at oracle.ucp.util.UCPErrorHandler.newUniversalConnectionPoolException(UCPErrorHandler.java:369)
    at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:59)
    at oracle.ucp.util.UCPErrorHandler.throwUniversalConnectionPoolException(UCPErrorHandler.java:82)
    at oracle.ucp.jdbc.DriverConnectionFactoryAdapter.createConnection(DriverConnectionFactoryAdapter.java:129)
    at oracle.ucp.jdbc.oracle.OracleDriverConnectionFactoryAdapter.createConnection(OracleDriverConnectionFactoryAdapter.java:84)
    ... 29 common frames omitted
Caused by: java.sql.SQLRecoverableException: IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at oracle.jdbc.driver.T4CConnection.handleLogonIOException(T4CConnection.java:917)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:682)
    at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:1069)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:90)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:681)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:602)
    at oracle.ucp.jdbc.DriverConnectionFactoryAdapter.createConnection(DriverConnectionFactoryAdapter.java:123)
    ... 30 common frames omitted
Caused by: java.io.IOException: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms., Authentication lapse 0 ms.
    at oracle.jdbc.driver.T4CConnection.handleLogonIOException(T4CConnection.java:912)
    ... 36 common frames omitted
Caused by: java.io.IOException: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 5 ms.
    at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:202)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:350)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:2147)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:644)
    ... 35 common frames omitted
Caused by: java.io.IOException: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at oracle.net.nt.SSLSocketChannel.wrap(SSLSocketChannel.java:719)
    at oracle.net.nt.SSLSocketChannel.wrapHandshakeMessage(SSLSocketChannel.java:594)
    at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:465)
    at oracle.net.nt.SSLSocketChannel.write(SSLSocketChannel.java:149)
    at oracle.net.ns.NIOPacket.writeToSocketChannel(NIOPacket.java:361)
    at oracle.net.ns.NIOConnectPacket.writeToSocketChannel(NIOConnectPacket.java:255)
    at oracle.net.ns.NSProtocolNIO.negotiateConnection(NSProtocolNIO.java:157)
    ... 38 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:349)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:292)
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:287)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
    at java.base/java.security.AccessController.doPrivileged(Native Method)
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008)
    at oracle.net.nt.SSLSocketChannel.runTasks(SSLSocketChannel.java:774)
    at oracle.net.nt.SSLSocketChannel.doSSLHandshake(SSLSocketChannel.java:457)
    ... 42 common frames omitted
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
    at java.base/sun.security.validator.Validator.validate(Validator.java:264)
    at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:276)
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
    at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
    ... 52 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
    ... 58 common frames omitted

[pgressa]

@dstepanov once you ready I'll show you how to test it against oracle cloud