如何在docker中添加Java应用程序的HTTPS认证？

Question

我有一个java应用程序,它对受证书保护的HTTP API发出POST请求.当我第一次在本地运行它时,我得到以下异常:

I/O error on POST request for "https://...
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

为了解决这个问题,我从Firefox导出了证书并执行了以下操作:

sudo keytool -import -alias example -keystore  /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts -file /path/to/certificate.der

重新启动,然后它工作.

现在我希望应用程序在Docker上运行.所以,正如我之前所做的那样,我使用Spotify的docker -maven-plugin和openjdk作为基本图像.第一个错误再次出现,所以我尝试以相同的方式修复它.

插件用法:

<plugin>
<groupId>com.spotify</groupId>
<artifactId>docker-maven-plugin</artifactId>
<version>0.4.13</version>
<configuration>
    <useConfigFile>true</useConfigFile>
    <imageName>${project.artifactId}:${project.version}</imageName>
    <baseImage>openjdk:latest</baseImage>
    <imageTags>
        <imageTag>latest</imageTag>
        <imageTag>${project.version}</imageTag>
    </imageTags>
    <resources>
        <resource>
            <targetPath>/path/${project.artifactId}</targetPath>
            <directory>${project.build.directory}</directory>
            <include>${project.build.finalName}-jar-with-dependencies.jar</include>
        </resource>
        <resource>
            <targetPath>/path/${project.artifactId}</targetPath>
            <directory>${project.basedir}</directory>
            <include>certificate.der</include>
        </resource>
    </resources>
    <runs>
        <run>$JAVA_HOME/bin/keytool -import -noprompt -trustcacerts -alias example -file /path/certificate.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit</run>
        <run>chmod 555 /path</run>
        <run>chmod 444 /path/${project.build.finalName}-jar-with-dependencies.jar</run>
    </runs>
    <entryPoint>
        ["java", "-jar", "/path/${project.build.finalName}-jar-with-dependencies.jar"]
    </entryPoint>
</configuration>

生成的Dockerfile是:

FROM openjdk:latest
ADD /path/application.jar /path/
ADD /path/certificate.der /path/
RUN $JAVA_HOME/bin/keytool -import -noprompt -trustcacerts -alias example -file /path/certificate.der -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit
RUN chmod 555 /path
RUN chmod 444 /path/application.jar
ENTRYPOINT ["java", "-jar", "/path/application.jar"]

问题没有解决.我运行docker,当发布请求完成时,我有完全相同的错误,就好像我在密钥库中没有证书,我在开头提到的那个.此外,如果我检查密钥库它有证书.

我错过了什么？

任何帮助表示赞赏:)