问题
The Problem
I have a Android Gradle project which should pull a lib from my companys sonatype nexus server. The nexus server uses a certificate authentication. That means the client has a private certificate which authenticates and authorizes him against the nexus server.
The problem is how to configure gradle to use my certificate (which is in the osx keystore).
/app/build.gradle
repositories {
// some other repositorys...
...
maven {
credentials {
username = NEXUS_USERNAME
password = NEXUS_PASSWORD
}
url 'https://prefix.server.com/nexus/content/repositories/artifactid'
}
}
Without giving a certificate the nexus server respont with:
Error: Could not HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'. Received status code 400 from server: Bad Request
My first solution was to try to configure the jvm to use the osx keychain for certificates. The same method helped me to push and publish libs/artifacts on the nexus server.
/app/gradle.properties
org.gradle.jvmargs=-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=-
This doesn't work the gradle sync failed: Error:NONE (No such file or directory)
It looks like the gradle expected to be 'NONE' of the paramter '-Djavax.net.ssl.keyStore'. I tryed several uper and lower case solutions but all failed.
The second approach was to try it with
org.gradle.jvmargs=-Djavax.net.ssl.keyStoreType=KeychainStore
But the server respond with 400 again. Looks like the JVM args haven't been used.
Any ideas or articles for this topic ? Hope someone can help me.
回答1:
The Problem was that the Java process didn't have the certificate for authentication.
In my first approach I came very close but I forgot to add the company's root CA cert. My company's private certificate belongs to the root CA, so both must be provided to java.
Solution:
First provide your private company certificate to the gradle process.
Edit your user gradle.properties and add
org.gradle.jvmargs=-Djavax.net.ssl.keyStore="/Users/myusername/certificates/my_private_company_cert.p12" -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=changeit
Then export your company's root ca cert to the java keystore.
sudo keytool -import -trustcacerts -alias root -file ./certificates/company_root_ca.crt -keystore $JAVA_HOME/jre/lib/security/cacerts
Thats it certificate authentication should now work.
This is used for example to make own android libary projects and push them to a artifact server. https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng
回答2:
My solution was by updating the ca certificates on the ubuntu/debian system.
update-ca-certificates -f
来源:https://stackoverflow.com/questions/36202894/gradle-use-certificate-authentication-for-repository