Gradle use certificate authentication for repository

蓝咒 提交于 2019-12-18 10:45:01

问题


The Problem

I have a Android Gradle project which should pull a lib from my companys sonatype nexus server. The nexus server uses a certificate authentication. That means the client has a private certificate which authenticates and authorizes him against the nexus server.

The problem is how to configure gradle to use my certificate (which is in the osx keystore).

/app/build.gradle

repositories {
   // some other repositorys...
   ...
   maven {
      credentials {
         username = NEXUS_USERNAME
         password = NEXUS_PASSWORD
      }
      url 'https://prefix.server.com/nexus/content/repositories/artifactid'
   }
}

Without giving a certificate the nexus server respont with:

Error: Could not HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'. Received status code 400 from server: Bad Request

My first solution was to try to configure the jvm to use the osx keychain for certificates. The same method helped me to push and publish libs/artifacts on the nexus server.

/app/gradle.properties

org.gradle.jvmargs=-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=-

This doesn't work the gradle sync failed: Error:NONE (No such file or directory)

It looks like the gradle expected to be 'NONE' of the paramter '-Djavax.net.ssl.keyStore'. I tryed several uper and lower case solutions but all failed.

The second approach was to try it with

org.gradle.jvmargs=-Djavax.net.ssl.keyStoreType=KeychainStore

But the server respond with 400 again. Looks like the JVM args haven't been used.

Any ideas or articles for this topic ? Hope someone can help me.


回答1:


The Problem was that the Java process didn't have the certificate for authentication.

In my first approach I came very close but I forgot to add the company's root CA cert. My company's private certificate belongs to the root CA, so both must be provided to java.

Solution:

First provide your private company certificate to the gradle process.

Edit your user gradle.properties and add

org.gradle.jvmargs=-Djavax.net.ssl.keyStore="/Users/myusername/certificates/my_private_company_cert.p12" -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=changeit

Then export your company's root ca cert to the java keystore.

sudo keytool -import -trustcacerts -alias root -file ./certificates/company_root_ca.crt -keystore $JAVA_HOME/jre/lib/security/cacerts

Thats it certificate authentication should now work.

This is used for example to make own android libary projects and push them to a artifact server. https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng




回答2:


My solution was by updating the ca certificates on the ubuntu/debian system.

update-ca-certificates -f


来源:https://stackoverflow.com/questions/36202894/gradle-use-certificate-authentication-for-repository

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!