Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
847 views
in Technique[技术] by (71.8m points)

ssl - Gradle use certificate authentication for repository

The Problem

I have a Android Gradle project which should pull a lib from my companys sonatype nexus server. The nexus server uses a certificate authentication. That means the client has a private certificate which authenticates and authorizes him against the nexus server.

The problem is how to configure gradle to use my certificate (which is in the osx keystore).

/app/build.gradle

repositories {
   // some other repositorys...
   ...
   maven {
      credentials {
         username = NEXUS_USERNAME
         password = NEXUS_PASSWORD
      }
      url 'https://prefix.server.com/nexus/content/repositories/artifactid'
   }
}

Without giving a certificate the nexus server respont with:

Error: Could not HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'. Received status code 400 from server: Bad Request

My first solution was to try to configure the jvm to use the osx keychain for certificates. The same method helped me to push and publish libs/artifacts on the nexus server.

/app/gradle.properties

org.gradle.jvmargs=-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=-

This doesn't work the gradle sync failed: Error:NONE (No such file or directory)

It looks like the gradle expected to be 'NONE' of the paramter '-Djavax.net.ssl.keyStore'. I tryed several uper and lower case solutions but all failed.

The second approach was to try it with

org.gradle.jvmargs=-Djavax.net.ssl.keyStoreType=KeychainStore

But the server respond with 400 again. Looks like the JVM args haven't been used.

Any ideas or articles for this topic ? Hope someone can help me.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The Problem was that the Java process didn't have the certificate for authentication.

In my first approach I came very close but I forgot to add the company's root CA cert. My company's private certificate belongs to the root CA, so both must be provided to java.

Solution:

First provide your private company certificate to the gradle process.

Edit your user gradle.properties and add

org.gradle.jvmargs=-Djavax.net.ssl.keyStore="/Users/myusername/certificates/my_private_company_cert.p12" -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=changeit

Then export your company's root ca cert to the java keystore.

sudo keytool -import -trustcacerts -alias root -file ./certificates/company_root_ca.crt -keystore $JAVA_HOME/jre/lib/security/cacerts

Thats it certificate authentication should now work.

This is used for example to make own android libary projects and push them to a artifact server. https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...