用于存储库的Gradle使用证书身份验证 [英] Gradle use certificate authentication for repository
问题描述
问题
我有一个Android Gradle项目,该项目应从我公司的sonatype nexus服务器中提取一个lib. Nexus服务器使用证书身份验证.这意味着客户拥有一个私有证书,该证书可对联系服务器进行身份验证和授权.
I have a Android Gradle project which should pull a lib from my companys sonatype nexus server. The nexus server uses a certificate authentication. That means the client has a private certificate which authenticates and authorizes him against the nexus server.
问题是如何配置gradle以使用我的证书(位于osx密钥库中).
The problem is how to configure gradle to use my certificate (which is in the osx keystore).
/app/build.gradle
/app/build.gradle
repositories {
// some other repositorys...
...
maven {
credentials {
username = NEXUS_USERNAME
password = NEXUS_PASSWORD
}
url 'https://prefix.server.com/nexus/content/repositories/artifactid'
}
}
在不提供证书的情况下,nexus服务器以以下方式响应:
Without giving a certificate the nexus server respont with:
Error: Could not HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'. Received status code 400 from server: Bad Request
我的第一个解决方案是尝试将jvm配置为将osx密钥链用于证书.相同的方法帮助我将lib/artifacts推送并发布到nexus服务器上.
My first solution was to try to configure the jvm to use the osx keychain for certificates. The same method helped me to push and publish libs/artifacts on the nexus server.
/app/gradle.properties
/app/gradle.properties
org.gradle.jvmargs=-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=-
这不起作用,gradle同步失败: 错误:无(没有这样的文件或目录)
This doesn't work the gradle sync failed: Error:NONE (No such file or directory)
看起来像参数"-Djavax.net.ssl.keyStore"的gradle应该是'NONE'.我尝试了几种大小写解决方案,但都失败了.
It looks like the gradle expected to be 'NONE' of the paramter '-Djavax.net.ssl.keyStore'. I tryed several uper and lower case solutions but all failed.
第二种方法是与
org.gradle.jvmargs=-Djavax.net.ssl.keyStoreType=KeychainStore
但是服务器再次响应400.似乎尚未使用JVM args.
But the server respond with 400 again. Looks like the JVM args haven't been used.
有关此主题的任何想法或文章? 希望有人能帮助我.
Any ideas or articles for this topic ? Hope someone can help me.
推荐答案
问题是Java进程没有用于身份验证的证书.
The Problem was that the Java process didn't have the certificate for authentication.
在我的第一种方法中,我走得很近,但是我忘记添加公司的根CA证书.我公司的私人证书属于根CA,因此必须将两者都提供给Java.
In my first approach I came very close but I forgot to add the company's root CA cert. My company's private certificate belongs to the root CA, so both must be provided to java.
解决方案:
首先将您的私人公司证书提供给gradle程序.
First provide your private company certificate to the gradle process.
编辑用户gradle.properties并添加
Edit your user gradle.properties and add
org.gradle.jvmargs=-Djavax.net.ssl.keyStore="/Users/myusername/certificates/my_private_company_cert.p12" -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=changeit
然后将公司的根ca证书导出到Java密钥库中.
Then export your company's root ca cert to the java keystore.
sudo keytool -import -trustcacerts -alias root -file ./certificates/company_root_ca.crt -keystore $JAVA_HOME/jre/lib/security/cacerts
这就是证书身份验证现在应该可以正常工作.
Thats it certificate authentication should now work.
例如,用于创建自己的android libary项目并将其推送到工件服务器. https://medium. com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng
This is used for example to make own android libary projects and push them to a artifact server. https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng
这篇关于用于存储库的Gradle使用证书身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!