Gradle 对存储库使用证书身份验证 [英] Gradle use certificate authentication for repository

问题描述

问题

我有一个 Android Gradle 项目，它应该从我公司的 sonatype nexus 服务器中提取一个库.Nexus 服务器使用证书身份验证.这意味着客户端有一个私有证书，该证书可以针对连接服务器对他进行身份验证和授权.

I have a Android Gradle project which should pull a lib from my companys sonatype nexus server. The nexus server uses a certificate authentication. That means the client has a private certificate which authenticates and authorizes him against the nexus server.

问题是如何配置 gradle 以使用我的证书(在 osx 密钥库中).

The problem is how to configure gradle to use my certificate (which is in the osx keystore).

/app/build.gradle

/app/build.gradle

repositories {
   // some other repositorys...
   ...
   maven {
      credentials {
         username = NEXUS_USERNAME
         password = NEXUS_PASSWORD
      }
      url 'https://prefix.server.com/nexus/content/repositories/artifactid'
   }
}

在不提供证书的情况下，nexus 服务器会响应:

Without giving a certificate the nexus server respont with:

错误:无法 HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'.从服务器收到状态码 400:Bad Request

Error: Could not HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'. Received status code 400 from server: Bad Request

我的第一个解决方案是尝试将 jvm 配置为使用 osx 钥匙串获取证书.同样的方法帮助我在 nexus 服务器上推送和发布库/工件.

My first solution was to try to configure the jvm to use the osx keychain for certificates. The same method helped me to push and publish libs/artifacts on the nexus server.

/app/gradle.properties

/app/gradle.properties

org.gradle.jvmargs=-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=-

这不起作用，gradle 同步失败:错误:NONE(没有这样的文件或目录)

This doesn't work the gradle sync failed: Error:NONE (No such file or directory)

看起来 gradle 应该是参数-Djavax.net.ssl.keyStore"的NONE".我尝试了几种大写和小写的解决方案，但都失败了.

It looks like the gradle expected to be 'NONE' of the paramter '-Djavax.net.ssl.keyStore'. I tryed several uper and lower case solutions but all failed.

第二种方法是尝试使用

org.gradle.jvmargs=-Djavax.net.ssl.keyStoreType=KeychainStore

但服务器再次以 400 响应.看起来 JVM 参数没有被使用.

But the server respond with 400 again. Looks like the JVM args haven't been used.

关于这个主题的任何想法或文章?希望有人可以帮助我.

Any ideas or articles for this topic ? Hope someone can help me.

推荐答案

问题是Java进程没有认证证书.

The Problem was that the Java process didn't have the certificate for authentication.

在我的第一种方法中，我非常接近，但我忘记添加公司的根 CA 证书.我公司的私有证书属于根CA，所以两者都必须提供给java.

In my first approach I came very close but I forgot to add the company's root CA cert. My company's private certificate belongs to the root CA, so both must be provided to java.

解决方案:

首先将您的私人公司证书提供给 gradle 过程.

First provide your private company certificate to the gradle process.

编辑您的用户 gradle.properties 并添加

Edit your user gradle.properties and add

org.gradle.jvmargs=-Djavax.net.ssl.keyStore="/Users/myusername/certificates/my_private_company_cert.p12" -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=changeit

然后将贵公司的根 ca 证书导出到 java 密钥库.

Then export your company's root ca cert to the java keystore.

sudo keytool -import -trustcacerts -alias root -file ./certificates/company_root_ca.crt -keystore $JAVA_HOME/jre/lib/security/cacerts

这就是证书身份验证现在应该可以工作了.

Thats it certificate authentication should now work.

这用于例如制作自己的 android 库项目并将它们推送到工件服务器.https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng

This is used for example to make own android libary projects and push them to a artifact server. https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng

这篇关于Gradle 对存储库使用证书身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！