Menu
The Problem
I have a Android Gradle project which should pull a lib from my companys sonatype nexus server. The nexus server uses a certificate authentication. That means the client has a private certificate which authenticates and authorizes him against the nexus server.
The problem is how to configure gradle to use my certificate (which is in the osx keystore).
/app/build.gradle
repositories {
// some other repositorys...
...
maven {
credentials {
username = NEXUS_USERNAME
password = NEXUS_PASSWORD
}
url 'https://prefix.server.com/nexus/content/repositories/artifactid'
}
}
Without giving a certificate the nexus server respont with:
Error: Could not HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'. Received status code 400 from server: Bad Request
My first solution was to try to configure the jvm to use the osx keychain for certificates. The same method helped me to push and publish libs/artifacts on the nexus server.
/app/gradle.properties
org.gradle.jvmargs=-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=-
This doesn't work the gradle sync failed: Error:NONE (No such file or directory)
It looks like the gradle expected to be 'NONE' of the paramter '-Djavax.net.ssl.keyStore'. I tryed several uper and lower case solutions but all failed.
The second approach was to try it with
org.gradle.jvmargs=-Djavax.net.ssl.keyStoreType=KeychainStore
But the server respond with 400 again. Looks like the JVM args haven't been used.
Any ideas or articles for this topic ? Hope someone can help me.
307
Maven Central is a popular repository hosting open source libraries for consumption by Java projects. To declare the Maven Central repository for your build add this to your script: Example 1. Adding central Maven repository. build.gradle.
For the aforementioned reasons, Gradle cannot store dependencies in the local Maven repository. There's currently no built-in functionality to even publish dependencies to the Maven's local repository from the build script.
The Problem was that the Java process didn't have the certificate for authentication.
In my first approach I came very close but I forgot to add the company's root CA cert. My company's private certificate belongs to the root CA, so both must be provided to java.
Solution:
First provide your private company certificate to the gradle process.
Edit your user gradle.properties and add
org.gradle.jvmargs=-Djavax.net.ssl.keyStore="/Users/myusername/certificates/my_private_company_cert.p12" -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=changeit
Then export your company's root ca cert to the java keystore.
sudo keytool -import -trustcacerts -alias root -file ./certificates/company_root_ca.crt -keystore $JAVA_HOME/jre/lib/security/cacerts
Thats it certificate authentication should now work.
This is used for example to make own android libary projects and push them to a artifact server. https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng
110
My solution was by updating the ca certificates on the ubuntu/debian system.
update-ca-certificates -f
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
