问题描述

问题

我有一个Android Gradle项目，该项目应从我公司的sonatype nexus服务器中提取一个lib. Nexus服务器使用证书身份验证.这意味着客户拥有一个私有证书，该证书可对联系服务器进行身份验证和授权.

I have a Android Gradle project which should pull a lib from my companys sonatype nexus server. The nexus server uses a certificate authentication. That means the client has a private certificate which authenticates and authorizes him against the nexus server.

问题是如何配置gradle以使用我的证书(位于osx密钥库中).

The problem is how to configure gradle to use my certificate (which is in the osx keystore).

/app/build.gradle

/app/build.gradle

repositories {
   // some other repositorys...
   ...
   maven {
      credentials {
         username = NEXUS_USERNAME
         password = NEXUS_PASSWORD
      }
      url 'https://prefix.server.com/nexus/content/repositories/artifactid'
   }
}

在不提供证书的情况下，nexus服务器以以下方式响应:

Without giving a certificate the nexus server respont with:

错误:无法HEAD' https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom ".从服务器收到状态码400:错误的请求

Error: Could not HEAD 'https://prefix.server.com/nexus/content/repositories/artifactid/de/komoot/android/kmt-material-showcase/0.0.1/kmt-material-showcase-0.0.1.pom'. Received status code 400 from server: Bad Request

我的第一个解决方案是尝试将jvm配置为将osx密钥链用于证书.相同的方法帮助我将lib/artifacts推送并发布到nexus服务器上.

My first solution was to try to configure the jvm to use the osx keychain for certificates. The same method helped me to push and publish libs/artifacts on the nexus server.

/app/gradle.properties

/app/gradle.properties

org.gradle.jvmargs=-Djavax.net.ssl.keyStore=NONE -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=-

这不起作用，gradle同步失败:错误:无(没有这样的文件或目录)

This doesn't work the gradle sync failed:Error:NONE (No such file or directory)

看起来像参数"-Djavax.net.ssl.keyStore"的gradle应该是'NONE'.我尝试了几种大小写解决方案，但都失败了.

It looks like the gradle expected to be 'NONE' of the paramter '-Djavax.net.ssl.keyStore'. I tryed several uper and lower case solutions but all failed.

第二种方法是与

org.gradle.jvmargs=-Djavax.net.ssl.keyStoreType=KeychainStore

但是服务器再次响应400.似乎尚未使用JVM args.

But the server respond with 400 again. Looks like the JVM args haven't been used.

有关此主题的任何想法或文章?希望有人能帮助我.

Any ideas or articles for this topic ?Hope someone can help me.

推荐答案

问题是Java进程没有用于身份验证的证书.

The Problem was that the Java process didn't have the certificate for authentication.

在我的第一种方法中，我走得很近，但是我忘记添加公司的根CA证书.我公司的私人证书属于根CA，因此必须将两者都提供给Java.

In my first approach I came very close but I forgot to add the company's root CA cert. My company's private certificate belongs to the root CA, so both must be provided to java.

解决方案:

首先将您的私人公司证书提供给gradle程序.

First provide your private company certificate to the gradle process.

编辑用户gradle.properties并添加

Edit your user gradle.properties and add

org.gradle.jvmargs=-Djavax.net.ssl.keyStore="/Users/myusername/certificates/my_private_company_cert.p12" -Djavax.net.ssl.keyStoreType=KeychainStore -Djavax.net.ssl.keyStorePassword=changeit

然后将公司的根ca证书导出到Java密钥库中.

Then export your company's root ca cert to the java keystore.

sudo keytool -import -trustcacerts -alias root -file ./certificates/company_root_ca.crt -keystore $JAVA_HOME/jre/lib/security/cacerts

这就是证书身份验证现在应该可以正常工作.

Thats it certificate authentication should now work.

例如，用于创建自己的android libary项目并将其推送到工件服务器. https://medium. com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng

This is used for example to make own android libary projects and push them to a artifact server.https://medium.com/android-news/the-complete-guide-to-creating-an-android-library-46628b7fc879#.naboz7yng

这篇关于用于存储库的Gradle使用证书身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！