Gradle with self-signed certificate


(Ioane Sharvadze) #1

Continuing the discussion from How do I use an HTTPS resolver with a self-signed certificate?:

Is there any way to tell gradle, here is my certificate and use it in order to reach my artifactory?

There are solutions that insert certificate in the system or in Java Security.
But I wanted some better solution that will not require any setup from user side, after cloning my repository.


(Manoharan M) #2

Solution : 1 (Working)

task signJars(type: GradleBuild) {
new File(‘build/signed’).mkdirs()

fileTree(‘build/unsigned’).each { File file ->
ant.signjar(destDir: ‘build/signed’, jar: file, alias:“test”, keystore:“testkeystore”, storepass:“xxxxxxxxx”, preservelastmodified:“true”)
}
}

Keep your jars required for self signing in “build/unsigned” using other task or refer the library files directly.

One Bug in above task:

If you are running above task without type: GradleBuild

after cleaning the build , build/signed directory will not be created.

Solution : 2

The below code will work without cleaning the build. It build is cleaned it won’t work.
task signJars {
new File(‘build/signed’).mkdirs()

fileTree(‘build/unsigned’).each { File file ->
ant.signjar(destDir: ‘build/signed’, jar: file, alias:“test”, keystore:“testkeystore”, storepass:“xxxxxxxxx”, preservelastmodified:“true”)
}
}


(Ioane Sharvadze) #3

I think you misunderstood me.
I mean not singing JARs but resolving dependency that resides in such artifactory that has self signed SSL certificate.


(Manoharan M) #4

Okay. Thanks for your feedback.


(George) #5

I created a new java keystore, which I check in with my gradlew script. Then in my gradlew and gradlew.bat files I include

DEFAULT_JVM_OPTS="-Djavax.net.ssl.trustStore=${APP_HOME}/gradle.keystore -Djavax.net.ssl.trustStorePassword=<your_password>"

It does mean my keystore can get out of date, but it’s easy enough to update.


(Ioane Sharvadze) #6

Thank you @aflat!

That solved my problem.
I added that flag in gradle properties and since then it works as expected.

  1. Exported certificates
  2. Copied default ca file from Java/Security
  3. Added Certificates in ca file
  4. Copied ca file in Project
  5. Added DEFAULT_JVM_OPTS

It works!


(Panagiotis Mpakos) #8

Hello there! Is there any tutorial that you followed to do these steps? Or could you please show me how to do each step?

Thanks!!


(Ioane Sharvadze) #9

No, unfortunately I could not find any tutorial, but I solved with lots of Trial and Error.
Here I will try to explain steps in more details.

  1. Export certificates of Your Artifactory
    Open your artifactory in browser and export it (in order to get certificate from chrome browser open console, move to security tab and click view certificates, after that you will be able to export by dragging certificate icon to desktop).

  2. Copied default ca file from Java/Security
    Copy Keystore cacerts from /Library/Java/JavaVirtualMachines/jdk1.8.0_131.jdk/Contents/Home/jre/lib/security/ (Note that this path will vary from machine to machine, depending on java version and other factors.

  3. Added Certificates in ca file
    Import exported certificate in cacerts using command
    keytool -import -alias yourartifactory.com -file exported_certificate.cer -keystore cacerts -storepass password

  4. Copied ca file in Project
    Place cacerts in project root directory.

  5. Added DEFAULT_JVM_OPTS
    Add jvm arguments
    org.gradle.jvmargs=-Djavax.net.ssl.trustStore="./cacerts" -Djavax.net.ssl.trustStorePassword=password
    in gradle.properties file.