Tooling api/daemon does not respect javax.net.ssl.* properties

tjbrosnan · January 10, 2013, 5:05pm

I want to specify a keystore and cert using the gradle.properties for a gradle application launched from the tooling api (GradleScriptRunner) but the properties are ignored or not used and i get aan exception : Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

I also tried passing the args to the tooling api manually but nothing changed

connection.newBuild()
                    .forTasks("jettyRun")
                    .withArguments("--debug", "-b", "webapp.gradle")
                    .setJvmArguments("-Xmx1024m", "-XX:MaxPermSize=256m",
                    "-Djavax.net.ssl.trustStore=/Users/username/certs/keystore.jks", "-Djavax.net.ssl.trustStorePassword=XXXXXXX",
                    "-Djavax.net.ssl.keyStore=/Users/username/certs/cert19.p12", "-Djavax.net.ssl.keyStoreType=pkcs12",
                    "-Djavax.net.ssl.keyStorePassword=XXXXXX"
                    )
                    .run()

The application works fine when launched with the same properties file using the normal gradle script. My gradle.properties is placed in the /.gradle directory.

Any ideas?

Szczepan_Faber · January 14, 2013, 8:52pm

Hey,

Can you confirm where you keep the gradle.properties file? What version of tooling api / gradle do you use? What happens if you avoid the ‘-b’ argument? (you can configure the project directory on the connector level).

This might be bug. Hope that helps!

Szczepan_Faber · January 15, 2013, 12:51pm

Hey, I cannot quite reproduce this problem. Tooling API does support combined ‘gradle.properties’ from project directory and -b argument.

tjbrosnan · January 15, 2013, 2:46pm

Im testing this on a macosx and gradle.properties is in my home gradle directory e.g /Users/username/.gradle/gradle.properties. If as you say gradle.properties is not used when there is a -b argument I would expect the SSL properties to be used correctly. So lets ignore the gradle.properties file and assume i specify the SSL properties manually. I fixed one issue by removing the truststore and moving the public cert to the default truststore (cacerts). Now my config is simply:

ProjectConnection connection = GradleConnector.newConnector()
            .forProjectDirectory(new File("."))
            .connect()
  connection.newBuild()
                    .forTasks("jettyRun")
                    .withArguments("--debug", "-b", "webapp.gradle")
                    .setJvmArguments("-Xmx1024m", "-XX:MaxPermSize=256m",
                    "-Djavax.net.ssl.keyStore=/Users/username/certs/cert19.p12", "-Djavax.net.ssl.keyStoreType=pkcs12",
                    "-Djavax.net.ssl.keyStorePassword=XXXXXX"
                    )
                    .run()

During the dependency resolution stage I get a javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated excpetion, see below where i provide a more complete stacktrace which might be helpful.

4:29:03.243 [ERROR] [org.gradle.BuildExceptionReporter] Caused by: org.gradle.api.UncheckedIOException: Could not GET 'https://repository.XXXXXX.com/maven2/com/XXXXX.pom'.
14:29:03.244 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:87)
14:29:03.244 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpClientHelper.performRawGet(HttpClientHelper.java:64)
14:29:03.245 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpClientHelper.performGet(HttpClientHelper.java:72)
14:29:03.245 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpClientHelper.performGet(HttpClientHelper.java:68)
14:29:03.246 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpResourceAccessor.getResource(HttpResourceAccessor.java:46)
14:29:03.247 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transfer.DefaultCacheAwareExternalResourceAccessor.getResource(DefaultCacheAwareExternalResourceAccessor.java:50)
14:29:03.247 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.repositories.DefaultExternalResourceRepository.getResource(DefaultExternalResourceRepository.java:62)
14:29:03.248 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.repositories.ExternalResourceResolver.getResource(ExternalResourceResolver.java:318)
14:29:03.248 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.repositories.ExternalResourceResolver.findStaticResourceUsingPattern(ExternalResourceResolver.java:257)
14:29:03.249 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.repositories.ExternalResourceResolver.findResourceUsingPattern(ExternalResourceResolver.java:243)
14:29:03.249 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.repositories.ExternalResourceResolver.findResourceUsingPatterns(ExternalResourceResolver.java:145)
14:29:03.250 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.repositories.MavenResolver.findIvyFileRef(MavenResolver.java:122)
14:29:03.251 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.ivy.plugins.resolver.BasicResolver.getDependency(BasicResolver.java:223)
14:29:03.252 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.DependencyResolverAdapter.getDependency(DependencyResolverAdapter.java:102)
14:29:03.253 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CacheLockingModuleVersionRepository$1.create(CacheLockingModuleVersionRepository.java:51)
14:29:03.253 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CacheLockingModuleVersionRepository$1.create(CacheLockingModuleVersionRepository.java:49)
14:29:03.254 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.cache.internal.DefaultCacheAccess.longRunningOperation(DefaultCacheAccess.java:172)
14:29:03.255 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.cache.internal.DefaultPersistentDirectoryStore.longRunningOperation(DefaultPersistentDirectoryStore.java:107)
14:29:03.255 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.DefaultCacheLockingManager.longRunningOperation(DefaultCacheLockingManager.java:57)
14:29:03.256 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CacheLockingModuleVersionRepository.getDependency(CacheLockingModuleVersionRepository.java:49)
14:29:03.256 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleVersionRepository.resolveModule(CachingModuleVersionRepository.java:157)
14:29:03.257 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleVersionRepository.findModule(CachingModuleVersionRepository.java:94)
14:29:03.257 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.CachingModuleVersionRepository.getDependency(CachingModuleVersionRepository.java:85)
14:29:03.258 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.IvyContextualiser$1.invoke(IvyContextualiser.java:44)
14:29:03.258 [ERROR] [org.gradle.BuildExceptionReporter]
at $Proxy36.getDependency(Unknown Source)
14:29:03.259 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.UserResolverChain.findLatestModule(UserResolverChain.java:73)
14:29:03.260 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.artifacts.ivyservice.ivyresolve.UserResolverChain.resolve(UserResolverChain.java:54)
14:29:03.260 [ERROR] [org.gradle.BuildExceptionReporter]
... 103 more
14:29:03.261 [ERROR] [org.gradle.BuildExceptionReporter] Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
14:29:03.261 [ERROR] [org.gradle.BuildExceptionReporter]
at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
14:29:03.262 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)
14:29:03.262 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:397)
14:29:03.263 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:148)
14:29:03.263 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:149)
14:29:03.264 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:121)
14:29:03.264 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:573)
14:29:03.264 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:425)
14:29:03.265 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
14:29:03.265 [ERROR] [org.gradle.BuildExceptionReporter]
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
14:29:03.265 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpClientHelper.performHttpRequest(HttpClientHelper.java:120)
14:29:03.266 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpClientHelper.executeGetOrHead(HttpClientHelper.java:94)
14:29:03.266 [ERROR] [org.gradle.BuildExceptionReporter]
at org.gradle.api.internal.externalresource.transport.http.HttpClientHelper.performRequest(HttpClientHelper.java:85)
14:29:03.267 [ERROR] [org.gradle.BuildExceptionReporter]
... 129 more

It could be that the HTTP library is not using the cacert or the SSL private key is not being used. Let me know if I can provide any more information.

luke_daley · January 15, 2013, 2:54pm

Is changing keyStore properties (e.g ‘javax.net.ssl.keyStore’) at runtime supported? If not, this won’t work.

tjbrosnan · January 15, 2013, 3:05pm

That could be the issue but then i would expect that if i launch the wrapper script with the keyStore properties then the arguments wont be picked up by the daemon process launched by the tooling API.

The reason for the wrapper script in the first place is so that i can run the application inside my IntelliJ IDE.

luke_daley · January 15, 2013, 3:09pm

There’s no doubt that the tooling API should handle this properly. We have to add special handling for system properties that are immutable, and currently we don’t treat the keystore properties as immutable.

I haven’t found anything conclusive, but I’ve seen some posts saying these properties need to be set at JVM startup time. The next thing we need to do is confirm this.

tjbrosnan · January 16, 2013, 6:30pm

The command line system.properties worked fine for me when I tested it using

gradle -b webapp.gradle clean jettyRun -Djavax.net.ssl.keyStore=/Users/username/certs/cert19.p12 -Djavax.net.ssl.keyStoreType=pkcs12 -Djavax.net.ssl.keyStorePassword=XXXXXX

I noticed one strange thing, running a build from the command line used the gradle cache for the https dependency but when i launched a build from the wrapper script the cache was not used and I was back to the SSLPeerUnverifiedException.

luke_daley · January 16, 2013, 6:31pm

What happens if you define the properties via GRADLE_OPTS env var?

tjbrosnan · January 17, 2013, 9:31am

GRADLE_OPTS works fine with the normal gradle daemon process but the environment variables are not picked up by the tooling API daemon process

luke_daley · January 17, 2013, 10:42am

That’s pretty conclusive I’ve raised as GRADLE-2637.

Unfortunately, I can’t think of any workaround. We’ll see what we can do about getting this prioritised for 1.5. Thanks for your help on this.

I’ll see if we can think of some workaround in the meantime.

tjbrosnan · January 17, 2013, 2:20pm

Thanks

Frederic_Chuong · May 26, 2013, 9:44pm

I have the same problem with the deamon not honoring the user.language / user.country / user.timezone system properties (Gradle 1.6)

build.gradle

defaultTasks 'printSys'
task printSys << {
    println "user.timezone sys property = " + System.properties["user.timezone"]
    println "user.language sys property = " + System.properties["user.language"]
    println "user.country sys property = " + System.properties["user.country"]
    println "GRADLE_OPTS env variable = " + System.getenv("GRADLE_OPTS")
    println "JAVA_TOOL_OPTIONS env variable = " + System.getenv("JAVA_TOOL_OPTIONS")
    println "TimeZone test: " + TimeZone.getDefault()
    println "Locale test: " + Locale.getDefault()
    println "Date test: " + new Date().toString()
}

C:\test-gradle>gradle --no-daemon
:printSys
user.timezone sys property = Asia/Hong_Kong
user.language sys property = it
user.country sys property = IT
GRADLE_OPTS env variable = -Duser.timezone=Asia/Hong_Kong -Duser.country=IT -Duser.language=it
JAVA_TOOL_OPTIONS env variable = null
TimeZone test: sun.util.calendar.ZoneInfo[id="Asia/Hong_Kong",offset=28800000,dstSavings=0,useDaylight=false,transitions=71,lastRule=null]
Locale test: it_IT
Date test: Mon May 27 05:18:50 HKT 2013
  BUILD SUCCESSFUL
  Total time: 1.672 secs
C:\test-gradle>gradle --stop
No Gradle daemons are running.
C:\test-gradle>gradle
:printSys
user.timezone sys property = Asia/Hong_Kong
user.language sys property = it
user.country sys property = IT
GRADLE_OPTS env variable = -Duser.timezone=Asia/Hong_Kong -Duser.country=IT -Duser.language=it
JAVA_TOOL_OPTIONS env variable = null
TimeZone test: sun.util.calendar.ZoneInfo[id="Europe/Paris",offset=3600000,dstSavings=3600000,useDaylight=true,transitions=184,lastRule=java.util.SimpleTimeZone[id=Europe/Paris,offset=3600000,dstSavings=3600000,useDaylight=true,startYear=0,startMode=2,startMonth=2,startDay=-1,startDayOfWeek=1,startTime=3600000,startTimeMode=2,endMode=2,endMonth=9,endDay=-1,endDayOfWeek=1,endTime=3600000,endTimeMode=2]]
Locale test: en_US
Date test: Sun May 26 23:19:05 CEST 2013
  BUILD SUCCESSFUL
  Total time: 2.298 secs
C:\test-gradle>

The following gradle.properties doesn’t help:

org.gradle.jvmargs=-Duser.timezone=Asia/Hong_Kong -Duser.country=IT -Duser.language=it

This seems to be related to http://issues.gradle.org/browse/GRADLE-1618?focusedCommentId=14828&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-14828 (+ GRADLE-2637)