Add custom self-signed certificate for java projects
What does this MR do?
This MR handles the self-signed certificates for java projects.
The self-signed certification process is tested using a reverse proxy server.
What are the relevant issue numbers?
Test
Following output proves that java projects are able to download dependencies using self-signed certificate:
➜ spotbugs git:(ca-cert-java) ✗ cat ~/Documents/analyzers/analyzer-run2
#! /usr/bin/env bash
CODE=$1
shift
IMAGE=$1
shift
if [[ -z "$CODE" ]]; then
echo "Usage: $0 CODE_PATH [DOCKER_IMAGE]"
exit 1
fi
CODE=$(realpath $CODE)
if [[ -z "$IMAGE" ]]; then
IMAGE=$(basename $(pwd)):$(git rev-parse --abbrev-ref HEAD)
echo image: $IMAGE
fi
#docker run --rm -it --network="test" -e ADDITIONAL_CA_CERT_BUNDLE="$(cat ~/Documents/custom-ca-using-nginx/nginx-maven.crt)" -e CI_PROJECT_DIR=/tmp/app -e ANALYZER_ARTIFACT_DIR=/tmp/analyzer -v $(pwd):/tmp/analyzer -v ~/Documents/custom-ca-using-nginx/cacerts:/usr/local/sdkman/candidates/java/current/jre/lib/security/cacerts -v ~/Documents/custom-ca-using-nginx/nginx-dot-net.crt:/etc/ssl/certs/nginx-dot-net.crt -v ~/Documents/custom-ca-using-nginx/nginx-maven.crt:/etc/ssl/certs/nginx-maven.crt -v ~/Documents/custom-ca-using-nginx/nginx-localhost.crt:/etc/ssl/certs/nginx-localhost.crt -v $CODE:/tmp/app $IMAGE $@
docker run --rm -it --network="test" -e ADDITIONAL_CA_CERT_BUNDLE="$(cat ~/Documents/custom-ca-using-nginx/nginx-maven.crt)" -e CI_PROJECT_DIR=/tmp/app -e ANALYZER_ARTIFACT_DIR=/tmp/analyzer -v $(pwd):/tmp/analyzer -v $CODE:/tmp/app $IMAGE $@
➜ spotbugs git:(ca-cert-java) ✗ ~/Documents/analyzers/analyzer-run2 test/fixtures/maven-project
image: spotbugs:ca-cert-java
Certificate was added to keystore
Found project in /tmp/app
Default java version set to 8.0.252.hs-adpt
Found Maven project in /tmp/app directory
Found 1 analyzable projects.
Building Maven project at /tmp/app.
[INFO] Scanning for projects...
[INFO]
[INFO] -----------< com.gitlab.security_products.tests:java-maven >------------
[INFO] Building java-maven 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] Downloading from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom
[WARNING] Could not validate integrity of download from https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom: Checksum validation failed, no checksums available
[WARNING] Checksum validation failed, no checksums available from central for https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom
[INFO] Downloaded from central: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-resources-plugin/2.6/maven-resources-plugin-2.6.pom (8.1 kB at 22 kB/s)Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Auto-DevOps template (also in CE) -
Job definition example -
CI Templates (to be removed) -
Vendored CI Templates (also in CE)
-
-
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer
Edited by Saikat Sarkar