DEV Community

ColtonIdle
ColtonIdle

Posted on • Edited on

Android Dev and zscaler

#android #java #tooling

Are you installing cacerts into every jdk?

How about just adding onto your global gradle.properties (i.e. ~/.gradle/gradle.properties)

For Gradle:
# local zScaler proxy host and port
systemProp.https.proxyHost=127.0.0.1
systemProp.https.proxyPort=9000
# to support zScaler TLS inspection, use the Windows cert storage with the zScaler cert
systemProp.javax.net.ssl.trustStoreType=Windows-ROOT
# macOS
systemProp.javax.net.ssl.trustStoreType=KeychainStore
Enter fullscreen mode Exit fullscreen mode

On my mac, all I needed was systemProp.javax.net.ssl.trustStoreType=KeychainStore but I'm including everything else above just in case.

You can also set this on java instead of gradle. This could be helpful if running tools like gradle-profiler which don't automatically detect your gradle user home.

export JAVA_TOOL_OPTIONS="-Djavax.net.ssl.trustStoreType=KeychainStore"

Last resort:
~/.gradle/init.d/certs.init.gradle.kts

add this

import java.security.KeyStore
import java.security.cert.CertificateFactory
import java.security.cert.X509Certificate

val trustStoreProp = "javax.net.ssl.trustStore"
val privateRootFile = file("private.pem")

beforeSettings {
    if (System.getProperty(trustStoreProp)?.endsWith("+private") == true) return@beforeSettings
    val defaultTrustStore = System.getProperty(trustStoreProp)?.let { File(it) }
        ?: File(System.getProperty("java.home"), "lib/security/cacerts")
    val alternateTrustStore = File(rootDir, "build/tmp/cacerts+private")
    try {
        val keyStore = KeyStore.getInstance(KeyStore.getDefaultType())
        val trustStorePassword = System.getProperty("${trustStoreProp}Password")?.toCharArray()
        if (defaultTrustStore.exists()) defaultTrustStore.inputStream().use { keyStore.load(it, trustStorePassword) }
        val privateRoot = privateRootFile.inputStream()
            .use(CertificateFactory.getInstance("X.509")::generateCertificate) as X509Certificate
        keyStore.setCertificateEntry(privateRoot.subjectX500Principal.name, privateRoot)
        alternateTrustStore.parentFile.mkdirs()
        alternateTrustStore.outputStream().use {
            keyStore.store(it, trustStorePassword ?: "changeit".toCharArray())
        }
    } catch (e: Exception) {
        if (alternateTrustStore.exists()) alternateTrustStore.delete()
        throw e
    }
    System.setProperty(trustStoreProp, alternateTrustStore.absolutePath)
    logger.info("$trustStoreProp set to $alternateTrustStore")
}
Enter fullscreen mode Exit fullscreen mode

Top comments (0)