• reference
  • integration with pipeline
  • aql
  • Artifactory SSL Certification
• configuration
  • allow partial folder in particular repo
  • access token

[!NOTE|label:reference:]

• How to enable verbose log on JVM Garbage Collection
  • JAVA_OPTIONS:

    -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps -Xloggc:/path/to/file/gc.log
    

reference

integration with pipeline

• Scripted Pipeline Syntax
• Jenkins Pipeline Examples

aql

Jenkins Artifactory Plugin AQL download latest artifact matching pattern

  $pair = "$($art_user):$($art_pass)"
  Write-Verbose "Attempting to convert Artifactory credentials to a base64 string for automation"
  $encodedCreds = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($pair))
  $basicAuthValue = "Basic $encodedCreds"
  $headers = @{
      Authorization = $basicAuthValue
  }

  Write-Host "Attempting to perform a AQL search."
  $aql_search = $art_base_url + "/api/search/aql"
  Write-Host "Building aql query with the following parameters, groupID: $group_id, artifactID: $artifact_id, version: $version, classifier: $classifier and repos: $art_generic_repokey."
  $aql_query = 'items.find({"repo":"' + $art_generic_repokey + '","$or":[{"$and":[{"path":{"$match":"' + $group_id + '/' + $artifact_id + '/' + $version + '"},"name":{"$match":"' + $artifact_id + '*' + $classifier + '*.' + $extension + '"}}]}]}).sort({"$desc":["modified"]}).limit(1)'
  Write-Host "Built the following aql query: '$aql_query' ."
  $aql_content = Invoke-RestMethod -Uri $aql_search -Headers $headers -Method Post -Body $aql_query -ContentType 'text/plain'
  Write-Host "Attempting to submit the aql query to the following artifactory server: $art_base_url."
  $aql_results = ($aql_content).results
  Write-Host "Attempting to parse query results and build the artifact download uri."
  $aql_repo,$aql_path,$aql_name = ($aql_results).repo,($aql_results).path,($aql_results).name
  $artifactDownloadUri = $art_base_url + '/' + $aql_repo + '/' + $aql_path + '/' + $aql_name
  Write-Host "Found the following uri: $artifactDownloadUri !!"

  if ($artifactMimeType  -eq 'application/zip' -or $extension -eq 'zip') {
      Write-Verbose "Attempting to save the artifact to $download_dir/$art_dist_name.zip"
      Invoke-RestMethod -Uri $artifactDownloadUri -Headers $headers -OutFile "$download_dir/$art_dist_name.zip"
  }

Artifactory SSL Certification

[!NOTE|label:references:]

• ARTIFACTORY: How to Resolve an “unable to find valid certification path to requested target” Error
• Using TLS Certificates as a Client
• Working with Certificates and SSL
• ibook : ssl/keystore

[!TIP|label:see also:]

• iMarslo: get remote server certs

get remote cert

$ openssl s_client -showcerts -connect <domain.com>:<port>

#i.e.
$ echo -n |
       openssl s_client -connect <domain.com>:<port> -debug |
       sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > <domain>.crt
# or
$ keytool -printcert \
          -rfc \
          -sslserver <domain.com>:<port> > <domain>.crt
# or
# https://www.howtouselinux.com/post/openssl-command-to-generate-view-check-certificate
$ echo -n |
       openssl s_client \
              [-servername <domain.com>] \
              -connect <domain.com>:<port> 2>/dev/null |
       openssl x509

[!NOTE] if issue (i:) is the same as subject (s:). Therefore, this is the root certificat. i.e. :

$ openssl s_client -connect cdn.redhat.com:443 -showcerts < /dev/null
Certificate chain
 0 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = cdn.redhat.com
   i:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
 1 s:C = US, ST = North Carolina, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Red Hat Entitlement Operations Authority, emailAddress = ca-support@redhat.com
   i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
 2 s:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
   i:C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU = Red Hat Network, CN = Entitlement Master CA, emailAddress = ca-support@redhat.com
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

import to truststore

$ sudo keytool -importcert \
               -keystore /usr/local/java/jdk1.8.0_60/jre/lib/security/cacerts \
               -storepass changeit \
               -file <domain>.crt \
               -alias "<domain>-crt"

configuration

allow partial folder in particular repo

access token

[!NOTE|label:references:]

• ARTIFACTORY: Creating Access Tokens in Artifactory
• Access Tokens

generating expirable tokens

• from version 7.21.1, this can be specified by setting the token.max-expiry parameter in the $JFROG_HOME/artifactory/var/etc/artifactory/access.config.yml file ( prior to version 7.21.1, the parameter to set was artifactory.access.token.non.admin.max.expires.in ).
• if the token.max-expiry is equal to 0 (which is the default), there is no limitation to the token expiry. However, if the maximum expiry is greater than 0, the user cannot create a non-expirable token.
• the token.max-expiry parameter must be set to a value higher than the token.default-expiry parameter value.