Add custom root authority to Gradle, e.g. to access internal Maven repos with self-signed certificates

assemble-cacerts.sh

#!/usr/bin/env bash

# Following https://discuss.gradle.org/t/gradle-with-self-signed-certificate/23036/9

# Script assumes it's located in a subdirectory one level below the project root.

set -ue

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
cacerts_pwd="changeit" # JDK default
gradle_props="${DIR}/../gradle.properties"

registry_host="your.host"
registry_cert="${DIR}/your-chain.crt"

# Add custom certificate chain to Java defaults
cp "${JAVA_HOME}/lib/security/cacerts" "${DIR}/"
keytool -import -alias "${registry_host}" -file "${registry_cert}" -keystore "${DIR}/cacerts" \
        -storepass "${cacerts_pwd}" -noprompt

# Tell Gradle to use the custom keystore
if [[ -f "${gradle_props}" ]]; then
    sed -i '/-Djavax.net.ssl.trustStore/d' "${gradle_props}"
fi
echo -e "\norg.gradle.jvmargs=-Djavax.net.ssl.trustStore=\"${DIR}/cacerts\" -Djavax.net.ssl.trustStorePassword=\"${cacerts_pwd}\"" \
    >> "${gradle_props}"

Note: This won't necessarily work with every conceivable gradle.properties, in particular if you use org.gradle.jvmargs for anything else.