ort: Analyzer fails to authenticate with Artifactory when downloading artifacts (http-401)

Hi there,

I’m having trouble to authenticate against Artifactory when running ort analyze.

Credendials for Artifactory (username / password) are provided via .netrc file and Maven settings.xml. But download attempts always result in a http-401 unauthorized.

Downloading these artifacts via cURL works fine, when I provide username / password. So it seems that the configuration on Artifactory side is fine.

Did I miss some configuration? What can I do to solve this issue? I appreciate your help! 😃

08:31:50.127 [DefaultDispatcher-worker-3] DEBUG org.ossreviewtoolkit.analyzer.managers.utils.MavenSupport - Remote location for 'external.c:openssl:jar:sources:1.1.1n': external/c/openssl/1.1.1n/openssl-1.1.1n-sources.jar
08:31:50.127 [DefaultDispatcher-worker-3] DEBUG org.eclipse.aether.internal.impl.DefaultTransporterProvider - Using transporter HttpTransporter with priority 5.0 for https://artifactory.*****.com/artifactory/its-external
08:31:50.127 [DefaultDispatcher-worker-3] DEBUG org.eclipse.aether.internal.impl.DefaultRepositoryConnectorProvider - Using connector BasicRepositoryConnector with priority 0.0 for https://artifactory.*****.com/artifactory/its-external
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: default
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection request: [route: {s}->https://artifactory.*****.com:443][total/ available: 2; route allocated: 1 of 50; total allocated: 2 of 100]
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection leased: [id: 1][route: {s}->https://artifactory.*****.com:443][total/ available: 1; route allocated: 1 of 50; total allocated: 2 of 100]
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-1: set socket timeout to 0
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-1: set socket timeout to 1800000
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.execchain.MainClientExec - Executing request HEAD /artifactory/its-external/external/c/openssl/1.1.1n/openssl-1.1.1n-sources.jar HTTP/1.1
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
08:31:50.128 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
08:31:50.154 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive indefinitely
08:31:50.154 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.auth.HttpAuthenticator - Authentication required
08:31:50.154 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.auth.HttpAuthenticator - artifactory.*****.com:443 requested authentication
08:31:50.154 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, CredSSP, Digest, Basic]
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for NTLM authentication scheme not available
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for CredSSP authentication scheme not available
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.client.TargetAuthenticationStrategy - Challenge for Digest authentication scheme not available
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection [id: 1][route: {s}->https://artifactory.*****.com:[443](https://gitlab.*****.com/mocca/oss-review-toolkit/-/jobs/5359208#L443)] can be kept alive indefinitely
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-1: set socket timeout to 0
08:31:50.155 [DefaultDispatcher-worker-3] DEBUG org.apache.http.impl.conn.PoolingHttpClientConnectionManager - Connection released: [id: 1][route: {s}->https://artifactory.*****.com:443]/[total available: 2; route allocated: 1 of 50; total allocated: 2 of 100]
08:31:50.155 [DefaultDispatcher-worker-3] WARN  org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie header: "Set-Cookie: AWSALBTG=wXE1osuo2pSAo+9NrSYXQ0EgQ2RySOklfj2QVhTXb2XX8HUxx5SaEIuyM0g+1x0pNOGyJRicNpJu9twEyDD33tSMSP9Y1ErNosFyl01UlYBi14GuJKNcVbUymYQIuzH67Osj5QbGasz4uEtYTYXYnLmrRmZgASaGHeoNH6JETQIxu72H***=; Expires=Wed, 06 Jul 2022 08:31:50 GMT; Path=/". Invalid 'expires' attribute: Wed, 06 Jul 2022 08:31:50 GMT
08:31:50.155 [DefaultDispatcher-worker-3] WARN  org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie header: "Set-Cookie: AWSALBTGCORS=wXE1osuo2pSAo+9NrSYXQ0EgQ2RySOklfj2QVhTXb2XX8HUxx5SaEIuyM0g+1x0pNOGyJRicNpJu9twEyDD33tSMSP9Y1ErNosFyl01UlYBi14GuJKNcVbUymYQIuzH67Osj5QbGasz4uEtYTYXYnLmrRmZgASaGHeoNH6JETQIxu72H***=; Expires=Wed, 06 Jul 2022 08:31:50 GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Wed, 06 Jul 2022 08:31:50 GMT
08:31:50.156 [DefaultDispatcher-worker-3] WARN  org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie header: "Set-Cookie: AWSALB=Aj+xDryH81fx1LpTd/dzakMUkCUkt999yNNXJF8kysW7vCWHmFINz4B1EKXdDg+QDsp61KiKbnP3qvBQP21oJMEyTFPnDTQRNl/KXxIoojVo0DDjX7niHOIXhG4a; Expires=Wed, 06 Jul 2022 08:31:50 GMT; Path=/". Invalid 'expires' attribute: Wed, 06 Jul 2022 08:31:50 GMT
08:31:50.156 [DefaultDispatcher-worker-3] WARN  org.apache.http.client.protocol.ResponseProcessCookies - Invalid cookie header: "Set-Cookie: AWSALBCORS=Aj+xDryH81fx1LpTd/dzakMUkCUkt999yNNXJF8kysW7vCWHmFINz4B1EKXdDg+QDsp61KiKbnP3qvBQP21oJMEyTFPnDTQRNl/KXxIoojVo0DDjX7niHOIXh***; Expires=Wed, 06 Jul 2022 08:31:50 GMT; Path=/; SameSite=None; Secure". Invalid 'expires' attribute: Wed, 06 Jul 2022 08:31:50 GMT
08:31:50.156 [DefaultDispatcher-worker-3] DEBUG org.ossreviewtoolkit.analyzer.managers.utils.MavenSupport - Transfer failed: GET_EXISTENCE FAILED https://artifactory.*****.com/artifactory/its-external/external/c/openssl/1.1.1n/openssl-1.1.1n-sources.jar <> /root/.m2/repository/external/c/openssl/1.1.1n/openssl-1.1.1n-sources.jar
08:31:50.156 [DefaultDispatcher-worker-3] DEBUG org.ossreviewtoolkit.analyzer.managers.utils.MavenSupport - Could not find 'external.c:openssl:jar:sources:1.1.1n' in 'https://artifactory.*****.com/artifactory/its-external (https://artifactory.*****.com/artifactory/its-external, default, releases+snapshots)': ArtifactTransferException: Could not transfer artifact external.c:openssl:jar:sources:1.1.1n from/to https://artifactory.*****.com/artifactory/its-external (https://artifactory.*****.com/artifactory/its-external): status code: 401, reason phrase:  (401)
Caused by: HttpResponseException: status code: 401, reason phrase:  (401)
08:31:50.156 [DefaultDispatcher-worker-3] DEBUG org.ossreviewtoolkit.analyzer.managers.utils.MavenSupport - Unable to find 'external.c:openssl:jar:sources:1.1.1n' in any of [https://repo.maven.apache.org/maven2, https://artifactory.*****.com/artifactory/its-external].
08:31:50.156 [DefaultDispatcher-worker-3] DEBUG org.ossreviewtoolkit.analyzer.managers.utils.MavenSupport - Writing empty remote artifact for 'external.c:openssl:jar:sources:1.1.1n' to disk cache.

(i) Some information like URLs and header information have been obfuscated with ***