Skip to content

chkpnt/truststorebuilder-gradle-plugin

main
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Build your Java TrustStore with Gradle

This Gradle plugin for Gradle 7.0 and newer can build a Java TrustStore from existing certificates and bundles like the Mozilla CA certificate store. TrustStores can be built in the JKS format or as PKCS12-containers. Additionally, a validation check for the certificates is provided by this plugin, too.

Status

Gradle plugin License
GitHub Workflow Status Windows Build Status KDoc SonarQube Tests
Codecov Test coverage by codecov.io

Configuration

The tasks provided by this plugin are configured via the extension trustStoreBuilder. The following example registers two tasks buildTrustStore and checkCertificates, which are both included in the build and check phases:

plugins {
    id "de.chkpnt.truststorebuilder" version "<version>"
}

// minimal configuration:
trustStoreBuilder {
    trustStore {
    }
    checkCertificates {
    }
}

// which is the same as
trustStoreBuilder {
    trustStore {
        path("$buildDir/cacerts.jks")
        password("changeit")
        source("src/main/certs")
        include("**/*.crt", "**/*.cer", "**/*.pem")
        buildEnabled.set(true)
    }
    checkCertificates {
        source("src/main/certs")
        include("**/*.crt", "**/*.cer", "**/*.pem")
        exclude()
        atLeastValidDays.set(90)
        checkEnabled.set(true)
    }
}

The function trustStore takes a TrustStoreSpec and can be called multiple times, if multiple TrustStores are to be built. In such a case, the TrustStores need to be named:

trustStoreBuilder {
    trustStore("jks") {
        path("$buildDir/cacerts.jks")
    }
    trustStore("pkcs12") {
        path("$buildDir/cacerts.p12")
    }
}

A TrustStoreSpec consists the following settings:

Setting Description Default Type
path(value: Any) The file of the TrustStore to build. The type of the TrustStore is derived from the file extension. Supported are jks, p12, and pfx. $buildDir/cacerts.jks function
password(value: String) The password used for the TrustStore. changeit function
source(directory: Any*) The directory which is scanned for certificates and bundles. $projectDir/src/main/certs function
include(vararg patterns: String) Filter for the source directory. ['/*.crt', '/.cer', '**/.pem'] function
buildEnabled Should the build-task depend on buildTrustStore<Name>? true Property<Boolean>

The function checkCertificates takes a CheckCertsSpec, consisting of the following settings:

Setting Description Default Type
source(directory: Any*) The directory which is scanned for certificates and bundles. $projectDir/src/main/certs function
include(vararg patterns: String) Filter for the source directory, can be called multiple times. ['/*.crt', '/.cer', '**/.pem'] function
exclude(vararg patterns: String) Exclusions for the source directory, can be called multiple times. [] function
atLeastValidDays Number of days the certificates have to be at least valid. 90 Property<Int>
checkEnabled Should the check-task depend on checkCertificates? true Property<Boolean>

* Anything, that can be handled by project.file(...).

Example

A demonstration of this plugin can be found in this repository.