Build your Java TrustStore with Gradle
This Gradle plugin for Gradle 5.0 and newer can build a Java TrustStore from existing certificates. The generated TrustStore uses the JKS format as the database format for the certificates. Additionally, the certificates are checked for validity.
For example, DST Root CA X3 expires on September 30, 2021. So when this date draws near in relation to the system's local date, something like this happens:
cmd> # Windows, with the locale set to de_DE: cmd> date /T 10.07.2021 cmd> gradlew.bat build :assemble UP-TO-DATE :buildTrustStore UP-TO-DATE :checkCertificates FAILED FAILURE: Build failed with an exception. * What went wrong: Execution failed for task ':checkCertificates'. > Certificate is already or becomes invalid within the next 90 days: D:\truststorebuilder-gradle-plugin-demo\src\main\certs\Let's Encrypt\dstrootx3.pem * Try: Run with --stacktrace option to get the stack trace. Run with --info or --debug option to get more log output. BUILD FAILED Total time: 4.62 secs
The plugin registers an extension
trustStoreBuilder which allows to configure the following settings:
|password||The password used for the TrustStore.||changeit||String|
|trustStore||The file of the TrustStore to build.||$buildDir/cacerts.jks||Object*|
|inputDir||The directory which is scanned for certificates.||$projectDir/src/main/certs||Object*|
|acceptedFileEndings||A file being processed as a certificate has to have a file ending from this list.||['crt', 'cer', 'pem']||List<String>|
|atLeastValidDays||Number of days the certificates have to be at least valid.||90||int|
* Anything, that can be handled by project.file(...).
A demonstration of this plugin can be found in this repository.