This Gradle plugin for Gradle 8.0 and newer can build a Java TrustStore from existing certificates and bundles like the Mozilla CA certificate store. TrustStores can be built in the JKS format or as PKCS12-containers. Additionally, a validation check for the certificates is provided by this plugin, too.
The tasks provided by this plugin are configured via the extension trustStoreBuilder.
The following example registers two tasks buildTrustStore and checkCertificates, which are both included in the build and check phases:
plugins {
id "de.chkpnt.truststorebuilder" version "<version>"
}
// minimal configuration:
trustStoreBuilder {
trustStore {
}
checkCertificates {
}
}
// which is the same as
trustStoreBuilder {
trustStore {
path("$buildDir/cacerts.jks")
password("changeit")
source("src/main/certs")
include("**/*.crt", "**/*.cer", "**/*.pem")
buildEnabled.set(true)
}
checkCertificates {
source("src/main/certs")
include("**/*.crt", "**/*.cer", "**/*.pem")
exclude()
atLeastValidDays.set(90)
checkEnabled.set(true)
}
}The function trustStore takes a TrustStoreSpec and can be called multiple times,
if multiple TrustStores are to be built.
In such a case, the TrustStores need to be named:
trustStoreBuilder {
trustStore("jks") {
path("$buildDir/cacerts.jks")
}
trustStore("pkcs12") {
path("$buildDir/cacerts.p12")
}
}A TrustStoreSpec consists the following settings:
| Setting | Description | Default | Type |
|---|---|---|---|
| path(value: Any) | The file of the TrustStore to build. The type of the TrustStore is derived from the file extension. Supported are jks, p12, and pfx. | $buildDir/cacerts.jks | function |
| password(value: String) | The password used for the TrustStore. | changeit | function |
| source(directory: Any*) | The directory which is scanned for certificates and bundles. | $projectDir/src/main/certs | function |
| include(vararg patterns: String) | Filter for the source directory. | ['/*.crt', '/.cer', '**/.pem'] | function |
| buildEnabled | Should the build-task depend on buildTrustStore<Name>? |
true | Property<Boolean> |
The function checkCertificates takes a CheckCertsSpec, consisting of the following settings:
| Setting | Description | Default | Type |
|---|---|---|---|
| source(directory: Any*) | The directory which is scanned for certificates and bundles. | $projectDir/src/main/certs | function |
| include(vararg patterns: String) | Filter for the source directory, can be called multiple times. | ['/*.crt', '/.cer', '**/.pem'] | function |
| exclude(vararg patterns: String) | Exclusions for the source directory, can be called multiple times. | [] | function |
| atLeastValidDays | Number of days the certificates have to be at least valid. | 90 | Property<Int> |
| checkEnabled | Should the check-task depend on checkCertificates? |
true | Property<Boolean> |
* Anything, that can be handled by project.file(...).
A demonstration of this plugin can be found in this repository.