├── .gitignore
├── Jenkinsfile
├── LICENSE
├── README.md
├── build.gradle.kts
├── gradle
└── wrapper
│ ├── gradle-wrapper.jar
│ └── gradle-wrapper.properties
├── gradlew
├── gradlew.bat
├── settings.gradle.kts
└── src
└── main
└── kotlin
└── com
└── digithurst
└── gradle
└── truststore
├── TrustedCertificates.kt
├── Truststore.kt
├── TruststorePlugin.kt
└── package-info.md
/.gitignore:
--------------------------------------------------------------------------------
1 | # Compiled class file
2 | *.class
3 |
4 | # Log file
5 | *.log
6 |
7 | # BlueJ files
8 | *.ctxt
9 |
10 | # Mobile Tools for Java (J2ME)
11 | .mtj.tmp/
12 |
13 | # Package Files #
14 | *.jar
15 | *.war
16 | *.nar
17 | *.ear
18 | *.zip
19 | *.tar.gz
20 | *.rar
21 |
22 | # virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
23 | hs_err_pid*
24 |
25 | /.idea/
26 | .gradle/
27 | /build/
28 | /buildSrc/build/
29 | !/gradle/wrapper/*
--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
1 | pipeline {
2 | agent any
3 |
4 | options {
5 | buildDiscarder(logRotator(
6 | artifactNumToKeepStr: '10',
7 | numToKeepStr: '100'
8 | ))
9 | }
10 |
11 | environment {
12 | BUILD_LABEL = buildLabel()
13 | BUILD_IS_RELEASE = "${isRelease()}"
14 |
15 | GPP_AUTH = credentials('gradle-plugin-portal-auth')
16 | }
17 |
18 | stages {
19 | stage('Prepare') {
20 | steps {
21 | sh script: './gradlew --no-daemon --version'
22 | sh script: "./gradlew --no-daemon clean"
23 | }
24 | }
25 |
26 | stage('Build') {
27 | steps {
28 | sh './gradlew --no-daemon assemble'
29 | }
30 | }
31 |
32 | // TODO: We probably should have _some_ tests and analyses. ^_^
33 |
34 | stage('Publish') {
35 | steps {
36 | // TODO: Is this necessary? We publish globally, after all.
37 | dir('build/libs') {
38 | archiveArtifacts artifacts: "*.jar", fingerprint: true, onlyIfSuccessful: true
39 | }
40 |
41 | script {
42 | if (isRelease()) {
43 | sh script: ["./gradlew --no-daemon publishPlugins",
44 | "-Pgradle.publish.key=${env.GPP_AUTH_USR}",
45 | "-Pgradle.publish.secret=${env.GPP_AUTH_PSW}"].join(" ")
46 | }
47 |
48 | // TODO: Use GitHub API to create a release there
49 | }
50 | }
51 | }
52 | }
53 |
54 | post {
55 | success {
56 | script {
57 | if (isRelease()) {
58 | persistAndDescribeBuild()
59 | }
60 | }
61 | }
62 | }
63 | }
64 |
65 | /**
66 | * Parses the (branch or) tag being built and extracts the version number.
67 | *
68 | * Note: If an actual branch is being built, this method will still
69 | * attempt to match. Use outside of a `when { tag ... }` guard at your own risk.
70 | *
71 | * @return
72 | * The version number, if any; {@code null} if there is no (matching) tag.
73 | */
74 | String versionFromTag() {
75 | String tag = env.BRANCH_NAME
76 |
77 | def matchRC = tag =~ /^v(\d+\.\d+\.\d+-rc\d*)$/
78 | if (matchRC.matches()) {
79 | return matchRC[0][1]
80 | }
81 |
82 | def matchRelease = tag =~ /^v(\d+\.\d+\.\d+)$/
83 | if (matchRelease.matches()) {
84 | return matchRelease[0][1]
85 | }
86 |
87 | return null
88 | }
89 |
90 | /**
91 | * @return a unique label for the current build (assuming branches and tags don't collide).
92 | */
93 | String buildLabel() {
94 | return versionFromTag() ?: "${env.GIT_BRANCH}.${env.BUILD_ID}"
95 | }
96 |
97 | /**
98 | * @return {@code true} if (and only if) this build is for a release (candidate),
99 | * as determined from the tag (or branch) name.
100 | */
101 | Boolean isRelease() {
102 | return versionFromTag() != null
103 | }
104 |
105 | /**
106 | * Tells Jenkins to keep this build forever
107 | *
108 | * @param displayName
109 | * A nicer name to be shown instead of the build number.
110 | * If {@code null}, uses the version from the tag.
111 | *
112 | * @param description
113 | * A longer description.
114 | * If {@code null}, uses a reasonable default based on the tag.
115 | */
116 | void persistAndDescribeBuild(String displayName = null, String description = null) {
117 | currentBuild.keepLog = true
118 | currentBuild.displayName = displayName ?: currentBuild.displayName
119 |
120 | if ( description != null ) {
121 | currentBuild.description = description
122 | } else {
123 | String version = versionFromTag()
124 | String candidate = version.contains("-rc") ? " Candidate" : ""
125 | version = version.replace("-rc", " RC ")
126 | currentBuild.description = "Release${candidate} ${version}"
127 | }
128 | }
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # Custom Trust Stores for Gradle Builds
2 |
3 |
8 |
9 | Configure a custom trust store for Gradle to use during builds.
10 | For example, this allows Gradle to pull dependencies from a Maven
11 | repository that uses a self-signed certificate.
12 |
13 | ## Usage
14 |
15 | Add this to your `build.gradle.kts` file:
16 |
17 | ```kotlin
18 | plugins {
19 | id("com.digithurst.gradle.truststore") version "1.1.0"
20 | }
21 |
22 | truststore {
23 | base = empty("your-secure-password") // XOR
24 | base = file("your-truststore", password = "your-secure-password") // XOR
25 | base = java("your-secure-password")
26 | // default:
27 | // base = java("changeit")
28 |
29 | trustedCertificates {
30 | file("your-certificate.crt", alias = "your.host")
31 | }
32 | // default: no addition certificates
33 | }
34 | ```
35 |
36 | Or, if you prefer, your `build.gradle` file:
37 |
38 | ```groovy
39 | plugins {
40 | id 'com.digithurst.gradle.truststore' version '1.1.0'
41 | }
42 |
43 | truststore {
44 | base = java("changeit")
45 |
46 | trustedCertificates {
47 | it.file("your-certificate.crt", "your.host")
48 | }
49 | }
50 |
51 | ```
52 |
53 | _Note:_
54 |
55 | * If `base = java(...)` is used, the plugin will look for trust store
56 | `$JAVA_HOME/lib/security/cacerts`. Provide the corresponding password.
57 | * In case of `file` and `java`, the original key stores are never changed.
58 |
59 |
60 | ## Additional Hints
61 |
62 | * If you have a PEM certificate instead of a CRT, convert it like so:
63 |
64 | ```bash
65 | openssl x509 -in your-certificate.pem -inform PEM -out your-certificate.crt
66 | ```
67 |
68 | ## Limitations
69 |
70 |
71 |
72 | * Since the modified trust store is assembled _after_ processing of
73 | the build script, it won't be available for pulling _plugins_ via
74 | HTTPS. In such a case, you will have to create your store manually
75 | using `keytool` (or pick the result of this plugin up in
76 | `build/truststores`), and point Gradle towards it manually,
77 | e.g. like so:
78 |
79 | ```groove
80 | buildscript {
81 | System.setProperty('javax.net.ssl.trustStore', 'your-truststore')
82 | System.setProperty('javax.net.ssl.trustStorePassword', 'your-secure-password')
83 | }
84 | ```
85 | * Changes in the trust store configuration are not picked up by running
86 | Gradle daemons. Stop all daemons with `grade --stop` after making
87 | changes, or use `--no-daemon` in the first place (until the configuration
88 | has converged).
89 | * The plugin may not work if any of the other plugins performs an SSL connection
90 | during build script evaluation.
91 |
92 | ## References
93 |
94 | * https://www.baeldung.com/java-truststore
95 | * https://plugins.gradle.org/plugin/de.chkpnt.truststorebuilder
96 | Builds a trust store, but doesn't configure Gradle itself to use it.
--------------------------------------------------------------------------------
/build.gradle.kts:
--------------------------------------------------------------------------------
1 | /* * * * * * * * * * * *
2 | * Parameters
3 | * * * * * * * * * * * */
4 |
5 | // name --> settings.gradle.kts
6 | group = "com.digithurst"
7 | version = System.getenv("BUILD_LABEL") ?: "local"
8 | val isReleaseBuild = System.getenv("BUILD_IS_RELEASE")?.toBoolean() ?: false
9 |
10 | /* * * * * * * * * * * *
11 | * Configure Plugins
12 | * * * * * * * * * * * */
13 |
14 | plugins {
15 | `java-gradle-plugin`
16 | kotlin("jvm") version "1.3.31"
17 |
18 | id("com.gradle.plugin-publish") version "0.10.1"
19 | id("org.jetbrains.dokka") version "0.9.18"
20 | }
21 |
22 | configure {
23 | sourceCompatibility = JavaVersion.VERSION_1_8
24 | targetCompatibility = JavaVersion.VERSION_1_8
25 | }
26 |
27 | gradlePlugin {
28 | plugins {
29 | create("truststorePlugin") {
30 | id = "com.digithurst.gradle.truststore"
31 | implementationClass = "com.digithurst.gradle.truststore.TruststorePlugin"
32 | }
33 | }
34 | }
35 |
36 | /* * * * * * * * * * * *
37 | * Configure Dependencies
38 | * * * * * * * * * * * */
39 |
40 | repositories {
41 | jcenter()
42 | mavenCentral()
43 | }
44 |
45 | dependencies {
46 | implementation(kotlin("stdlib-jdk8"))
47 | }
48 |
49 | pluginBundle {
50 | website = "https://github.com/Digithurst/gradle-truststore-plugin"
51 | vcsUrl = "https://github.com/Digithurst/gradle-truststore-plugin.git"
52 |
53 | (plugins) {
54 | "truststorePlugin" {
55 | displayName = "Custom Trust Stores for Builds"
56 | description = """
57 | Configure a custom trust store for Gradle to use during builds.
58 | For example, this allows Gradle to pull dependencies from a Maven
59 | repository that uses a self-signed certificate.
60 | """.trimIndent().replace("\n", "")
61 | tags = listOf("certificates", "ca", "truststore", "build-configuration")
62 | }
63 | }
64 | }
65 |
66 | /* * * * * * * * * * * *
67 | * Configure Tasks
68 | * * * * * * * * * * * */
69 |
70 | tasks {
71 | compileKotlin.get().kotlinOptions {
72 | jvmTarget = "1.8"
73 | }
74 |
75 | compileTestKotlin.get().kotlinOptions {
76 | jvmTarget = "1.8"
77 | }
78 |
79 | val sourceJar by creating(Jar::class) {
80 | archiveClassifier.set("sources")
81 | from(sourceSets.main.get().allSource)
82 | }
83 | artifacts.add("archives", sourceJar)
84 |
85 | dokka {
86 | outputDirectory = "$buildDir/javadoc"
87 | jdkVersion = 8
88 | includes = listOf("src/main/kotlin/com/digithurst/gradle/truststore/package-info.md")
89 | }
90 |
91 | val dokkaJar by creating(Jar::class) {
92 | from(dokka)
93 | group = JavaBasePlugin.DOCUMENTATION_GROUP
94 | archiveClassifier.set("javadoc")
95 | description = "Assembles Kotlin docs with Dokka"
96 | }
97 | artifacts.add("archives", dokkaJar)
98 | }
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Digithurst/gradle-truststore-plugin/94c28d60a588d5040155920ec21146bf8b52145b/gradle/wrapper/gradle-wrapper.jar
--------------------------------------------------------------------------------
/gradle/wrapper/gradle-wrapper.properties:
--------------------------------------------------------------------------------
1 | distributionBase=GRADLE_USER_HOME
2 | distributionPath=wrapper/dists
3 | distributionUrl=https\://services.gradle.org/distributions/gradle-5.4.1-bin.zip
4 | zipStoreBase=GRADLE_USER_HOME
5 | zipStorePath=wrapper/dists
6 |
--------------------------------------------------------------------------------
/gradlew:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env sh
2 |
3 | #
4 | # Copyright 2015 the original author or authors.
5 | #
6 | # Licensed under the Apache License, Version 2.0 (the "License");
7 | # you may not use this file except in compliance with the License.
8 | # You may obtain a copy of the License at
9 | #
10 | # http://www.apache.org/licenses/LICENSE-2.0
11 | #
12 | # Unless required by applicable law or agreed to in writing, software
13 | # distributed under the License is distributed on an "AS IS" BASIS,
14 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 | # See the License for the specific language governing permissions and
16 | # limitations under the License.
17 | #
18 |
19 | ##############################################################################
20 | ##
21 | ## Gradle start up script for UN*X
22 | ##
23 | ##############################################################################
24 |
25 | # Attempt to set APP_HOME
26 | # Resolve links: $0 may be a link
27 | PRG="$0"
28 | # Need this for relative symlinks.
29 | while [ -h "$PRG" ] ; do
30 | ls=`ls -ld "$PRG"`
31 | link=`expr "$ls" : '.*-> \(.*\)$'`
32 | if expr "$link" : '/.*' > /dev/null; then
33 | PRG="$link"
34 | else
35 | PRG=`dirname "$PRG"`"/$link"
36 | fi
37 | done
38 | SAVED="`pwd`"
39 | cd "`dirname \"$PRG\"`/" >/dev/null
40 | APP_HOME="`pwd -P`"
41 | cd "$SAVED" >/dev/null
42 |
43 | APP_NAME="Gradle"
44 | APP_BASE_NAME=`basename "$0"`
45 |
46 | # Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
47 | DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
48 |
49 | # Use the maximum available, or set MAX_FD != -1 to use that value.
50 | MAX_FD="maximum"
51 |
52 | warn () {
53 | echo "$*"
54 | }
55 |
56 | die () {
57 | echo
58 | echo "$*"
59 | echo
60 | exit 1
61 | }
62 |
63 | # OS specific support (must be 'true' or 'false').
64 | cygwin=false
65 | msys=false
66 | darwin=false
67 | nonstop=false
68 | case "`uname`" in
69 | CYGWIN* )
70 | cygwin=true
71 | ;;
72 | Darwin* )
73 | darwin=true
74 | ;;
75 | MINGW* )
76 | msys=true
77 | ;;
78 | NONSTOP* )
79 | nonstop=true
80 | ;;
81 | esac
82 |
83 | CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
84 |
85 | # Determine the Java command to use to start the JVM.
86 | if [ -n "$JAVA_HOME" ] ; then
87 | if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
88 | # IBM's JDK on AIX uses strange locations for the executables
89 | JAVACMD="$JAVA_HOME/jre/sh/java"
90 | else
91 | JAVACMD="$JAVA_HOME/bin/java"
92 | fi
93 | if [ ! -x "$JAVACMD" ] ; then
94 | die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
95 |
96 | Please set the JAVA_HOME variable in your environment to match the
97 | location of your Java installation."
98 | fi
99 | else
100 | JAVACMD="java"
101 | which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
102 |
103 | Please set the JAVA_HOME variable in your environment to match the
104 | location of your Java installation."
105 | fi
106 |
107 | # Increase the maximum file descriptors if we can.
108 | if [ "$cygwin" = "false" -a "$darwin" = "false" -a "$nonstop" = "false" ] ; then
109 | MAX_FD_LIMIT=`ulimit -H -n`
110 | if [ $? -eq 0 ] ; then
111 | if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
112 | MAX_FD="$MAX_FD_LIMIT"
113 | fi
114 | ulimit -n $MAX_FD
115 | if [ $? -ne 0 ] ; then
116 | warn "Could not set maximum file descriptor limit: $MAX_FD"
117 | fi
118 | else
119 | warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
120 | fi
121 | fi
122 |
123 | # For Darwin, add options to specify how the application appears in the dock
124 | if $darwin; then
125 | GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
126 | fi
127 |
128 | # For Cygwin, switch paths to Windows format before running java
129 | if $cygwin ; then
130 | APP_HOME=`cygpath --path --mixed "$APP_HOME"`
131 | CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
132 | JAVACMD=`cygpath --unix "$JAVACMD"`
133 |
134 | # We build the pattern for arguments to be converted via cygpath
135 | ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
136 | SEP=""
137 | for dir in $ROOTDIRSRAW ; do
138 | ROOTDIRS="$ROOTDIRS$SEP$dir"
139 | SEP="|"
140 | done
141 | OURCYGPATTERN="(^($ROOTDIRS))"
142 | # Add a user-defined pattern to the cygpath arguments
143 | if [ "$GRADLE_CYGPATTERN" != "" ] ; then
144 | OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
145 | fi
146 | # Now convert the arguments - kludge to limit ourselves to /bin/sh
147 | i=0
148 | for arg in "$@" ; do
149 | CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
150 | CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
151 |
152 | if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
153 | eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
154 | else
155 | eval `echo args$i`="\"$arg\""
156 | fi
157 | i=$((i+1))
158 | done
159 | case $i in
160 | (0) set -- ;;
161 | (1) set -- "$args0" ;;
162 | (2) set -- "$args0" "$args1" ;;
163 | (3) set -- "$args0" "$args1" "$args2" ;;
164 | (4) set -- "$args0" "$args1" "$args2" "$args3" ;;
165 | (5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
166 | (6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
167 | (7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
168 | (8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
169 | (9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
170 | esac
171 | fi
172 |
173 | # Escape application args
174 | save () {
175 | for i do printf %s\\n "$i" | sed "s/'/'\\\\''/g;1s/^/'/;\$s/\$/' \\\\/" ; done
176 | echo " "
177 | }
178 | APP_ARGS=$(save "$@")
179 |
180 | # Collect all arguments for the java command, following the shell quoting and substitution rules
181 | eval set -- $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS "\"-Dorg.gradle.appname=$APP_BASE_NAME\"" -classpath "\"$CLASSPATH\"" org.gradle.wrapper.GradleWrapperMain "$APP_ARGS"
182 |
183 | # by default we should be in the correct project dir, but when run from Finder on Mac, the cwd is wrong
184 | if [ "$(uname)" = "Darwin" ] && [ "$HOME" = "$PWD" ]; then
185 | cd "$(dirname "$0")"
186 | fi
187 |
188 | exec "$JAVACMD" "$@"
189 |
--------------------------------------------------------------------------------
/gradlew.bat:
--------------------------------------------------------------------------------
1 | @rem
2 | @rem Copyright 2015 the original author or authors.
3 | @rem
4 | @rem Licensed under the Apache License, Version 2.0 (the "License");
5 | @rem you may not use this file except in compliance with the License.
6 | @rem You may obtain a copy of the License at
7 | @rem
8 | @rem http://www.apache.org/licenses/LICENSE-2.0
9 | @rem
10 | @rem Unless required by applicable law or agreed to in writing, software
11 | @rem distributed under the License is distributed on an "AS IS" BASIS,
12 | @rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 | @rem See the License for the specific language governing permissions and
14 | @rem limitations under the License.
15 | @rem
16 |
17 | @if "%DEBUG%" == "" @echo off
18 | @rem ##########################################################################
19 | @rem
20 | @rem Gradle startup script for Windows
21 | @rem
22 | @rem ##########################################################################
23 |
24 | @rem Set local scope for the variables with windows NT shell
25 | if "%OS%"=="Windows_NT" setlocal
26 |
27 | set DIRNAME=%~dp0
28 | if "%DIRNAME%" == "" set DIRNAME=.
29 | set APP_BASE_NAME=%~n0
30 | set APP_HOME=%DIRNAME%
31 |
32 | @rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
33 | set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
34 |
35 | @rem Find java.exe
36 | if defined JAVA_HOME goto findJavaFromJavaHome
37 |
38 | set JAVA_EXE=java.exe
39 | %JAVA_EXE% -version >NUL 2>&1
40 | if "%ERRORLEVEL%" == "0" goto init
41 |
42 | echo.
43 | echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
44 | echo.
45 | echo Please set the JAVA_HOME variable in your environment to match the
46 | echo location of your Java installation.
47 |
48 | goto fail
49 |
50 | :findJavaFromJavaHome
51 | set JAVA_HOME=%JAVA_HOME:"=%
52 | set JAVA_EXE=%JAVA_HOME%/bin/java.exe
53 |
54 | if exist "%JAVA_EXE%" goto init
55 |
56 | echo.
57 | echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
58 | echo.
59 | echo Please set the JAVA_HOME variable in your environment to match the
60 | echo location of your Java installation.
61 |
62 | goto fail
63 |
64 | :init
65 | @rem Get command-line arguments, handling Windows variants
66 |
67 | if not "%OS%" == "Windows_NT" goto win9xME_args
68 |
69 | :win9xME_args
70 | @rem Slurp the command line arguments.
71 | set CMD_LINE_ARGS=
72 | set _SKIP=2
73 |
74 | :win9xME_args_slurp
75 | if "x%~1" == "x" goto execute
76 |
77 | set CMD_LINE_ARGS=%*
78 |
79 | :execute
80 | @rem Setup the command line
81 |
82 | set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
83 |
84 | @rem Execute Gradle
85 | "%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
86 |
87 | :end
88 | @rem End local scope for the variables with windows NT shell
89 | if "%ERRORLEVEL%"=="0" goto mainEnd
90 |
91 | :fail
92 | rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
93 | rem the _cmd.exe /c_ return code!
94 | if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
95 | exit /b 1
96 |
97 | :mainEnd
98 | if "%OS%"=="Windows_NT" endlocal
99 |
100 | :omega
101 |
--------------------------------------------------------------------------------
/settings.gradle.kts:
--------------------------------------------------------------------------------
1 | rootProject.name = "gradle-truststore-plugin"
--------------------------------------------------------------------------------
/src/main/kotlin/com/digithurst/gradle/truststore/TrustedCertificates.kt:
--------------------------------------------------------------------------------
1 | package com.digithurst.gradle.truststore
2 |
3 | import java.util.ArrayList
4 | import java.util.Collections
5 |
6 | /**
7 | * Specifies a set of certificates to add to the base trust store to create the
8 | * [Truststore] being configured.
9 | *
10 | * @since 1.0.0
11 | */
12 | class TrustedCertificates {
13 | private val certificatesSpec = ArrayList()
14 |
15 | internal val certificates: List
16 | get() = Collections.unmodifiableList(certificatesSpec)
17 |
18 | internal val isEmpty: Boolean
19 | get() = certificatesSpec.isEmpty()
20 |
21 | /**
22 | * Add a trusted certificate to the [base trust store][Truststore.base]
23 | * that will be used for this build.
24 | *
25 | * **Note:** This will cause the given certificate to be trusted implicitly
26 | * without further checks. Ensure that the certificate is authentic before using it!
27 | *
28 | * @param path The certificate file path; absolute or relative to the project root.
29 | * @param alias A (unique) alias for the given certificate (e.g. the associated host name);
30 | * cf. [KeyStore.setCertificateEntry][java.security.KeyStore.setCertificateEntry].
31 | *
32 | * @since 1.0.0
33 | */
34 | fun file(path: String, alias: String) {
35 | certificatesSpec.add(TrustedCertificate(path, alias))
36 | TruststorePlugin.logger.debug("Added trusted certificate $path as $alias")
37 | }
38 |
39 | internal data class TrustedCertificate(val path: String, val alias: String)
40 | }
41 |
--------------------------------------------------------------------------------
/src/main/kotlin/com/digithurst/gradle/truststore/Truststore.kt:
--------------------------------------------------------------------------------
1 | package com.digithurst.gradle.truststore
2 |
3 | import com.digithurst.gradle.truststore.TrustedCertificates.TrustedCertificate
4 | import org.gradle.api.Action
5 |
6 | import javax.annotation.MatchesPattern
7 | import java.io.File
8 |
9 | /**
10 | * Gradle extension that configures the trust store to use for running the
11 | * build script.
12 | *
13 | * By default, the JVM trust store with no additional trusted certificates
14 | * is used.
15 | *
16 | * @since 1.0.0
17 | */
18 | class Truststore
19 | /**
20 | * Creates a new instance that will resolve paths relative to the given ones.
21 | */
22 | internal constructor(private val projectDir: File, private val javaHomePath: String) {
23 | /**
24 | * The trust store to be used as basis for the trust store instance being configured.
25 | *
26 | * @see empty
27 | * @see java
28 | * @see file
29 | */
30 | var base: Base = java("changeit")
31 | private val certificatesSpec: TrustedCertificates = TrustedCertificates()
32 |
33 | internal val certificates: List
34 | get() = certificatesSpec.certificates
35 |
36 | internal val isDefault: Boolean
37 | get() = base == java("changeit") && certificatesSpec.isEmpty
38 |
39 | /**
40 | * Add certificates to the [base] trust store.
41 | *
42 | * @param action A closure with receiver of type [TrustedCertificates].
43 | * @see TrustedCertificates.file
44 | * @since 1.0.0
45 | */
46 | @Suppress("unused") // Used in build.gradle.kts
47 | fun trustedCertificates(action: Action) {
48 | TruststorePlugin.logger.debug("Starting collection of trusted certificates.")
49 | action.execute(certificatesSpec)
50 | }
51 |
52 | /**
53 | * Specifies an existing (or empty) trust store to use as basis for the
54 | * [Truststore] being configured.
55 | *
56 | * @since 1.0.0
57 | */
58 | data class Base internal constructor(
59 | internal val store: File?,
60 | @param:MatchesPattern(".{6,}") @get:MatchesPattern(".{6,}")
61 | internal val password: String
62 | )
63 |
64 | /**
65 | * Specifies that a new, empty trust store be created.
66 | *
67 | * @param password The password to be used for the new trust store.
68 | * Has to be at least six characters long.
69 | * @return A representation of a new, empty trust store.
70 | *
71 | * @since 1.0.0
72 | */
73 | @Suppress("unused") // Used in build.gradle.kts
74 | fun empty(@MatchesPattern(".{6,}") password: String): Base =
75 | Base(null, password)
76 |
77 | /**
78 | * Specify that the (system) Java trust store be used.
79 | *
80 | * @param password The password the Java trust store is protected with.
81 | * It will also be used for stores derived from this one.
82 | * Has to be at least six characters long.
83 | * @return A representation of the Java trust store.
84 | *
85 | * @since 1.0.0
86 | */
87 | @Suppress("unused") // Used in build.gradle.kts
88 | fun java(@MatchesPattern(".{6,}") password: String): Base =
89 | Base(File("$javaHomePath/lib/security", "cacerts"), password)
90 |
91 | /**
92 | * Specify that a given trust store file be used.
93 | *
94 | * @param storeFileName Path to a trust store file, relative to the project root.
95 | * @param password The password the given trust store is protected with.
96 | * It will also be used for stores derived from this one.
97 | * Has to be at least six characters long.
98 | * @return A representation of trust store file.
99 | *
100 | * @since 1.0.0
101 | */
102 | @Suppress("unused") // Used in build.gradle.kts
103 | fun file(storeFileName: String, @MatchesPattern(".{6,}") password: String): Base =
104 | Base(File("${projectDir.absolutePath}/$storeFileName"), password)
105 | // TODO: handle absolute paths
106 | }
107 |
--------------------------------------------------------------------------------
/src/main/kotlin/com/digithurst/gradle/truststore/TruststorePlugin.kt:
--------------------------------------------------------------------------------
1 | package com.digithurst.gradle.truststore
2 |
3 | import org.gradle.api.GradleScriptException
4 | import org.gradle.api.InvalidUserCodeException
5 | import org.gradle.api.Plugin
6 | import org.gradle.api.Project
7 | import org.gradle.api.logging.Logging
8 | import java.io.File
9 | import java.io.FileInputStream
10 | import java.io.FileOutputStream
11 | import java.io.IOException
12 | import java.nio.file.Files
13 | import java.security.*
14 | import java.security.cert.CertificateException
15 | import java.security.cert.CertificateFactory
16 |
17 |
18 | /**
19 | * Configure a custom trust store for Gradle to use during builds.
20 | * For example, this allows Gradle to pull dependencies from a Maven
21 | * repository that uses a self-signed certificate.
22 | *
23 | * @see Truststore
24 | *
25 | * @since 1.0.0
26 | */
27 | @Suppress("unused") // accessed by Gradle triggered by build.gradle.kts
28 | class TruststorePlugin : Plugin {
29 | private lateinit var project: Project
30 |
31 | // TODO: Make configurable?
32 | private val customKeystore: File by lazy {
33 | File(project.buildDir.toString() + "/truststores", "cacerts")
34 | }
35 |
36 | override fun apply(project: Project) {
37 | this.project = project
38 |
39 | val javaHome = System.getProperty("java.home")
40 | logger.debug("Found Java home directory: $javaHome")
41 |
42 | val extension = Truststore(project.projectDir, javaHome)
43 | project.extensions.add(Truststore::class.java, "truststore", extension)
44 |
45 | project.afterEvaluate { this.setupStore(it) }
46 | logger.debug("Deferred setup of trust store")
47 | }
48 |
49 | private fun setupStore(project: Project) {
50 | val truststore = project.extensions.getByType(Truststore::class.java)
51 |
52 | val storeBaseFile = truststore.base.store
53 | val storeBasePassword = truststore.base.password
54 | val certificates = truststore.certificates
55 |
56 | logger.debug(
57 | (listOf("Will try to assemble trust store from:", storeBaseFile) +
58 | certificates.map { "${it.alias}:${it.path}" }
59 | ).joinToString("\n - "))
60 |
61 | if (truststore.isDefault) {
62 | check(storeBaseFile != null)
63 | logger.debug("Using default trust store: ${storeBaseFile.absolutePath}")
64 | } else if (storeBaseFile != null && certificates.isEmpty()) {
65 | if (!storeBaseFile.isFile) {
66 | throw InvalidUserCodeException("Key store file does not exist: ${storeBaseFile.absolutePath}")
67 | }
68 | // TODO: Verify that store is valid?
69 |
70 | System.setProperty("javax.net.ssl.trustStore", storeBaseFile.absolutePath)
71 | System.setProperty("javax.net.ssl.trustStorePassword", storeBasePassword)
72 | logger.debug("Using custom trust store: ${storeBaseFile.absolutePath}")
73 | } else {
74 | // TODO: verify that action has to be taken: do nothing if result is present and inputs haven't changed.
75 | // Investigate whether that's worth is: according to log timestamps, the actual import only takes
76 | // a few hundreds of a second, any form of reasonable check may take about as long.
77 |
78 | val targetFile = customKeystore
79 | try {
80 | val ks: KeyStore
81 |
82 | // Load base store, if any.
83 | if (storeBaseFile != null) {
84 | if (!storeBaseFile.isFile) {
85 | throw InvalidUserCodeException("Trust store file does not exist: ${storeBaseFile.absolutePath}")
86 | }
87 |
88 | logger.debug("Importing key store " + storeBaseFile.absoluteFile)
89 |
90 | // Apparently, there's no way to determine the type of the key store at hand,
91 | // so we try one after the other.
92 | ks = keyStoreTypes.asSequence() // --> map is lazy
93 | .mapNotNull { ksType ->
94 | try {
95 | logger.debug("Trying to load trust store as $ksType")
96 | FileInputStream(storeBaseFile.absoluteFile).use { storeIn ->
97 | val store = KeyStore.getInstance(ksType)
98 | store.load(storeIn, storeBasePassword.toCharArray())
99 | store
100 | }
101 | } catch (t: Throwable) {
102 | when (t) {
103 | is KeyStoreException, is NoSuchAlgorithmException -> {
104 | logger.debug("Trust store is not of type $ksType")
105 | null
106 | }
107 | is CertificateException, is IOException -> {
108 | logger.error("Loading trust store failed", t)
109 | null
110 | }
111 | else -> throw t // unexpected error
112 | }
113 | }
114 | }
115 | .firstOrNull()
116 | ?: throw KeyStoreException("No provider could load ${storeBaseFile.absoluteFile}")
117 |
118 | logger.debug("Imported trust store of type ${ks.type}")
119 | } else {
120 | ks = KeyStore.getInstance(KeyStore.getDefaultType())
121 | ks.load(null, storeBasePassword.toCharArray())
122 | }
123 |
124 | // Add custom certificates
125 | check(certificateFactoryTypes.size == 1) { "Need to refactor to account for multiple possible certificate types" }
126 | val cf = CertificateFactory.getInstance(certificateFactoryTypes[0])
127 | for (cert in certificates) {
128 | logger.debug("Importing certificate ${cert.path}")
129 | FileInputStream(cert.path).use { certIn ->
130 | ks.setCertificateEntry(
131 | cert.alias,
132 | cf.generateCertificate(certIn)
133 | )
134 | }
135 | }
136 |
137 | // Write result
138 | logger.debug("Writing custom trust store to ${targetFile.absolutePath}")
139 | Files.createDirectories(targetFile.toPath().parent)
140 | FileOutputStream(targetFile).use { storeOut ->
141 | ks.store(storeOut, storeBasePassword.toCharArray())
142 | }
143 | } catch (t: Throwable) {
144 | when (t) {
145 | is CertificateException, is KeyStoreException, is IOException, is NoSuchAlgorithmException -> {
146 | logger.error("Could not assemble trust store", t)
147 | throw GradleScriptException("Could not assemble trust store", t)
148 | }
149 | else -> throw t // unexpected error
150 | }
151 | }
152 |
153 | System.setProperty("javax.net.ssl.trustStore", targetFile.absolutePath)
154 | System.setProperty("javax.net.ssl.trustStorePassword", storeBasePassword)
155 | logger.debug("Using aggregated custom trust store: " + targetFile.absolutePath)
156 | }
157 |
158 | // TODO: Is this always effective? Setting those properties only does anything _before_ the first SSL connection...
159 | // If not -- (how) can we inject a custom SSLContext into Gradle?
160 | }
161 |
162 | internal companion object {
163 | internal val logger = Logging.getLogger(TruststorePlugin::class.java)
164 |
165 | /**
166 | * Possible key store types, as per the
167 | * [Java 8 documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#KeyStore).
168 | */
169 | private val keyStoreTypes = listOf(/*"jceks",*/ "jks", "dks", "pkcs11", "pkcs12")
170 | /* Note: `jceks` results in
171 | * `org.apache.http.ssl.SSLInitializationException: DerInputStream.getLength(): lengthTag=78, too big`
172 | * so we leave it out. */
173 |
174 | /**
175 | * Possible certificate factory types, as per the
176 | * [Java 8 documentation](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#CertificateFactory).
177 | */
178 | private val certificateFactoryTypes = listOf("X.509")
179 | }
180 | }
181 |
182 | /**
183 | * Alias for `configure { ... }`.
184 | *
185 | * @since 1.1.0
186 | */
187 | @Suppress("unused") // Used in build.gradle.kts
188 | inline fun Project.truststore(configuration: Truststore.() -> Unit) {
189 | extensions.findByType(Truststore::class.java)?.let(configuration)
190 | }
191 |
--------------------------------------------------------------------------------
/src/main/kotlin/com/digithurst/gradle/truststore/package-info.md:
--------------------------------------------------------------------------------
1 | # Package com.digithurst.gradle.truststore
2 |
3 | Provides a DSL to configure a custom trust store for running Gradle builds.
4 |
--------------------------------------------------------------------------------