List all invalid certificates in validation error

chkpnt · Jan 24, 2022 · 1075cb9 · 1075cb9
1 parent 8e591ba
commit 1075cb9
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 6 deletions.
diff --git a/src/main/kotlin/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTask.kt b/src/main/kotlin/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTask.kt
@@ -16,6 +16,7 @@
 
 package de.chkpnt.gradle.plugin.truststorebuilder
 
+import org.gradle.api.GradleException
 import org.gradle.api.provider.Property
 import org.gradle.api.tasks.Input
 import org.gradle.api.tasks.Internal
@@ -44,20 +45,38 @@ abstract class CheckCertsValidationTask() : SourceTask() {
 
     @TaskAction
     fun testValidation() {
+        val invalidCerts = mutableMapOf<Path, MutableList<X509Certificate>>()
+
         for (file in source.files) {
             val certFile = file.toPath()
             certificateService.loadCertificates(certFile)
-                .forEach { checkValidation(it, certFile) }
+                .forEach { checkValidation(it, certFile, invalidCerts) }
+        }
+
+        if (invalidCerts.isNotEmpty()) {
+            val messageBuilder = StringBuilder()
+            invalidCerts.forEach { (path, certs) ->
+                messageBuilder.append("The following certificates in $path are already or become invalid within the next ${atLeastValid.toDays()} days:")
+                    .appendLineSeparator()
+                certs.map(certificateService::deriveAlias).forEach { alias ->
+                    messageBuilder.append(" - $alias").appendLineSeparator()
+                }
+            }
+            throw CheckCertsValidationError(messageBuilder.toString())
         }
     }
 
-    private fun checkValidation(cert: X509Certificate, path: Path) {
+    private fun checkValidation(cert: X509Certificate, path: Path, invalidCerts: MutableMap<Path, MutableList<X509Certificate>>) {
         if (!certificateService.isCertificateValidInFuture(cert, atLeastValid)) {
             val relativePath = project.projectDir
                 .toPath()
                 .relativize(path)
-            val alias = certificateService.deriveAlias(cert)
-            throw TrustStoreBuilderError(relativePath, "Certificate \"$alias\" is already or becomes invalid within the next ${atLeastValid.toDays()} days")
+            invalidCerts.getOrPut(relativePath) { mutableListOf() }
+                .add(cert)
         }
     }
 }
+
+private fun StringBuilder.appendLineSeparator(): StringBuilder = append(System.lineSeparator())
+
+class CheckCertsValidationError(override val message: String) : GradleException(message)
diff --git a/...test/groovy/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTaskTest.groovy b/...test/groovy/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTaskTest.groovy
@@ -85,9 +85,10 @@ class CheckCertsValidationTaskTest extends Specification {
         classUnderTest.testValidation()
 
         then:
-        def e = thrown(TrustStoreBuilderError)
+        def e = thrown(CheckCertsValidationError)
         def path = Paths.get("certs", "letsencrypt.pem")
-        e.message == "Certificate \"ISRG Root X1 [CABD2A7]\" is already or becomes invalid within the next 30 days: $path"
+        e.message.startsWith("The following certificates in $path are already or become invalid within the next 30 days:")
+        e.message.contains(" - ISRG Root X1 [CABD2A7]")
     }
 
     def "when all certificates are valid nothing happens"() {