From 1075cb927f960305686554913724d8b0f53ece60 Mon Sep 17 00:00:00 2001 From: Gregor Dschung Date: Mon, 24 Jan 2022 22:50:52 +0100 Subject: [PATCH] List all invalid certificates in validation error --- .../CheckCertsValidationTask.kt | 27 ++++++++++++++++--- .../CheckCertsValidationTaskTest.groovy | 5 ++-- 2 files changed, 26 insertions(+), 6 deletions(-) diff --git a/src/main/kotlin/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTask.kt b/src/main/kotlin/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTask.kt index aee9e2b..4f65e55 100644 --- a/src/main/kotlin/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTask.kt +++ b/src/main/kotlin/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTask.kt @@ -16,6 +16,7 @@ package de.chkpnt.gradle.plugin.truststorebuilder +import org.gradle.api.GradleException import org.gradle.api.provider.Property import org.gradle.api.tasks.Input import org.gradle.api.tasks.Internal @@ -44,20 +45,38 @@ abstract class CheckCertsValidationTask() : SourceTask() { @TaskAction fun testValidation() { + val invalidCerts = mutableMapOf>() + for (file in source.files) { val certFile = file.toPath() certificateService.loadCertificates(certFile) - .forEach { checkValidation(it, certFile) } + .forEach { checkValidation(it, certFile, invalidCerts) } + } + + if (invalidCerts.isNotEmpty()) { + val messageBuilder = StringBuilder() + invalidCerts.forEach { (path, certs) -> + messageBuilder.append("The following certificates in $path are already or become invalid within the next ${atLeastValid.toDays()} days:") + .appendLineSeparator() + certs.map(certificateService::deriveAlias).forEach { alias -> + messageBuilder.append(" - $alias").appendLineSeparator() + } + } + throw CheckCertsValidationError(messageBuilder.toString()) } } - private fun checkValidation(cert: X509Certificate, path: Path) { + private fun checkValidation(cert: X509Certificate, path: Path, invalidCerts: MutableMap>) { if (!certificateService.isCertificateValidInFuture(cert, atLeastValid)) { val relativePath = project.projectDir .toPath() .relativize(path) - val alias = certificateService.deriveAlias(cert) - throw TrustStoreBuilderError(relativePath, "Certificate \"$alias\" is already or becomes invalid within the next ${atLeastValid.toDays()} days") + invalidCerts.getOrPut(relativePath) { mutableListOf() } + .add(cert) } } } + +private fun StringBuilder.appendLineSeparator(): StringBuilder = append(System.lineSeparator()) + +class CheckCertsValidationError(override val message: String) : GradleException(message) diff --git a/src/test/groovy/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTaskTest.groovy b/src/test/groovy/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTaskTest.groovy index c58167e..d1652e4 100644 --- a/src/test/groovy/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTaskTest.groovy +++ b/src/test/groovy/de/chkpnt/gradle/plugin/truststorebuilder/CheckCertsValidationTaskTest.groovy @@ -85,9 +85,10 @@ class CheckCertsValidationTaskTest extends Specification { classUnderTest.testValidation() then: - def e = thrown(TrustStoreBuilderError) + def e = thrown(CheckCertsValidationError) def path = Paths.get("certs", "letsencrypt.pem") - e.message == "Certificate \"ISRG Root X1 [CABD2A7]\" is already or becomes invalid within the next 30 days: $path" + e.message.startsWith("The following certificates in $path are already or become invalid within the next 30 days:") + e.message.contains(" - ISRG Root X1 [CABD2A7]") } def "when all certificates are valid nothing happens"() {