Merge branch 'gradle-multi-certs' into 'master'

Allow gradle to fetch from TLS endpoint with custom cert chain

See merge request gitlab-org/security-products/license-management!144

3 files changed, 24 insertions, 6 deletions

diff --git a/lib/license/finder/ext/gradle.rb b/lib/license/finder/ext/gradle.rb
index 2c3ce01..3357042 100644
--- a/lib/license/finder/ext/gradle.rb
+++ b/lib/license/finder/ext/gradle.rb
@@ -21,7 +21,7 @@ module LicenseFinder
       _stdout, _stderr, status = Dir.chdir(project_path) do
         shell.execute([
           @command,
-          ENV.fetch('GRADLE_CLI_OPTS', '--exclude-task=test'),
+          ENV.fetch('GRADLE_CLI_OPTS', '--exclude-task=test --no-daemon --debug'),
           'downloadLicenses'
         ], env: { 'TERM' => 'noop' })
       end
diff --git a/lib/license/management/shell.rb b/lib/license/management/shell.rb
index f16537d..9ff59c4 100644
--- a/lib/license/management/shell.rb
+++ b/lib/license/management/shell.rb
@@ -3,6 +3,7 @@
 module License
   module Management
     class Shell
+      SPLIT_SCRIPT = "'BEGIN {x=0;} /BEGIN CERT/{x++} { print > \"custom.\" x \".crt\" }'"
       attr_reader :custom_certificate_path, :logger
 
       def initialize(logger: License::Management.logger, certificate: ENV['ADDITIONAL_CA_CERT_BUNDLE'])
@@ -18,7 +19,7 @@ module License
         stdout, stderr, status = Open3.capture3(env, expanded_command)
 
         logger.debug(stdout) unless stdout.nil? || stdout.empty?
-        logger.error(stderr) unless status.success?
+        logger.error(stderr) unless stderr.nil? || stderr.empty?
         [stdout, stderr, status]
       end
 
@@ -40,9 +41,26 @@ module License
         return unless present?(certificate)
 
         custom_certificate_path.write(certificate)
-        execute("openssl x509 -in #{custom_certificate_path} -text -noout")
-        execute('update-ca-certificates -v')
-        execute("keytool -importcert -file #{custom_certificate_path} -trustcacerts -noprompt")
+        Dir.chdir custom_certificate_path.dirname do
+          execute([:awk, SPLIT_SCRIPT, '<', custom_certificate_path])
+          execute('update-ca-certificates -v')
+
+          Dir.glob('custom.*.crt').each do |path|
+            full_path = File.expand_path(path)
+            execute([:openssl, :x509, '-in', full_path, '-text', '-noout'])
+            execute([
+              :keytool,
+              '-importcert',
+              '-alias', Time.now.to_i,
+              '-file', full_path,
+              '-trustcacerts',
+              '-noprompt',
+              '-storepass', 'changeit',
+              '-keystore', "#{ENV['JAVA_HOME']}/jre/lib/security/cacerts"
+            ])
+            execute(["keytool -list -v -storepass changeit"])
+          end
+        end
       end
 
       def present?(item)
diff --git a/lib/license/management/version.rb b/lib/license/management/version.rb
index bc5d85c..64d34f7 100644
--- a/lib/license/management/version.rb
+++ b/lib/license/management/version.rb
@@ -2,6 +2,6 @@
 
 module License
   module Management
-    VERSION = '3.7.4'
+    VERSION = '3.7.5'
   end
 end