forked from cloudfoundry/java-buildpack
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcontainer_certificate_trust_store.rb
137 lines (110 loc) · 3.96 KB
/
container_certificate_trust_store.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# Encoding: utf-8
# Cloud Foundry Java Buildpack
# Copyright 2013-2016 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'java_buildpack/component/base_component'
require 'java_buildpack/framework'
require 'java_buildpack/util/dash_case'
require 'java_buildpack/util/format_duration'
require 'fileutils'
require 'shellwords'
require 'tempfile'
module JavaBuildpack
module Framework
# Encapsulates the functionality for contributing container-based certificates to an application.
class ContainerCertificateTrustStore < JavaBuildpack::Component::BaseComponent
# Creates an instance
#
# @param [Hash] context a collection of utilities used the component
def initialize(context)
@logger = JavaBuildpack::Logging::LoggerFactory.instance.get_logger ContainerCertificateTrustStore
super(context)
end
# (see JavaBuildpack::Component::BaseComponent#detect)
def detect
(supports_configuration? && supports_file?) ? id(certificates.length) : nil
end
# (see JavaBuildpack::Component::BaseComponent#compile)
def compile
puts '-----> Creating TrustStore with container certificates'
resolved_certificates = certificates
with_timing(caption(resolved_certificates)) do
FileUtils.mkdir_p trust_store.parent
resolved_certificates.each_with_index { |certificate, index| add_certificate certificate, index }
end
end
# (see JavaBuildpack::Component::BaseComponent#release)
def release
@droplet.java_opts
.add_system_property('javax.net.ssl.trustStore', trust_store)
.add_system_property('javax.net.ssl.trustStorePassword', password)
end
private
CA_CERTIFICATES = Pathname.new('/etc/ssl/certs/ca-certificates.crt').freeze
private_constant :CA_CERTIFICATES
def add_certificate(certificate, index)
@logger.debug { "Adding certificate\n#{certificate}" }
file = write_certificate certificate
shell "#{keytool} -importcert -noprompt -keystore #{trust_store} -storepass #{password} " \
"-file #{file.to_path} -alias certificate-#{index}"
end
def ca_certificates
CA_CERTIFICATES
end
def caption(resolved_certificates)
"Adding #{resolved_certificates.count} certificates to #{trust_store.relative_path_from(@droplet.root)}"
end
def certificates
certificates = []
certificate = nil
ca_certificates.each_line do |line|
if line =~ /BEGIN CERTIFICATE/
certificate = line
elsif line =~ /END CERTIFICATE/
certificate += line
certificates << certificate
certificate = nil
elsif !certificate.nil?
certificate += line
end
end
certificates
end
def id(count)
"#{self.class.to_s.dash_case}=#{count}"
end
def keytool
@droplet.java_home.root + 'bin/keytool'
end
def password
'java-buildpack-trust-store-password'
end
def supports_configuration?
@configuration['enabled']
end
def supports_file?
ca_certificates.exist?
end
def trust_store
@droplet.sandbox + 'truststore.jks'
end
def write_certificate(certificate)
file = Tempfile.new('certificate-')
file.write(certificate)
file.fsync
file
end
end
end
end