forked from cloudfoundry/java-buildpack
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdyadic_ekm_security_provider.rb
More file actions
126 lines (102 loc) · 3.62 KB
/
dyadic_ekm_security_provider.rb
File metadata and controls
126 lines (102 loc) · 3.62 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
# Cloud Foundry Java Buildpack
# Copyright 2013-2017 the original author or authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require 'fileutils'
require 'java_buildpack/component/versioned_dependency_component'
require 'java_buildpack/framework'
require 'java_buildpack/util/qualify_path'
module JavaBuildpack
module Framework
# Encapsulates the functionality for enabling zero-touch Dyadic EKM Java Security Provider support.
class DyadicEkmSecurityProvider < JavaBuildpack::Component::VersionedDependencyComponent
include JavaBuildpack::Util
# (see JavaBuildpack::Component::BaseComponent#compile)
def compile
download_tar
setup_ext_dir
@droplet.copy_resources
credentials = @application.services.find_service(FILTER)['credentials']
write_key credentials['key']
write_cert credentials['ca']
write_conf credentials['servers'], credentials['send_timeout'], credentials['recv_timeout'],
credentials['retries']
end
# (see JavaBuildpack::Component::BaseComponent#release)
def release
@droplet
.environment_variables
.add_environment_variable 'LD_LIBRARY_PATH', @droplet.sandbox + 'usr/lib'
@droplet
.java_opts
.add_system_property('java.ext.dirs', ext_dirs)
.add_system_property('java.security.properties', @droplet.sandbox + 'java.security')
end
protected
# (see JavaBuildpack::Component::VersionedDependencyComponent#supports?)
def supports?
@application.services.one_service? FILTER, 'ca', 'key', 'recv_timeout', 'retries', 'send_timeout', 'servers'
end
private
FILTER = /dyadic/
private_constant :FILTER
def cert_file
@droplet.sandbox + 'etc/dsm/ca.crt'
end
def conf_file
@droplet.sandbox + 'etc/dsm/client.conf'
end
def dyadic_jar
@droplet.sandbox + 'usr/lib/dsm/dsm-advapi-1.0.jar'
end
def ext_dir
@droplet.sandbox + 'ext'
end
def ext_dirs
"#{qualify_path(@droplet.java_home.root + 'lib/ext', @droplet.root)}:" \
"#{qualify_path(ext_dir, @droplet.root)}"
end
def key_file
@droplet.sandbox + 'etc/dsm/key.pem'
end
def setup_ext_dir
FileUtils.mkdir ext_dir
FileUtils.ln_s dyadic_jar.relative_path_from(ext_dir), ext_dir, force: true
end
def write_cert(cert)
FileUtils.mkdir_p cert_file.parent
cert_file.open(File::CREAT | File::WRONLY) do |f|
f.write "#{cert}\n"
end
end
def write_conf(servers, send_timeout, recv_timeout, retries)
FileUtils.mkdir_p conf_file.parent
conf_file.open(File::CREAT | File::WRONLY) do |f|
f.write <<EOS
servers = #{servers}
send_timeout = #{send_timeout}
recv_timeout = #{recv_timeout}
retries = #{retries}
ha_mode_standby = 1
EOS
end
end
def write_key(key)
FileUtils.mkdir_p key_file.parent
key_file.open(File::CREAT | File::WRONLY) do |f|
f.write "#{key}\n"
end
end
end
end
end