Luna Security Provider, Minimal Install

Jonathan Patchell · nebhale · commit 8a15b65bcbd9 · 2016-05-20T11:33:48.000-07:00
This change updates the Luna Security Provider to support the new Minimal Client Installer. It also updates the code to depend on the 6.+ versions of the client. [cloudfoundry#296]
diff --git a/config/components.yml b/config/components.yml
@@ -43,7 +43,7 @@ frameworks:
 # - "JavaBuildpack::Framework::IntroscopeAgent"
   - "JavaBuildpack::Framework::Jmx"
   - "JavaBuildpack::Framework::JrebelAgent"
-# - "JavaBuildpack::Framework::LunaSecurityProvider"
+  - "JavaBuildpack::Framework::LunaSecurityProvider"
   - "JavaBuildpack::Framework::MariaDbJDBC"
   - "JavaBuildpack::Framework::NewRelicAgent"
   - "JavaBuildpack::Framework::PlayFrameworkAutoReconfiguration"
diff --git a/config/luna_security_provider.yml b/config/luna_security_provider.yml
@@ -13,8 +13,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-# Configuration for the Dynatrace framework
+# Configuration for the Luna Security Provider framework
 ---
-version: 5.+
-repository_root: ""
+version: 6.+
+repository_root: "http://files.cf-hsm.io/luna-installer"
 logging_enabled: false
diff --git a/lib/java_buildpack/framework/luna_security_provider.rb b/lib/java_buildpack/framework/luna_security_provider.rb
@@ -28,7 +28,10 @@ class LunaSecurityProvider < JavaBuildpack::Component::VersionedDependencyCompon
 
       # (see JavaBuildpack::Component::BaseComponent#compile)
       def compile
-        download(@version, @uri) { |file| expand file }
+
+        download_tar
+        setup_ext_dir
+
         @droplet.copy_resources
 
         credentials = @application.services.find_service(FILTER)['credentials']
@@ -63,10 +66,6 @@ def chrystoki
         @droplet.sandbox + 'Chrystoki.conf'
       end
 
-      def cklog(root)
-        Dir[root + 'cklog-*.x86_64.rpm'][0]
-      end
-
       def client_certificate
         @droplet.sandbox + 'usr/safenet/lunaclient/cert/client/client-certificate.pem'
       end
@@ -75,49 +74,43 @@ def client_private_key
         @droplet.sandbox + 'usr/safenet/lunaclient/cert/client/client-private-key.pem'
       end
 
-      def expand(file)
-        with_timing "Expanding Luna Client to #{@droplet.sandbox.relative_path_from(@droplet.root)}" do
-          Dir.mktmpdir do |root|
-            root = Pathname.new(root)
-
-            FileUtils.mkdir_p root
-            shell "tar x#{compression_flag(file)}f #{file.path} -C #{root} --strip 3 2>&1"
+      def ext_dir
+        @droplet.sandbox + 'ext'
+      end
 
-            install_client root
-          end
-        end
+      def luna_provider_jar
+        @droplet.sandbox + 'jsp/LunaProvider.jar'
       end
 
-      def ext_dirs
-        "#{qualify_path(@droplet.java_home.root + 'lib/ext', @droplet.root)}:" \
-        "#{qualify_path(@droplet.sandbox + 'usr/safenet/lunaclient/jsp/lib', @droplet.root)}"
+      def luna_api_so
+        @droplet.sandbox + 'jsp/64/libLunaAPI.so'
       end
 
-      def install_client(root)
-        FileUtils.mkdir_p @droplet.sandbox
+      def lib_cryptoki
+        @droplet.sandbox + 'libs/64/libCryptoki2.so'
+      end
 
-        Dir.chdir(@droplet.sandbox) do
-          shell "#{rpm2cpio} < #{libcrpytoki root} | cpio -id ./usr/safenet/lunaclient/lib/libCryptoki2_64.so"
-          shell "#{rpm2cpio} < #{lunajsp root} | cpio -id ./usr/safenet/lunaclient/jsp/lib/*"
+      def lib_cklog
+        sandbox + 'libs/64/libcklog2.so'
+      end
 
-          if logging?
-            shell "#{rpm2cpio} < #{cklog root} | cpio -id ./usr/safenet/lunaclient/lib/libcklog2.so"
-          end
+      def setup_ext_dir
+        FileUtils.mkdir ext_dir
+        files = [luna_provider_jar, luna_api_so]
+        files.each do |file|
+          FileUtils.ln_s file.relative_path_from(ext_dir), ext_dir, :force => true
         end
       end
 
-      def libcrpytoki(root)
-        Dir[root + 'libcryptoki-*.x86_64.rpm'][0]
+      def ext_dirs
+        "#{qualify_path(@droplet.java_home.root + 'lib/ext', @droplet.root)}:" \
+        "#{qualify_path(ext_dir, @droplet.root)}"
       end
 
       def logging?
         @configuration['logging_enabled']
       end
 
-      def lunajsp(root)
-        Dir[root + 'lunajsp-*.x86_64.rpm'][0]
-      end
-
       def padded_index(index)
         index.to_s.rjust(2, '0')
       end
@@ -126,10 +119,6 @@ def relative(path)
         path.relative_path_from(@droplet.root)
       end
 
-      def rpm2cpio
-        Pathname.new(File.expand_path('../rpm2cpio.py', __FILE__))
-      end
-
       def server_certificates
         @droplet.sandbox + 'usr/safenet/lunaclient/cert/server/server-certificates.pem'
       end
@@ -191,20 +180,20 @@ def write_lib(f)
           write_logging(f)
         else
           f.write <<EOS
-  LibUNIX64 = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/lib/libCryptoki2_64.so')};
+  LibUNIX64 = #{relative(lib_cryptoki)};
 }
 EOS
         end
       end
 
       def write_logging(f)
         f.write <<EOS
-  LibUNIX64 = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/lib/libcklog2.so')};
+  LibUNIX64 = #{relative(lib_cklog)};
 }
 
 CkLog2 = {
   Enabled      = 1;
-  LibUNIX64    = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/lib/libCryptoki2_64.so')};
+  LibUNIX64    = #{relative(lib_cryptoki)};
   LoggingMask  = ALL_FUNC;
   LogToStreams = 1;
   NewFormat    = 1;
diff --git a/lib/java_buildpack/framework/rpm2cpio.py b/lib/java_buildpack/framework/rpm2cpio.py
