From 7f4935bb5483147dd3b5a7c70f047774835c20ce Mon Sep 17 00:00:00 2001 From: Ben Hale Date: Tue, 23 May 2017 12:17:00 -0700 Subject: [PATCH 001/906] Container Security Provider This change adds a Container Security Provider to the buildpack. This security provider is aware of container identity in a Cloud Foundry container as defined by a private key and certificate. As part of the addition of this functionality, extensions were made to the Droplet Public API to allow components to contribute both extension directories and security providers. This resulted in the update of the Dyadic, Luna, and ProtectApp providers. --- .idea/codeStyleSettings.xml | 1 + .rubocop.yml | 2 +- config/components.yml | 1 + ...re.yml => container_security_provider.yml} | 7 +- lib/java_buildpack/buildpack.rb | 26 +- .../component/additional_libraries.rb | 2 +- lib/java_buildpack/component/droplet.rb | 22 +- .../component/extension_directories.rb | 46 + .../component/security_providers.rb | 42 + .../framework/container_security_provider.rb | 48 + .../framework/dyadic_ekm_security_provider.rb | 18 +- .../framework/luna_security_provider.rb | 12 +- .../protect_app_security_provider.rb | 15 +- lib/java_buildpack/jre/open_jdk_like.rb | 4 +- .../jre/open_jdk_like_security_providers.rb | 95 ++ .../java.security | 1 - .../luna_security_provider/java.security | 1 - .../java.security | 1 - spec/droplet_helper.rb | 15 +- spec/fixtures/java.security | 826 ++++++++++++++++++ .../stub-container-security-provider.jar | Bin 0 -> 341 bytes spec/java_buildpack/component/droplet_spec.rb | 8 + .../component/extension_directories_spec.rb | 50 ++ .../component/security_providers_spec.rb | 45 + .../container_security_provider_spec.rb | 40 + .../dyadic_ekm_security_provider_spec.rb | 24 +- .../framework/luna_security_provider_spec.rb | 16 +- .../protect_app_security_provider_spec.rb | 23 +- .../open_jdk_like_security_providers_spec.rb | 85 ++ spec/java_buildpack/jre/open_jdk_like_spec.rb | 3 + 30 files changed, 1397 insertions(+), 82 deletions(-) rename config/{container_certificate_trust_store.yml => container_security_provider.yml} (80%) create mode 100644 lib/java_buildpack/component/extension_directories.rb create mode 100644 lib/java_buildpack/component/security_providers.rb create mode 100644 lib/java_buildpack/framework/container_security_provider.rb create mode 100644 lib/java_buildpack/jre/open_jdk_like_security_providers.rb delete mode 100644 resources/dyadic_ekm_security_provider/java.security delete mode 100644 resources/luna_security_provider/java.security delete mode 100644 resources/protect_app_security_provider/java.security create mode 100644 spec/fixtures/java.security create mode 100644 spec/fixtures/stub-container-security-provider.jar create mode 100644 spec/java_buildpack/component/extension_directories_spec.rb create mode 100644 spec/java_buildpack/component/security_providers_spec.rb create mode 100644 spec/java_buildpack/framework/container_security_provider_spec.rb create mode 100644 spec/java_buildpack/jre/open_jdk_like_security_providers_spec.rb diff --git a/.idea/codeStyleSettings.xml b/.idea/codeStyleSettings.xml index 72613537be..8daae40f5e 100644 --- a/.idea/codeStyleSettings.xml +++ b/.idea/codeStyleSettings.xml @@ -11,6 +11,7 @@