Merge branch '3.x'

config/components.yml

@@ -57,4 +57,5 @@ frameworks:
   - "JavaBuildpack::Framework::SpringAutoReconfiguration"
   - "JavaBuildpack::Framework::SpringInsight"
   - "JavaBuildpack::Framework::YourKitProfiler"
+  - "JavaBuildpack::Framework::SecurityProviders"
   - "JavaBuildpack::Framework::JavaOpts"

lib/java_buildpack/buildpack.rb

@@ -60,11 +60,10 @@ def compile
 
       container = component_detection('container', @containers, true).first
       no_container unless container
-      jre        = component_detection('JRE', @jres, true).first
-      frameworks = component_detection('framework', @frameworks, false)
 
-      frameworks.each(&:compile)
-      jre.compile
+      component_detection('JRE', @jres, true).first.compile
+      component_detection('framework', @frameworks, false).each(&:compile)
+
       container.compile
     end
 
@@ -75,15 +74,13 @@ def compile
     def release
       container = component_detection('container', @containers, true).first
       no_container unless container
-      jre        = component_detection('JRE', @jres, true).first
-      frameworks = component_detection('framework', @frameworks, false)
-
-      frameworks.map(&:release)
 
       commands = []
-      commands << jre.release
-      commands << container.release
+      commands << component_detection('JRE', @jres, true).first.release
 
+      component_detection('framework', @frameworks, false).map(&:release)
+
+      commands << container.release
       command = commands.flatten.compact.join(' && ')
 
       payload = {

lib/java_buildpack/framework/container_security_provider.rb

@@ -27,7 +27,7 @@ class ContainerSecurityProvider < JavaBuildpack::Component::VersionedDependencyC
       # (see JavaBuildpack::Component::BaseComponent#compile)
       def compile
         download_jar
-        @droplet.security_providers << 'org.cloudfoundry.security.CloudFoundryContainerProvider'
+        @droplet.security_providers.insert 1, 'org.cloudfoundry.security.CloudFoundryContainerProvider'
       end
 
       # (see JavaBuildpack::Component::BaseComponent#release)

lib/java_buildpack/framework/dyadic_ekm_security_provider.rb

@@ -31,7 +31,7 @@ def compile
         setup_ext_dir
 
         @droplet.copy_resources
-        @droplet.security_providers << 'com.dyadicsec.provider.DYCryptoProvider'
+        @droplet.security_providers.insert 2, 'com.dyadicsec.provider.DYCryptoProvider'
 
         credentials = @application.services.find_service(FILTER)['credentials']
         write_key credentials['key']

lib/java_buildpack/framework/luna_security_provider.rb

@@ -31,7 +31,7 @@ def compile
         setup_ext_dir
 
         @droplet.copy_resources
-        @droplet.security_providers << 'com.safenetinc.luna.provider.LunaProvider'
+        @droplet.security_providers.insert 2, 'com.safenetinc.luna.provider.LunaProvider'
 
         credentials = @application.services.find_service(FILTER)['credentials']
         write_client credentials['client']

lib/java_buildpack/framework/protect_app_security_provider.rb

@@ -32,7 +32,7 @@ def compile
         download_zip false
 
         @droplet.copy_resources
-        @droplet.security_providers << 'com.ingrian.security.nae.IngrianProvider'
+        @droplet.security_providers.insert 2, 'com.ingrian.security.nae.IngrianProvider'
 
         credentials = @application.services.find_service(FILTER)['credentials']
 

lib/java_buildpack/framework/security_providers.rb

@@ -0,0 +1,52 @@
+# Cloud Foundry Java Buildpack
+# Copyright 2013-2017 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'java_buildpack/component/base_component'
+require 'java_buildpack/framework'
+require 'java_buildpack/util/dash_case'
+
+module JavaBuildpack
+  module Framework
+
+    # Encapsulates the functionality for contributing custom Security Providers to an application.
+    class SecurityProviders < JavaBuildpack::Component::BaseComponent
+
+      # (see JavaBuildpack::Component::BaseComponent#detect)
+      def detect
+        SecurityProviders.to_s.dash_case
+      end
+
+      # (see JavaBuildpack::Component::BaseComponent#compile)
+      def compile
+        @droplet.security_providers.write_to java_security
+      end
+
+      # (see JavaBuildpack::Component::BaseComponent#release)
+      def release
+        @droplet.java_opts
+                .add_system_property('java.ext.dirs', @droplet.extension_directories.as_paths)
+                .add_system_property('java.security.properties', java_security)
+      end
+
+      private
+
+      def java_security
+        @droplet.sandbox + 'java.security'
+      end
+
+    end
+
+  end
+end

lib/java_buildpack/jre/open_jdk_like_security_providers.rb

@@ -31,25 +31,12 @@ def detect
 
       # (see JavaBuildpack::Component::BaseComponent#compile)
       def compile
-        unless existing_security.nil?
-          existing = existing_security_providers existing_security
-
-          @droplet.security_providers.insert 0, existing.shift
-          @droplet.security_providers.concat existing
-        end
-
-        @droplet.security_providers.write_to new_security
+        @droplet.security_providers.concat existing_security_providers(java_security) unless java_security.nil?
       end
 
       # (see JavaBuildpack::Component::BaseComponent#release)
       def release
-        unless existing_security.nil?
-          @droplet.extension_directories << existing_security.parent.parent + 'ext'
-        end
-
-        @droplet.java_opts
-                .add_system_property('java.ext.dirs', @droplet.extension_directories.as_paths)
-                .add_system_property('java.security.properties', new_security)
+        @droplet.extension_directories << java_security.parent.parent + 'ext' unless java_security.nil?
       end
 
       private
@@ -60,12 +47,6 @@ def release
 
       private_constant :JRE_SECURITY, :SERVER_JRE_SECURITY
 
-      def existing_security
-        return jre_security if jre_security.exist?
-        return server_jre_security if server_jre_security.exist?
-        nil
-      end
-
       def existing_security_providers(existing_security)
         JavaBuildpack::Util::Properties.new(existing_security)
                                        .keep_if { |key, _| key =~ /security.provider/ }
@@ -77,12 +58,14 @@ def index(entry)
         entry.first.match(/^security\.provider\.(\d+)/).captures.first.to_i
       end
 
-      def jre_security
-        @droplet.java_home.root + JRE_SECURITY
+      def java_security
+        return jre_security if jre_security.exist?
+        return server_jre_security if server_jre_security.exist?
+        nil
       end
 
-      def new_security
-        @droplet.sandbox + 'java.security'
+      def jre_security
+        @droplet.java_home.root + JRE_SECURITY
       end
 
       def server_jre_security

spec/java_buildpack/framework/security_providers_spec.rb

@@ -0,0 +1,44 @@
+# Cloud Foundry Java Buildpack
+# Copyright 2013-2017 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'spec_helper'
+require 'component_helper'
+require 'fileutils'
+require 'java_buildpack/framework/security_providers'
+
+describe JavaBuildpack::Framework::SecurityProviders do
+  include_context 'component_helper'
+
+  it 'adds extension directories to system properties' do
+    component.release
+
+    expect(java_opts).to include('-Djava.ext.dirs=$PWD/.java-buildpack/security_providers/test-extension-directory-1:' \
+                                         '$PWD/.java-buildpack/security_providers/test-extension-directory-2')
+  end
+
+  it 'writes new security properties' do
+    component.compile
+
+    expect(sandbox + 'java.security').to exist
+  end
+
+  it 'adds security properties to system properties' do
+    component.release
+
+    expect(java_opts).to include('-Djava.security.properties=$PWD/.java-buildpack/security_providers/' \
+                                 'java.security')
+  end
+
+end

spec/java_buildpack/jre/open_jdk_like_security_providers_spec.rb

@@ -21,24 +21,22 @@
 describe JavaBuildpack::Jre::OpenJDKLikeSecurityProviders do
   include_context 'component_helper'
 
-  it 'adds extension directories with no JRE default to system properties' do
+  it 'does not add extension directories with no JRE default' do
     component.release
 
-    expect(java_opts).to include('-Djava.ext.dirs=$PWD/.java-buildpack/open_jdk_like_security_providers/' \
-                                 'test-extension-directory-1:$PWD/.java-buildpack/open_jdk_like_security_providers/' \
-                                 'test-extension-directory-2')
+    expect(extension_directories).to contain_exactly(sandbox + 'test-extension-directory-1',
+                                                     sandbox + 'test-extension-directory-2')
   end
 
   it 'adds security providers' do
-
     FileUtils.mkdir_p(java_home.root + 'lib/security')
     FileUtils.cp 'spec/fixtures/java.security', java_home.root + 'lib/security'
 
     component.compile
 
-    expect(security_providers).to eq %w[sun.security.provider.Sun
-                                        test-security-provider-1
+    expect(security_providers).to eq %w[test-security-provider-1
                                         test-security-provider-2
+                                        sun.security.provider.Sun
                                         sun.security.rsa.SunRsaSign sun.security.ec.SunEC
                                         com.sun.net.ssl.internal.ssl.Provider
                                         com.sun.crypto.provider.SunJCE
@@ -49,37 +47,20 @@
                                         apple.security.AppleProvider]
   end
 
-  it 'writes new security properties' do
-    component.compile
-
-    expect(sandbox + 'java.security').to exist
-  end
-
   it 'adds extension directories with JRE default to system properties' do
     FileUtils.mkdir_p(java_home.root + 'lib/security/java.security')
 
     component.release
 
-    expect(java_opts).to include('-Djava.ext.dirs=$PWD/.java-buildpack/open_jdk_like_security_providers/' \
-                                 'test-extension-directory-1:$PWD/.java-buildpack/open_jdk_like_security_providers/' \
-                                 'test-extension-directory-2:$PWD/.test-java-home/lib/ext')
+    expect(extension_directories).to include(java_home.root + 'lib/ext')
   end
 
   it 'adds extension directories with Server JRE default to system properties' do
     FileUtils.mkdir_p(java_home.root + 'jre/lib/security/java.security')
 
     component.release
 
-    expect(java_opts).to include('-Djava.ext.dirs=$PWD/.java-buildpack/open_jdk_like_security_providers/' \
-                                 'test-extension-directory-1:$PWD/.java-buildpack/open_jdk_like_security_providers/' \
-                                 'test-extension-directory-2:$PWD/.test-java-home/jre/lib/ext')
-  end
-
-  it 'adds security properties to system properties' do
-    component.release
-
-    expect(java_opts).to include('-Djava.security.properties=$PWD/.java-buildpack/open_jdk_like_security_providers/' \
-                                 'java.security')
+    expect(extension_directories).to include(java_home.root + 'jre/lib/ext')
   end
 
 end