Merge branch 'ca-certs'

Author: nebhale

Gemfile.lock

@@ -5,17 +5,18 @@ GEM
     ast (2.0.0)
     astrolabe (1.3.0)
       parser (>= 2.2.0.pre.3, < 3.0)
-    codeclimate-test-reporter (0.4.0)
+    codeclimate-test-reporter (0.4.1)
       simplecov (>= 0.7.1, < 1.0.0)
     crack (0.4.2)
       safe_yaml (~> 1.0.0)
-    debase (0.0.9)
-      debugger-ruby_core_source
+    debase (0.1.0)
+      debase-ruby_core_source
+    debase-ruby_core_source (0.6.0)
     debugger-ruby_core_source (1.3.5)
     diff-lcs (1.2.5)
     docile (1.1.5)
     multi_json (1.10.1)
-    parser (2.2.0.pre.4)
+    parser (2.2.0.pre.5)
       ast (>= 1.1, < 3.0)
       slop (~> 3.4, >= 3.4.5)
     powerpack (0.0.9)
@@ -26,14 +27,14 @@ GEM
       rspec-core (~> 3.1.0)
       rspec-expectations (~> 3.1.0)
       rspec-mocks (~> 3.1.0)
-    rspec-core (3.1.4)
+    rspec-core (3.1.6)
       rspec-support (~> 3.1.0)
-    rspec-expectations (3.1.1)
+    rspec-expectations (3.1.2)
       diff-lcs (>= 1.2.0, < 2.0)
       rspec-support (~> 3.1.0)
-    rspec-mocks (3.1.1)
+    rspec-mocks (3.1.3)
       rspec-support (~> 3.1.0)
-    rspec-support (3.1.0)
+    rspec-support (3.1.2)
     rubocop (0.26.1)
       astrolabe (~> 1.3)
       parser (>= 2.2.0.pre.4, < 3.0)
@@ -47,15 +48,15 @@ GEM
       rake (>= 0.8.1)
     ruby-progressbar (1.6.0)
     rubyzip (1.1.6)
-    safe_yaml (1.0.3)
+    safe_yaml (1.0.4)
     simplecov (0.9.1)
       docile (~> 1.1.0)
       multi_json (~> 1.0)
       simplecov-html (~> 0.8.0)
     simplecov-html (0.8.0)
     slop (3.6.0)
     tee (1.0.0)
-    webmock (1.18.0)
+    webmock (1.19.0)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
     yard (0.8.7.4)

README.md

@@ -62,7 +62,7 @@ To learn how to configure various properties of the buildpack, follow the "Confi
 	* [Caches](docs/extending-caches.md) ([Configuration](docs/extending-caches.md#configuration))
 	* [Logging](docs/extending-logging.md) ([Configuration](docs/extending-logging.md#configuration))
 	* [Repositories](docs/extending-repositories.md) ([Configuration](docs/extending-repositories.md#configuration))
-	* [Utiltities](docs/extending-utiltities.md)
+	* [Utilities](docs/extending-utiltities.md)
 * [Debugging the Buildpack](docs/debugging-the-buildpack.md)
 * [Buildpack Modes](docs/buildpack-modes.md)
 * Related Projects

java-buildpack.iml

@@ -275,34 +275,33 @@
     <orderEntry type="library" scope="PROVIDED" name="ast (v2.0.0, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="astrolabe (v1.3.0, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="bundler (v1.7.3, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="codeclimate-test-reporter (v0.4.0, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="codeclimate-test-reporter (v0.4.1, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="crack (v0.4.2, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="debase (v0.0.9, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="debugger-ruby_core_source (v1.3.5, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.2.5, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="docile (v1.1.5, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="multi_json (v1.10.1, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="parser (v2.2.0.pre.4, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="parser (v2.2.0.pre.5, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="powerpack (v0.0.9, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rainbow (v2.0.0, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rake (v10.3.2, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="redcarpet (v3.1.2, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rspec (v3.1.0, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.1.4, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.1.1, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.1.1, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.1.0, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.1.6, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.1.2, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.1.3, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.1.2, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rubocop (v0.26.1, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="ruby-debug-base19x (v0.11.30.pre15, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="ruby-debug-ide (v0.4.22, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.6.0, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="rubyzip (v1.1.6, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="safe_yaml (v1.0.3, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="safe_yaml (v1.0.4, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="simplecov (v0.9.1, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="simplecov-html (v0.8.0, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="slop (v3.6.0, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="tee (v1.0.0, rbenv: 1.9.3-p547) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="webmock (v1.18.0, rbenv: 1.9.3-p547) [gem]" level="application" />
+    <orderEntry type="library" scope="PROVIDED" name="webmock (v1.19.0, rbenv: 1.9.3-p547) [gem]" level="application" />
     <orderEntry type="library" scope="PROVIDED" name="yard (v0.8.7.4, rbenv: 1.9.3-p547) [gem]" level="application" />
   </component>
   <component name="RModuleSettingsStorage">

lib/java_buildpack/util/cache/download_cache.rb

@@ -21,6 +21,7 @@
 require 'java_buildpack/util/cache/internet_availability'
 require 'monitor'
 require 'net/http'
+require 'pathname'
 require 'tmpdir'
 require 'uri'
 
@@ -76,6 +77,8 @@ def evict(uri)
 
         private
 
+        CA_CERTS_DIRECTORY = (Pathname.new(__FILE__).dirname + '../../../../resources/ca_certs').freeze
+
         FAILURE_LIMIT = 5.freeze
 
         HTTP_ERRORS = [
@@ -109,7 +112,7 @@ def evict(uri)
 
         TIMEOUT_SECONDS = 10.freeze
 
-        private_constant :FAILURE_LIMIT, :HTTP_ERRORS, :REDIRECT_TYPES, :TIMEOUT_SECONDS
+        private_constant :CA_CERTS_DIRECTORY, :FAILURE_LIMIT, :HTTP_ERRORS, :REDIRECT_TYPES, :TIMEOUT_SECONDS
 
         def attempt(http, request, cached_file)
           downloaded = false
@@ -198,10 +201,17 @@ def from_immutable_caches(uri)
 
         # Beware known problems with timeouts: https://www.ruby-forum.com/topic/143840
         def http_options(rich_uri)
-          { read_timeout:    TIMEOUT_SECONDS,
-            connect_timeout: TIMEOUT_SECONDS,
-            open_timeout:    TIMEOUT_SECONDS,
-            use_ssl:         secure?(rich_uri) }
+          http_options                   = {}
+          http_options[:connect_timeout] = TIMEOUT_SECONDS
+          http_options[:open_timeout]    = TIMEOUT_SECONDS
+          http_options[:read_timeout]    = TIMEOUT_SECONDS
+
+          if secure?(rich_uri)
+            http_options[:use_ssl] = true
+            http_options[:ca_path] = CA_CERTS_DIRECTORY.to_s if CA_CERTS_DIRECTORY.exist?
+          end
+
+          http_options
         end
 
         def proxy(uri)

spec/java_buildpack/util/cache/download_cache_spec.rb

@@ -27,6 +27,8 @@
   include_context 'internet_availability_helper'
   include_context 'logging_helper'
 
+  let(:ca_certs_directory) { double exist?: false, to_s: 'test-path' }
+
   let(:mutable_cache_root) { app_dir + 'mutable' }
 
   let(:immutable_cache_root) { app_dir + 'immutable' }
@@ -39,6 +41,10 @@
 
   let(:download_cache) { described_class.new(mutable_cache_root, immutable_cache_root) }
 
+  before do
+    described_class.const_set :CA_CERTS_DIRECTORY, ca_certs_directory
+  end
+
   it 'should raise error if file cannot be found',
      :disable_internet do
 
@@ -228,6 +234,54 @@
 
   end
 
+  it 'should not use ca_path if the URL is not secure and directory does not exist' do
+    stub_request(:get, uri)
+    .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
+
+    allow(Net::HTTP).to receive(:Proxy).and_call_original
+    expect(Net::HTTP).to receive(:start).with('foo-uri', 80, connect_timeout: 10, open_timeout: 10, read_timeout: 10)
+                         .and_call_original
+
+    download_cache.get(uri) {}
+  end
+
+  it 'should not use ca_path if the URL is not secure and directory does exist' do
+    stub_request(:get, uri)
+    .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
+
+    allow(ca_certs_directory).to receive(:exist?).and_return(true)
+    allow(Net::HTTP).to receive(:Proxy).and_call_original
+    expect(Net::HTTP).to receive(:start).with('foo-uri', 80, connect_timeout: 10, open_timeout: 10, read_timeout: 10)
+                         .and_call_original
+
+    download_cache.get(uri) {}
+  end
+
+  it 'should not use ca_path if the URL is secure and directory does not exist' do
+    stub_request(:get, uri_secure)
+    .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
+
+    allow(Net::HTTP).to receive(:Proxy).and_call_original
+    expect(Net::HTTP).to receive(:start)
+                         .with('foo-uri', 443, connect_timeout: 10, open_timeout: 10, read_timeout: 10, use_ssl: true)
+                         .and_call_original
+
+    download_cache.get(uri_secure) {}
+  end
+
+  it 'should use ca_path if the URL is secure and directory does exist' do
+    stub_request(:get, uri_secure)
+    .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
+
+    allow(ca_certs_directory).to receive(:exist?).and_return(true)
+    allow(Net::HTTP).to receive(:Proxy).and_call_original
+    expect(Net::HTTP).to receive(:start)
+                         .with('foo-uri', 443, connect_timeout: 10, open_timeout: 10, read_timeout: 10, use_ssl: true,
+                               ca_path:                         'test-path').and_call_original
+
+    download_cache.get(uri_secure) {}
+  end
+
   it 'should delete the cached file if it exists' do
     expect_file_deleted 'cached'
   end