Merge branch 'ca-certs'

Author: nebhale

.idea/dictionaries/bhale.xml

@@ -77,7 +77,7 @@ def evict(uri)
 
         private
 
-        CA_CERTS_DIRECTORY = (Pathname.new(__FILE__).dirname + '../../../../resources/ca_certs').freeze
+        CA_FILE = (Pathname.new(__FILE__).dirname + '../../../../resources/ca_certs.pem').freeze
 
         FAILURE_LIMIT = 5.freeze
 
@@ -112,7 +112,7 @@ def evict(uri)
 
         TIMEOUT_SECONDS = 10.freeze
 
-        private_constant :CA_CERTS_DIRECTORY, :FAILURE_LIMIT, :HTTP_ERRORS, :REDIRECT_TYPES, :TIMEOUT_SECONDS
+        private_constant :CA_FILE, :FAILURE_LIMIT, :HTTP_ERRORS, :REDIRECT_TYPES, :TIMEOUT_SECONDS
 
         def attempt(http, request, cached_file)
           downloaded = false
@@ -208,7 +208,12 @@ def http_options(rich_uri)
 
           if secure?(rich_uri)
             http_options[:use_ssl] = true
-            http_options[:ca_path] = CA_CERTS_DIRECTORY.to_s if CA_CERTS_DIRECTORY.exist?
+            @logger.debug { 'Adding HTTP options for secure connection' }
+
+            if CA_FILE.exist?
+              http_options[:ca_file] = CA_FILE.to_s
+              @logger.debug { "Adding additional certs from #{CA_FILE}" }
+            end
           end
 
           http_options

lib/java_buildpack/util/cache/download_cache.rb

@@ -37,7 +37,7 @@
   end
 
   it 'should truncate long detect strings',
-     app_fixture: 'integration_valid',
+     app_fixture:       'integration_valid',
      buildpack_fixture: 'integration_long_detect_tag' do
 
     run("bin/detect #{app_dir}") do |status|

spec/bin/detect_spec.rb

@@ -42,7 +42,7 @@
   let(:download_cache) { described_class.new(mutable_cache_root, immutable_cache_root) }
 
   before do
-    described_class.const_set :CA_CERTS_DIRECTORY, ca_certs_directory
+    described_class.const_set :CA_FILE, ca_certs_directory
   end
 
   it 'should raise error if file cannot be found',
@@ -234,7 +234,7 @@
 
   end
 
-  it 'should not use ca_path if the URL is not secure and directory does not exist' do
+  it 'should not use ca_file if the URL is not secure and directory does not exist' do
     stub_request(:get, uri)
     .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
 
@@ -245,7 +245,7 @@
     download_cache.get(uri) {}
   end
 
-  it 'should not use ca_path if the URL is not secure and directory does exist' do
+  it 'should not use ca_file if the URL is not secure and directory does exist' do
     stub_request(:get, uri)
     .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
 
@@ -257,7 +257,7 @@
     download_cache.get(uri) {}
   end
 
-  it 'should not use ca_path if the URL is secure and directory does not exist' do
+  it 'should not use ca_file if the URL is secure and directory does not exist' do
     stub_request(:get, uri_secure)
     .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
 
@@ -269,15 +269,15 @@
     download_cache.get(uri_secure) {}
   end
 
-  it 'should use ca_path if the URL is secure and directory does exist' do
+  it 'should use ca_file if the URL is secure and directory does exist' do
     stub_request(:get, uri_secure)
     .to_return(status: 200, body: 'foo-cached', headers: { Etag: 'foo-etag', 'Last-Modified' => 'foo-last-modified' })
 
     allow(ca_certs_directory).to receive(:exist?).and_return(true)
     allow(Net::HTTP).to receive(:Proxy).and_call_original
     expect(Net::HTTP).to receive(:start)
                          .with('foo-uri', 443, connect_timeout: 10, open_timeout: 10, read_timeout: 10, use_ssl: true,
-                               ca_path:                         'test-path').and_call_original
+                               ca_file:                         'test-path').and_call_original
 
     download_cache.get(uri_secure) {}
   end