Skip to content

Commit 6143c1a

Browse files
nebhalenebhale
committed
Luna Security Provider Polishing
This change updates the contributed Luna Security Provider changes to simply the code even further. In addition, it updates the test code to account for the changes. [resolves cloudfoundry#296]
1 parent 8a15b65 commit 6143c1a

File tree

7 files changed

+54
-76
lines changed

7 files changed

+54
-76
lines changed

.idea/dictionaries/bhale.xml

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/java_buildpack/framework/luna_security_provider.rb

Lines changed: 10 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,6 @@ class LunaSecurityProvider < JavaBuildpack::Component::VersionedDependencyCompon
2828

2929
# (see JavaBuildpack::Component::BaseComponent#compile)
3030
def compile
31-
3231
download_tar
3332
setup_ext_dir
3433

@@ -67,11 +66,11 @@ def chrystoki
6766
end
6867

6968
def client_certificate
70-
@droplet.sandbox + 'usr/safenet/lunaclient/cert/client/client-certificate.pem'
69+
@droplet.sandbox + 'client-certificate.pem'
7170
end
7271

7372
def client_private_key
74-
@droplet.sandbox + 'usr/safenet/lunaclient/cert/client/client-private-key.pem'
73+
@droplet.sandbox + 'client-private-key.pem'
7574
end
7675

7776
def ext_dir
@@ -91,14 +90,13 @@ def lib_cryptoki
9190
end
9291

9392
def lib_cklog
94-
sandbox + 'libs/64/libcklog2.so'
93+
@droplet.sandbox + 'libs/64/libcklog2.so'
9594
end
9695

9796
def setup_ext_dir
9897
FileUtils.mkdir ext_dir
99-
files = [luna_provider_jar, luna_api_so]
100-
files.each do |file|
101-
FileUtils.ln_s file.relative_path_from(ext_dir), ext_dir, :force => true
98+
[luna_provider_jar, luna_api_so].each do |file|
99+
FileUtils.ln_s file.relative_path_from(ext_dir), ext_dir, force: true
102100
end
103101
end
104102

@@ -120,7 +118,7 @@ def relative(path)
120118
end
121119

122120
def server_certificates
123-
@droplet.sandbox + 'usr/safenet/lunaclient/cert/server/server-certificates.pem'
121+
@droplet.sandbox + 'server-certificates.pem'
124122
end
125123

126124
def write_client(client)
@@ -209,11 +207,10 @@ def write_prologue(f)
209207
LunaSA Client = {
210208
NetClient = 1;
211209
212-
ClientCertFile = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/cert/client/client-certificate.pem')};
213-
ClientPrivKeyFile = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/cert/client/client-private-key.pem')};
214-
HtlDir = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/htl')};
215-
ServerCAFile = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/cert/server/server-certificates.pem')};
216-
SSLConfigFile = #{relative(@droplet.sandbox + 'usr/safenet/lunaclient/bin/openssl.cnf')};
210+
ClientCertFile = #{relative(client_certificate)};
211+
ClientPrivKeyFile = #{relative(client_private_key)};
212+
HtlDir = #{relative(@droplet.sandbox + 'htl')};
213+
ServerCAFile = #{relative(server_certificates)};
217214
218215
EOS
219216
end

resources/luna_security_provider/Chrystoki.conf

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,13 @@
11
Luna = {
2-
DefaultTimeOut = 500000;
3-
PEDTimeout1 = 100000;
4-
PEDTimeout2 = 100000;
5-
PEDTimeout3 = 10000;
2+
CloningCommandTimeOut = 300000;
3+
CommandTimeOutPedSet = 720000;
4+
DefaultTimeOut = 500000;
65
KeypairGenTimeOut = 2700000;
7-
CloningCommandTimeOut = 300000;
8-
}
9-
10-
CardReader = {
11-
RemoteCommand = 1;
6+
PEDTimeout1 = 100000;
7+
PEDTimeout2 = 200000;
8+
PEDTimeout3 = 10000;
129
}
1310

1411
Misc = {
15-
ToolsDir = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/bin;
12+
PE1746Enabled = 0;
1613
}

spec/fixtures/framework_luna_security_provider/Chrystoki.conf

Lines changed: 12 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,28 @@
11
Luna = {
2-
DefaultTimeOut = 500000;
3-
PEDTimeout1 = 100000;
4-
PEDTimeout2 = 100000;
5-
PEDTimeout3 = 10000;
2+
CloningCommandTimeOut = 300000;
3+
CommandTimeOutPedSet = 720000;
4+
DefaultTimeOut = 500000;
65
KeypairGenTimeOut = 2700000;
7-
CloningCommandTimeOut = 300000;
8-
}
9-
10-
CardReader = {
11-
RemoteCommand = 1;
6+
PEDTimeout1 = 100000;
7+
PEDTimeout2 = 200000;
8+
PEDTimeout3 = 10000;
129
}
1310

1411
Misc = {
15-
ToolsDir = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/bin;
12+
PE1746Enabled = 0;
1613
}
1714

1815
Chrystoki2 = {
19-
LibUNIX64 = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/lib/libCryptoki2_64.so;
16+
LibUNIX64 = .java-buildpack/luna_security_provider/libs/64/libCryptoki2.so;
2017
}
2118

2219
LunaSA Client = {
2320
NetClient = 1;
2421

25-
ClientCertFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/cert/client/client-certificate.pem;
26-
ClientPrivKeyFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/cert/client/client-private-key.pem;
27-
HtlDir = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/htl;
28-
ServerCAFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/cert/server/server-certificates.pem;
29-
SSLConfigFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/bin/openssl.cnf;
22+
ClientCertFile = .java-buildpack/luna_security_provider/client-certificate.pem;
23+
ClientPrivKeyFile = .java-buildpack/luna_security_provider/client-private-key.pem;
24+
HtlDir = .java-buildpack/luna_security_provider/htl;
25+
ServerCAFile = .java-buildpack/luna_security_provider/server-certificates.pem;
3026

3127
ServerName00 = test-server-1;
3228
ServerPort00 = 1792;

spec/fixtures/framework_luna_security_provider_logging/Chrystoki.conf

Lines changed: 13 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,27 +1,24 @@
11
Luna = {
2-
DefaultTimeOut = 500000;
3-
PEDTimeout1 = 100000;
4-
PEDTimeout2 = 100000;
5-
PEDTimeout3 = 10000;
2+
CloningCommandTimeOut = 300000;
3+
CommandTimeOutPedSet = 720000;
4+
DefaultTimeOut = 500000;
65
KeypairGenTimeOut = 2700000;
7-
CloningCommandTimeOut = 300000;
8-
}
9-
10-
CardReader = {
11-
RemoteCommand = 1;
6+
PEDTimeout1 = 100000;
7+
PEDTimeout2 = 200000;
8+
PEDTimeout3 = 10000;
129
}
1310

1411
Misc = {
15-
ToolsDir = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/bin;
12+
PE1746Enabled = 0;
1613
}
1714

1815
Chrystoki2 = {
19-
LibUNIX64 = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/lib/libcklog2.so;
16+
LibUNIX64 = .java-buildpack/luna_security_provider/libs/64/libcklog2.so;
2017
}
2118

2219
CkLog2 = {
2320
Enabled = 1;
24-
LibUNIX64 = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/lib/libCryptoki2_64.so;
21+
LibUNIX64 = .java-buildpack/luna_security_provider/libs/64/libCryptoki2.so;
2522
LoggingMask = ALL_FUNC;
2623
LogToStreams = 1;
2724
NewFormat = 1;
@@ -30,11 +27,10 @@ CkLog2 = {
3027
LunaSA Client = {
3128
NetClient = 1;
3229

33-
ClientCertFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/cert/client/client-certificate.pem;
34-
ClientPrivKeyFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/cert/client/client-private-key.pem;
35-
HtlDir = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/htl;
36-
ServerCAFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/cert/server/server-certificates.pem;
37-
SSLConfigFile = .java-buildpack/luna_security_provider/usr/safenet/lunaclient/bin/openssl.cnf;
30+
ClientCertFile = .java-buildpack/luna_security_provider/client-certificate.pem;
31+
ClientPrivKeyFile = .java-buildpack/luna_security_provider/client-private-key.pem;
32+
HtlDir = .java-buildpack/luna_security_provider/htl;
33+
ServerCAFile = .java-buildpack/luna_security_provider/server-certificates.pem;
3834

3935
ServerName00 = test-server-1;
4036
ServerPort00 = 1792;

spec/fixtures/stub-luna-security-provider.tar

-49.5 KB
Binary file not shown.

spec/java_buildpack/framework/luna_security_provider_spec.rb

Lines changed: 11 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -77,25 +77,26 @@
7777

7878
component.compile
7979

80-
expect(sandbox + 'usr/safenet/lunaclient/lib/libCryptoki2_64.so').to exist
81-
expect(sandbox + 'usr/safenet/lunaclient/jsp/lib/stub.file').to exist
82-
expect(sandbox + 'usr/safenet/lunaclient/lib/libcklog2.so').not_to exist
80+
expect(sandbox + 'libs/64/libCryptoki2.so').to exist
81+
expect(sandbox + 'libs/64/libcklog2.so').to exist
82+
expect(sandbox + 'jsp/LunaProvider.jar').to exist
83+
expect(sandbox + 'jsp/64/libLunaAPI.so').to exist
8384
end
8485

8586
it 'write certificate files',
8687
cache_fixture: 'stub-luna-security-provider.tar' do
8788

8889
component.compile
8990

90-
expect(sandbox + 'usr/safenet/lunaclient/cert/client/client-certificate.pem').to exist
91-
expect(sandbox + 'usr/safenet/lunaclient/cert/client/client-private-key.pem').to exist
92-
expect(sandbox + 'usr/safenet/lunaclient/cert/server/server-certificates.pem').to exist
91+
expect(sandbox + 'client-certificate.pem').to exist
92+
expect(sandbox + 'client-private-key.pem').to exist
93+
expect(sandbox + 'server-certificates.pem').to exist
9394

94-
check_file_contents(sandbox + 'usr/safenet/lunaclient/cert/client/client-certificate.pem',
95+
check_file_contents(sandbox + 'client-certificate.pem',
9596
'spec/fixtures/framework_luna_security_provider/client-certificate.pem')
96-
check_file_contents(sandbox + 'usr/safenet/lunaclient/cert/client/client-private-key.pem',
97+
check_file_contents(sandbox + 'client-private-key.pem',
9798
'spec/fixtures/framework_luna_security_provider/client-private-key.pem')
98-
check_file_contents(sandbox + 'usr/safenet/lunaclient/cert/server/server-certificates.pem',
99+
check_file_contents(sandbox + 'server-certificates.pem',
99100
'spec/fixtures/framework_luna_security_provider/server-certificates.pem')
100101
end
101102

@@ -118,22 +119,12 @@
118119
expect(java_opts).to include('-Djava.security.properties=$PWD/.java-buildpack/' \
119120
'luna_security_provider/java.security')
120121
expect(java_opts).to include('-Djava.ext.dirs=$PWD/.test-java-home/lib/ext:$PWD/.java-buildpack/' \
121-
'luna_security_provider/usr/safenet/lunaclient/jsp/lib')
122+
'luna_security_provider/ext')
122123
end
123124

124125
context do
125126
let(:configuration) { { 'logging_enabled' => true } }
126127

127-
it 'unpacks the luna tar',
128-
cache_fixture: 'stub-luna-security-provider.tar' do
129-
130-
component.compile
131-
132-
expect(sandbox + 'usr/safenet/lunaclient/lib/libCryptoki2_64.so').to exist
133-
expect(sandbox + 'usr/safenet/lunaclient/jsp/lib/stub.file').to exist
134-
expect(sandbox + 'usr/safenet/lunaclient/lib/libcklog2.so').to exist
135-
end
136-
137128
it 'writes configuration',
138129
cache_fixture: 'stub-luna-security-provider.tar' do
139130

0 commit comments

Comments
 (0)