Added security provider to the list

Author: Konstantin Semenov

config/cloud_sql_security_provider.yml

@@ -0,0 +1,18 @@
+# Cloud Foundry Java Buildpack
+# Copyright 2013-2020 the original author or authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Configuration for the CloudSql Security Provider framework
+---
+enabled: true

config/components.yml

@@ -49,6 +49,7 @@ frameworks:
   - "JavaBuildpack::Framework::ClientCertificateMapper"
   - "JavaBuildpack::Framework::ContainerCustomizer"
   - "JavaBuildpack::Framework::ContainerSecurityProvider"
+  - "JavaBuildpack::Framework::CloudSqlSecurityProvider"
   - "JavaBuildpack::Framework::ContrastSecurityAgent"
   - "JavaBuildpack::Framework::DatadogJavaagent"
   - "JavaBuildpack::Framework::Debug"

lib/java_buildpack/framework/cloud_sql_security_provider.rb

@@ -18,21 +18,20 @@
 require 'fileutils'
 require 'shellwords'
 require 'tempfile'
-require 'java_buildpack/component/versioned_dependency_component'
+require 'java_buildpack/component/base_component'
 require 'java_buildpack/framework'
 require 'java_buildpack/util/qualify_path'
 
 module JavaBuildpack
   module Framework
 
-    # Encapsulates the functionality for enabling zero-touch Safenet ProtectApp Java Security Provider support.
-    class CloudSqlSecurityProvider < JavaBuildpack::Component::VersionedDependencyComponent
+    # Encapsulates the functionality for enabling secure communication with GCP CloudSQL instances.
+    class CloudSqlSecurityProvider < JavaBuildpack::Component::BaseComponent
       include JavaBuildpack::Util
 
       # (see JavaBuildpack::Component::BaseComponent#compile)
       def compile
-        log '#release'.yellow
-        download_zip false
+        return unless supports?
 
         @droplet.copy_resources
 
@@ -41,22 +40,26 @@ def compile
         pkcs12 = merge_client_credentials credentials
         add_client_credentials pkcs12
 
-        add_trusted_certificates credentials['sslrootcert']
+        add_trusted_certificate credentials['sslrootcert']
       end
 
       # (see JavaBuildpack::Component::BaseComponent#release)
       def release
-        log '#release'.yellow
+        return unless supports?
+
         java_opts = @droplet.java_opts
 
         add_additional_properties(java_opts)
       end
 
+      def detect
+        CloudSqlSecurityProvider.to_s.dash_case
+      end
+
       protected
 
       # (see JavaBuildpack::Component::VersionedDependencyComponent#supports?)
       def supports?
-        log '#supports?'.yellow
         @application.services.one_service? FILTER, 'sslrootcert', 'sslcert', 'sslkey'
       end
 
@@ -67,9 +70,6 @@ def supports?
       private_constant :FILTER
 
 
-      def log(message)
-        puts "#{'===========>'.blue} #{'CloudSqlSecurityProvider'.red.bold} #{message}"
-      end
       def add_additional_properties(java_opts)
         java_opts
           .add_system_property('javax.net.ssl.keyStore', keystore)
@@ -82,10 +82,12 @@ def add_client_credentials(pkcs12)
               " -alias #{File.basename(pkcs12)}"
       end
 
-      def add_trusted_certificates(trusted_certificate)
-        File.open("#{@droplet.root}/etc/ssl/certs/ca-certificates.crt", 'a') do |f|
-          f.write("#{trusted_certificate}\n")
-        end
+      def add_trusted_certificate(trusted_certificate)
+        cert = Tempfile.new('ca-cert-')
+        cert.write(trusted_certificate)
+        cert.close
+
+        shell "#{keytool} -import -trustcacerts -cacerts -storepass changeit -noprompt -alias CloudSQLCA -file #{cert.path}"
       end
 
       def ext_dir