Install open ssl jar into Gerrit site for bouncycastle crypto provider

937d527ac0e4ee685fccb60ae604406a6638daec upgraded bouncy castle to 1.49.

The old JAR artifact was renamed and split to number of files. For Gerrit
two libraries must be downloaded and be available under `$gerrit_site/lib`:

* bcprov-jdk15on-149.jar
* bcpkix-jdk15on-149.jar

Update download logic to support a basic concept of required dependencies,
ensuring BC provider is downloaded if the SSL library is installed by init.

Change-Id: I60092ebe136f78a5649fe8512737275f50195a34
This commit is contained in:
David Ostrovsky 2013-11-30 17:25:47 +01:00 committed by David Pursehouse
parent 30539fa2c8
commit a1ffd908d7
7 changed files with 86 additions and 18 deletions

View File

@ -72,9 +72,9 @@ class InitSshd implements InitStep {
sshd.set("listenAddress", SocketUtil.format(hostname, port));
if (site.ssh_rsa.exists() || site.ssh_dsa.exists()) {
libraries.bouncyCastle.downloadRequired();
libraries.bouncyCastleSSL.downloadRequired();
} else if (!site.ssh_key.exists()) {
libraries.bouncyCastle.downloadOptional();
libraries.bouncyCastleSSL.downloadOptional();
}
generateSshHostKeys();

View File

@ -37,7 +37,8 @@ class Libraries {
private final Provider<LibraryDownloader> downloadProvider;
/* final */LibraryDownloader bouncyCastle;
/* final */LibraryDownloader bouncyCastleProvider;
/* final */LibraryDownloader bouncyCastleSSL;
/* final */LibraryDownloader mysqlDriver;
/* final */LibraryDownloader oracleDriver;
@ -58,11 +59,11 @@ class Libraries {
throw new RuntimeException(e.getMessage(), e);
}
for (final Field f : Libraries.class.getDeclaredFields()) {
for (Field f : Libraries.class.getDeclaredFields()) {
if ((f.getModifiers() & Modifier.STATIC) == 0
&& f.getType() == LibraryDownloader.class) {
try {
init(f, cfg);
f.set(this, downloadProvider.get());
} catch (IllegalArgumentException e) {
throw new IllegalStateException("Cannot initialize " + f.getName());
} catch (IllegalAccessException e) {
@ -70,17 +71,36 @@ class Libraries {
}
}
}
for (Field f : Libraries.class.getDeclaredFields()) {
if ((f.getModifiers() & Modifier.STATIC) == 0
&& f.getType() == LibraryDownloader.class) {
try {
init(f, cfg);
} catch (IllegalArgumentException e) {
throw new IllegalStateException("Cannot configure " + f.getName());
} catch (IllegalAccessException e) {
throw new IllegalStateException("Cannot configure " + f.getName());
} catch (NoSuchFieldException e) {
throw new IllegalStateException("Cannot configure " + f.getName());
} catch (SecurityException e) {
throw new IllegalStateException("Cannot configure " + f.getName());
}
}
}
}
private void init(final Field field, final Config cfg)
throws IllegalArgumentException, IllegalAccessException {
final String n = field.getName();
final LibraryDownloader dl = downloadProvider.get();
private void init(Field field, Config cfg) throws IllegalArgumentException,
IllegalAccessException, NoSuchFieldException, SecurityException {
String n = field.getName();
LibraryDownloader dl = (LibraryDownloader) field.get(this);
dl.setName(get(cfg, n, "name"));
dl.setJarUrl(get(cfg, n, "url"));
dl.setSHA1(get(cfg, n, "sha1"));
dl.setRemove(get(cfg, n, "remove"));
field.set(this, dl);
for (String d : cfg.getStringList("library", n, "needs")) {
dl.addNeeds((LibraryDownloader) getClass().getDeclaredField(d).get(this));
}
}
private static String get(Config cfg, String name, String key) {

View File

@ -40,6 +40,8 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
/** Get optional or required 3rd party library files into $site_path/lib. */
class LibraryDownloader {
@ -51,13 +53,17 @@ class LibraryDownloader {
private String jarUrl;
private String sha1;
private String remove;
private List<LibraryDownloader> needs;
private LibraryDownloader neededBy;
private File dst;
private boolean download; // download or copy
private boolean exists;
@Inject
LibraryDownloader(ConsoleUI ui, SitePaths site) {
this.ui = ui;
this.lib_dir = site.lib_dir;
this.needs = new ArrayList<LibraryDownloader>(2);
}
void setName(final String name) {
@ -77,16 +83,27 @@ class LibraryDownloader {
this.remove = remove;
}
void addNeeds(LibraryDownloader lib) {
needs.add(lib);
}
void downloadRequired() {
this.required = true;
setRequired(true);
download();
}
void downloadOptional() {
this.required = false;
required = false;
download();
}
private void setRequired(boolean r) {
required = r;
for (LibraryDownloader d : needs) {
d.setRequired(r);
}
}
private void download() {
if (jarUrl == null || !jarUrl.contains("/")) {
throw new IllegalStateException("Invalid JarUrl for " + name);
@ -102,9 +119,18 @@ class LibraryDownloader {
}
dst = new File(lib_dir, jarName);
if (!dst.exists() && shouldGet()) {
if (dst.exists()) {
exists = true;
} else if (shouldGet()) {
doGet();
}
if (exists) {
for (LibraryDownloader d : needs) {
d.neededBy = this;
d.downloadRequired();
}
}
}
private boolean shouldGet() {
@ -115,7 +141,11 @@ class LibraryDownloader {
final StringBuilder msg = new StringBuilder();
msg.append("\n");
msg.append("Gerrit Code Review is not shipped with %s\n");
if (required) {
if (neededBy != null) {
msg.append(String.format(
"** This library is required by %s. **\n",
neededBy.name));
} else if (required) {
msg.append("** This library is required for your configuration. **\n");
} else {
msg.append(" If available, Gerrit can take advantage of features\n");
@ -171,6 +201,7 @@ class LibraryDownloader {
}
if (dst.exists()) {
exists = true;
IoUtil.loadJARs(dst);
}
}

View File

@ -14,12 +14,20 @@
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastle"]
name = Bouncy Castle Crypto v149
url = http://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.49/bcprov-jdk15on-1.49.jar
[library "bouncyCastleProvider"]
name = Bouncy Castle Crypto Provider v149
url = http://www.bouncycastle.org/download/bcprov-jdk15on-149.jar
sha1 = f5155f04330459104b79923274db5060c1057b99
remove = bcprov-.*[.]jar
# Version should match lib/bouncycastle/BUCK
[library "bouncyCastleSSL"]
name = Bouncy Castle Crypto SSL v149
url = http://www.bouncycastle.org/download/bcpkix-jdk15on-149.jar
sha1 = 924cc7ad2f589630c97b918f044296ebf1bb6855
needs = bouncyCastleProvider
remove = bcpkix-.*[.]jar
[library "mysqlDriver"]
name = MySQL Connector/J 5.1.21
url = http://repo2.maven.org/maven2/mysql/mysql-connector-java/5.1.21/mysql-connector-java-5.1.21.jar

View File

@ -41,7 +41,7 @@ public class LibrariesTest extends TestCase {
}
});
assertNotNull(lib.bouncyCastle);
assertNotNull(lib.bouncyCastleProvider);
assertNotNull(lib.mysqlDriver);
verify(ui);

View File

@ -52,6 +52,7 @@ java_library2(
compile_deps = [
'//lib/bouncycastle:bcprov',
'//lib/bouncycastle:bcpg',
'//lib/bouncycastle:bcpkix',
],
visibility = ['PUBLIC'],
)

View File

@ -18,3 +18,11 @@ maven_jar(
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
deps = [':bcprov'],
)
maven_jar(
name = 'bcpkix',
id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION,
sha1 = '924cc7ad2f589630c97b918f044296ebf1bb6855',
license = 'DO_NOT_DISTRIBUTE', #'bouncycastle'
deps = [':bcprov'],
)