Merge pull request #161 from paketo-buildpacks/java-18-keystore

Disabled reading of cacerts at build & run time for Java 18
paketo-buildpacks · Apr 6, 2022 · 0c23ab4 · 0c23ab4
2 parents 4832b7f + 67740d6
commit 0c23ab4
Show file tree

Hide file tree

Showing 5 changed files with 34 additions and 8 deletions.
diff --git a/build.go b/build.go
@@ -131,7 +131,7 @@ func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) {
 
 		if IsLaunchContribution(jrePlanEntry.Metadata) {
 			helpers := []string{"active-processor-count", "java-opts", "jvm-heap", "link-local-dns", "memory-calculator",
-				"openssl-certificate-loader", "security-providers-configurer", "jmx", "jfr"}
+				"security-providers-configurer", "jmx", "jfr"}
 
 			if IsBeforeJava9(depJRE.Version) {
 				helpers = append(helpers, "security-providers-classpath-8")
@@ -141,6 +141,10 @@ func (b Build) Build(context libcnb.BuildContext) (libcnb.BuildResult, error) {
 				helpers = append(helpers, "debug-9")
 				helpers = append(helpers, "nmt")
 			}
+			// Java 18 bug - cacerts keystore type not readable
+			if IsBeforeJava18(depJRE.Version) {
+				helpers = append(helpers, "openssl-certificate-loader")
+			}
 
 			h, be := libpak.NewHelperLayer(context.Buildpack, helpers...)
 			h.Logger = b.Logger

diff --git a/build_test.go b/build_test.go
@@ -111,12 +111,12 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 			"jvm-heap",
 			"link-local-dns",
 			"memory-calculator",
-			"openssl-certificate-loader",
 			"security-providers-configurer",
 			"jmx",
 			"jfr",
 			"security-providers-classpath-8",
 			"debug-8",
+			"openssl-certificate-loader",
 		}))
 	})
 
@@ -142,13 +142,13 @@ func testBuild(t *testing.T, context spec.G, it spec.S) {
 			"jvm-heap",
 			"link-local-dns",
 			"memory-calculator",
-			"openssl-certificate-loader",
 			"security-providers-configurer",
 			"jmx",
 			"jfr",
 			"security-providers-classpath-9",
 			"debug-9",
 			"nmt",
+			"openssl-certificate-loader",
 		}))
 	})
 

diff --git a/jdk.go b/jdk.go
@@ -21,6 +21,8 @@ import (
 	"os"
 	"path/filepath"
 
+	"github.com/heroku/color"
+
 	"github.com/buildpacks/libcnb"
 	"github.com/paketo-buildpacks/libpak"
 	"github.com/paketo-buildpacks/libpak/bard"
@@ -77,10 +79,14 @@ func (j JDK) Contribute(layer libcnb.Layer) (libcnb.Layer, error) {
 		} else {
 			keyStorePath = filepath.Join(layer.Path, "lib", "security", "cacerts")
 		}
-		if err := j.CertificateLoader.Load(keyStorePath, "changeit"); err != nil {
-			return libcnb.Layer{}, fmt.Errorf("unable to load certificates\n%w", err)
-		}
 
+		if IsBeforeJava18(j.LayerContributor.Dependency.Version) {
+			if err := j.CertificateLoader.Load(keyStorePath, "changeit"); err != nil {
+				return libcnb.Layer{}, fmt.Errorf("unable to load certificates\n%w", err)
+			}
+		} else {
+			j.Logger.Bodyf("%s: The JVM cacerts entries cannot be loaded with Java 18, for more information see: https://github.com/paketo-buildpacks/libjvm/issues/158", color.YellowString("Warning"))
+		}
 		return layer, nil
 	})
 }

diff --git a/jre.go b/jre.go
@@ -23,6 +23,8 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/heroku/color"
+
 	"github.com/buildpacks/libcnb"
 	"github.com/magiconair/properties"
 	"github.com/paketo-buildpacks/libpak"
@@ -84,8 +86,12 @@ func (j JRE) Contribute(layer libcnb.Layer) (libcnb.Layer, error) {
 			cacertsPath = filepath.Join(layer.Path, "lib", "security", "cacerts")
 		}
 
-		if err := j.CertificateLoader.Load(cacertsPath, "changeit"); err != nil {
-			return libcnb.Layer{}, fmt.Errorf("unable to load certificates\n%w", err)
+		if IsBeforeJava18(j.LayerContributor.Dependency.Version) {
+			if err := j.CertificateLoader.Load(cacertsPath, "changeit"); err != nil {
+				return libcnb.Layer{}, fmt.Errorf("unable to load certificates\n%w", err)
+			}
+		} else {
+			j.Logger.Bodyf("%s: The JVM cacerts entries cannot be loaded with Java 18, for more information see: https://github.com/paketo-buildpacks/libjvm/issues/158", color.YellowString("Warning"))
 		}
 
 		if IsBuildContribution(j.Metadata) {

diff --git a/versions.go b/versions.go
@@ -21,6 +21,7 @@ import (
 )
 
 var Java9, _ = semver.NewVersion("9")
+var Java18, _ = semver.NewVersion("18")
 
 func IsBeforeJava9(candidate string) bool {
 	v, err := semver.NewVersion(candidate)
@@ -30,3 +31,12 @@ func IsBeforeJava9(candidate string) bool {
 
 	return v.LessThan(Java9)
 }
+
+func IsBeforeJava18(candidate string) bool {
+	v, err := semver.NewVersion(candidate)
+	if err != nil {
+		return false
+	}
+
+	return v.LessThan(Java18)
+}