paketo-buildpacks · nebhale · Nov 10, 2020 · Nov 10, 2020
@@ -29,12 +29,14 @@ import (
 	"time"
 
 	"github.com/paketo-buildpacks/libpak/sherpa"
-	"github.com/pavel-v-chernykh/keystore-go"
+	"github.com/pavel-v-chernykh/keystore-go/v4"
 	"golang.org/x/sys/unix"
 )
 
 const DefaultCertFile = "/etc/ssl/certs/ca-certificates.crt"
 
+var NormalizedDateTime = time.Date(1980, time.January, 1, 0, 0, 1, 0, time.UTC)
+
 type CertificateLoader struct {
 	CertFile string
 	CertDirs []string
@@ -74,15 +76,18 @@ func (c *CertificateLoader) Load(path string, password string) error {
 		}
 
 		for i, b := range blocks {
-			ks[fmt.Sprintf("%s-%d", f, i)] = &keystore.TrustedCertificateEntry{
-				Entry: keystore.Entry{
-					CreationDate: time.Now(),
-				},
+			entry := keystore.TrustedCertificateEntry{
+				CreationTime: NormalizedDateTime,
 				Certificate: keystore.Certificate{
 					Type:    "X.509",
 					Content: b.Bytes,
 				},
 			}
+
+			if err := ks.SetTrustedCertificateEntry(fmt.Sprintf("%s-%d", f, i), entry); err != nil {
+				return fmt.Errorf("unable to add trusted entry\n%w", err)
+			}
+
 			added++
 		}
 	}
@@ -176,13 +181,13 @@ func (c CertificateLoader) readBlocks(path string) ([]*pem.Block, error) {
 func (CertificateLoader) readKeyStore(path string, password string) (keystore.KeyStore, error) {
 	in, err := os.Open(path)
 	if err != nil {
-		return nil, fmt.Errorf("unable to open %s\n%w", path, err)
+		return keystore.KeyStore{}, fmt.Errorf("unable to open %s\n%w", path, err)
 	}
 	defer in.Close()
 
-	ks, err := keystore.Decode(in, []byte(password))
-	if err != nil {
-		return nil, fmt.Errorf("unable to decode keystore\n %w", err)
+	ks := keystore.New()
+	if err := ks.Load(in, []byte(password)); err != nil {
+		return keystore.KeyStore{}, fmt.Errorf("unable to decode keystore\n %w", err)
 	}
 
 	return ks, nil
@@ -200,7 +205,7 @@ func (c CertificateLoader) writeKeyStore(ks keystore.KeyStore, path string, pass
 	}
 	defer out.Close()
 
-	if err := keystore.Encode(out, ks, []byte(password)); err != nil {
+	if err := ks.Store(out, []byte(password)); err != nil {
 		return fmt.Errorf("unable to encode keystore\n%w", err)
 	}
 

@@ -25,7 +25,7 @@ import (
 	"testing"
 
 	. "github.com/onsi/gomega"
-	"github.com/pavel-v-chernykh/keystore-go"
+	"github.com/pavel-v-chernykh/keystore-go/v4"
 	"github.com/sclevine/spec"
 
 	"github.com/paketo-buildpacks/libjvm"
@@ -135,8 +135,10 @@ func testCertificateLoader(t *testing.T, context spec.G, it spec.S) {
 			Expect(err).NotTo(HaveOccurred())
 			defer in.Close()
 
-			ks, err := keystore.Decode(in, []byte("changeit"))
-			Expect(ks).To(HaveLen(2))
+			ks := keystore.New()
+			err = ks.Load(in, []byte("changeit"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(ks.Aliases()).To(HaveLen(2))
 		})
 
 		it("loads additional certificates from directories", func() {
@@ -151,8 +153,10 @@ func testCertificateLoader(t *testing.T, context spec.G, it spec.S) {
 			Expect(err).NotTo(HaveOccurred())
 			defer in.Close()
 
-			ks, err := keystore.Decode(in, []byte("changeit"))
-			Expect(ks).To(HaveLen(3))
+			ks := keystore.New()
+			err = ks.Load(in, []byte("changeit"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(ks.Aliases()).To(HaveLen(3))
 		})
 
 		if internal.IsRoot() {
@@ -173,8 +177,10 @@ func testCertificateLoader(t *testing.T, context spec.G, it spec.S) {
 			Expect(err).NotTo(HaveOccurred())
 			defer in.Close()
 
-			ks, err := keystore.Decode(in, []byte("changeit"))
-			Expect(ks).To(HaveLen(1))
+			ks := keystore.New()
+			err = ks.Load(in, []byte("changeit"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(ks.Aliases()).To(HaveLen(1))
 		})
 	})
 }
@@ -11,7 +11,7 @@ require (
 	github.com/miekg/dns v1.1.35
 	github.com/onsi/gomega v1.10.3
 	github.com/paketo-buildpacks/libpak v1.49.1
-	github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible
+	github.com/pavel-v-chernykh/keystore-go/v4 v4.0.0
 	github.com/sclevine/spec v1.4.0
 	golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f
 )
@@ -52,8 +52,8 @@ github.com/onsi/gomega v1.10.3 h1:gph6h/qe9GSUw1NhH1gp+qb+h8rXD8Cy60Z32Qw3ELA=
 github.com/onsi/gomega v1.10.3/go.mod h1:V9xEwhxec5O8UDM77eCW8vLymOMltsqPVYWrpDsH8xc=
 github.com/paketo-buildpacks/libpak v1.49.1 h1:G0aFzDcPf3BQXsBss+FN1buiNG7yQIzUvTKFsC72CqU=
 github.com/paketo-buildpacks/libpak v1.49.1/go.mod h1:8vMe0mZNZj1vqngvtH6KCrs98mL+KW9mTymOb5PE6pw=
-github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible h1:Jd6xfriVlJ6hWPvYOE0Ni0QWcNTLRehfGPFxr3eSL80=
-github.com/pavel-v-chernykh/keystore-go v2.1.0+incompatible/go.mod h1:xlUlxe/2ItGlQyMTstqeDv9r3U4obH7xYd26TbDQutY=
+github.com/pavel-v-chernykh/keystore-go/v4 v4.0.0 h1:4LEQ+RvYRMzofgd3iWjRFBQAJ1nQPUyy38QPCAbOsrY=
+github.com/pavel-v-chernykh/keystore-go/v4 v4.0.0/go.mod h1:2ejgys4qY+iNVW1IittZhyRYA6MNv8TgM6VHqojbB9g=
 github.com/pelletier/go-toml v1.8.1 h1:1Nf83orprkJyknT6h7zbuEGUEjcyVlCxSUGTENmNCRM=
 github.com/pelletier/go-toml v1.8.1/go.mod h1:T2/BmBdy8dvIRq1a/8aqjN41wvWlN4lrapLU/GW4pbc=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=

@@ -25,7 +25,7 @@ import (
 
 	. "github.com/onsi/gomega"
 	"github.com/paketo-buildpacks/libpak/bard"
-	"github.com/pavel-v-chernykh/keystore-go"
+	"github.com/pavel-v-chernykh/keystore-go/v4"
 	"github.com/sclevine/spec"
 
 	"github.com/paketo-buildpacks/libjvm"
@@ -90,8 +90,10 @@ func testOpenSSLCertificateLoader(t *testing.T, context spec.G, it spec.S) {
 			Expect(err).NotTo(HaveOccurred())
 			defer in.Close()
 
-			ks, err := keystore.Decode(in, []byte("changeit"))
-			Expect(ks).To(HaveLen(3))
+			ks := keystore.New()
+			err = ks.Load(in, []byte("changeit"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(ks.Aliases()).To(HaveLen(3))
 		})
 
 		if internal.IsRoot() {
@@ -109,8 +111,10 @@ func testOpenSSLCertificateLoader(t *testing.T, context spec.G, it spec.S) {
 			Expect(err).NotTo(HaveOccurred())
 			defer in.Close()
 
-			ks, err := keystore.Decode(in, []byte("changeit"))
-			Expect(ks).To(HaveLen(1))
+			ks := keystore.New()
+			err = ks.Load(in, []byte("changeit"))
+			Expect(err).NotTo(HaveOccurred())
+			Expect(ks.Aliases()).To(HaveLen(1))
 		})
 	})
 

@@ -26,7 +26,7 @@ import (
 	. "github.com/onsi/gomega"
 	"github.com/paketo-buildpacks/libpak"
 	"github.com/paketo-buildpacks/libpak/bard"
-	"github.com/pavel-v-chernykh/keystore-go"
+	"github.com/pavel-v-chernykh/keystore-go/v4"
 	"github.com/sclevine/spec"
 
 	"github.com/paketo-buildpacks/libjvm"
@@ -104,10 +104,10 @@ func testJDK(t *testing.T, context spec.G, it spec.S) {
 		Expect(err).NotTo(HaveOccurred())
 		defer in.Close()
 
-		ks, err := keystore.Decode(in, []byte("changeit"))
+		ks := keystore.New()
+		err = ks.Load(in, []byte("changeit"))
 		Expect(err).NotTo(HaveOccurred())
-
-		Expect(ks).To(HaveLen(3))
+		Expect(ks.Aliases()).To(HaveLen(3))
 	})
 
 	it("updates after Java 9 certificates", func() {
@@ -131,10 +131,9 @@ func testJDK(t *testing.T, context spec.G, it spec.S) {
 		in, err := os.Open(filepath.Join(layer.Path, "lib", "security", "cacerts"))
 		Expect(err).NotTo(HaveOccurred())
 		defer in.Close()
-
-		ks, err := keystore.Decode(in, []byte("changeit"))
+		ks := keystore.New()
+		err = ks.Load(in, []byte("changeit"))
 		Expect(err).NotTo(HaveOccurred())
-
-		Expect(ks).To(HaveLen(3))
+		Expect(ks.Aliases()).To(HaveLen(3))
 	})
 }
@@ -26,7 +26,7 @@ import (
 	. "github.com/onsi/gomega"
 	"github.com/paketo-buildpacks/libpak"
 	"github.com/paketo-buildpacks/libpak/bard"
-	"github.com/pavel-v-chernykh/keystore-go"
+	"github.com/pavel-v-chernykh/keystore-go/v4"
 	"github.com/sclevine/spec"
 
 	"github.com/paketo-buildpacks/libjvm"
@@ -104,10 +104,10 @@ func testJRE(t *testing.T, context spec.G, it spec.S) {
 		Expect(err).NotTo(HaveOccurred())
 		defer in.Close()
 
-		ks, err := keystore.Decode(in, []byte("changeit"))
+		ks := keystore.New()
+		err = ks.Load(in, []byte("changeit"))
 		Expect(err).NotTo(HaveOccurred())
-
-		Expect(ks).To(HaveLen(3))
+		Expect(ks.Aliases()).To(HaveLen(3))
 	})
 
 	it("updates before Java 9 JDK certificates", func() {
@@ -132,10 +132,10 @@ func testJRE(t *testing.T, context spec.G, it spec.S) {
 		Expect(err).NotTo(HaveOccurred())
 		defer in.Close()
 
-		ks, err := keystore.Decode(in, []byte("changeit"))
+		ks := keystore.New()
+		err = ks.Load(in, []byte("changeit"))
 		Expect(err).NotTo(HaveOccurred())
-
-		Expect(ks).To(HaveLen(3))
+		Expect(ks.Aliases()).To(HaveLen(3))
 	})
 
 	it("updates after Java 9 JDK certificates", func() {
@@ -160,10 +160,10 @@ func testJRE(t *testing.T, context spec.G, it spec.S) {
 		Expect(err).NotTo(HaveOccurred())
 		defer in.Close()
 
-		ks, err := keystore.Decode(in, []byte("changeit"))
+		ks := keystore.New()
+		err = ks.Load(in, []byte("changeit"))
 		Expect(err).NotTo(HaveOccurred())
-
-		Expect(ks).To(HaveLen(3))
+		Expect(ks.Aliases()).To(HaveLen(3))
 	})
 
 	it("marks layer for build", func() {