Merge branch '3.x'

Author: nebhale

lib/java_buildpack/framework/container_certificate_trust_store.rb

@@ -30,10 +30,7 @@ def compile
 
         with_timing("Adding certificates to #{trust_store.relative_path_from(@droplet.root)}") do
           FileUtils.mkdir_p trust_store.parent
-
-          shell "#{java} -jar #{@droplet.sandbox + jar_name} --container-source #{ca_certificates} --destination " \
-                "#{trust_store} --destination-password #{password} --jre-source #{cacerts} --jre-source-password " \
-                'changeit'
+          shell command
         end
       end
 
@@ -68,18 +65,30 @@ def ca_certificates
         end
       end
 
-      def cacerts
-        @droplet.java_home.root + 'lib/security/cacerts'
+      def command
+        command = "#{java} -jar #{@droplet.sandbox + jar_name} --container-source #{ca_certificates} --destination " \
+                    "#{trust_store} --destination-password #{password}"
+        command += " --jre-source #{jre_cacerts} --jre-source-password changeit" if jre_cacerts.exist?
+        command += " --jre-source #{server_jre_cacerts} --jre-source-password changeit" if server_jre_cacerts.exist?
+        command
       end
 
       def java
         @droplet.java_home.root + 'bin/java'
       end
 
+      def jre_cacerts
+        @droplet.java_home.root + 'lib/security/cacerts'
+      end
+
       def password
         'java-buildpack-trust-store-password'
       end
 
+      def server_jre_cacerts
+        @droplet.java_home.root + 'jre/lib/security/cacerts'
+      end
+
       def supports_configuration?
         @configuration['enabled']
       end

spec/java_buildpack/framework/container_certificate_trust_store_spec.rb

@@ -16,6 +16,7 @@
 
 require 'spec_helper'
 require 'component_helper'
+require 'fileutils'
 require 'java_buildpack/framework/container_certificate_trust_store'
 
 describe JavaBuildpack::Framework::ContainerCertificateTrustStore do
@@ -44,6 +45,23 @@
   it 'creates truststore',
      cache_fixture: 'stub-container-customizer.jar' do
 
+    allow(component).to receive(:ca_certificates).and_return(ca_certificates)
+    allow(component).to receive(:shell).with("#{java_home.root}/bin/java -jar " \
+                                             "#{sandbox}/container_certificate_trust_store-0.0.0.jar " \
+                                             "--container-source #{ca_certificates} " \
+                                             "--destination #{sandbox}/truststore.jks " \
+                                             '--destination-password java-buildpack-trust-store-password')
+
+    component.compile
+  end
+
+  it 'creates truststore with jre source',
+     cache_fixture: 'stub-container-customizer.jar' do
+
+    cacerts = java_home.root + 'lib/security/cacerts'
+    FileUtils.mkdir_p(cacerts.parent)
+    FileUtils.touch(cacerts)
+
     allow(component).to receive(:ca_certificates).and_return(ca_certificates)
     allow(component).to receive(:shell).with("#{java_home.root}/bin/java -jar " \
                                              "#{sandbox}/container_certificate_trust_store-0.0.0.jar " \
@@ -56,6 +74,25 @@
     component.compile
   end
 
+  it 'creates truststore with server jre source',
+     cache_fixture: 'stub-container-customizer.jar' do
+
+    cacerts = java_home.root + 'jre/lib/security/cacerts'
+    FileUtils.mkdir_p(cacerts.parent)
+    FileUtils.touch(cacerts)
+
+    allow(component).to receive(:ca_certificates).and_return(ca_certificates)
+    allow(component).to receive(:shell).with("#{java_home.root}/bin/java -jar " \
+                                             "#{sandbox}/container_certificate_trust_store-0.0.0.jar " \
+                                             "--container-source #{ca_certificates} " \
+                                             "--destination #{sandbox}/truststore.jks " \
+                                             '--destination-password java-buildpack-trust-store-password ' \
+                                             "--jre-source #{java_home.root}/jre/lib/security/cacerts " \
+                                             '--jre-source-password changeit')
+
+    component.compile
+  end
+
   it 'adds truststore properties' do
     component.release
     expect(java_opts).to include('-Djavax.net.ssl.trustStore=$PWD/.java-buildpack/container_certificate_trust_store/' \