From b53a78fbe8b2ec0bf13c6ac13f4d11c9a886622d Mon Sep 17 00:00:00 2001
From: Dennis Ploeger <github.dennis@dieploegers.de>
Date: Thu, 18 Oct 2018 11:07:37 +0200
Subject: [PATCH] Support for installing JCE. Fixes MODULES-1681 (#326)

* Support for installing JCE. Fixes MODULES-1681

* Disabled oracle tests. Only to be enabled, if the other configuration options match the current java download URL provided by Oracle.
---
 manifests/oracle.pp             | 42 ++++++++++++++-
 spec/acceptance/install_spec.rb | 92 +++++++++++++++++++++++++++++++++
 spec/defines/oracle_spec.rb     | 60 +++++++++++++++++++++
 3 files changed, 193 insertions(+), 1 deletion(-)

diff --git a/manifests/oracle.pp b/manifests/oracle.pp
index 38a9ff6..7a6fdc5 100644
--- a/manifests/oracle.pp
+++ b/manifests/oracle.pp
@@ -87,6 +87,9 @@
 # Directory hash used by the download.oracle.com site.  This value is a 32 character string
 # which is part of the file URL returned by the JDK download site.
 #
+# [*jce*]
+# Install Oracles Java Cryptographic Extensions into the JRE or JDK
+#
 # ### Author
 # mike@marseglia.org
 #
@@ -101,6 +104,7 @@ define java::oracle (
   $proxy_type    = undef,
   $url           = undef,
   $url_hash      = undef,
+  $jce           = false,
 ) {
 
   # archive module is used to download the java package
@@ -111,6 +115,15 @@ define java::oracle (
     fail('Java SE must be either jre or jdk.')
   }
 
+  if $jce {
+    $jce_download = $version ? {
+      '8'     => 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip',
+      '7'     => 'http://download.oracle.com/otn-pub/java/jce/7/UnlimitedJCEPolicyJDK7.zip',
+      '6'     => 'http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip',
+      default => undef
+    }
+  }
+
   # determine Oracle Java major and minor version, and installation path
   if $version_major and $version_minor {
 
@@ -121,7 +134,7 @@ define java::oracle (
     if $release_major =~ /(\d+)u(\d+)/ {
       # Required for CentOS systems where Java8 update number is >= 171 to ensure
       # the package is visible to Puppet
-      if $facts['os']['name'] == 'CentOS' and $2 >= '171' {
+      if $facts['os']['family'] == 'RedHat' and $2 >= '171' {
         $install_path = "${java_se}1.${1}.0_${2}-amd64"
       } else {
         $install_path = "${java_se}1.${1}.0_${2}"
@@ -187,6 +200,11 @@ define java::oracle (
       fail ( "unsupported platform ${$facts['kernel']}" ) }
   }
 
+  # Install required unzip packages for jce
+  if $jce {
+    ensure_resource('package', 'unzip', { 'ensure' => 'present' })
+  }
+
   # set java architecture nomenclature
   case $facts['os']['architecture'] {
     'i386' : { $arch = 'i586' }
@@ -286,6 +304,28 @@ define java::oracle (
             creates => $creates_path,
             require => $install_requires
           }
+
+          if ($jce and $jce_download != undef) {
+            $jce_path = $java_se ? {
+              'jre' => "${creates_path}/lib/security",
+              'jdk' => "${creates_path}/jre/lib/security"
+            }
+            archive { "/tmp/jce-${version}.zip":
+              source        => $jce_download,
+              cookie        => 'gpw_e24=http%3A%2F%2Fwww.oracle.com%2F; oraclelicense=accept-securebackup-cookie',
+              extract       => true,
+              extract_path  => $jce_path,
+              extract_flags => '-oj',
+              creates       => "${jce_path}/US_export_policy.jar",
+              cleanup       => false,
+              proxy_server  => $proxy_server,
+              proxy_type    => $proxy_type,
+              require       => [
+                Package['unzip'],
+                Exec["Install Oracle java_se ${java_se} ${version} ${release_major} ${release_minor}"]
+              ]
+            }
+          }
         }
         default : {
           fail ("unsupported platform ${$facts['kernel']}")
diff --git a/spec/acceptance/install_spec.rb b/spec/acceptance/install_spec.rb
index 32fca8b..8891594 100644
--- a/spec/acceptance/install_spec.rb
+++ b/spec/acceptance/install_spec.rb
@@ -1,5 +1,7 @@
 require 'spec_helper_acceptance'
 
+include Unix::File
+
 # RedHat, CentOS, Scientific, Oracle prior to 5.0  : Sun Java JDK/JRE 1.6
 # RedHat, CentOS, Scientific, Oracle 5.0 < x < 6.3 : OpenJDK Java JDK/JRE 1.6
 # RedHat, CentOS, Scientific, Oracle after 6.3     : OpenJDK Java JDK/JRE 1.7
@@ -79,6 +81,62 @@ bogus_alternative = "class { 'java':\n"\
                     "  java_alternative_path => '/whatever',\n"\
                     '}'
 
+# Oracle installs are disabled by default, because the links to valid oracle installations
+# change often. Look the parameters up from the Oracle download URLs at https://java.oracle.com and
+# enable the tests:
+
+oracle_enabled = false
+oracle_version_major = '8'
+oracle_version_minor = '181'
+oracle_version_build = '13'
+oracle_hash = '96a7b8442fe848ef90c96a2fad6ed6d1'
+
+install_oracle_jre = <<EOL
+  java::oracle {
+    'test_oracle_jre':
+      version       => '#{oracle_version_major}',
+      version_major => '#{oracle_version_major}u#{oracle_version_minor}',
+      version_minor => 'b#{oracle_version_build}',
+      url_hash      => '#{oracle_hash}',
+      java_se       => 'jre',
+  }
+EOL
+
+install_oracle_jdk = <<EOL
+  java::oracle {
+    'test_oracle_jdk':
+      version       => '#{oracle_version_major}',
+      version_major => '#{oracle_version_major}u#{oracle_version_minor}',
+      version_minor => 'b#{oracle_version_build}',
+      url_hash      => '#{oracle_hash}',
+      java_se       => 'jdk',
+  }
+EOL
+
+install_oracle_jre_jce = <<EOL
+  java::oracle {
+    'test_oracle_jre':
+      version       => '#{oracle_version_major}',
+      version_major => '#{oracle_version_major}u#{oracle_version_minor}',
+      version_minor => 'b#{oracle_version_build}',
+      url_hash      => '#{oracle_hash}',
+      java_se       => 'jre',
+      jce           => true,
+  }
+EOL
+
+install_oracle_jdk_jce = <<EOL
+  java::oracle {
+    'test_oracle_jdk':
+      version       => '#{oracle_version_major}',
+      version_major => '#{oracle_version_major}u#{oracle_version_minor}',
+      version_minor => 'b#{oracle_version_build}',
+      url_hash      => '#{oracle_hash}',
+      java_se       => 'jdk',
+      jce           => true,
+  }
+EOL
+
 context 'installing java jre', unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
   it 'installs jre' do
     apply_manifest(java_class_jre, catch_failures: true)
@@ -155,3 +213,37 @@ context 'with failure cases' do
     end
   end
 end
+
+# Test oracle java installs
+context 'java::oracle', if: oracle_enabled, unless: UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+  install_path = '/usr/lib/jvm'
+  version_suffix = ''
+  if fact('osfamily') == 'RedHat' || fact('osfamily') == 'Amazon'
+    install_path = '/usr/java'
+    version_suffix = '-amd64'
+  end
+  it 'installs oracle jdk' do
+    apply_manifest(install_oracle_jdk, catch_failures: true)
+    apply_manifest(install_oracle_jdk, catch_changes: true)
+    result = shell("test ! -e #{install_path}/jdk1.#{oracle_version_major}.0_#{oracle_version_minor}#{version_suffix}/jre/lib/security/local_policy.jar")
+    expect(result.exit_code).to eq(0)
+  end
+  it 'installs oracle jre' do
+    apply_manifest(install_oracle_jre, catch_failures: true)
+    apply_manifest(install_oracle_jre, catch_changes: true)
+    result = shell("test ! -e #{install_path}/jre1.#{oracle_version_major}.0_#{oracle_version_minor}#{version_suffix}/lib/security/local_policy.jar")
+    expect(result.exit_code).to eq(0)
+  end
+  it 'installs oracle jdk with jce' do
+    apply_manifest(install_oracle_jdk_jce, catch_failures: true)
+    apply_manifest(install_oracle_jdk_jce, catch_changes: true)
+    result = shell("test -e #{install_path}/jdk1.#{oracle_version_major}.0_#{oracle_version_minor}#{version_suffix}/jre/lib/security/local_policy.jar")
+    expect(result.exit_code).to eq(0)
+  end
+  it 'installs oracle jre with jce' do
+    apply_manifest(install_oracle_jre_jce, catch_failures: true)
+    apply_manifest(install_oracle_jre_jce, catch_changes: true)
+    result = shell("test -e #{install_path}/jre1.#{oracle_version_major}.0_#{oracle_version_minor}#{version_suffix}/lib/security/local_policy.jar")
+    expect(result.exit_code).to eq(0)
+  end
+end
diff --git a/spec/defines/oracle_spec.rb b/spec/defines/oracle_spec.rb
index 0a6a40e..9e97b5f 100644
--- a/spec/defines/oracle_spec.rb
+++ b/spec/defines/oracle_spec.rb
@@ -121,6 +121,26 @@ describe 'java::oracle', type: :define do
 
       it { is_expected.to compile }
     end
+
+    context 'when installing Oracle Java SE 6 JRE with JCE' do
+      let(:params) { { ensure: 'present', jce: true, version: '6', version_major: '6u99', version_minor: '99', java_se: 'jre' } }
+      let(:title) { 'jre6jce' }
+
+      it do
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_source('http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip')
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_extract_path('/usr/java/jre1.6.0_99-amd64/lib/security')
+      end
+    end
+
+    context 'when installing Oracle Java SE 6 JDK with JCE' do
+      let(:params) { { ensure: 'present', jce: true, version: '6', version_major: '6u99', version_minor: '99', java_se: 'jdk' } }
+      let(:title) { 'jre6jce' }
+
+      it do
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_source('http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip')
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_extract_path('/usr/java/jdk1.6.0_99-amd64/jre/lib/security')
+      end
+    end
   end
 
   context 'when on CentOS 32-bit' do
@@ -207,6 +227,26 @@ describe 'java::oracle', type: :define do
 
       it { is_expected.to compile }
     end
+
+    context 'when installing Oracle Java SE 6 JRE with JCE' do
+      let(:params) { { ensure: 'present', jce: true, version: '6', version_major: '6u99', version_minor: '99', java_se: 'jre' } }
+      let(:title) { 'jre6jce' }
+
+      it do
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_source('http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip')
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_extract_path('/usr/java/jre1.6.0_99-amd64/lib/security')
+      end
+    end
+
+    context 'when installing Oracle Java SE 6 JDK with JCE' do
+      let(:params) { { ensure: 'present', jce: true, version: '6', version_major: '6u99', version_minor: '99', java_se: 'jdk' } }
+      let(:title) { 'jre6jce' }
+
+      it do
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_source('http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip')
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_extract_path('/usr/java/jdk1.6.0_99-amd64/jre/lib/security')
+      end
+    end
   end
 
   context 'with Ubuntu 64-bit' do
@@ -300,6 +340,26 @@ describe 'java::oracle', type: :define do
 
       it { is_expected.to compile }
     end
+
+    context 'when installing Oracle Java SE 6 JRE with JCE' do
+      let(:params) { { ensure: 'present', jce: true, version: '6', version_major: '6u99', version_minor: '99', java_se: 'jre' } }
+      let(:title) { 'jre6jce' }
+
+      it do
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_source('http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip')
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_extract_path('/usr/lib/jvm/jre1.6.0_99/lib/security')
+      end
+    end
+
+    context 'when installing Oracle Java SE 6 JDK with JCE' do
+      let(:params) { { ensure: 'present', jce: true, version: '6', version_major: '6u99', version_minor: '99', java_se: 'jdk' } }
+      let(:title) { 'jre6jce' }
+
+      it do
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_source('http://download.oracle.com/otn-pub/java/jce_policy/6/jce_policy-6.zip')
+        is_expected.to contain_archive('/tmp/jce-6.zip').with_extract_path('/usr/lib/jvm/jdk1.6.0_99/jre/lib/security')
+      end
+    end
   end
   describe 'incompatible OSes' do
     [