initial commit

Dockerfile

@@ -0,0 +1,139 @@
+FROM microsoft/windowsservercore:latest
+
+#settings
+ENV JAVA_VERSION=8u144
+ENV JAVA_BUNDLE_ID=225355_090f390dda5b47b9b721c7dfaa008135
+ENV JAVA_INSTALL_FOLDER=jre1.8.0_144
+ENV JAVA_OPTS=-XX:+UseG1GC\ -Xmx2000m
+ENV TOMCAT_MAJOR_VERSION=8
+ENV TOMCAT_VERSION=8.0.45
+ENV CATALINA_HOME=c:\\Tomcat
+ENV IDP_VERSION=3.3.1.1
+###
+ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER
+ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER
+RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine )
+ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi
+
+##install Java
+RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe')
+RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash -eq '1CB458C9B8F4EBC91227EC2F685DC6F0078C5CCE6B00C39382707DCF0606B415') { ` \
+        start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \
+      } Else { throw 'bad hash comparison on Java download' }
+RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe
+
+##install Java Cryptography Extensions
+RUN powershell ` \
+	$ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \
+	$c = New-Object System.Net.Cookie ; ` \
+	$c.Name = 'oraclelicense' ; ` \
+	$c.Value = 'accept-securebackup-cookie' ; ` \
+	$c.Domain = 'oracle.com' ; ` \
+	$ws.Cookies.Add($c) ; ` \
+	Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip'
+RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \
+        Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \
+		copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \
+      } Else { throw 'bad hash comparison on JCE download' }
+RUN del c:\jce_policy-8.zip
+
+##install Tomcat
+RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe')
+RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA1).Hash.ToLower() -eq 'd8823cd37db43981f6a66ca3cbff8cf863ac7cff') { ` \
+        start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist "/S,/D=C:\Tomcat" ` \
+      } Else { throw 'bad hash comparison on Tomcat download' }
+RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe
+#copy temp SSL cert for tomcat in c:\sslcert
+COPY keystore.jks c:\\sslcert\\keystore.jks
+#copy temp tomcat config file (listening on 443, cert at c:\sslcert\keystore.jks
+COPY server.xml c:\\Tomcat\\conf\\server.xml
+#cleanup tomcat install
+RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF
+
+
+##install Shibb
+RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi')
+RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi).Hash -eq '7ffca419cb4b8a891d455b71f48f86ba7999204e683dec8aec4a5c0a3fb48346') { ` \
+		start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \
+       } Else { throw 'bad hash comparison on IdP download' }
+RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi
+
+#link IdP's war file to Tomcat
+RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war
+
+#copy TIER beacon script
+RUN mkdir c:\util
+COPY sendtierbeacon.ps1 c:\\util
+#schedule script to run (at random time)
+#RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm"
+#The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround
+COPY TIER_Beacon_Task.xml c:\TIER_Beacon_Task.xml
+RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm ; echo $tm
+RUN del c:\TIER_Beacon_Task.xml
+
+
+##############################################################################
+###############################################
+### Settings for a mounted config (default) ###
+###############################################
+#
+# for Windows containers, the directories below (in the VOLUME stmt) **must** be empty or non-existent
+#    therefore, the use a mounted config on windows, those directories must be cleared first
+#
+# need to ensure directories below are empty or non-existent (required by Windows)
+#   There's an apparent issue with Docker and Windows resulting in errors that say "There are no more files" when 'rmdir /S /Q' tries to remove some directories (might try renaming?)
+#
+#
+#VOLUME ["c:/Tomcat/conf", \
+#	    "c:/Tomcat/webapps/ROOT", \
+#		"c:/Tomcat/logs", \
+#		"c:/sslcert", \
+#		"c:/opt/shibboleth-idp/conf", \
+#		"c:/opt/shibboleth-idp/credentials", \
+#		"c:/opt/shibboleth-idp/views", \
+#		"c:/opt/shibboleth-idp/edit-webapp", \
+#		"c:/opt/shibboleth-idp/messages", \
+#		"c:/opt/shibboleth-idp/metadata", \
+#		"c:/opt/shibboleth-idp/logs"]
+
+
+#################################################
+### Settings for a burned-in config (default) ###
+#################################################	
+# Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below.
+# They represent the folder names/paths on your build host of the relevant config material needed to run the container.  You can also specify these 
+# with --build-arg in your 'docker build' command.
+ARG TOMCFG=config\\tomcat
+ARG TOMLOG=logs\\tomcat
+ARG TOMCERT=credentials\\tomcat
+ARG TOMWWWROOT=wwwroot
+ARG SHBCFG=config\\shib-idp\\conf
+ARG SHBCREDS=credentials\\shib-idp
+ARG SHBVIEWS=config\\shib-idp\\views
+ARG SHBEDWAPP=config\\shib-idp\\edit-webapp
+ARG SHBMSGS=config\\shib-idp\\messages
+ARG SHBMD=config\\shib-idp\\metadata
+ARG SHBLOG=logs\\shib-idp
+
+# Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up)
+#
+# consider not doing the one volume below (which maps the IdP's logs folder to a local folder) as it creates a run-time 
+#     dependency and a better solution might be to use syslog from the container
+# VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"]
+#
+ADD $TOMCFG c:\\Tomcat\\conf
+ADD $TOMCERT c:\\sslcert
+ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT
+ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf
+ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials
+ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views
+ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp
+ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages
+ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata
+
+###############################################################################
+
+EXPOSE 443
+
+CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ]
+

sendtierbeacon.ps1

@@ -0,0 +1,17 @@
+
+$VERSION='3.3.1.1'
+$TIERVERSION='17070'
+$IMAGENAME='shibboleth_idp'
+$MAINTAINER='tier'
+
+$LOGURL="http://collector.testbed.tier.internet2.edu:5001/"
+$LOGTEXT="{ `"msgType`" : `"TIERBEACON`", `"msgName`" : `"TIER`", `"msgVersion`" : `"1.0`", `"tbProduct`" : `"$IMAGENAME`", `"tbProductVersion`" : `"$VERSION`", `"tbTIERRelease`" : `"$TIERVERSION`", `"tbMaintainer`" : `"$MAINTAINER`" }"
+
+
+If ($env:TIER_BEACON_OPT_OUT) {
+  If ($env:TIER_BEACON_OPT_OUT.Trim() -ne 'True') {
+	Invoke-WebRequest -Uri $LOGURL -Method POST -Body $LOGTEXT -Headers @{"Content-Type"="application/json"}
+  } Else { echo 'Opt-out Set, doing nothing...' }
+} Else {
+	Invoke-WebRequest -Uri $LOGURL -Method POST -Body $LOGTEXT -Headers @{"Content-Type"="application/json"}
+}

server.xml

@@ -0,0 +1,25 @@
+<?xml version='1.0' encoding='utf-8'?>
+<Server port="8005" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+
+  <Service name="Catalina">
+<Connector
+          protocol="org.apache.coyote.http11.Http11NioProtocol"
+          port="443" maxThreads="200"
+          scheme="https" secure="true" SSLEnabled="true"
+          keystoreFile="c:\sslcert\keystore.jks" keystorePass="changeitnow"
+          clientAuth="false" sslProtocol="TLS"/>
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <Host name="localhost"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log." suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+      </Host>
+    </Engine>
+  </Service>
+</Server>