From dddc02f2ec1ff8db21145673b89dda8e64523616 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 17 Apr 2019 08:20:49 -0500 Subject: [PATCH 01/20] bump tomcat version --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3cef220..1f5f149 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ FROM microsoft/windowsservercore:latest ENV JAVA_OPTS='-Xmx3000m' ENV TOMCAT_MAJOR_VERSION=9 -ENV TOMCAT_VERSION=9.0.16 +ENV TOMCAT_VERSION=9.0.19 ENV CATALINA_HOME=c:\\Tomcat ENV IDP_VERSION=3.4.3 @@ -56,7 +56,7 @@ RUN del C:\%JAVA_INSTALL_FILENAME% COPY container_files/config.ini c:\\config.ini RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ - 'ffa45a8a084725c51b8ccd5bc4d115f1eef0590cdce2d2868b666f5285d7347e2ee400cd22c87d091d326f66d70f88deb9765a886b3dfa0b699c8f119859369f') ` \ + 'e4c9c0b1c9100d43373620e5ba3399663de7a96d8ceb53a3f697c00c1f5663bd381d4ae0bb45847dd0a72ea2eda40be3418e8d2a2fa9e272a3f76cfebe34ef2b') ` \ { ` \ start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ } Else { throw 'bad hash comparison on Tomcat download' } From 5869ad10ddf5774ef4cdeb8f00872f9ab47b97db Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 17 Apr 2019 08:34:37 -0500 Subject: [PATCH 02/20] bump java --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1f5f149..40cb6ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ ENV IDP_VERSION=3.4.3 #ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER #below is for Zulu Java ENV JAVA_HOME='c:\zulujava\zulu-8\' -ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi +ENV JAVA_INSTALL_FILENAME=zulu8.38.0.13-ca-jdk8.0.212-win_x64.msi #below is for Oracle Java #ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) @@ -23,7 +23,7 @@ ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi ###install Zulu Java RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') -RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \ +RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'f586f922b8b707026272fa7566fbcce1') { ` \ start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ } Else { throw 'bad hash comparison on Zulu Java download' } RUN del C:\%JAVA_INSTALL_FILENAME% From 1676902d5d17143753a352808ac6f1b7dae245b3 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 17 Apr 2019 08:40:06 -0500 Subject: [PATCH 03/20] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 40cb6ad..d17b462 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,7 +15,7 @@ ENV IDP_VERSION=3.4.3 #ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER #below is for Zulu Java ENV JAVA_HOME='c:\zulujava\zulu-8\' -ENV JAVA_INSTALL_FILENAME=zulu8.38.0.13-ca-jdk8.0.212-win_x64.msi +ENV JAVA_INSTALL_FILENAME='zulu8.38.0.13-ca-jdk8.0.212-win_x64.msi' #below is for Oracle Java #ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) From f42e1a04be22d8913fd2b12c45029f0b6407c9b3 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 17 Apr 2019 08:41:18 -0500 Subject: [PATCH 04/20] Update Dockerfile --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index d17b462..f5cb62f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,6 +15,7 @@ ENV IDP_VERSION=3.4.3 #ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER #below is for Zulu Java ENV JAVA_HOME='c:\zulujava\zulu-8\' +### ENV JAVA_INSTALL_FILENAME='zulu8.38.0.13-ca-jdk8.0.212-win_x64.msi' #below is for Oracle Java #ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER From 418a174b794d6ce736acf2c2d46b648eb0e5f5e2 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 17 Apr 2019 09:58:35 -0500 Subject: [PATCH 05/20] Update Dockerfile --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f5cb62f..4f3597c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,4 @@ -FROM microsoft/windowsservercore:latest - +FROM microsoft/windowsservercore:1809 #settings #ENV JAVA_VERSION=8u171 #ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 From 4256e313a83bfd89b7dc35c975c897ab0e6d17e2 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 17 Apr 2019 09:59:50 -0500 Subject: [PATCH 06/20] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 4f3597c..9b08c51 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM microsoft/windowsservercore:1809 +FROM mcr.microsoft.com//windows/servercore:1809 #settings #ENV JAVA_VERSION=8u171 #ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 From 0c491c2bbc8e520f403fa9c68fe85e408eff7718 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 17 Apr 2019 10:21:42 -0500 Subject: [PATCH 07/20] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9b08c51..0d34715 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com//windows/servercore:1809 +FROM mcr.microsoft.com/windows/servercore:ltsc2016 #settings #ENV JAVA_VERSION=8u171 #ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 From 769c8072814dc7ad64219833ada5ab82a2da1fdb Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 19 Apr 2019 08:28:15 -0500 Subject: [PATCH 08/20] Create docker-compose.yml --- test-compose/idp/docker-compose.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 test-compose/idp/docker-compose.yml diff --git a/test-compose/idp/docker-compose.yml b/test-compose/idp/docker-compose.yml new file mode 100644 index 0000000..b54957b --- /dev/null +++ b/test-compose/idp/docker-compose.yml @@ -0,0 +1,29 @@ +version: "3.3" + +services: + idp: + build: + context: ./idp/ + args: + TOMCFG: ./container_files/config/tomcat + TOMCERT: ./container_files/credentials/tomcat + TOMWWWROOT: ./container_files/wwwroot + SHBCFG: ./container_files/config/shib-idp/conf + SHBCREDS: ./container_files/credentials/shib-idp + SHBVIEWS: ./container_files/config/shib-idp/views + SHBEDWAPP: ./container_files/config/shib-idp/edit-webapp + SHBMSGS: ./container_files/config/shib-idp/messages + SHBMD: ./container_files/config/shib-idp/metadata + expose: + - "443" + ports: + - "443:443" + dns: + - 8.8.8.8 + - 4.4.4.4 + +networks: + default: + external: + name: nat + From 87d6bcfcb5f47c3a273439d131075b2ff61fa4b0 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 19 Apr 2019 08:28:49 -0500 Subject: [PATCH 09/20] Create compose.ps1 --- test-compose/idp/compose.ps1 | 1 + 1 file changed, 1 insertion(+) create mode 100644 test-compose/idp/compose.ps1 diff --git a/test-compose/idp/compose.ps1 b/test-compose/idp/compose.ps1 new file mode 100644 index 0000000..9bd9b42 --- /dev/null +++ b/test-compose/idp/compose.ps1 @@ -0,0 +1 @@ +docker-compose up --build -d From d894f961081328e69f00041df254ae9263d6f50b Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 19 Apr 2019 08:29:19 -0500 Subject: [PATCH 10/20] Create decompose.ps1 --- test-compose/idp/decompose.ps1 | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 test-compose/idp/decompose.ps1 diff --git a/test-compose/idp/decompose.ps1 b/test-compose/idp/decompose.ps1 new file mode 100644 index 0000000..a4b3c3f --- /dev/null +++ b/test-compose/idp/decompose.ps1 @@ -0,0 +1,2 @@ +docker-compose kill +docker-compose rm From e3ee271abb382c9e1834fc0955f781200863fdd8 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Fri, 19 Apr 2019 08:37:20 -0500 Subject: [PATCH 11/20] Update docker-compose.yml --- test-compose/idp/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-compose/idp/docker-compose.yml b/test-compose/idp/docker-compose.yml index b54957b..d35db8d 100644 --- a/test-compose/idp/docker-compose.yml +++ b/test-compose/idp/docker-compose.yml @@ -3,7 +3,7 @@ version: "3.3" services: idp: build: - context: ./idp/ + context: . args: TOMCFG: ./container_files/config/tomcat TOMCERT: ./container_files/credentials/tomcat From f44d6d5f00137179e0662c7353d56c6250a2d46b Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Mon, 22 Apr 2019 14:25:47 -0500 Subject: [PATCH 12/20] Create compose.ps1 --- test-compose/sp/compose.ps1 | 1 + 1 file changed, 1 insertion(+) create mode 100644 test-compose/sp/compose.ps1 diff --git a/test-compose/sp/compose.ps1 b/test-compose/sp/compose.ps1 new file mode 100644 index 0000000..9bd9b42 --- /dev/null +++ b/test-compose/sp/compose.ps1 @@ -0,0 +1 @@ +docker-compose up --build -d From 54ebedc08db4e7d19aea3eff5f554e9f6a2118cc Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Mon, 22 Apr 2019 14:26:15 -0500 Subject: [PATCH 13/20] Create decompose.ps1 --- test-compose/sp/decompose.ps1 | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 test-compose/sp/decompose.ps1 diff --git a/test-compose/sp/decompose.ps1 b/test-compose/sp/decompose.ps1 new file mode 100644 index 0000000..a4b3c3f --- /dev/null +++ b/test-compose/sp/decompose.ps1 @@ -0,0 +1,2 @@ +docker-compose kill +docker-compose rm From b8f6bf8710654ceec5754905eff25705ad982813 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Tue, 23 Apr 2019 16:50:25 -0500 Subject: [PATCH 14/20] Update getIPs.ps1 --- test-compose/getIPs.ps1 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test-compose/getIPs.ps1 b/test-compose/getIPs.ps1 index 5209ef6..3cf5c09 100644 --- a/test-compose/getIPs.ps1 +++ b/test-compose/getIPs.ps1 @@ -2,14 +2,14 @@ $idpcid = docker ps | Select-String 'idp' | ForEach-Object { $_.Line.split(' ')[0] } $spcid = docker ps | Select-String 'sp' | ForEach-Object { $_.Line.split(' ')[0] } -$idpip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $idpcid) -$spip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $spcid) +If ($idpcid -ne $null) {$idpip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $idpcid)} Else {$idpip = "Not-Found"} +If ($spcid -ne $null) {$spip = (docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" $spcid)} Else {$spip = "Not-Found"} $msg = $($idpip.Trim()) + ' idp.example.edu' + "`r`n" + $($spip.Trim()) + ' sptest.example.edu' Set-Clipboard -Value $msg Write-Host '' -Write-Host $($msg) +Write-Host $($msg + "`r`n") Write-Host ' **above entries copied to clipboard' -Write-Host '' \ No newline at end of file +Write-Host '' From f714b2014c11765eda7709d1cb29fc42de602524 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sat, 27 Apr 2019 00:40:34 +0000 Subject: [PATCH 15/20] add sealer key rotation --- Dockerfile | 8 ++- container_files/Sealer_Key_Rotation_Task.xml | Bin 0 -> 3350 bytes container_files/rotateSealerKey.ps1 | 59 +++++++++++++++++++ 3 files changed, 66 insertions(+), 1 deletion(-) create mode 100644 container_files/Sealer_Key_Rotation_Task.xml create mode 100644 container_files/rotateSealerKey.ps1 diff --git a/Dockerfile b/Dockerfile index 0d34715..75f8632 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,6 +20,7 @@ ENV JAVA_INSTALL_FILENAME='zulu8.38.0.13-ca-jdk8.0.212-win_x64.msi' #ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi +ENV ENABLE_SEALER_KEY_ROTATION=True ###install Zulu Java RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') @@ -83,6 +84,9 @@ RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/s #link IdP's war file to Tomcat RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war +#copy sealer key rotation script +COPY container_files/rotateSealerKey.ps1 c:\\opt\\shibboleth-idp\\bin\\rotateSealerKey.ps1 + #copy TIER beacon script RUN mkdir c:\util RUN mkdir c:\opt\certs @@ -91,9 +95,11 @@ COPY container_files/sendtierbeacon.ps1 c:\\util #RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" #The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml +COPY container_files/Sealer_Key_Rotation_Task.xml c:\\Sealer_Key_Rotation_Task.xml RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm +RUN powershell schtasks /Create /XML c:\Sealer_Key_Rotation_Task.xml /TN 'Rotate IdP Sealer Key' ; $tm=(1 -as [string]).padleft(2,'0') + ':' + (0 -as [string]).padleft(2,'0') ; schtasks /Change /TN 'Rotate IdP Sealer Key' /ST $tm RUN del c:\TIER_Beacon_Task.xml - +RUN del c:\Sealer_Key_Rotation_Task.xml ################################################# ### Settings for a burned-in config (default) ### diff --git a/container_files/Sealer_Key_Rotation_Task.xml b/container_files/Sealer_Key_Rotation_Task.xml new file mode 100644 index 0000000000000000000000000000000000000000..3c3f1013db7e3c1bbc9c781ed7cedb044c535ad0 GIT binary patch literal 3350 zcmbW4Z%-OQ5XR?qlYR%{dl9s)#!w9YX(iRxD8@A54GJO=kZ>sa<=g(AUCz6`1B!;g zojWtn%sewYyZ-%Cu|0dXf%UCmPu8)qMb@(i8`@V}v$7Sf#It~8Xg934kq)ivq?gvP zZ?=xs7j*WlY9H-`Rak9-a=#F9(;<4VLp0^-&L(_Dwrd-FB7EK9bKsDQJbSE+@gMQM zMYHIl8K66L5w%&LBHge}A}-k{-b%c0INJ%&$tWA8%^$Qo{nBRTkeS{Bh`LeJMs?9D{P&M?c z9G0QPxhB;(!b{7p9b;|$s6QUbNJv>(-uhzJ!EJ2B`95r`?ut08opjap2hRI`W^H?|I%Hx9?}hK6{WJN&}FK-=0uO3tX@mYeU^Eh0@`gi1JeDR z-la)RE3K+vS?gK+HnRFg*gzs7otl|H||?#eiC zl}46EKBuI{^W|w?DsE?L`iZ;l9L`Q%4@o|9y`&CNye-GIVn1V7^pW4V{;GpAbW@~b zKgn(C*m)~TnB^hpk*jGR8gkBV(&?k1~&c5NCeyozW-&cMPt!5MY z@%=2$`gDt!RF6!ksm_)A6}-L&A&f!$S5r}E(&End6C2 zy)vH0&T_m=GmWdA9>=#luL>N;9hFp2F&q+=?mYSIR$(~Z_4$aC!OU=bLpAL~^ z`3Pm9UA{A7MzSc&G(*fQ__!yM2L0)+vRLypLX0EsxE-dW?pOYP*Wfu|?ZiEMtXG+$ z4bIxq>@-=;CiLS^0_`Iq>a5>(vp2sU+o@|7cZ)jZ<~8Ps``Q64`1`>#>$*8FJ2fku zjXv|_L`qImVGUCKHsbFooalc5or&sE#h2BKV^5H3*mPl6j4C>vZwK7Gnjnt&yXg>n zoT}HXXy@ymyADfj Date: Sat, 27 Apr 2019 16:08:19 +0000 Subject: [PATCH 16/20] update rotation script --- container_files/rotateSealerKey.ps1 | 30 +++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) diff --git a/container_files/rotateSealerKey.ps1 b/container_files/rotateSealerKey.ps1 index 29385da..c481b1b 100644 --- a/container_files/rotateSealerKey.ps1 +++ b/container_files/rotateSealerKey.ps1 @@ -1,16 +1,35 @@ #this script reads the sealer key configuration from the IdP's idp.properties file and rotates the sealer key Try { - $runthis = $env:ENABLE_SEALER_KEY_ROTATION + $ENABLE_SEALER_KEY_ROTATION = $env:ENABLE_SEALER_KEY_ROTATION } Catch { - $runthis = 'True' + $ENABLE_SEALER_KEY_ROTATION = 'True' + } + +If ($ENABLE_SEALER_KEY_ROTATION -eq 'True') { + #assure IDP_HOME + Try { + $IDP_HOME = $env:IDP_HOME + If ($IDP_HOME = null$) { + $IDP_HOME="c:\opt\shibboleth-idp" + } + } + Catch { + $IDP_HOME="c:\opt\shibboleth-idp" + } + #assure JAVA_HOME + Try { + $JAVA_HOME = $env:JAVA_HOME + If ($JAVA_HOME = null$) { + $JAVA_HOME="c:\zulujava\zulu-8" + } + } + Catch { + $JAVA_HOME="c:\zulujava\zulu-8" } -If ($runthis -eq 'True') { #settings - $IDP_HOME="c:\opt\shibboleth-idp" $IDPPROP=$IDP_HOME + "\conf\idp.properties" - $JAVA_HOME="c:\zulujava\zulu-8" #item below is only used if you have configured additional hosts to sync your sealer to $SYNC_CRED="domain\user" @@ -32,7 +51,6 @@ If ($runthis -eq 'True') { $sync_hosts = $env:COMPUTERNAME } - #Write-Host "Keystore:" $storefile #Write-Host "Version File:" $versionfile #Write-Host "Store Pass:" $storepass From 089bbe008302bb0a0f88dc36e5cdd1d80b93e1b4 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sun, 28 Apr 2019 11:45:48 +0000 Subject: [PATCH 17/20] add TIER version env var --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 75f8632..18be466 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,7 @@ ENV TOMCAT_VERSION=9.0.19 ENV CATALINA_HOME=c:\\Tomcat ENV IDP_VERSION=3.4.3 +ENV TIERVERSION=20190401 ### #ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER #below is for Zulu Java From ff7c59335805d4f9b3c6bcae67b84fadd2c91b71 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sun, 28 Apr 2019 11:47:01 +0000 Subject: [PATCH 18/20] fix common.cmd --- common.cmd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/common.cmd b/common.cmd index fec45b7..ff8fe4e 100644 --- a/common.cmd +++ b/common.cmd @@ -1,2 +1,3 @@ -maintainer="tier" +maintainer="tier" + imagename="shib-idp-windows" From d6386dbe112ffef747ab1f9c7b2aad100d98f481 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Sun, 28 Apr 2019 11:47:59 +0000 Subject: [PATCH 19/20] fix --- common.cmd | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/common.cmd b/common.cmd index ff8fe4e..fec45b7 100644 --- a/common.cmd +++ b/common.cmd @@ -1,3 +1,2 @@ -maintainer="tier" - +maintainer="tier" imagename="shib-idp-windows" From 33210686217b43fa53b3c4b17d76617f458c41d3 Mon Sep 17 00:00:00 2001 From: Paul Caskey Date: Wed, 10 Jul 2019 10:18:37 -0500 Subject: [PATCH 20/20] Update Dockerfile --- Dockerfile | 59 +++++++++++++++++++++++++++--------------------------- 1 file changed, 30 insertions(+), 29 deletions(-) diff --git a/Dockerfile b/Dockerfile index 18be466..5dc82bd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,35 +1,42 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2016 + #settings -#ENV JAVA_VERSION=8u171 -#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 -#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 ENV JAVA_OPTS='-Xmx3000m' ENV TOMCAT_MAJOR_VERSION=9 - -ENV TOMCAT_VERSION=9.0.19 - +ENV TOMCAT_VERSION=9.0.21 ENV CATALINA_HOME=c:\\Tomcat -ENV IDP_VERSION=3.4.3 -ENV TIERVERSION=20190401 -### -#ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER -#below is for Zulu Java -ENV JAVA_HOME='c:\zulujava\zulu-8\' +ENV IDP_VERSION=3.4.4 +ENV TIERVERSION=20190701 + ### -ENV JAVA_INSTALL_FILENAME='zulu8.38.0.13-ca-jdk8.0.212-win_x64.msi' -#below is for Oracle Java +##below is for Corretto Java +ENV JAVA_HOME='C:\Program Files\Amazon Corretto\jdk1.8.0_212' +ENV CORRETTO_VERSION='8.212.04.2' +##below is for Zulu Java +#ENV JAVA_HOME='c:\zulujava\zulu-8\' +#ENV JAVA_INSTALL_FILENAME=zulu8.36.0.1-ca-jdk8.0.202-win_x64.msi +##below is for Oracle Java +#ENV JAVA_VERSION=8u171 +#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8 +#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171 #ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER + RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine ) ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi -ENV ENABLE_SEALER_KEY_ROTATION=True -###install Zulu Java -RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') -RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'f586f922b8b707026272fa7566fbcce1') { ` \ - start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ +###install Corretto Java +RUN powershell (new-object System.Net.WebClient).Downloadfile('https://d3pxv6yz143wms.cloudfront.net/%CORRETTO_VERSION%/amazon-corretto-%CORRETTO_VERSION%-1-windows-x64.msi', 'C:\corretto-java-%CORRETTO_VERSION%') +RUN powershell If ((Get-FileHash C:\corretto-java-%CORRETTO_VERSION% -Algorithm MD5).Hash.ToLower() -eq 'a030757f394ffdd73018e24e2ec1991f') { ` \ + start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\corretto-java-%CORRETTO_VERSION%','/qn' ` \ } Else { throw 'bad hash comparison on Zulu Java download' } -RUN del C:\%JAVA_INSTALL_FILENAME% +RUN del C:\corretto-java-%CORRETTO_VERSION% +###install Zulu Java +#RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%') +#RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm MD5).Hash.ToLower() -eq 'cf7825107dd71cd9a6455c2855838966') { ` \ +# start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \ +# } Else { throw 'bad hash comparison on Zulu Java download' } +#RUN del C:\%JAVA_INSTALL_FILENAME% ##install Oracle Java #RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe') @@ -58,7 +65,7 @@ RUN del C:\%JAVA_INSTALL_FILENAME% COPY container_files/config.ini c:\\config.ini RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe') RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA512).Hash.ToLower() -eq ` \ - 'e4c9c0b1c9100d43373620e5ba3399663de7a96d8ceb53a3f697c00c1f5663bd381d4ae0bb45847dd0a72ea2eda40be3418e8d2a2fa9e272a3f76cfebe34ef2b') ` \ + '18bb722854b434d11e03e75c04254c095e92716a70d4159331685d4f472640bdb2662f1c013e99fd600112519d2a4ca76f9cf278a59e49ae37b1c76db6995d0d') ` \ { ` \ start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=c:\Tomcat' ` \ } Else { throw 'bad hash comparison on Tomcat download' } @@ -73,7 +80,7 @@ RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager ##install Shibb RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi') -RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '68b85b7d301a34e68b45724d978f71d0093e48ca') { ` \ +RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '821fdb7c178a247059142f8fbd6d7a895057e2fe') { ` \ start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \ } Else { throw 'bad hash comparison on IdP download' } RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi @@ -85,9 +92,6 @@ RUN C:/opt/shibboleth-idp/bin/build.bat -noinput -S -q -Didp.target.dir=c:/opt/s #link IdP's war file to Tomcat RUN mklink c:\Tomcat\webapps\idp.war c:\opt\shibboleth-idp\war\idp.war -#copy sealer key rotation script -COPY container_files/rotateSealerKey.ps1 c:\\opt\\shibboleth-idp\\bin\\rotateSealerKey.ps1 - #copy TIER beacon script RUN mkdir c:\util RUN mkdir c:\opt\certs @@ -96,11 +100,9 @@ COPY container_files/sendtierbeacon.ps1 c:\\util #RUN powershell ($tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]) + ":" + ((Get-Random -Minimum 0 -Maximum 60) -as [string]) ; start-process -filepath schtasks -passthru -wait -argumentlist '/create','/tn','\"Send TIER Beacon\"','/tr','c:\util\sendtierbeacon.ps1','/sc','DAILY','/st',"$tm" #The line above is triggering an apprent bug in docker or windows core (essentially invalid XML), the 2 lines below are the workaround COPY container_files/TIER_Beacon_Task.xml c:\\TIER_Beacon_Task.xml -COPY container_files/Sealer_Key_Rotation_Task.xml c:\\Sealer_Key_Rotation_Task.xml RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ; $tm=((Get-Random -Minimum 0 -Maximum 4) -as [string]).padleft(2,'0') + ':' + ((Get-Random -Minimum 0 -Maximum 60) -as [string]).padleft(2,'0') ; schtasks /Change /TN 'TIER Beacon' /ST $tm -RUN powershell schtasks /Create /XML c:\Sealer_Key_Rotation_Task.xml /TN 'Rotate IdP Sealer Key' ; $tm=(1 -as [string]).padleft(2,'0') + ':' + (0 -as [string]).padleft(2,'0') ; schtasks /Change /TN 'Rotate IdP Sealer Key' /ST $tm RUN del c:\TIER_Beacon_Task.xml -RUN del c:\Sealer_Key_Rotation_Task.xml + ################################################# ### Settings for a burned-in config (default) ### @@ -161,4 +163,3 @@ HEALTHCHECK --interval=2m --timeout=30s \ EXPOSE 443 CMD [ "cmd /c c:\\Tomcat\\bin\\catalina.bat run" ] -