From fceab797848355cdabb3e4edc8d0d55267b1509c Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Fri, 6 Jul 2018 18:49:43 +0000
Subject: [PATCH] switch to Zulu Java

---
 Dockerfile | 151 ++++++++++++++++++++++++-----------------------------
 config.ini |   1 +
 2 files changed, 69 insertions(+), 83 deletions(-)
 create mode 100644 config.ini

diff --git a/Dockerfile b/Dockerfile
index 27654e5..43591ba 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,46 +1,59 @@
 FROM microsoft/windowsservercore:latest
 
 #settings
-ENV JAVA_VERSION=8u171
-ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8
-ENV JAVA_INSTALL_FOLDER=jre1.8.0_171
-ENV JAVA_OPTS=-XX:+UseG1GC\ -Xmx2000m
-ENV TOMCAT_MAJOR_VERSION=8
-ENV TOMCAT_VERSION=8.5.31
+#ENV JAVA_VERSION=8u171
+#ENV JAVA_BUNDLE_ID=233172_512cd62ec5174c3487ac17c61aaa89e8
+#ENV JAVA_INSTALL_FOLDER=jre1.8.0_171
+ENV JAVA_OPTS='-Xmx3000m'
+ENV TOMCAT_MAJOR_VERSION=9
+ENV TOMCAT_VERSION=9.0.10
 ENV CATALINA_HOME=c:\\Tomcat
-ENV IDP_VERSION=3.3.3
+ENV IDP_VERSION=3.3.3.1
 ###
-ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER
-ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER
+#ENV JAVA_INSTALL_CLI_STRING=INSTALLDIR=c:\\Java\\$JAVA_INSTALL_FOLDER
+#below is for Zulu Java
+ENV JAVA_HOME='c:\zulujava\zulu-8\'
+ENV JAVA_INSTALL_FILENAME=zulu8.28.0.1-jdk8.0.163-win_x64.msi
+#below is for Oracle Java
+#ENV JAVA_HOME=c:\\Java\\$JAVA_INSTALL_FOLDER
 RUN powershell [Environment]::SetEnvironmentVariable('JAVA_HOME', '%JAVA_HOME%', [System.EnvironmentVariableTarget]::Machine )
 ENV SHIB_INSTALL_FILE=C:\\shibboleth-identity-provider-$IDP_VERSION-x64.msi
 
-##install Java
-RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe')
-RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \
-        start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \
-      } Else { throw 'bad hash comparison on Java download' }
-RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe
-
-##install Java Cryptography Extensions
-RUN powershell ` \
-	$ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \
-	$c = New-Object System.Net.Cookie ; ` \
-	$c.Name = 'oraclelicense' ; ` \
-	$c.Value = 'accept-securebackup-cookie' ; ` \
-	$c.Domain = 'oracle.com' ; ` \
-	$ws.Cookies.Add($c) ; ` \
-	Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip'
-RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \
-        Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \
-		copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \
-      } Else { throw 'bad hash comparison on JCE download' }
-RUN del c:\jce_policy-8.zip
+###install Zulu Java
+RUN powershell (new-object System.Net.WebClient).Downloadfile('https://cdn.azul.com/zulu/bin/%JAVA_INSTALL_FILENAME%', 'C:\%JAVA_INSTALL_FILENAME%')
+RUN powershell If ((Get-FileHash C:\%JAVA_INSTALL_FILENAME% -Algorithm SHA256).Hash.ToLower() -eq 'c5854c4c7c45f70715d57856b1fc7fea2e18ebdf31ad032dbd3bdc240af5a8a7')  { ` \
+		start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\%JAVA_INSTALL_FILENAME%','APPLICATIONROOTDIRECTORY=c:\zulujava','/qn' ` \
+       } Else { throw 'bad hash comparison on Zulu Java download' }
+RUN del C:\%JAVA_INSTALL_FILENAME%
+
+
+##install Oracle Java
+#RUN powershell (new-object System.Net.WebClient).Downloadfile('http://javadl.oracle.com/webapps/download/AutoDL?BundleId=%JAVA_BUNDLE_ID%', 'C:\jre-%JAVA_VERSION%-windows-x64.exe')
+#RUN powershell If ((Get-FileHash C:\jre-%JAVA_VERSION%-windows-x64.exe).Hash.ToLower() -eq 'd5256b3d1a6da959ea98ea2a2be3a05a7df9d1a5cd75db3930f935ab71ce43b8') { ` \
+#        start-process -filepath C:\jre-%JAVA_VERSION%-windows-x64.exe -passthru -wait -argumentlist '/s',%JAVA_INSTALL_CLI_STRING%,'/L','installj64.log' ` \
+#      } Else { throw 'bad hash comparison on Java download' }
+#RUN del C:\jre-%JAVA_VERSION%-windows-x64.exe
+
+##install Oracle Java Cryptography Extensions
+#RUN powershell ` \
+#	$ws = New-Object Microsoft.PowerShell.Commands.WebRequestSession ; ` \
+#	$c = New-Object System.Net.Cookie ; ` \
+#	$c.Name = 'oraclelicense' ; ` \
+#	$c.Value = 'accept-securebackup-cookie' ; ` \
+#	$c.Domain = 'oracle.com' ; ` \
+#	$ws.Cookies.Add($c) ; ` \
+#	Invoke-WebRequest 'http://download.oracle.com/otn-pub/java/jce/8/jce_policy-8.zip' -WebSession $ws -TimeoutSec 1000 -OutFile 'c:\jce_policy-8.zip'
+#RUN powershell If ((Get-FileHash c:\jce_policy-8.zip).Hash.ToLower() -eq 'f3020a3922efd6626c2fff45695d527f34a8020e938a49292561f18ad1320b59') { ` \
+#        Add-Type -AssemblyName System.IO.Compression.FileSystem ; [System.IO.Compression.ZipFile]::ExtractToDirectory('c:\jce_policy-8.zip', 'c:\jcepolicy') ; \
+#		copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\local_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; copy -Force -Path c:\jcepolicy\UnlimitedJCEPolicyJDK8\US_export_policy.jar -Destination c:\Java\%JAVA_INSTALL_FOLDER%\lib\security ; \
+#      } Else { throw 'bad hash comparison on JCE download' }
+#RUN del c:\jce_policy-8.zip
 
 ##install Tomcat
+COPY config.ini c:\config.ini
 RUN powershell (new-object System.Net.WebClient).Downloadfile('http://www.apache.org/dist/tomcat/tomcat-%TOMCAT_MAJOR_VERSION%/v%TOMCAT_VERSION%/bin/apache-tomcat-%TOMCAT_VERSION%.exe', 'C:\apache-tomcat-%TOMCAT_VERSION%.exe')
-RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA1).Hash.ToLower() -eq '7e3a5bf336765a544ae38e2ad0d709edc01bb43f') { ` \
-        start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist "/S,/D=C:\Tomcat" ` \
+RUN powershell If ((Get-FileHash C:\apache-tomcat-%TOMCAT_VERSION%.exe -Algorithm SHA1).Hash.ToLower() -eq '9370f560ca2dab41d13300e16571f930cdedc76a') { ` \
+        start-process -filepath C:\apache-tomcat-%TOMCAT_VERSION%.exe -passthru -wait -argumentlist '/S','/C=c:\config.ini','/D=C:\Tomcat' ` \
       } Else { throw 'bad hash comparison on Tomcat download' }
 RUN del C:\apache-tomcat-%TOMCAT_VERSION%.exe
 #copy temp SSL cert for tomcat in c:\sslcert
@@ -50,10 +63,9 @@ COPY server.xml c:\\Tomcat\\conf\\server.xml
 #cleanup tomcat install
 RUN rmdir /S /Q c:\Tomcat\webapps\docs && rmdir /S /Q c:\Tomcat\webapps\manager && del /F /Q c:\tomcat\webapps\ROOT\*.* && del /F /Q c:\tomcat\webapps\ROOT\WEB-INF\*.* && rmdir c:\tomcat\webapps\ROOT\WEB-INF
 
-
 ##install Shibb
 RUN powershell (new-object System.Net.WebClient).Downloadfile('https://shibboleth.net/downloads/identity-provider/latest/shibboleth-identity-provider-%IDP_VERSION%-x64.msi', 'C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi')
-RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq 'fc42e5b8d9484092ac5210e827f07cb3ae6928bd') { ` \
+RUN powershell If ((Get-FileHash C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi -Algorithm SHA1).Hash.ToLower() -eq '0268f22f49c1d136d8357597ac4a644c565d7f32') { ` \
 		start-process -filepath c:\windows\system32\msiexec.exe -passthru -wait -argumentlist '/i','C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi','/qn','INSTALLDIR=c:\opt\shibboleth-idp','NO_FIREWALL_EXCEPTION=true','DNSNAME=shibboleth.example.org','IDP_SCOPE=example.org' ` \
        } Else { throw 'bad hash comparison on IdP download' }
 RUN del C:\shibboleth-identity-provider-%IDP_VERSION%-x64.msi
@@ -73,52 +85,24 @@ RUN powershell schtasks /Create /XML c:\TIER_Beacon_Task.xml /TN 'TIER Beacon' ;
 RUN del c:\TIER_Beacon_Task.xml
 
 
-##############################################################################
-###############################################
-### Settings for a mounted config (default) ###
-###############################################
-#
-# for Windows containers, the directories below (in the VOLUME stmt) **must** be empty or non-existent
-#    therefore, the use a mounted config on windows, those directories must be cleared first
-#
-# need to ensure directories below are empty or non-existent (required by Windows)
-#   This should do it (via a rename, due to bugs doing deletes):
-#      (for mounted config, uncomment remaining lines in this section)
-#RUN powershell $paths='c:\Tomcat\conf','c:\Tomcat\webapps\ROOT','c:\Tomcat\logs','c:\sslcert','c:\opt\shibboleth-idp\conf','c:\opt\shibboleth-idp\credentials','c:\opt\shibboleth-idp\views','c:\opt\shibboleth-idp\edit-webapp','c:\opt\shibboleth-idp\messages','c:\opt\shibboleth-idp\metadata','c:\opt\shibboleth-idp\logs' ; \
-# Foreach ($path IN $paths) {Rename-Item -Path $path -NewName ((Split-Path $path -leaf) + '.dist') -Force}
-#
-#VOLUME ["c:/Tomcat/conf", \
-#	    "c:/Tomcat/webapps/ROOT", \
-#		"c:/Tomcat/logs", \
-#		"c:/sslcert", \
-#		"c:/opt/shibboleth-idp/conf", \
-#		"c:/opt/shibboleth-idp/credentials", \
-#		"c:/opt/shibboleth-idp/views", \
-#		"c:/opt/shibboleth-idp/edit-webapp", \
-#		"c:/opt/shibboleth-idp/messages", \
-#		"c:/opt/shibboleth-idp/metadata", \
-#		"c:/opt/shibboleth-idp/logs"]
-#
-#############################################################################
-
-
 #################################################
 ### Settings for a burned-in config (default) ###
 #################################################	
 # Ensure the following locations are accurate (and uncommented) if you plan to burn your configuration into your containers by uncommenting the relevant section below.
 # They represent the folder names/paths on your build host of the relevant config material needed to run the container.  You can also specify these 
 # with --build-arg in your 'docker build' command.
-ARG TOMCFG=config\\tomcat
-ARG TOMLOG=logs\\tomcat
-ARG TOMCERT=credentials\\tomcat
-ARG TOMWWWROOT=wwwroot
-ARG SHBCFG=config\\shib-idp\\conf
-ARG SHBCREDS=credentials\\shib-idp
-ARG SHBVIEWS=config\\shib-idp\\views
-ARG SHBEDWAPP=config\\shib-idp\\edit-webapp
-ARG SHBMSGS=config\\shib-idp\\messages
-ARG SHBMD=config\\shib-idp\\metadata
-ARG SHBLOG=logs\\shib-idp
+
+#ARG TOMCFG=config\\tomcat
+#ARG TOMLOG=logs\\tomcat
+#ARG TOMCERT=credentials\\tomcat
+#ARG TOMWWWROOT=wwwroot
+#ARG SHBCFG=config\\shib-idp\\conf
+#ARG SHBCREDS=credentials\\shib-idp
+#ARG SHBVIEWS=config\\shib-idp\\views
+#ARG SHBEDWAPP=config\\shib-idp\\edit-webapp
+#ARG SHBMSGS=config\\shib-idp\\messages
+#ARG SHBMD=config\\shib-idp\\metadata
+#ARG SHBLOG=logs\\shib-idp
 
 # Also, ***NOTE*** For a burned config, *uncomment* the ADD lines below and *comment* the lines of the VOLUME command above (~ 30 lines up)
 #
@@ -126,15 +110,16 @@ ARG SHBLOG=logs\\shib-idp
 #     dependency and a better solution might be to use syslog from the container
 # VOLUME ["c:\\idplogs", "c:\\opt\\shibboleth-idp\\logs"]
 #
-ADD $TOMCFG c:\\Tomcat\\conf
-ADD $TOMCERT c:\\sslcert
-ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT
-ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf
-ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials
-ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views
-ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp
-ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages
-ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata
+
+#ADD $TOMCFG c:\\Tomcat\\conf
+#ADD $TOMCERT c:\\sslcert
+#ADD $TOMWWWROOT c:\\Tomcat\\webapps\\ROOT
+#ADD $SHBCFG c:\\opt\\shibboleth-idp\\conf
+#ADD $SHBCREDS c:\\opt\\shibboleth-idp\\credentials
+#ADD $SHBVIEWS c:\\opt\\shibboleth-idp\\views
+#ADD $SHBEDWAPP c:\\opt\\shibboleth-idp\\edit-webapp
+#ADD $SHBMSGS c:\\opt\\shibboleth-idp\\messages
+#ADD $SHBMD c:\\opt\\shibboleth-idp\\metadata
 #
 ###############################################################################
 
diff --git a/config.ini b/config.ini
new file mode 100644
index 0000000..81d9395
--- /dev/null
+++ b/config.ini
@@ -0,0 +1 @@
+JavaHome=c:\zulujava\zulu-8\
\ No newline at end of file