-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Expand file tree
/
Copy pathclient_certificate_mapper.go
More file actions
117 lines (96 loc) · 4.13 KB
/
client_certificate_mapper.go
File metadata and controls
117 lines (96 loc) · 4.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
package frameworks
import (
"fmt"
"github.com/cloudfoundry/java-buildpack/src/java/common"
"os"
"path/filepath"
)
// ClientCertificateMapperFramework implements mTLS client certificate mapper support
// This framework provides automatic mapping of Cloud Foundry client certificates
// for mutual TLS (mTLS) authentication in Java applications
type ClientCertificateMapperFramework struct {
context *common.Context
}
// NewClientCertificateMapperFramework creates a new client certificate mapper framework instance
func NewClientCertificateMapperFramework(ctx *common.Context) *ClientCertificateMapperFramework {
return &ClientCertificateMapperFramework{context: ctx}
}
// Detect checks if client certificate mapper should be included
// Enabled by default to support mTLS scenarios, can be disabled via configuration
func (c *ClientCertificateMapperFramework) Detect() (string, error) {
// Check if explicitly disabled via configuration
config, err := c.loadConfig()
if err != nil {
c.context.Log.Warning("Failed to load client certificate mapper config: %s", err.Error())
return "", nil // Don't fail the build
}
if !config.isEnabled() {
return "", nil
}
// Enabled by default to support mTLS client certificate authentication
return "Client Certificate Mapper", nil
}
// Supply installs the client certificate mapper JAR
func (c *ClientCertificateMapperFramework) Supply() error {
c.context.Log.Debug("Installing Client Certificate Mapper")
// Get client-certificate-mapper dependency from manifest
dep, err := c.context.Manifest.DefaultVersion("client-certificate-mapper")
if err != nil {
return fmt.Errorf("unable to determine Client Certificate Mapper version: %w", err)
}
// Install client certificate mapper JAR
mapperDir := filepath.Join(c.context.Stager.DepDir(), "client_certificate_mapper")
if err := c.context.Installer.InstallDependency(dep, mapperDir); err != nil {
return fmt.Errorf("failed to install Client Certificate Mapper: %w", err)
}
c.context.Log.Debug("Installed Client Certificate Mapper version %s", dep.Version)
return nil
}
// Finalize adds the client certificate mapper JAR to the application classpath
func (c *ClientCertificateMapperFramework) Finalize() error {
// Find the installed JAR
mapperDir := filepath.Join(c.context.Stager.DepDir(), "client_certificate_mapper")
jarPattern := filepath.Join(mapperDir, "client-certificate-mapper-*.jar")
matches, err := filepath.Glob(jarPattern)
if err != nil || len(matches) == 0 {
// JAR not found, might not have been installed
return nil
}
depsIdx := c.context.Stager.DepsIdx()
runtimePath := fmt.Sprintf("$DEPS_DIR/%s/client_certificate_mapper/%s", depsIdx, filepath.Base(matches[0]))
profileScript := fmt.Sprintf("export CLASSPATH=\"%s${CLASSPATH:+:$CLASSPATH}\"\n", runtimePath)
if err := c.context.Stager.WriteProfileD("client_certificate_mapper.sh", profileScript); err != nil {
return fmt.Errorf("failed to write client_certificate_mapper.sh profile.d script: %w", err)
}
c.context.Log.Debug("Client Certificate Mapper JAR will be added to classpath at runtime: %s", runtimePath)
return nil
}
func (c *ClientCertificateMapperFramework) loadConfig() (*clientCertificateMapperConfig, error) {
// initialize default values
mapperConfig := clientCertificateMapperConfig{
Enabled: true,
}
config := os.Getenv("JBP_CONFIG_CLIENT_CERTIFICATE_MAPPER")
if config != "" {
yamlHandler := common.YamlHandler{}
err := yamlHandler.ValidateFields([]byte(config), &mapperConfig)
if err != nil {
c.context.Log.Warning("Unknown user config values: %s", err.Error())
}
// overlay JBP_CONFIG_CLIENT_CERTIFICATE_MAPPER over default values
if err = yamlHandler.Unmarshal([]byte(config), &mapperConfig); err != nil {
return nil, fmt.Errorf("failed to parse JBP_CONFIG_CLIENT_CERTIFICATE_MAPPER: %w", err)
}
}
return &mapperConfig, nil
}
type clientCertificateMapperConfig struct {
Enabled bool `yaml:"enabled"`
}
// isEnabled checks if client certificate mapper is enabled
func (c *clientCertificateMapperConfig) isEnabled() bool {
return c.Enabled
}
func (c *ClientCertificateMapperFramework) DependencyIdentifier() string {
return "client-certificate-mapper"
}