1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.apache.syncope.sra.filters;
20
21 import java.security.cert.CertificateEncodingException;
22 import java.security.cert.X509Certificate;
23 import java.util.ArrayList;
24 import java.util.Base64;
25 import java.util.List;
26 import org.apache.commons.lang3.ArrayUtils;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29 import org.springframework.cloud.gateway.filter.GatewayFilter;
30 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
31 import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory.NameConfig;
32 import org.springframework.http.server.reactive.ServerHttpRequest;
33
34 public class ClientCertsToRequestHeaderFilterFactory extends AbstractGatewayFilterFactory<NameConfig> {
35
36 private static final Logger LOG = LoggerFactory.getLogger(ClientCertsToRequestHeaderFilterFactory.class);
37
38 public ClientCertsToRequestHeaderFilterFactory() {
39 super(NameConfig.class);
40 }
41
42 @Override
43 public GatewayFilter apply(final NameConfig config) {
44 return (exchange, chain) -> {
45 ServerHttpRequest originalRequest = exchange.getRequest();
46
47 ServerHttpRequest mutatedRequest;
48 if (originalRequest.getSslInfo() != null
49 && ArrayUtils.isNotEmpty(originalRequest.getSslInfo().getPeerCertificates())) {
50
51 LOG.debug("Client certificates found in original request: {}",
52 originalRequest.getSslInfo().getPeerCertificates().length);
53
54 List<String> certs = new ArrayList<>();
55 for (X509Certificate cert : originalRequest.getSslInfo().getPeerCertificates()) {
56 try {
57 certs.add(Base64.getEncoder().encodeToString(cert.getEncoded()));
58 } catch (CertificateEncodingException e) {
59 LOG.error("Could not encode one of client certificates", e);
60 }
61 }
62
63 mutatedRequest = originalRequest.mutate().
64 headers(headers -> headers.addAll(config.getName(), certs)).
65 sslInfo(null).
66 build();
67 } else {
68 mutatedRequest = originalRequest;
69 }
70
71 return chain.filter(exchange.mutate().request(mutatedRequest).build());
72 };
73 }
74 }