View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.syncope.sra.filters;
20  
21  import java.security.cert.CertificateEncodingException;
22  import java.security.cert.X509Certificate;
23  import java.util.ArrayList;
24  import java.util.Base64;
25  import java.util.List;
26  import org.apache.commons.lang3.ArrayUtils;
27  import org.slf4j.Logger;
28  import org.slf4j.LoggerFactory;
29  import org.springframework.cloud.gateway.filter.GatewayFilter;
30  import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
31  import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory.NameConfig;
32  import org.springframework.http.server.reactive.ServerHttpRequest;
33  
34  public class ClientCertsToRequestHeaderFilterFactory extends AbstractGatewayFilterFactory<NameConfig> {
35  
36      private static final Logger LOG = LoggerFactory.getLogger(ClientCertsToRequestHeaderFilterFactory.class);
37  
38      public ClientCertsToRequestHeaderFilterFactory() {
39          super(NameConfig.class);
40      }
41  
42      @Override
43      public GatewayFilter apply(final NameConfig config) {
44          return (exchange, chain) -> {
45              ServerHttpRequest originalRequest = exchange.getRequest();
46  
47              ServerHttpRequest mutatedRequest;
48              if (originalRequest.getSslInfo() != null
49                      && ArrayUtils.isNotEmpty(originalRequest.getSslInfo().getPeerCertificates())) {
50  
51                  LOG.debug("Client certificates found in original request: {}",
52                          originalRequest.getSslInfo().getPeerCertificates().length);
53  
54                  List<String> certs = new ArrayList<>();
55                  for (X509Certificate cert : originalRequest.getSslInfo().getPeerCertificates()) {
56                      try {
57                          certs.add(Base64.getEncoder().encodeToString(cert.getEncoded()));
58                      } catch (CertificateEncodingException e) {
59                          LOG.error("Could not encode one of client certificates", e);
60                      }
61                  }
62  
63                  mutatedRequest = originalRequest.mutate().
64                          headers(headers -> headers.addAll(config.getName(), certs)).
65                          sslInfo(null).
66                          build();
67              } else {
68                  mutatedRequest = originalRequest;
69              }
70  
71              return chain.filter(exchange.mutate().request(mutatedRequest).build());
72          };
73      }
74  }