• Home
• com.huaweicloud.sermant
• sermant-injector
• 1.4.1
• source code
• CertificateEnvironmentPostProcessor.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.huaweicloud.sermant.injection.certificate.CertificateEnvironmentPostProcessor Maven / Gradle / Ivy

/*
 * Copyright (C) 2022-2022 Huawei Technologies Co., Ltd. All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package com.huaweicloud.sermant.injection.certificate;

import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.env.EnvironmentPostProcessor;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.util.StringUtils;

import java.io.File;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.text.Normalizer;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.Optional;

/**
 * 证书处理器
 *
 * @author provenceee
 * @since 2022-07-29
 */
public class CertificateEnvironmentPostProcessor implements EnvironmentPostProcessor {
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateEnvironmentPostProcessor.class);

    private static final String CERTIFICATE_PATH_KEY = "server.ssl.certificate";

    private static final String WHITE_PATH = "/home";

    private static final String DEFAULT_CERTIFICATE_PATH = "/home/config/sermant-injector.pem";

    private static final String PRIVATE_KEY_PATH_KEY = "server.ssl.certificate-private-key";

    private static final String DEFAULT_PRIVATE_KEY_PATH = "/home/config/sermant-injector.key";

    private static final List BASE64_DECODER_FLAG = Arrays.asList("BEGIN CERTIFICATE", "BEGIN RSA PRIVATE KEY");

    @Override
    public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) {
        // k8s环境中，这个证书是base64编码后的，所以需要解码
        String certificatePath = getNotEmptyText(environment, CERTIFICATE_PATH_KEY, DEFAULT_CERTIFICATE_PATH);
        Optional certificate = read(certificatePath);
        certificate.ifPresent(data -> write(data, certificatePath));

        // k8s环境中，这个私钥是base64编码后的，所以需要解码
        String privateKeyPath = getNotEmptyText(environment, PRIVATE_KEY_PATH_KEY, DEFAULT_PRIVATE_KEY_PATH);
        Optional privateKey = read(privateKeyPath);
        privateKey.ifPresent(data -> write(data, privateKeyPath));
    }

    private Optional read(String path) {
        String normalizePath = Normalizer.normalize(path, Normalizer.Form.NFKC);
        if (!isValid(normalizePath)) {
            return Optional.empty();
        }
        try (FileReader fileReader = new FileReader(normalizePath)) {
            return Optional.ofNullable(IOUtils.toString(fileReader));
        } catch (IOException e) {
            LOGGER.error("Cannot load the file[{}]", replacePath(path));
            return Optional.empty();
        }
    }

    private void write(String data, String path) {
        // 已经是非base64编码的数据，不需要解码
        for (String flag : BASE64_DECODER_FLAG) {
            if (data.contains(flag)) {
                return;
            }
        }
        try (FileOutputStream outputStream = new FileOutputStream(path)) {
            IOUtils.write(Base64.getDecoder().decode(data.getBytes(StandardCharsets.UTF_8)), outputStream);
        } catch (IOException e) {
            LOGGER.error("Cannot save the file[{}]", replacePath(path));
        }
    }

    private String getNotEmptyText(ConfigurableEnvironment env, String key, String defaultValue) {
        String value = env.getProperty(key);
        return StringUtils.hasText(value) ? value : defaultValue;
    }

    private boolean isValid(String path) {
        File file = new File(path);
        try {
            String canonicalPath = file.getCanonicalPath();
            if (!canonicalPath.startsWith(WHITE_PATH)) {
                return false;
            }
        } catch (IOException e) {
            LOGGER.error("Cannot load the file[{}]", replacePath(path));
            return false;
        }
        return true;
    }

    private String replacePath(String path) {
        return path.replace(System.lineSeparator(), "_");
    }
}