• Home
• io.github.microcks
• microcks-kube-operator
• 0.0.1
• source code
• IngressSpecUtil.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.github.microcks.operator.model.IngressSpecUtil Maven / Gradle / Ivy

/*
 * Copyright The Microcks Authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.github.microcks.operator.model;

import io.github.microcks.operator.api.model.IngressSpec;

import io.fabric8.kubernetes.api.model.Secret;
import io.fabric8.kubernetes.api.model.SecretBuilder;
import org.bouncycastle.asn1.ASN1Encodable;
import org.bouncycastle.asn1.DERSequence;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x509.BasicConstraints;
import org.bouncycastle.asn1.x509.ExtendedKeyUsage;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.KeyPurposeId;
import org.bouncycastle.asn1.x509.KeyUsage;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.jboss.logging.Logger;

import javax.security.auth.x500.X500Principal;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;

/**
 * Holds utility methods to manage Ingress params from specification.
 * @author laurent
 */
public class IngressSpecUtil {

   /**
    * Get the ingress annotations if defined, null otherwise.
    * @param spec The IngressSpec that may be null
    * @return Ingress annotations to apply.
    */
   public static Map getAnnotationsIfAny(IngressSpec spec) {
      if (spec != null && spec.getAnnotations() != null) {
         return spec.getAnnotations();
      }
      return null;
   }

   /**
    * Whether we should generate certificate Secret for this ingress.
    * @param spec The IngressSpec that may be null
    * @return True if we have to generate a self-signed secret holding certificate, false otherwise.
    */
   public static boolean generateCertificateSecret(IngressSpec spec) {
      return spec == null || (spec.getSecretRef() == null && spec.isGenerateCert());
   }

   /**
    * Get the ingress secret name to use from the spec or default.
    * @param spec              The IngressSpec that may be null
    * @param defaultSecretName The default name to apply
    * @return Secret name from the spec of default one
    */
   public static String getSecretName(IngressSpec spec, String defaultSecretName) {
      if (spec != null) {
         if (spec.getSecretRef() != null) {
            return spec.getSecretRef();
         }
         if (!spec.isGenerateCert()) {
            return null;
         }
      }
      return defaultSecretName;
   }

   /**
    * Generate a Secret holding a self-signed certificate and key for Ingress tests purposes.
    * @param name   The name of secret to generate
    * @param labels The labels to add to Secret
    * @param host   The host name to generate a cert and key for.
    * @return The created Secret to persist using Kube apis.
    */
   public static Secret generateSelfSignedCertificateSecret(String name, Map labels, String host) {
      return generateSelfSignedCertificateSecret(name, labels, List.of(host));
   }

   /**
    * Generate a Secret holding a self-signed certificate and key for Ingress tests purposes.
    * @param name   The name of secret to generate
    * @param labels The labels to add to Secret
    * @param hosts  A list of host names to generate a cert and key for.
    * @return The created Secret to persist using Kube apis.
    */
   public static Secret generateSelfSignedCertificateSecret(String name, Map labels, List hosts) {
      Security.addProvider(new BouncyCastleProvider());

      X500Principal subject = new X500Principal("CN=" + hosts.get(0));
      X500Principal signedByPrincipal = subject;
      KeyPair keyPair = generateKeyPair();
      KeyPair signedByKeyPair = keyPair;

      long notBefore = System.currentTimeMillis();
      long notAfter = notBefore + (1000L * 3600L * 24 * 365);

      ASN1Encodable[] encodableAltNames = new ASN1Encodable[hosts.size()];
      for (int i=0; i