Update: CFT-3325 - mTLS

keboola · Jan 27, 2025 · 994bd63 · 994bd63
1 parent 5dc2c54
commit 994bd63
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 0 deletions.
diff --git a/src/Configuration/Api.php b/src/Configuration/Api.php
@@ -43,6 +43,8 @@ class Api
 
     private ?string $clientCertificate = null;
 
+    private ?string $clientKey = null;
+
     private float $connectTimeout = RestClient::DEFAULT_CONNECT_TIMEOUT;
 
     private float $requestTimeout = RestClient::DEFAULT_REQUEST_TIMEOUT;
@@ -53,6 +55,7 @@ public function __construct(LoggerInterface $logger, array $api, array $configAt
         $this->auth = $this->createAuth($api, $configAttributes, $authorization);
         $this->caCertificate = $api['caCertificate'] ?? null;
         $this->clientCertificate = $api['#clientCertificate'] ?? null;
+        $this->clientKey = $api['#clientKey'] ?? null;
         $this->headers = new Headers($api, $configAttributes);
         if (!empty($api['pagination']) && is_array($api['pagination'])) {
             if (isset($api['pagination']['pages'])) {
@@ -213,6 +216,11 @@ public function hasClientCertificate(): bool
         return $this->clientCertificate !== null;
     }
 
+    public function hasClientKey(): bool
+    {
+        return $this->clientKey !== null;
+    }
+
     public function getClientCertificate(): string
     {
         if (!$this->clientCertificate) {
@@ -222,13 +230,29 @@ public function getClientCertificate(): string
         return $this->clientCertificate;
     }
 
+    public function getClientKey(): string
+    {
+        if (!$this->clientKey) {
+            throw new ApplicationException('Key "api.clientKey" is not configured.');
+        }
+
+        return $this->clientKey;
+    }
+
     public function getClientCertificateFile(): string
     {
         $filePath = '/tmp/generic-extractor-client-certificate-' . uniqid((string) rand(), true) . '.pem';
         file_put_contents($filePath, $this->getClientCertificate());
         return $filePath;
     }
 
+    public function getClientKeyFile(): string
+    {
+        $filePath = '/tmp/generic-extractor-client-key-' . uniqid((string) rand(), true) . '.pem';
+        file_put_contents($filePath, $this->getClientKey());
+        return $filePath;
+    }
+
     public function getHeaders(): Headers
     {
         return $this->headers;

diff --git a/src/Configuration/Extractor/Node/Api.php b/src/Configuration/Extractor/Node/Api.php
@@ -17,6 +17,7 @@ public static function configureNode(ArrayNodeDefinition $node): void
             ->children()
                 ->scalarNode('caCertificate')->cannotBeEmpty()->end()
                 ->scalarNode('clientCertificate')->cannotBeEmpty()->end()
+                ->scalarNode('clientKey')->cannotBeEmpty()->end()
             ->end();
         // @formatter:on
     }

diff --git a/src/GenericExtractor.php b/src/GenericExtractor.php
@@ -103,6 +103,10 @@ protected function createClient(Config $config): RestClient
             $defaults['cert'] = $this->api->getClientCertificateFile();
         }
 
+        if ($this->api->hasClientKey()) {
+            $defaults['ssl_key'] = $this->api->getClientKeyFile();
+        }
+
         $client = new RestClient(
             $this->logger,
             $this->api->getBaseUrl(),