Merge pull request #9 from Nordix/doc-update2

doc update
Nordix · Oct 11, 2024 · 8a3af2e · 8a3af2e
2 parents 2cb75fd + 4be95bb
commit 8a3af2e
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 10 deletions.
diff --git a/docs/ingress-controllers.md b/docs/ingress-controllers.md
@@ -16,7 +16,7 @@ spec:
   virtualhost:
     fqdn: keycloak.127-0-0-121.nip.io
     tls:
-      secretName: keycloak-external
+      secretName: keycloak-server-cert
       clientValidation:
         caSecret: client-ca
         optionalClientCertificate: true
@@ -57,7 +57,7 @@ spec:
       protocol: HTTPS
     tls:
       mode: OPTIONAL_MUTUAL
-      credentialName: keycloak-external
+      credentialName: keycloak-server-cert
     hosts:
     - "*"
 ```
@@ -68,7 +68,7 @@ spec:
 To configure a client with the X509 authenticator, create a new client with the following settings:
 
 1. In the "General settings" step, fill in:
-    - Set the Client ID name, for example: `x509test`
+    - Set the Client ID name, for example: `xfcc-client`
 2. In the "Capabilicy config" step, fill in:
     - Client Authentication: On
     - Select "Service accounts roles"
@@ -82,7 +82,7 @@ Enable the X509 authenticator:
 Make an HTTP request with the client certificate:
 
 ```console
-$ http --cert certs/x509client.pem --cert-key certs/x509client-key.pem --verify certs/ca.pem --form POST https://keycloak.127-0-0-1.nip.io:8443/realms/master/protocol/openid-connect/token grant_type=client_credentials client_id=x509test
+$ http --cert target/certs/client.pem --cert-key target/certs/client-key.pem --verify target/certs/server-ca.pem --form POST https://keycloak.127.0.0.1.nip.io:8443/realms/xfcc/protocol/openid-connect/token grant_type=client_credentials client_id=xfcc-client
 HTTP/1.1 200 OK
 cache-control: no-store
 content-length: 1412

diff --git a/...in/java/io/github/nordix/keycloak/services/x509/EnvoyProxySslClientCertificateLookup.java b/...in/java/io/github/nordix/keycloak/services/x509/EnvoyProxySslClientCertificateLookup.java
@@ -17,6 +17,9 @@
 import org.keycloak.http.HttpRequest;
 import org.keycloak.services.x509.X509ClientCertificateLookup;
 
+/**
+ * Extracts the client certificate chain from the HTTP request forwarded by Envoy.
+ */
 public class EnvoyProxySslClientCertificateLookup implements X509ClientCertificateLookup {
 
     protected final static String XFCC_HEADER = "x-forwarded-client-cert";
@@ -30,10 +33,10 @@ public void close() {
     /**
      * Extracts the client certificate chain from the HTTP request forwarded by Envoy.
      *
-     * The Envoy XFCC header value is a comma (“,”) separated string.
+     * The Envoy XFCC header value is a comma (",") separated string.
      * Each substring is an XFCC element, which holds information added by a single proxy.
-     * Each XFCC element is a semicolon (“;”) separated list of key-value pairs.
-     * Each key-value pair is separated by an equal sign (“=”).
+     * Each XFCC element is a semicolon (";") separated list of key-value pairs.
+     * Each key-value pair is separated by an equal sign ("=").
      *
      * Example:
      *
@@ -44,7 +47,6 @@ public void close() {
      * 1. Cert - The entire client certificate in URL encoded PEM format.
      * 2. Chain - The entire client certificate chain (including the leaf certificate) in URL encoded PEM format.
      *
-     *
      * For Envoy documentation, see
      * https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-client-cert
      *
@@ -89,8 +91,10 @@ public X509Certificate[] getCertificateChain(HttpRequest httpRequest) throws Gen
         return certs;
     }
 
+    /**
+     * Decodes the URL encoded value and removes enclosing quotes if present.
+     */
     private String decodeValue(String value) {
-        // Remove enclosing quotes if present.
         if (value.startsWith("\"") && value.endsWith("\"")) {
             value = value.substring(1, value.length() - 1);
         }

diff --git a/.../io/github/nordix/keycloak/services/x509/EnvoyProxySslClientCertificateLookupFactory.java b/.../io/github/nordix/keycloak/services/x509/EnvoyProxySslClientCertificateLookupFactory.java
@@ -14,6 +14,9 @@
 import org.keycloak.services.x509.X509ClientCertificateLookup;
 import org.keycloak.services.x509.X509ClientCertificateLookupFactory;
 
+/**
+ * Factory for creating EnvoyProxySslClientCertificateLookup instances.
+ */
 public class EnvoyProxySslClientCertificateLookupFactory implements X509ClientCertificateLookupFactory {
 
     private final static String PROVIDER = "envoy";

diff --git a/src/test/java/io/github/nordix/keycloak/services/x509/DockerComposeExtension.java b/src/test/java/io/github/nordix/keycloak/services/x509/DockerComposeExtension.java
@@ -16,6 +16,9 @@
 import org.jboss.logging.Logger;
 import org.junit.jupiter.api.extension.AfterAllCallback;
 
+/**
+ * JUnit extension for starting and stopping Docker Compose.
+ */
 public class DockerComposeExtension implements BeforeAllCallback, AfterAllCallback {
 
     private static final String DOCKER_COMPOSE_UP = "docker compose up --force-recreate --detach";
@@ -32,7 +35,7 @@ public class DockerComposeExtension implements BeforeAllCallback, AfterAllCallba
     @Override
     public void beforeAll(ExtensionContext context) throws Exception {
         run(DOCKER_COMPOSE_UP, "Failed to start Docker Compose.");
-        logger.info("Use the following command to see the logs \"docker compose logs -f\"");
+        logger.info("To see logs, run 'docker compose logs -f'");
     }
 
     @Override