Fetch credentials from correct location

cnorthwood · Sep 5, 2017 · daf5ab9 · daf5ab9
1 parent 01ebda1
commit daf5ab9
Show file tree

Hide file tree

Showing 9 changed files with 96 additions and 58 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,4 +1,4 @@
 /.vagrant
 /target
-/vagrant/key.pem
-/vagrant/cert.pem
+/apache-config/key.pem
+/apache-config/cert.pem
diff --git a/README.md b/README.md
@@ -4,21 +4,22 @@ Go.CD TLS Client Certificate Authenticator
 [![Build Status](https://travis-ci.org/cnorthwood/gocd-tls-auth.svg?branch=master)](https://travis-ci.org/cnorthwood/gocd-tls-auth)
 
 This plugin allows users to be authenticated by TLS client certificates, when
-Go.CD is behind a reverse proxy which terminates TLS and passes through the
+GoCD is behind a reverse proxy which terminates TLS and passes through the
 certificate details in HTTP headers.
 
 Deploying
 ---------
 
-To start with, you'll need to [configure your Go server to use password
-authentication](https://www.go.cd/documentation/user/current/configuration/dev_authentication.html).
+The GoCD docs are a good intro to how authentication works: https://docs.gocd.org/current/configuration/dev_authentication.html 
 
 You'll also need to configure Apache or something to terminate your SSL
 connections and reverse proxy it through to Go. Apache will need to make the
 certificate CN available to the upstream server under the "SSL_CLIENT_S_DN"
-header. Adding a line such as below to your Apache config file will allow this:
+header. You will also need to pass the verify state through. Adding lines
+such as below to your Apache config file will allow this:
 
     RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
+    RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
 
 The httpd.conf in the apache-config folder shows a complete sample configuration.
 

diff --git a/apache-config/cert.pem b/apache-config/cert.pem
diff --git a/apache-config/htpasswd b/apache-config/htpasswd
@@ -1 +1 @@
-root:$2y$05$M8iBFmUK0vG1B8y7nbsrXODNlw4TxVUTXdpQQXqaPbbH40X2bdfyu
+root:{SHA}q/eq1kOINtvlJqojGr3i0O73TUI=
diff --git a/apache-config/key.pem b/apache-config/key.pem
diff --git a/src/main/java/uk/me/cjn/gocd_tls_auth/TlsAuthorizationPlugin.java b/src/main/java/uk/me/cjn/gocd_tls_auth/TlsAuthorizationPlugin.java
@@ -141,7 +141,8 @@ private GoPluginApiResponse buildAuthorizationServerUrlResponse(GoPluginApiReque
     }
 
     private GoPluginApiResponse handleAuthenticateRequest(GoPluginApiRequest request) {
-        Map<String, String> suppliedCredentials = gson.fromJson(request.requestBody(), Map.class);
+        Map<String, Object> requestBody = gson.fromJson(request.requestBody(), Map.class);
+        Map<String, String> suppliedCredentials = (Map<String, String>) requestBody.get("credentials");
         String sslVerify = suppliedCredentials.get("SSL_VERIFY");
         String sslSubject = suppliedCredentials.get("SSL_SUBJECT");