From 4dea1c6764ad8ab3b30ba7157ed2a44117b1a4e3 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Sun, 26 Apr 2026 17:36:06 +0200 Subject: [PATCH] feat: push Ed25519 public key to tenant server containers DockerTenantProvisioner now injects CAMELEER_SERVER_LICENSE_PUBLICKEY env var on provisioned server containers, enabling cryptographic license validation. SigningKeyService passed through auto-config. Co-Authored-By: Claude Opus 4.6 (1M context) --- .../cameleer/saas/provisioning/DockerTenantProvisioner.java | 6 +++++- .../saas/provisioning/TenantProvisionerAutoConfig.java | 5 +++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java b/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java index 1008d38..94b3803 100644 --- a/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java +++ b/src/main/java/net/siegeln/cameleer/saas/provisioning/DockerTenantProvisioner.java @@ -21,9 +21,12 @@ public class DockerTenantProvisioner implements TenantProvisioner { private final DockerClient docker; private final ProvisioningProperties props; + private final net.siegeln.cameleer.saas.license.SigningKeyService signingKeyService; - public DockerTenantProvisioner(DockerClientConfig config, ProvisioningProperties props) { + public DockerTenantProvisioner(DockerClientConfig config, ProvisioningProperties props, + net.siegeln.cameleer.saas.license.SigningKeyService signingKeyService) { this.props = props; + this.signingKeyService = signingKeyService; DockerHttpClient httpClient = new ZerodepDockerHttpClient.Builder() .dockerHost(config.getDockerHost()) .maxConnections(10) @@ -223,6 +226,7 @@ public class DockerTenantProvisioner implements TenantProvisioner { "CAMELEER_SERVER_SECURITY_OIDC_AUDIENCE=https://api.cameleer.local", "CAMELEER_SERVER_SECURITY_CORSALLOWEDORIGINS=" + props.corsOrigins(), "CAMELEER_SERVER_LICENSE_TOKEN=" + req.licenseToken(), + "CAMELEER_SERVER_LICENSE_PUBLICKEY=" + signingKeyService.getPublicKeyBase64(), "CAMELEER_SERVER_RUNTIME_ENABLED=true", "CAMELEER_SERVER_RUNTIME_SERVERURL=http://" + name + ":8081", "CAMELEER_SERVER_RUNTIME_ROUTINGDOMAIN=" + props.publicHost(), diff --git a/src/main/java/net/siegeln/cameleer/saas/provisioning/TenantProvisionerAutoConfig.java b/src/main/java/net/siegeln/cameleer/saas/provisioning/TenantProvisionerAutoConfig.java index b436494..6ceed97 100644 --- a/src/main/java/net/siegeln/cameleer/saas/provisioning/TenantProvisionerAutoConfig.java +++ b/src/main/java/net/siegeln/cameleer/saas/provisioning/TenantProvisionerAutoConfig.java @@ -2,6 +2,7 @@ package net.siegeln.cameleer.saas.provisioning; import com.github.dockerjava.core.DefaultDockerClientConfig; import com.github.dockerjava.core.DockerClientConfig; +import net.siegeln.cameleer.saas.license.SigningKeyService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.context.properties.EnableConfigurationProperties; @@ -17,13 +18,13 @@ public class TenantProvisionerAutoConfig { private static final Logger log = LoggerFactory.getLogger(TenantProvisionerAutoConfig.class); @Bean - TenantProvisioner tenantProvisioner(ProvisioningProperties props) { + TenantProvisioner tenantProvisioner(ProvisioningProperties props, SigningKeyService signingKeyService) { if (Files.exists(Path.of("/var/run/docker.sock"))) { log.info("Docker socket detected — enabling Docker tenant provisioner"); DockerClientConfig config = DefaultDockerClientConfig.createDefaultConfigBuilder() .withDockerHost("unix:///var/run/docker.sock") .build(); - return new DockerTenantProvisioner(config, props); + return new DockerTenantProvisioner(config, props, signingKeyService); } log.info("No Docker socket — tenant provisioning disabled"); return new DisabledTenantProvisioner();