Description

Update the Runtime Watcher Listener HandleSKREvent function to parse SKR identity from the client certificate, and inject it into the WatchEvent as SkrMeta.

As additional note: the getCertificateFromHeader part is moved from lifecycle-manager to runtime-watcher. The rest of the lifecycle-manager Verify func is dropped in a later ticket.

Reasons

Post #2339, we no longer need external verification for SKRs. By parsing the cert once at event reception and embedding the information into the event object, we simplify the flow and increase performance.

Acceptance Criteria

• Parse Common Name (CN) and Domain from client certificate (move parsing logic based on san_pinning.go from KLM)
• Populate SkrMeta in the unmarshalled WatchEvent
  • rest of the event is continued to be populated from the payload (see here)
  • SkrMeta is populated from certificate header data => extend this with getting the certificate header and put the data into "SkrMeta"
• Ensure GenericEvent creation from WatchEvent includes the skr field (internal only)
• Release new version of Runtime Watcher with these changes
• Update KLM to consume the new RW version (bump Runtime Watcher dependency)

Testing Approach

• Unit Testing of cert parsing logic
• E2E Testing still works