feat: add verify_client_certificate_metadata to gorouter spec (WIP)

jobs/gorouter/spec

@@ -518,6 +518,21 @@ properties:
     description: "The number of file descriptors a router can have open at one time"
     default: 100000
 
+  router.verify_client_certificate_metadata:
+    description: |
+      Additional client certificate verification which limits the allowed client certificate for given to a signing CA (identified by its subject) to the certificates with subjects provided in the list of valid subjects. Each list entry contains a ca_subject with a coresponding list of valid subjects.
+      - ca_subject:
+          - common_name: ""
+            organization: []
+            locality: []
+            country: []
+        valid_subjects:
+          - common_name: ""
+            organizational_units: []
+            organizations: []
+            locality: []
+            country: []
+    default: []
   healthchecker.failure_counter_file:
     description: "File used by the healthchecker to monitor consecutive failures."
     default: /var/vcap/data/gorouter/counters/consecutive_healthchecker_failures.count

jobs/gorouter/templates/gorouter.yml.erb

@@ -115,6 +115,7 @@ params = {
   'send_http_start_stop_server_event' => p('router.send_http_start_stop_server_event'),
   'send_http_start_stop_client_event' => p("router.send_http_start_stop_client_event"),
   'empty_pool_timeout' => p('for_backwards_compatibility_only.empty_pool_timeout'),
+  'verify_client_certificate_metadata'=> p('router.verify_client_certificate_metadata')
 }
 
 if_p('router.prometheus.port') do |port|
@@ -422,5 +423,7 @@ if_p('router.html_error_template') do |t|
   params['html_error_template_file'] = t == '' ? nil : '/var/vcap/jobs/gorouter/config/error.html'
 end
 
+
+
 params.to_yaml[3..-1]
 %>