4 files changed, 169 insertions, 0 deletions
diff --git a/proxy/src/test/resources/certs/certificates.readme b/proxy/src/test/resources/certs/certificates.readme
new file mode 100644
index 0000000..0039145
--- /dev/null
+++ b/proxy/src/test/resources/certs/certificates.readme
@@ -0,0 +1,22 @@
+to generate certificates:
+
+keytool -genkeypair -alias servercert -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -keystore server.jks -storepass password
+keytool -genkeypair -alias clientcert -keystore clientcert.p12 -storetype pkcs12 -keyalg RSA -dname "CN=Client,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -storepass password
+keytool -exportcert -alias %1 -file clientcert.cer -keystore clientcert.p12 -storetype pkcs12 -storepass password
+keytool -importcert -keystore server.jks -alias clientcert -file clientcert.cer -v -trustcacerts -noprompt -storepass password
+
+tomcat connector configuration:
+
+<Connector
+   clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75"
+   enableLookups="true" disableUploadTimeout="true"
+   acceptCount="100" maxThreads="200"
+   scheme="https" secure="true" SSLEnabled="true"
+   keystoreFile="${catalina.home}/conf/server.jks"
+   keystoreType="JKS" keystorePass="password"
+   truststoreFile="${catalina.home}/conf/server.jks"
+   truststoreType="JKS" truststorePass="password"
+   SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS"
+/>
+
+install client certificate into your browser of choice, and you should be good to go!
+\ No newline at end of file
diff --git a/proxy/src/test/resources/certs/rest_api_test.jks b/proxy/src/test/resources/certs/rest_api_test.jks
new file mode 100644
index 0000000..b055808
--- /dev/null
+++ b/proxy/src/test/resources/certs/rest_api_test.jks
diff --git a/proxy/src/test/resources/certs/rest_client_test.p12 b/proxy/src/test/resources/certs/rest_client_test.p12
new file mode 100644
index 0000000..f2d100e
--- /dev/null
+++ b/proxy/src/test/resources/certs/rest_client_test.p12
diff --git a/proxy/src/test/resources/certs/server.xml b/proxy/src/test/resources/certs/server.xml
new file mode 100644
index 0000000..85ab0e1
--- /dev/null
+++ b/proxy/src/test/resources/certs/server.xml
@@ -0,0 +1,147 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+--><!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ --><Server port="8005" shutdown="SHUTDOWN">
+
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <!-- Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/ -->
+  <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -->
+  <Listener className="org.apache.catalina.core.JasperListener"/>
+  <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -->
+  <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/>
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/>
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container", 
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+  
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+    <!--
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" 
+        maxThreads="150" minSpareThreads="4"/>
+    -->
+    
+    
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned. Documentation at :
+         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+         Java AJP  Connector: /docs/config/ajp.html
+         APR (HTTP/AJP) Connector: /docs/apr.html
+         Define a non-SSL HTTP/1.1 Connector on port 8080
+    -->
+    <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/>
+    <!-- A "Connector" using the shared thread pool-->
+    <!--
+    <Connector executor="tomcatThreadPool"
+               port="8080" protocol="HTTP/1.1" 
+               connectionTimeout="20000" 
+               redirectPort="8443" />
+    -->           
+    <!-- Define a SSL HTTP/1.1 Connector on port 8443
+         This connector uses the JSSE configuration, when using APR, the 
+         connector should be using the OpenSSL style configuration
+         described in the APR documentation -->
+    <!--
+    <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
+               maxThreads="150" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS" />
+    -->
+    <Connector port="8443" maxHttpHeaderSize="8192" 
+      maxThreads="150" minSpareThreads="25" maxSpareThreads="75" 
+      enableLookups="true" disableUploadTimeout="true" 
+      acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
+      clientAuth="true"
+      keystoreFile="${catalina.home}/conf/certs/rest_api_test.jks"
+      keystoreType="JKS"
+      keystorePass="password"
+      truststoreFile="${catalina.home}/conf/certs/rest_api_test.jks"
+      truststoreType="JKS" 
+      truststorePass="password" 
+      SSLVerifyClient="require" SSLVerifyDepth="2" SSLEngine="on" sslProtocol="TLS" />
+
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
+    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>
+
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host).
+         Documentation at /docs/config/engine.html -->
+
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">         
+    --> 
+    <Engine defaultHost="localhost" name="Catalina">
+
+      <!--For clustering, please take a look at documentation at:
+          /docs/cluster-howto.html  (simple how to)
+          /docs/config/cluster.html (reference documentation) -->
+      <!--
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+      -->        
+
+      <!-- The request dumper valve dumps useful debugging information about
+           the request and response data received and sent by Tomcat.
+           Documentation at: /docs/config/valve.html -->
+      <!--
+      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+      -->
+
+      <!-- This Realm uses the UserDatabase configured in the global JNDI
+           resources under the key "UserDatabase".  Any edits
+           that are performed against this UserDatabase are immediately
+           available for use by the Realm.  -->
+      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
+
+      <!-- Define the default virtual host
+           Note: XML Schema validation will not work with Xerces 2.2.
+       -->
+      <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false">
+
+        <!-- SingleSignOn valve, share authentication between web applications
+             Documentation at: /docs/config/valve.html -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+        -->
+
+        <!-- Access log processes all example.
+             Documentation at: /docs/config/valve.html -->
+        <!--
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"  
+               prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
+        -->
+
+      <Context docBase="/Users/wb/sandbox/candlepin/proxy/code/webapp" path="" reloadable="true"/></Host>
+    </Engine>
+  </Service>
+</Server>
+\ No newline at end of file