diff options
Diffstat (limited to 'proxy/src/test/resources/certs')
-rw-r--r-- | proxy/src/test/resources/certs/certificates.readme | 22 | ||||
-rw-r--r-- | proxy/src/test/resources/certs/rest_api_test.jks | bin | 0 -> 2001 bytes | |||
-rw-r--r-- | proxy/src/test/resources/certs/rest_client_test.p12 | bin | 0 -> 1840 bytes | |||
-rw-r--r-- | proxy/src/test/resources/certs/server.xml | 147 |
4 files changed, 169 insertions, 0 deletions
diff --git a/proxy/src/test/resources/certs/certificates.readme b/proxy/src/test/resources/certs/certificates.readme new file mode 100644 index 0000000..0039145 --- /dev/null +++ b/proxy/src/test/resources/certs/certificates.readme @@ -0,0 +1,22 @@ +to generate certificates: + +keytool -genkeypair -alias servercert -keyalg RSA -dname "CN=Web Server,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -keystore server.jks -storepass password +keytool -genkeypair -alias clientcert -keystore clientcert.p12 -storetype pkcs12 -keyalg RSA -dname "CN=Client,OU=Unit,O=Organization,L=City,S=State,C=US" -keypass password -storepass password +keytool -exportcert -alias %1 -file clientcert.cer -keystore clientcert.p12 -storetype pkcs12 -storepass password +keytool -importcert -keystore server.jks -alias clientcert -file clientcert.cer -v -trustcacerts -noprompt -storepass password + +tomcat connector configuration: + +<Connector + clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75" + enableLookups="true" disableUploadTimeout="true" + acceptCount="100" maxThreads="200" + scheme="https" secure="true" SSLEnabled="true" + keystoreFile="${catalina.home}/conf/server.jks" + keystoreType="JKS" keystorePass="password" + truststoreFile="${catalina.home}/conf/server.jks" + truststoreType="JKS" truststorePass="password" + SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS" +/> + +install client certificate into your browser of choice, and you should be good to go!
\ No newline at end of file diff --git a/proxy/src/test/resources/certs/rest_api_test.jks b/proxy/src/test/resources/certs/rest_api_test.jks Binary files differnew file mode 100644 index 0000000..b055808 --- /dev/null +++ b/proxy/src/test/resources/certs/rest_api_test.jks diff --git a/proxy/src/test/resources/certs/rest_client_test.p12 b/proxy/src/test/resources/certs/rest_client_test.p12 Binary files differnew file mode 100644 index 0000000..f2d100e --- /dev/null +++ b/proxy/src/test/resources/certs/rest_client_test.p12 diff --git a/proxy/src/test/resources/certs/server.xml b/proxy/src/test/resources/certs/server.xml new file mode 100644 index 0000000..85ab0e1 --- /dev/null +++ b/proxy/src/test/resources/certs/server.xml @@ -0,0 +1,147 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--><!-- Note: A "Server" is not itself a "Container", so you may not + define subcomponents such as "Valves" at this level. + Documentation at /docs/config/server.html + --><Server port="8005" shutdown="SHUTDOWN"> + + <!--APR library loader. Documentation at /docs/apr.html --> + <!-- Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener"/ --> + <!--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html --> + <Listener className="org.apache.catalina.core.JasperListener"/> + <!-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html --> + <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"/> + <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/> + + <!-- Global JNDI resources + Documentation at /docs/jndi-resources-howto.html + --> + <GlobalNamingResources> + <!-- Editable user database that can also be used by + UserDatabaseRealm to authenticate users + --> + <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase"/> + </GlobalNamingResources> + + <!-- A "Service" is a collection of one or more "Connectors" that share + a single "Container" Note: A "Service" is not itself a "Container", + so you may not define subcomponents such as "Valves" at this level. + Documentation at /docs/config/service.html + --> + <Service name="Catalina"> + + <!--The connectors can use a shared executor, you can define one or more named thread pools--> + <!-- + <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" + maxThreads="150" minSpareThreads="4"/> + --> + + + <!-- A "Connector" represents an endpoint by which requests are received + and responses are returned. Documentation at : + Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) + Java AJP Connector: /docs/config/ajp.html + APR (HTTP/AJP) Connector: /docs/apr.html + Define a non-SSL HTTP/1.1 Connector on port 8080 + --> + <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443"/> + <!-- A "Connector" using the shared thread pool--> + <!-- + <Connector executor="tomcatThreadPool" + port="8080" protocol="HTTP/1.1" + connectionTimeout="20000" + redirectPort="8443" /> + --> + <!-- Define a SSL HTTP/1.1 Connector on port 8443 + This connector uses the JSSE configuration, when using APR, the + connector should be using the OpenSSL style configuration + described in the APR documentation --> + <!-- + <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" + maxThreads="150" scheme="https" secure="true" + clientAuth="false" sslProtocol="TLS" /> + --> + <Connector port="8443" maxHttpHeaderSize="8192" + maxThreads="150" minSpareThreads="25" maxSpareThreads="75" + enableLookups="true" disableUploadTimeout="true" + acceptCount="100" scheme="https" secure="true" SSLEnabled="true" + clientAuth="true" + keystoreFile="${catalina.home}/conf/certs/rest_api_test.jks" + keystoreType="JKS" + keystorePass="password" + truststoreFile="${catalina.home}/conf/certs/rest_api_test.jks" + truststoreType="JKS" + truststorePass="password" + SSLVerifyClient="require" SSLVerifyDepth="2" SSLEngine="on" sslProtocol="TLS" /> + + <!-- Define an AJP 1.3 Connector on port 8009 --> + <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/> + + + <!-- An Engine represents the entry point (within Catalina) that processes + every request. The Engine implementation for Tomcat stand alone + analyzes the HTTP headers included with the request, and passes them + on to the appropriate Host (virtual host). + Documentation at /docs/config/engine.html --> + + <!-- You should set jvmRoute to support load-balancing via AJP ie : + <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1"> + --> + <Engine defaultHost="localhost" name="Catalina"> + + <!--For clustering, please take a look at documentation at: + /docs/cluster-howto.html (simple how to) + /docs/config/cluster.html (reference documentation) --> + <!-- + <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> + --> + + <!-- The request dumper valve dumps useful debugging information about + the request and response data received and sent by Tomcat. + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.valves.RequestDumperValve"/> + --> + + <!-- This Realm uses the UserDatabase configured in the global JNDI + resources under the key "UserDatabase". Any edits + that are performed against this UserDatabase are immediately + available for use by the Realm. --> + <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> + + <!-- Define the default virtual host + Note: XML Schema validation will not work with Xerces 2.2. + --> + <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true" xmlNamespaceAware="false" xmlValidation="false"> + + <!-- SingleSignOn valve, share authentication between web applications + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> + --> + + <!-- Access log processes all example. + Documentation at: /docs/config/valve.html --> + <!-- + <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" + prefix="localhost_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> + --> + + <Context docBase="/Users/wb/sandbox/candlepin/proxy/code/webapp" path="" reloadable="true"/></Host> + </Engine> + </Service> +</Server>
\ No newline at end of file |