merge cadcTomcat module (07a18e8b) · Commits · OATS-CADC / ac

cadcTomcat/COPYING

0 → 100644

+661 −0

File added.

Preview size limit exceeded, changes collapsed.

cadcTomcat/Dependencies.txt

0 → 100644

+10 −0

Original line number	Diff line number	Diff line
		JAR files required for the OpenCADC cadcTomcat project
		======================================================

		Name in build.xml Versioned Name Project URL
		----------------- -------------- -----------
		catalina.jar catalina-7.0.33.jar http://tomcat.apache.org/
		tomcat-util.jar tomcat-util-7.0.33.jar http://tomcat.apache.org/
		tomcat-juli.jar tomcat-juli-7.0.33.jar http://tomcat.apache.org/
		tomcat-coyote.jar tomcat-coyote-7.0.33.jar http://tomcat.apache.org/
		cadcUtil http://code.google.com/p/opencadc/source/checkout
		No newline at end of file

cadcTomcat/README-REALM

0 → 100644

+16 −0

Original line number	Diff line number	Diff line
		===============================================================================
		REALM README file for opencadc project cadcTomcat.

		This project contains plugins to apache tomcat for x509
		client certificates and custom authentication realms.

		To use this plugin, add the following line to the <Host> element (within
		the <Service> element) in the tomcat 7 server.xml file:

		<Realm className="ca.nrc.cadc.tomcat.CadcBasicAuthenticator" />

		===============================================================================

cadcTomcat/README-SSL

0 → 100644

+116 −0

Original line number	Diff line number	Diff line
		===============================================================================
		SSL README file for opencadc project cadcTomcat.

		cadcTomcat is a custom custom trust management implementation for apache
		tomcat (version 7) that overrides the default tomcat trust behaviour
		by adding trust to valid proxy certificates.
		===============================================================================

		cadcTomcat Installation Steps:
		1. Create / identify keystore file (serves as server identity)
		2. Create / identify truststore file (list of CAs that server trusts)
		3. Checkout cadcTomcat source and build
		4. Include cadcTomcat.jar in $CATALINA_HOME/server/lib
		5. Configure server.xml to use custom trust store


		Step 1: Create / identify keystore file (serves as server identity)
		===============================================================================

		Steps to create a development version of a keystore file.

		Notes:
		- Common name (first & last name) must be the fully qualified name of the
		server.
		- Keystore password MUST match key password (only hit enter on last step)
		- Record name/location of keystore and password for use in Step 5.

		> keytool -keystore $KEYSTORE_DIR/tomcatkeystore.ks --genkey -alias tomcat
		Enter keystore password:
		Re-enter new password:
		What is your first and last name?
		[Unknown]: server.cadc.nrc.ca
		What is the name of your organizational unit?
		[Unknown]: CADC
		What is the name of your organization?
		[Unknown]: NRC
		What is the name of your City or Locality?
		[Unknown]: Victoria
		What is the name of your State or Province?
		[Unknown]: British Columbia
		What is the two-letter country code for this unit?
		[Unknown]: CA
		Is CN=server.cadc.nrc.ca OU=CADC, O=NRC, L=Victoria, ST=British Columbia, C=CA correct?
		[no]: yes

		Enter key password for <tomcat>
		(RETURN if same as keystore password):


		Step 2: Create / identify truststore file (list of CAs that server trusts)
		===============================================================================

		Steps to create a development version of a truststore file.

		Notes:
		- Only one truststore file can be used. This means that the common list of
		CAs needs to be merged with any internal CAs.
		- The common list of java trusted CAs is: $JAVA_HOME/jre/lib/security/cacerts
		- Note the location / name of the truststore file. The password is
		'changeit'.

		If no internal CAs need to be identified, then the default java trust store
		file can be used: $JAVA_HOME/jre/lib/security/cacerts

		Otherwise, follow these steps to combine the common set of CAs with internal
		CAs:
		> cp $JAVA_HOME/jre/lib/security/cacerts $KEYSTORE_DIR/tomcattruststore.ks
		> chmod 664 $KEYSTORE_DIR/tomcattruststore.ks
		> keytool -import -alias root -keystore $KEYSTORE_DIR/tomcattruststore.ks -trustcacerts -file <path to internal CA public key file .crt>

		Repeat the third command for each internal CA that needs importing.


		Step 3: Checkout cadcTomcat source and build
		===============================================================================

		> svn checkout http://opencadc.googlecode.com/svn/trunk/projects/cadcTomcat $WORK_DIR/cadcTomcat
		> ant clean build


		Step 4: Include cadcTomcat.jar in $CATALINA_HOME/server/lib
		===============================================================================

		> ln -s $WORK_DIR/cadcTomcat/build/lib/cadcTomcat.jar $CATALINA_HOME/server/lib/cadcTomcat.jar


		Step 5: Configure tomcat's conf/server.xml to use custom trust store
		===============================================================================

		Add a connector in tomcat's server.xml file. Relevant elements are:

		keyStoreFile - Points to the created / identified keystore
		keystorePass - The keystore password
		truststoreFile - Points to the created / identified truststore
		truststorePass - The truststore password
		SSLImplementation - The CADC Custom implementation of TrustManagers that
		accepts proxy certificates (default tomcat trust
		manager does not.)


		<Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
		maxThreads="600"
		scheme="https"
		secure="true"
		SSLEnabled="true"
		keystoreFile="$KEYSTORE_DIR/tomcatkeystore.ks"
		keystorePass="changeit"
		keyAlias="tomcat"
		clientAuth="true"
		truststoreFile="$KEYSTORE_DIR/tomcattruststore.ks"
		truststorePass="changeit"
		truststoreType="JKS"
		sslProtocol="TLS"
		SSLImplementation="ca.nrc.cadc.auth.CadcSSLImplementation"/>

		(Note that the environment variables cannot be used in server.xml in this way.)
		No newline at end of file

cadcTomcat/build.xml

0 → 100644

+138 −0

Original line number	Diff line number	Diff line
		<!--
		************************************************************************
		***************** CANADIAN ASTRONOMY DATA CENTRE *****************
		************ CENTRE CANADIEN DE DONNÉES ASTRONOMIQUES ************
		*
		* (c) 2009. (c) 2009.
		* Government of Canada Gouvernement du Canada
		* National Research Council Conseil national de recherches
		* Ottawa, Canada, K1A 0R6 Ottawa, Canada, K1A 0R6
		* All rights reserved Tous droits réservés
		*
		* NRC disclaims any warranties, Le CNRC dénie toute garantie
		* expressed, implied, or énoncée, implicite ou légale,
		* statutory, of any kind with de quelque nature que ce
		* respect to the software, soit, concernant le logiciel,
		* including without limitation y compris sans restriction
		* any warranty of merchantability toute garantie de valeur
		* or fitness for a particular marchande ou de pertinence
		* purpose. NRC shall not be pour un usage particulier.
		* liable in any event for any Le CNRC ne pourra en aucun cas
		* damages, whether direct or être tenu responsable de tout
		* indirect, special or general, dommage, direct ou indirect,
		* consequential or incidental, particulier ou général,
		* arising from the use of the accessoire ou fortuit, résultant
		* software. Neither the name de l'utilisation du logiciel. Ni
		* of the National Research le nom du Conseil National de
		* Council of Canada nor the Recherches du Canada ni les noms
		* names of its contributors may de ses participants ne peuvent
		* be used to endorse or promote être utilisés pour approuver ou
		* products derived from this promouvoir les produits dérivés
		* software without specific prior de ce logiciel sans autorisation
		* written permission. préalable et particulière
		* par écrit.
		*
		* This file is part of the Ce fichier fait partie du projet
		* OpenCADC project. OpenCADC.
		*
		* OpenCADC is free software: OpenCADC est un logiciel libre ;
		* you can redistribute it and/or vous pouvez le redistribuer ou le
		* modify it under the terms of modifier suivant les termes de
		* the GNU Affero General Public la “GNU Affero General Public
		* License as published by the License” telle que publiée
		* Free Software Foundation, par la Free Software Foundation
		* either version 3 of the : soit la version 3 de cette
		* License, or (at your option) licence, soit (à votre gré)
		* any later version. toute version ultérieure.
		*
		* OpenCADC is distributed in the OpenCADC est distribué
		* hope that it will be useful, dans l’espoir qu’il vous
		* but WITHOUT ANY WARRANTY; sera utile, mais SANS AUCUNE
		* without even the implied GARANTIE : sans même la garantie
		* warranty of MERCHANTABILITY implicite de COMMERCIALISABILITÉ
		* or FITNESS FOR A PARTICULAR ni d’ADÉQUATION À UN OBJECTIF
		* PURPOSE. See the GNU Affero PARTICULIER. Consultez la Licence
		* General Public License for Générale Publique GNU Affero
		* more details. pour plus de détails.
		*
		* You should have received Vous devriez avoir reçu une
		* a copy of the GNU Affero copie de la Licence Générale
		* General Public License along Publique GNU Affero avec
		* with OpenCADC. If not, see OpenCADC ; si ce n’est
		* <http://www.gnu.org/licenses/>. pas le cas, consultez :
		* <http://www.gnu.org/licenses/>.
		*
		* $Revision: 4 $
		*
		************************************************************************
		-->

		<project default="build" basedir=".">
		<property environment="env"/>
		<property file="local.build.properties" />

		<!-- site-specific build properties or overrides of values in opencadc.properties -->
		<property file="${env.CADC_PREFIX}/etc/local.properties" />

		<!-- site-specific targets, e.g. install, cannot duplicate those in opencadc.targets.xml -->
		<import file="${env.CADC_PREFIX}/etc/local.targets.xml" optional="true" />

		<!-- default properties and targets -->
		<property file="${env.CADC_PREFIX}/etc/opencadc.properties" />
		<import file="${env.CADC_PREFIX}/etc/opencadc.targets.xml"/>

		<property name="project" value="cadcTomcat" />

		<!-- developer convenience: place for extra targets and properties -->
		<import file="extras.xml" optional="true" />

		<property name="cadc" value="${lib}/cadcUtil.jar" />
		<property name="log4j" value="${ext.lib}/log4j.jar" />
		<property name="tomcat" value="${ext.lib}/catalina.jar:${ext.lib}/tomcat-util.jar:${ext.lib}/tomcat-coyote.jar" />
		<property name="jars" value="${cadc}:${log4j}:${tomcat}" />

		<target name="build" depends="simpleJar" />

		<target name="test-resources">
		<copy todir="${build}/class">
		<fileset dir="src/resources">
		<include name="**.properties" />
		</fileset>
		</copy>
		<jar jarfile="${build}/tmp/test.jar"
		basedir="${build}/class"
		update="no">
		<include name="ca/nrc/cadc/reg/client/**" />
		<include name="**.properties" />
		</jar>
		</target>

		<!-- JAR files needed to run the test suite -->
		<property name="dev.junit" value="${ext.dev}/junit.jar" />
		<property name="servlet" value="${ext.lib}/servlet-api.jar" />
		<property name="log" value="${ext.lib}/commons-logging.jar" />
		<property name="juli" value="${ext.lib}/tomcat-juli.jar" />
		<property name="tomcatUtil" value="${ext.lib}/tomcat-util.jar" />
		<property name="test" value="${build}/tmp/test.jar" />
		<property name="testingJars" value="${dev.junit}:${servlet}:${log}:${juli}:${tomcatUtil}:${test}" />

		<!-- Run the test suite -->
		<target name="test" depends="compile-test,test-resources">
		<echo message="Running test" />

		<!-- Run the junit test suite -->
		<echo message="Running test suite..." />
		<junit printsummary="yes" haltonfailure="yes" fork="yes">
		<classpath>
		<pathelement path="${build}/test/class" />
		<pathelement path="${build}/class" />
		<pathelement path="${jars}:${testingJars}" />
		</classpath>

		<test name="ca.nrc.cadc.tomcat.CadcBasicAuthenticatorTest"/>
		<test name="ca.nrc.cadc.tomcat.RealmRegistryClientTest"/>
		<formatter type="plain" usefile="false"/>
		</junit>
		</target>

		</project>