aboutsummaryrefslogtreecommitdiff
path: root/readme.md
diff options
context:
space:
mode:
Diffstat (limited to 'readme.md')
-rw-r--r--readme.md30
1 files changed, 29 insertions, 1 deletions
diff --git a/readme.md b/readme.md
index c64be93..51d82dd 100644
--- a/readme.md
+++ b/readme.md
@@ -3,6 +3,7 @@
## Prepare for Compilation
For compiling MOAZS, do the following:
+
1. Checkout MoaZS repository (directory name `moazs.git`)
2. Install `at.gv.egiz.eaaf.{eaaf_module_moa-sig, core}` to local repository.
3. Install `at.gv.util.egovutils` to local mvn repository.
@@ -69,13 +70,40 @@ Integration tests start with the prefix `IT`.
Requirements:
- OpenJDK 12
-- Some integration tests have additional requirements (e.g. external services). Ensure that these requirements are met as well. Check out the source code for further details.
+- Some integration tests have additional requirements (e.g. ITMsgClientTest also tests the TLS connection and Client Authentication). Ensure that these requirements are met as well.
Command:
```
mvn test -P integration-test
```
+### Quick Guide: Set Up SSL in Apache 2.
+
+Some tests in ITMsgClientTest require SSL protection of the service endpoint with SSL Client Authentication. Here's a quick guide how to set up an Apache 2 service on localhost as a SSL terminating reverse proxy to the zusemsg endpoint that runs on http://localhost:8081/ :
+
+1. Install Apache 2.
+1. Ensure that mod-proxy is installed and enabled.
+1. In `default-ssl.conf` add the following lines to proxy requests from `https://localhost/zusemsg` to `http://localhost:8081`:
+```
+ProxyRequests off
+ProxyPass /zusemsg/ http://localhost:8081/
+ProxyPassReverse /zusemsg/ http://localhost:8081/
+<Proxy *>
+ Order allow,deny
+ allow from all
+</Proxy>
+```
+1. Use certificate and key provided in this repository for the TLS connection and add the following directives to `default-ssl.conf`:
+```
+SSLCertificateFile <path/to/repo/ssl/server>/server.localhost.cert.pem
+SSLCertificateKeyFile <path/to/repo/ssl/server>/server.localhost.key.pem
+SSLCertificateChainFile <path/to/repo/ssl/server>/ca-chain.cert.pem
+```
+1. Trust the client certificate with the following directive in `default-ssl-conf`:
+```
+SSLCACertificateFile <path/to/repo/ssl>/trusted-cas-bundle.pem
+```
+
# Footnotes
[1] https://bugs.openjdk.java.net/browse/JDK-8214098