From 118f2d0ce5117b8b3f06f9ce24268730b6b2e537 Mon Sep 17 00:00:00 2001
From: Evan Cordell <cordell.evan@gmail.com>
Date: Fri, 22 Apr 2016 20:27:47 -0500
Subject: [PATCH] Add mitm certs to jwtproxy

---
 conf/init/service/jwtproxy/run | 1 +
 conf/init/zz_boot.sh           | 2 ++
 conf/jwtproxy_conf.yaml.jnj    | 3 +++
 3 files changed, 6 insertions(+)

diff --git a/conf/init/service/jwtproxy/run b/conf/init/service/jwtproxy/run
index 24e5f0d5f..9984533f3 100755
--- a/conf/init/service/jwtproxy/run
+++ b/conf/init/service/jwtproxy/run
@@ -4,5 +4,6 @@ echo 'Starting jwtproxy'
 
 cd /
 /binary_dependencies/jwtproxy --config conf/jwtproxy_conf.yaml --log-level debug
+rm /tmp/jwtproxy_secscan.sock
 
 echo 'Jwtproxy exited'
diff --git a/conf/init/zz_boot.sh b/conf/init/zz_boot.sh
index ab760266b..70b6abc37 100755
--- a/conf/init/zz_boot.sh
+++ b/conf/init/zz_boot.sh
@@ -1,3 +1,5 @@
 #!/bin/bash
 
+sudo update-ca-certificates --fresh
+
 /venv/bin/python /boot.py
diff --git a/conf/jwtproxy_conf.yaml.jnj b/conf/jwtproxy_conf.yaml.jnj
index 83e21d3c8..527d77579 100644
--- a/conf/jwtproxy_conf.yaml.jnj
+++ b/conf/jwtproxy_conf.yaml.jnj
@@ -2,6 +2,9 @@ jwtproxy:
   signer_proxy:
     enabled: true
     listen_addr: :8080
+    ca_key_file: /conf/stack/mitm.key
+    ca_crt_file: /conf/stack/mitm.cert
+
     signer:
       issuer: quay
       expiration_time: 5m