From 9e7a501dae7f7fed255428ddb2aab3e727dd119b Mon Sep 17 00:00:00 2001
From: Evan Cordell <cordell.evan@gmail.com>
Date: Thu, 21 Apr 2016 15:27:00 -0500
Subject: [PATCH] Authenticate in the other direction with jwtproxy

---
 conf/init/service/jwtproxy/run |  2 +-
 conf/jwtproxy_conf.yaml.jnj    | 14 +++++++++++++-
 config.py                      |  1 +
 util/secscan/api.py            |  3 ++-
 4 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/conf/init/service/jwtproxy/run b/conf/init/service/jwtproxy/run
index 48613a7a9..24e5f0d5f 100755
--- a/conf/init/service/jwtproxy/run
+++ b/conf/init/service/jwtproxy/run
@@ -3,6 +3,6 @@
 echo 'Starting jwtproxy'
 
 cd /
-/binary_dependencies/jwtproxy --config conf/jwtproxy_conf.yaml
+/binary_dependencies/jwtproxy --config conf/jwtproxy_conf.yaml --log-level debug
 
 echo 'Jwtproxy exited'
diff --git a/conf/jwtproxy_conf.yaml.jnj b/conf/jwtproxy_conf.yaml.jnj
index 969bbca14..83e21d3c8 100644
--- a/conf/jwtproxy_conf.yaml.jnj
+++ b/conf/jwtproxy_conf.yaml.jnj
@@ -1,6 +1,18 @@
 jwtproxy:
   signer_proxy:
-    enabled: false
+    enabled: true
+    listen_addr: :8080
+    signer:
+      issuer: quay
+      expiration_time: 5m
+      max_skew: 1m
+      private_key:
+        type: autogenerated
+        options:
+          key_server:
+            type: keyregistry
+            options:
+              registry: {{ registry }}
   verifier_proxy:
     enabled: true
     listen_addr: unix:/tmp/jwtproxy_secscan.sock
diff --git a/config.py b/config.py
index 65661637c..920fce825 100644
--- a/config.py
+++ b/config.py
@@ -288,6 +288,7 @@ class DefaultConfig(object):
     'API_VERSION': 'v1',
     'API_TIMEOUT_SECONDS': 10,
     'API_TIMEOUT_POST_SECONDS': 480,
+    'PROXY': 'http://localhost:8080',
   }
 
   # Torrent management flags
diff --git a/util/secscan/api.py b/util/secscan/api.py
index 65ff8b37a..2aa301ecf 100644
--- a/util/secscan/api.py
+++ b/util/secscan/api.py
@@ -257,4 +257,5 @@ class SecurityScannerAPI(object):
     with CloseForLongOperation(self.config):
       logger.debug('%sing security URL %s', method.upper(), url)
       return client.request(method, url, json=body, params=params, timeout=timeout,
-                            cert=self._keys, verify=self._certificate, headers=headers)
+                            cert=self._keys, verify=self._certificate, headers=headers,
+                            proxies=security_config.get('PROXY'))