apache: Add support for configuring SSLProxy with key authentication

apache/manifests/init.pp

@@ -495,6 +495,41 @@ class apache::proxy($port="8080",
 }
 
 
+# Configure Apache SSLProxy with key authentication.
+#
+class apache::sslproxy(
+  $ssl_key="${::puppet_ssldir}/private_keys/${::homename}.pem",
+  $ssl_cert="${::puppet_ssldir}/certs/${::homename}.pem",
+  $ssl_ca="${::puppet_ssldir}/certs/ca.pem",
+) {
+
+  include ssl
+
+  $ssl_bundle = "${ssl::private}/apache-sslproxy.pem"
+
+  exec { 'generate-sslproxy-pem':
+    path    => '/bin:/usr/bin:/sbin:/usr/sbin',
+    command => "/bin/sh -c 'umask 077 ; cat ${ssl_key} ${ssl_cert} > ${ssl_bundle}'",
+    creates => $ssl_bundle,
+  }
+
+  file { $ssl_bundle:
+    ensure  => present,
+    mode    => '0600',
+    owner   => 'root',
+    group   => 'root',
+    require => Exec['generate-sslproxy-pem'],
+  }
+
+  apache::configfile { 'sslproxy.conf':
+    http    => false,
+    content => template('apache/sslproxy.conf'),
+    require => File[$ssl_bundle],
+  }
+
+}
+
+
 # Install mod_auth_kerb.
 #
 class apache::mod::auth_kerb($servicename=undef) {

apache/templates/sslproxy.conf.erb

@@ -0,0 +1,4 @@
+SSLProxyEngine on
+SSLProxyMachineCertificateFile <%= @ssl_bundle %>
+SSLProxyCACertificateFile <%= @ssl_ca %>
+SSLProxyVerify require