Provide CA EE Restful interface and test client.

Tickets #144 and #145
Providing the following:

1. Simple EE restful interface for certificates, printing, listing and searching.
2. Simple EE restful interface for certificate enrollment requests.
3. Simple EE restful interface for profiles and profile properties.
4. Simple Test client to exercise the functionality.
5. Created restful client base class inherited by CARestClient and DRMRestClient.
6. Provide simple restful implementations of new interfaces added.

ToDO: Need some more refactoring to base classes for some of the new classes which are similar to classes
in the DRM restful area.
ToDO: Actual certificate enrollment code that will be refactored from existing ProfileSubmitServlet.

Provide CA EE Restful interface and test client review fixes.

1 files changed, 175 insertions, 0 deletions

diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
new file mode 100644
index 000000000..37db06bd5
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
@@ -0,0 +1,175 @@
+package com.netscape.cms.servlet.csadmin;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.UnknownHostException;
+import java.util.Enumeration;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.params.HttpParams;
+import org.jboss.resteasy.client.ClientExecutor;
+import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
+import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
+import org.mozilla.jss.ssl.SSLSocket;
+
+public abstract class CMSRestClient {
+    // Callback to approve or deny returned SSL server certs
+    // Right now, simply approve the cert.
+    // ToDO: Look into taking this JSS http client code and move it into
+    // its own class to be used by possible future clients.
+
+    public CMSRestClient(String baseUri, String clientCertNick) throws URISyntaxException {
+
+        clientCertNickname = clientCertNick;
+
+        uri = new URI(baseUri);
+
+        String protocol = uri.getScheme();
+        int port = uri.getPort();
+
+        HttpClient httpclient = new DefaultHttpClient();
+        if (protocol != null && protocol.equals("https")) {
+
+            Scheme scheme = new Scheme("https", port, new JSSProtocolSocketFactory());
+            httpclient.getConnectionManager().getSchemeRegistry().register(scheme);
+
+        }
+
+        executor = new ApacheHttpClient4Executor(httpclient);
+        providerFactory = ResteasyProviderFactory.getInstance();
+        providerFactory.addClientErrorInterceptor(new CMSErrorInterceptor());
+    }
+
+    private class ServerCertApprovalCB implements SSLCertificateApprovalCallback {
+
+        public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert,
+                SSLCertificateApprovalCallback.ValidityStatus status) {
+
+            //For now lets just accept the server cert. This is a test tool, being
+            // pointed at a well know kra instance.
+
+            if (servercert != null) {
+                System.out.println("Peer SSL Servercert details: " +
+                        "\n     subject: " + servercert.getSubjectDN().toString() +
+                        "\n     issuer:  " + servercert.getIssuerDN().toString() +
+                        "\n     serial:  " + servercert.getSerialNumber().toString()
+                        );
+            }
+
+            SSLCertificateApprovalCallback.ValidityItem item;
+
+            Enumeration<?> errors = status.getReasons();
+            int i = 0;
+            while (errors.hasMoreElements()) {
+                i++;
+                item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
+                System.out.println("item " + i +
+                        " reason=" + item.getReason() +
+                        " depth=" + item.getDepth());
+
+                int reason = item.getReason();
+
+                if (reason ==
+                        SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER ||
+                        reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) {
+
+                    //Allow these two since we haven't necessarily installed the CA cert for trust
+                    // and we are choosing "localhost" as the host for this client.
+
+                    return true;
+
+                }
+            }
+
+            //For other errors return false
+
+            return false;
+        }
+    }
+
+    private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory {
+
+        @Override
+        public Socket createSocket(HttpParams params)
+                throws IOException {
+
+            return null;
+
+        }
+
+        @Override
+        public Socket connectSocket(Socket sock,
+                InetSocketAddress remoteAddress,
+                InetSocketAddress localAddress,
+                HttpParams params)
+                throws IOException,
+                UnknownHostException,
+                ConnectTimeoutException {
+
+            SSLSocket socket;
+
+            String hostName = null;
+            int port = 0;
+            if (remoteAddress != null) {
+                hostName = remoteAddress.getHostName();
+                port = remoteAddress.getPort();
+
+            }
+
+            int localPort = 0;
+            InetAddress localAddr = null;
+
+            if (localAddress != null) {
+                localPort = localAddress.getPort();
+                localAddr = localAddress.getAddress();
+            }
+
+            if (sock == null) {
+                socket = new SSLSocket(InetAddress.getByName(hostName),
+                        port,
+                        localAddr,
+                        localPort,
+                        new ServerCertApprovalCB(),
+                        null);
+
+            } else {
+                socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null);
+            }
+
+            if (socket != null && clientCertNickname != null) {
+                socket.setClientCertNickname(clientCertNickname);
+            }
+
+            return socket;
+        }
+
+        @Override
+        public boolean isSecure(Socket sock) {
+            //We only use this factory in the case of SSL Connections
+            return true;
+        }
+
+        @Override
+        public Socket createLayeredSocket(Socket arg0, String arg1, int arg2, boolean arg3) throws IOException,
+                UnknownHostException {
+            //This method implementation is required to get SSL working.
+            return null;
+        }
+
+    }
+
+    protected static String clientCertNickname;
+    protected ResteasyProviderFactory providerFactory;
+    protected ClientExecutor executor;
+    protected URI uri;
+}