diff options
| author | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-04-29 19:44:56 -0700 |
|---|---|---|
| committer | Jack Magne <jmagne@dhcp-32-224.sjc.redhat.com> | 2012-05-07 18:56:46 -0700 |
| commit | b0bca63ac46e079e3a21ed1c4d6fd532966568d0 (patch) | |
| tree | 54c880869f40d2ec9ac30c7a201f2810dbd341a0 /base/kra | |
| parent | 391d345b5a6a1a905e3db4105a65dd4fdd0d19a9 (diff) | |
| download | pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.tar.gz pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.tar.xz pki-b0bca63ac46e079e3a21ed1c4d6fd532966568d0.zip | |
Provide CA EE Restful interface and test client.
Tickets #144 and #145
Providing the following:
1. Simple EE restful interface for certificates, printing, listing and searching.
2. Simple EE restful interface for certificate enrollment requests.
3. Simple EE restful interface for profiles and profile properties.
4. Simple Test client to exercise the functionality.
5. Created restful client base class inherited by CARestClient and DRMRestClient.
6. Provide simple restful implementations of new interfaces added.
ToDO: Need some more refactoring to base classes for some of the new classes which are similar to classes
in the DRM restful area.
ToDO: Actual certificate enrollment code that will be refactored from existing ProfileSubmitServlet.
Provide CA EE Restful interface and test client review fixes.
Diffstat (limited to 'base/kra')
| -rw-r--r-- | base/kra/functional/src/com/netscape/cms/servlet/test/DRMErrorInterceptor.java | 43 | ||||
| -rw-r--r-- | base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java | 172 |
2 files changed, 3 insertions, 212 deletions
diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMErrorInterceptor.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMErrorInterceptor.java deleted file mode 100644 index 7572acef5..000000000 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMErrorInterceptor.java +++ /dev/null @@ -1,43 +0,0 @@ -package com.netscape.cms.servlet.test; - -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.MultivaluedMap; - -import org.jboss.resteasy.client.ClientResponse; -import org.jboss.resteasy.client.core.ClientErrorInterceptor; - -import com.netscape.cms.servlet.base.CMSException; - -public class DRMErrorInterceptor implements ClientErrorInterceptor { - - public void handle(ClientResponse<?> response) { - - // handle HTTP code 4xx and 5xx - int code = response.getResponseStatus().getStatusCode(); - if (code < 400) return; - - MultivaluedMap<String, String> headers = response.getHeaders(); - String contentType = headers.getFirst("Content-Type"); - - // handle XML content only - if (!contentType.startsWith(MediaType.TEXT_XML)) return; - - CMSException exception; - - try { - // Requires RESTEasy 2.3.2 - // https://issues.jboss.org/browse/RESTEASY-652 - CMSException.Data data = response.getEntity(CMSException.Data.class); - - Class<?> clazz = Class.forName(data.className); - exception = (CMSException) clazz.getConstructor(CMSException.Data.class).newInstance(data); - - } catch (Exception e) { - e.printStackTrace(); - return; - } - - throw exception; - } - -} diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java index f346526d8..772612bf4 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMRestClient.java @@ -1,35 +1,17 @@ package com.netscape.cms.servlet.test; -import java.io.IOException; -import java.net.InetAddress; -import java.net.InetSocketAddress; -import java.net.Socket; -import java.net.URI; import java.net.URISyntaxException; -import java.net.UnknownHostException; import java.util.Collection; -import java.util.Enumeration; import java.util.Iterator; -import org.apache.commons.httpclient.ConnectTimeoutException; -import org.apache.http.client.HttpClient; -import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.scheme.SchemeSocketFactory; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.params.HttpParams; -import org.jboss.resteasy.client.ClientExecutor; import org.jboss.resteasy.client.ClientResponse; import org.jboss.resteasy.client.ProxyFactory; -import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; -import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -import org.mozilla.jss.ssl.SSLSocket; import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.request.RequestId; import com.netscape.cms.servlet.admin.SystemCertificateResource; import com.netscape.cms.servlet.cert.model.CertificateData; +import com.netscape.cms.servlet.csadmin.CMSRestClient; import com.netscape.cms.servlet.key.KeyResource; import com.netscape.cms.servlet.key.KeysResource; import com.netscape.cms.servlet.key.model.KeyData; @@ -43,129 +25,7 @@ import com.netscape.cms.servlet.request.model.KeyRequestInfos; import com.netscape.cms.servlet.request.model.RecoveryRequestData; import com.netscape.cmsutil.util.Utils; -public class DRMRestClient { - - // Callback to approve or deny returned SSL server certs - // Right now, simply approve the cert. - // ToDO: Look into taking this JSS http client code and move it into - // its own class to be used by possible future clients. - private class ServerCertApprovalCB implements SSLCertificateApprovalCallback { - - public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert, - SSLCertificateApprovalCallback.ValidityStatus status) { - - //For now lets just accept the server cert. This is a test tool, being - // pointed at a well know kra instance. - - if (servercert != null) { - System.out.println("Peer cert details: " + - "\n subject: " + servercert.getSubjectDN().toString() + - "\n issuer: " + servercert.getIssuerDN().toString() + - "\n serial: " + servercert.getSerialNumber().toString() - ); - } - - SSLCertificateApprovalCallback.ValidityItem item; - - Enumeration<?> errors = status.getReasons(); - int i = 0; - while (errors.hasMoreElements()) { - i++; - item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement(); - System.out.println("item " + i + - " reason=" + item.getReason() + - " depth=" + item.getDepth()); - - int reason = item.getReason(); - - if (reason == - SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER || - reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) { - - //Allow these two since we haven't necessarily installed the CA cert for trust - // and we are choosing "localhost" as the host for this client. - - return true; - - } - } - - //For other errors return false - - return false; - } - } - - private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory { - - @Override - public Socket createSocket(HttpParams params) - throws IOException { - - return null; - - } - - @Override - public Socket connectSocket(Socket sock, - InetSocketAddress remoteAddress, - InetSocketAddress localAddress, - HttpParams params) - throws IOException, - UnknownHostException, - ConnectTimeoutException { - - SSLSocket socket; - - String hostName = null; - int port = 0; - if (remoteAddress != null) { - hostName = remoteAddress.getHostName(); - port = remoteAddress.getPort(); - - } - - int localPort = 0; - InetAddress localAddr = null; - - if (localAddress != null) { - localPort = localAddress.getPort(); - localAddr = localAddress.getAddress(); - } - - if (sock == null) { - socket = new SSLSocket(InetAddress.getByName(hostName), - port, - localAddr, - localPort, - new ServerCertApprovalCB(), - null); - - } else { - socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null); - } - - if (socket != null && clientCertNickname != null) { - socket.setClientCertNickname(clientCertNickname); - } - - return socket; - } - - @Override - public boolean isSecure(Socket sock) { - //We only use this factory in the case of SSL Connections - return true; - } - - @Override - public Socket createLayeredSocket(Socket arg0, String arg1, int arg2, boolean arg3) throws IOException, - UnknownHostException { - //This method implementation is required to get SSL working. - return null; - } - - } +public class DRMRestClient extends CMSRestClient { private KeyResource keyClient; private KeysResource keysClient; @@ -173,34 +33,8 @@ public class DRMRestClient { private KeyRequestResource keyRequestClient; private SystemCertificateResource systemCertClient; - private String clientCertNickname = null; - public DRMRestClient(String baseUri, String clientCertNick) throws URISyntaxException { - - // For SSL we are assuming the caller has already intialized JSS and has - // a valid CryptoManager and CryptoToken - // optional clientCertNickname is provided for use if required. - - URI uri = new URI(baseUri); - - String protocol = uri.getScheme(); - int port = uri.getPort(); - - clientCertNickname = clientCertNick; - HttpClient httpclient = new DefaultHttpClient(); - if (protocol != null && protocol.equals("https")) { - - Scheme scheme = new Scheme("https", port, new JSSProtocolSocketFactory()); - - // Register for port 443 our SSLSocketFactory to the ConnectionManager - httpclient.getConnectionManager().getSchemeRegistry().register(scheme); - - } - - ClientExecutor executor = new ApacheHttpClient4Executor(httpclient); - - ResteasyProviderFactory providerFactory = ResteasyProviderFactory.getInstance(); - providerFactory.addClientErrorInterceptor(new DRMErrorInterceptor()); + super(baseUri,clientCertNick); systemCertClient = ProxyFactory.create(SystemCertificateResource.class, uri, executor, providerFactory); keyRequestsClient = ProxyFactory.create(KeyRequestsResource.class, uri, executor, providerFactory); |