summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/common/src/com/netscape/certsrv/ca/CAClient.java9
-rw-r--r--base/common/src/com/netscape/certsrv/cert/CertClient.java9
-rw-r--r--base/common/src/com/netscape/certsrv/client/PKIClient.java306
-rw-r--r--base/common/src/com/netscape/certsrv/client/PKIConnection.java313
-rw-r--r--base/common/src/com/netscape/certsrv/group/GroupClient.java9
-rw-r--r--base/common/src/com/netscape/certsrv/kra/DRMClient.java9
-rw-r--r--base/common/src/com/netscape/certsrv/system/SystemConfigClient.java9
-rw-r--r--base/common/src/com/netscape/certsrv/user/UserClient.java9
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java14
-rw-r--r--base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java3
-rw-r--r--base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java31
-rw-r--r--base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java10
-rw-r--r--base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java3
-rw-r--r--base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java1
-rw-r--r--base/java-tools/src/com/netscape/cmstools/user/UserCLI.java3
15 files changed, 403 insertions, 335 deletions
diff --git a/base/common/src/com/netscape/certsrv/ca/CAClient.java b/base/common/src/com/netscape/certsrv/ca/CAClient.java
index 62e7a2438..2c026b799 100644
--- a/base/common/src/com/netscape/certsrv/ca/CAClient.java
+++ b/base/common/src/com/netscape/certsrv/ca/CAClient.java
@@ -31,6 +31,7 @@ import com.netscape.certsrv.cert.CertReviewResponse;
import com.netscape.certsrv.cert.CertSearchRequest;
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.profile.ProfileData;
import com.netscape.certsrv.profile.ProfileDataInfos;
@@ -43,9 +44,17 @@ public class CAClient extends PKIClient {
private CertRequestResource certRequestClient;
private ProfileResource profileClient;
+ public CAClient(PKIConnection connection) throws URISyntaxException {
+ super(connection);
+ init();
+ }
+
public CAClient(ClientConfig config) throws URISyntaxException {
super(config);
+ init();
+ }
+ public void init() throws URISyntaxException {
certRequestClient = createProxy(CertRequestResource.class);
certClient = createProxy(CertResource.class);
profileClient = createProxy(ProfileResource.class);
diff --git a/base/common/src/com/netscape/certsrv/cert/CertClient.java b/base/common/src/com/netscape/certsrv/cert/CertClient.java
index a92e63522..da60ed085 100644
--- a/base/common/src/com/netscape/certsrv/cert/CertClient.java
+++ b/base/common/src/com/netscape/certsrv/cert/CertClient.java
@@ -21,6 +21,7 @@ import java.net.URISyntaxException;
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
import com.netscape.certsrv.dbs.certdb.CertId;
import com.netscape.certsrv.request.RequestId;
@@ -32,9 +33,17 @@ public class CertClient extends PKIClient {
public CertResource certClient;
public CertRequestResource certRequestResource;
+ public CertClient(PKIConnection connection) throws URISyntaxException {
+ super(connection);
+ init();
+ }
+
public CertClient(ClientConfig config) throws URISyntaxException {
super(config);
+ init();
+ }
+ public void init() throws URISyntaxException {
certClient = createProxy(CertResource.class);
certRequestResource = createProxy(CertRequestResource.class);
}
diff --git a/base/common/src/com/netscape/certsrv/client/PKIClient.java b/base/common/src/com/netscape/certsrv/client/PKIClient.java
index e725faa13..482ed9fde 100644
--- a/base/common/src/com/netscape/certsrv/client/PKIClient.java
+++ b/base/common/src/com/netscape/certsrv/client/PKIClient.java
@@ -1,319 +1,27 @@
package com.netscape.certsrv.client;
-import java.io.File;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.net.URI;
import java.net.URISyntaxException;
-import java.net.UnknownHostException;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
-import javax.ws.rs.core.MediaType;
-
-import org.apache.commons.httpclient.ConnectTimeoutException;
-import org.apache.http.Header;
-import org.apache.http.HttpEntityEnclosingRequest;
-import org.apache.http.HttpException;
-import org.apache.http.HttpRequest;
-import org.apache.http.HttpRequestInterceptor;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpResponseInterceptor;
-import org.apache.http.ProtocolException;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
-import org.apache.http.auth.params.AuthPNames;
-import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.client.params.AuthPolicy;
-import org.apache.http.client.params.HttpClientParams;
-import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
-import org.apache.http.conn.scheme.Scheme;
-import org.apache.http.conn.scheme.SchemeSocketFactory;
-import org.apache.http.impl.client.ClientParamsStack;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.impl.client.DefaultRedirectStrategy;
-import org.apache.http.impl.client.EntityEnclosingRequestWrapper;
-import org.apache.http.impl.client.RequestWrapper;
-import org.apache.http.params.HttpParams;
-import org.apache.http.protocol.HttpContext;
-import org.jboss.resteasy.client.ClientExecutor;
-import org.jboss.resteasy.client.ClientRequest;
import org.jboss.resteasy.client.ClientResponse;
-import org.jboss.resteasy.client.ClientResponseFailure;
-import org.jboss.resteasy.client.ProxyFactory;
-import org.jboss.resteasy.client.core.BaseClientResponse;
-import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
-import org.jboss.resteasy.client.core.extractors.ClientErrorHandler;
-import org.jboss.resteasy.spi.ResteasyProviderFactory;
-import org.mozilla.jss.CryptoManager;
-import org.mozilla.jss.crypto.AlreadyInitializedException;
-import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
-import org.mozilla.jss.ssl.SSLSocket;
public class PKIClient {
- protected boolean verbose;
-
- protected ClientConfig config;
-
- protected ResteasyProviderFactory providerFactory;
- protected ClientErrorHandler errorHandler;
- protected ClientExecutor executor;
-
- public PKIClient(ClientConfig config) {
- this.config = config;
-
- DefaultHttpClient httpClient = new DefaultHttpClient();
-
- // Register https scheme.
- Scheme scheme = new Scheme("https", 443, new JSSProtocolSocketFactory());
- httpClient.getConnectionManager().getSchemeRegistry().register(scheme);
-
- if (config.getUsername() != null && config.getPassword() != null) {
- List<String> authPref = new ArrayList<String>();
- authPref.add(AuthPolicy.BASIC);
- httpClient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authPref);
-
- httpClient.getCredentialsProvider().setCredentials(
- AuthScope.ANY,
- new UsernamePasswordCredentials(config.getUsername(), config.getPassword()));
- }
-
- httpClient.addRequestInterceptor(new HttpRequestInterceptor() {
- @Override
- public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
- if (verbose) {
- System.out.println("HTTP request: "+request.getRequestLine());
- for (Header header : request.getAllHeaders()) {
- System.out.println(" "+header.getName()+": "+header.getValue());
- }
- }
-
- // Set the request parameter to follow redirections.
- HttpParams params = request.getParams();
- if (params instanceof ClientParamsStack) {
- ClientParamsStack paramsStack = (ClientParamsStack)request.getParams();
- params = paramsStack.getRequestParams();
- }
- HttpClientParams.setRedirecting(params, true);
- }
- });
-
- httpClient.addResponseInterceptor(new HttpResponseInterceptor() {
- @Override
- public void process(HttpResponse response, HttpContext context) throws HttpException, IOException {
- if (verbose) {
- System.out.println("HTTP response: "+response.getStatusLine());
- for (Header header : response.getAllHeaders()) {
- System.out.println(" "+header.getName()+": "+header.getValue());
- }
- }
- }
- });
-
- httpClient.setRedirectStrategy(new DefaultRedirectStrategy() {
- @Override
- public HttpUriRequest getRedirect(HttpRequest request, HttpResponse response, HttpContext context)
- throws ProtocolException {
-
- HttpUriRequest uriRequest = super.getRedirect(request, response, context);
-
- URI uri = uriRequest.getURI();
- if (verbose) System.out.println("HTTP redirect: "+uri);
-
- // Redirect the original request to the new URI.
- RequestWrapper wrapper;
- if (request instanceof HttpEntityEnclosingRequest) {
- wrapper = new EntityEnclosingRequestWrapper((HttpEntityEnclosingRequest)request);
- } else {
- wrapper = new RequestWrapper(request);
- }
- wrapper.setURI(uri);
-
- return wrapper;
- }
-
- @Override
- public boolean isRedirected(HttpRequest request, HttpResponse response, HttpContext context)
- throws ProtocolException {
-
- // The default redirection policy does not redirect POST or PUT.
- // This overrides the policy to follow redirections for all HTTP methods.
- return response.getStatusLine().getStatusCode() == 302;
- }
- });
-
- executor = new ApacheHttpClient4Executor(httpClient);
- providerFactory = ResteasyProviderFactory.getInstance();
- providerFactory.addClientErrorInterceptor(new PKIErrorInterceptor());
- errorHandler = new ClientErrorHandler(providerFactory.getClientErrorInterceptors());
- }
-
- private class ServerCertApprovalCB implements SSLCertificateApprovalCallback {
-
- // Callback to approve or deny returned SSL server cert.
- // Right now, simply approve the cert.
- public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert,
- SSLCertificateApprovalCallback.ValidityStatus status) {
-
- if (verbose) System.out.println("Server certificate: "+serverCert.getSubjectDN());
-
- SSLCertificateApprovalCallback.ValidityItem item;
-
- Enumeration<?> errors = status.getReasons();
- while (errors.hasMoreElements()) {
- item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
- int reason = item.getReason();
-
- if (reason == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER ||
- reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) {
-
- // Allow these two since we haven't installed the CA cert for trust.
-
- return true;
+ PKIConnection connection;
- }
- }
-
- // For other errors return false.
-
- return false;
- }
+ public PKIClient(PKIConnection connection) {
+ this.connection = connection;
}
- private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory {
-
- @Override
- public Socket createSocket(HttpParams params) throws IOException {
- return null;
- }
-
- @Override
- public Socket connectSocket(Socket sock,
- InetSocketAddress remoteAddress,
- InetSocketAddress localAddress,
- HttpParams params)
- throws IOException,
- UnknownHostException,
- ConnectTimeoutException {
-
- // Initialize JSS before using SSLSocket,
- // otherwise it will throw UnsatisfiedLinkError.
- if (config.getCertDatabase() == null) {
- try {
- // No database specified, use $HOME/.pki/nssdb.
- File homeDir = new File(System.getProperty("user.home"));
- File pkiDir = new File(homeDir, ".pki");
- File nssdbDir = new File(pkiDir, "nssdb");
- nssdbDir.mkdirs();
-
- CryptoManager.initialize(nssdbDir.getAbsolutePath());
-
- } catch (AlreadyInitializedException e) {
- // ignore
-
- } catch (Exception e) {
- throw new Error(e);
- }
-
- } else {
- // Database specified, already initialized by the main program.
- }
-
- String hostName = null;
- int port = 0;
- if (remoteAddress != null) {
- hostName = remoteAddress.getHostName();
- port = remoteAddress.getPort();
- }
-
- int localPort = 0;
- InetAddress localAddr = null;
-
- if (localAddress != null) {
- localPort = localAddress.getPort();
- localAddr = localAddress.getAddress();
- }
-
- SSLSocket socket;
- if (sock == null) {
- socket = new SSLSocket(InetAddress.getByName(hostName),
- port,
- localAddr,
- localPort,
- new ServerCertApprovalCB(),
- null);
-
- } else {
- socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null);
- }
-
- String certNickname = config.getCertNickname();
- if (certNickname != null) {
- if (verbose) System.out.println("Client certificate: "+certNickname);
- socket.setClientCertNickname(certNickname);
- }
-
- return socket;
- }
-
- @Override
- public boolean isSecure(Socket sock) {
- // We only use this factory in the case of SSL Connections.
- return true;
- }
-
- @Override
- public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose)
- throws IOException, UnknownHostException {
- // This method implementation is required to get SSL working.
- return null;
- }
-
+ public PKIClient(ClientConfig config) {
+ this(new PKIConnection(config));
}
public <T> T createProxy(Class<T> clazz) throws URISyntaxException {
- URI uri = new URI(config.getServerURI()+"/rest");
- return ProxyFactory.create(clazz, uri, executor, providerFactory);
+ return connection.createProxy(clazz);
}
- @SuppressWarnings("unchecked")
public <T> T getEntity(ClientResponse<T> response) {
- BaseClientResponse<T> clientResponse = (BaseClientResponse<T>)response;
- try {
- clientResponse.checkFailureStatus();
-
- } catch (ClientResponseFailure e) {
- errorHandler.clientErrorHandling((BaseClientResponse<T>) e.getResponse(), e);
-
- } catch (RuntimeException e) {
- errorHandler.clientErrorHandling(clientResponse, e);
- }
-
- return response.getEntity();
- }
-
- public ClientResponse<String> post(String content) {
- ClientResponse<String> response = null;
- ClientRequest request = executor.createRequest(config.getServerURI().toString());
- request.body(MediaType.APPLICATION_FORM_URLENCODED, content);
- try {
- response = request.post(String.class);
- } catch (Exception e) {
- e.printStackTrace();
- }
- return response;
- }
-
- public boolean isVerbose() {
- return verbose;
- }
-
- public void setVerbose(boolean verbose) {
- this.verbose = verbose;
+ return connection.getEntity(response);
}
}
diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
new file mode 100644
index 000000000..578e1cf44
--- /dev/null
+++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java
@@ -0,0 +1,313 @@
+package com.netscape.certsrv.client;
+
+import java.io.File;
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.UnknownHostException;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+
+import javax.ws.rs.core.MediaType;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.http.Header;
+import org.apache.http.HttpEntityEnclosingRequest;
+import org.apache.http.HttpException;
+import org.apache.http.HttpRequest;
+import org.apache.http.HttpRequestInterceptor;
+import org.apache.http.HttpResponse;
+import org.apache.http.HttpResponseInterceptor;
+import org.apache.http.ProtocolException;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.auth.params.AuthPNames;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.client.params.AuthPolicy;
+import org.apache.http.client.params.HttpClientParams;
+import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeSocketFactory;
+import org.apache.http.impl.client.ClientParamsStack;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.client.DefaultRedirectStrategy;
+import org.apache.http.impl.client.EntityEnclosingRequestWrapper;
+import org.apache.http.impl.client.RequestWrapper;
+import org.apache.http.params.HttpParams;
+import org.apache.http.protocol.HttpContext;
+import org.jboss.resteasy.client.ClientExecutor;
+import org.jboss.resteasy.client.ClientRequest;
+import org.jboss.resteasy.client.ClientResponse;
+import org.jboss.resteasy.client.ClientResponseFailure;
+import org.jboss.resteasy.client.ProxyFactory;
+import org.jboss.resteasy.client.core.BaseClientResponse;
+import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
+import org.jboss.resteasy.client.core.extractors.ClientErrorHandler;
+import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.AlreadyInitializedException;
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
+import org.mozilla.jss.ssl.SSLSocket;
+
+
+public class PKIConnection {
+
+ boolean verbose;
+
+ ClientConfig config;
+
+ DefaultHttpClient httpClient = new DefaultHttpClient();
+
+ ResteasyProviderFactory providerFactory;
+ ClientErrorHandler errorHandler;
+ ClientExecutor executor;
+
+ public PKIConnection(ClientConfig config) {
+ this.config = config;
+
+ // Register https scheme.
+ Scheme scheme = new Scheme("https", 443, new JSSProtocolSocketFactory());
+ httpClient.getConnectionManager().getSchemeRegistry().register(scheme);
+
+ if (config.getUsername() != null && config.getPassword() != null) {
+ List<String> authPref = new ArrayList<String>();
+ authPref.add(AuthPolicy.BASIC);
+ httpClient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authPref);
+
+ httpClient.getCredentialsProvider().setCredentials(
+ AuthScope.ANY,
+ new UsernamePasswordCredentials(config.getUsername(), config.getPassword()));
+ }
+
+ httpClient.addRequestInterceptor(new HttpRequestInterceptor() {
+ @Override
+ public void process(HttpRequest request, HttpContext context) throws HttpException, IOException {
+ if (verbose) {
+ System.out.println("HTTP request: "+request.getRequestLine());
+ for (Header header : request.getAllHeaders()) {
+ System.out.println(" "+header.getName()+": "+header.getValue());
+ }
+ }
+
+ // Set the request parameter to follow redirections.
+ HttpParams params = request.getParams();
+ if (params instanceof ClientParamsStack) {
+ ClientParamsStack paramsStack = (ClientParamsStack)request.getParams();
+ params = paramsStack.getRequestParams();
+ }
+ HttpClientParams.setRedirecting(params, true);
+ }
+ });
+
+ httpClient.addResponseInterceptor(new HttpResponseInterceptor() {
+ @Override
+ public void process(HttpResponse response, HttpContext context) throws HttpException, IOException {
+ if (verbose) {
+ System.out.println("HTTP response: "+response.getStatusLine());
+ for (Header header : response.getAllHeaders()) {
+ System.out.println(" "+header.getName()+": "+header.getValue());
+ }
+ }
+ }
+ });
+
+ httpClient.setRedirectStrategy(new DefaultRedirectStrategy() {
+ @Override
+ public HttpUriRequest getRedirect(HttpRequest request, HttpResponse response, HttpContext context)
+ throws ProtocolException {
+
+ HttpUriRequest uriRequest = super.getRedirect(request, response, context);
+
+ URI uri = uriRequest.getURI();
+ if (verbose) System.out.println("HTTP redirect: "+uri);
+
+ // Redirect the original request to the new URI.
+ RequestWrapper wrapper;
+ if (request instanceof HttpEntityEnclosingRequest) {
+ wrapper = new EntityEnclosingRequestWrapper((HttpEntityEnclosingRequest)request);
+ } else {
+ wrapper = new RequestWrapper(request);
+ }
+ wrapper.setURI(uri);
+
+ return wrapper;
+ }
+
+ @Override
+ public boolean isRedirected(HttpRequest request, HttpResponse response, HttpContext context)
+ throws ProtocolException {
+
+ // The default redirection policy does not redirect POST or PUT.
+ // This overrides the policy to follow redirections for all HTTP methods.
+ return response.getStatusLine().getStatusCode() == 302;
+ }
+ });
+
+ executor = new ApacheHttpClient4Executor(httpClient);
+ providerFactory = ResteasyProviderFactory.getInstance();
+ providerFactory.addClientErrorInterceptor(new PKIErrorInterceptor());
+ errorHandler = new ClientErrorHandler(providerFactory.getClientErrorInterceptors());
+ }
+
+ private class ServerCertApprovalCB implements SSLCertificateApprovalCallback {
+
+ // Callback to approve or deny returned SSL server cert.
+ // Right now, simply approve the cert.
+ public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert,
+ SSLCertificateApprovalCallback.ValidityStatus status) {
+
+ if (verbose) System.out.println("Server certificate: "+serverCert.getSubjectDN());
+
+ SSLCertificateApprovalCallback.ValidityItem item;
+
+ Enumeration<?> errors = status.getReasons();
+ while (errors.hasMoreElements()) {
+ item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
+ int reason = item.getReason();
+
+ if (reason == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER ||
+ reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) {
+
+ // Allow these two since we haven't installed the CA cert for trust.
+
+ return true;
+
+ }
+ }
+
+ // For other errors return false.
+
+ return false;
+ }
+ }
+
+ private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory {
+
+ @Override
+ public Socket createSocket(HttpParams params) throws IOException {
+ return null;
+ }
+
+ @Override
+ public Socket connectSocket(Socket sock,
+ InetSocketAddress remoteAddress,
+ InetSocketAddress localAddress,
+ HttpParams params)
+ throws IOException,
+ UnknownHostException,
+ ConnectTimeoutException {
+
+ // Initialize JSS before using SSLSocket,
+ // otherwise it will throw UnsatisfiedLinkError.
+ if (config.getCertDatabase() == null) {
+ try {
+ // No database specified, use $HOME/.pki/nssdb.
+ File homeDir = new File(System.getProperty("user.home"));
+ File pkiDir = new File(homeDir, ".pki");
+ File nssdbDir = new File(pkiDir, "nssdb");
+ nssdbDir.mkdirs();
+
+ CryptoManager.initialize(nssdbDir.getAbsolutePath());
+
+ } catch (AlreadyInitializedException e) {
+ // ignore
+
+ } catch (Exception e) {
+ throw new Error(e);
+ }
+
+ } else {
+ // Database specified, already initialized by the main program.
+ }
+
+ String hostName = null;
+ int port = 0;
+ if (remoteAddress != null) {
+ hostName = remoteAddress.getHostName();
+ port = remoteAddress.getPort();
+ }
+
+ int localPort = 0;
+ InetAddress localAddr = null;
+
+ if (localAddress != null) {
+ localPort = localAddress.getPort();
+ localAddr = localAddress.getAddress();
+ }
+
+ SSLSocket socket;
+ if (sock == null) {
+ socket = new SSLSocket(InetAddress.getByName(hostName),
+ port,
+ localAddr,
+ localPort,
+ new ServerCertApprovalCB(),
+ null);
+
+ } else {
+ socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null);
+ }
+
+ String certNickname = config.getCertNickname();
+ if (certNickname != null) {
+ if (verbose) System.out.println("Client certificate: "+certNickname);
+ socket.setClientCertNickname(certNickname);
+ }
+
+ return socket;
+ }
+
+ @Override
+ public boolean isSecure(Socket sock) {
+ // We only use this factory in the case of SSL Connections.
+ return true;
+ }
+
+ @Override
+ public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose)
+ throws IOException, UnknownHostException {
+ // This method implementation is required to get SSL working.
+ return null;
+ }
+
+ }
+
+ public <T> T createProxy(Class<T> clazz) throws URISyntaxException {
+ URI uri = new URI(config.getServerURI()+"/rest");
+ return ProxyFactory.create(clazz, uri, executor, providerFactory);
+ }
+
+ @SuppressWarnings("unchecked")
+ public <T> T getEntity(ClientResponse<T> response) {
+ BaseClientResponse<T> clientResponse = (BaseClientResponse<T>)response;
+ try {
+ clientResponse.checkFailureStatus();
+
+ } catch (ClientResponseFailure e) {
+ errorHandler.clientErrorHandling((BaseClientResponse<T>) e.getResponse(), e);
+
+ } catch (RuntimeException e) {
+ errorHandler.clientErrorHandling(clientResponse, e);
+ }
+
+ return response.getEntity();
+ }
+
+ public ClientResponse<String> post(String content) throws Exception {
+ ClientRequest request = executor.createRequest(config.getServerURI().toString());
+ request.body(MediaType.APPLICATION_FORM_URLENCODED, content);
+ return request.post(String.class);
+ }
+
+ public boolean isVerbose() {
+ return verbose;
+ }
+
+ public void setVerbose(boolean verbose) {
+ this.verbose = verbose;
+ }
+}
diff --git a/base/common/src/com/netscape/certsrv/group/GroupClient.java b/base/common/src/com/netscape/certsrv/group/GroupClient.java
index 43d0ae5d5..2f7041b31 100644
--- a/base/common/src/com/netscape/certsrv/group/GroupClient.java
+++ b/base/common/src/com/netscape/certsrv/group/GroupClient.java
@@ -23,6 +23,7 @@ import org.jboss.resteasy.client.ClientResponse;
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
/**
* @author Endi S. Dewata
@@ -32,9 +33,17 @@ public class GroupClient extends PKIClient {
public GroupResource groupClient;
public GroupMemberResource groupMemberClient;
+ public GroupClient(PKIConnection connection) throws URISyntaxException {
+ super(connection);
+ init();
+ }
+
public GroupClient(ClientConfig config) throws URISyntaxException {
super(config);
+ init();
+ }
+ public void init() throws URISyntaxException {
groupClient = createProxy(GroupResource.class);
groupMemberClient = createProxy(GroupMemberResource.class);
}
diff --git a/base/common/src/com/netscape/certsrv/kra/DRMClient.java b/base/common/src/com/netscape/certsrv/kra/DRMClient.java
index 3454e0995..de2642eb1 100644
--- a/base/common/src/com/netscape/certsrv/kra/DRMClient.java
+++ b/base/common/src/com/netscape/certsrv/kra/DRMClient.java
@@ -9,6 +9,7 @@ import org.jboss.resteasy.client.ClientResponse;
import com.netscape.certsrv.cert.CertData;
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
import com.netscape.certsrv.dbs.keydb.KeyId;
import com.netscape.certsrv.key.KeyArchivalRequest;
import com.netscape.certsrv.key.KeyData;
@@ -29,9 +30,17 @@ public class DRMClient extends PKIClient {
private KeyRequestResource keyRequestClient;
private SystemCertResource systemCertClient;
+ public DRMClient(PKIConnection connection) throws URISyntaxException {
+ super(connection);
+ init();
+ }
+
public DRMClient(ClientConfig config) throws URISyntaxException {
super(config);
+ init();
+ }
+ public void init() throws URISyntaxException {
systemCertClient = createProxy(SystemCertResource.class);
keyRequestClient = createProxy(KeyRequestResource.class);
keyClient = createProxy(KeyResource.class);
diff --git a/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java b/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java
index fd14bbe19..4ccf152b3 100644
--- a/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java
+++ b/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java
@@ -21,6 +21,7 @@ import java.net.URISyntaxException;
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
/**
@@ -31,9 +32,17 @@ public class SystemConfigClient extends PKIClient {
private SystemConfigResource configClient;
+ public SystemConfigClient(PKIConnection connection) throws URISyntaxException {
+ super(connection);
+ init();
+ }
+
public SystemConfigClient(ClientConfig config) throws URISyntaxException {
super(config);
+ init();
+ }
+ public void init() throws URISyntaxException {
configClient = createProxy(SystemConfigResource.class);
}
diff --git a/base/common/src/com/netscape/certsrv/user/UserClient.java b/base/common/src/com/netscape/certsrv/user/UserClient.java
index 95960e53f..23136200d 100644
--- a/base/common/src/com/netscape/certsrv/user/UserClient.java
+++ b/base/common/src/com/netscape/certsrv/user/UserClient.java
@@ -23,6 +23,7 @@ import org.jboss.resteasy.client.ClientResponse;
import com.netscape.certsrv.client.ClientConfig;
import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
/**
* @author Endi S. Dewata
@@ -32,9 +33,17 @@ public class UserClient extends PKIClient {
public UserResource userClient;
public UserCertResource userCertClient;
+ public UserClient(PKIConnection connection) throws URISyntaxException {
+ super(connection);
+ init();
+ }
+
public UserClient(ClientConfig config) throws URISyntaxException {
super(config);
+ init();
+ }
+ public void init() throws URISyntaxException {
userClient = createProxy(UserResource.class);
userCertClient = createProxy(UserCertResource.class);
}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 531fc212f..e247b4297 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -139,7 +139,7 @@ import com.netscape.certsrv.base.IConfigStore;
import com.netscape.certsrv.base.ISubsystem;
import com.netscape.certsrv.ca.ICertificateAuthority;
import com.netscape.certsrv.client.ClientConfig;
-import com.netscape.certsrv.client.PKIClient;
+import com.netscape.certsrv.client.PKIConnection;
import com.netscape.certsrv.dbs.IDBSubsystem;
import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord;
import com.netscape.certsrv.ldap.ILdapConnFactory;
@@ -205,15 +205,15 @@ public class ConfigurationUtils {
public static ClientResponse<String> getClientResponse(String hostname, int port, boolean secure,
String path, String content, String clientnickname,
SSLCertificateApprovalCallback certApprovalCallback)
- throws URISyntaxException {
+ throws Exception {
String protocol = secure ? "https" : "http";
ClientConfig config = new ClientConfig();
config.setServerURI(protocol + "://" + hostname + ":" + port + path);
config.setCertNickname(clientnickname);
- PKIClient client = new PKIClient(config);
- ClientResponse<String> response = client.post(content);
+ PKIConnection connection = new PKIConnection(config);
+ ClientResponse<String> response = connection.post(content);
return response;
}
@@ -311,8 +311,7 @@ public class ConfigurationUtils {
}
}
- public static String getInstallToken(String sdhost, int sdport, String user, String passwd)
- throws EPropertyNotFound, EBaseException, URISyntaxException, IOException {
+ public static String getInstallToken(String sdhost, int sdport, String user, String passwd) throws Exception {
IConfigStore cs = CMS.getConfigStore();
boolean oldtoken = cs.getBoolean("cs.useOldTokenInterface", true);
@@ -343,8 +342,7 @@ public class ConfigurationUtils {
}
}
- public static String getOldCookie(String sdhost, int sdport, String user, String passwd) throws IOException,
- EPropertyNotFound, EBaseException, URISyntaxException {
+ public static String getOldCookie(String sdhost, int sdport, String user, String passwd) throws Exception {
IConfigStore cs = CMS.getConfigStore();
String subca_url = "https://" + CMS.getEEHost() + ":"
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java
index 6857b689e..034a12649 100644
--- a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java
@@ -76,8 +76,7 @@ public class CertCLI extends CLI {
public void execute(String[] args) throws Exception {
- client = new CertClient(parent.config);
- client.setVerbose(verbose);
+ client = new CertClient(parent.connection);
if (args.length == 0) {
printHelp();
diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java
index 98a3a2b4f..0c6db8a90 100644
--- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java
@@ -1,16 +1,13 @@
package com.netscape.cmstools.cert;
import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.apache.commons.cli.CommandLine;
import org.apache.commons.cli.ParseException;
-import com.netscape.certsrv.base.PKIException;
import com.netscape.certsrv.cert.CertReviewResponse;
import com.netscape.cmstools.cli.CLI;
import com.netscape.cmstools.cli.MainCLI;
@@ -24,7 +21,7 @@ public class CertRequestApproveCLI extends CLI {
}
@Override
- public void execute(String[] args) {
+ public void execute(String[] args) throws Exception {
CommandLine cmd = null;
try {
@@ -42,23 +39,15 @@ public class CertRequestApproveCLI extends CLI {
printHelp();
System.exit(-1);
}
- CertReviewResponse reviewInfo = null;
- try {
- JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class);
- Unmarshaller unmarshaller = context.createUnmarshaller();
- FileInputStream fis = new FileInputStream(cLineArgs[0].trim());
- reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis);
- parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo);
- } catch (PKIException e) {
- System.err.println(e.getMessage());
- System.exit(-1);
- } catch (JAXBException e) {
- System.err.println("Error: " + e.getMessage());
- System.exit(-1);
- } catch (FileNotFoundException e) {
- System.err.println("Error: " + e.getMessage());
- System.exit(-1);
- }
+
+ FileInputStream fis = new FileInputStream(cLineArgs[0].trim());
+
+ JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class);
+ Unmarshaller unmarshaller = context.createUnmarshaller();
+ CertReviewResponse reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis);
+
+ parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo);
+
MainCLI.printMessage("Approved certificate request " + reviewInfo.getRequestId().toString());
}
diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
index bcc3bb27e..6f1c4909f 100644
--- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java
@@ -31,6 +31,7 @@ import org.mozilla.jss.util.IncorrectPasswordException;
import org.mozilla.jss.util.Password;
import com.netscape.certsrv.client.ClientConfig;
+import com.netscape.certsrv.client.PKIConnection;
import com.netscape.cmstools.cert.CertCLI;
import com.netscape.cmstools.group.GroupCLI;
import com.netscape.cmstools.system.SecurityDomainCLI;
@@ -43,6 +44,8 @@ public class MainCLI extends CLI {
public ClientConfig config = new ClientConfig();
+ public PKIConnection connection;
+
public MainCLI() throws Exception {
super("pki", "PKI command-line interface");
@@ -161,6 +164,11 @@ public class MainCLI extends CLI {
config.setPassword(password);
}
+ public void connect() throws Exception {
+ connection = new PKIConnection(config);
+ connection.setVerbose(verbose);
+ }
+
public void execute(String[] args) throws Exception {
CLI module;
@@ -268,6 +276,8 @@ public class MainCLI extends CLI {
}
}
+ connect();
+
// execute module command
module.execute(moduleArgs);
diff --git a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java
index ce28af243..b2c38d808 100644
--- a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java
@@ -75,8 +75,7 @@ public class GroupCLI extends CLI {
public void execute(String[] args) throws Exception {
- client = new GroupClient(parent.config);
- client.setVerbose(verbose);
+ client = new GroupClient(parent.connection);
if (args.length == 0) {
printHelp();
diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java
index 93c4c4b63..a6441e2fc 100644
--- a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java
@@ -65,7 +65,6 @@ public class SecurityDomainCLI extends CLI {
public void execute(String[] args) throws Exception {
client = new SecurityDomainClient(parent.config);
- client.setVerbose(verbose);
if (args.length == 0) {
printHelp();
diff --git a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java
index 301754a22..8c24d1746 100644
--- a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java
+++ b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java
@@ -76,8 +76,7 @@ public class UserCLI extends CLI {
public void execute(String[] args) throws Exception {
- client = new UserClient(parent.config);
- client.setVerbose(verbose);
+ client = new UserClient(parent.connection);
if (args.length == 0) {
printHelp();