diff options
15 files changed, 403 insertions, 335 deletions
diff --git a/base/common/src/com/netscape/certsrv/ca/CAClient.java b/base/common/src/com/netscape/certsrv/ca/CAClient.java index 62e7a2438..2c026b799 100644 --- a/base/common/src/com/netscape/certsrv/ca/CAClient.java +++ b/base/common/src/com/netscape/certsrv/ca/CAClient.java @@ -31,6 +31,7 @@ import com.netscape.certsrv.cert.CertReviewResponse; import com.netscape.certsrv.cert.CertSearchRequest; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.client.PKIConnection; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.profile.ProfileData; import com.netscape.certsrv.profile.ProfileDataInfos; @@ -43,9 +44,17 @@ public class CAClient extends PKIClient { private CertRequestResource certRequestClient; private ProfileResource profileClient; + public CAClient(PKIConnection connection) throws URISyntaxException { + super(connection); + init(); + } + public CAClient(ClientConfig config) throws URISyntaxException { super(config); + init(); + } + public void init() throws URISyntaxException { certRequestClient = createProxy(CertRequestResource.class); certClient = createProxy(CertResource.class); profileClient = createProxy(ProfileResource.class); diff --git a/base/common/src/com/netscape/certsrv/cert/CertClient.java b/base/common/src/com/netscape/certsrv/cert/CertClient.java index a92e63522..da60ed085 100644 --- a/base/common/src/com/netscape/certsrv/cert/CertClient.java +++ b/base/common/src/com/netscape/certsrv/cert/CertClient.java @@ -21,6 +21,7 @@ import java.net.URISyntaxException; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.client.PKIConnection; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.request.RequestId; @@ -32,9 +33,17 @@ public class CertClient extends PKIClient { public CertResource certClient; public CertRequestResource certRequestResource; + public CertClient(PKIConnection connection) throws URISyntaxException { + super(connection); + init(); + } + public CertClient(ClientConfig config) throws URISyntaxException { super(config); + init(); + } + public void init() throws URISyntaxException { certClient = createProxy(CertResource.class); certRequestResource = createProxy(CertRequestResource.class); } diff --git a/base/common/src/com/netscape/certsrv/client/PKIClient.java b/base/common/src/com/netscape/certsrv/client/PKIClient.java index e725faa13..482ed9fde 100644 --- a/base/common/src/com/netscape/certsrv/client/PKIClient.java +++ b/base/common/src/com/netscape/certsrv/client/PKIClient.java @@ -1,319 +1,27 @@ package com.netscape.certsrv.client; -import java.io.File; -import java.io.IOException; -import java.net.InetAddress; -import java.net.InetSocketAddress; -import java.net.Socket; -import java.net.URI; import java.net.URISyntaxException; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.List; -import javax.ws.rs.core.MediaType; - -import org.apache.commons.httpclient.ConnectTimeoutException; -import org.apache.http.Header; -import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpRequestInterceptor; -import org.apache.http.HttpResponse; -import org.apache.http.HttpResponseInterceptor; -import org.apache.http.ProtocolException; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.auth.params.AuthPNames; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.params.AuthPolicy; -import org.apache.http.client.params.HttpClientParams; -import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.scheme.SchemeSocketFactory; -import org.apache.http.impl.client.ClientParamsStack; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.impl.client.DefaultRedirectStrategy; -import org.apache.http.impl.client.EntityEnclosingRequestWrapper; -import org.apache.http.impl.client.RequestWrapper; -import org.apache.http.params.HttpParams; -import org.apache.http.protocol.HttpContext; -import org.jboss.resteasy.client.ClientExecutor; -import org.jboss.resteasy.client.ClientRequest; import org.jboss.resteasy.client.ClientResponse; -import org.jboss.resteasy.client.ClientResponseFailure; -import org.jboss.resteasy.client.ProxyFactory; -import org.jboss.resteasy.client.core.BaseClientResponse; -import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; -import org.jboss.resteasy.client.core.extractors.ClientErrorHandler; -import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.crypto.AlreadyInitializedException; -import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -import org.mozilla.jss.ssl.SSLSocket; public class PKIClient { - protected boolean verbose; - - protected ClientConfig config; - - protected ResteasyProviderFactory providerFactory; - protected ClientErrorHandler errorHandler; - protected ClientExecutor executor; - - public PKIClient(ClientConfig config) { - this.config = config; - - DefaultHttpClient httpClient = new DefaultHttpClient(); - - // Register https scheme. - Scheme scheme = new Scheme("https", 443, new JSSProtocolSocketFactory()); - httpClient.getConnectionManager().getSchemeRegistry().register(scheme); - - if (config.getUsername() != null && config.getPassword() != null) { - List<String> authPref = new ArrayList<String>(); - authPref.add(AuthPolicy.BASIC); - httpClient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authPref); - - httpClient.getCredentialsProvider().setCredentials( - AuthScope.ANY, - new UsernamePasswordCredentials(config.getUsername(), config.getPassword())); - } - - httpClient.addRequestInterceptor(new HttpRequestInterceptor() { - @Override - public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { - if (verbose) { - System.out.println("HTTP request: "+request.getRequestLine()); - for (Header header : request.getAllHeaders()) { - System.out.println(" "+header.getName()+": "+header.getValue()); - } - } - - // Set the request parameter to follow redirections. - HttpParams params = request.getParams(); - if (params instanceof ClientParamsStack) { - ClientParamsStack paramsStack = (ClientParamsStack)request.getParams(); - params = paramsStack.getRequestParams(); - } - HttpClientParams.setRedirecting(params, true); - } - }); - - httpClient.addResponseInterceptor(new HttpResponseInterceptor() { - @Override - public void process(HttpResponse response, HttpContext context) throws HttpException, IOException { - if (verbose) { - System.out.println("HTTP response: "+response.getStatusLine()); - for (Header header : response.getAllHeaders()) { - System.out.println(" "+header.getName()+": "+header.getValue()); - } - } - } - }); - - httpClient.setRedirectStrategy(new DefaultRedirectStrategy() { - @Override - public HttpUriRequest getRedirect(HttpRequest request, HttpResponse response, HttpContext context) - throws ProtocolException { - - HttpUriRequest uriRequest = super.getRedirect(request, response, context); - - URI uri = uriRequest.getURI(); - if (verbose) System.out.println("HTTP redirect: "+uri); - - // Redirect the original request to the new URI. - RequestWrapper wrapper; - if (request instanceof HttpEntityEnclosingRequest) { - wrapper = new EntityEnclosingRequestWrapper((HttpEntityEnclosingRequest)request); - } else { - wrapper = new RequestWrapper(request); - } - wrapper.setURI(uri); - - return wrapper; - } - - @Override - public boolean isRedirected(HttpRequest request, HttpResponse response, HttpContext context) - throws ProtocolException { - - // The default redirection policy does not redirect POST or PUT. - // This overrides the policy to follow redirections for all HTTP methods. - return response.getStatusLine().getStatusCode() == 302; - } - }); - - executor = new ApacheHttpClient4Executor(httpClient); - providerFactory = ResteasyProviderFactory.getInstance(); - providerFactory.addClientErrorInterceptor(new PKIErrorInterceptor()); - errorHandler = new ClientErrorHandler(providerFactory.getClientErrorInterceptors()); - } - - private class ServerCertApprovalCB implements SSLCertificateApprovalCallback { - - // Callback to approve or deny returned SSL server cert. - // Right now, simply approve the cert. - public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert, - SSLCertificateApprovalCallback.ValidityStatus status) { - - if (verbose) System.out.println("Server certificate: "+serverCert.getSubjectDN()); - - SSLCertificateApprovalCallback.ValidityItem item; - - Enumeration<?> errors = status.getReasons(); - while (errors.hasMoreElements()) { - item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement(); - int reason = item.getReason(); - - if (reason == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER || - reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) { - - // Allow these two since we haven't installed the CA cert for trust. - - return true; + PKIConnection connection; - } - } - - // For other errors return false. - - return false; - } + public PKIClient(PKIConnection connection) { + this.connection = connection; } - private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory { - - @Override - public Socket createSocket(HttpParams params) throws IOException { - return null; - } - - @Override - public Socket connectSocket(Socket sock, - InetSocketAddress remoteAddress, - InetSocketAddress localAddress, - HttpParams params) - throws IOException, - UnknownHostException, - ConnectTimeoutException { - - // Initialize JSS before using SSLSocket, - // otherwise it will throw UnsatisfiedLinkError. - if (config.getCertDatabase() == null) { - try { - // No database specified, use $HOME/.pki/nssdb. - File homeDir = new File(System.getProperty("user.home")); - File pkiDir = new File(homeDir, ".pki"); - File nssdbDir = new File(pkiDir, "nssdb"); - nssdbDir.mkdirs(); - - CryptoManager.initialize(nssdbDir.getAbsolutePath()); - - } catch (AlreadyInitializedException e) { - // ignore - - } catch (Exception e) { - throw new Error(e); - } - - } else { - // Database specified, already initialized by the main program. - } - - String hostName = null; - int port = 0; - if (remoteAddress != null) { - hostName = remoteAddress.getHostName(); - port = remoteAddress.getPort(); - } - - int localPort = 0; - InetAddress localAddr = null; - - if (localAddress != null) { - localPort = localAddress.getPort(); - localAddr = localAddress.getAddress(); - } - - SSLSocket socket; - if (sock == null) { - socket = new SSLSocket(InetAddress.getByName(hostName), - port, - localAddr, - localPort, - new ServerCertApprovalCB(), - null); - - } else { - socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null); - } - - String certNickname = config.getCertNickname(); - if (certNickname != null) { - if (verbose) System.out.println("Client certificate: "+certNickname); - socket.setClientCertNickname(certNickname); - } - - return socket; - } - - @Override - public boolean isSecure(Socket sock) { - // We only use this factory in the case of SSL Connections. - return true; - } - - @Override - public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose) - throws IOException, UnknownHostException { - // This method implementation is required to get SSL working. - return null; - } - + public PKIClient(ClientConfig config) { + this(new PKIConnection(config)); } public <T> T createProxy(Class<T> clazz) throws URISyntaxException { - URI uri = new URI(config.getServerURI()+"/rest"); - return ProxyFactory.create(clazz, uri, executor, providerFactory); + return connection.createProxy(clazz); } - @SuppressWarnings("unchecked") public <T> T getEntity(ClientResponse<T> response) { - BaseClientResponse<T> clientResponse = (BaseClientResponse<T>)response; - try { - clientResponse.checkFailureStatus(); - - } catch (ClientResponseFailure e) { - errorHandler.clientErrorHandling((BaseClientResponse<T>) e.getResponse(), e); - - } catch (RuntimeException e) { - errorHandler.clientErrorHandling(clientResponse, e); - } - - return response.getEntity(); - } - - public ClientResponse<String> post(String content) { - ClientResponse<String> response = null; - ClientRequest request = executor.createRequest(config.getServerURI().toString()); - request.body(MediaType.APPLICATION_FORM_URLENCODED, content); - try { - response = request.post(String.class); - } catch (Exception e) { - e.printStackTrace(); - } - return response; - } - - public boolean isVerbose() { - return verbose; - } - - public void setVerbose(boolean verbose) { - this.verbose = verbose; + return connection.getEntity(response); } } diff --git a/base/common/src/com/netscape/certsrv/client/PKIConnection.java b/base/common/src/com/netscape/certsrv/client/PKIConnection.java new file mode 100644 index 000000000..578e1cf44 --- /dev/null +++ b/base/common/src/com/netscape/certsrv/client/PKIConnection.java @@ -0,0 +1,313 @@ +package com.netscape.certsrv.client; + +import java.io.File; +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; + +import javax.ws.rs.core.MediaType; + +import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.http.Header; +import org.apache.http.HttpEntityEnclosingRequest; +import org.apache.http.HttpException; +import org.apache.http.HttpRequest; +import org.apache.http.HttpRequestInterceptor; +import org.apache.http.HttpResponse; +import org.apache.http.HttpResponseInterceptor; +import org.apache.http.ProtocolException; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.auth.params.AuthPNames; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.client.params.AuthPolicy; +import org.apache.http.client.params.HttpClientParams; +import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeSocketFactory; +import org.apache.http.impl.client.ClientParamsStack; +import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.client.DefaultRedirectStrategy; +import org.apache.http.impl.client.EntityEnclosingRequestWrapper; +import org.apache.http.impl.client.RequestWrapper; +import org.apache.http.params.HttpParams; +import org.apache.http.protocol.HttpContext; +import org.jboss.resteasy.client.ClientExecutor; +import org.jboss.resteasy.client.ClientRequest; +import org.jboss.resteasy.client.ClientResponse; +import org.jboss.resteasy.client.ClientResponseFailure; +import org.jboss.resteasy.client.ProxyFactory; +import org.jboss.resteasy.client.core.BaseClientResponse; +import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; +import org.jboss.resteasy.client.core.extractors.ClientErrorHandler; +import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; +import org.mozilla.jss.ssl.SSLSocket; + + +public class PKIConnection { + + boolean verbose; + + ClientConfig config; + + DefaultHttpClient httpClient = new DefaultHttpClient(); + + ResteasyProviderFactory providerFactory; + ClientErrorHandler errorHandler; + ClientExecutor executor; + + public PKIConnection(ClientConfig config) { + this.config = config; + + // Register https scheme. + Scheme scheme = new Scheme("https", 443, new JSSProtocolSocketFactory()); + httpClient.getConnectionManager().getSchemeRegistry().register(scheme); + + if (config.getUsername() != null && config.getPassword() != null) { + List<String> authPref = new ArrayList<String>(); + authPref.add(AuthPolicy.BASIC); + httpClient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authPref); + + httpClient.getCredentialsProvider().setCredentials( + AuthScope.ANY, + new UsernamePasswordCredentials(config.getUsername(), config.getPassword())); + } + + httpClient.addRequestInterceptor(new HttpRequestInterceptor() { + @Override + public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { + if (verbose) { + System.out.println("HTTP request: "+request.getRequestLine()); + for (Header header : request.getAllHeaders()) { + System.out.println(" "+header.getName()+": "+header.getValue()); + } + } + + // Set the request parameter to follow redirections. + HttpParams params = request.getParams(); + if (params instanceof ClientParamsStack) { + ClientParamsStack paramsStack = (ClientParamsStack)request.getParams(); + params = paramsStack.getRequestParams(); + } + HttpClientParams.setRedirecting(params, true); + } + }); + + httpClient.addResponseInterceptor(new HttpResponseInterceptor() { + @Override + public void process(HttpResponse response, HttpContext context) throws HttpException, IOException { + if (verbose) { + System.out.println("HTTP response: "+response.getStatusLine()); + for (Header header : response.getAllHeaders()) { + System.out.println(" "+header.getName()+": "+header.getValue()); + } + } + } + }); + + httpClient.setRedirectStrategy(new DefaultRedirectStrategy() { + @Override + public HttpUriRequest getRedirect(HttpRequest request, HttpResponse response, HttpContext context) + throws ProtocolException { + + HttpUriRequest uriRequest = super.getRedirect(request, response, context); + + URI uri = uriRequest.getURI(); + if (verbose) System.out.println("HTTP redirect: "+uri); + + // Redirect the original request to the new URI. + RequestWrapper wrapper; + if (request instanceof HttpEntityEnclosingRequest) { + wrapper = new EntityEnclosingRequestWrapper((HttpEntityEnclosingRequest)request); + } else { + wrapper = new RequestWrapper(request); + } + wrapper.setURI(uri); + + return wrapper; + } + + @Override + public boolean isRedirected(HttpRequest request, HttpResponse response, HttpContext context) + throws ProtocolException { + + // The default redirection policy does not redirect POST or PUT. + // This overrides the policy to follow redirections for all HTTP methods. + return response.getStatusLine().getStatusCode() == 302; + } + }); + + executor = new ApacheHttpClient4Executor(httpClient); + providerFactory = ResteasyProviderFactory.getInstance(); + providerFactory.addClientErrorInterceptor(new PKIErrorInterceptor()); + errorHandler = new ClientErrorHandler(providerFactory.getClientErrorInterceptors()); + } + + private class ServerCertApprovalCB implements SSLCertificateApprovalCallback { + + // Callback to approve or deny returned SSL server cert. + // Right now, simply approve the cert. + public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert, + SSLCertificateApprovalCallback.ValidityStatus status) { + + if (verbose) System.out.println("Server certificate: "+serverCert.getSubjectDN()); + + SSLCertificateApprovalCallback.ValidityItem item; + + Enumeration<?> errors = status.getReasons(); + while (errors.hasMoreElements()) { + item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement(); + int reason = item.getReason(); + + if (reason == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER || + reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) { + + // Allow these two since we haven't installed the CA cert for trust. + + return true; + + } + } + + // For other errors return false. + + return false; + } + } + + private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory { + + @Override + public Socket createSocket(HttpParams params) throws IOException { + return null; + } + + @Override + public Socket connectSocket(Socket sock, + InetSocketAddress remoteAddress, + InetSocketAddress localAddress, + HttpParams params) + throws IOException, + UnknownHostException, + ConnectTimeoutException { + + // Initialize JSS before using SSLSocket, + // otherwise it will throw UnsatisfiedLinkError. + if (config.getCertDatabase() == null) { + try { + // No database specified, use $HOME/.pki/nssdb. + File homeDir = new File(System.getProperty("user.home")); + File pkiDir = new File(homeDir, ".pki"); + File nssdbDir = new File(pkiDir, "nssdb"); + nssdbDir.mkdirs(); + + CryptoManager.initialize(nssdbDir.getAbsolutePath()); + + } catch (AlreadyInitializedException e) { + // ignore + + } catch (Exception e) { + throw new Error(e); + } + + } else { + // Database specified, already initialized by the main program. + } + + String hostName = null; + int port = 0; + if (remoteAddress != null) { + hostName = remoteAddress.getHostName(); + port = remoteAddress.getPort(); + } + + int localPort = 0; + InetAddress localAddr = null; + + if (localAddress != null) { + localPort = localAddress.getPort(); + localAddr = localAddress.getAddress(); + } + + SSLSocket socket; + if (sock == null) { + socket = new SSLSocket(InetAddress.getByName(hostName), + port, + localAddr, + localPort, + new ServerCertApprovalCB(), + null); + + } else { + socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null); + } + + String certNickname = config.getCertNickname(); + if (certNickname != null) { + if (verbose) System.out.println("Client certificate: "+certNickname); + socket.setClientCertNickname(certNickname); + } + + return socket; + } + + @Override + public boolean isSecure(Socket sock) { + // We only use this factory in the case of SSL Connections. + return true; + } + + @Override + public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose) + throws IOException, UnknownHostException { + // This method implementation is required to get SSL working. + return null; + } + + } + + public <T> T createProxy(Class<T> clazz) throws URISyntaxException { + URI uri = new URI(config.getServerURI()+"/rest"); + return ProxyFactory.create(clazz, uri, executor, providerFactory); + } + + @SuppressWarnings("unchecked") + public <T> T getEntity(ClientResponse<T> response) { + BaseClientResponse<T> clientResponse = (BaseClientResponse<T>)response; + try { + clientResponse.checkFailureStatus(); + + } catch (ClientResponseFailure e) { + errorHandler.clientErrorHandling((BaseClientResponse<T>) e.getResponse(), e); + + } catch (RuntimeException e) { + errorHandler.clientErrorHandling(clientResponse, e); + } + + return response.getEntity(); + } + + public ClientResponse<String> post(String content) throws Exception { + ClientRequest request = executor.createRequest(config.getServerURI().toString()); + request.body(MediaType.APPLICATION_FORM_URLENCODED, content); + return request.post(String.class); + } + + public boolean isVerbose() { + return verbose; + } + + public void setVerbose(boolean verbose) { + this.verbose = verbose; + } +} diff --git a/base/common/src/com/netscape/certsrv/group/GroupClient.java b/base/common/src/com/netscape/certsrv/group/GroupClient.java index 43d0ae5d5..2f7041b31 100644 --- a/base/common/src/com/netscape/certsrv/group/GroupClient.java +++ b/base/common/src/com/netscape/certsrv/group/GroupClient.java @@ -23,6 +23,7 @@ import org.jboss.resteasy.client.ClientResponse; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.client.PKIConnection; /** * @author Endi S. Dewata @@ -32,9 +33,17 @@ public class GroupClient extends PKIClient { public GroupResource groupClient; public GroupMemberResource groupMemberClient; + public GroupClient(PKIConnection connection) throws URISyntaxException { + super(connection); + init(); + } + public GroupClient(ClientConfig config) throws URISyntaxException { super(config); + init(); + } + public void init() throws URISyntaxException { groupClient = createProxy(GroupResource.class); groupMemberClient = createProxy(GroupMemberResource.class); } diff --git a/base/common/src/com/netscape/certsrv/kra/DRMClient.java b/base/common/src/com/netscape/certsrv/kra/DRMClient.java index 3454e0995..de2642eb1 100644 --- a/base/common/src/com/netscape/certsrv/kra/DRMClient.java +++ b/base/common/src/com/netscape/certsrv/kra/DRMClient.java @@ -9,6 +9,7 @@ import org.jboss.resteasy.client.ClientResponse; import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.client.PKIConnection; import com.netscape.certsrv.dbs.keydb.KeyId; import com.netscape.certsrv.key.KeyArchivalRequest; import com.netscape.certsrv.key.KeyData; @@ -29,9 +30,17 @@ public class DRMClient extends PKIClient { private KeyRequestResource keyRequestClient; private SystemCertResource systemCertClient; + public DRMClient(PKIConnection connection) throws URISyntaxException { + super(connection); + init(); + } + public DRMClient(ClientConfig config) throws URISyntaxException { super(config); + init(); + } + public void init() throws URISyntaxException { systemCertClient = createProxy(SystemCertResource.class); keyRequestClient = createProxy(KeyRequestResource.class); keyClient = createProxy(KeyResource.class); diff --git a/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java b/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java index fd14bbe19..4ccf152b3 100644 --- a/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java +++ b/base/common/src/com/netscape/certsrv/system/SystemConfigClient.java @@ -21,6 +21,7 @@ import java.net.URISyntaxException; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.client.PKIConnection; /** @@ -31,9 +32,17 @@ public class SystemConfigClient extends PKIClient { private SystemConfigResource configClient; + public SystemConfigClient(PKIConnection connection) throws URISyntaxException { + super(connection); + init(); + } + public SystemConfigClient(ClientConfig config) throws URISyntaxException { super(config); + init(); + } + public void init() throws URISyntaxException { configClient = createProxy(SystemConfigResource.class); } diff --git a/base/common/src/com/netscape/certsrv/user/UserClient.java b/base/common/src/com/netscape/certsrv/user/UserClient.java index 95960e53f..23136200d 100644 --- a/base/common/src/com/netscape/certsrv/user/UserClient.java +++ b/base/common/src/com/netscape/certsrv/user/UserClient.java @@ -23,6 +23,7 @@ import org.jboss.resteasy.client.ClientResponse; import com.netscape.certsrv.client.ClientConfig; import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.client.PKIConnection; /** * @author Endi S. Dewata @@ -32,9 +33,17 @@ public class UserClient extends PKIClient { public UserResource userClient; public UserCertResource userCertClient; + public UserClient(PKIConnection connection) throws URISyntaxException { + super(connection); + init(); + } + public UserClient(ClientConfig config) throws URISyntaxException { super(config); + init(); + } + public void init() throws URISyntaxException { userClient = createProxy(UserResource.class); userCertClient = createProxy(UserCertResource.class); } diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index 531fc212f..e247b4297 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -139,7 +139,7 @@ import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; import com.netscape.certsrv.ca.ICertificateAuthority; import com.netscape.certsrv.client.ClientConfig; -import com.netscape.certsrv.client.PKIClient; +import com.netscape.certsrv.client.PKIConnection; import com.netscape.certsrv.dbs.IDBSubsystem; import com.netscape.certsrv.dbs.crldb.ICRLIssuingPointRecord; import com.netscape.certsrv.ldap.ILdapConnFactory; @@ -205,15 +205,15 @@ public class ConfigurationUtils { public static ClientResponse<String> getClientResponse(String hostname, int port, boolean secure, String path, String content, String clientnickname, SSLCertificateApprovalCallback certApprovalCallback) - throws URISyntaxException { + throws Exception { String protocol = secure ? "https" : "http"; ClientConfig config = new ClientConfig(); config.setServerURI(protocol + "://" + hostname + ":" + port + path); config.setCertNickname(clientnickname); - PKIClient client = new PKIClient(config); - ClientResponse<String> response = client.post(content); + PKIConnection connection = new PKIConnection(config); + ClientResponse<String> response = connection.post(content); return response; } @@ -311,8 +311,7 @@ public class ConfigurationUtils { } } - public static String getInstallToken(String sdhost, int sdport, String user, String passwd) - throws EPropertyNotFound, EBaseException, URISyntaxException, IOException { + public static String getInstallToken(String sdhost, int sdport, String user, String passwd) throws Exception { IConfigStore cs = CMS.getConfigStore(); boolean oldtoken = cs.getBoolean("cs.useOldTokenInterface", true); @@ -343,8 +342,7 @@ public class ConfigurationUtils { } } - public static String getOldCookie(String sdhost, int sdport, String user, String passwd) throws IOException, - EPropertyNotFound, EBaseException, URISyntaxException { + public static String getOldCookie(String sdhost, int sdport, String user, String passwd) throws Exception { IConfigStore cs = CMS.getConfigStore(); String subca_url = "https://" + CMS.getEEHost() + ":" diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java index 6857b689e..034a12649 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertCLI.java @@ -76,8 +76,7 @@ public class CertCLI extends CLI { public void execute(String[] args) throws Exception { - client = new CertClient(parent.config); - client.setVerbose(verbose); + client = new CertClient(parent.connection); if (args.length == 0) { printHelp(); diff --git a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java index 98a3a2b4f..0c6db8a90 100644 --- a/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cert/CertRequestApproveCLI.java @@ -1,16 +1,13 @@ package com.netscape.cmstools.cert; import java.io.FileInputStream; -import java.io.FileNotFoundException; import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.ParseException; -import com.netscape.certsrv.base.PKIException; import com.netscape.certsrv.cert.CertReviewResponse; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; @@ -24,7 +21,7 @@ public class CertRequestApproveCLI extends CLI { } @Override - public void execute(String[] args) { + public void execute(String[] args) throws Exception { CommandLine cmd = null; try { @@ -42,23 +39,15 @@ public class CertRequestApproveCLI extends CLI { printHelp(); System.exit(-1); } - CertReviewResponse reviewInfo = null; - try { - JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class); - Unmarshaller unmarshaller = context.createUnmarshaller(); - FileInputStream fis = new FileInputStream(cLineArgs[0].trim()); - reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis); - parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo); - } catch (PKIException e) { - System.err.println(e.getMessage()); - System.exit(-1); - } catch (JAXBException e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); - } catch (FileNotFoundException e) { - System.err.println("Error: " + e.getMessage()); - System.exit(-1); - } + + FileInputStream fis = new FileInputStream(cLineArgs[0].trim()); + + JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class); + Unmarshaller unmarshaller = context.createUnmarshaller(); + CertReviewResponse reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis); + + parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo); + MainCLI.printMessage("Approved certificate request " + reviewInfo.getRequestId().toString()); } diff --git a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java index bcc3bb27e..6f1c4909f 100644 --- a/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/cli/MainCLI.java @@ -31,6 +31,7 @@ import org.mozilla.jss.util.IncorrectPasswordException; import org.mozilla.jss.util.Password; import com.netscape.certsrv.client.ClientConfig; +import com.netscape.certsrv.client.PKIConnection; import com.netscape.cmstools.cert.CertCLI; import com.netscape.cmstools.group.GroupCLI; import com.netscape.cmstools.system.SecurityDomainCLI; @@ -43,6 +44,8 @@ public class MainCLI extends CLI { public ClientConfig config = new ClientConfig(); + public PKIConnection connection; + public MainCLI() throws Exception { super("pki", "PKI command-line interface"); @@ -161,6 +164,11 @@ public class MainCLI extends CLI { config.setPassword(password); } + public void connect() throws Exception { + connection = new PKIConnection(config); + connection.setVerbose(verbose); + } + public void execute(String[] args) throws Exception { CLI module; @@ -268,6 +276,8 @@ public class MainCLI extends CLI { } } + connect(); + // execute module command module.execute(moduleArgs); diff --git a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java index ce28af243..b2c38d808 100644 --- a/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/group/GroupCLI.java @@ -75,8 +75,7 @@ public class GroupCLI extends CLI { public void execute(String[] args) throws Exception { - client = new GroupClient(parent.config); - client.setVerbose(verbose); + client = new GroupClient(parent.connection); if (args.length == 0) { printHelp(); diff --git a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java index 93c4c4b63..a6441e2fc 100644 --- a/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/system/SecurityDomainCLI.java @@ -65,7 +65,6 @@ public class SecurityDomainCLI extends CLI { public void execute(String[] args) throws Exception { client = new SecurityDomainClient(parent.config); - client.setVerbose(verbose); if (args.length == 0) { printHelp(); diff --git a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java index 301754a22..8c24d1746 100644 --- a/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/user/UserCLI.java @@ -76,8 +76,7 @@ public class UserCLI extends CLI { public void execute(String[] args) throws Exception { - client = new UserClient(parent.config); - client.setVerbose(verbose); + client = new UserClient(parent.connection); if (args.length == 0) { printHelp(); |