summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--base/common/src/com/netscape/cms/client/cert/CertRestClient.java2
-rw-r--r--base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java41
2 files changed, 14 insertions, 29 deletions
diff --git a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java
index 689cb8f57..39d393321 100644
--- a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java
+++ b/base/common/src/com/netscape/cms/client/cert/CertRestClient.java
@@ -43,7 +43,7 @@ public class CertRestClient extends CMSRestClient {
}
public CertRestClient(String baseUri, String nickname) throws URISyntaxException {
- super(baseUri);
+ super(baseUri, nickname);
certClient = createProxy(CertResource.class);
certsClient = createProxy(CertsResource.class);
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
index ebc851be5..7667dc70d 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
@@ -46,20 +46,12 @@ public abstract class CMSRestClient {
this(baseUri, null);
}
- // Callback to approve or deny returned SSL server certs
- // Right now, simply approve the cert.
- // ToDO: Look into taking this JSS http client code and move it into
- // its own class to be used by possible future clients.
-
public CMSRestClient(String baseUri, String clientCertNick) throws URISyntaxException {
clientCertNickname = clientCertNick;
uri = new URI(baseUri);
- String protocol = uri.getScheme();
- int port = uri.getPort();
-
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.addRequestInterceptor(new HttpRequestInterceptor() {
@@ -74,12 +66,9 @@ public abstract class CMSRestClient {
}
});
- if (protocol != null && protocol.equals("https")) {
-
- Scheme scheme = new Scheme("https", port, new JSSProtocolSocketFactory());
- httpclient.getConnectionManager().getSchemeRegistry().register(scheme);
-
- }
+ // register https scheme
+ Scheme scheme = new Scheme("https", 443, new JSSProtocolSocketFactory());
+ httpclient.getConnectionManager().getSchemeRegistry().register(scheme);
executor = new ApacheHttpClient4Executor(httpclient);
providerFactory = ResteasyProviderFactory.getInstance();
@@ -89,11 +78,12 @@ public abstract class CMSRestClient {
private class ServerCertApprovalCB implements SSLCertificateApprovalCallback {
- public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert,
+ // Callback to approve or deny returned SSL server cert.
+ // Right now, simply approve the cert.
+ public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert,
SSLCertificateApprovalCallback.ValidityStatus status) {
- //For now lets just accept the server cert. This is a test tool, being
- // pointed at a well know kra instance.
+ if (verbose) System.out.println("Server certificate: "+serverCert.getSubjectDN());
SSLCertificateApprovalCallback.ValidityItem item;
@@ -102,12 +92,10 @@ public abstract class CMSRestClient {
item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
int reason = item.getReason();
- if (reason ==
- SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER ||
+ if (reason == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER ||
reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) {
- //Allow these two since we haven't necessarily installed the CA cert for trust
- // and we are choosing "localhost" as the host for this client.
+ // Allow these two since we haven't installed the CA cert for trust.
return true;
@@ -123,11 +111,8 @@ public abstract class CMSRestClient {
private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory {
@Override
- public Socket createSocket(HttpParams params)
- throws IOException {
-
+ public Socket createSocket(HttpParams params) throws IOException {
return null;
-
}
@Override
@@ -139,8 +124,6 @@ public abstract class CMSRestClient {
UnknownHostException,
ConnectTimeoutException {
- SSLSocket socket;
-
String hostName = null;
int port = 0;
if (remoteAddress != null) {
@@ -157,6 +140,7 @@ public abstract class CMSRestClient {
localAddr = localAddress.getAddress();
}
+ SSLSocket socket;
if (sock == null) {
socket = new SSLSocket(InetAddress.getByName(hostName),
port,
@@ -169,7 +153,8 @@ public abstract class CMSRestClient {
socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null);
}
- if (socket != null && clientCertNickname != null) {
+ if (clientCertNickname != null) {
+ if (verbose) System.out.println("Client certificate: "+clientCertNickname);
socket.setClientCertNickname(clientCertNickname);
}