diff options
Diffstat (limited to 'base/common/src/com/netscape/cms/client')
21 files changed, 774 insertions, 84 deletions
diff --git a/base/common/src/com/netscape/cms/client/cli/ClientConfig.java b/base/common/src/com/netscape/cms/client/ClientConfig.java index 8b5380805..7299d4d22 100644 --- a/base/common/src/com/netscape/cms/client/cli/ClientConfig.java +++ b/base/common/src/com/netscape/cms/client/ClientConfig.java @@ -16,7 +16,7 @@ // All rights reserved. // --- END COPYRIGHT BLOCK --- -package com.netscape.cms.client.cli; +package com.netscape.cms.client; import java.io.StringReader; import java.io.StringWriter; diff --git a/base/common/src/com/netscape/cms/client/PKIClient.java b/base/common/src/com/netscape/cms/client/PKIClient.java new file mode 100644 index 000000000..ddd47dab6 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/PKIClient.java @@ -0,0 +1,304 @@ +package com.netscape.cms.client; + +import java.io.File; +import java.io.IOException; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.Socket; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.UnknownHostException; +import java.util.ArrayList; +import java.util.Enumeration; +import java.util.List; + +import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.http.Header; +import org.apache.http.HttpEntityEnclosingRequest; +import org.apache.http.HttpException; +import org.apache.http.HttpRequest; +import org.apache.http.HttpRequestInterceptor; +import org.apache.http.HttpResponse; +import org.apache.http.HttpResponseInterceptor; +import org.apache.http.ProtocolException; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.auth.params.AuthPNames; +import org.apache.http.client.methods.HttpUriRequest; +import org.apache.http.client.params.AuthPolicy; +import org.apache.http.client.params.HttpClientParams; +import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; +import org.apache.http.conn.scheme.Scheme; +import org.apache.http.conn.scheme.SchemeSocketFactory; +import org.apache.http.impl.client.ClientParamsStack; +import org.apache.http.impl.client.DefaultHttpClient; +import org.apache.http.impl.client.DefaultRedirectStrategy; +import org.apache.http.impl.client.EntityEnclosingRequestWrapper; +import org.apache.http.impl.client.RequestWrapper; +import org.apache.http.params.HttpParams; +import org.apache.http.protocol.HttpContext; +import org.jboss.resteasy.client.ClientExecutor; +import org.jboss.resteasy.client.ClientResponse; +import org.jboss.resteasy.client.ClientResponseFailure; +import org.jboss.resteasy.client.ProxyFactory; +import org.jboss.resteasy.client.core.BaseClientResponse; +import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; +import org.jboss.resteasy.client.core.extractors.ClientErrorHandler; +import org.jboss.resteasy.spi.ResteasyProviderFactory; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.AlreadyInitializedException; +import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; +import org.mozilla.jss.ssl.SSLSocket; + + +public abstract class PKIClient { + + protected boolean verbose; + + protected ClientConfig config; + + protected ResteasyProviderFactory providerFactory; + protected ClientErrorHandler errorHandler; + protected ClientExecutor executor; + + public PKIClient(ClientConfig config) { + this.config = config; + + DefaultHttpClient httpClient = new DefaultHttpClient(); + + // Register https scheme. + Scheme scheme = new Scheme("https", 443, new JSSProtocolSocketFactory()); + httpClient.getConnectionManager().getSchemeRegistry().register(scheme); + + if (config.getUsername() != null && config.getPassword() != null) { + List<String> authPref = new ArrayList<String>(); + authPref.add(AuthPolicy.BASIC); + httpClient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authPref); + + httpClient.getCredentialsProvider().setCredentials( + AuthScope.ANY, + new UsernamePasswordCredentials(config.getUsername(), config.getPassword())); + } + + httpClient.addRequestInterceptor(new HttpRequestInterceptor() { + @Override + public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { + if (verbose) { + System.out.println("HTTP request: "+request.getRequestLine()); + for (Header header : request.getAllHeaders()) { + System.out.println(" "+header.getName()+": "+header.getValue()); + } + } + + // Set the request parameter to follow redirections. + HttpParams params = request.getParams(); + if (params instanceof ClientParamsStack) { + ClientParamsStack paramsStack = (ClientParamsStack)request.getParams(); + params = paramsStack.getRequestParams(); + } + HttpClientParams.setRedirecting(params, true); + } + }); + + httpClient.addResponseInterceptor(new HttpResponseInterceptor() { + @Override + public void process(HttpResponse response, HttpContext context) throws HttpException, IOException { + if (verbose) { + System.out.println("HTTP response: "+response.getStatusLine()); + for (Header header : response.getAllHeaders()) { + System.out.println(" "+header.getName()+": "+header.getValue()); + } + } + } + }); + + httpClient.setRedirectStrategy(new DefaultRedirectStrategy() { + @Override + public HttpUriRequest getRedirect(HttpRequest request, HttpResponse response, HttpContext context) + throws ProtocolException { + + HttpUriRequest uriRequest = super.getRedirect(request, response, context); + + URI uri = uriRequest.getURI(); + if (verbose) System.out.println("HTTP redirect: "+uri); + + // Redirect the original request to the new URI. + RequestWrapper wrapper; + if (request instanceof HttpEntityEnclosingRequest) { + wrapper = new EntityEnclosingRequestWrapper((HttpEntityEnclosingRequest)request); + } else { + wrapper = new RequestWrapper(request); + } + wrapper.setURI(uri); + + return wrapper; + } + + @Override + public boolean isRedirected(HttpRequest request, HttpResponse response, HttpContext context) + throws ProtocolException { + + // The default redirection policy does not redirect POST or PUT. + // This overrides the policy to follow redirections for all HTTP methods. + return response.getStatusLine().getStatusCode() == 302; + } + }); + + executor = new ApacheHttpClient4Executor(httpClient); + providerFactory = ResteasyProviderFactory.getInstance(); + providerFactory.addClientErrorInterceptor(new PKIErrorInterceptor()); + errorHandler = new ClientErrorHandler(providerFactory.getClientErrorInterceptors()); + } + + private class ServerCertApprovalCB implements SSLCertificateApprovalCallback { + + // Callback to approve or deny returned SSL server cert. + // Right now, simply approve the cert. + public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert, + SSLCertificateApprovalCallback.ValidityStatus status) { + + if (verbose) System.out.println("Server certificate: "+serverCert.getSubjectDN()); + + SSLCertificateApprovalCallback.ValidityItem item; + + Enumeration<?> errors = status.getReasons(); + while (errors.hasMoreElements()) { + item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement(); + int reason = item.getReason(); + + if (reason == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER || + reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) { + + // Allow these two since we haven't installed the CA cert for trust. + + return true; + + } + } + + // For other errors return false. + + return false; + } + } + + private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory { + + @Override + public Socket createSocket(HttpParams params) throws IOException { + return null; + } + + @Override + public Socket connectSocket(Socket sock, + InetSocketAddress remoteAddress, + InetSocketAddress localAddress, + HttpParams params) + throws IOException, + UnknownHostException, + ConnectTimeoutException { + + // Initialize JSS before using SSLSocket, + // otherwise it will throw UnsatisfiedLinkError. + if (config.getCertDatabase() == null) { + try { + // No database specified, use $HOME/.pki/nssdb. + File homeDir = new File(System.getProperty("user.home")); + File pkiDir = new File(homeDir, ".pki"); + File nssdbDir = new File(pkiDir, "nssdb"); + nssdbDir.mkdirs(); + + CryptoManager.initialize(nssdbDir.getAbsolutePath()); + + } catch (AlreadyInitializedException e) { + // ignore + + } catch (Exception e) { + throw new Error(e); + } + + } else { + // Database specified, already initialized by the main program. + } + + String hostName = null; + int port = 0; + if (remoteAddress != null) { + hostName = remoteAddress.getHostName(); + port = remoteAddress.getPort(); + } + + int localPort = 0; + InetAddress localAddr = null; + + if (localAddress != null) { + localPort = localAddress.getPort(); + localAddr = localAddress.getAddress(); + } + + SSLSocket socket; + if (sock == null) { + socket = new SSLSocket(InetAddress.getByName(hostName), + port, + localAddr, + localPort, + new ServerCertApprovalCB(), + null); + + } else { + socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null); + } + + String certNickname = config.getCertNickname(); + if (certNickname != null) { + if (verbose) System.out.println("Client certificate: "+certNickname); + socket.setClientCertNickname(certNickname); + } + + return socket; + } + + @Override + public boolean isSecure(Socket sock) { + // We only use this factory in the case of SSL Connections. + return true; + } + + @Override + public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose) + throws IOException, UnknownHostException { + // This method implementation is required to get SSL working. + return null; + } + + } + + public <T> T createProxy(Class<T> clazz) throws URISyntaxException { + URI uri = new URI(config.getServerURI()+"/rest"); + return ProxyFactory.create(clazz, uri, executor, providerFactory); + } + + @SuppressWarnings("unchecked") + public <T> T getEntity(ClientResponse<T> response) { + BaseClientResponse<T> clientResponse = (BaseClientResponse<T>)response; + try { + clientResponse.checkFailureStatus(); + + } catch (ClientResponseFailure e) { + errorHandler.clientErrorHandling((BaseClientResponse<T>) e.getResponse(), e); + + } catch (RuntimeException e) { + errorHandler.clientErrorHandling(clientResponse, e); + } + + return response.getEntity(); + } + + public boolean isVerbose() { + return verbose; + } + + public void setVerbose(boolean verbose) { + this.verbose = verbose; + } +} diff --git a/base/common/src/com/netscape/cms/client/PKIErrorInterceptor.java b/base/common/src/com/netscape/cms/client/PKIErrorInterceptor.java new file mode 100644 index 000000000..445778db4 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/PKIErrorInterceptor.java @@ -0,0 +1,62 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.client; + +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.MultivaluedMap; + +import org.jboss.resteasy.client.ClientResponse; +import org.jboss.resteasy.client.core.ClientErrorInterceptor; + +import com.netscape.certsrv.base.PKIException; + +public class PKIErrorInterceptor implements ClientErrorInterceptor { + + public void handle(ClientResponse<?> response) { + + // handle HTTP code 4xx and 5xx + int code = response.getResponseStatus().getStatusCode(); + if (code < 400) + return; + + MultivaluedMap<String, String> headers = response.getHeaders(); + String contentType = headers.getFirst("Content-Type"); + + // handle XML content only + if (contentType == null || !contentType.startsWith(MediaType.APPLICATION_XML)) + return; + + PKIException exception; + + try { + // Requires RESTEasy 2.3.2 + // https://issues.jboss.org/browse/RESTEASY-652 + PKIException.Data data = response.getEntity(PKIException.Data.class); + + Class<?> clazz = Class.forName(data.className); + exception = (PKIException) clazz.getConstructor(PKIException.Data.class).newInstance(data); + + } catch (Exception e) { + e.printStackTrace(); + return; + } + + throw exception; + } + +} diff --git a/base/common/src/com/netscape/cms/client/ca/CAClient.java b/base/common/src/com/netscape/cms/client/ca/CAClient.java new file mode 100644 index 000000000..a72f95962 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/ca/CAClient.java @@ -0,0 +1,141 @@ +//--- BEGIN COPYRIGHT BLOCK --- +//This program is free software; you can redistribute it and/or modify +//it under the terms of the GNU General Public License as published by +//the Free Software Foundation; version 2 of the License. +// +//This program is distributed in the hope that it will be useful, +//but WITHOUT ANY WARRANTY; without even the implied warranty of +//MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +//GNU General Public License for more details. +// +//You should have received a copy of the GNU General Public License along +//with this program; if not, write to the Free Software Foundation, Inc., +//51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +//(C) 2012 Red Hat, Inc. +//All rights reserved. +//--- END COPYRIGHT BLOCK --- +package com.netscape.cms.client.ca; + +import java.net.URISyntaxException; +import java.util.Collection; + +import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.cert.CertDataInfos; +import com.netscape.certsrv.cert.CertEnrollmentRequest; +import com.netscape.certsrv.cert.CertRequestInfo; +import com.netscape.certsrv.cert.CertRequestInfos; +import com.netscape.certsrv.cert.CertRequestResource; +import com.netscape.certsrv.cert.CertResource; +import com.netscape.certsrv.cert.CertReviewResponse; +import com.netscape.certsrv.cert.CertSearchRequest; +import com.netscape.certsrv.dbs.certdb.CertId; +import com.netscape.certsrv.profile.ProfileData; +import com.netscape.certsrv.profile.ProfileDataInfos; +import com.netscape.certsrv.profile.ProfileResource; +import com.netscape.certsrv.request.RequestId; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.PKIClient; + +public class CAClient extends PKIClient { + + private CertResource certClient; + private CertRequestResource certRequestClient; + private ProfileResource profileClient; + + public CAClient(ClientConfig config) throws URISyntaxException { + super(config); + + certRequestClient = createProxy(CertRequestResource.class); + certClient = createProxy(CertResource.class); + profileClient = createProxy(ProfileResource.class); + } + + public Collection<CertRequestInfo> listRequests(String requestState, String requestType) { + CertRequestInfos infos = null; + Collection<CertRequestInfo> list = null; + infos = certRequestClient.listRequests( + requestState, requestType, new RequestId(0), 100, 100, 10); + list = infos.getRequests(); + + return list; + } + + public CertDataInfos listCerts(String status) { + return certClient.listCerts(status, 100, 10); + } + + public CertDataInfos searchCerts(CertSearchRequest data) { + return certClient.searchCerts(data, 100, 10); + } + + public ProfileDataInfos listProfiles() { + return profileClient.listProfiles(); + } + + public ProfileData getProfile(String id) { + + if (id == null) { + return null; + } + + return profileClient.retrieveProfile(id); + } + + public CertData getCertData(CertId id) { + + if (id == null) { + return null; + } + + return certClient.getCert(id); + + } + + public CertRequestInfos enrollCertificate(CertEnrollmentRequest data) { + if (data == null) { + return null; + } + + return certRequestClient.enrollCert(data); + } + + public CertRequestInfo getRequest(RequestId id) { + if (id == null) { + return null; + } + return certRequestClient.getRequestInfo(id); + } + + public CertReviewResponse reviewRequest(RequestId id) { + if (id == null) { + return null; + } + return certRequestClient.reviewRequest(id); + } + + public void approveRequest(RequestId id, CertReviewResponse data) { + certRequestClient.approveRequest(id, data); + } + + public void rejectRequest(RequestId id, CertReviewResponse data) { + certRequestClient.rejectRequest(id, data); + } + + public void cancelRequest(RequestId id, CertReviewResponse data) { + certRequestClient.cancelRequest(id, data); + } + + public void updateRequest(RequestId id, CertReviewResponse data) { + certRequestClient.updateRequest(id, data); + } + + public void validateRequest(RequestId id, CertReviewResponse data) { + certRequestClient.validateRequest(id, data); + } + + public void unassignRequest(RequestId id, CertReviewResponse data) { + certRequestClient.unassignRequest(id, data); + } + +} diff --git a/base/common/src/com/netscape/cms/client/cert/CertCLI.java b/base/common/src/com/netscape/cms/client/cert/CertCLI.java index 70ad9021e..f7bb27597 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertCLI.java @@ -23,11 +23,11 @@ import java.util.Arrays; import org.apache.commons.lang.StringUtils; import org.jboss.resteasy.plugins.providers.atom.Link; +import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.cert.CertDataInfo; +import com.netscape.certsrv.cert.CertRequestInfo; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.cert.model.CertDataInfo; -import com.netscape.cms.servlet.cert.model.CertificateData; -import com.netscape.cms.servlet.request.model.CertRequestInfo; /** * @author Endi S. Dewata @@ -35,7 +35,7 @@ import com.netscape.cms.servlet.request.model.CertRequestInfo; public class CertCLI extends CLI { public MainCLI parent; - public CertRestClient client; + public CertClient client; public CertCLI(MainCLI parent) { super("cert", "Certificate management commands"); @@ -75,7 +75,7 @@ public class CertCLI extends CLI { public void execute(String[] args) throws Exception { - client = new CertRestClient(parent.config); + client = new CertClient(parent.config); client.setVerbose(verbose); if (args.length == 0) { @@ -114,7 +114,7 @@ public class CertCLI extends CLI { } public static void printCertData( - CertificateData certData, + CertData certData, boolean showPrettyPrint, boolean showEncoded) { diff --git a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java b/base/common/src/com/netscape/cms/client/cert/CertClient.java index 7c8b9f3e4..1fcb9e40d 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertRestClient.java +++ b/base/common/src/com/netscape/cms/client/cert/CertClient.java @@ -19,42 +19,42 @@ package com.netscape.cms.client.cert; import java.net.URISyntaxException; +import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.cert.CertDataInfos; +import com.netscape.certsrv.cert.CertEnrollmentRequest; +import com.netscape.certsrv.cert.CertRequestInfo; +import com.netscape.certsrv.cert.CertRequestInfos; +import com.netscape.certsrv.cert.CertRequestResource; +import com.netscape.certsrv.cert.CertResource; +import com.netscape.certsrv.cert.CertReviewResponse; +import com.netscape.certsrv.cert.CertRevokeRequest; +import com.netscape.certsrv.cert.CertSearchRequest; +import com.netscape.certsrv.cert.CertUnrevokeRequest; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.request.RequestId; -import com.netscape.cms.client.cli.ClientConfig; -import com.netscape.cms.servlet.cert.CertResource; -import com.netscape.cms.servlet.cert.model.CertDataInfos; -import com.netscape.cms.servlet.cert.model.CertRevokeRequest; -import com.netscape.cms.servlet.cert.model.CertSearchData; -import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest; -import com.netscape.cms.servlet.cert.model.CertificateData; -import com.netscape.cms.servlet.csadmin.CMSRestClient; -import com.netscape.cms.servlet.request.CertRequestResource; -import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; -import com.netscape.cms.servlet.request.model.CertRequestInfo; -import com.netscape.cms.servlet.request.model.CertRequestInfos; -import com.netscape.cms.servlet.request.model.EnrollmentRequestData; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.PKIClient; /** * @author Endi S. Dewata */ -public class CertRestClient extends CMSRestClient { +public class CertClient extends PKIClient { public CertResource certClient; public CertRequestResource certRequestResource; - public CertRestClient(ClientConfig config) throws URISyntaxException { + public CertClient(ClientConfig config) throws URISyntaxException { super(config); certClient = createProxy(CertResource.class); certRequestResource = createProxy(CertRequestResource.class); } - public CertificateData getCert(CertId id) { + public CertData getCert(CertId id) { return certClient.getCert(id); } - public CertDataInfos findCerts(CertSearchData data, Integer start, Integer size) { + public CertDataInfos findCerts(CertSearchRequest data, Integer start, Integer size) { return certClient.searchCerts(data, start, size); } @@ -70,15 +70,15 @@ public class CertRestClient extends CMSRestClient { return certClient.unrevokeCert(id, request); } - public CertRequestInfos enrollRequest(EnrollmentRequestData data){ + public CertRequestInfos enrollRequest(CertEnrollmentRequest data) { return certRequestResource.enrollCert(data); } - public AgentEnrollmentRequestData reviewRequest(RequestId id){ + public CertReviewResponse reviewRequest(RequestId id) { return certRequestResource.reviewRequest(id); } - public void approveRequest(RequestId id, AgentEnrollmentRequestData data) { + public void approveRequest(RequestId id, CertReviewResponse data) { certRequestResource.approveRequest(id, data); } } diff --git a/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java index ea88c46cd..f69506224 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertFindCLI.java @@ -28,12 +28,12 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.cli.ParseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.cert.CertDataInfo; +import com.netscape.certsrv.cert.CertDataInfos; +import com.netscape.certsrv.cert.CertSearchRequest; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.base.CMSException; -import com.netscape.cms.servlet.cert.model.CertDataInfo; -import com.netscape.cms.servlet.cert.model.CertDataInfos; -import com.netscape.cms.servlet.cert.model.CertSearchData; /** * @author Endi S. Dewata @@ -56,7 +56,7 @@ public class CertFindCLI extends CLI { addOptions(); CommandLine cmd = null; - CertSearchData searchData = null; + CertSearchRequest searchData = null; try { cmd = parser.parse(options, args); } catch (ParseException e) { @@ -84,7 +84,7 @@ public class CertFindCLI extends CLI { FileReader reader = null; try { reader = new FileReader(fileName); - searchData = CertSearchData.valueOf(reader); + searchData = CertSearchRequest.valueOf(reader); } catch (FileNotFoundException e) { System.err.println("Error: " + e.getMessage()); System.exit(-1); @@ -100,7 +100,7 @@ public class CertFindCLI extends CLI { } } } else { - searchData = new CertSearchData(); + searchData = new CertSearchRequest(); searchData.setSerialNumberRangeInUse(true); } String s = cmd.getOptionValue("start"); @@ -113,7 +113,7 @@ public class CertFindCLI extends CLI { CertDataInfos certs = null; try { certs = parent.client.findCerts(searchData, start, size); - } catch (CMSException e) { + } catch (PKIException e) { System.err.println("Error: Cannot list certificates. " + e.getMessage()); System.exit(-1); } @@ -267,7 +267,7 @@ public class CertFindCLI extends CLI { options.addOption(option); } - public void addSearchAttribute(CommandLine cmd, CertSearchData csd) { + public void addSearchAttribute(CommandLine cmd, CertSearchRequest csd) { if (cmd.hasOption("minSerialNumber")) { csd.setSerialNumberRangeInUse(true); csd.setSerialFrom(cmd.getOptionValue("minSerialNumber")); diff --git a/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java b/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java index 598c1e664..33667f3f0 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertHoldCLI.java @@ -26,13 +26,13 @@ import netscape.security.x509.RevocationReason; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; +import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.cert.CertRequestInfo; +import com.netscape.certsrv.cert.CertRevokeRequest; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.cert.model.CertRevokeRequest; -import com.netscape.cms.servlet.cert.model.CertificateData; -import com.netscape.cms.servlet.request.model.CertRequestInfo; /** * @author Endi S. Dewata @@ -80,7 +80,7 @@ public class CertHoldCLI extends CLI { if (!cmd.hasOption("force")) { - CertificateData certData = parent.client.getCert(certID); + CertData certData = parent.client.getCert(certID); System.out.println("Placing certificate on-hold:"); @@ -108,7 +108,7 @@ public class CertHoldCLI extends CLI { if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) { MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" on-hold"); - CertificateData certData = parent.client.getCert(certID); + CertData certData = parent.client.getCert(certID); CertCLI.printCertData(certData, false, false); } else { diff --git a/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java b/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java index 0d39aff88..10408273f 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertReleaseHoldCLI.java @@ -23,13 +23,13 @@ import java.io.InputStreamReader; import org.apache.commons.cli.CommandLine; +import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.cert.CertRequestInfo; +import com.netscape.certsrv.cert.CertUnrevokeRequest; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.cert.model.CertUnrevokeRequest; -import com.netscape.cms.servlet.cert.model.CertificateData; -import com.netscape.cms.servlet.request.model.CertRequestInfo; /** * @author Endi S. Dewata @@ -73,7 +73,7 @@ public class CertReleaseHoldCLI extends CLI { if (!cmd.hasOption("force")) { - CertificateData certData = parent.client.getCert(certID); + CertData certData = parent.client.getCert(certID); System.out.println("Placing certificate off-hold:"); @@ -99,7 +99,7 @@ public class CertReleaseHoldCLI extends CLI { if (certRequestInfo.getRequestStatus() == RequestStatus.COMPLETE) { MainCLI.printMessage("Placed certificate \"" + certID.toHexString() + "\" off-hold"); - CertificateData certData = parent.client.getCert(certID); + CertData certData = parent.client.getCert(certID); CertCLI.printCertData(certData, false, false); } else { diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java index 3d729424f..c96f482c8 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertRequestApproveCLI.java @@ -10,10 +10,10 @@ import javax.xml.bind.Unmarshaller; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.ParseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.cert.CertReviewResponse; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.base.CMSException; -import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; public class CertRequestApproveCLI extends CLI { CertCLI parent; @@ -42,14 +42,14 @@ public class CertRequestApproveCLI extends CLI { printHelp(); System.exit(-1); } - AgentEnrollmentRequestData reviewInfo = null; + CertReviewResponse reviewInfo = null; try { - JAXBContext context = JAXBContext.newInstance(AgentEnrollmentRequestData.class); + JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class); Unmarshaller unmarshaller = context.createUnmarshaller(); FileInputStream fis = new FileInputStream(cLineArgs[0].trim()); - reviewInfo = (AgentEnrollmentRequestData) unmarshaller.unmarshal(fis); + reviewInfo = (CertReviewResponse) unmarshaller.unmarshal(fis); parent.client.approveRequest(reviewInfo.getRequestId(), reviewInfo); - } catch (CMSException e) { + } catch (PKIException e) { System.err.println(e.getMessage()); System.exit(-1); } catch (JAXBException e) { diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java index 10c0e40fc..22b1faed3 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertRequestReviewCLI.java @@ -11,11 +11,11 @@ import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; import org.apache.commons.cli.ParseException; +import com.netscape.certsrv.base.PKIException; +import com.netscape.certsrv.cert.CertReviewResponse; import com.netscape.certsrv.request.RequestId; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.base.CMSException; -import com.netscape.cms.servlet.request.model.AgentEnrollmentRequestData; public class CertRequestReviewCLI extends CLI { @@ -71,16 +71,16 @@ public class CertRequestReviewCLI extends CLI { System.exit(-1); } - AgentEnrollmentRequestData reviewInfo = null; + CertReviewResponse reviewInfo = null; try { reviewInfo = parent.client.reviewRequest(reqId); - } catch (CMSException e) { + } catch (PKIException e) { System.err.println(e.getMessage()); System.exit(-1); } try { - JAXBContext context = JAXBContext.newInstance(AgentEnrollmentRequestData.class); + JAXBContext context = JAXBContext.newInstance(CertReviewResponse.class); Marshaller marshaller = context.createMarshaller(); marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); diff --git a/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java index e09f8be5b..cd974b031 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertRequestSubmitCLI.java @@ -11,11 +11,11 @@ import javax.xml.bind.Unmarshaller; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.ParseException; +import com.netscape.certsrv.cert.CertEnrollmentRequest; +import com.netscape.certsrv.cert.CertRequestInfo; +import com.netscape.certsrv.cert.CertRequestInfos; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.request.model.CertRequestInfo; -import com.netscape.cms.servlet.request.model.CertRequestInfos; -import com.netscape.cms.servlet.request.model.EnrollmentRequestData; public class CertRequestSubmitCLI extends CLI { @@ -46,7 +46,7 @@ public class CertRequestSubmitCLI extends CLI { System.exit(-1); } - EnrollmentRequestData erd = null; + CertEnrollmentRequest erd = null; try { erd = getEnrollmentRequest(cLineArgs[0]); @@ -62,12 +62,12 @@ public class CertRequestSubmitCLI extends CLI { } } - private EnrollmentRequestData getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException { - EnrollmentRequestData erd = null; - JAXBContext context = JAXBContext.newInstance(EnrollmentRequestData.class); + private CertEnrollmentRequest getEnrollmentRequest(String fileName) throws JAXBException, FileNotFoundException { + CertEnrollmentRequest erd = null; + JAXBContext context = JAXBContext.newInstance(CertEnrollmentRequest.class); Unmarshaller unmarshaller = context.createUnmarshaller(); FileInputStream fis = new FileInputStream(fileName); - erd = (EnrollmentRequestData) unmarshaller.unmarshal(fis); + erd = (CertEnrollmentRequest) unmarshaller.unmarshal(fis); return erd; } diff --git a/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java b/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java index ad3276c52..de5dddc09 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertRevokeCLI.java @@ -26,13 +26,13 @@ import netscape.security.x509.RevocationReason; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; +import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.cert.CertRequestInfo; +import com.netscape.certsrv.cert.CertRevokeRequest; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.cert.model.CertRevokeRequest; -import com.netscape.cms.servlet.cert.model.CertificateData; -import com.netscape.cms.servlet.request.model.CertRequestInfo; /** * @author Endi S. Dewata @@ -107,7 +107,7 @@ public class CertRevokeCLI extends CLI { if (!cmd.hasOption("force")) { - CertificateData certData = parent.client.getCert(certID); + CertData certData = parent.client.getCert(certID); if (reason == RevocationReason.CERTIFICATE_HOLD) { System.out.println("Placing certificate on-hold:"); @@ -154,7 +154,7 @@ public class CertRevokeCLI extends CLI { MainCLI.printMessage("Revoked certificate \"" + certID.toHexString() + "\""); } - CertificateData certData = parent.client.getCert(certID); + CertData certData = parent.client.getCert(certID); CertCLI.printCertData(certData, false, false); } else { diff --git a/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java b/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java index 1389a0a42..4fcfc8c3d 100644 --- a/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java +++ b/base/common/src/com/netscape/cms/client/cert/CertShowCLI.java @@ -24,10 +24,10 @@ import java.io.PrintWriter; import org.apache.commons.cli.CommandLine; import org.apache.commons.cli.Option; +import com.netscape.certsrv.cert.CertData; import com.netscape.certsrv.dbs.certdb.CertId; import com.netscape.cms.client.cli.CLI; import com.netscape.cms.client.cli.MainCLI; -import com.netscape.cms.servlet.cert.model.CertificateData; /** * @author Endi S. Dewata @@ -78,7 +78,7 @@ public class CertShowCLI extends CLI { CertId certID = new CertId(cmdArgs[0]); String file = cmd.getOptionValue("output"); - CertificateData certData = parent.client.getCert(certID); + CertData certData = parent.client.getCert(certID); String encoded = certData.getEncoded(); if (encoded != null && file != null) { diff --git a/base/common/src/com/netscape/cms/client/cli/MainCLI.java b/base/common/src/com/netscape/cms/client/cli/MainCLI.java index 50c90d892..2398a3837 100644 --- a/base/common/src/com/netscape/cms/client/cli/MainCLI.java +++ b/base/common/src/com/netscape/cms/client/cli/MainCLI.java @@ -30,6 +30,7 @@ import org.mozilla.jss.crypto.CryptoToken; import org.mozilla.jss.util.IncorrectPasswordException; import org.mozilla.jss.util.Password; +import com.netscape.cms.client.ClientConfig; import com.netscape.cms.client.cert.CertCLI; import com.netscape.cms.client.group.GroupCLI; import com.netscape.cms.client.user.UserCLI; diff --git a/base/common/src/com/netscape/cms/client/group/GroupCLI.java b/base/common/src/com/netscape/cms/client/group/GroupCLI.java index fefc1b0c9..b106c6fc1 100644 --- a/base/common/src/com/netscape/cms/client/group/GroupCLI.java +++ b/base/common/src/com/netscape/cms/client/group/GroupCLI.java @@ -34,7 +34,7 @@ import com.netscape.cms.client.cli.MainCLI; public class GroupCLI extends CLI { public MainCLI parent; - public GroupRestClient client; + public GroupClient client; public GroupCLI(MainCLI parent) { super("group", "Group management commands"); @@ -74,7 +74,7 @@ public class GroupCLI extends CLI { public void execute(String[] args) throws Exception { - client = new GroupRestClient(parent.config); + client = new GroupClient(parent.config); client.setVerbose(verbose); if (args.length == 0) { diff --git a/base/common/src/com/netscape/cms/client/group/GroupRestClient.java b/base/common/src/com/netscape/cms/client/group/GroupClient.java index 1b98035ea..b3784ef46 100644 --- a/base/common/src/com/netscape/cms/client/group/GroupRestClient.java +++ b/base/common/src/com/netscape/cms/client/group/GroupClient.java @@ -27,18 +27,18 @@ import com.netscape.certsrv.group.GroupMemberCollection; import com.netscape.certsrv.group.GroupMemberData; import com.netscape.certsrv.group.GroupMemberResource; import com.netscape.certsrv.group.GroupResource; -import com.netscape.cms.client.cli.ClientConfig; -import com.netscape.cms.servlet.csadmin.CMSRestClient; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.PKIClient; /** * @author Endi S. Dewata */ -public class GroupRestClient extends CMSRestClient { +public class GroupClient extends PKIClient { public GroupResource groupClient; public GroupMemberResource groupMemberClient; - public GroupRestClient(ClientConfig config) throws URISyntaxException { + public GroupClient(ClientConfig config) throws URISyntaxException { super(config); groupClient = createProxy(GroupResource.class); diff --git a/base/common/src/com/netscape/cms/client/kra/DRMClient.java b/base/common/src/com/netscape/cms/client/kra/DRMClient.java new file mode 100644 index 000000000..4bcf52987 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/kra/DRMClient.java @@ -0,0 +1,130 @@ +package com.netscape.cms.client.kra; + +import java.net.URISyntaxException; +import java.util.Collection; +import java.util.Iterator; + +import org.jboss.resteasy.client.ClientResponse; + +import com.netscape.certsrv.cert.CertData; +import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.certsrv.key.KeyArchivalRequest; +import com.netscape.certsrv.key.KeyData; +import com.netscape.certsrv.key.KeyDataInfo; +import com.netscape.certsrv.key.KeyDataInfos; +import com.netscape.certsrv.key.KeyRecoveryRequest; +import com.netscape.certsrv.key.KeyRequestInfo; +import com.netscape.certsrv.key.KeyRequestInfos; +import com.netscape.certsrv.key.KeyRequestResource; +import com.netscape.certsrv.key.KeyResource; +import com.netscape.certsrv.request.RequestId; +import com.netscape.certsrv.system.SystemCertificateResource; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.PKIClient; +import com.netscape.cmsutil.util.Utils; + +public class DRMClient extends PKIClient { + + private KeyResource keyClient; + private KeyRequestResource keyRequestClient; + private SystemCertificateResource systemCertClient; + + public DRMClient(ClientConfig config) throws URISyntaxException { + super(config); + + systemCertClient = createProxy(SystemCertificateResource.class); + keyRequestClient = createProxy(KeyRequestResource.class); + keyClient = createProxy(KeyResource.class); + } + + public String getTransportCert() { + @SuppressWarnings("unchecked") + ClientResponse<CertData> response = (ClientResponse<CertData>) systemCertClient + .getTransportCert(); + CertData certData = getEntity(response); + String transportCert = certData.getEncoded(); + return transportCert; + } + + public Collection<KeyRequestInfo> listRequests(String requestState, String requestType) { + KeyRequestInfos infos = keyRequestClient.listRequests( + requestState, requestType, null, new RequestId(0), 100, 100, 10 + ); + Collection<KeyRequestInfo> list = infos.getRequests(); + return list; + } + + public KeyRequestInfo archiveSecurityData(byte[] encoded, String clientId, String dataType) { + // create archival request + KeyArchivalRequest data = new KeyArchivalRequest(); + String req1 = Utils.base64encode(encoded); + data.setWrappedPrivateData(req1); + data.setClientId(clientId); + data.setDataType(dataType); + + KeyRequestInfo info = keyRequestClient.archiveKey(data); + return info; + } + + public KeyDataInfo getKeyData(String clientId, String status) { + KeyDataInfos infos = keyClient.listKeys(clientId, status, 100, 10); + Collection<KeyDataInfo> list = infos.getKeyInfos(); + Iterator<KeyDataInfo> iter = list.iterator(); + + while (iter.hasNext()) { + KeyDataInfo info = iter.next(); + if (info != null) { + // return the first one + return info; + } + } + return null; + } + + public KeyRequestInfo requestRecovery(KeyId keyId, byte[] rpwd, byte[] rkey, byte[] nonceData) { + // create recovery request + KeyRecoveryRequest data = new KeyRecoveryRequest(); + data.setKeyId(keyId); + if (rpwd != null) { + data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); + } + if (rkey != null) { + data.setTransWrappedSessionKey(Utils.base64encode(rkey)); + } + + if (nonceData != null) { + data.setNonceData(Utils.base64encode(nonceData)); + } + + KeyRequestInfo info = keyRequestClient.recoverKey(data); + return info; + } + + public void approveRecovery(RequestId recoveryId) { + keyRequestClient.approveRequest(recoveryId); + } + + public KeyData retrieveKey(KeyId keyId, RequestId requestId, byte[] rpwd, byte[] rkey, byte[] nonceData) { + // create recovery request + KeyRecoveryRequest data = new KeyRecoveryRequest(); + data.setKeyId(keyId); + data.setRequestId(requestId); + if (rkey != null) { + data.setTransWrappedSessionKey(Utils.base64encode(rkey)); + } + if (rpwd != null) { + data.setSessionWrappedPassphrase(Utils.base64encode(rpwd)); + } + + if (nonceData != null) { + data.setNonceData(Utils.base64encode(nonceData)); + } + + KeyData key = keyClient.retrieveKey(data); + return key; + } + + public KeyRequestInfo getRequest(RequestId id) { + return keyRequestClient.getRequestInfo(id); + } +} diff --git a/base/common/src/com/netscape/cms/client/system/SystemConfigClient.java b/base/common/src/com/netscape/cms/client/system/SystemConfigClient.java new file mode 100644 index 000000000..c9ee28718 --- /dev/null +++ b/base/common/src/com/netscape/cms/client/system/SystemConfigClient.java @@ -0,0 +1,52 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2012 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +package com.netscape.cms.client.system; + +import java.net.URISyntaxException; + +import com.netscape.certsrv.system.ConfigurationRequest; +import com.netscape.certsrv.system.ConfigurationResponse; +import com.netscape.certsrv.system.InstallToken; +import com.netscape.certsrv.system.InstallTokenRequest; +import com.netscape.certsrv.system.SystemConfigResource; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.PKIClient; + + +/** + * @author alee + * + */ +public class SystemConfigClient extends PKIClient { + + private SystemConfigResource configClient; + + public SystemConfigClient(ClientConfig config) throws URISyntaxException { + super(config); + + configClient = createProxy(SystemConfigResource.class); + } + + public ConfigurationResponse configure(ConfigurationRequest data) { + return configClient.configure(data); + } + + public InstallToken getInstallToken(InstallTokenRequest data) { + return configClient.getInstallToken(data); + } +} diff --git a/base/common/src/com/netscape/cms/client/user/UserCLI.java b/base/common/src/com/netscape/cms/client/user/UserCLI.java index a5104135b..cc9bc8aa5 100644 --- a/base/common/src/com/netscape/cms/client/user/UserCLI.java +++ b/base/common/src/com/netscape/cms/client/user/UserCLI.java @@ -34,7 +34,7 @@ import com.netscape.cms.client.cli.MainCLI; public class UserCLI extends CLI { public MainCLI parent; - public UserRestClient client; + public UserClient client; public UserCLI(MainCLI parent) { super("user", "User management commands"); @@ -75,7 +75,7 @@ public class UserCLI extends CLI { public void execute(String[] args) throws Exception { - client = new UserRestClient(parent.config); + client = new UserClient(parent.config); client.setVerbose(verbose); if (args.length == 0) { diff --git a/base/common/src/com/netscape/cms/client/user/UserRestClient.java b/base/common/src/com/netscape/cms/client/user/UserClient.java index 54c1e3fa1..010468e8a 100644 --- a/base/common/src/com/netscape/cms/client/user/UserRestClient.java +++ b/base/common/src/com/netscape/cms/client/user/UserClient.java @@ -27,18 +27,18 @@ import com.netscape.certsrv.user.UserCertResource; import com.netscape.certsrv.user.UserCollection; import com.netscape.certsrv.user.UserData; import com.netscape.certsrv.user.UserResource; -import com.netscape.cms.client.cli.ClientConfig; -import com.netscape.cms.servlet.csadmin.CMSRestClient; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.PKIClient; /** * @author Endi S. Dewata */ -public class UserRestClient extends CMSRestClient { +public class UserClient extends PKIClient { public UserResource userClient; public UserCertResource userCertClient; - public UserRestClient(ClientConfig config) throws URISyntaxException { + public UserClient(ClientConfig config) throws URISyntaxException { super(config); userClient = createProxy(UserResource.class); |