3 files changed, 238 insertions, 1 deletions

diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSErrorInterceptor.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSErrorInterceptor.java
new file mode 100644
index 000000000..b751fb091
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSErrorInterceptor.java
@@ -0,0 +1,62 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+package com.netscape.cms.servlet.csadmin;
+
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+
+import org.jboss.resteasy.client.ClientResponse;
+import org.jboss.resteasy.client.core.ClientErrorInterceptor;
+
+import com.netscape.cms.servlet.base.CMSException;
+
+public class CMSErrorInterceptor implements ClientErrorInterceptor {
+
+    public void handle(ClientResponse<?> response) {
+
+        // handle HTTP code 4xx and 5xx
+        int code = response.getResponseStatus().getStatusCode();
+        if (code < 400)
+            return;
+
+        MultivaluedMap<String, String> headers = response.getHeaders();
+        String contentType = headers.getFirst("Content-Type");
+
+        // handle XML content only
+        if (!contentType.startsWith(MediaType.TEXT_XML))
+            return;
+
+        CMSException exception;
+
+        try {
+            // Requires RESTEasy 2.3.2
+            // https://issues.jboss.org/browse/RESTEASY-652
+            CMSException.Data data = response.getEntity(CMSException.Data.class);
+
+            Class<?> clazz = Class.forName(data.className);
+            exception = (CMSException) clazz.getConstructor(CMSException.Data.class).newInstance(data);
+
+        } catch (Exception e) {
+            e.printStackTrace();
+            return;
+        }
+
+        throw exception;
+    }
+
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
new file mode 100644
index 000000000..37db06bd5
--- /dev/null
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/CMSRestClient.java
@@ -0,0 +1,175 @@
+package com.netscape.cms.servlet.csadmin;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.InetSocketAddress;
+import java.net.Socket;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.UnknownHostException;
+import java.util.Enumeration;
+
+import org.apache.commons.httpclient.ConnectTimeoutException;
+import org.apache.http.client.HttpClient;
+import org.apache.http.conn.scheme.LayeredSchemeSocketFactory;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.scheme.SchemeSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.params.HttpParams;
+import org.jboss.resteasy.client.ClientExecutor;
+import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
+import org.jboss.resteasy.spi.ResteasyProviderFactory;
+import org.mozilla.jss.ssl.SSLCertificateApprovalCallback;
+import org.mozilla.jss.ssl.SSLSocket;
+
+public abstract class CMSRestClient {
+    // Callback to approve or deny returned SSL server certs
+    // Right now, simply approve the cert.
+    // ToDO: Look into taking this JSS http client code and move it into
+    // its own class to be used by possible future clients.
+
+    public CMSRestClient(String baseUri, String clientCertNick) throws URISyntaxException {
+
+        clientCertNickname = clientCertNick;
+
+        uri = new URI(baseUri);
+
+        String protocol = uri.getScheme();
+        int port = uri.getPort();
+
+        HttpClient httpclient = new DefaultHttpClient();
+        if (protocol != null && protocol.equals("https")) {
+
+            Scheme scheme = new Scheme("https", port, new JSSProtocolSocketFactory());
+            httpclient.getConnectionManager().getSchemeRegistry().register(scheme);
+
+        }
+
+        executor = new ApacheHttpClient4Executor(httpclient);
+        providerFactory = ResteasyProviderFactory.getInstance();
+        providerFactory.addClientErrorInterceptor(new CMSErrorInterceptor());
+    }
+
+    private class ServerCertApprovalCB implements SSLCertificateApprovalCallback {
+
+        public boolean approve(org.mozilla.jss.crypto.X509Certificate servercert,
+                SSLCertificateApprovalCallback.ValidityStatus status) {
+
+            //For now lets just accept the server cert. This is a test tool, being
+            // pointed at a well know kra instance.
+
+            if (servercert != null) {
+                System.out.println("Peer SSL Servercert details: " +
+                        "\n     subject: " + servercert.getSubjectDN().toString() +
+                        "\n     issuer:  " + servercert.getIssuerDN().toString() +
+                        "\n     serial:  " + servercert.getSerialNumber().toString()
+                        );
+            }
+
+            SSLCertificateApprovalCallback.ValidityItem item;
+
+            Enumeration<?> errors = status.getReasons();
+            int i = 0;
+            while (errors.hasMoreElements()) {
+                i++;
+                item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement();
+                System.out.println("item " + i +
+                        " reason=" + item.getReason() +
+                        " depth=" + item.getDepth());
+
+                int reason = item.getReason();
+
+                if (reason ==
+                        SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER ||
+                        reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) {
+
+                    //Allow these two since we haven't necessarily installed the CA cert for trust
+                    // and we are choosing "localhost" as the host for this client.
+
+                    return true;
+
+                }
+            }
+
+            //For other errors return false
+
+            return false;
+        }
+    }
+
+    private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory {
+
+        @Override
+        public Socket createSocket(HttpParams params)
+                throws IOException {
+
+            return null;
+
+        }
+
+        @Override
+        public Socket connectSocket(Socket sock,
+                InetSocketAddress remoteAddress,
+                InetSocketAddress localAddress,
+                HttpParams params)
+                throws IOException,
+                UnknownHostException,
+                ConnectTimeoutException {
+
+            SSLSocket socket;
+
+            String hostName = null;
+            int port = 0;
+            if (remoteAddress != null) {
+                hostName = remoteAddress.getHostName();
+                port = remoteAddress.getPort();
+
+            }
+
+            int localPort = 0;
+            InetAddress localAddr = null;
+
+            if (localAddress != null) {
+                localPort = localAddress.getPort();
+                localAddr = localAddress.getAddress();
+            }
+
+            if (sock == null) {
+                socket = new SSLSocket(InetAddress.getByName(hostName),
+                        port,
+                        localAddr,
+                        localPort,
+                        new ServerCertApprovalCB(),
+                        null);
+
+            } else {
+                socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null);
+            }
+
+            if (socket != null && clientCertNickname != null) {
+                socket.setClientCertNickname(clientCertNickname);
+            }
+
+            return socket;
+        }
+
+        @Override
+        public boolean isSecure(Socket sock) {
+            //We only use this factory in the case of SSL Connections
+            return true;
+        }
+
+        @Override
+        public Socket createLayeredSocket(Socket arg0, String arg1, int arg2, boolean arg3) throws IOException,
+                UnknownHostException {
+            //This method implementation is required to get SSL working.
+            return null;
+        }
+
+    }
+
+    protected static String clientCertNickname;
+    protected ResteasyProviderFactory providerFactory;
+    protected ClientExecutor executor;
+    protected URI uri;
+}
diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 5328fc054..93de638eb 100644
--- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -1412,7 +1412,7 @@ public class ConfigurationUtils {
         return dir.delete();
     }
 
-    public static void populateIndexes() throws EPropertyNotFound, EBaseException, IOException, LDAPException {
+    public static void populateIndexes() throws Exception {
         CMS.debug("populateIndexes(): start");
         IConfigStore cs = CMS.getConfigStore();