From 108bd269ab0eb512c334939fabde68eeab5b0b67 Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 11 Aug 2012 05:34:59 -0500 Subject: Reorganized REST client classes. The REST client classes have been moved into the com.netscape.cms.client. packages. Ticket #215 --- .../cms/servlet/csadmin/ConfigurationUtils.java | 3 +- .../netscape/cms/servlet/csadmin/PKIClient.java | 305 --------------------- .../cms/servlet/csadmin/PKIErrorInterceptor.java | 62 ----- .../cms/servlet/csadmin/SystemConfigClient.java | 50 ---- 4 files changed, 2 insertions(+), 418 deletions(-) delete mode 100644 base/common/src/com/netscape/cms/servlet/csadmin/PKIClient.java delete mode 100644 base/common/src/com/netscape/cms/servlet/csadmin/PKIErrorInterceptor.java delete mode 100644 base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigClient.java (limited to 'base/common/src/com/netscape/cms/servlet/csadmin') diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java index be66f5cf7..4c9caf5c1 100644 --- a/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java +++ b/base/common/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java @@ -143,7 +143,8 @@ import com.netscape.certsrv.ocsp.IOCSPAuthority; import com.netscape.certsrv.usrgrp.IGroup; import com.netscape.certsrv.usrgrp.IUGSubsystem; import com.netscape.certsrv.usrgrp.IUser; -import com.netscape.cms.client.cli.ClientConfig; +import com.netscape.cms.client.ClientConfig; +import com.netscape.cms.client.system.SystemConfigClient; import com.netscape.cms.servlet.csadmin.model.InstallToken; import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest; import com.netscape.cmsutil.crypto.CryptoUtil; diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/PKIClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/PKIClient.java deleted file mode 100644 index 647056bd1..000000000 --- a/base/common/src/com/netscape/cms/servlet/csadmin/PKIClient.java +++ /dev/null @@ -1,305 +0,0 @@ -package com.netscape.cms.servlet.csadmin; - -import java.io.File; -import java.io.IOException; -import java.net.InetAddress; -import java.net.InetSocketAddress; -import java.net.Socket; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.UnknownHostException; -import java.util.ArrayList; -import java.util.Enumeration; -import java.util.List; - -import org.apache.commons.httpclient.ConnectTimeoutException; -import org.apache.http.Header; -import org.apache.http.HttpEntityEnclosingRequest; -import org.apache.http.HttpException; -import org.apache.http.HttpRequest; -import org.apache.http.HttpRequestInterceptor; -import org.apache.http.HttpResponse; -import org.apache.http.HttpResponseInterceptor; -import org.apache.http.ProtocolException; -import org.apache.http.auth.AuthScope; -import org.apache.http.auth.UsernamePasswordCredentials; -import org.apache.http.auth.params.AuthPNames; -import org.apache.http.client.methods.HttpUriRequest; -import org.apache.http.client.params.AuthPolicy; -import org.apache.http.client.params.HttpClientParams; -import org.apache.http.conn.scheme.LayeredSchemeSocketFactory; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.scheme.SchemeSocketFactory; -import org.apache.http.impl.client.ClientParamsStack; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.impl.client.DefaultRedirectStrategy; -import org.apache.http.impl.client.EntityEnclosingRequestWrapper; -import org.apache.http.impl.client.RequestWrapper; -import org.apache.http.params.HttpParams; -import org.apache.http.protocol.HttpContext; -import org.jboss.resteasy.client.ClientExecutor; -import org.jboss.resteasy.client.ClientResponse; -import org.jboss.resteasy.client.ClientResponseFailure; -import org.jboss.resteasy.client.ProxyFactory; -import org.jboss.resteasy.client.core.BaseClientResponse; -import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor; -import org.jboss.resteasy.client.core.extractors.ClientErrorHandler; -import org.jboss.resteasy.spi.ResteasyProviderFactory; -import org.mozilla.jss.CryptoManager; -import org.mozilla.jss.crypto.AlreadyInitializedException; -import org.mozilla.jss.ssl.SSLCertificateApprovalCallback; -import org.mozilla.jss.ssl.SSLSocket; - -import com.netscape.cms.client.cli.ClientConfig; - -public abstract class PKIClient { - - protected boolean verbose; - - protected ClientConfig config; - - protected ResteasyProviderFactory providerFactory; - protected ClientErrorHandler errorHandler; - protected ClientExecutor executor; - - public PKIClient(ClientConfig config) { - this.config = config; - - DefaultHttpClient httpClient = new DefaultHttpClient(); - - // Register https scheme. - Scheme scheme = new Scheme("https", 443, new JSSProtocolSocketFactory()); - httpClient.getConnectionManager().getSchemeRegistry().register(scheme); - - if (config.getUsername() != null && config.getPassword() != null) { - List authPref = new ArrayList(); - authPref.add(AuthPolicy.BASIC); - httpClient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authPref); - - httpClient.getCredentialsProvider().setCredentials( - AuthScope.ANY, - new UsernamePasswordCredentials(config.getUsername(), config.getPassword())); - } - - httpClient.addRequestInterceptor(new HttpRequestInterceptor() { - @Override - public void process(HttpRequest request, HttpContext context) throws HttpException, IOException { - if (verbose) { - System.out.println("HTTP request: "+request.getRequestLine()); - for (Header header : request.getAllHeaders()) { - System.out.println(" "+header.getName()+": "+header.getValue()); - } - } - - // Set the request parameter to follow redirections. - HttpParams params = request.getParams(); - if (params instanceof ClientParamsStack) { - ClientParamsStack paramsStack = (ClientParamsStack)request.getParams(); - params = paramsStack.getRequestParams(); - } - HttpClientParams.setRedirecting(params, true); - } - }); - - httpClient.addResponseInterceptor(new HttpResponseInterceptor() { - @Override - public void process(HttpResponse response, HttpContext context) throws HttpException, IOException { - if (verbose) { - System.out.println("HTTP response: "+response.getStatusLine()); - for (Header header : response.getAllHeaders()) { - System.out.println(" "+header.getName()+": "+header.getValue()); - } - } - } - }); - - httpClient.setRedirectStrategy(new DefaultRedirectStrategy() { - @Override - public HttpUriRequest getRedirect(HttpRequest request, HttpResponse response, HttpContext context) - throws ProtocolException { - - HttpUriRequest uriRequest = super.getRedirect(request, response, context); - - URI uri = uriRequest.getURI(); - if (verbose) System.out.println("HTTP redirect: "+uri); - - // Redirect the original request to the new URI. - RequestWrapper wrapper; - if (request instanceof HttpEntityEnclosingRequest) { - wrapper = new EntityEnclosingRequestWrapper((HttpEntityEnclosingRequest)request); - } else { - wrapper = new RequestWrapper(request); - } - wrapper.setURI(uri); - - return wrapper; - } - - @Override - public boolean isRedirected(HttpRequest request, HttpResponse response, HttpContext context) - throws ProtocolException { - - // The default redirection policy does not redirect POST or PUT. - // This overrides the policy to follow redirections for all HTTP methods. - return response.getStatusLine().getStatusCode() == 302; - } - }); - - executor = new ApacheHttpClient4Executor(httpClient); - providerFactory = ResteasyProviderFactory.getInstance(); - providerFactory.addClientErrorInterceptor(new PKIErrorInterceptor()); - errorHandler = new ClientErrorHandler(providerFactory.getClientErrorInterceptors()); - } - - private class ServerCertApprovalCB implements SSLCertificateApprovalCallback { - - // Callback to approve or deny returned SSL server cert. - // Right now, simply approve the cert. - public boolean approve(org.mozilla.jss.crypto.X509Certificate serverCert, - SSLCertificateApprovalCallback.ValidityStatus status) { - - if (verbose) System.out.println("Server certificate: "+serverCert.getSubjectDN()); - - SSLCertificateApprovalCallback.ValidityItem item; - - Enumeration errors = status.getReasons(); - while (errors.hasMoreElements()) { - item = (SSLCertificateApprovalCallback.ValidityItem) errors.nextElement(); - int reason = item.getReason(); - - if (reason == SSLCertificateApprovalCallback.ValidityStatus.UNTRUSTED_ISSUER || - reason == SSLCertificateApprovalCallback.ValidityStatus.BAD_CERT_DOMAIN) { - - // Allow these two since we haven't installed the CA cert for trust. - - return true; - - } - } - - // For other errors return false. - - return false; - } - } - - private class JSSProtocolSocketFactory implements SchemeSocketFactory, LayeredSchemeSocketFactory { - - @Override - public Socket createSocket(HttpParams params) throws IOException { - return null; - } - - @Override - public Socket connectSocket(Socket sock, - InetSocketAddress remoteAddress, - InetSocketAddress localAddress, - HttpParams params) - throws IOException, - UnknownHostException, - ConnectTimeoutException { - - // Initialize JSS before using SSLSocket, - // otherwise it will throw UnsatisfiedLinkError. - if (config.getCertDatabase() == null) { - try { - // No database specified, use $HOME/.pki/nssdb. - File homeDir = new File(System.getProperty("user.home")); - File pkiDir = new File(homeDir, ".pki"); - File nssdbDir = new File(pkiDir, "nssdb"); - nssdbDir.mkdirs(); - - CryptoManager.initialize(nssdbDir.getAbsolutePath()); - - } catch (AlreadyInitializedException e) { - // ignore - - } catch (Exception e) { - throw new Error(e); - } - - } else { - // Database specified, already initialized by the main program. - } - - String hostName = null; - int port = 0; - if (remoteAddress != null) { - hostName = remoteAddress.getHostName(); - port = remoteAddress.getPort(); - } - - int localPort = 0; - InetAddress localAddr = null; - - if (localAddress != null) { - localPort = localAddress.getPort(); - localAddr = localAddress.getAddress(); - } - - SSLSocket socket; - if (sock == null) { - socket = new SSLSocket(InetAddress.getByName(hostName), - port, - localAddr, - localPort, - new ServerCertApprovalCB(), - null); - - } else { - socket = new SSLSocket(sock, hostName, new ServerCertApprovalCB(), null); - } - - String certNickname = config.getCertNickname(); - if (certNickname != null) { - if (verbose) System.out.println("Client certificate: "+certNickname); - socket.setClientCertNickname(certNickname); - } - - return socket; - } - - @Override - public boolean isSecure(Socket sock) { - // We only use this factory in the case of SSL Connections. - return true; - } - - @Override - public Socket createLayeredSocket(Socket socket, String target, int port, boolean autoClose) - throws IOException, UnknownHostException { - // This method implementation is required to get SSL working. - return null; - } - - } - - public T createProxy(Class clazz) throws URISyntaxException { - URI uri = new URI(config.getServerURI()+"/rest"); - return ProxyFactory.create(clazz, uri, executor, providerFactory); - } - - @SuppressWarnings("unchecked") - public T getEntity(ClientResponse response) { - BaseClientResponse clientResponse = (BaseClientResponse)response; - try { - clientResponse.checkFailureStatus(); - - } catch (ClientResponseFailure e) { - errorHandler.clientErrorHandling((BaseClientResponse) e.getResponse(), e); - - } catch (RuntimeException e) { - errorHandler.clientErrorHandling(clientResponse, e); - } - - return response.getEntity(); - } - - public boolean isVerbose() { - return verbose; - } - - public void setVerbose(boolean verbose) { - this.verbose = verbose; - } -} diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/PKIErrorInterceptor.java b/base/common/src/com/netscape/cms/servlet/csadmin/PKIErrorInterceptor.java deleted file mode 100644 index 795c0fda3..000000000 --- a/base/common/src/com/netscape/cms/servlet/csadmin/PKIErrorInterceptor.java +++ /dev/null @@ -1,62 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.csadmin; - -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.MultivaluedMap; - -import org.jboss.resteasy.client.ClientResponse; -import org.jboss.resteasy.client.core.ClientErrorInterceptor; - -import com.netscape.cms.servlet.base.PKIException; - -public class PKIErrorInterceptor implements ClientErrorInterceptor { - - public void handle(ClientResponse response) { - - // handle HTTP code 4xx and 5xx - int code = response.getResponseStatus().getStatusCode(); - if (code < 400) - return; - - MultivaluedMap headers = response.getHeaders(); - String contentType = headers.getFirst("Content-Type"); - - // handle XML content only - if (contentType == null || !contentType.startsWith(MediaType.APPLICATION_XML)) - return; - - PKIException exception; - - try { - // Requires RESTEasy 2.3.2 - // https://issues.jboss.org/browse/RESTEASY-652 - PKIException.Data data = response.getEntity(PKIException.Data.class); - - Class clazz = Class.forName(data.className); - exception = (PKIException) clazz.getConstructor(PKIException.Data.class).newInstance(data); - - } catch (Exception e) { - e.printStackTrace(); - return; - } - - throw exception; - } - -} diff --git a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigClient.java b/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigClient.java deleted file mode 100644 index 11815a65b..000000000 --- a/base/common/src/com/netscape/cms/servlet/csadmin/SystemConfigClient.java +++ /dev/null @@ -1,50 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2012 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cms.servlet.csadmin; - -import java.net.URISyntaxException; - -import com.netscape.cms.client.cli.ClientConfig; -import com.netscape.cms.servlet.csadmin.model.ConfigurationRequest; -import com.netscape.cms.servlet.csadmin.model.ConfigurationResponse; -import com.netscape.cms.servlet.csadmin.model.InstallToken; -import com.netscape.cms.servlet.csadmin.model.InstallTokenRequest; - - -/** - * @author alee - * - */ -public class SystemConfigClient extends PKIClient { - - private SystemConfigResource configClient; - - public SystemConfigClient(ClientConfig config) throws URISyntaxException { - super(config); - - configClient = createProxy(SystemConfigResource.class); - } - - public ConfigurationResponse configure(ConfigurationRequest data) { - return configClient.configure(data); - } - - public InstallToken getInstallToken(InstallTokenRequest data) { - return configClient.getInstallToken(data); - } -} -- cgit