avernet/Client.java

## Client.java
/*
 * ====================================================================
 *
 *  Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  See the NOTICE file distributed with
 *  this work for additional information regarding copyright ownership.
 *  The ASF licenses this file to You under the Apache License, Version 2.0
 *  (the "License"); you may not use this file except in compliance with
 *  the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS,
 *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 * ====================================================================
 *
 * This software consists of voluntary contributions made by many
 * individuals on behalf of the Apache Software Foundation.  For more
 * information on the Apache Software Foundation, please see
 * <http://www.apache.org/>.
 *
 */

import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;

import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.util.EntityUtils;

/**
 * This example demonstrates how to create secure connections with a custom SSL
 * context.
 */
public class Gaga {

    public final static void connect() throws Exception {
        DefaultHttpClient httpclient = new DefaultHttpClient();
        try {
            KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
            FileInputStream instream = new FileInputStream(new File("/Users/avernet/Dropbox/Work/Product/src/resources-local/2014-01-02-jpm-cert/ssl/orbeon.keystore"));
            try {
                trustStore.load(instream, "password".toCharArray());
            } finally {
                try { instream.close(); } catch (Exception ignore) {}
            }

            SSLSocketFactory socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS, trustStore, "password", trustStore, null, null, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
            Scheme sch = new Scheme("https", 5678, socketFactory);
            httpclient.getConnectionManager().getSchemeRegistry().register(sch);

            HttpGet httpget = new HttpGet("https://localhost/");

            System.out.println("executing request" + httpget.getRequestLine());

            HttpResponse response = httpclient.execute(httpget);
            HttpEntity entity = response.getEntity();

            System.out.println("----------------------------------------");
            System.out.println(response.getStatusLine());
            if (entity != null) {
                System.out.println("Response content length: " + entity.getContentLength());
            }
            EntityUtils.consume(entity);

        } finally {
            // When HttpClient instance is no longer needed,
            // shut down the connection manager to ensure
            // immediate deallocation of all system resources
            httpclient.getConnectionManager().shutdown();
        }
    }

}

## driver.xml
<xh:html xmlns:xh="http://www.w3.org/1999/xhtml"
      xmlns:xf="http://www.w3.org/2002/xforms"
      xmlns:xxf="http://orbeon.org/oxf/xml/xforms"
      xmlns:ev="http://www.w3.org/2001/xml-events"
      xmlns:xs="http://www.w3.org/2001/XMLSchema"
      xmlns:fr="http://orbeon.org/oxf/xml/form-runner">
    <xh:head>
        <xf:model>
            <xf:instance><empty/></xf:instance>
            <xf:submission id="service" resource="https://localhost:5678" method="post" replace="instance"/>
        </xf:model>
    </xh:head>
    <xh:body>
        <xf:trigger>
            <xf:label>Run submission</xf:label>
            <xf:send ev:event="DOMActivate" submission="service"/>
        </xf:trigger>
        <xf:trigger>
            <xf:label>Run native code</xf:label>
            <xf:action ev:event="DOMActivate" type="xpath" xmlns:gaga="java:Gaga">gaga:connect()</xf:action>
        </xf:trigger>
        <xf:output value="."/>
    </xh:body>
</xh:html>

## server.js
var https = require('https');
var fs    = require('fs');

var options = {
    key:  fs.readFileSync('ssl/server.key'),
    cert: fs.readFileSync('ssl/server.crt'),
    ca:   fs.readFileSync('ssl/ca.crt'),
    requestCert:        true,
    rejectUnauthorized: false
};

https.createServer(options, function (req, res) {
    if (req.client.authorized) {
        res.writeHead(200, {"Content-Type":"application/xml"});
        res.end('<result>42</result>');
        console.log("Approved Client ", req.client.socket.remoteAddress);
    } else {
        res.writeHead(401);
        res.end();
        console.log('authorizationError:', req.client.authorizationError);
        console.log("Denied Client " , req.client.socket.remoteAddress);
    }
}).listen(5678);
	/*
	* ====================================================================
	*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	* ====================================================================
	*
	* This software consists of voluntary contributions made by many
	* individuals on behalf of the Apache Software Foundation. For more
	* information on the Apache Software Foundation, please see
	* <http://www.apache.org/>.
	*
	*/

	import java.io.File;
	import java.io.FileInputStream;
	import java.security.KeyStore;

	import org.apache.http.HttpEntity;
	import org.apache.http.HttpResponse;
	import org.apache.http.client.methods.HttpGet;
	import org.apache.http.conn.scheme.Scheme;
	import org.apache.http.conn.ssl.SSLSocketFactory;
	import org.apache.http.impl.client.DefaultHttpClient;
	import org.apache.http.util.EntityUtils;

	/**
	* This example demonstrates how to create secure connections with a custom SSL
	* context.
	*/
	public class Gaga {

	public final static void connect() throws Exception {
	DefaultHttpClient httpclient = new DefaultHttpClient();
	try {
	KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
	FileInputStream instream = new FileInputStream(new File("/Users/avernet/Dropbox/Work/Product/src/resources-local/2014-01-02-jpm-cert/ssl/orbeon.keystore"));
	try {
	trustStore.load(instream, "password".toCharArray());
	} finally {
	try { instream.close(); } catch (Exception ignore) {}
	}

	SSLSocketFactory socketFactory = new SSLSocketFactory(SSLSocketFactory.TLS, trustStore, "password", trustStore, null, null, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
	Scheme sch = new Scheme("https", 5678, socketFactory);
	httpclient.getConnectionManager().getSchemeRegistry().register(sch);

	HttpGet httpget = new HttpGet("https://localhost/");

	System.out.println("executing request" + httpget.getRequestLine());

	HttpResponse response = httpclient.execute(httpget);
	HttpEntity entity = response.getEntity();

	System.out.println("----------------------------------------");
	System.out.println(response.getStatusLine());
	if (entity != null) {
	System.out.println("Response content length: " + entity.getContentLength());
	}
	EntityUtils.consume(entity);

	} finally {
	// When HttpClient instance is no longer needed,
	// shut down the connection manager to ensure
	// immediate deallocation of all system resources
	httpclient.getConnectionManager().shutdown();
	}
	}

	}
	<xh:html xmlns:xh="http://www.w3.org/1999/xhtml"
	xmlns:xf="http://www.w3.org/2002/xforms"
	xmlns:xxf="http://orbeon.org/oxf/xml/xforms"
	xmlns:ev="http://www.w3.org/2001/xml-events"
	xmlns:xs="http://www.w3.org/2001/XMLSchema"
	xmlns:fr="http://orbeon.org/oxf/xml/form-runner">
	<xh:head>
	<xf:model>
	<xf:instance><empty/></xf:instance>
	<xf:submission id="service" resource="https://localhost:5678" method="post" replace="instance"/>
	</xf:model>
	</xh:head>
	<xh:body>
	<xf:trigger>
	<xf:label>Run submission</xf:label>
	<xf:send ev:event="DOMActivate" submission="service"/>
	</xf:trigger>
	<xf:trigger>
	<xf:label>Run native code</xf:label>
	<xf:action ev:event="DOMActivate" type="xpath" xmlns:gaga="java:Gaga">gaga:connect()</xf:action>
	</xf:trigger>
	<xf:output value="."/>
	</xh:body>
	</xh:html>
	var https = require('https');
	var fs = require('fs');

	var options = {
	key: fs.readFileSync('ssl/server.key'),
	cert: fs.readFileSync('ssl/server.crt'),
	ca: fs.readFileSync('ssl/ca.crt'),
	requestCert: true,
	rejectUnauthorized: false
	};

	https.createServer(options, function (req, res) {
	if (req.client.authorized) {
	res.writeHead(200, {"Content-Type":"application/xml"});
	res.end('<result>42</result>');
	console.log("Approved Client ", req.client.socket.remoteAddress);
	} else {
	res.writeHead(401);
	res.end();
	console.log('authorizationError:', req.client.authorizationError);
	console.log("Denied Client " , req.client.socket.remoteAddress);
	}
	}).listen(5678);