diff options
author | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-06-25 12:07:39 +0000 |
---|---|---|
committer | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-06-25 12:07:39 +0000 |
commit | 69e0dbee3567fc3a710d7bffad4d03e64edd7daa (patch) | |
tree | bae70dc305f577693a591658db904314a6bdeda5 | |
parent | baa86c0bbcd5509ac70cc318547632c9ad4d9fde (diff) | |
download | mocca-69e0dbee3567fc3a710d7bffad4d03e64edd7daa.tar.gz mocca-69e0dbee3567fc3a710d7bffad4d03e64edd7daa.tar.bz2 mocca-69e0dbee3567fc3a710d7bffad4d03e64edd7daa.zip |
TLS CipherSuites (FF XP)
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@375 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
6 files changed, 116 insertions, 20 deletions
diff --git a/BKUWebStart/pom.xml b/BKUWebStart/pom.xml index 25683dba..fb72f26f 100644 --- a/BKUWebStart/pom.xml +++ b/BKUWebStart/pom.xml @@ -205,6 +205,12 @@ <artifactId>utils</artifactId> <groupId>at.gv.egiz</groupId> <version>1.1.2-SNAPSHOT</version> + <exclusions> + <exclusion> + <artifactId>iaik_ecc_signed</artifactId> + <groupId>iaik</groupId> + </exclusion> + </exclusions> </dependency> <dependency> <groupId>commons-logging</groupId> diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java index b1fc29be..36c9cbb2 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java @@ -41,6 +41,7 @@ import java.io.BufferedWriter; import java.io.FileInputStream;
import java.io.FileReader;
import java.io.FileWriter;
+import java.net.BindException;
import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
@@ -48,6 +49,7 @@ import java.util.UUID; import java.util.jar.Attributes;
import java.util.jar.Manifest;
import java.util.zip.ZipOutputStream;
+import org.mortbay.util.MultiException;
public class BKULauncher implements BKUControllerInterface {
@@ -65,7 +67,11 @@ public class BKULauncher implements BKUControllerInterface { public static final String GREETING_CAPTION = "Greetings.Caption";
public static final String GREETING_MESSAGE = "Greetings.Message";
public static final String STARTUP_CAPTION = "Startup.Caption";
+ public static final String ERROR_CAPTION = "Error.Caption";
public static final String STARTUP_MESSAGE = "Startup.Message";
+ public static final String ERROR_STARTUP_MESSAGE = "Error.Startup.Message";
+ public static final String ERROR_CONF_MESSAGE = "Error.Conf.Message";
+ public static final String ERROR_BIND_MESSAGE = "Error.Bind.Message";
public static final String VERSION_FILE = ".version";
private static Log log = LogFactory.getLog(BKULauncher.class);
private ResourceBundle resourceBundle = null;
@@ -222,8 +228,8 @@ public class BKULauncher implements BKUControllerInterface { // }
// }
- log.debug("trying install MOCCA certificate on system browser");
if (installCert) {
+ log.debug("trying install MOCCA certificate on system browser");
if (Desktop.isDesktopSupported()) {
Desktop desktop = Desktop.getDesktop();
if (desktop.isSupported(Desktop.Action.BROWSE)) {
@@ -270,26 +276,60 @@ public class BKULauncher implements BKUControllerInterface { /**
* @param args
*/
- public static void main(String[] args) {
- try {
- log.warn("***** DISABLING SECURITY MANAGER *******");
+ public static void main(String[] args) throws InterruptedException {
+
+ if (log.isDebugEnabled()) {
+ //System.setProperty("DEBUG", "true");
+ System.setProperty("VERBOSE", "true");
+ System.setProperty("javax.net.debug", "ssl,handshake");
+ }
+
+// log.warn("***** DISABLING SECURITY MANAGER *******");
System.setSecurityManager(null);
+
BKULauncher launcher = new BKULauncher();
launcher.initStart();
- File configDir = new File(System.getProperty("user.home") + '/' + CONFIG_DIR);
- boolean installCert = launcher.ensureConfig(configDir);
+ boolean installCert = false;
+
launcher.initTrayIcon();
TrayIconDialog.getInstance().displayInfo(STARTUP_CAPTION, STARTUP_MESSAGE);
- launcher.startUpServer();
- TrayIconDialog.getInstance().displayInfo(GREETING_CAPTION, GREETING_MESSAGE);
-// launcher.initTrayIcon();
- launcher.initFinished(installCert);
- } catch (Exception e) {
- log.fatal("Failed to launch BKU: " + e.getMessage(), e);
- System.exit(-1000);
- }
+ try {
+ File configDir = new File(System.getProperty("user.home") + '/' + CONFIG_DIR);
+ installCert = launcher.ensureConfig(configDir);
+ } catch (Exception ex) {
+ log.fatal("Failed to init MOCCA configuration, exiting", ex);
+ TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_CONF_MESSAGE);
+ Thread.sleep(5000);
+ System.exit(-1000);
+ }
+
+ try {
+ launcher.startUpServer();
+ TrayIconDialog.getInstance().displayInfo(GREETING_CAPTION, GREETING_MESSAGE);
+ launcher.initFinished(installCert);
+ } catch (BindException ex) {
+ log.fatal("Failed to launch MOCCA, " + ex.getMessage(), ex);
+ TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_BIND_MESSAGE);
+ Thread.sleep(5000);
+ System.exit(-1000);
+ } catch (MultiException ex) {
+ log.fatal("Failed to launch MOCCA, " + ex.getMessage(), ex);
+ if (ex.getThrowable(0) instanceof BindException) {
+ TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_BIND_MESSAGE);
+ } else {
+ TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_STARTUP_MESSAGE);
+ }
+ Thread.sleep(5000);
+ System.exit(-1000);
+ } catch (Exception e) {
+ log.fatal("Failed to launch MOCCA, " + e.getMessage(), e);
+ TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_STARTUP_MESSAGE);
+ Thread.sleep(5000);
+ System.exit(-1000);
+ }
+
}
private void backupAndDelete(File dir, URI relativeTo, ZipOutputStream zip) throws IOException {
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 0cd3e633..89044486 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -35,6 +35,7 @@ public class Container { }
public void init() throws IOException {
+// System.setProperty("DEBUG", "true");
server = new Server();
QueuedThreadPool qtp = new QueuedThreadPool();
qtp.setMaxThreads(5);
@@ -55,7 +56,13 @@ public class Container { sslConnector.setAcceptors(1);
sslConnector.setHost("127.0.0.1");
File configDir = new File(System.getProperty("user.home") + "/" + BKULauncher.CONFIG_DIR);
- sslConnector.setKeystore(configDir.getPath() + "/" + BKULauncher.KEYSTORE_FILE);
+ File keystoreFile = new File(configDir, BKULauncher.KEYSTORE_FILE);
+ if (!keystoreFile.canRead()) {
+ log.error("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath());
+ throw new FileNotFoundException("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath());
+ }
+ log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath());
+ sslConnector.setKeystore(keystoreFile.getAbsolutePath());
File passwdFile = new File(configDir, BKULauncher.PASSWD_FILE);
BufferedReader reader = new BufferedReader(new FileReader(passwdFile));
String pwd;
@@ -64,6 +71,42 @@ public class Container { sslConnector.setKeyPassword(pwd);
}
reader.close();
+
+ //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey
+ String[] RFC4492CipherSuites = new String[] {
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+
+ "TLS_ECDH_RSA_WITH_NULL_SHA",
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+
+ "TLS_ECDHE_RSA_WITH_NULL_SHA",
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+
+ "TLS_ECDH_anon_WITH_NULL_SHA",
+ "TLS_ECDH_anon_WITH_RC4_128_SHA",
+ "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+ };
+
+ sslConnector.setExcludeCipherSuites(RFC4492CipherSuites);
+
server.setConnectors(new Connector[] { connector, sslConnector });
@@ -71,7 +114,7 @@ public class Container { webapp.setLogUrlOnStart(true);
webapp.setContextPath("/");
webapp.setExtractWAR(true);
- webapp.setParentLoaderPriority(false); //true);
+ webapp.setParentLoaderPriority(false);
webapp.setWar(copyWebapp(webapp.getTempDirectory())); //getClass().getClassLoader().getResource("BKULocalWar/").toString());
diff --git a/BKUWebStart/src/main/jnlp/resources/player.jnlp b/BKUWebStart/src/main/jnlp/resources/player.jnlp new file mode 100644 index 00000000..da08ebc2 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/player.jnlp @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Jump specific JNL file for launching the player --> +<player/>
\ No newline at end of file diff --git a/BKUWebStart/src/main/jnlp/template.xml b/BKUWebStart/src/main/jnlp/template.xml index 07e1c28a..4d08d4e5 100644 --- a/BKUWebStart/src/main/jnlp/template.xml +++ b/BKUWebStart/src/main/jnlp/template.xml @@ -5,11 +5,12 @@ <jnlp spec="$jnlpspec" codebase="$$codebase" context="$$context" href="$$name"> <information> - <title>$project.Name EarlyAccess</title> + <!--title>$project.Name</title--> + <title>$project.Description</title> <vendor>$project.Organization.Name</vendor> <homepage href="$project.Url"/> - <description>$project.Description EarlyAccess</description> - <description kind="short">$project.Description EarlyAccess</description> + <description>$project.Description</description> + <description kind="short">$project.Description</description> <icon href="img/logo.png" kind="default" version="1.0-SNAPSHOT"/> <icon href="img/splash.png" kind="splash" version="1.0-SNAPSHOT"/> <shortcut online="false"> diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/ui/UIMessages.properties b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/ui/UIMessages.properties index 6ee1a510..eb2b74c0 100644 --- a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/ui/UIMessages.properties +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/ui/UIMessages.properties @@ -6,7 +6,10 @@ Startup.Message=B\u00FCrgerkartenumgebung wird gestartet... Startup.Caption=B\u00FCrgerkartenumgebung (MOCCA Web Start)
Greetings.Message=B\u00FCrgerkartenumgebung erfolgreich gestartet
Greetings.Caption=B\u00FCrgerkartenumgebung (MOCCA Web Start)
-
+Error.Caption=Fehler
+Error.Startup.Message=B\u00FCrgerkartenumgebung konnte nicht gestartet werden
+Error.Conf.Message=Konfiguration konnte nicht initialisiert werden, B\u00FCrberkartenumgebung wird nicht gestartet
+Error.Bind.Message=Die f\u00FCr die B\u00FCrgerkartenumgebung reservierte Adresse wird bereits von einem anderen Dienst verwendet
Message.RequestCaption=New Request
Message.InfoboxReadRequest=Reading Infobox
Message.SecureSignatureKeypair=Reading secure signature certificate
|