diff options
author | wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-10-01 07:30:55 +0000 |
---|---|---|
committer | wbauer <wbauer@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2008-10-01 07:30:55 +0000 |
commit | 7d3f6235a46f70323defa9910da240e61ca684b3 (patch) | |
tree | 2795b666ba88babbc739fdaa59d24ff83629b8d9 | |
parent | 8ccd9ab69dc74762567930f4c576a359502f1071 (diff) | |
download | mocca-7d3f6235a46f70323defa9910da240e61ca684b3.tar.gz mocca-7d3f6235a46f70323defa9910da240e61ca684b3.tar.bz2 mocca-7d3f6235a46f70323defa9910da240e61ca684b3.zip |
Moved main parts of the configuration to bkucommon
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@78 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
25 files changed, 1169 insertions, 691 deletions
diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 49ec95a0..204fa6b9 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -13,7 +13,53 @@ <packaging>war</packaging> <name>BKU Local</name> <version>1.0-SNAPSHOT</version> - <description /> + <description />
+
+ <scm>
+ <developerConnection>scm:svn:svn://svn.egovlabs.gv.at/svnroot/mocca/trunk/BKULocal</developerConnection>
+ <connection>scm:svn:svn://svn.egovlabs.gv.at/svnroot/mocca/trunk/BKULocal</connection>
+ <url>scm:svn:svn://svn.egovlabs.gv.at/svnroot/mocca/trunk/BKULocal</url>
+ </scm> + <build>
+ <plugins>
+ <plugin>
+ <artifactId>maven-war-plugin</artifactId>
+ <version>2.0.2</version>
+ <configuration>
+ <manifest>
+ <addDefaultImplementationEntries>
+ true
+ </addDefaultImplementationEntries>
+ </manifest>
+ <archive>
+ <manifestEntries>
+ <Implementation-Build>
+ ${project.version}-r${buildNumber}
+ </Implementation-Build>
+ </manifestEntries>
+ </archive>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>maven-buildnumber-plugin</artifactId>
+ <version>0.9.6</version>
+ <executions>
+ <execution>
+ <phase>validate</phase>
+ <goals>
+ <goal>create</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <doCheck>false</doCheck>
+ <doUpdate>false</doUpdate>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ <dependencies> <dependency> <groupId>at.gv.egiz</groupId> diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java index b547bf6a..3f50fc78 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java @@ -1,65 +1,65 @@ /*
-* Copyright 2008 Federal Chancellery Austria and
-* Graz University of Technology
-*
-* Licensed under the Apache License, Version 2.0 (the "License");
-* you may not use this file except in compliance with the License.
-* You may obtain a copy of the License at
-*
-* http://www.apache.org/licenses/LICENSE-2.0
-*
-* Unless required by applicable law or agreed to in writing, software
-* distributed under the License is distributed on an "AS IS" BASIS,
-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-* See the License for the specific language governing permissions and
-* limitations under the License.
-*/
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package at.gv.egiz.bku.local.accesscontroller;
import java.io.IOException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import org.springframework.context.ResourceLoaderAware;
import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
-import at.gv.egiz.bku.local.conf.Configurator;
+import at.gv.egiz.bku.conf.Configurator;
public class SpringSecurityManager extends SecurityManagerFacade implements
- ResourceLoaderAware {
+ ResourceLoaderAware {
- private ResourceLoader resourceLoader;
+ private ResourceLoader resourceLoader;
- private static Log log = LogFactory.getLog(SpringSecurityManager.class);
+ private static Log log = LogFactory.getLog(SpringSecurityManager.class);
- protected Configurator config;
+ protected Configurator config;
- public void setConfig(Configurator config) {
- this.config = config;
- }
+ public void setConfig(Configurator config) {
+ this.config = config;
+ }
- public void init() {
- String noMatch = config.getProperty("AccessController.acceptNoMatch");
- if (noMatch != null) {
- log.debug("Setting allow now match to: " + noMatch);
- setAllowUnmatched(Boolean.getBoolean(noMatch));
- }
- String policy = config.getProperty("AccessController.policyResource");
- log.info("Loading resource: " + policy);
- try {
- Resource res = resourceLoader.getResource(policy);
- init(res.getInputStream());
- } catch (IOException e) {
- log.error(e);
- }
- }
+ public void init() {
+ String noMatch = config.getProperty("AccessController.acceptNoMatch");
+ if (noMatch != null) {
+ log.debug("Setting allow now match to: " + noMatch);
+ setAllowUnmatched(Boolean.getBoolean(noMatch));
+ }
+ String policy = config.getProperty("AccessController.policyResource");
+ policy = policy.replace("${user.home}", System.getProperty("user.home"));
+ log.info("Loading resource: " + policy);
+ try {
+ Resource res = resourceLoader.getResource(policy);
+ init(res.getInputStream());
+ } catch (IOException e) {
+ log.error(e);
+ }
+ }
- @Override
- public void setResourceLoader(ResourceLoader loader) {
- this.resourceLoader = loader;
- }
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java deleted file mode 100644 index 57a0f84f..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.local.conf; - -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; -import iaik.xml.crypto.XSecProvider; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.security.Provider; -import java.security.Security; -import java.util.Properties; - -import javax.net.ssl.HttpsURLConnection; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; -import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; - -/** - * - * TODO currently only the code to get started. - */ -public abstract class Configurator { - - private Log log = LogFactory.getLog(Configurator.class); - - private static Configurator instance = new SpringConfigurator(); - - protected Properties properties; - - protected Configurator() { - } - - public static Configurator getInstance() { - return instance; - } - - protected void configUrlConnections() { - HttpsURLConnection.setFollowRedirects(false); - HttpURLConnection.setFollowRedirects(false); - } - - protected void configureProviders() { - log.debug("Registering security providers"); - Security.insertProviderAt(new IAIK(), 1); - Security.insertProviderAt(new ECCProvider(false), 2); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); - StringBuilder sb = new StringBuilder(); - sb.append("Registered providers: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); - } - log.debug(sb.toString()); - } - - protected void configViewer() { - String bv = properties.getProperty("ValidateHashDataInputs"); - if (bv != null) { - DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); - } else { - log.warn("ValidateHashDataInputs not set, falling back to default"); - } - } - - public void configure() { - configureProviders(); - configUrlConnections(); - configViewer(); - } - - public void setConfiguration(Properties props) { - this.properties = props; - } - - public String getProperty(String key) { - if (properties != null) { - return properties.getProperty(key); - } - return null; - } -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 46668667..bcb96c2f 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -19,41 +19,8 @@ package at.gv.egiz.bku.local.conf; import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Security;
-import java.security.cert.CertPathBuilder;
-import java.security.cert.CertStore;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.LDAPCertStoreParameters;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.PKIXCertPathBuilderResult;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedList;
-import java.util.List;
+import java.io.InputStream;
import java.util.Properties;
-import java.util.Set;
-
-import javax.naming.ldap.LdapContext;
-import javax.naming.ldap.LdapReferralException;
-import javax.net.ssl.CertPathTrustManagerParameters;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.ManagerFactoryParameters;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509TrustManager;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -61,8 +28,7 @@ import org.springframework.context.ResourceLoaderAware; import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
-import at.gv.egiz.bku.binding.DataUrl;
-import at.gv.egiz.bku.binding.DataUrlConnection;
+import at.gv.egiz.bku.conf.Configurator;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
public class SpringConfigurator extends Configurator implements
@@ -73,15 +39,16 @@ public class SpringConfigurator extends Configurator implements private ResourceLoader resourceLoader;
public SpringConfigurator() {
- File configDir = new File(System.getProperty("user.home") + "/.bku/conf");
- if (configDir.exists()) {
- log.debug("Found existing config directory: " + configDir);
- } else {
- log.info("Config dir not existing, creating new");
- if (!configDir.mkdirs()) {
- log.error("Cannot create directory: " + configDir);
- }
- }
+ // File configDir = new File(System.getProperty("user.home") +
+ // "/.bku/conf");
+ // if (configDir.exists()) {
+ // log.debug("Found existing config directory: " + configDir);
+ // } else {
+ // log.info("Config dir not existing, creating new");
+ // if (!configDir.mkdirs()) {
+ // log.error("Cannot create directory: " + configDir);
+ // }
+ // }
}
public void setResource(Resource resource) {
@@ -99,248 +66,75 @@ public class SpringConfigurator extends Configurator implements }
}
- public void configureVersion() {
- Properties p = new Properties();
- try {
- p.load(resourceLoader.getResource("META-INF/MANIFEST.MF")
- .getInputStream());
- String version = p.getProperty("Implementation-Build");
- properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
- "citizen-card-environment/1.2 MOCCA " + version);
- DataUrl.setConfiguration(properties);
- log.debug("Setting user agent to: "
- + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
- } catch (IOException e) {
- log.error(e);
- }
- }
-
+ @Override
public void configure() {
+ if (properties == null) {
+ defaultInit();
+ }
super.configure();
- configureSSL();
- configureVersion();
- configureNetwork();
}
- public void configureNetwork() {
- String proxy = getProperty("HTTPProxyHost");
- String portString = getProperty("HTTPProxyPort");
- if ((proxy == null) || (proxy.equals(""))) {
- log.info("No proxy configured");
- } else {
- log.info("Setting proxy to: " + proxy + ":" + portString);
- System.setProperty("proxyHost", proxy);
- System.setProperty("proxyPort", portString);
- }
- String timeout = getProperty("DefaultSocketTimeout");
- if ((timeout != null) && (!timeout.equals(""))) {
- System.setProperty("sun.net.client.defaultConnectTimeout", timeout);
+ public void defaultInit() {
+ Properties props = new Properties();
+ try {
+ props.load(new FileInputStream(System.getProperty("user.home")
+ + "/.mocca/war/mocca.war"));
+ super.setConfiguration(props);
+ } catch (IOException e) {
+ log.error("Cannot load config", e);
}
}
- private Set<TrustAnchor> getCACerts() throws IOException,
- CertificateException {
- Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
- String caDirectory = getProperty("SSL.caDirectory");
- if (caDirectory != null) {
- Resource caDirRes = resourceLoader.getResource(caDirectory);
- File caDir = caDirRes.getFile();
- if (!caDir.isDirectory()) {
- log.error("Expecting directory as SSL.caDirectory parameter");
- throw new SLRuntimeException(
- "Expecting directory as SSL.caDirectory parameter");
- }
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- for (File f : caDir.listFiles()) {
- try {
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
- fis.close();
- log.debug("Adding trusted cert " + cert.getSubjectDN());
- caCerts.add(new TrustAnchor(cert, null));
- } catch (Exception e) {
- log.error("Cannot add trusted ca", e);
- }
- }
- return caCerts;
-
- } else {
- log.warn("No CA certificates configured");
- }
- return null;
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
}
- private List<CertStore> getCertstore() throws IOException,
- CertificateException, InvalidAlgorithmParameterException,
- NoSuchAlgorithmException {
- List<CertStore> resultList = new ArrayList<CertStore>();
- String certDirectory = getProperty("SSL.certDirectory");
- if (certDirectory != null) {
- Resource certDirRes = resourceLoader.getResource(certDirectory);
-
- File certDir = certDirRes.getFile();
+ private File getDirectory(String property) {
+ property = property
+ .replace("${user.home}", System.getProperty("user.home"));
+ if (property != null) {
+ Resource certDirRes = resourceLoader.getResource(property);
+ File certDir;
+ try {
+ certDir = certDirRes.getFile();
+ } catch (IOException e) {
+ log.error("Cannot get cert directory", e);
+ throw new SLRuntimeException(e);
+ }
if (!certDir.isDirectory()) {
log.error("Expecting directory as SSL.certDirectory parameter");
throw new SLRuntimeException(
"Expecting directory as SSL.certDirectory parameter");
}
- List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- for (File f : certDir.listFiles()) {
- try {
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
- certCollection.add(cert);
- fis.close();
- log
- .trace("Added following cert to certstore: "
- + cert.getSubjectDN());
- } catch (Exception ex) {
- log.error("Cannot add certificate", ex);
- }
- }
- CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
- certCollection);
- resultList.add(CertStore.getInstance("Collection", csp));
- log.info("Added collection certstore");
- } else {
- log.warn("No certstore directory configured");
- }
- String ldapHost = getProperty("SSL.ldapServer");
- if ((ldapHost != null) && (!"".equals(ldapHost))) {
- String ldapPortString = getProperty("SSL.ldapPort");
- int ldapPort = 389;
- if (ldapPortString != null) {
- try {
- ldapPort = Integer.parseInt(ldapPortString);
- } catch (NumberFormatException nfe) {
- log.error("Invalid ldap port, using default 389");
- }
- } else {
- log.warn("ldap port not specified, using default 389");
- }
- LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters(
- ldapHost, ldapPort);
- resultList.add(CertStore.getInstance("LDAP", ldapParams));
- log.info("Added LDAP certstore");
+ return certDir;
}
- return resultList;
- }
-
- public void configureSSL() {
- Set<TrustAnchor> caCerts = null;
- try {
- caCerts = getCACerts();
- } catch (Exception e1) {
- log.error("Cannot load CA certificates", e1);
- }
- List<CertStore> certStoreList = null;
- try {
- certStoreList = getCertstore();
- } catch (Exception e1) {
- log.error("Cannot load certstore certificates", e1);
- }
- String aia = getProperty("SSL.useAIA");
- if ((aia == null) || (aia.equals(""))) {
- System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
- } else {
- System.setProperty("com.sun.security.enableAIAcaIssuers", aia);
- }
- String lifetime = getProperty("SSL.cache.lifetime");
- if ((lifetime == null) || (lifetime.equals(""))) {
- System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0");
- } else {
- System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime);
- }
- X509CertSelector selector = new X509CertSelector();
- PKIXBuilderParameters pkixParams;
- try {
- pkixParams = new PKIXBuilderParameters(caCerts, selector);
- if ((getProperty("SSL.doRevocationChecking") != null)
- && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
- log.info("Enable revocation checking");
- System.setProperty("com.sun.security.enableCRLDP", "true");
- Security.setProperty("ocsp.enable", "true");
- } else {
- log.warn("Revocation checking disabled");
- }
- for (CertStore cs : certStoreList) {
- pkixParams.addCertStore(cs);
- }
- ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
- pkixParams);
- TrustManagerFactory trustFab;
- trustFab = TrustManagerFactory.getInstance("PKIX");
- trustFab.init(trustParams);
- KeyManager[] km = null;
- SSLContext sslCtx = SSLContext
- .getInstance(getProperty("SSL.sslProtocol"));
- String disableAll = getProperty("SSL.disableAllChecks");
- if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
- log.warn("--------------------------------------");
- log.warn(" Disabling SSL Certificate Validation ");
- log.warn("--------------------------------------");
-
- sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
- certStoreList) }, null);
- } else {
- sslCtx.init(km, trustFab.getTrustManagers(), null);
- }
- HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
- } catch (Exception e) {
- log.error("Cannot configure SSL", e);
- }
- String disableAll = getProperty("SSL.disableAllChecks");
- if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
- log.warn("---------------------------------");
- log.warn(" Disabling Hostname Verification ");
- log.warn("---------------------------------");
- HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
- @Override
- public boolean verify(String hostname, SSLSession session) {
- return true;
- }
- });
- }
- }
-
- @Override
- public void setResourceLoader(ResourceLoader loader) {
- this.resourceLoader = loader;
- }
-}
-
-class MyTrustManager implements X509TrustManager {
- private static Log log = LogFactory.getLog(MyTrustManager.class);
- private X509Certificate[] trustedCerts;
+ return null;
- public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
- trustedCerts = new X509Certificate[caCerts.size()];
- int i = 0;
- for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
- TrustAnchor ta = it.next();
- trustedCerts[i++] = ta.getTrustedCert();
- }
}
@Override
- public void checkClientTrusted(X509Certificate[] arg0, String arg1)
- throws CertificateException {
- log.error("Did not expect this method to get called");
- throw new CertificateException("Method not implemented");
+ protected File getCADir() {
+ String caDirectory = getProperty("SSL.caDirectory");
+ return getDirectory(caDirectory);
}
@Override
- public void checkServerTrusted(X509Certificate[] certs, String arg1)
- throws CertificateException {
- log.warn("-------------------------------------");
- log.warn("SSL Certificate Validation Disabled !");
- log.warn("-------------------------------------");
+ protected File getCertDir() {
+ String certDirectory = getProperty("SSL.certDirectory");
+ return getDirectory(certDirectory);
}
@Override
- public X509Certificate[] getAcceptedIssuers() {
- return trustedCerts;
+ protected InputStream getManifest() {
+ Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF");
+ if ((r != null) && r.isReadable()) {
+ try {
+ return r.getInputStream();
+ } catch (IOException e) {
+ log.error("Cannot read manifest data:" + e);
+ }
+ }
+ return null;
}
-
}
\ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 29bdd1ed..8ae5bf6d 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -51,10 +51,11 @@ SSL.disableAllChecks=false # ------------ END SSL Config --------------------
ValidateHashDataInputs=true
+AppletTimeout=300000
-HTTPProxyHost=
-HTTPProxyPort=
-DefaultSocketTimeout=200
+#HTTPProxyHost=
+#HTTPProxyPort=
+#DefaultSocketTimeout=200
diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index c6a5088a..a4003a2a 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -21,6 +21,7 @@ <bean id="STALFactory" class="at.gv.egiz.bku.local.stal.SMCCSTALFactory"
scope="singleton" />
+
<bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
scope="singleton">
<constructor-arg ref="STALFactory"></constructor-arg>
@@ -47,10 +48,11 @@ </bean>
<!-- Configure Configuration -->
- <bean id="configurator" factory-method="getInstance" class="at.gv.egiz.bku.local.conf.SpringConfigurator"
+
+ <bean id="configurator" class="at.gv.egiz.bku.local.conf.SpringConfigurator"
init-method="configure">
<!-- <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/> -->
- <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/>
+ <property name="resource" value="file:${user.home}/.mocca/conf/defaultConf.properties"/>
</bean>
diff --git a/BKULocalApp/keystore.ks b/BKULocalApp/keystore.ks Binary files differnew file mode 100644 index 00000000..824c3a40 --- /dev/null +++ b/BKULocalApp/keystore.ks diff --git a/BKULocalApp/pom.xml b/BKULocalApp/pom.xml new file mode 100644 index 00000000..e2d17d7c --- /dev/null +++ b/BKULocalApp/pom.xml @@ -0,0 +1,131 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <artifactId>bku</artifactId>
+ <groupId>at.gv.egiz</groupId>
+ <version>1.0-SNAPSHOT</version>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>at.gv.egiz.bku</groupId>
+ <artifactId>BKULocalApp</artifactId>
+ <name />
+ <version>1.0-SNAPSHOT</version>
+ <description />
+ <build>
+ <pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <groupId>org.apache.maven.plugins</groupId>
+ <version>2.0.2</version>
+ <configuration>
+ <source>1.6</source>
+ <target>1.6</target>
+ <verbose>true</verbose>
+ <showWarnings>true</showWarnings>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ <plugins>
+ <plugin>
+ <artifactId>maven-dependency-plugin
+ </artifactId>
+ <executions>
+ <execution>
+ <id>copywar</id>
+ <goals>
+ <goal>copy</goal>
+ </goals>
+ <configuration>
+ <artifactItems>
+ <artifactItem>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>BKULocal</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <type>war</type>
+ </artifactItem>
+ </artifactItems>
+ <outputDirectory>
+ ${project.build.directory}/classes
+ </outputDirectory>
+ </configuration>
+ </execution>
+ <execution>
+ <id>unpack-dependencies</id>
+ <goals>
+ <goal>unpack-dependencies</goal>
+ </goals>
+ <configuration>
+ <excludes>javax/xml/crypto/**, demo/**,
+ junit/**, w3/**, org/etsi/**, META-INF/**</excludes>
+ <outputDirectory>${project.build.directory}/classes</outputDirectory>
+ <overWriteReleases>true</overWriteReleases>
+ <overWriteSnapshots>true</overWriteSnapshots>
+ </configuration>
+ </execution>
+
+ </executions>
+ </plugin>
+
+ <plugin>
+ <artifactId>maven-jar-plugin</artifactId>
+ <executions>
+ <execution>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <archive>
+ <addMavenDescriptor>false</addMavenDescriptor>
+ <index>false</index>
+ <manifest>
+ <addClasspath>false</addClasspath>
+ <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
+ </manifest>
+ </archive>
+ <alias>test-applet signer</alias>
+ <keystore>./keystore.ks</keystore>
+ <storepass>storepass</storepass>
+ <keypass>keypass</keypass>
+ <verify>true</verify>
+ </configuration>
+ </plugin>
+
+ </plugins>
+ </build>
+ <dependencies>
+
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ <version>1.1.1</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz</groupId>
+ <artifactId>BKULocal</artifactId>
+ <version>1.0-SNAPSHOT</version>
+ <type>war</type>
+ </dependency>
+ <dependency>
+ <artifactId>utils</artifactId>
+ <groupId>at.gv.egiz</groupId>
+ <version>1.0-SNAPSHOT</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-cli</groupId>
+ <artifactId>commons-cli</artifactId>
+ <version>1.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.mortbay.jetty</groupId>
+ <artifactId>jetty</artifactId>
+ <version>6.1.10</version>
+ </dependency>
+ </dependencies>
+
+</project>
\ No newline at end of file diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java new file mode 100644 index 00000000..091843e1 --- /dev/null +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java @@ -0,0 +1,222 @@ +package at.gv.egiz.bku.local.app;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.security.KeyStore;
+import java.util.Enumeration;
+import java.util.Locale;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.cli.PosixParser;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.local.ui.BKUControllerInterface;
+import at.gv.egiz.bku.local.ui.TrayIconDialog;
+import at.gv.egiz.bku.utils.StreamUtil;
+
+public class BKULauncher implements BKUControllerInterface {
+ private static Log log = LogFactory.getLog(BKULauncher.class);
+
+ private ResourceBundle resourceBundle = null;
+ private Container server;
+
+ private void startUpServer() throws Exception {
+ server = new Container();
+ // XmlConfiguration xcfg = new XmlConfiguration(getClass().getClassLoader()
+ // .getResourceAsStream("at/gv/egiz/bku/local/app/jetty.xml"));
+ // xcfg.configure(server);
+ server.init();
+ server.start();
+ }
+
+ private void initTrayIcon() {
+ Locale loc = Locale.getDefault();
+ try {
+ resourceBundle = ResourceBundle.getBundle(
+ "at/gv/egiz/bku/local/ui/UIMessages", loc);
+ } catch (MissingResourceException mx) {
+ resourceBundle = ResourceBundle.getBundle(
+ "at/gv/egiz/bku/local/ui/UIMessages", Locale.ENGLISH);
+ }
+ TrayIconDialog.getInstance().init(resourceBundle);
+ TrayIconDialog.getInstance().setShutdownHook(this);
+ TrayIconDialog.getInstance().displayInfo("Greetings.Caption",
+ "Greetings.Message");
+ }
+
+ private void initFinished() {
+ try {
+ server.join();
+ } catch (InterruptedException e) {
+ log.info(e);
+ }
+ }
+
+ private void copyDirs(File srcDir, File dstDir) {
+ for (File cf : srcDir.listFiles()) {
+ File of = new File(dstDir, cf.getName());
+ if (cf.isDirectory()) {
+ log.debug("Creating directory: " + of);
+ of.mkdir();
+ copyDirs(cf, of);
+ } else {
+ log.debug("Writing file: " + of);
+ try {
+ FileInputStream fis = new FileInputStream(cf);
+ FileOutputStream fos = new FileOutputStream(of);
+ StreamUtil.copyStream(fis, fos);
+ fis.close();
+ fos.close();
+ } catch (IOException e) {
+ log.error("Cannot copy default configuration", e);
+ }
+ }
+ }
+ }
+
+ private void unzip(File zipfile) throws IOException {
+ File dir = zipfile.getParentFile();
+ ZipFile zipFile = new ZipFile(zipfile);
+ Enumeration<? extends ZipEntry> entries = zipFile.entries();
+ while (entries.hasMoreElements()) {
+ ZipEntry entry = entries.nextElement();
+ File eF = new File(dir, entry.getName());
+ if (entry.isDirectory()) {
+ eF.mkdirs();
+ continue;
+ }
+ File f = new File(eF.getParent());
+ f.mkdirs();
+ StreamUtil.copyStream(zipFile.getInputStream(entry),
+ new FileOutputStream(eF));
+ }
+ zipFile.close();
+ }
+
+ private void checkConfig(String[] args) {
+ CommandLineParser parser = new PosixParser();
+ Options options = new Options();
+ options.addOption("c", true, "the configuration's base directory");
+ options.addOption("h", false, "print this message");
+ try {
+ File cfgDir = new File(System.getProperty("user.home") + "/.mocca/conf");
+ CommandLine cmd = parser.parse(options, args);
+ if (cmd.hasOption("h")) {
+ HelpFormatter formatter = new HelpFormatter();
+ formatter.printHelp("BKULauncher", options);
+ System.exit(0);
+ }
+
+ if (cmd.hasOption("c")) {
+ cfgDir = new File(cmd.getOptionValue("c"));
+ }
+ log.debug("using config directory: " + cfgDir);
+ if (cfgDir.exists() && cfgDir.isFile()) {
+ log.error("Configuration directory must not be a file");
+ }
+ if (!cfgDir.exists()) {
+ log.debug("Creating config directory: " + cfgDir);
+ cfgDir.mkdirs();
+ try {
+ InputStream is = getClass().getClassLoader().getResourceAsStream(
+ "at/gv/egiz/bku/local/defaultConf/template.zip");
+ OutputStream os = new FileOutputStream(new File(cfgDir,
+ "template.zip"));
+ StreamUtil.copyStream(is, os);
+ os.close();
+ unzip(new File(cfgDir, "template.zip"));
+ } catch (IOException iox) {
+ log.error("Cannot create user directory", iox);
+ return;
+ }
+ CA ca = new CA();
+ char[] password = "changeMe".toCharArray();
+ KeyStore ks = ca.generateKeyStore(password);
+ if (ks != null) {
+ File ksdir = new File(cfgDir, "keystore");
+ ksdir.mkdirs();
+ FileOutputStream fos;
+ try {
+ fos = new FileOutputStream(new File(ksdir, "keystore.ks"));
+ ks.store(fos, password);
+ fos.close();
+ } catch (Exception e) {
+ log.error("Cannot store keystore", e);
+ }
+ } else {
+ log.error("Cannot create ssl certificate");
+ }
+ }
+ } catch (ParseException e1) {
+ log.error(e1);
+ HelpFormatter formatter = new HelpFormatter();
+ formatter.printHelp("BKULauncher", options);
+ System.exit(0);
+ }
+ }
+
+ public void jwsHack() {
+ InputStream is = getClass().getClassLoader().getResourceAsStream(
+ "BKULocal-1.0-SNAPSHOT.war");
+ File f = new File(System.getProperty("user.home") + "/.mocca/war");
+ f.mkdirs();
+ try {
+ OutputStream os = new FileOutputStream(new File(f, "mocca.war"));
+ StreamUtil.copyStream(is, os);
+ os.close();
+ } catch (Exception e) {
+ log.error(e);
+ }
+ }
+
+ /**
+ * @param args
+ */
+ public static void main(String[] args) {
+
+ try {
+ BKULauncher launcher = new BKULauncher();
+ //launcher.jwsHack();
+ launcher.checkConfig(args);
+ launcher.startUpServer();
+ launcher.initTrayIcon();
+ launcher.initFinished();
+ } catch (Exception e) {
+ log.fatal("Cannot launch BKU", e);
+ System.exit(-1000);
+ }
+
+ }
+
+ public void shutDown() {
+ log.info("Shutting down server");
+ if ((server != null) && (server.isRunning())) {
+ try {
+ if (server.isRunning()) {
+ server.stop();
+ }
+ } catch (Exception e) {
+ log.debug(e.toString());
+ } finally {
+ if (server.isRunning()) {
+ server.destroy();
+ }
+ }
+ }
+ System.exit(0);
+ }
+
+}
diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/CA.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/CA.java new file mode 100644 index 00000000..31d21ef7 --- /dev/null +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/CA.java @@ -0,0 +1,117 @@ +package at.gv.egiz.bku.local.app;
+
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.asn1.structures.Name;
+import iaik.x509.X509Certificate;
+import iaik.x509.extensions.BasicConstraints;
+import iaik.x509.extensions.KeyUsage;
+
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
+import java.util.Random;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+public class CA {
+ private final static Log log = LogFactory.getLog(CA.class);
+
+ private KeyPair caKeyPair;
+ private X509Certificate caCert;
+
+ private KeyPair serverKeyPair;
+ private X509Certificate serverCert;
+
+ public CA() {
+ }
+
+ private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
+ KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
+ gen.initialize(2048);
+ return gen.generateKeyPair();
+ }
+
+ private void generateCA() throws GeneralSecurityException {
+ log.debug("Generating CA certificate");
+ Name subject = new Name();
+ subject.addRDN(ObjectID.country, "AT");
+ subject.addRDN(ObjectID.organization, "MOCCA");
+ subject.addRDN(ObjectID.organizationalUnit, "MOCCA-CA");
+
+ caKeyPair = generateKeyPair();
+ caCert = new X509Certificate();
+ caCert.setSerialNumber(new BigInteger(20, new Random()));
+ caCert.setSubjectDN(subject);
+ caCert.setPublicKey(caKeyPair.getPublic());
+ caCert.setIssuerDN(subject);
+
+ caCert.addExtension(new BasicConstraints(true));
+ caCert.addExtension(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
+ | KeyUsage.digitalSignature));
+
+ GregorianCalendar date = new GregorianCalendar();
+ date.add(Calendar.HOUR_OF_DAY, -1);
+ caCert.setValidNotBefore(date.getTime());
+ date.add(Calendar.YEAR, 7);
+ caCert.setValidNotAfter(date.getTime());
+ caCert.sign(AlgorithmID.sha1WithRSAEncryption, caKeyPair.getPrivate());
+ log.debug("Successfully signed CA certificate");
+ }
+
+ private void generateServerCert() throws GeneralSecurityException {
+ log.debug("Generating SSL certificate");
+ Name subject = new Name();
+ subject.addRDN(ObjectID.country, "AT");
+ subject.addRDN(ObjectID.organization, "MOCCA");
+ try {
+ subject.addRDN(ObjectID.commonName, InetAddress.getLocalHost()
+ .getHostName());
+ } catch (UnknownHostException e) {
+ subject.addRDN(ObjectID.commonName, "localhost");
+ }
+ serverKeyPair = generateKeyPair();
+ serverCert = new X509Certificate();
+ serverCert.setSerialNumber(new BigInteger(20, new Random()));
+ serverCert.setSubjectDN(subject);
+ serverCert.setPublicKey(serverKeyPair.getPublic());
+ serverCert.setIssuerDN(caCert.getSubjectDN());
+
+ serverCert.addExtension(new BasicConstraints(false));
+ serverCert.addExtension(new KeyUsage(KeyUsage.keyEncipherment
+ | KeyUsage.digitalSignature));
+
+ GregorianCalendar date = new GregorianCalendar();
+ date.add(Calendar.HOUR_OF_DAY, -1);
+ serverCert.setValidNotBefore(date.getTime());
+ date.add(Calendar.YEAR, 7);
+ date.add(Calendar.HOUR_OF_DAY, -1);
+ serverCert.setValidNotAfter(date.getTime());
+ serverCert.sign(AlgorithmID.sha1WithRSAEncryption, caKeyPair.getPrivate());
+ log.debug("Successfully signed server certificate");
+ caKeyPair = null;
+ }
+
+ public KeyStore generateKeyStore(char[] password) {
+ try {
+ generateCA();
+ generateServerCert();
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+ ks.setKeyEntry("server", serverKeyPair.getPrivate(), password, new X509Certificate[]{serverCert, caCert});
+ return ks;
+ } catch (Exception e) {
+ log.error("Cannot generate certificate", e);
+ }
+ return null;
+ }
+
+}
diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/Container.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/Container.java new file mode 100644 index 00000000..690639f4 --- /dev/null +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/Container.java @@ -0,0 +1,98 @@ +package at.gv.egiz.bku.local.app;
+
+import java.io.File;
+import java.io.IOException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.mortbay.jetty.Connector;
+import org.mortbay.jetty.Handler;
+import org.mortbay.jetty.Server;
+import org.mortbay.jetty.handler.DefaultHandler;
+import org.mortbay.jetty.handler.HandlerCollection;
+import org.mortbay.jetty.nio.SelectChannelConnector;
+import org.mortbay.jetty.security.SslSocketConnector;
+import org.mortbay.jetty.webapp.WebAppClassLoader;
+import org.mortbay.jetty.webapp.WebAppContext;
+import org.mortbay.thread.QueuedThreadPool;
+
+public class Container {
+
+ private static Log log = LogFactory.getLog(Container.class);
+
+ private Server server;
+
+ public Container() {
+ }
+
+ public void init() {
+ Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader());
+ log.debug("-----------------> "+ClassLoader.getSystemClassLoader());
+ server = new Server();
+ QueuedThreadPool qtp = new QueuedThreadPool();
+ qtp.setMaxThreads(5);
+ qtp.setMinThreads(2);
+ qtp.setLowThreads(0);
+ server.setThreadPool(qtp);
+ server.setStopAtShutdown(true);
+ server.setGracefulShutdown(3000);
+
+ SelectChannelConnector connector = new SelectChannelConnector();
+ connector.setPort(3495);
+ connector.setAcceptors(1);
+ connector.setConfidentialPort(3496);
+
+ SslSocketConnector sslConnector = new SslSocketConnector();
+ sslConnector.setPort(3496);
+ sslConnector.setAcceptors(1);
+ sslConnector.setKeystore(System.getProperty("user.home")
+ + "/.mocca/conf/keystore/keystore.ks");
+ sslConnector.setPassword("changeMe");
+ sslConnector.setKeyPassword("changeMe");
+
+ server.setConnectors(new Connector[] { connector, sslConnector });
+ HandlerCollection handlers = new HandlerCollection();
+
+ WebAppContext webappcontext = new WebAppContext();
+ webappcontext.setContextPath("/");
+ webappcontext.setExtractWAR(false);
+
+ File tmpDir = new File(System.getProperty("user.home") + "/.mocca/tmp");
+ // tmpDir.mkdirs();
+ // webappcontext.setTempDirectory(tmpDir);
+ try {
+ File f = new File(System.getProperty("user.home")
+ + "/.mocca/war/mocca.war");
+ log.debug("Deploying war: " + f.getCanonicalPath());
+ if (!f.exists()) {
+ log.error("WAR file does not exist, cannot run MOCCA");
+ }
+ webappcontext.setWar(f.getParent());
+ } catch (IOException e) {
+ log.error(e);
+ }
+ handlers.setHandlers(new Handler[] { webappcontext, new DefaultHandler() });
+
+ server.setHandler(handlers);
+ }
+
+ public void start() throws Exception {
+ server.start();
+ }
+
+ public boolean isRunning() {
+ return server.isRunning();
+ }
+
+ public void stop() throws Exception {
+ server.stop();
+ }
+
+ public void destroy() {
+ server.destroy();
+ }
+
+ public void join() throws InterruptedException {
+ server.join();
+ }
+}
\ No newline at end of file diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip Binary files differnew file mode 100644 index 00000000..f57e8930 --- /dev/null +++ b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/UIMessages.properties b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/UIMessages.properties new file mode 100644 index 00000000..873d03ef --- /dev/null +++ b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/UIMessages.properties @@ -0,0 +1,13 @@ +#-------- tray icon messages -------
+TrayMenu.Tooltip=MOCCA
+TrayMenu.Shutdown=MOCCA Beenden
+
+Greetings.Message=MOCCA up and running
+Greetings.Caption=MOCCA Started
+
+Message.RequestCaption=New Request
+Message.InfoboxReadRequest=Reading Infobox
+Message.SecureSignatureKeypair=Reading secure signature certificate
+Message.CertifiedKeypair=Reading certified certificate
+Message.IdentityLink=Reading Identitylink
+Message.SignRequest=Creating Signature
\ No newline at end of file diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/favicon.png b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/favicon.png Binary files differnew file mode 100644 index 00000000..2d0276de --- /dev/null +++ b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/favicon.png diff --git a/BKULocalApp/src/main/resources/log4j.properties b/BKULocalApp/src/main/resources/log4j.properties new file mode 100644 index 00000000..fcdcb8e8 --- /dev/null +++ b/BKULocalApp/src/main/resources/log4j.properties @@ -0,0 +1,16 @@ +# loglever DEBUG, appender STDOUT +log4j.rootLogger=TRACE, STDOUT, file + +# STDOUT appender +log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender +log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout +#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n +log4j.appender.STDOUT.layout.ConversionPattern=%-5p |%d | %t | %c %x- %m%n + +### FILE appender +log4j.appender.file=org.apache.log4j.DailyRollingFileAppender +log4j.appender.file.datePattern='.'yyyy-MM-dd +log4j.appender.file.File=${user.home}/.mocca/logs/mocca.log +log4j.appender.file.layout=org.apache.log4j.PatternLayout +log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n
\ No newline at end of file diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java index 3d0df8c4..5795478b 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java @@ -25,7 +25,7 @@ import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader;
import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
-import at.gv.egiz.bku.online.conf.Configurator;
+import at.gv.egiz.bku.conf.Configurator;
public class SpringSecurityManager extends SecurityManagerFacade implements
ResourceLoaderAware {
@@ -60,5 +60,4 @@ public class SpringSecurityManager extends SecurityManagerFacade implements public void setResourceLoader(ResourceLoader loader) {
this.resourceLoader = loader;
}
-
}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java deleted file mode 100644 index c09abcc1..00000000 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.conf; - -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; -import iaik.xml.crypto.XSecProvider; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.security.Provider; -import java.security.Security; -import java.util.Properties; - -import javax.net.ssl.HttpsURLConnection; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; -import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; - -/** - * - * TODO currently only the code to get started. - */ -public abstract class Configurator { - - private Log log = LogFactory.getLog(Configurator.class); - - private static Configurator instance = new SpringConfigurator(); - - protected Properties properties; - - protected Configurator() { - } - - public static Configurator getInstance() { - return instance; - } - - protected void configUrlConnections() { - HttpsURLConnection.setFollowRedirects(false); - HttpURLConnection.setFollowRedirects(false); - } - - protected void configureProviders() { - log.debug("Registering security providers"); - Security.insertProviderAt(new IAIK(), 1); - Security.insertProviderAt(new ECCProvider(false), 2); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); - StringBuilder sb = new StringBuilder(); - sb.append("Registered providers: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); - } - log.debug(sb.toString()); - } - - protected void configViewer() { - DataObject.enableHashDataInputValidation(Boolean.parseBoolean(properties.getProperty("ValidateHashDataInputs"))); - } - - public void configure() { - configureProviders(); - configUrlConnections(); - configViewer(); - } - - public void setConfiguration(Properties props) { - this.properties = props; - } - - public String getProperty(String key) { - if (properties != null) { - return properties.getProperty(key); - } - return null; - } -} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index d213dd36..a369d829 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -17,31 +17,9 @@ package at.gv.egiz.bku.online.conf;
import java.io.File;
-import java.io.FileInputStream;
import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.security.Security;
-import java.security.cert.CertStore;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.CollectionCertStoreParameters;
-import java.security.cert.PKIXBuilderParameters;
-import java.security.cert.TrustAnchor;
-import java.security.cert.X509CertSelector;
-import java.security.cert.X509Certificate;
-import java.util.HashSet;
-import java.util.LinkedList;
-import java.util.List;
+import java.io.InputStream;
import java.util.Properties;
-import java.util.Set;
-
-import javax.net.ssl.CertPathTrustManagerParameters;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.ManagerFactoryParameters;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -49,8 +27,8 @@ import org.springframework.context.ResourceLoaderAware; import org.springframework.core.io.Resource;
import org.springframework.core.io.ResourceLoader;
-import at.gv.egiz.bku.binding.DataUrl;
-import at.gv.egiz.bku.binding.DataUrlConnection;
+import at.gv.egiz.bku.conf.Configurator;
+import at.gv.egiz.bku.online.webapp.SpringBKUServlet;
import at.gv.egiz.bku.slexceptions.SLRuntimeException;
import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory;
@@ -76,41 +54,8 @@ public class SpringConfigurator extends Configurator implements }
}
- public void configureVersion() {
- Properties p = new Properties();
- try {
- p.load(resourceLoader.getResource("META-INF/MANIFEST.MF")
- .getInputStream());
- String version = p.getProperty("Implementation-Build");
- properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
- "citizen-card-environment/1.2 MOCCA " + version);
- DataUrl.setConfiguration(properties);
- log.debug("Setting user agent to: "
- + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
- } catch (IOException e) {
- log.error(e);
- }
- }
-
- public void configure() {
- super.configure();
- configureSSL();
- configureVersion();
- configureNetwork();
- }
-
public void configureNetwork() {
- String proxyHost = getProperty("HTTPProxyHost");
- String proxyPort = getProperty("HTTPProxyPort");
- if (proxyPort == null) {
- proxyPort = "80";
- }
- if (proxyHost != null) {
- log.debug("Setting proxy server to: " + proxyHost + ":" + proxyPort);
- System.setProperty("http.proxyHost", proxyHost);
- System.setProperty("http.proxyPort", proxyPort);
- }
- log.debug("No proxy specified");
+ super.configureNetwork();
String appletTimeout = getProperty("AppletTimeout");
if ((appletTimeout != null)) {
try {
@@ -122,128 +67,60 @@ public class SpringConfigurator extends Configurator implements }
}
-
- private Set<TrustAnchor> getCACerts() throws IOException,
- CertificateException {
- Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
- String caDirectory = getProperty("SSL.caDirectory");
- if (caDirectory != null) {
- Resource caDirRes = resourceLoader.getResource(caDirectory);
- File caDir = caDirRes.getFile();
- if (!caDir.isDirectory()) {
- log.error("Expecting directory as SSL.caDirectory parameter");
- throw new SLRuntimeException(
- "Expecting directory as SSL.caDirectory parameter");
- }
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- for (File f : caDir.listFiles()) {
- try {
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
- fis.close();
- log.debug("Adding trusted cert " + cert.getSubjectDN());
- caCerts.add(new TrustAnchor(cert, null));
- } catch (Exception e) {
- log.error("Cannot add trusted ca", e);
- }
- }
- return caCerts;
-
- } else {
- log.warn("No CA certificates configured");
- }
- return null;
+
+ public void configure() {
+ super.configure();
+ SpringBKUServlet.setConfigurator(this);
}
- private CertStore getCertstore() throws IOException, CertificateException,
- InvalidAlgorithmParameterException, NoSuchAlgorithmException {
- String certDirectory = getProperty("SSL.certDirectory");
- if (certDirectory != null) {
- Resource certDirRes = resourceLoader.getResource(certDirectory);
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
- File certDir = certDirRes.getFile();
+ private File getDirectory(String property) {
+ if (property != null) {
+ Resource certDirRes = resourceLoader.getResource(property);
+ File certDir;
+ try {
+ certDir = certDirRes.getFile();
+ } catch (IOException e) {
+ log.error("Cannot get cert directory", e);
+ throw new SLRuntimeException(e);
+ }
if (!certDir.isDirectory()) {
log.error("Expecting directory as SSL.certDirectory parameter");
throw new SLRuntimeException(
"Expecting directory as SSL.certDirectory parameter");
}
- List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- for (File f : certDir.listFiles()) {
- try {
- FileInputStream fis = new FileInputStream(f);
- X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
- certCollection.add(cert);
- fis.close();
- log
- .trace("Added following cert to certstore: "
- + cert.getSubjectDN());
- } catch (Exception ex) {
- log.error("Cannot add certificate", ex);
- }
- }
- CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
- certCollection);
- return CertStore.getInstance("Collection", csp);
-
- } else {
- log.warn("No certstore configured");
+ return certDir;
}
return null;
+
}
- public void configureSSL() {
- Set<TrustAnchor> caCerts = null;
- try {
- caCerts = getCACerts();
- } catch (Exception e1) {
- log.error("Cannot load CA certificates", e1);
- }
- CertStore certStore = null;
- try {
- certStore = getCertstore();
- } catch (Exception e1) {
- log.error("Cannot load certstore certificates", e1);
- }
- System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
- try {
- X509CertSelector selector = new X509CertSelector();
- PKIXBuilderParameters pkixParams;
- pkixParams = new PKIXBuilderParameters(caCerts, selector);
- if ((getProperty("SSL.doRevocationChecking") != null)
- && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
- log.info("Enable revocation checking");
- pkixParams.setRevocationEnabled(true);
- System.setProperty("com.sun.security.enableCRLDP", "true");
- Security.setProperty("ocsp.enable", "true");
- } else {
- log.warn("Revocation checking disabled");
- pkixParams.setRevocationEnabled(false);
- }
- pkixParams.addCertStore(certStore);
- ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
- pkixParams);
- TrustManagerFactory trustFab;
- try {
- trustFab = TrustManagerFactory.getInstance("PKIX");
- trustFab.init(trustParams);
- KeyManager[] km = null;
- SSLContext sslCtx = SSLContext
- .getInstance(getProperty("SSL.sslProtocol"));
- sslCtx.init(km, trustFab.getTrustManagers(), null);
- HttpsURLConnection
- .setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
- } catch (Exception e) {
- log.error("Cannot configure SSL", e);
- }
+ @Override
+ protected File getCADir() {
+ String caDirectory = getProperty("SSL.caDirectory");
+ return getDirectory(caDirectory);
+ }
- } catch (InvalidAlgorithmParameterException e) {
- log.error("Cannot configure SSL", e);
- }
+ @Override
+ protected File getCertDir() {
+ String certDirectory = getProperty("SSL.certDirectory");
+ return getDirectory(certDirectory);
}
@Override
- public void setResourceLoader(ResourceLoader loader) {
- this.resourceLoader = loader;
+ protected InputStream getManifest() {
+ Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF");
+ if (r != null) {
+ try {
+ return r.getInputStream();
+ } catch (IOException e) {
+ log.error("Cannot read manifest data:", e);
+ }
+ }
+ return null;
}
}
\ No newline at end of file diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java index b70a6274..9e69099d 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java @@ -31,7 +31,7 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.HTTPBindingProcessor; import at.gv.egiz.bku.binding.HttpUtil; import at.gv.egiz.bku.binding.IdFactory; -import at.gv.egiz.bku.online.conf.Configurator; +import at.gv.egiz.bku.conf.Configurator; /** * Delivers the result to the browser @@ -108,8 +108,8 @@ public class ResultServlet extends SpringBKUServlet { resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1
resp.setHeader("Pragma", "no-cache"); // HTTP 1.0
resp.setDateHeader("Expires", 0); - if (Configurator.getInstance().getProperty(USER_AGENT_PROPERTY_KEY) != null) { - resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, Configurator.getInstance().getProperty( + if (configurator.getProperty(USER_AGENT_PROPERTY_KEY) != null) { + resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, configurator.getProperty( USER_AGENT_PROPERTY_KEY)); } else { resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java index ec062e42..2c6f522e 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java @@ -16,16 +16,22 @@ */ package at.gv.egiz.bku.online.webapp;
-import javax.servlet.http.HttpServlet;
-
-import at.gv.egiz.bku.binding.BindingProcessorManager;
-import at.gv.egiz.bku.online.conf.Configurator; +import javax.servlet.http.HttpServlet; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.conf.Configurator; public abstract class SpringBKUServlet extends HttpServlet {
public final static String BEAN_NAME="bindingProcessorManager"; + protected static Configurator configurator; + protected BindingProcessorManager getBindingProcessorManager() {
return (BindingProcessorManager) getServletContext().getAttribute(BEAN_NAME);
+ } + + public static void setConfigurator(Configurator conf) { + configurator = conf; }
}
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index 73d89f22..d7fc5ae9 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -36,6 +36,10 @@ SSL.caDirectory=classpath:at/gv/egiz/bku/online/conf/certs/CACerts SSL.doRevocationChecking=true
SSL.sslProtocol=TLS
+SSL.cache.lifetime=3600
+
+# use authority info access extension to find ca certs.
+SSL.useAIA=true
# ------------ END SSL Config --------------------
@@ -44,3 +48,4 @@ AppletTimeout=300000 #HTTPProxyHost=taranis.iaik.tugraz.at
#HTTPProxyPort=8888
+#DefaultSocketTimeout=200
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index 04b07ba4..b074da59 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -45,8 +45,8 @@ </bean>
<!-- Configure Configuration -->
- <bean id="configurator" factory-method="getInstance" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
- init-method="configure">
+ <bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
+ init-method="configure" scope="singleton">
<property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>
</bean>
diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java new file mode 100644 index 00000000..9a1e7020 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -0,0 +1,351 @@ +package at.gv.egiz.bku.conf;
+
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
+import iaik.xml.crypto.XSecProvider;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
+import java.security.cert.CertStore;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.CollectionCertStoreParameters;
+import java.security.cert.LDAPCertStoreParameters;
+import java.security.cert.PKIXBuilderParameters;
+import java.security.cert.TrustAnchor;
+import java.security.cert.X509CertSelector;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Properties;
+import java.util.Set;
+
+import javax.net.ssl.CertPathTrustManagerParameters;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.ManagerFactoryParameters;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.DataUrl;
+import at.gv.egiz.bku.binding.DataUrlConnection;
+import at.gv.egiz.bku.slcommands.impl.xsect.DataObject;
+import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+public abstract class Configurator {
+ private Log log = LogFactory.getLog(Configurator.class);
+
+ protected Properties properties;
+
+ protected Configurator() {
+ }
+
+ protected abstract File getCertDir();
+
+ protected abstract File getCADir();
+
+ protected abstract InputStream getManifest();
+
+ private Set<TrustAnchor> getCACerts() throws IOException,
+ CertificateException {
+ Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
+ File caDir = getCADir();
+ if (caDir != null) {
+ if (!caDir.isDirectory()) {
+ log.error("Expecting directory as SSL.caDirectory parameter");
+ throw new SLRuntimeException(
+ "Expecting directory as SSL.caDirectory parameter");
+ }
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ for (File f : caDir.listFiles()) {
+ try {
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
+ fis.close();
+ log.debug("Adding trusted cert " + cert.getSubjectDN());
+ caCerts.add(new TrustAnchor(cert, null));
+ } catch (Exception e) {
+ log.error("Cannot add trusted ca", e);
+ }
+ }
+ return caCerts;
+
+ } else {
+ log.warn("No CA certificates configured");
+ }
+ return null;
+ }
+
+ protected List<CertStore> getCertstore() throws IOException,
+ CertificateException, InvalidAlgorithmParameterException,
+ NoSuchAlgorithmException {
+ List<CertStore> resultList = new ArrayList<CertStore>();
+ File certDir = getCertDir();
+ if (certDir != null) {
+ if (!certDir.isDirectory()) {
+ log.error("Expecting directory as SSL.certDirectory parameter");
+ throw new SLRuntimeException(
+ "Expecting directory as SSL.certDirectory parameter");
+ }
+ List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ for (File f : certDir.listFiles()) {
+ try {
+ FileInputStream fis = new FileInputStream(f);
+ X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
+ certCollection.add(cert);
+ fis.close();
+ log
+ .trace("Added following cert to certstore: "
+ + cert.getSubjectDN());
+ } catch (Exception ex) {
+ log.error("Cannot add certificate", ex);
+ }
+ }
+ CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
+ certCollection);
+ resultList.add(CertStore.getInstance("Collection", csp));
+ log.info("Added collection certstore");
+ } else {
+ log.warn("No certstore directory configured");
+ }
+ String ldapHost = getProperty("SSL.ldapServer");
+ if ((ldapHost != null) && (!"".equals(ldapHost))) {
+ String ldapPortString = getProperty("SSL.ldapPort");
+ int ldapPort = 389;
+ if (ldapPortString != null) {
+ try {
+ ldapPort = Integer.parseInt(ldapPortString);
+ } catch (NumberFormatException nfe) {
+ log.error("Invalid ldap port, using default 389");
+ }
+ } else {
+ log.warn("ldap port not specified, using default 389");
+ }
+ LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters(
+ ldapHost, ldapPort);
+ resultList.add(CertStore.getInstance("LDAP", ldapParams));
+ log.info("Added LDAP certstore");
+ }
+ return resultList;
+ }
+
+ protected void configUrlConnections() {
+ HttpsURLConnection.setFollowRedirects(false);
+ HttpURLConnection.setFollowRedirects(false);
+ }
+
+ protected void configureProviders() {
+ log.debug("Registering security providers");
+ Security.insertProviderAt(new IAIK(), 1);
+ Security.insertProviderAt(new ECCProvider(false), 2);
+ Security.addProvider(new STALProvider());
+ XSecProvider.addAsProvider(false);
+ StringBuilder sb = new StringBuilder();
+ sb.append("Registered providers: ");
+ int i = 1;
+ for (Provider prov : Security.getProviders()) {
+ sb.append((i++) + ". : " + prov);
+ }
+ log.debug(sb.toString());
+ }
+
+ protected void configViewer() {
+ String bv = properties.getProperty("ValidateHashDataInputs");
+ if (bv != null) {
+ DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv));
+ } else {
+ log.warn("ValidateHashDataInputs not set, falling back to default");
+ }
+ }
+
+ public void configureNetwork() {
+ String proxy = getProperty("HTTPProxyHost");
+ String portString = getProperty("HTTPProxyPort");
+ if ((proxy == null) || (proxy.equals(""))) {
+ log.info("No proxy configured");
+ } else {
+ log.info("Setting proxy to: " + proxy + ":" + portString);
+ System.setProperty("proxyHost", proxy);
+ System.setProperty("proxyPort", portString);
+ }
+ String timeout = getProperty("DefaultSocketTimeout");
+ if ((timeout != null) && (!timeout.equals(""))) {
+ System.setProperty("sun.net.client.defaultConnectTimeout", timeout);
+ }
+ }
+
+ public void configureVersion() {
+ Properties p = new Properties();
+ try {
+ InputStream is = getManifest();
+ if (is != null) {
+ p.load(getManifest());
+ String version = p.getProperty("Implementation-Build");
+ properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
+ "citizen-card-environment/1.2 MOCCA " + version);
+ DataUrl.setConfiguration(properties);
+ log
+ .debug("Setting user agent to: "
+ + properties
+ .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
+ } else {
+ log.warn("Cannot read manifest");
+ properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
+ "citizen-card-environment/1.2 MOCCA UNKNOWN");
+ DataUrl.setConfiguration(properties);
+ }
+ } catch (IOException e) {
+ log.error(e);
+ }
+ }
+
+ public void configure() {
+ configureProviders();
+ configUrlConnections();
+ configViewer();
+ configureSSL();
+ configureVersion();
+ configureNetwork();
+ }
+
+ public void setConfiguration(Properties props) {
+ this.properties = props;
+ }
+
+ public String getProperty(String key) {
+ if (properties != null) {
+ return properties.getProperty(key);
+ }
+ return null;
+ }
+
+ public void configureSSL() {
+ Set<TrustAnchor> caCerts = null;
+ try {
+ caCerts = getCACerts();
+ } catch (Exception e1) {
+ log.error("Cannot load CA certificates", e1);
+ }
+ List<CertStore> certStoreList = null;
+ try {
+ certStoreList = getCertstore();
+ } catch (Exception e1) {
+ log.error("Cannot load certstore certificates", e1);
+ }
+ String aia = getProperty("SSL.useAIA");
+ if ((aia == null) || (aia.equals(""))) {
+ System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
+ } else {
+ System.setProperty("com.sun.security.enableAIAcaIssuers", aia);
+ }
+ String lifetime = getProperty("SSL.cache.lifetime");
+ if ((lifetime == null) || (lifetime.equals(""))) {
+ System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0");
+ } else {
+ System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime);
+ }
+ X509CertSelector selector = new X509CertSelector();
+ PKIXBuilderParameters pkixParams;
+ try {
+ pkixParams = new PKIXBuilderParameters(caCerts, selector);
+ if ((getProperty("SSL.doRevocationChecking") != null)
+ && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
+ log.info("Enable revocation checking");
+ System.setProperty("com.sun.security.enableCRLDP", "true");
+ Security.setProperty("ocsp.enable", "true");
+ } else {
+ log.warn("Revocation checking disabled");
+ }
+ for (CertStore cs : certStoreList) {
+ pkixParams.addCertStore(cs);
+ }
+ ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
+ pkixParams);
+ TrustManagerFactory trustFab;
+ trustFab = TrustManagerFactory.getInstance("PKIX");
+ trustFab.init(trustParams);
+ KeyManager[] km = null;
+ SSLContext sslCtx = SSLContext
+ .getInstance(getProperty("SSL.sslProtocol"));
+ String disableAll = getProperty("SSL.disableAllChecks");
+ if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
+ log.warn("--------------------------------------");
+ log.warn(" Disabling SSL Certificate Validation ");
+ log.warn("--------------------------------------");
+
+ sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts,
+ certStoreList) }, null);
+ } else {
+ sslCtx.init(km, trustFab.getTrustManagers(), null);
+ }
+ HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
+ } catch (Exception e) {
+ log.error("Cannot configure SSL", e);
+ }
+ String disableAll = getProperty("SSL.disableAllChecks");
+ if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) {
+ log.warn("---------------------------------");
+ log.warn(" Disabling Hostname Verification ");
+ log.warn("---------------------------------");
+ HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
+ @Override
+ public boolean verify(String hostname, SSLSession session) {
+ return true;
+ }
+ });
+ }
+ }
+
+ private static class MyTrustManager implements X509TrustManager {
+ private static Log log = LogFactory.getLog(MyTrustManager.class);
+ private X509Certificate[] trustedCerts;
+
+ public MyTrustManager(Set<TrustAnchor> caCerts, List<CertStore> cs) {
+ trustedCerts = new X509Certificate[caCerts.size()];
+ int i = 0;
+ for (Iterator<TrustAnchor> it = caCerts.iterator(); it.hasNext();) {
+ TrustAnchor ta = it.next();
+ trustedCerts[i++] = ta.getTrustedCert();
+ }
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] arg0, String arg1)
+ throws CertificateException {
+ log.error("Did not expect this method to get called");
+ throw new CertificateException("Method not implemented");
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] certs, String arg1)
+ throws CertificateException {
+ log.warn("-------------------------------------");
+ log.warn("SSL Certificate Validation Disabled !");
+ log.warn("-------------------------------------");
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return trustedCerts;
+ }
+ }
+}
@@ -19,6 +19,7 @@ <module>STALService</module>
<module>BKUCommonGUI</module>
<module>BKUViewer</module>
+ <module>BKULocalApp</module>
</modules>
<developers>
<developer>
diff --git a/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java b/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java index 5aa74d99..c7aae215 100644 --- a/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java +++ b/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java @@ -107,7 +107,7 @@ public class TrayIconDialog implements TrayIconDialogInterface { if (isSupported) {
SystemTray tray = SystemTray.getSystemTray();
Image image = ImageIO.read(getClass().getClassLoader()
- .getResourceAsStream("at/gv/egiz/bku/local/ui/chipperling.png"));
+ .getResourceAsStream("at/gv/egiz/bku/local/ui/favicon.png"));
PopupMenu popup = new PopupMenu();
MenuItem exitItem = new MenuItem(resourceBundel
.getString("TrayMenu.Shutdown"));
|