summaryrefslogtreecommitdiff
path: root/BKULocal/src/main
diff options
context:
space:
mode:
authormcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2010-01-26 16:27:27 +0000
committermcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2010-01-26 16:27:27 +0000
commit84cd553cc40d9850fcd865887219d907693af0e6 (patch)
tree2d1d9054f42845ce951c9b2c2239178c803443d3 /BKULocal/src/main
parent667af128d0adfeee2aa4748ab58411c91bc4905f (diff)
parent7a5310b43849124095d97af3103c4fdaeeacbbbb (diff)
downloadmocca-84cd553cc40d9850fcd865887219d907693af0e6.tar.gz
mocca-84cd553cc40d9850fcd865887219d907693af0e6.tar.bz2
mocca-84cd553cc40d9850fcd865887219d907693af0e6.zip
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/branches/mocca-1.2.11-sha2@602 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKULocal/src/main')
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java65
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java142
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/gui/GUIProxy.java55
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/gui/LocalHelpListener.java61
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java64
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSTALFactory.java126
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSecureViewer.java129
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java63
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java113
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/PINManagementServlet.java114
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java39
-rw-r--r--BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml96
-rw-r--r--BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties61
-rw-r--r--BKULocal/src/main/resources/commons-logging.properties16
-rw-r--r--BKULocal/src/main/resources/log4j.properties34
-rw-r--r--BKULocal/src/main/webapp/META-INF/MANIFEST.MF3
-rw-r--r--BKULocal/src/main/webapp/META-INF/context.xml2
-rw-r--r--BKULocal/src/main/webapp/WEB-INF/applicationContext.xml109
-rw-r--r--BKULocal/src/main/webapp/WEB-INF/web.xml64
-rw-r--r--BKULocal/src/main/webapp/errorresponse.css12
-rw-r--r--BKULocal/src/main/webapp/img/chip16.icobin0 -> 1150 bytes
-rw-r--r--BKULocal/src/main/webapp/img/chip48.pngbin0 -> 2771 bytes
-rw-r--r--BKULocal/src/main/webapp/index.html64
23 files changed, 1432 insertions, 0 deletions
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java
new file mode 100644
index 00000000..3f50fc78
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java
@@ -0,0 +1,65 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.accesscontroller;
+
+import java.io.IOException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
+import at.gv.egiz.bku.conf.Configurator;
+
+public class SpringSecurityManager extends SecurityManagerFacade implements
+ ResourceLoaderAware {
+
+ private ResourceLoader resourceLoader;
+
+ private static Log log = LogFactory.getLog(SpringSecurityManager.class);
+
+ protected Configurator config;
+
+ public void setConfig(Configurator config) {
+ this.config = config;
+ }
+
+ public void init() {
+ String noMatch = config.getProperty("AccessController.acceptNoMatch");
+ if (noMatch != null) {
+ log.debug("Setting allow now match to: " + noMatch);
+ setAllowUnmatched(Boolean.getBoolean(noMatch));
+ }
+ String policy = config.getProperty("AccessController.policyResource");
+ policy = policy.replace("${user.home}", System.getProperty("user.home"));
+ log.info("Loading resource: " + policy);
+ try {
+ Resource res = resourceLoader.getResource(policy);
+ init(res.getInputStream());
+ } catch (IOException e) {
+ log.error(e);
+ }
+ }
+
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
+
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java
new file mode 100644
index 00000000..7b2641ff
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java
@@ -0,0 +1,142 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.conf;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.gv.egiz.bku.conf.Configurator;
+import at.gv.egiz.bku.local.webapp.SpringBKUServlet;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+public class SpringConfigurator extends Configurator implements
+ ResourceLoaderAware {
+
+ private final static Log log = LogFactory.getLog(SpringConfigurator.class);
+
+ private ResourceLoader resourceLoader;
+
+ public SpringConfigurator() {
+ // File configDir = new File(System.getProperty("user.home") +
+ // "/.bku/conf");
+ // if (configDir.exists()) {
+ // log.debug("Found existing config directory: " + configDir);
+ // } else {
+ // log.info("Config dir not existing, creating new");
+ // if (!configDir.mkdirs()) {
+ // log.error("Cannot create directory: " + configDir);
+ // }
+ // }
+ }
+
+ public void setResource(Resource resource) {
+ log.debug("Loading config from: " + resource);
+ if (resource != null) {
+ Properties props = new Properties();
+ try {
+ props.load(resource.getInputStream());
+ super.setConfiguration(props);
+ } catch (IOException e) {
+ log.error("Cannot load config", e);
+ }
+ } else {
+ log.warn("Cannot load properties, resource: " + resource);
+ }
+ }
+
+ @Override
+ public void configure() {
+ if (properties == null) {
+ defaultInit();
+ }
+ super.configure();
+ SpringBKUServlet.setConfigurator(this);
+ }
+
+ public void defaultInit() {
+ Properties props = new Properties();
+ try {
+ props.load(new FileInputStream(System.getProperty("user.home")
+ + "/.mocca/war/mocca.war"));
+ super.setConfiguration(props);
+ } catch (IOException e) {
+ log.error("Cannot load config", e);
+ }
+ }
+
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
+
+ private File getDirectory(String property) {
+ property = property
+ .replace("${user.home}", System.getProperty("user.home"));
+ if (property != null) {
+ Resource certDirRes = resourceLoader.getResource(property);
+ File certDir;
+ try {
+ certDir = certDirRes.getFile();
+ } catch (IOException e) {
+ log.error("Cannot get cert directory", e);
+ throw new SLRuntimeException(e);
+ }
+ if (!certDir.isDirectory()) {
+ log.error("Expecting directory as SSL.certDirectory parameter");
+ throw new SLRuntimeException(
+ "Expecting directory as SSL.certDirectory parameter");
+ }
+ return certDir;
+ }
+ return null;
+
+ }
+
+ @Override
+ protected File getCADir() {
+ String caDirectory = getProperty("SSL.caDirectory");
+ return getDirectory(caDirectory);
+ }
+
+ @Override
+ protected File getCertDir() {
+ String certDirectory = getProperty("SSL.certDirectory");
+ return getDirectory(certDirectory);
+ }
+
+ @Override
+ protected InputStream getManifest() {
+ Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF");
+ if ((r != null) && r.isReadable()) {
+ try {
+ return r.getInputStream();
+ } catch (IOException e) {
+ log.error("Cannot read manifest data: " + e);
+ }
+ }
+ return null;
+ }
+} \ No newline at end of file
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/GUIProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/GUIProxy.java
new file mode 100644
index 00000000..38dd04d9
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/GUIProxy.java
@@ -0,0 +1,55 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.gui;
+
+import at.gv.egiz.bku.gui.BKUGUIFacade;
+import java.lang.reflect.InvocationHandler;
+import java.lang.reflect.Method;
+import javax.swing.JFrame;
+
+/**
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class GUIProxy implements InvocationHandler {
+
+ JFrame frame;
+ BKUGUIFacade delegate;
+
+ static public Object newInstance(BKUGUIFacade gui, JFrame frame, Class[] interfaces) {
+ return java.lang.reflect.Proxy.newProxyInstance(gui.getClass().getClassLoader(),
+ interfaces,
+ new GUIProxy(gui, frame));
+ }
+
+ private GUIProxy(BKUGUIFacade delegate, JFrame frame) {
+ this.frame = frame;
+ this.delegate = delegate;
+ }
+
+ @Override
+ public Object invoke(Object proxy, Method method, Object[] args) throws Throwable {
+
+ if (method.getName().startsWith("show")) {
+ frame.setVisible(true);
+ frame.toFront();
+ return method.invoke(delegate, args);
+ } else { //if (method.getName().startsWith("get")) {
+ return method.invoke(delegate, args);
+ }
+ }
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/LocalHelpListener.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/LocalHelpListener.java
new file mode 100644
index 00000000..c957e132
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/LocalHelpListener.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.gui;
+
+import at.gv.egiz.bku.gui.AbstractHelpListener;
+import at.gv.egiz.bku.gui.DefaultHelpListener;
+import java.awt.Desktop;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.net.URL;
+import java.util.Locale;
+
+/**
+ * Open help document in browser, fallback to default (swing dialog) if Java Desktop API not supported.
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class LocalHelpListener extends AbstractHelpListener {
+
+ protected Desktop desktop;
+ protected DefaultHelpListener fallback;
+
+ public LocalHelpListener(URL baseURL, Locale locale) {
+ super(baseURL, locale);
+ if (Desktop.isDesktopSupported()) {
+ desktop = Desktop.getDesktop();
+ } else {
+ log.info("Java Desktop API not available on current platform (libgnome installed?), falling back to DefaultHelpListener");
+ fallback = new DefaultHelpListener(baseURL, locale);
+ }
+ }
+
+ @Override
+ public void showDocument(URL helpDocument, String helpTopic) throws IOException, URISyntaxException {
+ if (desktop != null) {
+ if (!desktop.isSupported(Desktop.Action.BROWSE)) {
+ log.error("Failed to open default browser: The system provides the Desktop API, but does not support the BROWSE action");
+ } else {
+ Desktop.getDesktop().browse(helpDocument.toURI());
+ }
+ } else if (fallback != null) {
+ fallback.showDocument(helpDocument, helpTopic);
+ } else {
+ log.error("failed to display help document");
+ }
+ }
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
new file mode 100644
index 00000000..1e3f9a1d
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.stal;
+
+import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.bku.smccstal.AbstractBKUWorker;
+import at.gv.egiz.bku.smccstal.PINManagementRequestHandler;
+import at.gv.egiz.stal.QuitRequest;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+import at.gv.egiz.stal.SignRequest;
+
+import at.gv.egiz.stal.ext.PINManagementRequest;
+import java.util.List;
+import javax.swing.JFrame;
+
+/**
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class LocalBKUWorker extends AbstractBKUWorker {
+
+ private JFrame container;
+
+ public LocalBKUWorker(BKUGUIFacade gui, JFrame container) {
+ super(gui);
+ this.container = container;
+ addRequestHandler(SignRequest.class,
+ new LocalSignRequestHandler(new LocalSecureViewer(gui)));
+ addRequestHandler(PINManagementRequest.class, new PINManagementRequestHandler());
+ }
+
+ /** does not change container's visibility (use quit request to close) */
+ @Override
+ public List<STALResponse> handleRequest(List<? extends STALRequest> requestList) {
+ signatureCard = null;
+ List<STALResponse> responses = super.handleRequest(requestList);
+ container.setVisible(false);
+ return responses;
+ }
+
+ /** overrides handle quit from abstract bku worker, make container invisible */
+ @Override
+ public STALResponse handleRequest(STALRequest request) {
+ if (request instanceof QuitRequest) {
+ container.setVisible(false);
+ }
+ return null;
+ }
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSTALFactory.java
new file mode 100644
index 00000000..44322a07
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSTALFactory.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.stal;
+
+import at.gv.egiz.bku.viewer.ResourceFontLoader;
+import java.awt.Dimension;
+import java.awt.Toolkit;
+import java.net.MalformedURLException;
+import java.util.Locale;
+
+
+import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.bku.gui.BKUIcons;
+import at.gv.egiz.bku.gui.PINManagementGUI;
+import at.gv.egiz.bku.gui.PINManagementGUIFacade;
+import at.gv.egiz.bku.local.gui.GUIProxy;
+import at.gv.egiz.bku.local.gui.LocalHelpListener;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.STALFactory;
+import java.net.URL;
+import javax.swing.JFrame;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * Creates a PINManagementGUI and a LocalBKUWorker, which in turn registers
+ * PINManagementRequestHandler from smccSTALExt.
+ * The RequestHandler expects PINManagementGUIFacade, therefore BKUGUIProxy has to implement the extended GUI.
+ * @author clemens
+ */
+public class LocalSTALFactory implements STALFactory {
+
+ protected static final Log log = LogFactory.getLog(LocalSTALFactory.class);
+ protected static final Dimension PREFERRED_SIZE = new Dimension(318, 200);
+ protected String helpURL;
+ protected Locale locale;
+
+ @Override
+ public STAL createSTAL() {
+
+ LocalBKUWorker stal;
+ //http://java.sun.com/docs/books/tutorial/uiswing/misc/focus.html
+ // use undecorated JFrame instead of JWindow,
+ // which creates an invisible owning frame and therefore cannot getFocusInWindow()
+ JFrame dialog = new JFrame("Bürgerkarte");
+ if (log.isTraceEnabled()) {
+ log.debug("alwaysOnTop supported: " + dialog.isAlwaysOnTopSupported());
+ }
+ // [#439] make mocca dialog alwaysOnTop
+ dialog.setAlwaysOnTop(true);
+ dialog.setIconImages(BKUIcons.icons);
+ dialog.setUndecorated(true);
+// dialog.getRootPane().setWindowDecorationStyle(JRootPane.NONE);
+// dialog.addWindowListener(new WindowAdapter() {
+//
+// @Override
+// public void windowClosing(WindowEvent e) {
+// super.windowClosing(e);
+// log.debug("closing window ********************");
+// }
+//
+// });
+ if (locale != null) {
+ dialog.setLocale(locale);
+ }
+ LocalHelpListener helpListener = null;
+ try {
+ if (helpURL != null) {
+ helpListener = new LocalHelpListener(new URL(helpURL), locale);
+ } else {
+ log.warn("no HELP URL configured, help system disabled");
+ }
+ } catch (MalformedURLException ex) {
+ log.error("failed to configure help listener: " + ex.getMessage(), ex);
+ }
+ PINManagementGUIFacade gui = new PINManagementGUI(dialog.getContentPane(),
+ dialog.getLocale(),
+ BKUGUIFacade.Style.advanced,
+ null,
+ new ResourceFontLoader(),
+ helpListener,
+ null);
+ BKUGUIFacade proxy = (BKUGUIFacade) GUIProxy.newInstance(gui, dialog, new Class[] { PINManagementGUIFacade.class} );
+ stal = new LocalBKUWorker(proxy, dialog);
+ dialog.setPreferredSize(PREFERRED_SIZE);
+ dialog.pack();
+ Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize();
+ Dimension frameSize = dialog.getSize();
+ if (frameSize.height > screenSize.height) {
+ frameSize.height = screenSize.height;
+ }
+ if (frameSize.width > screenSize.width) {
+ frameSize.width = screenSize.width;
+ }
+ dialog.setLocation((screenSize.width - frameSize.width) / 2,
+ (screenSize.height - frameSize.height) / 2);
+ return stal;
+ }
+
+ @Override
+ public void setLocale(Locale locale) {
+ this.locale = locale;
+ }
+
+ public String getHelpURL() {
+ return helpURL;
+ }
+
+ public void setHelpURL(String helpURL) {
+ this.helpURL = helpURL;
+ }
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSecureViewer.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSecureViewer.java
new file mode 100644
index 00000000..ae58526c
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSecureViewer.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.stal;
+
+import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput;
+import at.gv.egiz.bku.smccstal.SecureViewer;
+import java.io.IOException;
+import java.util.ArrayList;
+
+import at.gv.egiz.bku.gui.BKUGUIFacade;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.impl.ByteArrayHashDataInput;
+import at.gv.egiz.stal.signedinfo.ReferenceType;
+import at.gv.egiz.stal.signedinfo.SignedInfoType;
+import java.awt.event.ActionListener;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.Collections;
+import java.util.List;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class LocalSecureViewer implements SecureViewer {
+
+ private static final Log log = LogFactory.getLog(LocalSignRequestHandler.class);
+ private List<HashDataInput> hashDataInputs = Collections.EMPTY_LIST;
+
+ protected BKUGUIFacade gui;
+
+ public LocalSecureViewer(BKUGUIFacade gui) {
+ this.gui = gui;
+ }
+
+ public void setDataToBeSigned(List<HashDataInput> dataToBeSigned) {
+ this.hashDataInputs = dataToBeSigned;
+ }
+
+ /**
+ *
+ * @param dsigReferences
+ * @throws java.lang.Exception
+ */
+ @Override
+ public void displayDataToBeSigned(SignedInfoType signedInfo,
+ ActionListener okListener, String okCommand)
+ throws Exception {
+ if (signedInfo.getReference().size() == 0) {
+ log.error("No hashdata input selected to be displayed: null");
+ throw new Exception("No HashData Input selected to be displayed");
+ }
+
+ ArrayList<HashDataInput> selectedHashDataInputs = new ArrayList<HashDataInput>();
+ for (ReferenceType dsigRef : signedInfo.getReference()) {
+ // don't get Manifest, QualifyingProperties, ...
+ if (dsigRef.getType() == null) {
+ String dsigRefId = dsigRef.getId();
+ if (dsigRefId != null) {
+ boolean hdiAvailable = false;
+ for (HashDataInput hashDataInput : hashDataInputs) {
+ if (dsigRefId.equals(hashDataInput.getReferenceId())) {
+ log.debug("display hashdata input for dsig:SignedReference " +
+ dsigRefId);
+ selectedHashDataInputs.add(
+ ensureCachedHashDataInput(hashDataInput));
+ hdiAvailable = true;
+ break;
+ }
+ }
+ if (!hdiAvailable) {
+ log.error("no hashdata input for dsig:SignedReference " + dsigRefId);
+ throw new Exception(
+ "No HashDataInput available for dsig:SignedReference " + dsigRefId);
+ }
+ } else {
+ throw new Exception(
+ "Cannot get HashDataInput for dsig:Reference without Id attribute");
+ }
+ }
+ }
+
+ if (selectedHashDataInputs.size() < 1) {
+ log.error("dsig:SignedInfo does not contain a data reference");
+ throw new Exception("dsig:SignedInfo does not contain a data reference");
+ }
+ gui.showSecureViewer(selectedHashDataInputs, okListener, okCommand);
+ }
+
+
+ private HashDataInput ensureCachedHashDataInput(HashDataInput hashDataInput)
+ throws IOException {
+ if (!(hashDataInput instanceof DataObjectHashDataInput)) {
+
+ log.warn("expected DataObjectHashDataInput for LocalSignRequestHandler, got " +
+ hashDataInput.getClass().getName());
+
+ InputStream hdIs = hashDataInput.getHashDataInput();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available());
+ int b;
+ while ((b = hdIs.read()) != -1) {
+ baos.write(b);
+ }
+ hashDataInput = new ByteArrayHashDataInput(baos.toByteArray(),
+ hashDataInput.getReferenceId(),
+ hashDataInput.getMimeType(),
+ hashDataInput.getEncoding(),
+ hashDataInput.getFilename());
+ }
+ return hashDataInput;
+ }
+
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java
new file mode 100644
index 00000000..9ae1d9b9
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.stal;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.smccstal.SignRequestHandler;
+import at.gv.egiz.stal.ErrorResponse;
+import at.gv.egiz.stal.STALRequest;
+import at.gv.egiz.stal.STALResponse;
+import at.gv.egiz.stal.SignRequest;
+
+/**
+ *
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class LocalSignRequestHandler extends SignRequestHandler {
+
+ private static final Log log = LogFactory.getLog(LocalSignRequestHandler.class);
+
+ public LocalSignRequestHandler(LocalSecureViewer secureViewer) {
+ super(secureViewer);
+ }
+
+ /**
+ * If the request is a SIGN request, it contains a list of DataObjectHashDataInput
+ * providing the pre-digested input stream (that can be obtained repeatedly) if
+ * reference caching is enabled (or null otherwise).
+ * @param request
+ * @return
+ */
+ @SuppressWarnings("unchecked")
+ @Override
+ public STALResponse handleRequest(STALRequest request)
+ throws InterruptedException {
+
+ if (request instanceof SignRequest) {
+ SignRequest signReq = (SignRequest) request;
+ ((LocalSecureViewer) secureViewer).setDataToBeSigned(signReq.getHashDataInput());
+ return super.handleRequest(request);
+ } else {
+ log.fatal("Got unexpected STAL request: " + request);
+ return new ErrorResponse(1000);
+ }
+
+
+ }
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java
new file mode 100644
index 00000000..98be4047
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.webapp;
+
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.HTTPBindingProcessor;
+import at.gv.egiz.bku.binding.HttpUtil;
+import at.gv.egiz.bku.conf.Configurator;
+import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage;
+
+public class BKURequestHandler extends SpringBKUServlet {
+
+ public final static String ENCODING = "UTF-8";
+
+ protected Log log = LogFactory.getLog(BKURequestHandler.class);
+
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, java.io.IOException {
+
+ log.debug("Received SecurityLayer request");
+
+ String acceptLanguage = req.getHeader("Accept-Language");
+ Locale locale = AcceptLanguage.getLocale(acceptLanguage);
+ log.debug("Accept-Language locale: " + locale);
+
+ HTTPBindingProcessor bindingProcessor;
+ bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager()
+ .createBindingProcessor(req.getRequestURL().toString(), null, locale);
+ Map<String, String> headerMap = new HashMap<String, String>();
+ for (Enumeration<String> headerName = req.getHeaderNames(); headerName
+ .hasMoreElements();) {
+ String header = headerName.nextElement();
+ if (header != null) {
+ headerMap.put(header, req.getHeader(header));
+ }
+ }
+ String charset = req.getCharacterEncoding();
+ String contentType = req.getContentType();
+ if (charset != null) {
+ contentType += ";" + charset;
+ }
+ headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType);
+ bindingProcessor.setHTTPHeaders(headerMap);
+ bindingProcessor.consumeRequestStream(req.getInputStream());
+
+ // fixxme just for testing
+ bindingProcessor.run();
+ if (bindingProcessor.getRedirectURL() != null) {
+ resp.sendRedirect(bindingProcessor.getRedirectURL());
+ return;
+ }
+ resp.setStatus(bindingProcessor.getResponseCode());
+ for (Iterator<String> it = bindingProcessor.getResponseHeaders().keySet()
+ .iterator(); it.hasNext();) {
+ String header = it.next();
+ resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header));
+ }
+ String version = configurator.getProperty(Configurator.SIGNATURE_LAYOUT);
+ if ((version != null) && (!"".equals(version.trim()))) {
+ log.debug("setting SignatureLayout header to " + version);
+ resp.setHeader(Configurator.SIGNATURE_LAYOUT, version);
+ } else {
+ log.debug("do not set SignatureLayout header");
+ }
+
+ if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) {
+ resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, configurator
+ .getProperty(Configurator.USERAGENT_CONFIG_P));
+ } else {
+ resp.setHeader(HttpUtil.HTTP_HEADER_SERVER,
+ Configurator.USERAGENT_DEFAULT);
+ }
+
+ resp.setContentType(bindingProcessor.getResultContentType());
+ resp.setCharacterEncoding(ENCODING);
+ bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING);
+ req.getInputStream().close();
+ resp.getOutputStream().flush();
+ resp.getOutputStream().close();
+ log.debug("Finished Request");
+ }
+
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, java.io.IOException {
+ doPost(req, resp);
+ }
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/PINManagementServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/PINManagementServlet.java
new file mode 100644
index 00000000..0c35f1c9
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/PINManagementServlet.java
@@ -0,0 +1,114 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.webapp;
+
+import at.gv.egiz.bku.local.stal.LocalSTALFactory;
+import at.gv.egiz.stal.QuitRequest;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.STALResponse;
+import at.gv.egiz.stal.ext.PINManagementRequest;
+import java.io.IOException;
+import java.net.URL;
+import java.util.Collections;
+import java.util.List;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * PINManagementBKUWorker for non-applet version
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class PINManagementServlet extends HttpServlet {
+
+ private static final Log log = LogFactory.getLog(PINManagementServlet.class);
+
+ LocalSTALFactory stalFactory;
+
+ public PINManagementServlet() {
+ stalFactory = new LocalSTALFactory();
+ stalFactory.setHelpURL("http://localhost:3495/help/");
+ }
+
+ /**
+ * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ STAL pinMgmtSTAL = stalFactory.createSTAL();
+ List<STALResponse> stalResps = pinMgmtSTAL.handleRequest(Collections.singletonList(new PINManagementRequest()));
+ if (log.isDebugEnabled()) {
+ log.debug("received STAL reponse " + stalResps.get(0).getClass());
+ }
+ pinMgmtSTAL.handleRequest(Collections.singletonList(new QuitRequest()));
+
+ String redirect = request.getParameter("redirect");
+ if (redirect != null) {
+ String referer = request.getHeader("Referer");
+ if (referer != null) {
+ redirect = new URL(new URL(referer), redirect).toExternalForm();
+ }
+ response.sendRedirect(redirect);
+ } else {
+ response.setStatus(HttpServletResponse.SC_OK);
+ }
+ }
+
+ // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
+ /**
+ * Handles the HTTP <code>GET</code> method.
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ processRequest(request, response);
+ }
+
+ /**
+ * Handles the HTTP <code>POST</code> method.
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ processRequest(request, response);
+ }
+
+ /**
+ * Returns a short description of the servlet.
+ * @return a String containing servlet description
+ */
+ @Override
+ public String getServletInfo() {
+ return "Short description";
+ }// </editor-fold>
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java
new file mode 100644
index 00000000..3bd50ba7
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.webapp;
+
+import javax.servlet.http.HttpServlet;
+
+import at.gv.egiz.bku.binding.BindingProcessorManager;
+import at.gv.egiz.bku.conf.Configurator;
+
+public abstract class SpringBKUServlet extends HttpServlet {
+
+ public final static String BEAN_NAME = "bindingProcessorManager";
+
+ protected static Configurator configurator;
+
+ protected BindingProcessorManager getBindingProcessorManager() {
+ return (BindingProcessorManager) getServletContext()
+ .getAttribute(BEAN_NAME);
+ }
+
+ public static void setConfigurator(Configurator conf) {
+ configurator = conf;
+ }
+
+}
diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml
new file mode 100644
index 00000000..586a8190
--- /dev/null
+++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml
@@ -0,0 +1,96 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2008 Federal Chancellery Austria and Graz University of
+ Technology Licensed under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
+ License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0 Unless required by
+ applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the
+ License.
+ -->
+<AccessControl>
+ <Chains>
+ <!--
+ The input chain defines filters that are applied before command
+ execution
+ -->
+ <Chain Id="InputChain">
+ <Rules>
+ <!-- there is no command implemented that requires input filtering -->
+ <Rule Id="InputChain-AllowAll">
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ </Rules>
+ </Chain>
+
+ <!--
+ The output chain defines filters that are applied after command
+ execution
+ -->
+ <Chain Id="OutputChain">
+ <Rules>
+ <Rule Id="OutputChain-Egov">
+ <AuthClass>anonymous</AuthClass>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="OutputChain-Command">
+ <AuthClass>anonymous</AuthClass>
+ <Action>
+ <ChainRef>Command</ChainRef>
+ </Action>
+ </Rule>
+ </Rules>
+ </Chain>
+ <Chain Id="Command">
+ <Rules>
+ <Rule Id="cmd-rule-1">
+ <AuthClass>certified</AuthClass>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ <Param Name="PersonIdentifier">derived</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-localhost">
+ <AuthClass>anonymous</AuthClass>
+ <IPv4Address>127.0.0.1</IPv4Address>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ <Param Name="PersonIdentifier">derived</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-2">
+ <AuthClass>anonymous</AuthClass>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ </Command>
+ <Action>
+ <RuleAction>deny</RuleAction>
+ </Action>
+ <UserInteraction>info</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-3">
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ </Rule>
+ </Rules>
+ </Chain>
+ </Chains>
+</AccessControl>
diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties
new file mode 100644
index 00000000..8ae5bf6d
--- /dev/null
+++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties
@@ -0,0 +1,61 @@
+#
+# Copyright 2008 Federal Chancellery Austria and
+# Graz University of Technology
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+# Configuration for online CCE
+
+# security manager configuration
+AccessController.acceptUnmatched=false
+AccessController.policyResource=classpath:at/gv/egiz/bku/local/conf/accessControlConfig.xml
+
+# ------------BEGIN SSL Config --------------------
+# SSL configuration for connections to external
+# resources (e.g. data urls)
+
+# directory where certificates for
+# chain constructions can be placed
+SSL.certDirectory=classpath:at/gv/egiz/bku/local/conf/certs/certStore
+
+# a LDAP repository
+SSL.ldapServer=
+SSL.ldapPort=389
+
+# Directory where trusted CA
+# certificates are placed
+SSL.caDirectory=classpath:at/gv/egiz/bku/local/conf/certs/CACerts
+
+SSL.doRevocationChecking=true
+SSL.sslProtocol=TLS
+
+SSL.cache.lifetime=3600
+# use authority info access extension to find ca certs.
+SSL.useAIA=true
+
+# Don't set to true in production environments
+# Attention flag only used for debugging
+SSL.disableAllChecks=false
+# ------------ END SSL Config --------------------
+
+ValidateHashDataInputs=true
+AppletTimeout=300000
+
+#HTTPProxyHost=
+#HTTPProxyPort=
+#DefaultSocketTimeout=200
+
+
+
diff --git a/BKULocal/src/main/resources/commons-logging.properties b/BKULocal/src/main/resources/commons-logging.properties
new file mode 100644
index 00000000..0d497b1b
--- /dev/null
+++ b/BKULocal/src/main/resources/commons-logging.properties
@@ -0,0 +1,16 @@
+# Copyright 2008 Federal Chancellery Austria and
+# Graz University of Technology
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger
diff --git a/BKULocal/src/main/resources/log4j.properties b/BKULocal/src/main/resources/log4j.properties
new file mode 100644
index 00000000..a56f2683
--- /dev/null
+++ b/BKULocal/src/main/resources/log4j.properties
@@ -0,0 +1,34 @@
+# Copyright 2008 Federal Chancellery Austria and
+# Graz University of Technology
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# assume log4j to be configured by servlet container (java web start)
+# loglever DEBUG, appender STDOUT
+log4j.rootLogger=DEBUG, STDOUT
+
+log4j.logger.at.gv.egiz.smcc=TRACE
+
+# STDOUT appender
+log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender
+log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout
+#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
+#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n
+log4j.appender.STDOUT.layout.ConversionPattern=%-5p |%d | %t | %c %x- %m%n
+
+### FILE appender
+log4j.appender.file=org.apache.log4j.DailyRollingFileAppender
+log4j.appender.file.datePattern='.'yyyy-MM-dd
+log4j.appender.file.File=${user.home}/.bku/logs/bku.log
+log4j.appender.file.layout=org.apache.log4j.PatternLayout
+log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n \ No newline at end of file
diff --git a/BKULocal/src/main/webapp/META-INF/MANIFEST.MF b/BKULocal/src/main/webapp/META-INF/MANIFEST.MF
new file mode 100644
index 00000000..5e949512
--- /dev/null
+++ b/BKULocal/src/main/webapp/META-INF/MANIFEST.MF
@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+Class-Path:
+
diff --git a/BKULocal/src/main/webapp/META-INF/context.xml b/BKULocal/src/main/webapp/META-INF/context.xml
new file mode 100644
index 00000000..fd2fac1f
--- /dev/null
+++ b/BKULocal/src/main/webapp/META-INF/context.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Context path=""/>
diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml
new file mode 100644
index 00000000..e96bd088
--- /dev/null
+++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml
@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2008 Federal Chancellery Austria and
+ Graz University of Technology
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
+ <bean id="STALFactory" class="at.gv.egiz.bku.local.stal.LocalSTALFactory"
+ scope="singleton">
+ <property name="helpURL" value="http://localhost:3495/help/"/>
+ </bean>
+
+
+ <bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
+ scope="singleton">
+ <constructor-arg ref="STALFactory"></constructor-arg>
+ <constructor-arg ref="commandInvoker"></constructor-arg>
+ <constructor-arg ref="configuration"></constructor-arg>
+ </bean>
+ <bean
+ class="org.springframework.web.context.support.ServletContextAttributeExporter">
+ <property name="attributes">
+ <map>
+ <entry key="bindingProcessorManager">
+ <ref bean="bindingProcessorManager" />
+ </entry>
+ </map>
+ </property>
+ </bean>
+
+ <bean id="accessController" class="at.gv.egiz.bku.local.accesscontroller.SpringSecurityManager"
+ scope="singleton" init-method="init">
+ <property name="config" ref="configurator"/>
+ </bean>
+
+ <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
+ <property name="securityManager" ref="accessController" />
+ </bean>
+
+ <bean id="slCommandFactory" class="at.gv.egiz.bku.slcommands.SLCommandFactory"
+ factory-method="getInstance">
+ <property name="commandImpl">
+ <map>
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:NullOperationRequest"
+ value="at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl" />
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxReadRequest"
+ value="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl" />
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxUpdateRequest"
+ value="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandImpl" />
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:CreateXMLSignatureRequest"
+ value="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory"
+ factory-method="getInstance">
+ <property name="infoboxImpl">
+ <map>
+ <entry
+ key="Certificates"
+ value="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxImpl" />
+ <entry
+ key="IdentityLink"
+ value="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxImpl" />
+ <entry
+ key="CardChannel"
+ value="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxImpl" />
+ <entry
+ key="SV-Personendaten"
+ value="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxImpl" />
+ </map>
+ </property>
+ </bean>
+
+ <!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
+
+ <bean id="configurator" class="at.gv.egiz.bku.local.conf.SpringConfigurator"
+ init-method="configure">
+ <!-- <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/> -->
+ <property name="resource" value="file:${user.home}/.mocca/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
+ </bean>
+
+ <!-- Begin MOCCA Configuration [REFACTORED]
+ | Configuration beans (no conf properties file) should be injected directly to module configurators.
+ | Currently, only the ReaderFactory configuration is considered.
+ |-->
+ <import resource="file:${user.home}/.mocca/conf/mocca-conf.xml"/>
+
+</beans> \ No newline at end of file
diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 00000000..c4ea1e54
--- /dev/null
+++ b/BKULocal/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2008 Federal Chancellery Austria and
+ Graz University of Technology
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<web-app id="bkulocal" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
+ <display-name>http-security-layer-request</display-name>
+
+ <!-- Begin Spring Config -->
+ <context-param>
+ <param-name>contextConfigLocation</param-name>
+ <param-value>/WEB-INF/applicationContext.xml</param-value>
+ </context-param>
+ <listener>
+ <listener-class>
+ org.springframework.web.context.ContextLoaderListener
+ </listener-class>
+ </listener>
+ <!-- End Spring Config -->
+
+ <!-- Begin BKU Config -->
+ <servlet>
+ <servlet-name>BKUServlet</servlet-name>
+ <servlet-class>at.gv.egiz.bku.local.webapp.BKURequestHandler</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>PINManagementServlet</servlet-name>
+ <servlet-class>at.gv.egiz.bku.local.webapp.PINManagementServlet</servlet-class>
+ </servlet>
+ <servlet-mapping>
+ <servlet-name>BKUServlet</servlet-name>
+ <url-pattern>/http-security-layer-request</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>BKUServlet</servlet-name>
+ <url-pattern>/https-security-layer-request</url-pattern>
+ </servlet-mapping>
+ <!-- Begin BKU Config -->
+
+ <servlet-mapping>
+ <servlet-name>PINManagementServlet</servlet-name>
+ <url-pattern>/PINManagement</url-pattern>
+ </servlet-mapping>
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ <welcome-file>index.htm</welcome-file>
+ <welcome-file>index.jsp</welcome-file>
+ <welcome-file>default.html</welcome-file>
+ <welcome-file>default.htm</welcome-file>
+ <welcome-file>default.jsp</welcome-file>
+ </welcome-file-list>
+</web-app>
diff --git a/BKULocal/src/main/webapp/errorresponse.css b/BKULocal/src/main/webapp/errorresponse.css
new file mode 100644
index 00000000..41402e71
--- /dev/null
+++ b/BKULocal/src/main/webapp/errorresponse.css
@@ -0,0 +1,12 @@
+@CHARSET "UTF-8";
+sl\:ErrorResponse {margin: 0.5em; display: block;}
+sl\:ErrorCode {display: inline;}
+sl\:Info {display: inline;}
+
+ErrorResponse:lang(de):before {content: "Bei der Verarbeitung der Anfrage durch die Bürgerkartenumgebung ist ein Fehler aufgetreten: "; font-weight: bolder;}
+ErrorResponse:before {content: "An error has occoured upon request processing by the citizen card software: "; font-weight: bold;}
+ErrorResponse {margin: 0.5em; display: block;}
+ErrorCode:lang(de):before {content: "Fehler-Code: ";}
+ErrorCode:before {content: "Error Code: ";}
+ErrorCode {display: block;}
+Info {display: block;} \ No newline at end of file
diff --git a/BKULocal/src/main/webapp/img/chip16.ico b/BKULocal/src/main/webapp/img/chip16.ico
new file mode 100644
index 00000000..42175127
--- /dev/null
+++ b/BKULocal/src/main/webapp/img/chip16.ico
Binary files differ
diff --git a/BKULocal/src/main/webapp/img/chip48.png b/BKULocal/src/main/webapp/img/chip48.png
new file mode 100644
index 00000000..491fbcac
--- /dev/null
+++ b/BKULocal/src/main/webapp/img/chip48.png
Binary files differ
diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html
new file mode 100644
index 00000000..c6d6c747
--- /dev/null
+++ b/BKULocal/src/main/webapp/index.html
@@ -0,0 +1,64 @@
+<!--
+ Copyright 2008 Federal Chancellery Austria and
+ Graz University of Technology
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Bürgerkarte - Willkommen</title>
+ <link href="help/help.css" rel="stylesheet" type="text/css" />
+ <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"/>
+ </head>
+
+ <body class="twoColElsLtHdr">
+
+ <div id="container">
+ <div id="header">
+ <h1>Willkommen</h1>
+ <!-- end #header --></div>
+ <div id="mainContent" style="margin: 1.5em 1.5em 0 1.5em">
+ <div style="float:left; margin-right:1em">
+ <img src="img/chip48.png" alt="Logo" width="48" height="48"/>
+ </div>
+ <p>Sie haben die Bürgerkartenumgebung MOCCA erfolgreich installiert.
+ Um diese zu verwenden installieren Sie bitte noch das
+ <a href="ca.crt">CA Zertifikat</a>&sup1; in ihrem Browser.
+ </p>
+
+ <p style="clear:left; margin-top:1.5em">Weiters können Sie</p>
+ <ul>
+ <li>die <a href="help">Hilfe durchsehen</a>,</li>
+ <li>die <a href="PINManagement?redirect=./index.html">PIN Verwaltung starten</a> oder </li>
+ <li>das <a href="ca.crt">CA Zertifikat installieren</a> (rufen Sie diesen Link aus anderen Web-Browsern auf um auch dort das CA Zertifikat zu installieren).</li>
+ </ul>
+
+ <p><br class="clearfloat" /></p>
+
+ <p style="font-size:80%">
+ &sup1;Eine automatisierte Installation ist mit Microsoft Internet Explorer in Windows Vista oder 7 leider nicht möglich,
+ siehe dazu <a href="help/de/help.install.cacert.html">Hilfe</a>.
+ </p>
+
+ </div>
+ <div id="footer">
+ <p>
+ <a href="http://www.buergerkarte.at">Österreichische Bürgerkarte</a> | <a href="http://mocca.egovlabs.gv.at">Bürgerkartensoftware MOCCA</a>
+ </p>
+ </div>
+ <!-- end #container --></div>
+ </body>
+</html>
+