diff options
author | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2010-01-26 16:27:27 +0000 |
---|---|---|
committer | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2010-01-26 16:27:27 +0000 |
commit | 84cd553cc40d9850fcd865887219d907693af0e6 (patch) | |
tree | 2d1d9054f42845ce951c9b2c2239178c803443d3 /BKULocal/src | |
parent | 667af128d0adfeee2aa4748ab58411c91bc4905f (diff) | |
parent | 7a5310b43849124095d97af3103c4fdaeeacbbbb (diff) | |
download | mocca-84cd553cc40d9850fcd865887219d907693af0e6.tar.gz mocca-84cd553cc40d9850fcd865887219d907693af0e6.tar.bz2 mocca-84cd553cc40d9850fcd865887219d907693af0e6.zip |
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/branches/mocca-1.2.11-sha2@602 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKULocal/src')
25 files changed, 1566 insertions, 0 deletions
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java new file mode 100644 index 00000000..3f50fc78 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java @@ -0,0 +1,65 @@ +/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.accesscontroller;
+
+import java.io.IOException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
+import at.gv.egiz.bku.conf.Configurator;
+
+public class SpringSecurityManager extends SecurityManagerFacade implements
+ ResourceLoaderAware {
+
+ private ResourceLoader resourceLoader;
+
+ private static Log log = LogFactory.getLog(SpringSecurityManager.class);
+
+ protected Configurator config;
+
+ public void setConfig(Configurator config) {
+ this.config = config;
+ }
+
+ public void init() {
+ String noMatch = config.getProperty("AccessController.acceptNoMatch");
+ if (noMatch != null) {
+ log.debug("Setting allow now match to: " + noMatch);
+ setAllowUnmatched(Boolean.getBoolean(noMatch));
+ }
+ String policy = config.getProperty("AccessController.policyResource");
+ policy = policy.replace("${user.home}", System.getProperty("user.home"));
+ log.info("Loading resource: " + policy);
+ try {
+ Resource res = resourceLoader.getResource(policy);
+ init(res.getInputStream());
+ } catch (IOException e) {
+ log.error(e);
+ }
+ }
+
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
+
+}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java new file mode 100644 index 00000000..7b2641ff --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -0,0 +1,142 @@ +/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.conf;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.gv.egiz.bku.conf.Configurator;
+import at.gv.egiz.bku.local.webapp.SpringBKUServlet;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+
+public class SpringConfigurator extends Configurator implements
+ ResourceLoaderAware {
+
+ private final static Log log = LogFactory.getLog(SpringConfigurator.class);
+
+ private ResourceLoader resourceLoader;
+
+ public SpringConfigurator() {
+ // File configDir = new File(System.getProperty("user.home") +
+ // "/.bku/conf");
+ // if (configDir.exists()) {
+ // log.debug("Found existing config directory: " + configDir);
+ // } else {
+ // log.info("Config dir not existing, creating new");
+ // if (!configDir.mkdirs()) {
+ // log.error("Cannot create directory: " + configDir);
+ // }
+ // }
+ }
+
+ public void setResource(Resource resource) {
+ log.debug("Loading config from: " + resource);
+ if (resource != null) {
+ Properties props = new Properties();
+ try {
+ props.load(resource.getInputStream());
+ super.setConfiguration(props);
+ } catch (IOException e) {
+ log.error("Cannot load config", e);
+ }
+ } else {
+ log.warn("Cannot load properties, resource: " + resource);
+ }
+ }
+
+ @Override
+ public void configure() {
+ if (properties == null) {
+ defaultInit();
+ }
+ super.configure();
+ SpringBKUServlet.setConfigurator(this);
+ }
+
+ public void defaultInit() {
+ Properties props = new Properties();
+ try {
+ props.load(new FileInputStream(System.getProperty("user.home")
+ + "/.mocca/war/mocca.war"));
+ super.setConfiguration(props);
+ } catch (IOException e) {
+ log.error("Cannot load config", e);
+ }
+ }
+
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
+
+ private File getDirectory(String property) {
+ property = property
+ .replace("${user.home}", System.getProperty("user.home"));
+ if (property != null) {
+ Resource certDirRes = resourceLoader.getResource(property);
+ File certDir;
+ try {
+ certDir = certDirRes.getFile();
+ } catch (IOException e) {
+ log.error("Cannot get cert directory", e);
+ throw new SLRuntimeException(e);
+ }
+ if (!certDir.isDirectory()) {
+ log.error("Expecting directory as SSL.certDirectory parameter");
+ throw new SLRuntimeException(
+ "Expecting directory as SSL.certDirectory parameter");
+ }
+ return certDir;
+ }
+ return null;
+
+ }
+
+ @Override
+ protected File getCADir() {
+ String caDirectory = getProperty("SSL.caDirectory");
+ return getDirectory(caDirectory);
+ }
+
+ @Override
+ protected File getCertDir() {
+ String certDirectory = getProperty("SSL.certDirectory");
+ return getDirectory(certDirectory);
+ }
+
+ @Override
+ protected InputStream getManifest() {
+ Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF");
+ if ((r != null) && r.isReadable()) {
+ try {
+ return r.getInputStream();
+ } catch (IOException e) {
+ log.error("Cannot read manifest data: " + e);
+ }
+ }
+ return null;
+ }
+}
\ No newline at end of file diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/GUIProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/GUIProxy.java new file mode 100644 index 00000000..38dd04d9 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/GUIProxy.java @@ -0,0 +1,55 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.gui; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import java.lang.reflect.InvocationHandler; +import java.lang.reflect.Method; +import javax.swing.JFrame; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class GUIProxy implements InvocationHandler { + + JFrame frame; + BKUGUIFacade delegate; + + static public Object newInstance(BKUGUIFacade gui, JFrame frame, Class[] interfaces) { + return java.lang.reflect.Proxy.newProxyInstance(gui.getClass().getClassLoader(), + interfaces, + new GUIProxy(gui, frame)); + } + + private GUIProxy(BKUGUIFacade delegate, JFrame frame) { + this.frame = frame; + this.delegate = delegate; + } + + @Override + public Object invoke(Object proxy, Method method, Object[] args) throws Throwable { + + if (method.getName().startsWith("show")) { + frame.setVisible(true); + frame.toFront(); + return method.invoke(delegate, args); + } else { //if (method.getName().startsWith("get")) { + return method.invoke(delegate, args); + } + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/LocalHelpListener.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/LocalHelpListener.java new file mode 100644 index 00000000..c957e132 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/gui/LocalHelpListener.java @@ -0,0 +1,61 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.gui; + +import at.gv.egiz.bku.gui.AbstractHelpListener; +import at.gv.egiz.bku.gui.DefaultHelpListener; +import java.awt.Desktop; +import java.io.IOException; +import java.net.URISyntaxException; +import java.net.URL; +import java.util.Locale; + +/** + * Open help document in browser, fallback to default (swing dialog) if Java Desktop API not supported. + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class LocalHelpListener extends AbstractHelpListener { + + protected Desktop desktop; + protected DefaultHelpListener fallback; + + public LocalHelpListener(URL baseURL, Locale locale) { + super(baseURL, locale); + if (Desktop.isDesktopSupported()) { + desktop = Desktop.getDesktop(); + } else { + log.info("Java Desktop API not available on current platform (libgnome installed?), falling back to DefaultHelpListener"); + fallback = new DefaultHelpListener(baseURL, locale); + } + } + + @Override + public void showDocument(URL helpDocument, String helpTopic) throws IOException, URISyntaxException { + if (desktop != null) { + if (!desktop.isSupported(Desktop.Action.BROWSE)) { + log.error("Failed to open default browser: The system provides the Desktop API, but does not support the BROWSE action"); + } else { + Desktop.getDesktop().browse(helpDocument.toURI()); + } + } else if (fallback != null) { + fallback.showDocument(helpDocument, helpTopic); + } else { + log.error("failed to display help document"); + } + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java new file mode 100644 index 00000000..1e3f9a1d --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java @@ -0,0 +1,64 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.stal; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.smccstal.AbstractBKUWorker; +import at.gv.egiz.bku.smccstal.PINManagementRequestHandler; +import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.SignRequest; + +import at.gv.egiz.stal.ext.PINManagementRequest; +import java.util.List; +import javax.swing.JFrame; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class LocalBKUWorker extends AbstractBKUWorker { + + private JFrame container; + + public LocalBKUWorker(BKUGUIFacade gui, JFrame container) { + super(gui); + this.container = container; + addRequestHandler(SignRequest.class, + new LocalSignRequestHandler(new LocalSecureViewer(gui))); + addRequestHandler(PINManagementRequest.class, new PINManagementRequestHandler()); + } + + /** does not change container's visibility (use quit request to close) */ + @Override + public List<STALResponse> handleRequest(List<? extends STALRequest> requestList) { + signatureCard = null; + List<STALResponse> responses = super.handleRequest(requestList); + container.setVisible(false); + return responses; + } + + /** overrides handle quit from abstract bku worker, make container invisible */ + @Override + public STALResponse handleRequest(STALRequest request) { + if (request instanceof QuitRequest) { + container.setVisible(false); + } + return null; + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSTALFactory.java new file mode 100644 index 00000000..44322a07 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSTALFactory.java @@ -0,0 +1,126 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.stal; + +import at.gv.egiz.bku.viewer.ResourceFontLoader; +import java.awt.Dimension; +import java.awt.Toolkit; +import java.net.MalformedURLException; +import java.util.Locale; + + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.gui.BKUIcons; +import at.gv.egiz.bku.gui.PINManagementGUI; +import at.gv.egiz.bku.gui.PINManagementGUIFacade; +import at.gv.egiz.bku.local.gui.GUIProxy; +import at.gv.egiz.bku.local.gui.LocalHelpListener; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.STALFactory; +import java.net.URL; +import javax.swing.JFrame; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * Creates a PINManagementGUI and a LocalBKUWorker, which in turn registers + * PINManagementRequestHandler from smccSTALExt. + * The RequestHandler expects PINManagementGUIFacade, therefore BKUGUIProxy has to implement the extended GUI. + * @author clemens + */ +public class LocalSTALFactory implements STALFactory { + + protected static final Log log = LogFactory.getLog(LocalSTALFactory.class); + protected static final Dimension PREFERRED_SIZE = new Dimension(318, 200); + protected String helpURL; + protected Locale locale; + + @Override + public STAL createSTAL() { + + LocalBKUWorker stal; + //http://java.sun.com/docs/books/tutorial/uiswing/misc/focus.html + // use undecorated JFrame instead of JWindow, + // which creates an invisible owning frame and therefore cannot getFocusInWindow() + JFrame dialog = new JFrame("Bürgerkarte"); + if (log.isTraceEnabled()) { + log.debug("alwaysOnTop supported: " + dialog.isAlwaysOnTopSupported()); + } + // [#439] make mocca dialog alwaysOnTop + dialog.setAlwaysOnTop(true); + dialog.setIconImages(BKUIcons.icons); + dialog.setUndecorated(true); +// dialog.getRootPane().setWindowDecorationStyle(JRootPane.NONE); +// dialog.addWindowListener(new WindowAdapter() { +// +// @Override +// public void windowClosing(WindowEvent e) { +// super.windowClosing(e); +// log.debug("closing window ********************"); +// } +// +// }); + if (locale != null) { + dialog.setLocale(locale); + } + LocalHelpListener helpListener = null; + try { + if (helpURL != null) { + helpListener = new LocalHelpListener(new URL(helpURL), locale); + } else { + log.warn("no HELP URL configured, help system disabled"); + } + } catch (MalformedURLException ex) { + log.error("failed to configure help listener: " + ex.getMessage(), ex); + } + PINManagementGUIFacade gui = new PINManagementGUI(dialog.getContentPane(), + dialog.getLocale(), + BKUGUIFacade.Style.advanced, + null, + new ResourceFontLoader(), + helpListener, + null); + BKUGUIFacade proxy = (BKUGUIFacade) GUIProxy.newInstance(gui, dialog, new Class[] { PINManagementGUIFacade.class} ); + stal = new LocalBKUWorker(proxy, dialog); + dialog.setPreferredSize(PREFERRED_SIZE); + dialog.pack(); + Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); + Dimension frameSize = dialog.getSize(); + if (frameSize.height > screenSize.height) { + frameSize.height = screenSize.height; + } + if (frameSize.width > screenSize.width) { + frameSize.width = screenSize.width; + } + dialog.setLocation((screenSize.width - frameSize.width) / 2, + (screenSize.height - frameSize.height) / 2); + return stal; + } + + @Override + public void setLocale(Locale locale) { + this.locale = locale; + } + + public String getHelpURL() { + return helpURL; + } + + public void setHelpURL(String helpURL) { + this.helpURL = helpURL; + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSecureViewer.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSecureViewer.java new file mode 100644 index 00000000..ae58526c --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSecureViewer.java @@ -0,0 +1,129 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.stal; + +import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput; +import at.gv.egiz.bku.smccstal.SecureViewer; +import java.io.IOException; +import java.util.ArrayList; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; +import at.gv.egiz.stal.signedinfo.ReferenceType; +import at.gv.egiz.stal.signedinfo.SignedInfoType; +import java.awt.event.ActionListener; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.util.Collections; +import java.util.List; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class LocalSecureViewer implements SecureViewer { + + private static final Log log = LogFactory.getLog(LocalSignRequestHandler.class); + private List<HashDataInput> hashDataInputs = Collections.EMPTY_LIST; + + protected BKUGUIFacade gui; + + public LocalSecureViewer(BKUGUIFacade gui) { + this.gui = gui; + } + + public void setDataToBeSigned(List<HashDataInput> dataToBeSigned) { + this.hashDataInputs = dataToBeSigned; + } + + /** + * + * @param dsigReferences + * @throws java.lang.Exception + */ + @Override + public void displayDataToBeSigned(SignedInfoType signedInfo, + ActionListener okListener, String okCommand) + throws Exception { + if (signedInfo.getReference().size() == 0) { + log.error("No hashdata input selected to be displayed: null"); + throw new Exception("No HashData Input selected to be displayed"); + } + + ArrayList<HashDataInput> selectedHashDataInputs = new ArrayList<HashDataInput>(); + for (ReferenceType dsigRef : signedInfo.getReference()) { + // don't get Manifest, QualifyingProperties, ... + if (dsigRef.getType() == null) { + String dsigRefId = dsigRef.getId(); + if (dsigRefId != null) { + boolean hdiAvailable = false; + for (HashDataInput hashDataInput : hashDataInputs) { + if (dsigRefId.equals(hashDataInput.getReferenceId())) { + log.debug("display hashdata input for dsig:SignedReference " + + dsigRefId); + selectedHashDataInputs.add( + ensureCachedHashDataInput(hashDataInput)); + hdiAvailable = true; + break; + } + } + if (!hdiAvailable) { + log.error("no hashdata input for dsig:SignedReference " + dsigRefId); + throw new Exception( + "No HashDataInput available for dsig:SignedReference " + dsigRefId); + } + } else { + throw new Exception( + "Cannot get HashDataInput for dsig:Reference without Id attribute"); + } + } + } + + if (selectedHashDataInputs.size() < 1) { + log.error("dsig:SignedInfo does not contain a data reference"); + throw new Exception("dsig:SignedInfo does not contain a data reference"); + } + gui.showSecureViewer(selectedHashDataInputs, okListener, okCommand); + } + + + private HashDataInput ensureCachedHashDataInput(HashDataInput hashDataInput) + throws IOException { + if (!(hashDataInput instanceof DataObjectHashDataInput)) { + + log.warn("expected DataObjectHashDataInput for LocalSignRequestHandler, got " + + hashDataInput.getClass().getName()); + + InputStream hdIs = hashDataInput.getHashDataInput(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available()); + int b; + while ((b = hdIs.read()) != -1) { + baos.write(b); + } + hashDataInput = new ByteArrayHashDataInput(baos.toByteArray(), + hashDataInput.getReferenceId(), + hashDataInput.getMimeType(), + hashDataInput.getEncoding(), + hashDataInput.getFilename()); + } + return hashDataInput; + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java new file mode 100644 index 00000000..9ae1d9b9 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java @@ -0,0 +1,63 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.stal; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.SignRequest; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class LocalSignRequestHandler extends SignRequestHandler { + + private static final Log log = LogFactory.getLog(LocalSignRequestHandler.class); + + public LocalSignRequestHandler(LocalSecureViewer secureViewer) { + super(secureViewer); + } + + /** + * If the request is a SIGN request, it contains a list of DataObjectHashDataInput + * providing the pre-digested input stream (that can be obtained repeatedly) if + * reference caching is enabled (or null otherwise). + * @param request + * @return + */ + @SuppressWarnings("unchecked") + @Override + public STALResponse handleRequest(STALRequest request) + throws InterruptedException { + + if (request instanceof SignRequest) { + SignRequest signReq = (SignRequest) request; + ((LocalSecureViewer) secureViewer).setDataToBeSigned(signReq.getHashDataInput()); + return super.handleRequest(request); + } else { + log.fatal("Got unexpected STAL request: " + request); + return new ErrorResponse(1000); + } + + + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java new file mode 100644 index 00000000..98be4047 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java @@ -0,0 +1,113 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.conf.Configurator; +import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; + +public class BKURequestHandler extends SpringBKUServlet { + + public final static String ENCODING = "UTF-8"; + + protected Log log = LogFactory.getLog(BKURequestHandler.class); + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + + log.debug("Received SecurityLayer request"); + + String acceptLanguage = req.getHeader("Accept-Language"); + Locale locale = AcceptLanguage.getLocale(acceptLanguage); + log.debug("Accept-Language locale: " + locale); + + HTTPBindingProcessor bindingProcessor; + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor(req.getRequestURL().toString(), null, locale); + Map<String, String> headerMap = new HashMap<String, String>(); + for (Enumeration<String> headerName = req.getHeaderNames(); headerName + .hasMoreElements();) { + String header = headerName.nextElement(); + if (header != null) { + headerMap.put(header, req.getHeader(header)); + } + } + String charset = req.getCharacterEncoding(); + String contentType = req.getContentType(); + if (charset != null) { + contentType += ";" + charset; + } + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + bindingProcessor.setHTTPHeaders(headerMap); + bindingProcessor.consumeRequestStream(req.getInputStream()); + + // fixxme just for testing + bindingProcessor.run(); + if (bindingProcessor.getRedirectURL() != null) { + resp.sendRedirect(bindingProcessor.getRedirectURL()); + return; + } + resp.setStatus(bindingProcessor.getResponseCode()); + for (Iterator<String> it = bindingProcessor.getResponseHeaders().keySet() + .iterator(); it.hasNext();) { + String header = it.next(); + resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header)); + } + String version = configurator.getProperty(Configurator.SIGNATURE_LAYOUT); + if ((version != null) && (!"".equals(version.trim()))) { + log.debug("setting SignatureLayout header to " + version); + resp.setHeader(Configurator.SIGNATURE_LAYOUT, version); + } else { + log.debug("do not set SignatureLayout header"); + } + + if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, configurator + .getProperty(Configurator.USERAGENT_CONFIG_P)); + } else { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, + Configurator.USERAGENT_DEFAULT); + } + + resp.setContentType(bindingProcessor.getResultContentType()); + resp.setCharacterEncoding(ENCODING); + bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING); + req.getInputStream().close(); + resp.getOutputStream().flush(); + resp.getOutputStream().close(); + log.debug("Finished Request"); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + doPost(req, resp); + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/PINManagementServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/PINManagementServlet.java new file mode 100644 index 00000000..0c35f1c9 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/PINManagementServlet.java @@ -0,0 +1,114 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import at.gv.egiz.bku.local.stal.LocalSTALFactory; +import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.ext.PINManagementRequest; +import java.io.IOException; +import java.net.URL; +import java.util.Collections; +import java.util.List; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * PINManagementBKUWorker for non-applet version + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class PINManagementServlet extends HttpServlet { + + private static final Log log = LogFactory.getLog(PINManagementServlet.class); + + LocalSTALFactory stalFactory; + + public PINManagementServlet() { + stalFactory = new LocalSTALFactory(); + stalFactory.setHelpURL("http://localhost:3495/help/"); + } + + /** + * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + STAL pinMgmtSTAL = stalFactory.createSTAL(); + List<STALResponse> stalResps = pinMgmtSTAL.handleRequest(Collections.singletonList(new PINManagementRequest())); + if (log.isDebugEnabled()) { + log.debug("received STAL reponse " + stalResps.get(0).getClass()); + } + pinMgmtSTAL.handleRequest(Collections.singletonList(new QuitRequest())); + + String redirect = request.getParameter("redirect"); + if (redirect != null) { + String referer = request.getHeader("Referer"); + if (referer != null) { + redirect = new URL(new URL(referer), redirect).toExternalForm(); + } + response.sendRedirect(redirect); + } else { + response.setStatus(HttpServletResponse.SC_OK); + } + } + + // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> + /** + * Handles the HTTP <code>GET</code> method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP <code>POST</code> method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// </editor-fold> +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java new file mode 100644 index 00000000..3bd50ba7 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java @@ -0,0 +1,39 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import javax.servlet.http.HttpServlet; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.conf.Configurator; + +public abstract class SpringBKUServlet extends HttpServlet { + + public final static String BEAN_NAME = "bindingProcessorManager"; + + protected static Configurator configurator; + + protected BindingProcessorManager getBindingProcessorManager() { + return (BindingProcessorManager) getServletContext() + .getAttribute(BEAN_NAME); + } + + public static void setConfigurator(Configurator conf) { + configurator = conf; + } + +} diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml new file mode 100644 index 00000000..586a8190 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2008 Federal Chancellery Austria and Graz University of
+ Technology Licensed under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
+ License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0 Unless required by
+ applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the
+ License.
+ -->
+<AccessControl>
+ <Chains>
+ <!--
+ The input chain defines filters that are applied before command
+ execution
+ -->
+ <Chain Id="InputChain">
+ <Rules>
+ <!-- there is no command implemented that requires input filtering -->
+ <Rule Id="InputChain-AllowAll">
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ </Rules>
+ </Chain>
+
+ <!--
+ The output chain defines filters that are applied after command
+ execution
+ -->
+ <Chain Id="OutputChain">
+ <Rules>
+ <Rule Id="OutputChain-Egov">
+ <AuthClass>anonymous</AuthClass>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="OutputChain-Command">
+ <AuthClass>anonymous</AuthClass>
+ <Action>
+ <ChainRef>Command</ChainRef>
+ </Action>
+ </Rule>
+ </Rules>
+ </Chain>
+ <Chain Id="Command">
+ <Rules>
+ <Rule Id="cmd-rule-1">
+ <AuthClass>certified</AuthClass>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ <Param Name="PersonIdentifier">derived</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-localhost">
+ <AuthClass>anonymous</AuthClass>
+ <IPv4Address>127.0.0.1</IPv4Address>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ <Param Name="PersonIdentifier">derived</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-2">
+ <AuthClass>anonymous</AuthClass>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ </Command>
+ <Action>
+ <RuleAction>deny</RuleAction>
+ </Action>
+ <UserInteraction>info</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-3">
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ </Rule>
+ </Rules>
+ </Chain>
+ </Chains>
+</AccessControl>
diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties new file mode 100644 index 00000000..8ae5bf6d --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -0,0 +1,61 @@ +#
+# Copyright 2008 Federal Chancellery Austria and
+# Graz University of Technology
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+# Configuration for online CCE
+
+# security manager configuration
+AccessController.acceptUnmatched=false
+AccessController.policyResource=classpath:at/gv/egiz/bku/local/conf/accessControlConfig.xml
+
+# ------------BEGIN SSL Config --------------------
+# SSL configuration for connections to external
+# resources (e.g. data urls)
+
+# directory where certificates for
+# chain constructions can be placed
+SSL.certDirectory=classpath:at/gv/egiz/bku/local/conf/certs/certStore
+
+# a LDAP repository
+SSL.ldapServer=
+SSL.ldapPort=389
+
+# Directory where trusted CA
+# certificates are placed
+SSL.caDirectory=classpath:at/gv/egiz/bku/local/conf/certs/CACerts
+
+SSL.doRevocationChecking=true
+SSL.sslProtocol=TLS
+
+SSL.cache.lifetime=3600
+# use authority info access extension to find ca certs.
+SSL.useAIA=true
+
+# Don't set to true in production environments
+# Attention flag only used for debugging
+SSL.disableAllChecks=false
+# ------------ END SSL Config --------------------
+
+ValidateHashDataInputs=true
+AppletTimeout=300000
+
+#HTTPProxyHost=
+#HTTPProxyPort=
+#DefaultSocketTimeout=200
+
+
+
diff --git a/BKULocal/src/main/resources/commons-logging.properties b/BKULocal/src/main/resources/commons-logging.properties new file mode 100644 index 00000000..0d497b1b --- /dev/null +++ b/BKULocal/src/main/resources/commons-logging.properties @@ -0,0 +1,16 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger diff --git a/BKULocal/src/main/resources/log4j.properties b/BKULocal/src/main/resources/log4j.properties new file mode 100644 index 00000000..a56f2683 --- /dev/null +++ b/BKULocal/src/main/resources/log4j.properties @@ -0,0 +1,34 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# assume log4j to be configured by servlet container (java web start) +# loglever DEBUG, appender STDOUT +log4j.rootLogger=DEBUG, STDOUT + +log4j.logger.at.gv.egiz.smcc=TRACE + +# STDOUT appender +log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender +log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout +#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n +log4j.appender.STDOUT.layout.ConversionPattern=%-5p |%d | %t | %c %x- %m%n + +### FILE appender +log4j.appender.file=org.apache.log4j.DailyRollingFileAppender +log4j.appender.file.datePattern='.'yyyy-MM-dd +log4j.appender.file.File=${user.home}/.bku/logs/bku.log +log4j.appender.file.layout=org.apache.log4j.PatternLayout +log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n
\ No newline at end of file diff --git a/BKULocal/src/main/webapp/META-INF/MANIFEST.MF b/BKULocal/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 00000000..5e949512 --- /dev/null +++ b/BKULocal/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0
+Class-Path:
+
diff --git a/BKULocal/src/main/webapp/META-INF/context.xml b/BKULocal/src/main/webapp/META-INF/context.xml new file mode 100644 index 00000000..fd2fac1f --- /dev/null +++ b/BKULocal/src/main/webapp/META-INF/context.xml @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<Context path=""/> diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml new file mode 100644 index 00000000..e96bd088 --- /dev/null +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -0,0 +1,109 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2008 Federal Chancellery Austria and
+ Graz University of Technology
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
+ <bean id="STALFactory" class="at.gv.egiz.bku.local.stal.LocalSTALFactory"
+ scope="singleton">
+ <property name="helpURL" value="http://localhost:3495/help/"/>
+ </bean>
+
+
+ <bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
+ scope="singleton">
+ <constructor-arg ref="STALFactory"></constructor-arg>
+ <constructor-arg ref="commandInvoker"></constructor-arg>
+ <constructor-arg ref="configuration"></constructor-arg>
+ </bean>
+ <bean
+ class="org.springframework.web.context.support.ServletContextAttributeExporter">
+ <property name="attributes">
+ <map>
+ <entry key="bindingProcessorManager">
+ <ref bean="bindingProcessorManager" />
+ </entry>
+ </map>
+ </property>
+ </bean>
+
+ <bean id="accessController" class="at.gv.egiz.bku.local.accesscontroller.SpringSecurityManager"
+ scope="singleton" init-method="init">
+ <property name="config" ref="configurator"/>
+ </bean>
+
+ <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
+ <property name="securityManager" ref="accessController" />
+ </bean>
+
+ <bean id="slCommandFactory" class="at.gv.egiz.bku.slcommands.SLCommandFactory"
+ factory-method="getInstance">
+ <property name="commandImpl">
+ <map>
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:NullOperationRequest"
+ value="at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl" />
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxReadRequest"
+ value="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl" />
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxUpdateRequest"
+ value="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandImpl" />
+ <entry
+ key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:CreateXMLSignatureRequest"
+ value="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl" />
+ </map>
+ </property>
+ </bean>
+
+ <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory"
+ factory-method="getInstance">
+ <property name="infoboxImpl">
+ <map>
+ <entry
+ key="Certificates"
+ value="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxImpl" />
+ <entry
+ key="IdentityLink"
+ value="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxImpl" />
+ <entry
+ key="CardChannel"
+ value="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxImpl" />
+ <entry
+ key="SV-Personendaten"
+ value="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxImpl" />
+ </map>
+ </property>
+ </bean>
+
+ <!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
+
+ <bean id="configurator" class="at.gv.egiz.bku.local.conf.SpringConfigurator"
+ init-method="configure">
+ <!-- <property name="resource" value="classpath:at/gv/egiz/bku/local/conf/defaultConf.properties"/> -->
+ <property name="resource" value="file:${user.home}/.mocca/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
+ </bean>
+
+ <!-- Begin MOCCA Configuration [REFACTORED]
+ | Configuration beans (no conf properties file) should be injected directly to module configurators.
+ | Currently, only the ReaderFactory configuration is considered.
+ |-->
+ <import resource="file:${user.home}/.mocca/conf/mocca-conf.xml"/>
+
+</beans>
\ No newline at end of file diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 00000000..c4ea1e54 --- /dev/null +++ b/BKULocal/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<web-app id="bkulocal" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> + <display-name>http-security-layer-request</display-name> + + <!-- Begin Spring Config --> + <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>/WEB-INF/applicationContext.xml</param-value> + </context-param> + <listener> + <listener-class> + org.springframework.web.context.ContextLoaderListener + </listener-class> + </listener> + <!-- End Spring Config --> + + <!-- Begin BKU Config --> + <servlet> + <servlet-name>BKUServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.local.webapp.BKURequestHandler</servlet-class> + </servlet> + <servlet> + <servlet-name>PINManagementServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.local.webapp.PINManagementServlet</servlet-class> + </servlet> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/http-security-layer-request</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/https-security-layer-request</url-pattern> + </servlet-mapping> + <!-- Begin BKU Config --> + + <servlet-mapping> + <servlet-name>PINManagementServlet</servlet-name> + <url-pattern>/PINManagement</url-pattern> + </servlet-mapping> + <welcome-file-list> + <welcome-file>index.html</welcome-file> + <welcome-file>index.htm</welcome-file> + <welcome-file>index.jsp</welcome-file> + <welcome-file>default.html</welcome-file> + <welcome-file>default.htm</welcome-file> + <welcome-file>default.jsp</welcome-file> + </welcome-file-list> +</web-app> diff --git a/BKULocal/src/main/webapp/errorresponse.css b/BKULocal/src/main/webapp/errorresponse.css new file mode 100644 index 00000000..41402e71 --- /dev/null +++ b/BKULocal/src/main/webapp/errorresponse.css @@ -0,0 +1,12 @@ +@CHARSET "UTF-8"; +sl\:ErrorResponse {margin: 0.5em; display: block;} +sl\:ErrorCode {display: inline;} +sl\:Info {display: inline;} + +ErrorResponse:lang(de):before {content: "Bei der Verarbeitung der Anfrage durch die Bürgerkartenumgebung ist ein Fehler aufgetreten: "; font-weight: bolder;} +ErrorResponse:before {content: "An error has occoured upon request processing by the citizen card software: "; font-weight: bold;} +ErrorResponse {margin: 0.5em; display: block;} +ErrorCode:lang(de):before {content: "Fehler-Code: ";} +ErrorCode:before {content: "Error Code: ";} +ErrorCode {display: block;} +Info {display: block;}
\ No newline at end of file diff --git a/BKULocal/src/main/webapp/img/chip16.ico b/BKULocal/src/main/webapp/img/chip16.ico Binary files differnew file mode 100644 index 00000000..42175127 --- /dev/null +++ b/BKULocal/src/main/webapp/img/chip16.ico diff --git a/BKULocal/src/main/webapp/img/chip48.png b/BKULocal/src/main/webapp/img/chip48.png Binary files differnew file mode 100644 index 00000000..491fbcac --- /dev/null +++ b/BKULocal/src/main/webapp/img/chip48.png diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html new file mode 100644 index 00000000..c6d6c747 --- /dev/null +++ b/BKULocal/src/main/webapp/index.html @@ -0,0 +1,64 @@ +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <title>Bürgerkarte - Willkommen</title> + <link href="help/help.css" rel="stylesheet" type="text/css" /> + <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"/> + </head> + + <body class="twoColElsLtHdr"> + + <div id="container"> + <div id="header"> + <h1>Willkommen</h1> + <!-- end #header --></div> + <div id="mainContent" style="margin: 1.5em 1.5em 0 1.5em"> + <div style="float:left; margin-right:1em"> + <img src="img/chip48.png" alt="Logo" width="48" height="48"/> + </div> + <p>Sie haben die Bürgerkartenumgebung MOCCA erfolgreich installiert. + Um diese zu verwenden installieren Sie bitte noch das + <a href="ca.crt">CA Zertifikat</a>¹ in ihrem Browser. + </p> + + <p style="clear:left; margin-top:1.5em">Weiters können Sie</p> + <ul> + <li>die <a href="help">Hilfe durchsehen</a>,</li> + <li>die <a href="PINManagement?redirect=./index.html">PIN Verwaltung starten</a> oder </li> + <li>das <a href="ca.crt">CA Zertifikat installieren</a> (rufen Sie diesen Link aus anderen Web-Browsern auf um auch dort das CA Zertifikat zu installieren).</li> + </ul> + + <p><br class="clearfloat" /></p> + + <p style="font-size:80%"> + ¹Eine automatisierte Installation ist mit Microsoft Internet Explorer in Windows Vista oder 7 leider nicht möglich, + siehe dazu <a href="help/de/help.install.cacert.html">Hilfe</a>. + </p> + + </div> + <div id="footer"> + <p> + <a href="http://www.buergerkarte.at">Österreichische Bürgerkarte</a> | <a href="http://mocca.egovlabs.gv.at">Bürgerkartensoftware MOCCA</a> + </p> + </div> + <!-- end #container --></div> + </body> +</html> + diff --git a/BKULocal/src/test/java/at/gv/egiz/bku/local/stal/TestSignRequest.java b/BKULocal/src/test/java/at/gv/egiz/bku/local/stal/TestSignRequest.java new file mode 100644 index 00000000..c6b69781 --- /dev/null +++ b/BKULocal/src/test/java/at/gv/egiz/bku/local/stal/TestSignRequest.java @@ -0,0 +1,55 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import java.io.ByteArrayOutputStream; +import java.util.ArrayList; +import java.util.List; + +import org.junit.Ignore; + +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.smcc.SignatureCard; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.SignRequest; + +@Ignore +public class TestSignRequest { + + public void test() throws Exception { + ByteArrayOutputStream os = new ByteArrayOutputStream(); + StreamUtil.copyStream(getClass().getClassLoader().getResourceAsStream("at/gv/egiz/bku/local/stal/sigInfo.xml"), os); + byte[] signedInfo = os.toByteArray(); + SignRequest sr = new SignRequest(); + sr.setSignedInfo(signedInfo); + sr.setKeyIdentifier(SignatureCard.KeyboxName.SECURE_SIGNATURE_KEYPAIR.getKeyboxName()); + List<STALRequest> reqList = new ArrayList<STALRequest>(1); + reqList.add(sr); + System.out.println((new LocalSTALFactory()).createSTAL().handleRequest(reqList)); + } + + public static void main(String[] args) { + TestSignRequest tsr = new TestSignRequest(); + try { + tsr.test(); + } catch (Exception e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + +} diff --git a/BKULocal/src/test/resources/at/gv/egiz/bku/local/stal/sigInfo.xml b/BKULocal/src/test/resources/at/gv/egiz/bku/local/stal/sigInfo.xml new file mode 100644 index 00000000..623a78bc --- /dev/null +++ b/BKULocal/src/test/resources/at/gv/egiz/bku/local/stal/sigInfo.xml @@ -0,0 +1,79 @@ +<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/><dsig:Reference Id="signed-data-reference-0-1214921265-27289015-14960" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0" xmlns="http://www.w3.org/1999/xhtml" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xa="http://www.egiz.gv.at/namespaces/20060713#"> + <xsl:output method="xml"/> + <xsl:template match="/"> + <html xmlns="http://www.w3.org/1999/xhtml" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"> + <head> + <title> + <xsl:value-of select="/xa:Antrag/xa:Titel"/></title></head> + <body> + <table align="left" border="0" width="100%"> + <tr> + <td align="left" colspan="3"> + <h2> + <xsl:value-of select="/xa:Antrag/xa:Titel"/></h2></td></tr> + <tr> + <td bgcolor="silver" colspan="3" text="black">Absender/in</td></tr> + <tr> + <td align="right" width="17%">Vorname</td> + <td width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:PhysicalPerson/pr:Name/pr:GivenName"/></td></tr> + <tr> + <td align="right" width="17%">Familienname</td> + <td width="3%"/> + <td width="80%"> + <xsl:value-of select="Von/Title"/> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:PhysicalPerson/pr:Name/pr:FamilyName"/></td></tr> + <tr> + <td align="right" width="17%">Geburtsdatum</td> + <td width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:PhysicalPerson/pr:DateOfBirth"/></td></tr> + <tr> + <td align="right" width="17%">Geburtsort</td> + <td width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:PhysicalPerson/pr:PlaceOfBirth"/></td></tr> + <tr> + <td align="right" width="17%">E-Mail zur Kontaktaufnahme</td> + <td width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:InternetAddress/pr:Address"/></td></tr> + <tr> + <td bgcolor="silver" colspan="3" text="black">Dieser Antrag ergeht an:</td></tr> + <tr> + <td align="right" width="17%">Adressat</td> + <td width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Empfaenger/pr:PersonData/pr:CorporateBody/pr:FullName"/></td></tr> + <tr> + <td bgcolor="silver" colspan="3" text="black">Hauptwohnsitz des Antragsstellers (laut ZMR):</td></tr> + <tr> + <td align="right" width="17%">Strasse</td> + <td nowrap="nowrap" valign="middle" width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:DeliveryAddress/pr:StreetName"/></td></tr> + <tr> + <td align="right" width="17%">Hausnummer</td> + <td nowrap="nowrap" valign="middle" width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:DeliveryAddress/pr:BuildingNumber"/> + <xsl:if test="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:DeliveryAddress/pr:Unit != ''">/ + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:DeliveryAddress/pr:Unit"/></xsl:if> + <xsl:if test="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:DeliveryAddress/pr:DoorNumber != ''">/ + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:DeliveryAddress/pr:DoorNumber"/></xsl:if></td></tr> + <tr> + <td align="right" width="17%">Postleitzahl</td> + <td nowrap="nowrap" valign="middle" width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:PostalCode"/></td></tr> + <tr> + <td align="right" width="17%">Ort</td> + <td nowrap="nowrap" valign="middle" width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:Municipality"/></td></tr> + <tr> + <td align="right" width="17%">Staat</td> + <td nowrap="nowrap" valign="middle" width="3%"/> + <td width="80%"> + <xsl:value-of select="/xa:Antrag/xa:Antragssteller/pr:PersonData/pr:CompactPostalAddress/pr:CountryName"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>GPYZB80vaYfGObhjlfu4lLLpAHs=</dsig:DigestValue></dsig:Reference><dsig:Reference Id="etsi-data-reference-0-1214921265-27289015-29753" Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1214921265-27289015-3533')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>8DWtjO0ki1U/lxn+Y34We6GsfxU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>
\ No newline at end of file |