summaryrefslogtreecommitdiff
path: root/BKULocal/src
diff options
context:
space:
mode:
authorclemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2009-08-26 17:31:32 +0000
committerclemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>2009-08-26 17:31:32 +0000
commit145003155c05e915b900989a27cef1271398164b (patch)
tree3be36976836a106a8c7ce635551dac42d08aa5ec /BKULocal/src
parent15d354a20c45cc5737438fe121696637f7dec1c8 (diff)
downloadmocca-145003155c05e915b900989a27cef1271398164b.tar.gz
mocca-145003155c05e915b900989a27cef1271398164b.tar.bz2
mocca-145003155c05e915b900989a27cef1271398164b.zip
MOCCA TLS Server CA cert installation servlet
removed help.jsp (and jsp dependencies in jetty) moved html pages to src/main/webapp (encoding problem?) switch to BASIC download protocol in BKUWebStart (no jnlpDownloadServlet required, see template.xml) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKULocal/src')
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java149
-rw-r--r--BKULocal/src/main/webapp/WEB-INF/web.xml19
-rw-r--r--BKULocal/src/main/webapp/img/chip16.icobin0 -> 1150 bytes
-rw-r--r--BKULocal/src/main/webapp/img/chip48.pngbin0 -> 2771 bytes
-rw-r--r--BKULocal/src/main/webapp/index.html56
5 files changed, 198 insertions, 26 deletions
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
new file mode 100644
index 00000000..0a9d001b
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.webapp;
+
+import iaik.pkcs.PKCS7CertList;
+import iaik.utils.Util;
+import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class InstallCertificateServlet extends HttpServlet {
+ public static final String HTTPS_REDIRECT = "https://localhost:3496/";
+
+ public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
+ protected PKCS7CertList p7c;
+ private static final Log log = LogFactory.getLog(InstallCertificateServlet.class);
+
+ @Override
+ public void init() throws ServletException {
+ super.init();
+ Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE);
+ if (caCert != null) {
+ try {
+ p7c = new PKCS7CertList();
+ p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) });
+ } catch (CertificateException ex) {
+ log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex);
+ }
+ } else {
+ log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
+ }
+ }
+
+ /**
+ * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+// try {
+// SSLContext sslCtx1 = SSLContext.getDefault();
+// log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName());
+// } catch (NoSuchAlgorithmException ex) {
+// log.debug("no sslContext: " + ex.getMessage(), ex);
+// }
+//
+// try {
+// SSLContext sslCtx2 = SSLContext.getInstance("TLS");
+// log.debug("TLS SSLContext: " + sslCtx2.getClass().getName());
+//
+// SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory();
+// SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext();
+//
+// if (serverSocketFactory != null) {
+// log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName());
+// }
+// if (serverSessionContext != null) {
+// log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName());
+// }
+// } catch (NoSuchAlgorithmException ex) {
+// log.debug("no sslContext: " + ex.getMessage(), ex);
+// }
+//
+// try {
+// SSLContext sslCtx3 = SSLContext.getInstance("SSLv3");
+// log.debug("TLS SSLContext: " + sslCtx3.getClass().getName());
+// } catch (NoSuchAlgorithmException ex) {
+// log.debug("no sslContext: " + ex.getMessage(), ex);
+// }
+
+
+
+
+
+ if (p7c != null) {
+ log.debug("returning local ca certificate");
+ response.setContentType("application/x-x509-ca-cert");
+ p7c.writeTo(response.getOutputStream());
+ response.getOutputStream().flush();
+ } else {
+ log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT);
+ response.sendRedirect(HTTPS_REDIRECT);
+ }
+
+ }
+
+ // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
+ /**
+ * Handles the HTTP <code>GET</code> method.
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ @Override
+ protected void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ processRequest(request, response);
+ }
+
+ /**
+ * Handles the HTTP <code>POST</code> method.
+ * @param request servlet request
+ * @param response servlet response
+ * @throws ServletException if a servlet-specific error occurs
+ * @throws IOException if an I/O error occurs
+ */
+ @Override
+ protected void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ processRequest(request, response);
+ }
+
+ /**
+ * Returns a short description of the servlet.
+ * @return a String containing servlet description
+ */
+ @Override
+ public String getServletInfo() {
+ return "Short description";
+ }// </editor-fold>
+}
diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml
index 83f33d9e..8768dbd8 100644
--- a/BKULocal/src/main/webapp/WEB-INF/web.xml
+++ b/BKULocal/src/main/webapp/WEB-INF/web.xml
@@ -1,5 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<!--
Copyright 2008 Federal Chancellery Austria and
Graz University of Technology
@@ -16,7 +15,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<web-app id="WebApp_ID">
+<web-app id="bkulocal" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>http-security-layer-request</display-name>
<!-- Begin Spring Config -->
@@ -36,14 +35,14 @@
<servlet-name>BKUServlet</servlet-name>
<servlet-class>at.gv.egiz.bku.local.webapp.BKURequestHandler</servlet-class>
</servlet>
- <servlet>
- <servlet-name>help</servlet-name>
- <jsp-file>/help.jsp</jsp-file>
- </servlet>
<servlet>
<servlet-name>PINManagementServlet</servlet-name>
<servlet-class>at.gv.egiz.bku.local.webapp.PINManagementServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>InstallCertificateServlet</servlet-name>
+ <servlet-class>at.gv.egiz.bku.local.webapp.InstallCertificateServlet</servlet-class>
+ </servlet>
<servlet-mapping>
<servlet-name>BKUServlet</servlet-name>
<url-pattern>/http-security-layer-request</url-pattern>
@@ -52,16 +51,16 @@
<servlet-name>BKUServlet</servlet-name>
<url-pattern>/https-security-layer-request</url-pattern>
</servlet-mapping>
- <servlet-mapping>
- <servlet-name>help</servlet-name>
- <url-pattern>/help/*</url-pattern>
- </servlet-mapping>
<!-- Begin BKU Config -->
<servlet-mapping>
<servlet-name>PINManagementServlet</servlet-name>
<url-pattern>/PINManagement</url-pattern>
</servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>InstallCertificateServlet</servlet-name>
+ <url-pattern>/installCertificate</url-pattern>
+ </servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
diff --git a/BKULocal/src/main/webapp/img/chip16.ico b/BKULocal/src/main/webapp/img/chip16.ico
new file mode 100644
index 00000000..42175127
--- /dev/null
+++ b/BKULocal/src/main/webapp/img/chip16.ico
Binary files differ
diff --git a/BKULocal/src/main/webapp/img/chip48.png b/BKULocal/src/main/webapp/img/chip48.png
new file mode 100644
index 00000000..491fbcac
--- /dev/null
+++ b/BKULocal/src/main/webapp/img/chip48.png
Binary files differ
diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html
index 537c154a..6aefe43c 100644
--- a/BKULocal/src/main/webapp/index.html
+++ b/BKULocal/src/main/webapp/index.html
@@ -14,21 +14,45 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
- <head>
- <title>BKU Web Start - Willkommen</title>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <style type="text/css" media="all">@import "css/main.css";</style>
- </head>
- <body>
- <h1>BKU Web Start - Willkommen</h1>
- <div>
- <p>Diese Seite installiert das MOCCA Zertifikat in ihrem Browser.
- In jedem weiteren Browser können sie dieses durch Aufruf <a href="https://localhost:3496/index.html">dieser Seite</a> ebenso installieren.</p>
- </div>
- <div>
- <a href="PINManagement?redirect=./index.html">PIN Verwaltung</a>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>Bürgerkarte - Willkommen</title>
+ <link href="help/help.css" rel="stylesheet" type="text/css" />
+ <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"/>
+ </head>
+
+ <body class="twoColElsLtHdr">
+
+ <div id="container">
+ <div id="header">
+ <h1>Bürgerkarte</h1>
+ <!-- end #header --></div>
+ <div id="mainContent" style="margin: 1.5em 1.5em 0 1.5em">
+ <div style="float:left; margin-right:1em">
+ <img src="img/chip48.png" alt="Logo" width="48" height="48"/>
</div>
- </body>
+ <p>Um die Bürgerkartenumgebung zu verwenden installieren Sie bitte
+ zunächst das <a href="installCertificate">CA Zertifikat</a>.
+ </p>
+
+ <p style="float:none">Weiters können Sie</p>
+ <ul>
+ <li>die <a href="help">Hilfe durchsehen</a>,</li>
+ <li>die <a href="PINManagement?redirect=./index.html">PIN Verwaltung starten</a> oder </li>
+ <li>in jedem weiteren Web-Browser das <a href="installCertificate">CA Zertifikat installieren</a>.</li>
+ </ul>
+
+ <p><br class="clearfloat" /></p>
+
+ </div>
+ <div id="footer">
+ <p>
+ <a href="http://www.buergerkarte.at">Österreichische Bürgerkarte</a> | <a href="http://mocca.egovlabs.gv.at">Bürgerkartensoftware MOCCA</a>
+ </p>
+ </div>
+ <!-- end #container --></div>
+ </body>
</html>
+