diff options
author | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-08-26 17:31:32 +0000 |
---|---|---|
committer | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-08-26 17:31:32 +0000 |
commit | 145003155c05e915b900989a27cef1271398164b (patch) | |
tree | 3be36976836a106a8c7ce635551dac42d08aa5ec /BKULocal/src | |
parent | 15d354a20c45cc5737438fe121696637f7dec1c8 (diff) | |
download | mocca-145003155c05e915b900989a27cef1271398164b.tar.gz mocca-145003155c05e915b900989a27cef1271398164b.tar.bz2 mocca-145003155c05e915b900989a27cef1271398164b.zip |
MOCCA TLS Server CA cert installation servlet
removed help.jsp (and jsp dependencies in jetty)
moved html pages to src/main/webapp (encoding problem?)
switch to BASIC download protocol in BKUWebStart (no jnlpDownloadServlet required, see template.xml)
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKULocal/src')
-rw-r--r-- | BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java | 149 | ||||
-rw-r--r-- | BKULocal/src/main/webapp/WEB-INF/web.xml | 19 | ||||
-rw-r--r-- | BKULocal/src/main/webapp/img/chip16.ico | bin | 0 -> 1150 bytes | |||
-rw-r--r-- | BKULocal/src/main/webapp/img/chip48.png | bin | 0 -> 2771 bytes | |||
-rw-r--r-- | BKULocal/src/main/webapp/index.html | 56 |
5 files changed, 198 insertions, 26 deletions
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java new file mode 100644 index 00000000..0a9d001b --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java @@ -0,0 +1,149 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import iaik.pkcs.PKCS7CertList; +import iaik.utils.Util; +import java.io.IOException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class InstallCertificateServlet extends HttpServlet { + public static final String HTTPS_REDIRECT = "https://localhost:3496/"; + + public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate"; + protected PKCS7CertList p7c; + private static final Log log = LogFactory.getLog(InstallCertificateServlet.class); + + @Override + public void init() throws ServletException { + super.init(); + Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE); + if (caCert != null) { + try { + p7c = new PKCS7CertList(); + p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) }); + } catch (CertificateException ex) { + log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex); + } + } else { + log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE); + } + } + + /** + * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + +// try { +// SSLContext sslCtx1 = SSLContext.getDefault(); +// log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName()); +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } +// +// try { +// SSLContext sslCtx2 = SSLContext.getInstance("TLS"); +// log.debug("TLS SSLContext: " + sslCtx2.getClass().getName()); +// +// SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory(); +// SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext(); +// +// if (serverSocketFactory != null) { +// log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName()); +// } +// if (serverSessionContext != null) { +// log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName()); +// } +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } +// +// try { +// SSLContext sslCtx3 = SSLContext.getInstance("SSLv3"); +// log.debug("TLS SSLContext: " + sslCtx3.getClass().getName()); +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } + + + + + + if (p7c != null) { + log.debug("returning local ca certificate"); + response.setContentType("application/x-x509-ca-cert"); + p7c.writeTo(response.getOutputStream()); + response.getOutputStream().flush(); + } else { + log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT); + response.sendRedirect(HTTPS_REDIRECT); + } + + } + + // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> + /** + * Handles the HTTP <code>GET</code> method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP <code>POST</code> method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// </editor-fold> +} diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml index 83f33d9e..8768dbd8 100644 --- a/BKULocal/src/main/webapp/WEB-INF/web.xml +++ b/BKULocal/src/main/webapp/WEB-INF/web.xml @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <!-- Copyright 2008 Federal Chancellery Austria and Graz University of Technology @@ -16,7 +15,7 @@ See the License for the specific language governing permissions and limitations under the License. --> -<web-app id="WebApp_ID"> +<web-app id="bkulocal" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <display-name>http-security-layer-request</display-name> <!-- Begin Spring Config --> @@ -36,14 +35,14 @@ <servlet-name>BKUServlet</servlet-name> <servlet-class>at.gv.egiz.bku.local.webapp.BKURequestHandler</servlet-class> </servlet> - <servlet> - <servlet-name>help</servlet-name> - <jsp-file>/help.jsp</jsp-file> - </servlet> <servlet> <servlet-name>PINManagementServlet</servlet-name> <servlet-class>at.gv.egiz.bku.local.webapp.PINManagementServlet</servlet-class> </servlet> + <servlet> + <servlet-name>InstallCertificateServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.local.webapp.InstallCertificateServlet</servlet-class> + </servlet> <servlet-mapping> <servlet-name>BKUServlet</servlet-name> <url-pattern>/http-security-layer-request</url-pattern> @@ -52,16 +51,16 @@ <servlet-name>BKUServlet</servlet-name> <url-pattern>/https-security-layer-request</url-pattern> </servlet-mapping> - <servlet-mapping> - <servlet-name>help</servlet-name> - <url-pattern>/help/*</url-pattern> - </servlet-mapping> <!-- Begin BKU Config --> <servlet-mapping> <servlet-name>PINManagementServlet</servlet-name> <url-pattern>/PINManagement</url-pattern> </servlet-mapping> + <servlet-mapping> + <servlet-name>InstallCertificateServlet</servlet-name> + <url-pattern>/installCertificate</url-pattern> + </servlet-mapping> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> diff --git a/BKULocal/src/main/webapp/img/chip16.ico b/BKULocal/src/main/webapp/img/chip16.ico Binary files differnew file mode 100644 index 00000000..42175127 --- /dev/null +++ b/BKULocal/src/main/webapp/img/chip16.ico diff --git a/BKULocal/src/main/webapp/img/chip48.png b/BKULocal/src/main/webapp/img/chip48.png Binary files differnew file mode 100644 index 00000000..491fbcac --- /dev/null +++ b/BKULocal/src/main/webapp/img/chip48.png diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html index 537c154a..6aefe43c 100644 --- a/BKULocal/src/main/webapp/index.html +++ b/BKULocal/src/main/webapp/index.html @@ -14,21 +14,45 @@ See the License for the specific language governing permissions and limitations under the License. --> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html> - <head> - <title>BKU Web Start - Willkommen</title> - <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> - <style type="text/css" media="all">@import "css/main.css";</style> - </head> - <body> - <h1>BKU Web Start - Willkommen</h1> - <div> - <p>Diese Seite installiert das MOCCA Zertifikat in ihrem Browser. - In jedem weiteren Browser können sie dieses durch Aufruf <a href="https://localhost:3496/index.html">dieser Seite</a> ebenso installieren.</p> - </div> - <div> - <a href="PINManagement?redirect=./index.html">PIN Verwaltung</a> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> + <title>Bürgerkarte - Willkommen</title> + <link href="help/help.css" rel="stylesheet" type="text/css" /> + <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"/> + </head> + + <body class="twoColElsLtHdr"> + + <div id="container"> + <div id="header"> + <h1>Bürgerkarte</h1> + <!-- end #header --></div> + <div id="mainContent" style="margin: 1.5em 1.5em 0 1.5em"> + <div style="float:left; margin-right:1em"> + <img src="img/chip48.png" alt="Logo" width="48" height="48"/> </div> - </body> + <p>Um die Bürgerkartenumgebung zu verwenden installieren Sie bitte + zunächst das <a href="installCertificate">CA Zertifikat</a>. + </p> + + <p style="float:none">Weiters können Sie</p> + <ul> + <li>die <a href="help">Hilfe durchsehen</a>,</li> + <li>die <a href="PINManagement?redirect=./index.html">PIN Verwaltung starten</a> oder </li> + <li>in jedem weiteren Web-Browser das <a href="installCertificate">CA Zertifikat installieren</a>.</li> + </ul> + + <p><br class="clearfloat" /></p> + + </div> + <div id="footer"> + <p> + <a href="http://www.buergerkarte.at">Österreichische Bürgerkarte</a> | <a href="http://mocca.egovlabs.gv.at">Bürgerkartensoftware MOCCA</a> + </p> + </div> + <!-- end #container --></div> + </body> </html> + |