replace installCertificate servlet with der encoded crt file in webapp/

moved local-webstart profile to BKUWebStart (jnlp-inline goal)
help note for internet explorer on visat/7

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@482 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4

5 files changed, 8 insertions, 159 deletions

diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml
index 23c626c4..85c83cec 100644
--- a/BKULocal/pom.xml
+++ b/BKULocal/pom.xml
@@ -111,7 +111,7 @@
     <dependency>
       <artifactId>BKUHelp</artifactId>
       <groupId>at.gv.egiz</groupId>
-      <version>1.3-SNAPSHOT</version>
+      <version>1.2.5-SNAPSHOT</version>
     </dependency>
 		<dependency>
 			<groupId>org.springframework</groupId>
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
index 75f71be6..1e3f9a1d 100644
--- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
@@ -49,6 +49,7 @@ public class LocalBKUWorker extends AbstractBKUWorker {
   public List<STALResponse> handleRequest(List<? extends STALRequest> requestList) {
     signatureCard = null;
     List<STALResponse> responses = super.handleRequest(requestList);
+    container.setVisible(false);
     return responses;
   }
 
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
deleted file mode 100644
index 0a9d001b..00000000
--- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package at.gv.egiz.bku.local.webapp;
-
-import iaik.pkcs.PKCS7CertList;
-import iaik.utils.Util;
-import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-/**
- * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
- */
-public class InstallCertificateServlet extends HttpServlet {
-  public static final String HTTPS_REDIRECT = "https://localhost:3496/";
-
-  public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
-  protected PKCS7CertList p7c;
-  private static final Log log = LogFactory.getLog(InstallCertificateServlet.class);
-
-  @Override
-  public void init() throws ServletException {
-    super.init();
-    Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE);
-    if (caCert != null) {
-      try {
-        p7c = new PKCS7CertList();
-        p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) });
-      } catch (CertificateException ex) {
-        log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex);
-      }
-    } else {
-      log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
-    }
-  }
-
-  /**
-   * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
-   * @param request servlet request
-   * @param response servlet response
-   * @throws ServletException if a servlet-specific error occurs
-   * @throws IOException if an I/O error occurs
-   */
-  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
-          throws ServletException, IOException {
-
-//    try {
-//      SSLContext sslCtx1 = SSLContext.getDefault();
-//      log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName());
-//    } catch (NoSuchAlgorithmException ex) {
-//      log.debug("no sslContext: " + ex.getMessage(), ex);
-//    }
-//
-//    try {
-//      SSLContext sslCtx2 = SSLContext.getInstance("TLS");
-//      log.debug("TLS SSLContext: " + sslCtx2.getClass().getName());
-//
-//      SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory();
-//      SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext();
-//
-//      if (serverSocketFactory != null) {
-//        log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName());
-//      }
-//      if (serverSessionContext != null) {
-//        log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName());
-//      }
-//    } catch (NoSuchAlgorithmException ex) {
-//      log.debug("no sslContext: " + ex.getMessage(), ex);
-//    }
-//
-//    try {
-//      SSLContext sslCtx3 = SSLContext.getInstance("SSLv3");
-//      log.debug("TLS SSLContext: " + sslCtx3.getClass().getName());
-//    } catch (NoSuchAlgorithmException ex) {
-//      log.debug("no sslContext: " + ex.getMessage(), ex);
-//    }
-
-
- 
-
-
-    if (p7c != null) {
-      log.debug("returning local ca certificate");
-      response.setContentType("application/x-x509-ca-cert"); 
-      p7c.writeTo(response.getOutputStream());
-      response.getOutputStream().flush();
-    } else {
-      log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT);
-      response.sendRedirect(HTTPS_REDIRECT);
-    }
-
-  }
-
-  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
-  /**
-   * Handles the HTTP <code>GET</code> method.
-   * @param request servlet request
-   * @param response servlet response
-   * @throws ServletException if a servlet-specific error occurs
-   * @throws IOException if an I/O error occurs
-   */
-  @Override
-  protected void doGet(HttpServletRequest request, HttpServletResponse response)
-          throws ServletException, IOException {
-    processRequest(request, response);
-  }
-
-  /**
-   * Handles the HTTP <code>POST</code> method.
-   * @param request servlet request
-   * @param response servlet response
-   * @throws ServletException if a servlet-specific error occurs
-   * @throws IOException if an I/O error occurs
-   */
-  @Override
-  protected void doPost(HttpServletRequest request, HttpServletResponse response)
-          throws ServletException, IOException {
-    processRequest(request, response);
-  }
-
-  /**
-   * Returns a short description of the servlet.
-   * @return a String containing servlet description
-   */
-  @Override
-  public String getServletInfo() {
-    return "Short description";
-  }// </editor-fold>
-}
diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml
index 8768dbd8..c4ea1e54 100644
--- a/BKULocal/src/main/webapp/WEB-INF/web.xml
+++ b/BKULocal/src/main/webapp/WEB-INF/web.xml
@@ -39,10 +39,6 @@
         <servlet-name>PINManagementServlet</servlet-name>
         <servlet-class>at.gv.egiz.bku.local.webapp.PINManagementServlet</servlet-class>
     </servlet>
-    <servlet>
-        <servlet-name>InstallCertificateServlet</servlet-name>
-        <servlet-class>at.gv.egiz.bku.local.webapp.InstallCertificateServlet</servlet-class>
-    </servlet>
     <servlet-mapping>
     <servlet-name>BKUServlet</servlet-name>
     <url-pattern>/http-security-layer-request</url-pattern>
@@ -57,10 +53,6 @@
         <servlet-name>PINManagementServlet</servlet-name>
         <url-pattern>/PINManagement</url-pattern>
     </servlet-mapping>
-    <servlet-mapping>
-        <servlet-name>InstallCertificateServlet</servlet-name>
-        <url-pattern>/installCertificate</url-pattern>
-    </servlet-mapping>
     <welcome-file-list>
     <welcome-file>index.html</welcome-file>
     <welcome-file>index.htm</welcome-file>
diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html
index c5be17fe..0156b5e5 100644
--- a/BKULocal/src/main/webapp/index.html
+++ b/BKULocal/src/main/webapp/index.html
@@ -34,7 +34,7 @@
           <img src="img/chip48.png" alt="Logo" width="48" height="48"/>
         </div>
         <p>Um die Bürgerkartenumgebung zu verwenden installieren Sie bitte
-          zunächst das <a href="installCertificate">CA Zertifikat</a>.
+          zunächst das <a href="ca.crt">CA Zertifikat</a>&sup1;.
         </p>
 
         <p style="clear:left; margin-top:1.5em">Weiters können Sie</p>
@@ -46,6 +46,11 @@
 
         <p><br class="clearfloat" /></p>
 
+        <p style="font-size:80%">
+          &sup1;Eine automatisierte Installation ist mit Microsoft Internet Explorer in Windows Vista oder 7 leider nicht möglich,
+          siehe dazu <a href="help.install.cacert.html">Hilfe</a>.
+        </p>
+
       </div>
       <div id="footer">
         <p>