added property to configure applet timeout

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@73 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4

4 files changed, 204 insertions, 189 deletions

diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
index 54dbfdea..d213dd36 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java
@@ -1,19 +1,19 @@
 /*

-* Copyright 2008 Federal Chancellery Austria and

-* Graz University of Technology

-*

-* Licensed under the Apache License, Version 2.0 (the "License");

-* you may not use this file except in compliance with the License.

-* You may obtain a copy of the License at

-*

-*     http://www.apache.org/licenses/LICENSE-2.0

-*

-* Unless required by applicable law or agreed to in writing, software

-* distributed under the License is distributed on an "AS IS" BASIS,

-* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

-* See the License for the specific language governing permissions and

-* limitations under the License.

-*/

+ * Copyright 2008 Federal Chancellery Austria and

+ * Graz University of Technology

+ *

+ * Licensed under the Apache License, Version 2.0 (the "License");

+ * you may not use this file except in compliance with the License.

+ * You may obtain a copy of the License at

+ *

+ *     http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

 package at.gv.egiz.bku.online.conf;

 

 import java.io.File;

@@ -52,183 +52,198 @@ import org.springframework.core.io.ResourceLoader;
 import at.gv.egiz.bku.binding.DataUrl;

 import at.gv.egiz.bku.binding.DataUrlConnection;

 import at.gv.egiz.bku.slexceptions.SLRuntimeException;

+import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory;

 

 public class SpringConfigurator extends Configurator implements

-		ResourceLoaderAware {

-

-	private final static Log log = LogFactory.getLog(SpringConfigurator.class);

-

-	private ResourceLoader resourceLoader;

-

-	public void setResource(Resource resource) {

-		log.debug("Loading config from: " + resource);

-		if (resource != null) {

-			Properties props = new Properties();

-			try {

-				props.load(resource.getInputStream());

-				super.setConfiguration(props);

-			} catch (IOException e) {

-				log.error("Cannot load config", e);

-			}

-		} else {

-		  log.warn("Cannot load properties, resource: "+resource);

-		}

-	}

-

-	public void configureVersion() {

+    ResourceLoaderAware {

+

+  private final static Log log = LogFactory.getLog(SpringConfigurator.class);

+

+  private ResourceLoader resourceLoader;

+

+  public void setResource(Resource resource) {

+    log.debug("Loading config from: " + resource);

+    if (resource != null) {

+      Properties props = new Properties();

+      try {

+        props.load(resource.getInputStream());

+        super.setConfiguration(props);

+      } catch (IOException e) {

+        log.error("Cannot load config", e);

+      }

+    } else {

+      log.warn("Cannot load properties, resource: " + resource);

+    }

+  }

+

+  public void configureVersion() {

     Properties p = new Properties();

     try {

-      p.load(resourceLoader.getResource("META-INF/MANIFEST.MF").getInputStream());

+      p.load(resourceLoader.getResource("META-INF/MANIFEST.MF")

+          .getInputStream());

       String version = p.getProperty("Implementation-Build");

-      properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, "citizen-card-environment/1.2 MOCCA "+version);

+      properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,

+          "citizen-card-environment/1.2 MOCCA " + version);

       DataUrl.setConfiguration(properties);

-      log.debug("Setting user agent to: "+properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));

+      log.debug("Setting user agent to: "

+          + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));

     } catch (IOException e) {

-     log.error(e);

+      log.error(e);

+    }

+  }

+

+  public void configure() {

+    super.configure();

+    configureSSL();

+    configureVersion();

+    configureNetwork();

+  }

+

+  public void configureNetwork() {

+    String proxyHost = getProperty("HTTPProxyHost");

+    String proxyPort = getProperty("HTTPProxyPort");

+    if (proxyPort == null) {

+      proxyPort = "80";

+    }

+    if (proxyHost != null) {

+      log.debug("Setting proxy server to: " + proxyHost + ":" + proxyPort);

+      System.setProperty("http.proxyHost", proxyHost);

+      System.setProperty("http.proxyPort", proxyPort);

+    }

+    log.debug("No proxy specified");

+    String appletTimeout = getProperty("AppletTimeout");

+    if ((appletTimeout != null)) {

+      try {

+        long ato = Long.parseLong(appletTimeout);

+        RequestBrokerSTALFactory.setTimeout(ato);

+      } catch (NumberFormatException nfe) {

+        log.error("Cannot set Applettimeout", nfe);

+      }

+

+    }

+  }

+

+  private Set<TrustAnchor> getCACerts() throws IOException,

+      CertificateException {

+    Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();

+    String caDirectory = getProperty("SSL.caDirectory");

+    if (caDirectory != null) {

+      Resource caDirRes = resourceLoader.getResource(caDirectory);

+      File caDir = caDirRes.getFile();

+      if (!caDir.isDirectory()) {

+        log.error("Expecting directory as SSL.caDirectory parameter");

+        throw new SLRuntimeException(

+            "Expecting directory as SSL.caDirectory parameter");

+      }

+      CertificateFactory cf = CertificateFactory.getInstance("X.509");

+      for (File f : caDir.listFiles()) {

+        try {

+          FileInputStream fis = new FileInputStream(f);

+          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);

+          fis.close();

+          log.debug("Adding trusted cert " + cert.getSubjectDN());

+          caCerts.add(new TrustAnchor(cert, null));

+        } catch (Exception e) {

+          log.error("Cannot add trusted ca", e);

+        }

+      }

+      return caCerts;

+

+    } else {

+      log.warn("No CA certificates configured");

     }

+    return null;

+  }

+

+  private CertStore getCertstore() throws IOException, CertificateException,

+      InvalidAlgorithmParameterException, NoSuchAlgorithmException {

+    String certDirectory = getProperty("SSL.certDirectory");

+    if (certDirectory != null) {

+      Resource certDirRes = resourceLoader.getResource(certDirectory);

+

+      File certDir = certDirRes.getFile();

+      if (!certDir.isDirectory()) {

+        log.error("Expecting directory as SSL.certDirectory parameter");

+        throw new SLRuntimeException(

+            "Expecting directory as SSL.certDirectory parameter");

+      }

+      List<X509Certificate> certCollection = new LinkedList<X509Certificate>();

+      CertificateFactory cf = CertificateFactory.getInstance("X.509");

+      for (File f : certDir.listFiles()) {

+        try {

+          FileInputStream fis = new FileInputStream(f);

+          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);

+          certCollection.add(cert);

+          fis.close();

+          log

+              .trace("Added following cert to certstore: "

+                  + cert.getSubjectDN());

+        } catch (Exception ex) {

+          log.error("Cannot add certificate", ex);

+        }

+      }

+      CollectionCertStoreParameters csp = new CollectionCertStoreParameters(

+          certCollection);

+      return CertStore.getInstance("Collection", csp);

+

+    } else {

+      log.warn("No certstore configured");

+    }

+    return null;

+  }

+

+  public void configureSSL() {

+    Set<TrustAnchor> caCerts = null;

+    try {

+      caCerts = getCACerts();

+    } catch (Exception e1) {

+      log.error("Cannot load CA certificates", e1);

+    }

+    CertStore certStore = null;

+    try {

+      certStore = getCertstore();

+    } catch (Exception e1) {

+      log.error("Cannot load certstore certificates", e1);

+    }

+    System.setProperty("com.sun.security.enableAIAcaIssuers", "true");

+    try {

+      X509CertSelector selector = new X509CertSelector();

+      PKIXBuilderParameters pkixParams;

+      pkixParams = new PKIXBuilderParameters(caCerts, selector);

+      if ((getProperty("SSL.doRevocationChecking") != null)

+          && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {

+        log.info("Enable revocation checking");

+        pkixParams.setRevocationEnabled(true);

+        System.setProperty("com.sun.security.enableCRLDP", "true");

+        Security.setProperty("ocsp.enable", "true");

+      } else {

+        log.warn("Revocation checking disabled");

+        pkixParams.setRevocationEnabled(false);

+      }

+      pkixParams.addCertStore(certStore);

+      ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(

+          pkixParams);

+      TrustManagerFactory trustFab;

+      try {

+        trustFab = TrustManagerFactory.getInstance("PKIX");

+        trustFab.init(trustParams);

+        KeyManager[] km = null;

+        SSLContext sslCtx = SSLContext

+            .getInstance(getProperty("SSL.sslProtocol"));

+        sslCtx.init(km, trustFab.getTrustManagers(), null);

+        HttpsURLConnection

+            .setDefaultSSLSocketFactory(sslCtx.getSocketFactory());

+      } catch (Exception e) {

+        log.error("Cannot configure SSL", e);

+      }

+

+    } catch (InvalidAlgorithmParameterException e) {

+      log.error("Cannot configure SSL", e);

+    }

+  }

+

+  @Override

+  public void setResourceLoader(ResourceLoader loader) {

+    this.resourceLoader = loader;

   }

-	

-	

-	public void configure() {

-		super.configure();

-		configureSSL();

-		configureVersion();

-		configureNetwork();

-	}

-

-	public void configureNetwork() {

-	  String proxyHost = getProperty("HTTPProxyHost");

-	  String proxyPort = getProperty("HTTPProxyPort");

-	  if (proxyPort == null) {

-	    proxyPort = "80";

-	  }

-	  if (proxyHost != null) {

-	    log.debug("Setting proxy server to: "+proxyHost+":"+proxyPort);

-	    System.setProperty("http.proxyHost", proxyHost);

-	    System.setProperty("http.proxyPort", proxyPort);

-	  }

-	  log.debug("No proxy specified");

-	}

-	

-	private Set<TrustAnchor> getCACerts() throws IOException,

-			CertificateException {

-		Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();

-		String caDirectory = getProperty("SSL.caDirectory");

-		if (caDirectory != null) {

-			Resource caDirRes = resourceLoader.getResource(caDirectory);

-			File caDir = caDirRes.getFile();

-			if (!caDir.isDirectory()) {

-				log.error("Expecting directory as SSL.caDirectory parameter");

-				throw new SLRuntimeException(

-						"Expecting directory as SSL.caDirectory parameter");

-			}

-			CertificateFactory cf = CertificateFactory.getInstance("X.509");

-			for (File f : caDir.listFiles()) {

-				try {

-					FileInputStream fis = new FileInputStream(f);

-					X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);

-					fis.close();

-					log.debug("Adding trusted cert " + cert.getSubjectDN());

-					caCerts.add(new TrustAnchor(cert, null));

-				} catch (Exception e) {

-					log.error("Cannot add trusted ca", e);

-				}

-			}

-			return caCerts;

-

-		} else {

-			log.warn("No CA certificates configured");

-		}

-		return null;

-	}

-

-	private CertStore getCertstore() throws IOException, CertificateException,

-			InvalidAlgorithmParameterException, NoSuchAlgorithmException {

-		String certDirectory = getProperty("SSL.certDirectory");

-		if (certDirectory != null) {

-			Resource certDirRes = resourceLoader.getResource(certDirectory);

-

-			File certDir = certDirRes.getFile();

-			if (!certDir.isDirectory()) {

-				log.error("Expecting directory as SSL.certDirectory parameter");

-				throw new SLRuntimeException(

-						"Expecting directory as SSL.certDirectory parameter");

-			}

-			List<X509Certificate> certCollection = new LinkedList<X509Certificate>();

-			CertificateFactory cf = CertificateFactory.getInstance("X.509");

-			for (File f : certDir.listFiles()) {

-				try {

-					FileInputStream fis = new FileInputStream(f);

-					X509Certificate cert =(X509Certificate) cf.generateCertificate(fis);

-					certCollection.add(cert);

-					fis.close();

-					log.trace("Added following cert to certstore: "+cert.getSubjectDN());

-				} catch (Exception ex) {

-					log.error("Cannot add certificate", ex);

-				}

-			}

-			CollectionCertStoreParameters csp = new CollectionCertStoreParameters(

-					certCollection);

-			return CertStore.getInstance("Collection", csp);

-

-		} else {

-			log.warn("No certstore configured");

-		}

-		return null;

-	}

-

-	public void configureSSL() {

-		Set<TrustAnchor> caCerts = null;

-		try {

-			caCerts = getCACerts();

-		} catch (Exception e1) {

-			log.error("Cannot load CA certificates", e1);

-		}

-		CertStore certStore = null;

-		try {

-			certStore = getCertstore();

-		} catch (Exception e1) {

-			log.error("Cannot load certstore certificates", e1);

-		}

-		System.setProperty("com.sun.security.enableAIAcaIssuers", "true");

-		try {

-			X509CertSelector selector = new X509CertSelector();

-			PKIXBuilderParameters pkixParams;

-			pkixParams = new PKIXBuilderParameters(caCerts, selector);

-			if ((getProperty("SSL.doRevocationChecking") != null)

-					&& (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {

-				log.info("Enable revocation checking");

-				pkixParams.setRevocationEnabled(true);

-				System.setProperty("com.sun.security.enableCRLDP", "true");

-				Security.setProperty("ocsp.enable", "true");

-			} else {

-				log.warn("Revocation checking disabled");

-				pkixParams.setRevocationEnabled(false);

-			}

-			pkixParams.addCertStore(certStore);

-			ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(

-					pkixParams);

-			TrustManagerFactory trustFab;

-			try {

-				trustFab = TrustManagerFactory.getInstance("PKIX");

-				trustFab.init(trustParams);

-				KeyManager[] km = null;

-				SSLContext sslCtx = SSLContext

-						.getInstance(getProperty("SSL.sslProtocol"));

-				sslCtx.init(km, trustFab.getTrustManagers(), null);

-				HttpsURLConnection

-						.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());

-			} catch (Exception e) {

-				log.error("Cannot configure SSL", e);

-			}

-

-		} catch (InvalidAlgorithmParameterException e) {

-			log.error("Cannot configure SSL", e);

-		}

-	}

-

-	@Override

-	public void setResourceLoader(ResourceLoader loader) {

-		this.resourceLoader = loader;

-	}

 }
\ No newline at end of file
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
index bb552002..45ee67d0 100644
--- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
+++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java
@@ -32,7 +32,7 @@ import at.gv.egiz.stal.STALFactory;
  */
 public class RequestBrokerSTALFactory implements STALFactory {
 
-  private long timeout;
+  private static long timeout;
   
     @Override
     public STAL createSTAL() {
@@ -43,7 +43,7 @@ public class RequestBrokerSTALFactory implements STALFactory {
     public void setLocale(Locale locale) {
     }
     
-    public void setTimeout(long millisec) {
+    public static void setTimeout(long millisec) {
       timeout = millisec;
     }
 }
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
index ec7d932c..73d89f22 100644
--- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
+++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties
@@ -40,7 +40,7 @@ SSL.sslProtocol=TLS
 # ------------ END SSL Config  --------------------

 

 ValidateHashDataInputs=true

-

+AppletTimeout=300000

 

 #HTTPProxyHost=taranis.iaik.tugraz.at

 #HTTPProxyPort=8888

diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml
index 417dabb8..282d4db2 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/web.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml
@@ -92,6 +92,6 @@
     <welcome-file>default.jsp</welcome-file>
   </welcome-file-list>
   <session-config>
-    <session-timeout>3</session-timeout>
+    <session-timeout>5</session-timeout>
   </session-config>
 </web-app>
\ No newline at end of file