diff options
| author | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-08-28 17:53:01 +0000 |
|---|---|---|
| committer | clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2009-08-28 17:53:01 +0000 |
| commit | dd04951a76fc6406755a94ecf547c0797f062fa2 (patch) | |
| tree | bf60c18edc59aacd77fe84ea01d2b1ed69d8a7ed /BKUWebStart | |
| parent | 5eb05982f2e98f56569b4ea07b1961e3eed617d7 (diff) | |
| download | mocca-dd04951a76fc6406755a94ecf547c0797f062fa2.tar.gz mocca-dd04951a76fc6406755a94ecf547c0797f062fa2.tar.bz2 mocca-dd04951a76fc6406755a94ecf547c0797f062fa2.zip | |
replace installCertificate servlet with der encoded crt file in webapp/
moved local-webstart profile to BKUWebStart (jnlp-inline goal)
help note for internet explorer on visat/7
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@482 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'BKUWebStart')
14 files changed, 180 insertions, 26 deletions
diff --git a/BKUWebStart/pom.xml b/BKUWebStart/pom.xml index de0e0f4a..90d93566 100644 --- a/BKUWebStart/pom.xml +++ b/BKUWebStart/pom.xml @@ -82,6 +82,54 @@ </plugins> </build> + <profiles> + <profile> + <!-- development profile --> + <id>local-webstart</id> + <build> + <plugins> + <plugin> + <artifactId>webstart-maven-plugin</artifactId> + <groupId>org.codehaus.mojo.webstart</groupId> + <executions> + <execution> + <phase>package</phase> + <goals> + <goal>jnlp-inline</goal> + </goals> + </execution> + </executions> + <configuration> + <excludeTransitive>false</excludeTransitive> + <jnlp> + <inputTemplateResourcePath>${project.basedir}/src/main/jnlp</inputTemplateResourcePath> + <inputTemplate>template-local.xml</inputTemplate> + <outputFile>mocca-local.jnlp</outputFile> + <mainClass>at.gv.egiz.bku.webstart.Launcher</mainClass> + </jnlp> + <sign> + <alias>test-applet signer</alias> + <keystore>${project.basedir}/src/main/jnlp/keystore.ks</keystore> + <storepass>storepass</storepass> + <keypass>keypass</keypass> + <verify>true</verify> + <keystoreConfig> + <delete>false</delete> + <gen>false</gen> + </keystoreConfig> + </sign> + <pack200>false</pack200> + <gzip>false</gzip> + <outputJarVersions>false</outputJarVersions> + <unsignAlreadySignedJars>true</unsignAlreadySignedJars> + <verbose>true</verbose> + </configuration> + </plugin> + </plugins> + </build> + </profile> + </profiles> + <dependencies> <!-- ATTENTION update of application descriptor (jnlp file) is special... | The JNLP Client must use the Last-Modified header field returned by diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 3bf74d3c..2feae267 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -22,7 +22,6 @@ import java.security.KeyStore; import java.security.Permissions;
import java.security.SecurityPermission;
import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
import java.util.PropertyPermission;
import javax.smartcardio.CardPermission;
import org.apache.commons.logging.Log;
@@ -38,7 +37,6 @@ public class Container { public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
- public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
private static Log log = LogFactory.getLog(Container.class);
static {
@@ -51,6 +49,8 @@ public class Container { }
}
private Server server;
+ private WebAppContext webapp;
+ private Certificate caCertificate;
public void init() throws IOException {
// System.setProperty("DEBUG", "true");
@@ -118,33 +118,19 @@ public class Container { server.setConnectors(new Connector[]{connector, sslConnector});
- WebAppContext webapp = new WebAppContext();
+ webapp = new WebAppContext();
webapp.setLogUrlOnStart(true);
webapp.setContextPath("/");
webapp.setExtractWAR(true);
webapp.setParentLoaderPriority(false);
- try {
- // no way to get certificate from within the servlet (SSLEngine/Jetty SSLSocketConnector/SSLContext?)
- if (log.isTraceEnabled()) {
- log.trace("local ca certificate from " + keystoreFile + " in webapp context at " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
- }
- BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
- KeyStore sslKeyStore = KeyStore.getInstance("JKS");
- sslKeyStore.load(bis, passwd.toCharArray());
- Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
- webapp.setAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE, sslChain[sslChain.length - 1]);
- bis.close();
- } catch (Exception ex) {
- log.error("Failed to load local ca certificate", ex);
- log.warn("automated web certificate installation will not be available");
- }
-
webapp.setWar(copyWebapp(webapp.getTempDirectory()));
webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
server.setHandler(webapp);
server.setGracefulShutdown(1000 * 3);
+
+ loadCACertificate(keystoreFile, passwd.toCharArray());
}
/**
@@ -234,6 +220,12 @@ public class Container { public void start() throws Exception {
server.start();
+ // webapp.getBaseResource()
+ File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt");
+ BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile));
+ bos.write(caCertificate.getEncoded());
+ bos.flush();
+ bos.close();
}
public boolean isRunning() {
@@ -251,4 +243,21 @@ public class Container { public void join() throws InterruptedException {
server.join();
}
+
+ private void loadCACertificate(File keystoreFile, char[] passwd) {
+ try {
+ if (log.isTraceEnabled()) {
+ log.trace("local ca certificate from " + keystoreFile);
+ }
+ BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
+ KeyStore sslKeyStore = KeyStore.getInstance("JKS");
+ sslKeyStore.load(bis, passwd);
+ Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
+ caCertificate = sslChain[sslChain.length - 1];
+ bis.close();
+ } catch (Exception ex) {
+ log.error("Failed to load local ca certificate", ex);
+ log.warn("automated web certificate installation will not be available");
+ }
+ }
}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java index 8cc9817f..2bf42ccb 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java @@ -9,8 +9,6 @@ import java.net.URISyntaxException; import java.util.Locale;
import java.util.ResourceBundle;
-import java.util.logging.Level;
-import java.util.logging.Logger;
import javax.jnlp.UnavailableServiceException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -28,9 +26,7 @@ import java.awt.event.ActionEvent; import java.awt.event.ActionListener;
import java.awt.event.WindowAdapter;
import java.net.BindException;
-import java.net.HttpURLConnection;
import java.net.MalformedURLException;
-import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
@@ -175,6 +171,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { }
throw ex;
} catch (Exception ex) {
+ ex.printStackTrace();
log.fatal("Failed to launch server, " + ex.getMessage(), ex);
trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
messages.getString(ERROR_START), TrayIcon.MessageType.ERROR);
@@ -381,6 +378,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { Launcher launcher = new Launcher();
launcher.launch();
} catch (Exception ex) {
+ ex.printStackTrace();
log.debug(ex);
log.info("waiting to shutdown...");
Thread.sleep(5000);
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java index fd94958e..08a06570 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java @@ -64,9 +64,13 @@ public class TLSServerCA { caCert.addExtension(new SubjectKeyIdentifier(caKeyPair.getPublic()));
- caCert.addExtension(new BasicConstraints(true));
- caCert.addExtension(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
- | KeyUsage.digitalSignature));
+ BasicConstraints bc = new BasicConstraints(true);
+ bc.setCritical(true);
+ caCert.addExtension(bc);
+ KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
+ | KeyUsage.digitalSignature);
+ ku.setCritical(true);
+ caCert.addExtension(ku);
GregorianCalendar date = new GregorianCalendar();
date.add(Calendar.HOUR_OF_DAY, -1);
diff --git a/BKUWebStart/keystore.ks b/BKUWebStart/src/main/jnlp/keystore.ks Binary files differindex 824c3a40..824c3a40 100644 --- a/BKUWebStart/keystore.ks +++ b/BKUWebStart/src/main/jnlp/keystore.ks diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip128.png b/BKUWebStart/src/main/jnlp/resources/img/chip128.png Binary files differnew file mode 100644 index 00000000..c36d8079 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip128.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip16.png b/BKUWebStart/src/main/jnlp/resources/img/chip16.png Binary files differnew file mode 100644 index 00000000..96b580e9 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip16.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip24.png b/BKUWebStart/src/main/jnlp/resources/img/chip24.png Binary files differnew file mode 100644 index 00000000..efd6dbeb --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip24.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip32.png b/BKUWebStart/src/main/jnlp/resources/img/chip32.png Binary files differnew file mode 100644 index 00000000..e7efb020 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip32.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip48.png b/BKUWebStart/src/main/jnlp/resources/img/chip48.png Binary files differnew file mode 100644 index 00000000..491fbcac --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip48.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/splash.png b/BKUWebStart/src/main/jnlp/resources/img/splash.png Binary files differnew file mode 100644 index 00000000..597fbc60 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/splash.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/version.xml b/BKUWebStart/src/main/jnlp/resources/img/version.xml new file mode 100644 index 00000000..5e160beb --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/version.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<jnlp-versions> + <resource> + <pattern> + <name>chip16.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip16.png</file> + </resource> + <resource> + <pattern> + <name>chip24.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip24.png</file> + </resource> + <resource> + <pattern> + <name>chip32.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip32.png</file> + </resource> + <resource> + <pattern> + <name>chip48.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip48.png</file> + </resource> + <resource> + <pattern> + <name>chip64.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip64.png</file> + </resource> + <resource> + <pattern> + <name>chip128.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip128.png</file> + </resource> + <resource> + <pattern> + <name>splash.png</name> + <version-id>2.0</version-id> + </pattern> + <file>splash.png</file> + </resource> +</jnlp-versions> diff --git a/BKUWebStart/src/main/jnlp/resources/player.jnlp b/BKUWebStart/src/main/jnlp/resources/player.jnlp new file mode 100644 index 00000000..da08ebc2 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/player.jnlp @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Jump specific JNL file for launching the player --> +<player/>
\ No newline at end of file diff --git a/BKUWebStart/src/main/jnlp/template-local.xml b/BKUWebStart/src/main/jnlp/template-local.xml new file mode 100644 index 00000000..12ff9d8c --- /dev/null +++ b/BKUWebStart/src/main/jnlp/template-local.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="$jnlpspec" codebase="file:${project.build.directory}/jnlp" href="$outputFile"> + + <information> + <title>${project.Description}</title> + <vendor>E-Government Innovationszentrum (EGIZ)</vendor> + <homepage href="${project.Url}"/> + <description>${project.Description} (BKU) MOCCA Web Start</description> + <description kind="short">${project.Description}</description> + <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/> + <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/> + <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/> + <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/> + <icon kind="default" href="img/chip16.png" width="16" height="16"/> + <icon kind="default" href="img/chip24.png" width="24" height="24"/> + <icon kind="default" href="img/chip32.png" width="32" height="32"/> + <icon kind="default" href="img/chip48.png" width="48" height="48"/> + <icon kind="splash" href="img/splash.png"/> + <shortcut online="true"> + <desktop/> + <menu submenu="e-Government"/> + </shortcut> + + <offline-allowed/> + + </information> + + <security> + <all-permissions/> + </security> + + <update check="timeout" policy="prompt-update"/> + + <resources> + <java version="1.6+" java-vm-args="-Djava.security.debug=access,failure"/> + $dependencies + </resources> + + <application-desc main-class="$mainClass"/> +</jnlp>
\ No newline at end of file |
