diff options
author | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2010-01-26 16:27:04 +0000 |
---|---|---|
committer | mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4> | 2010-01-26 16:27:04 +0000 |
commit | 667af128d0adfeee2aa4748ab58411c91bc4905f (patch) | |
tree | 4b825dc642cb6eb9a060e54bf8d69288fbee4904 /mocca-1.2.11/BKUApplet/src/main/java | |
parent | d89f36b67ea1d838a78523538a24e044518f3587 (diff) | |
download | mocca-667af128d0adfeee2aa4748ab58411c91bc4905f.tar.gz mocca-667af128d0adfeee2aa4748ab58411c91bc4905f.tar.bz2 mocca-667af128d0adfeee2aa4748ab58411c91bc4905f.zip |
git-svn-id: https://joinup.ec.europa.eu/svn/mocca/branches/mocca-1.2.11-sha2@600 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
Diffstat (limited to 'mocca-1.2.11/BKUApplet/src/main/java')
5 files changed, 0 insertions, 1059 deletions
diff --git a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java deleted file mode 100644 index d5f8dd69..00000000 --- a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.applet; - -import at.gv.egiz.bku.smccstal.AbstractBKUWorker; -import at.gv.egiz.bku.gui.BKUGUIFacade; -import at.gv.egiz.bku.smccstal.SignRequestHandler; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.SignRequest; -import at.gv.egiz.stal.service.STALPortType; -import at.gv.egiz.stal.service.translator.STALTranslator; -import at.gv.egiz.stal.service.translator.TranslationException; -import at.gv.egiz.stal.service.types.ErrorResponseType; -import at.gv.egiz.stal.service.types.GetNextRequestResponseType; -import at.gv.egiz.stal.service.types.GetNextRequestType; -import at.gv.egiz.stal.service.types.ObjectFactory; -import at.gv.egiz.stal.service.types.RequestType; -import at.gv.egiz.stal.service.types.ResponseType; -import java.net.MalformedURLException; -import java.util.ArrayList; -import java.util.List; -import javax.xml.bind.JAXBElement; -import javax.xml.ws.WebServiceException; - -/** - * - * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> - */ -public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { - - protected BKUApplet applet; - protected String sessionId; - - private ObjectFactory stalObjFactory = new ObjectFactory(); - - public AppletBKUWorker(BKUApplet applet, BKUGUIFacade gui) { - super(gui); - this.applet = applet; - - sessionId = applet.getParameter(BKUApplet.SESSION_ID); - if (sessionId == null) { - sessionId = "TestSession"; - log.warn("using dummy sessionId " + sessionId); - } - } - - @Override - public void run() { - gui.showMessageDialog(BKUGUIFacade.TITLE_WELCOME, - BKUGUIFacade.MESSAGE_WELCOME); - - try { - STALPortType stalPort = applet.getSTALPort(); - STALTranslator stalTranslator = applet.getSTALTranslator(); - - AppletSecureViewer secureViewer = - new AppletSecureViewer(gui, stalPort, sessionId); - addRequestHandler(SignRequest.class, - new SignRequestHandler(secureViewer)); - - GetNextRequestResponseType nextRequestResp = stalPort.connect(sessionId); - - do { - List<JAXBElement<? extends RequestType>> requests; - List<JAXBElement<? extends ResponseType>> responses = new ArrayList<JAXBElement<? extends ResponseType>>(); - - try { - requests = nextRequestResp.getInfoboxReadRequestOrSignRequestOrQuitRequest(); - responses.clear(); - - // (rather use validator) - if (requests.size() == 0) { - log.error("Received empty NextRequestResponse: no STAL requests to handle. (STAL-X requests might not have gotten unmarshalled)"); - throw new RuntimeException("No STAL requests to handle."); - } - - if (log.isInfoEnabled()) { - StringBuilder sb = new StringBuilder("Received "); - sb.append(requests.size()); - sb.append(" requests: "); - for (JAXBElement<? extends RequestType> r : requests) { - sb.append(r.getValue().getClass()); - sb.append(' '); - } - log.info(sb.toString()); - } - - List<STALRequest> stalRequests = new ArrayList<STALRequest>(); - for (JAXBElement<? extends RequestType> req : requests) { - try { - stalRequests.add(stalTranslator.translate(req)); - } catch (TranslationException ex) { - log.error("Received unknown request from server STAL: " + ex.getMessage()); - throw new RuntimeException(ex); - } - } - - checkPermission(stalRequests); - - List<STALResponse> stalResponses = handleRequest(stalRequests); - for (STALResponse stalResponse : stalResponses) { - try { - responses.add(stalTranslator.translate(stalResponse)); - } catch (TranslationException ex) { - log.error("Received unknown response from STAL: " + ex.getMessage()); - throw new RuntimeException(ex); - } - } - - } catch (RuntimeException ex) { - // return ErrorResponse to server, which displays error page - log.error(ex.getMessage()); - ErrorResponseType err = stalObjFactory.createErrorResponseType(); - if (ex instanceof SecurityException) { - err.setErrorCode(6002); - } else { - Throwable cause = ex.getCause(); - if (cause != null && cause instanceof InterruptedException) { - log.info("do not return error response, client might want to resume session"); - finished = true; - } - err.setErrorCode(4000); - } - responses.clear(); - responses.add(stalObjFactory.createGetNextRequestTypeErrorResponse(err)); - - } finally { - if (!finished) { - if (log.isInfoEnabled()) { - StringBuilder sb = new StringBuilder("Sending "); - sb.append(responses.size()); - sb.append(" responses: "); - for (JAXBElement<? extends ResponseType> r : responses) { - sb.append(r.getValue().getClass()); - sb.append(' '); - } - log.info(sb.toString()); - } - GetNextRequestType nextRequest = stalObjFactory.createGetNextRequestType(); - nextRequest.setSessionId(sessionId); - nextRequest.getInfoboxReadResponseOrSignResponseOrErrorResponse().addAll(responses); - nextRequestResp = stalPort.getNextRequest(nextRequest); - } - } - - - } while (!finished); - log.info("Finished " + Thread.currentThread().getName()); - - } catch (WebServiceException ex) { - log.fatal("communication error with server STAL: " + ex.getMessage(), ex); - showErrorDialog(BKUGUIFacade.ERR_SERVICE_UNREACHABLE, ex); - } catch (MalformedURLException ex) { - log.fatal(ex.getMessage(), ex); - showErrorDialog(BKUGUIFacade.ERR_CONFIG, ex); - } catch (Exception ex) { - log.error(ex.getMessage(), ex); - showErrorDialog(BKUGUIFacade.ERR_UNKNOWN_WITH_PARAM, ex); - } finally { - if (signatureCard != null) { - signatureCard.disconnect(false); - } - } - - applet.sendRedirect(sessionId); - } - - /** - * throws RuntimeException if requests contain InfoboxReadRequest for IdentityLink - * and STAL Service Endpoint is no e-Gov agency - * @param stalRequests - */ - private void checkPermission(List<STALRequest> stalRequests) { - for (STALRequest request : stalRequests) { - if (request instanceof at.gv.egiz.stal.InfoboxReadRequest) { - at.gv.egiz.stal.InfoboxReadRequest r = (at.gv.egiz.stal.InfoboxReadRequest) request; - String infoboxId = r.getInfoboxIdentifier(); - String domainId = r.getDomainIdentifier(); - if ("IdentityLink".equals(infoboxId) && domainId == null) { - if (!InternalSSLSocketFactory.getInstance().isEgovAgency()) { - throw new SecurityException("Insufficient rights to execute command InfoboxReadRequest for Infobox IdentityLink"); - } - } - } - } - } - - /** - * - * @param err_code - * @param ex if not null, the message will be appended as parameter to the error message - */ - protected void showErrorDialog(String err_code, Exception ex) { - actionCommandList.clear(); - actionCommandList.add("ok"); - Object[] params = (ex != null) ? new Object[] { ex.getMessage() } : null; - gui.showErrorDialog(err_code, params, this, "ok"); - try { - waitForAction(); - } catch (InterruptedException e) { - log.error(e); - } - } - - public void getFocusFromBrowser() { - - gui.getFocusFromBrowser(); - } -} diff --git a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java b/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java deleted file mode 100644 index c67699af..00000000 --- a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletSecureViewer.java +++ /dev/null @@ -1,237 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.applet; - -import at.gv.egiz.bku.gui.BKUGUIFacade; -import at.gv.egiz.bku.smccstal.SecureViewer; -import at.gv.egiz.stal.HashDataInput; -import at.gv.egiz.stal.impl.ByteArrayHashDataInput; -import at.gv.egiz.stal.service.GetHashDataInputFault; -import at.gv.egiz.stal.service.STALPortType; -import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; -import at.gv.egiz.stal.service.types.GetHashDataInputType; -import at.gv.egiz.stal.signedinfo.ReferenceType; -import at.gv.egiz.stal.signedinfo.SignedInfoType; -import java.awt.event.ActionListener; -import java.security.DigestException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * - * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> - */ -public class AppletSecureViewer implements SecureViewer { - - private static final Log log = LogFactory.getLog(AppletSecureViewer.class); - - protected BKUGUIFacade gui; - protected STALPortType stalPort; - protected String sessId; - protected List<HashDataInput> verifiedDataToBeSigned; - - public AppletSecureViewer(BKUGUIFacade gui, STALPortType stalPort, - String sessId) { - if (gui == null) { - throw new NullPointerException("GUI must not be null"); - } - if (stalPort == null) { - throw new NullPointerException("STAL port must not be null"); - } - if (sessId == null) { - throw new NullPointerException("session id must not be null"); - } - this.gui = gui; - this.stalPort = stalPort; - this.sessId = sessId; - } - - /** - * retrieves the data to be signed for - * @param signedReferences - * @param okListener - * @param okCommand - * @param cancelListener - * @param cancelCommand - * @throws java.security.DigestException - * @throws java.lang.Exception - */ - @Override - public void displayDataToBeSigned(SignedInfoType signedInfo, - ActionListener okListener, String okCommand) - throws DigestException, Exception { - - if (verifiedDataToBeSigned == null) { - log.info("retrieve data to be signed for dsig:SignedInfo " + - signedInfo.getId()); - List<GetHashDataInputResponseType.Reference> hdi = - getHashDataInput(signedInfo.getReference()); - verifiedDataToBeSigned = verifyHashDataInput(signedInfo.getReference(), - hdi); - } - if (verifiedDataToBeSigned.size() > 0) { - gui.showSecureViewer(verifiedDataToBeSigned, okListener, okCommand); - } else { - throw new Exception("No data to be signed (apart from any QualifyingProperties or a Manifest)"); - } - } - - /** - * Get all hashdata inputs that contain an ID attribute but no Type attribute. - * @param signedReferences - * @return - * @throws at.gv.egiz.stal.service.GetHashDataInputFault - */ - private List<GetHashDataInputResponseType.Reference> getHashDataInput(List<ReferenceType> signedReferences) - throws GetHashDataInputFault, Exception { - GetHashDataInputType request = new GetHashDataInputType(); - request.setSessionId(sessId); - -// HashMap<String, ReferenceType> idSignedRefMap = new HashMap<String, ReferenceType>(); - for (ReferenceType signedRef : signedReferences) { - //don't get Manifest, QualifyingProperties, ... - if (signedRef.getType() == null) { - String signedRefId = signedRef.getId(); - if (signedRefId != null) { - if (log.isTraceEnabled()) { - log.trace("requesting hashdata input for reference " + signedRefId); - } -// idSignedRefMap.put(signedRefId, signedRef); - GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); - ref.setID(signedRefId); - request.getReference().add(ref); - - } else { - throw new Exception("Cannot resolve signature data for dsig:Reference without Id attribute"); - } - } - } - - if (request.getReference().size() < 1) { - log.error("No signature data (apart from any QualifyingProperties or a Manifest) for session " + sessId); - throw new Exception("No signature data (apart from any QualifyingProperties or a Manifest)"); - } - - if (log.isDebugEnabled()) { - log.debug("WebService call GetHashDataInput for " + request.getReference().size() + " references in session " + sessId); - } - GetHashDataInputResponseType response = stalPort.getHashDataInput(request); - return response.getReference(); - } - - /** - * Verifies all signed references and returns STAL HashDataInputs - * @param signedReferences - * @param hashDataInputs - * @return - * @throws java.security.DigestException - * @throws java.security.NoSuchAlgorithmException - * @throws Exception if no hashdata input is provided for a signed reference - */ - private List<HashDataInput> verifyHashDataInput(List<ReferenceType> signedReferences, List<GetHashDataInputResponseType.Reference> hashDataInputs) - throws DigestException, NoSuchAlgorithmException, Exception { - - ArrayList<HashDataInput> verifiedHashDataInputs = new ArrayList<HashDataInput>(); - - for (ReferenceType signedRef : signedReferences) { - if (signedRef.getType() == null) { - log.info("Verifying digest for signed reference " + signedRef.getId()); - - String signedRefId = signedRef.getId(); - byte[] signedDigest = signedRef.getDigestValue(); - String signedDigestAlg = null; - if (signedRef.getDigestMethod() != null) { - signedDigestAlg = signedRef.getDigestMethod().getAlgorithm(); - } else { - throw new NoSuchAlgorithmException("Failed to verify digest value for reference " + signedRefId + ": no digest algorithm"); - } - - // usually, there is just one item here - GetHashDataInputResponseType.Reference hashDataInput = null; - for (GetHashDataInputResponseType.Reference hdi : hashDataInputs) { - if (signedRefId.equals(hdi.getID())) { - hashDataInput = hdi; - break; - } - } - if (hashDataInput == null) { - throw new Exception("No hashdata input for reference " + signedRefId + " returned by service"); - } - - byte[] hdi = hashDataInput.getValue(); - String mimeType = hashDataInput.getMimeType(); - String encoding = hashDataInput.getEncoding(); - String filename = hashDataInput.getFilename(); - - if (hdi == null) { - throw new Exception("No hashdata input for reference " + signedRefId + " provided by service"); - } - if (log.isDebugEnabled()) { - log.debug("Digesting reference " + signedRefId + " (" + mimeType + ";" + encoding + ")"); - } - - byte[] hashDataInputDigest = digest(hdi, signedDigestAlg); - - if (log.isDebugEnabled()) { - log.debug("Comparing digest to claimed digest value for reference " + signedRefId); - } -// log.warn("***************** DISABLED HASHDATA VERIFICATION"); - if (!Arrays.equals(hashDataInputDigest, signedDigest)) { - log.error("Bad digest value for reference " + signedRefId); - throw new DigestException("Bad digest value for reference " + signedRefId); - } - - verifiedHashDataInputs.add(new ByteArrayHashDataInput(hdi, signedRefId, mimeType, encoding, filename)); - } - } - - return verifiedHashDataInputs; - } - - //TODO - private byte[] digest(byte[] hashDataInput, String mdAlg) throws NoSuchAlgorithmException { - if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) { - mdAlg = "SHA-1"; - } else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) { - mdAlg = "SHA-256"; - } else if ("http://www.w3.org/2001/04/xmlenc#sha224".equals(mdAlg)) { - mdAlg = "SHA-224"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#sha224".equals(mdAlg)) { - mdAlg = "SHA-224"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) { - mdAlg = "SHA-384"; - } else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) { - mdAlg = "SHA-512"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#md2".equals(mdAlg)) { - mdAlg = "MD2"; - } else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) { - mdAlg = "MD5"; - } else if ("http://www.w3.org/2001/04/xmlenc#ripemd160".equals(mdAlg)) { - mdAlg = "RipeMD-160"; - } else { - throw new NoSuchAlgorithmException("Failed to verify digest value: unsupported digest algorithm " + mdAlg); - } - - MessageDigest md = MessageDigest.getInstance(mdAlg); - return md.digest(hashDataInput); - } -} diff --git a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java deleted file mode 100644 index 2fa4889a..00000000 --- a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java +++ /dev/null @@ -1,359 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.applet; - -import at.gv.egiz.bku.online.applet.viewer.URLFontLoader; -import at.gv.egiz.bku.gui.BKUGUIFacade.Style; -import at.gv.egiz.bku.gui.DefaultHelpListener; -import at.gv.egiz.bku.gui.AbstractHelpListener; -import at.gv.egiz.bku.gui.SwitchFocusListener; -import at.gv.egiz.smcc.SignatureCardFactory; -import at.gv.egiz.stal.service.translator.STALTranslator; - -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.Locale; - -import java.util.jar.Attributes; -import java.util.jar.Manifest; -import javax.net.ssl.HttpsURLConnection; -import javax.swing.JApplet; -import javax.swing.JPanel; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.gui.BKUGUIFacade; -import at.gv.egiz.bku.gui.BKUGUIImpl; -import at.gv.egiz.bku.gui.viewer.FontProvider; -import at.gv.egiz.stal.service.STALPortType; -import at.gv.egiz.stal.service.STALService; -import java.applet.AppletContext; -import java.awt.Color; -import java.awt.Container; - -import javax.xml.namespace.QName; - -/** - * Note: all swing code is executed by the event dispatch thread (see - * BKUGUIFacade) - */ -public class BKUApplet extends JApplet { - - private static final long serialVersionUID = 1L; - private static Log log = LogFactory.getLog(BKUApplet.class); - /** - * Applet parameter keys - */ - public static final String GUI_STYLE = "GuiStyle"; - public final static String LOCALE = "Locale"; - public final static String WSDL_URL = "WSDL_URL"; - public static final String HASHDATA_DISPLAY = "HashDataDisplay"; - public final static String HASHDATA_URL = "HashDataURL"; - public final static String HELP_URL = "HelpURL"; - public final static String SESSION_ID = "SessionID"; - public static final String BACKGROUND_IMG = "Background"; - public static final String BACKGROUND_COLOR = "BackgroundColor"; - public static final String REDIRECT_URL = "RedirectURL"; - public static final String REDIRECT_TARGET = "RedirectTarget"; - public static final String HASHDATA_DISPLAY_FRAME = "frame"; - public static final String ENFORCE_RECOMMENDED_PIN_LENGTH = "EnforceRecommendedPINLength"; - /** - * STAL WSDL namespace and service name - */ - public static final String STAL_WSDL_NS = "http://www.egiz.gv.at/wsdl/stal"; - public static final String STAL_SERVICE = "STALService"; - /** - * Dummy session id, used if no sessionId parameter is provided - */ - protected static final String TEST_SESSION_ID = "TestSession"; - - public static final String VERSION; - public static final String UNKNOWN_VERSION = "UNKNOWN"; - - static { - String tmp = UNKNOWN_VERSION; - try { - String BKUAppletJar = BKUApplet.class.getProtectionDomain().getCodeSource().getLocation().toString(); - URL manifestURL = new URL("jar:" + BKUAppletJar + "!/META-INF/MANIFEST.MF"); - if (log.isTraceEnabled()) { - log.trace("read version information from " + manifestURL); - } - Manifest manifest = new Manifest(manifestURL.openStream()); - Attributes atts = manifest.getMainAttributes(); - if (atts != null) { - tmp = atts.getValue("Implementation-Build"); - } - } catch (IOException ex) { - log.error("failed to read version", ex); - } finally { - VERSION = tmp; - log.debug("BKU Applet " + VERSION); - } - } - - /** - * STAL - */ - protected AppletBKUWorker worker; - protected Thread workerThread; - - /* - * (non-Javadoc) - * - * @see java.applet.Applet#getParameterInfo() - */ - @Override - public String[][] getParameterInfo() { - return new String[][]{ - {WSDL_URL, "url", - "URL of the WSDL of the MOCCA server side STAL"}, - {REDIRECT_URL, "url", - "URL to redirect the browser to when finished"}, - {REDIRECT_TARGET, "frame target", - "name of the target frame for redirection when finished"}, - {LOCALE, "locale", - "locale for UI localization (optional, default: system default)"}, - {GUI_STYLE, "simple, advanced, tiny", - "GUI style (optional, default: simple)"}, - {BACKGROUND_COLOR, "#hhhhhh", - "background color, e.g. '#333333' (optional, default: look and feel dependend)"}, - {BACKGROUND_IMG, "url", - "URL of a background image for the GUI (optional, default: no image)"}, - {HELP_URL, "url", - "URL for locating help files, e.g. '../help/' (no help provided if missing)"}}; - } - - - /** - * Factory method to create and wire HelpListener, GUI and BKUWorker. - * (Config via applet parameters, see BKUApplet.* constants) - */ - @Override - public void init() { - log.info("Welcome to MOCCA " + VERSION); - log.trace("Called init()"); - showStatus("Initializing MOCCA applet"); - - HttpsURLConnection.setDefaultSSLSocketFactory(InternalSSLSocketFactory.getInstance()); - - String locale = getParameter(LOCALE); - if (locale != null) { - this.setLocale(new Locale(locale)); - } - log.trace("default locale: " + Locale.getDefault()); - log.debug("setting locale: " + getLocale()); - - if (Boolean.parseBoolean(getParameter(ENFORCE_RECOMMENDED_PIN_LENGTH))) { - SignatureCardFactory.ENFORCE_RECOMMENDED_PIN_LENGTH = true; - log.debug("enforce recommended pin length = " + SignatureCardFactory.ENFORCE_RECOMMENDED_PIN_LENGTH); - } - - BKUGUIFacade.Style guiStyle; - String guiStyleParam = getParameter(GUI_STYLE); - if ("advanced".equalsIgnoreCase(guiStyleParam)) { - guiStyle = BKUGUIFacade.Style.advanced; - } else if ("tiny".equalsIgnoreCase(guiStyleParam)) { - guiStyle = BKUGUIFacade.Style.tiny; - } else { - guiStyle = BKUGUIFacade.Style.simple; - } - log.debug("setting gui-style: " + guiStyle); - - URL backgroundImgURL = null; - try { - backgroundImgURL = getURLParameter(BACKGROUND_IMG, null); - log.debug("setting background: " + backgroundImgURL); - } catch (MalformedURLException ex) { - log.warn("cannot load applet background image: " + ex.getMessage()); - } - - AbstractHelpListener helpListener = null; - try { - helpListener = new DefaultHelpListener(getAppletContext(), - getURLParameter(HELP_URL, null), getLocale()); - if (log.isDebugEnabled()) { - log.debug("setting helpURL: " + getURLParameter(HELP_URL, null)); - } - } catch (MalformedURLException ex) { - log.warn("failed to load help URL: " + ex.getMessage() + ", disabling help"); - } - - // Note: We need a panel in order to be able to set the background - // properly. - // Setting the background without a panel has side effects with the - // different java plugins. - JPanel contentPanel = new JPanel(); - getContentPane().add(contentPanel); - - String backgroundColor = getParameter(BACKGROUND_COLOR); - if (backgroundColor != null && backgroundColor.startsWith("#")) { - try { - Color color = new Color(Integer.parseInt(backgroundColor.substring(1), 16)); - log.debug("setting background color to " + color); - contentPanel.setBackground(color); - } catch (NumberFormatException e) { - log.debug("failed to set background color '" + backgroundColor + "'"); - } - } - - try { - URLFontLoader fontProvider = new URLFontLoader(getCodeBase()); - fontProvider.loadInBackground(); - BKUGUIFacade gui = createGUI(contentPanel, getLocale(), guiStyle, - backgroundImgURL, fontProvider, helpListener, null); - - worker = createBKUWorker(this, gui); - } catch (MalformedURLException ex) { - log.fatal("failed to load font provider URL", ex); - System.err.println("invalid font provider URL " + ex.getMessage()); - } - } - - @Override - public void start() { - log.trace("Called start()"); - if (worker != null) { - showStatus("Starting MOCCA applet"); - workerThread = new Thread(worker); - workerThread.start(); - } else { - log.debug("cannot start uninitialzed MOCCA applet"); - } - } - - @Override - public void stop() { - log.trace("Called stop()"); - showStatus("Stopping MOCCA applet"); - if ((workerThread != null) && (workerThread.isAlive())) { - workerThread.interrupt(); - } - } - - @Override - public void destroy() { - log.trace("Called destroy()"); - } - - // /////////////////////////////////////////////////////////////////////////// - // factory methods for subclasses to inject different components - // /////////////////////////////////////////////////////////////////////////// - protected BKUGUIFacade createGUI(Container contentPane, Locale locale, - Style guiStyle, URL backgroundImgURL, - FontProvider fontProvider, AbstractHelpListener helpListener, - SwitchFocusListener switchFocusListener) { - return new BKUGUIImpl(contentPane, locale, guiStyle, backgroundImgURL, - fontProvider, helpListener, switchFocusListener); - } - - protected AppletBKUWorker createBKUWorker(BKUApplet applet, BKUGUIFacade gui) { - return new AppletBKUWorker(applet, gui); - } - - // /////////////////////////////////////////////////////////////////////////// - // callback for BKUWorker to allow extension - // /////////////////////////////////////////////////////////////////////////// - /** - * Callback for BKUWorker to allow extension - * - * @return - * @throws java.net.MalformedURLException - */ - public STALPortType getSTALPort() throws MalformedURLException { - URL wsdlURL = getURLParameter(WSDL_URL, null); - log.debug("setting STAL WSDL: " + wsdlURL); - QName endpointName = new QName(STAL_WSDL_NS, STAL_SERVICE); - STALService stal = new STALService(wsdlURL, endpointName); - return stal.getSTALPort(); - } - - /** - * Callback for BKUWorker to allow extension (TODO STALPort could know its - * STALTranslator) - * - * @return - * @throws java.net.MalformedURLException - */ - public STALTranslator getSTALTranslator() { - return new STALTranslator(); - } - - /** - * Callback for BKUWorker to keep applet context out of BKUWorker - * - * @return - * @throws java.net.MalformedURLException - */ - protected void sendRedirect(String sessionId) { - try { - AppletContext ctx = getAppletContext(); - if (ctx == null) { - log.error("no applet context (applet might already have been destroyed)"); - return; - } - URL redirectURL = getURLParameter(REDIRECT_URL, sessionId); - String redirectTarget = getParameter(REDIRECT_TARGET); - if (redirectTarget == null) { - log.info("Done. Redirecting to " + redirectURL + " ..."); - ctx.showDocument(redirectURL); - } else { - log.info("Done. Redirecting to " + redirectURL + " (target=" + redirectTarget + ") ..."); - ctx.showDocument(redirectURL, redirectTarget); - } - } catch (MalformedURLException ex) { - log.warn("Failed to redirect: " + ex.getMessage(), ex); - // gui.showErrorDialog(errorMsg, okListener, actionCommand) - } - } - - public void getFocusFromBrowser() { - - worker.getFocusFromBrowser(); - } - - // /////////////////////////////////////////////////////////////////////////// - // utility methods - // /////////////////////////////////////////////////////////////////////////// - protected URL getURLParameter(String paramKey, String sessionId) - throws MalformedURLException { - String urlParam = getParameter(paramKey); - if (urlParam != null && !"".equals(urlParam)) { - URL codebase = getCodeBase(); - try { - URL url; - if (codebase.getProtocol().equalsIgnoreCase("file")) { - // for debugging in appletrunner - url = new URL(urlParam); - } else { - if (sessionId != null) { - urlParam = urlParam + ";jsessionid=" + sessionId; - } - url = new URL(codebase, urlParam); - } - return url; - } catch (MalformedURLException ex) { - log.error("applet paremeter " + urlParam + " is not a valid URL: " + ex.getMessage()); - throw ex; - } - } else { - log.error("applet paremeter " + paramKey + " not set"); - throw new MalformedURLException(paramKey + " not set"); - } - } -} diff --git a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java b/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java deleted file mode 100644 index a02e56eb..00000000 --- a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java +++ /dev/null @@ -1,157 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package at.gv.egiz.bku.online.applet; - -import java.io.IOException; -import java.net.InetAddress; -import java.net.Socket; -import java.net.UnknownHostException; -import java.security.cert.CertificateParsingException; -import java.security.cert.X509Certificate; -import java.util.Collection; -import java.util.List; - -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.SSLSocketFactory; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -public class InternalSSLSocketFactory extends SSLSocketFactory { - - private final static String GOV_DOMAIN = ".gv.at"; - - private static InternalSSLSocketFactory instance = new InternalSSLSocketFactory(); - - private final static Log log = LogFactory - .getLog(InternalSSLSocketFactory.class); - - private SSLSocket sslSocket; - - private SSLSocketFactory proxy; - - private InternalSSLSocketFactory() { - proxy = HttpsURLConnection.getDefaultSSLSocketFactory(); - } - - public static InternalSSLSocketFactory getInstance() { - return instance; - } - - @Override - public Socket createSocket() throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(); - return sslSocket; - } - - @Override - public Socket createSocket(String arg0, int arg1) throws IOException, - UnknownHostException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1); - - return sslSocket; - } - - @Override - public Socket createSocket(InetAddress arg0, int arg1) throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1); - return sslSocket; - } - - @Override - public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3) - throws IOException, UnknownHostException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); - return sslSocket; - } - - @Override - public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, - int arg3) throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); - return sslSocket; - } - - @Override - public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3) - throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); - return sslSocket; - } - - @Override - public String[] getDefaultCipherSuites() { - return proxy.getDefaultCipherSuites(); - } - - @Override - public String[] getSupportedCipherSuites() { - return proxy.getSupportedCipherSuites(); - } - - public boolean isEgovAgency() { - log.info("Checking if server is egov agency"); - if (sslSocket != null) { - try { - X509Certificate cert = (X509Certificate) sslSocket.getSession() - .getPeerCertificates()[0]; - log.info("Server cert: " + cert); - return isGovAgency(cert); - } catch (SSLPeerUnverifiedException e) { - log.error(e); - return false; - } - } - log.info("Not a SSL connection"); - return false; - } - - public static boolean isGovAgency(X509Certificate cert) { - String[] rdns = (cert.getSubjectX500Principal().getName()).split(","); - for (String rdn : rdns) { - if (rdn.startsWith("CN=")) { - String dns = rdn.split("=")[1]; - if (dns.endsWith(GOV_DOMAIN)) { - return true; - } - } - } - try { - Collection<List<?>> sanList = cert.getSubjectAlternativeNames(); - if (sanList != null) { - for (List<?> san : sanList) { - if ((Integer) san.get(0) == 2) { - String dns = (String) san.get(1); - if (dns.endsWith(GOV_DOMAIN)) { - return true; - } - } - } - } - } catch (CertificateParsingException e) { - log.error(e); - } - if ((cert.getExtensionValue("1.2.40.0.10.1.1.1") != null) - || (cert.getExtensionValue("1.2.40.0.10.1.1.2") != null)) { - return true; - } - return false; - } -} diff --git a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/viewer/URLFontLoader.java b/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/viewer/URLFontLoader.java deleted file mode 100644 index 49615887..00000000 --- a/mocca-1.2.11/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/viewer/URLFontLoader.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.applet.viewer; - -import at.gv.egiz.bku.gui.viewer.FontProviderException; -import at.gv.egiz.bku.gui.viewer.FontProvider; -import java.awt.Font; -import java.awt.FontFormatException; -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URL; -import java.util.concurrent.ExecutionException; -import javax.swing.SwingWorker; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * - * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> - */ -public class URLFontLoader extends SwingWorker<Font, Object> implements FontProvider { - - protected static final Log log = LogFactory.getLog(URLFontLoader.class); - protected URL fontURL; - protected Font font; - - public URLFontLoader(URL codebase) throws MalformedURLException { - this.fontURL = new URL(codebase, SANSMONO_FONT_RESOURCE); - if (log.isDebugEnabled()) { - log.debug("[" + Thread.currentThread().getName() + "] setting font load URL: " + fontURL); - } - } - - public void loadInBackground() { - if (log.isDebugEnabled()) { - log.debug("[" + Thread.currentThread().getName() + "] scheduling font loading in background: " + fontURL); - } - this.execute(); - } - - @Override - protected Font doInBackground() throws MalformedURLException, FontFormatException, IOException { - if (log.isDebugEnabled()) { - log.debug("[" + Thread.currentThread().getName() + "] loading font in background..."); - } - return Font.createFont(Font.TRUETYPE_FONT, fontURL.openStream()); - } - - /** - * waits for loadInBackground to finish - * @return the font loaded in loadInbackground - * @throws Exception - */ - @Override - public Font getFont() throws FontProviderException { - log.debug("[" + Thread.currentThread().getName() + "] get font (EDT?)"); - try { - return get(); - } catch (InterruptedException ex) { - log.error("font loader interrupted"); -// Thread.currentThread().interrupt(); - throw new FontProviderException("font loader interrupted", ex); - } catch (ExecutionException ex) { - log.error("failed to load font", ex.getCause()); - throw new FontProviderException("failed to load font", ex.getCause()); - } - } -} |