summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--BKUHelp/pom.xml2
-rw-r--r--BKUHelp/src/main/webapp/help/de/help.install.cacert.html8
-rw-r--r--BKULocal/pom.xml2
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java1
-rw-r--r--BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java149
-rw-r--r--BKULocal/src/main/webapp/WEB-INF/web.xml8
-rw-r--r--BKULocal/src/main/webapp/index.html7
-rw-r--r--BKUOnline/pom.xml2
-rw-r--r--BKUOnline/src/main/webapp/js/deployJava.js3
-rw-r--r--BKUWebStart/pom.xml48
-rw-r--r--BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java47
-rw-r--r--BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java6
-rw-r--r--BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java10
-rw-r--r--BKUWebStart/src/main/jnlp/keystore.ks (renamed from BKUWebStart/keystore.ks)bin5635 -> 5635 bytes
-rw-r--r--BKUWebStart/src/main/jnlp/resources/img/chip128.pngbin0 -> 7775 bytes
-rw-r--r--BKUWebStart/src/main/jnlp/resources/img/chip16.pngbin0 -> 787 bytes
-rw-r--r--BKUWebStart/src/main/jnlp/resources/img/chip24.pngbin0 -> 1227 bytes
-rw-r--r--BKUWebStart/src/main/jnlp/resources/img/chip32.pngbin0 -> 1753 bytes
-rw-r--r--BKUWebStart/src/main/jnlp/resources/img/chip48.pngbin0 -> 2771 bytes
-rw-r--r--BKUWebStart/src/main/jnlp/resources/img/splash.pngbin0 -> 41455 bytes
-rw-r--r--BKUWebStart/src/main/jnlp/resources/img/version.xml52
-rw-r--r--BKUWebStart/src/main/jnlp/resources/player.jnlp3
-rw-r--r--BKUWebStart/src/main/jnlp/template-local.xml40
-rw-r--r--BKUWebStartPackage/src/main/jnlp/template.xml6
-rw-r--r--pom.xml2
25 files changed, 205 insertions, 191 deletions
diff --git a/BKUHelp/pom.xml b/BKUHelp/pom.xml
index 366a2666..cfdb7178 100644
--- a/BKUHelp/pom.xml
+++ b/BKUHelp/pom.xml
@@ -7,7 +7,7 @@
</parent>
<groupId>at.gv.egiz</groupId>
<artifactId>BKUHelp</artifactId>
- <version>1.3-SNAPSHOT</version>
+ <version>1.2.5-SNAPSHOT</version>
<name>BKU Help</name>
<build>
<resources>
diff --git a/BKUHelp/src/main/webapp/help/de/help.install.cacert.html b/BKUHelp/src/main/webapp/help/de/help.install.cacert.html
index a7573102..25c546f0 100644
--- a/BKUHelp/src/main/webapp/help/de/help.install.cacert.html
+++ b/BKUHelp/src/main/webapp/help/de/help.install.cacert.html
@@ -30,14 +30,20 @@
Um diese Überprüfung zu ermöglichen ist es notwendig das Ausstellerzertifikat, lautend auf
<code>O=MOCCA, OU=MOCCA TLS Server CA</code>, im Web-Browser zu installieren.
</p>
+
+ <p><strong>Achtung:</strong> Eine automatische Installation des CA Zertifikats als 'Vertrauenswürdiges Stammzertifikat' im Microsoft Zertifikatsspeicher ist in Windows Vista leider nicht möglich.
+ Sollten Sie Internet Explorer oder Safari in Windows Vista oder 7 benutzen, dann wählen Sie bei der Installation des Zertifikats ausdrücklich 'zu vertrauenswürdigen Stammzertifizierungsstellen hinzufügen'.
+ </p>
+
<p>
- Klicken Sie dazu auf die Verknüpfung <a href="../../installCertificate">CA Zertifikat installieren</a>
+ Klicken Sie dazu auf die Verknüpfung <a href="../../ca.crt">CA Zertifikat installieren</a>
und wählen Sie im angezeigten Dialog die Option 'Dieser CA vertrauen um Websites zu identifizieren'.
(Anmerkung: Der genaue Wortlaut hängt vom verwendeten Web-Browser ab).
</p>
<p><img src="help.install.cacert.png" alt="Bildschirmfoto des Zertifikatsinstallationsdialogs" height="287" width="565"/></p>
<p style="font-size:70%;"><strong>Hinweis:</strong> Der tatsächliche Dialog kann vom oben dargestellten abweichen und hängt vom verwendeten Web-Browser ab.</p>
<p>Kopieren Sie diese Verknüpfung und rufen Sie sie in weiteren Web-Browsern ihrer Wahl auf um das Zertifikat auch dort zu installieren.</p>
+
<p>Das CA Zertifikat wird ausschließlich zur Identifikation der lokalen Bürgerkartenumgebung verwendet
und kann bei der Deinstallation der Bürgerkartenumgebung aus dem Web-Browser entfernt werden.</p>
<p><br class="clearfloat" /></p>
diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml
index 23c626c4..85c83cec 100644
--- a/BKULocal/pom.xml
+++ b/BKULocal/pom.xml
@@ -111,7 +111,7 @@
<dependency>
<artifactId>BKUHelp</artifactId>
<groupId>at.gv.egiz</groupId>
- <version>1.3-SNAPSHOT</version>
+ <version>1.2.5-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
index 75f71be6..1e3f9a1d 100644
--- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java
@@ -49,6 +49,7 @@ public class LocalBKUWorker extends AbstractBKUWorker {
public List<STALResponse> handleRequest(List<? extends STALRequest> requestList) {
signatureCard = null;
List<STALResponse> responses = super.handleRequest(requestList);
+ container.setVisible(false);
return responses;
}
diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
deleted file mode 100644
index 0a9d001b..00000000
--- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
+++ /dev/null
@@ -1,149 +0,0 @@
-/*
- * Copyright 2008 Federal Chancellery Austria and
- * Graz University of Technology
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package at.gv.egiz.bku.local.webapp;
-
-import iaik.pkcs.PKCS7CertList;
-import iaik.utils.Util;
-import java.io.IOException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServlet;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-
-/**
- * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
- */
-public class InstallCertificateServlet extends HttpServlet {
- public static final String HTTPS_REDIRECT = "https://localhost:3496/";
-
- public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
- protected PKCS7CertList p7c;
- private static final Log log = LogFactory.getLog(InstallCertificateServlet.class);
-
- @Override
- public void init() throws ServletException {
- super.init();
- Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE);
- if (caCert != null) {
- try {
- p7c = new PKCS7CertList();
- p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) });
- } catch (CertificateException ex) {
- log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex);
- }
- } else {
- log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
- }
- }
-
- /**
- * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
- * @param request servlet request
- * @param response servlet response
- * @throws ServletException if a servlet-specific error occurs
- * @throws IOException if an I/O error occurs
- */
- protected void processRequest(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
-
-// try {
-// SSLContext sslCtx1 = SSLContext.getDefault();
-// log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName());
-// } catch (NoSuchAlgorithmException ex) {
-// log.debug("no sslContext: " + ex.getMessage(), ex);
-// }
-//
-// try {
-// SSLContext sslCtx2 = SSLContext.getInstance("TLS");
-// log.debug("TLS SSLContext: " + sslCtx2.getClass().getName());
-//
-// SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory();
-// SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext();
-//
-// if (serverSocketFactory != null) {
-// log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName());
-// }
-// if (serverSessionContext != null) {
-// log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName());
-// }
-// } catch (NoSuchAlgorithmException ex) {
-// log.debug("no sslContext: " + ex.getMessage(), ex);
-// }
-//
-// try {
-// SSLContext sslCtx3 = SSLContext.getInstance("SSLv3");
-// log.debug("TLS SSLContext: " + sslCtx3.getClass().getName());
-// } catch (NoSuchAlgorithmException ex) {
-// log.debug("no sslContext: " + ex.getMessage(), ex);
-// }
-
-
-
-
-
- if (p7c != null) {
- log.debug("returning local ca certificate");
- response.setContentType("application/x-x509-ca-cert");
- p7c.writeTo(response.getOutputStream());
- response.getOutputStream().flush();
- } else {
- log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT);
- response.sendRedirect(HTTPS_REDIRECT);
- }
-
- }
-
- // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
- /**
- * Handles the HTTP <code>GET</code> method.
- * @param request servlet request
- * @param response servlet response
- * @throws ServletException if a servlet-specific error occurs
- * @throws IOException if an I/O error occurs
- */
- @Override
- protected void doGet(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- processRequest(request, response);
- }
-
- /**
- * Handles the HTTP <code>POST</code> method.
- * @param request servlet request
- * @param response servlet response
- * @throws ServletException if a servlet-specific error occurs
- * @throws IOException if an I/O error occurs
- */
- @Override
- protected void doPost(HttpServletRequest request, HttpServletResponse response)
- throws ServletException, IOException {
- processRequest(request, response);
- }
-
- /**
- * Returns a short description of the servlet.
- * @return a String containing servlet description
- */
- @Override
- public String getServletInfo() {
- return "Short description";
- }// </editor-fold>
-}
diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml
index 8768dbd8..c4ea1e54 100644
--- a/BKULocal/src/main/webapp/WEB-INF/web.xml
+++ b/BKULocal/src/main/webapp/WEB-INF/web.xml
@@ -39,10 +39,6 @@
<servlet-name>PINManagementServlet</servlet-name>
<servlet-class>at.gv.egiz.bku.local.webapp.PINManagementServlet</servlet-class>
</servlet>
- <servlet>
- <servlet-name>InstallCertificateServlet</servlet-name>
- <servlet-class>at.gv.egiz.bku.local.webapp.InstallCertificateServlet</servlet-class>
- </servlet>
<servlet-mapping>
<servlet-name>BKUServlet</servlet-name>
<url-pattern>/http-security-layer-request</url-pattern>
@@ -57,10 +53,6 @@
<servlet-name>PINManagementServlet</servlet-name>
<url-pattern>/PINManagement</url-pattern>
</servlet-mapping>
- <servlet-mapping>
- <servlet-name>InstallCertificateServlet</servlet-name>
- <url-pattern>/installCertificate</url-pattern>
- </servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html
index c5be17fe..0156b5e5 100644
--- a/BKULocal/src/main/webapp/index.html
+++ b/BKULocal/src/main/webapp/index.html
@@ -34,7 +34,7 @@
<img src="img/chip48.png" alt="Logo" width="48" height="48"/>
</div>
<p>Um die Bürgerkartenumgebung zu verwenden installieren Sie bitte
- zunächst das <a href="installCertificate">CA Zertifikat</a>.
+ zunächst das <a href="ca.crt">CA Zertifikat</a>&sup1;.
</p>
<p style="clear:left; margin-top:1.5em">Weiters können Sie</p>
@@ -46,6 +46,11 @@
<p><br class="clearfloat" /></p>
+ <p style="font-size:80%">
+ &sup1;Eine automatisierte Installation ist mit Microsoft Internet Explorer in Windows Vista oder 7 leider nicht möglich,
+ siehe dazu <a href="help.install.cacert.html">Hilfe</a>.
+ </p>
+
</div>
<div id="footer">
<p>
diff --git a/BKUOnline/pom.xml b/BKUOnline/pom.xml
index 8b9072b5..0ff18b48 100644
--- a/BKUOnline/pom.xml
+++ b/BKUOnline/pom.xml
@@ -39,7 +39,7 @@
<dependency>
<artifactId>BKUHelp</artifactId>
<groupId>at.gv.egiz</groupId>
- <version>1.3-SNAPSHOT</version>
+ <version>1.2.5-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>commons-logging</groupId>
diff --git a/BKUOnline/src/main/webapp/js/deployJava.js b/BKUOnline/src/main/webapp/js/deployJava.js
index ab75c961..f4027953 100644
--- a/BKUOnline/src/main/webapp/js/deployJava.js
+++ b/BKUOnline/src/main/webapp/js/deployJava.js
@@ -490,7 +490,8 @@ var deployJava = {
'}';
// [#425] Disable WebStart Launch Button for MacOS
- if (navigator.appVersion.toLowerCase().indexOf("mac")!=-1) {
+ if (navigator.appVersion.toLowerCase().indexOf("mac")!=-1 &&
+ navigator.appVersion.toLowerCase().indexOf("os x 10_6")==-1) {
document.write('<' + 'a disabled="disabled"' +
' onMouseOver="window.status=\'\'; ' +
'return true;"><' + 'img class="disabled"' +
diff --git a/BKUWebStart/pom.xml b/BKUWebStart/pom.xml
index de0e0f4a..90d93566 100644
--- a/BKUWebStart/pom.xml
+++ b/BKUWebStart/pom.xml
@@ -82,6 +82,54 @@
</plugins>
</build>
+ <profiles>
+ <profile>
+ <!-- development profile -->
+ <id>local-webstart</id>
+ <build>
+ <plugins>
+ <plugin>
+ <artifactId>webstart-maven-plugin</artifactId>
+ <groupId>org.codehaus.mojo.webstart</groupId>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>jnlp-inline</goal>
+ </goals>
+ </execution>
+ </executions>
+ <configuration>
+ <excludeTransitive>false</excludeTransitive>
+ <jnlp>
+ <inputTemplateResourcePath>${project.basedir}/src/main/jnlp</inputTemplateResourcePath>
+ <inputTemplate>template-local.xml</inputTemplate>
+ <outputFile>mocca-local.jnlp</outputFile>
+ <mainClass>at.gv.egiz.bku.webstart.Launcher</mainClass>
+ </jnlp>
+ <sign>
+ <alias>test-applet signer</alias>
+ <keystore>${project.basedir}/src/main/jnlp/keystore.ks</keystore>
+ <storepass>storepass</storepass>
+ <keypass>keypass</keypass>
+ <verify>true</verify>
+ <keystoreConfig>
+ <delete>false</delete>
+ <gen>false</gen>
+ </keystoreConfig>
+ </sign>
+ <pack200>false</pack200>
+ <gzip>false</gzip>
+ <outputJarVersions>false</outputJarVersions>
+ <unsignAlreadySignedJars>true</unsignAlreadySignedJars>
+ <verbose>true</verbose>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+ </profiles>
+
<dependencies>
<!-- ATTENTION update of application descriptor (jnlp file) is special...
| The JNLP Client must use the Last-Modified header field returned by
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
index 3bf74d3c..2feae267 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java
@@ -22,7 +22,6 @@ import java.security.KeyStore;
import java.security.Permissions;
import java.security.SecurityPermission;
import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
import java.util.PropertyPermission;
import javax.smartcardio.CardPermission;
import org.apache.commons.logging.Log;
@@ -38,7 +37,6 @@ public class Container {
public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
- public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
private static Log log = LogFactory.getLog(Container.class);
static {
@@ -51,6 +49,8 @@ public class Container {
}
}
private Server server;
+ private WebAppContext webapp;
+ private Certificate caCertificate;
public void init() throws IOException {
// System.setProperty("DEBUG", "true");
@@ -118,33 +118,19 @@ public class Container {
server.setConnectors(new Connector[]{connector, sslConnector});
- WebAppContext webapp = new WebAppContext();
+ webapp = new WebAppContext();
webapp.setLogUrlOnStart(true);
webapp.setContextPath("/");
webapp.setExtractWAR(true);
webapp.setParentLoaderPriority(false);
- try {
- // no way to get certificate from within the servlet (SSLEngine/Jetty SSLSocketConnector/SSLContext?)
- if (log.isTraceEnabled()) {
- log.trace("local ca certificate from " + keystoreFile + " in webapp context at " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
- }
- BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
- KeyStore sslKeyStore = KeyStore.getInstance("JKS");
- sslKeyStore.load(bis, passwd.toCharArray());
- Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
- webapp.setAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE, sslChain[sslChain.length - 1]);
- bis.close();
- } catch (Exception ex) {
- log.error("Failed to load local ca certificate", ex);
- log.warn("automated web certificate installation will not be available");
- }
-
webapp.setWar(copyWebapp(webapp.getTempDirectory()));
webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
server.setHandler(webapp);
server.setGracefulShutdown(1000 * 3);
+
+ loadCACertificate(keystoreFile, passwd.toCharArray());
}
/**
@@ -234,6 +220,12 @@ public class Container {
public void start() throws Exception {
server.start();
+ // webapp.getBaseResource()
+ File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt");
+ BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile));
+ bos.write(caCertificate.getEncoded());
+ bos.flush();
+ bos.close();
}
public boolean isRunning() {
@@ -251,4 +243,21 @@ public class Container {
public void join() throws InterruptedException {
server.join();
}
+
+ private void loadCACertificate(File keystoreFile, char[] passwd) {
+ try {
+ if (log.isTraceEnabled()) {
+ log.trace("local ca certificate from " + keystoreFile);
+ }
+ BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
+ KeyStore sslKeyStore = KeyStore.getInstance("JKS");
+ sslKeyStore.load(bis, passwd);
+ Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
+ caCertificate = sslChain[sslChain.length - 1];
+ bis.close();
+ } catch (Exception ex) {
+ log.error("Failed to load local ca certificate", ex);
+ log.warn("automated web certificate installation will not be available");
+ }
+ }
}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
index 8cc9817f..2bf42ccb 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java
@@ -9,8 +9,6 @@ import java.net.URISyntaxException;
import java.util.Locale;
import java.util.ResourceBundle;
-import java.util.logging.Level;
-import java.util.logging.Logger;
import javax.jnlp.UnavailableServiceException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -28,9 +26,7 @@ import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.WindowAdapter;
import java.net.BindException;
-import java.net.HttpURLConnection;
import java.net.MalformedURLException;
-import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
@@ -175,6 +171,7 @@ public class Launcher implements BKUControllerInterface, ActionListener {
}
throw ex;
} catch (Exception ex) {
+ ex.printStackTrace();
log.fatal("Failed to launch server, " + ex.getMessage(), ex);
trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
messages.getString(ERROR_START), TrayIcon.MessageType.ERROR);
@@ -381,6 +378,7 @@ public class Launcher implements BKUControllerInterface, ActionListener {
Launcher launcher = new Launcher();
launcher.launch();
} catch (Exception ex) {
+ ex.printStackTrace();
log.debug(ex);
log.info("waiting to shutdown...");
Thread.sleep(5000);
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
index fd94958e..08a06570 100644
--- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
+++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java
@@ -64,9 +64,13 @@ public class TLSServerCA {
caCert.addExtension(new SubjectKeyIdentifier(caKeyPair.getPublic()));
- caCert.addExtension(new BasicConstraints(true));
- caCert.addExtension(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
- | KeyUsage.digitalSignature));
+ BasicConstraints bc = new BasicConstraints(true);
+ bc.setCritical(true);
+ caCert.addExtension(bc);
+ KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
+ | KeyUsage.digitalSignature);
+ ku.setCritical(true);
+ caCert.addExtension(ku);
GregorianCalendar date = new GregorianCalendar();
date.add(Calendar.HOUR_OF_DAY, -1);
diff --git a/BKUWebStart/keystore.ks b/BKUWebStart/src/main/jnlp/keystore.ks
index 824c3a40..824c3a40 100644
--- a/BKUWebStart/keystore.ks
+++ b/BKUWebStart/src/main/jnlp/keystore.ks
Binary files differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip128.png b/BKUWebStart/src/main/jnlp/resources/img/chip128.png
new file mode 100644
index 00000000..c36d8079
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/chip128.png
Binary files differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip16.png b/BKUWebStart/src/main/jnlp/resources/img/chip16.png
new file mode 100644
index 00000000..96b580e9
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/chip16.png
Binary files differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip24.png b/BKUWebStart/src/main/jnlp/resources/img/chip24.png
new file mode 100644
index 00000000..efd6dbeb
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/chip24.png
Binary files differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip32.png b/BKUWebStart/src/main/jnlp/resources/img/chip32.png
new file mode 100644
index 00000000..e7efb020
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/chip32.png
Binary files differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip48.png b/BKUWebStart/src/main/jnlp/resources/img/chip48.png
new file mode 100644
index 00000000..491fbcac
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/chip48.png
Binary files differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/splash.png b/BKUWebStart/src/main/jnlp/resources/img/splash.png
new file mode 100644
index 00000000..597fbc60
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/splash.png
Binary files differ
diff --git a/BKUWebStart/src/main/jnlp/resources/img/version.xml b/BKUWebStart/src/main/jnlp/resources/img/version.xml
new file mode 100644
index 00000000..5e160beb
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/img/version.xml
@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<jnlp-versions>
+ <resource>
+ <pattern>
+ <name>chip16.png</name>
+ <version-id>2.0</version-id>
+ </pattern>
+ <file>chip16.png</file>
+ </resource>
+ <resource>
+ <pattern>
+ <name>chip24.png</name>
+ <version-id>2.0</version-id>
+ </pattern>
+ <file>chip24.png</file>
+ </resource>
+ <resource>
+ <pattern>
+ <name>chip32.png</name>
+ <version-id>2.0</version-id>
+ </pattern>
+ <file>chip32.png</file>
+ </resource>
+ <resource>
+ <pattern>
+ <name>chip48.png</name>
+ <version-id>2.0</version-id>
+ </pattern>
+ <file>chip48.png</file>
+ </resource>
+ <resource>
+ <pattern>
+ <name>chip64.png</name>
+ <version-id>2.0</version-id>
+ </pattern>
+ <file>chip64.png</file>
+ </resource>
+ <resource>
+ <pattern>
+ <name>chip128.png</name>
+ <version-id>2.0</version-id>
+ </pattern>
+ <file>chip128.png</file>
+ </resource>
+ <resource>
+ <pattern>
+ <name>splash.png</name>
+ <version-id>2.0</version-id>
+ </pattern>
+ <file>splash.png</file>
+ </resource>
+</jnlp-versions>
diff --git a/BKUWebStart/src/main/jnlp/resources/player.jnlp b/BKUWebStart/src/main/jnlp/resources/player.jnlp
new file mode 100644
index 00000000..da08ebc2
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/resources/player.jnlp
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Jump specific JNL file for launching the player -->
+<player/> \ No newline at end of file
diff --git a/BKUWebStart/src/main/jnlp/template-local.xml b/BKUWebStart/src/main/jnlp/template-local.xml
new file mode 100644
index 00000000..12ff9d8c
--- /dev/null
+++ b/BKUWebStart/src/main/jnlp/template-local.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<jnlp spec="$jnlpspec" codebase="file:${project.build.directory}/jnlp" href="$outputFile">
+
+ <information>
+ <title>${project.Description}</title>
+ <vendor>E-Government Innovationszentrum (EGIZ)</vendor>
+ <homepage href="${project.Url}"/>
+ <description>${project.Description} (BKU) MOCCA Web Start</description>
+ <description kind="short">${project.Description}</description>
+ <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/>
+ <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/>
+ <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/>
+ <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/>
+ <icon kind="default" href="img/chip16.png" width="16" height="16"/>
+ <icon kind="default" href="img/chip24.png" width="24" height="24"/>
+ <icon kind="default" href="img/chip32.png" width="32" height="32"/>
+ <icon kind="default" href="img/chip48.png" width="48" height="48"/>
+ <icon kind="splash" href="img/splash.png"/>
+ <shortcut online="true">
+ <desktop/>
+ <menu submenu="e-Government"/>
+ </shortcut>
+
+ <offline-allowed/>
+
+ </information>
+
+ <security>
+ <all-permissions/>
+ </security>
+
+ <update check="timeout" policy="prompt-update"/>
+
+ <resources>
+ <java version="1.6+" java-vm-args="-Djava.security.debug=access,failure"/>
+ $dependencies
+ </resources>
+
+ <application-desc main-class="$mainClass"/>
+</jnlp> \ No newline at end of file
diff --git a/BKUWebStartPackage/src/main/jnlp/template.xml b/BKUWebStartPackage/src/main/jnlp/template.xml
index dfb66c55..06b024ec 100644
--- a/BKUWebStartPackage/src/main/jnlp/template.xml
+++ b/BKUWebStartPackage/src/main/jnlp/template.xml
@@ -1,5 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
-<jnlp spec="$jnlpspec" codebase="http://localhost:8080/webstart/" context="http://localhost:8080" href="mocca.jnlp">
+<!--
+ | To strip versions from jar filenames do
+ | for JAR in *jar; do mv JAR {JAR/-[0-9]*/.jar}; done
+ |-->
+<jnlp spec="$jnlpspec" codebase="$$codebase" context="$$context" href="$$name">
<information>
<title>${project.Description}</title>
diff --git a/pom.xml b/pom.xml
index a801b98d..8f64f170 100644
--- a/pom.xml
+++ b/pom.xml
@@ -89,7 +89,7 @@
<plugin>
<artifactId>maven-dependency-plugin</artifactId>
<groupId>org.apache.maven.plugins</groupId>
- <version>2.0</version>
+ <version>2.1</version>
</plugin>
<!--
plugin> <artifactId>maven-jaxb2-plugin</artifactId>