summaryrefslogtreecommitdiff
path: root/BKUApplet/src/main/java/at
diff options
context:
space:
mode:
Diffstat (limited to 'BKUApplet/src/main/java/at')
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java54
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java4
-rw-r--r--BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java235
3 files changed, 154 insertions, 139 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
index 03e4b7c9..3903bf10 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java
@@ -35,10 +35,11 @@ import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
+import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
/**
- *
+ *
* @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
*/
public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
@@ -47,8 +48,10 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
protected AppletParameterProvider params;
protected String sessionId;
protected STALPortType stalPort;
+ private ObjectFactory stalObjFactory = new ObjectFactory();
- public AppletBKUWorker(BKUGUIFacade gui, AppletContext ctx, AppletParameterProvider paramProvider) {
+ public AppletBKUWorker(BKUGUIFacade gui, AppletContext ctx,
+ AppletParameterProvider paramProvider) {
super(gui);
if (ctx == null) {
throw new NullPointerException("Applet context not provided");
@@ -88,11 +91,16 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
try {
registerSignRequestHandler();
- ObjectFactory of = new ObjectFactory();
-
GetNextRequestResponseType nextRequestResp = stalPort.connect(sessionId);
do {
- List<RequestType> requests = nextRequestResp.getInfoboxReadRequestOrSignRequestOrQuitRequest();
+ List<JAXBElement<? extends RequestType>> requests = nextRequestResp.getInfoboxReadRequestOrSignRequestOrQuitRequest();
+
+ // (rather use validator)
+ if (requests.size() == 0) {
+ log.error("Received empty NextRequestResponse: no STAL requests to handle. (STAL-X requests might not have gotten unmarshalled)");
+ throw new Exception("No STAL requests to handle.");
+ }
+
List<STALRequest> stalRequests = STALTranslator.translateRequests(requests);
if (log.isInfoEnabled()) {
@@ -114,13 +122,13 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
String domainId = r.getDomainIdentifier();
if ("IdentityLink".equals(infoboxId) && domainId == null) {
if (!InternalSSLSocketFactory.getInstance().isEgovAgency()) {
- handle = false;
+ handle = false;
}
}
}
}
- List<ResponseType> responses;
+ List<JAXBElement<? extends ResponseType>> responses;
if (handle) {
List<STALResponse> stalResponses = handleRequest(stalRequests);
if (log.isInfoEnabled()) {
@@ -134,16 +142,17 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
}
responses = STALTranslator.fromSTAL(stalResponses);
} else {
- responses = new ArrayList<ResponseType>(1);
- ErrorResponseType err = of.createErrorResponseType();
+ log.error("Insufficient rights to execute command InfoboxReadRequest for Infobox IdentityLink, return Error 6002");
+ responses = new ArrayList<JAXBElement<? extends ResponseType>>(1);
+ ErrorResponseType err = stalObjFactory.createErrorResponseType();
err.setErrorCode(6002);
// err.setErrorMessage();
- responses.add(err);
+ responses.add(stalObjFactory.createGetNextRequestTypeErrorResponse(err));
}
if (!finished) {
log.info("Not finished yet (BKUWorker: " + this + "), sending responses");
- GetNextRequestType nextRequest = of.createGetNextRequestType();
+ GetNextRequestType nextRequest = stalObjFactory.createGetNextRequestType();
nextRequest.setSessionId(sessionId);
nextRequest.getInfoboxReadResponseOrSignResponseOrErrorResponse().addAll(responses);
nextRequestResp = stalPort.getNextRequest(nextRequest);
@@ -158,16 +167,17 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
} catch (InterruptedException e) {
log.error(e);
}
- }
- if (signatureCard != null) {
- signatureCard.disconnect(false);
+ if (signatureCard != null) {
+ signatureCard.disconnect(false);
+ }
}
sendRedirect();
}
protected void sendRedirect() {
try {
- URL redirectURL = params.getURLParameter(BKUApplet.REDIRECT_URL, sessionId);
+ URL redirectURL = params.getURLParameter(BKUApplet.REDIRECT_URL,
+ sessionId);
String redirectTarget = params.getAppletParameter(BKUApplet.REDIRECT_TARGET);
if (redirectTarget == null) {
log.info("Done. Redirecting to " + redirectURL + " ...");
@@ -185,7 +195,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
private STALPortType getSTALPort() throws MalformedURLException {
URL wsdlURL = params.getURLParameter(BKUApplet.WSDL_URL);
log.debug("STAL WSDL at " + wsdlURL);
- QName endpointName = new QName(BKUApplet.STAL_WSDL_NS, BKUApplet.STAL_SERVICE);
+ QName endpointName = new QName(BKUApplet.STAL_WSDL_NS,
+ BKUApplet.STAL_SERVICE);
STALService stal = new STALService(wsdlURL, endpointName);
return stal.getSTALPort();
}
@@ -193,13 +204,16 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable {
private void registerSignRequestHandler() throws MalformedURLException {
String hashDataDisplayStyle = params.getAppletParameter(BKUApplet.HASHDATA_DISPLAY);
if (BKUApplet.HASHDATA_DISPLAY_BROWSER.equals(hashDataDisplayStyle)) {
- URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, sessionId);
+ URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL,
+ sessionId);
log.debug("register SignRequestHandler for HashDataURL " + hashDataURL);
- addRequestHandler(SignRequest.class, new BrowserHashDataDisplay(ctx, hashDataURL));
+ addRequestHandler(SignRequest.class, new BrowserHashDataDisplay(ctx,
+ hashDataURL));
} else {
- //BKUApplet.HASHDATA_DISPLAY_FRAME
+ // BKUApplet.HASHDATA_DISPLAY_FRAME
log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL);
- AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId);
+ AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort,
+ sessionId);
addRequestHandler(SignRequest.class, handler);
}
}
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
index d0eed607..d0f6d489 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java
@@ -75,7 +75,7 @@ public class BKUApplet extends JApplet implements AppletParameterProvider {
/**
* Factory method to create and wire HelpListener, GUI and BKUWorker.
- * (Config via applet parameters as constants BKUApplet.*)
+ * (Config via applet parameters, see BKUApplet.* constants)
*/
@Override
public void init() {
@@ -83,7 +83,7 @@ public class BKUApplet extends JApplet implements AppletParameterProvider {
log.debug("Called init()");
HttpsURLConnection.setDefaultSSLSocketFactory(InternalSSLSocketFactory.getInstance());
-
+
String locale = getAppletParameter(LOCALE);
if (locale != null) {
this.setLocale(new Locale(locale));
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java
index c3417d63..a02e56eb 100644
--- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java
+++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java
@@ -36,121 +36,122 @@ import org.apache.commons.logging.LogFactory;
public class InternalSSLSocketFactory extends SSLSocketFactory {
- private final static String GOV_DOMAIN = ".gv.at";
-
- private static InternalSSLSocketFactory instance = new InternalSSLSocketFactory();
-
- private final static Log log = LogFactory
- .getLog(InternalSSLSocketFactory.class);
-
- private SSLSocket sslSocket;
-
- private SSLSocketFactory proxy;
-
- private InternalSSLSocketFactory() {
- proxy = HttpsURLConnection.getDefaultSSLSocketFactory();
- }
-
- public static InternalSSLSocketFactory getInstance() {
- return instance;
- }
-
- @Override
- public Socket createSocket() throws IOException {
- sslSocket = (SSLSocket) proxy.createSocket();
- return sslSocket;
- }
-
- @Override
- public Socket createSocket(String arg0, int arg1) throws IOException,
- UnknownHostException {
- sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1);
-
- return sslSocket;
- }
-
- @Override
- public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
- sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1);
- return sslSocket;
- }
-
- @Override
- public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
- throws IOException, UnknownHostException {
- sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
- return sslSocket;
- }
-
- @Override
- public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2,
- int arg3) throws IOException {
- sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
- return sslSocket;
- }
-
- @Override
- public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3)
- throws IOException {
- sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
- return sslSocket;
- }
-
- @Override
- public String[] getDefaultCipherSuites() {
- return proxy.getDefaultCipherSuites();
- }
-
- @Override
- public String[] getSupportedCipherSuites() {
- return proxy.getSupportedCipherSuites();
- }
-
- public boolean isEgovAgency() {
- log.info("Checking if server is egov agency");
- if (sslSocket != null) {
- try {
- X509Certificate cert = (X509Certificate) sslSocket.getSession()
- .getPeerCertificates()[0];
- log.info("Server cert: " + cert);
- return isGovAgency(cert);
- } catch (SSLPeerUnverifiedException e) {
- log.error(e);
- return false;
- }
- }
- log.info("Not a SSL connection");
- return false;
- }
-
- public static boolean isGovAgency(X509Certificate cert) {
- String[] rdns = (cert.getSubjectX500Principal().getName()).split(",");
- for (String rdn : rdns) {
- if (rdn.startsWith("CN=")) {
- String dns = rdn.split("=")[1];
- if (dns.endsWith(GOV_DOMAIN)) {
- return true;
- }
- }
- }
- try {
- Collection<List<?>> sanList = cert.getSubjectAlternativeNames();
- if (sanList != null) {
- for (List<?> san : sanList) {
- if ((Integer) san.get(0) == 2) {
- String dns = (String) san.get(1);
- if (dns.endsWith(GOV_DOMAIN)) {
- return true;
- }
- }
- }
- }
- } catch (CertificateParsingException e) {
- log.error(e);
- }
- if (cert.getExtensionValue("1.2.40.0.10.1.1.1") != null) {
- return true;
- }
- return false;
- }
+ private final static String GOV_DOMAIN = ".gv.at";
+
+ private static InternalSSLSocketFactory instance = new InternalSSLSocketFactory();
+
+ private final static Log log = LogFactory
+ .getLog(InternalSSLSocketFactory.class);
+
+ private SSLSocket sslSocket;
+
+ private SSLSocketFactory proxy;
+
+ private InternalSSLSocketFactory() {
+ proxy = HttpsURLConnection.getDefaultSSLSocketFactory();
+ }
+
+ public static InternalSSLSocketFactory getInstance() {
+ return instance;
+ }
+
+ @Override
+ public Socket createSocket() throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket();
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(String arg0, int arg1) throws IOException,
+ UnknownHostException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1);
+
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(InetAddress arg0, int arg1) throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1);
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3)
+ throws IOException, UnknownHostException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2,
+ int arg3) throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
+ return sslSocket;
+ }
+
+ @Override
+ public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3)
+ throws IOException {
+ sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3);
+ return sslSocket;
+ }
+
+ @Override
+ public String[] getDefaultCipherSuites() {
+ return proxy.getDefaultCipherSuites();
+ }
+
+ @Override
+ public String[] getSupportedCipherSuites() {
+ return proxy.getSupportedCipherSuites();
+ }
+
+ public boolean isEgovAgency() {
+ log.info("Checking if server is egov agency");
+ if (sslSocket != null) {
+ try {
+ X509Certificate cert = (X509Certificate) sslSocket.getSession()
+ .getPeerCertificates()[0];
+ log.info("Server cert: " + cert);
+ return isGovAgency(cert);
+ } catch (SSLPeerUnverifiedException e) {
+ log.error(e);
+ return false;
+ }
+ }
+ log.info("Not a SSL connection");
+ return false;
+ }
+
+ public static boolean isGovAgency(X509Certificate cert) {
+ String[] rdns = (cert.getSubjectX500Principal().getName()).split(",");
+ for (String rdn : rdns) {
+ if (rdn.startsWith("CN=")) {
+ String dns = rdn.split("=")[1];
+ if (dns.endsWith(GOV_DOMAIN)) {
+ return true;
+ }
+ }
+ }
+ try {
+ Collection<List<?>> sanList = cert.getSubjectAlternativeNames();
+ if (sanList != null) {
+ for (List<?> san : sanList) {
+ if ((Integer) san.get(0) == 2) {
+ String dns = (String) san.get(1);
+ if (dns.endsWith(GOV_DOMAIN)) {
+ return true;
+ }
+ }
+ }
+ }
+ } catch (CertificateParsingException e) {
+ log.error(e);
+ }
+ if ((cert.getExtensionValue("1.2.40.0.10.1.1.1") != null)
+ || (cert.getExtensionValue("1.2.40.0.10.1.1.2") != null)) {
+ return true;
+ }
+ return false;
+ }
}