diff options
Diffstat (limited to 'BKUApplet/src/main/java')
3 files changed, 154 insertions, 139 deletions
diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java index 03e4b7c9..3903bf10 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/AppletBKUWorker.java @@ -35,10 +35,11 @@ import java.net.MalformedURLException; import java.net.URL; import java.util.ArrayList; import java.util.List; +import javax.xml.bind.JAXBElement; import javax.xml.namespace.QName; /** - * + * * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> */ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { @@ -47,8 +48,10 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { protected AppletParameterProvider params; protected String sessionId; protected STALPortType stalPort; + private ObjectFactory stalObjFactory = new ObjectFactory(); - public AppletBKUWorker(BKUGUIFacade gui, AppletContext ctx, AppletParameterProvider paramProvider) { + public AppletBKUWorker(BKUGUIFacade gui, AppletContext ctx, + AppletParameterProvider paramProvider) { super(gui); if (ctx == null) { throw new NullPointerException("Applet context not provided"); @@ -88,11 +91,16 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { try { registerSignRequestHandler(); - ObjectFactory of = new ObjectFactory(); - GetNextRequestResponseType nextRequestResp = stalPort.connect(sessionId); do { - List<RequestType> requests = nextRequestResp.getInfoboxReadRequestOrSignRequestOrQuitRequest(); + List<JAXBElement<? extends RequestType>> requests = nextRequestResp.getInfoboxReadRequestOrSignRequestOrQuitRequest(); + + // (rather use validator) + if (requests.size() == 0) { + log.error("Received empty NextRequestResponse: no STAL requests to handle. (STAL-X requests might not have gotten unmarshalled)"); + throw new Exception("No STAL requests to handle."); + } + List<STALRequest> stalRequests = STALTranslator.translateRequests(requests); if (log.isInfoEnabled()) { @@ -114,13 +122,13 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { String domainId = r.getDomainIdentifier(); if ("IdentityLink".equals(infoboxId) && domainId == null) { if (!InternalSSLSocketFactory.getInstance().isEgovAgency()) { - handle = false; + handle = false; } } } } - List<ResponseType> responses; + List<JAXBElement<? extends ResponseType>> responses; if (handle) { List<STALResponse> stalResponses = handleRequest(stalRequests); if (log.isInfoEnabled()) { @@ -134,16 +142,17 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { } responses = STALTranslator.fromSTAL(stalResponses); } else { - responses = new ArrayList<ResponseType>(1); - ErrorResponseType err = of.createErrorResponseType(); + log.error("Insufficient rights to execute command InfoboxReadRequest for Infobox IdentityLink, return Error 6002"); + responses = new ArrayList<JAXBElement<? extends ResponseType>>(1); + ErrorResponseType err = stalObjFactory.createErrorResponseType(); err.setErrorCode(6002); // err.setErrorMessage(); - responses.add(err); + responses.add(stalObjFactory.createGetNextRequestTypeErrorResponse(err)); } if (!finished) { log.info("Not finished yet (BKUWorker: " + this + "), sending responses"); - GetNextRequestType nextRequest = of.createGetNextRequestType(); + GetNextRequestType nextRequest = stalObjFactory.createGetNextRequestType(); nextRequest.setSessionId(sessionId); nextRequest.getInfoboxReadResponseOrSignResponseOrErrorResponse().addAll(responses); nextRequestResp = stalPort.getNextRequest(nextRequest); @@ -158,16 +167,17 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { } catch (InterruptedException e) { log.error(e); } - } - if (signatureCard != null) { - signatureCard.disconnect(false); + if (signatureCard != null) { + signatureCard.disconnect(false); + } } sendRedirect(); } protected void sendRedirect() { try { - URL redirectURL = params.getURLParameter(BKUApplet.REDIRECT_URL, sessionId); + URL redirectURL = params.getURLParameter(BKUApplet.REDIRECT_URL, + sessionId); String redirectTarget = params.getAppletParameter(BKUApplet.REDIRECT_TARGET); if (redirectTarget == null) { log.info("Done. Redirecting to " + redirectURL + " ..."); @@ -185,7 +195,8 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { private STALPortType getSTALPort() throws MalformedURLException { URL wsdlURL = params.getURLParameter(BKUApplet.WSDL_URL); log.debug("STAL WSDL at " + wsdlURL); - QName endpointName = new QName(BKUApplet.STAL_WSDL_NS, BKUApplet.STAL_SERVICE); + QName endpointName = new QName(BKUApplet.STAL_WSDL_NS, + BKUApplet.STAL_SERVICE); STALService stal = new STALService(wsdlURL, endpointName); return stal.getSTALPort(); } @@ -193,13 +204,16 @@ public class AppletBKUWorker extends AbstractBKUWorker implements Runnable { private void registerSignRequestHandler() throws MalformedURLException { String hashDataDisplayStyle = params.getAppletParameter(BKUApplet.HASHDATA_DISPLAY); if (BKUApplet.HASHDATA_DISPLAY_BROWSER.equals(hashDataDisplayStyle)) { - URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, sessionId); + URL hashDataURL = params.getURLParameter(BKUApplet.HASHDATA_URL, + sessionId); log.debug("register SignRequestHandler for HashDataURL " + hashDataURL); - addRequestHandler(SignRequest.class, new BrowserHashDataDisplay(ctx, hashDataURL)); + addRequestHandler(SignRequest.class, new BrowserHashDataDisplay(ctx, + hashDataURL)); } else { - //BKUApplet.HASHDATA_DISPLAY_FRAME + // BKUApplet.HASHDATA_DISPLAY_FRAME log.debug("register SignRequestHandler for STAL port " + BKUApplet.WSDL_URL); - AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, sessionId); + AppletHashDataDisplay handler = new AppletHashDataDisplay(stalPort, + sessionId); addRequestHandler(SignRequest.class, handler); } } diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java index d0eed607..d0f6d489 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUApplet.java @@ -75,7 +75,7 @@ public class BKUApplet extends JApplet implements AppletParameterProvider { /** * Factory method to create and wire HelpListener, GUI and BKUWorker. - * (Config via applet parameters as constants BKUApplet.*) + * (Config via applet parameters, see BKUApplet.* constants) */ @Override public void init() { @@ -83,7 +83,7 @@ public class BKUApplet extends JApplet implements AppletParameterProvider { log.debug("Called init()"); HttpsURLConnection.setDefaultSSLSocketFactory(InternalSSLSocketFactory.getInstance()); - + String locale = getAppletParameter(LOCALE); if (locale != null) { this.setLocale(new Locale(locale)); diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java index c3417d63..a02e56eb 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/InternalSSLSocketFactory.java @@ -36,121 +36,122 @@ import org.apache.commons.logging.LogFactory; public class InternalSSLSocketFactory extends SSLSocketFactory { - private final static String GOV_DOMAIN = ".gv.at"; - - private static InternalSSLSocketFactory instance = new InternalSSLSocketFactory(); - - private final static Log log = LogFactory - .getLog(InternalSSLSocketFactory.class); - - private SSLSocket sslSocket; - - private SSLSocketFactory proxy; - - private InternalSSLSocketFactory() { - proxy = HttpsURLConnection.getDefaultSSLSocketFactory(); - } - - public static InternalSSLSocketFactory getInstance() { - return instance; - } - - @Override - public Socket createSocket() throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(); - return sslSocket; - } - - @Override - public Socket createSocket(String arg0, int arg1) throws IOException, - UnknownHostException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1); - - return sslSocket; - } - - @Override - public Socket createSocket(InetAddress arg0, int arg1) throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1); - return sslSocket; - } - - @Override - public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3) - throws IOException, UnknownHostException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); - return sslSocket; - } - - @Override - public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, - int arg3) throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); - return sslSocket; - } - - @Override - public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3) - throws IOException { - sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); - return sslSocket; - } - - @Override - public String[] getDefaultCipherSuites() { - return proxy.getDefaultCipherSuites(); - } - - @Override - public String[] getSupportedCipherSuites() { - return proxy.getSupportedCipherSuites(); - } - - public boolean isEgovAgency() { - log.info("Checking if server is egov agency"); - if (sslSocket != null) { - try { - X509Certificate cert = (X509Certificate) sslSocket.getSession() - .getPeerCertificates()[0]; - log.info("Server cert: " + cert); - return isGovAgency(cert); - } catch (SSLPeerUnverifiedException e) { - log.error(e); - return false; - } - } - log.info("Not a SSL connection"); - return false; - } - - public static boolean isGovAgency(X509Certificate cert) { - String[] rdns = (cert.getSubjectX500Principal().getName()).split(","); - for (String rdn : rdns) { - if (rdn.startsWith("CN=")) { - String dns = rdn.split("=")[1]; - if (dns.endsWith(GOV_DOMAIN)) { - return true; - } - } - } - try { - Collection<List<?>> sanList = cert.getSubjectAlternativeNames(); - if (sanList != null) { - for (List<?> san : sanList) { - if ((Integer) san.get(0) == 2) { - String dns = (String) san.get(1); - if (dns.endsWith(GOV_DOMAIN)) { - return true; - } - } - } - } - } catch (CertificateParsingException e) { - log.error(e); - } - if (cert.getExtensionValue("1.2.40.0.10.1.1.1") != null) { - return true; - } - return false; - } + private final static String GOV_DOMAIN = ".gv.at"; + + private static InternalSSLSocketFactory instance = new InternalSSLSocketFactory(); + + private final static Log log = LogFactory + .getLog(InternalSSLSocketFactory.class); + + private SSLSocket sslSocket; + + private SSLSocketFactory proxy; + + private InternalSSLSocketFactory() { + proxy = HttpsURLConnection.getDefaultSSLSocketFactory(); + } + + public static InternalSSLSocketFactory getInstance() { + return instance; + } + + @Override + public Socket createSocket() throws IOException { + sslSocket = (SSLSocket) proxy.createSocket(); + return sslSocket; + } + + @Override + public Socket createSocket(String arg0, int arg1) throws IOException, + UnknownHostException { + sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1); + + return sslSocket; + } + + @Override + public Socket createSocket(InetAddress arg0, int arg1) throws IOException { + sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1); + return sslSocket; + } + + @Override + public Socket createSocket(String arg0, int arg1, InetAddress arg2, int arg3) + throws IOException, UnknownHostException { + sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); + return sslSocket; + } + + @Override + public Socket createSocket(InetAddress arg0, int arg1, InetAddress arg2, + int arg3) throws IOException { + sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); + return sslSocket; + } + + @Override + public Socket createSocket(Socket arg0, String arg1, int arg2, boolean arg3) + throws IOException { + sslSocket = (SSLSocket) proxy.createSocket(arg0, arg1, arg2, arg3); + return sslSocket; + } + + @Override + public String[] getDefaultCipherSuites() { + return proxy.getDefaultCipherSuites(); + } + + @Override + public String[] getSupportedCipherSuites() { + return proxy.getSupportedCipherSuites(); + } + + public boolean isEgovAgency() { + log.info("Checking if server is egov agency"); + if (sslSocket != null) { + try { + X509Certificate cert = (X509Certificate) sslSocket.getSession() + .getPeerCertificates()[0]; + log.info("Server cert: " + cert); + return isGovAgency(cert); + } catch (SSLPeerUnverifiedException e) { + log.error(e); + return false; + } + } + log.info("Not a SSL connection"); + return false; + } + + public static boolean isGovAgency(X509Certificate cert) { + String[] rdns = (cert.getSubjectX500Principal().getName()).split(","); + for (String rdn : rdns) { + if (rdn.startsWith("CN=")) { + String dns = rdn.split("=")[1]; + if (dns.endsWith(GOV_DOMAIN)) { + return true; + } + } + } + try { + Collection<List<?>> sanList = cert.getSubjectAlternativeNames(); + if (sanList != null) { + for (List<?> san : sanList) { + if ((Integer) san.get(0) == 2) { + String dns = (String) san.get(1); + if (dns.endsWith(GOV_DOMAIN)) { + return true; + } + } + } + } + } catch (CertificateParsingException e) { + log.error(e); + } + if ((cert.getExtensionValue("1.2.40.0.10.1.1.1") != null) + || (cert.getExtensionValue("1.2.40.0.10.1.1.2") != null)) { + return true; + } + return false; + } } |