diff options
Diffstat (limited to 'BKUOnline/src/main')
47 files changed, 5888 insertions, 0 deletions
diff --git a/BKUOnline/src/main/custom-binding/cardchannel-custom.xml b/BKUOnline/src/main/custom-binding/cardchannel-custom.xml new file mode 100644 index 00000000..b46aa6a8 --- /dev/null +++ b/BKUOnline/src/main/custom-binding/cardchannel-custom.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- + Binding customization for STAL schema (stal.xsd) + Use JAXB version 2.1 which supports "schema component designator" (SCD, http://www.w3.org/TR/xmlschema-ref/) + + All request/response types are generated to at.gv.egiz.stal + and renamed (...Type suffix removed), + except for the base types of the modified implClasses ErrorResponse and SignRequest + + IMPORTANT: WHEN REGENERATING CLASSES MAKE SURE TO BACKUP MODIFIED IMPLCLASSES (ErrorResponse and SignRequest) +--> +<bindings xmlns='http://java.sun.com/xml/ns/jaxb' version='2.1' + xmlns:xs='http://www.w3.org/2001/XMLSchema' + xmlns:xjc='http://java.sun.com/xml/ns/jaxb/xjc' + xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' + schemaLocation='../wsdl/CardChannel.xsd' + xsi:schemaLocation='http://java.sun.com/xml/ns/jaxb http://java.sun.com/xml/ns/jaxb/bindingschema_2_0.xsd + http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema.xsd'> + + <!-- cannot use scd, CardChannel.xsd has no namespace?! --> + <schemaBindings> + <package name="at.buergerkarte.namespaces.cardchannel.service"/> + </schemaBindings> +</bindings> diff --git a/BKUOnline/src/main/custom-binding/stalservice-custom.xml b/BKUOnline/src/main/custom-binding/stalservice-custom.xml new file mode 100644 index 00000000..7c5f604d --- /dev/null +++ b/BKUOnline/src/main/custom-binding/stalservice-custom.xml @@ -0,0 +1,116 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- + Binding customization for STAL service (stal.wsdl) + JAX-WS does not yet support "schema component designator"s (SCD, http://www.w3.org/TR/xmlschema-ref/) +--> +<bindings xmlns="http://java.sun.com/xml/ns/jaxws" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" + wsdlLocation="../wsdl/stal-service.wsdl"> + + + <!-- default settings + <enableWrapperStyle>true</enableWrapperStyle> + <enableAsyncMapping>false</enableAsyncMapping--> + <package name="at.gv.egiz.stal.service" /> + + <!-- wsdl:portType customization --> + <bindings node="wsdl:definitions/wsdl:portType[@name='STALPortType']"> + <!-- change generated SEI class --> + <!--class name="STALServiceI" /--> + + <!-- override default settings --> + <enableWrapperStyle>true</enableWrapperStyle> + <enableAsyncMapping>false</enableAsyncMapping> + </bindings> + + <!-- wsdl:portType operation customization --> + <bindings node="wsdl:definitions/wsdl:portType[@name='STALPortType']/wsdl:operation[@name='connect']"> + <!-- rename method name --> + <method name="connect"> + <javadoc>Initial connection, get the first request.</javadoc> + </method> + + <!-- rename method params --> + <parameter part="wsdl:definitions/wsdl:message[@name='ConnectRequest']/wsdl:part[@name='part1']" name="sessionId" /> + + <!-- override default settings --> + <enableWrapperStyle>true</enableWrapperStyle> + <enableAsyncMapping>false</enableAsyncMapping> + </bindings> + + <bindings node="wsdl:definitions/wsdl:portType[@name='STALPortType']/wsdl:operation[@name='nextRequest']"> + <!-- rename method name --> + <method name="getNextRequest"> + <javadoc>Fetch the next request.</javadoc> + </method> + + <!-- rename method params --> + <parameter part="wsdl:definitions/wsdl:message[@name='NextRequestRequest']/wsdl:part[@name='part1']" name="request" /> + + <!-- override default settings --> + <enableWrapperStyle>true</enableWrapperStyle> + <enableAsyncMapping>false</enableAsyncMapping> + </bindings> + + <bindings node="wsdl:definitions/wsdl:portType[@name='STALPortType']/wsdl:operation[@name='getHashDataInput']"> + <!-- rename method name --> + <method name="getHashDataInput"> + <javadoc>Fetch the signed references corresponding to the previous SignatureRequest.</javadoc> + </method> + + <!-- rename method params --> + <parameter part="wsdl:definitions/wsdl:message[@name='GetHashDataInputRequest']/wsdl:part[@name='part1']" name="request" /> + + <!-- override default settings --> + <enableWrapperStyle>true</enableWrapperStyle> + <enableAsyncMapping>false</enableAsyncMapping> + </bindings> + + <!-- wsdl:service customization --> + <!--bindings node="wsdl:definitions/wsdl:service[@name='STALService']"> + <class name="STALService"/> + </bindings--> + + <!-- change the port accessor method --> + <!-- bindings node="wsdl:definitions/wsdl:service[@name='STALService']/wsdl:port[@name='STALPort']"> + <method name="getSTALServicePort"/> + </bindings --> + + <!-- INLINED SCHEMA CUSTOMIZATION + <bindings node="wsdl:definitions/wsdl:types/xsd:schema[@targetNamespace='http://danu.iaik.tugraz.at/xml']"> + <jaxb:schemaBindings> + <jaxb:package name="iaik.ws.sample.sandbox.generated.service.jaxb" /> + </jaxb:schemaBindings> + </bindings--> + + <!-- EXTERNAL SCHEMA CUSTOMIZATION in custom-jaxb.xml --> + + <!--bindings node="wsdl:definitions" xmlns:jws="http://java.sun.com/xml/ns/javaee"> + <jws:handler-chains> + <jws:handler-chain> + <jws:handler> + <jws:handler-class>fromwsdlhandler.common.LoggingHandler</jws:handler-class> + </jws:handler> + </jws:handler-chain> + </jws:handler-chains> + </bindings--> + +</bindings>
\ No newline at end of file diff --git a/BKUOnline/src/main/custom-binding/staltypes-custom.xml b/BKUOnline/src/main/custom-binding/staltypes-custom.xml new file mode 100644 index 00000000..2925fb91 --- /dev/null +++ b/BKUOnline/src/main/custom-binding/staltypes-custom.xml @@ -0,0 +1,47 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!-- + Binding customization for STAL schema (stal.xsd) + Use JAXB version 2.1 which supports "schema component designator" (SCD, http://www.w3.org/TR/xmlschema-ref/) + + All request/response types are generated to at.gv.egiz.stal + and renamed (...Type suffix removed), + except for the base types of the modified implClasses ErrorResponse and SignRequest + + IMPORTANT: WHEN REGENERATING CLASSES MAKE SURE TO BACKUP MODIFIED IMPLCLASSES (ErrorResponse and SignRequest) +--> +<bindings xmlns='http://java.sun.com/xml/ns/jaxb' version='2.1' + xmlns:xs='http://www.w3.org/2001/XMLSchema' + xmlns:stal="http://www.egiz.gv.at/stal" + xmlns:xjc='http://java.sun.com/xml/ns/jaxb/xjc' + xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' + xsi:schemaLocation='http://java.sun.com/xml/ns/jaxb http://java.sun.com/xml/ns/jaxb/bindingschema_2_0.xsd + http://www.w3.org/2001/XMLSchema http://www.w3.org/2001/XMLSchema.xsd'> + <bindings scd="x-schema::stal" xmlns:stal="http://www.egiz.gv.at/stal"> + <schemaBindings> + <!-- generate all classes to at.gv.egiz.stal, then move service-only classes to at.gv.egiz.stal.service --> + <package name="at.gv.egiz.stal.service.types"/> + </schemaBindings> + </bindings> + <!--bindings scd="/type::stal:RequestType"> + <class name="STALRequest"/> + </bindings> + <bindings scd="/type::stal:ResponseType"> + <class name="STALResponse"/> + </bindings--> +</bindings> diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java new file mode 100644 index 00000000..5795478b --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java @@ -0,0 +1,63 @@ +/*
+* Copyright 2008 Federal Chancellery Austria and
+* Graz University of Technology
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package at.gv.egiz.bku.online.accesscontroller;
+
+import java.io.IOException;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade;
+import at.gv.egiz.bku.conf.Configurator;
+
+public class SpringSecurityManager extends SecurityManagerFacade implements
+ ResourceLoaderAware {
+
+ private ResourceLoader resourceLoader;
+
+ private static Log log = LogFactory.getLog(SpringSecurityManager.class);
+
+ protected Configurator config;
+
+ public void setConfig(Configurator config) {
+ this.config = config;
+ }
+
+ public void init() {
+ String noMatch = config.getProperty("AccessController.acceptNoMatch");
+ if (noMatch != null) {
+ log.debug("Setting allow now match to: " + noMatch);
+ setAllowUnmatched(Boolean.getBoolean(noMatch));
+ }
+ String policy = config.getProperty("AccessController.policyResource");
+ log.info("Loading resource: " + policy);
+ try {
+ Resource res = resourceLoader.getResource(policy);
+ init(res.getInputStream());
+ } catch (IOException e) {
+ log.error(e);
+ }
+ }
+
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java new file mode 100644 index 00000000..6030c1c0 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -0,0 +1,127 @@ +/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.online.conf;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ResourceLoaderAware;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+
+import at.gv.egiz.bku.conf.Configurator;
+import at.gv.egiz.bku.online.webapp.SpringBKUServlet;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory;
+
+public class SpringConfigurator extends Configurator implements
+ ResourceLoaderAware {
+
+ private final static Log log = LogFactory.getLog(SpringConfigurator.class);
+
+ private ResourceLoader resourceLoader;
+
+ public void setResource(Resource resource) {
+ log.debug("Loading config from: " + resource);
+ if (resource != null) {
+ Properties props = new Properties();
+ try {
+ props.load(resource.getInputStream());
+ super.setConfiguration(props);
+ } catch (IOException e) {
+ log.error("Cannot load config", e);
+ }
+ } else {
+ log.warn("Cannot load properties, resource: " + resource);
+ }
+ }
+
+ public void configureNetwork() {
+ super.configureNetwork();
+ String appletTimeout = getProperty("AppletTimeout");
+ if ((appletTimeout != null)) {
+ try {
+ long ato = Long.parseLong(appletTimeout);
+ log.debug("Setting applet timeout to:"+ato);
+ RequestBrokerSTALFactory.setTimeout(ato);
+ } catch (NumberFormatException nfe) {
+ log.error("Cannot set Applettimeout", nfe);
+ }
+
+ }
+ }
+
+ public void configure() {
+ super.configure();
+ SpringBKUServlet.setConfigurator(this);
+ }
+
+ @Override
+ public void setResourceLoader(ResourceLoader loader) {
+ this.resourceLoader = loader;
+ }
+
+ private File getDirectory(String property) {
+ if (property != null) {
+ Resource certDirRes = resourceLoader.getResource(property);
+ File certDir;
+ try {
+ certDir = certDirRes.getFile();
+ } catch (IOException e) {
+ log.error("Cannot get cert directory", e);
+ throw new SLRuntimeException(e);
+ }
+ if (!certDir.isDirectory()) {
+ log.error("Expecting directory as SSL.certDirectory parameter");
+ throw new SLRuntimeException(
+ "Expecting directory as SSL.certDirectory parameter");
+ }
+ return certDir;
+ }
+ return null;
+
+ }
+
+ @Override
+ protected File getCADir() {
+ String caDirectory = getProperty("SSL.caDirectory");
+ return getDirectory(caDirectory);
+ }
+
+ @Override
+ protected File getCertDir() {
+ String certDirectory = getProperty("SSL.certDirectory");
+ return getDirectory(certDirectory);
+ }
+
+ @Override
+ protected InputStream getManifest() {
+ Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF");
+ if (r != null) {
+ try {
+ return r.getInputStream();
+ } catch (IOException e) {
+ log.error("Cannot read manifest data:", e);
+ }
+ }
+ return null;
+ }
+}
\ No newline at end of file diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java new file mode 100644 index 00000000..24938cd5 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/AppletDispatcher.java @@ -0,0 +1,113 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.bku.online.webapp; + +import java.io.IOException; +import java.util.regex.Pattern; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * prevent applet caching, + * could be removed once applet is loaded via jnlp + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class AppletDispatcher extends HttpServlet { + + protected final static Log log = LogFactory.getLog(AppletDispatcher.class); + + public static final String DISPATCH_CTX = "dispatch/"; + public static final String RAND_PREFIX = "__"; + public static final String RAND_ATTRIBUTE = "rand"; + public static final Pattern ctxPattern = Pattern.compile(DISPATCH_CTX); + public static final Pattern archivePattern = Pattern.compile(RAND_PREFIX + "[a-zA-Z0-9]*\\.jar$"); + + /** + * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + + String uri = request.getRequestURI(); +// log.trace("request URI " + uri); + + uri = uri.substring(request.getContextPath().length()); +// log.trace("removing contextPath " + uri); + + uri = ctxPattern.matcher(uri).replaceAll(""); +// log.trace("removing dispatch context " + uri); + + uri = archivePattern.matcher(uri).replaceAll(".jar"); +// log.trace("removing random suffix " + uri); + + if (log.isTraceEnabled()) { + log.trace("dispatching request URI " + request.getRequestURI() + + " to " + uri); + } + + RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(uri); + dispatcher.forward(request, response); + } + + // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code."> + /** + * Handles the HTTP <code>GET</code> method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP <code>POST</code> method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// </editor-fold> + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java new file mode 100644 index 00000000..7dfec211 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java @@ -0,0 +1,317 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.online.webapp; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URL; +import java.net.URLEncoder; +import java.util.Arrays; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Locale; +import java.util.Map; +import java.util.regex.Pattern; + +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.BindingProcessor; +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.binding.IdFactory; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; + +/** + * Handles SL requests and instantiates BindingProcessors + * + */ +public class BKURequestHandler extends SpringBKUServlet { + + private static final long serialVersionUID = 1L; + + public static final String APPLET_PAGE_P = "appletPage"; + public static final String APPLET_PAGE_DEFAULT = "BKUApplet"; + + public static final String PARAM_APPLET_WIDTH = "appletWidth"; + public static final String ATTR_APPLET_WIDTH = "appletWidth"; + + public static final String PARAM_APPLET_HEIGHT = "appletHeight"; + public static final String ATTR_APPLET_HEIGHT = "appletHeight"; + + public static final String PARAM_APPLET_BACKGROUND = "appletBackground"; + public static final String ATTR_APPLET_BACKGROUND = "appletBackground"; + + public static final String PARAM_APPLET_BACKGROUND_COLOR = "appletBackgroundColor"; + public static final String ATTR_APPLET_BACKGROUND_COLOR = "appletBackgroundColor"; + public static final Pattern PATTERM_APPLET_BACKGROUND_COLOR = Pattern.compile("\\#[0-9a-fA-F]{6}"); + + public static final String PARAM_APPLET_GUI_STYLE = "appletGuiStyle"; + public static final String ATTR_APPLET_GUI_STYLE = "appletGuiStyle"; + public static final String[] VALUES_APPLET_GUI_STYLE = new String[] {"tiny", "simple", "advanced"}; + + public static final String PARAM_APPLET_EXTENSION = "appletExtension"; + public static final String ATTR_APPLET_EXTENSION = "appletExtension"; + public static final String[] VALUES_APPLET_EXTENSION = new String[] {"pin", "activation"}; + + public static final String PARAM_LOCALE = "locale"; + public static final String ATTR_LOCALE = "locale"; + public static final Pattern PATTERN_LOCALE = Pattern.compile("[a-zA-Z][a-zA-Z](_[a-zA-Z][a-zA-Z]){0,2}"); + + public final static String REDIRECT_URL_SESSION_ATTRIBUTE = "redirectUrl"; + + protected Log log = LogFactory.getLog(BKURequestHandler.class); + + private static String getStringFromStream(InputStream is, String encoding) + throws IOException { + if (is == null) { + return null; + } + if (encoding == null) { + encoding = HttpUtil.DEFAULT_CHARSET; + } + ByteArrayOutputStream os = new ByteArrayOutputStream(); + StreamUtil.copyStream(is, os); + return new String(os.toByteArray(), encoding); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + log.debug("Received SecurityLayer request"); + + HttpSession session = req.getSession(false); + if (session != null) { + log.warn("Already a session with id: " + session.getId() + + " active, trying to get Bindingprocessor"); + BindingProcessor bp = getBindingProcessorManager().getBindingProcessor( + IdFactory.getInstance().createId(session.getId())); + if (bp != null) { + log.debug("Found binding processor, using this one"); + String appletPage = getStringFromStream( + ((HTTPBindingProcessor) bp).getFormData(APPLET_PAGE_P), + req.getCharacterEncoding()); + getDispatcher(appletPage).forward(req, resp); + return; + } + log.debug("Did not find a binding processor, creating new ..."); + } + session = req.getSession(true); + if (log.isDebugEnabled()) { + log.debug("Using session id: " + session.getId()); + } + + String acceptLanguage = req.getHeader("Accept-Language"); + Locale locale = AcceptLanguage.getLocale(acceptLanguage); + log.debug("Accept-Language locale: " + locale); + + HTTPBindingProcessor bindingProcessor; + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor(req.getRequestURL().toString(), + session.getId(), locale); + + Map<String, String> headerMap = new HashMap<String, String>(); + for (Enumeration<String> headerName = req.getHeaderNames(); headerName + .hasMoreElements();) { + String header = headerName.nextElement(); + if (header != null) { + headerMap.put(header, req.getHeader(header)); + } + } + String charset = req.getCharacterEncoding(); + String contentType = req.getContentType(); + if (charset != null) { + contentType += ";" + charset; + } + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + bindingProcessor.setHTTPHeaders(headerMap); + bindingProcessor.consumeRequestStream(req.getInputStream()); + req.getInputStream().close(); + getBindingProcessorManager().process(bindingProcessor); + + log.trace("Trying to find applet parameters in request"); + + // appletWidth + String width = getStringFromStream(bindingProcessor + .getFormData(PARAM_APPLET_WIDTH), charset); + if (width != null) { + try { + // must be a valid integer + session.setAttribute(ATTR_APPLET_WIDTH, Integer.parseInt(width)); + log.trace("Found parameter " + PARAM_APPLET_WIDTH + "='" + width +"'."); + } catch (NumberFormatException nfe) { + log.warn("Applet parameter " + PARAM_APPLET_WIDTH + + " does not contain a valid value.", nfe); + } + } + + // appletHeight + String height = getStringFromStream(bindingProcessor + .getFormData(PARAM_APPLET_HEIGHT), charset); + if (height != null) { + try { + // must be a valid integer + session.setAttribute(ATTR_APPLET_HEIGHT, Integer.parseInt(height)); + log.trace("Found parameter " + PARAM_APPLET_HEIGHT + "='" + height + "'."); + } catch (NumberFormatException nfe) { + log.warn("Applet parameter " + PARAM_APPLET_HEIGHT + + " does not contain a valid value.", nfe); + } + } + + // appletBackground + String background = getStringFromStream(bindingProcessor + .getFormData(PARAM_APPLET_BACKGROUND), charset); + if (background != null) { + session.setAttribute(ATTR_APPLET_BACKGROUND, background); + try { + // must be a valid http or https URL + URI backgroundURL = new URI(background); + if ("http".equals(backgroundURL.getScheme()) + || "https".equals(backgroundURL.getScheme())) { + session.setAttribute(ATTR_APPLET_BACKGROUND, backgroundURL.toASCIIString()); + log.trace("Found parameter " + PARAM_APPLET_BACKGROUND + "='" + + backgroundURL.toASCIIString() + "'."); + } else { + log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND + "='" + + background + "' is not a valid http/https URL."); + } + } catch (URISyntaxException e) { + log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND + "='" + + background + "' is not a valid http/https URL.", e); + } + } + + // appletBackgroundColor + String backgroundColor = getStringFromStream(bindingProcessor + .getFormData(PARAM_APPLET_BACKGROUND_COLOR), charset); + if (backgroundColor != null) { + // must be a valid color definition + if (PATTERM_APPLET_BACKGROUND_COLOR.matcher(backgroundColor).matches()) { + session.setAttribute(ATTR_APPLET_BACKGROUND_COLOR, backgroundColor); + log.trace("Faund parameter " + PARAM_APPLET_BACKGROUND_COLOR + "='" + + backgroundColor + "'."); + } else { + log.warn("Applet parameter " + PARAM_APPLET_BACKGROUND_COLOR + "='" + + backgroundColor + "' is not a valid color definition (must be of form '#hhhhhh')."); + } + } + + // appletGuiStyle + String guiStyle = getStringFromStream(bindingProcessor + .getFormData(PARAM_APPLET_GUI_STYLE), charset); + if (guiStyle != null) { + // must be one of VALUES_APPLET_GUI_STYLE + String style = guiStyle.toLowerCase(); + if (Arrays.asList(VALUES_APPLET_GUI_STYLE).contains(style)) { + session.setAttribute(ATTR_APPLET_GUI_STYLE, style); + log.trace("Found parameter " + PARAM_APPLET_GUI_STYLE + "='" + + style + "'."); + } else { + StringBuilder sb = new StringBuilder(); + sb.append("Applet parameter ").append(PARAM_APPLET_GUI_STYLE).append( + "='").append(guiStyle).append("' is not valid (must be one of ") + .append(Arrays.toString(VALUES_APPLET_GUI_STYLE)).append(")."); + log.warn(sb); + } + } + + // appletExtension + String extension = getStringFromStream(bindingProcessor + .getFormData(PARAM_APPLET_EXTENSION), charset); + if (extension != null) { + // must be one of VALUES_APPLET_EXTENSION + String ext = extension.toLowerCase(); + if (Arrays.asList(VALUES_APPLET_EXTENSION).contains(ext)) { + session.setAttribute(ATTR_APPLET_EXTENSION, ext); + log.trace("Found parameter " + PARAM_APPLET_EXTENSION + "='" + + ext + "'."); + } else { + StringBuilder sb = new StringBuilder(); + sb.append("Applet parameter ").append(PARAM_APPLET_EXTENSION).append( + "='").append(extension).append("' is not valid (must be one of ") + .append(Arrays.toString(VALUES_APPLET_EXTENSION)).append(")."); + log.warn(sb); + } + } + + // locale + String localeFormParam = getStringFromStream(bindingProcessor + .getFormData(PARAM_LOCALE), charset); + if (localeFormParam != null) { + // must be a valid locale + if (PATTERN_LOCALE.matcher(localeFormParam).matches()) { + locale = new Locale(localeFormParam); + log.debug("Overrule accept-language header locale " + locale + + " with form param " + localeFormParam + "."); + } else { + log.warn("Parameter " + PARAM_LOCALE + "='" + localeFormParam + + "' is not a valid locale definition."); + } + } + if (locale != null) { + log.debug("Using locale " + locale); + session.setAttribute(ATTR_LOCALE, locale.toString()); + } + + // handle server side redirect url after processing + String redirectUrl = bindingProcessor.getRedirectURL(); + if ( redirectUrl != null) { + log.info("Got redirect URL "+redirectUrl+". Deferring browser redirect."); + session.setAttribute(REDIRECT_URL_SESSION_ATTRIBUTE, redirectUrl); + } + + String appletPage = getStringFromStream(bindingProcessor + .getFormData(APPLET_PAGE_P), charset); + getDispatcher(appletPage).forward(req, resp); + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + doPost(req, resp); + } + + private RequestDispatcher getDispatcher(String appletPage) { + RequestDispatcher dispatcher = null; + if (appletPage != null) { + log.trace("requested appletPage " + appletPage); + dispatcher = getServletContext().getNamedDispatcher(appletPage); + } + if (dispatcher == null) { + log.debug("no appletPage requested or appletPage not configured, using default"); + appletPage = APPLET_PAGE_DEFAULT; + dispatcher = getServletContext().getNamedDispatcher(appletPage); + } +// session.setAttribute(APPLET_PAGE_P, appletPage); + log.debug("forward to applet " + appletPage); + + return dispatcher; + } + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java new file mode 100644 index 00000000..5ffe2399 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java @@ -0,0 +1,154 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.online.webapp; + +import java.io.IOException; +import java.util.Iterator; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.binding.IdFactory; +import at.gv.egiz.bku.conf.Configurator; +import at.gv.egiz.bku.utils.NullOutputStream; + +/** + * Delivers the result to the browser + * + */ +public class ResultServlet extends SpringBKUServlet { + + private final static Log log = LogFactory.getLog(ResultServlet.class); + + private String encoding = "UTF-8"; + private String expiredPage = "./expiredError.jsp"; + + public ResultServlet() { + } + + private void myInit() { + String enc = getServletContext().getInitParameter("responseEncoding"); + if (enc != null) { + log.debug("Init default encoding to: " + enc); + encoding = enc; + } + String expP = getServletConfig().getInitParameter("expiredPage"); + if (expP != null) { + log.debug("Init expired page to: " + expP); + expiredPage = expP; + } + } + + @Override + public void init() throws ServletException { + super.init(); + myInit(); + } + + @Override + public void init(ServletConfig config) throws ServletException { + super.init(config); + myInit(); + } + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + doGet(req, resp); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + String version = configurator.getProperty(Configurator.SIGNATURE_LAYOUT); + if ((version != null) && (!"".equals(version.trim()))) { + log.debug("setting SignatureLayout header to " + version); + resp.setHeader(Configurator.SIGNATURE_LAYOUT, version); + } else { + log.debug("do not set SignatureLayout header"); + } + + if (configurator.getProperty(Configurator.USERAGENT_CONFIG_P) != null) { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, configurator + .getProperty(Configurator.USERAGENT_CONFIG_P)); + } else { + resp.setHeader(HttpUtil.HTTP_HEADER_SERVER, + Configurator.USERAGENT_DEFAULT); + } + + HttpSession session = req.getSession(false); + if (session == null) { + resp.sendRedirect(expiredPage); + return; + } + String sessionId = session.getId(); + if (sessionId == null) { + resp.sendRedirect(expiredPage); + return; + } + log.debug("Got a result request for session: " + sessionId); + HTTPBindingProcessor bp = (HTTPBindingProcessor) getBindingProcessorManager() + .getBindingProcessor(IdFactory.getInstance().createId(sessionId)); + if (bp == null) { + session.invalidate(); + resp.sendRedirect(expiredPage); + return; + } + String redirectUrl = (String) session + .getAttribute(BKURequestHandler.REDIRECT_URL_SESSION_ATTRIBUTE); + if (redirectUrl == null) { + redirectUrl = bp.getRedirectURL(); + } + if (redirectUrl != null) { + try { + bp.writeResultTo(new NullOutputStream(), encoding); + getBindingProcessorManager().removeBindingProcessor(bp.getId()); + } finally { + log.info("Executing deferred browser redirect to: " + redirectUrl); + resp.sendRedirect(redirectUrl); + session.invalidate(); + } + return; + } + + log.trace("setting response code: " + bp.getResponseCode()); + resp.setStatus(bp.getResponseCode()); + resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1 + resp.setHeader("Pragma", "no-cache"); // HTTP 1.0 + resp.setDateHeader("Expires", 0); + for (Iterator<String> it = bp.getResponseHeaders().keySet().iterator(); it + .hasNext();) { + String header = it.next(); + if (log.isTraceEnabled()) { + log.trace("setting response header " + header + ": " + bp.getResponseHeaders().get(header)); + } + resp.setHeader(header, bp.getResponseHeaders().get(header)); + } + resp.setContentType(bp.getResultContentType()); + resp.setCharacterEncoding(encoding); + bp.writeResultTo(resp.getOutputStream(), encoding); + resp.getOutputStream().flush(); + session.invalidate(); + getBindingProcessorManager().removeBindingProcessor(bp.getId()); + } +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java new file mode 100644 index 00000000..2b56166c --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SessionTimeout.java @@ -0,0 +1,49 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.online.webapp;
+
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.BindingProcessorManager;
+import at.gv.egiz.bku.binding.IdFactory;
+
+/**
+ * Session listener to trigger the removal of the BindingProcessor
+ *
+ */
+public class SessionTimeout implements HttpSessionListener {
+
+ private static Log log = LogFactory.getLog(SessionTimeout.class);
+
+ @Override
+ public void sessionCreated(HttpSessionEvent arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void sessionDestroyed(HttpSessionEvent event) {
+ BindingProcessorManager manager = (BindingProcessorManager) event.getSession().getServletContext().getAttribute(SpringBKUServlet.BEAN_NAME);
+ log.info("Removing session: "+event.getSession().getId());
+ manager.removeBindingProcessor(IdFactory.getInstance().createId(event.getSession().getId()));
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java new file mode 100644 index 00000000..741b5e32 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ShutdownHandler.java @@ -0,0 +1,48 @@ +/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package at.gv.egiz.bku.online.webapp;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.springframework.context.ApplicationEvent;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextClosedEvent;
+
+import at.gv.egiz.bku.binding.BindingProcessorManager;
+
+public class ShutdownHandler implements ApplicationListener {
+
+ private static Log log = LogFactory.getLog(ShutdownHandler.class);
+
+ private BindingProcessorManager bindingProcessorManager;
+
+ public void setBindingProcessorManager(
+ BindingProcessorManager bindingProcessorManager) {
+ this.bindingProcessorManager = bindingProcessorManager;
+ }
+
+ @Override
+ public void onApplicationEvent(ApplicationEvent event) {
+ if (event instanceof ContextClosedEvent) {
+ log.info("Shutting down BKU");
+ bindingProcessorManager.shutdownNow();
+ }
+
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java new file mode 100644 index 00000000..2c6f522e --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java @@ -0,0 +1,37 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.online.webapp;
+
+import javax.servlet.http.HttpServlet; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.conf.Configurator; +
+public abstract class SpringBKUServlet extends HttpServlet {
+
+ public final static String BEAN_NAME="bindingProcessorManager"; + + protected static Configurator configurator; + + protected BindingProcessorManager getBindingProcessorManager() {
+ return (BindingProcessorManager) getServletContext().getAttribute(BEAN_NAME);
+ } + + public static void setConfigurator(Configurator conf) { + configurator = conf; + }
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java new file mode 100644 index 00000000..305d8c1c --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java @@ -0,0 +1,45 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package at.gv.egiz.stal.service.impl; + +import java.util.Locale; + +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.STALFactory; + +/** + * + * @author clemens + */ +public class RequestBrokerSTALFactory implements STALFactory { + + private static long timeout = -1; + + @Override + public STAL createSTAL() { + return new STALRequestBrokerImpl(timeout); + } + + @Override + public void setLocale(Locale locale) { + } + + public static void setTimeout(long millisec) { + timeout = millisec; + } +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBroker.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBroker.java new file mode 100644 index 00000000..b77f7660 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBroker.java @@ -0,0 +1,41 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ + +package at.gv.egiz.stal.service.impl; + +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.service.types.RequestType; +import at.gv.egiz.stal.service.types.ResponseType; +import java.util.List; +import javax.xml.bind.JAXBElement; + +/** + * + * @author clemens + */ +public interface STALRequestBroker extends STAL { + + public static final int ERR_4500 = 4500; + public static final long DEFAULT_TIMEOUT_MS = 1000*60*5; //5mn + + public List<JAXBElement<? extends RequestType>> connect(); + + public List<JAXBElement<? extends RequestType>> nextRequest(List<JAXBElement<? extends ResponseType>> responses); + + public List<HashDataInput> getHashDataInput(); +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java new file mode 100644 index 00000000..a2447ab7 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java @@ -0,0 +1,324 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package at.gv.egiz.stal.service.impl; + +import at.gv.egiz.stal.ErrorResponse; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.SignRequest; +import at.gv.egiz.stal.service.translator.STALTranslator; +import at.gv.egiz.stal.service.translator.TranslationException; +import at.gv.egiz.stal.service.types.ObjectFactory; +import at.gv.egiz.stal.service.types.QuitRequestType; +import at.gv.egiz.stal.service.types.RequestType; +import at.gv.egiz.stal.service.types.ResponseType; +import at.gv.egiz.stalx.service.translator.STALXTranslationHandler; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import javax.xml.bind.JAXBElement; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * An instance of STALRequestBroker is shared between a producer thread (SLCommand) + * and multiple consumer threads (STALService). + * This implementation assures that handleRequest is executed only once the previous invocation returned. + * The BindingProcessor assures that a new SLCommand calls handleRequest() only once + * the bindingProcessor called handleRequest(QUIT) after the previous SLCommand's handleRequest() returned. + * + * Multiple STALService threads might call nextRequest()/getSignedReferences() in any order. + * + * @author clemens + */ +public class STALRequestBrokerImpl implements STALRequestBroker { + + private static final Log log = LogFactory.getLog(STALRequestBrokerImpl.class); + + private ObjectFactory of = new ObjectFactory(); + private STALTranslator translator = new STALTranslator(); + + private boolean interrupted = false; + + protected final ArrayList<JAXBElement<? extends RequestType>> requests; + protected final ArrayList<JAXBElement<? extends ResponseType>> responses; + + protected ArrayList<HashDataInput> hashDataInputs; + + private long timeout; + + public STALRequestBrokerImpl(long timeoutMillisec) { + if (timeoutMillisec <= 0) + timeoutMillisec = DEFAULT_TIMEOUT_MS; + timeout = timeoutMillisec; + requests = new ArrayList<JAXBElement<? extends RequestType>>(); + responses = new ArrayList<JAXBElement<? extends ResponseType>>(); + hashDataInputs = new ArrayList<HashDataInput>(); + + // register handler for STAL-X + translator.registerTranslationHandler(new STALXTranslationHandler()); + } + + /** + * Produce requests (and HashDataInputCallback) and wait for responses. + * This method is not thread safe, since every bindingprocessor thread possesses it's own instance. + * It however assures cooperation with STAL webservice threads consuming the requests and producing responses. + * + * @param requests + * @return + * + * @pre requests: either single SignRequest, QuitRequest or multiple ReadInfoboxRequests + */ + @Override + public List<STALResponse> handleRequest(List<? extends STALRequest> stalRequests) { + if (interrupted) { + return null; + } + try { + synchronized (requests) { + log.trace("produce request"); + + requests.clear(); + hashDataInputs.clear(); + + for (STALRequest stalRequest : stalRequests) { + try { + JAXBElement<? extends RequestType> request = translator.translate(stalRequest); + requests.add(request); + if (stalRequest instanceof SignRequest) { + //TODO refactor SignRequestType to keep HDI + // and getHashDataInput() accesses request obj + // (requests are cleared only when we receive the response) + // DataObjectHashDataInput with reference caching enabled DataObject + hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); + } else if (stalRequest instanceof QuitRequest) { + log.trace("Received QuitRequest, do not wait for responses."); + log.trace("notifying request consumers"); + requests.notify(); + return new ArrayList<STALResponse>(); + } + } catch (TranslationException ex) { + log.error(ex.getMessage() + ", send QUIT"); + requests.clear(); + QuitRequestType reqT = of.createQuitRequestType(); + JAXBElement<QuitRequestType> req = of.createGetNextRequestResponseTypeQuitRequest(reqT); + requests.add(req); + log.trace("notifying request consumers"); + requests.notify(); + return new ArrayList<STALResponse>(); + } + } + + +// if (stalRequest instanceof SignRequest) { +// log.trace("Received SignRequest, keep HashDataInput."); +// SignRequestType reqT = of.createSignRequestType(); +// reqT.setKeyIdentifier(((SignRequest) stalRequest).getKeyIdentifier()); +// reqT.setSignedInfo(((SignRequest) stalRequest).getSignedInfo()); +// JAXBElement<SignRequestType> req = of.createGetNextRequestResponseTypeSignRequest(reqT); +// requests.add(req); +// //DataObjectHashDataInput with reference caching enabled DataObject +// hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); +// break; +// } else if (stalRequest instanceof InfoboxReadRequest) { +// log.trace("Received InfoboxReadRequest"); +// InfoboxReadRequestType reqT = new InfoboxReadRequestType(); +// reqT.setInfoboxIdentifier(((InfoboxReadRequest) stalRequest).getInfoboxIdentifier()); +// reqT.setDomainIdentifier(((InfoboxReadRequest) stalRequest).getDomainIdentifier()); +// JAXBElement<InfoboxReadRequestType> req = of.createGetNextRequestResponseTypeInfoboxReadRequest(reqT); +// requests.add(req); +// } else if (stalRequest instanceof QuitRequest) { +// log.trace("Received QuitRequest, do not wait for responses."); +// QuitRequestType reqT = of.createQuitRequestType(); +// JAXBElement<QuitRequestType> req = of.createGetNextRequestResponseTypeQuitRequest(reqT); +// requests.add(req); +// log.trace("notifying request consumers"); +// requests.notify(); +// return new ArrayList<STALResponse>(); +// } else { +// log.error("Received unsupported STAL request: " + stalRequest.getClass().getName() + ", send QUIT"); +// requests.clear(); +// QuitRequestType reqT = of.createQuitRequestType(); +// JAXBElement<QuitRequestType> req = of.createGetNextRequestResponseTypeQuitRequest(reqT); +// requests.add(req); +// log.trace("notifying request consumers"); +// requests.notify(); +// return new ArrayList<STALResponse>(); +// } +// } + log.trace("notifying request consumers"); + requests.notify(); + } + + synchronized (responses) { + long beforeWait = System.currentTimeMillis(); + while (responses.isEmpty()) { + log.trace("waiting to consume response"); + responses.wait(timeout); + if (System.currentTimeMillis() - beforeWait >= timeout) { + log.warn("timeout while waiting to consume response, cleanup requests"); + requests.clear(); + hashDataInputs.clear(); + return Collections.singletonList((STALResponse) new ErrorResponse(ERR_4500)); + } + } + log.trace("consuming responses"); + List<STALResponse> stalResponses = new ArrayList<STALResponse>(); + try { + for (JAXBElement<? extends ResponseType> resp : responses) { + STALResponse stalResp = translator.translate(resp); + stalResponses.add(stalResp); + } + } catch (TranslationException ex) { + log.error(ex.getMessage() + ", return ErrorResponse (4000)"); + ErrorResponse stalResp = new ErrorResponse(4000); + stalResp.setErrorMessage(ex.getMessage()); + stalResponses = Collections.singletonList((STALResponse) stalResp); + } + + responses.clear(); + log.trace("notifying response producers"); + responses.notify(); + + return stalResponses; + } + } catch (InterruptedException ex) { + log.warn("interrupt in handleRequest(): " + ex.getMessage()); + interrupted = true; + return null; + } + } + + @Override + public List<JAXBElement<? extends RequestType>> connect() { + if (interrupted) { + return null; + } + try { + synchronized (requests) { + long beforeWait = System.currentTimeMillis(); + while (requests.isEmpty()) { + log.trace("waiting to consume request"); + requests.wait(timeout); + if (System.currentTimeMillis() - beforeWait >= timeout) { + log.warn("timeout while waiting to consume request"); + return createSingleQuitRequest(); + } + } + log.trace("don't consume request now, leave for further connect calls"); + return requests; + } + } catch (InterruptedException ex) { + log.warn("interrupt in nextRequest(): " + ex.getMessage()); + interrupted = true; + return null; + } + } + + /** + * This method is thread-safe, except for + * an 'initial' call to nextRequest(null) followed by a + * 'zombie' call to nextRequest(notNull). + * This case (per design) leads to a timeout of the original call. + * (synchronizing the entire method does not + * hinder the zombie to interrupt two consecutive nextRequest() calls.) + * + * @param responses + * @return QUIT if expected responses are not provided + */ + @Override + public List<JAXBElement<? extends RequestType>> nextRequest(List<JAXBElement<? extends ResponseType>> resps) { + if (interrupted) { + return null; + } + try { + synchronized (requests) { + log.trace("received responses, now consume request"); + if (requests.size() != 0) { + requests.clear(); + } else { + log.warn("requests queue is empty, response might have already been produced previously "); + // return QUIT? + } + } + + synchronized (responses) { + if (resps != null && resps.size() > 0) { + long beforeWait = System.currentTimeMillis(); + while (!responses.isEmpty()) { + log.trace("waiting to produce response"); + responses.wait(timeout); + if (System.currentTimeMillis() - beforeWait >= timeout) { + log.warn("timeout while waiting to produce response"); + return createSingleQuitRequest(); + } + } + log.trace("produce response"); + responses.addAll(resps); + //reset HashDataInputCallback iff SignResponse + if (log.isTraceEnabled()) { + for (JAXBElement<? extends ResponseType> response : resps) { + log.trace("Received STAL response: " + response.getValue().getClass().getName()); + } + } + log.trace("notifying response consumers"); + responses.notify(); + } else { + log.error("Received NextRequest without responses, return QUIT"); + return createSingleQuitRequest(); + } + } + + synchronized (requests) { + long beforeWait = System.currentTimeMillis(); + while (requests.isEmpty()) { + log.trace("waiting to consume request"); + requests.wait(timeout); + if (System.currentTimeMillis() - beforeWait >= timeout) { + log.warn("timeout while waiting to consume request"); + return createSingleQuitRequest(); + } + } + log.trace("don't consume request now, but on next response delivery"); + return requests; + } + } catch (InterruptedException ex) { + log.warn("interrupt in nextRequest(): " + ex.getMessage()); + interrupted = true; + return null; + } + } + + @Override + public List<HashDataInput> getHashDataInput() { + synchronized (requests) { + log.trace("return " + hashDataInputs.size() + " current HashDataInput(s) "); + return hashDataInputs; + } + } + + private List<JAXBElement<? extends RequestType>> createSingleQuitRequest() { + QuitRequestType quitT = of.createQuitRequestType(); + JAXBElement<QuitRequestType> quit = of.createGetNextRequestResponseTypeQuitRequest(quitT); + ArrayList<JAXBElement<? extends RequestType>> l = new ArrayList<JAXBElement<? extends RequestType>>(); + l.add(quit); + return l; + } +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java new file mode 100644 index 00000000..c8ab280f --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java @@ -0,0 +1,386 @@ + /* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.stal.service.impl; + +import at.buergerkarte.namespaces.cardchannel.service.CommandAPDUType; +import at.buergerkarte.namespaces.cardchannel.service.ScriptType; +import at.gv.egiz.bku.binding.BindingProcessor; +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.binding.Id; +import at.gv.egiz.bku.binding.IdFactory; + +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.service.GetHashDataInputFault; +import at.gv.egiz.stal.service.STALPortType; +import at.gv.egiz.stal.service.types.ErrorResponseType; +import at.gv.egiz.stal.service.types.GetHashDataInputFaultType; +import at.gv.egiz.stal.service.types.GetHashDataInputResponseType; +import at.gv.egiz.stal.service.types.GetHashDataInputType; +import at.gv.egiz.stal.service.types.GetNextRequestResponseType; +import at.gv.egiz.stal.service.types.GetNextRequestType; +import at.gv.egiz.stal.service.types.InfoboxReadRequestType; +import at.gv.egiz.stal.service.types.QuitRequestType; +import at.gv.egiz.stal.service.types.RequestType; +import at.gv.egiz.stal.service.types.ResponseType; +import at.gv.egiz.stal.service.types.SignRequestType; +import at.gv.egiz.stal.service.types.GetHashDataInputType.Reference; +//import at.gv.egiz.stal.service.types.GetHashDataInputResponseType.Reference; + +import com.sun.xml.ws.developer.UsesJAXBContext; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.Charset; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import javax.annotation.Resource; +import javax.jws.WebService; +import javax.servlet.ServletContext; +import javax.xml.bind.JAXBElement; +import javax.xml.ws.WebServiceContext; +import javax.xml.ws.handler.MessageContext; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author clemens + */ +@WebService(endpointInterface = "at.gv.egiz.stal.service.STALPortType", portName="STALPort", serviceName="STALService", targetNamespace="http://www.egiz.gv.at/wsdl/stal", wsdlLocation="WEB-INF/wsdl/stal.wsdl") +@UsesJAXBContext(STALXJAXBContextFactory.class) +public class STALServiceImpl implements STALPortType { + + public static final String BINDING_PROCESSOR_MANAGER = "bindingProcessorManager"; + public static final Id TEST_SESSION_ID = IdFactory.getInstance().createId("TestSession"); + protected static final Log log = LogFactory.getLog(STALServiceImpl.class); + + + static { + if (log.isTraceEnabled()) { + log.trace("enabling webservice communication dump"); + System.setProperty("com.sun.xml.ws.transport.http.HttpAdapter.dump", "true"); + } else { + System.setProperty("com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace", "false"); + } + } + @Resource + protected WebServiceContext wsContext; + protected IdFactory idF = IdFactory.getInstance(); + /** JAXB ObjectFactories */ + private at.gv.egiz.stal.service.types.ObjectFactory stalObjFactory = new at.gv.egiz.stal.service.types.ObjectFactory(); + /** don't confuse with at.buergerkarte.namespaces.cardchannel */ + private at.buergerkarte.namespaces.cardchannel.service.ObjectFactory ccObjFactory = new at.buergerkarte.namespaces.cardchannel.service.ObjectFactory(); + + @Override + public GetNextRequestResponseType connect(String sessId) { + + if (sessId == null) { + throw new NullPointerException("No session id provided"); + } + + Id sessionId = idF.createId(sessId); + + if (log.isDebugEnabled()) { + log.debug("Received Connect [" + sessionId + "]"); + } + + if (TEST_SESSION_ID.equals(sessionId)) { + return getTestSessionNextRequestResponse(null); + } + + GetNextRequestResponseType response = new GetNextRequestResponseType(); + response.setSessionId(sessionId.toString()); + + STALRequestBroker stal = getStal(sessionId); + + if (stal != null) { + + List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).connect(); + response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut); + + if (log.isDebugEnabled()) { + StringBuilder sb = new StringBuilder("Returning initial GetNextRequestResponse ["); + sb.append(sessionId.toString()); + sb.append("] containing "); + sb.append(requestsOut.size()); + sb.append(" requests: "); + for (JAXBElement<? extends RequestType> reqOut : requestsOut) { + sb.append(reqOut.getValue().getClass()); + sb.append(' '); + } + log.debug(sb.toString()); + } + } else { + log.error("Failed to get STAL for session " + sessionId + ", returning QuitRequest"); + QuitRequestType quitT = stalObjFactory.createQuitRequestType(); + JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT); + response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit); + } + return response; + } + + @Override + public GetNextRequestResponseType getNextRequest(GetNextRequestType request) { + + if (request.getSessionId() == null) { + throw new NullPointerException("No session id provided"); + } + + Id sessionId = idF.createId(request.getSessionId()); + + List<JAXBElement<? extends ResponseType>> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse(); +// List<ResponseType> responsesIn = request.getInfoboxReadResponseOrSignResponseOrErrorResponse();//getResponse(); + + if (log.isDebugEnabled()) { + StringBuilder sb = new StringBuilder("Received GetNextRequest ["); + sb.append(sessionId.toString()); + sb.append("] containing "); + sb.append(responsesIn.size()); + sb.append(" responses: "); + for (JAXBElement<? extends ResponseType> respIn : responsesIn) { + sb.append(respIn.getValue().getClass()); + sb.append(' '); + } + log.debug(sb.toString()); + } + + if (TEST_SESSION_ID.equals(sessionId)) { + return getTestSessionNextRequestResponse(responsesIn); + } + + GetNextRequestResponseType response = new GetNextRequestResponseType(); + response.setSessionId(sessionId.toString()); + + STALRequestBroker stal = getStal(sessionId); + + if (stal != null) { + + List<JAXBElement<? extends RequestType>> requestsOut = ((STALRequestBroker) stal).nextRequest(responsesIn); + response.getInfoboxReadRequestOrSignRequestOrQuitRequest().addAll(requestsOut); + + if (log.isDebugEnabled()) { + StringBuilder sb = new StringBuilder("Returning GetNextRequestResponse ["); + sb.append(sessionId.toString()); + sb.append("] containing "); + sb.append(requestsOut.size()); + sb.append(" requests: "); + for (JAXBElement<? extends RequestType> reqOut : requestsOut) { + sb.append(reqOut.getValue().getClass()); + sb.append(' '); + } + log.debug(sb.toString()); + } + } else { + log.error("Failed to get STAL for session " + sessionId + ", returning QuitRequest"); + QuitRequestType quitT = stalObjFactory.createQuitRequestType(); + JAXBElement<QuitRequestType> quit = stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT); + response.getInfoboxReadRequestOrSignRequestOrQuitRequest().add(quit); + } + return response; + } + + @Override + public GetHashDataInputResponseType getHashDataInput(GetHashDataInputType request) throws GetHashDataInputFault { + + if (request.getSessionId() == null) { + throw new NullPointerException("No session id provided"); + } + + Id sessionId = idF.createId(request.getSessionId()); + + if (log.isDebugEnabled()) { + log.debug("Received GetHashDataInputRequest for session " + sessionId + " containing " + request.getReference().size() + " reference(s)"); + } + + if (TEST_SESSION_ID.equals(sessionId)) { + return getTestSessionHashDataInputResponse(request.getReference()); + } + + GetHashDataInputResponseType response = new GetHashDataInputResponseType(); + response.setSessionId(sessionId.toString()); + + STALRequestBroker stal = getStal(sessionId); + + if (stal != null) { + List<HashDataInput> hashDataInputs = stal.getHashDataInput(); + + if (hashDataInputs != null) { + + Map<String, HashDataInput> hashDataIdMap = new HashMap<String, HashDataInput>(); + for (HashDataInput hdi : hashDataInputs) { + if (log.isTraceEnabled()) { + log.trace("Provided HashDataInput for reference " + hdi.getReferenceId()); + } + hashDataIdMap.put(hdi.getReferenceId(), hdi); + } + + List<GetHashDataInputType.Reference> reqRefs = request.getReference(); + for (GetHashDataInputType.Reference reqRef : reqRefs) { + String reqRefId = reqRef.getID(); + HashDataInput reqHdi = hashDataIdMap.get(reqRefId); + if (reqHdi == null) { + String msg = "Failed to resolve HashDataInput for reference " + reqRefId; + log.error(msg); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo); + } + + InputStream hashDataIS = reqHdi.getHashDataInput(); + if (hashDataIS == null) { + //HashDataInput not cached? + String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached"; + log.error(msg); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo); + } + ByteArrayOutputStream baos = null; + try { + if (log.isDebugEnabled()) { + log.debug("Resolved HashDataInput " + reqRefId + " (" + reqHdi.getMimeType() + ";charset=" + reqHdi.getEncoding() + ")"); + } + baos = new ByteArrayOutputStream(hashDataIS.available()); + int c; + while ((c = hashDataIS.read()) != -1) { + baos.write(c); + } + GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference(); + ref.setID(reqRefId); + ref.setMimeType(reqHdi.getMimeType()); + ref.setEncoding(reqHdi.getEncoding()); + ref.setFilename(reqHdi.getFilename()); + ref.setValue(baos.toByteArray()); + response.getReference().add(ref); + } catch (IOException ex) { + String msg = "Failed to get HashDataInput for reference " + reqRefId; + log.error(msg, ex); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo, ex); + } finally { + try { + baos.close(); + } catch (IOException ex) { + } + } + } + return response; + } else { + String msg = "Failed to resolve any HashDataInputs for session " + sessionId; + log.error(msg); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo); + } + } else { + String msg = "Session timeout"; //Failed to get STAL for session " + sessionId; + log.error(msg + " " + sessionId); + GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); + faultInfo.setErrorCode(1); + faultInfo.setErrorMessage(msg); + throw new GetHashDataInputFault(msg, faultInfo); + } + } + + private STALRequestBroker getStal(Id sessionId) { + if (log.isTraceEnabled()) { + log.trace("resolve STAL for session " + sessionId); + } + MessageContext mCtx = wsContext.getMessageContext(); + ServletContext sCtx = (ServletContext) mCtx.get(MessageContext.SERVLET_CONTEXT); + BindingProcessorManager bpMgr = (BindingProcessorManager) sCtx.getAttribute(BINDING_PROCESSOR_MANAGER); + BindingProcessor bp = bpMgr.getBindingProcessor(sessionId); + return (bp == null) ? null : (bp.isFinished() ? null : (STALRequestBroker) bp.getSTAL()); + } + + private GetNextRequestResponseType getTestSessionNextRequestResponse(List<JAXBElement<? extends ResponseType>> responsesIn) { + GetNextRequestResponseType response = new GetNextRequestResponseType(); + response.setSessionId(TEST_SESSION_ID.toString()); + + List<JAXBElement<? extends RequestType>> reqs = response.getInfoboxReadRequestOrSignRequestOrQuitRequest(); + + if (responsesIn == null) { + log.info("[TestSession] CONNECT"); +// addTestCardChannelRequest(reqs); +// addTestInfoboxReadRequest("IdentityLink", reqs); +// addTestInfoboxReadRequest("SecureSignatureKeypair", reqs); +// addTestInfoboxReadRequest("CertifiedKeypair", reqs); + addTestSignatureRequests("SecureSignatureKeypair", reqs); + } else if (responsesIn != null && responsesIn.size() > 0 && responsesIn.get(0).getValue() instanceof ErrorResponseType) { + log.info("[TestSession] received ErrorResponse, return QUIT request"); + QuitRequestType quitT = stalObjFactory.createQuitRequestType(); + reqs.add(stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT)); + } else { + log.info("[TestSession] received " + responsesIn.size() + " response(s), return QUIT" ); + QuitRequestType quitT = stalObjFactory.createQuitRequestType(); + reqs.add(stalObjFactory.createGetNextRequestResponseTypeQuitRequest(quitT)); + } + return response; + } + + + private GetHashDataInputResponseType getTestSessionHashDataInputResponse(List<Reference> references) { + log.debug("[TestSession] received GET_HASHDATAINPUT"); + + GetHashDataInputResponseType response = new GetHashDataInputResponseType(); + response.setSessionId(TEST_SESSION_ID.toString()); + + for (Reference reference : references) { + String refId = reference.getID(); + log.debug("[TestSession] adding hashdata input for " + refId); + GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference(); + ref.setID(refId); + ref.setMimeType(TestSignatureData.HASHDATA_MIMETYPES.get(refId)); //todo resolve from TestSignatureData + ref.setValue(TestSignatureData.HASHDATA_INPUT.get(refId)); + ref.setEncoding(TestSignatureData.ENCODING); + response.getReference().add(ref); + } + return response; + } + + private void addTestCardChannelRequest(List<JAXBElement<? extends RequestType>> requestList) { + log.info("[TestSession] add CARDCHANNEL request"); + ScriptType scriptT = ccObjFactory.createScriptType(); + CommandAPDUType cmd = ccObjFactory.createCommandAPDUType(); + cmd.setValue("TestSession CardChannelCMD 1234".getBytes()); + scriptT.getResetOrCommandAPDUOrVerifyAPDU().add(cmd); + requestList.add(ccObjFactory.createScript(scriptT)); + } + + private void addTestInfoboxReadRequest(String infoboxIdentifier, List<JAXBElement<? extends RequestType>> requestList) { + log.info("[TestSession] add READ "+ infoboxIdentifier + " request"); + InfoboxReadRequestType ibrT = stalObjFactory.createInfoboxReadRequestType(); + ibrT.setInfoboxIdentifier(infoboxIdentifier); + requestList.add(stalObjFactory.createGetNextRequestResponseTypeInfoboxReadRequest(ibrT)); + } + + private void addTestSignatureRequests(String keyIdentifier, List<JAXBElement<? extends RequestType>> reqs) { + log.info("[TestSession] add SIGN " + keyIdentifier + " request"); + SignRequestType sigT = stalObjFactory.createSignRequestType(); + sigT.setKeyIdentifier(keyIdentifier); + sigT.setSignedInfo(TestSignatureData.SIGNED_INFO.get(1)); //select! + reqs.add(stalObjFactory.createGetNextRequestResponseTypeSignRequest(sigT)); + } + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java new file mode 100644 index 00000000..9caf950f --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALXJAXBContextFactory.java @@ -0,0 +1,61 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.stal.service.impl; + +import com.sun.xml.bind.api.JAXBRIContext; +import com.sun.xml.bind.api.TypeReference; +import com.sun.xml.ws.api.model.SEIModel; +import com.sun.xml.ws.developer.JAXBContextFactory; +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBException; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class STALXJAXBContextFactory implements JAXBContextFactory { + + private static final Log log = LogFactory.getLog(STALXJAXBContextFactory.class); + + @Override + public JAXBRIContext createJAXBContext(SEIModel sei, List<Class> classesToBind, List<TypeReference> typeReferences) throws JAXBException { + if (log.isTraceEnabled()) { + log.trace("JAXBContext seed for SEI " + sei.getTargetNamespace() + ":"); + for (Class class1 : classesToBind) { + log.trace(" " + class1); + } + for (TypeReference typeReference : typeReferences) { + log.trace(" typeRef " + typeReference.tagName + " -> " + typeReference.type); + } + } + List<Class> classes = new ArrayList<Class>(); + classes.addAll(classesToBind); + Class ccOF = at.buergerkarte.namespaces.cardchannel.service.ObjectFactory.class; + if (!classes.contains(ccOF)) { + log.debug("adding " + ccOF + " to JAXBContext seed"); + classes.add(ccOF); + } + + //TODO add typeReference? + + return JAXBRIContext.newInstance(classes.toArray(new Class[classes.size()]), + typeReferences, null, sei.getTargetNamespace(), false, null); + } +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java new file mode 100644 index 00000000..2f58bb3d --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/TestSignatureData.java @@ -0,0 +1,47 @@ +package at.gv.egiz.stal.service.impl; + +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public final class TestSignatureData { + + protected final static Log log = LogFactory.getLog(TestSignatureData.class); + + public static final String[] ID = new String[] {"signed-data-reference-0-1214921968-27971781-24309", "signed-data-reference-1"}; + public static final String ENCODING = "UTF-8"; + + public static final Map<String, byte[]> HASHDATA_INPUT = new HashMap<String, byte[]>(); + static { + try { + HASHDATA_INPUT.put(ID[0], "Ich bin ein einfacher Text. lläöü߀".getBytes(ENCODING)); + HASHDATA_INPUT.put(ID[1], "2te referenz".getBytes(ENCODING)); + } catch (UnsupportedEncodingException ex) { + log.error("failed to init signature test data", ex); + } + } + public static final Map<String, String> HASHDATA_MIMETYPES = new HashMap<String, String>(); + static { + HASHDATA_MIMETYPES.put(ID[0], "text/plain"); + HASHDATA_MIMETYPES.put(ID[1], "any/mime-type"); + } + +// private static final byte[] signedInfo = "<dsig:SignedInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\"><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /> <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1\" /> <dsig:Reference Id=\"signed-data-reference-0-1214921968-27971781-24309\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-0-1214921968-27971781-13578')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-0-1214921968-27971781-25439\" Type=\"http://uri.etsi.org/01903/v1.1.1#SignedProperties\" URI=\"#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1214921968-27971781-3095')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><dsig:DigestValue>yV6Q+I60buqR4mMaxA7fi+CV35A=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>".getBytes(); +// private static final byte[] signedInfo2Ref = "<dsig:SignedInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\"><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /> <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1\" /> <dsig:Reference Id=\"signed-data-reference-0-1214921968-27971781-24309\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-0-1214921968-27971781-13578')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"signed-data-reference-1\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-1')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-0-1214921968-27971781-25439\" Type=\"http://uri.etsi.org/01903/v1.1.1#SignedProperties\" URI=\"#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1214921968-27971781-3095')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><dsig:DigestValue>yV6Q+I60buqR4mMaxA7fi+CV35A=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>".getBytes(); +// private static final String signedInfo2Ref = "<dsig:Reference Id=\"signed-data-reference-1\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-1')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference>"; + /** + * SIGNED_INFO[0] contains reference ID[0] + * SIGNED_INFO[1] contains reference ID[0] and ID[1] + */ + public static final List<byte[]> SIGNED_INFO = new ArrayList<byte[]>(); + static { + SIGNED_INFO.add("<dsig:SignedInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\"><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /> <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1\" /> <dsig:Reference Id=\"signed-data-reference-0-1214921968-27971781-24309\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-0-1214921968-27971781-13578')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-0-1214921968-27971781-25439\" Type=\"http://uri.etsi.org/01903/v1.1.1#SignedProperties\" URI=\"#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1214921968-27971781-3095')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><dsig:DigestValue>yV6Q+I60buqR4mMaxA7fi+CV35A=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>".getBytes()); + SIGNED_INFO.add("<dsig:SignedInfo xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\"><dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" /> <dsig:SignatureMethod Algorithm=\"http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1\" /> <dsig:Reference Id=\"signed-data-reference-0-1214921968-27971781-24309\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-0-1214921968-27971781-13578')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"signed-data-reference-1\" URI=\"#signed-data-object-0-1214921968-27971781-13578\"><dsig:Transforms> <dsig:Transform Algorithm=\"http://www.w3.org/2002/06/xmldsig-filter2\"> <xpf:XPath xmlns:xpf=\"http://www.w3.org/2002/06/xmldsig-filter2\" Filter=\"intersect\">id('signed-data-object-1')/node()</xpf:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /> <dsig:DigestValue>H1IePEEfGQ2SG03H6LTzw1TpCuM=</dsig:DigestValue></dsig:Reference><dsig:Reference Id=\"etsi-data-reference-0-1214921968-27971781-25439\" Type=\"http://uri.etsi.org/01903/v1.1.1#SignedProperties\" URI=\"#xmlns(etsi=http://uri.etsi.org/01903/v1.1.1%23)%20xpointer(id('etsi-data-object-0-1214921968-27971781-3095')/child::etsi:QualifyingProperties/child::etsi:SignedProperties)\"><dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" /><dsig:DigestValue>yV6Q+I60buqR4mMaxA7fi+CV35A=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo>".getBytes()); + } + +} diff --git a/BKUOnline/src/main/policy/50mocca.policy b/BKUOnline/src/main/policy/50mocca.policy new file mode 100644 index 00000000..2d6bc13d --- /dev/null +++ b/BKUOnline/src/main/policy/50mocca.policy @@ -0,0 +1,319 @@ +// Copyright 2008 Federal Chancellery Austria and +// Graz University of Technology +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// +// ========================================================================= +// || IMPORTANT: REVIEW AND ADAPT TO YOUR NEEDS PRIOR TO INSTALLATION +// ========================================================================= +// +// (set -Djava.security.debug=access,failure and search for "FAILED") +// +// +// ========== MOCCA CODE PERMISSIONS ======================================= +// +// replace ${catalina.base}/webapps/bkuonline +// with ${catalina.base}/webapps/<mocca_context> +// replace ${catalina.base}/work/Catalina/localhost/bkuonline +// with ${catalina.base}/work/Catalina/localhost/<mocca_context> (the path to the compiled JSPs, excl. package dir: org/apache/jsp/) +// replace version info in utils-1.2.10.jar and bkucommon-1.2.10.jar +// with current version +// replace apps.egiz.gv.at +// with <DataURL_host:DataURL_port> +// replace localhost:8080 +// with <StylesheetURL_host:StylesheetURL_port> +// replace www.xslt-stylesheet-include-url.org:80 +// with <XSL_include_URL> +// replace ../conf/secret.xml +// with <any_resource_you_would_like_to_grant_XSLTs_document()_function_access_to> +// +// replace www.a-trust.at and ksp.ecard.sozialversicherung.gv.at +// with <idLink_template_download_URL> +// replace ldap.a-trust.at:389 and ocsp.ecard.sozialversicherung.at:80 +// with <certificate_revocation_authority_endpoint> (OCSP, CRLs) +// + +// =========== container grants required by MOCCA +// +grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/logging.properties", "read"; +}; + +grant codeBase "file:${catalina.base}/work/Catalina/localhost/bkuonline" { + permission java.io.FilePermission "/helpfiles/-", "read"; + permission java.lang.RuntimePermission "defineClassInPackage.org.apache.jasper.runtime"; +}; + +// =========== MOCCA grants +// +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/classes/-" { + permission java.security.AllPermission; +// permission java.io.FilePermission "${catalina.base}/logs", "read, write"; +// permission java.io.FilePermission "${catalina.base}/logs/*", "read, write"; +// permission java.io.FilePermission "${catalina.base}/logs/*", "delete"; +// permission java.util.PropertyPermission "com.sun.xml.ws.fault.SOAPFaultBuilder.disableCaptureStackTrace", "write"; +// permission java.util.PropertyPermission "com.sun.xml.ws.transport.http.HttpAdapter.dump", "write"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/-" { + // the log4j configuration might want to write logs to ${catalina.base}/logs/bkuonline.log + permission java.io.FilePermission "${catalina.base}/logs", "read, write"; + permission java.io.FilePermission "${catalina.base}/logs/*", "read, write"; + permission java.io.FilePermission "${catalina.base}/logs/*", "delete"; + +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/utils-1.2.10.jar" { + permission java.util.PropertyPermission "*", "read"; + permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve"; + permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve"; +// permission java.net.SocketPermission "localhost:8080", "connect, resolve"; + permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/bkucommon-1.2.10.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.io.FilePermission "../conf/secret.xml", "read"; + permission java.net.SocketPermission "apps.egiz.gv.at:443", "connect, resolve"; + permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve"; + permission java.net.SocketPermission "ksp.ecard.sozialversicherung.gv.at:80", "connect,resolve"; + permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve"; + permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve"; +// permission java.net.SocketPermission "localhost:8080", "connect, resolve"; + permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; + permission java.net.NetPermission "specifyStreamHandler"; + permission java.util.PropertyPermission "*", "read, write"; + permission java.security.SecurityPermission "insertProvider.IAIK"; + permission java.security.SecurityPermission "putProviderProperty.IAIK"; + permission java.security.SecurityPermission "removeProvider.IAIK"; + permission java.security.SecurityPermission "insertProvider.IAIK_ECC"; + permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC"; + permission java.security.SecurityPermission "insertProvider.XSECT"; + permission java.security.SecurityPermission "putProviderProperty.XSECT"; + permission java.security.SecurityPermission "insertProvider.STAL"; + permission java.security.SecurityPermission "putProviderProperty.STAL"; + // XMLDSig is moved backwards by XSECT + permission java.security.SecurityPermission "insertProvider.XMLDSig"; + permission java.security.SecurityPermission "removeProvider.XMLDSig"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.RuntimePermission "getProtectionDomain"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap"; + permission java.lang.RuntimePermission "modifyThread"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_jce_full_signed-3.16.jar" { + permission java.util.PropertyPermission "*", "read, write"; + permission java.security.SecurityPermission "insertProvider.IAIK"; + permission java.security.SecurityPermission "putProviderProperty.IAIK"; + permission java.security.SecurityPermission "removeProvider.IAIK"; + permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve"; + permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_ecc_signed-2.15.jar" { + permission java.security.SecurityPermission "insertProvider.IAIK_ECC"; + permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_xsect-1.14.jar" { + permission java.util.PropertyPermission "*", "read, write"; + permission java.security.SecurityPermission "insertProvider.IAIK"; + permission java.security.SecurityPermission "putProviderProperty.IAIK"; + permission java.security.SecurityPermission "removeProvider.IAIK"; + permission java.security.SecurityPermission "insertProvider.XSECT"; + permission java.security.SecurityPermission "putProviderProperty.XSECT"; + permission java.security.SecurityPermission "insertProvider.XMLDSig"; + permission java.security.SecurityPermission "removeProvider.XMLDSig"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/iaik_pki-1.0-MOCCA.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.net.SocketPermission "www.a-trust.at:80", "connect, resolve"; + permission java.net.SocketPermission "ldap.a-trust.at:389", "connect, resolve"; + permission java.net.SocketPermission "ocsp.ecard.sozialversicherung.at:80", "connect, resolve"; + permission java.net.NetPermission "specifyStreamHandler"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.protocol.ldap"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar" { + permission java.io.FilePermission "${java.home}/lib/xalan.properties", "read"; + permission java.util.PropertyPermission "*", "read"; + permission java.lang.RuntimePermission "getClassLoader"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/serializer-2.7.1.jar" { + permission java.util.PropertyPermission "*", "read"; + permission java.lang.RuntimePermission "getClassLoader"; +}; + +// allow xsl:include from the specified URL +grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/processor/-" { + permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; +}; + +// allow XSLT document function to reference the specified URL +grant codeBase "jar:file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xalan-2.7.1.jar!/org/apache/xalan/xsltc/dom/LoadDocument.class" { + permission java.io.FilePermission "../conf/secret.xml", "read"; +}; + +// use tomcat/jre endorsed xerces instead +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/xercesImpl-2.9.1.jar" { + permission java.io.FilePermission "${java.home}/lib/xerces.properties", "read"; +// permission java.io.FilePermission "../conf/secret.xml", "read"; +// permission java.net.SocketPermission "www.xslt-stylesheet-include-url.org:80", "connect, resolve"; + permission java.util.PropertyPermission "*", "read"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina"; + permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.*"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-logging-1.1.1.jar" { + permission java.util.PropertyPermission "org.apache.commons.logging.*", "read"; + permission java.util.PropertyPermission "log4j.*", "read"; + permission java.util.PropertyPermission "catalina.base", "read"; + permission java.lang.RuntimePermission "getClassLoader"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/log4j-1.2.12.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/log4j.properties", "read"; + // allow log4j to read its own properties + permission java.util.PropertyPermission "log4j.*", "read"; + permission java.util.PropertyPermission "catalina.base", "read"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-core-2.5.5.jar" { + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "modifyThread"; +}; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-web-2.5.5.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.security.SecurityPermission "insertProvider.IAIK"; + permission java.security.SecurityPermission "putProviderProperty.IAIK"; + permission java.security.SecurityPermission "removeProvider.IAIK"; + permission java.security.SecurityPermission "insertProvider.IAIK_ECC"; + permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC"; + permission java.security.SecurityPermission "insertProvider.XSECT"; + permission java.security.SecurityPermission "putProviderProperty.XSECT"; + permission java.security.SecurityPermission "insertProvider.STAL"; + permission java.security.SecurityPermission "putProviderProperty.STAL"; + permission java.security.SecurityPermission "insertProvider.XMLDSig"; + permission java.security.SecurityPermission "removeProvider.XMLDSig"; + permission java.util.PropertyPermission "*", "read, write"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "modifyThread"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.RuntimePermission "getProtectionDomain"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-beans-2.5.5.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.security.SecurityPermission "insertProvider.IAIK"; + permission java.security.SecurityPermission "putProviderProperty.IAIK"; + permission java.security.SecurityPermission "removeProvider.IAIK"; + permission java.security.SecurityPermission "insertProvider.IAIK_ECC"; + permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC"; + permission java.security.SecurityPermission "insertProvider.XSECT"; + permission java.security.SecurityPermission "putProviderProperty.XSECT"; + permission java.security.SecurityPermission "insertProvider.STAL"; + permission java.security.SecurityPermission "putProviderProperty.STAL"; + permission java.security.SecurityPermission "insertProvider.XMLDSig"; + permission java.security.SecurityPermission "removeProvider.XMLDSig"; + permission java.util.PropertyPermission "*", "read, write"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.RuntimePermission "getProtectionDomain"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/spring-context-2.5.5.jar" { + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/-", "write"; + permission java.io.FilePermission "${catalina.base}/webapps/bkuonline/WEB-INF/classes/at/gv/egiz/bku/certs/certStore/toBeAdded/-", "delete"; + permission java.security.SecurityPermission "insertProvider.IAIK"; + permission java.security.SecurityPermission "putProviderProperty.IAIK"; + permission java.security.SecurityPermission "removeProvider.IAIK"; + permission java.security.SecurityPermission "insertProvider.IAIK_ECC"; + permission java.security.SecurityPermission "putProviderProperty.IAIK_ECC"; + permission java.security.SecurityPermission "insertProvider.XSECT"; + permission java.security.SecurityPermission "putProviderProperty.XSECT"; + permission java.security.SecurityPermission "insertProvider.STAL"; + permission java.security.SecurityPermission "putProviderProperty.STAL"; + permission java.security.SecurityPermission "insertProvider.XMLDSig"; + permission java.security.SecurityPermission "removeProvider.XMLDSig"; + permission java.util.PropertyPermission "*", "read, write"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "modifyThread"; + permission java.lang.RuntimePermission "setFactory"; + permission java.lang.RuntimePermission "getProtectionDomain"; + permission java.lang.RuntimePermission "defineClassInPackage.java.lang"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxws-rt-2.1.5.jar" { + // need write access to set disableCaptureStackTrace and HttpAdapter.dump + permission java.util.PropertyPermission "com.sun.xml.ws.*", "read, write"; + permission java.util.PropertyPermission "com.sun.xml.bind.*", "read"; + permission java.util.PropertyPermission "javax.xml.soap.*", "read"; + permission java.util.PropertyPermission "javax.activation.*", "read"; + permission java.util.PropertyPermission "xml.catalog.*", "read"; + permission java.util.PropertyPermission "user.dir", "read"; + permission java.util.PropertyPermission "user.home", "read"; + permission java.io.FilePermission "${java.home}/lib/jaxm.properties", "read"; + permission java.io.FilePermission "${java.home}/lib/mailcap", "read"; + permission java.io.FilePermission "${user.home}/.mailcap", "read"; + permission java.io.FilePermission "basename", "read"; + permission java.io.FilePermission "${catalina.home}/bin/xcatalog", "read"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.util.logging.resources"; + permission java.lang.RuntimePermission "setContextClassLoader"; + permission javax.management.MBeanServerPermission "createMBeanServer"; + permission javax.management.MBeanPermission "com.sun.xml.ws.*", "registerMBean"; + permission javax.management.MBeanTrustPermission "register"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/jaxb-impl-2.1.9.jar" { + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.util.PropertyPermission "com.sun.xml.bind.v2.*", "read"; + permission java.util.PropertyPermission "user.dir", "read"; +}; + +grant codeBase "file:${catalina.base}/webapps/bkuonline/WEB-INF/lib/commons-httpclient-3.1.jar" { + permission java.util.PropertyPermission "*", "read"; +}; + +// ======== NETBEANS + +//grant codeBase "file:${catalina.base}/nblib/-" { +// permission java.security.AllPermission; +//};
\ No newline at end of file diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml new file mode 100644 index 00000000..f8d1411c --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml @@ -0,0 +1,84 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Copyright 2008 Federal Chancellery Austria and Graz University of
+ Technology Licensed under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
+ License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0 Unless required by
+ applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the
+ License.
+ -->
+<AccessControl>
+ <Chains>
+ <!--
+ The input chain defines filters that are applied before command
+ execution
+ -->
+ <Chain Id="InputChain">
+ <Rules>
+ <!-- there is no command implemented that requires input filtering -->
+ <Rule Id="InputChain-AllowAll">
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ </Rules>
+ </Chain>
+
+ <!--
+ The output chain defines filters that are applied after command
+ execution
+ -->
+ <Chain Id="OutputChain">
+ <Rules>
+ <Rule Id="OutputChain-Egov">
+ <AuthClass>certifiedGovAgency</AuthClass>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="OutputChain-Command">
+ <AuthClass>anonymous</AuthClass>
+ <Action>
+ <ChainRef>Command</ChainRef>
+ </Action>
+ </Rule>
+ </Rules>
+ </Chain>
+ <Chain Id="Command">
+ <Rules>
+ <Rule Id="cmd-rule-1">
+ <AuthClass>certified</AuthClass>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ <Param Name="PersonIdentifier">derived</Param>
+ </Command>
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ <UserInteraction>confirm</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-2">
+ <AuthClass>anonymous</AuthClass>
+ <Command Name="Infobox.*">
+ <Param Name="InfoboxIdentifier">IdentityLink</Param>
+ </Command>
+ <Action>
+ <RuleAction>deny</RuleAction>
+ </Action>
+ <UserInteraction>info</UserInteraction>
+ </Rule>
+ <Rule Id="cmd-rule-3">
+ <Action>
+ <RuleAction>allow</RuleAction>
+ </Action>
+ </Rule>
+ </Rules>
+ </Chain>
+ </Chains>
+</AccessControl>
diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties new file mode 100644 index 00000000..b4ecfd86 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -0,0 +1,56 @@ +#
+# Copyright 2008 Federal Chancellery Austria and
+# Graz University of Technology
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+# Configuration for online CCE
+
+# security manager configuration
+AccessController.acceptUnmatched=false
+AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessControlConfig.xml
+
+# ------------BEGIN SSL Config --------------------
+# SSL configuration for connections to external
+# resources (e.g. data urls)
+
+# directory where certificates for
+# chain constructions can be placed
+#SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore
+SSL.certDirectory=classpath:at/gv/egiz/bku/certs/certStore
+
+
+# Directory where trusted CA
+# certificates are placed
+SSL.caDirectory=classpath:at/gv/egiz/bku/certs/trustStore
+SSL.sslProtocol=TLS
+
+# warning do not set the following property to true
+# its intended for debugging and testing only
+SSL.disableAllChecks=false
+#SSL.disableHostnameVerification=true
+
+# ------------ END SSL Config --------------------
+
+#UserAgent=citizen-card-environment/1.2 MOCCA/1.2
+#UserAgent=citizen-card-environment/1.2 trustDeskbasic/2.8.1
+
+ValidateHashDataInputs=true
+AppletTimeout=300000
+
+#HTTPProxyHost=taranis.iaik.tugraz.at
+#HTTPProxyPort=8888
+DefaultSocketTimeout=200
+#SignatureLayout=
\ No newline at end of file diff --git a/BKUOnline/src/main/resources/commons-logging.properties b/BKUOnline/src/main/resources/commons-logging.properties new file mode 100644 index 00000000..0d497b1b --- /dev/null +++ b/BKUOnline/src/main/resources/commons-logging.properties @@ -0,0 +1,16 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger diff --git a/BKUOnline/src/main/resources/log4j.properties b/BKUOnline/src/main/resources/log4j.properties new file mode 100644 index 00000000..d4a03fe7 --- /dev/null +++ b/BKUOnline/src/main/resources/log4j.properties @@ -0,0 +1,36 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +#log4j.rootLogger=DEBUG, STDOUT, file +log4j.rootLogger=INFO, file +#log4j.logger.at.gv=TRACE + + +# STDOUT appender +log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender +log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout +#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n +log4j.appender.STDOUT.layout.ConversionPattern=%-5p | %t | %c %x - %m%n + +# FILE appender +log4j.appender.file=org.apache.log4j.RollingFileAppender +log4j.appender.file.maxFileSize=500KB +log4j.appender.file.maxBackupIndex=9 +log4j.appender.file.File=${catalina.base}/logs/bkuonline.log +log4j.appender.file.threshold=trace +log4j.appender.file.layout=org.apache.log4j.PatternLayout +log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p | %t | %c{1}:%L - %m%n
\ No newline at end of file diff --git a/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF b/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 00000000..ae3f7b68 --- /dev/null +++ b/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,6 @@ +Manifest-Version: 1.0 +Archiver-Version: Plexus Archiver +Created-By: Apache Maven +Built-By: clemens +Build-Jdk: 1.6.0_10 +Implementation-Build: 1.1.1-SNAPSHOT-r1 diff --git a/BKUOnline/src/main/webapp/META-INF/context.xml b/BKUOnline/src/main/webapp/META-INF/context.xml new file mode 100644 index 00000000..f38215a1 --- /dev/null +++ b/BKUOnline/src/main/webapp/META-INF/context.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!--Context path="/bkuonline"/--> +<Context path=""/> diff --git a/BKUOnline/src/main/webapp/PINManagement.jsp b/BKUOnline/src/main/webapp/PINManagement.jsp new file mode 100644 index 00000000..e48b8405 --- /dev/null +++ b/BKUOnline/src/main/webapp/PINManagement.jsp @@ -0,0 +1,111 @@ +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<%@ page language="java" contentType="text/html; charset=UTF-8" + pageEncoding="UTF-8" + import="at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage"%> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + <title>MOCCA PIN Management</title> + <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"> + <script type="text/javascript" src="js/deployJava.js"></script> + <style type="text/css" media="all">@import "css/applet.css";</style> + + <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"> + <META HTTP-EQUIV="EXPIRES" CONTENT="Mon, 22 Jul 2002 11:12:01 GMT"> + <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> + </head> + <% + String locale = request.getParameter("locale"); + if (locale == null) { + String acceptLanguage = request.getHeader("Accept-Language"); + locale = AcceptLanguage.getLocale(acceptLanguage).toString(); + } + String widthP = request.getParameter("appletWidth"); + String heightP = request.getParameter("appletHeight"); + int width = (widthP == null) ? 295 + : Integer.parseInt(widthP); + int height = (heightP == null) ? 200 + : Integer.parseInt(heightP); + String guiStyle = request.getParameter("appletGuiStyle"); + if (guiStyle == null) { + guiStyle = "advanced"; + } + String backgroundImg = request.getParameter("appletBackground"); + %> + <body id="appletpage" style="width:<%=width%>" onFocus="focusToApplet()"> + <script> + + // avoid selection of applet before it is completely loaded + var allowSelectionByJS = false; + + if (!deployJava.versionCheck('1.6.0_04+')) { + document + .write('<b>Diese Anwendung benötigt die Java Platform Version 1.6.0_04 oder höher.</b>' + '<input type="submit" value="Java Platform 1.6.0_02 installieren" onclick="deployJava.installLatestJRE();">'); + } else { + var attributes = { + codebase :'applet', + code : 'at.gv.egiz.bku.online.applet.PINManagementApplet.class', + archive : 'BKUAppletExt.jar, commons-logging.jar, iaik_jce_me4se.jar', + width : <%=width%>, + height :<%=height%>, + name : 'moccaapplet', + id : 'moccaapplet' + }; + var parameters = { + GuiStyle : '<%=guiStyle%>', + Locale : '<%=locale%>', + Background : '<%=backgroundImg%>', + HelpURL : '../help/', + SessionID : '<%=request.getSession().getId()%>', + RedirectURL : '../', + RedirectTarget: '_parent', + EnforceRecommendedPINLength: 'true' + }; + var version = '1.6.0_04'; + deployJava.runApplet(attributes, parameters, version); + } + </script> + </body> + + <script> + + function focusToApplet() { + + //alert('try to set focus to applet'); + if (document != null && document.moccaapplet != null && allowSelectionByJS) { + + //alert('set focus to applet.'); + document.moccaapplet.getFocusFromBrowser(); + return true; + } + allowSelectionByJS = true; + } + + function focusToBrowser() { + + // put focus to window + // focus can be assigned to an arbitrary focusable field on the embedding website as well + self.focus(); + + } + + </script> + +</html> diff --git a/BKUOnline/src/main/webapp/SLRequestForm.html b/BKUOnline/src/main/webapp/SLRequestForm.html new file mode 100644 index 00000000..2de652a7 --- /dev/null +++ b/BKUOnline/src/main/webapp/SLRequestForm.html @@ -0,0 +1,215 @@ +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> + <head> + <title>Security-Layer v1.2 Request Formular</title> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> + <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"> + <script language="JavaScript" type="text/javascript"> + <!-- + function setAppletDimension(width, height) + { + document.forms.slform.appletWidth.value=width; + document.forms.slform.appletHeight.value=height; + } + function setNOPRequest() { + document.forms.slform.XMLRequest.value='<?xml version="1.0" encoding="UTF-8"?><NullOperationRequest xmlns="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>'; + } + + //--> + </script> + <style type="text/css" media="all">@import "css/main.css";</style> + <style type="text/css"> + fieldset { + padding: 1em; + margin: 1em; + font: 80%/ 1 sans-serif; + background-color: #F2EFE9; + padding-left: 5em; + } + + fieldset.submit { + float: none; + width: auto; + border: 0 none #FFF; + padding-left: 14em; + border-style: none; + background-color: transparent; + } + + label { + float: left; + width: 8em; + margin-right: 0.5em; + padding-top: 0.2em; + text-align: right; + font-weight: bold; + color: #000; + padding-top: 0.2em; + } + + legend { + border: 1px solid; + padding: 2px 6px + } + </style> + + </head> + <body> + <h1>Security-Layer v1.2 Request Formular</h1> + <p> + <form action="./http-security-layer-request" method="Post" + enctype="application/x-www-form-urlencoded" name="slform"> + <!--input name="locale" value="es_MX" type="hidden" /--> + <fieldset><legend>Enter XML Request</legend> + <p><label for="XMLRequest">XML Request</label> <textarea + name="XMLRequest" rows=15 cols="60" id="XMLRequest"> +<?xml version="1.0" encoding="UTF-8"?> +<sl:CreateXMLSignatureRequest + xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"> +<sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier> + <sl:DataObjectInfo Structure="detached"> + <sl:DataObject Reference="test.txt"> + <sl:XMLContent>Ich bin ein einfacher Text.</sl:XMLContent> + </sl:DataObject> + <sl:TransformsInfo> + <sl:FinalDataMetaInfo> + <sl:MimeType>text/plain</sl:MimeType> + </sl:FinalDataMetaInfo> + </sl:TransformsInfo> + </sl:DataObjectInfo> +</sl:CreateXMLSignatureRequest> + </textarea></p> + <!-- +<?xml version="1.0" encoding="UTF-8" ?> +<sl:InfoboxReadRequest + xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"> + <sl:InfoboxIdentifier>IdentityLink</sl:InfoboxIdentifier> + <sl:BinaryFileParameters ContentIsXMLEntity="true" /> +</sl:InfoboxReadRequest> +--> +<!-- +<?xml version="1.0" encoding="UTF-8"?> +<sl:CreateXMLSignatureRequest + xmlns:sl="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"> + <sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier> + <sl:DataObjectInfo Structure="enveloping"> + <sl:DataObject> + <sl:XMLContent>Ich bin ein einfacher Text. llöäü߀</sl:XMLContent> + </sl:DataObject> + <sl:TransformsInfo> + <sl:FinalDataMetaInfo> + <sl:MimeType>text/plain</sl:MimeType> + </sl:FinalDataMetaInfo> + </sl:TransformsInfo> + </sl:DataObjectInfo> + <sl:DataObjectInfo Structure="enveloping"> + <sl:DataObject> + <sl:XMLContent> +<html xmlns="http://www.w3.org/1999/xhtml"> + <head> + <title>TestXHTML</title> + <style type="text/css" media="screen"> + .heading { font-size: large; font-weight: bold; } + .content1 { } + .content2 { font-style: italic; } + .content3 { font-family: serif; } + .footer { font-size: small; } + </style> + </head> + <body> + <h3 class="heading">Heading3 large bold llöäü߀</h3> + <p class="content1">Ich bin ein einfacher Text. llöäü߀</p> + <p class="content2">Ich bin ein einfacher Text. llöäü߀</p> + <p class="content3">Ich bin ein einfacher Text. llöäü߀</p> + <p class="footer">Ich bin ein einfacher Text. llöäü߀</p> + </body> +</html> + </sl:XMLContent> + </sl:DataObject> + <sl:TransformsInfo> + <sl:FinalDataMetaInfo> + <sl:MimeType>application/xhtml+xml</sl:MimeType> + </sl:FinalDataMetaInfo> + </sl:TransformsInfo> + </sl:DataObjectInfo> +</sl:CreateXMLSignatureRequest> +--> +<!-- +<?xml version='1.0' encoding='UTF-8'?> +<sl10:InfoboxUpdateRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/1.2#'> + <sl10:InfoboxIdentifier>CardChannel</sl10:InfoboxIdentifier> + <sl10:BinaryFileParameters> + <sl10:XMLContent> + <Script> + <Reset cold='true' /> + <CommandAPDU sequence='1' of='2' expectedSW='9000'>00A4000C023F00</CommandAPDU> + <CommandAPDU sequence='2' of='2' expectedSW='9000'>00B0820000</CommandAPDU> + </Script> + </sl10:XMLContent> + </sl10:BinaryFileParameters> +</sl10:InfoboxUpdateRequest> +--> + </fieldset> + <fieldset><legend>Request Parameters</legend> + <p> + <label for="appletGuiStyle">GUI Style</label> + <input type="radio" name="appletGuiStyle" value="tiny" onclick="setAppletDimension(152, 145)">tiny + <input type="radio" name="appletGuiStyle" value="simple" checked="checked" onclick="setAppletDimension(190,130)">simple + <input type="radio" name="appletGuiStyle" value="advanced" onclick="setAppletDimension(300, 180)">advanced + </p> + + <p><label for="appletWidth">Applet Width</label> <input + name="appletWidth" value="190" id="appletWidth"> + <p><label for="appletHeight">Applet Height</label> <input + name="appletHeight" value="130" id="appletHeight"> + <p><label for="appletBackground">Applet Background</label> <input + name="appletBackground" value="" id="appletBackground"> + <p><label for="appletBackgroundColor">Applet Background Color</label> <input + name="appletBackgroundColor" value="" id="appletBackgroundColor"> + </p> + + <p> + <label for="appletPage">Applet Page</label> + <input type="radio" name="appletPage" value="BKUApplet" checked="checked">Default + <input type="radio" name="appletPage" value="BKUAppletAlternative">Alternative + </p> +<!-- + <p> + <label for="appletExtension">Extension</label> + <input type="radio" name="appletExtension" value="activation" onclick="setInfoboxUpdateRequest()">Activation + <input type="radio" name="appletExtension" value="pin" onclick="setAppletDimension(400, 200)">PIN Management + </p> +--> + +<!-- + <p><label for="RedirectURL">RedirectURL</label> <input + name="RedirectURL" value="" id="RedirectURL"></p> + <p><label for="DataURL">DataURL</label> <input name="DataURL" + value="" id="DataURL"></p> + <p><label for="StylesheetURL">StylesheetURL</label> <input + name="StylesheetURL" value="" id="StylesheetURL"></p> + <p> +--> + + </fieldset> + <fieldset class="submit"><input type="submit" class="submit"/></fieldset> + </form> + + </body> +</html> diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml new file mode 100644 index 00000000..fb3cae63 --- /dev/null +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -0,0 +1,134 @@ +<?xml version="1.0" encoding="UTF-8"?>
+ <!--
+ Copyright 2008 Federal Chancellery Austria and Graz University of
+ Technology Licensed under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance with the
+ License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0 Unless required by
+ applicable law or agreed to in writing, software distributed under the
+ License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+ CONDITIONS OF ANY KIND, either express or implied. See the License for
+ the specific language governing permissions and limitations under the
+ License.
+ -->
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
+
+ <bean id="STALFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"
+ scope="singleton" />
+
+ <bean id="accessController"
+ class="at.gv.egiz.bku.online.accesscontroller.SpringSecurityManager"
+ scope="singleton" init-method="init">
+ <property name="config" ref="configurator" />
+ </bean>
+
+ <bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
+ <property name="securityManager" ref="accessController" />
+ </bean>
+
+ <bean id="slCommandFactory" class="at.gv.egiz.bku.slcommands.SLCommandFactory"
+ factory-method="getInstance">
+ <property name="concreteFactories">
+ <map>
+ <entry key-ref="nullOperationRequest" value-ref="nullOperationCommandFactory"/>
+ <entry key-ref="infoboxReadRequest" value-ref="infoboxReadCommandFactory"/>
+ <entry key-ref="infoboxUpdateRequest" value-ref="infoboxUpdateCommandFactory"/>
+ <entry key-ref="createXMLSignatureRequest" value-ref="createXMLSignatureCommandFactory"/>
+ <entry key-ref="getStatusRequest" value-ref="getStatusCommandFactory"/>
+ </map>
+ </property>
+ </bean>
+
+ <bean id="nullOperationCommandFactory" class="at.gv.egiz.bku.slcommands.impl.NullOperationCommandFactory"/>
+ <bean id="nullOperationRequest" class="javax.xml.namespace.QName">
+ <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+ <constructor-arg value="NullOperationRequest"/>
+ </bean>
+ <bean id="infoboxReadCommandFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandFactory">
+ <property name="infoboxFactory" ref="infoboxFactory"/>
+ </bean>
+ <bean id="infoboxReadRequest" class="javax.xml.namespace.QName">
+ <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+ <constructor-arg value="InfoboxReadRequest"/>
+ </bean>
+ <bean id="infoboxUpdateCommandFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandFactory">
+ <property name="infoboxFactory" ref="infoboxFactory"/>
+ </bean>
+ <bean id="infoboxUpdateRequest" class="javax.xml.namespace.QName">
+ <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+ <constructor-arg value="InfoboxUpdateRequest"/>
+ </bean>
+ <bean id="createXMLSignatureCommandFactory" class="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandFactory"/>
+ <bean id="createXMLSignatureRequest" class="javax.xml.namespace.QName">
+ <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+ <constructor-arg value="CreateXMLSignatureRequest"/>
+ </bean>
+ <bean id="getStatusCommandFactory" class="at.gv.egiz.bku.slcommands.impl.GetStatusCommandFactory"/>
+ <bean id="getStatusRequest" class="javax.xml.namespace.QName">
+ <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+ <constructor-arg value="GetStatusRequest"/>
+ </bean>
+
+ <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory">
+ <property name="infoboxFactories">
+ <map>
+ <entry key="Certificates" value-ref="certificatesInfoboxFactory"/>
+ <entry key="IdentityLink" value-ref="identityLinkInfoboxFactory"/>
+ <entry key="CardChannel" value-ref="cardChannelInfoboxFactory"/>
+ <entry key="SV-Personendaten" value-ref="svPersonendatenInfoboxFactory"/>
+ </map>
+ </property>
+ </bean>
+
+ <bean id="certificatesInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxFactory"/>
+ <bean id="identityLinkInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxFactory"/>
+ <bean id="cardChannelInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxFactory"/>
+ <bean id="svPersonendatenInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxFactory"/>
+
+
+ <bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
+ scope="singleton">
+ <constructor-arg ref="STALFactory"></constructor-arg>
+ <constructor-arg ref="commandInvoker"></constructor-arg>
+ <constructor-arg ref="configuration"></constructor-arg>
+ </bean>
+
+ <!-- TODO DataURL bean with configuration injected -->
+
+ <bean
+ class="org.springframework.web.context.support.ServletContextAttributeExporter">
+ <property name="attributes">
+ <map>
+ <entry key="bindingProcessorManager">
+ <ref bean="bindingProcessorManager" />
+ </entry>
+ </map>
+ </property>
+ </bean>
+
+ <!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
+
+
+ <bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
+ init-method="configure" scope="singleton">
+ <property name="resource"
+ value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties" />
+ <property name="certValidator" ref="certValidator"></property>
+ </bean>
+
+ <!-- Shutdown Event handler -->
+ <bean id="shutdown" class="at.gv.egiz.bku.online.webapp.ShutdownHandler">
+ <property name="bindingProcessorManager" ref="bindingProcessorManager"></property>
+ </bean>
+
+ <!-- Begin MOCCA Configuration [REFACTORED]
+ | Configuration beans (no conf properties file) should be injected directly
+ | to module configurators (at.gv.egiz.bku.X.conf.Configuration).
+ | Currently, only configuration items are considered.
+ |-->
+ <import resource="mocca-conf.xml"/>
+
+</beans>
\ No newline at end of file diff --git a/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml b/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml new file mode 100644 index 00000000..5c96dc58 --- /dev/null +++ b/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml @@ -0,0 +1,51 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- + | User configuration file. (defaultConf.properties is migrated to this file) +--> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd"> + + <!-- BKU Common (ie. main) Configuration --> + <bean id="configuration" class="at.gv.egiz.bku.conf.Configuration"> + <property name="maxDataUrlHops" value="50"/> + + <!-- TODO refactor DataURL and inject this bkuCommonConfig to DataURL --> + <!-- TODO inject bkuCommonConfig to SpringBKUServlet and SpringSecurityManager + | and replace SpringConfigurator --> + <!-- used to construct the User-Agent HTTP header + <property name="implementationName" value="MOCCA"/> + <property name="implementationVersion" value="1.0"/--> + </bean> + + <!-- + | ReaderFactory configuration not available in Applet + | + <bean id="smccConfiguration" class="at.gv.egiz.smcc.conf.SMCCConfiguration"> + <property name="disablePinpad" value="true"/> + </bean> + + <bean id="readerFactory" class="at.gv.egiz.smcc.reader.ReaderFactory"> + <property name="configuration" ref="smccConfiguration"/> + </bean> + |--> + +</beans> diff --git a/BKUOnline/src/main/webapp/WEB-INF/sun-jaxws.xml b/BKUOnline/src/main/webapp/WEB-INF/sun-jaxws.xml new file mode 100644 index 00000000..02d632eb --- /dev/null +++ b/BKUOnline/src/main/webapp/WEB-INF/sun-jaxws.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- + Description: tomcat deployement +--> + +<endpoints + xmlns="http://java.sun.com/xml/ns/jax-ws/ri/runtime" + version="2.0"> + + <endpoint + name="STALService" + interface="at.gv.egiz.stal.service.STALPortType" + implementation="at.gv.egiz.stal.service.impl.STALServiceImpl" + wsdl="WEB-INF/wsdl/stal.wsdl" + service="{http://www.egiz.gv.at/wsdl/stal}STALService" + port="{http://www.egiz.gv.at/wsdl/stal}STALPort" + url-pattern="/stal" /> + +</endpoints> diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 00000000..41cd400f --- /dev/null +++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,129 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and Graz University of + Technology Licensed under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance with the + License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 Unless required by + applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the + License. + --> +<web-app id="bkuonline" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> + <display-name>http-security-layer-request</display-name> + + <!-- Begin Spring Config --> + <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>/WEB-INF/applicationContext.xml</param-value> + </context-param> + <listener> + <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> + </listener> + <!-- End Spring Config --> + + <!-- Begin BKU Config --> + <listener> + <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class> + </listener> + <listener> + <listener-class>com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class> + </listener> + <servlet> + <servlet-name>BKUServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class> + </servlet> + <servlet> + <servlet-name>ResultServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class> + <init-param> + <param-name>responseEncoding</param-name> + <param-value>UTF-8</param-value> + </init-param> + <init-param> + <param-name>expiredPage</param-name> + <!-- FIXME --> + <param-value>expired.html</param-value> + </init-param> + </servlet> + <servlet> + <servlet-name>BKUApplet</servlet-name> + <jsp-file>/applet.jsp</jsp-file> + </servlet> + <servlet> + <servlet-name>STALService</servlet-name> + <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/http-security-layer-request</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/https-security-layer-request</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>ResultServlet</servlet-name> + <url-pattern>/bkuResult</url-pattern> + </servlet-mapping> + + <!-- + | Configure alternative applet pages that may be requested + | via the 'appletPage' form parameter (cf. SLRequestForm.html) + <servlet> + <servlet-name>BKUAppletAlternative</servlet-name> + <jsp-file>/appletAlternative.jsp</jsp-file> + </servlet--> + + <!-- + | To disable applet caching load the applet via the AppletDispatcher + | (cf. applet.jsp) + <servlet> + <servlet-name>AppletDispatcher</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.AppletDispatcher</servlet-class> + </servlet> + <servlet-mapping> + <servlet-name>AppletDispatcher</servlet-name> + <url-pattern>/applet/dispatch/*</url-pattern> + </servlet-mapping--> + + <!-- End BKU Config --> + + <!-- Begin BKU Web Start Config + | (activate 'include-webstart' profile) + <servlet> + <servlet-name>JnlpDownloadServlet</servlet-name> + <servlet-class>jnlp.sample.servlet.JnlpDownloadServlet</servlet-class> + <init-param> + <param-name>logLevel</param-name> + <param-value>DEBUG</param-value> + </init-param> + <init-param> + <param-name>logPath</param-name> + <param-value>logs/jnlpdownloadservlet.log</param-value> + </init-param> + </servlet> + + <servlet-mapping> + <servlet-name>JnlpDownloadServlet</servlet-name> + <url-pattern>/webstart/*</url-pattern> + </servlet-mapping> + --> + <!-- End BKU Web Start Config --> + + <servlet-mapping> + <servlet-name>STALService</servlet-name> + <url-pattern>/stal</url-pattern> + </servlet-mapping> + <session-config> + <session-timeout>5</session-timeout> + </session-config> + <welcome-file-list> + <welcome-file>index.html</welcome-file> + <welcome-file>index.jsp</welcome-file> + </welcome-file-list> +</web-app> diff --git a/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.wsdl b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.wsdl new file mode 100644 index 00000000..dc7ad8f1 --- /dev/null +++ b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.wsdl @@ -0,0 +1,105 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<definitions name="stal" targetNamespace="http://www.egiz.gv.at/wsdl/stal" + xmlns="http://schemas.xmlsoap.org/wsdl/" + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:tns="http://www.egiz.gv.at/wsdl/stal" + xmlns:stal="http://www.egiz.gv.at/stal" + xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"> + <types> + <xsd:schema targetNamespace="http://www.egiz.gv.at/wsdl/stal"> + <xsd:import namespace="http://www.egiz.gv.at/stal" schemaLocation="stal.xsd"/> + <!--xsd:import namespace="http://www.egiz.gv.at/stal" schemaLocation="stal-extended.xsd"/--> + </xsd:schema> + <!-- test + <xsd:schema targetNamespace="http://www.egiz.gv.at/wsdl/stal-extended"> + <xsd:import namespace="http://www.buergerkarte.at/cardchannel" schemaLocation="CardChannel.xsd"/> + </xsd:schema--> + </types> + <message name="ConnectRequest"> + <part name="part1" element="stal:SessionId"/> + </message> + <message name="NextRequestRequest"> + <part name="part1" element="stal:GetNextRequest"/> + </message> + <message name="NextRequestResponse"> + <part name="part1" element="stal:GetNextRequestResponse"/> + </message> + <message name="GetHashDataInputRequest"> + <part name="part1" element="stal:GetHashDataInput"/> + </message> + <message name="GetHashDataInputResponse"> + <part name="part1" element="stal:GetHashDataInputResponse"/> + </message> + <message name="GetHashDataInputFault"> + <part name="part1" element="stal:GetHashDataInputFault"/> + </message> + <portType name="STALPortType"> + <operation name="connect"> + <input name="input3" message="tns:ConnectRequest"/> + <output name="output3" message="tns:NextRequestResponse"/> + </operation> + <operation name="nextRequest"> + <input name="input1" message="tns:NextRequestRequest"/> + <output name="output1" message="tns:NextRequestResponse"/> + </operation> + <operation name="getHashDataInput"> + <input name="input2" message="tns:GetHashDataInputRequest"/> + <output name="output2" message="tns:GetHashDataInputResponse"/> + <fault name="fault1" message="tns:GetHashDataInputFault"/> + </operation> + </portType> + <binding name="STALBinding" type="tns:STALPortType"> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <operation name="connect"> + <input name="input3"> + <soap:body use="literal"/> + </input> + <output name="output3"> + <soap:body use="literal"/> + </output> + </operation> + <operation name="nextRequest"> + <soap:operation/> + <input name="input1"> + <soap:body use="literal"/> + </input> + <output name="output1"> + <soap:body use="literal"/> + </output> + </operation> + <operation name="getHashDataInput"> + <soap:operation/> + <input name="input2"> + <soap:body use="literal"/> + </input> + <output name="output2"> + <soap:body use="literal"/> + </output> + <fault name="fault1"> + <soap:fault name="fault1"/> + </fault> + </operation> + </binding> + <service name="STALService"> + <port name="STALPort" binding="tns:STALBinding"> + <soap:address location="http://localhost:${HttpDefaultPort}/stal"/> + </port> + </service> +</definitions> diff --git a/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd new file mode 100644 index 00000000..a420035f --- /dev/null +++ b/BKUOnline/src/main/webapp/WEB-INF/wsdl/stal.xsd @@ -0,0 +1,168 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.egiz.gv.at/stal" + xmlns:tns="http://www.egiz.gv.at/stal" + elementFormDefault="qualified"> + <element name="SessionId" type="string"/> + <element name="GetNextRequest" type="tns:GetNextRequestType"/> + <element name="GetNextRequestResponse" type="tns:GetNextRequestResponseType"/> + <element name="GetHashDataInput" type="tns:GetHashDataInputType"/> + <element name="GetHashDataInputResponse" type="tns:GetHashDataInputResponseType"/> + <element name="GetHashDataInputFault" type="tns:GetHashDataInputFaultType"/> + <complexType name="GetNextRequestType"> + <!-- abstract Request/Response type not supported by JAX-WS 2.0 (jdk < 1.6.0_04) + <sequence> + <element name="Response" type="tns:ResponseType" minOccurs="0" maxOccurs="unbounded"/> + </sequence--> + <choice maxOccurs="unbounded"> + <element name="InfoboxReadResponse" type="tns:InfoboxReadResponseType"/> + <element name="SignResponse" type="tns:SignResponseType"/> + <element name="ErrorResponse" type="tns:ErrorResponseType"/> + <element name="StatusResponse" type="tns:StatusResponseType"/> + </choice> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="ResponseType" abstract="true" /> + <complexType name="InfoboxReadResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <sequence> + <element name="InfoboxValue" type="base64Binary"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="SignResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <sequence> + <element name="SignatureValue" type="base64Binary"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="ErrorResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <sequence> + <element name="ErrorCode" type="int"/> + <element name="ErrorMessage" type="string"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="StatusResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <attribute name="cardReady" type="boolean" /> + </extension> + </complexContent> + </complexType> + <complexType name="GetNextRequestResponseType"> + <!-- abstract Request/Response type not supported by JAX-WS 2.0 (jdk < 1.6.0_04) + <sequence> + <element name="Request" type="tns:RequestType" minOccurs="0" maxOccurs="unbounded"/> + </sequence--> + <choice maxOccurs="unbounded"> + <element name="InfoboxReadRequest" type="tns:InfoboxReadRequestType"/> + <element name="SignRequest" type="tns:SignRequestType"/> + <element name="QuitRequest" type="tns:QuitRequestType"/> + <element name="StatusRequest" type="tns:StatusRequestType"/> + </choice> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="RequestType" abstract="true"/> + <complexType name="InfoboxReadRequestType"> + <complexContent> + <extension base="tns:RequestType"> + <sequence> + <element name="InfoboxIdentifier"> + <simpleType> + <restriction base="string"> + <enumeration value="Certificates"/> + <enumeration value="IdentityLink"/> + <enumeration value="Mandates"/> + </restriction> + </simpleType> + </element> + <element name="DomainIdentifier" type="anyURI" minOccurs="0"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="SignRequestType"> + <complexContent> + <extension base="tns:RequestType"> + <sequence> + <element name="KeyIdentifier"> + <simpleType> + <restriction base="string"> + <enumeration value="SecureSignatureKeypair"/> + <enumeration value="CertifiedKeypair"/> + </restriction> + </simpleType> + </element> + <element name="SignedInfo" type="base64Binary"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="QuitRequestType"> + <complexContent> + <extension base="tns:RequestType"/> + </complexContent> + </complexType> + <complexType name="StatusRequestType"> + <complexContent> + <extension base="tns:RequestType"/> + </complexContent> + </complexType> + <complexType name="GetHashDataInputType"> + <sequence> + <element name="Reference" maxOccurs="unbounded"> + <complexType> + <attribute name="ID" type="string"/> + </complexType> + </element> + </sequence> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="GetHashDataInputResponseType"> + <sequence> + <element name="Reference" maxOccurs="unbounded"> + <complexType> + <simpleContent> + <extension base="base64Binary"> + <attribute name="ID" type="string"/> + <attribute name="MimeType" type="string" use="optional"/> + <attribute name="Encoding" type="string" use="optional"/> + <attribute name="Filename" type="string" use="optional"/> + </extension> + </simpleContent> + </complexType> + </element> + </sequence> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="GetHashDataInputFaultType"> + <sequence> + <element name="ErrorCode" type="int"/> + <element name="ErrorMessage" type="string"/> + </sequence> + </complexType> +</schema> diff --git a/BKUOnline/src/main/webapp/applet.jsp b/BKUOnline/src/main/webapp/applet.jsp new file mode 100644 index 00000000..582bee7e --- /dev/null +++ b/BKUOnline/src/main/webapp/applet.jsp @@ -0,0 +1,111 @@ +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<%@ page language="java" contentType="text/html; charset=UTF-8" + pageEncoding="UTF-8" + import="at.gv.egiz.bku.online.webapp.AppletDispatcher, org.apache.commons.lang.RandomStringUtils, org.apache.commons.lang.StringEscapeUtils" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + <title>MOCCA Applet</title> + <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"> + <script type="text/javascript" src="js/deployJava.js"></script> + <style type="text/css" media="all">@import "css/applet.css";</style> + + <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE"> + <META HTTP-EQUIV="EXPIRES" CONTENT="Mon, 22 Jul 2002 11:12:01 GMT"> + <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> + </head> + <% + String locale = StringEscapeUtils.escapeJavaScript( + (String) session.getAttribute("locale")); + + int width = session.getAttribute("appletWidth") == null ? 190 + : (Integer) session.getAttribute("appletWidth"); + int height = session.getAttribute("appletHeight") == null ? 130 + : (Integer) session.getAttribute("appletHeight"); + String backgroundImg = StringEscapeUtils.escapeJavaScript( + session.getAttribute("appletBackground") == null + ? "../img/chip32.png" + : (String) session.getAttribute("appletBackground")); + String backgroundColor = StringEscapeUtils.escapeJavaScript( + (String) session.getAttribute("appletBackgroundColor")); + String guiStyle = StringEscapeUtils.escapeJavaScript( + (String) session.getAttribute("appletGuiStyle")); + + String sessionId = StringEscapeUtils.escapeJavaScript(session.getId()); + + String extension = (String) session.getAttribute("appletExtension"); + String appletClass, appletArchive; + if ("activation".equalsIgnoreCase(extension)) { + appletArchive = "BKUAppletExt"; + appletClass = "at.gv.egiz.bku.online.applet.ActivationApplet.class"; + } else if ("pin".equalsIgnoreCase(extension)) { + appletArchive = "BKUAppletExt"; + appletClass = "at.gv.egiz.bku.online.applet.PINManagementApplet.class"; + } else { + appletArchive = "BKUApplet"; + appletClass = "at.gv.egiz.bku.online.applet.BKUApplet.class"; + } + + // disable applet caching + boolean disableAppletCaching = false; + String codebase = "applet"; + + if (disableAppletCaching) { + // run in AppletDispatcher context and + // append random alphanumeric string to avoid applet caching + // TODO prepend ../ to all xxxURL applet paramaters + codebase += "/" + AppletDispatcher.DISPATCH_CTX; + String rand = AppletDispatcher.RAND_PREFIX + + RandomStringUtils.randomAlphanumeric(16); + appletArchive += rand; + } + + %> + <body id="appletpage" style="width:<%=width%>px"> + <script type="text/javascript"> + if (!deployJava.versionCheck('1.6.0_04+')) { + document.write('<p>Diese Anwendung benötigt Version 6 Update 4 oder höher der <a href="" onclick="deployJava.installLatestJRE();">Java™ Laufzeitumgebung</a>.</p>'); + } else { + var attributes = { + codebase :'<%=codebase%>', + code : '<%=appletClass%>', + archive : '<%=appletArchive +".jar, commons-logging.jar, iaik_jce_me4se.jar"%>', + width : <%=width%>, + height :<%=height%>, + name : 'moccaapplet', + id : 'moccaapplet' + }; + var parameters = { + GuiStyle : '<%=guiStyle%>', + Locale : '<%=locale%>', + Background : '<%=backgroundImg%>', + BackgroundColor : '<%=backgroundColor%>', + WSDL_URL : '../stal;jsessionid=<%=sessionId%>?wsdl', + HelpURL : '../help/', + SessionID : '<%=sessionId%>', + RedirectURL : '../bkuResult', + RedirectTarget: '_parent', + EnforceRecommendedPINLength: 'true' + }; + deployJava.runApplet(attributes, parameters, '1.6.0_04'); + } + </script> + </body> +</html> diff --git a/BKUOnline/src/main/webapp/css/applet.css b/BKUOnline/src/main/webapp/css/applet.css new file mode 100644 index 00000000..d2c734a1 --- /dev/null +++ b/BKUOnline/src/main/webapp/css/applet.css @@ -0,0 +1,15 @@ +root { + display: block; +} + +body { + background: #ffffff; + /*background-image: url(../img/mocca-t_s.png);*/ + padding: 0; + margin: 0; + border-style: none; + /* + width:<%=width%> + */ +} + diff --git a/BKUOnline/src/main/webapp/css/appletAlternative.css b/BKUOnline/src/main/webapp/css/appletAlternative.css new file mode 100644 index 00000000..ce11f1b2 --- /dev/null +++ b/BKUOnline/src/main/webapp/css/appletAlternative.css @@ -0,0 +1,12 @@ +root { + display: block; +} + +body { + background: #ffffff; + background-image: url(../img/mocca-t_s.png); + padding: 0; + margin: 0; + border-style: none; +} + diff --git a/BKUOnline/src/main/webapp/css/main.css b/BKUOnline/src/main/webapp/css/main.css new file mode 100644 index 00000000..b6d6e906 --- /dev/null +++ b/BKUOnline/src/main/webapp/css/main.css @@ -0,0 +1,55 @@ +/* +Document : main +Created on : 27.02.2009, 10:24:41 +Author : clemens +Description: +Purpose of the stylesheet follows. +*/ + +/* +TODO customize this sample style +Syntax recommendation http://www.w3.org/TR/REC-CSS2/ +*/ + +root { + display: block; +} + +body { + font-family: sans-serif; + font-size: 14px; +} + +h1 { + font-size: 16px; +} + +.disabled { + /* for IE */ + filter:alpha(opacity=60); + /* CSS3 standard */ + opacity:0.4; +} + +.box { + margin-top: 10px; + color: #292929; + width: 250px; + border: 1px solid #BABABA; + background-color: #ddd; + padding-left: 10px; + padding-right: 10px; + margin-left: 10px; + margin-bottom: 1em; + -o-border-radius: 10px; + -moz-border-radius: 12px; + -webkit-border-radius: 10px; + -webkit-box-shadow: 0px 3px 7px #adadad; + border-radius: 10px; + -moz-box-sizing: border-box; + -opera-sizing: border-box; + -webkit-box-sizing: border-box; + -khtml-box-sizing: border-box; + box-sizing: border-box; + overflow: hidden; +}
\ No newline at end of file diff --git a/BKUOnline/src/main/webapp/errorresponse.css b/BKUOnline/src/main/webapp/errorresponse.css new file mode 100644 index 00000000..41402e71 --- /dev/null +++ b/BKUOnline/src/main/webapp/errorresponse.css @@ -0,0 +1,12 @@ +@CHARSET "UTF-8"; +sl\:ErrorResponse {margin: 0.5em; display: block;} +sl\:ErrorCode {display: inline;} +sl\:Info {display: inline;} + +ErrorResponse:lang(de):before {content: "Bei der Verarbeitung der Anfrage durch die Bürgerkartenumgebung ist ein Fehler aufgetreten: "; font-weight: bolder;} +ErrorResponse:before {content: "An error has occoured upon request processing by the citizen card software: "; font-weight: bold;} +ErrorResponse {margin: 0.5em; display: block;} +ErrorCode:lang(de):before {content: "Fehler-Code: ";} +ErrorCode:before {content: "Error Code: ";} +ErrorCode {display: block;} +Info {display: block;}
\ No newline at end of file diff --git a/BKUOnline/src/main/webapp/expired.html b/BKUOnline/src/main/webapp/expired.html new file mode 100644 index 00000000..2bb961f5 --- /dev/null +++ b/BKUOnline/src/main/webapp/expired.html @@ -0,0 +1,29 @@ +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> +<title>Session Expired</title> +</head> +<body> + <p> + Ihre Sitzung ist abgelaufen. + <!--Ein neuer BKU request kann im <a href="HTTP-ohne.html">Requestformular</a> erstellt werden.--> + </p> +</body> +</html>
\ No newline at end of file diff --git a/BKUOnline/src/main/webapp/img/chip16.ico b/BKUOnline/src/main/webapp/img/chip16.ico Binary files differnew file mode 100644 index 00000000..42175127 --- /dev/null +++ b/BKUOnline/src/main/webapp/img/chip16.ico diff --git a/BKUOnline/src/main/webapp/img/chip32.png b/BKUOnline/src/main/webapp/img/chip32.png Binary files differnew file mode 100644 index 00000000..e7efb020 --- /dev/null +++ b/BKUOnline/src/main/webapp/img/chip32.png diff --git a/BKUOnline/src/main/webapp/img/webstart.png b/BKUOnline/src/main/webapp/img/webstart.png Binary files differnew file mode 100644 index 00000000..87d1cf7b --- /dev/null +++ b/BKUOnline/src/main/webapp/img/webstart.png diff --git a/BKUOnline/src/main/webapp/index.html b/BKUOnline/src/main/webapp/index.html new file mode 100644 index 00000000..b39dafb7 --- /dev/null +++ b/BKUOnline/src/main/webapp/index.html @@ -0,0 +1,59 @@ +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> + <head> + <title>MOCCA</title> + <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> + <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"> + <link href="css/main.css" rel="stylesheet" type="text/css" /> + <script src="js/deployJava.js" type="text/javascript"></script> + <!--script src="http://java.com/js/deployJava.js" type="text/javascript"></script--> + </head> + <body> + <div id="animDiv" class="box"> + <p> + <h1>MOCCA Online</h1> + <p> + <a href="SLRequestForm.html">Security Layer Request</a> (demo request form) + </p> + <p> + <a href="PINManagement.jsp">PIN Management</a> (pin management applet) + </p> + <p> + <a href="stal">STAL Service</a> (web service endpoint) + </p> + </p> + </div> + + <!-- MOCCA Web Start + | (activate 'include-webstart' profile) + --> + <div id="animDiv" class="box"> + <p> + <h1>MOCCA Web Start</h1> + <p> + <script type="text/javascript"> + var url="webstart/mocca.jnlp" + deployJava.createWebStartLaunchButton(url, "1.6") + </script></p> + <p><a href="webstart/mocca.jnlp">MOCCA JNLP File</a> (requires MIME-type association)</p> + <p><a href="webstart/player.jnlp">Java Cache Viewer</a> (local installation)</p> + </p> + </div> + </body> +</html> diff --git a/BKUOnline/src/main/webapp/js/deployJava.js b/BKUOnline/src/main/webapp/js/deployJava.js new file mode 100644 index 00000000..e25902c0 --- /dev/null +++ b/BKUOnline/src/main/webapp/js/deployJava.js @@ -0,0 +1,925 @@ +/* + * Copyright (c) 2008 Sun Microsystems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of Sun Microsystems nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Added by EGIZ: + * This file contains workarounds to + * [#423] Firefox 3.0.11 bug #498132 causes applet loading failure + * (lines 95-99) + * [#424] Web Start loading via java plugin (Sun deployment script) fails on WinXP/Vista + * (lines 501-506) + * + * features: + * [#425] Disable WebStart Launch Button for MacOS + * (lines 492-504) + * + */ + +/* + * deployJava.js + * + * This file is part of the Deployment Toolkit. It provides functions for web + * pages to detect the presence of a JRE, install the latest JRE, and easily run + * applets or Web Start programs. Usage guide may be found at http://<TBD>/. + * + * The "live" copy of this file may be found at + * http://java.com/js/deployJava.js. + * You are encouraged to link directly to the live copy of the file. + * + * @version @(#)deployJava.js 1.13 08/10/28 + */ + +var deployJava = { + debug: null, + + myInterval: null, + preInstallJREList: null, + returnPage: null, + brand: null, + locale: null, + installType: null, + + EAInstallEnabled: false, + EarlyAccessURL: null, + + // GetJava page + getJavaURL: 'http://java.sun.com/webapps/getjava/BrowserRedirect?host=java.com', + + // Apple redirect page + appleRedirectPage: 'http://www.apple.com/support/downloads/', + + // mime-type of the DeployToolkit plugin object + mimeType: 'application/npruntime-scriptable-plugin;DeploymentToolkit', + + // location of the Java Web Start launch button graphic + launchButtonPNG: 'img/webstart.png', + + /** + * Returns an array of currently-installed JRE version strings. + * Version strings are of the form #.#[.#[_#]], with the function returning + * as much version information as it can determine, from just family + * versions ("1.4.2", "1.5") through the full version ("1.5.0_06"). + * + * Detection is done on a best-effort basis. Under some circumstances + * only the highest installed JRE version will be detected, and + * JREs older than 1.4.2 will not always be detected. + */ + getJREs: function() { + var list = new Array(); + if (deployJava.isPluginInstalled()) { + var plugin = deployJava.getPlugin(); + //[#423] Firefox 3.0.11 bug #498132 causes applet loading failure + var jvms = plugin.jvms; + for (var i = 0; i < jvms.getLength(); i++) { + list[i] = jvms.get(i).version; + } + } else { + var browser = deployJava.getBrowser(); + + if (browser == 'MSIE') { + if (deployJava.testUsingActiveX('1.8.0')) { + list[0] = '1.8.0'; + } else if (deployJava.testUsingActiveX('1.7.0')) { + list[0] = '1.7.0'; + } else if (deployJava.testUsingActiveX('1.6.0')) { + list[0] = '1.6.0'; + } else if (deployJava.testUsingActiveX('1.5.0')) { + list[0] = '1.5.0'; + } else if (deployJava.testUsingActiveX('1.4.2')) { + list[0] = '1.4.2'; + } else if (deployJava.testForMSVM()) { + list[0] = '1.1'; + } + } + else if (browser == 'Netscape Family') { + if (deployJava.testUsingMimeTypes('1.8')) { + list[0] = '1.8.0'; + } else if (deployJava.testUsingMimeTypes('1.7')) { + list[0] = '1.7.0'; + } else if (deployJava.testUsingMimeTypes('1.6')) { + list[0] = '1.6.0'; + } else if (deployJava.testUsingMimeTypes('1.5')) { + list[0] = '1.5.0'; + } else if (deployJava.testUsingMimeTypes('1.4.2')) { + list[0] = '1.4.2'; + } + } else if (browser == 'Safari') { + if (deployJava.testUsingPluginsArray('1.8.0')) { + list[0] = '1.8.0'; + } else if (deployJava.testUsingPluginsArray('1.7.0')) { + list[0] = '1.7.0'; + } else if (deployJava.testUsingPluginsArray('1.6.0')) { + list[0] = '1.6.0'; + } else if (deployJava.testUsingPluginsArray('1.5.0')) { + list[0] = '1.5.0'; + } else if (deployJava.testUsingPluginsArray('1.4.2')) { + list[0] = '1.4.2'; + } + } + } + + if (deployJava.debug) { + for (var i = 0; i < list.length; ++i) { + alert('We claim to have detected Java SE ' + list[i]); + } + } + + return list; + }, + + /** + * Triggers a JRE installation. The exact effect of triggering an + * installation varies based on platform, browser, and if the + * Deployment Toolkit plugin is installed. + * + * The requestVersion string is of the form #[.#[.#[_#]]][+|*], + * which includes strings such as "1.4", "1.5.0*", and "1.6.0_02+". + * A star (*) means "any version starting within this family" and + * a plus (+) means "any version greater or equal to this". + * "1.5.0*" * matches 1.5.0_06 but not 1.6.0_01, whereas + * "1.5.0+" matches both. + * + * If the Deployment Toolkit plugin is not present, this will just call + * deployJava.installLatestJRE(). + */ + installJRE: function(requestVersion) { + var ret = false; + if (deployJava.isPluginInstalled()) { + if (deployJava.getPlugin().installJRE(requestVersion)) { + deployJava.refresh(); + if (deployJava.returnPage != null) { + document.location = deployJava.returnPage; + } + return true; + } else { + return false; + } + } else { + return deployJava.installLatestJRE(); + } + }, + + + /** + * Triggers a JRE installation. The exact effect of triggering an + * installation varies based on platform, browser, and if the + * Deployment Toolkit plugin is installed. + * + * In the simplest case, the browser window will be redirected to the + * java.com JRE installation page, and (if possible) a redirect back to + * the current URL upon successful installation. The return redirect is + * not always possible, as the JRE installation may require the browser to + * be restarted. + * + * In the best case (when the Deployment Toolkit plugin is present), this + * function will immediately cause a progress dialog to be displayed + * as the JRE is downloaded and installed. + */ + installLatestJRE: function() { + if (deployJava.isPluginInstalled()) { + if (deployJava.getPlugin().installLatestJRE()) { + deployJava.refresh(); + if (deployJava.returnPage != null) { + document.location = deployJava.returnPage; + } + return true; + } else { + return false; + } + } else { + var browser = deployJava.getBrowser(); + var platform = navigator.platform.toLowerCase(); + if ((deployJava.EAInstallEnabled == 'true') && + (platform.indexOf('win') != -1) && + (deployJava.EarlyAccessURL != null)) { + + deployJava.preInstallJREList = deployJava.getJREs(); + if (deployJava.returnPage != null) { + deployJava.myInterval = + setInterval("deployJava.poll()", 3000); + } + + location.href = deployJava.EarlyAccessURL; + + // we have to return false although there may be an install + // in progress now, when complete it may go to return page + return false; + } else { + if (browser == 'MSIE') { + return deployJava.IEInstall(); + } else if ((browser == 'Netscape Family') && + (platform.indexOf('win32') != -1)) { + return deployJava.FFInstall(); + } else { + location.href = deployJava.getJavaURL + + ((deployJava.returnPage != null) ? + ('&returnPage=' + deployJava.returnPage) : '') + + ((deployJava.locale != null) ? + ('&locale=' + deployJava.locale) : '') + + ((deployJava.brand != null) ? + ('&brand=' + deployJava.brand) : ''); + } + // we have to return false although there may be an install + // in progress now, when complete it may go to return page + return false; + } + } + }, + + + /** + * Ensures that an appropriate JRE is installed and then runs an applet. + * minimumVersion is of the form #[.#[.#[_#]]], and is the minimum + * JRE version necessary to run this applet. minimumVersion is optional, + * defaulting to the value "1.1" (which matches any JRE). + * If an equal or greater JRE is detected, runApplet() will call + * writeAppletTag(attributes, parameters) to output the applet tag, + * otherwise it will call installJRE(minimumVersion + '+'). + * + * After installJRE() is called, the script will attempt to detect that the + * JRE installation has completed and begin running the applet, but there + * are circumstances (such as when the JRE installation requires a browser + * restart) when this cannot be fulfilled. + * + * As with writeAppletTag(), this function should only be called prior to + * the web page being completely rendered. Note that version wildcards + * (star (*) and plus (+)) are not supported, and including them in the + * minimumVersion will result in an error message. + */ + runApplet: function(attributes, parameters, minimumVersion) { + if (minimumVersion == 'undefined' || minimumVersion == null) { + minimumVersion = '1.1'; + } + + var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$"; + + var matchData = minimumVersion.match(regex); + + if (deployJava.returnPage == null) { + // if there is an install, come back here and run the applet + deployJava.returnPage = document.location; + } + + if (matchData != null) { + var browser = deployJava.getBrowser(); + if ((browser != '?') && (browser != 'Safari')) { + if (deployJava.versionCheck(minimumVersion + '+')) { + deployJava.writeAppletTag(attributes, parameters); + } else if (deployJava.installJRE(minimumVersion + '+')) { + // after successfull install we need to refresh page to pick + // pick up new plugin + deployJava.refresh(); + location.href = document.location; + deployJava.writeAppletTag(attributes, parameters); + } + } else { + // for unknown or Safari - just try to show applet + deployJava.writeAppletTag(attributes, parameters); + } + } else { + if (deployJava.debug) { + alert('Invalid minimumVersion argument to runApplet():' + + minimumVersion); + } + } + }, + + + /** + * Outputs an applet tag with the specified attributes and parameters, where + * both attributes and parameters are associative arrays. Each key/value + * pair in attributes becomes an attribute of the applet tag itself, while + * key/value pairs in parameters become <PARAM> tags. No version checking + * or other special behaviors are performed; the tag is simply written to + * the page using document.writeln(). + * + * As document.writeln() is generally only safe to use while the page is + * being rendered, you should never call this function after the page + * has been completed. + */ + writeAppletTag: function(attributes, parameters) { + var s = '<' + 'applet '; + for (var attribute in attributes) { + s += (' ' + attribute + '="' + attributes[attribute] + '"'); + } + s += '>'; + document.write(s); + + if (parameters != 'undefined' && parameters != null) { + var codebaseParam = false; + for (var parameter in parameters) { + if (parameter == 'codebase_lookup') { + codebaseParam = true; + } + s = '<param name="' + parameter + '" value="' + + parameters[parameter] + '">'; + document.write(s); + } + if (!codebaseParam) { + document.write('<param name="codebase_lookup" value="false">'); + } + } + document.write('<' + '/' + 'applet' + '>'); + }, + + + /** + * Returns true if there is a matching JRE version currently installed + * (among those detected by getJREs()). The versionPattern string is + * of the form #[.#[.#[_#]]][+|*], which includes strings such as "1.4", + * "1.5.0*", and "1.6.0_02+". + * A star (*) means "any version within this family" and a plus (+) means + * "any version greater or equal to the specified version". "1.5.0*" + * matches 1.5.0_06 but not 1.6.0_01, whereas "1.5.0+" matches both. + * + * If the versionPattern does not include all four version components + * but does not end with a star or plus, it will be treated as if it + * ended with a star. "1.5" is exactly equivalent to "1.5*", and will + * match any version number beginning with "1.5". + * + * If getJREs() is unable to detect the precise version number, a match + * could be ambiguous. For example if getJREs() detects "1.5", there is + * no way to know whether the JRE matches "1.5.0_06+". versionCheck() + * compares only as much of the version information as could be detected, + * so versionCheck("1.5.0_06+") would return true in in this case. + * + * Invalid versionPattern will result in a JavaScript error alert. + * versionPatterns which are valid but do not match any existing JRE + * release (e.g. "32.65+") will always return false. + */ + versionCheck: function(versionPattern) + { + var index = 0; + var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?(\\*|\\+)?$"; + + var matchData = versionPattern.match(regex); + + if (matchData != null) { + var familyMatch = true; + + var patternArray = new Array(); + + for (var i = 1; i < matchData.length; ++i) { + // browser dependency here. + // Fx sets 'undefined', IE sets '' string for unmatched groups + if ((typeof matchData[i] == 'string') && (matchData[i] != '')) { + patternArray[index] = matchData[i]; + index++; + } + } + + if (patternArray[patternArray.length-1] == '+') { + familyMatch = false; + patternArray.length--; + } else { + if (patternArray[patternArray.length-1] == '*') { + patternArray.length--; + } + } + + var list = deployJava.getJREs(); + for (var i = 0; i < list.length; ++i) { + if (deployJava.compareVersionToPattern(list[i], patternArray, + familyMatch)) { + return true; + } + } + + return false; + } else { + alert('Invalid versionPattern passed to versionCheck: ' + + versionPattern); + return false; + } + }, + + + /** + * Returns true if an installation of Java Web Start of the specified + * minimumVersion can be detected. minimumVersion is optional, and + * if not specified, '1.4.2' will be used. + * (Versions earlier than 1.4.2 may not be detected.) + */ + isWebStartInstalled: function(minimumVersion) { + + var browser = deployJava.getBrowser(); + if ((browser == '?') || (browser == 'Safari')) { + // we really don't know - better to try to use it than reinstall + return true; + } + + if (minimumVersion == 'undefined' || minimumVersion == null) { + minimumVersion = '1.4.2'; + } + + var retval = false; + var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$"; + var matchData = minimumVersion.match(regex); + + if (matchData != null) { + retval = deployJava.versionCheck(minimumVersion + '+'); + } else { + if (deployJava.debug) { + alert('Invalid minimumVersion argument to isWebStartInstalled(): ' + minimumVersion); + } + retval = deployJava.versionCheck('1.4.2+'); + } + return retval; + }, + + + /** + * Outputs a launch button for the specified JNLP URL. When clicked, the + * button will ensure that an appropriate JRE is installed and then launch + * the JNLP application. minimumVersion is of the form #[.#[.#[_#]]], and + * is the minimum JRE version necessary to run this JNLP application. + * minimumVersion is optional, and if it is not specified, '1.4.2' + * will be used. + * If an appropriate JRE or Web Start installation is detected, + * the JNLP application will be launched, otherwise installLatestJRE() + * will be called. + * + * After installLatestJRE() is called, the script will attempt to detect + * that the JRE installation has completed and launch the JNLP application, + * but there are circumstances (such as when the JRE installation + * requires a browser restart) when this cannot be fulfilled. + */ + createWebStartLaunchButton: function(jnlp, minimumVersion) { + + if (deployJava.returnPage == null) { + // if there is an install, come back and run the jnlp file + deployJava.returnPage = jnlp; + } + + var url = 'javascript:' + + 'if (!deployJava.isWebStartInstalled("' + + minimumVersion + '")) {' + + 'if (deployJava.installLatestJRE()) {' + + 'if (deployJava.launch("' + jnlp + '")) {}' + + '}' + + '} else {' + + 'if (deployJava.launch("' + jnlp + '")) {}' + + '}'; + + // [#425] Disable WebStart Launch Button for MacOS + if (navigator.appVersion.toLowerCase().indexOf("mac")!=-1 && + navigator.userAgent.toLowerCase().indexOf("os x 10_6")==-1 && + navigator.userAgent.toLowerCase().indexOf("os x 10.6")==-1 ) + { + document.write('<' + 'a disabled="disabled"' + + ' onMouseOver="window.status=\'\'; ' + + 'return true;"><' + 'img class="disabled"' + + 'src="' + deployJava.launchButtonPNG + '" ' + + 'border="0" /><' + '/' + 'a' + '>'); + } else { + document.write('<' + 'a href="' + url + + '" onMouseOver="window.status=\'\'; ' + + 'return true;"><' + 'img ' + + 'src="' + deployJava.launchButtonPNG + '" ' + + 'border="0" /><' + '/' + 'a' + '>'); + } + }, + + + /** + * Launch a JNLP application, (using the plugin if available) + */ + launch: function(jnlp) { + //[#424] Web Start loading via java plugin (Sun deployment script) fails on WinXP +// if (deployJava.isPluginInstalled()) { +// return deployJava.getPlugin().launch(jnlp); +// } else { + document.location=jnlp; + return true; +// } + }, + + + /* + * returns true if the ActiveX or XPI plugin is installed + */ + isPluginInstalled: function() { + var plugin = deployJava.getPlugin(); + if (plugin && plugin.jvms) { + return true; + } else { + return false; + } + }, + + /* + * returns true if the plugin is installed and AutoUpdate is enabled + */ + isAutoUpdateEnabled: function() { + if (deployJava.isPluginInstalled()) { + return deployJava.getPlugin().isAutoUpdateEnabled(); + } + return false; + }, + + /* + * sets AutoUpdate on if plugin is installed + */ + setAutoUpdateEnabled: function() { + if (deployJava.isPluginInstalled()) { + return deployJava.getPlugin().setAutoUpdateEnabled(); + } + return false; + }, + + /* + * sets the preferred install type : null, online, kernel + */ + setInstallerType: function(type) { + deployJava.installType = type; + if (deployJava.isPluginInstalled()) { + return deployJava.getPlugin().setInstallerType(type); + } + return false; + }, + + /* + * sets additional package list - to be used by kernel installer + */ + setAdditionalPackages: function(packageList) { + if (deployJava.isPluginInstalled()) { + return deployJava.getPlugin().setAdditionalPackages( + packageList); + } + return false; + }, + + /* + * sets preference to install Early Access versions if available + */ + setEarlyAccess: function(enabled) { + deployJava.EAInstallEnabled = enabled; + }, + + /* + * Determines if the next generation plugin (Plugin II) is default + */ + isPlugin2: function() { + if (deployJava.isPluginInstalled()) { + try { + return deployJava.getPlugin().isPlugin2(); + } catch (err) { + // older plugin w/o isPlugin2() function - just fall through + } + } + return false; + }, + + + getPlugin: function() { + deployJava.refresh(); + var ret = document.getElementById('deployJavaPlugin'); + return ret; + }, + + compareVersionToPattern: function(version, patternArray, familyMatch) { + var regex = "^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$"; + var matchData = version.match(regex); + + if (matchData != null) { + var index = 0; + var result = new Array(); + + for (var i = 1; i < matchData.length; ++i) { + if ((typeof matchData[i] == 'string') && (matchData[i] != '')) + { + result[index] = matchData[i]; + index++; + } + } + + var l = Math.min(result.length, patternArray.length); + + if (familyMatch) { + for (var i = 0; i < l; ++i) { + if (result[i] != patternArray[i]) return false; + } + + return true; + } else { + for (var i = 0; i < l; ++i) { + if (result[i] < patternArray[i]) { + return false; + } else if (result[i] > patternArray[i]) { + return true; + } + } + + return true; + } + } else { + return false; + } + }, + + + getBrowser: function() { + var browser = navigator.userAgent.toLowerCase(); + + if (deployJava.debug) { + alert('userAgent -> ' + browser); + } + + if ((navigator.vendor) && + (navigator.vendor.toLowerCase().indexOf('apple') != -1) && + (browser.indexOf('safari') != -1)) { + if (deployJava.debug) { + alert('We claim to have detected "Safari".'); + } + return 'Safari'; + } else if (browser.indexOf('msie') != -1) { + if (deployJava.debug) { + alert('We claim to have detected "IE".'); + } + return 'MSIE'; +// } else if ((browser.indexOf('konqueror') != -1)) { +// if (deployJava.debug) { +// alert('We claim to have detected "Konqueror".'); +// } + } else if ((browser.indexOf('mozilla') != -1) || + (browser.indexOf('firefox') != -1)) { + if (deployJava.debug) { + alert('We claim to have detected a Netscape family browser.'); + } + return 'Netscape Family'; + } else { + if (deployJava.debug) { + alert('We claim to have failed to detect a browser.'); + } + return '?'; + } + }, + + + testUsingActiveX: function(version) { + var objectName = 'JavaWebStart.isInstalled.' + version + '.0'; + + if (!ActiveXObject) { + if (deployJava.debug) { + alert ('Browser claims to be IE, but no ActiveXObject object?'); + } + return false; + } + + try { + return (new ActiveXObject(objectName) != null); + } catch (exception) { + return false; + } + }, + + + testForMSVM: function() { + var clsid = '{08B0E5C0-4FCB-11CF-AAA5-00401C608500}'; + + if (typeof oClientCaps != 'undefined') { + var v = oClientCaps.getComponentVersion(clsid, "ComponentID"); + if ((v == '') || (v == '5,0,5000,0')) { + return false; + } else { + return true; + } + } else { + return false; + } + }, + + + testUsingMimeTypes: function(version) { + if (!navigator.mimeTypes) { + if (deployJava.debug) { + alert ('Browser claims to be Netscape family, but no mimeTypes[] array?'); + } + return false; + } + + for (var i = 0; i < navigator.mimeTypes.length; ++i) { + s = navigator.mimeTypes[i].type; + var m = s.match(/^application\/x-java-applet\x3Bversion=(1\.8|1\.7|1\.6|1\.5|1\.4\.2)$/); + if (m != null) { + if (deployJava.compareVersions(m[1], version)) { + return true; + } + } + } + return false; + }, + + + testUsingPluginsArray: function(version) { + if ((!navigator.plugins) || (!navigator.plugins.length)) { + if (deployJava.debug) { + alert ('Browser claims to be Safari, but no plugins[] array?'); + } + return false; + } + + for (var i = 0; i < navigator.plugins.length; ++i) { + s = navigator.plugins[i].description; + + if (s.search(/^Java Switchable Plug-in/) != -1) { + return true; + } + + m = s.match(/^Java (1\.4\.2|1\.5|1\.6|1\.7).* Plug-in/); + if (m != null) { + if (deployJava.compareVersions(m[1], version)) return true; + } + } + return false; + }, + + IEInstall: function() { + + location.href = deployJava.getJavaURL + + ((deployJava.returnPage != null) ? + ('&returnPage=' + deployJava.returnPage) : '') + + ((deployJava.locale != null) ? + ('&locale=' + deployJava.locale) : '') + + ((deployJava.brand != null) ? ('&brand=' + deployJava.brand) : '') + + ((deployJava.installType != null) ? + ('&type=' + deployJava.installType) : ''); + + // should not actually get here + return false; + }, + + done: function (name, result) { + }, + + FFInstall: function() { + + location.href = deployJava.getJavaURL + + ((deployJava.returnPage != null) ? + ('&returnPage=' + deployJava.returnPage) : '') + + ((deployJava.locale != null) ? + ('&locale=' + deployJava.locale) : '') + + ((deployJava.brand != null) ? ('&brand=' + deployJava.brand) : '') + + ((deployJava.installType != null) ? + ('&type=' + deployJava.installType) : ''); + + // should not actually get here + return false; + }, + + // return true if 'installed' (considered as a JRE version string) is + // greater than or equal to 'required' (again, a JRE version string). + compareVersions: function(installed, required) { + + var a = installed.split('.'); + var b = required.split('.'); + + for (var i = 0; i < a.length; ++i) { + a[i] = Number(a[i]); + } + for (var i = 0; i < b.length; ++i) { + b[i] = Number(b[i]); + } + if (a.length == 2) { + a[2] = 0; + } + + if (a[0] > b[0]) return true; + if (a[0] < b[0]) return false; + + if (a[1] > b[1]) return true; + if (a[1] < b[1]) return false; + + if (a[2] > b[2]) return true; + if (a[2] < b[2]) return false; + + return true; + }, + + + enableAlerts: function() { + deployJava.debug = true; + }, + + poll: function() { + + deployJava.refresh(); + var postInstallJREList = deployJava.getJREs(); + + if ((deployJava.preInstallJREList.length == 0) && + (postInstallJREList.length != 0)) { + clearInterval(deployJava.myInterval); + if (deployJava.returnPage != null) { + location.href = deployJava.returnPage; + }; + } + + if ((deployJava.preInstallJREList.length != 0) && + (postInstallJREList.length != 0) && + (deployJava.preInstallJREList[0] != postInstallJREList[0])) { + clearInterval(deployJava.myInterval); + if (deployJava.returnPage != null) { + location.href = deployJava.returnPage; + } + } + + }, + + writePluginTag: function() { + var browser = deployJava.getBrowser(); + if (browser == 'MSIE') { + document.write('<' + + 'object classid="clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA" ' + + 'id="deployJavaPlugin" width="0" height="0">' + + '<' + '/' + 'object' + '>'); + } else if (browser == 'Netscape Family') { + if (navigator.mimeTypes != null) for (var i=0; + i < navigator.mimeTypes.length; i++) { + if (navigator.mimeTypes[i].type == deployJava.mimeType) { + if (navigator.mimeTypes[i].enabledPlugin) { + document.write('<' + + 'embed id="deployJavaPlugin" type="' + + deployJava.mimeType + '" hidden="true" />'); + } + } + } + } + }, + + refresh: function() { + navigator.plugins.refresh(false); + + var browser = deployJava.getBrowser(); + if (browser == 'Netscape Family') { + var plugin = document.getElementById('deployJavaPlugin'); + // only do this again if no plugin + if (plugin == null) { + if (navigator.mimeTypes != null) for (var i=0; + i < navigator.mimeTypes.length; i++) { + if (navigator.mimeTypes[i].type == deployJava.mimeType) { + if (navigator.mimeTypes[i].enabledPlugin) { + document.write('<' + + 'embed id="deployJavaPlugin" type="' + + deployJava.mimeType + '" hidden="true" />'); + } + } + } + } + } + }, + + do_initialize: function() { + deployJava.writePluginTag(); + if (deployJava.locale == null) { + var loc = null; + + if (loc == null) try { + loc = navigator.userLanguage; + } catch (err) { } + + if (loc == null) try { + loc = navigator.systemLanguage; + } catch (err) { } + + if (loc == null) try { + loc = navigator.language; + } catch (err) { } + + if (loc != null) { + loc.replace("-","_") + deployJava.locale = loc; + } + } + } + +}; +deployJava.do_initialize(); + diff --git a/BKUOnline/src/main/webapp/js/deployJava_orig.js b/BKUOnline/src/main/webapp/js/deployJava_orig.js new file mode 100644 index 00000000..316fa278 --- /dev/null +++ b/BKUOnline/src/main/webapp/js/deployJava_orig.js @@ -0,0 +1,725 @@ +/* + * Copyright (c) 2008 Sun Microsystems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of Sun Microsystems nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Added by EGIZ: + * This file contains workarounds to + * [#423] Firefox 3.0.11 bug #498132 causes applet loading failure + * (lines 95-99) + * [#424] Web Start loading via java plugin (Sun deployment script) fails on WinXP/Vista + * (lines 501-506) + * + * features: + * [#425] Disable WebStart Launch Button for MacOS + * (lines 492-504) + * + */ + +/* + * deployJava.js + * + * This file is part of the Deployment Toolkit. It provides functions for web + * pages to detect the presence of a JRE, install the latest JRE, and easily run + * applets or Web Start programs. Usage guide may be found at http://<TBD>/. + * + * The "live" copy of this file may be found at + * http://java.com/js/deployJava.js. + * You are encouraged to link directly to the live copy of the file. + * + * @version @(#)deployJava.js XXXXX + */ + +var deployJava={ + debug:null, + + myInterval:null, + preInstallJREList:null, + returnPage:null, + brand:null, + locale:null, + installType:null, + + EAInstallEnabled:false, + EarlyAccessURL:null, + + // GetJava page + getJavaURL:'http://java.sun.com/webapps/getjava/BrowserRedirect?host=java.com', + + // Apple redirect page + appleRedirectPage:'http://www.apple.com/support/downloads/', + oldMimeType:'application/npruntime-scriptable-plugin;DeploymentToolkit', + mimeType:'application/java-deployment-toolkit', + launchButtonPNG:'http://java.sun.com/products/jfc/tsc/articles/swing2d/webstart.png', + + getJREs:function(){ + var list=new Array(); + if(deployJava.isPluginInstalled()){ + var plugin=deployJava.getPlugin(); + var VMs=plugin.jvms; + for(var i=0;i<VMs.getLength();i++){ + list[i]=VMs.get(i).version; + } + }else{ + var browser=deployJava.getBrowser(); + + if(browser=='MSIE'){ + if(deployJava.testUsingActiveX('1.8.0')){ + list[0]='1.8.0'; + }else if(deployJava.testUsingActiveX('1.7.0')){ + list[0]='1.7.0'; + }else if(deployJava.testUsingActiveX('1.6.0')){ + list[0]='1.6.0'; + }else if(deployJava.testUsingActiveX('1.5.0')){ + list[0]='1.5.0'; + }else if(deployJava.testUsingActiveX('1.4.2')){ + list[0]='1.4.2'; + }else if(deployJava.testForMSVM()){ + list[0]='1.1'; + } + } + else if(browser=='Netscape Family'){ + if(deployJava.testUsingMimeTypes('1.8')){ + list[0]='1.8.0'; + }else if(deployJava.testUsingMimeTypes('1.7')){ + list[0]='1.7.0'; + }else if(deployJava.testUsingMimeTypes('1.6')){ + list[0]='1.6.0'; + }else if(deployJava.testUsingMimeTypes('1.5')){ + list[0]='1.5.0'; + }else if(deployJava.testUsingMimeTypes('1.4.2')){ + list[0]='1.4.2'; + } + }else if(browser=='Safari'){ + if(deployJava.testUsingPluginsArray('1.8.0')){ + list[0]='1.8.0'; + }else if(deployJava.testUsingPluginsArray('1.7.0')){ + list[0]='1.7.0'; + }else if(deployJava.testUsingPluginsArray('1.6.0')){ + list[0]='1.6.0'; + }else if(deployJava.testUsingPluginsArray('1.5.0')){ + list[0]='1.5.0'; + }else if(deployJava.testUsingPluginsArray('1.4.2')){ + list[0]='1.4.2'; + } + } + } + + if(deployJava.debug){ + for(var i=0;i<list.length;++i){ + alert('We claim to have detected Java SE '+list[i]); + } + } + + return list; + }, + + installJRE:function(requestVersion){ + var ret=false; + if(deployJava.isPluginInstalled()){ + if(deployJava.getPlugin().installJRE(requestVersion)){ + deployJava.refresh(); + if(deployJava.returnPage!=null){ + document.location=deployJava.returnPage; + } + return true; + }else{ + return false; + } + }else{ + return deployJava.installLatestJRE(); + } + }, + + installLatestJRE:function(){ + if(deployJava.isPluginInstalled()){ + if(deployJava.getPlugin().installLatestJRE()){ + deployJava.refresh(); + if(deployJava.returnPage!=null){ + document.location=deployJava.returnPage; + } + return true; + }else{ + return false; + } + }else{ + var browser=deployJava.getBrowser(); + var platform=navigator.platform.toLowerCase(); + if((deployJava.EAInstallEnabled=='true') && + (platform.indexOf('win')!=-1) && + (deployJava.EarlyAccessURL!=null)) { + + deployJava.preInstallJREList=deployJava.getJREs(); + if(deployJava.returnPage!=null){ + deployJava.myInterval= + setInterval("deployJava.poll()",3000); + } + + location.href=deployJava.EarlyAccessURL; + return false; + }else{ + if(browser=='MSIE'){ + return deployJava.IEInstall(); + }else if((browser=='Netscape Family')&& + (platform.indexOf('win32')!=-1)){ + return deployJava.FFInstall(); + }else{ + location.href=deployJava.getJavaURL+ + ((deployJava.returnPage!=null)? + ('&returnPage='+deployJava.returnPage):'')+ + ((deployJava.locale!=null)? + ('&locale='+deployJava.locale):'')+ + ((deployJava.brand!=null)? + ('&brand='+deployJava.brand):''); + } + return false; + } + } + }, + + runApplet:function(attributes,parameters,minimumVersion){ + if(minimumVersion=='undefined'||minimumVersion==null){ + minimumVersion='1.1'; + } + + var regex="^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$"; + + var matchData=minimumVersion.match(regex); + + if(deployJava.returnPage==null){ + deployJava.returnPage=document.location; + } + + if(matchData!=null){ + var browser=deployJava.getBrowser(); + if((browser!='?')&&(browser!='Safari')){ + if(deployJava.versionCheck(minimumVersion+'+')){ + deployJava.writeAppletTag(attributes,parameters); + }else if(deployJava.installJRE(minimumVersion+'+')){ + deployJava.refresh(); + location.href=document.location; + deployJava.writeAppletTag(attributes,parameters); + } + }else{ + deployJava.writeAppletTag(attributes,parameters); + } + }else{ + if(deployJava.debug){ + alert('Invalid minimumVersion argument to runApplet():'+ + minimumVersion); + } + } + }, + + writeAppletTag:function(attributes,parameters){ + var s='<'+'applet '; + for(var attribute in attributes){ + s+=(' '+attribute+'="'+attributes[attribute]+'"'); + } + s+='>'; + document.write(s); + + if(parameters!='undefined'&¶meters!=null){ + var codebaseParam=false; + for(var parameter in parameters){ + if(parameter=='codebase_lookup'){ + codebaseParam=true; + } + s='<param name="'+parameter+'" value="'+ + parameters[parameter]+'">'; + document.write(s); + } + if(!codebaseParam){ + document.write('<param name="codebase_lookup" value="false">'); + } + } + document.write('<'+'/'+'applet'+'>'); + }, + + versionCheck:function(versionPattern) + + { + var index=0; + var regex="^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?(\\*|\\+)?$"; + + var matchData=versionPattern.match(regex); + + if(matchData!=null){ + var familyMatch=true; + + var patternArray=new Array(); + + for(var i=1;i<matchData.length;++i){ + if((typeof matchData[i]=='string')&&(matchData[i]!='')){ + patternArray[index]=matchData[i]; + index++; + } + } + + if(patternArray[patternArray.length-1]=='+'){ + familyMatch=false; + patternArray.length--; + }else{ + if(patternArray[patternArray.length-1]=='*'){ + patternArray.length--; + } + } + + var list=deployJava.getJREs(); + for(var i=0;i<list.length;++i){ + if(deployJava.compareVersionToPattern(list[i],patternArray, + familyMatch)){ + return true; + } + } + + return false; + }else{ + alert('Invalid versionPattern passed to versionCheck: '+ + versionPattern); + return false; + } + }, + + isWebStartInstalled:function(minimumVersion){ + + var browser=deployJava.getBrowser(); + if((browser=='?')||(browser=='Safari')){ + return true; + } + + if(minimumVersion=='undefined'||minimumVersion==null){ + minimumVersion='1.4.2'; + } + + var retval=false; + var regex="^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$"; + var matchData=minimumVersion.match(regex); + + if(matchData!=null){ + retval=deployJava.versionCheck(minimumVersion+'+'); + }else{ + if(deployJava.debug){ + alert('Invalid minimumVersion argument to isWebStartInstalled(): '+minimumVersion); + } + retval=deployJava.versionCheck('1.4.2+'); + } + return retval; + }, + + createWebStartLaunchButton:function(jnlp,minimumVersion){ + + if(deployJava.returnPage==null){ + deployJava.returnPage=jnlp; + } + var url='javascript:'+'if (!deployJava.isWebStartInstalled("'+ + minimumVersion+'")) {'+'if (deployJava.installLatestJRE()) {'+'if (deployJava.launch("'+jnlp+'")) {}'+'}'+'} else {'+'if (deployJava.launch("'+jnlp+'")) {}'+'}';document.write('<'+'a href="'+url+'" onMouseOver="window.status=\'\'; '+'return true;"><'+'img '+'src="'+deployJava.launchButtonPNG+'" '+'border="0" /><'+'/'+'a'+'>'); + }, + + launch:function(jnlp){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().launch(jnlp); + }else{ + document.location=jnlp;return true; + } + }, + + isPluginInstalled:function(){ + var plugin=deployJava.getPlugin(); + if(plugin&&plugin.jvms){ + return true; + }else{ + return false; + } + }, + + isAutoUpdateEnabled:function(){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().isAutoUpdateEnabled(); + } + return false; + }, + + setAutoUpdateEnabled:function(){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().setAutoUpdateEnabled(); + } + return false; + }, + + setInstallerType:function(type){ + deployJava.installType=type; + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().setInstallerType(type); + } + return false; + }, + + setAdditionalPackages:function(packageList){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().setAdditionalPackages( + packageList); + } + return false; + }, + + setEarlyAccess:function(enabled){ + deployJava.EAInstallEnabled=enabled; + }, + + isPlugin2:function(){ + if(deployJava.isPluginInstalled()){ + if(deployJava.versionCheck('1.6.0_10+')){ + try{ + return deployJava.getPlugin().isPlugin2(); + }catch(err){ + + } + } + } + return false; + }, + + + getPlugin:function(){ + deployJava.refresh(); + var ret=document.getElementById('deployJavaPlugin'); + return ret; + }, + + compareVersionToPattern:function(version,patternArray,familyMatch){ + var regex="^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$"; + var matchData=version.match(regex); + + if(matchData!=null){ + var index=0; + var result=new Array(); + + for(var i=1;i<matchData.length;++i){ + if((typeof matchData[i]=='string')&&(matchData[i]!='')) + { + result[index]=matchData[i]; + index++; + } + } + + var l=Math.min(result.length,patternArray.length); + + if(familyMatch){ + for(var i=0;i<l;++i){ + if(result[i]!=patternArray[i])return false; + } + + return true; + }else{ + for(var i=0;i<l;++i){ + if(result[i]<patternArray[i]){ + return false; + }else if(result[i]>patternArray[i]){ + return true; + } + } + + return true; + } + }else{ + return false; + } + }, + + + getBrowser:function(){ + var browser=navigator.userAgent.toLowerCase(); + + if(deployJava.debug){ + alert('userAgent -> '+browser); + } + + if((navigator.vendor)&& + (navigator.vendor.toLowerCase().indexOf('apple')!=-1)&& + (browser.indexOf('safari')!=-1)){ + if(deployJava.debug){ + alert('We claim to have detected "Safari".'); + } + return'Safari'; + }else if(browser.indexOf('msie')!=-1){ + if(deployJava.debug){ + alert('We claim to have detected "IE".'); + } + return'MSIE'; + }else if((browser.indexOf('mozilla')!=-1)|| + (browser.indexOf('firefox')!=-1)){ + if(deployJava.debug){ + alert('We claim to have detected a Netscape family browser.'); + } + return'Netscape Family'; + }else{ + if(deployJava.debug){ + alert('We claim to have failed to detect a browser.'); + } + return'?'; + } + }, + + + testUsingActiveX:function(version){ + var objectName='JavaWebStart.isInstalled.'+version+'.0'; + + if(!ActiveXObject){ + if(deployJava.debug){ + alert('Browser claims to be IE, but no ActiveXObject object?'); + } + return false; + } + + try{ + return(new ActiveXObject(objectName)!=null); + }catch(exception){ + return false; + } + }, + + + testForMSVM:function(){ + var clsid='{08B0E5C0-4FCB-11CF-AAA5-00401C608500}'; + + if(typeof oClientCaps!='undefined'){ + var v=oClientCaps.getComponentVersion(clsid,"ComponentID"); + if((v=='')||(v=='5,0,5000,0')){ + return false; + }else{ + return true; + } + }else{ + return false; + } + }, + + + testUsingMimeTypes:function(version){ + if(!navigator.mimeTypes){ + if(deployJava.debug){ + alert('Browser claims to be Netscape family, but no mimeTypes[] array?'); + } + return false; + } + + for(var i=0;i<navigator.mimeTypes.length;++i){ + s=navigator.mimeTypes[i].type; + var m=s.match(/^application\/x-java-applet\x3Bversion=(1\.8|1\.7|1\.6|1\.5|1\.4\.2)$/); + if(m!=null){ + if(deployJava.compareVersions(m[1],version)){ + return true; + } + } + } + return false; + }, + + + testUsingPluginsArray:function(version){ + if((!navigator.plugins)||(!navigator.plugins.length)){ + return false; + } + var platform=navigator.platform.toLowerCase(); + for(var i=0;i<navigator.plugins.length;++i){ + s=navigator.plugins[i].description; + + if(s.search(/^Java Switchable Plug-in (Cocoa)/)!=-1){ + if(deployJava.compareVersions("1.5.0",version)){ + return true; + } + }else if(s.search(/^Java/)!=-1){ + if(platform.indexOf('win')!=-1){ + if(deployJava.compareVersions("1.5.0",version)||deployJava.compareVersions("1.6.0",version)){ + return true; + } + } + } + } + if(deployJava.compareVersions("1.5.0",version)){ + return true; + } + return false; + }, + + IEInstall:function(){ + + location.href=deployJava.getJavaURL+ + ((deployJava.returnPage!=null)? + ('&returnPage='+deployJava.returnPage):'')+ + ((deployJava.locale!=null)? + ('&locale='+deployJava.locale):'')+ + ((deployJava.brand!=null)?('&brand='+deployJava.brand):'')+ + ((deployJava.installType!=null)? + ('&type='+deployJava.installType):''); + return false; + }, + + done:function(name,result){ + }, + + FFInstall:function(){ + + location.href=deployJava.getJavaURL+ + ((deployJava.returnPage!=null)? + ('&returnPage='+deployJava.returnPage):'')+ + ((deployJava.locale!=null)? + ('&locale='+deployJava.locale):'')+ + ((deployJava.brand!=null)?('&brand='+deployJava.brand):'')+ + ((deployJava.installType!=null)? + ('&type='+deployJava.installType):''); + return false; + }, + + compareVersions:function(installed,required){ + + var a=installed.split('.'); + var b=required.split('.'); + + for(var i=0;i<a.length;++i){ + a[i]=Number(a[i]); + } + for(var i=0;i<b.length;++i){ + b[i]=Number(b[i]); + } + if(a.length==2){ + a[2]=0; + } + + if(a[0]>b[0])return true; + if(a[0]<b[0])return false; + + if(a[1]>b[1])return true; + if(a[1]<b[1])return false; + + if(a[2]>b[2])return true; + if(a[2]<b[2])return false; + + return true; + }, + + + enableAlerts:function(){ + deployJava.debug=true; + }, + + poll:function(){ + + deployJava.refresh(); + var postInstallJREList=deployJava.getJREs(); + + if((deployJava.preInstallJREList.length==0)&& + (postInstallJREList.length!=0)){ + clearInterval(deployJava.myInterval); + if(deployJava.returnPage!=null){ + location.href=deployJava.returnPage; + }; + } + + if((deployJava.preInstallJREList.length!=0)&& + (postInstallJREList.length!=0)&& + (deployJava.preInstallJREList[0]!=postInstallJREList[0])){ + clearInterval(deployJava.myInterval); + if(deployJava.returnPage!=null){ + location.href=deployJava.returnPage; + } + } + + }, + + writePluginTag:function(){ + var browser=deployJava.getBrowser(); + if(browser=='MSIE'){ + document.write('<'+ + 'object classid="clsid:CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA" '+ + 'id="deployJavaPlugin" width="0" height="0">'+ + '<'+'/'+'object'+'>'); + }else if(browser=='Netscape Family'){ + deployJava.writeEmbedTag(); + } + }, + + refresh:function(){ + navigator.plugins.refresh(false);var browser=deployJava.getBrowser();if(browser=='Netscape Family'){ + var plugin=document.getElementById('deployJavaPlugin');if(plugin==null){ + deployJava.writeEmbedTag(); + } + } + }, + + writeEmbedTag:function(){ + var written=false;if(navigator.mimeTypes!=null){ + for(var i=0;i<navigator.mimeTypes.length;i++){ + if(navigator.mimeTypes[i].type==deployJava.mimeType){ + if(navigator.mimeTypes[i].enabledPlugin){ + document.write('<'+'embed id="deployJavaPlugin" type="'+ + deployJava.mimeType+'" hidden="true" />');written=true; + } + } + } + if(!written)for(var i=0;i<navigator.mimeTypes.length;i++){ + if(navigator.mimeTypes[i].type==deployJava.oldMimeType){ + if(navigator.mimeTypes[i].enabledPlugin){ + document.write('<'+'embed id="deployJavaPlugin" type="'+ + deployJava.oldMimeType+'" hidden="true" />'); + } + } + } + } + }, + + do_initialize:function(){ + deployJava.writePluginTag(); + if(deployJava.locale==null){ + var loc=null; + + if(loc==null)try{ + loc=navigator.userLanguage; + }catch(err){} + + if(loc==null)try{ + loc=navigator.systemLanguage; + }catch(err){} + + if(loc==null)try{ + loc=navigator.language; + }catch(err){} + + if(loc!=null){ + loc.replace("-","_") + deployJava.locale=loc; + } + } + } + + }; + deployJava.do_initialize(); + diff --git a/BKUOnline/src/main/wsdl/CardChannel.xsd b/BKUOnline/src/main/wsdl/CardChannel.xsd new file mode 100644 index 00000000..81fd85db --- /dev/null +++ b/BKUOnline/src/main/wsdl/CardChannel.xsd @@ -0,0 +1,148 @@ +<?xml version="1.0" encoding="UTF-8"?> +<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema" + targetNamespace="http://www.buergerkarte.at/cardchannel" + xmlns:tns="http://www.buergerkarte.at/cardchannel" + elementFormDefault="qualified" + xmlns:stal="http://www.egiz.gv.at/stal"> + + <xs:import namespace="http://www.egiz.gv.at/stal" schemaLocation="stal-service.xsd"/> + + <xs:annotation> + <xs:documentation>Schema for transparent access to cards using a BKU and the CardChannel + infobox</xs:documentation> + </xs:annotation> + + <xs:element name="Script" type="tns:ScriptType" substitutionGroup="stal:OtherRequest"/> + <xs:element name="Response" type="tns:ResponseType" substitutionGroup="stal:OtherResponse"/> + <xs:element name="Grunddaten" type="tns:AttributeList"/> + <xs:element name="EHIC" type="tns:AttributeList"/> + <xs:element name="Status" type="tns:AttributeList"/> + <xs:element name="SV-Personenbindung" type="xs:hexBinary"/> + + <xs:complexType name="ScriptType"> + <xs:annotation> + <xs:documentation>extends abstract stal:RequestType</xs:documentation> + </xs:annotation> + <xs:complexContent> + <xs:extension base="stal:RequestType"> + <xs:annotation> + <xs:documentation>Contains the script to be executed by the BKU</xs:documentation> + </xs:annotation> + <xs:choice maxOccurs="unbounded" minOccurs="1"> + <xs:element name="Reset" type="tns:ResetType"/> + <xs:element name="CommandAPDU" type="tns:CommandAPDUType"/> + <xs:element name="VerifyAPDU" type="tns:VerifyAPDUType"/> + </xs:choice> + </xs:extension> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="ResponseType"> + <xs:annotation> + <xs:documentation>extends abstract stal:ResponseType</xs:documentation> + </xs:annotation> + <xs:complexContent> + <xs:extension base="stal:ResponseType"> + <xs:annotation> + <xs:documentation>Contains the result of the script executed by the + BKU</xs:documentation> + </xs:annotation> + <xs:choice maxOccurs="unbounded" minOccurs="1"> + <xs:element name="ATR" type="tns:ATRType"/> + <xs:element name="ResponseAPDU" type="tns:ResponseAPDUType"/> + </xs:choice> + </xs:extension> + </xs:complexContent> + </xs:complexType> + + <xs:complexType name="ResetType"> + <xs:annotation> + <xs:documentation>Reset the icc and sequence counter</xs:documentation> + </xs:annotation> + <xs:attribute name="cold" type="xs:boolean" default="true"/> + </xs:complexType> + + <xs:complexType name="CommandAPDUType"> + <xs:annotation> + <xs:documentation>Contains a sequence of bytes send as command APDU to the + icc</xs:documentation> + </xs:annotation> + <xs:simpleContent> + <xs:extension base="xs:hexBinary"> + <xs:attribute name="sequence" type="xs:positiveInteger" use="required"/> + <xs:attribute name="of" type="xs:positiveInteger" use="required"/> + <xs:attribute name="expectedSW" type="xs:hexBinary"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + + <xs:complexType name="VerifyAPDUType"> + <xs:annotation> + <xs:documentation>Contains a sequence of bytes send as command APDU to the icc after a + PIN entered by the user has been incorporated into the APDU</xs:documentation> + </xs:annotation> + <xs:simpleContent> + <xs:extension base="xs:hexBinary"> + <xs:attribute name="sequence" type="xs:positiveInteger" use="required"/> + <xs:attribute name="of" type="xs:positiveInteger" use="required"/> + <xs:attribute name="expectedSW" type="xs:hexBinary"/> + <xs:attribute name="message" type="xs:string" use="required"/> + <xs:attribute name="format" type="xs:hexBinary" use="required"/> + <xs:attribute name="offset" type="xs:nonNegativeInteger" use="required"/> + <xs:attribute name="timeout" type="xs:nonNegativeInteger" use="required"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + + <xs:complexType name="ATRType"> + <xs:annotation> + <xs:documentation>Contains the ATR received as reponse to a Reset + command</xs:documentation> + </xs:annotation> + <xs:simpleContent> + <xs:extension base="xs:hexBinary"> + <xs:attribute name="rc" type="xs:integer" default="0"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + + <xs:complexType name="ResponseAPDUType"> + <xs:annotation> + <xs:documentation>Contains a sequence of bytes received from the card as response + APDU</xs:documentation> + </xs:annotation> + <xs:simpleContent> + <xs:extension base="xs:hexBinary"> + <xs:attribute name="sequence" type="xs:positiveInteger" use="required"/> + <xs:attribute name="rc" type="xs:integer" default="0"/> + <xs:attribute name="SW" type="xs:hexBinary" default="9000"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + + <xs:complexType name="AttributeList"> + <xs:annotation> + <xs:documentation>Contains a list of attributes</xs:documentation> + </xs:annotation> + <xs:sequence> + <xs:element name="Attribute" type="tns:AttributeType" minOccurs="0" maxOccurs="unbounded"/> + </xs:sequence> + </xs:complexType> + + <xs:complexType name="AttributeType"> + <xs:annotation> + <xs:documentation>Contains an attribute converted from ASN.1</xs:documentation> + </xs:annotation> + <xs:sequence> + <xs:element name="Integer" type="xs:integer" minOccurs="0" maxOccurs="1"/> + <xs:element name="Latin1String" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="UTF8String" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="NumericString" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="PrintableString" type="xs:string" minOccurs="0" maxOccurs="1"/> + <xs:element name="GeneralizedTime" type="xs:dateTime" minOccurs="0" maxOccurs="1"/> + <xs:element name="Date" type="xs:string" minOccurs="0" maxOccurs="1"/> + </xs:sequence> + <xs:attribute name="oid" type="xs:string" use="required"/> + </xs:complexType> + +</xs:schema> diff --git a/BKUOnline/src/main/wsdl/stal-service.wsdl b/BKUOnline/src/main/wsdl/stal-service.wsdl new file mode 100644 index 00000000..3e6f5730 --- /dev/null +++ b/BKUOnline/src/main/wsdl/stal-service.wsdl @@ -0,0 +1,114 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<!-- + | This WSDL contains the original WSDL that was used to generate all classes in the STALService module + |--> +<definitions name="stal" targetNamespace="http://www.egiz.gv.at/wsdl/stal" + xmlns="http://schemas.xmlsoap.org/wsdl/" + xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" + xmlns:xsd="http://www.w3.org/2001/XMLSchema" + xmlns:tns="http://www.egiz.gv.at/wsdl/stal" + xmlns:stal="http://www.egiz.gv.at/stal" + xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" + xmlns:cc="http://www.buergerkarte.at/cardchannel"> + <types> + <xsd:schema targetNamespace="http://www.egiz.gv.at/wsdl/stal"> + <xsd:import namespace="http://www.egiz.gv.at/stal" schemaLocation="stal-service.xsd"/> + </xsd:schema> + <xsd:schema targetNamespace="http://www.egiz.gv.at/wsdl/stal-extended"> + <xsd:import namespace="http://www.buergerkarte.at/cardchannel" schemaLocation="CardChannel.xsd"/> + </xsd:schema> + </types> + <message name="ConnectRequest"> + <part name="part1" element="stal:SessionId"/> + </message> + <message name="NextRequestRequest"> + <part name="part1" element="stal:GetNextRequest"/> + </message> + <message name="NextRequestResponse"> + <part name="part1" element="stal:GetNextRequestResponse"/> + </message> + <message name="GetHashDataInputRequest"> + <part name="part1" element="stal:GetHashDataInput"/> + </message> + <message name="GetHashDataInputResponse"> + <part name="part1" element="stal:GetHashDataInputResponse"/> + </message> + <message name="GetHashDataInputFault"> + <part name="part1" element="stal:GetHashDataInputFault"/> + </message> + + <!-- + | Comment out the remainder of this WSDL + | if placing it into webapp/WEB-INF/wsdl/ + | in order not to interfere with the actual WSDL stal.wsdl + |--> + <portType name="STALPortType"> + <operation name="connect"> + <input name="input3" message="tns:ConnectRequest"/> + <output name="output3" message="tns:NextRequestResponse"/> + </operation> + <operation name="nextRequest"> + <input name="input1" message="tns:NextRequestRequest"/> + <output name="output1" message="tns:NextRequestResponse"/> + </operation> + <operation name="getHashDataInput"> + <input name="input2" message="tns:GetHashDataInputRequest"/> + <output name="output2" message="tns:GetHashDataInputResponse"/> + <fault name="fault1" message="tns:GetHashDataInputFault"/> + </operation> + </portType> + <binding name="STALBinding" type="tns:STALPortType"> + <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/> + <operation name="connect"> + <input name="input3"> + <soap:body use="literal"/> + </input> + <output name="output3"> + <soap:body use="literal"/> + </output> + </operation> + <operation name="nextRequest"> + <soap:operation/> + <input name="input1"> + <soap:body use="literal"/> + </input> + <output name="output1"> + <soap:body use="literal"/> + </output> + </operation> + <operation name="getHashDataInput"> + <soap:operation/> + <input name="input2"> + <soap:body use="literal"/> + </input> + <output name="output2"> + <soap:body use="literal"/> + </output> + <fault name="fault1"> + <soap:fault name="fault1"/> + </fault> + </operation> + </binding> + <service name="STALService"> + <port name="STALPort" binding="tns:STALBinding"> + <soap:address location="http://localhost:${HttpDefaultPort}/stal"/> + </port> + </service> +</definitions> diff --git a/BKUOnline/src/main/wsdl/stal-service.xsd b/BKUOnline/src/main/wsdl/stal-service.xsd new file mode 100644 index 00000000..177b9e7f --- /dev/null +++ b/BKUOnline/src/main/wsdl/stal-service.xsd @@ -0,0 +1,183 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Copyright 2008 Federal Chancellery Austria and + Graz University of Technology + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<schema xmlns="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.egiz.gv.at/stal" + xmlns:tns="http://www.egiz.gv.at/stal" + xmlns:cc="http://www.buergerkarte.at/cardchannel" + elementFormDefault="qualified"> + + <import namespace="http://www.buergerkarte.at/cardchannel" schemaLocation="CardChannel.xsd"/> + + <element name="SessionId" type="string"/> + <element name="GetNextRequest" type="tns:GetNextRequestType"/> + <element name="GetNextRequestResponse" type="tns:GetNextRequestResponseType"/> + <element name="GetHashDataInput" type="tns:GetHashDataInputType"/> + <element name="GetHashDataInputResponse" type="tns:GetHashDataInputResponseType"/> + <element name="GetHashDataInputFault" type="tns:GetHashDataInputFaultType"/> + + <!-- Abstract Request/Response to be substituted by extending schemata --> + <element name="OtherRequest" type="tns:RequestType" abstract="true"/> + <element name="OtherResponse" type="tns:ResponseType" abstract="true"/> + + <complexType name="GetNextRequestType"> + <!-- abstract Request/Response type not supported by JAX-WS 2.0 (jdk < 1.6.0_04) + <sequence> + <element name="Response" type="tns:ResponseType" minOccurs="0" maxOccurs="unbounded"/> + </sequence--> + <choice maxOccurs="unbounded"> + <element name="InfoboxReadResponse" type="tns:InfoboxReadResponseType"/> + <element name="SignResponse" type="tns:SignResponseType"/> + <element name="ErrorResponse" type="tns:ErrorResponseType"/> + <element name="StatusResponse" type="tns:StatusResponseType"/> + <element ref="tns:OtherResponse"/> + <!-- do not list cc:Script here, JAXB knows about substitution groups + <element ref="cc:Script"/--> + </choice> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="ResponseType" abstract="true" /> + <complexType name="InfoboxReadResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <sequence> + <element name="InfoboxValue" type="base64Binary"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="SignResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <sequence> + <element name="SignatureValue" type="base64Binary"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="ErrorResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <sequence> + <element name="ErrorCode" type="int"/> + <element name="ErrorMessage" type="string"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="StatusResponseType"> + <complexContent> + <extension base="tns:ResponseType"> + <attribute name="cardReady" type="boolean" /> + </extension> + </complexContent> + </complexType> + <complexType name="GetNextRequestResponseType"> + <!-- abstract Request/Response type not supported by JAX-WS 2.0 (jdk < 1.6.0_04) + <sequence> + <element name="Request" type="tns:RequestType" minOccurs="0" maxOccurs="unbounded"/> + </sequence--> + <choice maxOccurs="unbounded"> + <element name="InfoboxReadRequest" type="tns:InfoboxReadRequestType"/> + <element name="SignRequest" type="tns:SignRequestType"/> + <element name="QuitRequest" type="tns:QuitRequestType"/> + <element name="StatusRequest" type="tns:StatusRequestType"/> + <element ref="tns:OtherRequest"/> + <!-- do not list cc:Response here, JAXB knows about substitution groups + <element ref="cc:Response"/--> + </choice> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="RequestType" abstract="true"/> + <complexType name="InfoboxReadRequestType"> + <complexContent> + <extension base="tns:RequestType"> + <sequence> + <element name="InfoboxIdentifier"> + <simpleType> + <restriction base="string"> + <enumeration value="Certificates"/> + <enumeration value="IdentityLink"/> + <enumeration value="Mandates"/> + </restriction> + </simpleType> + </element> + <element name="DomainIdentifier" type="anyURI" minOccurs="0"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="SignRequestType"> + <complexContent> + <extension base="tns:RequestType"> + <sequence> + <element name="KeyIdentifier"> + <simpleType> + <restriction base="string"> + <enumeration value="SecureSignatureKeypair"/> + <enumeration value="CertifiedKeypair"/> + </restriction> + </simpleType> + </element> + <element name="SignedInfo" type="base64Binary"/> + </sequence> + </extension> + </complexContent> + </complexType> + <complexType name="QuitRequestType"> + <complexContent> + <extension base="tns:RequestType"/> + </complexContent> + </complexType> + <complexType name="StatusRequestType"> + <complexContent> + <extension base="tns:RequestType"/> + </complexContent> + </complexType> + <complexType name="GetHashDataInputType"> + <sequence> + <element name="Reference" maxOccurs="unbounded"> + <complexType> + <attribute name="ID" type="string"/> + </complexType> + </element> + </sequence> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="GetHashDataInputResponseType"> + <sequence> + <element name="Reference" maxOccurs="unbounded"> + <complexType> + <simpleContent> + <extension base="base64Binary"> + <attribute name="ID" type="string"/> + <attribute name="MimeType" type="string" use="optional"/> + <attribute name="Encoding" type="string" use="optional"/> + <attribute name="Filename" type="string" use="optional"/> + </extension> + </simpleContent> + </complexType> + </element> + </sequence> + <attribute name="SessionId" type="string"/> + </complexType> + <complexType name="GetHashDataInputFaultType"> + <sequence> + <element name="ErrorCode" type="int"/> + <element name="ErrorMessage" type="string"/> + </sequence> + </complexType> +</schema> |
