diff options
Diffstat (limited to 'BKUOnline/src/main')
18 files changed, 212 insertions, 99 deletions
diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java index 20320d8e..544bbc99 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java @@ -31,6 +31,7 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.HTTPBindingProcessor; import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.binding.IdFactory; import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; /** @@ -51,7 +52,8 @@ public class BKURequestHandler extends SpringBKUServlet { log.debug("Using locale: " + locale); HttpSession session = req.getSession(); if (session != null) { - session.invalidate(); + log.warn("Already a session with id: "+session.getId()+ " active, deleting this one"); + getBindingProcessorManager().removeBindingProcessor(IdFactory.getInstance().createId(session.getId())); } String id = req.getSession(true).getId(); log.debug("Using session id: " + id); diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java new file mode 100644 index 00000000..59766586 --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/HashDataInputServlet.java @@ -0,0 +1,96 @@ +package at.gv.egiz.bku.online.webapp;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+import java.io.OutputStreamWriter;
+import java.io.Reader;
+import java.io.Writer;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+import at.gv.egiz.bku.binding.BindingProcessor;
+import at.gv.egiz.bku.binding.Id;
+import at.gv.egiz.bku.binding.IdFactory;
+import at.gv.egiz.bku.slexceptions.SLRuntimeException;
+import at.gv.egiz.bku.utils.StreamUtil;
+import at.gv.egiz.stal.HashDataInput;
+import at.gv.egiz.stal.STAL;
+import at.gv.egiz.stal.service.impl.STALRequestBroker;
+import at.gv.egiz.stal.service.impl.STALRequestBrokerImpl;
+import at.gv.egiz.stal.service.impl.STALServiceImpl;
+
+public class HashDataInputServlet extends SpringBKUServlet {
+
+ private static Log log = LogFactory.getLog(HashDataInputServlet.class);
+
+ public HashDataInputServlet() {
+ }
+
+ private STALRequestBroker getSTAL(Id id) {
+ BindingProcessor bp = getBindingProcessorManager().getBindingProcessor(id);
+ if (bp == null) {
+ return null;
+ }
+ STAL stal = bp.getSTAL();
+ if (stal instanceof STALRequestBroker) {
+ return (STALRequestBroker) stal;
+ } else {
+ throw new SLRuntimeException("Unexpected STAL type");
+ }
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ if ((req.getSession() == null) && (req.getSession().getId() != null)) {
+ log.warn("Got request for hashdatainput without session info");
+ resp.sendRedirect("expired.html");
+ return;
+ }
+ Id sessionId = IdFactory.getInstance().createId(req.getSession().getId());
+ log.debug("Got request for hashdata for session " + sessionId);
+ STALRequestBroker rb = getSTAL(sessionId);
+ if (rb == null) {
+ log.info("STAL instance not found for session: " + sessionId);
+ resp.sendRedirect("expired.html");
+ return;
+ }
+ List<HashDataInput> hdi = rb.getHashDataInput();
+ log.debug("Got hashdata list with " + hdi.size() + " entries");
+ String param = req.getParameter("number");
+ int num = 0;
+ if (param != null) {
+ log.debug("Got request for hashdata#" + num);
+ num = Integer.parseInt(param);
+ }
+ if ((hdi.size() <= num) || (num < 0)){
+ log.warn("Requested hashdatainput exceeds listsize");
+ resp.sendError(-1);
+ return;
+ }
+ resp.setCharacterEncoding(req.getCharacterEncoding());
+ resp.setContentType(hdi.get(num).getMimeType());
+ String charSet = req.getCharacterEncoding();
+ if (charSet == null) {
+ charSet = "UTF-8";
+ }
+ Reader r = new InputStreamReader(hdi.get(num).getHashDataInput(), charSet);
+ Writer w = new OutputStreamWriter(resp.getOutputStream(), charSet);
+ StreamUtil.copyStream(r, w);
+ w.close();
+ return;
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ doGet(req, resp);
+ }
+
+}
diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java index 4aa5130a..074aff2d 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALRequestBrokerImpl.java @@ -32,6 +32,7 @@ import at.gv.egiz.stal.service.types.QuitRequestType; import at.gv.egiz.stal.service.types.RequestType; import at.gv.egiz.stal.service.types.ResponseType; import at.gv.egiz.stal.service.types.SignRequestType; +import at.gv.egiz.stal.util.HashDataInputProxy; import at.gv.egiz.stal.util.STALTranslator; import java.util.ArrayList; import java.util.Collections; @@ -108,7 +109,10 @@ public class STALRequestBrokerImpl implements STALRequestBroker { req.setKeyIdentifier(((SignRequest) stalRequest).getKeyIdentifier()); req.setSignedInfo(((SignRequest) stalRequest).getSignedInfo()); requests.add(req); - hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); + for (HashDataInput hdi : ((SignRequest) stalRequest).getHashDataInput()) { + hashDataInputs.add(new HashDataInputProxy(hdi)); + } + //hashDataInputs.addAll(((SignRequest) stalRequest).getHashDataInput()); break; } else if (stalRequest instanceof InfoboxReadRequest) { log.trace("Received InfoboxReadRequest"); diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer Binary files differnew file mode 100644 index 00000000..f9fef65f --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer Binary files differnew file mode 100644 index 00000000..36a442b8 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-02a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer Binary files differnew file mode 100644 index 00000000..ab9e0cd7 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-Qual-03a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer Binary files differnew file mode 100644 index 00000000..efa28178 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 00000000..33e77636 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/A-Trust-nQual-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer index ee859434..ee859434 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-SSL-03.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-SSL-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer index 7e67be95..7e67be95 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-03.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer index 0c68e593..0c68e593 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-01a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer index c300891d..c300891d 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-02a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-02a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer index 2251ca22..2251ca22 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-light-03.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-light-03.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer index 2d7f1a03..2d7f1a03 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-01a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-01a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer index 194d4d7c..194d4d7c 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/a-sign-corporate-medium-02a.cer +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/certs/certStore/tobeadded/a-sign-corporate-medium-02a.cer diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index 9766ae26..eebe36cd 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -28,18 +28,18 @@ AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessContr # directory where certificates for
# chain constructions can be placed
+#SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore
SSL.certDirectory=classpath:at/gv/egiz/bku/online/conf/certs/certStore
+
# Directory where trusted CA
# certificates are placed
SSL.caDirectory=classpath:at/gv/egiz/bku/online/conf/certs/CACerts
-
-SSL.doRevocationChecking=true
SSL.sslProtocol=TLS
-SSL.cache.lifetime=3600
-# use authority info access extension to find ca certs.
-SSL.useAIA=true
+# warning do not set the following property to true
+# its intended for debugging and testing only
+SSL.disableAllChecks=false
# ------------ END SSL Config --------------------
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index b074da59..4069cdc9 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -45,9 +45,13 @@ </bean>
<!-- Configure Configuration -->
+ <bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
+
+
<bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
init-method="configure" scope="singleton">
<property name="resource" value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties"/>
+ <property name="certValidator" ref="certValidator"></property>
</bean>
<!-- Shutdown Event handler -->
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml index 282d4db2..6b2ec35c 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/web.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml @@ -1,97 +1,104 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- - Copyright 2008 Federal Chancellery Austria and - Graz University of Technology + <!-- + Copyright 2008 Federal Chancellery Austria and Graz University of + Technology Licensed under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance with the + License. You may obtain a copy of the License at - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 Unless required by + applicable law or agreed to in writing, software distributed under the + License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR + CONDITIONS OF ANY KIND, either express or implied. See the License for + the specific language governing permissions and limitations under the + License. + --> +<web-app id="bkuonline" version="2.5" + xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> + <display-name>http-security-layer-request</display-name> - http://www.apache.org/licenses/LICENSE-2.0 + <!-- Begin Spring Config --> + <context-param> + <param-name>contextConfigLocation</param-name> + <param-value>/WEB-INF/applicationContext.xml</param-value> + </context-param> + <listener> + <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> + </listener> + <!-- End Spring Config --> - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---> -<web-app id="bkuonline" version="2.5" - xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> - <display-name>http-security-layer-request</display-name> - - <!-- Begin Spring Config --> - <context-param> - <param-name>contextConfigLocation</param-name> - <param-value>/WEB-INF/applicationContext.xml</param-value> - </context-param> - <listener> - <listener-class> - org.springframework.web.context.ContextLoaderListener - </listener-class> - </listener> - <!-- End Spring Config --> - - <!-- Begin BKU Config --> - <listener> - <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class> - </listener> - <servlet> - <servlet-name>BKUServlet</servlet-name> - <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class> - </servlet> - <servlet> - <servlet-name>ResultServlet</servlet-name> - <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class> - <init-param> - <param-name>responseEncoding</param-name> - <param-value>UTF-8</param-value> - </init-param> - <init-param> - <param-name>expiredPage</param-name> - <!-- FIXME --> - <param-value>expired.html</param-value> - </init-param> - </servlet> - <servlet-mapping> - <servlet-name>BKUServlet</servlet-name> - <url-pattern>/http-security-layer-request</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>BKUServlet</servlet-name> - <url-pattern>/https-security-layer-request</url-pattern> - </servlet-mapping> - <servlet-mapping> - <servlet-name>ResultServlet</servlet-name> - <url-pattern>/bkuResult</url-pattern> - </servlet-mapping> - <!-- End BKU Config --> - - - - <!-- Begin STAL Config --> - <listener> - <listener-class>com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class> - </listener> - <servlet> - <servlet-name>STALPort</servlet-name> - <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class> - <load-on-startup>1</load-on-startup> - </servlet> - <servlet-mapping> - <servlet-name>STALPort</servlet-name> - <url-pattern>/stal</url-pattern> - </servlet-mapping> - <!-- End STAL Config --> - <welcome-file-list> - <welcome-file>index.html</welcome-file> - <welcome-file>index.htm</welcome-file> - <welcome-file>index.jsp</welcome-file> - <welcome-file>default.html</welcome-file> - <welcome-file>default.htm</welcome-file> - <welcome-file>default.jsp</welcome-file> - </welcome-file-list> - <session-config> - <session-timeout>5</session-timeout> - </session-config> + <!-- Begin BKU Config --> + <listener> + <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class> + </listener> + <servlet> + <servlet-name>BKUServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class> + </servlet> + <servlet> + <servlet-name>ResultServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class> + <init-param> + <param-name>responseEncoding</param-name> + <param-value>UTF-8</param-value> + </init-param> + <init-param> + <param-name>expiredPage</param-name> + <!-- FIXME --> + <param-value>expired.html</param-value> + </init-param> + </servlet> + <servlet> + <servlet-name>HashDataInputServlet</servlet-name> + <servlet-class>at.gv.egiz.bku.online.webapp.HashDataInputServlet</servlet-class> + </servlet> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/http-security-layer-request</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>BKUServlet</servlet-name> + <url-pattern>/https-security-layer-request</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>ResultServlet</servlet-name> + <url-pattern>/bkuResult</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>HashDataInputServlet</servlet-name> + <url-pattern>/hashDataInput</url-pattern> + </servlet-mapping> + + + + + <!-- End BKU Config --> + + <!-- Begin STAL Config --> + <listener> + <listener-class> + com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class> + </listener> + <servlet> + <servlet-name>STALPort</servlet-name> + <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + <servlet-mapping> + <servlet-name>STALPort</servlet-name> + <url-pattern>/stal</url-pattern> + </servlet-mapping> + <!-- End STAL Config --> + + <welcome-file-list> + <welcome-file>index.html</welcome-file> + <welcome-file>index.htm</welcome-file> + <welcome-file>index.jsp</welcome-file> + <welcome-file>default.html</welcome-file> + <welcome-file>default.htm</welcome-file> + <welcome-file>default.jsp</welcome-file> + </welcome-file-list> + <session-config> + <session-timeout>5</session-timeout> + </session-config> </web-app>
\ No newline at end of file |