diff options
Diffstat (limited to 'BKUOnline/src')
4 files changed, 204 insertions, 189 deletions
| diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index 54dbfdea..d213dd36 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -1,19 +1,19 @@  /*
 -* Copyright 2008 Federal Chancellery Austria and
 -* Graz University of Technology
 -*
 -* Licensed under the Apache License, Version 2.0 (the "License");
 -* you may not use this file except in compliance with the License.
 -* You may obtain a copy of the License at
 -*
 -*     http://www.apache.org/licenses/LICENSE-2.0
 -*
 -* Unless required by applicable law or agreed to in writing, software
 -* distributed under the License is distributed on an "AS IS" BASIS,
 -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 -* See the License for the specific language governing permissions and
 -* limitations under the License.
 -*/
 + * Copyright 2008 Federal Chancellery Austria and
 + * Graz University of Technology
 + *
 + * Licensed under the Apache License, Version 2.0 (the "License");
 + * you may not use this file except in compliance with the License.
 + * You may obtain a copy of the License at
 + *
 + *     http://www.apache.org/licenses/LICENSE-2.0
 + *
 + * Unless required by applicable law or agreed to in writing, software
 + * distributed under the License is distributed on an "AS IS" BASIS,
 + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 + * See the License for the specific language governing permissions and
 + * limitations under the License.
 + */
  package at.gv.egiz.bku.online.conf;
  import java.io.File;
 @@ -52,183 +52,198 @@ import org.springframework.core.io.ResourceLoader;  import at.gv.egiz.bku.binding.DataUrl;
  import at.gv.egiz.bku.binding.DataUrlConnection;
  import at.gv.egiz.bku.slexceptions.SLRuntimeException;
 +import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory;
  public class SpringConfigurator extends Configurator implements
 -		ResourceLoaderAware {
 -
 -	private final static Log log = LogFactory.getLog(SpringConfigurator.class);
 -
 -	private ResourceLoader resourceLoader;
 -
 -	public void setResource(Resource resource) {
 -		log.debug("Loading config from: " + resource);
 -		if (resource != null) {
 -			Properties props = new Properties();
 -			try {
 -				props.load(resource.getInputStream());
 -				super.setConfiguration(props);
 -			} catch (IOException e) {
 -				log.error("Cannot load config", e);
 -			}
 -		} else {
 -		  log.warn("Cannot load properties, resource: "+resource);
 -		}
 -	}
 -
 -	public void configureVersion() {
 +    ResourceLoaderAware {
 +
 +  private final static Log log = LogFactory.getLog(SpringConfigurator.class);
 +
 +  private ResourceLoader resourceLoader;
 +
 +  public void setResource(Resource resource) {
 +    log.debug("Loading config from: " + resource);
 +    if (resource != null) {
 +      Properties props = new Properties();
 +      try {
 +        props.load(resource.getInputStream());
 +        super.setConfiguration(props);
 +      } catch (IOException e) {
 +        log.error("Cannot load config", e);
 +      }
 +    } else {
 +      log.warn("Cannot load properties, resource: " + resource);
 +    }
 +  }
 +
 +  public void configureVersion() {
      Properties p = new Properties();
      try {
 -      p.load(resourceLoader.getResource("META-INF/MANIFEST.MF").getInputStream());
 +      p.load(resourceLoader.getResource("META-INF/MANIFEST.MF")
 +          .getInputStream());
        String version = p.getProperty("Implementation-Build");
 -      properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, "citizen-card-environment/1.2 MOCCA "+version);
 +      properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY,
 +          "citizen-card-environment/1.2 MOCCA " + version);
        DataUrl.setConfiguration(properties);
 -      log.debug("Setting user agent to: "+properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
 +      log.debug("Setting user agent to: "
 +          + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY));
      } catch (IOException e) {
 -     log.error(e);
 +      log.error(e);
 +    }
 +  }
 +
 +  public void configure() {
 +    super.configure();
 +    configureSSL();
 +    configureVersion();
 +    configureNetwork();
 +  }
 +
 +  public void configureNetwork() {
 +    String proxyHost = getProperty("HTTPProxyHost");
 +    String proxyPort = getProperty("HTTPProxyPort");
 +    if (proxyPort == null) {
 +      proxyPort = "80";
 +    }
 +    if (proxyHost != null) {
 +      log.debug("Setting proxy server to: " + proxyHost + ":" + proxyPort);
 +      System.setProperty("http.proxyHost", proxyHost);
 +      System.setProperty("http.proxyPort", proxyPort);
 +    }
 +    log.debug("No proxy specified");
 +    String appletTimeout = getProperty("AppletTimeout");
 +    if ((appletTimeout != null)) {
 +      try {
 +        long ato = Long.parseLong(appletTimeout);
 +        RequestBrokerSTALFactory.setTimeout(ato);
 +      } catch (NumberFormatException nfe) {
 +        log.error("Cannot set Applettimeout", nfe);
 +      }
 +
 +    }
 +  }
 +
 +  private Set<TrustAnchor> getCACerts() throws IOException,
 +      CertificateException {
 +    Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
 +    String caDirectory = getProperty("SSL.caDirectory");
 +    if (caDirectory != null) {
 +      Resource caDirRes = resourceLoader.getResource(caDirectory);
 +      File caDir = caDirRes.getFile();
 +      if (!caDir.isDirectory()) {
 +        log.error("Expecting directory as SSL.caDirectory parameter");
 +        throw new SLRuntimeException(
 +            "Expecting directory as SSL.caDirectory parameter");
 +      }
 +      CertificateFactory cf = CertificateFactory.getInstance("X.509");
 +      for (File f : caDir.listFiles()) {
 +        try {
 +          FileInputStream fis = new FileInputStream(f);
 +          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
 +          fis.close();
 +          log.debug("Adding trusted cert " + cert.getSubjectDN());
 +          caCerts.add(new TrustAnchor(cert, null));
 +        } catch (Exception e) {
 +          log.error("Cannot add trusted ca", e);
 +        }
 +      }
 +      return caCerts;
 +
 +    } else {
 +      log.warn("No CA certificates configured");
      }
 +    return null;
 +  }
 +
 +  private CertStore getCertstore() throws IOException, CertificateException,
 +      InvalidAlgorithmParameterException, NoSuchAlgorithmException {
 +    String certDirectory = getProperty("SSL.certDirectory");
 +    if (certDirectory != null) {
 +      Resource certDirRes = resourceLoader.getResource(certDirectory);
 +
 +      File certDir = certDirRes.getFile();
 +      if (!certDir.isDirectory()) {
 +        log.error("Expecting directory as SSL.certDirectory parameter");
 +        throw new SLRuntimeException(
 +            "Expecting directory as SSL.certDirectory parameter");
 +      }
 +      List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
 +      CertificateFactory cf = CertificateFactory.getInstance("X.509");
 +      for (File f : certDir.listFiles()) {
 +        try {
 +          FileInputStream fis = new FileInputStream(f);
 +          X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
 +          certCollection.add(cert);
 +          fis.close();
 +          log
 +              .trace("Added following cert to certstore: "
 +                  + cert.getSubjectDN());
 +        } catch (Exception ex) {
 +          log.error("Cannot add certificate", ex);
 +        }
 +      }
 +      CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
 +          certCollection);
 +      return CertStore.getInstance("Collection", csp);
 +
 +    } else {
 +      log.warn("No certstore configured");
 +    }
 +    return null;
 +  }
 +
 +  public void configureSSL() {
 +    Set<TrustAnchor> caCerts = null;
 +    try {
 +      caCerts = getCACerts();
 +    } catch (Exception e1) {
 +      log.error("Cannot load CA certificates", e1);
 +    }
 +    CertStore certStore = null;
 +    try {
 +      certStore = getCertstore();
 +    } catch (Exception e1) {
 +      log.error("Cannot load certstore certificates", e1);
 +    }
 +    System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
 +    try {
 +      X509CertSelector selector = new X509CertSelector();
 +      PKIXBuilderParameters pkixParams;
 +      pkixParams = new PKIXBuilderParameters(caCerts, selector);
 +      if ((getProperty("SSL.doRevocationChecking") != null)
 +          && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
 +        log.info("Enable revocation checking");
 +        pkixParams.setRevocationEnabled(true);
 +        System.setProperty("com.sun.security.enableCRLDP", "true");
 +        Security.setProperty("ocsp.enable", "true");
 +      } else {
 +        log.warn("Revocation checking disabled");
 +        pkixParams.setRevocationEnabled(false);
 +      }
 +      pkixParams.addCertStore(certStore);
 +      ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
 +          pkixParams);
 +      TrustManagerFactory trustFab;
 +      try {
 +        trustFab = TrustManagerFactory.getInstance("PKIX");
 +        trustFab.init(trustParams);
 +        KeyManager[] km = null;
 +        SSLContext sslCtx = SSLContext
 +            .getInstance(getProperty("SSL.sslProtocol"));
 +        sslCtx.init(km, trustFab.getTrustManagers(), null);
 +        HttpsURLConnection
 +            .setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
 +      } catch (Exception e) {
 +        log.error("Cannot configure SSL", e);
 +      }
 +
 +    } catch (InvalidAlgorithmParameterException e) {
 +      log.error("Cannot configure SSL", e);
 +    }
 +  }
 +
 +  @Override
 +  public void setResourceLoader(ResourceLoader loader) {
 +    this.resourceLoader = loader;
    }
 -	
 -	
 -	public void configure() {
 -		super.configure();
 -		configureSSL();
 -		configureVersion();
 -		configureNetwork();
 -	}
 -
 -	public void configureNetwork() {
 -	  String proxyHost = getProperty("HTTPProxyHost");
 -	  String proxyPort = getProperty("HTTPProxyPort");
 -	  if (proxyPort == null) {
 -	    proxyPort = "80";
 -	  }
 -	  if (proxyHost != null) {
 -	    log.debug("Setting proxy server to: "+proxyHost+":"+proxyPort);
 -	    System.setProperty("http.proxyHost", proxyHost);
 -	    System.setProperty("http.proxyPort", proxyPort);
 -	  }
 -	  log.debug("No proxy specified");
 -	}
 -	
 -	private Set<TrustAnchor> getCACerts() throws IOException,
 -			CertificateException {
 -		Set<TrustAnchor> caCerts = new HashSet<TrustAnchor>();
 -		String caDirectory = getProperty("SSL.caDirectory");
 -		if (caDirectory != null) {
 -			Resource caDirRes = resourceLoader.getResource(caDirectory);
 -			File caDir = caDirRes.getFile();
 -			if (!caDir.isDirectory()) {
 -				log.error("Expecting directory as SSL.caDirectory parameter");
 -				throw new SLRuntimeException(
 -						"Expecting directory as SSL.caDirectory parameter");
 -			}
 -			CertificateFactory cf = CertificateFactory.getInstance("X.509");
 -			for (File f : caDir.listFiles()) {
 -				try {
 -					FileInputStream fis = new FileInputStream(f);
 -					X509Certificate cert = (X509Certificate) cf.generateCertificate(fis);
 -					fis.close();
 -					log.debug("Adding trusted cert " + cert.getSubjectDN());
 -					caCerts.add(new TrustAnchor(cert, null));
 -				} catch (Exception e) {
 -					log.error("Cannot add trusted ca", e);
 -				}
 -			}
 -			return caCerts;
 -
 -		} else {
 -			log.warn("No CA certificates configured");
 -		}
 -		return null;
 -	}
 -
 -	private CertStore getCertstore() throws IOException, CertificateException,
 -			InvalidAlgorithmParameterException, NoSuchAlgorithmException {
 -		String certDirectory = getProperty("SSL.certDirectory");
 -		if (certDirectory != null) {
 -			Resource certDirRes = resourceLoader.getResource(certDirectory);
 -
 -			File certDir = certDirRes.getFile();
 -			if (!certDir.isDirectory()) {
 -				log.error("Expecting directory as SSL.certDirectory parameter");
 -				throw new SLRuntimeException(
 -						"Expecting directory as SSL.certDirectory parameter");
 -			}
 -			List<X509Certificate> certCollection = new LinkedList<X509Certificate>();
 -			CertificateFactory cf = CertificateFactory.getInstance("X.509");
 -			for (File f : certDir.listFiles()) {
 -				try {
 -					FileInputStream fis = new FileInputStream(f);
 -					X509Certificate cert =(X509Certificate) cf.generateCertificate(fis);
 -					certCollection.add(cert);
 -					fis.close();
 -					log.trace("Added following cert to certstore: "+cert.getSubjectDN());
 -				} catch (Exception ex) {
 -					log.error("Cannot add certificate", ex);
 -				}
 -			}
 -			CollectionCertStoreParameters csp = new CollectionCertStoreParameters(
 -					certCollection);
 -			return CertStore.getInstance("Collection", csp);
 -
 -		} else {
 -			log.warn("No certstore configured");
 -		}
 -		return null;
 -	}
 -
 -	public void configureSSL() {
 -		Set<TrustAnchor> caCerts = null;
 -		try {
 -			caCerts = getCACerts();
 -		} catch (Exception e1) {
 -			log.error("Cannot load CA certificates", e1);
 -		}
 -		CertStore certStore = null;
 -		try {
 -			certStore = getCertstore();
 -		} catch (Exception e1) {
 -			log.error("Cannot load certstore certificates", e1);
 -		}
 -		System.setProperty("com.sun.security.enableAIAcaIssuers", "true");
 -		try {
 -			X509CertSelector selector = new X509CertSelector();
 -			PKIXBuilderParameters pkixParams;
 -			pkixParams = new PKIXBuilderParameters(caCerts, selector);
 -			if ((getProperty("SSL.doRevocationChecking") != null)
 -					&& (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) {
 -				log.info("Enable revocation checking");
 -				pkixParams.setRevocationEnabled(true);
 -				System.setProperty("com.sun.security.enableCRLDP", "true");
 -				Security.setProperty("ocsp.enable", "true");
 -			} else {
 -				log.warn("Revocation checking disabled");
 -				pkixParams.setRevocationEnabled(false);
 -			}
 -			pkixParams.addCertStore(certStore);
 -			ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters(
 -					pkixParams);
 -			TrustManagerFactory trustFab;
 -			try {
 -				trustFab = TrustManagerFactory.getInstance("PKIX");
 -				trustFab.init(trustParams);
 -				KeyManager[] km = null;
 -				SSLContext sslCtx = SSLContext
 -						.getInstance(getProperty("SSL.sslProtocol"));
 -				sslCtx.init(km, trustFab.getTrustManagers(), null);
 -				HttpsURLConnection
 -						.setDefaultSSLSocketFactory(sslCtx.getSocketFactory());
 -			} catch (Exception e) {
 -				log.error("Cannot configure SSL", e);
 -			}
 -
 -		} catch (InvalidAlgorithmParameterException e) {
 -			log.error("Cannot configure SSL", e);
 -		}
 -	}
 -
 -	@Override
 -	public void setResourceLoader(ResourceLoader loader) {
 -		this.resourceLoader = loader;
 -	}
  }
\ No newline at end of file diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java index bb552002..45ee67d0 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java @@ -32,7 +32,7 @@ import at.gv.egiz.stal.STALFactory;   */  public class RequestBrokerSTALFactory implements STALFactory { -  private long timeout; +  private static long timeout;      @Override      public STAL createSTAL() { @@ -43,7 +43,7 @@ public class RequestBrokerSTALFactory implements STALFactory {      public void setLocale(Locale locale) {      } -    public void setTimeout(long millisec) { +    public static void setTimeout(long millisec) {        timeout = millisec;      }  } diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index ec7d932c..73d89f22 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -40,7 +40,7 @@ SSL.sslProtocol=TLS  # ------------ END SSL Config  --------------------
  ValidateHashDataInputs=true
 -
 +AppletTimeout=300000
  #HTTPProxyHost=taranis.iaik.tugraz.at
  #HTTPProxyPort=8888
 diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml index 417dabb8..282d4db2 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/web.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml @@ -92,6 +92,6 @@      <welcome-file>default.jsp</welcome-file>    </welcome-file-list>    <session-config> -    <session-timeout>3</session-timeout> +    <session-timeout>5</session-timeout>    </session-config>  </web-app>
\ No newline at end of file | 
