diff options
Diffstat (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku')
4 files changed, 46 insertions, 508 deletions
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index 37638510..30662ee0 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -225,6 +225,12 @@ public class Configurator { /** * if unknown old, update in any case * if known old and unknown min, don't update + * + * VERSION := MAJOR[-SNAPSHOT]-rREV + * MAJOR := [0-9\.]*[-BRANCH[-BRANCHVERSION]] + * + * assume dots '.' appear in major version only (not after "-SNAPSHOT") + * * @param oldVersion * @param minVersion * @return @@ -257,10 +263,10 @@ public class Configurator { // compare last digit of major boolean preRelease = true; - int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); + int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); // 1.0.10-SNAPSHOT-r438, 1.2.12-pinguin-1-SNAPSHOT-r635 if (majorEndOld < 0) { preRelease = false; - majorEndOld = oldVersion.indexOf('-'); // 1.0.10-r439 + majorEndOld = oldVersion.lastIndexOf('-'); // 1.0.10-r439, 1.2.12-pinguin-1-r635 if (majorEndOld < 0) { majorEndOld = oldVersion.length(); } @@ -270,7 +276,7 @@ public class Configurator { int majorEndMin = minVersion.indexOf("-SNAPSHOT"); if (majorEndMin < 0) { releaseRequired = true; - majorEndMin = minVersion.indexOf('-'); + majorEndMin = minVersion.lastIndexOf('-'); if (majorEndMin < 0) { majorEndMin = minVersion.length(); } diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 4d1fe658..3dcae497 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -2,7 +2,6 @@ package at.gv.egiz.bku.webstart; import iaik.utils.StreamCopier;
-import java.awt.AWTPermission;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.BufferedReader;
@@ -10,21 +9,14 @@ import java.io.File; import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
-import java.io.FilePermission;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.lang.reflect.ReflectPermission;
-import java.net.NetPermission;
-import java.net.SocketPermission;
import java.security.AllPermission;
import java.security.KeyStore;
import java.security.Permissions;
-import java.security.SecurityPermission;
import java.security.cert.Certificate;
-import java.util.PropertyPermission;
-import javax.smartcardio.CardPermission;
import org.mortbay.jetty.Connector;
import org.mortbay.jetty.Server;
import org.mortbay.jetty.nio.SelectChannelConnector;
@@ -37,7 +29,7 @@ import org.slf4j.LoggerFactory; public class Container {
public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
- public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
+ public static final String HTTPS_PORT_PROPERTY = "mocca.https.port";
private static Logger log = LoggerFactory.getLogger(Container.class);
static {
@@ -126,7 +118,7 @@ public class Container { webapp.setParentLoaderPriority(false);
webapp.setWar(copyWebapp(webapp.getTempDirectory()));
- webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
+// webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
server.setHandler(webapp);
server.setGracefulShutdown(1000 * 3);
@@ -172,50 +164,22 @@ public class Container { return webapp.getPath();
}
+ /**
+ * grant all permissions, since we need read/write access to save signature data files anywhere (JFileChooser) in the local filesystem
+ * and Jetty does not allow declare (webapp) permissions on a codeBase basis.
+ * @param webappDir
+ * @return
+ */
private Permissions getPermissions(File webappDir) {
Permissions perms = new Permissions();
perms.add(new AllPermission());
+// perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
+// perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
+// perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
+// perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
-
- if (false) {
-
- // jetty-webstart (spring?)
- perms.add(new RuntimePermission("getClassLoader"));
-
- // standard permissions
- perms.add(new PropertyPermission("*", "read,write"));
- perms.add(new RuntimePermission("accessDeclaredMembers"));
- perms.add(new RuntimePermission("accessClassInPackage.*"));
- perms.add(new RuntimePermission("defineClassInPackage.*"));
- perms.add(new RuntimePermission("setFactory"));
- perms.add(new RuntimePermission("getProtectionDomain"));
- perms.add(new RuntimePermission("modifyThread"));
- perms.add(new RuntimePermission("modifyThreadGroup"));
- perms.add(new RuntimePermission("setFactory"));
- perms.add(new ReflectPermission("suppressAccessChecks"));
-
- // MOCCA specific
- perms.add(new SocketPermission("*", "connect,resolve"));
- perms.add(new NetPermission("specifyStreamHandler"));
- perms.add(new SecurityPermission("insertProvider.*"));
- perms.add(new SecurityPermission("putProviderProperty.*"));
- perms.add(new SecurityPermission("removeProvider.*"));
- perms.add(new CardPermission("*", "*"));
- perms.add(new AWTPermission("*"));
-
- perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read"));
- perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read"));
- perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read"));
- perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
- perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
- perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
- perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
-
- //TODO
-// log.trace("granting file read/write permission to MOCCA local");
// perms.add(new FilePermission("<<ALL FILES>>", "read, write"));
- }
return perms;
}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java index ef7edef1..e1cdb657 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java @@ -11,7 +11,7 @@ import java.util.ResourceBundle; import javax.jnlp.UnavailableServiceException;
-import com.sun.javaws.security.JavaWebStartSecurity;
+//import com.sun.javaws.security.JavaWebStartSecurity;
import java.awt.AWTException;
import java.awt.Desktop;
import java.awt.Image;
@@ -88,11 +88,11 @@ public class Launcher implements BKUControllerInterface, ActionListener { URL cert = null;
URL help = null;
try {
- http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue());
- https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue());
+ http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue() + '/');
+ https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue() + '/');
pin = new URL(http, "/PINManagement");
- cert = new URL(http, "/installCertificate");
- help = new URL(http, "/help");
+ cert = new URL(http, "/ca.crt");
+ help = new URL(http, "/help/");
} catch (MalformedURLException ex) {
log.error("Failed to create URL.", ex);
} finally {
@@ -134,13 +134,15 @@ public class Launcher implements BKUControllerInterface, ActionListener { public Launcher() {
log.info("Initializing Launcher");
- if (log.isTraceEnabled()) {
- SecurityManager sm = System.getSecurityManager();
- if (sm instanceof JavaWebStartSecurity) {
- System.setSecurityManager(new LogSecurityManager((JavaWebStartSecurity) sm));
- }
- }
+
+ // SocketPerm * required (DataURL), FilePermission * write (JFileChooser) required,
+ // jetty does not allow fine-grained permission config (codeBase?)
+ // ie. we don't need a security manager
+ log.trace("disabling (JNLP) security manager");
+ System.setSecurityManager(null);
+
messages = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
+ //TODO replace with statusNotifier
trayIcon = initTrayIcon();
}
@@ -213,7 +215,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { Image image = ImageIO.read(getClass().getResourceAsStream(iconResource));
PopupMenu popup = new PopupMenu();
-
+
MenuItem helpItem = new MenuItem(messages.getString(LABEL_HELP));
helpItem.addActionListener(this);
helpItem.setActionCommand(HELP_COMMAND);
@@ -237,6 +239,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { popup.add(aboutItem);
TrayIcon ti = new TrayIcon(image, messages.getString(TOOLTIP_DEFAULT), popup);
+ ti.setImageAutoSize(true);
ti.addActionListener(this);
tray.add(ti);
return ti;
@@ -301,7 +304,11 @@ public class Launcher implements BKUControllerInterface, ActionListener { }
if (config.isCertRenewed()) {
try {
- browse(HTTP_SECURITY_LAYER_URL);
+ if ("".equals(messages.getLocale().getLanguage())) {
+ browse(HTTP_SECURITY_LAYER_URL);
+ } else {
+ browse(new URL(HTTP_SECURITY_LAYER_URL, messages.getLocale().getLanguage()));
+ }
} catch (Exception ex) {
log.error("failed to open system browser, install TLS certificate manually: " + HTTPS_SECURITY_LAYER_URL, ex);
}
@@ -364,7 +371,11 @@ public class Launcher implements BKUControllerInterface, ActionListener { } else if (HELP_COMMAND.equals(e.getActionCommand())) {
log.debug("help page requested via tray menu");
try {
- browse(HELP_URL);
+ if ("".equals(messages.getLocale().getLanguage())) {
+ browse(HELP_URL);
+ } else {
+ browse(new URL(HELP_URL, messages.getLocale().getLanguage()));
+ }
} catch (Exception ex) {
log.error("Failed to open " + HELP_URL, ex);
String msg = MessageFormat.format(messages.getString(ERROR_OPEN_URL), HELP_URL);
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java deleted file mode 100644 index d589812e..00000000 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java +++ /dev/null @@ -1,443 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.webstart; - -import com.sun.javaws.security.JavaWebStartSecurity; -import java.io.FileDescriptor; -import java.net.InetAddress; -import java.security.Permission; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * JVM argument -Djava.security.debug=access,failure - * (passed as attribute to java element in jnlp) is ignored. - * - * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> - */ -public class LogSecurityManager extends SecurityManager { - - protected static final Logger log = LoggerFactory.getLogger(LogSecurityManager.class); - JavaWebStartSecurity sm; - - public LogSecurityManager(JavaWebStartSecurity sm) { - this.sm = sm; -// AppPolicy policy = AppPolicy.getInstance(); -// SecurityManager sm = System.getSecurityManager(); - } - - @Override - public void checkAccept(String host, int port) { - try { - sm.checkAccept(host, port); - } catch (SecurityException ex) { - log.warn("checkAccept(" + host + ", " + port + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkAccess(Thread g) { - try { - sm.checkAccess(g); - } catch (SecurityException ex) { - log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkAccess(ThreadGroup g) { - try { - sm.checkAccess(g); - } catch (SecurityException ex) { - log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkAwtEventQueueAccess() { - try { - sm.checkAwtEventQueueAccess(); - } catch (SecurityException ex) { - log.warn("checkAwtEventQAccess():" + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkConnect(String host, int port) { - try { - sm.checkConnect(host, port); - } catch (SecurityException ex) { - log.warn("checkConnect(" + host + ", " + port + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkConnect(String host, int port, Object context) { - try { - sm.checkConnect(host, port, context); - } catch (SecurityException ex) { - log.warn("checkConnect(" + host + ", " + port + ", " + context + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkCreateClassLoader() { - try { - sm.checkCreateClassLoader(); - } catch (SecurityException ex) { - log.warn("checkCreateClassLoader(): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkDelete(String file) { - try { - sm.checkDelete(file); - } catch (SecurityException ex) { - log.warn("checkDelete(" + file + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkExec(String cmd) { - try { - sm.checkExec(cmd); - } catch (SecurityException ex) { - log.warn("checkExec(" + cmd + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkExit(int status) { - try { - sm.checkExit(status); - } catch (SecurityException ex) { - log.warn("checkExit(" + status + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkLink(String lib) { - try { - sm.checkLink(lib); - } catch (SecurityException ex) { - log.warn("checkLink(" + lib + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkListen(int port) { - try { - sm.checkListen(port); - } catch (SecurityException ex) { - log.warn("checkListen(" + port + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkMemberAccess(Class<?> clazz, int which) { - try { - sm.checkMemberAccess(clazz, which); - } catch (SecurityException ex) { - log.warn("checkMemberAccess(" + clazz + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkMulticast(InetAddress maddr) { - try { - sm.checkMulticast(maddr); - } catch (SecurityException ex) { - log.warn("checkMulticast(" + maddr + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @SuppressWarnings("deprecation") - @Override - public void checkMulticast(InetAddress maddr, byte ttl) { - try { - sm.checkMulticast(maddr,ttl); - } catch (SecurityException ex) { - log.warn("checkMulticast(" + maddr + "," + ttl + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPackageAccess(String pkg) { - try { - sm.checkPackageAccess(pkg); - } catch (SecurityException ex) { - log.warn("checkPackageAccess(" + pkg + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPackageDefinition(String pkg) { - try { - sm.checkPackageDefinition(pkg); - } catch (SecurityException ex) { - log.warn("checkPackageDefinition(" + pkg + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPermission(Permission perm) { - try { - sm.checkPermission(perm); - } catch (SecurityException ex) { - log.warn("checkPermission(" + perm.toString() + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPermission(Permission perm, Object context) { - try { - sm.checkPermission(perm, context); - } catch (SecurityException ex) { - log.warn("checkPermission(" + perm.toString() + ", ctx): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPrintJobAccess() { - try { - sm.checkPrintJobAccess(); - } catch (SecurityException ex) { - log.info("checkPrintJobAccess(): " + ex.getMessage(), ex); - throw ex; - } - } - - /** - * allowed - */ - @Override - public void checkPropertiesAccess() { - try { - sm.checkPropertiesAccess(); - } catch (SecurityException ex) { - log.info("checkPropertiesAccess(): " + ex.getMessage(), ex); - throw ex; - } - } - - /** - * access to all properties allowed - * @param key - */ - @Override - public void checkPropertyAccess(String key) { - try { - sm.checkPropertyAccess(key); - } catch (SecurityException ex) { - log.info("checkPropertyAccess(" + key + "): " + ex.getMessage()); - throw ex; - } - } - - @Override - public void checkRead(FileDescriptor fd) { - try { - sm.checkRead(fd); - } catch (SecurityException ex) { - log.warn("checkRead(" + fd + ") " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkRead(String file) { - try { - sm.checkRead(file); - } catch (SecurityException ex) { - log.warn("checkRead(" + file + ") " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkRead(String file, Object context) { - try { - sm.checkRead(file, context); - } catch (SecurityException ex) { - log.warn("checkRead(" + file + ") " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkSecurityAccess(String target) { - try { - sm.checkSecurityAccess(target); - } catch (SecurityException ex) { - log.info("checkSecurityAccess(" + target + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkSetFactory() { - log.info("checkSetFactory() "); - try { - sm.checkSetFactory(); - } catch (SecurityException ex) { - log.warn("checkSetFactroy(): " + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkSystemClipboardAccess() { - try { - sm.checkSystemClipboardAccess(); - } catch (SecurityException ex) { - log.info("checkSystemClipboardAccess(): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public boolean checkTopLevelWindow(Object window) { - log.info("checkTopLevelWindow(Object window)"); - try { - return sm.checkTopLevelWindow(window); - } catch (SecurityException ex) { - log.warn("checkTopLevelWindow(" + window + "): " + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkWrite(FileDescriptor fd) { - try { - sm.checkWrite(fd); - } catch (SecurityException ex) { - log.info("checkWrite(" + fd + "): " + ex.getMessage(), ex); - } - } - - @Override - public void checkWrite(String file) { - try { - sm.checkWrite(file); - } catch (SecurityException ex) { - log.info("checkWrite(" + file + "): " + ex.getMessage(), ex); - } - } - -// @Override -// protected int classDepth(String name) { -// log.info("classDepth(String name)"); return this.classDepth(name); -// } -// -// @Override -// protected int classLoaderDepth() { -// log.info("classLoaderDepth"); return sm.classLoaderDepth(); -// } -// -// @Override -// protected Object clone() throws CloneNotSupportedException { -// log.info("clone"); return sm.clone(); -// } -// -// @Override -// protected ClassLoader currentClassLoader() { -// log.info("currentClassLoader"); return sm.currentClassLoader(); -// } -// -// @Override -// protected Class<?> currentLoadedClass() { -// log.info("currentLoadedClass"); return sm.currentLoadedClass(); -// } - @Override - public boolean equals(Object obj) { - log.info("equals"); - return sm.equals(obj); - } - -// @Override -// protected void finalize() throws Throwable { -// log.info("finalize"); sm.finalize(); -// } -// @Override -// protected Class[] getClassContext() { -// log.info("getClassContext"); return sm.getClassContext(); -// } - @SuppressWarnings("deprecation") - @Override - public boolean getInCheck() { - log.info("getInCheck"); - return sm.getInCheck(); - } - - @Override - public Object getSecurityContext() { - log.info("getSecurityContext"); - return sm.getSecurityContext(); - } - - @Override - public ThreadGroup getThreadGroup() { - log.info("getThreadGroup"); - return sm.getThreadGroup(); - } - - @Override - public int hashCode() { - log.info("hashCode"); - return sm.hashCode(); - } - -// @Override -// protected boolean inClass(String name) { -// log.info("inClass"); return sm.inClass(name); -// } -// -// @Override -// protected boolean inClassLoader() { -// log.info(""); return sm.inClassLoader(); -// } - @Override - public String toString() { - log.info("toString"); - return sm.toString(); - } -} |