diff options
Diffstat (limited to 'BKUWebStart/src/main/java/at/gv/egiz')
3 files changed, 37 insertions, 26 deletions
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 3bf74d3c..2feae267 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -22,7 +22,6 @@ import java.security.KeyStore; import java.security.Permissions;
import java.security.SecurityPermission;
import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
import java.util.PropertyPermission;
import javax.smartcardio.CardPermission;
import org.apache.commons.logging.Log;
@@ -38,7 +37,6 @@ public class Container { public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
- public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
private static Log log = LogFactory.getLog(Container.class);
static {
@@ -51,6 +49,8 @@ public class Container { }
}
private Server server;
+ private WebAppContext webapp;
+ private Certificate caCertificate;
public void init() throws IOException {
// System.setProperty("DEBUG", "true");
@@ -118,33 +118,19 @@ public class Container { server.setConnectors(new Connector[]{connector, sslConnector});
- WebAppContext webapp = new WebAppContext();
+ webapp = new WebAppContext();
webapp.setLogUrlOnStart(true);
webapp.setContextPath("/");
webapp.setExtractWAR(true);
webapp.setParentLoaderPriority(false);
- try {
- // no way to get certificate from within the servlet (SSLEngine/Jetty SSLSocketConnector/SSLContext?)
- if (log.isTraceEnabled()) {
- log.trace("local ca certificate from " + keystoreFile + " in webapp context at " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
- }
- BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
- KeyStore sslKeyStore = KeyStore.getInstance("JKS");
- sslKeyStore.load(bis, passwd.toCharArray());
- Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
- webapp.setAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE, sslChain[sslChain.length - 1]);
- bis.close();
- } catch (Exception ex) {
- log.error("Failed to load local ca certificate", ex);
- log.warn("automated web certificate installation will not be available");
- }
-
webapp.setWar(copyWebapp(webapp.getTempDirectory()));
webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
server.setHandler(webapp);
server.setGracefulShutdown(1000 * 3);
+
+ loadCACertificate(keystoreFile, passwd.toCharArray());
}
/**
@@ -234,6 +220,12 @@ public class Container { public void start() throws Exception {
server.start();
+ // webapp.getBaseResource()
+ File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt");
+ BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile));
+ bos.write(caCertificate.getEncoded());
+ bos.flush();
+ bos.close();
}
public boolean isRunning() {
@@ -251,4 +243,21 @@ public class Container { public void join() throws InterruptedException {
server.join();
}
+
+ private void loadCACertificate(File keystoreFile, char[] passwd) {
+ try {
+ if (log.isTraceEnabled()) {
+ log.trace("local ca certificate from " + keystoreFile);
+ }
+ BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
+ KeyStore sslKeyStore = KeyStore.getInstance("JKS");
+ sslKeyStore.load(bis, passwd);
+ Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
+ caCertificate = sslChain[sslChain.length - 1];
+ bis.close();
+ } catch (Exception ex) {
+ log.error("Failed to load local ca certificate", ex);
+ log.warn("automated web certificate installation will not be available");
+ }
+ }
}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java index 8cc9817f..2bf42ccb 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java @@ -9,8 +9,6 @@ import java.net.URISyntaxException; import java.util.Locale;
import java.util.ResourceBundle;
-import java.util.logging.Level;
-import java.util.logging.Logger;
import javax.jnlp.UnavailableServiceException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
@@ -28,9 +26,7 @@ import java.awt.event.ActionEvent; import java.awt.event.ActionListener;
import java.awt.event.WindowAdapter;
import java.net.BindException;
-import java.net.HttpURLConnection;
import java.net.MalformedURLException;
-import java.net.URI;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.text.MessageFormat;
@@ -175,6 +171,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { }
throw ex;
} catch (Exception ex) {
+ ex.printStackTrace();
log.fatal("Failed to launch server, " + ex.getMessage(), ex);
trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
messages.getString(ERROR_START), TrayIcon.MessageType.ERROR);
@@ -381,6 +378,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { Launcher launcher = new Launcher();
launcher.launch();
} catch (Exception ex) {
+ ex.printStackTrace();
log.debug(ex);
log.info("waiting to shutdown...");
Thread.sleep(5000);
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java index fd94958e..08a06570 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java @@ -64,9 +64,13 @@ public class TLSServerCA { caCert.addExtension(new SubjectKeyIdentifier(caKeyPair.getPublic()));
- caCert.addExtension(new BasicConstraints(true));
- caCert.addExtension(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
- | KeyUsage.digitalSignature));
+ BasicConstraints bc = new BasicConstraints(true);
+ bc.setCritical(true);
+ caCert.addExtension(bc);
+ KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
+ | KeyUsage.digitalSignature);
+ ku.setCritical(true);
+ caCert.addExtension(ku);
GregorianCalendar date = new GregorianCalendar();
date.add(Calendar.HOUR_OF_DAY, -1);
|