diff options
Diffstat (limited to 'BKUWebStart/src/main')
30 files changed, 2337 insertions, 0 deletions
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java new file mode 100644 index 00000000..37638510 --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -0,0 +1,440 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.webstart; + +import iaik.asn1.CodingException; +import iaik.utils.StreamCopier; + +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.FileReader; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.util.Enumeration; +import java.util.Iterator; +import java.util.UUID; +import java.util.jar.Attributes; +import java.util.jar.Manifest; +import java.util.zip.ZipEntry; +import java.util.zip.ZipFile; +import java.util.zip.ZipOutputStream; + +import org.apache.log4j.PropertyConfigurator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class Configurator { + + /** + * MOCCA configuration + * configurations with less than this (major) version will be backuped and updated + * allowed: MAJOR[.MINOR[.X[-SNAPSHOT]]] + */ + public static final String MIN_CONFIG_VERSION = "1.2.11-SNAPSHOT"; + public static final String CONFIG_DIR = ".mocca/conf/"; + public static final String CERTS_DIR = ".mocca/certs/"; + public static final String VERSION_FILE = ".version"; + public static final String UNKOWN_VERSION = "unknown"; + public static final String CONF_TEMPLATE_FILE = "conf-tmp.zip"; + public static final String CONF_TEMPLATE_RESOURCE = "at/gv/egiz/bku/webstart/conf/conf.zip"; + public static final String CERTIFICATES_PKG = "at/gv/egiz/bku/certs"; + + /** + * MOCCA TLS certificate + */ + public static final String KEYSTORE_FILE = "keystore.ks"; + public static final String PASSWD_FILE = ".secret"; + + private static final Logger log = LoggerFactory.getLogger(Configurator.class); + + /** currently installed configuration version */ + private String version; + private String certsVersion; + /** whether a new MOCCA TLS cert was created during initialization */ + private boolean certRenewed = false; + + /** + * Checks whether the config directory already exists and creates it otherwise. + * @param configDir the config directory to be created + * @throws IOException config/certificate creation failed + * @throws GeneralSecurityException if MOCCA TLS certificate could not be created + * @throws CodingException if MOCCA TLS certificate could not be created + */ + public void ensureConfiguration() throws IOException, CodingException, GeneralSecurityException { + File configDir = new File(System.getProperty("user.home") + '/' + CONFIG_DIR); + if (configDir.exists()) { + if (configDir.isFile()) { + log.error("invalid config directory: " + configDir); + throw new IOException("invalid config directory: " + configDir); + } else { + version = readVersion(new File(configDir, VERSION_FILE)); + if (log.isDebugEnabled()) { + log.debug("config directory " + configDir + ", version " + version); + } + if (updateRequired(version, MIN_CONFIG_VERSION)) { + File moccaDir = configDir.getParentFile(); + File zipFile = new File(moccaDir, "conf-" + version + ".zip"); + ZipOutputStream zipOS = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile))); + log.info("backup configuration to " + zipFile); + backupAndDelete(configDir, moccaDir.toURI(), zipOS); + zipOS.close(); + initConfig(configDir); + } + } + } else { + initConfig(configDir); + } + // re-configure logging + // TODO: move to appropriate place + String log4jconfig = configDir.getPath() + File.separatorChar + "log4j.properties"; + log.debug("Reconfiguring logging with " + log4jconfig); + PropertyConfigurator.configureAndWatch(log4jconfig); + } + + /** + * To be replaced by TSLs in IAIK-PKI + * @throws IOException + */ + public void ensureCertificates() throws IOException { + File certsDir = new File(System.getProperty("user.home") + '/' + CERTS_DIR); + if (certsDir.exists()) { + if (certsDir.isFile()) { + log.error("invalid certificate store directory: " + certsDir); + throw new IOException("invalid config directory: " + certsDir); + } else { + certsVersion = readVersion(new File(certsDir, VERSION_FILE)); + if (log.isDebugEnabled()) { + log.debug("certificate-store directory " + certsDir + ", version " + certsVersion); + } + String newCertsVersion = getCertificatesVersion(); + if (updateRequired(certsVersion, newCertsVersion)) { + File moccaDir = certsDir.getParentFile(); + File zipFile = new File(moccaDir, "certs-" + certsVersion + ".zip"); + ZipOutputStream zipOS = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile))); + log.info("backup certificates to " + zipFile); + backupAndDelete(certsDir, moccaDir.toURI(), zipOS); + zipOS.close(); + + createCerts(certsDir, newCertsVersion); + certsVersion = newCertsVersion; + } + } + } else { + String newCertsVersion = getCertificatesVersion(); + createCerts(certsDir, newCertsVersion); + certsVersion = newCertsVersion; + } + } + + /** + * + * @return whether a new MOCCA TLS certificate has been created during initialization + */ + public boolean isCertRenewed() { + return certRenewed; + } + + /** + * @return The first valid (not empty, no comment) line of the version file or + * "unknown" if version file cannot be read or does not contain such a line. + */ + protected static String readVersion(File versionFile) { + if (versionFile.exists() && versionFile.canRead()) { + BufferedReader versionReader = null; + try { + versionReader = new BufferedReader(new FileReader(versionFile)); + String version; + while ((version = versionReader.readLine().trim()) != null) { + if (version.length() > 0 && !version.startsWith("#")) { + log.trace("configuration version from " + versionFile + ": " + version); + return version; + } + } + } catch (IOException ex) { + log.error("failed to read configuration version from " + versionFile, ex); + } finally { + try { + versionReader.close(); + } catch (IOException ex) { + } + } + } + log.debug("unknown configuration version"); + return UNKOWN_VERSION; + } + + /** + * Temporary workaround, replace with TSLs in IAIK-PKI. + * Retrieves version from BKUCertificates.jar Manifest file. + * The (remote) resource URL will be handled by the JNLP loader, + * and the resource retrieved from the cache. + * + * @return + * @throws IOException + */ + private static String getCertificatesVersion() throws IOException { + String certsResourceVersion = null; + URL certsURL = Configurator.class.getClassLoader().getResource(CERTIFICATES_PKG); + if (certsURL != null) { + StringBuilder url = new StringBuilder(certsURL.toExternalForm()); + url = url.replace(url.length() - CERTIFICATES_PKG.length(), url.length(), "META-INF/MANIFEST.MF"); + log.trace("retrieve certificates resource version from " + url); + certsURL = new URL(url.toString()); + Manifest certsManifest = new Manifest(certsURL.openStream()); + Attributes atts = certsManifest.getMainAttributes(); + if (atts != null) { + certsResourceVersion = atts.getValue("Implementation-Version"); + log.debug("certs resource version: " + certsResourceVersion); + } + } else { + log.error("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + throw new IOException("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + } + return certsResourceVersion; + } + + /** + * if unknown old, update in any case + * if known old and unknown min, don't update + * @param oldVersion + * @param minVersion + * @return + */ + protected static boolean updateRequired(String oldVersion, String minVersion) { + log.debug("comparing " + oldVersion + " to " + minVersion); + if (oldVersion != null && !UNKOWN_VERSION.equals(oldVersion)) { + if (minVersion != null && !UNKOWN_VERSION.equals(minVersion)) { + int fromInd = 0; + int nextIndOld, nextIndMin; + int xOld, xMin; + + // assume dots '.' appear in major version only (not after "-SNAPSHOT") + while ((nextIndOld = oldVersion.indexOf('.', fromInd)) > 0) { + nextIndMin = minVersion.indexOf('.', fromInd); + if (nextIndMin < 0) { + log.debug("installed version newer than minimum required (newer minor version)"); + } + xOld = Integer.valueOf(oldVersion.substring(fromInd, nextIndOld)); + xMin = Integer.valueOf(minVersion.substring(fromInd, nextIndMin)); + if (xMin > xOld) { + log.debug("update required"); + return true; + } else if (xMin < xOld) { + log.debug("installed version newer than minimum required"); + return false; + } + fromInd = nextIndOld + 1; + } + + // compare last digit of major + boolean preRelease = true; + int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); + if (majorEndOld < 0) { + preRelease = false; + majorEndOld = oldVersion.indexOf('-'); // 1.0.10-r439 + if (majorEndOld < 0) { + majorEndOld = oldVersion.length(); + } + } + + boolean releaseRequired = false; + int majorEndMin = minVersion.indexOf("-SNAPSHOT"); + if (majorEndMin < 0) { + releaseRequired = true; + majorEndMin = minVersion.indexOf('-'); + if (majorEndMin < 0) { + majorEndMin = minVersion.length(); + } + } + + xOld = Integer.valueOf(oldVersion.substring(fromInd, majorEndOld)); + boolean hasMoreDigitsMin = true; + nextIndMin = minVersion.indexOf('.', fromInd); + if (nextIndMin < 0) { + hasMoreDigitsMin = false; + nextIndMin = majorEndMin; + } + xMin = Integer.valueOf(minVersion.substring(fromInd, nextIndMin)); + if (xMin > xOld) { + log.debug("update required"); + return true; + } else if (xMin < xOld) { + log.debug("installed version newer than minimum required"); + return false; + } else if (hasMoreDigitsMin) { // xMin == xOld + log.debug("update required (newer minor version required)"); + return true; + } else if (preRelease && releaseRequired) { + log.debug("pre-release installed but release required"); + return true; + } else { + log.debug("exact match, no updated required"); + return false; + } + } + log.debug("unknown minimum version, do not update"); + return false; + } + log.debug("no old version, update required"); + return true; + } + + protected static void backupAndDelete(File dir, URI relativeTo, ZipOutputStream zip) throws IOException { + if (dir.isDirectory()) { + File[] subDirs = dir.listFiles(); + for (File subDir : subDirs) { + backupAndDelete(subDir, relativeTo, zip); + subDir.delete(); + } + } else { + URI relativePath = relativeTo.relativize(dir.toURI()); + ZipEntry entry = new ZipEntry(relativePath.toString()); + zip.putNextEntry(entry); + BufferedInputStream entryIS = new BufferedInputStream(new FileInputStream(dir)); + new StreamCopier(entryIS, zip).copyStream(); + entryIS.close(); + zip.closeEntry(); + dir.delete(); + } + } + + /** + * set up a new MOCCA local configuration + * (not to be called directly, call ensureConfiguration()) + * @throws IOException config/certificate creation failed + * @throws GeneralSecurityException if MOCCA TLS certificate could not be created + * @throws CodingException if MOCCA TLS certificate could not be created + */ + protected void initConfig(File configDir) throws IOException, GeneralSecurityException, CodingException { + createConfig(configDir, Launcher.version); + version = Launcher.version; + createKeyStore(configDir); + certRenewed = true; + } + + private static void createConfig(File configDir, String version) throws IOException { + if (log.isDebugEnabled()) { + log.debug("creating configuration version " + Launcher.version + " in " + configDir); + } + configDir.mkdirs(); + File confTemplateFile = new File(configDir, CONF_TEMPLATE_FILE); + InputStream is = Configurator.class.getClassLoader().getResourceAsStream(CONF_TEMPLATE_RESOURCE); + OutputStream os = new BufferedOutputStream(new FileOutputStream(confTemplateFile)); + new StreamCopier(is, os).copyStream(); + os.close(); + unzip(confTemplateFile, configDir); + confTemplateFile.delete(); + writeVersionFile(new File(configDir, VERSION_FILE), version); + } + + /** + * set up a new MOCCA local certStore + * @throws IOException config/certificate creation failed + * @throws GeneralSecurityException if MOCCA TLS certificate could not be created + * @throws CodingException if MOCCA TLS certificate could not be created + */ + private static void createCerts(File certsDir, String certsVersion) throws IOException { + if (log.isDebugEnabled()) { + log.debug("creating certificate-store " + certsDir + ", version " + certsVersion); + } + URL certsURL = Configurator.class.getClassLoader().getResource(CERTIFICATES_PKG); + if (certsURL != null) { + StringBuilder url = new StringBuilder(certsURL.toExternalForm()); + url = url.replace(url.length() - CERTIFICATES_PKG.length(), url.length(), "META-INF/MANIFEST.MF"); + log.trace("retrieve certificate resource names from " + url); + certsURL = new URL(url.toString()); + Manifest certsManifest = new Manifest(certsURL.openStream()); + certsDir.mkdirs(); + Iterator<String> entries = certsManifest.getEntries().keySet().iterator(); + while (entries.hasNext()) { + String entry = entries.next(); + if (entry.startsWith(CERTIFICATES_PKG)) { + String f = entry.substring(CERTIFICATES_PKG.length()); // "/trustStore/..." + new File(certsDir, f.substring(0, f.lastIndexOf('/'))).mkdirs(); + BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(new File(certsDir, f))); + log.debug(f); + new StreamCopier(Configurator.class.getClassLoader().getResourceAsStream(entry), bos).copyStream(); + bos.close(); + } else { + log.trace("ignore " + entry); + } + } + writeVersionFile(new File(certsDir, VERSION_FILE), certsVersion); + } else { + log.error("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + throw new IOException("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + } + } + + private static void unzip(File zipfile, File toDir) throws IOException { + ZipFile zipFile = new ZipFile(zipfile); + Enumeration<? extends ZipEntry> entries = zipFile.entries(); + while (entries.hasMoreElements()) { + ZipEntry entry = entries.nextElement(); + File eF = new File(toDir, entry.getName()); + if (entry.isDirectory()) { + eF.mkdirs(); + continue; + } + File f = new File(eF.getParent()); + f.mkdirs(); + new StreamCopier(zipFile.getInputStream(entry), + new FileOutputStream(eF)).copyStream(); + } + zipFile.close(); + } + + private static void writeVersionFile(File versionFile, String version) throws IOException { + BufferedWriter versionWriter = new BufferedWriter(new FileWriter(versionFile)); + versionWriter.write("# MOCCA Web Start configuration version\n"); + versionWriter.write("# DO NOT MODIFY THIS FILE\n\n"); + versionWriter.write(version); + versionWriter.close(); + } + + private static void createKeyStore(File configDir) throws IOException, GeneralSecurityException, CodingException { + char[] password = UUID.randomUUID().toString().toCharArray(); + File passwdFile = new File(configDir, PASSWD_FILE); + FileWriter passwdWriter = new FileWriter(passwdFile); + passwdWriter.write(password); + passwdWriter.close(); + if (!passwdFile.setReadable(false, false) || !passwdFile.setReadable(true, true)) { + log.error("failed to make " + passwdFile + " owner readable only (certain file-systems do not support owner's permissions)"); + } + TLSServerCA ca = new TLSServerCA(); + KeyStore ks = ca.generateKeyStore(password); + File ksFile = new File(configDir, KEYSTORE_FILE); + FileOutputStream fos = new FileOutputStream(ksFile); + ks.store(fos, password); + fos.close(); + } +} diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java new file mode 100644 index 00000000..4d1fe658 --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -0,0 +1,264 @@ +package at.gv.egiz.bku.webstart;
+
+import iaik.utils.StreamCopier;
+
+import java.awt.AWTPermission;
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.FilePermission;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.lang.reflect.ReflectPermission;
+import java.net.NetPermission;
+import java.net.SocketPermission;
+import java.security.AllPermission;
+import java.security.KeyStore;
+import java.security.Permissions;
+import java.security.SecurityPermission;
+import java.security.cert.Certificate;
+import java.util.PropertyPermission;
+import javax.smartcardio.CardPermission;
+import org.mortbay.jetty.Connector;
+import org.mortbay.jetty.Server;
+import org.mortbay.jetty.nio.SelectChannelConnector;
+import org.mortbay.jetty.security.SslSocketConnector;
+import org.mortbay.jetty.webapp.WebAppContext;
+import org.mortbay.thread.QueuedThreadPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class Container {
+
+ public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
+ public static final String HTTPS_PORT_PROPERTY = "mocca.http.port";
+ private static Logger log = LoggerFactory.getLogger(Container.class);
+
+ static {
+ if (log.isDebugEnabled()) {
+ //Jetty log INFO and WARN, include ignored exceptions
+ //jetty logging may be further restricted by setting level in log4j.properties
+ System.setProperty("VERBOSE", "true");
+ //do not set Jetty DEBUG logging, produces loads of output
+ //System.setProperty("DEBUG", "true");
+ }
+ }
+ private Server server;
+ private WebAppContext webapp;
+ private Certificate caCertificate;
+
+ public void init() throws IOException {
+// System.setProperty("DEBUG", "true");
+ server = new Server();
+ QueuedThreadPool qtp = new QueuedThreadPool();
+ qtp.setMaxThreads(5);
+ qtp.setMinThreads(2);
+ qtp.setLowThreads(0);
+ server.setThreadPool(qtp);
+ server.setStopAtShutdown(true);
+ server.setGracefulShutdown(3000);
+
+ SelectChannelConnector connector = new SelectChannelConnector();
+ connector.setPort(Integer.getInteger(HTTP_PORT_PROPERTY, 3495).intValue());
+ connector.setAcceptors(1);
+ connector.setConfidentialPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue());
+ connector.setHost("127.0.0.1");
+
+ SslSocketConnector sslConnector = new SslSocketConnector();
+ sslConnector.setPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue());
+ sslConnector.setAcceptors(1);
+ sslConnector.setHost("127.0.0.1");
+ File configDir = new File(System.getProperty("user.home") + "/" + Configurator.CONFIG_DIR);
+ File keystoreFile = new File(configDir, Configurator.KEYSTORE_FILE);
+ if (!keystoreFile.canRead()) {
+ log.error("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath());
+ throw new FileNotFoundException("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath());
+ }
+ log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath());
+ sslConnector.setKeystore(keystoreFile.getAbsolutePath());
+ String passwd = readPassword(new File(configDir, Configurator.PASSWD_FILE));
+ sslConnector.setPassword(passwd);
+ sslConnector.setKeyPassword(passwd);
+
+ //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey
+ String[] RFC4492CipherSuites = new String[]{
+ "TLS_ECDH_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
+ "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_NULL_SHA",
+ "TLS_ECDH_RSA_WITH_RC4_128_SHA",
+ "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_NULL_SHA",
+ "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
+ "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+ "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+ "TLS_ECDH_anon_WITH_NULL_SHA",
+ "TLS_ECDH_anon_WITH_RC4_128_SHA",
+ "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
+ "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
+ };
+
+ sslConnector.setExcludeCipherSuites(RFC4492CipherSuites);
+
+ server.setConnectors(new Connector[]{connector, sslConnector});
+
+ webapp = new WebAppContext();
+ webapp.setLogUrlOnStart(true);
+ webapp.setContextPath("/");
+ webapp.setExtractWAR(true);
+ webapp.setParentLoaderPriority(false);
+
+ webapp.setWar(copyWebapp(webapp.getTempDirectory()));
+ webapp.setPermissions(getPermissions(webapp.getTempDirectory()));
+
+ server.setHandler(webapp);
+ server.setGracefulShutdown(1000 * 3);
+
+ loadCACertificate(keystoreFile, passwd.toCharArray());
+ }
+
+ /**
+ * @return The first valid (not empty, no comment) line of the passwd file
+ * @throws IOException
+ */
+ protected static String readPassword(File passwdFile) throws IOException {
+ if (passwdFile.exists() && passwdFile.canRead()) {
+ BufferedReader passwdReader = null;
+ try {
+ passwdReader = new BufferedReader(new FileReader(passwdFile));
+ String passwd;
+ while ((passwd = passwdReader.readLine().trim()) != null) {
+ if (passwd.length() > 0 && !passwd.startsWith("#")) {
+ return passwd;
+ }
+ }
+ } catch (IOException ex) {
+ log.error("failed to read password from " + passwdFile, ex);
+ throw ex;
+ } finally {
+ try {
+ passwdReader.close();
+ } catch (IOException ex) {
+ }
+ }
+ }
+ throw new IOException(passwdFile + " not readable");
+ }
+
+ private String copyWebapp(File webappDir) throws IOException {
+ File webapp = new File(webappDir, "BKULocal.war");
+ log.debug("copying BKULocal classpath resource to " + webapp);
+ InputStream is = getClass().getClassLoader().getResourceAsStream("BKULocal.war");
+ OutputStream os = new BufferedOutputStream(new FileOutputStream(webapp));
+ new StreamCopier(is, os).copyStream();
+ os.close();
+ return webapp.getPath();
+ }
+
+ private Permissions getPermissions(File webappDir) {
+ Permissions perms = new Permissions();
+ perms.add(new AllPermission());
+
+
+ if (false) {
+
+ // jetty-webstart (spring?)
+ perms.add(new RuntimePermission("getClassLoader"));
+
+ // standard permissions
+ perms.add(new PropertyPermission("*", "read,write"));
+ perms.add(new RuntimePermission("accessDeclaredMembers"));
+ perms.add(new RuntimePermission("accessClassInPackage.*"));
+ perms.add(new RuntimePermission("defineClassInPackage.*"));
+ perms.add(new RuntimePermission("setFactory"));
+ perms.add(new RuntimePermission("getProtectionDomain"));
+ perms.add(new RuntimePermission("modifyThread"));
+ perms.add(new RuntimePermission("modifyThreadGroup"));
+ perms.add(new RuntimePermission("setFactory"));
+ perms.add(new ReflectPermission("suppressAccessChecks"));
+
+ // MOCCA specific
+ perms.add(new SocketPermission("*", "connect,resolve"));
+ perms.add(new NetPermission("specifyStreamHandler"));
+ perms.add(new SecurityPermission("insertProvider.*"));
+ perms.add(new SecurityPermission("putProviderProperty.*"));
+ perms.add(new SecurityPermission("removeProvider.*"));
+ perms.add(new CardPermission("*", "*"));
+ perms.add(new AWTPermission("*"));
+
+ perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read"));
+ perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read"));
+ perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read"));
+ perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
+ perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
+ perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
+ perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
+
+ //TODO
+// log.trace("granting file read/write permission to MOCCA local");
+// perms.add(new FilePermission("<<ALL FILES>>", "read, write"));
+
+ }
+ return perms;
+ }
+
+ public void start() throws Exception {
+ server.start();
+ // webapp.getBaseResource()
+ File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt");
+ BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile));
+ bos.write(caCertificate.getEncoded());
+ bos.flush();
+ bos.close();
+ }
+
+ public boolean isRunning() {
+ return server.isRunning();
+ }
+
+ public void stop() throws Exception {
+ server.stop();
+ }
+
+ public void destroy() {
+ server.destroy();
+ }
+
+ public void join() throws InterruptedException {
+ server.join();
+ }
+
+ private void loadCACertificate(File keystoreFile, char[] passwd) {
+ try {
+ if (log.isTraceEnabled()) {
+ log.trace("local ca certificate from " + keystoreFile);
+ }
+ BufferedInputStream bis = new BufferedInputStream(new FileInputStream(keystoreFile));
+ KeyStore sslKeyStore = KeyStore.getInstance("JKS");
+ sslKeyStore.load(bis, passwd);
+ Certificate[] sslChain = sslKeyStore.getCertificateChain(TLSServerCA.MOCCA_TLS_SERVER_ALIAS);
+ caCertificate = sslChain[sslChain.length - 1];
+ bis.close();
+ } catch (Exception ex) {
+ log.error("Failed to load local ca certificate", ex);
+ log.warn("automated web certificate installation will not be available");
+ }
+ }
+}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java new file mode 100644 index 00000000..ef7edef1 --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java @@ -0,0 +1,391 @@ +package at.gv.egiz.bku.webstart;
+
+import at.gv.egiz.bku.webstart.gui.AboutDialog;
+import at.gv.egiz.bku.webstart.gui.BKUControllerInterface;
+import at.gv.egiz.bku.webstart.gui.PINManagementInvoker;
+import iaik.asn1.CodingException;
+import java.io.IOException;
+import java.net.URISyntaxException;
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+import javax.jnlp.UnavailableServiceException;
+
+import com.sun.javaws.security.JavaWebStartSecurity;
+import java.awt.AWTException;
+import java.awt.Desktop;
+import java.awt.Image;
+import java.awt.MenuItem;
+import java.awt.PopupMenu;
+import java.awt.SplashScreen;
+import java.awt.SystemTray;
+import java.awt.TrayIcon;
+import java.awt.event.ActionEvent;
+import java.awt.event.ActionListener;
+import java.awt.event.WindowAdapter;
+import java.net.BindException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.text.MessageFormat;
+import java.util.jar.Attributes;
+import java.util.jar.Manifest;
+import javax.imageio.ImageIO;
+import javax.jnlp.BasicService;
+import javax.jnlp.ServiceManager;
+import javax.swing.JFrame;
+import org.mortbay.util.MultiException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class Launcher implements BKUControllerInterface, ActionListener {
+ public static final String HELP_COMMAND = "help";
+
+ public static final String WEBAPP_RESOURCE = "BKULocal.war";
+ public static final String CERTIFICATES_RESOURCE = "BKUCertificates.jar";
+ public static final String WEBAPP_FILE = "BKULocal.war";
+ /** no leading slash for messages, but for image */
+ public static final String MESSAGES_RESOURCE = "at/gv/egiz/bku/webstart/messages";
+ public static final String TRAYICON_RESOURCE = "/at/gv/egiz/bku/webstart/chip";
+ /** resource bundle messages */
+ public static final String CAPTION_DEFAULT = "tray.caption.default";
+ public static final String CAPTION_ERROR = "tray.caption.error";
+ public static final String MESSAGE_START = "tray.message.start";
+ public static final String MESSAGE_START_OFFLINE = "tray.message.start.offline";
+ public static final String MESSAGE_CONFIG = "tray.message.config";
+ public static final String MESSAGE_CERTS = "tray.message.certs";
+ public static final String MESSAGE_FINISHED = "tray.message.finished";
+ public static final String MESSAGE_SHUTDOWN = "tray.message.shutdown";
+ public static final String ERROR_START = "tray.error.start";
+ public static final String ERROR_CONFIG = "tray.error.config";
+ public static final String ERROR_BIND = "tray.error.bind";
+ public static final String ERROR_PIN = "tray.error.pin.connect";
+ public static final String ERROR_OPEN_URL = "tray.error.open.url";
+ public static final String LABEL_SHUTDOWN = "tray.label.shutdown";
+ public static final String LABEL_PIN = "tray.label.pin";
+ public static final String LABEL_HELP = "tray.label.help";
+ public static final String LABEL_ABOUT = "tray.label.about";
+ public static final String TOOLTIP_DEFAULT = "tray.tooltip.default";
+
+ /** action commands for tray menu */
+ public static final String SHUTDOWN_COMMAND = "shutdown";
+ public static final String PIN_COMMAND = "pin";
+ public static final String ABOUT_COMMAND = "about";
+
+ private static Logger log = LoggerFactory.getLogger(Launcher.class);
+
+
+ /** local bku uri */
+ public static final URL HTTP_SECURITY_LAYER_URL;
+ public static final URL HTTPS_SECURITY_LAYER_URL;
+ public static final URL INSTALL_CERT_URL;
+ public static final URL PIN_MANAGEMENT_URL;
+ public static final URL HELP_URL;
+ static {
+ URL http = null;
+ URL https = null;
+ URL pin = null;
+ URL cert = null;
+ URL help = null;
+ try {
+ http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue());
+ https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue());
+ pin = new URL(http, "/PINManagement");
+ cert = new URL(http, "/installCertificate");
+ help = new URL(http, "/help");
+ } catch (MalformedURLException ex) {
+ log.error("Failed to create URL.", ex);
+ } finally {
+ HTTP_SECURITY_LAYER_URL = http;
+ HTTPS_SECURITY_LAYER_URL = https;
+ PIN_MANAGEMENT_URL = pin;
+ INSTALL_CERT_URL = cert;
+ HELP_URL = help;
+ }
+ }
+ public static final String version;
+ static {
+ String tmp = Configurator.UNKOWN_VERSION;
+ try {
+ String bkuWebStartJar = Launcher.class.getProtectionDomain().getCodeSource().getLocation().toString();
+ URL manifestURL = new URL("jar:" + bkuWebStartJar + "!/META-INF/MANIFEST.MF");
+ if (log.isTraceEnabled()) {
+ log.trace("read version information from " + manifestURL);
+ }
+ Manifest manifest = new Manifest(manifestURL.openStream());
+ Attributes atts = manifest.getMainAttributes();
+ if (atts != null) {
+ tmp = atts.getValue("Implementation-Build");
+ }
+ } catch (IOException ex) {
+ log.error("failed to read version", ex);
+ } finally {
+ version = tmp;
+ log.info("BKU Web Start " + version);
+ }
+ }
+ private Configurator config;
+ private Container server;
+ private BasicService basicService;
+ private TrayIcon trayIcon;
+ private ResourceBundle messages;
+ private AboutDialog aboutDialog;
+
+
+ public Launcher() {
+ log.info("Initializing Launcher");
+ if (log.isTraceEnabled()) {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm instanceof JavaWebStartSecurity) {
+ System.setSecurityManager(new LogSecurityManager((JavaWebStartSecurity) sm));
+ }
+ }
+ messages = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault());
+ trayIcon = initTrayIcon();
+ }
+
+ public void launch() throws Exception {
+ initStart();
+ try {
+ initConfig();
+ } catch (Exception ex) {
+ log.error("Failed to initialize configuration", ex);
+ trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
+ messages.getString(ERROR_CONFIG), TrayIcon.MessageType.ERROR);
+ throw ex;
+ }
+ try {
+ startServer();
+ initFinished();
+ } catch (BindException ex) {
+ log.error("Failed to launch server, " + ex.getMessage(), ex);
+ trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
+ messages.getString(ERROR_BIND), TrayIcon.MessageType.ERROR);
+ throw ex;
+ } catch (MultiException ex) {
+ log.error("Failed to launch server, " + ex.getMessage(), ex);
+ if (ex.getThrowable(0) instanceof BindException) {
+ trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
+ messages.getString(ERROR_BIND), TrayIcon.MessageType.ERROR);
+ } else {
+ trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
+ messages.getString(ERROR_START), TrayIcon.MessageType.ERROR);
+ }
+ throw ex;
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ log.error("Failed to launch server, " + ex.getMessage(), ex);
+ trayIcon.displayMessage(messages.getString(CAPTION_ERROR),
+ messages.getString(ERROR_START), TrayIcon.MessageType.ERROR);
+ throw ex;
+ }
+ }
+
+ private void browse(URL url) throws IOException, URISyntaxException {
+ // don't use basicService.showDocument(), which causes a java ssl warning dialog
+ if (Desktop.isDesktopSupported()) {
+ Desktop desktop = Desktop.getDesktop();
+ if (desktop.isSupported(Desktop.Action.BROWSE)) {
+ desktop.browse(url.toURI());
+ return;
+ }
+ }
+ throw new IOException("current platform does not support Java Desktop API");
+ }
+
+ private TrayIcon initTrayIcon() {
+ if (SystemTray.isSupported()) {
+ try {
+ // get the SystemTray instance
+ SystemTray tray = SystemTray.getSystemTray();
+ log.debug("TrayIcon size: " + tray.getTrayIconSize());
+
+ String iconResource;
+ if (tray.getTrayIconSize().height < 17) {
+ iconResource = TRAYICON_RESOURCE + "16.png";
+ } else if (tray.getTrayIconSize().height < 25) {
+ iconResource = TRAYICON_RESOURCE + "24.png";
+ } else if (tray.getTrayIconSize().height < 33) {
+ iconResource = TRAYICON_RESOURCE + "32.png";
+ } else {
+ iconResource = TRAYICON_RESOURCE + "48.png";
+ }
+ Image image = ImageIO.read(getClass().getResourceAsStream(iconResource));
+
+ PopupMenu popup = new PopupMenu();
+
+ MenuItem helpItem = new MenuItem(messages.getString(LABEL_HELP));
+ helpItem.addActionListener(this);
+ helpItem.setActionCommand(HELP_COMMAND);
+ popup.add(helpItem);
+
+ MenuItem pinItem = new MenuItem(messages.getString(LABEL_PIN));
+ pinItem.addActionListener(this);
+ pinItem.setActionCommand(PIN_COMMAND);
+ popup.add(pinItem);
+
+ MenuItem shutdownItem = new MenuItem(messages.getString(LABEL_SHUTDOWN));
+ shutdownItem.addActionListener(this);
+ shutdownItem.setActionCommand(SHUTDOWN_COMMAND);
+ popup.add(shutdownItem);
+
+ popup.addSeparator();
+
+ MenuItem aboutItem = new MenuItem(messages.getString(LABEL_ABOUT));
+ aboutItem.setActionCommand(ABOUT_COMMAND);
+ aboutItem.addActionListener(this);
+ popup.add(aboutItem);
+
+ TrayIcon ti = new TrayIcon(image, messages.getString(TOOLTIP_DEFAULT), popup);
+ ti.addActionListener(this);
+ tray.add(ti);
+ return ti;
+ } catch (AWTException ex) {
+ log.error("Failed to init tray icon", ex);
+ } catch (IOException ex) {
+ log.error("Failed to load tray icon image", ex);
+ }
+ } else {
+ log.error("No system tray support");
+ }
+ return null;
+ }
+
+ private void initStart() {
+ try {
+ trayIcon.displayMessage(messages.getString(CAPTION_DEFAULT),
+ messages.getString(MESSAGE_START), TrayIcon.MessageType.INFO);
+ basicService = (BasicService) ServiceManager.lookup("javax.jnlp.BasicService");
+ if (basicService.isOffline()) {
+ log.info("launching MOCCA Web Start offline");
+ trayIcon.displayMessage(messages.getString(CAPTION_DEFAULT),
+ messages.getString(MESSAGE_START_OFFLINE), TrayIcon.MessageType.INFO);
+ } else {
+ log.info("launching MOCCA Web Start online");
+ }
+ } catch (UnavailableServiceException ex) {
+ log.info("Failed to obtain JNLP service: " + ex.getMessage());
+ }
+ }
+
+ private void initConfig() throws IOException, CodingException, GeneralSecurityException {
+ trayIcon.displayMessage(messages.getString(CAPTION_DEFAULT),
+ messages.getString(MESSAGE_CONFIG), TrayIcon.MessageType.INFO);
+ config = new Configurator();
+ config.ensureConfiguration();
+ trayIcon.displayMessage(messages.getString(CAPTION_DEFAULT),
+ messages.getString(MESSAGE_CERTS), TrayIcon.MessageType.INFO);
+ config.ensureCertificates();
+ }
+
+ private void startServer() throws Exception {
+ log.info("init servlet container and MOCCA webapp");
+// trayIcon.displayMessage(messages.getString(CAPTION_DEFAULT),
+// messages.getString(MESSAGE_START), TrayIcon.MessageType.INFO);
+ server = new Container();
+ server.init();
+ server.start();
+ }
+
+ private void initFinished() {
+ try {
+ trayIcon.displayMessage(messages.getString(CAPTION_DEFAULT),
+ messages.getString(MESSAGE_FINISHED), TrayIcon.MessageType.INFO);
+ // standalone (non-webstart) version has splashscreen
+ if (SplashScreen.getSplashScreen() != null) {
+ try {
+ SplashScreen.getSplashScreen().close();
+ } catch (IllegalStateException ex) {
+ log.warn("Failed to close splash screen: " + ex.getMessage());
+ }
+ }
+ if (config.isCertRenewed()) {
+ try {
+ browse(HTTP_SECURITY_LAYER_URL);
+ } catch (Exception ex) {
+ log.error("failed to open system browser, install TLS certificate manually: " + HTTPS_SECURITY_LAYER_URL, ex);
+ }
+ }
+ log.info("BKU successfully started");
+ server.join();
+ } catch (InterruptedException e) {
+ log.warn("failed to join server: " + e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public void shutDown() {
+ log.info("Shutting down server");
+ trayIcon.displayMessage(messages.getString(CAPTION_DEFAULT),
+ messages.getString(MESSAGE_SHUTDOWN), TrayIcon.MessageType.INFO);
+ if ((server != null) && (server.isRunning())) {
+ try {
+ if (server.isRunning()) {
+ server.stop();
+ }
+ } catch (Exception e) {
+ log.debug(e.toString());
+ } finally {
+ if (server.isRunning()) {
+ server.destroy();
+ }
+ }
+ }
+ System.exit(0);
+ }
+
+ /**
+ * Listen for TrayMenu actions (display error messages on trayIcon)
+ * @param e
+ */
+ @Override
+ public void actionPerformed(ActionEvent e) {
+ if (SHUTDOWN_COMMAND.equals(e.getActionCommand())) {
+ log.debug("shutdown requested via tray menu");
+ this.shutDown();
+ } else if (ABOUT_COMMAND.equals(e.getActionCommand())) {
+ log.debug("about dialog requested via tray menu");
+ if (aboutDialog == null) {
+ aboutDialog = new AboutDialog(new JFrame(), true, version);
+ aboutDialog.addWindowListener(new WindowAdapter() {
+
+ @Override
+ public void windowClosing(java.awt.event.WindowEvent e) {
+ aboutDialog.setVisible(false);
+ }
+ });
+ }
+ aboutDialog.setLocationByPlatform(true);
+ aboutDialog.setVisible(true);
+ } else if (PIN_COMMAND.equals(e.getActionCommand())) {
+ log.debug("pin management dialog requested via tray menu");
+
+ new Thread(new PINManagementInvoker(trayIcon, messages)).start();
+ } else if (HELP_COMMAND.equals(e.getActionCommand())) {
+ log.debug("help page requested via tray menu");
+ try {
+ browse(HELP_URL);
+ } catch (Exception ex) {
+ log.error("Failed to open " + HELP_URL, ex);
+ String msg = MessageFormat.format(messages.getString(ERROR_OPEN_URL), HELP_URL);
+ trayIcon.displayMessage(messages.getString(CAPTION_ERROR), msg, TrayIcon.MessageType.ERROR);
+ }
+ } else {
+ log.error("unknown tray menu command: " + e.getActionCommand());
+ }
+ }
+
+ public static void main(String[] args) throws InterruptedException, IOException {
+ try {
+ Launcher launcher = new Launcher();
+ launcher.launch();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ log.debug("Caught exception " + ex.getMessage(), ex);
+ log.info("waiting to shutdown...");
+ Thread.sleep(5000);
+ log.info("exit");
+ System.exit(-1000);
+ }
+ }
+}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java new file mode 100644 index 00000000..d589812e --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java @@ -0,0 +1,443 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.webstart; + +import com.sun.javaws.security.JavaWebStartSecurity; +import java.io.FileDescriptor; +import java.net.InetAddress; +import java.security.Permission; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * JVM argument -Djava.security.debug=access,failure + * (passed as attribute to java element in jnlp) is ignored. + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class LogSecurityManager extends SecurityManager { + + protected static final Logger log = LoggerFactory.getLogger(LogSecurityManager.class); + JavaWebStartSecurity sm; + + public LogSecurityManager(JavaWebStartSecurity sm) { + this.sm = sm; +// AppPolicy policy = AppPolicy.getInstance(); +// SecurityManager sm = System.getSecurityManager(); + } + + @Override + public void checkAccept(String host, int port) { + try { + sm.checkAccept(host, port); + } catch (SecurityException ex) { + log.warn("checkAccept(" + host + ", " + port + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkAccess(Thread g) { + try { + sm.checkAccess(g); + } catch (SecurityException ex) { + log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkAccess(ThreadGroup g) { + try { + sm.checkAccess(g); + } catch (SecurityException ex) { + log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex); + throw ex; + } + + } + + @Override + public void checkAwtEventQueueAccess() { + try { + sm.checkAwtEventQueueAccess(); + } catch (SecurityException ex) { + log.warn("checkAwtEventQAccess():" + ex.getMessage(), ex); + throw ex; + } + + } + + @Override + public void checkConnect(String host, int port) { + try { + sm.checkConnect(host, port); + } catch (SecurityException ex) { + log.warn("checkConnect(" + host + ", " + port + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkConnect(String host, int port, Object context) { + try { + sm.checkConnect(host, port, context); + } catch (SecurityException ex) { + log.warn("checkConnect(" + host + ", " + port + ", " + context + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkCreateClassLoader() { + try { + sm.checkCreateClassLoader(); + } catch (SecurityException ex) { + log.warn("checkCreateClassLoader(): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkDelete(String file) { + try { + sm.checkDelete(file); + } catch (SecurityException ex) { + log.warn("checkDelete(" + file + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkExec(String cmd) { + try { + sm.checkExec(cmd); + } catch (SecurityException ex) { + log.warn("checkExec(" + cmd + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkExit(int status) { + try { + sm.checkExit(status); + } catch (SecurityException ex) { + log.warn("checkExit(" + status + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkLink(String lib) { + try { + sm.checkLink(lib); + } catch (SecurityException ex) { + log.warn("checkLink(" + lib + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkListen(int port) { + try { + sm.checkListen(port); + } catch (SecurityException ex) { + log.warn("checkListen(" + port + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkMemberAccess(Class<?> clazz, int which) { + try { + sm.checkMemberAccess(clazz, which); + } catch (SecurityException ex) { + log.warn("checkMemberAccess(" + clazz + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkMulticast(InetAddress maddr) { + try { + sm.checkMulticast(maddr); + } catch (SecurityException ex) { + log.warn("checkMulticast(" + maddr + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @SuppressWarnings("deprecation") + @Override + public void checkMulticast(InetAddress maddr, byte ttl) { + try { + sm.checkMulticast(maddr,ttl); + } catch (SecurityException ex) { + log.warn("checkMulticast(" + maddr + "," + ttl + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkPackageAccess(String pkg) { + try { + sm.checkPackageAccess(pkg); + } catch (SecurityException ex) { + log.warn("checkPackageAccess(" + pkg + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkPackageDefinition(String pkg) { + try { + sm.checkPackageDefinition(pkg); + } catch (SecurityException ex) { + log.warn("checkPackageDefinition(" + pkg + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkPermission(Permission perm) { + try { + sm.checkPermission(perm); + } catch (SecurityException ex) { + log.warn("checkPermission(" + perm.toString() + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkPermission(Permission perm, Object context) { + try { + sm.checkPermission(perm, context); + } catch (SecurityException ex) { + log.warn("checkPermission(" + perm.toString() + ", ctx): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkPrintJobAccess() { + try { + sm.checkPrintJobAccess(); + } catch (SecurityException ex) { + log.info("checkPrintJobAccess(): " + ex.getMessage(), ex); + throw ex; + } + } + + /** + * allowed + */ + @Override + public void checkPropertiesAccess() { + try { + sm.checkPropertiesAccess(); + } catch (SecurityException ex) { + log.info("checkPropertiesAccess(): " + ex.getMessage(), ex); + throw ex; + } + } + + /** + * access to all properties allowed + * @param key + */ + @Override + public void checkPropertyAccess(String key) { + try { + sm.checkPropertyAccess(key); + } catch (SecurityException ex) { + log.info("checkPropertyAccess(" + key + "): " + ex.getMessage()); + throw ex; + } + } + + @Override + public void checkRead(FileDescriptor fd) { + try { + sm.checkRead(fd); + } catch (SecurityException ex) { + log.warn("checkRead(" + fd + ") " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkRead(String file) { + try { + sm.checkRead(file); + } catch (SecurityException ex) { + log.warn("checkRead(" + file + ") " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkRead(String file, Object context) { + try { + sm.checkRead(file, context); + } catch (SecurityException ex) { + log.warn("checkRead(" + file + ") " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkSecurityAccess(String target) { + try { + sm.checkSecurityAccess(target); + } catch (SecurityException ex) { + log.info("checkSecurityAccess(" + target + "): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public void checkSetFactory() { + log.info("checkSetFactory() "); + try { + sm.checkSetFactory(); + } catch (SecurityException ex) { + log.warn("checkSetFactroy(): " + ex.getMessage(), ex); + throw ex; + } + + } + + @Override + public void checkSystemClipboardAccess() { + try { + sm.checkSystemClipboardAccess(); + } catch (SecurityException ex) { + log.info("checkSystemClipboardAccess(): " + ex.getMessage(), ex); + throw ex; + } + } + + @Override + public boolean checkTopLevelWindow(Object window) { + log.info("checkTopLevelWindow(Object window)"); + try { + return sm.checkTopLevelWindow(window); + } catch (SecurityException ex) { + log.warn("checkTopLevelWindow(" + window + "): " + ex.getMessage(), ex); + throw ex; + } + + } + + @Override + public void checkWrite(FileDescriptor fd) { + try { + sm.checkWrite(fd); + } catch (SecurityException ex) { + log.info("checkWrite(" + fd + "): " + ex.getMessage(), ex); + } + } + + @Override + public void checkWrite(String file) { + try { + sm.checkWrite(file); + } catch (SecurityException ex) { + log.info("checkWrite(" + file + "): " + ex.getMessage(), ex); + } + } + +// @Override +// protected int classDepth(String name) { +// log.info("classDepth(String name)"); return this.classDepth(name); +// } +// +// @Override +// protected int classLoaderDepth() { +// log.info("classLoaderDepth"); return sm.classLoaderDepth(); +// } +// +// @Override +// protected Object clone() throws CloneNotSupportedException { +// log.info("clone"); return sm.clone(); +// } +// +// @Override +// protected ClassLoader currentClassLoader() { +// log.info("currentClassLoader"); return sm.currentClassLoader(); +// } +// +// @Override +// protected Class<?> currentLoadedClass() { +// log.info("currentLoadedClass"); return sm.currentLoadedClass(); +// } + @Override + public boolean equals(Object obj) { + log.info("equals"); + return sm.equals(obj); + } + +// @Override +// protected void finalize() throws Throwable { +// log.info("finalize"); sm.finalize(); +// } +// @Override +// protected Class[] getClassContext() { +// log.info("getClassContext"); return sm.getClassContext(); +// } + @SuppressWarnings("deprecation") + @Override + public boolean getInCheck() { + log.info("getInCheck"); + return sm.getInCheck(); + } + + @Override + public Object getSecurityContext() { + log.info("getSecurityContext"); + return sm.getSecurityContext(); + } + + @Override + public ThreadGroup getThreadGroup() { + log.info("getThreadGroup"); + return sm.getThreadGroup(); + } + + @Override + public int hashCode() { + log.info("hashCode"); + return sm.hashCode(); + } + +// @Override +// protected boolean inClass(String name) { +// log.info("inClass"); return sm.inClass(name); +// } +// +// @Override +// protected boolean inClassLoader() { +// log.info(""); return sm.inClassLoader(); +// } + @Override + public String toString() { + log.info("toString"); + return sm.toString(); + } +} diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java new file mode 100644 index 00000000..745042f8 --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/TLSServerCA.java @@ -0,0 +1,142 @@ +package at.gv.egiz.bku.webstart;
+
+import iaik.asn1.CodingException;
+import iaik.asn1.ObjectID;
+import iaik.asn1.structures.AlgorithmID;
+import iaik.asn1.structures.GeneralName;
+import iaik.asn1.structures.GeneralNames;
+import iaik.asn1.structures.Name;
+import iaik.x509.X509Certificate;
+import iaik.x509.extensions.AuthorityKeyIdentifier;
+import iaik.x509.extensions.BasicConstraints;
+import iaik.x509.extensions.ExtendedKeyUsage;
+import iaik.x509.extensions.KeyUsage;
+
+import iaik.x509.extensions.SubjectAltName;
+import iaik.x509.extensions.SubjectKeyIdentifier;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.util.Calendar;
+import java.util.GregorianCalendar;
+import java.util.Random;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+public class TLSServerCA {
+ public static final int CA_VALIDITY_Y = 3;
+ public static final String MOCCA_TLS_SERVER_ALIAS = "server";
+ public static final int SERVER_VALIDITY_Y = 3;
+ private final static Logger log = LoggerFactory.getLogger(TLSServerCA.class);
+
+ private KeyPair caKeyPair;
+ private X509Certificate caCert;
+
+ private KeyPair serverKeyPair;
+ private X509Certificate serverCert;
+
+ private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
+ KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA");
+ gen.initialize(2048);
+ return gen.generateKeyPair();
+ }
+
+ private void generateCACert() throws GeneralSecurityException, CodingException {
+ log.debug("generating MOCCA CA certificate");
+ Name subject = new Name();
+ subject.addRDN(ObjectID.country, "AT");
+ subject.addRDN(ObjectID.organization, "MOCCA");
+ subject.addRDN(ObjectID.organizationalUnit, "MOCCA TLS Server CA");
+
+ caKeyPair = generateKeyPair();
+ caCert = new X509Certificate();
+ caCert.setSerialNumber(new BigInteger(20, new Random()));
+ caCert.setSubjectDN(subject);
+ caCert.setPublicKey(caKeyPair.getPublic());
+ caCert.setIssuerDN(subject);
+
+ caCert.addExtension(new SubjectKeyIdentifier(caKeyPair.getPublic()));
+
+ BasicConstraints bc = new BasicConstraints(true);
+ bc.setCritical(true);
+ caCert.addExtension(bc);
+ KeyUsage ku = new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign
+ | KeyUsage.digitalSignature);
+ ku.setCritical(true);
+ caCert.addExtension(ku);
+
+ GregorianCalendar date = new GregorianCalendar();
+ date.add(Calendar.HOUR_OF_DAY, -1);
+ caCert.setValidNotBefore(date.getTime());
+ date.add(Calendar.YEAR, CA_VALIDITY_Y);
+ caCert.setValidNotAfter(date.getTime());
+ caCert.sign(AlgorithmID.sha1WithRSAEncryption, caKeyPair.getPrivate());
+
+ log.debug("successfully generated MOCCA TLS Server CA certificate " + caCert.getSubjectDN());
+ }
+
+ private void generateServerCert() throws GeneralSecurityException, CodingException {
+ log.debug("generating MOCCA server certificate");
+ Name subject = new Name();
+ subject.addRDN(ObjectID.country, "AT");
+ subject.addRDN(ObjectID.organization, "MOCCA");
+ subject.addRDN(ObjectID.organizationalUnit, "MOCCA TLS Server");
+ subject.addRDN(ObjectID.commonName, "localhost");
+ subject.addRDN(ObjectID.commonName, "127.0.0.1");
+
+ serverKeyPair = generateKeyPair();
+ serverCert = new X509Certificate();
+ serverCert.setSerialNumber(new BigInteger(20, new Random()));
+ serverCert.setSubjectDN(subject);
+ serverCert.setPublicKey(serverKeyPair.getPublic());
+ serverCert.setIssuerDN(caCert.getSubjectDN());
+
+ serverCert.addExtension(new SubjectKeyIdentifier(serverKeyPair.getPublic()));
+ byte[] aki = new SubjectKeyIdentifier(caCert.getPublicKey()).get();
+ serverCert.addExtension(new AuthorityKeyIdentifier(aki));
+
+ serverCert.addExtension(new ExtendedKeyUsage(ExtendedKeyUsage.serverAuth));
+
+ GeneralNames altNames = new GeneralNames();
+ altNames.addName(new GeneralName(GeneralName.dNSName, "localhost"));
+ altNames.addName(new GeneralName(GeneralName.dNSName, "127.0.0.1"));
+ altNames.addName(new GeneralName(GeneralName.iPAddress, "127.0.0.1"));
+ serverCert.addExtension(new SubjectAltName(altNames));
+
+ serverCert.addExtension(new BasicConstraints(false));
+ serverCert.addExtension(new KeyUsage(KeyUsage.keyEncipherment
+ | KeyUsage.digitalSignature));
+
+ GregorianCalendar date = new GregorianCalendar();
+ date.add(Calendar.HOUR_OF_DAY, -1);
+ serverCert.setValidNotBefore(date.getTime());
+ date.add(Calendar.YEAR,SERVER_VALIDITY_Y);
+ date.add(Calendar.HOUR_OF_DAY, -1);
+ serverCert.setValidNotAfter(date.getTime());
+ serverCert.sign(AlgorithmID.sha1WithRSAEncryption, caKeyPair.getPrivate());
+
+ log.debug("successfully generated MOCCA TLS Server certificate " + serverCert.getSubjectDN());
+ caKeyPair = null;
+ }
+
+ public KeyStore generateKeyStore(char[] password) throws GeneralSecurityException, IOException, CodingException {
+// try {
+ generateCACert();
+ generateServerCert();
+ KeyStore ks = KeyStore.getInstance("JKS");
+ ks.load(null, null);
+ ks.setKeyEntry(MOCCA_TLS_SERVER_ALIAS, serverKeyPair.getPrivate(), password, new X509Certificate[]{serverCert, caCert});
+ return ks;
+// } catch (Exception e) {
+// log.error("Cannot generate certificate", e);
+// }
+// return null;
+ }
+
+}
diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/AboutDialog.form b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/AboutDialog.form new file mode 100644 index 00000000..548893a7 --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/AboutDialog.form @@ -0,0 +1,139 @@ +<?xml version="1.0" encoding="UTF-8" ?> + +<Form version="1.3" maxVersion="1.7" type="org.netbeans.modules.form.forminfo.JDialogFormInfo"> + <Properties> + <Property name="defaultCloseOperation" type="int" value="2"/> + <Property name="title" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> + <ResourceString bundle="at/gv/egiz/bku/webstart/messages.properties" key="about.frame.title" replaceFormat="java.util.ResourceBundle.getBundle("{bundleNameSlashes}").getString("{key}")"/> + </Property> + </Properties> + <SyntheticProperties> + <SyntheticProperty name="formSizePolicy" type="int" value="1"/> + </SyntheticProperties> + <AuxValues> + <AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="0"/> + <AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/> + <AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/> + <AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="false"/> + <AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="false"/> + <AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/> + <AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/> + <AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/> + <AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/> + </AuxValues> + + <Layout> + <DimensionLayout dim="0"> + <Group type="103" groupAlignment="0" attributes="0"> + <Group type="102" attributes="0"> + <EmptySpace max="-2" attributes="0"/> + <Group type="103" groupAlignment="0" attributes="0"> + <Component id="jPanel1" alignment="1" max="32767" attributes="0"/> + <Component id="jPanel3" alignment="1" max="32767" attributes="0"/> + </Group> + <EmptySpace max="-2" attributes="0"/> + </Group> + </Group> + </DimensionLayout> + <DimensionLayout dim="1"> + <Group type="103" groupAlignment="0" attributes="0"> + <Group type="102" alignment="0" attributes="0"> + <EmptySpace max="-2" attributes="0"/> + <Component id="jPanel1" min="-2" max="-2" attributes="0"/> + <EmptySpace max="32767" attributes="0"/> + <Component id="jPanel3" min="-2" max="-2" attributes="0"/> + <EmptySpace max="-2" attributes="0"/> + </Group> + </Group> + </DimensionLayout> + </Layout> + <SubComponents> + <Container class="javax.swing.JPanel" name="jPanel1"> + + <Layout> + <DimensionLayout dim="0"> + <Group type="103" groupAlignment="0" attributes="0"> + <Group type="102" alignment="0" attributes="0"> + <Component id="jLabel1" min="-2" max="-2" attributes="0"/> + <EmptySpace type="unrelated" max="-2" attributes="0"/> + <Group type="103" groupAlignment="0" attributes="0"> + <Component id="jLabel3" min="-2" max="-2" attributes="0"/> + <Component id="jLabel2" min="-2" max="-2" attributes="0"/> + </Group> + <EmptySpace max="32767" attributes="0"/> + </Group> + </Group> + </DimensionLayout> + <DimensionLayout dim="1"> + <Group type="103" groupAlignment="0" attributes="0"> + <Component id="jLabel1" min="-2" max="-2" attributes="0"/> + <Group type="102" alignment="0" attributes="0"> + <EmptySpace max="-2" attributes="0"/> + <Component id="jLabel3" min="-2" max="-2" attributes="0"/> + <EmptySpace max="-2" attributes="0"/> + <Component id="jLabel2" min="-2" max="-2" attributes="0"/> + </Group> + </Group> + </DimensionLayout> + </Layout> + <SubComponents> + <Component class="javax.swing.JLabel" name="jLabel1"> + <Properties> + <Property name="icon" type="javax.swing.Icon" editor="org.netbeans.modules.form.editors2.IconEditor"> + <Image iconType="3" name="/at/gv/egiz/bku/webstart/chiperling96.png"/> + </Property> + </Properties> + </Component> + <Component class="javax.swing.JLabel" name="jLabel2"> + <Properties> + <Property name="text" type="java.lang.String" editor="org.netbeans.modules.form.RADConnectionPropertyEditor"> + <Connection code="getVersionText(bundle)" type="code"/> + </Property> + </Properties> + </Component> + <Component class="javax.swing.JLabel" name="jLabel3"> + <Properties> + <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> + <ResourceString bundle="at/gv/egiz/bku/webstart/messages.properties" key="about.title" replaceFormat="java.util.ResourceBundle.getBundle("{bundleNameSlashes}").getString("{key}")"/> + </Property> + </Properties> + </Component> + </SubComponents> + </Container> + <Container class="javax.swing.JPanel" name="jPanel3"> + + <Layout> + <DimensionLayout dim="0"> + <Group type="103" groupAlignment="0" attributes="0"> + <Group type="102" alignment="1" attributes="0"> + <EmptySpace pref="163" max="32767" attributes="0"/> + <Component id="jButton1" min="-2" max="-2" attributes="0"/> + <EmptySpace max="-2" attributes="0"/> + </Group> + </Group> + </DimensionLayout> + <DimensionLayout dim="1"> + <Group type="103" groupAlignment="0" attributes="0"> + <Group type="102" alignment="0" attributes="0"> + <EmptySpace max="-2" attributes="0"/> + <Component id="jButton1" min="-2" max="-2" attributes="0"/> + <EmptySpace max="32767" attributes="0"/> + </Group> + </Group> + </DimensionLayout> + </Layout> + <SubComponents> + <Component class="javax.swing.JButton" name="jButton1"> + <Properties> + <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor"> + <ResourceString bundle="at/gv/egiz/bku/webstart/messages.properties" key="button.close" replaceFormat="java.util.ResourceBundle.getBundle("{bundleNameSlashes}").getString("{key}")"/> + </Property> + </Properties> + <Events> + <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="jButton1ActionPerformed"/> + </Events> + </Component> + </SubComponents> + </Container> + </SubComponents> +</Form> diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/AboutDialog.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/AboutDialog.java new file mode 100644 index 00000000..ba2c007d --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/AboutDialog.java @@ -0,0 +1,165 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +/* + * AboutDialog.java + * + * Created on 18.08.2009, 11:54:44 + */ + +package at.gv.egiz.bku.webstart.gui; + +import java.text.MessageFormat; +import java.util.ResourceBundle; + +/** + * + * @author clemens + */ +public class AboutDialog extends javax.swing.JDialog { + + /** + * + */ + private static final long serialVersionUID = 1L; + + /** Creates new form AboutDialog */ + public AboutDialog(java.awt.Frame parent, boolean modal, String version) { + super(parent, modal); + this.version = version; + initComponents(); + } + + /** This method is called from within the constructor to + * initialize the form. + * WARNING: Do NOT modify this code. The content of this method is + * always regenerated by the Form Editor. + */ + // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents + private void initComponents() { + + jPanel1 = new javax.swing.JPanel(); + jLabel1 = new javax.swing.JLabel(); + jLabel2 = new javax.swing.JLabel(); + jLabel3 = new javax.swing.JLabel(); + jPanel3 = new javax.swing.JPanel(); + jButton1 = new javax.swing.JButton(); + + setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE); + java.util.ResourceBundle bundle = java.util.ResourceBundle.getBundle("at/gv/egiz/bku/webstart/messages"); // NOI18N + setTitle(bundle.getString("about.frame.title")); // NOI18N + + jLabel1.setIcon(new javax.swing.ImageIcon(getClass().getResource("/at/gv/egiz/bku/webstart/chiperling96.png"))); // NOI18N + + jLabel2.setText(getVersionText(bundle)); + + jLabel3.setText(bundle.getString("about.title")); // NOI18N + + javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1); + jPanel1.setLayout(jPanel1Layout); + jPanel1Layout.setHorizontalGroup( + jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(jPanel1Layout.createSequentialGroup() + .addComponent(jLabel1) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jLabel3) + .addComponent(jLabel2)) + .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + ); + jPanel1Layout.setVerticalGroup( + jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jLabel1) + .addGroup(jPanel1Layout.createSequentialGroup() + .addContainerGap() + .addComponent(jLabel3) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(jLabel2)) + ); + + jButton1.setText(bundle.getString("button.close")); // NOI18N + jButton1.addActionListener(new java.awt.event.ActionListener() { + public void actionPerformed(java.awt.event.ActionEvent evt) { + jButton1ActionPerformed(evt); + } + }); + + javax.swing.GroupLayout jPanel3Layout = new javax.swing.GroupLayout(jPanel3); + jPanel3.setLayout(jPanel3Layout); + jPanel3Layout.setHorizontalGroup( + jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel3Layout.createSequentialGroup() + .addContainerGap(163, Short.MAX_VALUE) + .addComponent(jButton1) + .addContainerGap()) + ); + jPanel3Layout.setVerticalGroup( + jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(jPanel3Layout.createSequentialGroup() + .addContainerGap() + .addComponent(jButton1) + .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + ); + + javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane()); + getContentPane().setLayout(layout); + layout.setHorizontalGroup( + layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addContainerGap() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jPanel1, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(jPanel3, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)) + .addContainerGap()) + ); + layout.setVerticalGroup( + layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addContainerGap() + .addComponent(jPanel1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(jPanel3, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addContainerGap()) + ); + + pack(); + }// </editor-fold>//GEN-END:initComponents + + private String getVersionText(ResourceBundle bundle) { + return MessageFormat.format(bundle.getString("about.version"), version); + } + private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_jButton1ActionPerformed + // TODO add your handling code here: + setVisible(false); + }//GEN-LAST:event_jButton1ActionPerformed + + /** + * @param args the command line arguments + */ + public static void main(String args[]) { + java.awt.EventQueue.invokeLater(new Runnable() { + public void run() { + AboutDialog dialog = new AboutDialog(new javax.swing.JFrame(), true, "1.2.3"); + dialog.addWindowListener(new java.awt.event.WindowAdapter() { + public void windowClosing(java.awt.event.WindowEvent e) { + System.exit(0); + } + }); + dialog.setVisible(true); + } + }); + } + + // Variables declaration - do not modify//GEN-BEGIN:variables + private javax.swing.JButton jButton1; + private javax.swing.JLabel jLabel1; + private javax.swing.JLabel jLabel2; + private javax.swing.JLabel jLabel3; + private javax.swing.JPanel jPanel1; + private javax.swing.JPanel jPanel3; + // End of variables declaration//GEN-END:variables + + private String version; +} diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/BKUControllerInterface.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/BKUControllerInterface.java new file mode 100644 index 00000000..886b55f7 --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/BKUControllerInterface.java @@ -0,0 +1,23 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.webstart.gui; + +public interface BKUControllerInterface { + + public void shutDown(); + +} diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/PINManagementInvoker.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/PINManagementInvoker.java new file mode 100644 index 00000000..1f14d751 --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/gui/PINManagementInvoker.java @@ -0,0 +1,72 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.webstart.gui; + +import at.gv.egiz.bku.webstart.Launcher; +import java.awt.TrayIcon; +import java.io.IOException; +import java.net.HttpURLConnection; +import java.util.ResourceBundle; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +/** + * GUI is painted using SwingUtilities.invokeLater, but TrayIcon ActionListener Thread (== webstart thread) joined Jetty Thread + * + * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at> + */ +public class PINManagementInvoker implements Runnable { + + private static final Logger log = LoggerFactory.getLogger(PINManagementInvoker.class); + + TrayIcon trayIcon; + ResourceBundle messages; + + public PINManagementInvoker(TrayIcon trayIcon, ResourceBundle messages) { + this.trayIcon = trayIcon; + this.messages = messages; + } + + @Override + public void run() { + HttpURLConnection connection = null; + try { + log.debug("Connecting to: " + Launcher.PIN_MANAGEMENT_URL); + + connection = (HttpURLConnection) Launcher.PIN_MANAGEMENT_URL.openConnection(); + + connection.setRequestMethod("GET"); + connection.setReadTimeout(0); + connection.connect(); + + if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) { + log.debug("pin management dialog returned"); + } else { + log.error("unexpected response from pin management: " + connection.getResponseMessage()); + } + } catch (IOException ex) { + log.error("Failed to connect to PIN Management", ex); + trayIcon.displayMessage(messages.getString(Launcher.CAPTION_ERROR), + messages.getString(Launcher.ERROR_PIN), TrayIcon.MessageType.ERROR); + } finally { + if (connection != null) { + connection.disconnect(); + } + } + } +} diff --git a/BKUWebStart/src/main/jnlp/keystore.ks b/BKUWebStart/src/main/jnlp/keystore.ks Binary files differnew file mode 100644 index 00000000..824c3a40 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/keystore.ks diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip128.png b/BKUWebStart/src/main/jnlp/resources/img/chip128.png Binary files differnew file mode 100644 index 00000000..c36d8079 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip128.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip16.png b/BKUWebStart/src/main/jnlp/resources/img/chip16.png Binary files differnew file mode 100644 index 00000000..96b580e9 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip16.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip24.png b/BKUWebStart/src/main/jnlp/resources/img/chip24.png Binary files differnew file mode 100644 index 00000000..efd6dbeb --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip24.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip32.png b/BKUWebStart/src/main/jnlp/resources/img/chip32.png Binary files differnew file mode 100644 index 00000000..e7efb020 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip32.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/chip48.png b/BKUWebStart/src/main/jnlp/resources/img/chip48.png Binary files differnew file mode 100644 index 00000000..491fbcac --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/chip48.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/splash.png b/BKUWebStart/src/main/jnlp/resources/img/splash.png Binary files differnew file mode 100644 index 00000000..597fbc60 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/splash.png diff --git a/BKUWebStart/src/main/jnlp/resources/img/version.xml b/BKUWebStart/src/main/jnlp/resources/img/version.xml new file mode 100644 index 00000000..5e160beb --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/img/version.xml @@ -0,0 +1,52 @@ +<?xml version="1.0" encoding="UTF-8"?> +<jnlp-versions> + <resource> + <pattern> + <name>chip16.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip16.png</file> + </resource> + <resource> + <pattern> + <name>chip24.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip24.png</file> + </resource> + <resource> + <pattern> + <name>chip32.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip32.png</file> + </resource> + <resource> + <pattern> + <name>chip48.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip48.png</file> + </resource> + <resource> + <pattern> + <name>chip64.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip64.png</file> + </resource> + <resource> + <pattern> + <name>chip128.png</name> + <version-id>2.0</version-id> + </pattern> + <file>chip128.png</file> + </resource> + <resource> + <pattern> + <name>splash.png</name> + <version-id>2.0</version-id> + </pattern> + <file>splash.png</file> + </resource> +</jnlp-versions> diff --git a/BKUWebStart/src/main/jnlp/resources/player.jnlp b/BKUWebStart/src/main/jnlp/resources/player.jnlp new file mode 100644 index 00000000..da08ebc2 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/resources/player.jnlp @@ -0,0 +1,3 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Jump specific JNL file for launching the player --> +<player/>
\ No newline at end of file diff --git a/BKUWebStart/src/main/jnlp/template-local.xml b/BKUWebStart/src/main/jnlp/template-local.xml new file mode 100644 index 00000000..f9a7d917 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/template-local.xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="utf-8"?> +<jnlp spec="$jnlpspec" codebase="file:${project.build.directory}/jnlp" href="$outputFile"> + + <information> + <title>MOCCA Developement</title> + <vendor>E-Government Innovationszentrum (EGIZ)</vendor> + <homepage href="${project.Url}"/> + <description>${project.Description} (BKU) MOCCA Web Start - Developement Version</description> + <description kind="short">${project.Description}</description> + <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/> + <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/> + <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/> + <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/> + <icon kind="default" href="img/chip16.png" width="16" height="16"/> + <icon kind="default" href="img/chip24.png" width="24" height="24"/> + <icon kind="default" href="img/chip32.png" width="32" height="32"/> + <icon kind="default" href="img/chip48.png" width="48" height="48"/> + <icon kind="splash" href="img/splash.png"/> + <shortcut online="true"> + <desktop/> + <menu submenu="e-Government"/> + </shortcut> + + <offline-allowed/> + + </information> + + <security> + <all-permissions/> + </security> + + <update check="timeout" policy="prompt-update"/> + + <resources> + <java version="1.6+" java-vm-args="-Djava.security.debug=access,failure"/> + $dependencies + </resources> + + <application-desc main-class="$mainClass"/> +</jnlp>
\ No newline at end of file diff --git a/BKUWebStart/src/main/jnlp/template-unstable.xml b/BKUWebStart/src/main/jnlp/template-unstable.xml new file mode 100644 index 00000000..b6574715 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/template-unstable.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + | To strip versions from jar filenames do + | for JAR in *jar; do mv JAR {JAR/-[0-9]*/.jar}; done + |--> +<jnlp spec="$jnlpspec" codebase="http://localhost:8080/webstart/" context="http://localhost:8080/" href="$outputFile"> + + <information> + <title>MOCCA Unstable</title> + <vendor>E-Government Innovationszentrum (EGIZ)</vendor> + <homepage href="${project.Url}"/> + <description>MOCCA Web Start - Unstable Build</description> + <description kind="short">MOCCA Web Start - Unstable Build</description> + <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/> + <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/> + <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/> + <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/> + <icon kind="default" href="img/chip16.png" width="16" height="16"/> + <icon kind="default" href="img/chip24.png" width="24" height="24"/> + <icon kind="default" href="img/chip32.png" width="32" height="32"/> + <icon kind="default" href="img/chip48.png" width="48" height="48"/> + <icon kind="splash" href="img/splash.png"/> + <shortcut online="true"> + <desktop/> + <menu submenu="e-Government"/> + </shortcut> + + <offline-allowed/> + + </information> + + <security> + <all-permissions/> + </security> + + <update check="timeout" policy="prompt-update"/> + + <resources os="Mac OS X"> + <java version="1.6+" java-vm-args="-d32"/> + $dependencies + </resources> + + <resources> + <java version="1.6+"/> + $dependencies + </resources> + + <application-desc main-class="$mainClass"/> +</jnlp>
\ No newline at end of file diff --git a/BKUWebStart/src/main/jnlp/template.xml b/BKUWebStart/src/main/jnlp/template.xml new file mode 100644 index 00000000..887e2f10 --- /dev/null +++ b/BKUWebStart/src/main/jnlp/template.xml @@ -0,0 +1,49 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + | To strip versions from jar filenames do + | for JAR in *jar; do mv JAR {JAR/-[0-9]*/.jar}; done + |--> +<jnlp spec="$jnlpspec" codebase="http://localhost/webstart/" context="http://localhost/" href="$outputFile"> + + <information> + <title>${project.Description}</title> + <vendor>E-Government Innovationszentrum (EGIZ)</vendor> + <homepage href="${project.Url}"/> + <description>${project.Description} (BKU) MOCCA Web Start</description> + <description kind="short">${project.Description}</description> + <icon kind="shortcut" href="img/chip16.png" width="16" height="16"/> + <icon kind="shortcut" href="img/chip24.png" width="24" height="24"/> + <icon kind="shortcut" href="img/chip32.png" width="32" height="32"/> + <icon kind="shortcut" href="img/chip48.png" width="48" height="48"/> + <icon kind="default" href="img/chip16.png" width="16" height="16"/> + <icon kind="default" href="img/chip24.png" width="24" height="24"/> + <icon kind="default" href="img/chip32.png" width="32" height="32"/> + <icon kind="default" href="img/chip48.png" width="48" height="48"/> + <icon kind="splash" href="img/splash.png"/> + <shortcut online="true"> + <desktop/> + <menu submenu="e-Government"/> + </shortcut> + + <offline-allowed/> + + </information> + + <security> + <all-permissions/> + </security> + + <update check="timeout" policy="prompt-update"/> + + <resources os="Mac OS X"> + <java version="1.6+" java-vm-args="-d32"/> + $dependencies + </resources> + + <resources> + <java version="1.6+"/> + $dependencies + </resources> + + <application-desc main-class="$mainClass"/> +</jnlp>
\ No newline at end of file diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip16.png b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip16.png Binary files differnew file mode 100644 index 00000000..96b580e9 --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip16.png diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip24.png b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip24.png Binary files differnew file mode 100644 index 00000000..efd6dbeb --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip24.png diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip32.png b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip32.png Binary files differnew file mode 100644 index 00000000..e7efb020 --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip32.png diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip48.png b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip48.png Binary files differnew file mode 100644 index 00000000..491fbcac --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chip48.png diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chiperling96.png b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chiperling96.png Binary files differnew file mode 100644 index 00000000..477d4fb5 --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/chiperling96.png diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/conf/conf.zip b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/conf/conf.zip Binary files differnew file mode 100644 index 00000000..3a3eb26d --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/conf/conf.zip diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages.properties b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages.properties new file mode 100644 index 00000000..9ba359be --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/messages.properties @@ -0,0 +1,38 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +tray.caption.default=B\u00FCrgerkarte +tray.caption.error=Fehler +tray.message.start=B\u00FCrgerkartenumgebung wird gestartet... +tray.message.start.offline=B\u00FCrgerkartenumgebung wird offline gestartet... +tray.message.config=Konfiguration wird geladen +tray.message.certs=Zertifikate werden geladen +tray.message.finished=B\u00FCrgerkartenumgebung erfolgreich gestartet +tray.message.shutdown=B\u00FCrgerkartenumgebung wird beendet +tray.error.start=B\u00FCrgerkartenumgebung konnte nicht gestartet werden +tray.error.config=Konfiguration konnte nicht initialisiert werden, B\u00FCrberkartenumgebung wird nicht gestartet +tray.error.bind=Die f\u00FCr die B\u00FCrgerkartenumgebung reservierte Adresse wird bereits von einem anderen Dienst verwendet +tray.error.pin.connect=Verbindung zur PIN Verwaltung konnte nicht hergestellt werden +tray.error.open.url=Verbindung zu {0} konnte nicht hergestellt werden +tray.label.shutdown=Beenden +tray.label.pin=PIN Verwaltung +tray.label.help=Hilfe +tray.label.about=\u00DCber... +tray.tooltip.default=B\u00FCrgerkartenumgebung +about.frame.title=B\u00FCrgerkarte +about.title=<html>B\u00FCrgerkartenumgebung +about.version=<html>Version: {0} +button.ok=Best\u00E4tigen +button.close=Schlie\u00DFen diff --git a/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/splash.png b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/splash.png Binary files differnew file mode 100644 index 00000000..597fbc60 --- /dev/null +++ b/BKUWebStart/src/main/resources/at/gv/egiz/bku/webstart/splash.png diff --git a/BKUWebStart/src/main/resources/log4j.properties b/BKUWebStart/src/main/resources/log4j.properties new file mode 100644 index 00000000..81832418 --- /dev/null +++ b/BKUWebStart/src/main/resources/log4j.properties @@ -0,0 +1,27 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# root log level INFO, appender file +log4j.rootLogger=INFO, file + +# jetty's log level +log4j.logger.org.mortbay.log=INFO + +# file appender +log4j.appender.file=org.apache.log4j.DailyRollingFileAppender +log4j.appender.file.datePattern='.'yyyy-MM-dd +log4j.appender.file.File=${user.home}/.mocca/logs/webstart.log +log4j.appender.file.layout=org.apache.log4j.PatternLayout +log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %-5p %c{2} - %m%n
\ No newline at end of file |