diff options
Diffstat (limited to 'BKUWebStart/src')
| -rw-r--r-- | BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java | 370 | 
1 files changed, 189 insertions, 181 deletions
| diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 3769629e..1e553c21 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -22,8 +22,8 @@   */ -package at.gv.egiz.bku.webstart;
 -
 +package at.gv.egiz.bku.webstart; +  import iaik.utils.StreamCopier;  import java.io.BufferedInputStream; @@ -51,28 +51,28 @@ import org.mortbay.jetty.webapp.WebAppContext;  import org.mortbay.thread.QueuedThreadPool;  import org.slf4j.Logger;  import org.slf4j.LoggerFactory; -
 -public class Container {
 -
 -  public static final String HTTP_PORT_PROPERTY = "mocca.http.port";
 + +public class Container { + +  public static final String HTTP_PORT_PROPERTY = "mocca.http.port";    public static final String HTTPS_PORT_PROPERTY = "mocca.https.port";    private static final String JETTY_TEMP_CLEANER_CLASSNAME = "JettyTempCleaner"; -
 -  private static Logger log = LoggerFactory.getLogger(Container.class);
 -
 + +  private static Logger log = LoggerFactory.getLogger(Container.class); +    static { -    if (log.isDebugEnabled()) {
 -      //Jetty log INFO and WARN, include ignored exceptions
 -      //jetty logging may be further restricted by setting level in log4j.properties
 -      System.setProperty("VERBOSE", "true");
 -      //do not set Jetty DEBUG logging, produces loads of output
 -      //System.setProperty("DEBUG", "true");
 -    }
 -  }
 -  private Server server;
 +    if (log.isDebugEnabled()) { +      //Jetty log INFO and WARN, include ignored exceptions +      //jetty logging may be further restricted by setting level in log4j.properties +      System.setProperty("VERBOSE", "true"); +      //do not set Jetty DEBUG logging, produces loads of output +      //System.setProperty("DEBUG", "true"); +    } +  } +  private Server server;    private WebAppContext webapp; -  private WebappErrorHandler errorHandler;
 +  private WebappErrorHandler errorHandler;    private Certificate caCertificate;    private File tempDir; @@ -82,128 +82,136 @@ public class Container {      this.locale = locale;      init();    } -
 -  public void init() throws IOException {
 -//    System.setProperty("DEBUG", "true");
 -    server = new Server();
 -    QueuedThreadPool qtp = new QueuedThreadPool();
 -    qtp.setMaxThreads(5);
 -    qtp.setMinThreads(2);
 -    qtp.setLowThreads(0);
 -    server.setThreadPool(qtp);
 -    server.setStopAtShutdown(true);
 -    server.setGracefulShutdown(3000);
 -
 -    SelectChannelConnector connector = new SelectChannelConnector();
 -    connector.setPort(Integer.getInteger(HTTP_PORT_PROPERTY, 3495).intValue());
 -    connector.setAcceptors(1);
 -    connector.setConfidentialPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue());
 -    connector.setHost("127.0.0.1");
 -
 -    SslSocketConnector sslConnector = new SslSocketConnector();
 -    sslConnector.setPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue());
 -    sslConnector.setAcceptors(1);
 -    sslConnector.setHost("127.0.0.1");
 -    File configDir = new File(System.getProperty("user.home") + "/" + Configurator.CONFIG_DIR);
 -    File keystoreFile = new File(configDir, Configurator.KEYSTORE_FILE);
 -    if (!keystoreFile.canRead()) {
 -      log.error("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath());
 -      throw new FileNotFoundException("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath());
 -    }
 -    log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath());
 -    sslConnector.setKeystore(keystoreFile.getAbsolutePath());
 -    String passwd = readPassword(new File(configDir, Configurator.PASSWD_FILE));
 -    sslConnector.setPassword(passwd);
 -    sslConnector.setKeyPassword(passwd);
 -
 -    //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey
 -    String[] RFC4492CipherSuites = new String[] {
 -      "TLS_ECDH_ECDSA_WITH_NULL_SHA",
 -      "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
 -      "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",
 -      "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",
 -      "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",
 -      "TLS_ECDHE_ECDSA_WITH_NULL_SHA",
 -      "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
 -      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
 -      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
 -      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
 -      "TLS_ECDH_RSA_WITH_NULL_SHA",
 -      "TLS_ECDH_RSA_WITH_RC4_128_SHA",
 -      "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",
 -      "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",
 -      "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",
 -      "TLS_ECDHE_RSA_WITH_NULL_SHA",
 -      "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
 -      "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
 -      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
 -      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
 -      "TLS_ECDH_anon_WITH_NULL_SHA",
 -      "TLS_ECDH_anon_WITH_RC4_128_SHA",
 -      "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA",
 -      "TLS_ECDH_anon_WITH_AES_128_CBC_SHA",
 -      "TLS_ECDH_anon_WITH_AES_256_CBC_SHA"
 -    };
 -
 -    sslConnector.setExcludeCipherSuites(RFC4492CipherSuites);
 -
 -    server.setConnectors(new Connector[]{connector, sslConnector});
 -
 -    webapp = new WebAppContext();
 -    webapp.setLogUrlOnStart(true);
 -    webapp.setContextPath("/");
 -    webapp.setExtractWAR(true);
 + +  public void init() throws IOException { +//    System.setProperty("DEBUG", "true"); +    server = new Server(); +    QueuedThreadPool qtp = new QueuedThreadPool(); +    qtp.setMaxThreads(5); +    qtp.setMinThreads(2); +    qtp.setLowThreads(0); +    server.setThreadPool(qtp); +    server.setStopAtShutdown(true); +    server.setGracefulShutdown(3000); + +    SelectChannelConnector connector = new SelectChannelConnector(); +    connector.setPort(Integer.getInteger(HTTP_PORT_PROPERTY, 3495).intValue()); +    connector.setAcceptors(1); +    connector.setConfidentialPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue()); +    connector.setHost("127.0.0.1"); + +    SslSocketConnector sslConnector = new SslSocketConnector(); +    sslConnector.setPort(Integer.getInteger(HTTPS_PORT_PROPERTY, 3496).intValue()); +    sslConnector.setAcceptors(1); +    sslConnector.setHost("127.0.0.1"); +    File configDir = new File(System.getProperty("user.home") + "/" + Configurator.CONFIG_DIR); +    File keystoreFile = new File(configDir, Configurator.KEYSTORE_FILE); +    if (!keystoreFile.canRead()) { +      log.error("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); +      throw new FileNotFoundException("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); +    } +    log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath()); +    sslConnector.setKeystore(keystoreFile.getAbsolutePath()); +    String passwd = readPassword(new File(configDir, Configurator.PASSWD_FILE)); +    sslConnector.setPassword(passwd); +    sslConnector.setKeyPassword(passwd); + +    //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey +    String[] RFC4492CipherSuites = new String[] { +      "TLS_ECDH_ECDSA_WITH_NULL_SHA", +      "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", +      "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", +      "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", +      "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", +      "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256", +      "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384", +      "TLS_ECDHE_ECDSA_WITH_NULL_SHA", +      "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", +      "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", +      "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", +      "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", +      "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", +      "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", +      "TLS_ECDH_RSA_WITH_NULL_SHA", +      "TLS_ECDH_RSA_WITH_RC4_128_SHA", +      "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", +      "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", +      "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", +      "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256", +      "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384", +      "TLS_ECDHE_RSA_WITH_NULL_SHA", +      "TLS_ECDHE_RSA_WITH_RC4_128_SHA", +      "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", +      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", +      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", +      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", +      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", +      "TLS_ECDH_anon_WITH_NULL_SHA", +      "TLS_ECDH_anon_WITH_RC4_128_SHA", +      "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", +      "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", +      "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" +    }; + +    sslConnector.setExcludeCipherSuites(RFC4492CipherSuites); + +    server.setConnectors(new Connector[]{connector, sslConnector}); + +    webapp = new WebAppContext(); +    webapp.setLogUrlOnStart(true); +    webapp.setContextPath("/"); +    webapp.setExtractWAR(true);      webapp.setParentLoaderPriority(false);      errorHandler = new WebappErrorHandler(locale); -    webapp.setErrorHandler(errorHandler);
 - -    tempDir = webapp.getTempDirectory();
 -    webapp.setWar(copyWebapp(tempDir));
 -//    webapp.setPermissions(getPermissions(tempDir));
 -
 -    server.setHandler(webapp);
 -    server.setGracefulShutdown(1000 * 3);
 -    
 -    loadCACertificate(keystoreFile, passwd.toCharArray());
 -  }
 -
 -  /**
 -   * @return The first valid (not empty, no comment) line of the passwd file
 -   * @throws IOException
 -   */
 -  protected static String readPassword(File passwdFile) throws IOException {
 -    if (passwdFile.exists() && passwdFile.canRead()) {
 -      BufferedReader passwdReader = null;
 -      try {
 -        passwdReader = new BufferedReader(new FileReader(passwdFile));
 -        String passwd;
 -        while ((passwd = passwdReader.readLine().trim()) != null) {
 -          if (passwd.length() > 0 && !passwd.startsWith("#")) {
 -            return passwd;
 -          }
 -        }
 -      } catch (IOException ex) {
 -        log.error("failed to read password from " + passwdFile, ex);
 -        throw ex;
 -      } finally {
 -        try {
 -          passwdReader.close();
 -        } catch (IOException ex) {
 -        }
 -      }
 -    }
 -    throw new IOException(passwdFile + " not readable");
 -  }
 -
 -  private String copyWebapp(File webappDir) throws IOException {
 -    File webapp = new File(webappDir, "BKULocal.war");
 -    log.debug("copying BKULocal classpath resource to " + webapp);
 -    InputStream is = getClass().getClassLoader().getResourceAsStream("BKULocal.war");
 -    OutputStream os = new BufferedOutputStream(new FileOutputStream(webapp));
 -    new StreamCopier(is, os).copyStream();
 -    os.close();
 -    return webapp.getPath();
 +    webapp.setErrorHandler(errorHandler); + +    tempDir = webapp.getTempDirectory(); +    webapp.setWar(copyWebapp(tempDir)); +//    webapp.setPermissions(getPermissions(tempDir)); + +    server.setHandler(webapp); +    server.setGracefulShutdown(1000 * 3); + +    loadCACertificate(keystoreFile, passwd.toCharArray()); +  } + +  /** +   * @return The first valid (not empty, no comment) line of the passwd file +   * @throws IOException +   */ +  protected static String readPassword(File passwdFile) throws IOException { +    if (passwdFile.exists() && passwdFile.canRead()) { +      BufferedReader passwdReader = null; +      try { +        passwdReader = new BufferedReader(new FileReader(passwdFile)); +        String passwd; +        while ((passwd = passwdReader.readLine().trim()) != null) { +          if (passwd.length() > 0 && !passwd.startsWith("#")) { +            return passwd; +          } +        } +      } catch (IOException ex) { +        log.error("failed to read password from " + passwdFile, ex); +        throw ex; +      } finally { +        try { +          passwdReader.close(); +        } catch (IOException ex) { +        } +      } +    } +    throw new IOException(passwdFile + " not readable"); +  } + +  private String copyWebapp(File webappDir) throws IOException { +    File webapp = new File(webappDir, "BKULocal.war"); +    log.debug("copying BKULocal classpath resource to " + webapp); +    InputStream is = getClass().getClassLoader().getResourceAsStream("BKULocal.war"); +    OutputStream os = new BufferedOutputStream(new FileOutputStream(webapp)); +    new StreamCopier(is, os).copyStream(); +    os.close(); +    return webapp.getPath();    }    private void copyCleaner(File dir) throws IOException { @@ -242,54 +250,54 @@ public class Container {      }    } -  /**
 -   * grant all permissions, since we need read/write access to save signature data files anywhere (JFileChooser) in the local filesystem
 -   * and Jetty does not allow declare (webapp) permissions on a codeBase basis.
 -   * @param webappDir
 -   * @return
 -   */
 -//  private Permissions getPermissions(File webappDir) {
 -//    Permissions perms = new Permissions();
 -//    perms.add(new AllPermission());
 -////      perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write"));
 -////      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write"));
 -////      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete"));
 -////      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete"));
 -//
 -////    perms.add(new FilePermission("<<ALL FILES>>", "read, write"));
 -//
 -//    return perms;
 -//  }
 -
 -  public void start() throws Exception {
 -    server.start();
 -    File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt");
 -    BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile));
 -    bos.write(caCertificate.getEncoded());
 -    bos.flush();
 -    bos.close();
 -  }
 -
 -  public boolean isRunning() {
 -    return server.isRunning();
 -  }
 -
 +  /** +   * grant all permissions, since we need read/write access to save signature data files anywhere (JFileChooser) in the local filesystem +   * and Jetty does not allow declare (webapp) permissions on a codeBase basis. +   * @param webappDir +   * @return +   */ +//  private Permissions getPermissions(File webappDir) { +//    Permissions perms = new Permissions(); +//    perms.add(new AllPermission()); +////      perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write")); +////      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write")); +////      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete")); +////      perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete")); +// +////    perms.add(new FilePermission("<<ALL FILES>>", "read, write")); +// +//    return perms; +//  } + +  public void start() throws Exception { +    server.start(); +    File caCertFile = new File(webapp.getTempDirectory(), "webapp/ca.crt"); +    BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(caCertFile)); +    bos.write(caCertificate.getEncoded()); +    bos.flush(); +    bos.close(); +  } + +  public boolean isRunning() { +    return server.isRunning(); +  } +    public void stop() throws Exception {      server.stop();      cleanupJettyTemp(); -  }
 -
 -  public void destroy() {
 -    server.destroy();
 +  } + +  public void destroy() { +    server.destroy();      cleanupJettyTemp(); -}
 -
 -  public void join() throws InterruptedException {
 -    server.join();
 -  }
 -
 +} + +  public void join() throws InterruptedException { +    server.join(); +  } +    private void loadCACertificate(File keystoreFile, char[] passwd) {      caCertificate = getCACertificate(keystoreFile, passwd);      if (caCertificate == null) @@ -312,4 +320,4 @@ public class Container {        return null;      }    } -}
 +} | 
