From dd04951a76fc6406755a94ecf547c0797f062fa2 Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 28 Aug 2009 17:53:01 +0000 Subject: replace installCertificate servlet with der encoded crt file in webapp/ moved local-webstart profile to BKUWebStart (jnlp-inline goal) help note for internet explorer on visat/7 git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@482 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUHelp/pom.xml | 2 +- .../main/webapp/help/de/help.install.cacert.html | 8 +- BKULocal/pom.xml | 2 +- .../at/gv/egiz/bku/local/stal/LocalBKUWorker.java | 1 + .../local/webapp/InstallCertificateServlet.java | 149 --------------------- BKULocal/src/main/webapp/WEB-INF/web.xml | 8 -- BKULocal/src/main/webapp/index.html | 7 +- BKUOnline/pom.xml | 2 +- BKUOnline/src/main/webapp/js/deployJava.js | 3 +- BKUWebStart/keystore.ks | Bin 5635 -> 0 bytes BKUWebStart/pom.xml | 48 +++++++ .../java/at/gv/egiz/bku/webstart/Container.java | 47 ++++--- .../java/at/gv/egiz/bku/webstart/Launcher.java | 6 +- .../java/at/gv/egiz/bku/webstart/TLSServerCA.java | 10 +- BKUWebStart/src/main/jnlp/keystore.ks | Bin 0 -> 5635 bytes .../src/main/jnlp/resources/img/chip128.png | Bin 0 -> 7775 bytes BKUWebStart/src/main/jnlp/resources/img/chip16.png | Bin 0 -> 787 bytes BKUWebStart/src/main/jnlp/resources/img/chip24.png | Bin 0 -> 1227 bytes BKUWebStart/src/main/jnlp/resources/img/chip32.png | Bin 0 -> 1753 bytes BKUWebStart/src/main/jnlp/resources/img/chip48.png | Bin 0 -> 2771 bytes BKUWebStart/src/main/jnlp/resources/img/splash.png | Bin 0 -> 41455 bytes .../src/main/jnlp/resources/img/version.xml | 52 +++++++ BKUWebStart/src/main/jnlp/resources/player.jnlp | 3 + BKUWebStart/src/main/jnlp/template-local.xml | 40 ++++++ BKUWebStartPackage/src/main/jnlp/template.xml | 6 +- pom.xml | 2 +- 26 files changed, 205 insertions(+), 191 deletions(-) delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java delete mode 100644 BKUWebStart/keystore.ks create mode 100644 BKUWebStart/src/main/jnlp/keystore.ks create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip128.png create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip16.png create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip24.png create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip32.png create mode 100644 BKUWebStart/src/main/jnlp/resources/img/chip48.png create mode 100644 BKUWebStart/src/main/jnlp/resources/img/splash.png create mode 100644 BKUWebStart/src/main/jnlp/resources/img/version.xml create mode 100644 BKUWebStart/src/main/jnlp/resources/player.jnlp create mode 100644 BKUWebStart/src/main/jnlp/template-local.xml diff --git a/BKUHelp/pom.xml b/BKUHelp/pom.xml index 366a2666..cfdb7178 100644 --- a/BKUHelp/pom.xml +++ b/BKUHelp/pom.xml @@ -7,7 +7,7 @@ at.gv.egiz BKUHelp - 1.3-SNAPSHOT + 1.2.5-SNAPSHOT BKU Help diff --git a/BKUHelp/src/main/webapp/help/de/help.install.cacert.html b/BKUHelp/src/main/webapp/help/de/help.install.cacert.html index a7573102..25c546f0 100644 --- a/BKUHelp/src/main/webapp/help/de/help.install.cacert.html +++ b/BKUHelp/src/main/webapp/help/de/help.install.cacert.html @@ -30,14 +30,20 @@ Um diese Überprüfung zu ermöglichen ist es notwendig das Ausstellerzertifikat, lautend auf O=MOCCA, OU=MOCCA TLS Server CA, im Web-Browser zu installieren.

+ +

Achtung: Eine automatische Installation des CA Zertifikats als 'Vertrauenswürdiges Stammzertifikat' im Microsoft Zertifikatsspeicher ist in Windows Vista leider nicht möglich. + Sollten Sie Internet Explorer oder Safari in Windows Vista oder 7 benutzen, dann wählen Sie bei der Installation des Zertifikats ausdrücklich 'zu vertrauenswürdigen Stammzertifizierungsstellen hinzufügen'. +

+

- Klicken Sie dazu auf die Verknüpfung CA Zertifikat installieren + Klicken Sie dazu auf die Verknüpfung CA Zertifikat installieren und wählen Sie im angezeigten Dialog die Option 'Dieser CA vertrauen um Websites zu identifizieren'. (Anmerkung: Der genaue Wortlaut hängt vom verwendeten Web-Browser ab).

Bildschirmfoto des Zertifikatsinstallationsdialogs

Hinweis: Der tatsächliche Dialog kann vom oben dargestellten abweichen und hängt vom verwendeten Web-Browser ab.

Kopieren Sie diese Verknüpfung und rufen Sie sie in weiteren Web-Browsern ihrer Wahl auf um das Zertifikat auch dort zu installieren.

+

Das CA Zertifikat wird ausschließlich zur Identifikation der lokalen Bürgerkartenumgebung verwendet und kann bei der Deinstallation der Bürgerkartenumgebung aus dem Web-Browser entfernt werden.


diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 23c626c4..85c83cec 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -111,7 +111,7 @@ BKUHelp at.gv.egiz - 1.3-SNAPSHOT + 1.2.5-SNAPSHOT org.springframework diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java index 75f71be6..1e3f9a1d 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalBKUWorker.java @@ -49,6 +49,7 @@ public class LocalBKUWorker extends AbstractBKUWorker { public List handleRequest(List requestList) { signatureCard = null; List responses = super.handleRequest(requestList); + container.setVisible(false); return responses; } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java deleted file mode 100644 index 0a9d001b..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java +++ /dev/null @@ -1,149 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.local.webapp; - -import iaik.pkcs.PKCS7CertList; -import iaik.utils.Util; -import java.io.IOException; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -/** - * @author Clemens Orthacker - */ -public class InstallCertificateServlet extends HttpServlet { - public static final String HTTPS_REDIRECT = "https://localhost:3496/"; - - public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate"; - protected PKCS7CertList p7c; - private static final Log log = LogFactory.getLog(InstallCertificateServlet.class); - - @Override - public void init() throws ServletException { - super.init(); - Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE); - if (caCert != null) { - try { - p7c = new PKCS7CertList(); - p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) }); - } catch (CertificateException ex) { - log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex); - } - } else { - log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE); - } - } - - /** - * Processes requests for both HTTP GET and POST methods. - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - protected void processRequest(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - -// try { -// SSLContext sslCtx1 = SSLContext.getDefault(); -// log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName()); -// } catch (NoSuchAlgorithmException ex) { -// log.debug("no sslContext: " + ex.getMessage(), ex); -// } -// -// try { -// SSLContext sslCtx2 = SSLContext.getInstance("TLS"); -// log.debug("TLS SSLContext: " + sslCtx2.getClass().getName()); -// -// SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory(); -// SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext(); -// -// if (serverSocketFactory != null) { -// log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName()); -// } -// if (serverSessionContext != null) { -// log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName()); -// } -// } catch (NoSuchAlgorithmException ex) { -// log.debug("no sslContext: " + ex.getMessage(), ex); -// } -// -// try { -// SSLContext sslCtx3 = SSLContext.getInstance("SSLv3"); -// log.debug("TLS SSLContext: " + sslCtx3.getClass().getName()); -// } catch (NoSuchAlgorithmException ex) { -// log.debug("no sslContext: " + ex.getMessage(), ex); -// } - - - - - - if (p7c != null) { - log.debug("returning local ca certificate"); - response.setContentType("application/x-x509-ca-cert"); - p7c.writeTo(response.getOutputStream()); - response.getOutputStream().flush(); - } else { - log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT); - response.sendRedirect(HTTPS_REDIRECT); - } - - } - - // - /** - * Handles the HTTP GET method. - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doGet(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Handles the HTTP POST method. - * @param request servlet request - * @param response servlet response - * @throws ServletException if a servlet-specific error occurs - * @throws IOException if an I/O error occurs - */ - @Override - protected void doPost(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - processRequest(request, response); - } - - /** - * Returns a short description of the servlet. - * @return a String containing servlet description - */ - @Override - public String getServletInfo() { - return "Short description"; - }// -} diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml index 8768dbd8..c4ea1e54 100644 --- a/BKULocal/src/main/webapp/WEB-INF/web.xml +++ b/BKULocal/src/main/webapp/WEB-INF/web.xml @@ -39,10 +39,6 @@ PINManagementServlet at.gv.egiz.bku.local.webapp.PINManagementServlet - - InstallCertificateServlet - at.gv.egiz.bku.local.webapp.InstallCertificateServlet - BKUServlet /http-security-layer-request @@ -57,10 +53,6 @@ PINManagementServlet /PINManagement - - InstallCertificateServlet - /installCertificate - index.html index.htm diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html index c5be17fe..0156b5e5 100644 --- a/BKULocal/src/main/webapp/index.html +++ b/BKULocal/src/main/webapp/index.html @@ -34,7 +34,7 @@ Logo

Um die Bürgerkartenumgebung zu verwenden installieren Sie bitte - zunächst das CA Zertifikat. + zunächst das CA Zertifikat¹.

Weiters können Sie

@@ -46,6 +46,11 @@


+

+ ¹Eine automatisierte Installation ist mit Microsoft Internet Explorer in Windows Vista oder 7 leider nicht möglich, + siehe dazu Hilfe. +

+