From 145003155c05e915b900989a27cef1271398164b Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 26 Aug 2009 17:31:32 +0000 Subject: MOCCA TLS Server CA cert installation servlet removed help.jsp (and jsp dependencies in jetty) moved html pages to src/main/webapp (encoding problem?) switch to BASIC download protocol in BKUWebStart (no jnlpDownloadServlet required, see template.xml) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../local/webapp/InstallCertificateServlet.java | 149 +++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java (limited to 'BKULocal/src/main/java/at/gv') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java new file mode 100644 index 00000000..0a9d001b --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java @@ -0,0 +1,149 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import iaik.pkcs.PKCS7CertList; +import iaik.utils.Util; +import java.io.IOException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * @author Clemens Orthacker + */ +public class InstallCertificateServlet extends HttpServlet { + public static final String HTTPS_REDIRECT = "https://localhost:3496/"; + + public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate"; + protected PKCS7CertList p7c; + private static final Log log = LogFactory.getLog(InstallCertificateServlet.class); + + @Override + public void init() throws ServletException { + super.init(); + Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE); + if (caCert != null) { + try { + p7c = new PKCS7CertList(); + p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) }); + } catch (CertificateException ex) { + log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex); + } + } else { + log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE); + } + } + + /** + * Processes requests for both HTTP GET and POST methods. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + +// try { +// SSLContext sslCtx1 = SSLContext.getDefault(); +// log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName()); +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } +// +// try { +// SSLContext sslCtx2 = SSLContext.getInstance("TLS"); +// log.debug("TLS SSLContext: " + sslCtx2.getClass().getName()); +// +// SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory(); +// SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext(); +// +// if (serverSocketFactory != null) { +// log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName()); +// } +// if (serverSessionContext != null) { +// log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName()); +// } +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } +// +// try { +// SSLContext sslCtx3 = SSLContext.getInstance("SSLv3"); +// log.debug("TLS SSLContext: " + sslCtx3.getClass().getName()); +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } + + + + + + if (p7c != null) { + log.debug("returning local ca certificate"); + response.setContentType("application/x-x509-ca-cert"); + p7c.writeTo(response.getOutputStream()); + response.getOutputStream().flush(); + } else { + log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT); + response.sendRedirect(HTTPS_REDIRECT); + } + + } + + // + /** + * Handles the HTTP GET method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// +} -- cgit v1.2.3