From 32d17447a258188b2d534bcb0bf65a659ba7b7d0 Mon Sep 17 00:00:00 2001 From: mcentner Date: Fri, 29 Aug 2008 12:11:34 +0000 Subject: Initial import. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@1 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/local/conf/ConfigurationUpdater.java | 44 ++++ .../at/gv/egiz/bku/local/conf/Configurator.java | 274 +++++++++++++++++++++ .../java/at/gv/egiz/bku/local/stal/PINDialog.java | 214 ++++++++++++++++ .../gv/egiz/bku/local/stal/QuitRequestHandler.java | 41 +++ .../java/at/gv/egiz/bku/local/stal/SMCCSTAL.java | 95 +++++++ .../at/gv/egiz/bku/local/stal/SMCCSTALFactory.java | 27 ++ .../egiz/bku/local/stal/SwingInsertCardDialog.java | 147 +++++++++++ .../gv/egiz/bku/local/stal/SwingPINProvider.java | 57 +++++ .../at/gv/egiz/bku/local/stal/SwingPinDialog.java | 265 ++++++++++++++++++++ .../egiz/bku/local/webapp/BKURequestHandler.java | 100 ++++++++ .../gv/egiz/bku/local/webapp/SpringBKUServlet.java | 30 +++ 11 files changed, 1294 insertions(+) create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java new file mode 100644 index 00000000..3214f4bc --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java @@ -0,0 +1,44 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.conf; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.quartz.JobExecutionContext; +import org.quartz.JobExecutionException; +import org.springframework.scheduling.quartz.QuartzJobBean; + +public class ConfigurationUpdater extends QuartzJobBean { + private static Log log = LogFactory.getLog(ConfigurationUpdater.class); + private Configurator config; + + @Override + protected void executeInternal(JobExecutionContext arg0) + throws JobExecutionException { + log.trace("Checking config update"); + config.checkUpdate(); + } + + public Configurator getConfig() { + return config; + } + + public void setConfig(Configurator config) { + this.config = config; + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java new file mode 100644 index 00000000..e9510101 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java @@ -0,0 +1,274 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.conf; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.xml.crypto.XSecProvider; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.security.KeyStore; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertStore; +import java.security.cert.CertificateFactory; +import java.security.cert.CollectionCertStoreParameters; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.X509CertSelector; +import java.security.cert.X509Certificate; +import java.util.Enumeration; +import java.util.LinkedList; +import java.util.List; + +import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; + +import org.apache.commons.configuration.ConfigurationException; +import org.apache.commons.configuration.XMLConfiguration; +import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; +import at.gv.egiz.smcc.SWCard; +import at.gv.egiz.smcc.util.SMCCHelper; + +public class Configurator { + private Log log = LogFactory.getLog(Configurator.class); + private XMLConfiguration baseConfig; + private XMLConfiguration specialConfig; + private boolean autoSave = false; + + public Configurator() { + super(); + init(); + configure(); + } + + private void init() { + log.debug("Initializing configuration"); + + baseConfig = new XMLConfiguration(); + try { + baseConfig.load(getClass().getClassLoader().getResourceAsStream( + "./at/gv/egiz/bku/local/baseconfig.xml")); + log.debug("Successfully loaded base configuration"); + } catch (ConfigurationException e) { + log.error("Cannot load base configuration", e); + } + autoSave = baseConfig.getBoolean("OverrideConfigurationFile[@autosave]"); + try { + specialConfig = new XMLConfiguration(); + specialConfig.setFileName(baseConfig + .getString("OverrideConfigurationFile")); + specialConfig.load(); + } catch (Exception e) { + log.debug("Cannot get special configuration at: " + + baseConfig.getString("OverrideConfigurationFile") + ": " + e); + log.debug("Creating new special configuration"); + try { + specialConfig = new XMLConfiguration(baseConfig); + specialConfig.setFileName(baseConfig + .getString("OverrideConfigurationFile")); + specialConfig.save(); + } catch (ConfigurationException e1) { + log.error("Cannot load defaults " + e1); + } + } + specialConfig.setReloadingStrategy(new FileChangedReloadingStrategy()); + specialConfig.setAutoSave(autoSave); + } + + protected void configUrlConnections() { + HttpsURLConnection.setFollowRedirects(false); + HttpURLConnection.setFollowRedirects(false); + } + + protected KeyStore loadKeyStore(String fileName, String type, String password) { + KeyStore ks = null; + try { + ks = KeyStore.getInstance(type); + InputStream is = new FileInputStream(fileName); + if (is == null) { + log.warn("Cannot load keystore from: " + fileName); + } + ks.load(is, password.toCharArray()); + for (Enumeration alias = ks.aliases(); alias.hasMoreElements();) { + log.debug("Found keystore alias: " + alias.nextElement()); + } + } catch (Exception e) { + log.error("Cannot config keystore", e); + return null; + } + return ks; + } + + protected void configSSL() { + String trustStoreName = specialConfig.getString("SSL.trustStoreFile"); + String trustStoreType = specialConfig.getString("SSL.trustStoreType"); + String trustStorePass = specialConfig.getString("SSL.trustStorePass"); + String certStoreDirectory = specialConfig + .getString("SSL.certStoreDirectory"); + String keyStoreName = specialConfig.getString("SSL.keyStoreFile"); + String keyStoreType = specialConfig.getString("SSL.keyStoreType"); + String keyStorePass = specialConfig.getString("SSL.keyStorePass"); + + String caIncludeDir = specialConfig.getString("SSL.caIncludeDirectory"); + + KeyStore trustStore = loadKeyStore(trustStoreName, trustStoreType, + trustStorePass); + KeyStore keyStore = null; + if (keyStoreName != null) { + keyStore = loadKeyStore(keyStoreName, keyStoreType, keyStorePass); + } + + try { + PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, + new X509CertSelector()); + + if (certStoreDirectory != null) { + File dir = new File(certStoreDirectory); + if (dir.isDirectory()) { + List certCollection = new LinkedList(); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : dir.listFiles()) { + log.debug("adding " + f.getName()); + certCollection.add((X509Certificate) cf + .generateCertificate(new FileInputStream(f))); + } + CollectionCertStoreParameters csp = new CollectionCertStoreParameters( + certCollection); + CertStore cs = CertStore.getInstance("Collection", csp); + pkixParams.addCertStore(cs); + log.debug("Added collection certstore"); + } else { + log.error("CertstoreDirectory " + certStoreDirectory + + " is not a directory"); + } + } + + if (caIncludeDir != null) { + File dir = new File(caIncludeDir); + if (dir.exists() && dir.isDirectory()) { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + try { + for (File f : dir.listFiles()) { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf + .generateCertificate(fis); + fis.close(); + log.debug("Adding trusted cert " + cert.getSubjectDN()); + trustStore.setCertificateEntry(cert.getSubjectDN().getName(), + cert); + f.delete(); + } + } finally { + trustStore.store(new FileOutputStream(trustStoreName), + trustStorePass.toCharArray()); + } + } + } + + pkixParams.setRevocationEnabled(specialConfig + .getBoolean("SSL.revocation")); + if (specialConfig.getBoolean("SSL.revocation")) { + System.setProperty("com.sun.security.enableCRLDP ", "true"); + Security.setProperty("ocsp.enable", "true"); + } + System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); + log.debug("Setting revocation check to: " + + pkixParams.isRevocationEnabled()); + ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( + pkixParams); + TrustManagerFactory trustFab = TrustManagerFactory.getInstance("PKIX"); + trustFab.init(trustParams); + + KeyManager[] km = null; + SSLContext sslCtx = SSLContext.getInstance(specialConfig + .getString("SSL.sslProtocol")); + if (keyStore != null) { + KeyManagerFactory keyFab = KeyManagerFactory.getInstance("SunX509"); + keyFab.init(keyStore, keyStorePass.toCharArray()); + km = keyFab.getKeyManagers(); + } + sslCtx.init(km, trustFab.getTrustManagers(), null); + HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + log.info("Successfully configured ssl"); + } catch (Exception e) { + log.debug("Cannot init ssl", e); + } + } + + protected void configureProviders() { + log.debug("Registering security providers"); + ECCProvider.addAsProvider(false); + Security.addProvider(new STALProvider()); + XSecProvider.addAsProvider(false); + StringBuffer sb = new StringBuffer(); + sb.append("Following providers are now registered: "); + int i = 1; + for (Provider prov : Security.getProviders()) { + sb.append((i++) + ". : " + prov); + } + log.debug("Configured provider" + sb.toString()); + } + + protected void configureBKU() { + if (specialConfig.containsKey("BKU.useSWCard")) { + boolean useSWCard = specialConfig.getBoolean("BKU.useSWCard"); + log.info("Setting SW Card to: "+useSWCard); + SMCCHelper.setUseSWCard(useSWCard); + } + if (specialConfig.containsKey("BKU.SWCardDirectory")) { + //SWCard. + } + } + + public void configure() { + configureProviders(); + configSSL(); + configUrlConnections(); + configureBKU(); + + } + + public void checkUpdate() { + if (specialConfig.getReloadingStrategy().reloadingRequired()) { + log.info("Reloading configuration: " + specialConfig.getFileName()); + specialConfig.setAutoSave(false); + specialConfig.clear(); + try { + specialConfig.load(); + } catch (ConfigurationException e) { + log.fatal(e); + } + specialConfig.setAutoSave(specialConfig + .getBoolean("OverrideConfigurationFile[@autosave]")); + configure(); + specialConfig.getReloadingStrategy().reloadingPerformed(); + } + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java new file mode 100644 index 00000000..5bc6bab5 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java @@ -0,0 +1,214 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.awt.event.WindowAdapter; +import java.awt.event.WindowEvent; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.swing.JButton; +import javax.swing.JPasswordField; +import javax.swing.text.AttributeSet; +import javax.swing.text.BadLocationException; +import javax.swing.text.PlainDocument; + +import at.gv.egiz.smcc.PINSpec; + +public class PINDialog extends javax.swing.JDialog implements ActionListener { + + // Variables declaration - do not modify + private javax.swing.JButton okButton; + private javax.swing.JButton cancelButton; + private javax.swing.JLabel label; + private javax.swing.JPasswordField password; + // End of variables declaration + + private PINSpec pinSpec; + private String pinString; + private boolean finished = false; + + class PinDocument extends PlainDocument { + private Pattern pattern; + + public PinDocument() { + pattern = Pattern.compile(pinSpec.getRexepPattern()); + } + + public void insertString(int offs, String str, AttributeSet a) + throws BadLocationException { + if (pinSpec.getMaxLength() >= (getLength() + str.length())) { + Matcher matcher = pattern.matcher(str); + if (matcher.matches()) { + super.insertString(offs, str, a); + } + } + okButton.setEnabled(getLength() >= pinSpec.getMinLength()); + } + + @Override + public void remove(int offs, int len) throws BadLocationException { + super.remove(offs, len); + okButton.setEnabled(getLength() >= pinSpec.getMinLength()); + } + } + + public PINDialog() { + } + + private synchronized void finished(boolean ok) { + if (ok) { + pinString = password.getText(); + } else { + pinString = null; + } + finished = true; + notifyAll(); + } + + public synchronized void waitFinished() { + while (!finished) { + try { + wait(); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + } + + public String getPIN() { + return pinString; + } + + /** Creates new form NewJDialog */ + public PINDialog(java.awt.Frame parent, boolean modal, PINSpec pinSpec, + int retries) { + super(parent, modal); + this.pinSpec = pinSpec; + initComponents(); + } + + private void initComponents() { + okButton = new javax.swing.JButton(); + cancelButton = new javax.swing.JButton(); + password = new javax.swing.JPasswordField(); + label = new javax.swing.JLabel(); + setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE); + + setTitle("PIN Dialog"); // NOI18N + setName("Form"); // NOI18N + + okButton.setText("OK"); // NOI18N + okButton.setName("okButton"); // NOI18N + okButton.setEnabled(false); + okButton.addActionListener(this); + + cancelButton.setText("Cancel"); // NOI18N + cancelButton.setName("cancelButton"); // NOI18N + cancelButton.addActionListener(this); + + password.setText(""); // NOI18N + password.setName("password"); // NOI18N + password.addActionListener(this); + password.setDocument(new PinDocument()); + + label.setText("PIN: "); // NOI18N + label.setName("jLabel1"); // NOI18N + + javax.swing.GroupLayout layout = new javax.swing.GroupLayout( + getContentPane()); + getContentPane().setLayout(layout); + layout.setHorizontalGroup(layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addGroup( + layout.createSequentialGroup().addContainerGap().addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addGroup( + layout.createSequentialGroup().addComponent(label, + javax.swing.GroupLayout.PREFERRED_SIZE, 61, + javax.swing.GroupLayout.PREFERRED_SIZE).addPreferredGap( + javax.swing.LayoutStyle.ComponentPlacement.RELATED, + javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) + .addComponent(password, + javax.swing.GroupLayout.PREFERRED_SIZE, 127, + javax.swing.GroupLayout.PREFERRED_SIZE)).addGroup( + javax.swing.GroupLayout.Alignment.TRAILING, + layout.createSequentialGroup().addComponent(cancelButton) + .addPreferredGap( + javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(okButton))).addContainerGap())); + layout.setVerticalGroup(layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addGroup( + layout.createSequentialGroup().addContainerGap().addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.BASELINE).addComponent(label, + javax.swing.GroupLayout.PREFERRED_SIZE, 33, + javax.swing.GroupLayout.PREFERRED_SIZE).addComponent(password, + javax.swing.GroupLayout.PREFERRED_SIZE, + javax.swing.GroupLayout.DEFAULT_SIZE, + javax.swing.GroupLayout.PREFERRED_SIZE)).addPreferredGap( + javax.swing.LayoutStyle.ComponentPlacement.RELATED, 14, + Short.MAX_VALUE).addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.BASELINE).addComponent( + okButton).addComponent(cancelButton)).addContainerGap())); + + pack(); + } + + /** + * @param args + * the command line arguments + */ + public static void main(String args[]) { + java.awt.EventQueue.invokeLater(new Runnable() { + public void run() { + PINDialog dialog = new PINDialog(new javax.swing.JFrame(), true, + new PINSpec(1, 5, "[0-9]*", "Hansi"), 10); + dialog.setResizable(false); + dialog.addWindowListener(new java.awt.event.WindowAdapter() { + public void windowClosing(java.awt.event.WindowEvent e) { + System.exit(0); + } + }); + dialog.setVisible(true); + } + }); + } + + @Override + public void actionPerformed(ActionEvent e) { + if (e.getSource() instanceof JButton) { + JButton pressed = (JButton) e.getSource(); + if (pressed.getName().equals("okButton")) { + finished(true); + } else if (pressed.getName().equals("cancelButton")) { + finished(false); + } + } else if (e.getSource() instanceof JPasswordField) { + JPasswordField pwf = (JPasswordField) e.getSource(); + if (pwf.getName().equals("password")) { + if (password.getPassword().length >= pinSpec.getMinLength()) { + finished(true); + } + } + } + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java new file mode 100644 index 00000000..5596b7bb --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java @@ -0,0 +1,41 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import at.gv.egiz.bku.smccstal.AbstractRequestHandler; +import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; + +public class QuitRequestHandler extends AbstractRequestHandler { + + @Override + public STALResponse handleRequest(STALRequest request) { + return null; + } + + @Override + public boolean requireCard() { + return false; + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return this; + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java new file mode 100644 index 00000000..26ec2aa8 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java @@ -0,0 +1,95 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.util.Locale; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.local.ui.TrayIconDialog; +import at.gv.egiz.bku.smccstal.AbstractRequestHandler; +import at.gv.egiz.bku.smccstal.AbstractSMCCSTAL; +import at.gv.egiz.bku.smccstal.STALMessageConsumer; +import at.gv.egiz.smcc.PINProvider; +import at.gv.egiz.smcc.util.SMCCHelper; +import at.gv.egiz.stal.QuitRequest; + +public class SMCCSTAL extends AbstractSMCCSTAL implements STALMessageConsumer { + private static Log log = LogFactory.getLog(SMCCSTAL.class); + + protected PINProvider pinProvider = new SwingPINProvider(); + protected SwingInsertCardDialog insertCard = new SwingInsertCardDialog(); + private boolean canceled = false; + + static { + addRequestHandler(QuitRequest.class, new QuitRequestHandler()); + } + + public SMCCSTAL() { + AbstractRequestHandler.setMessageConsumer(this); + } + + /** + * + * @return if the user canceled + */ + protected boolean waitForCard() { + canceled = false; + while ((smccHelper.getResultCode() != SMCCHelper.CARD_FOUND) && (!canceled)) { + insertCard.setVisible(true); + insertCard.setAlwaysOnTop(true); + insertCard.addCanceledListener(new ActionListener() { + @Override + public void actionPerformed(ActionEvent e) { + canceled = true; + } + }); + try { + smccHelper.update(1000); + } catch (Exception ex) { + log.info(ex); + } + } + insertCard.setVisible(false); + signatureCard = smccHelper.getSignatureCard(locale); + return canceled; + } + + @Override + public void setLocale(Locale locale) { + super.setLocale(locale); + if (pinProvider instanceof SwingPINProvider) { + ((SwingPINProvider) pinProvider).setLocale(locale); + } + } + + @Override + public void consumeNewSTALMessage(String captionId, String messageId) { + TrayIconDialog.getInstance().displayInfo(captionId, messageId); + } + + @Override + protected BKUGUIFacade getGUI() { + // TODO Auto-generated method stub + //FIXME + return null; + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java new file mode 100644 index 00000000..014d884a --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -0,0 +1,27 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.STALFactory; + +public class SMCCSTALFactory implements STALFactory { + @Override + public STAL createSTAL() { + return new SMCCSTAL(); + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java new file mode 100644 index 00000000..eb76f2f2 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java @@ -0,0 +1,147 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import java.awt.Dimension; +import java.awt.Font; +import java.awt.Toolkit; +import java.awt.event.ActionListener; +import java.awt.event.WindowAdapter; +import java.awt.event.WindowEvent; +import java.awt.event.WindowListener; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.Locale; +import java.util.ResourceBundle; + +import javax.swing.ImageIcon; +import javax.swing.JDialog; + +import at.gv.egiz.bku.utils.StreamUtil; + +public class SwingInsertCardDialog extends JDialog { + + private javax.swing.JButton cancelButton; + private javax.swing.JLabel jLabel1; + private javax.swing.JLabel jLabel2; + private Locale locale = Locale.getDefault(); + + public SwingInsertCardDialog() { + super((java.awt.Frame) null, false); + initComponents(); + } + + public void setLocale(Locale locale) { + this.locale = locale; + } + + private void initComponents() { + ResourceBundle rb = ResourceBundle.getBundle( + "at/gv/egiz/bku/local/Userdialog", locale); + setTitle(rb.getString("Insert.Header")); + jLabel1 = new javax.swing.JLabel(); + jLabel2 = new javax.swing.JLabel(); + cancelButton = new javax.swing.JButton(); + + setDefaultCloseOperation(javax.swing.WindowConstants.DO_NOTHING_ON_CLOSE); + setName("Form"); // NOI18N + setUndecorated(true); + + jLabel1.setFont(new Font("Tahoma", Font.BOLD, 14)); + jLabel1.setText(rb.getString("Insert.Text")); // NOI18N + jLabel1.setName("text"); // NOI18N + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + InputStream is = getClass().getClassLoader().getResourceAsStream( + "at/gv/egiz/bku/local/logo.png"); + try { + StreamUtil.copyStream(is, os); + jLabel2.setIcon(new ImageIcon(os.toByteArray())); // NOI18N + } catch (IOException e) { + jLabel2.setText("Chipperling image missing"); // NOI18N + } + jLabel2.setName("jLabel2"); // NOI18N + cancelButton.setText(rb.getString("Insert.Button.Cancel")); // NOI18N + cancelButton.setName("jButton1"); // NOI18N + + javax.swing.GroupLayout layout = new javax.swing.GroupLayout( + getContentPane()); + getContentPane().setLayout(layout); + layout.setHorizontalGroup(layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addGroup( + layout.createSequentialGroup().addContainerGap().addComponent(jLabel2) + .addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.TRAILING).addGroup( + layout.createSequentialGroup().addGap(35, 35, 35) + .addComponent(jLabel1, + javax.swing.GroupLayout.DEFAULT_SIZE, + javax.swing.GroupLayout.DEFAULT_SIZE, + Short.MAX_VALUE)).addGroup( + layout.createSequentialGroup().addPreferredGap( + javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(cancelButton))).addGap(29, 29, 29))); + layout.setVerticalGroup(layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addGroup( + javax.swing.GroupLayout.Alignment.TRAILING, + layout.createSequentialGroup().addContainerGap().addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.TRAILING).addComponent( + jLabel2).addGroup( + layout.createSequentialGroup().addComponent(jLabel1, + javax.swing.GroupLayout.DEFAULT_SIZE, 53, Short.MAX_VALUE) + .addGap(35, 35, 35).addComponent(cancelButton).addGap(9, 9, + 9))).addContainerGap())); + + Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); + Dimension frameSize = getSize(); + if (frameSize.height > screenSize.height) { + frameSize.height = screenSize.height; + } + if (frameSize.width > screenSize.width) { + frameSize.width = screenSize.width; + } + setLocation((screenSize.width - frameSize.width) / 2, + (screenSize.height - frameSize.height) / 2); + setUndecorated(false); + pack(); + } + + public void addCanceledListener(ActionListener al) { + cancelButton.addActionListener(al); + } + + /** + * @param args + * the command line arguments + */ + public static void main(String args[]) { + java.awt.EventQueue.invokeLater(new Runnable() { + public void run() { + SwingInsertCardDialog dialog = new SwingInsertCardDialog(); + dialog.addWindowListener(new java.awt.event.WindowAdapter() { + public void windowClosing(java.awt.event.WindowEvent e) { + System.exit(0); + } + }); + // + } + }); + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java new file mode 100644 index 00000000..7d36e68e --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java @@ -0,0 +1,57 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import java.util.Locale; + +import at.gv.egiz.smcc.PINProvider; +import at.gv.egiz.smcc.PINSpec; + +public class SwingPINProvider implements PINProvider { + + private Locale locale = Locale.getDefault(); + SwingPinDialog dialog; + + public SwingPINProvider() { + this.locale = Locale.getDefault(); + + } + + public Locale getLocale() { + return locale; + } + + public void setLocale(Locale locale) { + this.locale = locale; + } + + @Override + public String providePIN(PINSpec pinSpec, int retries) { + dialog = new SwingPinDialog(null, false); + dialog.setResizable(false); + dialog.setRetries(retries); + dialog.setPinSpec(pinSpec); + dialog.initComponents(); + dialog.setVisible(true); + dialog.requestFocus(); + dialog.setAlwaysOnTop(true); + dialog.waitFinished(); + dialog.dispose(); + return dialog.getPIN(); + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java new file mode 100644 index 00000000..3e91972c --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java @@ -0,0 +1,265 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.stal; + +import java.awt.Dimension; +import java.awt.Font; +import java.awt.Toolkit; +import java.awt.event.ActionEvent; +import java.awt.event.ActionListener; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; +import java.text.MessageFormat; +import java.util.Locale; +import java.util.ResourceBundle; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.swing.ImageIcon; +import javax.swing.JButton; +import javax.swing.JPasswordField; +import javax.swing.text.AttributeSet; +import javax.swing.text.BadLocationException; +import javax.swing.text.PlainDocument; + +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.smcc.PINSpec; + +public class SwingPinDialog extends javax.swing.JDialog implements + ActionListener { + + private javax.swing.JButton okButton; + private javax.swing.JButton cancelButton; + private javax.swing.JLabel jLabel1; + private javax.swing.JLabel jLabel2; + private javax.swing.JPasswordField password; + + private PINSpec pinSpec; + private String pinString; + private boolean finished = false; + private int retries = -1; + private Locale locale = Locale.getDefault(); + private boolean setUp = false; + + class PinDocument extends PlainDocument { + private Pattern pattern; + + public PinDocument() { + if ((pinSpec != null) && (pinSpec.getRexepPattern() != null)) { + pattern = Pattern.compile(pinSpec.getRexepPattern()); + } else { + pattern = Pattern.compile("."); + } + } + + public void insertString(int offs, String str, AttributeSet a) + throws BadLocationException { + if (pinSpec.getMaxLength() >= (getLength() + str.length())) { + Matcher matcher = pattern.matcher(str); + if (matcher.matches()) { + super.insertString(offs, str, a); + } + } + okButton.setEnabled(getLength() >= pinSpec.getMinLength()); + } + + @Override + public void remove(int offs, int len) throws BadLocationException { + super.remove(offs, len); + okButton.setEnabled(getLength() >= pinSpec.getMinLength()); + } + } + + /** + * Make sure to call initComponents + * + * @param parent + * @param modal + */ + public SwingPinDialog(java.awt.Frame parent, boolean modal) { + super(parent, modal); + } + + public void setLocale(Locale locale) { + this.locale = locale; + } + + public void setPinSpec(PINSpec pinSpec) { + this.pinSpec = pinSpec; + } + + public void setRetries(int retries) { + this.retries = retries; + } + + public void initComponents() { + ResourceBundle rb = ResourceBundle.getBundle( + "at/gv/egiz/bku/local/Userdialog", locale); + okButton = new javax.swing.JButton(); + cancelButton = new javax.swing.JButton(); + password = new javax.swing.JPasswordField(); + jLabel1 = new javax.swing.JLabel(); + jLabel2 = new javax.swing.JLabel(); + + setTitle(rb.getString("Pin.Header")); + setName("Form"); + setDefaultCloseOperation(javax.swing.WindowConstants.DO_NOTHING_ON_CLOSE); + + okButton.setText(rb.getString("Pin.Button.OK")); + okButton.setName("okButton"); + okButton.setEnabled(false); + okButton.addActionListener(this); + + cancelButton.setText(rb.getString("Pin.Button.Cancel")); + cancelButton.setName("cancelButton"); + cancelButton.addActionListener(this); + + password.setText(""); + password.setDocument(new PinDocument()); + password.setName("password"); + password.addActionListener(this); + password.setDocument(new PinDocument()); + password.setRequestFocusEnabled(true); + password.requestFocus(); + + jLabel1.setFont(new Font("Tahoma", Font.BOLD, 14)); + String text = null; + Object[] args; + if (retries > 0) { + text = rb.getString("Pin.Text.Retries"); + args = new Object[2]; + args[0] = pinSpec.getLocalizedName(); + args[1] = new Integer(retries); + } else { + text = rb.getString("Pin.Text.NoRetries"); + args = new Object[1]; + args[0] = pinSpec.getLocalizedName(); + } + text = MessageFormat.format(text, args); + jLabel1.setText(text); // NOI18N + jLabel1.setName("jLabel1"); // NOI18N + + ByteArrayOutputStream os = new ByteArrayOutputStream(); + InputStream is = getClass().getClassLoader().getResourceAsStream( + "at/gv/egiz/bku/local/logo.png"); + try { + StreamUtil.copyStream(is, os); + jLabel2.setIcon(new ImageIcon(os.toByteArray())); // NOI18N + } catch (Exception e) { + jLabel2.setText("Chipperling image missing"); // NOI18N + } + jLabel2.setName("jLabel2"); // NOI18N + + javax.swing.GroupLayout layout = new javax.swing.GroupLayout( + getContentPane()); + getContentPane().setLayout(layout); + layout.setHorizontalGroup(layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addGroup( + layout.createSequentialGroup().addContainerGap().addComponent(jLabel2) + .addGap(73, 73, 73).addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addComponent( + jLabel1).addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.TRAILING, false) + .addComponent(password, + javax.swing.GroupLayout.Alignment.LEADING) + .addGroup( + javax.swing.GroupLayout.Alignment.LEADING, + layout.createSequentialGroup().addComponent( + cancelButton).addGap(18, 18, 18).addComponent( + okButton)))).addContainerGap(31, + Short.MAX_VALUE))); + layout.setVerticalGroup(layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING).addGroup( + layout.createSequentialGroup().addContainerGap().addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jLabel2).addGroup( + layout.createSequentialGroup().addPreferredGap( + javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(jLabel1, + javax.swing.GroupLayout.PREFERRED_SIZE, 33, + javax.swing.GroupLayout.PREFERRED_SIZE).addGap(18, + 18, 18).addComponent(password, + javax.swing.GroupLayout.PREFERRED_SIZE, + javax.swing.GroupLayout.DEFAULT_SIZE, + javax.swing.GroupLayout.PREFERRED_SIZE).addGap(20, + 20, 20).addGroup( + layout.createParallelGroup( + javax.swing.GroupLayout.Alignment.BASELINE) + .addComponent(cancelButton).addComponent( + okButton)))).addGap(36, 36, 36))); + Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); + Dimension frameSize = getSize(); + if (frameSize.height > screenSize.height) { + frameSize.height = screenSize.height; + } + if (frameSize.width > screenSize.width) { + frameSize.width = screenSize.width; + } + setLocation((screenSize.width - frameSize.width) / 2, + (screenSize.height - frameSize.height) / 2); + setUndecorated(false); + pack(); + } + + public String getPIN() { + return pinString; + } + + private synchronized void finished(boolean ok) { + if (ok) { + pinString = password.getText(); + } else { + pinString = null; + } + finished = true; + notifyAll(); + } + + public synchronized void waitFinished() { + while (!finished) { + try { + wait(); + } catch (InterruptedException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + } + + @Override + public void actionPerformed(ActionEvent e) { + if (e.getSource() instanceof JButton) { + JButton pressed = (JButton) e.getSource(); + if (pressed.getName().equals("okButton")) { + finished(true); + } else if (pressed.getName().equals("cancelButton")) { + finished(false); + } + } else if (e.getSource() instanceof JPasswordField) { + JPasswordField pwf = (JPasswordField) e.getSource(); + if (pwf.getName().equals("password")) { + if (password.getPassword().length >= pinSpec.getMinLength()) { + finished(true); + } + } + } + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java new file mode 100644 index 00000000..8529949d --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java @@ -0,0 +1,100 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.webapp; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.web.HttpRequestHandler; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; + +public abstract class BKURequestHandler extends HttpServlet { + + public final static String ENCODING = "UTF-8"; + + protected Log log = LogFactory.getLog(BKURequestHandler.class); + + protected abstract BindingProcessorManager getBindingProcessorManager(); + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + log.debug("Got new request"); + String lang = req.getHeader("Accept-Language"); + Locale locale = AcceptLanguage.getLocale(lang); + log.debug("Using locale: "+locale); + HTTPBindingProcessor bindingProcessor; + if (req.isSecure()) { + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor("https", null, locale); + } else { + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor("http", null, locale); + } + Map headerMap = new HashMap(); + for (Enumeration headerName = req.getHeaderNames(); headerName + .hasMoreElements();) { + String header = headerName.nextElement(); + if (header != null) { + headerMap.put(header, req.getHeader(header)); + } + } + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, req.getContentType()+";"+req.getCharacterEncoding()); + bindingProcessor.setHTTPHeaders(headerMap); + bindingProcessor.consumeRequestStream(req.getInputStream()); + + // fixxme just for testing + bindingProcessor.run(); + if (bindingProcessor.getRedirectURL() != null) { + resp.sendRedirect(bindingProcessor.getRedirectURL()); + return; + } + resp.setStatus(bindingProcessor.getResponseCode()); + for (Iterator it = bindingProcessor.getResponseHeaders().keySet() + .iterator(); it.hasNext();) { + String header = it.next(); + resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header)); + } + resp.setContentType(bindingProcessor.getResultContentType()); + resp.setCharacterEncoding(ENCODING); + bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING); + req.getInputStream().close(); + resp.getOutputStream().flush(); + resp.getOutputStream().close(); + log.debug("Finished Request"); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + doPost(req, resp); + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java new file mode 100644 index 00000000..c573e52f --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/SpringBKUServlet.java @@ -0,0 +1,30 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.webapp; + +import at.gv.egiz.bku.binding.BindingProcessorManager; + +public class SpringBKUServlet extends BKURequestHandler { + + public final static String BEAN_NAME="bindingProcessorManager"; + + @Override + protected BindingProcessorManager getBindingProcessorManager() { + return (BindingProcessorManager) getServletContext().getAttribute(BEAN_NAME); + } + +} -- cgit v1.2.3 From e0f2c64ad6360e2ecec983cb5e0a60f812672106 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 4 Sep 2008 14:56:54 +0000 Subject: finished access controller, accessed it from command invoker and configured everything within onlinebku git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@14 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/local/webapp/BKURequestHandler.java | 194 ++- .../accesscontroller/SpringSecurityManager.java | 48 + .../at/gv/egiz/bku/online/conf/Configurator.java | 47 +- .../egiz/bku/online/conf/SpringConfigurator.java | 27 + .../egiz/bku/online/webapp/BKURequestHandler.java | 177 ++- .../egiz/bku/online/conf/accessControlConfig.xml | 98 ++ .../gv/egiz/bku/online/conf/defaultConf.properties | 3 + .../src/main/webapp/WEB-INF/applicationContext.xml | 92 +- .../main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar | Bin 0 -> 132767 bytes .../main/webapp/applet/commons-logging-1.1.1.jar | Bin 0 -> 60686 bytes .../src/main/webapp/applet/iaik_jce_me4se-3.04.jar | Bin 0 -> 99061 bytes STALService/META-INF/MANIFEST.MF | 3 + .../accesscontroller/AccessControllerFactory.java | 76 +- .../gv/egiz/bku/accesscontroller/ChainChecker.java | 6 +- .../bku/accesscontroller/CommandParamChecker.java | 52 + .../bku/accesscontroller/InfoboxParamChecker.java | 58 + .../bku/accesscontroller/InfoboxRuleChecker.java | 14 - .../gv/egiz/bku/accesscontroller/RuleChecker.java | 72 +- .../accesscontroller/SecurityManagerFacade.java | 102 ++ .../egiz/bku/binding/BindingProcessorManager.java | 15 +- .../bku/binding/BindingProcessorManagerImpl.java | 20 +- .../at/gv/egiz/bku/binding/DataUrlConnection.java | 17 +- .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 7 +- .../gv/egiz/bku/binding/HTTPBindingProcessor.java | 1634 ++++++++++---------- .../gv/egiz/bku/binding/SLCommandInvokerImpl.java | 157 +- .../gv/egiz/bku/slcommands/InfoboxReadCommand.java | 10 +- .../gv/egiz/bku/slcommands/SLCommandInvoker.java | 7 +- .../at/gv/egiz/bku/slcommands/SLSourceContext.java | 11 +- .../at/gv/egiz/bku/slcommands/SLTargetContext.java | 13 +- .../slcommands/impl/InfoboxReadCommandImpl.java | 7 +- .../gv/egiz/bku/accesscontroller/ConfigTest.java | 91 +- .../bku/binding/BindingProcessorManagerTest.java | 12 +- .../gv/egiz/bku/binding/DataUrlConnectionTest.java | 22 +- .../at/gv/egiz/bku/binding/ExpiryRemoverTest.java | 10 +- .../egiz/bku/binding/HttpBindingProcessorTest.java | 2 +- .../egiz/bku/binding/MultipartSLRequestTest.java | 5 +- .../at/gv/egiz/bku/binding/NullOperationTest.java | 5 +- .../gv/egiz/bku/binding/TestDataUrlConnection.java | 7 +- .../bku/accesscontroller/AccessControlConfig.xml | 6 +- .../egiz/bku/accesscontroller/SimpleChainTest.xml | 39 + 40 files changed, 1907 insertions(+), 1259 deletions(-) create mode 100644 BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java create mode 100644 BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml create mode 100644 BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties create mode 100644 BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar create mode 100644 BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar create mode 100644 BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar create mode 100644 STALService/META-INF/MANIFEST.MF create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java delete mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java create mode 100644 bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java index 8529949d..f19b86b5 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/BKURequestHandler.java @@ -1,100 +1,96 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.webapp; - -import java.io.IOException; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Iterator; -import java.util.Locale; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServlet; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.springframework.web.HttpRequestHandler; - -import at.gv.egiz.bku.binding.BindingProcessorManager; -import at.gv.egiz.bku.binding.HTTPBindingProcessor; -import at.gv.egiz.bku.binding.HttpUtil; -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; - -public abstract class BKURequestHandler extends HttpServlet { - - public final static String ENCODING = "UTF-8"; - - protected Log log = LogFactory.getLog(BKURequestHandler.class); - - protected abstract BindingProcessorManager getBindingProcessorManager(); - - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - log.debug("Got new request"); - String lang = req.getHeader("Accept-Language"); - Locale locale = AcceptLanguage.getLocale(lang); - log.debug("Using locale: "+locale); - HTTPBindingProcessor bindingProcessor; - if (req.isSecure()) { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("https", null, locale); - } else { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("http", null, locale); - } - Map headerMap = new HashMap(); - for (Enumeration headerName = req.getHeaderNames(); headerName - .hasMoreElements();) { - String header = headerName.nextElement(); - if (header != null) { - headerMap.put(header, req.getHeader(header)); - } - } - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, req.getContentType()+";"+req.getCharacterEncoding()); - bindingProcessor.setHTTPHeaders(headerMap); - bindingProcessor.consumeRequestStream(req.getInputStream()); - - // fixxme just for testing - bindingProcessor.run(); - if (bindingProcessor.getRedirectURL() != null) { - resp.sendRedirect(bindingProcessor.getRedirectURL()); - return; - } - resp.setStatus(bindingProcessor.getResponseCode()); - for (Iterator it = bindingProcessor.getResponseHeaders().keySet() - .iterator(); it.hasNext();) { - String header = it.next(); - resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header)); - } - resp.setContentType(bindingProcessor.getResultContentType()); - resp.setCharacterEncoding(ENCODING); - bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING); - req.getInputStream().close(); - resp.getOutputStream().flush(); - resp.getOutputStream().close(); - log.debug("Finished Request"); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - doPost(req, resp); - } -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import java.io.IOException; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.web.HttpRequestHandler; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; + +public abstract class BKURequestHandler extends HttpServlet { + + public final static String ENCODING = "UTF-8"; + + protected Log log = LogFactory.getLog(BKURequestHandler.class); + + protected abstract BindingProcessorManager getBindingProcessorManager(); + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + log.debug("Got new request"); + String lang = req.getHeader("Accept-Language"); + Locale locale = AcceptLanguage.getLocale(lang); + log.debug("Using locale: " + locale); + HTTPBindingProcessor bindingProcessor; + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor(req.getRequestURL().toString(), null, locale); + Map headerMap = new HashMap(); + for (Enumeration headerName = req.getHeaderNames(); headerName + .hasMoreElements();) { + String header = headerName.nextElement(); + if (header != null) { + headerMap.put(header, req.getHeader(header)); + } + } + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, req.getContentType() + ";" + + req.getCharacterEncoding()); + bindingProcessor.setHTTPHeaders(headerMap); + bindingProcessor.consumeRequestStream(req.getInputStream()); + + // fixxme just for testing + bindingProcessor.run(); + if (bindingProcessor.getRedirectURL() != null) { + resp.sendRedirect(bindingProcessor.getRedirectURL()); + return; + } + resp.setStatus(bindingProcessor.getResponseCode()); + for (Iterator it = bindingProcessor.getResponseHeaders().keySet() + .iterator(); it.hasNext();) { + String header = it.next(); + resp.setHeader(header, bindingProcessor.getResponseHeaders().get(header)); + } + resp.setContentType(bindingProcessor.getResultContentType()); + resp.setCharacterEncoding(ENCODING); + bindingProcessor.writeResultTo(resp.getOutputStream(), ENCODING); + req.getInputStream().close(); + resp.getOutputStream().flush(); + resp.getOutputStream().close(); + log.debug("Finished Request"); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + doPost(req, resp); + } +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java new file mode 100644 index 00000000..404e254e --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java @@ -0,0 +1,48 @@ +package at.gv.egiz.bku.online.accesscontroller; + +import java.io.IOException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.context.ResourceLoaderAware; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; +import at.gv.egiz.bku.online.conf.Configurator; + +public class SpringSecurityManager extends SecurityManagerFacade implements + ResourceLoaderAware { + + private ResourceLoader resourceLoader; + + private static Log log = LogFactory.getLog(SpringSecurityManager.class); + + protected Configurator config; + + public void setConfig(Configurator config) { + this.config = config; + } + + public void init() { + String noMatch = config.getProperty("AccessController.acceptNoMatch"); + if (noMatch != null) { + log.debug("Setting allow now match to: " + noMatch); + setAllowUnmatched(Boolean.getBoolean(noMatch)); + } + String policy = config.getProperty("AccessController.policyResource"); + log.info("Loading resource: " + policy); + try { + Resource res = resourceLoader.getResource(policy); + init(res.getInputStream()); + } catch (IOException e) { + log.error(e); + } + } + + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java index 0cb717c4..f51335e1 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java @@ -16,29 +16,31 @@ */ package at.gv.egiz.bku.online.conf; -import iaik.security.ecc.provider.ECCProvider; -import iaik.xml.crypto.XSecProvider; - -import java.net.HttpURLConnection; -import java.security.Provider; -import java.security.Security; - -import javax.net.ssl.HttpsURLConnection; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; +import iaik.security.ecc.provider.ECCProvider; +import iaik.xml.crypto.XSecProvider; + +import java.net.HttpURLConnection; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; + +import javax.net.ssl.HttpsURLConnection; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; /** * * TODO currently only the code to get started. */ public class Configurator { - private Log log = LogFactory.getLog(Configurator.class); + private Log log = LogFactory.getLog(Configurator.class); + + protected Properties properties; public Configurator() { - configure(); } protected void configUrlConnections() { @@ -63,7 +65,18 @@ public class Configurator { public void configure() { configureProviders(); configUrlConnections(); - } - + + public void setConfiguration(Properties props) { + this.properties = props; + configure(); + } + + public String getProperty(String key) { + if (properties != null) { + return properties.getProperty(key); + } + return null; + } + } diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java new file mode 100644 index 00000000..96588d7d --- /dev/null +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -0,0 +1,27 @@ +package at.gv.egiz.bku.online.conf; + +import java.io.IOException; +import java.util.Properties; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.core.io.Resource; + +public class SpringConfigurator extends Configurator { + + private final static Log log = LogFactory.getLog(SpringConfigurator.class); + + public void setResource(Resource resource) { + log.debug("Loading config from: " + resource); + if (resource != null) { + Properties props = new Properties(); + try { + props.load(resource.getInputStream()); + super.setConfiguration(props); + } catch (IOException e) { + log.error("Cannot load config", e); + } + } + } + +} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java index 53a7c164..20320d8e 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/BKURequestHandler.java @@ -1,91 +1,88 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.online.webapp; - -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Locale; -import java.util.Map; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.binding.HTTPBindingProcessor; -import at.gv.egiz.bku.binding.HttpUtil; -import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; - -/** - * Handles SL requests and instantiates BindingProcessors - * - */ -public class BKURequestHandler extends SpringBKUServlet { - - public final static String REDIRECT_URL ="appletPage.jsp"; - - protected Log log = LogFactory.getLog(BKURequestHandler.class); - - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - log.debug("Got new request"); - String lang = req.getHeader("Accept-Language"); - Locale locale = AcceptLanguage.getLocale(lang); - log.debug("Using locale: "+locale); - HttpSession session = req.getSession(); - if (session != null) { - session.invalidate(); - } - String id = req.getSession(true).getId(); - log.debug("Using session id: "+id); - HTTPBindingProcessor bindingProcessor; - if (req.isSecure()) { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("https", id, locale); - } else { - bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() - .createBindingProcessor("http", id, locale); - } - Map headerMap = new HashMap(); - for (Enumeration headerName = req.getHeaderNames(); headerName - .hasMoreElements();) { - String header = headerName.nextElement(); - if (header != null) { - headerMap.put(header, req.getHeader(header)); - } - } - String charset = req.getCharacterEncoding(); - String contentType = req.getContentType(); - if (charset != null) { - contentType += ";"+charset; - } - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); - bindingProcessor.setHTTPHeaders(headerMap); - bindingProcessor.consumeRequestStream(req.getInputStream()); - req.getInputStream().close(); - getBindingProcessorManager().process(bindingProcessor); - resp.sendRedirect(REDIRECT_URL); - } - - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, java.io.IOException { - doPost(req, resp); - } -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.online.webapp; + +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Locale; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.HTTPBindingProcessor; +import at.gv.egiz.bku.binding.HttpUtil; +import at.gv.egiz.org.apache.tomcat.util.http.AcceptLanguage; + +/** + * Handles SL requests and instantiates BindingProcessors + * + */ +public class BKURequestHandler extends SpringBKUServlet { + + public final static String REDIRECT_URL = "appletPage.jsp"; + + protected Log log = LogFactory.getLog(BKURequestHandler.class); + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + log.debug("Got new request"); + String lang = req.getHeader("Accept-Language"); + Locale locale = AcceptLanguage.getLocale(lang); + log.debug("Using locale: " + locale); + HttpSession session = req.getSession(); + if (session != null) { + session.invalidate(); + } + String id = req.getSession(true).getId(); + log.debug("Using session id: " + id); + HTTPBindingProcessor bindingProcessor; + + bindingProcessor = (HTTPBindingProcessor) getBindingProcessorManager() + .createBindingProcessor(req.getRequestURL().toString(), id, locale); + + Map headerMap = new HashMap(); + for (Enumeration headerName = req.getHeaderNames(); headerName + .hasMoreElements();) { + String header = headerName.nextElement(); + if (header != null) { + headerMap.put(header, req.getHeader(header)); + } + } + String charset = req.getCharacterEncoding(); + String contentType = req.getContentType(); + if (charset != null) { + contentType += ";" + charset; + } + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + bindingProcessor.setHTTPHeaders(headerMap); + bindingProcessor.consumeRequestStream(req.getInputStream()); + req.getInputStream().close(); + getBindingProcessorManager().process(bindingProcessor); + resp.sendRedirect(REDIRECT_URL); + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, java.io.IOException { + doPost(req, resp); + } +} diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml new file mode 100644 index 00000000..15d62155 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/accessControlConfig.xml @@ -0,0 +1,98 @@ + + + + + + + certifiedGovAgency + + + allow + + confirm + + + pseudoanonymous + + + Command + + none + + + anonymous + 127.0.0.1 + + Command + + none + + + anonymous + $.gv.at + + allow + + confirm + + + + + + + certified + + + IdentityLink + .* + + + allow + + confirm + + + certified + https://finanzonline.bmf.gv.at/* + + + Mandates + .* + + + allow + + info + + + certified + + + + allow + + none + + + anonymous + + + 127.0.0.1 + + allow + + none + + + + + + + + allow + + + + + + diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties new file mode 100644 index 00000000..12deac35 --- /dev/null +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -0,0 +1,3 @@ +# Configuration for online CCE +AccessController.acceptUnmatched=false +AccessController.policyResource=classpath:at/gv/egiz/bku/online/conf/accessControlConfig.xml \ No newline at end of file diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index 7a2f12b8..c5da25c0 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -1,43 +1,53 @@ - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar new file mode 100644 index 00000000..986842db Binary files /dev/null and b/BKUOnline/src/main/webapp/applet/BKUApplet-1.0-SNAPSHOT.jar differ diff --git a/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar new file mode 100644 index 00000000..1deef144 Binary files /dev/null and b/BKUOnline/src/main/webapp/applet/commons-logging-1.1.1.jar differ diff --git a/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar new file mode 100644 index 00000000..f2173562 Binary files /dev/null and b/BKUOnline/src/main/webapp/applet/iaik_jce_me4se-3.04.jar differ diff --git a/STALService/META-INF/MANIFEST.MF b/STALService/META-INF/MANIFEST.MF new file mode 100644 index 00000000..5e949512 --- /dev/null +++ b/STALService/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0 +Class-Path: + diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java index 3b75a5f2..cd837cd7 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/AccessControllerFactory.java @@ -15,8 +15,9 @@ import at.gv.egiz.bku.accesscontrol.config.AccessControl; import at.gv.egiz.bku.accesscontrol.config.Chain; import at.gv.egiz.bku.accesscontrol.config.Command; import at.gv.egiz.bku.accesscontrol.config.ObjectFactory; +import at.gv.egiz.bku.accesscontrol.config.Param; import at.gv.egiz.bku.accesscontrol.config.Rule; -import at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl; +import at.gv.egiz.bku.accesscontroller.RuleChecker.PEER_TYPE; import at.gv.egiz.bku.slexceptions.SLRuntimeException; public class AccessControllerFactory { @@ -24,6 +25,8 @@ public class AccessControllerFactory { private static AccessControllerFactory instance = new AccessControllerFactory(); private static Log log = LogFactory.getLog(AccessControllerFactory.class); private static JAXBContext jaxbContext; + public static String INPUT_CHAIN = "InputChain"; + public static String OUTPUT_CHAIN = "OutputChain"; static { try { @@ -63,43 +66,72 @@ public class AccessControllerFactory { public void registerChainChecker(ChainChecker cc) { chainTable.put(cc.getId(), cc); } - + + public CommandParamChecker createParamChecker(String cmd) { + if ((cmd != null) && (cmd.startsWith("Infobox"))) { + return new InfoboxParamChecker(); + } else { + return null; + } + } + public RuleChecker createRuleChecker(Rule rule) { RuleChecker rc; + rc = new RuleChecker(rule.getId()); Command cmd = rule.getCommand(); if (cmd != null) { - if ((cmd.getParam() != null) && (cmd.getParam().size()>0)) { - if (cmd.getName().startsWith("Infobox")) { - rc = new InfoboxRuleChecker(rule.getId()); - } else { - throw new SLRuntimeException("Cannot handle parameters for command "+cmd.getName()); - } - } else { - rc = new RuleChecker(rule.getId()); + rc.setCommandName(cmd.getName()); + for (Param p : cmd.getParam()) { + rc.addParameter(p.getName(), p.getValue()); } - } else { - rc = new RuleChecker(rule.getId()); } - // FIXME TODO cont. here - - - return rc; + rc.setAuthenticationClass(rule.getAuthClass()); + if (rule.getIPv4Address() != null) { + rc.setPeerId(rule.getIPv4Address(), PEER_TYPE.IP); + } else if (rule.getDomainName() != null) { + rc.setPeerId(rule.getDomainName(), PEER_TYPE.HOST); + } else if (rule.getURL() != null) { + rc.setPeerId(rule.getURL(), PEER_TYPE.URL); + } + rc.setAction(rule.getAction().getRuleAction()); + rc.setChainId(rule.getAction().getChainRef()); + rc.setUserAction(rule.getUserInteraction()); + return rc; } - - + public void init(InputStream is) throws JAXBException { + chainTable.clear(); Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); AccessControl ac = (AccessControl) unmarshaller.unmarshal(is); List chainList = ac.getChains().getChain(); - log.debug("Found "+chainList.size()+" chains in config"); + log.debug("Found " + chainList.size() + " chains in config"); for (Chain chain : chainList) { + log.trace("Creating chain: " + chain.getId()); + ChainChecker cc = createChainChecker(chain.getId(), false); List ruleList = chain.getRules().getRule(); - log.debug("Found "+ruleList.size()+" rules in chain "+chain.getId()); + log + .debug("Found " + ruleList.size() + " rules in chain " + + chain.getId()); for (Rule rule : ruleList) { - //rule.g + log.trace("Creating rule: " + rule.getId()); + cc.addRule(createRuleChecker(rule)); + } + registerChainChecker(cc); + } + validate(); + } + + private void validate() { + for (ChainChecker chain : chainTable.values()) { + for (RuleChecker rule : chain.getRules()) { + if (rule.getChainId() != null) { + log.trace("Checking reference to chain: "+rule.getChainId()); + if (getChainChecker(rule.getChainId()) == null) { + throw new SLRuntimeException("Invalid reference to unknown chain: "+rule.getChainId()); + } + } } } - } } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java index 242d9b02..a290fe8d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/ChainChecker.java @@ -1,5 +1,6 @@ package at.gv.egiz.bku.accesscontroller; +import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -35,6 +36,10 @@ public class ChainChecker implements AccessChecker { rules.add(rule); } } + + public List getRules() { + return Collections.unmodifiableList(rules); + } @Override public ChainResult check(AccessCheckerContext checkCtx) throws SLException { @@ -43,7 +48,6 @@ public class ChainChecker implements AccessChecker { log.trace("Checking rule: "+rule.getId()); RuleResult result = rule.check(checkCtx); if (result.matchFound()) { - log.debug("Found matching rule: "+rule.getId()); if (result.getDelegateChainId() != null) { // process chain ChainChecker cc = AccessControllerFactory.getInstance().getChainChecker(result.getDelegateChainId()); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java new file mode 100644 index 00000000..3927c3c9 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/CommandParamChecker.java @@ -0,0 +1,52 @@ +package at.gv.egiz.bku.accesscontroller; + +import java.util.LinkedList; +import java.util.List; + +import at.gv.egiz.bku.slcommands.SLCommand; + +public abstract class CommandParamChecker { + + protected List> paramList = new LinkedList>(); + + public static class Tupel { + private T key; + private Q val; + + public Tupel(T key, Q val) { + if ((key == null) || (val == null)) { + throw new NullPointerException("Tupel key and value must not be null"); + } + this.key = key; + this.val = val; + } + + public T getKey() { + return key; + } + + public Q getVal() { + return val; + } + + @SuppressWarnings("unchecked") + public boolean equals(Object other) { + if (other instanceof Tupel) { + Tupel ot = (Tupel) other; + return (key.equals(ot.key) && val.equals(ot.val)); + } + return false; + } + + public int hashCode() { + return key.hashCode(); + } + } + + public void addParameter(String key, String value) { + paramList.add(new Tupel(key, value)); + } + + public abstract boolean checkParameter(SLCommand cmd); + +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java new file mode 100644 index 00000000..33689ae0 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxParamChecker.java @@ -0,0 +1,58 @@ +package at.gv.egiz.bku.accesscontroller; + +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.InfoboxReadCommand; +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; + +public class InfoboxParamChecker extends CommandParamChecker { + private static Log log = LogFactory.getLog(InfoboxParamChecker.class); + + public final static String INFOBOX_ID = "InfoboxIdentifier"; + public final static String PERSON_ID = "PersonIdentifier"; + public final static String DERIVED = "derived"; + + @Override + public boolean checkParameter(SLCommand cmd) { + if (paramList.size() == 0) { + return true; + } + + if (cmd instanceof InfoboxReadCommand) { + InfoboxReadCommand irc = (InfoboxReadCommand) cmd; + for (Tupel param : paramList) { + if (param.getKey().equals(INFOBOX_ID)) { + if (!param.getVal().equals(irc.getInfoboxIdentifier())) { + return false; + } + } else if (param.getKey().equals(PERSON_ID)) { + if (param.getVal().equals(DERIVED)) { + if (irc.getIdentityLinkDomainId() == null) { + return false; + } + } else { + Pattern p = Pattern.compile(param.getVal()); + Matcher m = p.matcher(irc.getIdentityLinkDomainId()); + if (!m.matches()) { + return false; + } + } + + } else { + throw new SLRuntimeException("Cannot handle parameter " + + param.getKey()); + } + } + return true; + } else { + log.error("Cannot handle parameter for command: " + cmd.getName()); + throw new SLRuntimeException("Cannot handle parameters for command: " + + cmd.getName()); + } + } +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java deleted file mode 100644 index 2981d24e..00000000 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/InfoboxRuleChecker.java +++ /dev/null @@ -1,14 +0,0 @@ -package at.gv.egiz.bku.accesscontroller; - -/** - * Adds infobox parameter checks - * @author wbauer - * - */ -public class InfoboxRuleChecker extends RuleChecker { - - public InfoboxRuleChecker(String id) { - super(id); - } - -} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java index c59f5b70..b0bf7fac 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/RuleChecker.java @@ -31,6 +31,7 @@ public class RuleChecker implements AccessChecker { protected Action action; protected UserAction userAction; protected String chainId; + protected CommandParamChecker paramChecker; public RuleChecker(String id) { if (id == null) { @@ -40,27 +41,33 @@ public class RuleChecker implements AccessChecker { } public void setAuthenticationClass(String ac) { - AuthenticationClass tmp = AuthenticationClass.fromString(ac); - if (tmp == null) { - throw new SLRuntimeException("Unknown authentication class " + ac); + if (ac != null) { + AuthenticationClass tmp = AuthenticationClass.fromString(ac); + if (tmp == null) { + throw new SLRuntimeException("Unknown authentication class " + ac); + } + authenticationClass = tmp; } - authenticationClass = tmp; } public void setAction(String ac) { - Action tmp = Action.fromString(ac); - if (tmp == null) { - throw new SLRuntimeException("Unknown action " + ac); + if (ac != null) { + Action tmp = Action.fromString(ac); + if (tmp == null) { + throw new SLRuntimeException("Unknown action " + ac); + } + action = tmp; } - action = tmp; } public void setUserAction(String uac) { - UserAction tmp = UserAction.fromString(uac); - if (tmp == null) { - throw new SLRuntimeException("Unknown user action " + uac); + if (uac != null) { + UserAction tmp = UserAction.fromString(uac); + if (tmp == null) { + throw new SLRuntimeException("Unknown user action " + uac); + } + userAction = tmp; } - userAction = tmp; } public void setChainId(String chainId) { @@ -76,6 +83,22 @@ public class RuleChecker implements AccessChecker { public void setCommandName(String commandName) { this.commandName = commandName; commandNamePattern = Pattern.compile(commandName); + paramChecker = AccessControllerFactory.getInstance().createParamChecker( + commandName); + } + + /** + * Make sure to set the commandName first + * + * @param key + * @param value + */ + public void addParameter(String key, String value) { + if (paramChecker == null) { + throw new IllegalArgumentException("Cannot set parameters for command " + + commandName); + } + paramChecker.addParameter(key, value); } public String getId() { @@ -83,22 +106,30 @@ public class RuleChecker implements AccessChecker { } protected boolean matchAuthenticationClass(AuthenticationClass cls) { - if (this.authenticationClass == null) { + if ((this.authenticationClass == null) || (cls == null)) { return true; } return this.authenticationClass.compareTo(cls) <= 0; } protected boolean matchCommandName(SLCommand cmd) { - if (commandName == null) { + if ((commandName == null) || (cmd == null)) { return true; } Matcher matcher = commandNamePattern.matcher(cmd.getName()); - return matcher.matches(); + if (matcher.matches()) { + if (paramChecker != null) { + return paramChecker.checkParameter(cmd); + } else { + return true; + } + } else { + return false; + } } protected boolean matchPeerId(String peerUrl) { - if (peerId == null) { + if ((peerId == null) || (peerUrl == null)) { return true; } if (peerType == PEER_TYPE.URL) { @@ -110,7 +141,8 @@ public class RuleChecker implements AccessChecker { if (peerType == PEER_TYPE.HOST) { try { String host = url.getHost(); - String hostName = InetAddress.getByName(host).getCanonicalHostName(); + String hostName = InetAddress.getByName(host) + .getCanonicalHostName(); Matcher matcher = peerIdPattern.matcher(hostName); return matcher.matches(); } catch (UnknownHostException e) { @@ -143,9 +175,13 @@ public class RuleChecker implements AccessChecker { && matchPeerId(checkCtx.getPeerUrl())) { log.debug("Match found for rule: " + id); return new RuleResult(action, userAction, true, chainId); - } + } log.debug("No match found for rule: " + id); return new RuleResult(action, userAction, false, chainId); } + public String getChainId() { + return chainId; + } + } diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java new file mode 100644 index 00000000..32242772 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java @@ -0,0 +1,102 @@ +package at.gv.egiz.bku.accesscontroller; + +import java.io.InputStream; + +import javax.xml.bind.JAXBException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLSourceContext; +import at.gv.egiz.bku.slcommands.SLTargetContext; + +/** + * Facade for the access controller + */ +public class SecurityManagerFacade { + + private static Log log = LogFactory.getLog(SecurityManagerFacade.class); + + private boolean allowUnmatched = false; + private ChainChecker inputFilter = null; + private ChainChecker outputFilter = null; + + public boolean mayInvokeCommand(SLCommand cmd, SLSourceContext ctx) { + if (inputFilter != null) { + AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( + ctx.isSourceIsDataURL(), ctx.getSourceUrl(), ctx + .getSourceCertificate()); + AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx + .getSourceUrl().toString()); + try { + ChainResult cr = inputFilter.check(acc); + if (cr.matchFound()) { + if (cr.getAction() == Action.ALLOW) { + return true; + } else { + return false; + } + } else { + return allowUnmatched; + } + } catch (Exception e) { + log.error(e); + return false; + } + } else { + log.warn("No input chain defined"); + return allowUnmatched; + } + } + + public boolean maySendResult(SLCommand cmd, SLTargetContext ctx) { + if (outputFilter != null) { + AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( + ctx.isTargetIsDataURL(), ctx.getTargetUrl(), ctx + .getTargetCertificate()); + AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx + .getTargetUrl().toString()); + try { + ChainResult cr = outputFilter.check(acc); + if (cr.matchFound()) { + if (cr.getAction() == Action.ALLOW) { + return true; + } else { + return false; + } + } else { + return allowUnmatched; + } + } catch (Exception e) { + log.error(e); + return false; + } + } else { + log.warn("No output chain defined"); + return allowUnmatched; + } + } + + /** + * Default policy if not match was found + * + * @param allow + */ + public void setAllowUnmatched(boolean allow) { + this.allowUnmatched = allow; + } + + public void init(InputStream is) { + inputFilter = null; + outputFilter = null; + AccessControllerFactory fab = AccessControllerFactory.getInstance(); + try { + fab.init(is); + } catch (JAXBException e) { + log.error(e); + } + inputFilter = fab.getChainChecker(AccessControllerFactory.INPUT_CHAIN); + outputFilter = fab.getChainChecker(AccessControllerFactory.OUTPUT_CHAIN); + } +} diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java index a4e5bd90..ed37f08f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManager.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.bku.binding; +import java.net.MalformedURLException; import java.util.Locale; import java.util.Set; @@ -34,28 +35,28 @@ public interface BindingProcessorManager { * FactoryMethod creating a new BindingProcessor object. * The created binding processor must be passed to the process method to execute. * - * @param protcol - * the transport binding protocol + * @param urlString + * the source url * @param aSessionId * optional an external sessionId (e.g. http session) could be * provided. This parameter may be null. * @param locale the locale used for user interaction, may be null */ - public BindingProcessor createBindingProcessor(String protcol, - String aSessionId, Locale locale); + public BindingProcessor createBindingProcessor(String urlString, + String aSessionId, Locale locale) throws MalformedURLException; /** * FactoryMethod creating a new BindingProcessor object. * The created binding processor must be passed to the process method to execute. * * @param protcol - * the transport binding protocol + * the source url * @param aSessionId * optional an external sessionId (e.g. http session) could be * provided. This parameter may be null. */ - public BindingProcessor createBindingProcessor(String protcol, - String aSessionId); + public BindingProcessor createBindingProcessor(String urlString, + String aSessionId) throws MalformedURLException; /** diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java index 7a3b1bb9..6f5ca2d2 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java @@ -16,6 +16,8 @@ */ package at.gv.egiz.bku.binding; +import java.net.MalformedURLException; +import java.net.URL; import java.util.Collections; import java.util.HashMap; import java.util.HashSet; @@ -152,20 +154,22 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { /** * Uses the default locale */ - public BindingProcessor createBindingProcessor(String protocol, - String aSessionId) { - return createBindingProcessor(protocol, aSessionId, null); + public BindingProcessor createBindingProcessor(String srcUrl, + String aSessionId) throws MalformedURLException { + return createBindingProcessor(srcUrl, aSessionId, null); } /** * FactoryMethod creating a new BindingProcessor object. * * @param protocol - * must not be null + * must not be null + * @throws MalformedURLException */ - public BindingProcessor createBindingProcessor(String protocol, - String aSessionId, Locale locale) { - String low = protocol.toLowerCase(); + public BindingProcessor createBindingProcessor(String srcUrl, + String aSessionId, Locale locale) throws MalformedURLException { + URL url = new URL(srcUrl); + String low = url.getProtocol().toLowerCase(); Protocol proto = null; for (int i = 0; i < SUPPORTED_PROTOCOLS.length; i++) { if (SUPPORTED_PROTOCOLS[i].toString().equals(low)) { @@ -177,7 +181,7 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { throw new UnsupportedOperationException(); } BindingProcessor bindingProcessor = new HTTPBindingProcessor(aSessionId, - commandInvokerClass.newInstance(), proto); + commandInvokerClass.newInstance(), url); STAL stal = stalFactory.createSTAL(); bindingProcessor.init(stal, commandInvokerClass.newInstance()); if (locale != null) { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java index e6d5e075..6d654639 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnection.java @@ -16,12 +16,13 @@ */ package at.gv.egiz.bku.binding; -import java.io.IOException; -import java.io.InputStream; -import java.net.SocketTimeoutException; -import java.security.cert.X509Certificate; - -import at.gv.egiz.bku.slcommands.SLResult; +import java.io.IOException; +import java.io.InputStream; +import java.net.SocketTimeoutException; +import java.net.URL; +import java.security.cert.X509Certificate; + +import at.gv.egiz.bku.slcommands.SLResult; /** * Transmit a security layer result to DataURL via HTTP POST, encoded as multipart/form-data. @@ -41,7 +42,9 @@ public interface DataUrlConnection { public static final String XML_RESPONSE_ENCODING = "UTF-8"; - public String getProtocol(); + public String getProtocol(); + + public URL getUrl(); /** * Set a HTTP Header. diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 134d765e..9f5d70cb 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -212,5 +212,10 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { @Override public DataUrlConnectionSPI newInstance() { return new DataUrlConnectionImpl(); - } + } + + @Override + public URL getUrl() { + return url; + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java index b79f7d55..19f22126 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java @@ -1,820 +1,818 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.binding; - -import java.io.IOException; -import java.io.InputStream; -import java.io.InputStreamReader; -import java.io.OutputStream; -import java.io.OutputStreamWriter; -import java.io.Reader; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.HashMap; -import java.util.Iterator; -import java.util.List; -import java.util.Locale; -import java.util.Map; - -import javax.net.ssl.SSLHandshakeException; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.URIResolver; -import javax.xml.transform.stream.StreamResult; -import javax.xml.transform.stream.StreamSource; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.SLCommand; -import at.gv.egiz.bku.slcommands.SLCommandContext; -import at.gv.egiz.bku.slcommands.SLCommandFactory; -import at.gv.egiz.bku.slcommands.SLCommandInvoker; -import at.gv.egiz.bku.slcommands.SLResult; -import at.gv.egiz.bku.slcommands.SLSourceContext; -import at.gv.egiz.bku.slcommands.SLTargetContext; -import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl; -import at.gv.egiz.bku.slexceptions.SLBindingException; -import at.gv.egiz.bku.slexceptions.SLCanceledException; -import at.gv.egiz.bku.slexceptions.SLException; -import at.gv.egiz.bku.slexceptions.SLRuntimeException; -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.bku.utils.binding.Protocol; -import at.gv.egiz.bku.utils.urldereferencer.FormDataURLSupplier; -import at.gv.egiz.bku.utils.urldereferencer.SimpleFormDataContextImpl; -import at.gv.egiz.bku.utils.urldereferencer.StreamData; -import at.gv.egiz.bku.utils.urldereferencer.URIResolverAdapter; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; -import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; -import at.gv.egiz.stal.QuitRequest; -import at.gv.egiz.stal.STALRequest; - -/** - * Class performing the HTTP binding as defined by the CCE specification. - * Currently a huge monolithic class. - * @TODO refactor - */ -@SuppressWarnings("unchecked") -public class HTTPBindingProcessor extends AbstractBindingProcessor implements - FormDataURLSupplier { - - private static Log log = LogFactory.getLog(HTTPBindingProcessor.class); - - private static enum State { - INIT, PROCESS, DATAURL, TRANSFORM, FINISHED - }; - - public final static Collection XML_REQ_TRANSFER_ENCODING = Arrays - .asList(new String[] { "binary" }); - - /** - * Defines the maximum number of dataurl connects that are allowed within a - * single SL Request processing. - */ - protected static int MAX_DATAURL_HOPS = 10; - - protected static String XML_MIME_TYPE = "text/xml"; - protected static String BINARY_MIME_TYPE = "application/octet-stream"; - - /** - * If null everything is ok and the result is taken from the command invoker. - */ - protected SLException bindingProcessorError; - protected SLCommandInvoker commandInvoker; - protected DataUrlResponse dataUrlResponse; - protected Map headerMap = Collections.EMPTY_MAP; - protected SLCommand slCommand; - protected Map formParameterMap = new HashMap(); - protected SLSourceContext srcContex = new SLSourceContext(); - protected SLTargetContext targetContext = new SLTargetContext(); - protected Protocol protocol; - protected State currentState = State.INIT; - protected Transformer transformer = null; - protected String resultContentType = null; - protected SLResult slResult = null; - protected int responseCode = 200; - protected Map responseHeaders = Collections.EMPTY_MAP; - protected Locale locale = Locale.getDefault(); - - /** - * - * @param id - * may be null. In this case a new session id will be created. - * @param cmdInvoker - * must not be null; - */ - public HTTPBindingProcessor(String id, SLCommandInvoker cmdInvoker, - Protocol protocol) { - super(id); - if ((protocol != Protocol.HTTP) && (protocol != Protocol.HTTPS)) { - throw new SLRuntimeException("Protocol not supported: " + protocol); - } - if (cmdInvoker == null) { - throw new NullPointerException("Commandinvoker cannot be set to null"); - } - commandInvoker = cmdInvoker; - this.protocol = protocol; - srcContex.setSourceProtocol(protocol); - srcContex.setSourceIsDataURL(false); - } - - //---------------------------------------------------------------------------- - // ----------- BEGIN CONVENIENCE METHODS ----------- - - protected void sendSTALQuit() { - log.info("Sending QUIT command to STAL"); - List quit = new ArrayList(1); - quit.add(new QuitRequest()); - getSTAL().handleRequest(quit); - } - - protected String getFormParameterAsString(String formParameterName) { - FormParameter fp = formParameterMap.get(formParameterName); - return getFormParameterAsString(fp); - } - - protected String getFormParameterAsString(FormParameter fp) { - if (fp == null) { - return null; - } - try { - return StreamUtil.asString(fp.getFormParameterValue(), HttpUtil - .getCharset(fp.getFormParameterContentType(), true)); - } catch (IOException e) { - return null; - } - } - - protected String getDataUrl() { - return getFormParameterAsString(FixedFormParameters.DATAURL); - } - - protected String getStyleSheetUrl() { - return getFormParameterAsString(FixedFormParameters.STYLESHEETURL); - } - - protected List getFormParameters(String parameterNamePostfix) { - List resultList = new ArrayList(); - for (Iterator fpi = formParameterMap.keySet().iterator(); fpi - .hasNext();) { - String paramName = fpi.next(); - if (paramName.endsWith(parameterNamePostfix)) { - resultList.add(formParameterMap.get(paramName)); - } - } - return resultList; - } - - protected List getTransferHeaders() { - return getFormParameters("__"); - } - - protected List getTransferForms() { - List resultList = new ArrayList(); - for (Iterator fpi = formParameterMap.keySet().iterator(); fpi - .hasNext();) { - String paramName = fpi.next(); - if ((paramName.endsWith("_")) && (!paramName.endsWith("__"))) { - resultList.add(formParameterMap.get(paramName)); - } - } - return resultList; - } - - protected void closeDataUrlConnection() { - log.debug("Closing data url input stream"); - if (dataUrlResponse == null) { - return; - } - InputStream is = dataUrlResponse.getStream(); - if (is != null) { - try { - is.close(); - } catch (IOException e) { - log.info("Error closing input stream to dataurl server:" + e); - } - } - } - - //---------------------------------------------------------------------------- - // ----------- END CONVENIENCE METHODS ----------- - - //---------------------------------------------------------------------------- - // -- BEGIN Methods that handle the http binding activities as defined in the - // activity diagram -- - - protected void init() { - log.info("Starting Bindingprocessor in Thread: " - + Thread.currentThread().getId()); - if (bindingProcessorError != null) { - log.debug("Detected binding processor error, sending quit command"); - // sendSTALQuit(); - currentState = State.FINISHED; - } else if (slCommand == null) { - log.error("SLCommand not set (consumeRequest not called ??)"); - bindingProcessorError = new SLException(2000); - // sendSTALQuit(); - currentState = State.FINISHED; - } else { - currentState = State.PROCESS; - } - } - - protected void processRequest() { - log.debug("Entered State: " + State.PROCESS); - log.debug("Processing command: " + slCommand); - commandInvoker.setCommand(slCommand); - responseCode = 200; - responseHeaders = Collections.EMPTY_MAP; - try { - commandInvoker.invoke(srcContex); - } catch (SLCanceledException e) { - log.info("Caught exception: " + e); - bindingProcessorError = e; - currentState = State.TRANSFORM; - } - dataUrlResponse = null; - if (getDataUrl() != null) { - log.debug("Data Url set to: " + getDataUrl()); - currentState = State.DATAURL; - } else { - log.debug("No data url set"); - currentState = State.TRANSFORM; - } - } - - protected void handleDataUrl() { - log.debug("Entered State: " + State.DATAURL); - try { - DataUrl dataUrl = new DataUrl(getDataUrl()); - DataUrlConnection conn = dataUrl.openConnection(); - - // set transfer headers - for (FormParameter fp : getTransferHeaders()) { - String paramString = getFormParameterAsString(fp); - if (paramString == null) { - log.error("Got empty transfer header, ignoring this"); - } else { - String[] keyVal = paramString.split(":", 2); - String key = keyVal[0]; - String val = null; - if (keyVal.length == 2) { - val = keyVal[1]; - } - val = val.trim(); - log.debug("Setting header " + key + " to value " + val); - conn.setHTTPHeader(key, val); - } - } - - // set transfer form parameters - for (FormParameter fp : getTransferForms()) { - String contentTransferEncoding = null; - String contentType = fp.getFormParameterContentType(); - String charSet = HttpUtil.getCharset(contentType, false); - if (charSet != null) { - contentType = contentType.substring(0, contentType - .lastIndexOf(HttpUtil.SEPERATOR[0])); - } - for (Iterator header = fp.getHeaderNames(); header.hasNext();) { - if (HttpUtil.CONTENT_TRANSFER_ENCODING - .equalsIgnoreCase(header.next())) { - contentTransferEncoding = getFormParameterAsString(fp); - } - } - log.debug("Setting form: " + fp.getFormParameterName() - + " contentType: " + contentType + " charset: " + charSet - + " contentTransferEncoding: " + contentTransferEncoding); - conn.setHTTPFormParameter(fp.getFormParameterName(), fp - .getFormParameterValue(), contentType, charSet, - contentTransferEncoding); - } - - // connect - conn.connect(); - // fetch and set SL result - targetContext.setTargetIsDataURL(true); - targetContext.setTargetCertificate(conn.getServerCertificate()); - targetContext.setTargetProtocol(conn.getProtocol()); - SLResult result = commandInvoker.getResult(targetContext); - - // transfer result - conn.transmit(result); - - // process Dataurl response - dataUrlResponse = conn.getResponse(); - log.debug("Received data url response code: " - + dataUrlResponse.getResponseCode()); - protocol = Protocol.fromString(conn.getProtocol()); - - switch (dataUrlResponse.getResponseCode()) { - case 200: - String contentType = dataUrlResponse.getContentType(); - log.debug("Got dataurl response content type: " + contentType); - if (contentType != null) { - if ((contentType.startsWith(HttpUtil.APPLICATION_URL_ENCODED)) - || (contentType.startsWith(HttpUtil.MULTIPART_FOTMDATA))) { - log.debug("Detected SL Request in dataurl response"); - // process headers and request - setHTTPHeaders(dataUrlResponse.getResponseHeaders()); - consumeRequestStream(dataUrlResponse.getStream()); - closeDataUrlConnection(); - srcContex.setSourceCertificate(conn.getServerCertificate()); - srcContex.setSourceIsDataURL(true); - srcContex - .setSourceProtocol(Protocol.fromString(conn.getProtocol())); - currentState = State.PROCESS; - } else if (((contentType.startsWith(HttpUtil.TXT_HTML)) - || (contentType.startsWith(HttpUtil.TXT_PLAIN)) || (contentType - .startsWith(HttpUtil.TXT_XML))) - && (dataUrlResponse.isHttpResponseXMLOK())) { - log.info("Dataurl response matches with content type: " - + contentType); - currentState = State.TRANSFORM; - - } else if ((contentType.startsWith(HttpUtil.TXT_XML)) - && (!dataUrlResponse.isHttpResponseXMLOK())) { - log - .debug("Detected text/xml dataurl response with content != "); - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); - assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( - contentType, true)); - closeDataUrlConnection(); - srcContex.setSourceCertificate(conn.getServerCertificate()); - srcContex.setSourceIsDataURL(true); - srcContex - .setSourceProtocol(Protocol.fromString(conn.getProtocol())); - currentState = State.PROCESS; - // just to be complete, actually not used - srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() - .get(HttpUtil.HTTP_HEADER_REFERER)); - } else { - resultContentType = contentType; - responseHeaders = dataUrlResponse.getResponseHeaders(); - responseCode = dataUrlResponse.getResponseCode(); - currentState = State.FINISHED; - } - } else { - log.debug("Content type not set in dataurl response"); - closeDataUrlConnection(); - throw new SLBindingException(2007); - } - - break; - case 307: - contentType = dataUrlResponse.getContentType(); - if ((contentType != null) && (contentType.startsWith(HttpUtil.TXT_XML))) { - log.debug("Received dataurl response code 307 with XML content"); - String location = dataUrlResponse.getResponseHeaders().get( - HttpUtil.HTTP_HEADER_LOCATION); - if (location == null) { - log - .error("Did not get a location header for a 307 data url response"); - throw new SLBindingException(2003); - } - // consumeRequestStream(dataUrlResponse.getStream()); - FormParameterStore fp = new FormParameterStore(); - fp.init(location.getBytes(HttpUtil.DEFAULT_CHARSET), - FixedFormParameters.DATAURL, null, null); - formParameterMap.put(FixedFormParameters.DATAURL, fp); - headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); - assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( - dataUrlResponse.getContentType(), true)); - closeDataUrlConnection(); - srcContex.setSourceCertificate(conn.getServerCertificate()); - srcContex.setSourceIsDataURL(true); - srcContex.setSourceProtocol(Protocol.fromString(conn.getProtocol())); - currentState = State.PROCESS; - // just to be complete, actually not used - srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() - .get(HttpUtil.HTTP_HEADER_REFERER)); - - } else { - log.debug("Received dataurl response code 307 non XML content: " - + dataUrlResponse.getContentType()); - resultContentType = dataUrlResponse.getContentType(); - currentState = State.FINISHED; - } - responseHeaders = dataUrlResponse.getResponseHeaders(); - responseCode = dataUrlResponse.getResponseCode(); - break; - - case 301: - case 302: - case 303: - responseHeaders = dataUrlResponse.getResponseHeaders(); - responseCode = dataUrlResponse.getResponseCode(); - resultContentType = dataUrlResponse.getContentType(); - currentState = State.FINISHED; - break; - - default: - // issue error - log.info("Unexpected response code from dataurl server: " - + dataUrlResponse.getResponseCode()); - throw new SLBindingException(2007); - } - - } catch (SLException slx) { - bindingProcessorError = slx; - log.error("Error during dataurl communication"); - resultContentType = HttpUtil.TXT_XML; - currentState = State.TRANSFORM; - } catch (SSLHandshakeException hx) { - bindingProcessorError = new SLException(2010); - log.info("Error during dataurl communication", hx); - resultContentType = HttpUtil.TXT_XML; - currentState = State.TRANSFORM; - } catch (IOException e) { - bindingProcessorError = new SLBindingException(2001); - log.error("Error while data url handling", e); - resultContentType = HttpUtil.TXT_XML; - currentState = State.TRANSFORM; - return; - } - } - - protected void transformResult() { - log.debug("Entered State: " + State.TRANSFORM); - if (bindingProcessorError != null) { - resultContentType = HttpUtil.TXT_XML; - } else if (dataUrlResponse != null) { - resultContentType = dataUrlResponse.getContentType(); - } else { - targetContext.setTargetIsDataURL(false); - targetContext.setTargetProtocol(protocol.toString()); - try { - slResult = commandInvoker.getResult(targetContext); - resultContentType = slResult.getMimeType(); - log - .debug("Successfully got SLResult from commandinvoker, setting mimetype to: " - + resultContentType); - } catch (SLCanceledException e) { - log.info("Cannot get result from invoker:", e); - bindingProcessorError = new SLException(6002); - resultContentType = HttpUtil.TXT_XML; - } - } - transformer = getTransformer(getStyleSheetUrl()); - if (transformer != null) { - log.debug("Output transformation required"); - resultContentType = transformer.getOutputProperty("media-type"); - log.debug("Got media type from stylesheet: " + resultContentType); - if (resultContentType == null) { - log.debug("Setting to default text/xml result conent type"); - resultContentType = "text/xml"; - } - log.debug("Deferring sytylesheet processing"); - } - currentState = State.FINISHED; - } - - protected void finished() { - log.debug("Entered State: " + State.FINISHED); - if (bindingProcessorError != null) { - log.debug("Binding processor error, sending quit command"); - resultContentType = HttpUtil.TXT_XML; - } - sendSTALQuit(); - log.info("Terminating Bindingprocessor; Thread: " - + Thread.currentThread().getId()); - } - - // -- END Methods that handle the http binding activities as defined in the - // activity diagram -- - //---------------------------------------------------------------------------- - - /** - * Sets the headers of the SL Request. IMPORTANT: make sure to set all headers - * before invoking {@link #consumeRequestStream(InputStream)} - * - * @param aHeaderMap - * if null all header will be cleared. - */ - public void setHTTPHeaders(Map aHeaderMap) { - headerMap = new HashMap(); - // ensure lowercase keys - if (aHeaderMap != null) { - for (String s : aHeaderMap.keySet()) { - if (s != null) { - headerMap.put(s.toLowerCase(), aHeaderMap.get(s)); - if (s.equalsIgnoreCase(HttpUtil.HTTP_HEADER_REFERER)) { - String referer = aHeaderMap.get(s); - log.debug("Got referer header: " + referer); - srcContex.setSourceHTTPReferer(referer); - } - } - } - } - } - - public void setSourceCertificate(X509Certificate aCert) { - srcContex.setSourceCertificate(aCert); - } - - /** - * The HTTPBindingProcessor does not handle redirect URLs. It only provides - * the parameter. - * - * @return null if redirect url is not set. - */ - public String getRedirectURL() { - return getFormParameterAsString(FixedFormParameters.REDIRECTURL); - } - - public String getFormDataContentType(String aParameterName) { - FormParameter fp = formParameterMap.get(aParameterName); - if (fp != null) { - return fp.getFormParameterContentType(); - } - return null; - } - - public InputStream getFormData(String aParameterName) { - FormParameter fp = formParameterMap.get(aParameterName); - if (fp != null) { - return fp.getFormParameterValue(); - } - return null; - } - - protected void assignXMLRequest(InputStream is, String charset) - throws IOException, SLException { - Reader r = new InputStreamReader(is, charset); - StreamSource source = new StreamSource(r); - SLCommandContext commandCtx = new SLCommandContext(); - commandCtx.setSTAL(getSTAL()); - commandCtx.setURLDereferencerContext(new SimpleFormDataContextImpl(this)); - slCommand = SLCommandFactory.getInstance().createSLCommand(source, - commandCtx); - log.debug("Created new command: " + slCommand); - } - - @Override - public void run() { - boolean done = false; - int hopcounter = 0; - if (bindingProcessorError != null) { - currentState = State.FINISHED; - } - try { - while (!done) { - try { - switch (currentState) { - case INIT: - init(); - break; - case PROCESS: - processRequest(); - break; - case DATAURL: - handleDataUrl(); - if (++hopcounter > MAX_DATAURL_HOPS) { - log.error("Maximum number of dataurl hops reached"); - bindingProcessorError = new SLBindingException(2000); - currentState = State.FINISHED; - } - break; - case TRANSFORM: - transformResult(); - break; - case FINISHED: - done = true; - finished(); - break; - } - } catch (RuntimeException rte) { - throw rte; - } catch (Exception t) { - log.error("Caught unexpected exception", t); - responseCode = 200; - resultContentType = HttpUtil.TXT_XML; - responseHeaders = Collections.EMPTY_MAP; - bindingProcessorError = new SLException(2000); - currentState = State.FINISHED; - } - } - } catch (Throwable t) { - log.error("Caught unexpected exception", t); - responseCode = 200; - resultContentType = HttpUtil.TXT_XML; - responseHeaders = Collections.EMPTY_MAP; - bindingProcessorError = new SLException(2000); - currentState = State.FINISHED; - } - log.debug("Terminated http binding processor"); - } - - @Override - public void consumeRequestStream(InputStream is) { - try { - log.debug("Start consuming request stream"); - formParameterMap.clear(); - String cl = headerMap - .get(HttpUtil.HTTP_HEADER_CONTENT_TYPE.toLowerCase()); - if (cl == null) { - log.info("No content type set in http header"); - throw new SLBindingException(2006); - } - InputDecoder id = InputDecoderFactory.getDecoder(cl, is); - id.setContentType(cl); - if (id == null) { - log.error("Cannot get inputdecoder for is"); - throw new SLException(2006); - } - for (Iterator fpi = id.getFormParameterIterator(); fpi - .hasNext();) { - FormParameter fp = fpi.next(); - log.debug("Got request parameter with name: " - + fp.getFormParameterName()); - if (fp.getFormParameterName().equals(FixedFormParameters.XMLREQUEST)) { - log.debug("Creating XML Request"); - for (Iterator headerIterator = fp.getHeaderNames(); headerIterator - .hasNext();) { - String headerName = headerIterator.next(); - if (HttpUtil.CONTENT_TRANSFER_ENCODING.equalsIgnoreCase(headerName)) { - String transferEncoding = fp.getHeaderValue(headerName); - log.debug("Got transfer encoding for xmlrequest: " - + transferEncoding); - if (XML_REQ_TRANSFER_ENCODING.contains(transferEncoding)) { - log.debug("Supported transfer encoding: " + transferEncoding); - } else { - log - .error("Transferencoding not supported: " - + transferEncoding); - throw new SLBindingException(2005); - } - } - } - String charset = HttpUtil.getCharset(cl, true); - assignXMLRequest(fp.getFormParameterValue(), charset); - } else { - FormParameterStore fps = new FormParameterStore(); - fps.init(fp); - if (!fps.isEmpty()) { - log.debug("Setting from parameter: " + fps.getFormParameterName()); - formParameterMap.put(fps.getFormParameterName(), fps); - } - } - } - if (slCommand == null) { - throw new SLBindingException(2004); - } - if (is.read() != -1) { - log.error("Request input stream not completely read"); - // consume rest of stream, should never occur - throw new SLRuntimeException( - "request input stream not consumed till end"); - } - } catch (SLException slx) { - log.info("Error while consuming input stream " + slx); - bindingProcessorError = slx; - } catch (Throwable t) { - log.info("Error while consuming input stream " + t, t); - bindingProcessorError = new SLException(2000); - } finally { - try { - while (is.read() != -1) - ; - } catch (IOException e) { - log.error(e); - } - } - } - - @Override - public String getResultContentType() { - return resultContentType; - } - - protected Transformer getTransformer(String styleSheetURL) { - if (styleSheetURL == null) { - log.debug("Stylesheet URL not set"); - return null; - } - try { - URLDereferencerContext urlCtx = new SimpleFormDataContextImpl(this); - URIResolver resolver = new URIResolverAdapter(URLDereferencer - .getInstance(), urlCtx); - TransformerFactory factory = TransformerFactory.newInstance(); - StreamData sd = URLDereferencer.getInstance().dereference(styleSheetURL, - urlCtx); - Transformer t = factory.newTransformer(new StreamSource(sd.getStream())); - t.setURIResolver(resolver); - return t; - } catch (Exception ex) { - log.info("Cannot instantiate transformer", ex); - bindingProcessorError = new SLException(2002); - return null; - } - } - - protected void handleBindingProcessorError(OutputStream os, String encoding, - Transformer transformer) throws IOException { - log.debug("Writing error as result"); - ErrorResultImpl error = new ErrorResultImpl(bindingProcessorError); - try { - error.writeTo(new StreamResult(new OutputStreamWriter(os, encoding)), - transformer); - } catch (TransformerException e) { - log.fatal("Cannot write error result to stream", e); - } - } - - @Override - public void writeResultTo(OutputStream os, String encoding) - throws IOException { - if (encoding == null) { - encoding = HttpUtil.DEFAULT_CHARSET; - } - if (bindingProcessorError != null) { - log.debug("Detected error in binding processor, writing error as result"); - handleBindingProcessorError(os, encoding, transformer); - return; - } else if (dataUrlResponse != null) { - log.debug("Writing data url response as result"); - String charEnc = HttpUtil.getCharset(dataUrlResponse.getContentType(), - true); - InputStreamReader isr = new InputStreamReader( - dataUrlResponse.getStream(), charEnc); - OutputStreamWriter osw = new OutputStreamWriter(os, encoding); - if (transformer == null) { - StreamUtil.copyStream(isr, osw); - } else { - try { - transformer.transform(new StreamSource(isr), new StreamResult(osw)); - } catch (TransformerException e) { - log.fatal("Exception occured during result transformation", e); - // bindingProcessorError = new SLException(2008); - // handleBindingProcessorError(os, encoding, null); - return; - } - } - osw.flush(); - isr.close(); - } else if (slResult == null) { - // result not yet assigned -> must be a cancel - bindingProcessorError = new SLException(6001); - handleBindingProcessorError(os, encoding, transformer); - return; - } else { - log.debug("Getting result from invoker"); - OutputStreamWriter osw = new OutputStreamWriter(os, encoding); - try { - slResult.writeTo(new StreamResult(osw), transformer); - } catch (TransformerException e) { - log.fatal("Cannot write result to stream", e); - // bindingProcessorError = new SLException(2008); - // handleBindingProcessorError(os, encoding, transformer); - } - osw.flush(); - } - } - - /** - * The response code from the dataurl server or 200 if no dataurl server - * created the result - * - * @return - */ - public int getResponseCode() { - return responseCode; - } - - /** - * All headers from the data url server in case of a direct forward from the - * dataurl server. - * - * @return - */ - public Map getResponseHeaders() { - return responseHeaders; - } - - @Override - public void setLocale(Locale locale) { - if (locale == null) { - throw new NullPointerException("Locale must not be set to null"); - } - this.locale = locale; - } - + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.binding; + +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.Reader; +import java.net.URL; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Locale; +import java.util.Map; + +import javax.net.ssl.SSLHandshakeException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.URIResolver; +import javax.xml.transform.stream.StreamResult; +import javax.xml.transform.stream.StreamSource; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLCommandContext; +import at.gv.egiz.bku.slcommands.SLCommandFactory; +import at.gv.egiz.bku.slcommands.SLCommandInvoker; +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slcommands.SLSourceContext; +import at.gv.egiz.bku.slcommands.SLTargetContext; +import at.gv.egiz.bku.slcommands.impl.ErrorResultImpl; +import at.gv.egiz.bku.slexceptions.SLBindingException; +import at.gv.egiz.bku.slexceptions.SLException; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.bku.utils.StreamUtil; +import at.gv.egiz.bku.utils.binding.Protocol; +import at.gv.egiz.bku.utils.urldereferencer.FormDataURLSupplier; +import at.gv.egiz.bku.utils.urldereferencer.SimpleFormDataContextImpl; +import at.gv.egiz.bku.utils.urldereferencer.StreamData; +import at.gv.egiz.bku.utils.urldereferencer.URIResolverAdapter; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencer; +import at.gv.egiz.bku.utils.urldereferencer.URLDereferencerContext; +import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.stal.STALRequest; + +/** + * Class performing the HTTP binding as defined by the CCE specification. + * Currently a huge monolithic class. + * + * @TODO refactor + */ +@SuppressWarnings("unchecked") +public class HTTPBindingProcessor extends AbstractBindingProcessor implements + FormDataURLSupplier { + + private static Log log = LogFactory.getLog(HTTPBindingProcessor.class); + + private static enum State { + INIT, PROCESS, DATAURL, TRANSFORM, FINISHED + }; + + public final static Collection XML_REQ_TRANSFER_ENCODING = Arrays + .asList(new String[] { "binary" }); + + /** + * Defines the maximum number of dataurl connects that are allowed within a + * single SL Request processing. + */ + protected static int MAX_DATAURL_HOPS = 10; + + protected static String XML_MIME_TYPE = "text/xml"; + protected static String BINARY_MIME_TYPE = "application/octet-stream"; + + /** + * If null everything is ok and the result is taken from the command invoker. + */ + protected SLException bindingProcessorError; + protected SLCommandInvoker commandInvoker; + protected DataUrlResponse dataUrlResponse; + protected Map headerMap = Collections.EMPTY_MAP; + protected SLCommand slCommand; + protected Map formParameterMap = new HashMap(); + protected SLSourceContext srcContex = new SLSourceContext(); + protected SLTargetContext targetContext = new SLTargetContext(); + protected URL srcUrl; + protected State currentState = State.INIT; + protected Transformer transformer = null; + protected String resultContentType = null; + protected SLResult slResult = null; + protected int responseCode = 200; + protected Map responseHeaders = Collections.EMPTY_MAP; + protected Locale locale = Locale.getDefault(); + + /** + * + * @param id + * may be null. In this case a new session id will be created. + * @param cmdInvoker + * must not be null; + */ + public HTTPBindingProcessor(String id, SLCommandInvoker cmdInvoker, URL source) { + super(id); + this.srcUrl = source; + Protocol protocol = Protocol.fromString(source.getProtocol()); + if ((protocol != Protocol.HTTP) && (protocol != Protocol.HTTPS)) { + throw new SLRuntimeException("Protocol not supported: " + protocol); + } + if (cmdInvoker == null) { + throw new NullPointerException("Commandinvoker cannot be set to null"); + } + commandInvoker = cmdInvoker; + srcContex.setSourceUrl(source); + srcContex.setSourceIsDataURL(false); + } + + //---------------------------------------------------------------------------- + // ----------- BEGIN CONVENIENCE METHODS ----------- + + protected void sendSTALQuit() { + log.info("Sending QUIT command to STAL"); + List quit = new ArrayList(1); + quit.add(new QuitRequest()); + getSTAL().handleRequest(quit); + } + + protected String getFormParameterAsString(String formParameterName) { + FormParameter fp = formParameterMap.get(formParameterName); + return getFormParameterAsString(fp); + } + + protected String getFormParameterAsString(FormParameter fp) { + if (fp == null) { + return null; + } + try { + return StreamUtil.asString(fp.getFormParameterValue(), HttpUtil + .getCharset(fp.getFormParameterContentType(), true)); + } catch (IOException e) { + return null; + } + } + + protected String getDataUrl() { + return getFormParameterAsString(FixedFormParameters.DATAURL); + } + + protected String getStyleSheetUrl() { + return getFormParameterAsString(FixedFormParameters.STYLESHEETURL); + } + + protected List getFormParameters(String parameterNamePostfix) { + List resultList = new ArrayList(); + for (Iterator fpi = formParameterMap.keySet().iterator(); fpi + .hasNext();) { + String paramName = fpi.next(); + if (paramName.endsWith(parameterNamePostfix)) { + resultList.add(formParameterMap.get(paramName)); + } + } + return resultList; + } + + protected List getTransferHeaders() { + return getFormParameters("__"); + } + + protected List getTransferForms() { + List resultList = new ArrayList(); + for (Iterator fpi = formParameterMap.keySet().iterator(); fpi + .hasNext();) { + String paramName = fpi.next(); + if ((paramName.endsWith("_")) && (!paramName.endsWith("__"))) { + resultList.add(formParameterMap.get(paramName)); + } + } + return resultList; + } + + protected void closeDataUrlConnection() { + log.debug("Closing data url input stream"); + if (dataUrlResponse == null) { + return; + } + InputStream is = dataUrlResponse.getStream(); + if (is != null) { + try { + is.close(); + } catch (IOException e) { + log.info("Error closing input stream to dataurl server:" + e); + } + } + } + + //---------------------------------------------------------------------------- + // ----------- END CONVENIENCE METHODS ----------- + + //---------------------------------------------------------------------------- + // -- BEGIN Methods that handle the http binding activities as defined in the + // activity diagram -- + + protected void init() { + log.info("Starting Bindingprocessor in Thread: " + + Thread.currentThread().getId()); + if (bindingProcessorError != null) { + log.debug("Detected binding processor error, sending quit command"); + // sendSTALQuit(); + currentState = State.FINISHED; + } else if (slCommand == null) { + log.error("SLCommand not set (consumeRequest not called ??)"); + bindingProcessorError = new SLException(2000); + // sendSTALQuit(); + currentState = State.FINISHED; + } else { + currentState = State.PROCESS; + } + } + + protected void processRequest() { + log.debug("Entered State: " + State.PROCESS); + log.debug("Processing command: " + slCommand); + commandInvoker.setCommand(slCommand); + responseCode = 200; + responseHeaders = Collections.EMPTY_MAP; + try { + commandInvoker.invoke(srcContex); + } catch (SLException e) { + log.info("Caught exception: " + e); + bindingProcessorError = e; + currentState = State.TRANSFORM; + } + dataUrlResponse = null; + if (getDataUrl() != null) { + log.debug("Data Url set to: " + getDataUrl()); + currentState = State.DATAURL; + } else { + log.debug("No data url set"); + currentState = State.TRANSFORM; + } + } + + protected void handleDataUrl() { + log.debug("Entered State: " + State.DATAURL); + try { + DataUrl dataUrl = new DataUrl(getDataUrl()); + DataUrlConnection conn = dataUrl.openConnection(); + + // set transfer headers + for (FormParameter fp : getTransferHeaders()) { + String paramString = getFormParameterAsString(fp); + if (paramString == null) { + log.error("Got empty transfer header, ignoring this"); + } else { + String[] keyVal = paramString.split(":", 2); + String key = keyVal[0]; + String val = null; + if (keyVal.length == 2) { + val = keyVal[1]; + } + val = val.trim(); + log.debug("Setting header " + key + " to value " + val); + conn.setHTTPHeader(key, val); + } + } + + // set transfer form parameters + for (FormParameter fp : getTransferForms()) { + String contentTransferEncoding = null; + String contentType = fp.getFormParameterContentType(); + String charSet = HttpUtil.getCharset(contentType, false); + if (charSet != null) { + contentType = contentType.substring(0, contentType + .lastIndexOf(HttpUtil.SEPERATOR[0])); + } + for (Iterator header = fp.getHeaderNames(); header.hasNext();) { + if (HttpUtil.CONTENT_TRANSFER_ENCODING + .equalsIgnoreCase(header.next())) { + contentTransferEncoding = getFormParameterAsString(fp); + } + } + log.debug("Setting form: " + fp.getFormParameterName() + + " contentType: " + contentType + " charset: " + charSet + + " contentTransferEncoding: " + contentTransferEncoding); + conn.setHTTPFormParameter(fp.getFormParameterName(), fp + .getFormParameterValue(), contentType, charSet, + contentTransferEncoding); + } + + // connect + conn.connect(); + // fetch and set SL result + targetContext.setTargetIsDataURL(true); + targetContext.setTargetCertificate(conn.getServerCertificate()); + targetContext.setTargetUrl(conn.getUrl()); + SLResult result = commandInvoker.getResult(targetContext); + + // transfer result + conn.transmit(result); + + // process Dataurl response + dataUrlResponse = conn.getResponse(); + log.debug("Received data url response code: " + + dataUrlResponse.getResponseCode()); + + switch (dataUrlResponse.getResponseCode()) { + case 200: + String contentType = dataUrlResponse.getContentType(); + log.debug("Got dataurl response content type: " + contentType); + if (contentType != null) { + if ((contentType.startsWith(HttpUtil.APPLICATION_URL_ENCODED)) + || (contentType.startsWith(HttpUtil.MULTIPART_FOTMDATA))) { + log.debug("Detected SL Request in dataurl response"); + // process headers and request + setHTTPHeaders(dataUrlResponse.getResponseHeaders()); + consumeRequestStream(dataUrlResponse.getStream()); + closeDataUrlConnection(); + srcContex.setSourceCertificate(conn.getServerCertificate()); + srcContex.setSourceIsDataURL(true); + srcContex.setSourceUrl(conn.getUrl()); + currentState = State.PROCESS; + } else if (((contentType.startsWith(HttpUtil.TXT_HTML)) + || (contentType.startsWith(HttpUtil.TXT_PLAIN)) || (contentType + .startsWith(HttpUtil.TXT_XML))) + && (dataUrlResponse.isHttpResponseXMLOK())) { + log.info("Dataurl response matches with content type: " + + contentType); + currentState = State.TRANSFORM; + + } else if ((contentType.startsWith(HttpUtil.TXT_XML)) + && (!dataUrlResponse.isHttpResponseXMLOK())) { + log + .debug("Detected text/xml dataurl response with content != "); + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( + contentType, true)); + closeDataUrlConnection(); + srcContex.setSourceCertificate(conn.getServerCertificate()); + srcContex.setSourceIsDataURL(true); + srcContex.setSourceUrl(conn.getUrl()); + currentState = State.PROCESS; + // just to be complete, actually not used + srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() + .get(HttpUtil.HTTP_HEADER_REFERER)); + } else { + resultContentType = contentType; + responseHeaders = dataUrlResponse.getResponseHeaders(); + responseCode = dataUrlResponse.getResponseCode(); + currentState = State.FINISHED; + } + } else { + log.debug("Content type not set in dataurl response"); + closeDataUrlConnection(); + throw new SLBindingException(2007); + } + + break; + case 307: + contentType = dataUrlResponse.getContentType(); + if ((contentType != null) && (contentType.startsWith(HttpUtil.TXT_XML))) { + log.debug("Received dataurl response code 307 with XML content"); + String location = dataUrlResponse.getResponseHeaders().get( + HttpUtil.HTTP_HEADER_LOCATION); + if (location == null) { + log + .error("Did not get a location header for a 307 data url response"); + throw new SLBindingException(2003); + } + // consumeRequestStream(dataUrlResponse.getStream()); + FormParameterStore fp = new FormParameterStore(); + fp.init(location.getBytes(HttpUtil.DEFAULT_CHARSET), + FixedFormParameters.DATAURL, null, null); + formParameterMap.put(FixedFormParameters.DATAURL, fp); + headerMap.put(HttpUtil.HTTP_HEADER_CONTENT_TYPE, contentType); + assignXMLRequest(dataUrlResponse.getStream(), HttpUtil.getCharset( + dataUrlResponse.getContentType(), true)); + closeDataUrlConnection(); + srcContex.setSourceCertificate(conn.getServerCertificate()); + srcContex.setSourceIsDataURL(true); + srcContex.setSourceUrl(conn.getUrl()); + currentState = State.PROCESS; + // just to be complete, actually not used + srcContex.setSourceHTTPReferer(dataUrlResponse.getResponseHeaders() + .get(HttpUtil.HTTP_HEADER_REFERER)); + + } else { + log.debug("Received dataurl response code 307 non XML content: " + + dataUrlResponse.getContentType()); + resultContentType = dataUrlResponse.getContentType(); + currentState = State.FINISHED; + } + responseHeaders = dataUrlResponse.getResponseHeaders(); + responseCode = dataUrlResponse.getResponseCode(); + break; + + case 301: + case 302: + case 303: + responseHeaders = dataUrlResponse.getResponseHeaders(); + responseCode = dataUrlResponse.getResponseCode(); + resultContentType = dataUrlResponse.getContentType(); + currentState = State.FINISHED; + break; + + default: + // issue error + log.info("Unexpected response code from dataurl server: " + + dataUrlResponse.getResponseCode()); + throw new SLBindingException(2007); + } + + } catch (SLException slx) { + bindingProcessorError = slx; + log.error("Error during dataurl communication"); + resultContentType = HttpUtil.TXT_XML; + currentState = State.TRANSFORM; + } catch (SSLHandshakeException hx) { + bindingProcessorError = new SLException(2010); + log.info("Error during dataurl communication", hx); + resultContentType = HttpUtil.TXT_XML; + currentState = State.TRANSFORM; + } catch (IOException e) { + bindingProcessorError = new SLBindingException(2001); + log.error("Error while data url handling", e); + resultContentType = HttpUtil.TXT_XML; + currentState = State.TRANSFORM; + return; + } + } + + protected void transformResult() { + log.debug("Entered State: " + State.TRANSFORM); + if (bindingProcessorError != null) { + resultContentType = HttpUtil.TXT_XML; + } else if (dataUrlResponse != null) { + resultContentType = dataUrlResponse.getContentType(); + } else { + targetContext.setTargetIsDataURL(false); + targetContext.setTargetUrl(srcUrl); + try { + slResult = commandInvoker.getResult(targetContext); + resultContentType = slResult.getMimeType(); + log + .debug("Successfully got SLResult from commandinvoker, setting mimetype to: " + + resultContentType); + } catch (SLException e) { + log.info("Cannot get result from invoker:", e); + bindingProcessorError = new SLException(6002); + resultContentType = HttpUtil.TXT_XML; + } + } + transformer = getTransformer(getStyleSheetUrl()); + if (transformer != null) { + log.debug("Output transformation required"); + resultContentType = transformer.getOutputProperty("media-type"); + log.debug("Got media type from stylesheet: " + resultContentType); + if (resultContentType == null) { + log.debug("Setting to default text/xml result conent type"); + resultContentType = "text/xml"; + } + log.debug("Deferring sytylesheet processing"); + } + currentState = State.FINISHED; + } + + protected void finished() { + log.debug("Entered State: " + State.FINISHED); + if (bindingProcessorError != null) { + log.debug("Binding processor error, sending quit command"); + resultContentType = HttpUtil.TXT_XML; + } + sendSTALQuit(); + log.info("Terminating Bindingprocessor; Thread: " + + Thread.currentThread().getId()); + } + + // -- END Methods that handle the http binding activities as defined in the + // activity diagram -- + //---------------------------------------------------------------------------- + + /** + * Sets the headers of the SL Request. IMPORTANT: make sure to set all headers + * before invoking {@link #consumeRequestStream(InputStream)} + * + * @param aHeaderMap + * if null all header will be cleared. + */ + public void setHTTPHeaders(Map aHeaderMap) { + headerMap = new HashMap(); + // ensure lowercase keys + if (aHeaderMap != null) { + for (String s : aHeaderMap.keySet()) { + if (s != null) { + headerMap.put(s.toLowerCase(), aHeaderMap.get(s)); + if (s.equalsIgnoreCase(HttpUtil.HTTP_HEADER_REFERER)) { + String referer = aHeaderMap.get(s); + log.debug("Got referer header: " + referer); + srcContex.setSourceHTTPReferer(referer); + } + } + } + } + } + + public void setSourceCertificate(X509Certificate aCert) { + srcContex.setSourceCertificate(aCert); + } + + /** + * The HTTPBindingProcessor does not handle redirect URLs. It only provides + * the parameter. + * + * @return null if redirect url is not set. + */ + public String getRedirectURL() { + return getFormParameterAsString(FixedFormParameters.REDIRECTURL); + } + + public String getFormDataContentType(String aParameterName) { + FormParameter fp = formParameterMap.get(aParameterName); + if (fp != null) { + return fp.getFormParameterContentType(); + } + return null; + } + + public InputStream getFormData(String aParameterName) { + FormParameter fp = formParameterMap.get(aParameterName); + if (fp != null) { + return fp.getFormParameterValue(); + } + return null; + } + + protected void assignXMLRequest(InputStream is, String charset) + throws IOException, SLException { + Reader r = new InputStreamReader(is, charset); + StreamSource source = new StreamSource(r); + SLCommandContext commandCtx = new SLCommandContext(); + commandCtx.setSTAL(getSTAL()); + commandCtx.setURLDereferencerContext(new SimpleFormDataContextImpl(this)); + slCommand = SLCommandFactory.getInstance().createSLCommand(source, + commandCtx); + log.debug("Created new command: " + slCommand); + } + + @Override + public void run() { + boolean done = false; + int hopcounter = 0; + if (bindingProcessorError != null) { + currentState = State.FINISHED; + } + try { + while (!done) { + try { + switch (currentState) { + case INIT: + init(); + break; + case PROCESS: + processRequest(); + break; + case DATAURL: + handleDataUrl(); + if (++hopcounter > MAX_DATAURL_HOPS) { + log.error("Maximum number of dataurl hops reached"); + bindingProcessorError = new SLBindingException(2000); + currentState = State.FINISHED; + } + break; + case TRANSFORM: + transformResult(); + break; + case FINISHED: + done = true; + finished(); + break; + } + } catch (RuntimeException rte) { + throw rte; + } catch (Exception t) { + log.error("Caught unexpected exception", t); + responseCode = 200; + resultContentType = HttpUtil.TXT_XML; + responseHeaders = Collections.EMPTY_MAP; + bindingProcessorError = new SLException(2000); + currentState = State.FINISHED; + } + } + } catch (Throwable t) { + log.error("Caught unexpected exception", t); + responseCode = 200; + resultContentType = HttpUtil.TXT_XML; + responseHeaders = Collections.EMPTY_MAP; + bindingProcessorError = new SLException(2000); + currentState = State.FINISHED; + } + log.debug("Terminated http binding processor"); + } + + @Override + public void consumeRequestStream(InputStream is) { + try { + log.debug("Start consuming request stream"); + formParameterMap.clear(); + String cl = headerMap + .get(HttpUtil.HTTP_HEADER_CONTENT_TYPE.toLowerCase()); + if (cl == null) { + log.info("No content type set in http header"); + throw new SLBindingException(2006); + } + InputDecoder id = InputDecoderFactory.getDecoder(cl, is); + id.setContentType(cl); + if (id == null) { + log.error("Cannot get inputdecoder for is"); + throw new SLException(2006); + } + for (Iterator fpi = id.getFormParameterIterator(); fpi + .hasNext();) { + FormParameter fp = fpi.next(); + log.debug("Got request parameter with name: " + + fp.getFormParameterName()); + if (fp.getFormParameterName().equals(FixedFormParameters.XMLREQUEST)) { + log.debug("Creating XML Request"); + for (Iterator headerIterator = fp.getHeaderNames(); headerIterator + .hasNext();) { + String headerName = headerIterator.next(); + if (HttpUtil.CONTENT_TRANSFER_ENCODING.equalsIgnoreCase(headerName)) { + String transferEncoding = fp.getHeaderValue(headerName); + log.debug("Got transfer encoding for xmlrequest: " + + transferEncoding); + if (XML_REQ_TRANSFER_ENCODING.contains(transferEncoding)) { + log.debug("Supported transfer encoding: " + transferEncoding); + } else { + log + .error("Transferencoding not supported: " + + transferEncoding); + throw new SLBindingException(2005); + } + } + } + String charset = HttpUtil.getCharset(cl, true); + assignXMLRequest(fp.getFormParameterValue(), charset); + } else { + FormParameterStore fps = new FormParameterStore(); + fps.init(fp); + if (!fps.isEmpty()) { + log.debug("Setting from parameter: " + fps.getFormParameterName()); + formParameterMap.put(fps.getFormParameterName(), fps); + } + } + } + if (slCommand == null) { + throw new SLBindingException(2004); + } + if (is.read() != -1) { + log.error("Request input stream not completely read"); + // consume rest of stream, should never occur + throw new SLRuntimeException( + "request input stream not consumed till end"); + } + } catch (SLException slx) { + log.info("Error while consuming input stream " + slx); + bindingProcessorError = slx; + } catch (Throwable t) { + log.info("Error while consuming input stream " + t, t); + bindingProcessorError = new SLException(2000); + } finally { + try { + while (is.read() != -1) + ; + } catch (IOException e) { + log.error(e); + } + } + } + + @Override + public String getResultContentType() { + return resultContentType; + } + + protected Transformer getTransformer(String styleSheetURL) { + if (styleSheetURL == null) { + log.debug("Stylesheet URL not set"); + return null; + } + try { + URLDereferencerContext urlCtx = new SimpleFormDataContextImpl(this); + URIResolver resolver = new URIResolverAdapter(URLDereferencer + .getInstance(), urlCtx); + TransformerFactory factory = TransformerFactory.newInstance(); + StreamData sd = URLDereferencer.getInstance().dereference(styleSheetURL, + urlCtx); + Transformer t = factory.newTransformer(new StreamSource(sd.getStream())); + t.setURIResolver(resolver); + return t; + } catch (Exception ex) { + log.info("Cannot instantiate transformer", ex); + bindingProcessorError = new SLException(2002); + return null; + } + } + + protected void handleBindingProcessorError(OutputStream os, String encoding, + Transformer transformer) throws IOException { + log.debug("Writing error as result"); + ErrorResultImpl error = new ErrorResultImpl(bindingProcessorError); + try { + error.writeTo(new StreamResult(new OutputStreamWriter(os, encoding)), + transformer); + } catch (TransformerException e) { + log.fatal("Cannot write error result to stream", e); + } + } + + @Override + public void writeResultTo(OutputStream os, String encoding) + throws IOException { + if (encoding == null) { + encoding = HttpUtil.DEFAULT_CHARSET; + } + if (bindingProcessorError != null) { + log.debug("Detected error in binding processor, writing error as result"); + handleBindingProcessorError(os, encoding, transformer); + return; + } else if (dataUrlResponse != null) { + log.debug("Writing data url response as result"); + String charEnc = HttpUtil.getCharset(dataUrlResponse.getContentType(), + true); + InputStreamReader isr = new InputStreamReader( + dataUrlResponse.getStream(), charEnc); + OutputStreamWriter osw = new OutputStreamWriter(os, encoding); + if (transformer == null) { + StreamUtil.copyStream(isr, osw); + } else { + try { + transformer.transform(new StreamSource(isr), new StreamResult(osw)); + } catch (TransformerException e) { + log.fatal("Exception occured during result transformation", e); + // bindingProcessorError = new SLException(2008); + // handleBindingProcessorError(os, encoding, null); + return; + } + } + osw.flush(); + isr.close(); + } else if (slResult == null) { + // result not yet assigned -> must be a cancel + bindingProcessorError = new SLException(6001); + handleBindingProcessorError(os, encoding, transformer); + return; + } else { + log.debug("Getting result from invoker"); + OutputStreamWriter osw = new OutputStreamWriter(os, encoding); + try { + slResult.writeTo(new StreamResult(osw), transformer); + } catch (TransformerException e) { + log.fatal("Cannot write result to stream", e); + // bindingProcessorError = new SLException(2008); + // handleBindingProcessorError(os, encoding, transformer); + } + osw.flush(); + } + } + + /** + * The response code from the dataurl server or 200 if no dataurl server + * created the result + * + * @return + */ + public int getResponseCode() { + return responseCode; + } + + /** + * All headers from the data url server in case of a direct forward from the + * dataurl server. + * + * @return + */ + public Map getResponseHeaders() { + return responseHeaders; + } + + @Override + public void setLocale(Locale locale) { + if (locale == null) { + throw new NullPointerException("Locale must not be set to null"); + } + this.locale = locale; + } + } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java index ef2affd1..a23d96e8 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/SLCommandInvokerImpl.java @@ -1,66 +1,95 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.binding; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.SLCommand; -import at.gv.egiz.bku.slcommands.SLCommandInvoker; -import at.gv.egiz.bku.slcommands.SLResult; -import at.gv.egiz.bku.slcommands.SLSourceContext; -import at.gv.egiz.bku.slcommands.SLTargetContext; - -/** - * This class implements the entry point for the CCEs security management. - * - * TODO the secuirty management is currently not implemented. - */ -public class SLCommandInvokerImpl implements SLCommandInvoker { - - private static Log log = LogFactory.getLog(SLCommandInvokerImpl.class); - - protected SLCommand command; - protected SLResult result; - - /** - * Invokes a sl command. - */ - public void invoke(SLSourceContext aContext) { - // FIXXME add security policy here. - log.warn("Security policy not implemented yet, invoking command: "+command); - result = command.execute(); - } - - public SLResult getResult(SLTargetContext aContext) { - // FIXXME - log.warn("Security policy not implemented yet, getting result of command: "+command); - return result; - } - - public void setCommand(SLCommand aCmd) { - command = aCmd; - } - - @Override - public SLCommandInvoker newInstance() { - SLCommandInvokerImpl cmdInv = new SLCommandInvokerImpl(); - return cmdInv; - } - - + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.binding; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLCommandInvoker; +import at.gv.egiz.bku.slcommands.SLResult; +import at.gv.egiz.bku.slcommands.SLSourceContext; +import at.gv.egiz.bku.slcommands.SLTargetContext; +import at.gv.egiz.bku.slexceptions.SLException; + +/** + * This class implements the entry point for the CCEs security management. + * + */ +public class SLCommandInvokerImpl implements SLCommandInvoker { + + private static Log log = LogFactory.getLog(SLCommandInvokerImpl.class); + + protected SLCommand command; + protected SLResult result; + protected SecurityManagerFacade securityManager; + + /** + * Invokes a sl command. + * + * @throws SLException + */ + public void invoke(SLSourceContext aContext) throws SLException { + if (securityManager == null) { + log.warn("Security policy not implemented yet, invoking command: " + + command); + result = command.execute(); + } else { + if (securityManager.mayInvokeCommand(command, aContext)) { + result = command.execute(); + } else { + throw new SLException(6002); + } + } + } + + public SLResult getResult(SLTargetContext aContext) throws SLException { + if (securityManager == null) { + log + .warn("Security policy not implemented yet, getting result of command: " + + command); + return result; + } else { + if (securityManager.maySendResult(command, aContext)) { + return result; + } else { + throw new SLException(6002); + } + } + } + + public void setCommand(SLCommand aCmd) { + command = aCmd; + } + + @Override + public SLCommandInvoker newInstance() { + SLCommandInvokerImpl cmdInv = new SLCommandInvokerImpl(); + cmdInv.setSecurityManager(securityManager); + return cmdInv; + } + + public SecurityManagerFacade getSecurityManager() { + return securityManager; + } + + public void setSecurityManager(SecurityManagerFacade securityManager) { + this.securityManager = securityManager; + } + } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java index 77529a36..73fddf1f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/InfoboxReadCommand.java @@ -16,5 +16,13 @@ */ package at.gv.egiz.bku.slcommands; -public interface InfoboxReadCommand extends SLCommand { +public interface InfoboxReadCommand extends SLCommand { + public String getInfoboxIdentifier(); + + /** + * Convenience method to get the domain identifier if the infobox + * referes to a Identitylink. + * @return the domain id or null if the Infobox is not of type Identitylink or no domain parameter was specified + */ + public String getIdentityLinkDomainId(); } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java index 30c6b68f..c28288c9 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLCommandInvoker.java @@ -16,7 +16,8 @@ */ package at.gv.egiz.bku.slcommands; -import at.gv.egiz.bku.slexceptions.SLCanceledException; +import at.gv.egiz.bku.slexceptions.SLCanceledException; +import at.gv.egiz.bku.slexceptions.SLException; public interface SLCommandInvoker { @@ -25,7 +26,7 @@ public interface SLCommandInvoker { * @param aContext * @throws SLCanceledException if the security management prevents execution of this command */ - public void invoke(SLSourceContext aContext) throws SLCanceledException; + public void invoke(SLSourceContext aContext) throws SLException; /** * @@ -33,7 +34,7 @@ public interface SLCommandInvoker { * @return * @throws SLCanceledException if the security management prevents execution of this command */ - public SLResult getResult(SLTargetContext aContext) throws SLCanceledException; + public SLResult getResult(SLTargetContext aContext) throws SLException; public void setCommand(at.gv.egiz.bku.slcommands.SLCommand aCmd); diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java index ded55b2a..f25a0ea4 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLSourceContext.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.bku.slcommands; +import java.net.URL; import java.security.cert.X509Certificate; import at.gv.egiz.bku.utils.binding.Protocol; @@ -23,17 +24,17 @@ import at.gv.egiz.bku.utils.binding.Protocol; public class SLSourceContext { - private Protocol sourceProtocol; + private URL sourceUrl; private boolean sourceIsDataURL; private X509Certificate sourceCertificate; private String sourceHTTPReferer; - public Protocol getSourceProtocol() { - return sourceProtocol; + public URL getSourceUrl() { + return sourceUrl; } - public void setSourceProtocol(Protocol sourceProtocol) { - this.sourceProtocol = sourceProtocol; + public void setSourceUrl(URL sourceProtocol) { + this.sourceUrl = sourceProtocol; } public boolean isSourceIsDataURL() { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java index cf800406..f9df3ced 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/SLTargetContext.java @@ -16,19 +16,20 @@ */ package at.gv.egiz.bku.slcommands; -import java.security.cert.X509Certificate; +import java.net.URL; +import java.security.cert.X509Certificate; public class SLTargetContext { - private String targetProtocol; + private URL targetUrl; private boolean targetIsDataURL; private X509Certificate targetCertificate; - public String getTargetProtocol() { - return targetProtocol; + public URL getTargetUrl() { + return targetUrl; } - public void setTargetProtocol(String targetProtocol) { - this.targetProtocol = targetProtocol; + public void setTargetUrl(URL targetUrl) { + this.targetUrl = targetUrl; } public boolean isTargetIsDataURL() { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java index 93131cf4..b6745e1f 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java @@ -405,5 +405,10 @@ public class InfoboxReadCommandImpl extends SLCommandImpl headers = new HashMap(); headers.put("Content-Type", InputDecoderFactory.MULTIPART_FORMDATA + ";boundary=---------------------------2330864292941"); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java index 41c69a1d..61729567 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/ExpiryRemoverTest.java @@ -16,16 +16,18 @@ */ package at.gv.egiz.bku.binding; +import java.net.MalformedURLException; + import org.junit.Test; import static org.junit.Assert.*; public class ExpiryRemoverTest { @Test - public void testMe() throws InterruptedException { + public void testMe() throws InterruptedException, MalformedURLException { BindingProcessorManager manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); - BindingProcessor bp = manager.createBindingProcessor("http", null); + BindingProcessor bp = manager.createBindingProcessor("http://www.at", null); ExpiryRemover remover = new ExpiryRemover(); remover.setBindingProcessorManager(manager); remover.execute(); @@ -42,10 +44,10 @@ public class ExpiryRemoverTest { } @Test - public void testMe2() throws InterruptedException { + public void testMe2() throws InterruptedException, MalformedURLException { BindingProcessorManager manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); - BindingProcessor bp = manager.createBindingProcessor("http", null); + BindingProcessor bp = manager.createBindingProcessor("http://www.iaik.at", null); ExpiryRemover remover = new ExpiryRemover(); remover.setBindingProcessorManager(manager); remover.execute(); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java index 38f61aa2..6a0792d5 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/HttpBindingProcessorTest.java @@ -93,7 +93,7 @@ public class HttpBindingProcessorTest { manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); bindingProcessor = (HTTPBindingProcessor) manager.createBindingProcessor( - "http", null); + "http://www.iaik.at", null); clientHeaderMap = new HashMap(); clientHeaderMap.put("Content-Type", "application/x-www-form-urlencoded;charset=utf8"); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java index 7ef1a9bf..2c48bf4e 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/MultipartSLRequestTest.java @@ -17,6 +17,7 @@ package at.gv.egiz.bku.binding; import java.io.InputStream; +import java.net.MalformedURLException; import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -34,11 +35,11 @@ public class MultipartSLRequestTest { protected BindingProcessorManager manager; @Before - public void setUp() { + public void setUp() throws MalformedURLException { manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); HTTPBindingProcessor http = (HTTPBindingProcessor) manager - .createBindingProcessor("http", null); + .createBindingProcessor("http://www.at/", null); Map headers = new HashMap(); headers.put("Content-Type", InputDecoderFactory.MULTIPART_FORMDATA + ";boundary=---------------------------2330864292941"); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java index 66b9dffb..b2a7d387 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/NullOperationTest.java @@ -17,6 +17,7 @@ package at.gv.egiz.bku.binding; import java.io.InputStream; +import java.net.MalformedURLException; import java.util.HashMap; import java.util.Map; @@ -32,9 +33,9 @@ public class NullOperationTest { protected BindingProcessorManager manager; @Before - public void setUp() { + public void setUp() throws MalformedURLException { manager = new BindingProcessorManagerImpl(new DummyStalFactory(), new SLCommandInvokerImpl()); - HTTPBindingProcessor http = (HTTPBindingProcessor) manager.createBindingProcessor("http", null); + HTTPBindingProcessor http = (HTTPBindingProcessor) manager.createBindingProcessor("http://www.at/", null); Map headers = new HashMap(); headers.put("Content-Type", "application/x-www-form-urlencoded"); http.setHTTPHeaders(headers); diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java index e644f964..45e38674 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/TestDataUrlConnection.java @@ -119,5 +119,10 @@ public class TestDataUrlConnection implements DataUrlConnectionSPI { @Override public DataUrlConnectionSPI newInstance() { return this; - } + } + + @Override + public URL getUrl() { + return url; + } } diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml index 2455d68d..22f9e4a5 100644 --- a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/AccessControlConfig.xml @@ -29,7 +29,7 @@ anonymous - *.gv.at + $.gv.at allow @@ -44,7 +44,7 @@ IdentityLink - * + .* allow @@ -56,7 +56,7 @@ https://finanzonline.bmf.gv.at/* Mandates - * + .* allow diff --git a/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml new file mode 100644 index 00000000..92490fb2 --- /dev/null +++ b/bkucommon/src/test/resources/at/gv/egiz/bku/accesscontroller/SimpleChainTest.xml @@ -0,0 +1,39 @@ + + + + + + + pseudoanonymous + + DelegateFilter + + + + + + + + + certified + + IdentityLink + derived + + + allow + + + + certified + + IdentityLink + + + deny + + + + + + \ No newline at end of file -- cgit v1.2.3 From 0df8bb10302989f41ed420ec0ff29b2fc2005471 Mon Sep 17 00:00:00 2001 From: wbauer Date: Mon, 15 Sep 2008 14:18:53 +0000 Subject: Migrated BKULocal to BKUCommonGUI and minor bug fixes git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@37 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/online/applet/BKUWorker.java | 11 + BKULocal/pom.xml | 5 + .../at/gv/egiz/bku/local/stal/BKUGuiProxy.java | 130 ++++++++++ .../bku/local/stal/LocalSignRequestHandler.java | 84 +++++++ .../java/at/gv/egiz/bku/local/stal/PINDialog.java | 214 ----------------- .../gv/egiz/bku/local/stal/QuitRequestHandler.java | 41 ---- .../java/at/gv/egiz/bku/local/stal/SMCCSTAL.java | 100 ++------ .../at/gv/egiz/bku/local/stal/SMCCSTALFactory.java | 100 ++++++-- .../egiz/bku/local/stal/SwingInsertCardDialog.java | 147 ------------ .../gv/egiz/bku/local/stal/SwingPINProvider.java | 57 ----- .../at/gv/egiz/bku/local/stal/SwingPinDialog.java | 265 --------------------- .../gv/egiz/bku/online/webapp/ResultServlet.java | 1 + .../service/impl/RequestBrokerSTALFactory.java | 5 + .../java/at/gv/egiz/bku/slxhtml/ValidatorTest.java | 5 +- .../src/main/java/at/gv/egiz/stal/STALFactory.java | 6 +- .../bku/binding/BindingProcessorManagerImpl.java | 1 + .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 20 +- .../egiz/bku/slcommands/impl/xsect/Signature.java | 25 ++ .../at/gv/egiz/bku/binding/DummyStalFactory.java | 8 + 19 files changed, 382 insertions(+), 843 deletions(-) create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java (limited to 'BKULocal/src/main/java') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java index 51ac243c..cd96a481 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java @@ -75,6 +75,17 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, addRequestHandler(QuitRequest.class, this); //register SignRequestHandler once we have a webservice port } + + /** + * Used for non applet variants + * @param gui + * @param errorMessageBundle + */ + protected BKUWorker(BKUGUIFacade gui, ResourceBundle errorMessageBundle) { + this.gui = gui; + this.errorMessages = errorMessageBundle; + addRequestHandler(QuitRequest.class, this); + } private STALPortType getSTALPort() throws MalformedURLException { URL wsdlURL = null; diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 3f77752a..341e574a 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -74,6 +74,11 @@ org.springframework spring-tx 2.5.5 + + + at.gv.egiz + BKUApplet + 1.0-SNAPSHOT \ No newline at end of file diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java new file mode 100644 index 00000000..0bed928d --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java @@ -0,0 +1,130 @@ +package at.gv.egiz.bku.local.stal; + +import java.awt.Container; +import java.awt.event.ActionListener; +import java.util.List; + +import javax.swing.JDialog; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.smcc.PINSpec; +import at.gv.egiz.stal.HashDataInput; + +public class BKUGuiProxy implements BKUGUIFacade { + + private BKUGUIFacade delegate; + private JDialog dialog; + + public BKUGuiProxy(JDialog dialog, BKUGUIFacade delegate) { + this.delegate = delegate; + this.dialog = dialog; + } + + private void showDialog() { + dialog.setVisible(true); + dialog.setAlwaysOnTop(true); + } + + @Override + public char[] getPin() { + return delegate.getPin(); + } + + @Override + public void init(Container contentPane, String localeString) { + delegate.init(contentPane, localeString); + } + + @Override + public void showCardNotSupportedDialog(ActionListener cancelListener, + String actionCommand) { + showDialog(); + delegate.showCardNotSupportedDialog(cancelListener, actionCommand); + } + + @Override + public void showCardPINDialog(PINSpec pinSpec, ActionListener okListener, + String okCommand, ActionListener cancelListener, String cancelCommand) { + showDialog(); + delegate.showCardPINDialog(pinSpec, okListener, okCommand, cancelListener, + cancelCommand); + } + + @Override + public void showCardPINRetryDialog(PINSpec pinSpec, int numRetries, + ActionListener okListener, String okCommand, + ActionListener cancelListener, String cancelCommand) { + showDialog(); + delegate.showCardPINRetryDialog(pinSpec, numRetries, okListener, okCommand, + cancelListener, cancelCommand); + } + + @Override + public void showErrorDialog(String errorMsg, ActionListener okListener, + String actionCommand) { + showDialog(); + delegate.showErrorDialog(errorMsg, okListener, actionCommand); + } + + @Override + public void showErrorDialog(String errorMsg) { + showDialog(); + delegate.showErrorDialog(errorMsg); + } + + @Override + public void showHashDataInputDialog(List signedReferences, + ActionListener okListener, String actionCommand) { + showDialog(); + delegate.showHashDataInputDialog(signedReferences, okListener, + actionCommand); + } + + @Override + public void showInsertCardDialog(ActionListener cancelListener, + String actionCommand) { + showDialog(); + delegate.showInsertCardDialog(cancelListener, actionCommand); + } + + @Override + public void showLoginDialog(ActionListener loginListener, String actionCommand) { + showDialog(); + + delegate.showLoginDialog(loginListener, actionCommand); + } + + @Override + public void showSignaturePINDialog(PINSpec pinSpec, + ActionListener signListener, String signCommand, + ActionListener cancelListener, String cancelCommand, + ActionListener hashdataListener, String hashdataCommand) { + showDialog(); + delegate.showSignaturePINDialog(pinSpec, signListener, signCommand, + cancelListener, cancelCommand, hashdataListener, hashdataCommand); + } + + @Override + public void showSignaturePINRetryDialog(PINSpec pinSpec, int numRetries, + ActionListener okListener, String okCommand, + ActionListener cancelListener, String cancelCommand, + ActionListener hashdataListener, String hashdataCommand) { + showDialog(); + delegate.showSignaturePINRetryDialog(pinSpec, numRetries, okListener, + okCommand, cancelListener, cancelCommand, hashdataListener, + hashdataCommand); + } + + @Override + public void showWaitDialog(String waitMessage) { + showDialog(); + delegate.showWaitDialog(waitMessage); + } + + @Override + public void showWelcomeDialog() { + showDialog(); + delegate.showWelcomeDialog(); + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java new file mode 100644 index 00000000..f8546e49 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java @@ -0,0 +1,84 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.stal; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; +import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.SignRequest; +import at.gv.egiz.stal.signedinfo.ReferenceType; + +/** + * + * @author clemens + */ +public class LocalSignRequestHandler extends SignRequestHandler { + + private static final Log log = LogFactory + .getLog(LocalSignRequestHandler.class); + private List hashDataInput = Collections.EMPTY_LIST; + + public LocalSignRequestHandler() { + } + + @SuppressWarnings("unchecked") + @Override + public STALResponse handleRequest(STALRequest request) { + if (request instanceof SignRequest) { + SignRequest signReq = (SignRequest) request; + hashDataInput = signReq.getHashDataInput(); + } + return super.handleRequest(request); + } + + @Override + protected List getHashDataInputs( + List dsigReferences) throws Exception { + ArrayList result = new ArrayList(); + for (ReferenceType dsigRef : dsigReferences) { + // don't get Manifest, QualifyingProperties, ... + if (dsigRef.getType() == null) { + String dsigRefId = dsigRef.getId(); + if (dsigRefId != null) { + for (HashDataInput hdi : hashDataInput) { + if (hdi.getReferenceId().equals(dsigRefId)) { + result.add(hdi); + } + } + } else { + throw new Exception( + "Cannot get HashDataInput for dsig:Reference without Id attribute"); + } + } + } + return result; + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return new LocalSignRequestHandler(); + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java deleted file mode 100644 index 5bc6bab5..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/PINDialog.java +++ /dev/null @@ -1,214 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.stal; - -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; -import java.awt.event.WindowAdapter; -import java.awt.event.WindowEvent; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.swing.JButton; -import javax.swing.JPasswordField; -import javax.swing.text.AttributeSet; -import javax.swing.text.BadLocationException; -import javax.swing.text.PlainDocument; - -import at.gv.egiz.smcc.PINSpec; - -public class PINDialog extends javax.swing.JDialog implements ActionListener { - - // Variables declaration - do not modify - private javax.swing.JButton okButton; - private javax.swing.JButton cancelButton; - private javax.swing.JLabel label; - private javax.swing.JPasswordField password; - // End of variables declaration - - private PINSpec pinSpec; - private String pinString; - private boolean finished = false; - - class PinDocument extends PlainDocument { - private Pattern pattern; - - public PinDocument() { - pattern = Pattern.compile(pinSpec.getRexepPattern()); - } - - public void insertString(int offs, String str, AttributeSet a) - throws BadLocationException { - if (pinSpec.getMaxLength() >= (getLength() + str.length())) { - Matcher matcher = pattern.matcher(str); - if (matcher.matches()) { - super.insertString(offs, str, a); - } - } - okButton.setEnabled(getLength() >= pinSpec.getMinLength()); - } - - @Override - public void remove(int offs, int len) throws BadLocationException { - super.remove(offs, len); - okButton.setEnabled(getLength() >= pinSpec.getMinLength()); - } - } - - public PINDialog() { - } - - private synchronized void finished(boolean ok) { - if (ok) { - pinString = password.getText(); - } else { - pinString = null; - } - finished = true; - notifyAll(); - } - - public synchronized void waitFinished() { - while (!finished) { - try { - wait(); - } catch (InterruptedException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - } - - public String getPIN() { - return pinString; - } - - /** Creates new form NewJDialog */ - public PINDialog(java.awt.Frame parent, boolean modal, PINSpec pinSpec, - int retries) { - super(parent, modal); - this.pinSpec = pinSpec; - initComponents(); - } - - private void initComponents() { - okButton = new javax.swing.JButton(); - cancelButton = new javax.swing.JButton(); - password = new javax.swing.JPasswordField(); - label = new javax.swing.JLabel(); - setDefaultCloseOperation(javax.swing.WindowConstants.DISPOSE_ON_CLOSE); - - setTitle("PIN Dialog"); // NOI18N - setName("Form"); // NOI18N - - okButton.setText("OK"); // NOI18N - okButton.setName("okButton"); // NOI18N - okButton.setEnabled(false); - okButton.addActionListener(this); - - cancelButton.setText("Cancel"); // NOI18N - cancelButton.setName("cancelButton"); // NOI18N - cancelButton.addActionListener(this); - - password.setText(""); // NOI18N - password.setName("password"); // NOI18N - password.addActionListener(this); - password.setDocument(new PinDocument()); - - label.setText("PIN: "); // NOI18N - label.setName("jLabel1"); // NOI18N - - javax.swing.GroupLayout layout = new javax.swing.GroupLayout( - getContentPane()); - getContentPane().setLayout(layout); - layout.setHorizontalGroup(layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addGroup( - layout.createSequentialGroup().addContainerGap().addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addGroup( - layout.createSequentialGroup().addComponent(label, - javax.swing.GroupLayout.PREFERRED_SIZE, 61, - javax.swing.GroupLayout.PREFERRED_SIZE).addPreferredGap( - javax.swing.LayoutStyle.ComponentPlacement.RELATED, - javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE) - .addComponent(password, - javax.swing.GroupLayout.PREFERRED_SIZE, 127, - javax.swing.GroupLayout.PREFERRED_SIZE)).addGroup( - javax.swing.GroupLayout.Alignment.TRAILING, - layout.createSequentialGroup().addComponent(cancelButton) - .addPreferredGap( - javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(okButton))).addContainerGap())); - layout.setVerticalGroup(layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addGroup( - layout.createSequentialGroup().addContainerGap().addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.BASELINE).addComponent(label, - javax.swing.GroupLayout.PREFERRED_SIZE, 33, - javax.swing.GroupLayout.PREFERRED_SIZE).addComponent(password, - javax.swing.GroupLayout.PREFERRED_SIZE, - javax.swing.GroupLayout.DEFAULT_SIZE, - javax.swing.GroupLayout.PREFERRED_SIZE)).addPreferredGap( - javax.swing.LayoutStyle.ComponentPlacement.RELATED, 14, - Short.MAX_VALUE).addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.BASELINE).addComponent( - okButton).addComponent(cancelButton)).addContainerGap())); - - pack(); - } - - /** - * @param args - * the command line arguments - */ - public static void main(String args[]) { - java.awt.EventQueue.invokeLater(new Runnable() { - public void run() { - PINDialog dialog = new PINDialog(new javax.swing.JFrame(), true, - new PINSpec(1, 5, "[0-9]*", "Hansi"), 10); - dialog.setResizable(false); - dialog.addWindowListener(new java.awt.event.WindowAdapter() { - public void windowClosing(java.awt.event.WindowEvent e) { - System.exit(0); - } - }); - dialog.setVisible(true); - } - }); - } - - @Override - public void actionPerformed(ActionEvent e) { - if (e.getSource() instanceof JButton) { - JButton pressed = (JButton) e.getSource(); - if (pressed.getName().equals("okButton")) { - finished(true); - } else if (pressed.getName().equals("cancelButton")) { - finished(false); - } - } else if (e.getSource() instanceof JPasswordField) { - JPasswordField pwf = (JPasswordField) e.getSource(); - if (pwf.getName().equals("password")) { - if (password.getPassword().length >= pinSpec.getMinLength()) { - finished(true); - } - } - } - } - -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java deleted file mode 100644 index 5596b7bb..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/QuitRequestHandler.java +++ /dev/null @@ -1,41 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.stal; - -import at.gv.egiz.bku.smccstal.AbstractRequestHandler; -import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; - -public class QuitRequestHandler extends AbstractRequestHandler { - - @Override - public STALResponse handleRequest(STALRequest request) { - return null; - } - - @Override - public boolean requireCard() { - return false; - } - - @Override - public SMCCSTALRequestHandler newInstance() { - return this; - } - -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java index 26ec2aa8..6f9e72c5 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java @@ -1,95 +1,33 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ package at.gv.egiz.bku.local.stal; -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; -import java.util.Locale; +import java.util.List; +import java.util.ResourceBundle; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; +import javax.swing.JDialog; import at.gv.egiz.bku.gui.BKUGUIFacade; -import at.gv.egiz.bku.local.ui.TrayIconDialog; -import at.gv.egiz.bku.smccstal.AbstractRequestHandler; -import at.gv.egiz.bku.smccstal.AbstractSMCCSTAL; -import at.gv.egiz.bku.smccstal.STALMessageConsumer; -import at.gv.egiz.smcc.PINProvider; -import at.gv.egiz.smcc.util.SMCCHelper; -import at.gv.egiz.stal.QuitRequest; +import at.gv.egiz.bku.online.applet.BKUWorker; +import at.gv.egiz.stal.STALRequest; +import at.gv.egiz.stal.STALResponse; +import at.gv.egiz.stal.SignRequest; -public class SMCCSTAL extends AbstractSMCCSTAL implements STALMessageConsumer { - private static Log log = LogFactory.getLog(SMCCSTAL.class); +public class SMCCSTAL extends BKUWorker { - protected PINProvider pinProvider = new SwingPINProvider(); - protected SwingInsertCardDialog insertCard = new SwingInsertCardDialog(); - private boolean canceled = false; + private JDialog container; - static { - addRequestHandler(QuitRequest.class, new QuitRequestHandler()); - } - - public SMCCSTAL() { - AbstractRequestHandler.setMessageConsumer(this); - } - - /** - * - * @return if the user canceled - */ - protected boolean waitForCard() { - canceled = false; - while ((smccHelper.getResultCode() != SMCCHelper.CARD_FOUND) && (!canceled)) { - insertCard.setVisible(true); - insertCard.setAlwaysOnTop(true); - insertCard.addCanceledListener(new ActionListener() { - @Override - public void actionPerformed(ActionEvent e) { - canceled = true; - } - }); - try { - smccHelper.update(1000); - } catch (Exception ex) { - log.info(ex); - } - } - insertCard.setVisible(false); - signatureCard = smccHelper.getSignatureCard(locale); - return canceled; + public SMCCSTAL(BKUGUIFacade gui, JDialog container, + ResourceBundle errorMessageBundle) { + super(gui, errorMessageBundle); + this.container = container; + addRequestHandler(SignRequest.class, new LocalSignRequestHandler()); } @Override - public void setLocale(Locale locale) { - super.setLocale(locale); - if (pinProvider instanceof SwingPINProvider) { - ((SwingPINProvider) pinProvider).setLocale(locale); - } + public List handleRequest(List requestList) { + signatureCard = null; + List responses = super.handleRequest(requestList); + container.setVisible(false); + return responses; } - @Override - public void consumeNewSTALMessage(String captionId, String messageId) { - TrayIconDialog.getInstance().displayInfo(captionId, messageId); - } - - @Override - protected BKUGUIFacade getGUI() { - // TODO Auto-generated method stub - //FIXME - return null; - } } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java index 014d884a..97646d09 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -1,27 +1,75 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.stal; - -import at.gv.egiz.stal.STAL; -import at.gv.egiz.stal.STALFactory; - -public class SMCCSTALFactory implements STALFactory { - @Override - public STAL createSTAL() { - return new SMCCSTAL(); - } -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.stal; + +import java.awt.Dimension; +import java.awt.Toolkit; +import java.util.Locale; +import java.util.ResourceBundle; + +import javax.swing.JDialog; +import javax.swing.WindowConstants; + +import at.gv.egiz.bku.gui.BKUGUIFacade; +import at.gv.egiz.bku.gui.BKUGUIFactory; +import at.gv.egiz.bku.online.applet.BKUApplet; +import at.gv.egiz.stal.STAL; +import at.gv.egiz.stal.STALFactory; + +public class SMCCSTALFactory implements STALFactory { + + private Locale locale; + private SMCCSTAL stal; + private JDialog dialog; + + @Override + public STAL createSTAL() { + if (stal == null) { + ResourceBundle resourceBundle; + if (locale != null) { + resourceBundle = ResourceBundle.getBundle( + BKUApplet.RESOURCE_BUNDLE_BASE, locale); + } else { + resourceBundle = ResourceBundle + .getBundle(BKUApplet.RESOURCE_BUNDLE_BASE); + } + dialog = new JDialog(); + BKUGUIFacade gui = BKUGUIFactory.createGUI(); + gui.init(dialog.getContentPane(), locale.toString()); + stal = new SMCCSTAL(new BKUGuiProxy(dialog, gui), dialog, resourceBundle); + dialog.setPreferredSize(new Dimension(400, 200)); + dialog.setDefaultCloseOperation(WindowConstants.HIDE_ON_CLOSE); + Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); + Dimension frameSize = dialog.getSize(); + if (frameSize.height > screenSize.height) { + frameSize.height = screenSize.height; + } + if (frameSize.width > screenSize.width) { + frameSize.width = screenSize.width; + } + dialog.setLocation((screenSize.width - frameSize.width) / 2, + (screenSize.height - frameSize.height) / 2); + dialog.pack(); + } + return stal; + } + + @Override + public void setLocale(Locale locale) { + this.locale = locale; + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java deleted file mode 100644 index eb76f2f2..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingInsertCardDialog.java +++ /dev/null @@ -1,147 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.stal; - -import java.awt.Dimension; -import java.awt.Font; -import java.awt.Toolkit; -import java.awt.event.ActionListener; -import java.awt.event.WindowAdapter; -import java.awt.event.WindowEvent; -import java.awt.event.WindowListener; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Locale; -import java.util.ResourceBundle; - -import javax.swing.ImageIcon; -import javax.swing.JDialog; - -import at.gv.egiz.bku.utils.StreamUtil; - -public class SwingInsertCardDialog extends JDialog { - - private javax.swing.JButton cancelButton; - private javax.swing.JLabel jLabel1; - private javax.swing.JLabel jLabel2; - private Locale locale = Locale.getDefault(); - - public SwingInsertCardDialog() { - super((java.awt.Frame) null, false); - initComponents(); - } - - public void setLocale(Locale locale) { - this.locale = locale; - } - - private void initComponents() { - ResourceBundle rb = ResourceBundle.getBundle( - "at/gv/egiz/bku/local/Userdialog", locale); - setTitle(rb.getString("Insert.Header")); - jLabel1 = new javax.swing.JLabel(); - jLabel2 = new javax.swing.JLabel(); - cancelButton = new javax.swing.JButton(); - - setDefaultCloseOperation(javax.swing.WindowConstants.DO_NOTHING_ON_CLOSE); - setName("Form"); // NOI18N - setUndecorated(true); - - jLabel1.setFont(new Font("Tahoma", Font.BOLD, 14)); - jLabel1.setText(rb.getString("Insert.Text")); // NOI18N - jLabel1.setName("text"); // NOI18N - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - InputStream is = getClass().getClassLoader().getResourceAsStream( - "at/gv/egiz/bku/local/logo.png"); - try { - StreamUtil.copyStream(is, os); - jLabel2.setIcon(new ImageIcon(os.toByteArray())); // NOI18N - } catch (IOException e) { - jLabel2.setText("Chipperling image missing"); // NOI18N - } - jLabel2.setName("jLabel2"); // NOI18N - cancelButton.setText(rb.getString("Insert.Button.Cancel")); // NOI18N - cancelButton.setName("jButton1"); // NOI18N - - javax.swing.GroupLayout layout = new javax.swing.GroupLayout( - getContentPane()); - getContentPane().setLayout(layout); - layout.setHorizontalGroup(layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addGroup( - layout.createSequentialGroup().addContainerGap().addComponent(jLabel2) - .addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.TRAILING).addGroup( - layout.createSequentialGroup().addGap(35, 35, 35) - .addComponent(jLabel1, - javax.swing.GroupLayout.DEFAULT_SIZE, - javax.swing.GroupLayout.DEFAULT_SIZE, - Short.MAX_VALUE)).addGroup( - layout.createSequentialGroup().addPreferredGap( - javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(cancelButton))).addGap(29, 29, 29))); - layout.setVerticalGroup(layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addGroup( - javax.swing.GroupLayout.Alignment.TRAILING, - layout.createSequentialGroup().addContainerGap().addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.TRAILING).addComponent( - jLabel2).addGroup( - layout.createSequentialGroup().addComponent(jLabel1, - javax.swing.GroupLayout.DEFAULT_SIZE, 53, Short.MAX_VALUE) - .addGap(35, 35, 35).addComponent(cancelButton).addGap(9, 9, - 9))).addContainerGap())); - - Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); - Dimension frameSize = getSize(); - if (frameSize.height > screenSize.height) { - frameSize.height = screenSize.height; - } - if (frameSize.width > screenSize.width) { - frameSize.width = screenSize.width; - } - setLocation((screenSize.width - frameSize.width) / 2, - (screenSize.height - frameSize.height) / 2); - setUndecorated(false); - pack(); - } - - public void addCanceledListener(ActionListener al) { - cancelButton.addActionListener(al); - } - - /** - * @param args - * the command line arguments - */ - public static void main(String args[]) { - java.awt.EventQueue.invokeLater(new Runnable() { - public void run() { - SwingInsertCardDialog dialog = new SwingInsertCardDialog(); - dialog.addWindowListener(new java.awt.event.WindowAdapter() { - public void windowClosing(java.awt.event.WindowEvent e) { - System.exit(0); - } - }); - // - } - }); - } - -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java deleted file mode 100644 index 7d36e68e..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPINProvider.java +++ /dev/null @@ -1,57 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.stal; - -import java.util.Locale; - -import at.gv.egiz.smcc.PINProvider; -import at.gv.egiz.smcc.PINSpec; - -public class SwingPINProvider implements PINProvider { - - private Locale locale = Locale.getDefault(); - SwingPinDialog dialog; - - public SwingPINProvider() { - this.locale = Locale.getDefault(); - - } - - public Locale getLocale() { - return locale; - } - - public void setLocale(Locale locale) { - this.locale = locale; - } - - @Override - public String providePIN(PINSpec pinSpec, int retries) { - dialog = new SwingPinDialog(null, false); - dialog.setResizable(false); - dialog.setRetries(retries); - dialog.setPinSpec(pinSpec); - dialog.initComponents(); - dialog.setVisible(true); - dialog.requestFocus(); - dialog.setAlwaysOnTop(true); - dialog.waitFinished(); - dialog.dispose(); - return dialog.getPIN(); - } - -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java deleted file mode 100644 index 3e91972c..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SwingPinDialog.java +++ /dev/null @@ -1,265 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.stal; - -import java.awt.Dimension; -import java.awt.Font; -import java.awt.Toolkit; -import java.awt.event.ActionEvent; -import java.awt.event.ActionListener; -import java.io.ByteArrayOutputStream; -import java.io.InputStream; -import java.text.MessageFormat; -import java.util.Locale; -import java.util.ResourceBundle; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.swing.ImageIcon; -import javax.swing.JButton; -import javax.swing.JPasswordField; -import javax.swing.text.AttributeSet; -import javax.swing.text.BadLocationException; -import javax.swing.text.PlainDocument; - -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.smcc.PINSpec; - -public class SwingPinDialog extends javax.swing.JDialog implements - ActionListener { - - private javax.swing.JButton okButton; - private javax.swing.JButton cancelButton; - private javax.swing.JLabel jLabel1; - private javax.swing.JLabel jLabel2; - private javax.swing.JPasswordField password; - - private PINSpec pinSpec; - private String pinString; - private boolean finished = false; - private int retries = -1; - private Locale locale = Locale.getDefault(); - private boolean setUp = false; - - class PinDocument extends PlainDocument { - private Pattern pattern; - - public PinDocument() { - if ((pinSpec != null) && (pinSpec.getRexepPattern() != null)) { - pattern = Pattern.compile(pinSpec.getRexepPattern()); - } else { - pattern = Pattern.compile("."); - } - } - - public void insertString(int offs, String str, AttributeSet a) - throws BadLocationException { - if (pinSpec.getMaxLength() >= (getLength() + str.length())) { - Matcher matcher = pattern.matcher(str); - if (matcher.matches()) { - super.insertString(offs, str, a); - } - } - okButton.setEnabled(getLength() >= pinSpec.getMinLength()); - } - - @Override - public void remove(int offs, int len) throws BadLocationException { - super.remove(offs, len); - okButton.setEnabled(getLength() >= pinSpec.getMinLength()); - } - } - - /** - * Make sure to call initComponents - * - * @param parent - * @param modal - */ - public SwingPinDialog(java.awt.Frame parent, boolean modal) { - super(parent, modal); - } - - public void setLocale(Locale locale) { - this.locale = locale; - } - - public void setPinSpec(PINSpec pinSpec) { - this.pinSpec = pinSpec; - } - - public void setRetries(int retries) { - this.retries = retries; - } - - public void initComponents() { - ResourceBundle rb = ResourceBundle.getBundle( - "at/gv/egiz/bku/local/Userdialog", locale); - okButton = new javax.swing.JButton(); - cancelButton = new javax.swing.JButton(); - password = new javax.swing.JPasswordField(); - jLabel1 = new javax.swing.JLabel(); - jLabel2 = new javax.swing.JLabel(); - - setTitle(rb.getString("Pin.Header")); - setName("Form"); - setDefaultCloseOperation(javax.swing.WindowConstants.DO_NOTHING_ON_CLOSE); - - okButton.setText(rb.getString("Pin.Button.OK")); - okButton.setName("okButton"); - okButton.setEnabled(false); - okButton.addActionListener(this); - - cancelButton.setText(rb.getString("Pin.Button.Cancel")); - cancelButton.setName("cancelButton"); - cancelButton.addActionListener(this); - - password.setText(""); - password.setDocument(new PinDocument()); - password.setName("password"); - password.addActionListener(this); - password.setDocument(new PinDocument()); - password.setRequestFocusEnabled(true); - password.requestFocus(); - - jLabel1.setFont(new Font("Tahoma", Font.BOLD, 14)); - String text = null; - Object[] args; - if (retries > 0) { - text = rb.getString("Pin.Text.Retries"); - args = new Object[2]; - args[0] = pinSpec.getLocalizedName(); - args[1] = new Integer(retries); - } else { - text = rb.getString("Pin.Text.NoRetries"); - args = new Object[1]; - args[0] = pinSpec.getLocalizedName(); - } - text = MessageFormat.format(text, args); - jLabel1.setText(text); // NOI18N - jLabel1.setName("jLabel1"); // NOI18N - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - InputStream is = getClass().getClassLoader().getResourceAsStream( - "at/gv/egiz/bku/local/logo.png"); - try { - StreamUtil.copyStream(is, os); - jLabel2.setIcon(new ImageIcon(os.toByteArray())); // NOI18N - } catch (Exception e) { - jLabel2.setText("Chipperling image missing"); // NOI18N - } - jLabel2.setName("jLabel2"); // NOI18N - - javax.swing.GroupLayout layout = new javax.swing.GroupLayout( - getContentPane()); - getContentPane().setLayout(layout); - layout.setHorizontalGroup(layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addGroup( - layout.createSequentialGroup().addContainerGap().addComponent(jLabel2) - .addGap(73, 73, 73).addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addComponent( - jLabel1).addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.TRAILING, false) - .addComponent(password, - javax.swing.GroupLayout.Alignment.LEADING) - .addGroup( - javax.swing.GroupLayout.Alignment.LEADING, - layout.createSequentialGroup().addComponent( - cancelButton).addGap(18, 18, 18).addComponent( - okButton)))).addContainerGap(31, - Short.MAX_VALUE))); - layout.setVerticalGroup(layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING).addGroup( - layout.createSequentialGroup().addContainerGap().addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jLabel2).addGroup( - layout.createSequentialGroup().addPreferredGap( - javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(jLabel1, - javax.swing.GroupLayout.PREFERRED_SIZE, 33, - javax.swing.GroupLayout.PREFERRED_SIZE).addGap(18, - 18, 18).addComponent(password, - javax.swing.GroupLayout.PREFERRED_SIZE, - javax.swing.GroupLayout.DEFAULT_SIZE, - javax.swing.GroupLayout.PREFERRED_SIZE).addGap(20, - 20, 20).addGroup( - layout.createParallelGroup( - javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(cancelButton).addComponent( - okButton)))).addGap(36, 36, 36))); - Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); - Dimension frameSize = getSize(); - if (frameSize.height > screenSize.height) { - frameSize.height = screenSize.height; - } - if (frameSize.width > screenSize.width) { - frameSize.width = screenSize.width; - } - setLocation((screenSize.width - frameSize.width) / 2, - (screenSize.height - frameSize.height) / 2); - setUndecorated(false); - pack(); - } - - public String getPIN() { - return pinString; - } - - private synchronized void finished(boolean ok) { - if (ok) { - pinString = password.getText(); - } else { - pinString = null; - } - finished = true; - notifyAll(); - } - - public synchronized void waitFinished() { - while (!finished) { - try { - wait(); - } catch (InterruptedException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - } - - @Override - public void actionPerformed(ActionEvent e) { - if (e.getSource() instanceof JButton) { - JButton pressed = (JButton) e.getSource(); - if (pressed.getName().equals("okButton")) { - finished(true); - } else if (pressed.getName().equals("cancelButton")) { - finished(false); - } - } else if (e.getSource() instanceof JPasswordField) { - JPasswordField pwf = (JPasswordField) e.getSource(); - if (pwf.getName().equals("password")) { - if (password.getPassword().length >= pinSpec.getMinLength()) { - finished(true); - } - } - } - } - -} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java index 28c714c1..b70a6274 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java @@ -123,6 +123,7 @@ public class ResultServlet extends SpringBKUServlet { resp.setContentType(bp.getResultContentType()); resp.setCharacterEncoding(encoding); bp.writeResultTo(resp.getOutputStream(), encoding); + resp.getOutputStream().flush(); session.invalidate(); getBindingProcessorManager().removeBindingProcessor(bp.getId()); } diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java index 38c568ab..8e61230c 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java @@ -21,6 +21,8 @@ package at.gv.egiz.stal.service.impl; +import java.util.Locale; + import at.gv.egiz.stal.STAL; import at.gv.egiz.stal.STALFactory; @@ -35,4 +37,7 @@ public class RequestBrokerSTALFactory implements STALFactory { return new STALRequestBrokerImpl(); } + @Override + public void setLocale(Locale locale) { + } } diff --git a/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java b/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java index 38c64262..4708d6e7 100644 --- a/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java +++ b/BKUViewer/src/test/java/at/gv/egiz/bku/slxhtml/ValidatorTest.java @@ -16,19 +16,20 @@ */ package at.gv.egiz.bku.slxhtml; -import static org.junit.Assert.*; +import static org.junit.Assert.assertNotNull; import java.io.InputStream; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; +import org.junit.Ignore; import org.junit.Test; import at.gv.egiz.bku.viewer.ValidationException; import at.gv.egiz.bku.viewer.Validator; import at.gv.egiz.bku.viewer.ValidatorFactory; - +@Ignore public class ValidatorTest { private static Log log = LogFactory.getLog(ValidatorTest.class); diff --git a/STAL/src/main/java/at/gv/egiz/stal/STALFactory.java b/STAL/src/main/java/at/gv/egiz/stal/STALFactory.java index e7b3edd1..f9cf00c6 100644 --- a/STAL/src/main/java/at/gv/egiz/stal/STALFactory.java +++ b/STAL/src/main/java/at/gv/egiz/stal/STALFactory.java @@ -15,8 +15,10 @@ * limitations under the License. */ package at.gv.egiz.stal; + +import java.util.Locale; public interface STALFactory { - - public STAL createSTAL(); + public STAL createSTAL(); + public void setLocale(Locale locale); } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java index 0082de26..22ee0d1d 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessorManagerImpl.java @@ -187,6 +187,7 @@ public class BindingProcessorManagerImpl implements BindingProcessorManager { } BindingProcessor bindingProcessor = new HTTPBindingProcessor(aSessionId, commandInvokerClass.newInstance(), url); + stalFactory.setLocale(locale); STAL stal = stalFactory.createSTAL(); bindingProcessor.init(stal, commandInvokerClass.newInstance()); if (locale != null) { diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index bb0314b5..775f4136 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -36,6 +36,8 @@ import javax.net.ssl.HttpsURLConnection; import org.apache.commons.httpclient.methods.multipart.FilePart; import org.apache.commons.httpclient.methods.multipart.Part; import org.apache.commons.httpclient.methods.multipart.StringPart; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.multipart.InputStreamPartSource; import at.gv.egiz.bku.binding.multipart.SLResultPart; @@ -49,6 +51,8 @@ import at.gv.egiz.bku.utils.binding.Protocol; * */ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { + + private final static Log log = LogFactory.getLog(DataUrlConnectionImpl.class); public final static Protocol[] SUPPORTED_PROTOCOLS = { Protocol.HTTP, Protocol.HTTPS }; @@ -80,10 +84,6 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { */ public void connect() throws SocketTimeoutException, IOException { connection = (HttpURLConnection) url.openConnection(); - - // FIXXME move this to config. - HttpURLConnection.setFollowRedirects(false); - connection.setDoOutput(true); Set headers = requestHttpHeaders.keySet(); Iterator headerIt = headers.iterator(); @@ -146,10 +146,14 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { Part[] parts = new Part[formParams.size()]; Part.sendParts(os, formParams.toArray(parts), boundary.getBytes()); os.close(); - // MultipartRequestEntity PostMethod - result = new DataUrlResponse(url.toString(), connection.getResponseCode(), - connection.getInputStream()); - + // MultipartRequestEntity PostMethod + InputStream is = null; + try { + is = connection.getInputStream(); + } catch (IOException iox) { + log.info(iox); + } + result = new DataUrlResponse(url.toString(), connection.getResponseCode(), is); Map responseHttpHeaders = new HashMap(); Map> httpHeaders = connection.getHeaderFields(); for (Iterator keyIt = httpHeaders.keySet().iterator(); keyIt diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java index 2330ed3f..8baa0137 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/xsect/Signature.java @@ -463,6 +463,31 @@ public class Signature { log.trace("Reference caching is not enabled."); } } + for (Reference reference : getReferences()) { + if (reference.getType() != null) { + InputStream digestInputStream = reference.getDigestInputStream(); + if (digestInputStream != null) { + StringBuilder sb = new StringBuilder(); + sb.append("DigestInput for Reference with id='"); + sb.append(reference.getId()); + sb.append("'; Type:"); + sb.append(reference.getType()); + sb.append("):\n"); + try { + byte[] b = new byte[512]; + for (int l; (l = digestInputStream.read(b)) != -1;) { + sb.append(new String(b, 0, l)); + } + } catch (IOException e) { + log.error(e); + } + log.trace(sb.toString()); + } else { + log.trace("Reference caching is not enabled."); + } + + } + } } } diff --git a/bkucommon/src/test/java/at/gv/egiz/bku/binding/DummyStalFactory.java b/bkucommon/src/test/java/at/gv/egiz/bku/binding/DummyStalFactory.java index 45dcdc3a..f832f364 100644 --- a/bkucommon/src/test/java/at/gv/egiz/bku/binding/DummyStalFactory.java +++ b/bkucommon/src/test/java/at/gv/egiz/bku/binding/DummyStalFactory.java @@ -16,6 +16,8 @@ */ package at.gv.egiz.bku.binding; +import java.util.Locale; + import at.gv.egiz.stal.STAL; import at.gv.egiz.stal.STALFactory; @@ -25,6 +27,12 @@ public class DummyStalFactory implements STALFactory { public STAL createSTAL() { // TODO Auto-generated method stub return new at.gv.egiz.stal.dummy.DummySTAL(); + } + + @Override + public void setLocale(Locale locale) { + // TODO Auto-generated method stub + } } -- cgit v1.2.3 From cf82096145bbdd548e388c1bc25f0e703b9b4624 Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 17 Sep 2008 17:17:10 +0000 Subject: hashdatainput digest verification git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@44 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../bku/online/applet/WSSignRequestHandler.java | 139 +++++++---- .../gv/egiz/stal/impl/ByteArrayHashDataInput.java | 58 +++++ .../bku/local/stal/LocalSignRequestHandler.java | 14 +- .../gv/egiz/stal/impl/ByteArrayHashDataInput.java | 58 ----- .../at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java | 2 +- .../bku/smccstal/CashedHashDataInputResolver.java | 27 ++ .../gv/egiz/bku/smccstal/SignRequestHandler.java | 273 ++++++++++++++++----- 7 files changed, 404 insertions(+), 167 deletions(-) create mode 100644 BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java delete mode 100644 STALService/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java create mode 100644 smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java (limited to 'BKULocal/src/main/java') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java index 5186de1a..6dae264c 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/WSSignRequestHandler.java @@ -16,15 +16,20 @@ */ package at.gv.egiz.bku.online.applet; -import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.bku.smccstal.SMCCSTALRequestHandler; import at.gv.egiz.bku.smccstal.SignRequestHandler; +import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.service.GetHashDataInputResponseType; import at.gv.egiz.stal.service.GetHashDataInputType; import at.gv.egiz.stal.service.STALPortType; +import at.gv.egiz.stal.signedinfo.DigestMethodType; import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.DigestException; +import java.security.MessageDigest; import java.util.ArrayList; +import java.util.Arrays; +import java.util.HashMap; import java.util.List; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -35,57 +40,101 @@ import org.apache.commons.logging.LogFactory; */ public class WSSignRequestHandler extends SignRequestHandler { - private static final Log log = LogFactory.getLog(WSSignRequestHandler.class); - STALPortType stalPort; - String sessId; + private static final Log log = LogFactory.getLog(WSSignRequestHandler.class); + STALPortType stalPort; + String sessId; - public WSSignRequestHandler(String sessId, STALPortType stalPort) { - if (stalPort == null || sessId == null) { - throw new NullPointerException("STAL port must not be null"); - } - this.sessId = sessId; - this.stalPort = stalPort; + public WSSignRequestHandler(String sessId, STALPortType stalPort) { + if (stalPort == null || sessId == null) { + throw new NullPointerException("STAL port must not be null"); } + this.sessId = sessId; + this.stalPort = stalPort; + } - @Override - protected List getHashDataInputs(List dsigReferences) throws Exception { - GetHashDataInputType request = new GetHashDataInputType(); - request.setSessionId(sessId); - for (ReferenceType dsigRef : dsigReferences) { - //don't get Manifest, QualifyingProperties, ... - if (dsigRef.getType() == null) { - String dsigRefId = dsigRef.getId(); - if (dsigRefId != null) { - GetHashDataInputType.Reference reference = new GetHashDataInputType.Reference(); - reference.setID(dsigRefId); - request.getReference().add(reference); - } else { - throw new Exception("Cannot get HashDataInput for dsig:Reference without Id attribute"); - } - } - } + @Override + public List getCashedHashDataInputs(List signedReferences) throws Exception { - if (log.isDebugEnabled()) { - log.debug("Calling GetHashDataInput for session " + sessId); - } - GetHashDataInputResponseType response = stalPort.getHashDataInput(request); - ArrayList hashDataInputs = new ArrayList(); - for (GetHashDataInputResponseType.Reference reference : response.getReference()) { - byte[] hdi = reference.getValue(); - String id = reference.getID(); - String mimeType = reference.getMimeType(); - String encoding = reference.getEncoding(); + GetHashDataInputType request = new GetHashDataInputType(); + request.setSessionId(sessId); + + HashMap idRefMap = new HashMap(); + for (ReferenceType reference : signedReferences) { + //don't get Manifest, QualifyingProperties, ... + if (reference.getType() == null) { + String referenceId = reference.getId(); + if (referenceId != null) { + idRefMap.put(referenceId, reference); + GetHashDataInputType.Reference ref = new GetHashDataInputType.Reference(); + ref.setID(referenceId); + request.getReference().add(ref); - if (log.isDebugEnabled()) { - log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")"); - } - hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding)); + } else { + throw new Exception("Cannot resolve HashDataInput for reference without Id attribute"); } - return hashDataInputs; + } } - @Override - public SMCCSTALRequestHandler newInstance() { - return new WSSignRequestHandler(this.sessId, this.stalPort); + if (log.isDebugEnabled()) { + log.debug("Calling GetHashDataInput for session " + sessId); } + GetHashDataInputResponseType response = stalPort.getHashDataInput(request); + ArrayList hashDataInputs = new ArrayList(); + + for (GetHashDataInputResponseType.Reference reference : response.getReference()) { + + String id = reference.getID(); + byte[] hdi = reference.getValue(); + if (hdi == null) { + throw new Exception("Failed to resolve digest value for reference " + id); + } + String mimeType = reference.getMimeType(); + String encoding = reference.getEncoding(); + + if (log.isDebugEnabled()) { + log.debug("Got HashDataInput " + id + " (" + mimeType + ";" + encoding + ")"); + } + + ReferenceType dsigRef = idRefMap.get(id); + DigestMethodType dm = dsigRef.getDigestMethod(); + if (dm == null) { + throw new Exception("Failed to verify digest value for reference " + id + ": no digest algorithm"); + } + //TODO + String mdAlg = dm.getAlgorithm(); + if ("http://www.w3.org/2000/09/xmldsig#sha1".equals(mdAlg)) + mdAlg = "SHA-1"; + else if ("http://www.w3.org/2001/04/xmlenc#sha256".equals(mdAlg)) + mdAlg = "SHA-256"; + else if ("http://www.w3.org/2001/04/xmlenc#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha224 ".equals(mdAlg)) + mdAlg = "SHA-224"; + else if ("http://www.w3.org/2001/04/xmldsig-more#sha384".equals(mdAlg)) + mdAlg = "SHA-384"; + else if ("http://www.w3.org/2001/04/xmlenc#sha512".equals(mdAlg)) + mdAlg = "SHA-512"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md2 ".equals(mdAlg)) + mdAlg = "MD2"; + else if ("http://www.w3.org/2001/04/xmldsig-more#md5".equals(mdAlg)) + mdAlg = "MD5"; + else if ("http://www.w3.org/2001/04/xmlenc#ripemd160 ".equals(mdAlg)) + mdAlg = "RipeMD-160"; + MessageDigest md = MessageDigest.getInstance(mdAlg); + byte[] hdiDigest = md.digest(hdi); + if (log.isDebugEnabled()) + log.debug("Comparing digest values... "); + if (!Arrays.equals(hdiDigest, dsigRef.getDigestValue())) { + log.error("digest values differ: " + new String(hdiDigest) + ", " + new String(dsigRef.getDigestValue())); + throw new DigestException("Bad digest value for reference " + id + ": " + dsigRef.getDigestValue()); + } + hashDataInputs.add(new ByteArrayHashDataInput(hdi, id, mimeType, encoding)); + } + return hashDataInputs; + } + + @Override + public SMCCSTALRequestHandler newInstance() { + return new WSSignRequestHandler(this.sessId, this.stalPort); + } } diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java b/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java new file mode 100644 index 00000000..b0285345 --- /dev/null +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java @@ -0,0 +1,58 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.stal.impl; + +import at.gv.egiz.stal.HashDataInput; +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +/** + * + * @author clemens + */ +public class ByteArrayHashDataInput implements HashDataInput { + + protected byte[] hashData; + protected String id; + protected String mimeType; + protected String encoding; + + public ByteArrayHashDataInput(byte[] hashData, String id, String mimeType, String encoding) { + if (hashData == null) { + throw new NullPointerException("HashDataInput not provided."); + } + this.hashData = hashData; + this.id = id; + this.mimeType = mimeType; + this.encoding = encoding; + } + + @Override + public String getReferenceId() { + return id; + } + + @Override + public String getMimeType() { + return mimeType; + } + + @Override + public InputStream getHashDataInput() { + return new ByteArrayInputStream(hashData); + } + + /** + * may be null + * @return + */ + @Override + public String getEncoding() { + return encoding; + } + + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java index f8546e49..a288a716 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java @@ -29,7 +29,10 @@ import at.gv.egiz.stal.HashDataInput; import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.io.ByteArrayOutputStream; +import java.io.InputStream; /** * @@ -55,7 +58,7 @@ public class LocalSignRequestHandler extends SignRequestHandler { } @Override - protected List getHashDataInputs( + public List getCashedHashDataInputs( List dsigReferences) throws Exception { ArrayList result = new ArrayList(); for (ReferenceType dsigRef : dsigReferences) { @@ -65,7 +68,14 @@ public class LocalSignRequestHandler extends SignRequestHandler { if (dsigRefId != null) { for (HashDataInput hdi : hashDataInput) { if (hdi.getReferenceId().equals(dsigRefId)) { - result.add(hdi); + InputStream hdIs = hdi.getHashDataInput(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available()); + int b; + while ((b = hdIs.read()) != -1) { + baos.write(b); + } + ByteArrayHashDataInput baHdi = new ByteArrayHashDataInput(baos.toByteArray(), hdi.getReferenceId(), hdi.getMimeType(), hdi.getEncoding()); + result.add(baHdi); } } } else { diff --git a/STALService/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java b/STALService/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java deleted file mode 100644 index b0285345..00000000 --- a/STALService/src/main/java/at/gv/egiz/stal/impl/ByteArrayHashDataInput.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * To change this template, choose Tools | Templates - * and open the template in the editor. - */ - -package at.gv.egiz.stal.impl; - -import at.gv.egiz.stal.HashDataInput; -import java.io.ByteArrayInputStream; -import java.io.InputStream; - -/** - * - * @author clemens - */ -public class ByteArrayHashDataInput implements HashDataInput { - - protected byte[] hashData; - protected String id; - protected String mimeType; - protected String encoding; - - public ByteArrayHashDataInput(byte[] hashData, String id, String mimeType, String encoding) { - if (hashData == null) { - throw new NullPointerException("HashDataInput not provided."); - } - this.hashData = hashData; - this.id = id; - this.mimeType = mimeType; - this.encoding = encoding; - } - - @Override - public String getReferenceId() { - return id; - } - - @Override - public String getMimeType() { - return mimeType; - } - - @Override - public InputStream getHashDataInput() { - return new ByteArrayInputStream(hashData); - } - - /** - * may be null - * @return - */ - @Override - public String getEncoding() { - return encoding; - } - - -} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java index 56c8340b..ac2b725c 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/AbstractSMCCSTAL.java @@ -45,7 +45,7 @@ public abstract class AbstractSMCCSTAL implements STAL { static { addRequestHandler(InfoboxReadRequest.class, new InfoBoxReadRequestHandler()); - addRequestHandler(SignRequest.class, new SignRequestHandler()); +// addRequestHandler(SignRequest.class, new SignRequestHandler()); } /** diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java new file mode 100644 index 00000000..05af85d9 --- /dev/null +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/CashedHashDataInputResolver.java @@ -0,0 +1,27 @@ +/* + * To change this template, choose Tools | Templates + * and open the template in the editor. + */ + +package at.gv.egiz.bku.smccstal; + +import at.gv.egiz.stal.HashDataInput; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; +import at.gv.egiz.stal.signedinfo.ReferenceType; +import java.security.DigestException; +import java.util.List; +import java.util.Set; + +/** + * + * @author clemens + */ +public interface CashedHashDataInputResolver { + + /** + * implementations may verify the hashvalue + * @post-condition returned list != null + * @return + */ + List getCashedHashDataInputs(List signedReferences) throws DigestException, Exception; +} diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java index d37d0551..59eed55f 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java @@ -21,8 +21,6 @@ import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.util.logging.Level; -import java.util.logging.Logger; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBException; @@ -43,21 +41,26 @@ import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; import at.gv.egiz.stal.SignResponse; +import at.gv.egiz.stal.impl.ByteArrayHashDataInput; import at.gv.egiz.stal.signedinfo.ObjectFactory; import at.gv.egiz.stal.signedinfo.ReferenceType; import at.gv.egiz.stal.signedinfo.SignedInfoType; import at.gv.egiz.stal.util.JCEAlgorithmNames; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.security.DigestException; +import java.security.DigestInputStream; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; +import java.util.Set; /** * This class is NOT thread-safe. * handleRequest() sets the SignedInfo which is used in providePIN. */ -public class SignRequestHandler extends AbstractRequestHandler implements - PINProvider { +public abstract class SignRequestHandler extends AbstractRequestHandler implements + CashedHashDataInputResolver { private static Log log = LogFactory.getLog(SignRequestHandler.class); private static JAXBContext jaxbContext; @@ -71,10 +74,10 @@ public class SignRequestHandler extends AbstractRequestHandler implements } } /** the SignedInfo of the current SignRequest */ - protected SignedInfoType signedInfo; - protected List hashDataInputs; +// protected SignedInfoType signedInfo; +// protected List hashDataInputs; - private int retryCounter = 0; +// private int retryCounter = 0; @SuppressWarnings("unchecked") @Override @@ -86,8 +89,7 @@ public class SignRequestHandler extends AbstractRequestHandler implements Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); InputStream is = new ByteArrayInputStream(signReq.getSignedInfo()); JAXBElement si = (JAXBElement) unmarshaller.unmarshal(is); - signedInfo = si.getValue(); - String signatureMethod = signedInfo.getSignatureMethod().getAlgorithm(); + String signatureMethod = si.getValue().getSignatureMethod().getAlgorithm(); log.debug("Found signature method: " + signatureMethod); String jceName = JCEAlgorithmNames.getJCEHashName(signatureMethod); if (jceName == null) { @@ -97,7 +99,7 @@ public class SignRequestHandler extends AbstractRequestHandler implements MessageDigest md = MessageDigest.getInstance(jceName); md.update(signReq.getSignedInfo()); KeyboxName kb = SignatureCard.KeyboxName.getKeyboxName(signReq.getKeyIdentifier()); - byte[] resp = card.createSignature(md.digest(), kb, this); + byte[] resp = card.createSignature(md.digest(), kb, new STALPinProvider(si.getValue())); if (resp == null) { return new ErrorResponse(6001); } @@ -116,9 +118,7 @@ public class SignRequestHandler extends AbstractRequestHandler implements } catch (NoSuchAlgorithmException e) { log.error(e); return new ErrorResponse(1000); - } finally { - signedInfo = null; - } + } } else { log.fatal("Got unexpected STAL request: " + request); return new ErrorResponse(1000); @@ -130,59 +130,210 @@ public class SignRequestHandler extends AbstractRequestHandler implements return true; } - @Override - public String providePIN(PINSpec spec, int retries) { - if (retryCounter++ > 0) { - log.info("PIN wrong retrying ..."); - gui.showSignaturePINRetryDialog(spec, retries, this, "sign", this, - "cancel", this, "hashData"); - } else { - gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, - "hashData"); - } - do { - waitForAction(); - if (actionCommand.equals("cancel")) { - return null; - } else if (actionCommand.equals("hashData")) { - if (signedInfo != null) { - try { - gui.showWaitDialog(null); - if (hashDataInputs == null || hashDataInputs.size() == 0) { - hashDataInputs = getHashDataInputs(signedInfo.getReference()); - } - gui.showHashDataInputDialog(hashDataInputs, this, "ok"); - } catch (Exception ex) { - //FIXME localize messages - log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); - gui.showErrorDialog("Failed to obtain HashDataInputs: " + ex.getMessage(), this, "ok"); - } - } else { - //FIXME get all hashdatainputs - gui.showErrorDialog("Failed to obtain HashDataInputs: No dsig:SignedInfo provided.", this, "ok"); - } - } else if (actionCommand.equals("sign")) { - return new String(gui.getPin()); - } else if (actionCommand.equals("ok")) { - gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, - "hashData"); - } - } while (true); - } +// @Override +// public String providePIN(PINSpec spec, int retries) { +// if (retryCounter++ > 0) { +// log.info("PIN wrong retrying ..."); +// gui.showSignaturePINRetryDialog(spec, retries, this, "sign", this, +// "cancel", this, "hashData"); +// } else { +// gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, +// "hashData"); +// } +// do { +// waitForAction(); +// if (actionCommand.equals("cancel")) { +// return null; +// } else if (actionCommand.equals("hashData")) { +// if (signedInfo != null) { +// try { +// gui.showWaitDialog(null); +// if (hashDataInputs == null || hashDataInputs.size() == 0) { +// HashMap signedReferences = new HashMap(); +// for (ReferenceType reference : signedInfo.getReference()) { +// //don't get Manifest, QualifyingProperties, ... +// if (reference.getType() == null) { +// signedReferences.put(reference.getId(), reference); +// } +// } +// hashDataInputs = getHashDataInputs(signedReferences.keySet()); +// for (HashDataInput hashDataInput : hashDataInputs) { +// ReferenceType reference = signedReferences.get(hashDataInput.getReferenceId()); +// String algorithm = reference.getDigestMethod().getAlgorithm(); +// MessageDigest md = MessageDigest.getInstance(algorithm); +// DigestInputStream dis = new DigestInputStream(hashDataInput.getHashDataInput(), md); +// while(dis.read() != -1) ; +// byte[] digestValue = md.digest(); +// boolean valid = reference.getDigestValue().equals(digestValue); +// } +// } +// gui.showHashDataInputDialog(hashDataInputs, this, "ok"); +// } catch (Exception ex) { +// //FIXME localize messages +// log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); +// gui.showErrorDialog("Failed to obtain HashDataInputs: " + ex.getMessage(), this, "ok"); +// } +// } else { +// //FIXME get all hashdatainputs +// gui.showErrorDialog("Failed to obtain HashDataInputs: No dsig:SignedInfo provided.", this, "ok"); +// } +// } else if (actionCommand.equals("sign")) { +// return new String(gui.getPin()); +// } else if (actionCommand.equals("ok")) { +// gui.showSignaturePINDialog(spec, this, "sign", this, "cancel", this, +// "hashData"); +// } +// } while (true); +// } - @Override - public SMCCSTALRequestHandler newInstance() { - return new SignRequestHandler(); - } +// @Override +// public SMCCSTALRequestHandler newInstance() { +// return new SignRequestHandler(); +// } /** - * override by subclass + * implementations may verify the hashvalue * @post-condition returned list != null * @return */ - protected List getHashDataInputs(List signedReferences) throws Exception { - //TODO - log.warn("Return empty HashDataInput"); - return new ArrayList(); + @Override + public abstract List getCashedHashDataInputs(List signedReferences) throws Exception; +// { +// //TODO +// log.warn("Return empty HashDataInput"); +// return new ArrayList(); +// } + + + +// protected void validateHashDataInputs(List signedReferences, List hashDataInputs) { +// if (hashDataInputs != null) { +// +// Map hashDataIdMap = new HashMap(); +// for (HashDataInput hdi : hashDataInputs) { +// if (log.isTraceEnabled()) { +// log.trace("Provided HashDataInput for reference " + hdi.getReferenceId()); +// } +// hashDataIdMap.put(hdi.getReferenceId(), hdi); +// } +// +// List reqRefs = request.getReference(); +// for (GetHashDataInputType.Reference reqRef : reqRefs) { +// String reqRefId = reqRef.getID(); +// HashDataInput reqHdi = hashDataIdMap.get(reqRefId); +// if (reqHdi == null) { +// String msg = "Failed to resolve HashDataInput for reference " + reqRefId; +// log.error(msg); +// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); +// faultInfo.setErrorCode(1); +// faultInfo.setErrorMessage(msg); +// throw new GetHashDataInputFault(msg, faultInfo); +// } +// +// InputStream hashDataIS = reqHdi.getHashDataInput(); +// if (hashDataIS == null) { +// //HashDataInput not cached? +// String msg = "Failed to obtain HashDataInput for reference " + reqRefId + ", reference not cached"; +// log.error(msg); +// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); +// faultInfo.setErrorCode(1); +// faultInfo.setErrorMessage(msg); +// throw new GetHashDataInputFault(msg, faultInfo); +// } +// ByteArrayOutputStream baos = null; +// try { +// if (log.isDebugEnabled()) { +// log.debug("Resolved HashDataInput " + reqRefId + " (" + reqHdi.getMimeType() + ";charset=" + reqHdi.getEncoding() + ")"); +// } +// baos = new ByteArrayOutputStream(hashDataIS.available()); +// int c; +// while ((c = hashDataIS.read()) != -1) { +// baos.write(c); +// } +// GetHashDataInputResponseType.Reference ref = new GetHashDataInputResponseType.Reference(); +// ref.setID(reqRefId); +// ref.setMimeType(reqHdi.getMimeType()); +// ref.setEncoding(reqHdi.getEncoding()); +// ref.setValue(baos.toByteArray()); +// response.getReference().add(ref); +// } catch (IOException ex) { +// String msg = "Failed to get HashDataInput for reference " + reqRefId; +// log.error(msg, ex); +// GetHashDataInputFaultType faultInfo = new GetHashDataInputFaultType(); +// faultInfo.setErrorCode(1); +// faultInfo.setErrorMessage(msg); +// throw new GetHashDataInputFault(msg, faultInfo, ex); +// } finally { +// try { +// baos.close(); +// } catch (IOException ex) { +// } +// } +// } +// return response; +// } +// for (ReferenceType reference : signedReferences) { +// String algorithm = reference.getDigestMethod().getAlgorithm(); +// +// } +// } + + + /** + * cashes the HashDataInputs provided by SignRequestHandler.this.getHashDataInputs() + * (don't know whether outer class is LocalSignRequestHandler or WSSignRequestHandler, providing DataObjectHDI or ByteArrayHDI, resp) + */ + class STALPinProvider implements PINProvider { + + protected SignedInfoType signedInfo; + protected List hashDataInputs; + private int retryCounter = 0; + + public STALPinProvider(SignedInfoType signedInfo) { + this.signedInfo = signedInfo; + } + + @Override + public String providePIN(PINSpec spec, int retries) { + if (retryCounter++ > 0) { + log.info("PIN wrong retrying ..."); + gui.showSignaturePINRetryDialog(spec, retries, SignRequestHandler.this, "sign", SignRequestHandler.this, + "cancel", SignRequestHandler.this, "hashData"); + } else { + gui.showSignaturePINDialog(spec, SignRequestHandler.this, "sign", SignRequestHandler.this, "cancel", SignRequestHandler.this, + "hashData"); } + do { + waitForAction(); + if (actionCommand.equals("cancel")) { + return null; + } else if (actionCommand.equals("hashData")) { + if (signedInfo != null) { + try { + gui.showWaitDialog(null); + if (hashDataInputs == null || hashDataInputs.size() == 0) { + hashDataInputs = getCashedHashDataInputs(signedInfo.getReference()); + } + gui.showHashDataInputDialog(hashDataInputs, SignRequestHandler.this, "ok"); + } catch (DigestException ex) { + log.error("Bad digest value: " + ex.getMessage()); + gui.showErrorDialog(ex.getMessage()); + } catch (Exception ex) { + //FIXME localize messages + log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); + gui.showErrorDialog("Failed to obtain HashDataInputs: " + ex.getMessage(), SignRequestHandler.this, "ok"); + } + } else { + //FIXME get all hashdatainputs + gui.showErrorDialog("Failed to obtain HashDataInputs: No dsig:SignedInfo provided.", SignRequestHandler.this, "ok"); + } + } else if (actionCommand.equals("sign")) { + return new String(gui.getPin()); + } else if (actionCommand.equals("ok")) { + gui.showSignaturePINDialog(spec, SignRequestHandler.this, "sign", SignRequestHandler.this, "cancel", SignRequestHandler.this, + "hashData"); + } + } while (true); + } + } } -- cgit v1.2.3 From a20fb683943ce0893302b6dc25015c998cd9687f Mon Sep 17 00:00:00 2001 From: clemenso Date: Thu, 18 Sep 2008 09:25:55 +0000 Subject: hashdatainput cached git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@46 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../src/main/java/at/gv/egiz/bku/gui/BKUGUI.java | 6 +++-- .../bku/local/stal/LocalSignRequestHandler.java | 28 ++++++++++++++++------ .../src/main/resources/commons-logging.properties | 16 +++++++++++++ BKULocal/src/main/resources/log4j.properties | 2 +- .../slcommands/impl/DataObjectHashDataInput.java | 6 +++-- 5 files changed, 46 insertions(+), 12 deletions(-) create mode 100644 BKULocal/src/main/resources/commons-logging.properties (limited to 'BKULocal/src/main/java') diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java index 5fb67982..be4aeded 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java @@ -871,8 +871,10 @@ public class BKUGUI implements BKUGUIFacade { .addComponent(waitMsgLabel) .addContainerGap()); //, GroupLayout.DEFAULT_SIZE, GroupLayout.PREFERRED_SIZE, Short.MAX_VALUE)); mainPanelLayout.setVerticalGroup( - mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) - .addComponent(waitMsgLabel)); + mainPanelLayout.createSequentialGroup() +// mainPanelLayout.createParallelGroup(GroupLayout.Alignment.LEADING) + .addComponent(waitMsgLabel) + .addContainerGap()); contentPanel.validate(); } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java index a288a716..ca420f13 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/LocalSignRequestHandler.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.bku.local.stal; +import at.gv.egiz.bku.slcommands.impl.DataObjectHashDataInput; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -68,14 +69,27 @@ public class LocalSignRequestHandler extends SignRequestHandler { if (dsigRefId != null) { for (HashDataInput hdi : hashDataInput) { if (hdi.getReferenceId().equals(dsigRefId)) { - InputStream hdIs = hdi.getHashDataInput(); - ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available()); - int b; - while ((b = hdIs.read()) != -1) { - baos.write(b); + if (hdi instanceof DataObjectHashDataInput) { + if (log.isTraceEnabled()) + log.trace("adding DataObjectHashDataInput"); + result.add(hdi); + } else if (hdi instanceof ByteArrayHashDataInput) { + if (log.isTraceEnabled()) + log.trace("adding ByteArrayHashDataInput"); + result.add(hdi); + } else { + if (log.isDebugEnabled()) + log.debug("provided HashDataInput not chaching enabled, creating ByteArrayHashDataInput"); + + InputStream hdIs = hdi.getHashDataInput(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(hdIs.available()); + int b; + while ((b = hdIs.read()) != -1) { + baos.write(b); + } + ByteArrayHashDataInput baHdi = new ByteArrayHashDataInput(baos.toByteArray(), hdi.getReferenceId(), hdi.getMimeType(), hdi.getEncoding()); + result.add(baHdi); } - ByteArrayHashDataInput baHdi = new ByteArrayHashDataInput(baos.toByteArray(), hdi.getReferenceId(), hdi.getMimeType(), hdi.getEncoding()); - result.add(baHdi); } } } else { diff --git a/BKULocal/src/main/resources/commons-logging.properties b/BKULocal/src/main/resources/commons-logging.properties new file mode 100644 index 00000000..0d497b1b --- /dev/null +++ b/BKULocal/src/main/resources/commons-logging.properties @@ -0,0 +1,16 @@ +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +org.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger diff --git a/BKULocal/src/main/resources/log4j.properties b/BKULocal/src/main/resources/log4j.properties index 49d763f8..3a730bac 100644 --- a/BKULocal/src/main/resources/log4j.properties +++ b/BKULocal/src/main/resources/log4j.properties @@ -14,7 +14,7 @@ # limitations under the License. # loglever DEBUG, appender STDOUT -log4j.rootLogger=TRACE, STDOUT, file +log4j.rootLogger=DEBUG, STDOUT, file # STDOUT appender log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java index 71b62911..0386bdd6 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/DataObjectHashDataInput.java @@ -10,7 +10,9 @@ import at.gv.egiz.stal.HashDataInput; import java.io.InputStream; /** - * + * DataObject-backed HashDataInput + * If reference caching is enabled, + * the hashdata input stream can be obtained repeatedly. * @author clemens */ public class DataObjectHashDataInput implements HashDataInput { @@ -34,7 +36,7 @@ public class DataObjectHashDataInput implements HashDataInput { } /** - * + * may be called repeatedly * @return the pre-digested input stream if reference caching is enabled, null otherwise */ @Override -- cgit v1.2.3 From c5e7fe66617ab4b0d54350f8248d281b76cc5055 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 18 Sep 2008 12:05:03 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@49 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKULocal/pom.xml | 147 ++++---- .../accesscontroller/SpringSecurityManager.java | 65 ++++ .../egiz/bku/local/conf/ConfigurationUpdater.java | 44 --- .../at/gv/egiz/bku/local/conf/Configurator.java | 375 ++++++--------------- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 336 ++++++++++++++++++ .../at/gv/egiz/bku/local/stal/BKUGuiProxy.java | 6 +- .../java/at/gv/egiz/bku/local/stal/SMCCSTAL.java | 11 +- .../at/gv/egiz/bku/local/stal/SMCCSTALFactory.java | 4 +- .../at/gv/egiz/bku/local/Userdialog.properties | 27 -- .../resources/at/gv/egiz/bku/local/baseconfig.xml | 38 --- .../gv/egiz/bku/local/conf/accessControlConfig.xml | 96 ++++++ .../local/conf/certs/CACerts/A-Trust-Qual-01a.cer | Bin 0 -> 1111 bytes .../local/conf/certs/CACerts/A-Trust-Qual-02a.cer | Bin 0 -> 975 bytes .../local/conf/certs/CACerts/A-Trust-Qual-03a.cer | Bin 0 -> 975 bytes .../local/conf/certs/CACerts/A-Trust-nQual-01a.cer | Bin 0 -> 865 bytes .../local/conf/certs/CACerts/A-Trust-nQual-03.cer | Bin 0 -> 979 bytes .../local/conf/certs/certStore/a-sign-SSL-03.cer | 26 ++ .../conf/certs/certStore/a-sign-corporate-03.cer | 27 ++ .../certs/certStore/a-sign-corporate-light-01a.cer | 21 ++ .../certs/certStore/a-sign-corporate-light-02a.cer | 27 ++ .../certs/certStore/a-sign-corporate-light-03.cer | 27 ++ .../certStore/a-sign-corporate-medium-01a.cer | 21 ++ .../certStore/a-sign-corporate-medium-02a.cer | 27 ++ .../gv/egiz/bku/local/conf/defaultConf.properties | 53 +++ .../main/resources/at/gv/egiz/bku/local/logo.png | Bin 4035 -> 0 bytes .../resources/at/gv/egiz/bku/local/truststore.jks | Bin 1037 -> 0 bytes .../src/main/webapp/WEB-INF/applicationContext.xml | 42 +-- BKULocal/src/test/java/ConfigTest.java | 49 --- BKULocal/src/test/java/JustASandbox.java | 78 ----- 29 files changed, 926 insertions(+), 621 deletions(-) create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png delete mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks delete mode 100644 BKULocal/src/test/java/ConfigTest.java delete mode 100644 BKULocal/src/test/java/JustASandbox.java (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 341e574a..49ec95a0 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -1,84 +1,69 @@ - - bku - at.gv.egiz - 1.0-SNAPSHOT - - 4.0.0 - at.gv.egiz - BKULocal - war - BKU Local - 1.0-SNAPSHOT - - - - at.gv.egiz - STAL - 1.0-SNAPSHOT - - - at.gv.egiz - bkucommon - 1.0-SNAPSHOT - - - at.gv.egiz - smcc - 1.0-SNAPSHOT - - - at.gv.egiz - smccSTAL - 1.0-SNAPSHOT - - - org.springframework - spring-core - 2.5.5 - - - javax.servlet - servlet-api - 2.5 - provided - - - org.springframework - spring-web - 2.5.5 - - - commons-configuration - commons-configuration - 1.5 - - - commons-logging - commons-logging - - - org.springframework - spring-support - 2.0.8 - - - opensymphony - quartz - 1.5.0 - - - org.springframework - spring-tx - 2.5.5 - - - at.gv.egiz - BKUApplet - 1.0-SNAPSHOT - - + xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + + bku + at.gv.egiz + 1.0-SNAPSHOT + + 4.0.0 + at.gv.egiz + BKULocal + war + BKU Local + 1.0-SNAPSHOT + + + + at.gv.egiz + STAL + 1.0-SNAPSHOT + + + at.gv.egiz + bkucommon + 1.0-SNAPSHOT + + + at.gv.egiz + smcc + 1.0-SNAPSHOT + + + at.gv.egiz + smccSTAL + 1.0-SNAPSHOT + + + org.springframework + spring-core + 2.5.5 + + + javax.servlet + servlet-api + 2.5 + provided + + + org.springframework + spring-web + 2.5.5 + + + commons-logging + commons-logging + + + at.gv.egiz + BKUApplet + 1.0-SNAPSHOT + + + at.gv.egiz + BKUViewer + 1.0-SNAPSHOT + + \ No newline at end of file diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java new file mode 100644 index 00000000..b547bf6a --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java @@ -0,0 +1,65 @@ +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.local.accesscontroller; + +import java.io.IOException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; +import org.springframework.context.ResourceLoaderAware; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; +import at.gv.egiz.bku.local.conf.Configurator; + +public class SpringSecurityManager extends SecurityManagerFacade implements + ResourceLoaderAware { + + private ResourceLoader resourceLoader; + + private static Log log = LogFactory.getLog(SpringSecurityManager.class); + + protected Configurator config; + + public void setConfig(Configurator config) { + this.config = config; + } + + public void init() { + String noMatch = config.getProperty("AccessController.acceptNoMatch"); + if (noMatch != null) { + log.debug("Setting allow now match to: " + noMatch); + setAllowUnmatched(Boolean.getBoolean(noMatch)); + } + String policy = config.getProperty("AccessController.policyResource"); + log.info("Loading resource: " + policy); + try { + Resource res = resourceLoader.getResource(policy); + init(res.getInputStream()); + } catch (IOException e) { + log.error(e); + } + } + + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } + +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java deleted file mode 100644 index 3214f4bc..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/ConfigurationUpdater.java +++ /dev/null @@ -1,44 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.conf; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.quartz.JobExecutionContext; -import org.quartz.JobExecutionException; -import org.springframework.scheduling.quartz.QuartzJobBean; - -public class ConfigurationUpdater extends QuartzJobBean { - private static Log log = LogFactory.getLog(ConfigurationUpdater.class); - private Configurator config; - - @Override - protected void executeInternal(JobExecutionContext arg0) - throws JobExecutionException { - log.trace("Checking config update"); - config.checkUpdate(); - } - - public Configurator getConfig() { - return config; - } - - public void setConfig(Configurator config) { - this.config = config; - } - -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java index e9510101..57a0f84f 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java @@ -1,274 +1,103 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.local.conf; - -import iaik.security.ecc.provider.ECCProvider; -import iaik.xml.crypto.XSecProvider; - -import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.net.HttpURLConnection; -import java.security.KeyStore; -import java.security.Provider; -import java.security.Security; -import java.security.cert.CertStore; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.Enumeration; -import java.util.LinkedList; -import java.util.List; - -import javax.net.ssl.CertPathTrustManagerParameters; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.ManagerFactoryParameters; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManagerFactory; - -import org.apache.commons.configuration.ConfigurationException; -import org.apache.commons.configuration.XMLConfiguration; -import org.apache.commons.configuration.reloading.FileChangedReloadingStrategy; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; -import at.gv.egiz.smcc.SWCard; -import at.gv.egiz.smcc.util.SMCCHelper; - -public class Configurator { - private Log log = LogFactory.getLog(Configurator.class); - private XMLConfiguration baseConfig; - private XMLConfiguration specialConfig; - private boolean autoSave = false; - - public Configurator() { - super(); - init(); - configure(); - } - - private void init() { - log.debug("Initializing configuration"); - - baseConfig = new XMLConfiguration(); - try { - baseConfig.load(getClass().getClassLoader().getResourceAsStream( - "./at/gv/egiz/bku/local/baseconfig.xml")); - log.debug("Successfully loaded base configuration"); - } catch (ConfigurationException e) { - log.error("Cannot load base configuration", e); - } - autoSave = baseConfig.getBoolean("OverrideConfigurationFile[@autosave]"); - try { - specialConfig = new XMLConfiguration(); - specialConfig.setFileName(baseConfig - .getString("OverrideConfigurationFile")); - specialConfig.load(); - } catch (Exception e) { - log.debug("Cannot get special configuration at: " - + baseConfig.getString("OverrideConfigurationFile") + ": " + e); - log.debug("Creating new special configuration"); - try { - specialConfig = new XMLConfiguration(baseConfig); - specialConfig.setFileName(baseConfig - .getString("OverrideConfigurationFile")); - specialConfig.save(); - } catch (ConfigurationException e1) { - log.error("Cannot load defaults " + e1); - } - } - specialConfig.setReloadingStrategy(new FileChangedReloadingStrategy()); - specialConfig.setAutoSave(autoSave); - } - - protected void configUrlConnections() { - HttpsURLConnection.setFollowRedirects(false); - HttpURLConnection.setFollowRedirects(false); - } - - protected KeyStore loadKeyStore(String fileName, String type, String password) { - KeyStore ks = null; - try { - ks = KeyStore.getInstance(type); - InputStream is = new FileInputStream(fileName); - if (is == null) { - log.warn("Cannot load keystore from: " + fileName); - } - ks.load(is, password.toCharArray()); - for (Enumeration alias = ks.aliases(); alias.hasMoreElements();) { - log.debug("Found keystore alias: " + alias.nextElement()); - } - } catch (Exception e) { - log.error("Cannot config keystore", e); - return null; - } - return ks; - } - - protected void configSSL() { - String trustStoreName = specialConfig.getString("SSL.trustStoreFile"); - String trustStoreType = specialConfig.getString("SSL.trustStoreType"); - String trustStorePass = specialConfig.getString("SSL.trustStorePass"); - String certStoreDirectory = specialConfig - .getString("SSL.certStoreDirectory"); - String keyStoreName = specialConfig.getString("SSL.keyStoreFile"); - String keyStoreType = specialConfig.getString("SSL.keyStoreType"); - String keyStorePass = specialConfig.getString("SSL.keyStorePass"); - - String caIncludeDir = specialConfig.getString("SSL.caIncludeDirectory"); - - KeyStore trustStore = loadKeyStore(trustStoreName, trustStoreType, - trustStorePass); - KeyStore keyStore = null; - if (keyStoreName != null) { - keyStore = loadKeyStore(keyStoreName, keyStoreType, keyStorePass); - } - - try { - PKIXBuilderParameters pkixParams = new PKIXBuilderParameters(trustStore, - new X509CertSelector()); - - if (certStoreDirectory != null) { - File dir = new File(certStoreDirectory); - if (dir.isDirectory()) { - List certCollection = new LinkedList(); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : dir.listFiles()) { - log.debug("adding " + f.getName()); - certCollection.add((X509Certificate) cf - .generateCertificate(new FileInputStream(f))); - } - CollectionCertStoreParameters csp = new CollectionCertStoreParameters( - certCollection); - CertStore cs = CertStore.getInstance("Collection", csp); - pkixParams.addCertStore(cs); - log.debug("Added collection certstore"); - } else { - log.error("CertstoreDirectory " + certStoreDirectory - + " is not a directory"); - } - } - - if (caIncludeDir != null) { - File dir = new File(caIncludeDir); - if (dir.exists() && dir.isDirectory()) { - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - try { - for (File f : dir.listFiles()) { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf - .generateCertificate(fis); - fis.close(); - log.debug("Adding trusted cert " + cert.getSubjectDN()); - trustStore.setCertificateEntry(cert.getSubjectDN().getName(), - cert); - f.delete(); - } - } finally { - trustStore.store(new FileOutputStream(trustStoreName), - trustStorePass.toCharArray()); - } - } - } - - pkixParams.setRevocationEnabled(specialConfig - .getBoolean("SSL.revocation")); - if (specialConfig.getBoolean("SSL.revocation")) { - System.setProperty("com.sun.security.enableCRLDP ", "true"); - Security.setProperty("ocsp.enable", "true"); - } - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - log.debug("Setting revocation check to: " - + pkixParams.isRevocationEnabled()); - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); - - KeyManager[] km = null; - SSLContext sslCtx = SSLContext.getInstance(specialConfig - .getString("SSL.sslProtocol")); - if (keyStore != null) { - KeyManagerFactory keyFab = KeyManagerFactory.getInstance("SunX509"); - keyFab.init(keyStore, keyStorePass.toCharArray()); - km = keyFab.getKeyManagers(); - } - sslCtx.init(km, trustFab.getTrustManagers(), null); - HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); - log.info("Successfully configured ssl"); - } catch (Exception e) { - log.debug("Cannot init ssl", e); - } - } - - protected void configureProviders() { - log.debug("Registering security providers"); - ECCProvider.addAsProvider(false); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); - StringBuffer sb = new StringBuffer(); - sb.append("Following providers are now registered: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); - } - log.debug("Configured provider" + sb.toString()); - } - - protected void configureBKU() { - if (specialConfig.containsKey("BKU.useSWCard")) { - boolean useSWCard = specialConfig.getBoolean("BKU.useSWCard"); - log.info("Setting SW Card to: "+useSWCard); - SMCCHelper.setUseSWCard(useSWCard); - } - if (specialConfig.containsKey("BKU.SWCardDirectory")) { - //SWCard. - } - } - - public void configure() { - configureProviders(); - configSSL(); - configUrlConnections(); - configureBKU(); - - } - - public void checkUpdate() { - if (specialConfig.getReloadingStrategy().reloadingRequired()) { - log.info("Reloading configuration: " + specialConfig.getFileName()); - specialConfig.setAutoSave(false); - specialConfig.clear(); - try { - specialConfig.load(); - } catch (ConfigurationException e) { - log.fatal(e); - } - specialConfig.setAutoSave(specialConfig - .getBoolean("OverrideConfigurationFile[@autosave]")); - configure(); - specialConfig.getReloadingStrategy().reloadingPerformed(); - } - } - -} + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.conf; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.xml.crypto.XSecProvider; + +import java.io.IOException; +import java.net.HttpURLConnection; +import java.security.Provider; +import java.security.Security; +import java.util.Properties; + +import javax.net.ssl.HttpsURLConnection; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; + +/** + * + * TODO currently only the code to get started. + */ +public abstract class Configurator { + + private Log log = LogFactory.getLog(Configurator.class); + + private static Configurator instance = new SpringConfigurator(); + + protected Properties properties; + + protected Configurator() { + } + + public static Configurator getInstance() { + return instance; + } + + protected void configUrlConnections() { + HttpsURLConnection.setFollowRedirects(false); + HttpURLConnection.setFollowRedirects(false); + } + + protected void configureProviders() { + log.debug("Registering security providers"); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + Security.addProvider(new STALProvider()); + XSecProvider.addAsProvider(false); + StringBuilder sb = new StringBuilder(); + sb.append("Registered providers: "); + int i = 1; + for (Provider prov : Security.getProviders()) { + sb.append((i++) + ". : " + prov); + } + log.debug(sb.toString()); + } + + protected void configViewer() { + String bv = properties.getProperty("ValidateHashDataInputs"); + if (bv != null) { + DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); + } else { + log.warn("ValidateHashDataInputs not set, falling back to default"); + } + } + + public void configure() { + configureProviders(); + configUrlConnections(); + configViewer(); + } + + public void setConfiguration(Properties props) { + this.properties = props; + } + + public String getProperty(String key) { + if (properties != null) { + return properties.getProperty(key); + } + return null; + } +} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java new file mode 100644 index 00000000..3aeb1745 --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -0,0 +1,336 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.conf; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Security; +import java.security.cert.CertPathBuilder; +import java.security.cert.CertStore; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CollectionCertStoreParameters; +import java.security.cert.LDAPCertStoreParameters; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.PKIXCertPathBuilderResult; +import java.security.cert.TrustAnchor; +import java.security.cert.X509CertSelector; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Properties; +import java.util.Set; + +import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.context.ResourceLoaderAware; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; + +public class SpringConfigurator extends Configurator implements + ResourceLoaderAware { + + private final static Log log = LogFactory.getLog(SpringConfigurator.class); + + private ResourceLoader resourceLoader; + + public SpringConfigurator() { + File configDir = new File(System.getProperty("user.home") + "/.bku/conf"); + if (configDir.exists()) { + log.debug("Found existing config directory: " + configDir); + } else { + log.info("Config dir not existing, creating new"); + if (!configDir.mkdirs()) { + log.error("Cannot create directory: " + configDir); + } + } + } + + public void setResource(Resource resource) { + log.debug("Loading config from: " + resource); + if (resource != null) { + Properties props = new Properties(); + try { + props.load(resource.getInputStream()); + super.setConfiguration(props); + } catch (IOException e) { + log.error("Cannot load config", e); + } + } else { + log.warn("Cannot load properties, resource: " + resource); + } + } + + public void configureVersion() { + Properties p = new Properties(); + try { + p.load(resourceLoader.getResource("META-INF/MANIFEST.MF") + .getInputStream()); + String version = p.getProperty("Implementation-Build"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA " + version); + DataUrl.setConfiguration(properties); + log.debug("Setting user agent to: " + + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + } catch (IOException e) { + log.error(e); + } + } + + public void configure() { + super.configure(); + configureSSL(); + configureVersion(); + configureNetwork(); + } + + public void configureNetwork() { + + } + + private Set getCACerts() throws IOException, + CertificateException { + Set caCerts = new HashSet(); + String caDirectory = getProperty("SSL.caDirectory"); + if (caDirectory != null) { + Resource caDirRes = resourceLoader.getResource(caDirectory); + File caDir = caDirRes.getFile(); + if (!caDir.isDirectory()) { + log.error("Expecting directory as SSL.caDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.caDirectory parameter"); + } + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : caDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + fis.close(); + log.debug("Adding trusted cert " + cert.getSubjectDN()); + caCerts.add(new TrustAnchor(cert, null)); + } catch (Exception e) { + log.error("Cannot add trusted ca", e); + } + } + return caCerts; + + } else { + log.warn("No CA certificates configured"); + } + return null; + } + + private List getCertstore() throws IOException, + CertificateException, InvalidAlgorithmParameterException, + NoSuchAlgorithmException { + List resultList = new ArrayList(); + String certDirectory = getProperty("SSL.certDirectory"); + if (certDirectory != null) { + Resource certDirRes = resourceLoader.getResource(certDirectory); + + File certDir = certDirRes.getFile(); + if (!certDir.isDirectory()) { + log.error("Expecting directory as SSL.certDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.certDirectory parameter"); + } + List certCollection = new LinkedList(); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : certDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + certCollection.add(cert); + fis.close(); + log + .trace("Added following cert to certstore: " + + cert.getSubjectDN()); + } catch (Exception ex) { + log.error("Cannot add certificate", ex); + } + } + CollectionCertStoreParameters csp = new CollectionCertStoreParameters( + certCollection); + resultList.add(CertStore.getInstance("Collection", csp)); + log.info("Added collection certstore"); + } else { + log.warn("No certstore directory configured"); + } + String ldapHost = getProperty("SSL.ldapServer"); + if ((ldapHost != null) && (!"".equals(ldapHost))) { + String ldapPortString = getProperty("SSL.ldapPort"); + int ldapPort = 389; + if (ldapPortString != null) { + try { + ldapPort = Integer.parseInt(ldapPortString); + } catch (NumberFormatException nfe) { + log.error("Invalid ldap port, using default 389"); + } + } else { + log.warn("ldap port not specified, using default 389"); + } + LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters( + ldapHost, ldapPort); + resultList.add(CertStore.getInstance("LDAP", ldapParams)); + log.info("Added LDAP certstore"); + } + return resultList; + } + + public void configureSSL() { + Set caCerts = null; + try { + caCerts = getCACerts(); + } catch (Exception e1) { + log.error("Cannot load CA certificates", e1); + } + List certStoreList = null; + try { + certStoreList = getCertstore(); + } catch (Exception e1) { + log.error("Cannot load certstore certificates", e1); + } + String aia = getProperty("SSL.useAIA"); + if ((aia == null) || (aia.equals(""))) { + System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); + } else { + System.setProperty("com.sun.security.enableAIAcaIssuers", aia); + } + String lifetime = getProperty("SSL.cache.lifetime"); + if ((lifetime == null) || (lifetime.equals(""))) { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0"); + } else { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime); + } + X509CertSelector selector = new X509CertSelector(); + PKIXBuilderParameters pkixParams; + try { + pkixParams = new PKIXBuilderParameters(caCerts, selector); + if ((getProperty("SSL.doRevocationChecking") != null) + && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { + log.info("Enable revocation checking"); + System.setProperty("com.sun.security.enableCRLDP", "true"); + Security.setProperty("ocsp.enable", "true"); + } else { + log.warn("Revocation checking disabled"); + } + for (CertStore cs : certStoreList) { + pkixParams.addCertStore(cs); + } + ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( + pkixParams); + TrustManagerFactory trustFab; + trustFab = TrustManagerFactory.getInstance("PKIX"); + trustFab.init(trustParams); + KeyManager[] km = null; + SSLContext sslCtx = SSLContext + .getInstance(getProperty("SSL.sslProtocol")); + sslCtx.init(km, trustFab.getTrustManagers(), null); + // sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, + // certStoreList) }, null); + HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + } catch (Exception e) { + log.error("Cannot configure SSL", e); + } + } + + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } +} + +class MyTrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyTrustManager.class); + private Set caCerts; + private List certStoreList; + private X509Certificate[] trustedCerts; + + public MyTrustManager(Set caCerts, List cs) { + this.caCerts = caCerts; + this.certStoreList = cs; + trustedCerts = new X509Certificate[caCerts.size()]; + int i = 0; + for (Iterator it = caCerts.iterator(); it.hasNext();) { + TrustAnchor ta = it.next(); + trustedCerts[i++] = ta.getTrustedCert(); + } + + } + + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException { + log.error("Did not expect this method to get called"); + throw new CertificateException("Method not implemented"); + } + + @Override + public void checkServerTrusted(X509Certificate[] certs, String arg1) + throws CertificateException { + try { + log.debug("Checking server certificate: " + certs[0].getSubjectDN()); + CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX"); + X509CertSelector selector = new X509CertSelector(); + selector.setCertificate(certs[0]); + PKIXBuilderParameters pkixParams; + pkixParams = new PKIXBuilderParameters(caCerts, selector); + pkixParams.setRevocationEnabled(true); // FIXME + for (CertStore cs : certStoreList) { + pkixParams.addCertStore(cs); + } + PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) pathBuilder + .build(pkixParams); + if (log.isTraceEnabled()) { + StringBuffer sb = new StringBuffer(); + for (Certificate cert : result.getCertPath().getCertificates()) { + sb.append(((X509Certificate) cert).getSubjectDN()); + sb.append("->"); + } + sb.append("End"); + log.trace(sb); + } + } catch (Exception e) { + throw new CertificateException(e); + } + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return trustedCerts; + } + +} \ No newline at end of file diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java index 0bed928d..c543c8ca 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java @@ -1,7 +1,12 @@ package at.gv.egiz.bku.local.stal; import java.awt.Container; +import java.awt.EventQueue; +import java.awt.Toolkit; import java.awt.event.ActionListener; +import java.awt.event.FocusEvent; +import java.awt.event.FocusListener; +import java.awt.event.WindowEvent; import java.util.List; import javax.swing.JDialog; @@ -126,5 +131,4 @@ public class BKUGuiProxy implements BKUGUIFacade { showDialog(); delegate.showWelcomeDialog(); } - } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java index 6f9e72c5..4bc921aa 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTAL.java @@ -7,6 +7,7 @@ import javax.swing.JDialog; import at.gv.egiz.bku.gui.BKUGUIFacade; import at.gv.egiz.bku.online.applet.BKUWorker; +import at.gv.egiz.stal.QuitRequest; import at.gv.egiz.stal.STALRequest; import at.gv.egiz.stal.STALResponse; import at.gv.egiz.stal.SignRequest; @@ -26,8 +27,16 @@ public class SMCCSTAL extends BKUWorker { public List handleRequest(List requestList) { signatureCard = null; List responses = super.handleRequest(requestList); - container.setVisible(false); + //container.setVisible(false); return responses; } + @Override + public STALResponse handleRequest(STALRequest request) { + if (request instanceof QuitRequest) { + container.setVisible(false); + } + return null; + } + } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java index 97646d09..f9a8bef5 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -53,6 +53,7 @@ public class SMCCSTALFactory implements STALFactory { stal = new SMCCSTAL(new BKUGuiProxy(dialog, gui), dialog, resourceBundle); dialog.setPreferredSize(new Dimension(400, 200)); dialog.setDefaultCloseOperation(WindowConstants.HIDE_ON_CLOSE); + dialog.pack(); Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); Dimension frameSize = dialog.getSize(); if (frameSize.height > screenSize.height) { @@ -63,13 +64,12 @@ public class SMCCSTALFactory implements STALFactory { } dialog.setLocation((screenSize.width - frameSize.width) / 2, (screenSize.height - frameSize.height) / 2); - dialog.pack(); } return stal; } @Override - public void setLocale(Locale locale) { + public void setLocale(Locale locale) { this.locale = locale; } } diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties deleted file mode 100644 index 9db6f100..00000000 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/Userdialog.properties +++ /dev/null @@ -1,27 +0,0 @@ -# Copyright 2008 Federal Chancellery Austria and -# Graz University of Technology -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -#------- Insert Card Dialog -------# -Insert.Header = Citizen Card Required -Insert.Button.Cancel = Cancel -Insert.Text = Please insert your Citizen Card! - - -#------- PIN Dialog -------# -Pin.Header = Please Enter PIN -Pin.Button.OK = OK -Pin.Button.Cancel = Cancel -Pin.Text.Retries = Please enter {0}.

{1} retries left. -Pin.Text.NoRetries = Please enter {0}. \ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml deleted file mode 100644 index 792bbccc..00000000 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/baseconfig.xml +++ /dev/null @@ -1,38 +0,0 @@ - - - - - - ${sys:user.home}/.bku/conf/bkuconfig.xml - - - true - TLS - - - - \ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml new file mode 100644 index 00000000..586a8190 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/accessControlConfig.xml @@ -0,0 +1,96 @@ + + + + + + + + + + + allow + + confirm + + + + + + + + + anonymous + + allow + + confirm + + + anonymous + + Command + + + + + + + + certified + + IdentityLink + derived + + + allow + + confirm + + + anonymous + 127.0.0.1 + + IdentityLink + derived + + + allow + + confirm + + + anonymous + + IdentityLink + + + deny + + info + + + + allow + + + + + + diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer new file mode 100644 index 00000000..f9fef65f Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-01a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer new file mode 100644 index 00000000..36a442b8 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-02a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer new file mode 100644 index 00000000..ab9e0cd7 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-Qual-03a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer new file mode 100644 index 00000000..efa28178 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-01a.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer new file mode 100644 index 00000000..33e77636 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/A-Trust-nQual-03.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer new file mode 100644 index 00000000..ee859434 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-SSL-03.cer @@ -0,0 +1,26 @@ +-----BEGIN CERTIFICATE----- +MIIEdzCCA1+gAwIBAgIDAmU4MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA2MDgxNjIyMDAw +MFoXDTE2MDgxNjIyMDAwMFowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt +c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6 +PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK +k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj +r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG +AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt +Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd +LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E +CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG +MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv +b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl +dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1 +dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAHKlnV3R9sbXojtONugyazkZCEzmC +nZF1Dz4cOL0vPzzvS8MVWtG43zAgVI1NT/0ETSWsXD3YfzRi+f+/CxrGn0gwZX2t +VGx+Z9w5ufiy1vuhxDUPmpos1TbJ4Wv3Une0E7iuHmNLg5qVlKeHWpcU8t1Y0nCt +eRz34Qm87AVAykta33XST1fYvGoPKsDtn3qx9ye/pcbDvWjPwmqF2UUoql+d5hmJ +Umgzwezqk4I+FS98BrnaPgC5UVFHg+yUjiUDLjYy7UvDZ5Led6kkLXuzVhQolLvr +KTrGp5k42PG2MMkw8f6GMF/6yePXgzFMCRN8ReR7J5Htv33SytLRmFRd8g== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer new file mode 100644 index 00000000..7e67be95 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEgzCCA2ugAwIBAgIDAarsMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1jb3Jwb3JhdGUtMDMxHDAaBgNV +BAMME2Etc2lnbi1jb3Jwb3JhdGUtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQCp44qY+AiVXlcnHoKvch9s3ujoWFNktvcteIPwK7s0mb/uxTUW9UIF +Die9n3AbyTsJE6R3nZYSJVHHi+1DKD72/WEo/B5NOOtd6KUMfJgca1tDmcsIwhFn +82qkZrbNQwdIIdLe6+nDmjd9UBIaKv7yy1kq20jh09HOK3/bWhafVQE7EAgDfNrn +8f0JfnnF0EA/La5kkg878L22fh9lRzt8H21THqJPtK4/e9SttjrJnPhFk2/MjAGS +uaDufG6BV5Hnn7klR5qm5q32ypleLA6Zi4m9jRCVtPd4jRPYM40XpRkrJuFw+lxp +rejfEZt/SRh1eQXiXDUgtgX8OaIylH9pAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQIQj75YZ1a5XIwEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYD +VR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFw +LmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9j +ZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2Vy +dGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEARu7e1SyBRjlA +g/thtFwtKQRvopTZKWj2LWpEdvPvwThOvf8Depnas+ly5af8r8YzsqJzfX3XWvhN +qOOI24g5FmXfCUTq/kbtaeTq/AqV94793IJfcilPnpMOEHMqXNDiRUoAgR/9EVj8 +mDVvL2lLlJzeAltqOD5Bi9QwguaD2/3/E5ymFnqkf1dnlXbo8AhcwPEzReNKn1eM +Ilg4FwP1bP0HUK3Fyz1UQ/Hncg+MS7c+SkjpNEd4sH7/GdxuQs5Sk7IRwot1+sbX +3CkkPhSqiUzig9raxJYrtbb2kyiUO8+d5HzRyoP4BNzsdZdPc0gDYweXg5qarHOQ +16IEOtBmKg== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer new file mode 100644 index 00000000..0c68e593 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEJjCCAw6gAwIBAgIDAOJEMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTEzMDIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIjAgBgNVBAsTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDExIjAgBgNV +BAMTGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK +AoIBAQDGC65v8rni63DojEBriynPwRqNCp14/SkN5ROkTUGNvLSabfSJV4PKGLTzasPAaChwX0g/ +kebahFM3R7nIyeVx2YB8VRvC4I/spP/mCs5+6pf1N+6Kiq4NcswgNBBfqAteaQIylBMy6HDkjoXY +X/c+SxjyrqAkeZCK+SHMOraXCO1PZHWbYwleKXf4R2Z6ayEfJ2XWeVuqqon76WHp/POI0RADBchA +6Vm1ROzSAHz39bay1TZunQXSs3VQ9cE3uQPjN+80efmf0ZgNF0sXsDTssoZg2feTANSOkTGM1bMC +5xe1hWFL8MZNe4yZ+NSgFN2fofb8BPvyQAW0no2PNA6PAgMBAAGjgbMwgbAwDwYDVR0TAQH/BAUw +AwEB/zARBgNVHQ4ECgQITp5/1C/JHx8wEwYDVR0jBAwwCoAITlnOxwIyhzAwDgYDVR0PAQH/BAQD +AgEGMGUGA1UdHwReMFwwWqBYoFaGVGxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1u +UXVhbC0wMSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0PzANBgkqhkiG +9w0BAQUFAAOCAQEAOtuz2GqnTibk/poCLrdYKpZSrLyfWFsJJpfBYA9HMasnfpJBCHgRHJud6DAO +xD900Vhmwy66D8dqsN3+fR8Bx8ZMKspnFN1B2Wz7LWOxMaKqP3JolJ/oVwzJRm0afcUMAfAumkc5 +Yqu0nC5qCF9zYY9YbJklh84uEzEg9j85kuRBHOCUc+5MVrnv7WPbirx6c95YFqXBQ0arA5QE9zYq +MDO8aUYPOWEHgtrVI+kMwELYHqLDX7i9VqsXhgFPeVz1wIV7s/i3budGeHMS6hjnyIc30FqM7CTY +fcvqVNZliErbjD1k1W1gMgvjLJowNvQC0W7K9/yoQhwTqtNMR4WZwA== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer new file mode 100644 index 00000000..c300891d --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEizCCA3OgAwIBAgIDAOSoMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGfMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSIwIAYDVQQLDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMSIw +IAYDVQQDDBlhLXNpZ24tY29ycG9yYXRlLWxpZ2h0LTAyMIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAk6V4oEauvXgEICqgjTbGHaiDhBVo2nosX23osoKM +LTkkO/nOCgpdCYpLKgURxwrgHgVh9XT99yxhy6lDwt2rASajj0sQ1fY5BmWVyrXS +dQ78ISMPb73XaG4M8H7PJFcsVEo9n8veVQwnMY5mSWy0r1IO8n93Bjbmmi4Zt8oS +p9olWo5/8ByYW8S/AKZuQx+q+bFJv7geuApVjK2iVFe8yQqHhAgDsAsDlMvxDAQ/ +vhrGwHRv8N3sLsjirnbf5S2dGLDjASOMUFvwfLQd7gHH7PV37Xa+aQqa97eE6O4O +sIhcGRYhoLk/tWTBDapcgHJ0yTtrftuwORVteLUAy0gBNwIDAQABo4HhMIHeMA8G +A1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEkcWDpP6A0DMBMGA1UdIwQMMAqACEI9 +KySmwUXOMA4GA1UdDwEB/wQEAwIBBjCBkgYDVR0fBIGKMIGHMIGEoIGBoH+GfWxk +YXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1RdWFsLTAyLG89QS1UcnVz +dCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/YmFzZT9vYmplY3RjbGFz +cz1laWRDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MA0GCSqGSIb3DQEBBQUAA4IBAQBH +opWG7LKmPBvuGjZnRV4KGKzzUYVuxSRS1E0VIUPbVLf5xW2r5uUpR8ud5EpiPrcw +k6K0dzu2Vb4ZbMIP+6J16S/0qvTp/3A/3q87+nJ+ot+IT8GZFJfSw18th2WmZdzR +ShbM6sgViPtGsFROCdWeiHl248w2+zG+09sf8Bu3UyvwLRAiiKaxuwVdQ9kc0TL3 +gvv+K5eisWWthQOX2IF2jGSEqoAVwfHhl7bc9Vt7XnJSpQFebHnsIVuV4Mv6w4ww +86hQPCLLvvV7wWDiBQ8l2FWneX0pNH3Wg+A1TRUoptc+pPDdpoP272MDm4fXyPKV +7QgIaIK+gXNUj2GGt1K9 +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer new file mode 100644 index 00000000..2251ca22 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-light-03.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjzCCA3egAwIBAgIDAartMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MTExMzIzMDAw +MFoXDTE1MTExMzIzMDAwMFowgZ8xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxIjAgBgNVBAsMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMx +IjAgBgNVBAMMGWEtc2lnbi1jb3Jwb3JhdGUtbGlnaHQtMDMwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQC359oitbHkkEgdErRPeBdkcYRK2DLdxfcnn+SI +umSEYzWVscRTchPKSzb7f1a6EHPbB5WZsGJaUDX9KfTqsJNMo+7bASKk3gsLVxNZ +qY2t2G+y8HvREYYejDOIzjAkcBQrt+nvuBUlGYVJQjEuyAn18f2vG0Y3VNvZFGKn +PK8AVycUMk0Uw21RbK3vX5tbbPgQ/kcZkN4czi5VHepMvf6hAwwLoJj+KL9zxm8j +yPK88qCBKAjMNCpZKsEhyanw1CjYbVmHs45Q5W6FBtqDcS6Iq4mC6TtUPGtCTuoH +7/JLuhEp075ohp87v3fSlzeLJjBpkUDP9U8Tv7l2euD0t1UVAgMBAAGjgeMwgeAw +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIQZFpHL+t2JgwEwYDVR0jBAwwCoAI +RGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEGMIGUBgNVHR8EgYwwgYkwgYaggYOggYCG +fmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEt +VHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0 +Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC +AQEADTRIaQtPwoPS6/TpyBhOw4wAHk/RM4gkLT76URPY2sUHihxqy+8qEElN+f5l +I61myCP3IFTClflcHVR1QCoMg0ZI5/EcQTI8Dgd5iQkXuVjh3wCj87Ka2Tu7d1K+ +i9VJ4BR/ph/qmPKR7Lx/PtATw/vWo4k2rbt5o1QwixZ7CPt+BF9xCaAC4uL0bB0M +9M3i9W2ePmqX6WIB3jMkT9FQC0KihPPfw/17KddNi4rFMMEiTyKvJTtTqDnIAwWW +TqsL1G7oxMMtnnYaKWMQ6gQiOiRzCY7efcAi/3YwUX6ULW5zxqapNs1vqEbSGsQE +l1eFl67HBZHYAPdoHGUnZF0KaQ== +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer new file mode 100644 index 00000000..2d7f1a03 --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-01a.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIEKDCCAxCgAwIBAgIDAOKKMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFUMRAwDgYDVQQK +EwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkwFwYDVQQDExBBLVRydXN0LW5R +dWFsLTAxMB4XDTA0MTIwNTIzMDAwMFoXDTA4MTEzMDIzMDAwMFowgaExCzAJBgNVBAYTAkFUMUgw +RgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0 +ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1jb3Jwb3JhdGUtbWVkaXVtLTAxMSMwIQYD +VQQDExphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC +AQoCggEBANEbZyIMIXZYBjTj/+3TrNGssRKNNdTedQlWB3vJQWLzeG89Kzmhy1WDX8IqDrMtvpXH +5w6urK3ZT7HGu2Jldrib8rkEOdE9+uNGRtkP8Kuz//CvdXCbIDvBLqgvWn9a3Sl/rUicPqKwcEcN +bP2Q0iU6NvvALmoqs93PymfTZlkGOwzUe+O88huXkauGWT/DkJd4JYDNJ0wlaGrJa+OorT4Izk1J +EipqqedUjsAj4Gq3SKrZKG/H/CkoH9uWTzrzFgg8zQhCES4AClo84XVk//EIv3ABDw4hr+lqV1nF +eXch9o4mLIe5u045471YLJLmyuCPDopb8U2VUoyldpMx+Y8CAwEAAaOBszCBsDAPBgNVHRMBAf8E +BTADAQH/MBEGA1UdDgQKBAhOuHKxmCmfZDATBgNVHSMEDDAKgAhOWc7HAjKHMDAOBgNVHQ8BAf8E +BAMCAQYwZQYDVR0fBF4wXDBaoFigVoZUbGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0 +LW5RdWFsLTAxLG89QS1UcnVzdCxjPUFUP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3Q/MA0GCSqG +SIb3DQEBBQUAA4IBAQDaukYSeJVxWAh8QShqGqA6Plp9aXCTzwl9hE2gb+/xGPASo+NVQi/sUa0+ +bx29oSJaW6lKzdHQLAx4dwW9XTpJ+0mebB4fQfYHH0lGc1O4au/4O9k+C3SrD6x4WeY9k/SpUFu1 +qjzH+tjta81UWtU7Jve1BhckNwdOFx7cR8fdW+pUQSDV9XnPJfyb+gb9KWhvX+XAbgJoXW1HjJOO +P5sx6mFhMb3UqAfKQVoAuGbl4+uxIThBTqpICkaaD8WLdukqQjomUMDRbWIf6SblPuOEpPi1G/WM +qkTkpqX77Wkj08QY/yj5DDrsYJ5NymnWvu7jcoxCFCKvEQ8Q4g7AYKnG +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer new file mode 100644 index 00000000..194d4d7c --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/a-sign-corporate-medium-02a.cer @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEjTCCA3WgAwIBAgIDAOSpMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1 +YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0wNDEyMTQyMzAwMDBa +Fw0xNDEyMTMyMzAwMDBaMIGhMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz +dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy +a2VociBHbWJIMSMwIQYDVQQLDBphLXNpZ24tY29ycG9yYXRlLW1lZGl1bS0wMjEj +MCEGA1UEAwwaYS1zaWduLWNvcnBvcmF0ZS1tZWRpdW0tMDIwggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQCuaTBb6rHd5JZqAdvpmGIl5ne0Hg6GbpJvBeCI +U6l9Rs8ebMY6aIS++qJOE9rnJHdfZNzLzduuoWEzEuwm9a/azQThM+eT+xlG/Vcf +NuOQTTjAuXHLvYQ7WxSrBIT/kmAyqJgq/DEPvdX4jmCtVkuZ1gbxYIChLOVBWkVC +FCK49BuXECtNy5fzK/GyfouZOVoQgiQ1YfecqzibcwO0t+f68Pvp/s6HESAH5tXY +PdENDw4c/W/qKaeR87jPq98AJ8Lr4bmjWLjK8/ITtGglnJy8osFz22oR7f6fbWl6 +5LdhJ3giM68WEabQcZkw8cx3RDOzbnL2Kn+PVNHHyp3Wh849AgMBAAGjgeEwgd4w +DwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISoLnpz/+q98wEwYDVR0jBAwwCoAI +Qj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMIGSBgNVHR8EgYowgYcwgYSggYGgf4Z9 +bGRhcDovL2xkYXAuYS10cnVzdC5hdC9vdT1BLVRydXN0LVF1YWwtMDIsbz1BLVRy +dXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9ubGlzdD9iYXNlP29iamVjdGNs +YXNzPWVpZENlcnRpZmljYXRpb25BdXRob3JpdHkwDQYJKoZIhvcNAQEFBQADggEB +ABqg1oRs/TZ0hJLJRV/xJglFzgn2fDAXeoVvWnAE09F1d0n+ZorKAKbMfiZ2CuKs +M0AhU23/5zM90DdrtYWXpa+P8ONALZtHJIqGfVuRKYJq7jY5TpE3yRkTcrp47smp +WqTwUgG+0aBeU9m+ZtGUFOsBkq+MudD8IZGc7VcLd1n4ltND9ITjX20hu01ju56c +YC69vFa5hmIccXg/Q3dGEV5Amx8MTQJluG3QvqBOY74yrAFICvK1zsvu+vOGvJQj +i+PxKlbQdehrV82VDxyfSjpEUADWMGRfE5vg4YBGgfRosh4w7a6ThD2LMLFPmIhy +P6+VGUBCm2tMDDOo9DVkXFs= +-----END CERTIFICATE----- diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties new file mode 100644 index 00000000..93796a7e --- /dev/null +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -0,0 +1,53 @@ +# +# Copyright 2008 Federal Chancellery Austria and +# Graz University of Technology +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + + +# Configuration for online CCE + +# security manager configuration +AccessController.acceptUnmatched=false +AccessController.policyResource=classpath:at/gv/egiz/bku/local/conf/accessControlConfig.xml + +# ------------BEGIN SSL Config -------------------- +# SSL configuration for connections to external +# resources (e.g. data urls) + +# directory where certificates for +# chain constructions can be placed +SSL.certDirectory=classpath:at/gv/egiz/bku/local/conf/certs/certStore + +# a LDAP repository +SSL.ldapServer= +SSL.ldapPort=389 + +# Directory where trusted CA +# certificates are placed +SSL.caDirectory=classpath:at/gv/egiz/bku/local/conf/certs/CACerts + +SSL.doRevocationChecking=true +SSL.sslProtocol=TLS + +SSL.cache.lifetime=3600 +# use authority info access extension to find ca certs. +SSL.useAIA=true + +# ------------ END SSL Config -------------------- + +ValidateHashDataInputs=true + + + diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png b/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png deleted file mode 100644 index eee4be4f..00000000 Binary files a/BKULocal/src/main/resources/at/gv/egiz/bku/local/logo.png and /dev/null differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks b/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks deleted file mode 100644 index c773f037..00000000 Binary files a/BKULocal/src/main/resources/at/gv/egiz/bku/local/truststore.jks and /dev/null differ diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index c0ffc927..c6a5088a 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -20,7 +20,7 @@ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd"> - + @@ -37,33 +37,21 @@ - - + + + + + + - - - - - - - - - - - - - - - - - - - 1 - - + + + + + + \ No newline at end of file diff --git a/BKULocal/src/test/java/ConfigTest.java b/BKULocal/src/test/java/ConfigTest.java deleted file mode 100644 index 558d1c47..00000000 --- a/BKULocal/src/test/java/ConfigTest.java +++ /dev/null @@ -1,49 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -import java.net.URL; - -import org.apache.commons.configuration.Configuration; -import org.apache.commons.configuration.ConfigurationException; -import org.apache.commons.configuration.ConfigurationFactory; -import org.junit.Ignore; - -@Ignore -public class ConfigTest { - - - private void testConfig() throws ConfigurationException { - ConfigurationFactory factory = new ConfigurationFactory(); - URL configURL = getClass().getResource("/config.xml"); - factory.setConfigurationURL(configURL); - Configuration config = factory.getConfiguration(); - System.out.println("-------->: "+config.getInt("hans")); - } - - /** - * @param args - */ - public static void main(String[] args) { - ConfigTest ct = new ConfigTest(); - try { - ct.testConfig(); - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } - } - -} diff --git a/BKULocal/src/test/java/JustASandbox.java b/BKULocal/src/test/java/JustASandbox.java deleted file mode 100644 index b151df92..00000000 --- a/BKULocal/src/test/java/JustASandbox.java +++ /dev/null @@ -1,78 +0,0 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -import java.io.ByteArrayOutputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.util.ArrayList; -import java.util.List; - -import javax.net.ssl.HttpsURLConnection; - -import org.junit.Ignore; - -import at.gv.egiz.bku.local.conf.Configurator; -import at.gv.egiz.bku.local.stal.SMCCSTALFactory; -import at.gv.egiz.bku.utils.StreamUtil; -import at.gv.egiz.stal.InfoboxReadRequest; -import at.gv.egiz.stal.STAL; -import at.gv.egiz.stal.STALRequest; -import at.gv.egiz.stal.STALResponse; -import at.gv.egiz.stal.SignRequest; -import at.gv.egiz.stal.SignResponse; - -@Ignore -public class JustASandbox { - - /** - * @param args - * @throws IOException - */ - public static void main(String[] args) throws IOException { - - Configurator cfg = new Configurator(); - URL url = new URL("https://demo.egiz.gv.at"); - HttpsURLConnection uc = (HttpsURLConnection) url.openConnection(); - uc.connect(); - System.exit(-1); - - InfoboxReadRequest req = new InfoboxReadRequest(); - req.setInfoboxIdentifier("SecureSignatureKeypair"); - - ByteArrayOutputStream os = new ByteArrayOutputStream(); - InputStream is = JustASandbox.class.getClassLoader().getResourceAsStream("at/gv/egiz/bku/local/stal/sigInfo.xml"); - StreamUtil.copyStream(is, os); - SignRequest sr = new SignRequest(); - sr.setSignedInfo(os.toByteArray()); - sr.setKeyIdentifier("SecureSignatureKeypair"); //os.toByteArray(), "SecureSignatureKeypair", null); - STAL stal = (new SMCCSTALFactory()).createSTAL(); - - List reqList = new ArrayList(2); - reqList.add(req); - reqList.add(sr); - - List resp = stal.handleRequest(reqList); - System.out.println(resp.get(0)); - System.out.println(resp.get(1)); - FileOutputStream fos = new FileOutputStream("c:/tmp/seq_now.der"); - SignResponse sir = (SignResponse) resp.get(1); - fos.write(sir.getSignatureValue()); - fos.close(); - } - -} -- cgit v1.2.3 From 9ca314eced8a73f58282684597468f98621ac502 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 19 Sep 2008 12:17:47 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@53 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 73 ++++++++++++---------- .../gv/egiz/bku/local/conf/defaultConf.properties | 6 ++ .../egiz/bku/online/conf/SpringConfigurator.java | 17 +++++ .../gv/egiz/bku/online/conf/defaultConf.properties | 3 + .../main/java/at/gv/egiz/bku/binding/DataUrl.java | 3 +- .../gv/egiz/bku/binding/DataUrlConnectionImpl.java | 7 ++- 6 files changed, 72 insertions(+), 37 deletions(-) (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 3aeb1745..9326d904 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -42,11 +42,16 @@ import java.util.List; import java.util.Properties; import java.util.Set; +import javax.naming.ldap.LdapContext; +import javax.naming.ldap.LdapReferralException; import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.ManagerFactoryParameters; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; import javax.net.ssl.X509TrustManager; @@ -118,7 +123,14 @@ public class SpringConfigurator extends Configurator implements } public void configureNetwork() { - + String proxy = getProperty("HTTPProxyHost"); + String portString = getProperty("HTTPProxyPort"); + if ((proxy == null) || (proxy.equals(""))) { + log.info("No proxy configured"); + } else { + System.setProperty("proxyHost", proxy); + System.setProperty("proxyPort", portString); + } } private Set getCACerts() throws IOException, @@ -258,13 +270,33 @@ public class SpringConfigurator extends Configurator implements KeyManager[] km = null; SSLContext sslCtx = SSLContext .getInstance(getProperty("SSL.sslProtocol")); - sslCtx.init(km, trustFab.getTrustManagers(), null); - // sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, - // certStoreList) }, null); + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("--------------------------------------"); + log.warn(" Disabling SSL Certificate Validation "); + log.warn("--------------------------------------"); + + sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, + certStoreList) }, null); + } else { + sslCtx.init(km, trustFab.getTrustManagers(), null); + } HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); } catch (Exception e) { log.error("Cannot configure SSL", e); } + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("---------------------------------"); + log.warn(" Disabling Hostname Verification "); + log.warn("---------------------------------"); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + } } @Override @@ -275,20 +307,15 @@ public class SpringConfigurator extends Configurator implements class MyTrustManager implements X509TrustManager { private static Log log = LogFactory.getLog(MyTrustManager.class); - private Set caCerts; - private List certStoreList; private X509Certificate[] trustedCerts; public MyTrustManager(Set caCerts, List cs) { - this.caCerts = caCerts; - this.certStoreList = cs; trustedCerts = new X509Certificate[caCerts.size()]; int i = 0; for (Iterator it = caCerts.iterator(); it.hasNext();) { TrustAnchor ta = it.next(); trustedCerts[i++] = ta.getTrustedCert(); } - } @Override @@ -301,31 +328,9 @@ class MyTrustManager implements X509TrustManager { @Override public void checkServerTrusted(X509Certificate[] certs, String arg1) throws CertificateException { - try { - log.debug("Checking server certificate: " + certs[0].getSubjectDN()); - CertPathBuilder pathBuilder = CertPathBuilder.getInstance("PKIX"); - X509CertSelector selector = new X509CertSelector(); - selector.setCertificate(certs[0]); - PKIXBuilderParameters pkixParams; - pkixParams = new PKIXBuilderParameters(caCerts, selector); - pkixParams.setRevocationEnabled(true); // FIXME - for (CertStore cs : certStoreList) { - pkixParams.addCertStore(cs); - } - PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) pathBuilder - .build(pkixParams); - if (log.isTraceEnabled()) { - StringBuffer sb = new StringBuffer(); - for (Certificate cert : result.getCertPath().getCertificates()) { - sb.append(((X509Certificate) cert).getSubjectDN()); - sb.append("->"); - } - sb.append("End"); - log.trace(sb); - } - } catch (Exception e) { - throw new CertificateException(e); - } + log.warn("-------------------------------------"); + log.warn("SSL Certificate Validation Disabled !"); + log.warn("-------------------------------------"); } @Override diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 93796a7e..31f55ed0 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -45,9 +45,15 @@ SSL.cache.lifetime=3600 # use authority info access extension to find ca certs. SSL.useAIA=true +# Don't set to true in production environments +# Attention flag only used for debugging +SSL.disableAllChecks=false # ------------ END SSL Config -------------------- ValidateHashDataInputs=true +#HTTPProxyHost=localhost +#HTTPProxyPort=8888 + diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index 9fe91708..54dbfdea 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -70,6 +70,8 @@ public class SpringConfigurator extends Configurator implements } catch (IOException e) { log.error("Cannot load config", e); } + } else { + log.warn("Cannot load properties, resource: "+resource); } } @@ -91,8 +93,23 @@ public class SpringConfigurator extends Configurator implements super.configure(); configureSSL(); configureVersion(); + configureNetwork(); } + public void configureNetwork() { + String proxyHost = getProperty("HTTPProxyHost"); + String proxyPort = getProperty("HTTPProxyPort"); + if (proxyPort == null) { + proxyPort = "80"; + } + if (proxyHost != null) { + log.debug("Setting proxy server to: "+proxyHost+":"+proxyPort); + System.setProperty("http.proxyHost", proxyHost); + System.setProperty("http.proxyPort", proxyPort); + } + log.debug("No proxy specified"); + } + private Set getCACerts() throws IOException, CertificateException { Set caCerts = new HashSet(); diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index cdc2bfad..42b0d93e 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -41,3 +41,6 @@ SSL.sslProtocol=TLS ValidateHashDataInputs=true + +HTTPProxyHost=taranis.iaik.tugraz.at +HTTPProxyPort=8888 diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java index a8477ece..d462ac60 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrl.java @@ -52,7 +52,8 @@ public class DataUrl { } public DataUrlConnection openConnection() { - try { + try { + log.debug("Opening dataurl connection"); DataUrlConnectionSPI retVal = defaultDataUrlConnection.newInstance(); retVal.init(url); return retVal; diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java index 775f4136..6ad0bb78 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/DataUrlConnectionImpl.java @@ -91,11 +91,13 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { String name = headerIt.next(); connection.setRequestProperty(name, requestHttpHeaders.get(name)); } + log.trace("Connecting to: "+url); connection.connect(); if (connection instanceof HttpsURLConnection) { HttpsURLConnection ssl = (HttpsURLConnection) connection; X509Certificate[] certs = (X509Certificate[]) ssl.getServerCertificates(); if ((certs != null) && (certs.length >= 1)) { + log.trace("Server certificate: "+certs[0]); serverCertificate = certs[0]; } } @@ -142,7 +144,7 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { formParams.add(slResultPart); OutputStream os = connection.getOutputStream(); - + log.trace("Sending data"); Part[] parts = new Part[formParams.size()]; Part.sendParts(os, formParams.toArray(parts), boundary.getBytes()); os.close(); @@ -152,7 +154,8 @@ public class DataUrlConnectionImpl implements DataUrlConnectionSPI { is = connection.getInputStream(); } catch (IOException iox) { log.info(iox); - } + } + log.trace("Reading response"); result = new DataUrlResponse(url.toString(), connection.getResponseCode(), is); Map responseHttpHeaders = new HashMap(); Map> httpHeaders = connection.getHeaderFields(); -- cgit v1.2.3 From 12dc2dc9fd0e2c264353eafe752bd077dd3a39ea Mon Sep 17 00:00:00 2001 From: wbauer Date: Mon, 22 Sep 2008 07:37:16 +0000 Subject: Changed STALFactory to return always a new instance git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@54 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 1 + .../at/gv/egiz/bku/local/stal/SMCCSTALFactory.java | 55 ++++++++++----------- .../local/conf/certs/CACerts/IAIKTest_RootCA.cer | Bin 0 -> 880 bytes .../certs/certStore/IAIKTest_IntermediateCA.cer | Bin 0 -> 982 bytes .../gv/egiz/bku/local/conf/defaultConf.properties | 4 +- 5 files changed, 29 insertions(+), 31 deletions(-) create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/IAIKTest_RootCA.cer create mode 100644 BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/IAIKTest_IntermediateCA.cer (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 9326d904..43dbf745 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -128,6 +128,7 @@ public class SpringConfigurator extends Configurator implements if ((proxy == null) || (proxy.equals(""))) { log.info("No proxy configured"); } else { + log.info("Setting proxy to: "+proxy+":"+portString); System.setProperty("proxyHost", proxy); System.setProperty("proxyPort", portString); } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java index f9a8bef5..c1a69bd8 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -33,43 +33,40 @@ import at.gv.egiz.stal.STALFactory; public class SMCCSTALFactory implements STALFactory { private Locale locale; - private SMCCSTAL stal; - private JDialog dialog; @Override public STAL createSTAL() { - if (stal == null) { - ResourceBundle resourceBundle; - if (locale != null) { - resourceBundle = ResourceBundle.getBundle( - BKUApplet.RESOURCE_BUNDLE_BASE, locale); - } else { - resourceBundle = ResourceBundle - .getBundle(BKUApplet.RESOURCE_BUNDLE_BASE); - } - dialog = new JDialog(); - BKUGUIFacade gui = BKUGUIFactory.createGUI(); - gui.init(dialog.getContentPane(), locale.toString()); - stal = new SMCCSTAL(new BKUGuiProxy(dialog, gui), dialog, resourceBundle); - dialog.setPreferredSize(new Dimension(400, 200)); - dialog.setDefaultCloseOperation(WindowConstants.HIDE_ON_CLOSE); - dialog.pack(); - Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); - Dimension frameSize = dialog.getSize(); - if (frameSize.height > screenSize.height) { - frameSize.height = screenSize.height; - } - if (frameSize.width > screenSize.width) { - frameSize.width = screenSize.width; - } - dialog.setLocation((screenSize.width - frameSize.width) / 2, - (screenSize.height - frameSize.height) / 2); + SMCCSTAL stal; + JDialog dialog; + ResourceBundle resourceBundle; + if (locale != null) { + resourceBundle = ResourceBundle.getBundle(BKUApplet.RESOURCE_BUNDLE_BASE, + locale); + } else { + resourceBundle = ResourceBundle.getBundle(BKUApplet.RESOURCE_BUNDLE_BASE); } + dialog = new JDialog(); + BKUGUIFacade gui = BKUGUIFactory.createGUI(); + gui.init(dialog.getContentPane(), locale.toString()); + stal = new SMCCSTAL(new BKUGuiProxy(dialog, gui), dialog, resourceBundle); + dialog.setPreferredSize(new Dimension(400, 200)); + dialog.setDefaultCloseOperation(WindowConstants.DO_NOTHING_ON_CLOSE); + dialog.pack(); + Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize(); + Dimension frameSize = dialog.getSize(); + if (frameSize.height > screenSize.height) { + frameSize.height = screenSize.height; + } + if (frameSize.width > screenSize.width) { + frameSize.width = screenSize.width; + } + dialog.setLocation((screenSize.width - frameSize.width) / 2, + (screenSize.height - frameSize.height) / 2); return stal; } @Override - public void setLocale(Locale locale) { + public void setLocale(Locale locale) { this.locale = locale; } } diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/IAIKTest_RootCA.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/IAIKTest_RootCA.cer new file mode 100644 index 00000000..38c2de58 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/CACerts/IAIKTest_RootCA.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/IAIKTest_IntermediateCA.cer b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/IAIKTest_IntermediateCA.cer new file mode 100644 index 00000000..c3363a92 Binary files /dev/null and b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/certs/certStore/IAIKTest_IntermediateCA.cer differ diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 31f55ed0..6d59ec21 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -52,8 +52,8 @@ SSL.disableAllChecks=false ValidateHashDataInputs=true -#HTTPProxyHost=localhost -#HTTPProxyPort=8888 +HTTPProxyHost= +HTTPProxyPort= -- cgit v1.2.3 From e21dd5249d5fa19c5619847922cf8cdea95e3145 Mon Sep 17 00:00:00 2001 From: wbauer Date: Thu, 25 Sep 2008 07:29:47 +0000 Subject: improved robustness of http binding processor git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@70 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../gv/egiz/bku/local/conf/SpringConfigurator.java | 6 +++- .../gv/egiz/bku/local/conf/defaultConf.properties | 1 + .../gv/egiz/stal/service/impl/STALServiceImpl.java | 2 +- BKUOnline/src/main/webapp/META-INF/MANIFEST.MF | 7 ++-- .../at/gv/egiz/bku/binding/BindingProcessor.java | 4 ++- .../gv/egiz/bku/binding/HTTPBindingProcessor.java | 9 ++++- .../slcommands/impl/InfoboxReadCommandImpl.java | 8 +++-- .../gv/egiz/smcc/utils/SingletonPINProvider.java | 38 ---------------------- .../HTTPURLProtocolHandlerImpl.java | 3 +- .../at/gv/egiz/idlink/IdentityLinkTransformer.java | 30 ++++++++++++----- 10 files changed, 52 insertions(+), 56 deletions(-) delete mode 100644 smcc/src/main/java/at/gv/egiz/smcc/utils/SingletonPINProvider.java (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 43dbf745..46668667 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -128,10 +128,14 @@ public class SpringConfigurator extends Configurator implements if ((proxy == null) || (proxy.equals(""))) { log.info("No proxy configured"); } else { - log.info("Setting proxy to: "+proxy+":"+portString); + log.info("Setting proxy to: " + proxy + ":" + portString); System.setProperty("proxyHost", proxy); System.setProperty("proxyPort", portString); } + String timeout = getProperty("DefaultSocketTimeout"); + if ((timeout != null) && (!timeout.equals(""))) { + System.setProperty("sun.net.client.defaultConnectTimeout", timeout); + } } private Set getCACerts() throws IOException, diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 6d59ec21..29bdd1ed 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -54,6 +54,7 @@ ValidateHashDataInputs=true HTTPProxyHost= HTTPProxyPort= +DefaultSocketTimeout=200 diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java index 385888e9..d3d6c8db 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/STALServiceImpl.java @@ -248,6 +248,6 @@ public class STALServiceImpl implements STALPortType { ServletContext sCtx = (ServletContext) mCtx.get(MessageContext.SERVLET_CONTEXT); BindingProcessorManager bpMgr = (BindingProcessorManager) sCtx.getAttribute(BINDING_PROCESSOR_MANAGER); BindingProcessor bp = bpMgr.getBindingProcessor(sessionId); - return (bp == null) ? null : (STALRequestBroker) bp.getSTAL(); + return (bp == null) ? null : (bp.isFinished() ? null : (STALRequestBroker) bp.getSTAL()); } } diff --git a/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF b/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF index 5e949512..ca7c7604 100644 --- a/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF +++ b/BKUOnline/src/main/webapp/META-INF/MANIFEST.MF @@ -1,3 +1,6 @@ Manifest-Version: 1.0 -Class-Path: - +Archiver-Version: Plexus Archiver +Created-By: Apache Maven +Built-By: wbauer +Build-Jdk: 1.6.0_10-beta +Implementation-Build: 1.0-SNAPSHOT-r31 \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java index c386508d..2569bf85 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/BindingProcessor.java @@ -71,5 +71,7 @@ public interface BindingProcessor extends Runnable { * If the locale is not set the default locale will be used. * @param locale must not be null. */ - public void setLocale(Locale locale); + public void setLocale(Locale locale); + + public boolean isFinished(); } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java index 8f72c3ee..5e44e82b 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/binding/HTTPBindingProcessor.java @@ -115,6 +115,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements protected int responseCode = 200; protected Map responseHeaders = Collections.EMPTY_MAP; protected Locale locale = Locale.getDefault(); + protected boolean finished = false; /** * @@ -246,6 +247,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements commandInvoker.setCommand(slCommand); responseCode = 200; responseHeaders = Collections.EMPTY_MAP; + dataUrlResponse = null; try { commandInvoker.invoke(srcContex); } catch (SLException e) { @@ -253,7 +255,6 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements bindingProcessorError = e; currentState = State.TRANSFORM; } - dataUrlResponse = null; if (getDataUrl() != null) { log.debug("Data Url set to: " + getDataUrl()); currentState = State.DATAURL; @@ -495,6 +496,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements sendSTALQuit(); log.info("Terminating Bindingprocessor; Thread: " + Thread.currentThread().getId()); + finished = true; } // -- END Methods that handle the http binding activities as defined in the @@ -620,6 +622,7 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements currentState = State.FINISHED; } log.debug("Terminated http binding processor"); + finished = true; } @Override @@ -805,4 +808,8 @@ public class HTTPBindingProcessor extends AbstractBindingProcessor implements this.locale = locale; } + @Override + public boolean isFinished() { + return finished; + } } \ No newline at end of file diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java index 4d64ae36..b6c89e5b 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/slcommands/impl/InfoboxReadCommandImpl.java @@ -371,12 +371,12 @@ public class InfoboxReadCommandImpl extends SLCommandImpl certificates = getCertificatesFromResponses(); @@ -413,10 +413,12 @@ public class InfoboxReadCommandImpl extends SLCommandImpl>(); } - private synchronized IdLTransformer getFreeTransfomer(String stylesheetURL) throws TransformerConfigurationException, IOException { + private IdLTransformer getFreeTransfomer(String stylesheetURL) throws TransformerConfigurationException, IOException { IdLTransformer transformer = null; @@ -260,9 +271,12 @@ public class IdentityLinkTransformer { } - public void transformIdLink(String stylesheetURL, Source source, Result result) throws IOException, TransformerException { - IdLTransformer transformer = getFreeTransfomer(stylesheetURL); - transformer.transform(source, result); + public void transformIdLink(String stylesheetURL, Source source, Result result) throws IOException, TransformerException { + log.trace("Trying to get free IdentityLinkTransformer for issuer template '" + stylesheetURL + "'."); + IdLTransformer transformer = getFreeTransfomer(stylesheetURL); + log.trace("Trying to transform IdentityLink."); + transformer.transform(source, result); + log.trace("IdentityLink transformed successfully. " + getStatistics()); } public String getStatistics() { -- cgit v1.2.3 From 8ccd9ab69dc74762567930f4c576a359502f1071 Mon Sep 17 00:00:00 2001 From: clemenso Date: Tue, 30 Sep 2008 16:37:59 +0000 Subject: showErrorDialog l10n git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@77 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/online/applet/BKUWorker.java | 10 +++--- .../src/main/java/at/gv/egiz/bku/gui/BKUGUI.java | 41 +++++++++++++--------- .../main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java | 14 ++++++-- .../at/gv/egiz/bku/gui/Messages.properties | 11 +++++- .../test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java | 33 +++++++++++------ .../at/gv/egiz/bku/local/stal/BKUGuiProxy.java | 8 ++--- .../gv/egiz/bku/smccstal/SignRequestHandler.java | 7 ++-- 7 files changed, 81 insertions(+), 43 deletions(-) (limited to 'BKULocal/src/main/java') diff --git a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java index a87b04c4..12eb9d00 100644 --- a/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java +++ b/BKUApplet/src/main/java/at/gv/egiz/bku/online/applet/BKUWorker.java @@ -126,7 +126,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, log.fatal("Failed to call STAL service.", e); actionCommandList.clear(); actionCommandList.add("ok"); - gui.showErrorDialog(errorMessages.getString("failed.WS")); + gui.showErrorDialog(BKUGUIFacade.ERR_SERVICE_UNREACHABLE, new Object[] {e.getMessage()}); try { waitForAction(); } catch (InterruptedException e1) { @@ -204,7 +204,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, log.info("Done " + Thread.currentThread().getName()); } catch (Exception ex) { log.error(ex.getMessage(), ex); - gui.showErrorDialog("Sorry, an internal error occured: " + ex.getMessage()); + gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN, new Object[] {ex.getMessage()}); try { waitForAction(); } catch (InterruptedException e) { @@ -279,8 +279,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, case SMCCHelper.PC_SC_NOT_SUPPORTED: actionCommandList.clear(); actionCommandList.add("ok"); - gui.showErrorDialog(errorMessages.getString("nopcscsupport"), this, - "ok"); + gui.showErrorDialog(BKUGUIFacade.ERR_NO_PCSC, null, this, "ok"); try { waitForAction(); } catch (InterruptedException e) { @@ -290,8 +289,7 @@ public class BKUWorker extends AbstractSMCCSTAL implements Runnable, case SMCCHelper.TERMINAL_NOT_PRESENT: actionCommandList.clear(); actionCommandList.add("ok"); - gui.showErrorDialog(errorMessages.getString("nocardterminal"), this, - "ok"); + gui.showErrorDialog(BKUGUIFacade.ERR_NO_CARDTERMINAL,null,this,"ok"); try { waitForAction(); } catch (InterruptedException e) { diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java index 749207ee..b09669b8 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUI.java @@ -41,6 +41,8 @@ import java.util.List; import java.util.Locale; import java.util.ResourceBundle; import java.util.StringTokenizer; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.swing.GroupLayout; import javax.swing.ImageIcon; import javax.swing.JButton; @@ -94,7 +96,7 @@ public class BKUGUI implements BKUGUIFacade { private static final String MESSAGE_OVERWRITE = "message.overwrite"; private static final String LABEL_PIN = "label.pin"; private static final String LABEL_PINSIZE = "label.pinsize"; - private static final String ERROR_NO_HASHDATA = "error.no.hashdata"; +// private static final String ERROR_NO_HASHDATA = "error.no.hashdata"; private static final String BUTTON_OK = "button.ok"; private static final String BUTTON_CANCEL = "button.cancel"; @@ -798,7 +800,7 @@ public class BKUGUI implements BKUGUIFacade { } @Override - public void showErrorDialog(final String errorMsg, final ActionListener okListener, final String okCommand) { + public void showErrorDialog(final String errorMsgKey, final Object[] errorMsgParams, final ActionListener okListener, final String okCommand) { log.debug("scheduling error dialog"); @@ -815,9 +817,12 @@ public class BKUGUI implements BKUGUIFacade { titleLabel.setText(messages.getString(TITLE_ERROR)); // titleLabel.setForeground(defaultForground); + String errorMsgPattern = messages.getString(errorMsgKey); + String errorMsg = MessageFormat.format(errorMsgPattern, errorMsgParams); + JLabel errorMsgLabel = new JLabel(); errorMsgLabel.setFont(errorMsgLabel.getFont().deriveFont(errorMsgLabel.getFont().getStyle() & ~java.awt.Font.BOLD)); - errorMsgLabel.setText("" + errorMsg + ""); + errorMsgLabel.setText(errorMsg); errorMsgLabel.setForeground(ERROR_COLOR); GroupLayout mainPanelLayout = new GroupLayout(mainPanel); @@ -860,7 +865,7 @@ public class BKUGUI implements BKUGUIFacade { } @Override - public void showErrorDialog(final String errorMsg) { + public void showErrorDialog(final String errorMsgKey, final Object[] errorMsgParams) { log.debug("scheduling error dialog"); @@ -877,10 +882,13 @@ public class BKUGUI implements BKUGUIFacade { titleLabel.setText(messages.getString(TITLE_ERROR)); // titleLabel.setForeground(defaultForground); - JLabel errorMsgLabel = new JLabel(); - errorMsgLabel.setFont(errorMsgLabel.getFont().deriveFont(errorMsgLabel.getFont().getStyle() & ~java.awt.Font.BOLD)); - errorMsgLabel.setText("" + errorMsg + ""); - errorMsgLabel.setForeground(ERROR_COLOR); + String errorMsgPattern = messages.getString(errorMsgKey); + String errorMsg = MessageFormat.format(errorMsgPattern, errorMsgParams); + + JLabel errorMsgLabel = new JLabel(); + errorMsgLabel.setFont(errorMsgLabel.getFont().deriveFont(errorMsgLabel.getFont().getStyle() & ~java.awt.Font.BOLD)); + errorMsgLabel.setText(errorMsg); + errorMsgLabel.setForeground(ERROR_COLOR); GroupLayout mainPanelLayout = new GroupLayout(mainPanel); mainPanel.setLayout(mainPanelLayout); @@ -955,7 +963,7 @@ public class BKUGUI implements BKUGUIFacade { public void showHashDataInputDialog(final List signedReferences, final ActionListener okListener, final String okCommand) { if (signedReferences == null) { - showErrorDialog(messages.getString(ERROR_NO_HASHDATA), okListener, okCommand); + showErrorDialog(messages.getString(ERR_NO_HASHDATA), new Object[] {"No SignedReferences provided"}, okListener, okCommand); } if (signedReferences.size() == 1) { @@ -971,11 +979,12 @@ public class BKUGUI implements BKUGUIFacade { showSaveHashDataInputDialog(signedReferences, okListener, okCommand); } }; - String hashDataText = getText(signedReferences.get(0)); - if (hashDataText != null) { + + try { + String hashDataText = getText(signedReferences.get(0)); showPlainTextHashDataInputDialog(hashDataText, saveHashDataListener, "save", okListener, okCommand); - } else { - showErrorDialog(messages.getString(ERROR_NO_HASHDATA), okListener, okCommand); + } catch (IOException ex) { + showErrorDialog(messages.getString(ERR_NO_HASHDATA), new Object[] {ex.getMessage()}, okListener, okCommand); } } else { @@ -1300,7 +1309,7 @@ public class BKUGUI implements BKUGUIFacade { bos.close(); } catch (IOException ex) { log.error("Failed to write HashDataInput to file " + file + ": " + ex.getMessage()); - showErrorDialog("Failed to write signed reference to file: " + ex.getMessage(), null, null); + showErrorDialog(ERR_WRITE_HASHDATA, new Object[] {ex.getMessage()}, null, null); ex.printStackTrace(); } finally { try { @@ -1316,7 +1325,7 @@ public class BKUGUI implements BKUGUIFacade { }); } - private static String getText(HashDataInput hdi) { + private static String getText(HashDataInput hdi) throws IOException { ByteArrayOutputStream baos = null; try { InputStream hashDataIS = hdi.getHashDataInput(); @@ -1338,7 +1347,7 @@ public class BKUGUI implements BKUGUIFacade { } } catch (IOException ex) { log.error("Failed to read HashDataInput for reference " + hdi.getReferenceId() + ": " + ex.getMessage()); - return null; + throw ex; } finally { try { baos.close(); diff --git a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java index f4b6325d..32eb4c3e 100644 --- a/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java +++ b/BKUCommonGUI/src/main/java/at/gv/egiz/bku/gui/BKUGUIFacade.java @@ -23,7 +23,15 @@ import java.awt.event.ActionListener; import java.util.List; public interface BKUGUIFacade { - + + public static final String ERR_UNKNOWN = "error.unknown"; + public static final String ERR_SERVICE_UNREACHABLE = "error.ws.unreachable"; + public static final String ERR_NO_PCSC = "error.pcsc"; + public static final String ERR_NO_CARDTERMINAL = "error.cardterminal"; + public static final String ERR_NO_HASHDATA = "error.no.hashdata"; + public static final String ERR_WRITE_HASHDATA = "error.write.hashdata"; + public static final String ERR_INVALID_HASH = "error.invalid.hash"; + public void init(Container contentPane, String localeString); public void showWelcomeDialog(); @@ -55,7 +63,7 @@ public interface BKUGUIFacade { // public void showPlainTextHashDataInputDialog(String text, ActionListener saveListener, String saveCommand, ActionListener cancelListener, String cancelCommand); - public void showErrorDialog(String errorMsg, ActionListener okListener, String actionCommand); + public void showErrorDialog(String errorMsgKey, Object[] errorMsgParams, ActionListener okListener, String actionCommand); - public void showErrorDialog(String errorMsg); + public void showErrorDialog(String errorMsgKey, Object[] errorMsgParams); } diff --git a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties index a329ba86..79e23859 100644 --- a/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties +++ b/BKUCommonGUI/src/main/resources/at/gv/egiz/bku/gui/Messages.properties @@ -35,7 +35,6 @@ message.retries=Noch {0} Versuche message.overwrite=M\u00F6chten Sie das existierende Dokument {0} \u00FCberschreiben? label.pin={0}: label.pinsize=({0} stellig) -error.no.hashdata=Keine Signaturdaten verf\u00FCgbar button.ok=OK button.cancel=Abbrechen button.back=Zur\u00FCck @@ -48,3 +47,13 @@ mimetype.desc.txt=Textdateien (.txt) mimetype.desc.pdf=Adobe PDF-Dateien (.pdf) mimetype.desc.bin=Bin\u00E4rdateien (.bin) save.hashdatainput.prefix=Signaturdaten + +# Error Messages +error.no.hashdata=Keine Signaturdaten verf\u00FCgbar: {0} +error.write.hashdata=Die Signaturdaten konnten nicht gespeichert werden: {0} +error.invalid.hash=Die Signaturdaten sind ung\u00FCltig: {0} +error.ws.unreachable=Das Web-Service ist nicht erreichbar: {0} +error.pcsc=Java(TM) scheint keine PC/SC Schnittstelle f\u00FCr den Smartcard-Zugriff zur Verf\u00FCgung zu stellen. +error.cardterminal=Es konnte kein Smartcard-Leser gefunden werden.

Entweder ist kein Leser angeschlossen oder kein PC/SC Treiber installiert.

+error.unknown=Leider trat ein Fehler auf: {0} +error.test=Fehler1 {0} - Fehler2 {1} \ No newline at end of file diff --git a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java index 909da4ad..0641bf58 100644 --- a/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java +++ b/BKUCommonGUI/src/test/java/at/gv/egiz/bku/gui/BKUGUIWorker.java @@ -186,13 +186,13 @@ public class BKUGUIWorker implements Runnable { // // Thread.sleep(2000); - gui.showWaitDialog(null); - - Thread.sleep(1000); - - gui.showWaitDialog("test"); - - Thread.sleep(1000); +// gui.showWaitDialog(null); +// +// Thread.sleep(1000); +// +// gui.showWaitDialog("test"); +// +// Thread.sleep(1000); // gui.showInsertCardDialog(cancelListener, "cancel"); @@ -218,11 +218,24 @@ public class BKUGUIWorker implements Runnable { // // Thread.sleep(2000); //// - gui.showErrorDialog("Testfehler occured", null, null); - +// gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN, new Object[] {"Testfehler"}, null, null); +// +// Thread.sleep(2000); +// + + gui.showErrorDialog("error.test", new Object[] {"Testfehler", "noch ein TestFehler"}); + Thread.sleep(2000); // - gui.showErrorDialog("Testfehler occured"); + gui.showErrorDialog("error.no.hashdata", null); + + Thread.sleep(2000); +// + gui.showErrorDialog(BKUGUIFacade.ERR_UNKNOWN, new Object[] {"Testfehler"}); + + Thread.sleep(2000); +// + gui.showErrorDialog("error.unknown", null); // gui.showTextPlainHashDataInput("hallo,\n welt!", "12345", null, "cancel", null, "save"); diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java index c543c8ca..22ab1d6f 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java @@ -65,16 +65,16 @@ public class BKUGuiProxy implements BKUGUIFacade { } @Override - public void showErrorDialog(String errorMsg, ActionListener okListener, + public void showErrorDialog(String errorMsgKey, Object[] errorMsgParams, ActionListener okListener, String actionCommand) { showDialog(); - delegate.showErrorDialog(errorMsg, okListener, actionCommand); + delegate.showErrorDialog(errorMsgKey, errorMsgParams, okListener, actionCommand); } @Override - public void showErrorDialog(String errorMsg) { + public void showErrorDialog(String errorMsgKey, Object[] errorMsgParams) { showDialog(); - delegate.showErrorDialog(errorMsg); + delegate.showErrorDialog(errorMsgKey, errorMsgParams); } @Override diff --git a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java index 0b297283..7d994392 100644 --- a/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java +++ b/smccSTAL/src/main/java/at/gv/egiz/bku/smccstal/SignRequestHandler.java @@ -16,6 +16,7 @@ */ package at.gv.egiz.bku.smccstal; +import at.gv.egiz.bku.gui.BKUGUIFacade; import java.io.ByteArrayInputStream; import java.io.InputStream; import java.security.MessageDigest; @@ -318,15 +319,15 @@ public abstract class SignRequestHandler extends AbstractRequestHandler implemen gui.showHashDataInputDialog(hashDataInputs, SignRequestHandler.this, "ok"); } catch (DigestException ex) { log.error("Bad digest value: " + ex.getMessage()); - gui.showErrorDialog(ex.getMessage()); + gui.showErrorDialog(BKUGUIFacade.ERR_INVALID_HASH, new Object[] {ex.getMessage()}); } catch (Exception ex) { //FIXME localize messages log.error("Failed to obtain HashDataInputs: " + ex.getMessage()); - gui.showErrorDialog("Failed to obtain HashDataInputs: " + ex.getMessage(), SignRequestHandler.this, "ok"); + gui.showErrorDialog(BKUGUIFacade.ERR_NO_HASHDATA, new Object[] {ex.getMessage()}, SignRequestHandler.this, "ok"); } } else { //FIXME get all hashdatainputs - gui.showErrorDialog("Failed to obtain HashDataInputs: No dsig:SignedInfo provided.", SignRequestHandler.this, "ok"); + gui.showErrorDialog(BKUGUIFacade.ERR_NO_HASHDATA, new Object[] {"No dsig:SignedInfo provided"}, SignRequestHandler.this, "ok"); } } else if (actionCommand.equals("sign")) { return new String(gui.getPin()); -- cgit v1.2.3 From 7d3f6235a46f70323defa9910da240e61ca684b3 Mon Sep 17 00:00:00 2001 From: wbauer Date: Wed, 1 Oct 2008 07:30:55 +0000 Subject: Moved main parts of the configuration to bkucommon git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@78 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKULocal/pom.xml | 48 ++- .../accesscontroller/SpringSecurityManager.java | 86 ++--- .../at/gv/egiz/bku/local/conf/Configurator.java | 103 ------ .../gv/egiz/bku/local/conf/SpringConfigurator.java | 320 ++++--------------- .../gv/egiz/bku/local/conf/defaultConf.properties | 7 +- .../src/main/webapp/WEB-INF/applicationContext.xml | 6 +- BKULocalApp/keystore.ks | Bin 0 -> 5635 bytes BKULocalApp/pom.xml | 131 ++++++++ .../java/at/gv/egiz/bku/local/app/BKULauncher.java | 222 +++++++++++++ .../src/main/java/at/gv/egiz/bku/local/app/CA.java | 117 +++++++ .../java/at/gv/egiz/bku/local/app/Container.java | 98 ++++++ .../at/gv/egiz/bku/local/defaultConf/template.zip | Bin 0 -> 17759 bytes .../at/gv/egiz/bku/local/ui/UIMessages.properties | 13 + .../resources/at/gv/egiz/bku/local/ui/favicon.png | Bin 0 -> 2149 bytes BKULocalApp/src/main/resources/log4j.properties | 16 + .../accesscontroller/SpringSecurityManager.java | 3 +- .../at/gv/egiz/bku/online/conf/Configurator.java | 98 ------ .../egiz/bku/online/conf/SpringConfigurator.java | 209 +++--------- .../gv/egiz/bku/online/webapp/ResultServlet.java | 6 +- .../egiz/bku/online/webapp/SpringBKUServlet.java | 14 +- .../gv/egiz/bku/online/conf/defaultConf.properties | 5 + .../src/main/webapp/WEB-INF/applicationContext.xml | 4 +- .../java/at/gv/egiz/bku/conf/Configurator.java | 351 +++++++++++++++++++++ pom.xml | 1 + .../at/gv/egiz/bku/local/ui/TrayIconDialog.java | 2 +- 25 files changed, 1169 insertions(+), 691 deletions(-) delete mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java create mode 100644 BKULocalApp/keystore.ks create mode 100644 BKULocalApp/pom.xml create mode 100644 BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java create mode 100644 BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/CA.java create mode 100644 BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/Container.java create mode 100644 BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip create mode 100644 BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/UIMessages.properties create mode 100644 BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/favicon.png create mode 100644 BKULocalApp/src/main/resources/log4j.properties delete mode 100644 BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java create mode 100644 bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 49ec95a0..204fa6b9 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -13,7 +13,53 @@ war BKU Local 1.0-SNAPSHOT - + + + + scm:svn:svn://svn.egovlabs.gv.at/svnroot/mocca/trunk/BKULocal + scm:svn:svn://svn.egovlabs.gv.at/svnroot/mocca/trunk/BKULocal + scm:svn:svn://svn.egovlabs.gv.at/svnroot/mocca/trunk/BKULocal + + + + + maven-war-plugin + 2.0.2 + + + + true + + + + + + ${project.version}-r${buildNumber} + + + + + + + org.codehaus.mojo + maven-buildnumber-plugin + 0.9.6 + + + validate + + create + + + + + false + false + + + + + at.gv.egiz diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java index b547bf6a..3f50fc78 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/accesscontroller/SpringSecurityManager.java @@ -1,65 +1,65 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package at.gv.egiz.bku.local.accesscontroller; import java.io.IOException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer; import org.springframework.context.ResourceLoaderAware; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; -import at.gv.egiz.bku.local.conf.Configurator; +import at.gv.egiz.bku.conf.Configurator; public class SpringSecurityManager extends SecurityManagerFacade implements - ResourceLoaderAware { + ResourceLoaderAware { - private ResourceLoader resourceLoader; + private ResourceLoader resourceLoader; - private static Log log = LogFactory.getLog(SpringSecurityManager.class); + private static Log log = LogFactory.getLog(SpringSecurityManager.class); - protected Configurator config; + protected Configurator config; - public void setConfig(Configurator config) { - this.config = config; - } + public void setConfig(Configurator config) { + this.config = config; + } - public void init() { - String noMatch = config.getProperty("AccessController.acceptNoMatch"); - if (noMatch != null) { - log.debug("Setting allow now match to: " + noMatch); - setAllowUnmatched(Boolean.getBoolean(noMatch)); - } - String policy = config.getProperty("AccessController.policyResource"); - log.info("Loading resource: " + policy); - try { - Resource res = resourceLoader.getResource(policy); - init(res.getInputStream()); - } catch (IOException e) { - log.error(e); - } - } + public void init() { + String noMatch = config.getProperty("AccessController.acceptNoMatch"); + if (noMatch != null) { + log.debug("Setting allow now match to: " + noMatch); + setAllowUnmatched(Boolean.getBoolean(noMatch)); + } + String policy = config.getProperty("AccessController.policyResource"); + policy = policy.replace("${user.home}", System.getProperty("user.home")); + log.info("Loading resource: " + policy); + try { + Resource res = resourceLoader.getResource(policy); + init(res.getInputStream()); + } catch (IOException e) { + log.error(e); + } + } - @Override - public void setResourceLoader(ResourceLoader loader) { - this.resourceLoader = loader; - } + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } } diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java deleted file mode 100644 index 57a0f84f..00000000 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/Configurator.java +++ /dev/null @@ -1,103 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.local.conf; - -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; -import iaik.xml.crypto.XSecProvider; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.security.Provider; -import java.security.Security; -import java.util.Properties; - -import javax.net.ssl.HttpsURLConnection; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; -import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; - -/** - * - * TODO currently only the code to get started. - */ -public abstract class Configurator { - - private Log log = LogFactory.getLog(Configurator.class); - - private static Configurator instance = new SpringConfigurator(); - - protected Properties properties; - - protected Configurator() { - } - - public static Configurator getInstance() { - return instance; - } - - protected void configUrlConnections() { - HttpsURLConnection.setFollowRedirects(false); - HttpURLConnection.setFollowRedirects(false); - } - - protected void configureProviders() { - log.debug("Registering security providers"); - Security.insertProviderAt(new IAIK(), 1); - Security.insertProviderAt(new ECCProvider(false), 2); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); - StringBuilder sb = new StringBuilder(); - sb.append("Registered providers: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); - } - log.debug(sb.toString()); - } - - protected void configViewer() { - String bv = properties.getProperty("ValidateHashDataInputs"); - if (bv != null) { - DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); - } else { - log.warn("ValidateHashDataInputs not set, falling back to default"); - } - } - - public void configure() { - configureProviders(); - configUrlConnections(); - configViewer(); - } - - public void setConfiguration(Properties props) { - this.properties = props; - } - - public String getProperty(String key) { - if (properties != null) { - return properties.getProperty(key); - } - return null; - } -} diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java index 46668667..bcb96c2f 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/conf/SpringConfigurator.java @@ -19,41 +19,8 @@ package at.gv.egiz.bku.local.conf; import java.io.File; import java.io.FileInputStream; import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.Security; -import java.security.cert.CertPathBuilder; -import java.security.cert.CertStore; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.LDAPCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.PKIXCertPathBuilderResult; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.Iterator; -import java.util.LinkedList; -import java.util.List; +import java.io.InputStream; import java.util.Properties; -import java.util.Set; - -import javax.naming.ldap.LdapContext; -import javax.naming.ldap.LdapReferralException; -import javax.net.ssl.CertPathTrustManagerParameters; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.ManagerFactoryParameters; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.net.ssl.X509TrustManager; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -61,8 +28,7 @@ import org.springframework.context.ResourceLoaderAware; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; -import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.conf.Configurator; import at.gv.egiz.bku.slexceptions.SLRuntimeException; public class SpringConfigurator extends Configurator implements @@ -73,15 +39,16 @@ public class SpringConfigurator extends Configurator implements private ResourceLoader resourceLoader; public SpringConfigurator() { - File configDir = new File(System.getProperty("user.home") + "/.bku/conf"); - if (configDir.exists()) { - log.debug("Found existing config directory: " + configDir); - } else { - log.info("Config dir not existing, creating new"); - if (!configDir.mkdirs()) { - log.error("Cannot create directory: " + configDir); - } - } + // File configDir = new File(System.getProperty("user.home") + + // "/.bku/conf"); + // if (configDir.exists()) { + // log.debug("Found existing config directory: " + configDir); + // } else { + // log.info("Config dir not existing, creating new"); + // if (!configDir.mkdirs()) { + // log.error("Cannot create directory: " + configDir); + // } + // } } public void setResource(Resource resource) { @@ -99,248 +66,75 @@ public class SpringConfigurator extends Configurator implements } } - public void configureVersion() { - Properties p = new Properties(); - try { - p.load(resourceLoader.getResource("META-INF/MANIFEST.MF") - .getInputStream()); - String version = p.getProperty("Implementation-Build"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA " + version); - DataUrl.setConfiguration(properties); - log.debug("Setting user agent to: " - + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); - } catch (IOException e) { - log.error(e); - } - } - + @Override public void configure() { + if (properties == null) { + defaultInit(); + } super.configure(); - configureSSL(); - configureVersion(); - configureNetwork(); } - public void configureNetwork() { - String proxy = getProperty("HTTPProxyHost"); - String portString = getProperty("HTTPProxyPort"); - if ((proxy == null) || (proxy.equals(""))) { - log.info("No proxy configured"); - } else { - log.info("Setting proxy to: " + proxy + ":" + portString); - System.setProperty("proxyHost", proxy); - System.setProperty("proxyPort", portString); - } - String timeout = getProperty("DefaultSocketTimeout"); - if ((timeout != null) && (!timeout.equals(""))) { - System.setProperty("sun.net.client.defaultConnectTimeout", timeout); + public void defaultInit() { + Properties props = new Properties(); + try { + props.load(new FileInputStream(System.getProperty("user.home") + + "/.mocca/war/mocca.war")); + super.setConfiguration(props); + } catch (IOException e) { + log.error("Cannot load config", e); } } - private Set getCACerts() throws IOException, - CertificateException { - Set caCerts = new HashSet(); - String caDirectory = getProperty("SSL.caDirectory"); - if (caDirectory != null) { - Resource caDirRes = resourceLoader.getResource(caDirectory); - File caDir = caDirRes.getFile(); - if (!caDir.isDirectory()) { - log.error("Expecting directory as SSL.caDirectory parameter"); - throw new SLRuntimeException( - "Expecting directory as SSL.caDirectory parameter"); - } - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : caDir.listFiles()) { - try { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); - fis.close(); - log.debug("Adding trusted cert " + cert.getSubjectDN()); - caCerts.add(new TrustAnchor(cert, null)); - } catch (Exception e) { - log.error("Cannot add trusted ca", e); - } - } - return caCerts; - - } else { - log.warn("No CA certificates configured"); - } - return null; + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; } - private List getCertstore() throws IOException, - CertificateException, InvalidAlgorithmParameterException, - NoSuchAlgorithmException { - List resultList = new ArrayList(); - String certDirectory = getProperty("SSL.certDirectory"); - if (certDirectory != null) { - Resource certDirRes = resourceLoader.getResource(certDirectory); - - File certDir = certDirRes.getFile(); + private File getDirectory(String property) { + property = property + .replace("${user.home}", System.getProperty("user.home")); + if (property != null) { + Resource certDirRes = resourceLoader.getResource(property); + File certDir; + try { + certDir = certDirRes.getFile(); + } catch (IOException e) { + log.error("Cannot get cert directory", e); + throw new SLRuntimeException(e); + } if (!certDir.isDirectory()) { log.error("Expecting directory as SSL.certDirectory parameter"); throw new SLRuntimeException( "Expecting directory as SSL.certDirectory parameter"); } - List certCollection = new LinkedList(); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : certDir.listFiles()) { - try { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); - certCollection.add(cert); - fis.close(); - log - .trace("Added following cert to certstore: " - + cert.getSubjectDN()); - } catch (Exception ex) { - log.error("Cannot add certificate", ex); - } - } - CollectionCertStoreParameters csp = new CollectionCertStoreParameters( - certCollection); - resultList.add(CertStore.getInstance("Collection", csp)); - log.info("Added collection certstore"); - } else { - log.warn("No certstore directory configured"); - } - String ldapHost = getProperty("SSL.ldapServer"); - if ((ldapHost != null) && (!"".equals(ldapHost))) { - String ldapPortString = getProperty("SSL.ldapPort"); - int ldapPort = 389; - if (ldapPortString != null) { - try { - ldapPort = Integer.parseInt(ldapPortString); - } catch (NumberFormatException nfe) { - log.error("Invalid ldap port, using default 389"); - } - } else { - log.warn("ldap port not specified, using default 389"); - } - LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters( - ldapHost, ldapPort); - resultList.add(CertStore.getInstance("LDAP", ldapParams)); - log.info("Added LDAP certstore"); + return certDir; } - return resultList; - } - - public void configureSSL() { - Set caCerts = null; - try { - caCerts = getCACerts(); - } catch (Exception e1) { - log.error("Cannot load CA certificates", e1); - } - List certStoreList = null; - try { - certStoreList = getCertstore(); - } catch (Exception e1) { - log.error("Cannot load certstore certificates", e1); - } - String aia = getProperty("SSL.useAIA"); - if ((aia == null) || (aia.equals(""))) { - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - } else { - System.setProperty("com.sun.security.enableAIAcaIssuers", aia); - } - String lifetime = getProperty("SSL.cache.lifetime"); - if ((lifetime == null) || (lifetime.equals(""))) { - System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0"); - } else { - System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime); - } - X509CertSelector selector = new X509CertSelector(); - PKIXBuilderParameters pkixParams; - try { - pkixParams = new PKIXBuilderParameters(caCerts, selector); - if ((getProperty("SSL.doRevocationChecking") != null) - && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { - log.info("Enable revocation checking"); - System.setProperty("com.sun.security.enableCRLDP", "true"); - Security.setProperty("ocsp.enable", "true"); - } else { - log.warn("Revocation checking disabled"); - } - for (CertStore cs : certStoreList) { - pkixParams.addCertStore(cs); - } - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab; - trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); - KeyManager[] km = null; - SSLContext sslCtx = SSLContext - .getInstance(getProperty("SSL.sslProtocol")); - String disableAll = getProperty("SSL.disableAllChecks"); - if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { - log.warn("--------------------------------------"); - log.warn(" Disabling SSL Certificate Validation "); - log.warn("--------------------------------------"); - - sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, - certStoreList) }, null); - } else { - sslCtx.init(km, trustFab.getTrustManagers(), null); - } - HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); - } catch (Exception e) { - log.error("Cannot configure SSL", e); - } - String disableAll = getProperty("SSL.disableAllChecks"); - if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { - log.warn("---------------------------------"); - log.warn(" Disabling Hostname Verification "); - log.warn("---------------------------------"); - HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { - @Override - public boolean verify(String hostname, SSLSession session) { - return true; - } - }); - } - } - - @Override - public void setResourceLoader(ResourceLoader loader) { - this.resourceLoader = loader; - } -} - -class MyTrustManager implements X509TrustManager { - private static Log log = LogFactory.getLog(MyTrustManager.class); - private X509Certificate[] trustedCerts; + return null; - public MyTrustManager(Set caCerts, List cs) { - trustedCerts = new X509Certificate[caCerts.size()]; - int i = 0; - for (Iterator it = caCerts.iterator(); it.hasNext();) { - TrustAnchor ta = it.next(); - trustedCerts[i++] = ta.getTrustedCert(); - } } @Override - public void checkClientTrusted(X509Certificate[] arg0, String arg1) - throws CertificateException { - log.error("Did not expect this method to get called"); - throw new CertificateException("Method not implemented"); + protected File getCADir() { + String caDirectory = getProperty("SSL.caDirectory"); + return getDirectory(caDirectory); } @Override - public void checkServerTrusted(X509Certificate[] certs, String arg1) - throws CertificateException { - log.warn("-------------------------------------"); - log.warn("SSL Certificate Validation Disabled !"); - log.warn("-------------------------------------"); + protected File getCertDir() { + String certDirectory = getProperty("SSL.certDirectory"); + return getDirectory(certDirectory); } @Override - public X509Certificate[] getAcceptedIssuers() { - return trustedCerts; + protected InputStream getManifest() { + Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF"); + if ((r != null) && r.isReadable()) { + try { + return r.getInputStream(); + } catch (IOException e) { + log.error("Cannot read manifest data:" + e); + } + } + return null; } - } \ No newline at end of file diff --git a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties index 29bdd1ed..8ae5bf6d 100644 --- a/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties +++ b/BKULocal/src/main/resources/at/gv/egiz/bku/local/conf/defaultConf.properties @@ -51,10 +51,11 @@ SSL.disableAllChecks=false # ------------ END SSL Config -------------------- ValidateHashDataInputs=true +AppletTimeout=300000 -HTTPProxyHost= -HTTPProxyPort= -DefaultSocketTimeout=200 +#HTTPProxyHost= +#HTTPProxyPort= +#DefaultSocketTimeout=200 diff --git a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml index c6a5088a..a4003a2a 100644 --- a/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKULocal/src/main/webapp/WEB-INF/applicationContext.xml @@ -21,6 +21,7 @@ + @@ -47,10 +48,11 @@ - - + diff --git a/BKULocalApp/keystore.ks b/BKULocalApp/keystore.ks new file mode 100644 index 00000000..824c3a40 Binary files /dev/null and b/BKULocalApp/keystore.ks differ diff --git a/BKULocalApp/pom.xml b/BKULocalApp/pom.xml new file mode 100644 index 00000000..e2d17d7c --- /dev/null +++ b/BKULocalApp/pom.xml @@ -0,0 +1,131 @@ + + + bku + at.gv.egiz + 1.0-SNAPSHOT + + 4.0.0 + at.gv.egiz.bku + BKULocalApp + + 1.0-SNAPSHOT + + + + + + maven-compiler-plugin + org.apache.maven.plugins + 2.0.2 + + 1.6 + 1.6 + true + true + + + + + + + maven-dependency-plugin + + + + copywar + + copy + + + + + at.gv.egiz + BKULocal + 1.0-SNAPSHOT + war + + + + ${project.build.directory}/classes + + + + + unpack-dependencies + + unpack-dependencies + + + javax/xml/crypto/**, demo/**, + junit/**, w3/**, org/etsi/**, META-INF/** + ${project.build.directory}/classes + true + true + + + + + + + + maven-jar-plugin + + + + sign + + + + + + false + false + + false + true + + + test-applet signer + ./keystore.ks + storepass + keypass + true + + + + + + + + + commons-logging + commons-logging + 1.1.1 + compile + + + at.gv.egiz + BKULocal + 1.0-SNAPSHOT + war + + + utils + at.gv.egiz + 1.0-SNAPSHOT + compile + + + commons-cli + commons-cli + 1.0 + + + org.mortbay.jetty + jetty + 6.1.10 + + + + \ No newline at end of file diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java new file mode 100644 index 00000000..091843e1 --- /dev/null +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/BKULauncher.java @@ -0,0 +1,222 @@ +package at.gv.egiz.bku.local.app; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.security.KeyStore; +import java.util.Enumeration; +import java.util.Locale; +import java.util.MissingResourceException; +import java.util.ResourceBundle; +import java.util.zip.ZipEntry; +import java.util.zip.ZipFile; + +import org.apache.commons.cli.CommandLine; +import org.apache.commons.cli.CommandLineParser; +import org.apache.commons.cli.HelpFormatter; +import org.apache.commons.cli.Options; +import org.apache.commons.cli.ParseException; +import org.apache.commons.cli.PosixParser; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.local.ui.BKUControllerInterface; +import at.gv.egiz.bku.local.ui.TrayIconDialog; +import at.gv.egiz.bku.utils.StreamUtil; + +public class BKULauncher implements BKUControllerInterface { + private static Log log = LogFactory.getLog(BKULauncher.class); + + private ResourceBundle resourceBundle = null; + private Container server; + + private void startUpServer() throws Exception { + server = new Container(); + // XmlConfiguration xcfg = new XmlConfiguration(getClass().getClassLoader() + // .getResourceAsStream("at/gv/egiz/bku/local/app/jetty.xml")); + // xcfg.configure(server); + server.init(); + server.start(); + } + + private void initTrayIcon() { + Locale loc = Locale.getDefault(); + try { + resourceBundle = ResourceBundle.getBundle( + "at/gv/egiz/bku/local/ui/UIMessages", loc); + } catch (MissingResourceException mx) { + resourceBundle = ResourceBundle.getBundle( + "at/gv/egiz/bku/local/ui/UIMessages", Locale.ENGLISH); + } + TrayIconDialog.getInstance().init(resourceBundle); + TrayIconDialog.getInstance().setShutdownHook(this); + TrayIconDialog.getInstance().displayInfo("Greetings.Caption", + "Greetings.Message"); + } + + private void initFinished() { + try { + server.join(); + } catch (InterruptedException e) { + log.info(e); + } + } + + private void copyDirs(File srcDir, File dstDir) { + for (File cf : srcDir.listFiles()) { + File of = new File(dstDir, cf.getName()); + if (cf.isDirectory()) { + log.debug("Creating directory: " + of); + of.mkdir(); + copyDirs(cf, of); + } else { + log.debug("Writing file: " + of); + try { + FileInputStream fis = new FileInputStream(cf); + FileOutputStream fos = new FileOutputStream(of); + StreamUtil.copyStream(fis, fos); + fis.close(); + fos.close(); + } catch (IOException e) { + log.error("Cannot copy default configuration", e); + } + } + } + } + + private void unzip(File zipfile) throws IOException { + File dir = zipfile.getParentFile(); + ZipFile zipFile = new ZipFile(zipfile); + Enumeration entries = zipFile.entries(); + while (entries.hasMoreElements()) { + ZipEntry entry = entries.nextElement(); + File eF = new File(dir, entry.getName()); + if (entry.isDirectory()) { + eF.mkdirs(); + continue; + } + File f = new File(eF.getParent()); + f.mkdirs(); + StreamUtil.copyStream(zipFile.getInputStream(entry), + new FileOutputStream(eF)); + } + zipFile.close(); + } + + private void checkConfig(String[] args) { + CommandLineParser parser = new PosixParser(); + Options options = new Options(); + options.addOption("c", true, "the configuration's base directory"); + options.addOption("h", false, "print this message"); + try { + File cfgDir = new File(System.getProperty("user.home") + "/.mocca/conf"); + CommandLine cmd = parser.parse(options, args); + if (cmd.hasOption("h")) { + HelpFormatter formatter = new HelpFormatter(); + formatter.printHelp("BKULauncher", options); + System.exit(0); + } + + if (cmd.hasOption("c")) { + cfgDir = new File(cmd.getOptionValue("c")); + } + log.debug("using config directory: " + cfgDir); + if (cfgDir.exists() && cfgDir.isFile()) { + log.error("Configuration directory must not be a file"); + } + if (!cfgDir.exists()) { + log.debug("Creating config directory: " + cfgDir); + cfgDir.mkdirs(); + try { + InputStream is = getClass().getClassLoader().getResourceAsStream( + "at/gv/egiz/bku/local/defaultConf/template.zip"); + OutputStream os = new FileOutputStream(new File(cfgDir, + "template.zip")); + StreamUtil.copyStream(is, os); + os.close(); + unzip(new File(cfgDir, "template.zip")); + } catch (IOException iox) { + log.error("Cannot create user directory", iox); + return; + } + CA ca = new CA(); + char[] password = "changeMe".toCharArray(); + KeyStore ks = ca.generateKeyStore(password); + if (ks != null) { + File ksdir = new File(cfgDir, "keystore"); + ksdir.mkdirs(); + FileOutputStream fos; + try { + fos = new FileOutputStream(new File(ksdir, "keystore.ks")); + ks.store(fos, password); + fos.close(); + } catch (Exception e) { + log.error("Cannot store keystore", e); + } + } else { + log.error("Cannot create ssl certificate"); + } + } + } catch (ParseException e1) { + log.error(e1); + HelpFormatter formatter = new HelpFormatter(); + formatter.printHelp("BKULauncher", options); + System.exit(0); + } + } + + public void jwsHack() { + InputStream is = getClass().getClassLoader().getResourceAsStream( + "BKULocal-1.0-SNAPSHOT.war"); + File f = new File(System.getProperty("user.home") + "/.mocca/war"); + f.mkdirs(); + try { + OutputStream os = new FileOutputStream(new File(f, "mocca.war")); + StreamUtil.copyStream(is, os); + os.close(); + } catch (Exception e) { + log.error(e); + } + } + + /** + * @param args + */ + public static void main(String[] args) { + + try { + BKULauncher launcher = new BKULauncher(); + //launcher.jwsHack(); + launcher.checkConfig(args); + launcher.startUpServer(); + launcher.initTrayIcon(); + launcher.initFinished(); + } catch (Exception e) { + log.fatal("Cannot launch BKU", e); + System.exit(-1000); + } + + } + + public void shutDown() { + log.info("Shutting down server"); + if ((server != null) && (server.isRunning())) { + try { + if (server.isRunning()) { + server.stop(); + } + } catch (Exception e) { + log.debug(e.toString()); + } finally { + if (server.isRunning()) { + server.destroy(); + } + } + } + System.exit(0); + } + +} diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/CA.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/CA.java new file mode 100644 index 00000000..31d21ef7 --- /dev/null +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/CA.java @@ -0,0 +1,117 @@ +package at.gv.egiz.bku.local.app; + +import iaik.asn1.ObjectID; +import iaik.asn1.structures.AlgorithmID; +import iaik.asn1.structures.Name; +import iaik.x509.X509Certificate; +import iaik.x509.extensions.BasicConstraints; +import iaik.x509.extensions.KeyUsage; + +import java.math.BigInteger; +import java.net.InetAddress; +import java.net.UnknownHostException; +import java.security.GeneralSecurityException; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.KeyStore; +import java.security.NoSuchAlgorithmException; +import java.util.Calendar; +import java.util.GregorianCalendar; +import java.util.Random; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +public class CA { + private final static Log log = LogFactory.getLog(CA.class); + + private KeyPair caKeyPair; + private X509Certificate caCert; + + private KeyPair serverKeyPair; + private X509Certificate serverCert; + + public CA() { + } + + private KeyPair generateKeyPair() throws NoSuchAlgorithmException { + KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA"); + gen.initialize(2048); + return gen.generateKeyPair(); + } + + private void generateCA() throws GeneralSecurityException { + log.debug("Generating CA certificate"); + Name subject = new Name(); + subject.addRDN(ObjectID.country, "AT"); + subject.addRDN(ObjectID.organization, "MOCCA"); + subject.addRDN(ObjectID.organizationalUnit, "MOCCA-CA"); + + caKeyPair = generateKeyPair(); + caCert = new X509Certificate(); + caCert.setSerialNumber(new BigInteger(20, new Random())); + caCert.setSubjectDN(subject); + caCert.setPublicKey(caKeyPair.getPublic()); + caCert.setIssuerDN(subject); + + caCert.addExtension(new BasicConstraints(true)); + caCert.addExtension(new KeyUsage(KeyUsage.keyCertSign | KeyUsage.cRLSign + | KeyUsage.digitalSignature)); + + GregorianCalendar date = new GregorianCalendar(); + date.add(Calendar.HOUR_OF_DAY, -1); + caCert.setValidNotBefore(date.getTime()); + date.add(Calendar.YEAR, 7); + caCert.setValidNotAfter(date.getTime()); + caCert.sign(AlgorithmID.sha1WithRSAEncryption, caKeyPair.getPrivate()); + log.debug("Successfully signed CA certificate"); + } + + private void generateServerCert() throws GeneralSecurityException { + log.debug("Generating SSL certificate"); + Name subject = new Name(); + subject.addRDN(ObjectID.country, "AT"); + subject.addRDN(ObjectID.organization, "MOCCA"); + try { + subject.addRDN(ObjectID.commonName, InetAddress.getLocalHost() + .getHostName()); + } catch (UnknownHostException e) { + subject.addRDN(ObjectID.commonName, "localhost"); + } + serverKeyPair = generateKeyPair(); + serverCert = new X509Certificate(); + serverCert.setSerialNumber(new BigInteger(20, new Random())); + serverCert.setSubjectDN(subject); + serverCert.setPublicKey(serverKeyPair.getPublic()); + serverCert.setIssuerDN(caCert.getSubjectDN()); + + serverCert.addExtension(new BasicConstraints(false)); + serverCert.addExtension(new KeyUsage(KeyUsage.keyEncipherment + | KeyUsage.digitalSignature)); + + GregorianCalendar date = new GregorianCalendar(); + date.add(Calendar.HOUR_OF_DAY, -1); + serverCert.setValidNotBefore(date.getTime()); + date.add(Calendar.YEAR, 7); + date.add(Calendar.HOUR_OF_DAY, -1); + serverCert.setValidNotAfter(date.getTime()); + serverCert.sign(AlgorithmID.sha1WithRSAEncryption, caKeyPair.getPrivate()); + log.debug("Successfully signed server certificate"); + caKeyPair = null; + } + + public KeyStore generateKeyStore(char[] password) { + try { + generateCA(); + generateServerCert(); + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(null, null); + ks.setKeyEntry("server", serverKeyPair.getPrivate(), password, new X509Certificate[]{serverCert, caCert}); + return ks; + } catch (Exception e) { + log.error("Cannot generate certificate", e); + } + return null; + } + +} diff --git a/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/Container.java b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/Container.java new file mode 100644 index 00000000..690639f4 --- /dev/null +++ b/BKULocalApp/src/main/java/at/gv/egiz/bku/local/app/Container.java @@ -0,0 +1,98 @@ +package at.gv.egiz.bku.local.app; + +import java.io.File; +import java.io.IOException; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.mortbay.jetty.Connector; +import org.mortbay.jetty.Handler; +import org.mortbay.jetty.Server; +import org.mortbay.jetty.handler.DefaultHandler; +import org.mortbay.jetty.handler.HandlerCollection; +import org.mortbay.jetty.nio.SelectChannelConnector; +import org.mortbay.jetty.security.SslSocketConnector; +import org.mortbay.jetty.webapp.WebAppClassLoader; +import org.mortbay.jetty.webapp.WebAppContext; +import org.mortbay.thread.QueuedThreadPool; + +public class Container { + + private static Log log = LogFactory.getLog(Container.class); + + private Server server; + + public Container() { + } + + public void init() { + Thread.currentThread().setContextClassLoader(ClassLoader.getSystemClassLoader()); + log.debug("-----------------> "+ClassLoader.getSystemClassLoader()); + server = new Server(); + QueuedThreadPool qtp = new QueuedThreadPool(); + qtp.setMaxThreads(5); + qtp.setMinThreads(2); + qtp.setLowThreads(0); + server.setThreadPool(qtp); + server.setStopAtShutdown(true); + server.setGracefulShutdown(3000); + + SelectChannelConnector connector = new SelectChannelConnector(); + connector.setPort(3495); + connector.setAcceptors(1); + connector.setConfidentialPort(3496); + + SslSocketConnector sslConnector = new SslSocketConnector(); + sslConnector.setPort(3496); + sslConnector.setAcceptors(1); + sslConnector.setKeystore(System.getProperty("user.home") + + "/.mocca/conf/keystore/keystore.ks"); + sslConnector.setPassword("changeMe"); + sslConnector.setKeyPassword("changeMe"); + + server.setConnectors(new Connector[] { connector, sslConnector }); + HandlerCollection handlers = new HandlerCollection(); + + WebAppContext webappcontext = new WebAppContext(); + webappcontext.setContextPath("/"); + webappcontext.setExtractWAR(false); + + File tmpDir = new File(System.getProperty("user.home") + "/.mocca/tmp"); + // tmpDir.mkdirs(); + // webappcontext.setTempDirectory(tmpDir); + try { + File f = new File(System.getProperty("user.home") + + "/.mocca/war/mocca.war"); + log.debug("Deploying war: " + f.getCanonicalPath()); + if (!f.exists()) { + log.error("WAR file does not exist, cannot run MOCCA"); + } + webappcontext.setWar(f.getParent()); + } catch (IOException e) { + log.error(e); + } + handlers.setHandlers(new Handler[] { webappcontext, new DefaultHandler() }); + + server.setHandler(handlers); + } + + public void start() throws Exception { + server.start(); + } + + public boolean isRunning() { + return server.isRunning(); + } + + public void stop() throws Exception { + server.stop(); + } + + public void destroy() { + server.destroy(); + } + + public void join() throws InterruptedException { + server.join(); + } +} \ No newline at end of file diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip new file mode 100644 index 00000000..f57e8930 Binary files /dev/null and b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/defaultConf/template.zip differ diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/UIMessages.properties b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/UIMessages.properties new file mode 100644 index 00000000..873d03ef --- /dev/null +++ b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/UIMessages.properties @@ -0,0 +1,13 @@ +#-------- tray icon messages ------- +TrayMenu.Tooltip=MOCCA +TrayMenu.Shutdown=MOCCA Beenden + +Greetings.Message=MOCCA up and running +Greetings.Caption=MOCCA Started + +Message.RequestCaption=New Request +Message.InfoboxReadRequest=Reading Infobox +Message.SecureSignatureKeypair=Reading secure signature certificate +Message.CertifiedKeypair=Reading certified certificate +Message.IdentityLink=Reading Identitylink +Message.SignRequest=Creating Signature \ No newline at end of file diff --git a/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/favicon.png b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/favicon.png new file mode 100644 index 00000000..2d0276de Binary files /dev/null and b/BKULocalApp/src/main/resources/at/gv/egiz/bku/local/ui/favicon.png differ diff --git a/BKULocalApp/src/main/resources/log4j.properties b/BKULocalApp/src/main/resources/log4j.properties new file mode 100644 index 00000000..fcdcb8e8 --- /dev/null +++ b/BKULocalApp/src/main/resources/log4j.properties @@ -0,0 +1,16 @@ +# loglever DEBUG, appender STDOUT +log4j.rootLogger=TRACE, STDOUT, file + +# STDOUT appender +log4j.appender.STDOUT=org.apache.log4j.ConsoleAppender +log4j.appender.STDOUT.layout=org.apache.log4j.PatternLayout +#log4j.appender.STDOUT.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +#log4j.appender.STDOUT.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n +log4j.appender.STDOUT.layout.ConversionPattern=%-5p |%d | %t | %c %x- %m%n + +### FILE appender +log4j.appender.file=org.apache.log4j.DailyRollingFileAppender +log4j.appender.file.datePattern='.'yyyy-MM-dd +log4j.appender.file.File=${user.home}/.mocca/logs/mocca.log +log4j.appender.file.layout=org.apache.log4j.PatternLayout +log4j.appender.file.layout.ConversionPattern=%d{ABSOLUTE} %5p %c{1}:%L - %m%n \ No newline at end of file diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java index 3d0df8c4..5795478b 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/accesscontroller/SpringSecurityManager.java @@ -25,7 +25,7 @@ import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; import at.gv.egiz.bku.accesscontroller.SecurityManagerFacade; -import at.gv.egiz.bku.online.conf.Configurator; +import at.gv.egiz.bku.conf.Configurator; public class SpringSecurityManager extends SecurityManagerFacade implements ResourceLoaderAware { @@ -60,5 +60,4 @@ public class SpringSecurityManager extends SecurityManagerFacade implements public void setResourceLoader(ResourceLoader loader) { this.resourceLoader = loader; } - } diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java deleted file mode 100644 index c09abcc1..00000000 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/Configurator.java +++ /dev/null @@ -1,98 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.online.conf; - -import iaik.security.ecc.provider.ECCProvider; -import iaik.security.provider.IAIK; -import iaik.xml.crypto.XSecProvider; - -import java.io.IOException; -import java.net.HttpURLConnection; -import java.security.Provider; -import java.security.Security; -import java.util.Properties; - -import javax.net.ssl.HttpsURLConnection; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; -import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; -import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; - -/** - * - * TODO currently only the code to get started. - */ -public abstract class Configurator { - - private Log log = LogFactory.getLog(Configurator.class); - - private static Configurator instance = new SpringConfigurator(); - - protected Properties properties; - - protected Configurator() { - } - - public static Configurator getInstance() { - return instance; - } - - protected void configUrlConnections() { - HttpsURLConnection.setFollowRedirects(false); - HttpURLConnection.setFollowRedirects(false); - } - - protected void configureProviders() { - log.debug("Registering security providers"); - Security.insertProviderAt(new IAIK(), 1); - Security.insertProviderAt(new ECCProvider(false), 2); - Security.addProvider(new STALProvider()); - XSecProvider.addAsProvider(false); - StringBuilder sb = new StringBuilder(); - sb.append("Registered providers: "); - int i = 1; - for (Provider prov : Security.getProviders()) { - sb.append((i++) + ". : " + prov); - } - log.debug(sb.toString()); - } - - protected void configViewer() { - DataObject.enableHashDataInputValidation(Boolean.parseBoolean(properties.getProperty("ValidateHashDataInputs"))); - } - - public void configure() { - configureProviders(); - configUrlConnections(); - configViewer(); - } - - public void setConfiguration(Properties props) { - this.properties = props; - } - - public String getProperty(String key) { - if (properties != null) { - return properties.getProperty(key); - } - return null; - } -} diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index d213dd36..a369d829 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -17,31 +17,9 @@ package at.gv.egiz.bku.online.conf; import java.io.File; -import java.io.FileInputStream; import java.io.IOException; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.security.Security; -import java.security.cert.CertStore; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.CollectionCertStoreParameters; -import java.security.cert.PKIXBuilderParameters; -import java.security.cert.TrustAnchor; -import java.security.cert.X509CertSelector; -import java.security.cert.X509Certificate; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; +import java.io.InputStream; import java.util.Properties; -import java.util.Set; - -import javax.net.ssl.CertPathTrustManagerParameters; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.ManagerFactoryParameters; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManagerFactory; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; @@ -49,8 +27,8 @@ import org.springframework.context.ResourceLoaderAware; import org.springframework.core.io.Resource; import org.springframework.core.io.ResourceLoader; -import at.gv.egiz.bku.binding.DataUrl; -import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.conf.Configurator; +import at.gv.egiz.bku.online.webapp.SpringBKUServlet; import at.gv.egiz.bku.slexceptions.SLRuntimeException; import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory; @@ -76,41 +54,8 @@ public class SpringConfigurator extends Configurator implements } } - public void configureVersion() { - Properties p = new Properties(); - try { - p.load(resourceLoader.getResource("META-INF/MANIFEST.MF") - .getInputStream()); - String version = p.getProperty("Implementation-Build"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, - "citizen-card-environment/1.2 MOCCA " + version); - DataUrl.setConfiguration(properties); - log.debug("Setting user agent to: " - + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); - } catch (IOException e) { - log.error(e); - } - } - - public void configure() { - super.configure(); - configureSSL(); - configureVersion(); - configureNetwork(); - } - public void configureNetwork() { - String proxyHost = getProperty("HTTPProxyHost"); - String proxyPort = getProperty("HTTPProxyPort"); - if (proxyPort == null) { - proxyPort = "80"; - } - if (proxyHost != null) { - log.debug("Setting proxy server to: " + proxyHost + ":" + proxyPort); - System.setProperty("http.proxyHost", proxyHost); - System.setProperty("http.proxyPort", proxyPort); - } - log.debug("No proxy specified"); + super.configureNetwork(); String appletTimeout = getProperty("AppletTimeout"); if ((appletTimeout != null)) { try { @@ -122,128 +67,60 @@ public class SpringConfigurator extends Configurator implements } } - - private Set getCACerts() throws IOException, - CertificateException { - Set caCerts = new HashSet(); - String caDirectory = getProperty("SSL.caDirectory"); - if (caDirectory != null) { - Resource caDirRes = resourceLoader.getResource(caDirectory); - File caDir = caDirRes.getFile(); - if (!caDir.isDirectory()) { - log.error("Expecting directory as SSL.caDirectory parameter"); - throw new SLRuntimeException( - "Expecting directory as SSL.caDirectory parameter"); - } - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : caDir.listFiles()) { - try { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); - fis.close(); - log.debug("Adding trusted cert " + cert.getSubjectDN()); - caCerts.add(new TrustAnchor(cert, null)); - } catch (Exception e) { - log.error("Cannot add trusted ca", e); - } - } - return caCerts; - - } else { - log.warn("No CA certificates configured"); - } - return null; + + public void configure() { + super.configure(); + SpringBKUServlet.setConfigurator(this); } - private CertStore getCertstore() throws IOException, CertificateException, - InvalidAlgorithmParameterException, NoSuchAlgorithmException { - String certDirectory = getProperty("SSL.certDirectory"); - if (certDirectory != null) { - Resource certDirRes = resourceLoader.getResource(certDirectory); + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; + } - File certDir = certDirRes.getFile(); + private File getDirectory(String property) { + if (property != null) { + Resource certDirRes = resourceLoader.getResource(property); + File certDir; + try { + certDir = certDirRes.getFile(); + } catch (IOException e) { + log.error("Cannot get cert directory", e); + throw new SLRuntimeException(e); + } if (!certDir.isDirectory()) { log.error("Expecting directory as SSL.certDirectory parameter"); throw new SLRuntimeException( "Expecting directory as SSL.certDirectory parameter"); } - List certCollection = new LinkedList(); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : certDir.listFiles()) { - try { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); - certCollection.add(cert); - fis.close(); - log - .trace("Added following cert to certstore: " - + cert.getSubjectDN()); - } catch (Exception ex) { - log.error("Cannot add certificate", ex); - } - } - CollectionCertStoreParameters csp = new CollectionCertStoreParameters( - certCollection); - return CertStore.getInstance("Collection", csp); - - } else { - log.warn("No certstore configured"); + return certDir; } return null; + } - public void configureSSL() { - Set caCerts = null; - try { - caCerts = getCACerts(); - } catch (Exception e1) { - log.error("Cannot load CA certificates", e1); - } - CertStore certStore = null; - try { - certStore = getCertstore(); - } catch (Exception e1) { - log.error("Cannot load certstore certificates", e1); - } - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - try { - X509CertSelector selector = new X509CertSelector(); - PKIXBuilderParameters pkixParams; - pkixParams = new PKIXBuilderParameters(caCerts, selector); - if ((getProperty("SSL.doRevocationChecking") != null) - && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { - log.info("Enable revocation checking"); - pkixParams.setRevocationEnabled(true); - System.setProperty("com.sun.security.enableCRLDP", "true"); - Security.setProperty("ocsp.enable", "true"); - } else { - log.warn("Revocation checking disabled"); - pkixParams.setRevocationEnabled(false); - } - pkixParams.addCertStore(certStore); - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab; - try { - trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); - KeyManager[] km = null; - SSLContext sslCtx = SSLContext - .getInstance(getProperty("SSL.sslProtocol")); - sslCtx.init(km, trustFab.getTrustManagers(), null); - HttpsURLConnection - .setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); - } catch (Exception e) { - log.error("Cannot configure SSL", e); - } + @Override + protected File getCADir() { + String caDirectory = getProperty("SSL.caDirectory"); + return getDirectory(caDirectory); + } - } catch (InvalidAlgorithmParameterException e) { - log.error("Cannot configure SSL", e); - } + @Override + protected File getCertDir() { + String certDirectory = getProperty("SSL.certDirectory"); + return getDirectory(certDirectory); } @Override - public void setResourceLoader(ResourceLoader loader) { - this.resourceLoader = loader; + protected InputStream getManifest() { + Resource r = resourceLoader.getResource("META-INF/MANIFEST.MF"); + if (r != null) { + try { + return r.getInputStream(); + } catch (IOException e) { + log.error("Cannot read manifest data:", e); + } + } + return null; } } \ No newline at end of file diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java index b70a6274..9e69099d 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/ResultServlet.java @@ -31,7 +31,7 @@ import org.apache.commons.logging.LogFactory; import at.gv.egiz.bku.binding.HTTPBindingProcessor; import at.gv.egiz.bku.binding.HttpUtil; import at.gv.egiz.bku.binding.IdFactory; -import at.gv.egiz.bku.online.conf.Configurator; +import at.gv.egiz.bku.conf.Configurator; /** * Delivers the result to the browser @@ -108,8 +108,8 @@ public class ResultServlet extends SpringBKUServlet { resp.setHeader("Cache-Control", "no-store"); // HTTP 1.1 resp.setHeader("Pragma", "no-cache"); // HTTP 1.0 resp.setDateHeader("Expires", 0); - if (Configurator.getInstance().getProperty(USER_AGENT_PROPERTY_KEY) != null) { - resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, Configurator.getInstance().getProperty( + if (configurator.getProperty(USER_AGENT_PROPERTY_KEY) != null) { + resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, configurator.getProperty( USER_AGENT_PROPERTY_KEY)); } else { resp.setHeader(HttpUtil.HTTP_HEADER_USER_AGENT, diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java index ec062e42..2c6f522e 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/webapp/SpringBKUServlet.java @@ -16,16 +16,22 @@ */ package at.gv.egiz.bku.online.webapp; -import javax.servlet.http.HttpServlet; - -import at.gv.egiz.bku.binding.BindingProcessorManager; -import at.gv.egiz.bku.online.conf.Configurator; +import javax.servlet.http.HttpServlet; + +import at.gv.egiz.bku.binding.BindingProcessorManager; +import at.gv.egiz.bku.conf.Configurator; public abstract class SpringBKUServlet extends HttpServlet { public final static String BEAN_NAME="bindingProcessorManager"; + protected static Configurator configurator; + protected BindingProcessorManager getBindingProcessorManager() { return (BindingProcessorManager) getServletContext().getAttribute(BEAN_NAME); + } + + public static void setConfigurator(Configurator conf) { + configurator = conf; } } diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index 73d89f22..d7fc5ae9 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -36,6 +36,10 @@ SSL.caDirectory=classpath:at/gv/egiz/bku/online/conf/certs/CACerts SSL.doRevocationChecking=true SSL.sslProtocol=TLS +SSL.cache.lifetime=3600 + +# use authority info access extension to find ca certs. +SSL.useAIA=true # ------------ END SSL Config -------------------- @@ -44,3 +48,4 @@ AppletTimeout=300000 #HTTPProxyHost=taranis.iaik.tugraz.at #HTTPProxyPort=8888 +#DefaultSocketTimeout=200 diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml index 04b07ba4..b074da59 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml @@ -45,8 +45,8 @@ - + diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java new file mode 100644 index 00000000..9a1e7020 --- /dev/null +++ b/bkucommon/src/main/java/at/gv/egiz/bku/conf/Configurator.java @@ -0,0 +1,351 @@ +package at.gv.egiz.bku.conf; + +import iaik.security.ecc.provider.ECCProvider; +import iaik.security.provider.IAIK; +import iaik.xml.crypto.XSecProvider; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.net.HttpURLConnection; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.security.Provider; +import java.security.Security; +import java.security.cert.CertStore; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.CollectionCertStoreParameters; +import java.security.cert.LDAPCertStoreParameters; +import java.security.cert.PKIXBuilderParameters; +import java.security.cert.TrustAnchor; +import java.security.cert.X509CertSelector; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.Iterator; +import java.util.LinkedList; +import java.util.List; +import java.util.Properties; +import java.util.Set; + +import javax.net.ssl.CertPathTrustManagerParameters; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.ManagerFactoryParameters; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; +import javax.net.ssl.X509TrustManager; + +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +import at.gv.egiz.bku.binding.DataUrl; +import at.gv.egiz.bku.binding.DataUrlConnection; +import at.gv.egiz.bku.slcommands.impl.xsect.DataObject; +import at.gv.egiz.bku.slcommands.impl.xsect.STALProvider; +import at.gv.egiz.bku.slexceptions.SLRuntimeException; + +public abstract class Configurator { + private Log log = LogFactory.getLog(Configurator.class); + + protected Properties properties; + + protected Configurator() { + } + + protected abstract File getCertDir(); + + protected abstract File getCADir(); + + protected abstract InputStream getManifest(); + + private Set getCACerts() throws IOException, + CertificateException { + Set caCerts = new HashSet(); + File caDir = getCADir(); + if (caDir != null) { + if (!caDir.isDirectory()) { + log.error("Expecting directory as SSL.caDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.caDirectory parameter"); + } + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : caDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + fis.close(); + log.debug("Adding trusted cert " + cert.getSubjectDN()); + caCerts.add(new TrustAnchor(cert, null)); + } catch (Exception e) { + log.error("Cannot add trusted ca", e); + } + } + return caCerts; + + } else { + log.warn("No CA certificates configured"); + } + return null; + } + + protected List getCertstore() throws IOException, + CertificateException, InvalidAlgorithmParameterException, + NoSuchAlgorithmException { + List resultList = new ArrayList(); + File certDir = getCertDir(); + if (certDir != null) { + if (!certDir.isDirectory()) { + log.error("Expecting directory as SSL.certDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.certDirectory parameter"); + } + List certCollection = new LinkedList(); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : certDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + certCollection.add(cert); + fis.close(); + log + .trace("Added following cert to certstore: " + + cert.getSubjectDN()); + } catch (Exception ex) { + log.error("Cannot add certificate", ex); + } + } + CollectionCertStoreParameters csp = new CollectionCertStoreParameters( + certCollection); + resultList.add(CertStore.getInstance("Collection", csp)); + log.info("Added collection certstore"); + } else { + log.warn("No certstore directory configured"); + } + String ldapHost = getProperty("SSL.ldapServer"); + if ((ldapHost != null) && (!"".equals(ldapHost))) { + String ldapPortString = getProperty("SSL.ldapPort"); + int ldapPort = 389; + if (ldapPortString != null) { + try { + ldapPort = Integer.parseInt(ldapPortString); + } catch (NumberFormatException nfe) { + log.error("Invalid ldap port, using default 389"); + } + } else { + log.warn("ldap port not specified, using default 389"); + } + LDAPCertStoreParameters ldapParams = new LDAPCertStoreParameters( + ldapHost, ldapPort); + resultList.add(CertStore.getInstance("LDAP", ldapParams)); + log.info("Added LDAP certstore"); + } + return resultList; + } + + protected void configUrlConnections() { + HttpsURLConnection.setFollowRedirects(false); + HttpURLConnection.setFollowRedirects(false); + } + + protected void configureProviders() { + log.debug("Registering security providers"); + Security.insertProviderAt(new IAIK(), 1); + Security.insertProviderAt(new ECCProvider(false), 2); + Security.addProvider(new STALProvider()); + XSecProvider.addAsProvider(false); + StringBuilder sb = new StringBuilder(); + sb.append("Registered providers: "); + int i = 1; + for (Provider prov : Security.getProviders()) { + sb.append((i++) + ". : " + prov); + } + log.debug(sb.toString()); + } + + protected void configViewer() { + String bv = properties.getProperty("ValidateHashDataInputs"); + if (bv != null) { + DataObject.enableHashDataInputValidation(Boolean.parseBoolean(bv)); + } else { + log.warn("ValidateHashDataInputs not set, falling back to default"); + } + } + + public void configureNetwork() { + String proxy = getProperty("HTTPProxyHost"); + String portString = getProperty("HTTPProxyPort"); + if ((proxy == null) || (proxy.equals(""))) { + log.info("No proxy configured"); + } else { + log.info("Setting proxy to: " + proxy + ":" + portString); + System.setProperty("proxyHost", proxy); + System.setProperty("proxyPort", portString); + } + String timeout = getProperty("DefaultSocketTimeout"); + if ((timeout != null) && (!timeout.equals(""))) { + System.setProperty("sun.net.client.defaultConnectTimeout", timeout); + } + } + + public void configureVersion() { + Properties p = new Properties(); + try { + InputStream is = getManifest(); + if (is != null) { + p.load(getManifest()); + String version = p.getProperty("Implementation-Build"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA " + version); + DataUrl.setConfiguration(properties); + log + .debug("Setting user agent to: " + + properties + .getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + } else { + log.warn("Cannot read manifest"); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA UNKNOWN"); + DataUrl.setConfiguration(properties); + } + } catch (IOException e) { + log.error(e); + } + } + + public void configure() { + configureProviders(); + configUrlConnections(); + configViewer(); + configureSSL(); + configureVersion(); + configureNetwork(); + } + + public void setConfiguration(Properties props) { + this.properties = props; + } + + public String getProperty(String key) { + if (properties != null) { + return properties.getProperty(key); + } + return null; + } + + public void configureSSL() { + Set caCerts = null; + try { + caCerts = getCACerts(); + } catch (Exception e1) { + log.error("Cannot load CA certificates", e1); + } + List certStoreList = null; + try { + certStoreList = getCertstore(); + } catch (Exception e1) { + log.error("Cannot load certstore certificates", e1); + } + String aia = getProperty("SSL.useAIA"); + if ((aia == null) || (aia.equals(""))) { + System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); + } else { + System.setProperty("com.sun.security.enableAIAcaIssuers", aia); + } + String lifetime = getProperty("SSL.cache.lifetime"); + if ((lifetime == null) || (lifetime.equals(""))) { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", "0"); + } else { + System.setProperty("sun.security.certpath.ldap.cache.lifetime", lifetime); + } + X509CertSelector selector = new X509CertSelector(); + PKIXBuilderParameters pkixParams; + try { + pkixParams = new PKIXBuilderParameters(caCerts, selector); + if ((getProperty("SSL.doRevocationChecking") != null) + && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { + log.info("Enable revocation checking"); + System.setProperty("com.sun.security.enableCRLDP", "true"); + Security.setProperty("ocsp.enable", "true"); + } else { + log.warn("Revocation checking disabled"); + } + for (CertStore cs : certStoreList) { + pkixParams.addCertStore(cs); + } + ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( + pkixParams); + TrustManagerFactory trustFab; + trustFab = TrustManagerFactory.getInstance("PKIX"); + trustFab.init(trustParams); + KeyManager[] km = null; + SSLContext sslCtx = SSLContext + .getInstance(getProperty("SSL.sslProtocol")); + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("--------------------------------------"); + log.warn(" Disabling SSL Certificate Validation "); + log.warn("--------------------------------------"); + + sslCtx.init(km, new TrustManager[] { new MyTrustManager(caCerts, + certStoreList) }, null); + } else { + sslCtx.init(km, trustFab.getTrustManagers(), null); + } + HttpsURLConnection.setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + } catch (Exception e) { + log.error("Cannot configure SSL", e); + } + String disableAll = getProperty("SSL.disableAllChecks"); + if ((disableAll != null) && (Boolean.parseBoolean(disableAll))) { + log.warn("---------------------------------"); + log.warn(" Disabling Hostname Verification "); + log.warn("---------------------------------"); + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + @Override + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + } + } + + private static class MyTrustManager implements X509TrustManager { + private static Log log = LogFactory.getLog(MyTrustManager.class); + private X509Certificate[] trustedCerts; + + public MyTrustManager(Set caCerts, List cs) { + trustedCerts = new X509Certificate[caCerts.size()]; + int i = 0; + for (Iterator it = caCerts.iterator(); it.hasNext();) { + TrustAnchor ta = it.next(); + trustedCerts[i++] = ta.getTrustedCert(); + } + } + + @Override + public void checkClientTrusted(X509Certificate[] arg0, String arg1) + throws CertificateException { + log.error("Did not expect this method to get called"); + throw new CertificateException("Method not implemented"); + } + + @Override + public void checkServerTrusted(X509Certificate[] certs, String arg1) + throws CertificateException { + log.warn("-------------------------------------"); + log.warn("SSL Certificate Validation Disabled !"); + log.warn("-------------------------------------"); + } + + @Override + public X509Certificate[] getAcceptedIssuers() { + return trustedCerts; + } + } +} diff --git a/pom.xml b/pom.xml index dbe2812e..c18a4c2c 100644 --- a/pom.xml +++ b/pom.xml @@ -19,6 +19,7 @@ STALService BKUCommonGUI BKUViewer + BKULocalApp diff --git a/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java b/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java index 5aa74d99..c7aae215 100644 --- a/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java +++ b/utils/src/main/java/at/gv/egiz/bku/local/ui/TrayIconDialog.java @@ -107,7 +107,7 @@ public class TrayIconDialog implements TrayIconDialogInterface { if (isSupported) { SystemTray tray = SystemTray.getSystemTray(); Image image = ImageIO.read(getClass().getClassLoader() - .getResourceAsStream("at/gv/egiz/bku/local/ui/chipperling.png")); + .getResourceAsStream("at/gv/egiz/bku/local/ui/favicon.png")); PopupMenu popup = new PopupMenu(); MenuItem exitItem = new MenuItem(resourceBundel .getString("TrayMenu.Shutdown")); -- cgit v1.2.3 From 520f2a4ee9ae69a06e5355028f5d62ee173cd484 Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 10 Oct 2008 09:42:51 +0000 Subject: git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@98 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../at/gv/egiz/bku/local/stal/BKUGuiProxy.java | 5 ++-- .../at/gv/egiz/bku/local/stal/SMCCSTALFactory.java | 2 +- BKUOnline/src/main/webapp/appletPage.jsp | 31 ++++++++++++++-------- 3 files changed, 24 insertions(+), 14 deletions(-) (limited to 'BKULocal/src/main/java') diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java index 22ab1d6f..d12be9ac 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/BKUGuiProxy.java @@ -7,6 +7,7 @@ import java.awt.event.ActionListener; import java.awt.event.FocusEvent; import java.awt.event.FocusListener; import java.awt.event.WindowEvent; +import java.net.URL; import java.util.List; import javax.swing.JDialog; @@ -36,8 +37,8 @@ public class BKUGuiProxy implements BKUGUIFacade { } @Override - public void init(Container contentPane, String localeString) { - delegate.init(contentPane, localeString); + public void init(Container contentPane, String localeString, URL bgImage) { + delegate.init(contentPane, localeString, bgImage); } @Override diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java index c1a69bd8..08f22595 100644 --- a/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/stal/SMCCSTALFactory.java @@ -47,7 +47,7 @@ public class SMCCSTALFactory implements STALFactory { } dialog = new JDialog(); BKUGUIFacade gui = BKUGUIFactory.createGUI(); - gui.init(dialog.getContentPane(), locale.toString()); + gui.init(dialog.getContentPane(), locale.toString(), null); stal = new SMCCSTAL(new BKUGuiProxy(dialog, gui), dialog, resourceBundle); dialog.setPreferredSize(new Dimension(400, 200)); dialog.setDefaultCloseOperation(WindowConstants.DO_NOTHING_ON_CLOSE); diff --git a/BKUOnline/src/main/webapp/appletPage.jsp b/BKUOnline/src/main/webapp/appletPage.jsp index 11f46dca..6c4aee58 100644 --- a/BKUOnline/src/main/webapp/appletPage.jsp +++ b/BKUOnline/src/main/webapp/appletPage.jsp @@ -19,15 +19,24 @@ - - MOCCA Appletpage - - + +MOCCA Appletpage + + + + + -<% int width= session.getAttribute("appletWidth") == null ? 190 : (Integer)session.getAttribute("appletWidth"); - int height=session.getAttribute("appletHeight") == null ? 130 : (Integer)session.getAttribute("appletHeight"); - String backgroundImg = (String) session.getAttribute("appletBackground"); +<% + int width = session.getAttribute("appletWidth") == null + ? 190 + : (Integer) session.getAttribute("appletWidth"); + int height = session.getAttribute("appletHeight") == null + ? 130 + : (Integer) session.getAttribute("appletHeight"); + String backgroundImg = (String) session + .getAttribute("appletBackground"); %> - - - -

Security-Layer v1.2 Request Formular

+ + +

Security-Layer v1.2 Request Formular

@@ -110,7 +110,7 @@ SecureSignatureKeypair - Ich bin ein einfacher Text. + Ich bin ein einfacher Text. llöäü߀ @@ -120,7 +120,27 @@ - TestXHTML + + +

Heading3 large bold llöäü߀

+

Ich bin ein einfacher Text. llöäü߀

+

Ich bin ein einfacher Text. llöäü߀

+

Ich bin ein einfacher Text. llöäü߀

+

Ich bin ein einfacher Text. llöäü߀

+ + + @@ -145,7 +165,8 @@ --> - + +
Request Parameters

tiny @@ -185,8 +206,9 @@ name="StylesheetURL" value="" id="StylesheetURL">

--> +

-
+
diff --git a/BKUOnline/src/main/webapp/applet.jsp b/BKUOnline/src/main/webapp/applet.jsp index 31f3362b..df0b3ca5 100644 --- a/BKUOnline/src/main/webapp/applet.jsp +++ b/BKUOnline/src/main/webapp/applet.jsp @@ -72,14 +72,13 @@ %> - diff --git a/BKUOnline/src/main/webapp/index.html b/BKUOnline/src/main/webapp/index.html index 5bc01297..b39dafb7 100644 --- a/BKUOnline/src/main/webapp/index.html +++ b/BKUOnline/src/main/webapp/index.html @@ -22,6 +22,7 @@ +
@@ -46,7 +47,7 @@

MOCCA Web Start

-

diff --git a/BKUOnline/src/main/webapp/js/deployJava_orig.js b/BKUOnline/src/main/webapp/js/deployJava_orig.js new file mode 100644 index 00000000..316fa278 --- /dev/null +++ b/BKUOnline/src/main/webapp/js/deployJava_orig.js @@ -0,0 +1,725 @@ +/* + * Copyright (c) 2008 Sun Microsystems, Inc. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * - Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * - Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * - Neither the name of Sun Microsystems nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS + * IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, + * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * Added by EGIZ: + * This file contains workarounds to + * [#423] Firefox 3.0.11 bug #498132 causes applet loading failure + * (lines 95-99) + * [#424] Web Start loading via java plugin (Sun deployment script) fails on WinXP/Vista + * (lines 501-506) + * + * features: + * [#425] Disable WebStart Launch Button for MacOS + * (lines 492-504) + * + */ + +/* + * deployJava.js + * + * This file is part of the Deployment Toolkit. It provides functions for web + * pages to detect the presence of a JRE, install the latest JRE, and easily run + * applets or Web Start programs. Usage guide may be found at http:///. + * + * The "live" copy of this file may be found at + * http://java.com/js/deployJava.js. + * You are encouraged to link directly to the live copy of the file. + * + * @version @(#)deployJava.js XXXXX + */ + +var deployJava={ + debug:null, + + myInterval:null, + preInstallJREList:null, + returnPage:null, + brand:null, + locale:null, + installType:null, + + EAInstallEnabled:false, + EarlyAccessURL:null, + + // GetJava page + getJavaURL:'http://java.sun.com/webapps/getjava/BrowserRedirect?host=java.com', + + // Apple redirect page + appleRedirectPage:'http://www.apple.com/support/downloads/', + oldMimeType:'application/npruntime-scriptable-plugin;DeploymentToolkit', + mimeType:'application/java-deployment-toolkit', + launchButtonPNG:'http://java.sun.com/products/jfc/tsc/articles/swing2d/webstart.png', + + getJREs:function(){ + var list=new Array(); + if(deployJava.isPluginInstalled()){ + var plugin=deployJava.getPlugin(); + var VMs=plugin.jvms; + for(var i=0;i'; + document.write(s); + } + if(!codebaseParam){ + document.write(''); + } + } + document.write('<'+'/'+'applet'+'>'); + }, + + versionCheck:function(versionPattern) + + { + var index=0; + var regex="^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?(\\*|\\+)?$"; + + var matchData=versionPattern.match(regex); + + if(matchData!=null){ + var familyMatch=true; + + var patternArray=new Array(); + + for(var i=1;i<'+'img '+'src="'+deployJava.launchButtonPNG+'" '+'border="0" /><'+'/'+'a'+'>'); + }, + + launch:function(jnlp){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().launch(jnlp); + }else{ + document.location=jnlp;return true; + } + }, + + isPluginInstalled:function(){ + var plugin=deployJava.getPlugin(); + if(plugin&&plugin.jvms){ + return true; + }else{ + return false; + } + }, + + isAutoUpdateEnabled:function(){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().isAutoUpdateEnabled(); + } + return false; + }, + + setAutoUpdateEnabled:function(){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().setAutoUpdateEnabled(); + } + return false; + }, + + setInstallerType:function(type){ + deployJava.installType=type; + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().setInstallerType(type); + } + return false; + }, + + setAdditionalPackages:function(packageList){ + if(deployJava.isPluginInstalled()){ + return deployJava.getPlugin().setAdditionalPackages( + packageList); + } + return false; + }, + + setEarlyAccess:function(enabled){ + deployJava.EAInstallEnabled=enabled; + }, + + isPlugin2:function(){ + if(deployJava.isPluginInstalled()){ + if(deployJava.versionCheck('1.6.0_10+')){ + try{ + return deployJava.getPlugin().isPlugin2(); + }catch(err){ + + } + } + } + return false; + }, + + + getPlugin:function(){ + deployJava.refresh(); + var ret=document.getElementById('deployJavaPlugin'); + return ret; + }, + + compareVersionToPattern:function(version,patternArray,familyMatch){ + var regex="^(\\d+)(?:\\.(\\d+)(?:\\.(\\d+)(?:_(\\d+))?)?)?$"; + var matchData=version.match(regex); + + if(matchData!=null){ + var index=0; + var result=new Array(); + + for(var i=1;ipatternArray[i]){ + return true; + } + } + + return true; + } + }else{ + return false; + } + }, + + + getBrowser:function(){ + var browser=navigator.userAgent.toLowerCase(); + + if(deployJava.debug){ + alert('userAgent -> '+browser); + } + + if((navigator.vendor)&& + (navigator.vendor.toLowerCase().indexOf('apple')!=-1)&& + (browser.indexOf('safari')!=-1)){ + if(deployJava.debug){ + alert('We claim to have detected "Safari".'); + } + return'Safari'; + }else if(browser.indexOf('msie')!=-1){ + if(deployJava.debug){ + alert('We claim to have detected "IE".'); + } + return'MSIE'; + }else if((browser.indexOf('mozilla')!=-1)|| + (browser.indexOf('firefox')!=-1)){ + if(deployJava.debug){ + alert('We claim to have detected a Netscape family browser.'); + } + return'Netscape Family'; + }else{ + if(deployJava.debug){ + alert('We claim to have failed to detect a browser.'); + } + return'?'; + } + }, + + + testUsingActiveX:function(version){ + var objectName='JavaWebStart.isInstalled.'+version+'.0'; + + if(!ActiveXObject){ + if(deployJava.debug){ + alert('Browser claims to be IE, but no ActiveXObject object?'); + } + return false; + } + + try{ + return(new ActiveXObject(objectName)!=null); + }catch(exception){ + return false; + } + }, + + + testForMSVM:function(){ + var clsid='{08B0E5C0-4FCB-11CF-AAA5-00401C608500}'; + + if(typeof oClientCaps!='undefined'){ + var v=oClientCaps.getComponentVersion(clsid,"ComponentID"); + if((v=='')||(v=='5,0,5000,0')){ + return false; + }else{ + return true; + } + }else{ + return false; + } + }, + + + testUsingMimeTypes:function(version){ + if(!navigator.mimeTypes){ + if(deployJava.debug){ + alert('Browser claims to be Netscape family, but no mimeTypes[] array?'); + } + return false; + } + + for(var i=0;ib[0])return true; + if(a[0]b[1])return true; + if(a[1]b[2])return true; + if(a[2]'+ + '<'+'/'+'object'+'>'); + }else if(browser=='Netscape Family'){ + deployJava.writeEmbedTag(); + } + }, + + refresh:function(){ + navigator.plugins.refresh(false);var browser=deployJava.getBrowser();if(browser=='Netscape Family'){ + var plugin=document.getElementById('deployJavaPlugin');if(plugin==null){ + deployJava.writeEmbedTag(); + } + } + }, + + writeEmbedTag:function(){ + var written=false;if(navigator.mimeTypes!=null){ + for(var i=0;i