From 145003155c05e915b900989a27cef1271398164b Mon Sep 17 00:00:00 2001
From: clemenso <clemenso@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Wed, 26 Aug 2009 17:31:32 +0000
Subject: MOCCA TLS Server CA cert installation servlet removed help.jsp (and
 jsp dependencies in jetty) moved html pages to src/main/webapp (encoding
 problem?) switch to BASIC download protocol in BKUWebStart (no
 jnlpDownloadServlet required, see template.xml)

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../local/webapp/InstallCertificateServlet.java    | 149 +++++++++++++++++++++
 BKULocal/src/main/webapp/WEB-INF/web.xml           |  19 ++-
 BKULocal/src/main/webapp/img/chip16.ico            | Bin 0 -> 1150 bytes
 BKULocal/src/main/webapp/img/chip48.png            | Bin 0 -> 2771 bytes
 BKULocal/src/main/webapp/index.html                |  56 +++++---
 5 files changed, 198 insertions(+), 26 deletions(-)
 create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
 create mode 100644 BKULocal/src/main/webapp/img/chip16.ico
 create mode 100644 BKULocal/src/main/webapp/img/chip48.png

(limited to 'BKULocal/src')

diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
new file mode 100644
index 00000000..0a9d001b
--- /dev/null
+++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java
@@ -0,0 +1,149 @@
+/*
+ * Copyright 2008 Federal Chancellery Austria and
+ * Graz University of Technology
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package at.gv.egiz.bku.local.webapp;
+
+import iaik.pkcs.PKCS7CertList;
+import iaik.utils.Util;
+import java.io.IOException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * @author Clemens Orthacker <clemens.orthacker@iaik.tugraz.at>
+ */
+public class InstallCertificateServlet extends HttpServlet {
+  public static final String HTTPS_REDIRECT = "https://localhost:3496/";
+
+  public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate";
+  protected PKCS7CertList p7c;
+  private static final Log log = LogFactory.getLog(InstallCertificateServlet.class);
+
+  @Override
+  public void init() throws ServletException {
+    super.init();
+    Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE);
+    if (caCert != null) {
+      try {
+        p7c = new PKCS7CertList();
+        p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) });
+      } catch (CertificateException ex) {
+        log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex);
+      }
+    } else {
+      log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE);
+    }
+  }
+
+  /**
+   * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
+   * @param request servlet request
+   * @param response servlet response
+   * @throws ServletException if a servlet-specific error occurs
+   * @throws IOException if an I/O error occurs
+   */
+  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
+          throws ServletException, IOException {
+
+//    try {
+//      SSLContext sslCtx1 = SSLContext.getDefault();
+//      log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName());
+//    } catch (NoSuchAlgorithmException ex) {
+//      log.debug("no sslContext: " + ex.getMessage(), ex);
+//    }
+//
+//    try {
+//      SSLContext sslCtx2 = SSLContext.getInstance("TLS");
+//      log.debug("TLS SSLContext: " + sslCtx2.getClass().getName());
+//
+//      SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory();
+//      SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext();
+//
+//      if (serverSocketFactory != null) {
+//        log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName());
+//      }
+//      if (serverSessionContext != null) {
+//        log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName());
+//      }
+//    } catch (NoSuchAlgorithmException ex) {
+//      log.debug("no sslContext: " + ex.getMessage(), ex);
+//    }
+//
+//    try {
+//      SSLContext sslCtx3 = SSLContext.getInstance("SSLv3");
+//      log.debug("TLS SSLContext: " + sslCtx3.getClass().getName());
+//    } catch (NoSuchAlgorithmException ex) {
+//      log.debug("no sslContext: " + ex.getMessage(), ex);
+//    }
+
+
+ 
+
+
+    if (p7c != null) {
+      log.debug("returning local ca certificate");
+      response.setContentType("application/x-x509-ca-cert"); 
+      p7c.writeTo(response.getOutputStream());
+      response.getOutputStream().flush();
+    } else {
+      log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT);
+      response.sendRedirect(HTTPS_REDIRECT);
+    }
+
+  }
+
+  // <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
+  /**
+   * Handles the HTTP <code>GET</code> method.
+   * @param request servlet request
+   * @param response servlet response
+   * @throws ServletException if a servlet-specific error occurs
+   * @throws IOException if an I/O error occurs
+   */
+  @Override
+  protected void doGet(HttpServletRequest request, HttpServletResponse response)
+          throws ServletException, IOException {
+    processRequest(request, response);
+  }
+
+  /**
+   * Handles the HTTP <code>POST</code> method.
+   * @param request servlet request
+   * @param response servlet response
+   * @throws ServletException if a servlet-specific error occurs
+   * @throws IOException if an I/O error occurs
+   */
+  @Override
+  protected void doPost(HttpServletRequest request, HttpServletResponse response)
+          throws ServletException, IOException {
+    processRequest(request, response);
+  }
+
+  /**
+   * Returns a short description of the servlet.
+   * @return a String containing servlet description
+   */
+  @Override
+  public String getServletInfo() {
+    return "Short description";
+  }// </editor-fold>
+}
diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml
index 83f33d9e..8768dbd8 100644
--- a/BKULocal/src/main/webapp/WEB-INF/web.xml
+++ b/BKULocal/src/main/webapp/WEB-INF/web.xml
@@ -1,5 +1,4 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
 <!--
   Copyright 2008 Federal Chancellery Austria and
   Graz University of Technology
@@ -16,7 +15,7 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
-<web-app id="WebApp_ID">
+<web-app id="bkulocal" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
   <display-name>http-security-layer-request</display-name>
   
   <!--  Begin Spring Config -->
@@ -35,15 +34,15 @@
   <servlet>
     <servlet-name>BKUServlet</servlet-name>
     <servlet-class>at.gv.egiz.bku.local.webapp.BKURequestHandler</servlet-class>
-  </servlet>
-  <servlet>
-      <servlet-name>help</servlet-name>
-      <jsp-file>/help.jsp</jsp-file>
   </servlet>
     <servlet>
         <servlet-name>PINManagementServlet</servlet-name>
         <servlet-class>at.gv.egiz.bku.local.webapp.PINManagementServlet</servlet-class>
     </servlet>
+    <servlet>
+        <servlet-name>InstallCertificateServlet</servlet-name>
+        <servlet-class>at.gv.egiz.bku.local.webapp.InstallCertificateServlet</servlet-class>
+    </servlet>
     <servlet-mapping>
     <servlet-name>BKUServlet</servlet-name>
     <url-pattern>/http-security-layer-request</url-pattern>
@@ -52,16 +51,16 @@
     <servlet-name>BKUServlet</servlet-name>
     <url-pattern>/https-security-layer-request</url-pattern>
   </servlet-mapping>
-  <servlet-mapping>
-      <servlet-name>help</servlet-name>
-      <url-pattern>/help/*</url-pattern>
-  </servlet-mapping>
   <!--  Begin BKU Config -->
 
     <servlet-mapping>
         <servlet-name>PINManagementServlet</servlet-name>
         <url-pattern>/PINManagement</url-pattern>
     </servlet-mapping>
+    <servlet-mapping>
+        <servlet-name>InstallCertificateServlet</servlet-name>
+        <url-pattern>/installCertificate</url-pattern>
+    </servlet-mapping>
     <welcome-file-list>
     <welcome-file>index.html</welcome-file>
     <welcome-file>index.htm</welcome-file>
diff --git a/BKULocal/src/main/webapp/img/chip16.ico b/BKULocal/src/main/webapp/img/chip16.ico
new file mode 100644
index 00000000..42175127
Binary files /dev/null and b/BKULocal/src/main/webapp/img/chip16.ico differ
diff --git a/BKULocal/src/main/webapp/img/chip48.png b/BKULocal/src/main/webapp/img/chip48.png
new file mode 100644
index 00000000..491fbcac
Binary files /dev/null and b/BKULocal/src/main/webapp/img/chip48.png differ
diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html
index 537c154a..6aefe43c 100644
--- a/BKULocal/src/main/webapp/index.html
+++ b/BKULocal/src/main/webapp/index.html
@@ -14,21 +14,45 @@
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-    <head>
-        <title>BKU Web Start - Willkommen</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-        <style type="text/css" media="all">@import "css/main.css";</style>
-    </head>
-    <body>
-        <h1>BKU Web Start - Willkommen</h1>
-        <div>
-          <p>Diese Seite installiert das MOCCA Zertifikat in ihrem Browser.
-        In jedem weiteren Browser können sie dieses durch Aufruf <a href="https://localhost:3496/index.html">dieser Seite</a> ebenso installieren.</p>
-        </div>
-        <div>
-          <a href="PINManagement?redirect=./index.html">PIN Verwaltung</a>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <title>Bürgerkarte - Willkommen</title>
+    <link href="help/help.css" rel="stylesheet" type="text/css" />
+    <link rel="shortcut icon" href="img/chip16.ico" type="image/x-icon"/>
+  </head>
+
+  <body class="twoColElsLtHdr">
+
+    <div id="container">
+      <div id="header">
+        <h1>Bürgerkarte</h1>
+        <!-- end #header --></div>
+      <div id="mainContent" style="margin: 1.5em 1.5em 0 1.5em">
+        <div style="float:left; margin-right:1em">
+          <img src="img/chip48.png" alt="Logo" width="48" height="48"/>
         </div>
-    </body>
+        <p>Um die Bürgerkartenumgebung zu verwenden installieren Sie bitte
+          zunächst das <a href="installCertificate">CA Zertifikat</a>.
+        </p>
+
+        <p style="float:none">Weiters können Sie</p>
+        <ul>
+          <li>die <a href="help">Hilfe durchsehen</a>,</li>
+          <li>die <a href="PINManagement?redirect=./index.html">PIN Verwaltung starten</a> oder </li>
+          <li>in jedem weiteren Web-Browser das <a href="installCertificate">CA Zertifikat installieren</a>.</li>
+        </ul>
+
+        <p><br class="clearfloat" /></p>
+
+      </div>
+      <div id="footer">
+        <p>
+          <a href="http://www.buergerkarte.at">Österreichische Bürgerkarte</a> | <a href="http://mocca.egovlabs.gv.at">Bürgerkartensoftware MOCCA</a>
+        </p>
+      </div>
+      <!-- end #container --></div>
+  </body>
 </html>
+
-- 
cgit v1.2.3