From 145003155c05e915b900989a27cef1271398164b Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 26 Aug 2009 17:31:32 +0000 Subject: MOCCA TLS Server CA cert installation servlet removed help.jsp (and jsp dependencies in jetty) moved html pages to src/main/webapp (encoding problem?) switch to BASIC download protocol in BKUWebStart (no jnlpDownloadServlet required, see template.xml) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKULocal/pom.xml | 2 +- .../local/webapp/InstallCertificateServlet.java | 149 +++++++++++++++++++++ BKULocal/src/main/webapp/WEB-INF/web.xml | 19 ++- BKULocal/src/main/webapp/img/chip16.ico | Bin 0 -> 1150 bytes BKULocal/src/main/webapp/img/chip48.png | Bin 0 -> 2771 bytes BKULocal/src/main/webapp/index.html | 56 +++++--- 6 files changed, 199 insertions(+), 27 deletions(-) create mode 100644 BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java create mode 100644 BKULocal/src/main/webapp/img/chip16.ico create mode 100644 BKULocal/src/main/webapp/img/chip48.png (limited to 'BKULocal') diff --git a/BKULocal/pom.xml b/BKULocal/pom.xml index 523357f2..b3487f68 100644 --- a/BKULocal/pom.xml +++ b/BKULocal/pom.xml @@ -111,7 +111,7 @@ BKUHelp at.gv.egiz - 1.1 + 1.2-SNAPSHOT org.springframework diff --git a/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java new file mode 100644 index 00000000..0a9d001b --- /dev/null +++ b/BKULocal/src/main/java/at/gv/egiz/bku/local/webapp/InstallCertificateServlet.java @@ -0,0 +1,149 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.local.webapp; + +import iaik.pkcs.PKCS7CertList; +import iaik.utils.Util; +import java.io.IOException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServlet; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; + +/** + * @author Clemens Orthacker + */ +public class InstallCertificateServlet extends HttpServlet { + public static final String HTTPS_REDIRECT = "https://localhost:3496/"; + + public static final String SERVER_CA_CERTIFICATE_ATTRIBUTE = "mocca.tls.server.ca.certificate"; + protected PKCS7CertList p7c; + private static final Log log = LogFactory.getLog(InstallCertificateServlet.class); + + @Override + public void init() throws ServletException { + super.init(); + Certificate caCert = (Certificate) getServletContext().getAttribute(SERVER_CA_CERTIFICATE_ATTRIBUTE); + if (caCert != null) { + try { + p7c = new PKCS7CertList(); + p7c.setCertificateList(new iaik.x509.X509Certificate[] { Util.convertCertificate(caCert) }); + } catch (CertificateException ex) { + log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE, ex); + } + } else { + log.error("failed to import local ca certificate " + SERVER_CA_CERTIFICATE_ATTRIBUTE); + } + } + + /** + * Processes requests for both HTTP GET and POST methods. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + protected void processRequest(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + +// try { +// SSLContext sslCtx1 = SSLContext.getDefault(); +// log.debug("Default SSLContext (" + sslCtx1.getProtocol() + "): " + sslCtx1.getClass().getName()); +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } +// +// try { +// SSLContext sslCtx2 = SSLContext.getInstance("TLS"); +// log.debug("TLS SSLContext: " + sslCtx2.getClass().getName()); +// +// SSLServerSocketFactory serverSocketFactory = sslCtx2.getServerSocketFactory(); +// SSLSessionContext serverSessionContext = sslCtx2.getServerSessionContext(); +// +// if (serverSocketFactory != null) { +// log.debug("SSL ServerSocketFactory: " + serverSocketFactory.getClass().getName()); +// } +// if (serverSessionContext != null) { +// log.debug("SSL ServerSessionContext: " + serverSessionContext.getClass().getName()); +// } +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } +// +// try { +// SSLContext sslCtx3 = SSLContext.getInstance("SSLv3"); +// log.debug("TLS SSLContext: " + sslCtx3.getClass().getName()); +// } catch (NoSuchAlgorithmException ex) { +// log.debug("no sslContext: " + ex.getMessage(), ex); +// } + + + + + + if (p7c != null) { + log.debug("returning local ca certificate"); + response.setContentType("application/x-x509-ca-cert"); + p7c.writeTo(response.getOutputStream()); + response.getOutputStream().flush(); + } else { + log.debug("no local ca certificate, redirecting to " + HTTPS_REDIRECT); + response.sendRedirect(HTTPS_REDIRECT); + } + + } + + // + /** + * Handles the HTTP GET method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doGet(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Handles the HTTP POST method. + * @param request servlet request + * @param response servlet response + * @throws ServletException if a servlet-specific error occurs + * @throws IOException if an I/O error occurs + */ + @Override + protected void doPost(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { + processRequest(request, response); + } + + /** + * Returns a short description of the servlet. + * @return a String containing servlet description + */ + @Override + public String getServletInfo() { + return "Short description"; + }// +} diff --git a/BKULocal/src/main/webapp/WEB-INF/web.xml b/BKULocal/src/main/webapp/WEB-INF/web.xml index 83f33d9e..8768dbd8 100644 --- a/BKULocal/src/main/webapp/WEB-INF/web.xml +++ b/BKULocal/src/main/webapp/WEB-INF/web.xml @@ -1,5 +1,4 @@ - - + http-security-layer-request @@ -35,15 +34,15 @@ BKUServlet at.gv.egiz.bku.local.webapp.BKURequestHandler - - - help - /help.jsp PINManagementServlet at.gv.egiz.bku.local.webapp.PINManagementServlet + + InstallCertificateServlet + at.gv.egiz.bku.local.webapp.InstallCertificateServlet + BKUServlet /http-security-layer-request @@ -52,16 +51,16 @@ BKUServlet /https-security-layer-request - - help - /help/* - PINManagementServlet /PINManagement + + InstallCertificateServlet + /installCertificate + index.html index.htm diff --git a/BKULocal/src/main/webapp/img/chip16.ico b/BKULocal/src/main/webapp/img/chip16.ico new file mode 100644 index 00000000..42175127 Binary files /dev/null and b/BKULocal/src/main/webapp/img/chip16.ico differ diff --git a/BKULocal/src/main/webapp/img/chip48.png b/BKULocal/src/main/webapp/img/chip48.png new file mode 100644 index 00000000..491fbcac Binary files /dev/null and b/BKULocal/src/main/webapp/img/chip48.png differ diff --git a/BKULocal/src/main/webapp/index.html b/BKULocal/src/main/webapp/index.html index 537c154a..6aefe43c 100644 --- a/BKULocal/src/main/webapp/index.html +++ b/BKULocal/src/main/webapp/index.html @@ -14,21 +14,45 @@ See the License for the specific language governing permissions and limitations under the License. --> - - - - BKU Web Start - Willkommen - - - - -

BKU Web Start - Willkommen

-
-

Diese Seite installiert das MOCCA Zertifikat in ihrem Browser. - In jedem weiteren Browser können sie dieses durch Aufruf dieser Seite ebenso installieren.

-
-
- PIN Verwaltung + + + + + Bürgerkarte - Willkommen + + + + + + +
+ +
+
+ Logo
- +

Um die Bürgerkartenumgebung zu verwenden installieren Sie bitte + zunächst das CA Zertifikat. +

+ +

Weiters können Sie

+ + +


+ +
+ +
+ + -- cgit v1.2.3