From c7e27d956e3f3a1059398ac8a791e753a53f27ae Mon Sep 17 00:00:00 2001 From: wbauer Date: Fri, 26 Sep 2008 07:36:55 +0000 Subject: added property to configure applet timeout git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@73 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../egiz/bku/online/conf/SpringConfigurator.java | 385 +++++++++++---------- .../service/impl/RequestBrokerSTALFactory.java | 4 +- .../gv/egiz/bku/online/conf/defaultConf.properties | 2 +- BKUOnline/src/main/webapp/WEB-INF/web.xml | 2 +- 4 files changed, 204 insertions(+), 189 deletions(-) (limited to 'BKUOnline') diff --git a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java index 54dbfdea..d213dd36 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java +++ b/BKUOnline/src/main/java/at/gv/egiz/bku/online/conf/SpringConfigurator.java @@ -1,19 +1,19 @@ /* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ package at.gv.egiz.bku.online.conf; import java.io.File; @@ -52,183 +52,198 @@ import org.springframework.core.io.ResourceLoader; import at.gv.egiz.bku.binding.DataUrl; import at.gv.egiz.bku.binding.DataUrlConnection; import at.gv.egiz.bku.slexceptions.SLRuntimeException; +import at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory; public class SpringConfigurator extends Configurator implements - ResourceLoaderAware { - - private final static Log log = LogFactory.getLog(SpringConfigurator.class); - - private ResourceLoader resourceLoader; - - public void setResource(Resource resource) { - log.debug("Loading config from: " + resource); - if (resource != null) { - Properties props = new Properties(); - try { - props.load(resource.getInputStream()); - super.setConfiguration(props); - } catch (IOException e) { - log.error("Cannot load config", e); - } - } else { - log.warn("Cannot load properties, resource: "+resource); - } - } - - public void configureVersion() { + ResourceLoaderAware { + + private final static Log log = LogFactory.getLog(SpringConfigurator.class); + + private ResourceLoader resourceLoader; + + public void setResource(Resource resource) { + log.debug("Loading config from: " + resource); + if (resource != null) { + Properties props = new Properties(); + try { + props.load(resource.getInputStream()); + super.setConfiguration(props); + } catch (IOException e) { + log.error("Cannot load config", e); + } + } else { + log.warn("Cannot load properties, resource: " + resource); + } + } + + public void configureVersion() { Properties p = new Properties(); try { - p.load(resourceLoader.getResource("META-INF/MANIFEST.MF").getInputStream()); + p.load(resourceLoader.getResource("META-INF/MANIFEST.MF") + .getInputStream()); String version = p.getProperty("Implementation-Build"); - properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, "citizen-card-environment/1.2 MOCCA "+version); + properties.setProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY, + "citizen-card-environment/1.2 MOCCA " + version); DataUrl.setConfiguration(properties); - log.debug("Setting user agent to: "+properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); + log.debug("Setting user agent to: " + + properties.getProperty(DataUrlConnection.USER_AGENT_PROPERTY_KEY)); } catch (IOException e) { - log.error(e); + log.error(e); + } + } + + public void configure() { + super.configure(); + configureSSL(); + configureVersion(); + configureNetwork(); + } + + public void configureNetwork() { + String proxyHost = getProperty("HTTPProxyHost"); + String proxyPort = getProperty("HTTPProxyPort"); + if (proxyPort == null) { + proxyPort = "80"; + } + if (proxyHost != null) { + log.debug("Setting proxy server to: " + proxyHost + ":" + proxyPort); + System.setProperty("http.proxyHost", proxyHost); + System.setProperty("http.proxyPort", proxyPort); + } + log.debug("No proxy specified"); + String appletTimeout = getProperty("AppletTimeout"); + if ((appletTimeout != null)) { + try { + long ato = Long.parseLong(appletTimeout); + RequestBrokerSTALFactory.setTimeout(ato); + } catch (NumberFormatException nfe) { + log.error("Cannot set Applettimeout", nfe); + } + + } + } + + private Set getCACerts() throws IOException, + CertificateException { + Set caCerts = new HashSet(); + String caDirectory = getProperty("SSL.caDirectory"); + if (caDirectory != null) { + Resource caDirRes = resourceLoader.getResource(caDirectory); + File caDir = caDirRes.getFile(); + if (!caDir.isDirectory()) { + log.error("Expecting directory as SSL.caDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.caDirectory parameter"); + } + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : caDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + fis.close(); + log.debug("Adding trusted cert " + cert.getSubjectDN()); + caCerts.add(new TrustAnchor(cert, null)); + } catch (Exception e) { + log.error("Cannot add trusted ca", e); + } + } + return caCerts; + + } else { + log.warn("No CA certificates configured"); } + return null; + } + + private CertStore getCertstore() throws IOException, CertificateException, + InvalidAlgorithmParameterException, NoSuchAlgorithmException { + String certDirectory = getProperty("SSL.certDirectory"); + if (certDirectory != null) { + Resource certDirRes = resourceLoader.getResource(certDirectory); + + File certDir = certDirRes.getFile(); + if (!certDir.isDirectory()) { + log.error("Expecting directory as SSL.certDirectory parameter"); + throw new SLRuntimeException( + "Expecting directory as SSL.certDirectory parameter"); + } + List certCollection = new LinkedList(); + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + for (File f : certDir.listFiles()) { + try { + FileInputStream fis = new FileInputStream(f); + X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); + certCollection.add(cert); + fis.close(); + log + .trace("Added following cert to certstore: " + + cert.getSubjectDN()); + } catch (Exception ex) { + log.error("Cannot add certificate", ex); + } + } + CollectionCertStoreParameters csp = new CollectionCertStoreParameters( + certCollection); + return CertStore.getInstance("Collection", csp); + + } else { + log.warn("No certstore configured"); + } + return null; + } + + public void configureSSL() { + Set caCerts = null; + try { + caCerts = getCACerts(); + } catch (Exception e1) { + log.error("Cannot load CA certificates", e1); + } + CertStore certStore = null; + try { + certStore = getCertstore(); + } catch (Exception e1) { + log.error("Cannot load certstore certificates", e1); + } + System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); + try { + X509CertSelector selector = new X509CertSelector(); + PKIXBuilderParameters pkixParams; + pkixParams = new PKIXBuilderParameters(caCerts, selector); + if ((getProperty("SSL.doRevocationChecking") != null) + && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { + log.info("Enable revocation checking"); + pkixParams.setRevocationEnabled(true); + System.setProperty("com.sun.security.enableCRLDP", "true"); + Security.setProperty("ocsp.enable", "true"); + } else { + log.warn("Revocation checking disabled"); + pkixParams.setRevocationEnabled(false); + } + pkixParams.addCertStore(certStore); + ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( + pkixParams); + TrustManagerFactory trustFab; + try { + trustFab = TrustManagerFactory.getInstance("PKIX"); + trustFab.init(trustParams); + KeyManager[] km = null; + SSLContext sslCtx = SSLContext + .getInstance(getProperty("SSL.sslProtocol")); + sslCtx.init(km, trustFab.getTrustManagers(), null); + HttpsURLConnection + .setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); + } catch (Exception e) { + log.error("Cannot configure SSL", e); + } + + } catch (InvalidAlgorithmParameterException e) { + log.error("Cannot configure SSL", e); + } + } + + @Override + public void setResourceLoader(ResourceLoader loader) { + this.resourceLoader = loader; } - - - public void configure() { - super.configure(); - configureSSL(); - configureVersion(); - configureNetwork(); - } - - public void configureNetwork() { - String proxyHost = getProperty("HTTPProxyHost"); - String proxyPort = getProperty("HTTPProxyPort"); - if (proxyPort == null) { - proxyPort = "80"; - } - if (proxyHost != null) { - log.debug("Setting proxy server to: "+proxyHost+":"+proxyPort); - System.setProperty("http.proxyHost", proxyHost); - System.setProperty("http.proxyPort", proxyPort); - } - log.debug("No proxy specified"); - } - - private Set getCACerts() throws IOException, - CertificateException { - Set caCerts = new HashSet(); - String caDirectory = getProperty("SSL.caDirectory"); - if (caDirectory != null) { - Resource caDirRes = resourceLoader.getResource(caDirectory); - File caDir = caDirRes.getFile(); - if (!caDir.isDirectory()) { - log.error("Expecting directory as SSL.caDirectory parameter"); - throw new SLRuntimeException( - "Expecting directory as SSL.caDirectory parameter"); - } - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : caDir.listFiles()) { - try { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert = (X509Certificate) cf.generateCertificate(fis); - fis.close(); - log.debug("Adding trusted cert " + cert.getSubjectDN()); - caCerts.add(new TrustAnchor(cert, null)); - } catch (Exception e) { - log.error("Cannot add trusted ca", e); - } - } - return caCerts; - - } else { - log.warn("No CA certificates configured"); - } - return null; - } - - private CertStore getCertstore() throws IOException, CertificateException, - InvalidAlgorithmParameterException, NoSuchAlgorithmException { - String certDirectory = getProperty("SSL.certDirectory"); - if (certDirectory != null) { - Resource certDirRes = resourceLoader.getResource(certDirectory); - - File certDir = certDirRes.getFile(); - if (!certDir.isDirectory()) { - log.error("Expecting directory as SSL.certDirectory parameter"); - throw new SLRuntimeException( - "Expecting directory as SSL.certDirectory parameter"); - } - List certCollection = new LinkedList(); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - for (File f : certDir.listFiles()) { - try { - FileInputStream fis = new FileInputStream(f); - X509Certificate cert =(X509Certificate) cf.generateCertificate(fis); - certCollection.add(cert); - fis.close(); - log.trace("Added following cert to certstore: "+cert.getSubjectDN()); - } catch (Exception ex) { - log.error("Cannot add certificate", ex); - } - } - CollectionCertStoreParameters csp = new CollectionCertStoreParameters( - certCollection); - return CertStore.getInstance("Collection", csp); - - } else { - log.warn("No certstore configured"); - } - return null; - } - - public void configureSSL() { - Set caCerts = null; - try { - caCerts = getCACerts(); - } catch (Exception e1) { - log.error("Cannot load CA certificates", e1); - } - CertStore certStore = null; - try { - certStore = getCertstore(); - } catch (Exception e1) { - log.error("Cannot load certstore certificates", e1); - } - System.setProperty("com.sun.security.enableAIAcaIssuers", "true"); - try { - X509CertSelector selector = new X509CertSelector(); - PKIXBuilderParameters pkixParams; - pkixParams = new PKIXBuilderParameters(caCerts, selector); - if ((getProperty("SSL.doRevocationChecking") != null) - && (Boolean.valueOf(getProperty("SSL.doRevocationChecking")))) { - log.info("Enable revocation checking"); - pkixParams.setRevocationEnabled(true); - System.setProperty("com.sun.security.enableCRLDP", "true"); - Security.setProperty("ocsp.enable", "true"); - } else { - log.warn("Revocation checking disabled"); - pkixParams.setRevocationEnabled(false); - } - pkixParams.addCertStore(certStore); - ManagerFactoryParameters trustParams = new CertPathTrustManagerParameters( - pkixParams); - TrustManagerFactory trustFab; - try { - trustFab = TrustManagerFactory.getInstance("PKIX"); - trustFab.init(trustParams); - KeyManager[] km = null; - SSLContext sslCtx = SSLContext - .getInstance(getProperty("SSL.sslProtocol")); - sslCtx.init(km, trustFab.getTrustManagers(), null); - HttpsURLConnection - .setDefaultSSLSocketFactory(sslCtx.getSocketFactory()); - } catch (Exception e) { - log.error("Cannot configure SSL", e); - } - - } catch (InvalidAlgorithmParameterException e) { - log.error("Cannot configure SSL", e); - } - } - - @Override - public void setResourceLoader(ResourceLoader loader) { - this.resourceLoader = loader; - } } \ No newline at end of file diff --git a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java index bb552002..45ee67d0 100644 --- a/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java +++ b/BKUOnline/src/main/java/at/gv/egiz/stal/service/impl/RequestBrokerSTALFactory.java @@ -32,7 +32,7 @@ import at.gv.egiz.stal.STALFactory; */ public class RequestBrokerSTALFactory implements STALFactory { - private long timeout; + private static long timeout; @Override public STAL createSTAL() { @@ -43,7 +43,7 @@ public class RequestBrokerSTALFactory implements STALFactory { public void setLocale(Locale locale) { } - public void setTimeout(long millisec) { + public static void setTimeout(long millisec) { timeout = millisec; } } diff --git a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties index ec7d932c..73d89f22 100644 --- a/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties +++ b/BKUOnline/src/main/resources/at/gv/egiz/bku/online/conf/defaultConf.properties @@ -40,7 +40,7 @@ SSL.sslProtocol=TLS # ------------ END SSL Config -------------------- ValidateHashDataInputs=true - +AppletTimeout=300000 #HTTPProxyHost=taranis.iaik.tugraz.at #HTTPProxyPort=8888 diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml index 417dabb8..282d4db2 100644 --- a/BKUOnline/src/main/webapp/WEB-INF/web.xml +++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml @@ -92,6 +92,6 @@ default.jsp - 3 + 5 \ No newline at end of file -- cgit v1.2.3