From 79016a7b2f9d89e52e991b0abdfc73ad24e60979 Mon Sep 17 00:00:00 2001 From: clemenso Date: Thu, 13 Aug 2009 09:19:28 +0000 Subject: [#433] update BKU Web Start CertStore WebStart configuration refactored git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@423 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Configurator.java | 418 +++++++++++++++++++++ 1 file changed, 418 insertions(+) create mode 100644 BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java new file mode 100644 index 00000000..ab1746ed --- /dev/null +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -0,0 +1,418 @@ +/* + * Copyright 2008 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egiz.bku.webstart; + +import at.gv.egiz.bku.utils.StreamUtil; +import iaik.asn1.CodingException; +import iaik.xml.crypto.utils.Utils; +import java.io.BufferedInputStream; +import java.io.BufferedOutputStream; +import java.io.BufferedReader; +import java.io.BufferedWriter; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.FileReader; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URL; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.util.Enumeration; +import java.util.Iterator; +import java.util.Map; +import java.util.Set; +import java.util.UUID; +import java.util.jar.Attributes; +import java.util.jar.Manifest; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.zip.ZipEntry; +import java.util.zip.ZipFile; +import java.util.zip.ZipOutputStream; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.eclipse.jdt.core.dom.ThisExpression; + +/** + * + * @author Clemens Orthacker + */ +public class Configurator { + + /** + * MOCCA configuration + * configurations with less than this (major) version will be backuped and updated + * allowed: MAJOR[.MINOR[.X[-SNAPSHOT]]] + */ + public static final String MIN_CONFIG_VERSION = "1.0.9-SNAPSHOT"; + public static final String CONFIG_DIR = ".mocca/conf/"; + public static final String CERTS_DIR = ".mocca/certs/"; + public static final String VERSION_FILE = ".version"; + public static final String UNKOWN_VERSION = "unknown"; + public static final String CONF_TEMPLATE_FILE = "conf-tmp.zip"; + public static final String CONF_TEMPLATE_RESOURCE = "at/gv/egiz/bku/webstart/conf/conf.zip"; + public static final String CERTIFICATES_PKG = "at/gv/egiz/bku/certs"; + + /** + * MOCCA TLS certificate + */ + public static final String KEYSTORE_FILE = "keystore.ks"; + public static final String PASSWD_FILE = ".secret"; + + private static final Log log = LogFactory.getLog(Configurator.class); + + /** currently installed configuration version */ + private String version; + private String certsVersion; + /** whether a new MOCCA TLS cert was created during initialization */ + private boolean certRenewed = false; + + /** + * Checks whether the config directory already exists and creates it otherwise. + * @param configDir the config directory to be created + * @throws IOException config/certificate creation failed + * @throws GeneralSecurityException if MOCCA TLS certificate could not be created + * @throws CodingException if MOCCA TLS certificate could not be created + */ + public void ensureConfiguration() throws IOException, CodingException, GeneralSecurityException { + File configDir = new File(System.getProperty("user.home") + '/' + CONFIG_DIR); + if (configDir.exists()) { + if (configDir.isFile()) { + log.error("invalid config directory: " + configDir); + throw new IOException("invalid config directory: " + configDir); + } else { + version = readVersion(new File(configDir, VERSION_FILE)); + if (log.isDebugEnabled()) { + log.debug("config directory " + configDir + ", version " + version); + } + if (updateRequired(version)) { + File moccaDir = configDir.getParentFile(); + File zipFile = new File(moccaDir, "conf-" + version + ".zip"); + ZipOutputStream zipOS = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile))); + log.info("backup configuration to " + zipFile); + backupAndDelete(configDir, moccaDir.toURI(), zipOS); + zipOS.close(); + initConfig(configDir); + } + } + } else { + initConfig(configDir); + } + } + + /** + * To be replaced by TSLs in IAIK-PKI + * @throws IOException + */ + public void ensureCertificates() throws IOException { + File certsDir = new File(System.getProperty("user.home") + '/' + CERTS_DIR); + if (certsDir.exists()) { + if (certsDir.isFile()) { + log.error("invalid certificate store directory: " + certsDir); + throw new IOException("invalid config directory: " + certsDir); + } else { + certsVersion = readVersion(new File(certsDir, VERSION_FILE)); + if (log.isDebugEnabled()) { + log.debug("certificate-store directory " + certsDir + ", version " + certsVersion); + } + String newCertsVersion = getCertificatesVersion(); + if (updateRequiredStrict(certsVersion, newCertsVersion)) { + File moccaDir = certsDir.getParentFile(); + File zipFile = new File(moccaDir, "certs-" + certsVersion + ".zip"); + ZipOutputStream zipOS = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile))); + log.info("backup certificates to " + zipFile); + backupAndDelete(certsDir, moccaDir.toURI(), zipOS); + zipOS.close(); + + createCerts(certsDir, newCertsVersion); + certsVersion = newCertsVersion; + } + } + } else { + String newCertsVersion = getCertificatesVersion(); + createCerts(certsDir, newCertsVersion); + certsVersion = newCertsVersion; + } + } + + /** + * + * @return whether a new MOCCA TLS certificate has been created during initialization + */ + public boolean isCertRenewed() { + return certRenewed; + } + + /** + * @return The first valid (not empty, no comment) line of the version file or + * "unknown" if version file cannot be read or does not contain such a line. + */ + protected static String readVersion(File versionFile) { + if (versionFile.exists() && versionFile.canRead()) { + BufferedReader versionReader = null; + try { + versionReader = new BufferedReader(new FileReader(versionFile)); + String version; + while ((version = versionReader.readLine().trim()) != null) { + if (version.length() > 0 && !version.startsWith("#")) { + log.debug("configuration version from " + versionFile + ": " + version); + return version; + } + } + } catch (IOException ex) { + log.error("failed to read configuration version from " + versionFile, ex); + } finally { + try { + versionReader.close(); + } catch (IOException ex) { + } + } + } + log.debug("unknown configuration version"); + return UNKOWN_VERSION; + } + + /** + * Temporary workaround, replace with TSLs in IAIK-PKI. + * Retrieves version from BKUCertificates.jar Manifest file. + * The (remote) resource URL will be handled by the JNLP loader, + * and the resource retrieved from the cache. + * + * @return + * @throws IOException + */ + private static String getCertificatesVersion() throws IOException { + String certsResourceVersion = null; + URL certsURL = Configurator.class.getClassLoader().getResource(CERTIFICATES_PKG); + if (certsURL != null) { + StringBuilder url = new StringBuilder(certsURL.toExternalForm()); + url = url.replace(url.length() - CERTIFICATES_PKG.length(), url.length(), "META-INF/MANIFEST.MF"); + log.trace("retrieve certificates resource version from " + url); + certsURL = new URL(url.toString()); + Manifest certsManifest = new Manifest(certsURL.openStream()); + Attributes atts = certsManifest.getMainAttributes(); + if (atts != null) { + certsResourceVersion = atts.getValue("Implementation-Version"); + log.debug("certs resource version: " + certsResourceVersion); + } + } else { + log.error("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + throw new IOException("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + } + return certsResourceVersion; + } + + protected static boolean updateRequired(String oldVersion) { + log.debug("comparing " + oldVersion + " to " + MIN_CONFIG_VERSION); + if (oldVersion != null && !UNKOWN_VERSION.equals(oldVersion)) { + + int majorEnd = oldVersion.indexOf('-'); + String oldMajor = (majorEnd < 0) ? oldVersion : oldVersion.substring(0, majorEnd); + + String minMajor = MIN_CONFIG_VERSION; + boolean releaseRequired = true; + if (MIN_CONFIG_VERSION.endsWith("-SNAPSHOT")) { + releaseRequired = false; + minMajor = minMajor.substring(0, minMajor.length() - 9); + } + + int compare = oldMajor.compareTo(minMajor); + if (compare < 0 || + // SNAPSHOT versions are pre-releases (update if release required) + (compare == 0 && releaseRequired && oldVersion.startsWith("-SNAPSHOT", majorEnd))) { + log.debug("configuration update required"); + return true; + } else { + log.debug("configuration up to date"); + return false; + } + } + log.debug("no old version, configuration update required"); + return true; + } + + /** + * if unknown old, update in any case + * if known old and unknown new, don't update + * @param oldVersion + * @param newVersion + * @return + */ + private boolean updateRequiredStrict(String oldVersion, String newVersion) { + log.debug("comparing " + oldVersion + " to " + newVersion); + if (oldVersion != null && !UNKOWN_VERSION.equals(oldVersion)) { + if (newVersion != null && !UNKOWN_VERSION.equals(newVersion)) { + String[] oldV = oldVersion.split("-"); + String[] newV = newVersion.split("-"); + log.trace("comparing " + oldV[0] + " to " + newV[0]); + if (oldV[0].compareTo(newV[0]) < 0) { + log.debug("update required"); + return true; + } else { + log.trace("comparing " + oldV[oldV.length - 1] + " to " + newV[newV.length - 1]); + if (oldV[oldV.length - 1].compareTo(newV[newV.length - 1]) < 0) { + log.debug("update required"); + return true; + } else { + log.debug("no update required"); + return false; + } + } + } + log.debug("unknown new version, do not update"); + return true; + } + log.debug("unknown old version, update required"); + return true; + } + + protected static void backupAndDelete(File dir, URI relativeTo, ZipOutputStream zip) throws IOException { + if (dir.isDirectory()) { + File[] subDirs = dir.listFiles(); + for (File subDir : subDirs) { + backupAndDelete(subDir, relativeTo, zip); + subDir.delete(); + } + } else { + URI relativePath = relativeTo.relativize(dir.toURI()); + ZipEntry entry = new ZipEntry(relativePath.toString()); + zip.putNextEntry(entry); + BufferedInputStream entryIS = new BufferedInputStream(new FileInputStream(dir)); + StreamUtil.copyStream(entryIS, zip); + entryIS.close(); + zip.closeEntry(); + dir.delete(); + } + } + + /** + * set up a new MOCCA local configuration + * (not to be called directly, call ensureConfiguration()) + * @throws IOException config/certificate creation failed + * @throws GeneralSecurityException if MOCCA TLS certificate could not be created + * @throws CodingException if MOCCA TLS certificate could not be created + */ + protected void initConfig(File configDir) throws IOException, GeneralSecurityException, CodingException { + createConfig(configDir, Launcher.version); + version = Launcher.version; + createKeyStore(configDir); + certRenewed = true; + } + + private static void createConfig(File configDir, String version) throws IOException { + if (log.isDebugEnabled()) { + log.debug("creating configuration version " + Launcher.version + " in " + configDir ); + } + configDir.mkdirs(); + File confTemplateFile = new File(configDir, CONF_TEMPLATE_FILE); + InputStream is = Configurator.class.getClassLoader().getResourceAsStream(CONF_TEMPLATE_RESOURCE); + OutputStream os = new BufferedOutputStream(new FileOutputStream(confTemplateFile)); + StreamUtil.copyStream(is, os); + os.close(); + unzip(confTemplateFile, configDir); + confTemplateFile.delete(); + writeVersionFile(new File(configDir, VERSION_FILE), version); + } + + /** + * set up a new MOCCA local certStore + * @throws IOException config/certificate creation failed + * @throws GeneralSecurityException if MOCCA TLS certificate could not be created + * @throws CodingException if MOCCA TLS certificate could not be created + */ + private static void createCerts(File certsDir, String certsVersion) throws IOException { + if (log.isDebugEnabled()) { + log.debug("creating certificate-store " + certsDir + ", version " + certsVersion); + } + URL certsURL = Configurator.class.getClassLoader().getResource(CERTIFICATES_PKG); + if (certsURL != null) { + StringBuilder url = new StringBuilder(certsURL.toExternalForm()); + url = url.replace(url.length() - CERTIFICATES_PKG.length(), url.length(), "META-INF/MANIFEST.MF"); + log.debug("retrieve certificate resource names from " + url); + certsURL = new URL(url.toString()); + Manifest certsManifest = new Manifest(certsURL.openStream()); + certsDir.mkdirs(); + Iterator entries = certsManifest.getEntries().keySet().iterator(); + while (entries.hasNext()) { + String entry = entries.next(); + if (entry.startsWith(CERTIFICATES_PKG)) { + String f = entry.substring(CERTIFICATES_PKG.length()); // "/trustStore/..." + new File(certsDir, f.substring(0, f.lastIndexOf('/'))).mkdirs(); + BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(new File(certsDir, f))); + log.debug(f); + StreamUtil.copyStream(Configurator.class.getClassLoader().getResourceAsStream(entry), bos); + bos.close(); + } else { + log.trace("ignore " + entry); + } + } + writeVersionFile(new File(certsDir, VERSION_FILE), certsVersion); + } else { + log.error("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + throw new IOException("Failed to retrieve certificates resource " + CERTIFICATES_PKG); + } + } + + private static void unzip(File zipfile, File toDir) throws IOException { + ZipFile zipFile = new ZipFile(zipfile); + Enumeration entries = zipFile.entries(); + while (entries.hasMoreElements()) { + ZipEntry entry = entries.nextElement(); + File eF = new File(toDir, entry.getName()); + if (entry.isDirectory()) { + eF.mkdirs(); + continue; + } + File f = new File(eF.getParent()); + f.mkdirs(); + StreamUtil.copyStream(zipFile.getInputStream(entry), + new FileOutputStream(eF)); + } + zipFile.close(); + } + + private static void writeVersionFile(File versionFile, String version) throws IOException { + BufferedWriter versionWriter = new BufferedWriter(new FileWriter(versionFile)); + versionWriter.write("# MOCCA Web Start configuration version\n"); + versionWriter.write("# DO NOT MODIFY THIS FILE\n\n"); + versionWriter.write(version); + versionWriter.close(); + } + + private static void createKeyStore(File configDir) throws IOException, GeneralSecurityException, CodingException { + char[] password = UUID.randomUUID().toString().toCharArray(); + File passwdFile = new File(configDir, PASSWD_FILE); + FileWriter passwdWriter = new FileWriter(passwdFile); + passwdWriter.write(password); + passwdWriter.close(); + if (!passwdFile.setReadable(false, false) || !passwdFile.setReadable(true, true)) { + passwdFile.delete(); + throw new IOException("failed to make " + passwdFile + " owner readable only, deleting file"); + } + TLSServerCA ca = new TLSServerCA(); + KeyStore ks = ca.generateKeyStore(password); + File ksFile = new File(configDir, KEYSTORE_FILE); + FileOutputStream fos = new FileOutputStream(ksFile); + ks.store(fos, password); + fos.close(); + } +} -- cgit v1.2.3 From a8e021a5b4450e117b76d9f6cc69bd24cd1dd5d3 Mon Sep 17 00:00:00 2001 From: clemenso Date: Fri, 14 Aug 2009 10:55:59 +0000 Subject: fixed updateRequired function git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@434 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Configurator.java | 159 ++++++++++++++------- 1 file changed, 104 insertions(+), 55 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index ab1746ed..f1349637 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -79,7 +79,7 @@ public class Configurator { public static final String PASSWD_FILE = ".secret"; private static final Log log = LogFactory.getLog(Configurator.class); - + /** currently installed configuration version */ private String version; private String certsVersion; @@ -104,7 +104,7 @@ public class Configurator { if (log.isDebugEnabled()) { log.debug("config directory " + configDir + ", version " + version); } - if (updateRequired(version)) { + if (updateRequired(version, MIN_CONFIG_VERSION)) { File moccaDir = configDir.getParentFile(); File zipFile = new File(moccaDir, "conf-" + version + ".zip"); ZipOutputStream zipOS = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile))); @@ -135,7 +135,7 @@ public class Configurator { log.debug("certificate-store directory " + certsDir + ", version " + certsVersion); } String newCertsVersion = getCertificatesVersion(); - if (updateRequiredStrict(certsVersion, newCertsVersion)) { + if (updateRequired(certsVersion, newCertsVersion)) { File moccaDir = certsDir.getParentFile(); File zipFile = new File(moccaDir, "certs-" + certsVersion + ".zip"); ZipOutputStream zipOS = new ZipOutputStream(new BufferedOutputStream(new FileOutputStream(zipFile))); @@ -174,7 +174,7 @@ public class Configurator { String version; while ((version = versionReader.readLine().trim()) != null) { if (version.length() > 0 && !version.startsWith("#")) { - log.debug("configuration version from " + versionFile + ": " + version); + log.trace("configuration version from " + versionFile + ": " + version); return version; } } @@ -221,70 +221,119 @@ public class Configurator { return certsResourceVersion; } - protected static boolean updateRequired(String oldVersion) { - log.debug("comparing " + oldVersion + " to " + MIN_CONFIG_VERSION); - if (oldVersion != null && !UNKOWN_VERSION.equals(oldVersion)) { - - int majorEnd = oldVersion.indexOf('-'); - String oldMajor = (majorEnd < 0) ? oldVersion : oldVersion.substring(0, majorEnd); - - String minMajor = MIN_CONFIG_VERSION; - boolean releaseRequired = true; - if (MIN_CONFIG_VERSION.endsWith("-SNAPSHOT")) { - releaseRequired = false; - minMajor = minMajor.substring(0, minMajor.length() - 9); - } - - int compare = oldMajor.compareTo(minMajor); - if (compare < 0 || - // SNAPSHOT versions are pre-releases (update if release required) - (compare == 0 && releaseRequired && oldVersion.startsWith("-SNAPSHOT", majorEnd))) { - log.debug("configuration update required"); - return true; - } else { - log.debug("configuration up to date"); - return false; - } - } - log.debug("no old version, configuration update required"); - return true; - } - /** * if unknown old, update in any case - * if known old and unknown new, don't update + * if known old and unknown min, don't update * @param oldVersion - * @param newVersion + * @param minVersion * @return */ - private boolean updateRequiredStrict(String oldVersion, String newVersion) { - log.debug("comparing " + oldVersion + " to " + newVersion); + protected static boolean updateRequired(String oldVersion, String minVersion) { + log.debug("comparing " + oldVersion + " to " + minVersion); if (oldVersion != null && !UNKOWN_VERSION.equals(oldVersion)) { - if (newVersion != null && !UNKOWN_VERSION.equals(newVersion)) { - String[] oldV = oldVersion.split("-"); - String[] newV = newVersion.split("-"); - log.trace("comparing " + oldV[0] + " to " + newV[0]); - if (oldV[0].compareTo(newV[0]) < 0) { - log.debug("update required"); - return true; - } else { - log.trace("comparing " + oldV[oldV.length - 1] + " to " + newV[newV.length - 1]); - if (oldV[oldV.length - 1].compareTo(newV[newV.length - 1]) < 0) { + if (minVersion != null && !UNKOWN_VERSION.equals(minVersion)) { + int fromInd = 0; + int nextIndOld, nextIndMin; + int xOld, xMin; + + // assume dots '.' appear in major version only (not after "-SNAPSHOT") + while ((nextIndOld = oldVersion.indexOf('.', fromInd)) > 0) { + nextIndMin = minVersion.indexOf('.', fromInd); + if (nextIndMin < 0) { + log.debug("installed version newer than minimum required (newer minor version)"); + } + xOld = Integer.valueOf(oldVersion.substring(fromInd, nextIndOld)); + xMin = Integer.valueOf(minVersion.substring(fromInd, nextIndMin)); + if (xMin > xOld) { log.debug("update required"); return true; - } else { - log.debug("no update required"); + } else if (xMin < xOld) { + log.debug("installed version newer than minimum required"); return false; } + fromInd = nextIndOld + 1; + } + + // compare last digit of major + boolean preRelease = true; + int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); + if (majorEndOld < 0) { + preRelease = false; + majorEndOld = oldVersion.length(); + } + + boolean releaseRequired = false; + int majorEndMin = minVersion.indexOf("-SNAPSHOT"); + if (majorEndMin < 0) { + releaseRequired = true; + majorEndMin = minVersion.length(); + } + + xOld = Integer.valueOf(oldVersion.substring(fromInd, majorEndOld)); + boolean hasMoreDigitsMin = true; + nextIndMin = minVersion.indexOf('.', fromInd); + if (nextIndMin < 0) { + hasMoreDigitsMin = false; + nextIndMin = majorEndMin; + } + xMin = Integer.valueOf(minVersion.substring(fromInd, nextIndMin)); + if (xMin > xOld) { + log.debug("update required"); + return true; + } else if (xMin < xOld) { + log.debug("installed version newer than minimum required"); + return false; + } else if (hasMoreDigitsMin) { // xMin == xOld + log.debug("update required (newer minor version required)"); + return true; + } else if (preRelease && releaseRequired) { + log.debug("pre-release installed but release required"); + return true; + } else { + log.debug("exact match, no updated required"); + return false; } } - log.debug("unknown new version, do not update"); - return true; + log.debug("unknown minimum version, do not update"); + return false; } - log.debug("unknown old version, update required"); + log.debug("no old version, update required"); return true; } - + + /** + + * @param oldVersion + * @param newVersion + * @return + */ +// private boolean updateRequiredStrict(String oldVersion, String newVersion) { +// log.debug("comparing " + oldVersion + " to " + newVersion); +// if (oldVersion != null && !UNKOWN_VERSION.equals(oldVersion)) { +// if (newVersion != null && !UNKOWN_VERSION.equals(newVersion)) { +// String[] oldV = oldVersion.split("-"); +// String[] newV = newVersion.split("-"); +// log.trace("comparing " + oldV[0] + " to " + newV[0]); +// if (oldV[0].compareTo(newV[0]) < 0) { +// log.debug("update required"); +// return true; +// } else { +// log.trace("comparing " + oldV[oldV.length - 1] + " to " + newV[newV.length - 1]); +// if (oldV[oldV.length - 1].compareTo(newV[newV.length - 1]) < 0) { +// log.debug("update required"); +// return true; +// } else { +// log.debug("no update required"); +// return false; +// } +// } +// } +// log.debug("unknown new version, do not update"); +// return true; +// } +// log.debug("unknown old version, update required"); +// return true; +// } protected static void backupAndDelete(File dir, URI relativeTo, ZipOutputStream zip) throws IOException { if (dir.isDirectory()) { File[] subDirs = dir.listFiles(); @@ -320,7 +369,7 @@ public class Configurator { private static void createConfig(File configDir, String version) throws IOException { if (log.isDebugEnabled()) { - log.debug("creating configuration version " + Launcher.version + " in " + configDir ); + log.debug("creating configuration version " + Launcher.version + " in " + configDir); } configDir.mkdirs(); File confTemplateFile = new File(configDir, CONF_TEMPLATE_FILE); @@ -347,7 +396,7 @@ public class Configurator { if (certsURL != null) { StringBuilder url = new StringBuilder(certsURL.toExternalForm()); url = url.replace(url.length() - CERTIFICATES_PKG.length(), url.length(), "META-INF/MANIFEST.MF"); - log.debug("retrieve certificate resource names from " + url); + log.trace("retrieve certificate resource names from " + url); certsURL = new URL(url.toString()); Manifest certsManifest = new Manifest(certsURL.openStream()); certsDir.mkdirs(); -- cgit v1.2.3 From e72c9994054446f38c5bc53d7da573e366f57963 Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 19 Aug 2009 13:43:02 +0000 Subject: make "include-webstart" profile default (added "local-webstart" for development) updateRequired (versioning) bug fixed AboutDialog Branding (removed MOCCA/Bean) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@444 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Configurator.java | 55 ++++------------------ 1 file changed, 10 insertions(+), 45 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index f1349637..bef2246b 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -18,7 +18,6 @@ package at.gv.egiz.bku.webstart; import at.gv.egiz.bku.utils.StreamUtil; import iaik.asn1.CodingException; -import iaik.xml.crypto.utils.Utils; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.BufferedReader; @@ -32,25 +31,19 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.net.URI; -import java.net.URISyntaxException; import java.net.URL; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.util.Enumeration; import java.util.Iterator; -import java.util.Map; -import java.util.Set; import java.util.UUID; import java.util.jar.Attributes; import java.util.jar.Manifest; -import java.util.logging.Level; -import java.util.logging.Logger; import java.util.zip.ZipEntry; import java.util.zip.ZipFile; import java.util.zip.ZipOutputStream; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.eclipse.jdt.core.dom.ThisExpression; /** * @@ -63,7 +56,7 @@ public class Configurator { * configurations with less than this (major) version will be backuped and updated * allowed: MAJOR[.MINOR[.X[-SNAPSHOT]]] */ - public static final String MIN_CONFIG_VERSION = "1.0.9-SNAPSHOT"; + public static final String MIN_CONFIG_VERSION = "1.0.9"; public static final String CONFIG_DIR = ".mocca/conf/"; public static final String CERTS_DIR = ".mocca/certs/"; public static final String VERSION_FILE = ".version"; @@ -259,14 +252,20 @@ public class Configurator { int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); if (majorEndOld < 0) { preRelease = false; - majorEndOld = oldVersion.length(); + majorEndOld = oldVersion.indexOf('-'); // 1.0.10-r439 + if (majorEndOld < 0) { + majorEndOld = oldVersion.length(); + } } boolean releaseRequired = false; int majorEndMin = minVersion.indexOf("-SNAPSHOT"); if (majorEndMin < 0) { releaseRequired = true; - majorEndMin = minVersion.length(); + majorEndMin = minVersion.indexOf('-'); + if (majorEndMin < 0) { + majorEndMin = minVersion.length(); + } } xOld = Integer.valueOf(oldVersion.substring(fromInd, majorEndOld)); @@ -301,39 +300,6 @@ public class Configurator { return true; } - /** - - * @param oldVersion - * @param newVersion - * @return - */ -// private boolean updateRequiredStrict(String oldVersion, String newVersion) { -// log.debug("comparing " + oldVersion + " to " + newVersion); -// if (oldVersion != null && !UNKOWN_VERSION.equals(oldVersion)) { -// if (newVersion != null && !UNKOWN_VERSION.equals(newVersion)) { -// String[] oldV = oldVersion.split("-"); -// String[] newV = newVersion.split("-"); -// log.trace("comparing " + oldV[0] + " to " + newV[0]); -// if (oldV[0].compareTo(newV[0]) < 0) { -// log.debug("update required"); -// return true; -// } else { -// log.trace("comparing " + oldV[oldV.length - 1] + " to " + newV[newV.length - 1]); -// if (oldV[oldV.length - 1].compareTo(newV[newV.length - 1]) < 0) { -// log.debug("update required"); -// return true; -// } else { -// log.debug("no update required"); -// return false; -// } -// } -// } -// log.debug("unknown new version, do not update"); -// return true; -// } -// log.debug("unknown old version, update required"); -// return true; -// } protected static void backupAndDelete(File dir, URI relativeTo, ZipOutputStream zip) throws IOException { if (dir.isDirectory()) { File[] subDirs = dir.listFiles(); @@ -454,8 +420,7 @@ public class Configurator { passwdWriter.write(password); passwdWriter.close(); if (!passwdFile.setReadable(false, false) || !passwdFile.setReadable(true, true)) { - passwdFile.delete(); - throw new IOException("failed to make " + passwdFile + " owner readable only, deleting file"); + log.error("failed to make " + passwdFile + " owner readable only (certain file-systems do not support owner's permissions)"); } TLSServerCA ca = new TLSServerCA(); KeyStore ks = ca.generateKeyStore(password); -- cgit v1.2.3 From 145003155c05e915b900989a27cef1271398164b Mon Sep 17 00:00:00 2001 From: clemenso Date: Wed, 26 Aug 2009 17:31:32 +0000 Subject: MOCCA TLS Server CA cert installation servlet removed help.jsp (and jsp dependencies in jetty) moved html pages to src/main/webapp (encoding problem?) switch to BASIC download protocol in BKUWebStart (no jnlpDownloadServlet required, see template.xml) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@474 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index bef2246b..923a70d9 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -56,7 +56,7 @@ public class Configurator { * configurations with less than this (major) version will be backuped and updated * allowed: MAJOR[.MINOR[.X[-SNAPSHOT]]] */ - public static final String MIN_CONFIG_VERSION = "1.0.9"; + public static final String MIN_CONFIG_VERSION = "1.2.4-SNAPSHOT"; public static final String CONFIG_DIR = ".mocca/conf/"; public static final String CERTS_DIR = ".mocca/certs/"; public static final String VERSION_FILE = ".version"; -- cgit v1.2.3 From bd070e82c276afb8c1c3a9ddc3b5712783760881 Mon Sep 17 00:00:00 2001 From: mcentner Date: Tue, 29 Sep 2009 17:36:06 +0000 Subject: Logging issues fixed: - Added possibility to configure logging of BKUWebstart. Logging is now configured from log4j configuration deployed with BKUWebstart in a first step. In a second step the webstart launcher looks for a log4j configuration file in the user's mooca configuration directory and updates the log4j configuration. - Logging of IAIK PKI properly initialized. IAIK PKI does not mess with the log4j configuration any longer. - Changed log4j accordingly (an appender is now needed as IAIK PKI does not reconfigure log4j any longer). Added css-stylesheet to ErrorResponses issued by the BKU to improve the presentation to the user. Changed dependencies of BKUWebStart (see Issue#469 https://egovlabs.gv.at/tracker/index.php?func=detail&aid=469&group_id=13&atid=134). DataURLConnection now uses the request encoding of SL < 1.2. application/x-www-form-urlencoded is now used as default encoding method. multipart/form-data is used only if transfer parameters are present in the request that require a Content-Type parameter. This can only be set with multipart/form-data. This is not in conformance with SL 1.2, however it should improve compatibility with applications. Therefore, removed the ability to configure the DataURLConnection implementation class. DataURLConnection now uses a streaming implementation for encoding of application/x-www-form-urlencoded requests. XWWWFormUrlImputDecoder now uses a streaming implementation for decoding of application/x-www-form-urlencoded requests. Fixed Bug in SLResultPart that caused a binary response to be provided as parameter "XMLResponse" in a multipart/form-data encoded request to DataURL. SLCommandFactory now supports unmarshalling of SL < 1.2 requests in order issue meaningful error messages. Therefore, the marshaling context for response marshaling had to be separated from the marshaling context for requests in order to avoid the marshaling of SL < 1.2 namespace prefixes in SL 1.2 responses. Target attribute in QualifiedProperties is now marshaled. (see Issue#470 https://egovlabs.gv.at/tracker/index.php?func=detail&aid=470&group_id=13&atid=134) Reporting of XML validation errors improved. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@510 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Configurator.java | 26 ++++++++++++++-------- 1 file changed, 17 insertions(+), 9 deletions(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index 923a70d9..d8fe3e70 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -16,8 +16,9 @@ */ package at.gv.egiz.bku.webstart; -import at.gv.egiz.bku.utils.StreamUtil; import iaik.asn1.CodingException; +import iaik.utils.StreamCopier; + import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.BufferedReader; @@ -42,8 +43,10 @@ import java.util.jar.Manifest; import java.util.zip.ZipEntry; import java.util.zip.ZipFile; import java.util.zip.ZipOutputStream; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; + +import org.apache.log4j.PropertyConfigurator; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * @@ -71,7 +74,7 @@ public class Configurator { public static final String KEYSTORE_FILE = "keystore.ks"; public static final String PASSWD_FILE = ".secret"; - private static final Log log = LogFactory.getLog(Configurator.class); + private static final Logger log = LoggerFactory.getLogger(Configurator.class); /** currently installed configuration version */ private String version; @@ -110,6 +113,11 @@ public class Configurator { } else { initConfig(configDir); } + // re-configure logging + // TODO: move to appropriate place + String log4jconfig = configDir.getPath() + File.separatorChar + "log4j.properties"; + log.debug("Reconfiguring logging with " + log4jconfig); + PropertyConfigurator.configureAndWatch(log4jconfig); } /** @@ -312,7 +320,7 @@ public class Configurator { ZipEntry entry = new ZipEntry(relativePath.toString()); zip.putNextEntry(entry); BufferedInputStream entryIS = new BufferedInputStream(new FileInputStream(dir)); - StreamUtil.copyStream(entryIS, zip); + new StreamCopier(entryIS, zip).copyStream(); entryIS.close(); zip.closeEntry(); dir.delete(); @@ -341,7 +349,7 @@ public class Configurator { File confTemplateFile = new File(configDir, CONF_TEMPLATE_FILE); InputStream is = Configurator.class.getClassLoader().getResourceAsStream(CONF_TEMPLATE_RESOURCE); OutputStream os = new BufferedOutputStream(new FileOutputStream(confTemplateFile)); - StreamUtil.copyStream(is, os); + new StreamCopier(is, os).copyStream(); os.close(); unzip(confTemplateFile, configDir); confTemplateFile.delete(); @@ -374,7 +382,7 @@ public class Configurator { new File(certsDir, f.substring(0, f.lastIndexOf('/'))).mkdirs(); BufferedOutputStream bos = new BufferedOutputStream(new FileOutputStream(new File(certsDir, f))); log.debug(f); - StreamUtil.copyStream(Configurator.class.getClassLoader().getResourceAsStream(entry), bos); + new StreamCopier(Configurator.class.getClassLoader().getResourceAsStream(entry), bos).copyStream(); bos.close(); } else { log.trace("ignore " + entry); @@ -399,8 +407,8 @@ public class Configurator { } File f = new File(eF.getParent()); f.mkdirs(); - StreamUtil.copyStream(zipFile.getInputStream(entry), - new FileOutputStream(eF)); + new StreamCopier(zipFile.getInputStream(entry), + new FileOutputStream(eF)).copyStream(); } zipFile.close(); } -- cgit v1.2.3 From 678f2d84046c8e3ab7abe459d984868d4c9d2a3c Mon Sep 17 00:00:00 2001 From: clemenso Date: Mon, 18 Jan 2010 15:55:46 +0000 Subject: support reader configuration (disablePinpad) in BKUWebStart webstart-local -> template-local.xml pkcs11sign -> template.xml default -> template-unstable.xml git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@576 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index d8fe3e70..37638510 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -59,7 +59,7 @@ public class Configurator { * configurations with less than this (major) version will be backuped and updated * allowed: MAJOR[.MINOR[.X[-SNAPSHOT]]] */ - public static final String MIN_CONFIG_VERSION = "1.2.4-SNAPSHOT"; + public static final String MIN_CONFIG_VERSION = "1.2.11-SNAPSHOT"; public static final String CONFIG_DIR = ".mocca/conf/"; public static final String CERTS_DIR = ".mocca/certs/"; public static final String VERSION_FILE = ".version"; -- cgit v1.2.3