From b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 5 May 2010 15:29:01 +0000 Subject: Merged feature branch mocca-1.2.13-id@r724 back to trunk. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@725 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/Configurator.java | 12 +- .../java/at/gv/egiz/bku/webstart/Container.java | 60 +-- .../java/at/gv/egiz/bku/webstart/Launcher.java | 39 +- .../gv/egiz/bku/webstart/LogSecurityManager.java | 443 --------------------- 4 files changed, 46 insertions(+), 508 deletions(-) delete mode 100644 BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java (limited to 'BKUWebStart/src/main/java/at/gv/egiz') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java index 37638510..30662ee0 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Configurator.java @@ -225,6 +225,12 @@ public class Configurator { /** * if unknown old, update in any case * if known old and unknown min, don't update + * + * VERSION := MAJOR[-SNAPSHOT]-rREV + * MAJOR := [0-9\.]*[-BRANCH[-BRANCHVERSION]] + * + * assume dots '.' appear in major version only (not after "-SNAPSHOT") + * * @param oldVersion * @param minVersion * @return @@ -257,10 +263,10 @@ public class Configurator { // compare last digit of major boolean preRelease = true; - int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); + int majorEndOld = oldVersion.indexOf("-SNAPSHOT"); // 1.0.10-SNAPSHOT-r438, 1.2.12-pinguin-1-SNAPSHOT-r635 if (majorEndOld < 0) { preRelease = false; - majorEndOld = oldVersion.indexOf('-'); // 1.0.10-r439 + majorEndOld = oldVersion.lastIndexOf('-'); // 1.0.10-r439, 1.2.12-pinguin-1-r635 if (majorEndOld < 0) { majorEndOld = oldVersion.length(); } @@ -270,7 +276,7 @@ public class Configurator { int majorEndMin = minVersion.indexOf("-SNAPSHOT"); if (majorEndMin < 0) { releaseRequired = true; - majorEndMin = minVersion.indexOf('-'); + majorEndMin = minVersion.lastIndexOf('-'); if (majorEndMin < 0) { majorEndMin = minVersion.length(); } diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 4d1fe658..3dcae497 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -2,7 +2,6 @@ package at.gv.egiz.bku.webstart; import iaik.utils.StreamCopier; -import java.awt.AWTPermission; import java.io.BufferedInputStream; import java.io.BufferedOutputStream; import java.io.BufferedReader; @@ -10,21 +9,14 @@ import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; -import java.io.FilePermission; import java.io.FileReader; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.lang.reflect.ReflectPermission; -import java.net.NetPermission; -import java.net.SocketPermission; import java.security.AllPermission; import java.security.KeyStore; import java.security.Permissions; -import java.security.SecurityPermission; import java.security.cert.Certificate; -import java.util.PropertyPermission; -import javax.smartcardio.CardPermission; import org.mortbay.jetty.Connector; import org.mortbay.jetty.Server; import org.mortbay.jetty.nio.SelectChannelConnector; @@ -37,7 +29,7 @@ import org.slf4j.LoggerFactory; public class Container { public static final String HTTP_PORT_PROPERTY = "mocca.http.port"; - public static final String HTTPS_PORT_PROPERTY = "mocca.http.port"; + public static final String HTTPS_PORT_PROPERTY = "mocca.https.port"; private static Logger log = LoggerFactory.getLogger(Container.class); static { @@ -126,7 +118,7 @@ public class Container { webapp.setParentLoaderPriority(false); webapp.setWar(copyWebapp(webapp.getTempDirectory())); - webapp.setPermissions(getPermissions(webapp.getTempDirectory())); +// webapp.setPermissions(getPermissions(webapp.getTempDirectory())); server.setHandler(webapp); server.setGracefulShutdown(1000 * 3); @@ -172,50 +164,22 @@ public class Container { return webapp.getPath(); } + /** + * grant all permissions, since we need read/write access to save signature data files anywhere (JFileChooser) in the local filesystem + * and Jetty does not allow declare (webapp) permissions on a codeBase basis. + * @param webappDir + * @return + */ private Permissions getPermissions(File webappDir) { Permissions perms = new Permissions(); perms.add(new AllPermission()); +// perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write")); +// perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write")); +// perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete")); +// perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete")); - - if (false) { - - // jetty-webstart (spring?) - perms.add(new RuntimePermission("getClassLoader")); - - // standard permissions - perms.add(new PropertyPermission("*", "read,write")); - perms.add(new RuntimePermission("accessDeclaredMembers")); - perms.add(new RuntimePermission("accessClassInPackage.*")); - perms.add(new RuntimePermission("defineClassInPackage.*")); - perms.add(new RuntimePermission("setFactory")); - perms.add(new RuntimePermission("getProtectionDomain")); - perms.add(new RuntimePermission("modifyThread")); - perms.add(new RuntimePermission("modifyThreadGroup")); - perms.add(new RuntimePermission("setFactory")); - perms.add(new ReflectPermission("suppressAccessChecks")); - - // MOCCA specific - perms.add(new SocketPermission("*", "connect,resolve")); - perms.add(new NetPermission("specifyStreamHandler")); - perms.add(new SecurityPermission("insertProvider.*")); - perms.add(new SecurityPermission("putProviderProperty.*")); - perms.add(new SecurityPermission("removeProvider.*")); - perms.add(new CardPermission("*", "*")); - perms.add(new AWTPermission("*")); - - perms.add(new FilePermission(webappDir.getAbsolutePath() + "/-", "read")); - perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xalan.properties").getAbsolutePath(), "read")); - perms.add(new FilePermission(new File(System.getProperty("java.home") + "/lib/xerces.properties").getAbsolutePath(), "read")); - perms.add(new FilePermission(new File(System.getProperty("user.home")).getAbsolutePath(), "read, write")); - perms.add(new FilePermission(new File(System.getProperty("user.home") + "/-").getAbsolutePath(), "read, write")); - perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/logs/*").getAbsolutePath(), "read, write,delete")); - perms.add(new FilePermission(new File(System.getProperty("user.home") + "/.mocca/certs/-").getAbsolutePath(), "read, write,delete")); - - //TODO -// log.trace("granting file read/write permission to MOCCA local"); // perms.add(new FilePermission("<>", "read, write")); - } return perms; } diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java index ef7edef1..e1cdb657 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Launcher.java @@ -11,7 +11,7 @@ import java.util.ResourceBundle; import javax.jnlp.UnavailableServiceException; -import com.sun.javaws.security.JavaWebStartSecurity; +//import com.sun.javaws.security.JavaWebStartSecurity; import java.awt.AWTException; import java.awt.Desktop; import java.awt.Image; @@ -88,11 +88,11 @@ public class Launcher implements BKUControllerInterface, ActionListener { URL cert = null; URL help = null; try { - http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue()); - https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue()); + http = new URL("http://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3495).intValue() + '/'); + https = new URL("https://localhost:" + Integer.getInteger(Container.HTTPS_PORT_PROPERTY, 3496).intValue() + '/'); pin = new URL(http, "/PINManagement"); - cert = new URL(http, "/installCertificate"); - help = new URL(http, "/help"); + cert = new URL(http, "/ca.crt"); + help = new URL(http, "/help/"); } catch (MalformedURLException ex) { log.error("Failed to create URL.", ex); } finally { @@ -134,13 +134,15 @@ public class Launcher implements BKUControllerInterface, ActionListener { public Launcher() { log.info("Initializing Launcher"); - if (log.isTraceEnabled()) { - SecurityManager sm = System.getSecurityManager(); - if (sm instanceof JavaWebStartSecurity) { - System.setSecurityManager(new LogSecurityManager((JavaWebStartSecurity) sm)); - } - } + + // SocketPerm * required (DataURL), FilePermission * write (JFileChooser) required, + // jetty does not allow fine-grained permission config (codeBase?) + // ie. we don't need a security manager + log.trace("disabling (JNLP) security manager"); + System.setSecurityManager(null); + messages = ResourceBundle.getBundle(MESSAGES_RESOURCE, Locale.getDefault()); + //TODO replace with statusNotifier trayIcon = initTrayIcon(); } @@ -213,7 +215,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { Image image = ImageIO.read(getClass().getResourceAsStream(iconResource)); PopupMenu popup = new PopupMenu(); - + MenuItem helpItem = new MenuItem(messages.getString(LABEL_HELP)); helpItem.addActionListener(this); helpItem.setActionCommand(HELP_COMMAND); @@ -237,6 +239,7 @@ public class Launcher implements BKUControllerInterface, ActionListener { popup.add(aboutItem); TrayIcon ti = new TrayIcon(image, messages.getString(TOOLTIP_DEFAULT), popup); + ti.setImageAutoSize(true); ti.addActionListener(this); tray.add(ti); return ti; @@ -301,7 +304,11 @@ public class Launcher implements BKUControllerInterface, ActionListener { } if (config.isCertRenewed()) { try { - browse(HTTP_SECURITY_LAYER_URL); + if ("".equals(messages.getLocale().getLanguage())) { + browse(HTTP_SECURITY_LAYER_URL); + } else { + browse(new URL(HTTP_SECURITY_LAYER_URL, messages.getLocale().getLanguage())); + } } catch (Exception ex) { log.error("failed to open system browser, install TLS certificate manually: " + HTTPS_SECURITY_LAYER_URL, ex); } @@ -364,7 +371,11 @@ public class Launcher implements BKUControllerInterface, ActionListener { } else if (HELP_COMMAND.equals(e.getActionCommand())) { log.debug("help page requested via tray menu"); try { - browse(HELP_URL); + if ("".equals(messages.getLocale().getLanguage())) { + browse(HELP_URL); + } else { + browse(new URL(HELP_URL, messages.getLocale().getLanguage())); + } } catch (Exception ex) { log.error("Failed to open " + HELP_URL, ex); String msg = MessageFormat.format(messages.getString(ERROR_OPEN_URL), HELP_URL); diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java deleted file mode 100644 index d589812e..00000000 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/LogSecurityManager.java +++ /dev/null @@ -1,443 +0,0 @@ -/* - * Copyright 2008 Federal Chancellery Austria and - * Graz University of Technology - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package at.gv.egiz.bku.webstart; - -import com.sun.javaws.security.JavaWebStartSecurity; -import java.io.FileDescriptor; -import java.net.InetAddress; -import java.security.Permission; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * JVM argument -Djava.security.debug=access,failure - * (passed as attribute to java element in jnlp) is ignored. - * - * @author Clemens Orthacker - */ -public class LogSecurityManager extends SecurityManager { - - protected static final Logger log = LoggerFactory.getLogger(LogSecurityManager.class); - JavaWebStartSecurity sm; - - public LogSecurityManager(JavaWebStartSecurity sm) { - this.sm = sm; -// AppPolicy policy = AppPolicy.getInstance(); -// SecurityManager sm = System.getSecurityManager(); - } - - @Override - public void checkAccept(String host, int port) { - try { - sm.checkAccept(host, port); - } catch (SecurityException ex) { - log.warn("checkAccept(" + host + ", " + port + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkAccess(Thread g) { - try { - sm.checkAccess(g); - } catch (SecurityException ex) { - log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkAccess(ThreadGroup g) { - try { - sm.checkAccess(g); - } catch (SecurityException ex) { - log.warn("checkAccess(" + g + "): " + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkAwtEventQueueAccess() { - try { - sm.checkAwtEventQueueAccess(); - } catch (SecurityException ex) { - log.warn("checkAwtEventQAccess():" + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkConnect(String host, int port) { - try { - sm.checkConnect(host, port); - } catch (SecurityException ex) { - log.warn("checkConnect(" + host + ", " + port + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkConnect(String host, int port, Object context) { - try { - sm.checkConnect(host, port, context); - } catch (SecurityException ex) { - log.warn("checkConnect(" + host + ", " + port + ", " + context + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkCreateClassLoader() { - try { - sm.checkCreateClassLoader(); - } catch (SecurityException ex) { - log.warn("checkCreateClassLoader(): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkDelete(String file) { - try { - sm.checkDelete(file); - } catch (SecurityException ex) { - log.warn("checkDelete(" + file + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkExec(String cmd) { - try { - sm.checkExec(cmd); - } catch (SecurityException ex) { - log.warn("checkExec(" + cmd + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkExit(int status) { - try { - sm.checkExit(status); - } catch (SecurityException ex) { - log.warn("checkExit(" + status + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkLink(String lib) { - try { - sm.checkLink(lib); - } catch (SecurityException ex) { - log.warn("checkLink(" + lib + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkListen(int port) { - try { - sm.checkListen(port); - } catch (SecurityException ex) { - log.warn("checkListen(" + port + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkMemberAccess(Class clazz, int which) { - try { - sm.checkMemberAccess(clazz, which); - } catch (SecurityException ex) { - log.warn("checkMemberAccess(" + clazz + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkMulticast(InetAddress maddr) { - try { - sm.checkMulticast(maddr); - } catch (SecurityException ex) { - log.warn("checkMulticast(" + maddr + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @SuppressWarnings("deprecation") - @Override - public void checkMulticast(InetAddress maddr, byte ttl) { - try { - sm.checkMulticast(maddr,ttl); - } catch (SecurityException ex) { - log.warn("checkMulticast(" + maddr + "," + ttl + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPackageAccess(String pkg) { - try { - sm.checkPackageAccess(pkg); - } catch (SecurityException ex) { - log.warn("checkPackageAccess(" + pkg + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPackageDefinition(String pkg) { - try { - sm.checkPackageDefinition(pkg); - } catch (SecurityException ex) { - log.warn("checkPackageDefinition(" + pkg + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPermission(Permission perm) { - try { - sm.checkPermission(perm); - } catch (SecurityException ex) { - log.warn("checkPermission(" + perm.toString() + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPermission(Permission perm, Object context) { - try { - sm.checkPermission(perm, context); - } catch (SecurityException ex) { - log.warn("checkPermission(" + perm.toString() + ", ctx): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkPrintJobAccess() { - try { - sm.checkPrintJobAccess(); - } catch (SecurityException ex) { - log.info("checkPrintJobAccess(): " + ex.getMessage(), ex); - throw ex; - } - } - - /** - * allowed - */ - @Override - public void checkPropertiesAccess() { - try { - sm.checkPropertiesAccess(); - } catch (SecurityException ex) { - log.info("checkPropertiesAccess(): " + ex.getMessage(), ex); - throw ex; - } - } - - /** - * access to all properties allowed - * @param key - */ - @Override - public void checkPropertyAccess(String key) { - try { - sm.checkPropertyAccess(key); - } catch (SecurityException ex) { - log.info("checkPropertyAccess(" + key + "): " + ex.getMessage()); - throw ex; - } - } - - @Override - public void checkRead(FileDescriptor fd) { - try { - sm.checkRead(fd); - } catch (SecurityException ex) { - log.warn("checkRead(" + fd + ") " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkRead(String file) { - try { - sm.checkRead(file); - } catch (SecurityException ex) { - log.warn("checkRead(" + file + ") " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkRead(String file, Object context) { - try { - sm.checkRead(file, context); - } catch (SecurityException ex) { - log.warn("checkRead(" + file + ") " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkSecurityAccess(String target) { - try { - sm.checkSecurityAccess(target); - } catch (SecurityException ex) { - log.info("checkSecurityAccess(" + target + "): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public void checkSetFactory() { - log.info("checkSetFactory() "); - try { - sm.checkSetFactory(); - } catch (SecurityException ex) { - log.warn("checkSetFactroy(): " + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkSystemClipboardAccess() { - try { - sm.checkSystemClipboardAccess(); - } catch (SecurityException ex) { - log.info("checkSystemClipboardAccess(): " + ex.getMessage(), ex); - throw ex; - } - } - - @Override - public boolean checkTopLevelWindow(Object window) { - log.info("checkTopLevelWindow(Object window)"); - try { - return sm.checkTopLevelWindow(window); - } catch (SecurityException ex) { - log.warn("checkTopLevelWindow(" + window + "): " + ex.getMessage(), ex); - throw ex; - } - - } - - @Override - public void checkWrite(FileDescriptor fd) { - try { - sm.checkWrite(fd); - } catch (SecurityException ex) { - log.info("checkWrite(" + fd + "): " + ex.getMessage(), ex); - } - } - - @Override - public void checkWrite(String file) { - try { - sm.checkWrite(file); - } catch (SecurityException ex) { - log.info("checkWrite(" + file + "): " + ex.getMessage(), ex); - } - } - -// @Override -// protected int classDepth(String name) { -// log.info("classDepth(String name)"); return this.classDepth(name); -// } -// -// @Override -// protected int classLoaderDepth() { -// log.info("classLoaderDepth"); return sm.classLoaderDepth(); -// } -// -// @Override -// protected Object clone() throws CloneNotSupportedException { -// log.info("clone"); return sm.clone(); -// } -// -// @Override -// protected ClassLoader currentClassLoader() { -// log.info("currentClassLoader"); return sm.currentClassLoader(); -// } -// -// @Override -// protected Class currentLoadedClass() { -// log.info("currentLoadedClass"); return sm.currentLoadedClass(); -// } - @Override - public boolean equals(Object obj) { - log.info("equals"); - return sm.equals(obj); - } - -// @Override -// protected void finalize() throws Throwable { -// log.info("finalize"); sm.finalize(); -// } -// @Override -// protected Class[] getClassContext() { -// log.info("getClassContext"); return sm.getClassContext(); -// } - @SuppressWarnings("deprecation") - @Override - public boolean getInCheck() { - log.info("getInCheck"); - return sm.getInCheck(); - } - - @Override - public Object getSecurityContext() { - log.info("getSecurityContext"); - return sm.getSecurityContext(); - } - - @Override - public ThreadGroup getThreadGroup() { - log.info("getThreadGroup"); - return sm.getThreadGroup(); - } - - @Override - public int hashCode() { - log.info("hashCode"); - return sm.hashCode(); - } - -// @Override -// protected boolean inClass(String name) { -// log.info("inClass"); return sm.inClass(name); -// } -// -// @Override -// protected boolean inClassLoader() { -// log.info(""); return sm.inClassLoader(); -// } - @Override - public String toString() { - log.info("toString"); - return sm.toString(); - } -} -- cgit v1.2.3