From 69e0dbee3567fc3a710d7bffad4d03e64edd7daa Mon Sep 17 00:00:00 2001 From: clemenso Date: Thu, 25 Jun 2009 12:07:39 +0000 Subject: TLS CipherSuites (FF XP) git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@375 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../java/at/gv/egiz/bku/webstart/BKULauncher.java | 68 +++++++++++++++++----- .../java/at/gv/egiz/bku/webstart/Container.java | 47 ++++++++++++++- 2 files changed, 99 insertions(+), 16 deletions(-) (limited to 'BKUWebStart/src/main/java/at') diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java index b1fc29be..36c9cbb2 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/BKULauncher.java @@ -41,6 +41,7 @@ import java.io.BufferedWriter; import java.io.FileInputStream; import java.io.FileReader; import java.io.FileWriter; +import java.net.BindException; import java.net.URI; import java.net.URL; import java.security.GeneralSecurityException; @@ -48,6 +49,7 @@ import java.util.UUID; import java.util.jar.Attributes; import java.util.jar.Manifest; import java.util.zip.ZipOutputStream; +import org.mortbay.util.MultiException; public class BKULauncher implements BKUControllerInterface { @@ -65,7 +67,11 @@ public class BKULauncher implements BKUControllerInterface { public static final String GREETING_CAPTION = "Greetings.Caption"; public static final String GREETING_MESSAGE = "Greetings.Message"; public static final String STARTUP_CAPTION = "Startup.Caption"; + public static final String ERROR_CAPTION = "Error.Caption"; public static final String STARTUP_MESSAGE = "Startup.Message"; + public static final String ERROR_STARTUP_MESSAGE = "Error.Startup.Message"; + public static final String ERROR_CONF_MESSAGE = "Error.Conf.Message"; + public static final String ERROR_BIND_MESSAGE = "Error.Bind.Message"; public static final String VERSION_FILE = ".version"; private static Log log = LogFactory.getLog(BKULauncher.class); private ResourceBundle resourceBundle = null; @@ -222,8 +228,8 @@ public class BKULauncher implements BKUControllerInterface { // } // } - log.debug("trying install MOCCA certificate on system browser"); if (installCert) { + log.debug("trying install MOCCA certificate on system browser"); if (Desktop.isDesktopSupported()) { Desktop desktop = Desktop.getDesktop(); if (desktop.isSupported(Desktop.Action.BROWSE)) { @@ -270,26 +276,60 @@ public class BKULauncher implements BKUControllerInterface { /** * @param args */ - public static void main(String[] args) { - try { - log.warn("***** DISABLING SECURITY MANAGER *******"); + public static void main(String[] args) throws InterruptedException { + + if (log.isDebugEnabled()) { + //System.setProperty("DEBUG", "true"); + System.setProperty("VERBOSE", "true"); + System.setProperty("javax.net.debug", "ssl,handshake"); + } + +// log.warn("***** DISABLING SECURITY MANAGER *******"); System.setSecurityManager(null); + BKULauncher launcher = new BKULauncher(); launcher.initStart(); - File configDir = new File(System.getProperty("user.home") + '/' + CONFIG_DIR); - boolean installCert = launcher.ensureConfig(configDir); + boolean installCert = false; + launcher.initTrayIcon(); TrayIconDialog.getInstance().displayInfo(STARTUP_CAPTION, STARTUP_MESSAGE); - launcher.startUpServer(); - TrayIconDialog.getInstance().displayInfo(GREETING_CAPTION, GREETING_MESSAGE); -// launcher.initTrayIcon(); - launcher.initFinished(installCert); - } catch (Exception e) { - log.fatal("Failed to launch BKU: " + e.getMessage(), e); - System.exit(-1000); - } + try { + File configDir = new File(System.getProperty("user.home") + '/' + CONFIG_DIR); + installCert = launcher.ensureConfig(configDir); + } catch (Exception ex) { + log.fatal("Failed to init MOCCA configuration, exiting", ex); + TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_CONF_MESSAGE); + Thread.sleep(5000); + System.exit(-1000); + } + + try { + launcher.startUpServer(); + TrayIconDialog.getInstance().displayInfo(GREETING_CAPTION, GREETING_MESSAGE); + launcher.initFinished(installCert); + } catch (BindException ex) { + log.fatal("Failed to launch MOCCA, " + ex.getMessage(), ex); + TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_BIND_MESSAGE); + Thread.sleep(5000); + System.exit(-1000); + } catch (MultiException ex) { + log.fatal("Failed to launch MOCCA, " + ex.getMessage(), ex); + if (ex.getThrowable(0) instanceof BindException) { + TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_BIND_MESSAGE); + } else { + TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_STARTUP_MESSAGE); + } + Thread.sleep(5000); + System.exit(-1000); + } catch (Exception e) { + log.fatal("Failed to launch MOCCA, " + e.getMessage(), e); + TrayIconDialog.getInstance().displayError(ERROR_CAPTION, ERROR_STARTUP_MESSAGE); + Thread.sleep(5000); + System.exit(-1000); + } + } private void backupAndDelete(File dir, URI relativeTo, ZipOutputStream zip) throws IOException { diff --git a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java index 0cd3e633..89044486 100644 --- a/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java +++ b/BKUWebStart/src/main/java/at/gv/egiz/bku/webstart/Container.java @@ -35,6 +35,7 @@ public class Container { } public void init() throws IOException { +// System.setProperty("DEBUG", "true"); server = new Server(); QueuedThreadPool qtp = new QueuedThreadPool(); qtp.setMaxThreads(5); @@ -55,7 +56,13 @@ public class Container { sslConnector.setAcceptors(1); sslConnector.setHost("127.0.0.1"); File configDir = new File(System.getProperty("user.home") + "/" + BKULauncher.CONFIG_DIR); - sslConnector.setKeystore(configDir.getPath() + "/" + BKULauncher.KEYSTORE_FILE); + File keystoreFile = new File(configDir, BKULauncher.KEYSTORE_FILE); + if (!keystoreFile.canRead()) { + log.error("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); + throw new FileNotFoundException("MOCCA keystore file not readable: " + keystoreFile.getAbsolutePath()); + } + log.debug("loading MOCCA keystore from " + keystoreFile.getAbsolutePath()); + sslConnector.setKeystore(keystoreFile.getAbsolutePath()); File passwdFile = new File(configDir, BKULauncher.PASSWD_FILE); BufferedReader reader = new BufferedReader(new FileReader(passwdFile)); String pwd; @@ -64,6 +71,42 @@ public class Container { sslConnector.setKeyPassword(pwd); } reader.close(); + + //avoid jetty's ClassCastException: iaik.security.ecc.ecdsa.ECPublicKey cannot be cast to java.security.interfaces.ECPublicKey + String[] RFC4492CipherSuites = new String[] { + "TLS_ECDH_ECDSA_WITH_NULL_SHA", + "TLS_ECDH_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDHE_ECDSA_WITH_NULL_SHA", + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", + "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDH_RSA_WITH_NULL_SHA", + "TLS_ECDH_RSA_WITH_RC4_128_SHA", + "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDHE_RSA_WITH_NULL_SHA", + "TLS_ECDHE_RSA_WITH_RC4_128_SHA", + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", + + "TLS_ECDH_anon_WITH_NULL_SHA", + "TLS_ECDH_anon_WITH_RC4_128_SHA", + "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_128_CBC_SHA", + "TLS_ECDH_anon_WITH_AES_256_CBC_SHA" + }; + + sslConnector.setExcludeCipherSuites(RFC4492CipherSuites); + server.setConnectors(new Connector[] { connector, sslConnector }); @@ -71,7 +114,7 @@ public class Container { webapp.setLogUrlOnStart(true); webapp.setContextPath("/"); webapp.setExtractWAR(true); - webapp.setParentLoaderPriority(false); //true); + webapp.setParentLoaderPriority(false); webapp.setWar(copyWebapp(webapp.getTempDirectory())); //getClass().getClassLoader().getResource("BKULocalWar/").toString()); -- cgit v1.2.3